diff options
87 files changed, 936 insertions, 292 deletions
diff --git a/.gitignore b/.gitignore index 626065fe1..dcea26d60 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ multi_inventory.yaml .vagrant .tags* ansible.cfg +*.retry diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 67ff60a4a..137f6636b 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.87-1 ./ +3.0.93-1 ./ diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 402103b09..e7409bf22 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -732,21 +732,22 @@ class FilterModule(object): if 'hosted' in hostvars['openshift']: for component in hostvars['openshift']['hosted']: if 'storage' in hostvars['openshift']['hosted'][component]: - kind = hostvars['openshift']['hosted'][component]['storage']['kind'] - create_pv = hostvars['openshift']['hosted'][component]['storage']['create_pv'] + params = hostvars['openshift']['hosted'][component]['storage'] + kind = params['kind'] + create_pv = params['create_pv'] if kind != None and create_pv: if kind == 'nfs': - host = hostvars['openshift']['hosted'][component]['storage']['host'] + host = params['host'] if host == None: if len(groups['oo_nfs_to_config']) > 0: host = groups['oo_nfs_to_config'][0] else: raise errors.AnsibleFilterError("|failed no storage host detected") - directory = hostvars['openshift']['hosted'][component]['storage']['nfs']['directory'] - volume = hostvars['openshift']['hosted'][component]['storage']['volume']['name'] + directory = params['nfs']['directory'] + volume = params['volume']['name'] path = directory + '/' + volume - size = hostvars['openshift']['hosted'][component]['storage']['volume']['size'] - access_modes = hostvars['openshift']['hosted'][component]['storage']['access_modes'] + size = params['volume']['size'] + access_modes = params['access_modes'] persistent_volume = dict( name="{0}-volume".format(volume), capacity=size, @@ -756,6 +757,21 @@ class FilterModule(object): server=host, path=path))) persistent_volumes.append(persistent_volume) + elif kind == 'openstack': + volume = params['volume']['name'] + size = params['volume']['size'] + access_modes = params['access_modes'] + filesystem = params['openstack']['filesystem'] + volume_id = params['openstack']['volumeID'] + persistent_volume = dict( + name="{0}-volume".format(volume), + capacity=size, + access_modes=access_modes, + storage=dict( + cinder=dict( + fsType=filesystem, + volumeID=volume_id))) + persistent_volumes.append(persistent_volume) else: msg = "|failed invalid storage kind '{0}' for component '{1}'".format( kind, diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index bb2f5ba7a..bb79b27d1 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -9,6 +9,7 @@ import sys import yaml from ansible import errors +from distutils.version import LooseVersion # pylint: disable=no-name-in-module,import-error try: @@ -77,10 +78,19 @@ class IdentityProviderBase(object): self._allow_additional = True @staticmethod - def validate_idp_list(idp_list): + def validate_idp_list(idp_list, openshift_version, deployment_type): ''' validates a list of idps ''' login_providers = [x.name for x in idp_list if x.login] + + multiple_logins_unsupported = False if len(login_providers) > 1: + if deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise']: + if LooseVersion(openshift_version) < LooseVersion('3.2'): + multiple_logins_unsupported = True + if deployment_type in ['origin']: + if LooseVersion(openshift_version) < LooseVersion('1.2'): + multiple_logins_unsupported = True + if multiple_logins_unsupported: raise errors.AnsibleFilterError("|failed multiple providers are " "not allowed for login. login " "providers: {0}".format(', '.join(login_providers))) @@ -461,7 +471,7 @@ class FilterModule(object): ''' Custom ansible filters for use by the openshift_master role''' @staticmethod - def translate_idps(idps, api_version): + def translate_idps(idps, api_version, openshift_version, deployment_type): ''' Translates a list of dictionaries into a valid identityProviders config ''' idp_list = [] @@ -478,7 +488,7 @@ class FilterModule(object): idp_list.append(idp_inst) - IdentityProviderBase.validate_idp_list(idp_list) + IdentityProviderBase.validate_idp_list(idp_list, openshift_version, deployment_type) return yaml.safe_dump([idp.to_dict() for idp in idp_list], default_flow_style=False) @staticmethod diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index c18a423bf..5376dd353 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -187,6 +187,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default pod eviction timeout #openshift_master_pod_eviction_timeout=5m +# Override the default oauth tokenConfig settings: +# openshift_master_access_token_max_seconds=86400 +# openshift_master_auth_token_max_seconds=500 + +# Override master servingInfo.maxRequestsInFlight +#openshift_master_max_requests_inflight=500 + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] @@ -308,9 +315,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## ## Storage Kind ## Specifies which storage kind will be used for the registry. -## "nfs" is the only supported kind at this time. +## "nfs" and "openstack" are supported kinds at this time. ##openshift_hosted_registry_storage_kind=nfs ## +## Persistent Volume Access Mode +## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce' +##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## +## Registry Volume Name +## Specify the storage volume name. This directory will be created +## within openshift_hosted_registry_storage_nfs_directory if +## specifying an [nfs] group. Ex. /exports/registry +## This variable must be supplied if using a pre-existing nfs server. +##openshift_hosted_registry_storage_volume_name=registry +## +## NFS Specific Options +## ## Storage Host ## This variable can be used to identify a pre-existing storage host ## if a storage host group corresponding to the storage kind (such as @@ -326,18 +346,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## This variable must be supplied if using a pre-existing nfs server. ##openshift_hosted_registry_storage_nfs_directory=/exports ## -## Registry Volume Name -## Specify the storage volume name. This directory will be created -## within openshift_hosted_registry_storage_nfs_directory if -## specifying an [nfs] group. Ex. /exports/registry -## This variable must be supplied if using a pre-existing nfs server. -##openshift_hosted_registry_storage_volume_name=registry +## Openstack Specific Options ## -## Persistent Volume Access Mode -##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## Openstack Volume ID +## Specify the identifier of the volume to use for the registry. +## At this time, the volume has to be created manually by the administrator. +##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57 +## +## Openstack Volume Size +##openshift_hosted_registry_storage_volume_size=10Gi +## +## Openstack Volume Filesystem +## Specify the filesystem that will be used when formatting the volume +##openshift_hosted_registry_storage_openstack_filesystem=ext4 # Configure node kubelet arguments -#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} # Configure logrotate scripts # See: https://github.com/nickhammond/ansible-logrotate @@ -365,19 +389,20 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # # Most environments don't require a proxy between openshift masters, nodes, and # etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and +# If all of your hosts share a common domain you may wish to disable this and # specify that domain above. -#openshift_generate_no_proxy_hosts: True +#openshift_generate_no_proxy_hosts=True # # These options configure the BuildDefaults admission controller which injects -# environment variables into Builds. These values will default to their -# corresponding values above but you may set them independently. See BuildDefaults +# environment variables into Builds. These values will default to the global proxy +# config values. You only need to set these if they differ from the global settings +# above. See BuildDefaults # documentation at https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html -#openshift_builddefaults_http_proxy=openshift_http_proxy -#openshift_builddefaults_https_proxy=openshift_https_proxy -#openshift_builddefaults_no_proxy=openshift_noproxy -#openshift_builddefaults_git_http_proxy=openshift_builddefaults_http_proxy -#openshift_builddefaults_git_https_proxy=openshift_builddefaults_https_proxy +#openshift_builddefaults_http_proxy=http://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_https_proxy=https://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_no_proxy=build_defaults +#openshift_builddefaults_git_http_proxy=http://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_git_https_proxy=https://USER:PASSWORD@HOST:PORT # Or you may optionally define your own serialized as json #openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}' diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 28298d940..cfbb7ff8c 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -192,6 +192,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default pod eviction timeout #openshift_master_pod_eviction_timeout=5m +# Override the default oauth tokenConfig settings: +# openshift_master_access_token_max_seconds=86400 +# openshift_master_auth_token_max_seconds=500 + +# Override master servingInfo.maxRequestsInFlight +#openshift_master_max_requests_inflight=500 + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] @@ -313,9 +320,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## ## Storage Kind ## Specifies which storage kind will be used for the registry. -## nfs is the only supported kind at this time. +## "nfs" and "openstack" are supported kinds at this time. ##openshift_hosted_registry_storage_kind=nfs ## +## Persistent Volume Access Mode +## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce' +##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## +## Registry Volume Name +## Specify the storage volume name. This directory will be created +## within openshift_hosted_registry_storage_nfs_directory if +## specifying an [nfs] group. Ex. /exports/registry +## This variable must be supplied if using a pre-existing nfs server. +##openshift_hosted_registry_storage_volume_name=registry +## +## NFS Specific Options +## ## Storage Host ## This variable can be used to identify a pre-existing storage host ## if a storage host group corresponding to the storage kind (such as @@ -331,18 +351,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## This variable must be supplied if using a pre-existing nfs server. ##openshift_hosted_registry_storage_nfs_directory=/exports ## -## Registry Volume Name -## Specify the storage volume name. This directory will be created -## within openshift_hosted_registry_storage_nfs_directory if -## specifying an [nfs] group. Ex: /exports/registry -## This variable must be