diff options
179 files changed, 1316 insertions, 1314 deletions
diff --git a/.gitignore b/.gitignore index 626065fe1..dcea26d60 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ multi_inventory.yaml .vagrant .tags* ansible.cfg +*.retry diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index c85cab6b2..4fc92f3c7 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.83-1 ./ +3.0.89-1 ./ @@ -1,19 +1,19 @@ -#OpenShift and Atomic Enterprise Ansible +[![Join the chat at https://gitter.im/openshift/openshift-ansible](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/openshift/openshift-ansible) -This repo contains Ansible code for OpenShift and Atomic Enterprise. +#OpenShift Ansible + +This repo contains Ansible code for OpenShift ##Setup - Install base dependencies: - Fedora: ``` - dnf install -y ansible-1.9.4 rubygem-thor rubygem-parseconfig util-linux pyOpenSSL libffi-devel python-cryptography + dnf install -y ansible-1.9.4 pyOpenSSL python-cryptography ``` - OSX: ``` # Install ansible 1.9.4 and python 2 brew install ansible python - # Required ruby gems - gem install thor parseconfig ``` - Setup for a specific cloud: - [AWS](README_AWS.md) @@ -40,6 +40,3 @@ This repo contains Ansible code for OpenShift and Atomic Enterprise. - [Best Practices Guide](docs/best_practices_guide.adoc) - [Core Concepts](docs/core_concepts_guide.adoc) - [Style Guide](docs/style_guide.adoc) - -###Feature Roadmap -Our Feature Roadmap is available on the OpenShift Origin Infrastructure [Trello board](https://trello.com/b/nbkIrqKa/openshift-origin-infrastructure). All ansible items will be tagged with [installv3]. diff --git a/README_AEP.md b/README_AEP.md index 739c4baeb..1b926f2ab 100644 --- a/README_AEP.md +++ b/README_AEP.md @@ -71,8 +71,8 @@ nodes # SSH user, this user should allow ssh based auth without requiring a password ansible_ssh_user=root -# If ansible_ssh_user is not root, ansible_sudo must be set to true -#ansible_sudo=true +# If ansible_ssh_user is not root, ansible_become must be set to true +#ansible_become=yes # See DEPLOYMENT_TYPES.md deployment_type=atomic-enterprise diff --git a/README_AWS.md b/README_AWS.md index 978905f68..467fccbd4 100644 --- a/README_AWS.md +++ b/README_AWS.md @@ -141,7 +141,7 @@ RHEL/CentOS/Fedora ``` OSX: ``` - pip install -U boto + pip install -U pyopenssl boto ``` @@ -178,9 +178,9 @@ Terminating a cluster Specifying a deployment type --------------------------- The --deployment-type flag can be passed to bin/cluster to specify the deployment type -1. To launch an online cluster (requires access to private repositories and amis): +1. To launch an OpenShift Enterprise cluster (requires a valid subscription): ``` - bin/cluster create aws --deployment-type=online <cluster-id> + bin/cluster create aws --deployment-type=openshift-enterprise <cluster-id> ``` Note: If no deployment type is specified, then the default is origin. diff --git a/README_vagrant.md b/README_vagrant.md index a0bb0afbb..bda474f14 100644 --- a/README_vagrant.md +++ b/README_vagrant.md @@ -42,7 +42,7 @@ vagrant provision Environment Variables --------------------- The following environment variables can be overriden: -- ``OPENSHIFT_DEPLOYMENT_TYPE`` (defaults to origin, choices: origin, enterprise, online) +- ``OPENSHIFT_DEPLOYMENT_TYPE`` (defaults to origin, choices: origin, openshift-enterprise) - ``OPENSHIFT_NUM_NODES`` (the number of nodes to create, defaults to 2) Note that if ``OPENSHIFT_DEPLOYMENT_TYPE`` is ``enterprise`` you should also specify environment variables related to ``subscription-manager`` which are used by the ``rhel_subscribe`` role: diff --git a/bin/cluster b/bin/cluster index fcab685ef..080bf244a 100755 --- a/bin/cluster +++ b/bin/cluster @@ -316,7 +316,7 @@ This wrapper is overriding the following ansible variables: meta_parser.add_argument('cluster_id', help='prefix for cluster VM names') meta_parser.add_argument('-t', '--deployment-type', - choices=['origin', 'online', 'enterprise', 'atomic-enterprise', 'openshift-enterprise'], + choices=['origin', 'atomic-enterprise', 'openshift-enterprise'], help='Deployment type. (default: origin)') meta_parser.add_argument('-o', '--option', action='append', help='options') diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 1230eca8f..e7409bf22 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -6,10 +6,13 @@ Custom filters for use in openshift-ansible """ from ansible import errors +from collections import Mapping +from distutils.version import LooseVersion from operator import itemgetter import OpenSSL.crypto import os import pdb +import pkg_resources import re import json import yaml @@ -70,6 +73,42 @@ class FilterModule(object): return merged @staticmethod + def oo_merge_hostvars(hostvars, variables, inventory_hostname): + """ Merge host and play variables. + + When ansible version is greater than or equal to 2.0.0, + merge hostvars[inventory_hostname] with variables (ansible vars) + otherwise merge hostvars with hostvars['inventory_hostname']. + + Ex: hostvars={'master1.example.com': {'openshift_variable': '3'}, + 'openshift_other_variable': '7'} + variables={'openshift_other_variable': '6'} + inventory_hostname='master1.example.com' + returns {'openshift_variable': '3', 'openshift_other_variable': '7'} + + hostvars=<ansible.vars.hostvars.HostVars object> (Mapping) + variables={'openshift_other_variable': '6'} + inventory_hostname='master1.example.com' + returns {'openshift_variable': '3', 'openshift_other_variable': '6'} + """ + if not isinstance(hostvars, Mapping): + raise errors.AnsibleFilterError("|failed expects hostvars is dictionary or object") + if not isinstance(variables, dict): + raise errors.AnsibleFilterError("|failed expects variables is a dictionary") + if not isinstance(inventory_hostname, basestring): + raise errors.AnsibleFilterError("|failed expects inventory_hostname is a string") + # pylint: disable=no-member + ansible_version = pkg_resources.get_distribution("ansible").version + merged_hostvars = {} + if LooseVersion(ansible_version) >= LooseVersion('2.0.0'): + merged_hostvars = FilterModule.oo_merge_dicts(hostvars[inventory_hostname], + variables) + else: + merged_hostvars = FilterModule.oo_merge_dicts(hostvars[inventory_hostname], + hostvars) + return merged_hostvars + + @staticmethod def oo_collect(data, attribute=None, filters=None): """ This takes a list of dict and collects all attributes specified into a list. If filter is specified then we will include all items that @@ -128,14 +167,14 @@ class FilterModule(object): returns [1, 3] """ - if not isinstance(data, dict): - raise errors.AnsibleFilterError("|failed expects to filter on a dict") + if not isinstance(data, Mapping): + raise errors.AnsibleFilterError("|failed expects to filter on a dict or object") if not isinstance(keys, list): raise errors.AnsibleFilterError("|failed expects first param is a list") # Gather up the values for the list of keys passed in - retval = [data[key] for key in keys if data.has_key(key)] + retval = [data[key] for key in keys if key in data] return retval @@ -299,7 +338,7 @@ class FilterModule(object): raise errors.AnsibleFilterError("|failed expects filter_attr is a str or unicode") # Gather up the values for the list of keys passed in - return [x for x in data if x.has_key(filter_attr) and x[filter_attr]] + return [x for x in data if filter_attr