summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master
diff options
context:
space:
mode:
authorAndrew Butcher <abutcher@redhat.com>2015-09-22 16:42:36 -0400
committerAndrew Butcher <abutcher@redhat.com>2015-11-05 11:38:27 -0500
commitca9f4f08fbf14f9edfa7331e327cf92a25cd4401 (patch)
tree1be3bf26a63c9b20012717e0da8bf6fea2720ae7 /roles/openshift_master
parent6571fd9d220b7cc67ae5738149164104d5662902 (diff)
downloadopenshift-ca9f4f08fbf14f9edfa7331e327cf92a25cd4401.tar.gz
openshift-ca9f4f08fbf14f9edfa7331e327cf92a25cd4401.tar.bz2
openshift-ca9f4f08fbf14f9edfa7331e327cf92a25cd4401.tar.xz
openshift-ca9f4f08fbf14f9edfa7331e327cf92a25cd4401.zip
Various HA changes for pacemaker and native methods.
Diffstat (limited to 'roles/openshift_master')
-rw-r--r--roles/openshift_master/handlers/main.yml4
-rw-r--r--roles/openshift_master/tasks/main.yml75
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master-api.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-api)2
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master-api.service.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-api.service)8
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master-controllers.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-controllers)2
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-controllers.service)12
-rw-r--r--roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j27
-rw-r--r--roles/openshift_master/vars/main.yml1
8 files changed, 71 insertions, 40 deletions
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml
index ad3ac5a9f..4b9500cbd 100644
--- a/roles/openshift_master/handlers/main.yml
+++ b/roles/openshift_master/handlers/main.yml
@@ -5,10 +5,10 @@
- name: restart master api
service: name={{ openshift.common.service_type }}-master-api state=restarted
- when: openshift_master_ha | bool
+ when: (openshift_master_ha | bool) and (not master_api_service_status_changed | default(false)) and openshift.master.cluster_method == 'native'
# TODO: need to fix up ignore_errors here
- name: restart master controllers
service: name={{ openshift.common.service_type }}-master-controllers state=restarted
- when: openshift_master_ha | bool
+ when: (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and openshift.master.cluster_method == 'native'
ignore_errors: yes
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 290f22358..be77fce4a 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -8,17 +8,23 @@
- openshift_master_oauth_grant_method in openshift_master_valid_grant_methods
when: openshift_master_oauth_grant_method is defined
-#- fail:
-# msg: "openshift_master_cluster_password must be set for multi-master installations"
-# when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool and openshift_master_cluster_password is not defined
+- fail:
+ msg: "openshift_master_cluster_method must be set to either 'native' or 'pacemaker' for multi-master installations"
+ when: openshift_master_ha | bool and ((openshift_master_cluster_method is not defined) or (openshift_master_cluster_method is defined and openshift_master_cluster_method not in ["native", "pacemaker"]))
+- fail:
+ msg: "'native' high availability is not supported for the requested OpenShift version"
+ when: openshift_master_ha | bool and openshift_master_cluster_method == "native" and not openshift.common.version_greater_than_3_1_or_1_1 | bool
+- fail:
+ msg: "openshift_master_cluster_password must be set for multi-master installations"
+ when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password)
- name: Set master facts
openshift_facts:
role: master
local_facts:
+ cluster_method: "{{ openshift_master_cluster_method | default(None) }}"
cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"
- cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}"
debug_level: "{{ openshift_master_debug_level | default(openshift.common.debug_level) }}"
api_port: "{{ openshift_master_api_port | default(None) }}"
api_url: "{{ openshift_master_api_url | default(None) }}"
@@ -41,6 +47,8 @@
portal_net: "{{ openshift_master_portal_net | default(None) }}"
session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}"
session_name: "{{ openshift_master_session_name | default(None) }}"
+ session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(None) }}"
+ session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(None) }}"
session_secrets_file: "{{ openshift_master_session_secrets_file | default(None) }}"
access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}"
auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}"
@@ -67,7 +75,7 @@
controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}"
- name: Install Master package
- yum: pkg={{ openshift.common.service_type }}-master state=present
+ yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present
register: install_result
# TODO: These values need to be configurable
@@ -79,7 +87,7 @@
domain: cluster.local
when: openshift.master.embedded_dns
-- name: Create config parent directory if it doesn't exist
+- name: Create config parent directory if it does not exist
file:
path: "{{ openshift_master_config_dir }}"
state: directory
@@ -128,28 +136,37 @@
# workaround for missing systemd unit files for controllers/api
- name: Create the api service file
- copy:
- src: atomic-openshift-master-api.service
- dest: /usr/lib/systemd/system/atomic-openshift-master-api.service
+ template:
+ src: atomic-openshift-master-api.service.j2
+ dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-api.service
force: no
- name: Create the controllers service file
- copy:
- src: atomic-openshift-master-controllers.service
- dest: /usr/lib/systemd/system/atomic-openshift-master-controllers.service
+ template:
+ src: atomic-openshift-master-controllers.service.j2
+ dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-controllers.service
force: no
- name: Create the api env file
- copy:
- src: atomic-openshift-master-api
- dest: /etc/sysconfig/atomic-openshift-master-api
+ template:
+ src: atomic-openshift-master-api.j2
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
force: no
- name: Create the controllers env file
- copy:
- src: atomic-openshift-master-controllers
- dest: /etc/sysconfig/atomic-openshift-master-controllers
+ template:
+ src: atomic-openshift-master-controllers.j2