supplied if using a pre-existing nfs server. -##openshift_hosted_registry_storage_volume_name=registry +## Openstack Specific Options ## -## Persistent Volume Access Mode -##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## Openstack Volume ID +## Specify the identifier of the volume to use for the registry. +## At this time, the volume has to be created manually by the administrator. +##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57 +## +## Openstack Volume Size +##openshift_hosted_registry_storage_volume_size=10Gi +## +## Openstack Volume Filesystem +## Specify the filesystem that will be used when formatting the volume +##openshift_hosted_registry_storage_openstack_filesystem=ext4 # Configure node kubelet arguments -#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} # Configure logrotate scripts # See: https://github.com/nickhammond/ansible-logrotate @@ -370,19 +394,20 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # # Most environments don't require a proxy between openshift masters, nodes, and # etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and +# If all of your hosts share a common domain you may wish to disable this and # specify that domain above. -#openshift_generate_no_proxy_hosts: True +#openshift_generate_no_proxy_hosts=True # # These options configure the BuildDefaults admission controller which injects -# environment variables into Builds. These values will default to their -# corresponding values above but you may set them independently. See BuildDefaults +# environment variables into Builds. These values will default to the global proxy +# config values. You only need to set these if they differ from the global settings +# above. See BuildDefaults # documentation at https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html -#openshift_builddefaults_http_proxy=openshift_http_proxy -#openshift_builddefaults_https_proxy=openshift_https_proxy -#openshift_builddefaults_no_proxy=openshift_noproxy -#openshift_builddefaults_git_http_proxy=openshift_builddefaults_http_proxy -#openshift_builddefaults_git_https_proxy=openshift_builddefaults_https_proxy +#openshift_builddefaults_http_proxy=http://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_https_proxy=https://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_no_proxy=build_defaults +#openshift_builddefaults_git_http_proxy=http://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_git_https_proxy=https://USER:PASSWORD@HOST:PORT # Or you may optionally define your own serialized as json #openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}' diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 38adfe572..2a8d4c02b 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -188,6 +188,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default pod eviction timeout #openshift_master_pod_eviction_timeout=5m +# Override the default oauth tokenConfig settings: +# openshift_master_access_token_max_seconds=86400 +# openshift_master_auth_token_max_seconds=500 + +# Override master servingInfo.maxRequestsInFlight +#openshift_master_max_requests_inflight=500 + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs'] @@ -309,9 +316,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## ## Storage Kind ## Specifies which storage kind will be used for the registry. -## "nfs" is the only supported kind at this time. +## "nfs" and "openstack" are supported kinds at this time. ##openshift_hosted_registry_storage_kind=nfs ## +## Persistent Volume Access Mode +## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce' +##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## +## Registry Volume Name +## Specify the storage volume name. This directory will be created +## within openshift_hosted_registry_storage_nfs_directory if +## specifying an [nfs] group. Ex. /exports/registry +## This variable must be supplied if using a pre-existing nfs server. +##openshift_hosted_registry_storage_volume_name=registry +## +## NFS Specific Options +## ## Storage Host ## This variable can be used to identify a pre-existing storage host ## if a storage host group corresponding to the storage kind (such as @@ -327,18 +347,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## This variable must be supplied if using a pre-existing nfs server. ##openshift_hosted_registry_storage_nfs_directory=/exports ## -## Registry Volume Name -## Specify the storage volume name. This directory will be created -## within openshift_hosted_registry_storage_nfs_directory if -## specifying an [nfs] group Ex: /exports/registry -## This variable must be supplied if using a pre-existing nfs server. -##openshift_hosted_registry_storage_volume_name=registry +## Openstack Specific Options ## -## Persistent Volume Access Mode -##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## Openstack Volume ID +## Specify the identifier of the volume to use for the registry. +## At this time, the volume has to be created manually by the administrator. +##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57 +## +## Openstack Volume Size +##openshift_hosted_registry_storage_volume_size=10Gi +## +## Openstack Volume Filesystem +## Specify the filesystem that will be used when formatting the volume +##openshift_hosted_registry_storage_openstack_filesystem=ext4 # Configure node kubelet arguments -#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} # Configure logrotate scripts # See: https://github.com/nickhammond/ansible-logrotate @@ -366,19 +390,20 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # # Most environments don't require a proxy between openshift masters, nodes, and # etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and +# If all of your hosts share a common domain you may wish to disable this and # specify that domain above. -#openshift_generate_no_proxy_hosts: True +#openshift_generate_no_proxy_hosts=True # # These options configure the BuildDefaults admission controller which injects -# environment variables into Builds. These values will default to their -# corresponding values above but you may set them independently. See BuildDefaults +# environment variables into Builds. These values will default to the global proxy +# config values. You only need to set these if they differ from the global settings +# above. See BuildDefaults # documentation at https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html -#openshift_builddefaults_http_proxy=openshift_http_proxy -#openshift_builddefaults_https_proxy=openshift_https_proxy -#openshift_builddefaults_no_proxy=openshift_noproxy -#openshift_builddefaults_git_http_proxy=openshift_builddefaults_http_proxy -#openshift_builddefaults_git_https_proxy=openshift_builddefaults_https_proxy +#openshift_builddefaults_http_proxy=http://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_https_proxy=https://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_no_proxy=build_defaults +#openshift_builddefaults_git_http_proxy=http://USER:PASSWORD@HOST:PORT +#openshift_builddefaults_git_https_proxy=https://USER:PASSWORD@HOST:PORT # Or you may optionally define your own serialized as json #openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}' diff --git a/playbooks/common/openshift-master/library/modify_yaml.py b/library/modify_yaml.py index a4be10ca3..a4be10ca3 100755 --- a/playbooks/common/openshift-master/library/modify_yaml.py +++ b/library/modify_yaml.py diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 57cc726b5..c3102a9d9 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.87 +Version: 3.0.93 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -38,6 +38,7 @@ popd mkdir -p %{buildroot}%{_datadir}/%{name} mkdir -p %{buildroot}%{_datadir}/ansible/%{name} mkdir -p %{buildroot}%{_datadir}/ansible_plugins +cp -rp library %{buildroot}%{_datadir}/ansible/%{name}/ # openshift-ansible-bin install mkdir -p %{buildroot}%{_bindir} @@ -78,6 +79,8 @@ popd %files %doc LICENSE.md README* %dir %{_datadir}/ansible/%{name} +%{_datadir}/ansible/%{name}/library +%ghost %{_datadir}/ansible/%{name}/playbooks/common/openshift-master/library.rpmmoved # ---------------------------------------------------------------------------------- # openshift-ansible-docs subpackage @@ -110,11 +113,30 @@ BuildArch: noarch %files playbooks %{_datadir}/ansible/%{name}/playbooks +# We moved playbooks/common/openshift-master/library up to the top and replaced +# it with a symlink. RPM doesn't handle this so we have to do some pre-transaction +# magic. See https://fedoraproject.org/wiki/Packaging:Directory_Replacement +%pretrans playbooks -p <lua> +-- Define the path to directory being replaced below. +-- DO NOT add a trailing slash at the end. +path = "/usr/share/ansible/openshift-ansible/playbooks/common/openshift-master/library" +st = posix.stat(path) +if st and st.type == "directory" then + status = os.rename(path, path .. ".rpmmoved") + if not status then + suffix = 0 + while not status do + suffix = suffix + 1 + status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) + end + os.rename(path, path .. ".rpmmoved") + end +end +%package roles # ---------------------------------------------------------------------------------- # openshift-ansible-roles subpackage # ---------------------------------------------------------------------------------- -%package roles Summary: Openshift and Atomic Enterprise Ansible roles Requires: %{name} = %{version} Requires: %{name}-lookup-plugins = %{version} @@ -183,6 +205,135 @@ Atomic OpenShift Utilities includes %changelog +* Tue May 24 2016 Troy Dawson <tdawson@redhat.com> 3.0.93-1 +- Fixup spec file (tdawson@redhat.com) + +* Tue May 24 2016 Troy Dawson <tdawson@redhat.com> 3.0.92-1 +- Conditionally bind mount /usr/bin/docker-current when it is present (#1941) + (sdodson@redhat.com) + +* Tue May 24 2016 Troy Dawson <tdawson@redhat.com> 3.0.91-1 +- Removed the echo line and replaced it with inline comment. To keep 99-origin- + dns.sh from adding a new line in /etc/resolv.conf everytime the + NetworkManager dispatcher script is executed. (jnordell@redhat.com) +- Extend multiple login provider check to include origin. (abutcher@redhat.com) +- Allow multiple login providers post 3.2. (abutcher@redhat.com) +- Make rhel_subscribe role able to subscribe for OSE 3.2 (lhuard@amadeus.com) +- Ensure yum-utils installed. (abutcher@redhat.com) +- Remove newline from docker_options template string. (abutcher@redhat.com) +- Use systemctl restart docker instead of ansible service. + (dgoodwin@redhat.com) +- Use cluster hostname while generating certificate on the master nodes + (vishal.patil@nuagenetworks.net) +- Fix playbooks/openshift-master/library move to symlink (sdodson@redhat.com) +- Task "Update router image to current version" failed, if router not in + default namespace (jkroepke@users.noreply.github.com) +- docker-current was missing from the containerized atomic-openshift- + node.service file (maci.stgn@gmail.com) +- fixed