in x and x[filter_attr]] @staticmethod def oo_oc_nodes_matching_selector(nodes, selector): @@ -836,15 +875,18 @@ class FilterModule(object): def oo_image_tag_to_rpm_version(version, include_dash=False): """ Convert an image tag string to an RPM version if necessary Empty strings and strings that are already in rpm version format - are ignored. + are ignored. Also remove non semantic version components. Ex. v3.2.0.10 -> -3.2.0.10 + v1.2.0-rc1 -> -1.2.0 """ if not isinstance(version, basestring): raise errors.AnsibleFilterError("|failed expects a string or unicode") - + # TODO: Do we need to make this actually convert v1.2.0-rc1 into 1.2.0-0.rc1 + # We'd need to be really strict about how we build the RPM Version+Release if version.startswith("v"): version = version.replace("v", "") + version = version.split('-')[0] if include_dash: version = "-" + version @@ -882,5 +924,6 @@ class FilterModule(object): "oo_image_tag_to_rpm_version": self.oo_image_tag_to_rpm_version, "oo_merge_dicts": self.oo_merge_dicts, "oo_oc_nodes_matching_selector": self.oo_oc_nodes_matching_selector, - "oo_oc_nodes_with_label": self.oo_oc_nodes_with_label + "oo_oc_nodes_with_label": self.oo_oc_nodes_with_label, + "oo_merge_hostvars": self.oo_merge_hostvars, } diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index 34d9aef75..bb2f5ba7a 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -9,8 +9,14 @@ import sys import yaml from ansible import errors -from ansible.runner.filter_plugins.core import bool as ansible_bool +# pylint: disable=no-name-in-module,import-error +try: + # ansible-2.0 + from ansible.runner.filter_plugins.core import bool as ansible_bool +except ImportError: + # ansible-1.9.x + from ansible.plugins.filter.core import bool as ansible_bool class IdentityProviderBase(object): """ IdentityProviderBase @@ -527,9 +533,30 @@ class FilterModule(object): 'openshift-master.kubeconfig'] return certs + @staticmethod + def oo_htpasswd_users_from_file(file_contents): + ''' return a dictionary of htpasswd users from htpasswd file contents ''' + htpasswd_entries = {} + if not isinstance(file_contents, basestring): + raise errors.AnsibleFilterError("failed, expects to filter on a string") + for line in file_contents.splitlines(): + user = None + passwd = None + if len(line) == 0: + continue + if ':' in line: + user, passwd = line.split(':', 1) + + if user is None or len(user) == 0 or passwd is None or len(passwd) == 0: + error_msg = "failed, expects each line to be a colon separated string representing the user and passwd" + raise errors.AnsibleFilterError(error_msg) + htpasswd_entries[user] = passwd + return htpasswd_entries + def filters(self): ''' returns a mapping of filters to methods ''' return {"translate_idps": self.translate_idps, "validate_pcs_cluster": self.validate_pcs_cluster, - "certificates_to_synchronize": self.certificates_to_synchronize} + "certificates_to_synchronize": self.certificates_to_synchronize, + "oo_htpasswd_users_from_file": self.oo_htpasswd_users_from_file} diff --git a/filter_plugins/openshift_node.py b/filter_plugins/openshift_node.py index 4ef92ba03..22670cf79 100644 --- a/filter_plugins/openshift_node.py +++ b/filter_plugins/openshift_node.py @@ -26,7 +26,7 @@ class FilterModule(object): if openshift_dns_ip != None: return openshift_dns_ip - if bool(hostvars['openshift']['common']['version_gte_3_2_or_1_2']): + if bool(hostvars['openshift']['common']['use_dnsmasq']): return hostvars['ansible_default_ipv4']['address'] elif bool(hostvars['openshift']['common']['version_gte_3_1_or_1_1']): if 'openshift_master_cluster_vip' in hostvars: diff --git a/inventory/aws/hosts/hosts b/inventory/aws/hosts/hosts index bf4e0845a..3996e577e 100644 --- a/inventory/aws/hosts/hosts +++ b/inventory/aws/hosts/hosts @@ -1 +1 @@ -localhost ansible_connection=local ansible_sudo=no ansible_python_interpreter='/usr/bin/env python2' +localhost ansible_connection=local ansible_become=no ansible_python_interpreter='/usr/bin/env python2' diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index f0813bfed..185508608 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -14,9 +14,9 @@ lb # ssh agent. ansible_ssh_user=root -# If ansible_ssh_user is not root, ansible_sudo must be set to true and the +# If ansible_ssh_user is not root, ansible_become must be set to true and the # user must be configured for passwordless sudo -#ansible_sudo=true +#ansible_become=yes # Debug level for all Atomic Enterprise components (Defaults to 2) debug_level=2 @@ -87,12 +87,26 @@ deployment_type=atomic-enterprise # htpasswd auth openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] +# Defining htpasswd users +#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>' +# or +#openshift_master_htpasswd_file=<path to local pre-generated htpasswd file> # Allow all auth #openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] # LDAP auth #openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] +# Configuring the ldap ca certificate +#openshift_master_ldap_ca=<ca text> +# or +#openshift_master_ldap_ca_file=<path to local ca file to use> + +# Available variables for configuring certificates for other identity providers: +#openshift_master_openid_ca +#openshift_master_openid_ca_file +#openshift_master_request_header_ca +#openshift_master_request_header_ca_file # Cloud Provider Configuration # @@ -113,7 +127,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/ #openshift_cloudprovider_openstack_username=username #openshift_cloudprovider_openstack_password=password -#openshift_cloudprovider_openstack_tenand_id=tenant_id +#openshift_cloudprovider_openstack_tenant_id=tenant_id #openshift_cloudprovider_openstack_tenant_name=tenant_name #openshift_cloudprovider_openstack_region=region #openshift_cloudprovider_openstack_lb_subnet_id=subnet_id @@ -248,7 +262,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # will add the newly provided certificates to the cached set of certificates. # If you would like openshift_master_named_certificates to be overwritten with # the provided value, specify openshift_master_overwrite_named_certificates. -#openshift_master_overwrite_named_certificates: true +#openshift_master_overwrite_named_certificates=true # # Provide local certificate paths which will be deployed to masters #openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key"}] @@ -357,7 +371,36 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot # be used with 1.0 and 3.0. -# openshift_node_dnsmasq=False +# openshift_use_dnsmasq=False + +# Global Proxy Configuration +# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment +# variables for docker and master services. +#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT +#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT +#openshift_no_proxy='.hosts.example.com,some-host.com' +# +# Most environments don't require a proxy between openshift masters, nodes, and +# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. +# If all of your hosts share a common domain you may wish to disable this and +# specify that domain above. +#openshift_generate_no_proxy_hosts=True +# +# These options configure the BuildDefaults admission controller which injects +# environment variables into Builds. These values will default to their +# corresponding values above but you may set them independently. See BuildDefaults +# documentation