diff options
20 files changed, 213 insertions, 50 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 9e57340b4..1c588ea84 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.94-1 ./ +3.0.97-1 ./ diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index bb79b27d1..b3f284a8e 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -13,11 +13,15 @@ from distutils.version import LooseVersion # pylint: disable=no-name-in-module,import-error try: - # ansible-2.0 - from ansible.runner.filter_plugins.core import bool as ansible_bool + # ansible-2.1 + from ansible.plugins.filter.core import to_bool as ansible_bool except ImportError: - # ansible-1.9.x - from ansible.plugins.filter.core import bool as ansible_bool + try: + #ansible-2.0.x + from ansible.runner.filter_plugins.core import bool as ansible_bool + except ImportError: + # ansible-1.9.x + from ansible.plugins.filter.core import bool as ansible_bool class IdentityProviderBase(object): """ IdentityProviderBase diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 6f9083154..5089ddaaf 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.94 +Version: 3.0.97 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -205,6 +205,50 @@ Atomic OpenShift Utilities includes %changelog +* Mon Jun 06 2016 Scott Dodson <sdodson@redhat.com> 3.0.97-1 +- Only run node specific bits on nodes (sdodson@redhat.com) +- Update main.yaml (detiber@gmail.com) +- Hardcoded values in "launch_instances" - isue # 1970 (daniel@dumdan.com) +- XPAAS v1.3.1 content for Origin 1.1 / OSE 3.1 (sdodson@redhat.com) +- XPAAS v1.3.1 release for Origin 1.2 / OSE 3.2 (sdodson@redhat.com) +- Configure default docker logging options. (abutcher@redhat.com) +- Run rhel_subscribe on l_oo_all_hosts rather than all (sdodson@redhat.com) +- Fix error with stopping services that may not exist. (dgoodwin@redhat.com) +- Add haproxy_frontend_port to vars for openshift-loadbalancer. + (abutcher@redhat.com) +- Move os_firewall_allow from defaults to role dependencies. + (abutcher@redhat.com) +- Ensure registry url evaluated when creating router. (abutcher@redhat.com) +- Document protocol in readme aws. (abutcher@redhat.com) +- Revert openshift-certificates changes. (abutcher@redhat.com) +- wait metrics-deployer complete (need to configure nodes before hosted + services) (you@example.com) +- switch to using sig release packages (jdetiber@redhat.com) +- temporarily disable gpg checking until we have a way to cleanly enable it + (jdetiber@redhat.com) +- Switch to using CentOS SIG repos for Origin installs (jdetiber@redhat.com) +- Separate master and haproxy config playbooks. (abutcher@redhat.com) +- Cleanup bin, test and roles/openshift_ansible_inventory following move to + openshift-tools (abutcher@redhat.com) +- Catch more uninstall targets (sdodson@redhat.com) +- Adding openshift_clock parameters to example inventory files + (jstuever@redhat.com) +- Enable openshift_clock role for openshift_master, openshift_node, and + openshift_etcd (jstuever@redhat.com) +- Add openshift_clock role to manage system clocks (jstuever@redhat.com) +- Allow clock role in openshift_facts (jstuever@redhat.com) +- Consolidate ca/master/node certificates roles into openshift_certificates. + (abutcher@redhat.com) +- allow for overriding dns_flavor for openstack provider (jdetiber@redhat.com) +- add user-data file back to openstack provisioner (jdetiber@redhat.com) +- g_all_hosts with templated with_items causes errors with ansible 1.9.4 under + some conditions (jdetiber@redhat.com) +- openstack_fixes (jdetiber@redhat.com) +- libvirt_fixes (jdetiber@redhat.com) +- gce fixes (jdetiber@redhat.com) +- aws provider fixes (jdetiber@redhat.com) +- Call evaluate_groups from update_repos_and_packages (jdetiber@redhat.com) + * Thu May 26 2016 Scott Dodson <sdodson@redhat.com> 3.0.94-1 - Use grep to decide when to add our comment (sdodson@redhat.com) diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index a72749a2b..3a4c58e43 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -54,7 +54,7 @@ - script: ../files/pre-upgrade-check -- name: Verify upgrade can proceed +- name: Verify upgrade targets hosts: oo_masters_to_config:oo_nodes_to_config vars: target_version: "{{ '1.1' if deployment_type == 'origin' else '3.1' }}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml index 66935e061..85d7073f2 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml @@ -29,7 +29,7 @@ valid version for a {{ target_version }} upgrade when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(target_version ,'<') -- name: Verify upgrade can proceed +- name: Verify upgrade targets hosts: oo_masters_to_config:oo_nodes_to_config vars: target_version: "{{ '1.1.1' if deployment_type == 'origin' else '3.1.1' }}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml index 03b4bd751..42641f2eb 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -72,7 +72,7 @@ openshift_release: "3.2" openshift_protect_installed_version: False -- name: Verify upgrade can proceed on masters +- name: Verify master processes hosts: oo_masters_to_config roles: - openshift_facts @@ -103,7 +103,7 @@ enabled: yes when: openshift.master.ha is defined and openshift.master.ha | bool and openshift.common.is_containerized | bool -- name: Verify upgrade can proceed on nodes +- name: Verify node processes hosts: oo_nodes_to_config roles: - openshift_facts @@ -115,7 +115,7 @@ enabled: yes when: openshift.common.is_containerized | bool -- name: Verify upgrade can proceed on masters and nodes +- name: Verify upgrade targets hosts: oo_masters_to_config:oo_nodes_to_config vars: target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" diff --git a/playbooks/common/openshift-loadbalancer/config.yml b/playbooks/common/openshift-loadbalancer/config.yml index 51cea53a3..f4392173a 100644 --- a/playbooks/common/openshift-loadbalancer/config.yml +++ b/playbooks/common/openshift-loadbalancer/config.yml @@ -1,7 +1,5 @@ --- - name: Configure load balancers hosts: oo_lb_to_config - vars: - haproxy_frontend_port: "{{ openshift_master_api_port | default(8443) }}" roles: - role: openshift_loadbalancer diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml index 1d54a9c39..422e6dafe 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml @@ -288,6 +288,14 @@ resources: port_range_max: 53 - direction: ingress protocol: tcp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: udp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: tcp port_range_min: 24224 port_range_max: 24224 - direction: ingress diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index 6429a6755..b9aae2f4c 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -46,7 +46,7 @@ -P master_flavor={{ openstack_flavor["master"] }} -P node_flavor={{ openstack_flavor["node"] }} -P infra_flavor={{ openstack_flavor["infra"] }} - -P dns_flavor={{ openshift_flavor["dns"] }} + -P dns_flavor={{ openstack_flavor["dns"] }} openshift-ansible-{{ cluster_id }}-stack' - name: Wait for OpenStack Stack readiness diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index b9b2666fb..5f94500a0 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -85,6 +85,7 @@ reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}" notify: - restart docker + when: "{{ 'http_proxy' in openshift.common or 'https_proxy' in openshift.common and docker_check.stat.isreg }}" - name: Set various docker options lineinfile: diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 1bf912a1d..8824a663c 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1573,7 +1573,15 @@ class OpenShiftFacts(object): "Role %s is not supported by this module" % role ) self.role = role - self.system_facts = ansible_facts(module) + + try: + # ansible-2.1 + # pylint: disable=too-many-function-args + self.system_facts = ansible_facts(module, ['hardware', 'network', 'virtual', 'facter']) + except TypeError: + # ansible-1.9.x,ansible-2.0.x + self.system_facts = ansible_facts(module) + self.facts = self.generate_facts(local_facts, additive_facts_to_overwrite, openshift_env, diff --git a/roles/openshift_loadbalancer/defaults/main.yml b/roles/openshift_loadbalancer/defaults/main.yml index 5c480f7c2..d096019af 100644 --- a/roles/openshift_loadbalancer/defaults/main.yml +++ b/roles/openshift_loadbalancer/defaults/main.yml @@ -1,6 +1,4 @@ --- -haproxy_frontend_port: 8443 - haproxy_frontends: - name: main binds: diff --git a/roles/openshift_loadbalancer/meta/main.yml b/roles/openshift_loadbalancer/meta/main.yml index 96a737d2f..ed846a1ba 100644 --- a/roles/openshift_loadbalancer/meta/main.yml +++ b/roles/openshift_loadbalancer/meta/main.yml @@ -10,11 +10,11 @@ galaxy_info: versions: - 7 dependencies: -- role: openshift_facts +- role: openshift_loadbalancer_facts - role: os_firewall os_firewall_allow: - service: haproxy stats port: "9000/tcp" - service: haproxy balance - port: "{{ haproxy_frontend_port }}/tcp" + port: "{{ openshift.loadbalancer.frontend_port }}/tcp" - role: openshift_repos diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml index 5514aa70b..03a7c0e4a 100644 --- a/roles/openshift_loadbalancer/tasks/main.yml +++ b/roles/openshift_loadbalancer/tasks/main.yml @@ -1,34 +1,4 @@ --- -- name: Set haproxy frontend port - openshift_facts: - role: loadbalancer - local_facts: - frontend_port: "{{ openshift_master_api_port | default(None) }}" - -- name: Set loadbalancer facts - openshift_facts: - role: loadbalancer - local_facts: - limit_nofile: "{{ openshift_loadbalancer_limit_nofile | default(None) }}" - default_maxconn: "{{ openshift_loadbalancer_default_maxconn | default(None) }}" - global_maxconn: "{{ openshift_loadbalancer_global_maxconn | default(None) }}" - frontends: - - name: atomic-openshift-api - mode: tcp - options: - - tcplog - binds: - - "*:{{ openshift.loadbalancer.frontend_port }}" - default_backend: atomic-openshift-api - backends: - - name: atomic-openshift-api - mode: tcp - option: tcplog - balance: source - servers: "{{ hostvars - | oo_select_keys(groups['oo_masters']) - | oo_haproxy_backend_masters(openshift.loadbalancer.frontend_port) }}" - - name: Install haproxy action: "{{ ansible_pkg_mgr }} name=haproxy state=present" when: not openshift.common.is_containerized | bool diff --git a/roles/openshift_loadbalancer_facts/README.md b/roles/openshift_loadbalancer_facts/README.md new file mode 100644 index 000000000..57537cc03 --- /dev/null +++ b/roles/openshift_loadbalancer_facts/README.md @@ -0,0 +1,34 @@ +OpenShift HAProxy Loadbalancer Facts +==================================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Andrew Butcher (abutcher@redhat.com) diff --git a/roles/openshift_loadbalancer_facts/meta/main.yml b/roles/openshift_loadbalancer_facts/meta/main.yml new file mode 100644 index 000000000..4c5b6552b --- /dev/null +++ b/roles/openshift_loadbalancer_facts/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Andrew Butcher + description: OpenShift loadbalancer facts + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 +dependencies: +- role: openshift_facts diff --git a/roles/openshift_loadbalancer_facts/tasks/main.yml b/roles/openshift_loadbalancer_facts/tasks/main.yml new file mode 100644 index 000000000..dc244c0be --- /dev/null +++ b/roles/openshift_loadbalancer_facts/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: Set haproxy frontend port + openshift_facts: + role: loadbalancer + local_facts: + frontend_port: "{{ openshift_master_api_port | default(None) }}" + +- name: Set loadbalancer facts + openshift_facts: + role: loadbalancer + local_facts: + limit_nofile: "{{ openshift_loadbalancer_limit_nofile | default(None) }}" + default_maxconn: "{{ openshift_loadbalancer_default_maxconn | default(None) }}" + global_maxconn: "{{ openshift_loadbalancer_global_maxconn | default(None) }}" + frontends: + - name: atomic-openshift-api + mode: tcp + options: + - tcplog + binds: + - "*:{{ openshift.loadbalancer.frontend_port }}" + default_backend: atomic-openshift-api + backends: + - name: atomic-openshift-api + mode: tcp + option: tcplog + balance: source + servers: "{{ hostvars + | oo_select_keys(groups['oo_masters']) + | oo_haproxy_backend_masters(openshift.loadbalancer.frontend_port) }}" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index d50d552c8..0d2fee67e 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -92,8 +92,16 @@ template: dest: "{{ item.filename }}" src: htpasswd.j2 - mode: 0600 backup: yes + when: item.kind == 'HTPasswdPasswordIdentityProvider' and openshift.master.manage_htpasswd | bool + with_items: "{{ openshift.master.identity_providers }}" + +- name: Ensure htpasswd file exists + copy: + dest: "{{ item.filename }}" + force: no + content: "" + mode: 0600 when: item.kind == 'HTPasswdPasswordIdentityProvider' with_items: "{{ openshift.master.identity_providers }}" diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index a81270bab..458b56fd1 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -38,22 +38,54 @@ when: create_ha_unit_files | changed # end workaround for missing systemd unit files +- name: Preserve Master API Proxy Config options + command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api + register: master_api_proxy + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + failed_when: false + changed_when: false + - name: Create the master api service env file template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2" dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api + backup: true when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" notify: - restart master api +- name: Restore Master API Proxy Config Options + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + and master_api_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api + line: "{{ item }}" + with_items: "{{ master_api_proxy.stdout_lines | default([]) }}" + +- name: Preserve Master Controllers Proxy Config options + command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api + register: master_controllers_proxy + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + failed_when: false + changed_when: false + - name: Create the master controllers service env file template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2" dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + backup: true when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" notify: - restart master controllers +- name: Restore Master Controllers Proxy Config Options + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + line: "{{ item }}" + with_items: "{{ master_controllers_proxy.stdout_lines | default([]) }}" + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + and master_controllers_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common + - name: Install Master docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" @@ -61,9 +93,23 @@ register: install_result when: openshift.common.is_containerized | bool and openshift.master.ha is defined and not openshift.master.ha | bool +- name: Preserve Master Proxy Config options + command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master + register: master_proxy + failed_when: false + changed_when: false + - name: Create the master service env file template: src: "atomic-openshift-master.j2" dest: /etc/sysconfig/{{ openshift.common.service_type }}-master + backup: true notify: - restart master + +- name: Restore Master Proxy Config Options + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master + line: "{{ item }}" + with_items: "{{ master_proxy.stdout_lines | default([]) }}" + when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common
\ No newline at end of file diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 896dd5e35..d51c5a0a3 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -42,6 +42,7 @@ auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}" identity_providers: "{{ openshift_master_identity_providers | default(None) }}" htpasswd_users: "{{ openshift_master_htpasswd_users | default(lookup('file', openshift_master_htpasswd_file) | oo_htpasswd_users_from_file if openshift_master_htpasswd_file is defined else None) }}" + manage_htpasswd: "{{ openshift_master_manage_htpasswd | default(true) }}" ldap_ca: "{{ openshift_master_ldap_ca | default(lookup('file', openshift_master_ldap_ca_file) if openshift_master_ldap_ca_file is defined else None) }}" openid_ca: "{{ openshift_master_openid_ca | default(lookup('file', openshift_master_openid_ca_file) if openshift_master_openid_ca_file is defined else None) }}" request_header_ca: "{{ openshift_master_request_header_ca | default(lookup('file', openshift_master_request_header_ca_file) if openshift_master_request_header_ca_file is defined else None) }}" |