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
force: no
- command: systemctl daemon-reload
# end workaround for missing systemd unit files
+- name: Create session secrets file
+ template:
+ dest: "{{ openshift.master.session_secrets_file }}"
+ src: sessionSecretsFile.yaml.v1.j2
+ force: no
+ notify:
+ - restart master
+ - restart master api
+
# TODO: add the validate parameter when there is a validation command to run
- name: Create master config
template:
@@ -166,6 +183,7 @@
dest: /etc/sysconfig/{{ openshift.common.service_type }}-master
regexp: "{{ item.regex }}"
line: "{{ item.line }}"
+ create: yes
with_items:
- regex: '^OPTIONS='
line: "OPTIONS=--loglevel={{ openshift.master.debug_level }}"
@@ -205,34 +223,39 @@
when: not openshift_master_ha | bool
register: start_result
+- set_fact:
+ master_service_status_changed = start_result | changed
+ when: not openshift_master_ha | bool
+
- name: Start and enable master api
service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started
- when: openshift_master_ha | bool
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
register: start_result
-- name: pause to prevent service restart from interfering with bootstrapping
- pause: seconds=30
- when: openshift_master_ha | bool
+- set_fact:
+ master_api_service_status_changed = start_result | changed
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
# TODO: fix the ugly workaround of setting ignore_errors
# the controllers service tries to start even if it is already started
- name: Start and enable master controller
service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started
- when: openshift_master_ha | bool
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
register: start_result
ignore_errors: yes
- set_fact:
- master_service_status_changed = start_result | changed
+ master_controllers_service_status_changed = start_result | changed
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
- name: Install cluster packages
yum: pkg=pcs state=present
- when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker'
register: install_result
- name: Start and enable cluster service
service: name=pcsd enabled=yes state=started
- when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker'
- name: Set the cluster user password
shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster
diff --git a/roles/openshift_master/files/atomic-openshift-master-api b/roles/openshift_master/templates/atomic-openshift-master-api.j2
index ea82468a0..205934248 100644
--- a/roles/openshift_master/files/atomic-openshift-master-api
+++ b/roles/openshift_master/templates/atomic-openshift-master-api.j2
@@ -1,5 +1,5 @@
OPTIONS=
-CONFIG_FILE=/etc/origin/master/master-config.yaml
+CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml
# Proxy configuration
# Origin uses standard HTTP_PROXY environment variables. Be sure to set
diff --git a/roles/openshift_master/files/atomic-openshift-master-api.service b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2
index 4663b77f2..ba19fb348 100644
--- a/roles/openshift_master/files/atomic-openshift-master-api.service
+++ b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2
@@ -3,19 +3,19 @@ Description=Atomic OpenShift Master API
Documentation=https://github.com/openshift/origin
After=network.target
After=etcd.service
-Before=atomic-openshift-node.service
+Before={{ openshift.common.service_type }}-node.service
Requires=network.target
[Service]
Type=notify
-EnvironmentFile=/etc/sysconfig/atomic-openshift-master-api
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS
LimitNOFILE=131072
LimitCORE=infinity
-WorkingDirectory=/var/lib/origin/
+WorkingDirectory={{ openshift.common.data_dir }}
SyslogIdentifier=atomic-openshift-master-api
[Install]
WantedBy=multi-user.target
-WantedBy=atomic-openshift-node.service
+WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2
index ea82468a0..205934248 100644
--- a/roles/openshift_master/files/atomic-openshift-master-controllers
+++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2
@@ -1,5 +1,5 @@
OPTIONS=
-CONFIG_FILE=/etc/origin/master/master-config.yaml
+CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml
# Proxy configuration
# Origin uses standard HTTP_PROXY environment variables. Be sure to set
diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers.service b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2
index 517f9c908..8952c86ef 100644
--- a/roles/openshift_master/files/atomic-openshift-master-controllers.service
+++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2
@@ -2,21 +2,21 @@
Description=Atomic OpenShift Master Controllers
Documentation=https://github.com/openshift/origin
After=network.target
-After=atomic-openshift-master-api.service
-Before=atomic-openshift-node.service
+After={{ openshift.common.service_type }}-master-api.service
+Before={{ openshift.common.service_type }}-node.service
Requires=network.target
[Service]
Type=notify
-EnvironmentFile=/etc/sysconfig/atomic-openshift-master-controllers
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS
LimitNOFILE=131072
LimitCORE=infinity
-WorkingDirectory=/var/lib/origin/
-SyslogIdentifier=atomic-openshift-master-controllers
+WorkingDirectory={{ openshift.common.data_dir }}
+SyslogIdentifier={{ openshift.common.service_type }}-master-controllers
Restart=on-failure
[Install]
WantedBy=multi-user.target
-WantedBy=atomic-openshift-node.service
+WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2
new file mode 100644
index 000000000..d12d9db90
--- /dev/null
+++ b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: SessionSecrets
+secrets:
+{% for secret in openshift_master_session_auth_secrets %}
+- authentication: "{{ openshift_master_session_auth_secrets[loop.index0] }}"
+ encryption: "{{ openshift_master_session_encryption_secrets[loop.index0] }}"
+{% endfor %}
diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml
index ecdb4f883..534465451 100644
--- a/roles/openshift_master/vars/main.yml
+++ b/roles/openshift_master/vars/main.yml
@@ -2,6 +2,7 @@
openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml"
openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json"
+openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml"
openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json"
openshift_version: "{{ openshift_pkg_version | default('') }}"