at https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html +#openshift_builddefaults_http_proxy=openshift_http_proxy +#openshift_builddefaults_https_proxy=openshift_https_proxy +#openshift_builddefaults_no_proxy=openshift_noproxy +#openshift_builddefaults_git_http_proxy=openshift_builddefaults_http_proxy +#openshift_builddefaults_git_https_proxy=openshift_builddefaults_https_proxy +# Or you may optionally define your own serialized as json +#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}' + +# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default +#openshift_master_dynamic_provisioning_enabled=False + # host group for masters [masters] diff --git a/inventory/byo/hosts.openstack b/inventory/byo/hosts.openstack index 05df75c2f..ea7e905cb 100644 --- a/inventory/byo/hosts.openstack +++ b/inventory/byo/hosts.openstack @@ -10,7 +10,7 @@ lb # Set variables common for all OSEv3 hosts [OSEv3:vars] ansible_ssh_user=cloud-user -ansible_sudo=true +ansible_become=yes # Debug level for all OpenShift components (Defaults to 2) debug_level=2 diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 619227824..1891d4c58 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -15,9 +15,9 @@ nfs # ssh agent. ansible_ssh_user=root -# If ansible_ssh_user is not root, ansible_sudo must be set to true and the +# If ansible_ssh_user is not root, ansible_become must be set to true and the # user must be configured for passwordless sudo -#ansible_sudo=true +#ansible_become=yes # Debug level for all OpenShift components (Defaults to 2) debug_level=2 @@ -92,12 +92,26 @@ deployment_type=origin # htpasswd auth openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] +# Defining htpasswd users +#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>' +# or +#openshift_master_htpasswd_file=<path to local pre-generated htpasswd file> # Allow all auth #openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] # LDAP auth #openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] +# Configuring the ldap ca certificate +#openshift_master_ldap_ca=<ca text> +# or +#openshift_master_ldap_ca_file=<path to local ca file to use> + +# Available variables for configuring certificates for other identity providers: +#openshift_master_openid_ca +#openshift_master_openid_ca_file +#openshift_master_request_header_ca +#openshift_master_request_header_ca_file # Cloud Provider Configuration # @@ -118,7 +132,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/ #openshift_cloudprovider_openstack_username=username #openshift_cloudprovider_openstack_password=password -#openshift_cloudprovider_openstack_tenand_id=tenant_id +#openshift_cloudprovider_openstack_tenant_id=tenant_id #openshift_cloudprovider_openstack_tenant_name=tenant_name #openshift_cloudprovider_openstack_region=region #openshift_cloudprovider_openstack_lb_subnet_id=subnet_id @@ -253,7 +267,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # will add the newly provided certificates to the cached set of certificates. # If you would like openshift_master_named_certificates to be overwritten with # the provided value, specify openshift_master_overwrite_named_certificates. -#openshift_master_overwrite_named_certificates: true +#openshift_master_overwrite_named_certificates=true # # Provide local certificate paths which will be deployed to masters #openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key"}] @@ -362,7 +376,35 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot # be used with 1.0 and 3.0. -# openshift_node_dnsmasq=False +# openshift_use_dnsmasq=False + +# Global Proxy Configuration +# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment +# variables for docker and master services. +#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT +#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT +#openshift_no_proxy='.hosts.example.com,some-host.com' +# +# Most environments don't require a proxy between openshift masters, nodes, and +# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. +# If all of your hosts share a common domain you may wish to disable this and +# specify that domain above. +#openshift_generate_no_proxy_hosts=True +# +# These options configure the BuildDefaults admission controller which injects +# environment variables into Builds. These values will default to their +# corresponding values above but you may set them independently. See BuildDefaults +# documentation at https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html +#openshift_builddefaults_http_proxy=openshift_http_proxy +#openshift_builddefaults_https_proxy=openshift_https_proxy +#openshift_builddefaults_no_proxy=openshift_noproxy +#openshift_builddefaults_git_http_proxy=openshift_builddefaults_http_proxy +#openshift_builddefaults_git_https_proxy=openshift_builddefaults_https_proxy +# Or you may optionally define your own serialized as json +#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}' + +# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default +#openshift_master_dynamic_provisioning_enabled=False # host group for masters [masters] diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 75b1a1c0b..623e0811d 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -14,9 +14,9 @@ lb # ssh agent. ansible_ssh_user=root -# If ansible_ssh_user is not root, ansible_sudo must be set to true and the +# If ansible_ssh_user is not root, ansible_become must be set to true and the # user must be configured for passwordless sudo -#ansible_sudo=true +#ansible_become=yes # Debug level for all OpenShift components (Defaults to 2) debug_level=2 @@ -88,12 +88,26 @@ deployment_type=openshift-enterprise # htpasswd auth openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] +# Defining htpasswd users +#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>' +# or +#openshift_master_htpasswd_file=<path to local pre-generated htpasswd file> # Allow all auth #openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] # LDAP auth #openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] +# Configuring the ldap ca certificate +#openshift_master_ldap_ca=<ca text> +# or +#openshift_master_ldap_ca_file=<path to local ca file to use> + +# Available variables for configuring certificates for other identity providers: +#openshift_master_openid_ca +#openshift_master_openid_ca_file +#openshift_master_request_header_ca +#openshift_master_request_header_ca_file # Cloud Provider Configuration # @@ -114,7 +128,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/ #openshift_cloudprovider_openstack_username=username #openshift_cloudprovider_openstack_password=password -#openshift_cloudprovider_openstack_tenand_id=tenant_id +#openshift_cloudprovider_openstack_tenant_id=tenant_id #openshift_cloudprovider_openstack_tenant_name=tenant_name #openshift_cloudprovider_openstack_region=region #openshift_cloudprovider_openstack_lb_subnet_id=subnet_id @@ -249,7 +263,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # will add the newly provided certificates to the cached set of certificates. # If you would like openshift_master_named_certificates to be overwritten with # the provided value, specify openshift_master_overwrite_named_certificates. -#openshift_master_overwrite_named_certificates: true +#openshift_master_overwrite_named_certificates=true # # Provide local certificate paths which will be deployed