issue with blank spaces instead commas as variables template separators + (j.david.nieto@gmail.com) +- Refactor where we compute no_proxy hostnames (sdodson@redhat.com) +- Fix for ansible v2 (sdodson@redhat.com) +- Fix rhel_subscribe (sdodson@redhat.com) +- remove interpolated g_all_hosts with_items arg from upgrade playbooks + (cboggs@rallydev.com) +- Set openshift.common.hostname early in playbook execution. + (abutcher@redhat.com) +- Fix 'recursive loop detected in template string' for upgrading variable. + (abutcher@redhat.com) +- a-o-i: No proxy questions for 3.0/3.1 (smunilla@redhat.com) +- Fix minor upgrades in 3.1 (sdodson@redhat.com) +- Don't pull cli image when we're not containerized (sdodson@redhat.com) +- Check consumed pools prior to attaching. (abutcher@redhat.com) + +* Mon May 16 2016 Troy Dawson <tdawson@redhat.com> 3.0.90-1 +- Fixes for openshift_docker_hosted_registry_insecure var. + (dgoodwin@redhat.com) +- Move latest to v1.2 (sdodson@redhat.com) +- Sync latest content (sdodson@redhat.com) +- Update default max-pods parameter (mwysocki@redhat.com) +- Allow overriding servingInfo.maxRequestsInFlight via + openshift_master_max_requests_inflight. (abutcher@redhat.com) +- update logging and metrics deployer templates (lmeyer@redhat.com) +- Update default max-pods parameter (maci.stgn@gmail.com) +- Block upgrading w/ ansible v2. (abutcher@redhat.com) +- Fixed openvswitch not upgrading. (dgoodwin@redhat.com) +- Do not upgrade containers to latest avail during a normal config run. + (dgoodwin@redhat.com) +- Update StringIO import for py2/3 compat. (abutcher@redhat.com) +- Fix mistaken quotes on proxy sysconfig variables. (dgoodwin@redhat.com) +- Sync comments with origin pr (sdodson@redhat.com) +- Use IP4_NAMESERVERS rather than DHCP4_DOMAIN_NAME_SERVERS + (sdodson@redhat.com) +- Remove vars_files on play includes for upgrade playbooks. + (abutcher@redhat.com) +- Document oauth token config inventory vars. (dgoodwin@redhat.com) +- Why is the node failing to start (sdodson@redhat.com) +- Move os_firewall out of openshift_common (sdodson@redhat.com) +- Remove old unused firewall rules (sdodson@redhat.com) +- Fix firewall rules (sdodson@redhat.com) +- Remove double evaluate_groups include. (abutcher@redhat.com) +- a-o-i: Write proxy variables (smunilla@redhat.com) +- Add support for Openstack based persistent volumes (sbaubeau@redhat.com) +- Fixes for flannel configuration. (abutcher@redhat.com) +- Initialize facts for all hosts. (abutcher@redhat.com) +- Fix version (sdodson@redhat.com) +- Fix cli_docker_additional_registries being erased during upgrade. + (dgoodwin@redhat.com) +- Unmask atomic-openshift-master on uninstall (sdodson@redhat.com) +- Add *.retry to gitignore. (abutcher@redhat.com) +- Move modify_yaml up into top level library directory (sdodson@redhat.com) +- Enable dnsmasq on all hosts (sdodson@redhat.com) +- Fixed the credentials (vishal.patil@nuagenetworks.net) +- Remove vars_files on play includes for byo, scaleup and restart playbooks. + (abutcher@redhat.com) +- Ensure ansible version greater than 1.9.4 (abutcher@redhat.com) +- Add oo_merge_hostvars filter for merging host & play variables. + (abutcher@redhat.com) +- Replace hostvars with vars for openshift env facts when ansible >= v2. + (abutcher@redhat.com) +- Add system:image-auditor role to ManageIQ SA (mtayer@redhat.com) +- Added extra install dependency on OSX (leenders.gert@gmail.com) +- Check and unmask iptables/firewalld. (abutcher@redhat.com) +- Default os_firewall_use_firewalld to false in os_firewall and remove + overrides. (abutcher@redhat.com) +- listen on all interfaces (sdodson@redhat.com) +- Fix configuration of dns_ip (sdodson@redhat.com) +- Fix markdown in roles/openshift_metrics/README.md (cben@redhat.com) +- use stat module instead of shell module and ls to check for rpm-ostree + (jdetiber@redhat.com) +- fix openstack template (sjenning@redhat.com) +- Remove duplicate oauth_template fact. (abutcher@redhat.com) +- Cleanup various deprecation warnings. (abutcher@redhat.com) +- Make NetworkManager failure friendlier (sdodson@redhat.com) +- README Updates (detiber@gmail.com) +- Remove deprecated online playbooks/roles (jdetiber@redhat.com) +- fix up variable references remove "online" support from bin/cluster + (jdetiber@redhat.com) +- Remove Ops specific ansible-tower aws playbooks (jdetiber@redhat.com) +- Fix inventory syntaxe (florian.lambert@enovance.com) +- Add openshift_docker_hosted_registry_insecure option (andrew@andrewklau.com) +- additional fixes (jdetiber@redhat.com) +- Fix templating issue with logging role (jdetiber@redhat.com) +- BuildDefaults are a kube admission controller not an openshift admission + controller (sdodson@redhat.com) +- a-o-i: More friendly proxy questions (smunilla@redhat.com) +- update tenand_id typo in example file (jialiu@redhat.com) +- Update hosts.ose.example (jialiu@redhat.com) +- update tenand_id typo in example file (jialiu@redhat.com) +- Update repos per inventory before upgrading (sdodson@redhat.com) +- Fix openshift_generate_no_proxy_hosts boolean (sdodson@redhat.com) +- Fix openshift_generate_no_proxy_hosts examples (sdodson@redhat.com) +- Fix inventory properties with raw booleans, again... (dgoodwin@redhat.com) +- Allow containerized deployment of dns role (jprovazn@redhat.com) + +* Mon May 09 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.89-1 +- Use yum swap to downgrade docker (sdodson@redhat.com) + +* Fri May 06 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.88-1 +- Open port 53 whenever we're unsure of version (sdodson@redhat.com) +- Fix unsafe boolean handling on use_dnsmasq (sdodson@redhat.com) + * Wed Apr 27 2016 Troy Dawson <tdawson@redhat.com> 3.0.87-1 - a-o-i-: Allow empty proxy (smunilla@redhat.com) - a-o-i: Populate groups for openshift_facts (smunilla@redhat.com) diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 0755d8bc5..e42fa214a 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -60,6 +60,7 @@ with_items: - etcd - firewalld + - atomic-openshift-master - name: Stop additional atomic services service: name={{ item }} state=stopped @@ -172,12 +173,12 @@ changed_when: False failed_when: False with_items: "{{ images_to_delete.results }}" - + - name: Remove sdn drop files - file: + file: path: /run/openshift-sdn state: absent - + - name: restart docker service: name: docker @@ -198,6 +199,12 @@ - /etc/systemd/system/atomic-openshift-master-api.service - /etc/systemd/system/atomic-openshift-master-controllers.service - /etc/systemd/system/atomic-openshift-node.service + - /etc/systemd/system/atomic-openshift-node-dep.service + - /etc/systemd/system/origin-master.service + - /etc/systemd/system/origin-master-api.service + - /etc/systemd/system/origin-master-controllers.service + - /etc/systemd/system/origin-node.service + - /etc/systemd/system/origin-node-dep.service - /etc/systemd/system/etcd_container.service - /etc/systemd/system/openvswitch.service - /etc/sysconfig/atomic-enterprise-master @@ -208,8 +215,15 @@ - /etc/sysconfig/atomic-openshift-master-api - /etc/sysconfig/atomic-openshift-master-controllers - /etc/sysconfig/atomic-openshift-node + - /etc/sysconfig/atomic-openshift-node-dep + - /etc/sysconfig/origin-master + - /etc/sysconfig/origin-master-api + - /etc/sysconfig/origin-master-controllers + - /etc/sysconfig/origin-node + - /etc/sysconfig/origin-node-dep - /etc/sysconfig/openshift-master - /etc/sysconfig/openshift-node + - /etc/sysconfig/openshift-node-dep - /etc/sysconfig/openvswitch - /etc/sysconfig/origin-master - /etc/sysconfig/origin-master-api diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml new file mode 100644 index 000000000..1c8d99341 --- /dev/null +++ b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml @@ -0,0 +1,18 @@ +--- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + +- include: ../../common/openshift-cluster/enable_dnsmasq.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml index 628a07752..76bfff9b6 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml @@ -1,13 +1,28 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 + fail: + msg: "Unsupported ansible version: {{ ansible_version }} found." + when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../../../common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml - vars_files: - - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}" vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" + # Do not allow adding hosts during upgrade. g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" + g_new_node_hosts: [] openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 8fadd2ce7..c17446162 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -1,13 +1,28 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 + fail: + msg: "Unsupported ansible version: {{ ansible_version }} found." + when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml - vars_files: - - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}" vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" + # Do not allow adding hosts during upgrade. g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" + g_new_node_hosts: [] openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml index 42078584b..99592d85a 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml @@ -1,12 +1,29 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 + fail: + msg: "Unsupported ansible version: {{ ansible_version }} found." + when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../../../common/openshift-cluster/evaluate_groups.yml vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" + # Do not allow adding hosts during upgrade. g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" + g_new_node_hosts: [] openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_deployment_type: "{{ deployment_type }}" - include: ../../../../common/openshift-cluster/upgrades/v3_1_minor/pre.