to masters #openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key"}] @@ -358,7 +372,35 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot # be used with 1.0 and 3.0. -# openshift_node_dnsmasq=False +# openshift_use_dnsmasq=False + +# Global Proxy Configuration +# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment +# variables for docker and master services. +#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT +#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT +#openshift_no_proxy='.hosts.example.com,some-host.com' +# +# Most environments don't require a proxy between openshift masters, nodes, and +# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. +# If all of your hosts share a common domain you may wish to disable this and +# specify that domain above. +#openshift_generate_no_proxy_hosts=True +# +# These options configure the BuildDefaults admission controller which injects +# environment variables into Builds. These values will default to their +# corresponding values above but you may set them independently. See BuildDefaults +# documentation at https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html +#openshift_builddefaults_http_proxy=openshift_http_proxy +#openshift_builddefaults_https_proxy=openshift_https_proxy +#openshift_builddefaults_no_proxy=openshift_noproxy +#openshift_builddefaults_git_http_proxy=openshift_builddefaults_http_proxy +#openshift_builddefaults_git_https_proxy=openshift_builddefaults_https_proxy +# Or you may optionally define your own serialized as json +#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}' + +# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default +#openshift_master_dynamic_provisioning_enabled=False # host group for masters [masters] diff --git a/inventory/gce/hosts/hosts b/inventory/gce/hosts/hosts index bf4e0845a..3996e577e 100644 --- a/inventory/gce/hosts/hosts +++ b/inventory/gce/hosts/hosts @@ -1 +1 @@ -localhost ansible_connection=local ansible_sudo=no ansible_python_interpreter='/usr/bin/env python2' +localhost ansible_connection=local ansible_become=no ansible_python_interpreter='/usr/bin/env python2' diff --git a/inventory/libvirt/hosts/hosts b/inventory/libvirt/hosts/hosts index bf4e0845a..3996e577e 100644 --- a/inventory/libvirt/hosts/hosts +++ b/inventory/libvirt/hosts/hosts @@ -1 +1 @@ -localhost ansible_connection=local ansible_sudo=no ansible_python_interpreter='/usr/bin/env python2' +localhost ansible_connection=local ansible_become=no ansible_python_interpreter='/usr/bin/env python2' diff --git a/inventory/openstack/hosts/hosts b/inventory/openstack/hosts/hosts index 2d2194a4d..9b63e98f4 100644 --- a/inventory/openstack/hosts/hosts +++ b/inventory/openstack/hosts/hosts @@ -1 +1 @@ -localhost ansible_sudo=no ansible_python_interpreter='/usr/bin/env python2' connection=local +localhost ansible_become=no ansible_python_interpreter='/usr/bin/env python2' connection=local diff --git a/playbooks/common/openshift-master/library/modify_yaml.py b/library/modify_yaml.py index a4be10ca3..a4be10ca3 100755 --- a/playbooks/common/openshift-master/library/modify_yaml.py +++ b/library/modify_yaml.py diff --git a/lookup_plugins/oo_option.py b/lookup_plugins/oo_option.py index 35dce48f9..3fc46ab9b 100644 --- a/lookup_plugins/oo_option.py +++ b/lookup_plugins/oo_option.py @@ -17,14 +17,36 @@ This returns, by order of priority: * if none of the above conditions are met, empty string is returned ''' -from ansible.utils import template + import os +# pylint: disable=no-name-in-module,import-error,unused-argument,unused-variable,super-init-not-called,too-few-public-methods,missing-docstring +try: + # ansible-2.0 + from ansible.plugins.lookup import LookupBase +except ImportError: + # ansible-1.9.x + class LookupBase(object): + def __init__(self, basedir=None, runner=None, **kwargs): + self.runner = runner + self.basedir = self.runner.basedir + def get_basedir(self, variables): + return self.basedir + +# pylint: disable=no-name-in-module,import-error +try: + # ansible-2.0 + from ansible import template +except ImportError: + # ansible 1.9.x + from ansible.utils import template + + # Reason: disable too-few-public-methods because the `run` method is the only # one required by the Ansible API # Status: permanently disabled # pylint: disable=too-few-public-methods -class LookupModule(object): +class LookupModule(LookupBase): ''' oo_option lookup plugin main class ''' # Reason: disable unused-argument because Ansible is calling us with many diff --git a/lookup_plugins/sequence.py b/lookup_plugins/sequence.py deleted file mode 100644 index 8ca9e7b39..000000000 --- a/lookup_plugins/sequence.py +++ /dev/null @@ -1,215 +0,0 @@ -# (c) 2013, Jayson Vantuyl <jayson@aggressive.ly> -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see <http://www.gnu.org/licenses/>. - -from ansible.errors import AnsibleError -import ansible.utils as utils -from re import compile as re_compile, IGNORECASE - -# shortcut format -NUM = "(0?x?[0-9a-f]+)" -SHORTCUT = re_compile( - "^(" + # Group 0 - NUM + # Group 1: Start - "-)?" + - NUM + # Group 2: End - "(/" + # Group 3 - NUM + # Group 4: Stride - ")?" + - "(:(.+))?$", # Group 5, Group 6: Format String - IGNORECASE -) - - -class LookupModule(object): - """ - sequence lookup module - - Used to generate some sequence of items. Takes arguments in two forms. - - The simple / shortcut form is: - - [start-]end[/stride][:format] - - As indicated by the brackets: start, stride, and format string are all - optional. The format string is in the style of printf. This can be used - to pad with zeros, format in hexadecimal, etc. All of the numerical values - can be specified in octal (i.e. 0664) or hexadecimal (i.e. 0x3f8). - Negative numbers are not supported. - - Some examples: - - 5 -> ["1","2","3","4","5"] - 5-8 -> ["5", "6", "7", "8"] - 2-10/2 -> ["2", "4", "6", "8", "10"] - 4:host%02d -> ["host01","host02","host03","host04"] - - The standard Ansible key-value form is accepted as well. For example: - - start=5 end=11 stride=2 format=0x%02x -> ["0x05","0x07","0x09","0x0a"] - - This format takes an alternate form of "end" called "count", which counts - some number from the starting value. For example: - - count=5 -> ["1", "2", "3", "4", "5"] - start=0x0f00 count=4 format=%04x -> ["0f00", "0f01", "0f02", "0f03"] - start=0 count=5 stride=2 -> ["0", "2", "4", "6", "8"] - start=1 count=5 stride=2 -> ["1", "3", "5", "7", "9"] - - The count option is mostly useful for avoiding off-by-one errors and errors - calculating the number of entries in a sequence when a stride is specified. - """ - - def __init__(self, basedir, **kwargs): - """absorb any keyword args""" - self.basedir = basedir - - def reset(self): - """set sensible defaults""" - self.start = 1 - self.count = None - self.end = None - self.stride = 1 - self.format = "%d" - - def parse_kv_args(self, args): - """parse key-value style arguments""" - for arg in ["start", "end", "count", "stride"]: - try: - arg_raw = args.pop(arg, None) - if arg_raw is None: - continue - arg_cooked = int(arg_raw, 0) - setattr(self, arg, arg_cooked) - except ValueError: - raise AnsibleError( - "can't parse arg %s=%r as integer" - % (arg, arg_raw) - ) - if 'format' in args: - self.format = args.pop("format") - if args: - raise AnsibleError( - "unrecognized arguments to with_sequence: %r" - % args.keys() - ) - - def parse_simple_args(self, term): - """parse the shortcut forms, return True/False""" - match = SHORTCUT.match(term) - if not match: - return False - - _, start, end, _, stride, _, format = match.groups() - - if start is not None: - try: - start = int(start, 0) - except ValueError: - raise AnsibleError("can't parse start=%s as integer" % start) - if end is not None: - try: - end = int(end, 0) - except ValueError: - raise AnsibleError("can't parse end=%s as integer" % end) - if stride is not None: - try: - stride = int(stride, 0) - except ValueError: - raise AnsibleError("can't parse stride=%s as integer" % stride) - - if start is not None: - self.start = start - if end is not None: - self.end = end - if stride is not None: - self.stride = stride - if format is not None: - self.format = format - - def sanity_check(self): - if self.count is None and self.end is None: - raise AnsibleError( - "must specify count or end in with_sequence" - ) - elif self.count is not None and self.end is not None: - raise AnsibleError( - "can't specify both count and end in with_sequence" - ) - elif self.count is not None: - # convert count to end - if self.count != 0: - self.end = self.start + self.count * self.stride - 1 - else: - self.start = 0 - self.end = 0 - self.stride = 0 - del self.count - if self.stride > 0 and self.end < self.start: - raise AnsibleError("to count backwards make stride negative") - if self.stride < 0 and self.end > self.start: - raise AnsibleError("to count forward don't make stride negative") - if self.format.count('%') != 1: - raise AnsibleError("bad formatting string: %s" % self.format) - - def generate_sequence(self): - if self.stride > 0: - adjust = 1 - else: - adjust = -1 - numbers = xrange(self.start, self.end + adjust, self.stride) - - for i in numbers: - try: - formatted = self.format % i - yield formatted - except (ValueError, TypeError): - raise AnsibleError( - "problem formatting %r with %r" % self.format - ) - - def run(self, terms, inject=None, **kwargs): - results = [] - - terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject) - - if isinstance(terms, basestring): - terms = [ terms ] - - for term in terms: - try: - self.reset() # clear out things for this iteration - - try: - if not self.parse_simple_args(term): - self.parse_kv_args(utils.parse_kv(term)) - except Exception: - raise AnsibleError( - "unknown error parsing with_sequence arguments: %r" - % term - ) - - self.sanity_check() - if self.stride != 0: - results.extend(self.generate_sequence()) - except AnsibleError: - raise - except Exception, e: - raise AnsibleError( - "unknown error generating sequence: %s" % str(e) - ) - - return results diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 54de1ef5f..6a5695177 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.83 +Version: 3.0.89 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -183,6 +183,57 @@ Atomic OpenShift Utilities includes %changelog +* Mon May 09 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.89-1 +- Use yum swap to downgrade docker (sdodson@redhat.com) + +* Fri May 06 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.88-1 +- Open port 53 whenever we're unsure of version (sdodson@redhat.com) +- Fix unsafe boolean handling on use_dnsmasq (sdodson@redhat.com) + +* Wed Apr 27 2016 Troy Dawson <tdawson@redhat.com> 3.0.87-1 +- a-o-i-: Allow empty proxy (smunilla@redhat.com) +- a-o-i: Populate groups for openshift_facts (smunilla@redhat.com) +- Replace sudo with become when accessing deployment_vars. + (abutcher@redhat.com) +- Port lookup plugins to ansible v2. (abutcher@redhat.com) +- Add masterConfig.volumeConfig.dynamicProvisioningEnabled (sdodson@redhat.com) + +* Tue Apr 26 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.86-1 +- Don't set empty HTTP_PROXY, HTTPS_PROXY, NO_PROXY values (sdodson@redhat.com) +- a-o-i tests: Update attended tests for proxy (smunilla@redhat.com) +- Move portal_net from openshift_common to openshift_facts. + (abutcher@redhat.com) +- Apply openshift_common to all masters prior to creating certificates for + portal_net. (abutcher@redhat.com) +- Access portal_net in common facts. (abutcher@redhat.com) +- Add support for setting identity provider custom values (jdetiber@redhat.com) +- port filter_plugins to ansible2 (tob@butter.sh) +- a-o-i: Update prompt when asking for proxy (smunilla@redhat.com) +- a-o-i: UI additions for proxies (smunilla@redhat.com) + +* Mon Apr 25 2016 Troy Dawson <tdawson@redhat.com> 3.0.85-1 +- Fix backward compat for osm_default_subdomain (jdetiber@redhat.com) +- Replace deprecated sudo with become. (abutcher@redhat.com) +- Fix image version handling for v1.2.0-rc1 (sdodson@redhat.com) +- Pod must be recreated for the upgrade (bleanhar@redhat.com) +- openshift_etcd_facts should rely on openshift_facts not openshift_common + (jdetiber@redhat.com) +- Sort and de-dupe no_proxy list (sdodson@redhat.com) +- openshift-metrics: adding duration and resolution options + (efreiber@redhat.com) +- Changed service account creation to ansible (vishal.patil@nuagenetworks.net) +- As per https://github.com/openshift/openshift- + ansible/issues/1795#issuecomment-213873564, renamed openshift_node_dnsmasq to + openshift_use_dnsmasq where applicable. Fixes 1795 (donovan@switchbit.io) +- Add global proxy configuration (sdodson@redhat.com) +- remove duplicate register: (tob@butter.sh) + +* Fri Apr 22 2016 Troy Dawson <tdawson@redhat.com> 3.0.84-1 +- Fix for docker not present (jdetiber@redhat.com) +- Reconcile roles in additive-only mode on upgrade (jliggitt@redhat.com) +- Set etcd_hostname and etcd_ip for masters w/ external etcd. + (abutcher@redhat.com) + * Thu Apr 21 2016 Troy Dawson <tdawson@redhat.com> 3.0.83-1 - a-o-i: Correct bug with default storage host (smunilla@redhat.com) - Only add new sccs (bleanhar@redhat.com) @@ -208,7 +259,7 @@ Atomic OpenShift Utilities includes - Fix router selector fact migration and match multiple selectors when counting nodes. (abutcher@redhat.com) - Fixing the spec for PR 1734 (bleanhar@redhat.com) -- Add openshift_node_dnsmasq (sdodson@redhat.com) +- Add openshift_use_dnsmasq (sdodson@redhat.com) - Promote portal_net to openshift.common, add kube_svc_ip (sdodson@redhat.com) - Add example inventories to docs, install docs by default (sdodson@redhat.com) - Fix use of JSON inventory vars with raw booleans. (dgoodwin@redhat.com) diff --git a/playbooks/adhoc/atomic_openshift_tutorial_reset.yml b/playbooks/adhoc/atomic_openshift_tutorial_reset.yml index c14d08e87..5a5a00ea4 100644 --- a/playbooks/adhoc/atomic_openshift_tutorial_reset.yml +++ b/playbooks/adhoc/atomic_openshift_tutorial_reset.yml @@ -8,7 +8,7 @@ - hosts: - OSEv3:children - sudo: yes + become: yes tasks: - shell: docker ps -a -q | xargs docker stop diff --git a/playbooks/adhoc/noc/filter_plugins b/playbooks/adhoc/noc/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/adhoc/noc/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/adhoc/noc/roles b/playbooks/adhoc/noc/roles deleted file mode 120000 index 20c4c58cf..000000000 --- a/playbooks/adhoc/noc/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles
\ No newline at end of file diff --git a/playbooks/adhoc/setupnfs.yml b/playbooks/adhoc/setupnfs.yml index 5f3631fcf..fd489dc70 100644 --- a/playbooks/adhoc/setupnfs.yml +++ b/playbooks/adhoc/setupnfs.yml @@ -1,7 +1,7 @@ --- ### This playbook is old and we are currently not using NFS. - hosts: tag_Name_nfs-v3-stg - sudo: no + become: no remote_user: root gather_facts: no roles: diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index b9c2a2714..a407e326b 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -10,7 +10,7 @@ - hosts: - OSEv3:children - sudo: yes + become: yes tasks: - name: Detecting Operating System @@ -60,6 +60,7 @@ with_items: - etcd - firewalld + - atomic-openshift-master - name: Stop additional atomic services service: name={{ item }} state=stopped @@ -243,7 +244,7 @@ command: systemctl daemon-reload - hosts: nodes - sudo: yes + become: yes tasks: - name: restart docker service: name=docker state=restarted diff --git a/playbooks/aws/ansible-tower/config.yml b/playbooks/aws/ansible-tower/config.yml deleted file mode 100644 index eb3f1a1da..000000000 --- a/playbooks/aws/ansible-tower/config.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: "populate oo_hosts_to_config host group if needed" - hosts: localhost - gather_facts: no - connection: local - become: no - tasks: - - name: Evaluate oo_host_group_exp if it's set - add_host: "name={{ item }} groups=oo_hosts_to_config" - with_items: "{{ oo_host_group_exp | default(['']) }}" - when: oo_host_group_exp is defined - -- name: "Configure instances" - hosts: oo_hosts_to_config - connection: ssh - user: root - vars_files: - - vars.yml - - "vars.{{ oo_env }}.yml" - roles: - - os_ipv6_disable - - ansible - - ansible_tower - - os_env_extras diff --git a/playbooks/aws/ansible-tower/filter_plugins b/playbooks/aws/ansible-tower/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/aws/ansible-tower/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/aws/ansible-tower/launch.yml b/playbooks/aws/ansible-tower/launch.yml deleted file mode 100644 index d40529435..000000000 --- a/playbooks/aws/ansible-tower/launch.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -- name: Launch instance(s) - hosts: localhost - connection: local - become: no - gather_facts: no - - vars: - inst_region: us-east-1 - rhel7_ami: ami-9101c8fa - user_data_file: user_data.txt - - vars_files: - - vars.yml - - "vars.{{ oo_env }}.yml" - - tasks: - - name: Launch instances in VPC - ec2: - state: present - region: "{{ inst_region }}" - keypair: mmcgrath_libra - group_id: "{{ oo_security_group_ids }}" - instance_type: c4.xlarge - image: "{{ rhel7_ami }}" - count: "{{ oo_new_inst_names | length }}" - user_data: "{{ lookup('file', user_data_file) }}" - wait: yes - assign_public_ip: "{{ oo_assign_public_ip }}" - vpc_subnet_id: "{{ oo_vpc_subnet_id }}" - register: ec2 - - - name: Add Name and environment tags to instances - ec2_tag: "resource={{ item.1.id }} region={{ inst_region }} state=present" - with_together: - - oo_new_inst_names - - ec2.instances - args: - tags: - Name: "{{ item.0 }}" - - - name: Add other tags to instances - ec2_tag: "resource={{ item.id }} region={{ inst_region }} state=present" - with_items: ec2.instances - args: - tags: "{{ oo_new_inst_tags }}" - - - name: Add new instances public IPs to oo_hosts_to_config - add_host: "hostname={{ item.0 }} ansible_ssh_host={{ item.1.public_ip }} groupname=oo_hosts_to_config" - with_together: - - oo_new_inst_names - - ec2.instances - - - debug: var=ec2 - - - name: Wait for ssh - wait_for: "port=22 host={{ item.public_ip }}" - with_items: ec2.instances - - - name: Wait for root user setup - command: "ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null root@{{ item.public_ip }} echo root user is setup" - register: result - until: result.rc == 0 - retries: 20 - delay: 10 - with_items: ec2.instances - -- name: Initial setup - hosts: oo_hosts_to_config - user: root - gather_facts: true - - tasks: - - - name: Update All Things - action: "{{ ansible_pkg_mgr }} name=* state=latest" - -# Apply the configs, seprate so that just the configs can be run by themselves -- include: config.yml diff --git a/playbooks/aws/ansible-tower/roles b/playbooks/aws/ansible-tower/roles deleted file mode 120000 index 20c4c58cf..000000000 --- a/playbooks/aws/ansible-tower/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles
\ No newline at end of file diff --git a/playbooks/aws/ansible-tower/user_data.txt b/playbooks/aws/ansible-tower/user_data.txt deleted file mode 100644 index 643d17c32..000000000 --- a/playbooks/aws/ansible-tower/user_data.txt +++ /dev/null @@ -1,6 +0,0 @@ -#cloud-config -disable_root: 0 - -system_info: - default_user: - name: root diff --git a/playbooks/aws/ansible-tower/vars.ops.yml b/playbooks/aws/ansible-tower/vars.ops.yml deleted file mode 100644 index feb5d786a..000000000 --- a/playbooks/aws/ansible-tower/vars.ops.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -oo_env_long: operations -oo_zabbix_hostgroups: ['OPS Environment'] -oo_vpc_subnet_id: subnet-4f0bdd38 # USE OPS -oo_assign_public_ip: yes -oo_security_group_ids: - - sg-02c2f267 # Libra (vpc) - - sg-7fc4f41a # ops (vpc) - - sg-4dc26829 # ops_tower (vpc) diff --git a/playbooks/aws/ansible-tower/vars.yml b/playbooks/aws/ansible-tower/vars.yml deleted file mode 100644 index ed97d539c..000000000 --- a/playbooks/aws/ansible-tower/vars.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/playbooks/aws/openshift-cluster/add_nodes.yml b/playbooks/aws/openshift-cluster/add_nodes.yml index 3d88e6b23..0e8eb90c1 100644 --- a/playbooks/aws/openshift-cluster/add_nodes.yml +++ b/playbooks/aws/openshift-cluster/add_nodes.yml @@ -6,14 +6,9 @@ gather_facts: no vars_files: - vars.yml - - ["vars.{{ deployment_type }}.{{ cluster_id }}.yml", vars.defaults.yml] vars: oo_extend_env: True tasks: - - fail: - msg: Deployment type not supported for aws provider yet - when: deployment_type == 'enterprise' - - include: ../../common/openshift-cluster/tasks/set_node_launch_facts.yml vars: type: "compute" diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml index 66ff3e5b8..8402b3579 100644 --- a/playbooks/aws/openshift-cluster/config.yml +++ b/playbooks/aws/openshift-cluster/config.yml @@ -4,7 +4,7 @@ - ../../aws/openshift-cluster/cluster_hosts.yml vars: g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo: "{{ deployment_vars[deployment_type].sudo }}" + g_sudo: "{{ deployment_vars[deployment_type].become }}" g_nodeonmaster: true openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: "{{ debug_level }}" @@ -13,7 +13,9 @@ openshift_registry_selector: 'type=infra' openshift_hosted_router_selector: 'type=infra' openshift_infra_nodes: "{{ g_infra_hosts }}" - openshift_node_labels: '{"region": "{{ ec2_region }}", "type": "{{ hostvars[inventory_hostname]["ec2_tag_sub-host-type"] if inventory_hostname in groups["tag_host-type_node"] else hostvars[inventory_hostname]["ec2_tag_host-type"] }}"}' + openshift_node_labels: + region: "{{ deployment_vars[deployment_type].region }}" + type: "{{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] if inventory_hostname in groups['tag_host-type_node'] else hostvars[inventory_hostname]['ec2_tag_host-type'] }}" openshift_master_cluster_method: 'native' openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" diff --git a/playbooks/aws/openshift-cluster/launch.yml b/playbooks/aws/openshift-cluster/launch.yml index 15b83dfad..3edace493 100644 --- a/playbooks/aws/openshift-cluster/launch.yml +++ b/playbooks/aws/openshift-cluster/launch.yml @@ -6,12 +6,7 @@ gather_facts: no vars_files: - vars.yml - - ["vars.