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml index 0c91b51d6..24617620b 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -1,14 +1,54 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 + fail: + msg: "Unsupported ansible version: {{ ansible_version }} found." + when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts | default([]) + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../../../common/openshift-cluster/evaluate_groups.yml vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" + # Do not allow adding hosts during upgrade. g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" + g_new_node_hosts: [] openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_deployment_type: "{{ deployment_type }}" + +- name: Set oo_options + hosts: oo_all_hosts + tasks: + - set_fact: + openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}" + when: openshift_docker_additional_registries is not defined + - set_fact: + openshift_docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') }}" + when: openshift_docker_insecure_registries is not defined + - set_fact: + openshift_docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') }}" + when: openshift_docker_blocked_registries is not defined + - set_fact: + openshift_docker_options: "{{ lookup('oo_option', 'docker_options') }}" + when: openshift_docker_options is not defined + - set_fact: + openshift_docker_log_driver: "{{ lookup('oo_option', 'docker_log_driver') }}" + when: openshift_docker_log_driver is not defined + - set_fact: + openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}" + when: openshift_docker_log_options is not defined + - include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml vars: openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml index 990ddd2f2..a21aa257f 100644 --- a/playbooks/byo/rhel_subscribe.yml +++ b/playbooks/byo/rhel_subscribe.yml @@ -1,4 +1,22 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: openshift-cluster/cluster_hosts.yml + +- include: ../common/openshift-cluster/evaluate_groups.yml + - hosts: all vars: openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 99b36098a..903babc45 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,6 +1,8 @@ --- - include: evaluate_groups.yml +- include: initialize_facts.yml + - include: validate_hostnames.yml - name: Set oo_options diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml new file mode 100644 index 000000000..f2bcc872f --- /dev/null +++ b/playbooks/common/openshift-cluster/enable_dnsmasq.yml @@ -0,0 +1,66 @@ +--- +- include: evaluate_groups.yml + +- name: Load openshift_facts + hosts: oo_masters_to_config:oo_nodes_to_config + roles: + - openshift_facts + post_tasks: + - fail: msg="This playbook requires a master version of at least Origin 1.1 or OSE 3.1" + when: not openshift.common.version_gte_3_1_1_or_1_1_1 | bool + +- name: Reconfigure masters to listen on our new dns_port + hosts: oo_masters_to_config + handlers: + - include: ../../../roles/openshift_master/handlers/main.yml + vars: + os_firewall_allow: + - service: skydns tcp + port: "{{ openshift.master.dns_port }}/tcp" + - service: skydns udp + port: "{{ openshift.master.dns_port }}/udp" + roles: + - os_firewall + tasks: + - openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + use_dnsmasq: True + - role: master + local_facts: + dns_port: '8053' + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: dnsConfig.bindAddress + yaml_value: "{{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}" + notify: restart master + - meta: flush_handlers + +- name: Configure nodes for dnsmasq + hosts: oo_nodes_to_config + handlers: + - include: ../../../roles/openshift_node/handlers/main.yml + pre_tasks: + - openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + use_dnsmasq: True + - role: node + local_facts: + dns_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + vars: + openshift_deployment_type: "{{ deployment_type }}" + roles: + - openshift_node_dnsmasq + post_tasks: + - modify_yaml: + dest: "{{ openshift.common.config_base }}/node/node-config.yaml" + yaml_key: dnsIP + yaml_value: "{{ openshift.node.dns_ip }}" + notify: restart node diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml new file mode 100644 index 000000000..cda490b1f --- /dev/null +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -0,0 +1,10 @@ +--- +- name: Initialize host facts + hosts: oo_all_hosts + roles: + - openshift_facts + tasks: + - openshift_facts: + role: common + local_facts: + hostname: "{{ openshift_hostname | default(None) }}" diff --git a/playbooks/common/openshift-cluster/library b/playbooks/common/openshift-cluster/library new file mode 120000 index 000000000..d0b7393d3 --- /dev/null +++ b/playbooks/common/openshift-cluster/library @@ -0,0 +1 @@ +../../../library/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh index 96944a78b..9bbeff660 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh @@ -2,7 +2,7 @@ # Here we don't really care if this is a master, api, controller or node image. # We just need to know the version of one of them. -unit_file=$(ls /etc/systemd/system/${1}*.service | head -n1) +unit_file=$(ls /etc/systemd/system/${1}*.service | grep -v node-dep | head -n1) if [ ${1} == "origin" ]; then image_name="openshift/origin" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml index 51b108f6a..5b2bf9f93 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml @@ -36,7 +36,8 @@ - name: Ensure AOS 3.0.2 or Origin 1.0.6 hosts: oo_first_master tasks: - fail: This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later + - fail: + msg: "This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later" when: _new_version.stdout | version_compare('1.0.6','<') or ( _new_version.stdout | version_compare('3.0','>=' and _new_version.stdout | version_compare('3.0.2','<') ) - name: Update cluster policy diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml index 5e62b43a3..e5cfa58aa 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml @@ -12,7 +12,7 @@ openshift_version: "{{ openshift_pkg_version | default('') }}" tasks: - name: Upgrade master packages - command: "{{ ansible_pkg_mgr}} update -y {{ openshift.common.service_type }}-master{{ openshift_version }}" + command: "{{ ansible_pkg_mgr}} update-to -y {{ openshift.common.service_type }}-master{{ openshift_version }} {{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }}" when: not openshift.common.is_containerized | bool - name: Ensure python-yaml present for config upgrade @@ -63,7 +63,7 @@ - openshift_facts tasks: - name: Upgrade node packages - command: "{{ ansible_pkg_mgr }} update -y {{ openshift.common.service_type }}-node{{ openshift_version }}" + command: "{{ ansible_pkg_mgr }} update-to -y {{ openshift.common.service_type }}-node{{ openshift_version }} {{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }}" when: not openshift.common.is_containerized | bool - name: Restart node service diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 new file mode 120000 index 000000000..cf20e8959 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/atomic-openshift-master.j2
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker new file mode 120000 index 000000000..5a3dd12b3 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/docker
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster new file mode 120000 index 000000000..3ee319365 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/docker-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml index d9177e8a0..9ade795f2 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml @@ -10,5 +10,6 @@ register: docker_upgrade - name: Restart Docker - service: name=docker state=restarted + command: systemctl restart docker when: docker_upgrade | changed + diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster new file mode 120000 index 000000000..f44f8eb4f --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/native-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml index 3fd97ac14..31e76805c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml @@ -10,6 +10,7 @@ router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', 'v' + g_new_version ) }}" oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig" roles: + - openshift_manageiq # Create the new templates shipped in 3.2, existing templates are left # unmodified. This prevents the subsequent role definition for # openshift_examples from failing when trying to replace templates that do @@ -36,7 +37,7 @@ - name: Update router image to current version when: all_routers.rc == 0 command: > - {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p + {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -n {{ item['namespace'] }} -p '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' --api-version=v1 with_items: haproxy_routers @@ -51,7 +52,7 @@ - name: Update registry image to current version when: _default_registry.rc == 0 command: > - {{ oc_cmd }} patch dc/docker-registry -p + {{ oc_cmd }} patch dc/docker-registry -n default -p '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' --api-version=v1 diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml index 1dd47dc15..dd9843290 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -100,8 +100,8 @@ hosts: oo_masters_to_config:oo_nodes_to_config vars: target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" - openshift_docker_hosted_registry_insecure: True openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + upgrading: True handlers: - include: ../../../../../roles/openshift_master/handlers/main.yml - include: ../../../../../roles/openshift_node/handlers/main.yml @@ -110,7 +110,7 @@ # are modified to use the correct image tag. However, this can trigger a # docker restart if new configuration is laid down which would immediately # pull the latest image and defeat the purpose of these tasks. - - openshift_cli + - { role: openshift_cli } pre_tasks: - name: Clean package cache command: "{{ ansible_pkg_mgr }} clean all" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml index a91727ecd..c93bf2a17 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -27,12 +27,15 @@ hosts: oo_masters_to_config:oo_nodes_to_config roles: - { role: openshift_docker_facts } + vars: + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" tasks: - name: Pull Images command: > docker pull {{ item }}:latest with_items: - "{{ openshift.common.cli_image }}" + when: openshift.common.is_containerized | bool ############################################################################### # Upgrade Masters @@ -128,8 +131,8 @@ vars: origin_reconcile_bindings: "{{ deployment_type == 'origin' and g_new_version | version_compare('1.0.6', '>') }}" ent_reconcile_bindings: true - openshift_docker_hosted_registry_insecure: True openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + upgrading: True tasks: - name: Verifying the correct commandline tools are available shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}} diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml index 0f562e019..50e25984f 100644 --- a/playbooks/common/openshift-cluster/validate_hostnames.yml +++ b/playbooks/common/openshift-cluster/validate_hostnames.yml @@ -1,6 +1,4 @@ --- -- include: evaluate_groups.yml - - name: Gather and set facts for node hosts hosts: oo_nodes_to_config roles: diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 1f5e3aaff..125aab0ae 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -204,6 +204,7 @@ | oo_collect('openshift.common.all_hostnames') | oo_flatten | unique }}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" roles: - openshift_master_certificates post_tasks: @@ -346,6 +347,14 @@ openshift_master_count: "{{ openshift.master.master_count }}" openshift_master_session_auth_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_auth_secrets }}" openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}" + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + openshift_generate_no_proxy_hosts | default(True) | bool }}" pre_tasks: - name: Ensure certificate directory exists file: diff --git a/playbooks/common/openshift-master/library b/playbooks/common/openshift-master/library new file mode 120000 index 000000000..d0b7393d3 --- /dev/null +++ b/playbooks/common/openshift-master/library @@ -0,0 +1 @@ +../../../library/
\ No newline at end of file diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index f0bb91568..b3491ef8d 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -115,11 +115,14 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" - # TODO: configure these based on - # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of - # hardcoding - openshift_docker_hosted_registry_insecure: "{{ openshift.docker.hosted_registry_insecure | default(True) }}" openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - openshift_node @@ -128,11 +131,14 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" - # TODO: configure these based on - # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of - # hardcoding - openshift_docker_hosted_registry_insecure: "{{ openshift.docker.hosted_registry_insecure | default(True) }}" openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - openshift_node @@ -148,15 +154,15 @@ register: g_external_etcd_flannel_cert_stat_result when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) - set_fact: - etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results + etcd_client_flannel_certs_missing: "{{ False in g_external_etcd_flannel_cert_stat_result.results | oo_collect(attribute='stat.exists') - | list | intersect([false])}}" + | list }}" etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" etcd_cert_prefix: node.etcd- etcd_hostname: "{{ openshift.common.hostname }}" etcd_ip: "{{ openshift.common.ip }}" - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config | length > 0 and (openshift.common.use_flannel | bool) - name: Configure flannel etcd certificates hosts: oo_first_etcd @@ -166,9 +172,8 @@ pre_tasks: - set_fact: etcd_needing_client_certs: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + | oo_select_keys(groups['oo_nodes_to_config']) + | oo_filter_list('etcd_client_flannel_certs_missing') | default([]) }}" roles: - role: openshift_etcd_certificates when: openshift_use_flannel | default(false) | bool @@ -179,8 +184,7 @@ -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} . args: creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" - with_items: "{{ etcd_needing_client_certs | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + with_items: etcd_needing_client_certs | default([]) - name: Retrieve the etcd cert tarballs fetch: src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" @@ -188,8 +192,7 @@ flat: yes fail_on_missing: yes validate_checksum: yes - with_items: "{{ etcd_needing_client_certs | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + with_items: etcd_needing_client_certs | default([]) - name: Copy the external etcd flannel certs to the nodes hosts: oo_nodes_to_config @@ -200,12 +203,12 @@ file: path: "{{ openshift.common.config_base }}/node" state: directory - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - name: Unarchive the tarball on the master unarchive: src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz" dest: "{{ etcd_cert_config_dir }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - file: path: "{{ etcd_cert_config_dir }}/{{ item }}" owner: root @@ -215,7 +218,7 @@ - node.etcd-client.crt - node.etcd-client.key - node.etcd-ca.crt - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - name: Additional node config diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index e4a31c692..b9b2666fb 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -16,7 +16,7 @@ when: docker_storage_check.stat.exists | bool and not docker_version_result | skipped and docker_version_result.stdout | default('0.0', True) | version_compare('1.9', '>=') and docker_version | version_compare('1.9', '<') - name: Downgrade docker if necessary - command: "{{ ansible_pkg_mgr }} downgrade -y docker-{{ docker_version }}" + command: "{{ ansible_pkg_mgr }} swap -y docker-* docker-*{{ docker_version }}" register: docker_downgrade_result when: not docker_version_result | skipped and docker_version_result.stdout | default('0.0', True) | version_compare(docker_version, 'gt') @@ -69,7 +69,7 @@ reg_flag: --insecure-registry notify: - restart docker - + - name: Set Proxy Settings lineinfile: dest: /etc/sysconfig/docker diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml index b497a46c0..a9f130bb9 100644 --- a/roles/etcd_certificates/tasks/client.yml +++ b/roles/etcd_certificates/tasks/client.yml @@ -4,7 +4,7 @@ path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" state: directory mode: 0700 - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) - name: Create the client csr command: > @@ -19,7 +19,7 @@ ~ item.etcd_cert_prefix ~ 'client.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) - name: Sign and create the client crt command: > @@ -33,10 +33,10 @@ ~ item.etcd_cert_prefix ~ 'client.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) - file: src: "{{ etcd_ca_cert }}" dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" state: hard - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml index 934b8b805..223917ccd 100644 --- a/roles/etcd_certificates/tasks/server.yml +++ b/roles/etcd_certificates/tasks/server.yml @@ -4,7 +4,7 @@ path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" state: directory mode: 0700 - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Create the server csr command: > @@ -19,7 +19,7 @@ ~ item.etcd_cert_prefix ~ 'server.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Sign and create the server crt command: > @@ -33,7 +33,7 @@ ~ item.etcd_cert_prefix ~ 'server.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Create the peer csr command: > @@ -48,7 +48,7 @@ ~ item.etcd_cert_prefix ~ 'peer.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Sign and create the peer crt command: > @@ -62,10 +62,10 @@ ~ item.etcd_cert_prefix ~ 'peer.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - file: src: "{{ etcd_ca_cert }}" dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" state: hard - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) diff --git a/roles/nuage_master/defaults/main.yaml b/roles/nuage_master/defaults/main.yaml new file mode 100644 index 000000000..cf670a9e1 --- /dev/null +++ b/roles/nuage_master/defaults/main.yaml @@ -0,0 +1,4 @@ +--- +nuage_master_cspadminpasswd: "" +nuage_master_adminusername: admin +nuage_master_adminuserpasswd: admin diff --git a/roles/nuage_master/tasks/certificates.yml b/roles/nuage_master/tasks/certificates.yml index 0d3c69467..32b024487 100644 --- a/roles/nuage_master/tasks/certificates.yml +++ b/roles/nuage_master/tasks/certificates.yml @@ -10,7 +10,7 @@ - name: Create the req file command: > - openssl req -key "{{ nuage_ca_master_rest_server_key }}" -new -out "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -subj "/CN={{ ansible_nodename }}" + openssl req -key "{{ nuage_ca_master_rest_server_key }}" -new -out "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -subj "/CN={{ nuage_mon_rest_server_host }}" delegate_to: "{{ nuage_ca_master }}" - name: Generate the crt file diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml index d3536eb33..92e716a45 100644 --- a/roles/nuage_master/vars/main.yaml +++ b/roles/nuage_master/vars/main.yaml @@ -17,6 +17,8 @@ nuage_mon_rest_server_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodenam nuage_ca_master_rest_server_key: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.key" nuage_ca_master_rest_server_crt: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.crt" +nuage_mon_rest_server_host: "{{ openshift.master.cluster_hostname | default(openshift.common.hostname) }}" + nuage_master_crt_dir : /usr/share/nuage-openshift-monitor nuage_service_account: system:serviceaccount:default:nuage @@ -28,7 +30,3 @@ nuage_service_account_config: nuage_tasks: - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }} - -nuage_master_cspadminpasswd: '' -nuage_master_adminusername: 'admin' -nuage_master_adminuserpasswd: 'admin' diff --git a/roles/openshift_common/meta/main.yml b/roles/openshift_common/meta/main.yml index 02150406d..f1cf3e161 100644 --- a/roles/openshift_common/meta/main.yml +++ b/roles/openshift_common/meta/main.yml @@ -12,6 +12,5 @@ galaxy_info: categories: - cloud dependencies: -- role: os_firewall - role: openshift_facts - role: openshift_repos diff --git a/roles/openshift_docker/defaults/main.yml b/roles/openshift_docker/defaults/main.yml new file mode 100644 index 000000000..aebef75d6 --- /dev/null +++ b/roles/openshift_docker/defaults/main.yml @@ -0,0 +1,2 @@ +--- +upgrading: False diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml index 10f47f9b2..9c5887f76 100644 --- a/roles/openshift_docker/tasks/main.yml +++ b/roles/openshift_docker/tasks/main.yml @@ -2,20 +2,32 @@ # It's important that we don't explicitly pull this image here. Otherwise we # could result in upgrading a preinstalled environment. We'll have to set # openshift_image_tag correctly for upgrades. +- set_fact: + is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}" + # Does the host already have an image tag fact, used to determine if it's a new node + # in non-upgrade scenarios: + has_image_tag_fact: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag is defined }}" + - name: Set version when containerized command: > docker run --rm {{ openshift.common.cli_image }} version register: cli_image_version - when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is not defined + when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool) + +# Use the pre-existing image tag from system facts if present, and we're not upgrading. +# Ignores explicit openshift_image_tag if it's in the inventory, as this isn't an upgrade. +- set_fact: + l_image_tag: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag }}" + when: is_containerized | bool and not upgrading | bool and has_image_tag_fact | bool - set_fact: l_image_tag: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0] }}" - when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is not defined + when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool) - set_fact: l_image_tag: "{{ openshift_image_tag }}" - when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is defined + when: is_containerized | bool and openshift_image_tag is defined and (upgrading | bool or not has_image_tag_fact | bool) - name: Set post docker install facts openshift_facts: @@ -25,5 +37,5 @@ - role: docker local_facts: openshift_image_tag: "{{ l_image_tag | default(None) }}" - openshift_version: "{{ l_image_tag.split('-')[0] if l_image_tag is defined else '' | oo_image_tag_to_rpm_version }}" - when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool + openshift_version: "{{ l_image_tag.split('-')[0] | oo_image_tag_to_rpm_version if l_image_tag is defined else '' }}" + when: is_containerized | bool diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index 3acd2bba8..43359dcb5 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -32,10 +32,8 @@ docker_no_proxy: "{{ openshift.common.no_proxy | default(omit) }}" - set_fact: - docker_options: > - --insecure-registry={{ openshift.docker.hosted_registry_network }} - {{ openshift.docker.options | default ('') }} - when: openshift.docker.hosted_registry_insecure | default(False) | bool + docker_options: "--insecure-registry={{ openshift.docker.hosted_registry_network }} {{ openshift.docker.options | default ('') }}" + when: openshift.docker.hosted_registry_insecure | default(False) | bool and openshift.docker.hosted_registry_network is defined - set_fact: docker_options: "{{ openshift.docker.options | default(omit) }}" diff --git a/roles/openshift_examples/files/examples/latest b/roles/openshift_examples/files/examples/latest index 634650e09..f7e713306 120000 --- a/roles/openshift_examples/files/examples/latest +++ b/roles/openshift_examples/files/examples/latest @@ -1 +1 @@ -v1.1
\ No newline at end of file +v1.2
\ No newline at end of file diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json index 227c8d30e..0e618624b 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json @@ -54,7 +54,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "mongodb" ], @@ -96,7 +96,7 @@ "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p $MONGODB_ADMIN_PASSWORD -n 1 --noheaders"] + "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] } }, "livenessProbe": { @@ -125,10 +125,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json index 70c906f8e..07290b1ea 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json @@ -113,7 +113,7 @@ "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p $MONGODB_ADMIN_PASSWORD -n 1 --noheaders"] + "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] } }, "livenessProbe": { diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json index f4c118052..1457d288c 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json @@ -54,7 +54,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "mysql" ], diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json index c14f3c3df..39a71f25c 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json @@ -54,7 +54,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "postgresql" ], diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml index cc33f77d8..fd5841db7 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml @@ -105,6 +105,10 @@ items: value: ${IMAGE_PREFIX} - name: IMAGE_VERSION value: ${IMAGE_VERSION} + - name: IMAGE_PULL_SECRET + value: ${IMAGE_PULL_SECRET} + - name: INSECURE_REGISTRY + value: ${INSECURE_REGISTRY} - name: ENABLE_OPS_CLUSTER value: ${ENABLE_OPS_CLUSTER} - name: KIBANA_HOSTNAME @@ -174,14 +178,6 @@ items: secretName: logging-deployer parameters: - - description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "docker.io/openshift/origin-" - - - description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' - name: IMAGE_VERSION - value: "latest" - - description: "If true, set up to use a second ES cluster for ops logs." name: ENABLE_OPS_CLUSTER value: "false" @@ -288,3 +284,19 @@ items: description: "The mode that the deployer runs in." name: MODE value: "install" + - + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" + - + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" + - + description: 'Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry.' + name: IMAGE_PULL_SECRET + - + description: 'Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)' + name: INSECURE_REGISTRY + value: "false" + diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml index c620c46ec..8fb594ce8 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml @@ -91,7 +91,7 @@ parameters: - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION - value: "v0.1.0" + value: "latest" - description: "Internal URL for the master, for authentication retrieval" name: MASTER_URL diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json index 922e5bed8..370b8c764 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json @@ -166,7 +166,7 @@ "containers": [ { "name": "cakephp-mysql-example", - "image": "cakephp-mysql-example", + "image": " ", "ports": [ { "containerPort": 8080 @@ -276,7 +276,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "mysql" ], @@ -303,15 +303,27 @@ } }, "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], "containers": [ { "name": "mysql", - "image": "mysql", + "image": " ", "ports": [ { "containerPort": 3306 } ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/mysql/data" + } + ], "readinessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 5, diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json index 780faec55..dbf570f1f 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json @@ -155,7 +155,7 @@ "containers": [ { "name": "cakephp-example", - "image": "cakephp-example", + "image": " ", "ports": [ { "containerPort": 8080 diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json index c0fc02ae4..3b738480d 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json @@ -152,7 +152,7 @@ "containers": [ { "name": "dancer-mysql-example", - "image": "dancer-mysql-example", + "image": " ", "ports": [ { "containerPort": 8080 @@ -250,7 +250,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "mysql" ], @@ -277,15 +277,27 @@ } }, "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], "containers": [ { "name": "mysql", - "image": "mysql", + "image": " ", "ports": [ { "containerPort": 3306 } ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/mysql/data" + } + ], "readinessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 5, diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json index 1ea5a21a0..852f20102 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json @@ -155,7 +155,7 @@ "containers": [ { "name": "dancer-example", - "image": "dancer-example", + "image": " ", "ports": [ { "containerPort": 8080 diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json index 844201e7c..f044152b3 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json @@ -158,7 +158,7 @@ "containers": [ { "name": "django-psql-example", - "image": "django-psql-example", + "image": " ", "ports": [ { "containerPort": 8080 @@ -260,7 +260,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "postgresql" ], @@ -287,10 +287,16 @@ } }, "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], "containers": [ { "name": "postgresql", - "image": "postgresql", + "image": " ", "ports": [ { "containerPort": 5432 @@ -310,6 +316,12 @@ "value": "${DATABASE_NAME}" } ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/pgsql/data" + } + ], "readinessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 5, diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json index 38ef694f8..5740ee963 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json @@ -158,7 +158,7 @@ "containers": [ { "name": "django-example", - "image": "django-example", + "image": " ", "ports": [ { "containerPort": 8080 diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json index e464b5971..67fce4a46 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json @@ -5,7 +5,7 @@ "name": "jenkins-ephemeral", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "description": "Jenkins service, without persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } @@ -71,7 +71,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "jenkins" ], @@ -102,7 +102,7 @@ "containers": [ { "name": "jenkins", - "image": "${JENKINS_IMAGE}", + "image": "JENKINS_IMAGE", "readinessProbe": { "timeoutSeconds": 3, "initialDelaySeconds": 3, @@ -113,7 +113,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 30, + "initialDelaySeconds": 60, "httpGet": { "path": "/login", "port": 8080 @@ -182,7 +182,7 @@ { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", - "description": "Password for the Jenkins user.", + "description": "Password for the Jenkins 'admin' user.", "generate": "expression", "value": "password" } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json index 0d8dcffa1..ef04b4482 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json @@ -5,7 +5,7 @@ "name": "jenkins-persistent", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, with persistent storage. You must have persistent volumes available in your cluster to use this template.", + "description": "Jenkins service, with persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nYou must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } @@ -119,7 +119,7 @@ "containers": [ { "name": "jenkins", - "image": "${JENKINS_IMAGE}", + "image": "JENKINS_IMAGE", "readinessProbe": { "timeoutSeconds": 3, "initialDelaySeconds": 3, @@ -130,7 +130,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 30, + "initialDelaySeconds": 60, "httpGet": { "path": "/login", "port": 8080 @@ -199,7 +199,7 @@ { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", - "description": "Password for the Jenkins user.", + "description": "Password for the Jenkins 'admin' user.", "generate": "expression", "value": "password" }, diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json index 661bcbb69..4b64bd463 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json @@ -164,7 +164,7 @@ "containers": [ { "name": "nodejs-mongodb-example", - "image": "nodejs-mongodb-example", + "image": " ", "ports": [ { "containerPort": 8080 @@ -258,7 +258,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "mongodb" ], @@ -288,7 +288,7 @@ "containers": [ { "name": "mongodb", - "image": "mongodb", + "image": " ", "ports": [ { "containerPort": 27017 @@ -330,6 +330,20 @@ "limits": { "memory": "${MEMORY_MONGODB_LIMIT}" } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mongodb/data" + } + ] + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" } } ] diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json index 0518dfac7..0adb02a46 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json @@ -164,7 +164,7 @@ "containers": [ { "name": "nodejs-example", - "image": "nodejs-example", + "image": " ", "ports": [ { "containerPort": 8080 diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json index 6292cf3e7..82dd757ec 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json @@ -169,7 +169,7 @@ "containers": [ { "name": "rails-postgresql-example", - "image": "rails-postgresql-example", + "image": " ", "ports": [ { "containerPort": 8080 @@ -287,7 +287,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "postgresql" ], @@ -314,10 +314,16 @@ } }, "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], "containers": [ { "name": "postgresql", - "image": "postgresql", + "image": " ", "ports": [ { "containerPort": 5432 @@ -337,6 +343,12 @@ "port": 5432 } }, + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/pgsql/data" + } + ], "env": [ { "name": "POSTGRESQL_USER", diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 643984982..b13343776 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -19,8 +19,8 @@ EXAMPLES = ''' import ConfigParser import copy +import io import os -import StringIO import yaml from distutils.util import strtobool from distutils.version import LooseVersion @@ -499,12 +499,12 @@ def set_dnsmasq_facts_if_unset(facts): """ if 'common' in facts: - if 'use_dnsmasq' not in facts['common'] and facts['common']['version_gte_3_2_or_1_2']: + if 'use_dnsmasq' not in facts['common'] and safe_get_bool(facts['common']['version_gte_3_2_or_1_2']): facts['common']['use_dnsmasq'] = True else: facts['common']['use_dnsmasq'] = False if 'master' in facts and 'dns_port' not in facts['master']: - if facts['common']['use_dnsmasq']: + if safe_get_bool(facts['common']['use_dnsmasq']): facts['master']['dns_port'] = 8053 else: facts['master']['dns_port'] = 53 @@ -689,7 +689,7 @@ def set_etcd_facts_if_unset(facts): If anything goes wrong parsing these, the fact will not be set. """ - if 'master' in facts and facts['master']['embedded_etcd']: + if 'master' in facts and safe_get_bool(facts['master']['embedded_etcd']): etcd_facts = facts['etcd'] if 'etcd' in facts else dict() if 'etcd_data_dir' not in etcd_facts: @@ -716,8 +716,8 @@ def set_etcd_facts_if_unset(facts): # Read ETCD_DATA_DIR from /etc/etcd/etcd.conf: try: # Add a fake section for parsing: - ini_str = '[root]\n' + open('/etc/etcd/etcd.conf', 'r').read() - ini_fp = StringIO.StringIO(ini_str) + ini_str = unicode('[root]\n' + open('/etc/etcd/etcd.conf', 'r').read(), 'utf-8') + ini_fp = io.StringIO(ini_str) config = ConfigParser.RawConfigParser() config.readfp(ini_fp) etcd_data_dir = config.get('root', 'ETCD_DATA_DIR') @@ -1374,18 +1374,19 @@ def set_proxy_facts(facts): if 'common' in facts: common = facts['common'] if 'http_proxy' in common or 'https_proxy' in common: + if 'no_proxy' in common and \ + isinstance(common['no_proxy'], basestring): + common['no_proxy'] = common['no_proxy'].split(",") + elif 'no_proxy' not in common: + common['no_proxy'] = [] if 'generate_no_proxy_hosts' in common and \ - common['generate_no_proxy_hosts']: - if 'no_proxy' in common and \ - isinstance(common['no_proxy'], basestring): - common['no_proxy'] = common['no_proxy'].split(",") - else: - common['no_proxy'] = [] + safe_get_bool(common['generate_no_proxy_hosts']): if 'no_proxy_internal_hostnames' in common: common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(',')) common['no_proxy'].append('.' + common['dns_domain']) - common['no_proxy'].append(common['hostname']) - common['no_proxy'] = sort_unique(common['no_proxy']) + # We always add ourselves no matter what + common['no_proxy'].append(common['hostname']) + common['no_proxy'] = sort_unique(common['no_proxy']) facts['common'] = common if 'builddefaults' in facts: @@ -1701,7 +1702,8 @@ class OpenShiftFacts(object): oauth_grant_method='auto', scheduler_predicates=scheduler_predicates, scheduler_priorities=scheduler_priorities, - dynamic_provisioning_enabled=True) + dynamic_provisioning_enabled=True, + max_requests_inflight=500) if 'node' in roles: defaults['node'] = dict(labels={}, annotations={}, @@ -1710,7 +1712,7 @@ class OpenShiftFacts(object): set_node_ip=False) if 'docker' in roles: - docker = dict(disable_push_dockerhub=False) + docker = dict(disable_push_dockerhub=False, hosted_registry_insecure=True) version_info = get_docker_version_info() if version_info is not None: docker['api_version'] = version_info['api_version'] @@ -1735,6 +1737,9 @@ class OpenShiftFacts(object): nfs=dict( directory='/exports', options='*(rw,root_squash)'), + openstack=dict( + filesystem='ext4', + volumeID='123'), host=None, access_modes=['ReadWriteMany'], create_pv=True diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index ff726ae24..ca1a9b1e4 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -1,8 +1,8 @@ --- -- name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 +- name: Verify Ansible version is greater than or equal to 1.9.4 fail: msg: "Unsupported ansible version: {{ ansible_version }} found" - when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + when: not ansible_version.full | version_compare('1.9.4', 'ge') - name: Detecting Operating System stat: @@ -19,6 +19,10 @@ action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" when: not l_is_atomic | bool +- name: Ensure yum-utils is installed + action: "{{ ansible_pkg_mgr }} name=yum-utils state=present" + when: not l_is_atomic | bool + - name: Gather Cluster facts and set is_containerized if needed openshift_facts: role: common @@ -32,18 +36,8 @@ public_hostname: "{{ openshift_public_hostname | default(None) }}" public_ip: "{{ openshift_public_ip | default(None) }}" portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}" - -# had to be done outside of the above because hostname isn't yet set -- name: Gather hostnames for proxy configuration - openshift_facts: - role: common - local_facts: http_proxy: "{{ openshift_http_proxy | default(None) }}" https_proxy: "{{ openshift_https_proxy | default(None) }}" no_proxy: "{{ openshift_no_proxy | default(None) }}" generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" - no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" + no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}" diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index 2a651df65..de0a7000e 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -59,6 +59,16 @@ failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0" changed_when: osmiq_perm_task.rc == 0 +- name: Configure 3_2 role/user permissions + command: > + {{ openshift.common.admin_binary }} {{item}} + --config={{manage_iq_tmp_conf}} + with_items: "{{manage_iq_openshift_3_2_tasks}}" + register: osmiq_perm_3_2_task + failed_when: osmiq_perm_3_2_task.rc != 0 + changed_when: osmiq_perm_3_2_task.rc == 0 + when: openshift.common.version_gte_3_2_or_1_2 | bool + - name: Clean temporary configuration file command: > rm -f {{manage_iq_tmp_conf}} diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml index 69ee2cb4c..b2aed79c7 100644 --- a/roles/openshift_manageiq/vars/main.yml +++ b/roles/openshift_manageiq/vars/main.yml @@ -30,3 +30,6 @@ manage_iq_tasks: - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin - policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin - policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin + +manage_iq_openshift_3_2_tasks: + - policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 09bde6002..dbd62c80f 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -1,32 +1,4 @@ --- openshift_node_ips: [] - # TODO: update setting these values based on the facts -os_firewall_allow: -- service: etcd embedded - port: 4001/tcp -- service: api server https - port: "{{ openshift.master.api_port }}/tcp" -- service: api controllers https - port: "{{ openshift.master.controllers_port }}/tcp" -- service: skydns tcp - port: "{{ openshift.master.dns_port }}/tcp" -- service: skydns udp - port: "{{ openshift.master.dns_port }}/udp" -- service: Fluentd td-agent tcp - port: 24224/tcp -- service: Fluentd td-agent udp - port: 24224/udp -- service: pcsd - port: 2224/tcp -- service: Corosync UDP - port: 5404/udp -- service: Corosync UDP - port: 5405/udp -os_firewall_deny: -- service: api server http - port: 8080/tcp -- service: former etcd peer port - port: 7001/tcp - openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}" diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index e882e0b8b..d8834d27f 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -18,3 +18,25 @@ dependencies: - role: openshift_builddefaults - role: openshift_master_facts - role: openshift_hosted_facts +- role: os_firewall + os_firewall_allow: + - service: etcd embedded + port: 4001/tcp + - service: api server https + port: "{{ openshift.master.api_port }}/tcp" + - service: api controllers https + port: "{{ openshift.master.controllers_port }}/tcp" + - service: skydns tcp + port: "{{ openshift.master.dns_port }}/tcp" + - service: skydns udp + port: "{{ openshift.master.dns_port }}/udp" + - service: Fluentd td-agent tcp + port: 24224/tcp + - service: Fluentd td-agent udp + port: 24224/udp + - service: pcsd + port: 2224/tcp + - service: Corosync UDP + port: 5404/udp + - service: Corosync UDP + port: 5405/udp diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index fe0784ea2..63a54a0d9 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -139,7 +139,7 @@ - restart master api - set_fact: - translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1') }}" + translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1', openshift.common.version, openshift.common.deployment_type) }}" # TODO: add the validate parameter when there is a validation command to run - name: Create master config diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 4cf632841..026787421 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} -HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +HTTP_PROXY={{ openshift.common.http_proxy | default('') }} {% endif %} {% if 'https_proxy' in openshift.common %} -HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +HTTPS_PROXY={{ openshift.common.https_proxy | default('')}} {% endif %} {% if 'no_proxy' in openshift.common %} -NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }} {% endif %} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 48bb8a13f..17a10ae71 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -196,7 +196,7 @@ servingInfo: certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key - maxRequestsInFlight: 500 + maxRequestsInFlight: {{ openshift.master.max_requests_inflight }} requestTimeoutSeconds: 3600 {% if openshift.master.named_certificates %} namedCertificates: diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 01a8428a0..02c22e374 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} -HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +HTTP_PROXY={{ openshift.common.http_proxy | default('') }} {% endif %} {% if 'https_proxy' in openshift.common %} -HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +HTTPS_PROXY={{ openshift.common.https_proxy | default('')}} {% endif %} {% if 'no_proxy' in openshift.common %} -NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }} {% endif %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 89ccb1eed..644640577 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} -HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +HTTP_PROXY={{ openshift.common.http_proxy | default('') }} {% endif %} {% if 'https_proxy' in openshift.common %} -HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +HTTPS_PROXY={{ openshift.common.https_proxy | default('')}} {% endif %} {% if 'no_proxy' in openshift.common %} -NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }} {% endif %} diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 0cbbaffc2..896dd5e35 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -76,3 +76,4 @@ oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}" image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}" dynamic_provisioning_enabled: "{{ openshift_master_dynamic_provisioning_enabled | default(None) }}" + max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}" diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index ca29ad6e1..bee1bab90 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -44,9 +44,8 @@ shell: > {{ openshift.common.client_binary }} process -f \ /usr/share/openshift/examples/infrastructure-templates/{{ hawkular_type }}/metrics-deployer.yaml -v \ - HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }} USE_PERSISTENT_STORAGE={{ hawkular_persistence }} \ - METRIC_DURATION={{ openshift.hosted.metrics.duration }} METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} | - {{ openshift.common.client_binary }} create -n openshift-infra --config={{hawkular_tmp_conf}} -f - + HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }},USE_PERSISTENT_STORAGE={{ hawkular_persistence }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} \ + | {{ openshift.common.client_binary }} create -n openshift-infra --config={{hawkular_tmp_conf}} -f - register: oex_heapster_services failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0" changed_when: false diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 1a1dc8ede..df3f6ee65 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,8 +1,9 @@ --- +- name: restart openvswitch + service: name=openvswitch state=restarted + when: not (ovs_service_status_changed | default(false) | bool) + - name: restart node service: name={{ openshift.common.service_type }}-node state=restarted when: not (node_service_status_changed | default(false) | bool) -- name: restart openvswitch - service: name=openvswitch state=restarted - when: not (ovs_service_status_changed | default(false) | bool) diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index ca0c332ea..db1776632 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -17,4 +17,5 @@ dependencies: - role: openshift_common - role: openshift_node_dnsmasq when: openshift.common.use_dnsmasq +- role: os_firewall diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 06fde88af..e8bd13855 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -52,8 +52,9 @@ - name: Reload systemd units command: systemctl daemon-reload - when: openshift.common.is_containerized | bool and ( ( install_node_result | changed ) - or ( install_ovs_sysconfig | changed ) ) + when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed) + notify: + - restart node - name: Start and enable openvswitch docker service service: name=openvswitch.service enabled=yes state=started @@ -112,6 +113,16 @@ - name: Start and enable node service: name={{ openshift.common.service_type }}-node enabled=yes state=started register: node_start_result + ignore_errors: yes + +- name: Check logs on failure + command: journalctl -xe + register: node_failure + when: node_start_result | failed + +- name: Dump failure information + debug: var=node_failure + when: node_start_result | failed - set_fact: node_service_status_changed: "{{ node_start_result | changed }}" diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index be4b4ed61..e2a268260 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -1,6 +1,13 @@ # This file is included both in the openshift_master role and in the upgrade # playbooks. +- name: Install Node dependencies docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node-dep.service" + src: openshift.docker.node.dep.service + register: install_node_dep_result + when: openshift.common.is_containerized | bool + - name: Install Node docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" @@ -14,6 +21,8 @@ dest: /etc/sysconfig/openvswitch when: openshift.common.is_containerized | bool register: install_ovs_sysconfig + notify: + - restart openvswitch - name: Install OpenvSwitch docker service file template: diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service new file mode 100644 index 000000000..f66a78479 --- /dev/null +++ b/roles/openshift_node/templates/openshift.docker.node.dep.service @@ -0,0 +1,11 @@ +[Unit] +Requires=docker.service +After=docker.service +PartOf={{ openshift.common.service_type }}-node.service +Before={{ openshift.common.service_type }}-node.service + + +[Service] +ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" +ExecStop= +SyslogIdentifier={{ openshift.common.service_type }}-node-dep diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index 30f09b250..443e18498 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -8,11 +8,14 @@ Requires=docker.service Requires=openvswitch.service {% endif %} Wants={{ openshift.common.service_type }}-master.service +Requires={{ openshift.common.service_type }}-node-dep.service +After={{ openshift.common.service_type }}-node-dep.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node -ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev {{ openshift.node.node_image }}:${IMAGE_VERSION} +ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node SyslogIdentifier={{ openshift.common.service_type }}-node diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index 691fa32f3..0d7941e4c 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -8,10 +8,12 @@ # a pod would fail. # # To use this, -# Drop this script in /etc/NetworkManager/dispatcher.d/ -# systemctl restart NetworkManager -# Configure node-config.yaml to set dnsIP: to the ip address of this -# node +# - If this host is also a master, reconfigure master dnsConfig to listen on +# 8053 to avoid conflicts on port 53 and open port 8053 in the firewall +# - Drop this script in /etc/NetworkManager/dispatcher.d/ +# - systemctl restart NetworkManager +# - Configure node-config.yaml to set dnsIP: to the ip address of this +# node # # Test it: # host kubernetes.default.svc.cluster.local @@ -31,7 +33,8 @@ if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }') def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}') def_route_ip=$(/sbin/ip route get to ${def_route} | awk '{print $5}') - if [[ ${DEVICE_IFACE} == ${def_route_int} ]]; then + if [[ ${DEVICE_IFACE} == ${def_route_int} && \ + -n "${IP4_NAMESERVERS}" ]]; then if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then cat << EOF > /etc/dnsmasq.d/origin-dns.conf strict-order @@ -42,13 +45,12 @@ server=/30.172.in-addr.arpa/172.30.0.1 EOF fi # zero out our upstream servers list and feed it into dnsmasq - echo '' > /etc/dnsmasq.d/origin-upstream-dns.conf - for ns in ${DHCP4_DOMAIN_NAME_SERVERS}; do + echo -n > /etc/dnsmasq.d/origin-upstream-dns.conf + for ns in ${IP4_NAMESERVERS}; do echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf done systemctl restart dnsmasq - sed -i 's/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf - echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> /etc/resolv.conf + sed -i 's/^nameserver.*$/nameserver '"${def_route_ip}"' # updated by \/etc\/NetworkManager\/dispatcher.d\/99-origin-dns.sh/g' /etc/resolv.conf fi fi diff --git a/roles/rhel_subscribe/tasks/enterprise.yml b/roles/rhel_subscribe/tasks/enterprise.yml index 08540f440..c4aa7db6a 100644 --- a/roles/rhel_subscribe/tasks/enterprise.yml +++ b/roles/rhel_subscribe/tasks/enterprise.yml @@ -16,7 +16,7 @@ - fail: msg: "{{ ose_version }} is not a valid version for {{ deployment_type }} deployment type" when: ( deployment_type == 'enterprise' and ose_version not in ['3.0'] ) or - ( deployment_type in ['atomic-enterprise', 'openshift-enterprise'] and ose_version not in ['3.1'] ) + ( deployment_type in ['atomic-enterprise', 'openshift-enterprise'] and ose_version not in ['3.1', '3.2'] ) - name: Enable RHEL repositories command: subscription-manager repos \ diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml index 85e17ff9d..343020dce 100644 --- a/roles/rhel_subscribe/tasks/main.yml +++ b/roles/rhel_subscribe/tasks/main.yml @@ -37,8 +37,19 @@ register: openshift_pool_id changed_when: False +- name: Determine if OpenShift Pool Already Attached + command: subscription-manager list --consumed --matches="{{ rhel_subscription_pool }}" --pool-only + register: openshift_pool_attached + changed_when: False + when: openshift_pool_id.stdout == '' + +- fail: + msg: "Unable to find pool matching {{ rhel_subscription_pool }} in available or consumed pools" + when: openshift_pool_id.stdout == '' and openshift_pool_attached is defined and openshift_pool_attached.stdout == '' + - name: Attach to OpenShift Pool command: subscription-manager subscribe --pool {{ openshift_pool_id.stdout_lines[0] }} + when: openshift_pool_id.stdout != '' - include: enterprise.yml when: deployment_type in [ 'enterprise', 'atomic-enterprise', 'openshift-enterprise' ] and diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py index eacf340aa..c896a74b4 100644 --- a/utils/src/ooinstall/cli_installer.py +++ b/utils/src/ooinstall/cli_installer.py @@ -11,6 +11,7 @@ from ooinstall import OOConfig from ooinstall.oo_config import OOConfigInvalidHostError from ooinstall.oo_config import Host from ooinstall.variants import find_variant, get_variant_version_combos +from distutils.version import LooseVersion DEFAULT_ANSIBLE_CONFIG = '/usr/share/atomic-openshift-utils/ansible.cfg' DEFAULT_PLAYBOOK_DIR = '/usr/share/ansible/openshift-ansible/' @@ -594,7 +595,8 @@ https://docs.openshift.com/enterprise/latest/admin_guide/install/prerequisites.h oo_cfg.settings['master_routingconfig_subdomain'] = get_master_routingconfig_subdomain() click.clear() - if not oo_cfg.settings.get('openshift_http_proxy', None): + if not oo_cfg.settings.get('openshift_http_proxy', None) and \ + LooseVersion(oo_cfg.settings.get('variant_version', '0.0')) >= LooseVersion('3.2'): http_proxy, https_proxy, proxy_excludes = get_proxy_hostnames_and_excludes() oo_cfg.settings['openshift_http_proxy'] = http_proxy oo_cfg.settings['openshift_https_proxy'] = https_proxy diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py index 5ace63918..97aee0b53 100644 --- a/utils/src/ooinstall/openshift_ansible.py +++ b/utils/src/ooinstall/openshift_ansible.py @@ -135,6 +135,16 @@ def write_inventory_vars(base_inventory, multiple_masters, proxy): #base_inventory.write('openshift_image_tag=v{}\n'.format(CFG.settings.get('variant_version'))) base_inventory.write('openshift_image_tag=v{}\n'.format('3.1.1.6')) + if CFG.settings.get('openshift_http_proxy', ''): + base_inventory.write("openshift_http_proxy={}\n".format( + CFG.settings['openshift_http_proxy'])) + if CFG.settings.get('openshift_https_proxy', ''): + base_inventory.write("openshift_https_proxy={}\n".format( + CFG.settings['openshift_https_proxy'])) + if CFG.settings.get('openshift_no_proxy', ''): + base_inventory.write("openshift_no_proxy={}\n".format( + CFG.settings['openshift_no_proxy'])) + def write_host(host, inventory, schedulable=None): global CFG |