{{ deployment_type }}.{{ cluster_id }}.yml", vars.defaults.yml] tasks: - - fail: - msg: Deployment type not supported for aws provider yet - when: deployment_type == 'enterprise' - - include: ../../common/openshift-cluster/tasks/set_etcd_launch_facts.yml - include: tasks/launch_instances.yml vars: diff --git a/playbooks/aws/openshift-cluster/list.yml b/playbooks/aws/openshift-cluster/list.yml index 8b41a355e..a542b4ca3 100644 --- a/playbooks/aws/openshift-cluster/list.yml +++ b/playbooks/aws/openshift-cluster/list.yml @@ -15,7 +15,7 @@ name: "{{ item }}" groups: oo_list_hosts ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: groups[scratch_group] | default([]) | difference(['localhost']) - name: List Hosts diff --git a/playbooks/aws/openshift-cluster/scaleup.yml b/playbooks/aws/openshift-cluster/scaleup.yml index 7e3a47964..6fa9142a0 100644 --- a/playbooks/aws/openshift-cluster/scaleup.yml +++ b/playbooks/aws/openshift-cluster/scaleup.yml @@ -12,7 +12,7 @@ name: "{{ item }}" groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: "{{ groups.nodes_to_add }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml @@ -24,7 +24,7 @@ vars: g_new_node_hosts: "{{ groups.nodes_to_add }}" g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo: "{{ deployment_vars[deployment_type].sudo }}" + g_sudo: "{{ deployment_vars[deployment_type].become }}" g_nodeonmaster: true openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: "{{ debug_level }}" diff --git a/playbooks/aws/openshift-cluster/service.yml b/playbooks/aws/openshift-cluster/service.yml index d5f7d6b19..f7f4812bb 100644 --- a/playbooks/aws/openshift-cluster/service.yml +++ b/playbooks/aws/openshift-cluster/service.yml @@ -16,7 +16,7 @@ name: "{{ item }}" groups: g_service_masters ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: "{{ master_hosts | default([]) }}" - name: Evaluate g_service_nodes @@ -24,7 +24,7 @@ name: "{{ item }}" groups: g_service_nodes ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: "{{ node_hosts | default([]) }}" - include: ../../common/openshift-node/service.yml diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml index 63be06ecf..7d5776ae6 100644 --- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml @@ -8,80 +8,50 @@ sub_host_type: "{{ g_sub_host_type }}" - set_fact: - ec2_region: "{{ lookup('env', 'ec2_region') - | default(deployment_vars[deployment_type].region, true) }}" - when: ec2_region is not defined -- set_fact: - ec2_image_name: "{{ lookup('env', 'ec2_image_name') - | default(deployment_vars[deployment_type].image_name, true) }}" - when: ec2_image_name is not defined and ec2_image is not defined -- set_fact: - ec2_image: "{{ lookup('env', 'ec2_image') - | default(deployment_vars[deployment_type].image, true) }}" - when: ec2_image is not defined and not ec2_image_name -- set_fact: - ec2_keypair: "{{ lookup('env', 'ec2_keypair') - | default(deployment_vars[deployment_type].keypair, true) }}" - when: ec2_keypair is not defined -- set_fact: - ec2_vpc_subnet: "{{ lookup('env', 'ec2_vpc_subnet') - | default(deployment_vars[deployment_type].vpc_subnet, true) }}" - when: ec2_vpc_subnet is not defined -- set_fact: - ec2_assign_public_ip: "{{ lookup('env', 'ec2_assign_public_ip') - | default(deployment_vars[deployment_type].assign_public_ip, true) }}" - when: ec2_assign_public_ip is not defined - -- set_fact: - ec2_instance_type: "{{ ec2_master_instance_type | default(lookup('env', 'ec2_master_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_master_security_groups | default(lookup('env', 'ec2_master_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" + ec2_instance_type: "{{ lookup('env', 'ec2_master_instance_type') | default(deployment_vars[deployment_type].type, true) }}" + ec2_security_groups: "{{ lookup('env', 'ec2_master_security_groups') | default(deployment_vars[deployment_type].security_groups, true) }}" when: host_type == "master" and sub_host_type == "default" - set_fact: - ec2_instance_type: "{{ ec2_etcd_instance_type | default(lookup('env', 'ec2_etcd_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_etcd_security_groups | default(lookup('env', 'ec2_etcd_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" + ec2_instance_type: "{{ lookup('env', 'ec2_etcd_instance_type') | default(deployment_vars[deployment_type].type, true) }}" + ec2_security_groups: "{{ lookup('env', 'ec2_etcd_security_groups') | default(deployment_vars[deployment_type].security_groups, true) }}" when: host_type == "etcd" and sub_host_type == "default" - set_fact: - ec2_instance_type: "{{ ec2_infra_instance_type | default(lookup('env', 'ec2_infra_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_infra_security_groups | default(lookup('env', 'ec2_infra_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" + ec2_instance_type: "{{ lookup('env', 'ec2_infra_instance_type') | default(deployment_vars[deployment_type].type, true) }}" + ec2_security_groups: "{{ lookup('env', 'ec2_infra_security_groups') | default(deployment_vars[deployment_type].security_groups, true) }}" when: host_type == "node" and sub_host_type == "infra" - set_fact: - ec2_instance_type: "{{ ec2_node_instance_type | default(lookup('env', 'ec2_node_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_node_security_groups | default(lookup('env', 'ec2_node_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" + ec2_instance_type: "{{ lookup('env', 'ec2_node_instance_type') | default(deployment_vars[deployment_type].type, true) }}" + ec2_security_groups: "{{ lookup('env', 'ec2_node_security_groups') | default(deployment_vars[deployment_type].security_groups, true) }}" when: host_type == "node" and sub_host_type == "compute" - set_fact: - ec2_instance_type: "{{ lookup('env', 'ec2_instance_type') - | default(deployment_vars[deployment_type].type, true) }}" + ec2_instance_type: "{{ deployment_vars[deployment_type].type }}" when: ec2_instance_type is not defined - set_fact: - ec2_security_groups: "{{ lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true) }}" + ec2_security_groups: "{{ deployment_vars[deployment_type].security_groups }}" when: ec2_security_groups is not defined - name: Find amis for deployment_type ec2_ami_find: - region: "{{ ec2_region }}" - ami_id: "{{ ec2_image | default(omit, true) }}" - name: "{{ ec2_image_name | default(omit, true) }}" + region: "{{ deployment_vars[deployment_type].region }}" + ami_id: "{{ deployment_vars[deployment_type].image }}" + name: "{{ deployment_vars[deployment_type].image_name }}" register: ami_result - fail: msg="Could not find requested ami" when: not ami_result.results - set_fact: - latest_ami: "{{ ami_result.results | oo_ami_selector(ec2_image_name) }}" + latest_ami: "{{ ami_result.results | oo_ami_selector(deployment_vars[deployment_type].image_name) }}" volume_defs: etcd: root: volume_size: "{{ lookup('env', 'os_etcd_root_vol_size') | default(25, true) }}" device_type: "{{ lookup('env', 'os_etcd_root_vol_type') | default('gp2', true) }}" iops: "{{ lookup('env', 'os_etcd_root_vol_iops') | default(500, true) }}" - etcd: - volume_size: "{{ lookup('env', 'os_etcd_vol_size') | default(32, true) }}" - device_type: "{{ lookup('env', 'os_etcd_vol_type') | default('gp2', true) }}" - iops: "{{ lookup('env', 'os_etcd_vol_iops') | default(500, true) }}" master: root: volume_size: "{{ lookup('env', 'os_master_root_vol_size') | default(25, true) }}" @@ -107,14 +77,14 @@ - name: Launch instance(s) ec2: state: present - region: "{{ ec2_region }}" - keypair: "{{ ec2_keypair }}" - group: "{{ ec2_security_groups }}" + region: "{{ deployment_vars[deployment_type].region }}" + keypair: "{{ deployment_vars[deployment_type].keypair }}" + group: "{{ deployment_vars[deployment_type].security_groups }}" instance_type: "{{ ec2_instance_type }}" - image: "{{ latest_ami }}" + image: "{{ deployment_vars[deployment_type].image }}" count: "{{ instances | length }}" - vpc_subnet_id: "{{ ec2_vpc_subnet | default(omit, true) }}" - assign_public_ip: "{{ ec2_assign_public_ip | default(omit, true) }}" + vpc_subnet_id: "{{ deployment_vars[deployment_type].vpc_subnet }}" + assign_public_ip: "{{ deployment_vars[deployment_type].assign_public_ip }}" user_data: "{{ lookup('template', '../templates/user_data.j2') }}" wait: yes instance_tags: @@ -127,7 +97,7 @@ register: ec2 - name: Add Name tag to instances - ec2_tag: resource={{ item.1.id }} region={{ ec2_region }} state=present + ec2_tag: resource={{ item.1.id }} region={{ deployment_vars[deployment_type].region }} state=present with_together: - instances - ec2.instances @@ -136,29 +106,32 @@ Name: "{{ item.0 }}" - set_fact: - instance_groups: "tag_created-by_{{ created_by }}, tag_clusterid_{{ cluster }}, tag_environment_{{ cluster_env }}, - tag_host-type_{{ host_type }}, tag_sub-host-type_{{ sub_host_type }}" + instance_groups: > + tag_created-by_{{ created_by }}, tag_clusterid_{{ cluster }}, + tag_environment_{{ cluster_env }}, tag_host-type_{{ host_type }}, + tag_sub-host-type_{{ sub_host_type }} - set_fact: node_label: - region: "{{ec2_region}}" + region: "{{ deployment_vars[deployment_type].region }}" type: "{{sub_host_type}}" when: host_type == "node" - set_fact: node_label: - region: "{{ec2_region}}" + region: "{{ deployment_vars[deployment_type].region }}" type: "{{host_type}}" when: host_type != "node" - set_fact: logrotate: - name: syslog - path: "/var/log/cron - \n/var/log/maillog - \n/var/log/messages - \n/var/log/secure - \n/var/log/spooler \n" + path: | + /var/log/cron + /var/log/maillog + /var/log/messages + /var/log/secure + /var/log/spooler" options: - daily - rotate 7 @@ -173,7 +146,7 @@ hostname: "{{ item.0 }}" ansible_ssh_host: "{{ item.1.dns_name }}" ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" groups: "{{ instance_groups }}" ec2_private_ip_address: "{{ item.1.private_ip }}" ec2_ip_address: "{{ item.1.public_ip }}" @@ -188,7 +161,7 @@ hostname: "{{ item.0 }}" ansible_ssh_host: "{{ item.1.dns_name }}" ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" groups: nodes_to_add ec2_private_ip_address: "{{ item.1.private_ip }}" ec2_ip_address: "{{ item.1.public_ip }}" diff --git a/playbooks/aws/openshift-cluster/templates/user_data.j2 b/playbooks/aws/openshift-cluster/templates/user_data.j2 index 3621a7d7d..2a3974a8c 100644 --- a/playbooks/aws/openshift-cluster/templates/user_data.j2 +++ b/playbooks/aws/openshift-cluster/templates/user_data.j2 @@ -1,24 +1,4 @@ #cloud-config -{% if type == 'etcd' and 'etcd' in volume_defs[type] %} -cloud_config_modules: -- disk_setup -- mounts - -mounts: -- [ xvdb, /var/lib/etcd, xfs, "defaults" ] - -disk_setup: - xvdb: - table_type: mbr - layout: True - -fs_setup: -- label: etcd_storage - filesystem: xfs - device: /dev/xvdb - partition: auto -{% endif %} - {% if type in ['node', 'master'] and 'docker' in volume_defs[type] %} mounts: - [ xvdb ] @@ -33,18 +13,7 @@ write_files: permissions: '0644' {% endif %} -{% if deployment_type == 'online' %} -devices: ['/var'] # Workaround for https://bugs.launchpad.net/bugs/1455436 - -disable_root: 0 -growpart: - mode: auto - devices: ['/var'] -runcmd: -- xfs_growfs /var -{% endif %} - -{% if deployment_vars[deployment_type].sudo %} +{% if deployment_vars[deployment_type].become %} - path: /etc/sudoers.d/99-{{ deployment_vars[deployment_type].ssh_user }}-cloud-init-requiretty permissions: 440 content: | diff --git a/playbooks/aws/openshift-cluster/terminate.yml b/playbooks/aws/openshift-cluster/terminate.yml index 6dd5d8b62..fb13e1839 100644 --- a/playbooks/aws/openshift-cluster/terminate.yml +++ b/playbooks/aws/openshift-cluster/terminate.yml @@ -11,7 +11,7 @@ name: "{{ item }}" groups: oo_hosts_to_terminate ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: (groups['tag_clusterid_' ~ cluster_id] | default([])) | difference(['localhost']) - name: Unsubscribe VMs diff --git a/playbooks/aws/openshift-cluster/update.yml b/playbooks/aws/openshift-cluster/update.yml index 32bab76b5..bd31c42dd 100644 --- a/playbooks/aws/openshift-cluster/update.yml +++ b/playbooks/aws/openshift-cluster/update.yml @@ -13,7 +13,7 @@ name: "{{ item }}" groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: "{{ g_all_hosts | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 11026e38d..44d9a3e25 100644 --- a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -1,14 +1,13 @@ --- -# This playbook upgrades an existing AWS cluster, leaving nodes untouched if used with an 'online' deployment type. # Usage: -# ansible-playbook playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml -e deployment_type=online -e cluster_id=<cluster_id> +# ansible-playbook playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml -e deployment_type=<deployment_type> -e cluster_id=<cluster_id> - include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml vars_files: - "{{lookup('file', '../../../../aws/openshift-cluster/vars.yml')}}" - "{{lookup('file', '../../../../aws/openshift-cluster/cluster_hosts.yml')}}" vars: g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo: "{{ deployment_vars[deployment_type].sudo }}" + g_sudo: "{{ deployment_vars[deployment_type].become }}" g_nodeonmaster: true openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: "{{ debug_level }}" diff --git a/playbooks/aws/openshift-cluster/vars.defaults.yml b/playbooks/aws/openshift-cluster/vars.defaults.yml deleted file mode 100644 index ed97d539c..000000000 --- a/playbooks/aws/openshift-cluster/vars.defaults.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/playbooks/aws/openshift-cluster/vars.online.int.yml b/playbooks/aws/openshift-cluster/vars.online.int.yml deleted file mode 100644 index 2e2f25ccd..000000000 --- a/playbooks/aws/openshift-cluster/vars.online.int.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -ec2_image: ami-9101c8fa -ec2_image_name: libra-ops-rhel7* -ec2_region: us-east-1 -ec2_keypair: mmcgrath_libra -ec2_master_instance_type: t2.medium -ec2_master_security_groups: [ 'integration', 'integration-master' ] -ec2_infra_instance_type: c4.large -ec2_infra_security_groups: [ 'integration', 'integration-infra' ] -ec2_node_instance_type: m4.large -ec2_node_security_groups: [ 'integration', 'integration-node' ] -ec2_etcd_instance_type: m4.large -ec2_etcd_security_groups: [ 'integration', 'integration-etcd' ] -ec2_vpc_subnet: subnet-987c0def -ec2_assign_public_ip: yes diff --git a/playbooks/aws/openshift-cluster/vars.online.prod.yml b/playbooks/aws/openshift-cluster/vars.online.prod.yml deleted file mode 100644 index 18a53e12e..000000000 --- a/playbooks/aws/openshift-cluster/vars.online.prod.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -ec2_image: ami-9101c8fa -ec2_image_name: libra-ops-rhel7* -ec2_region: us-east-1 -ec2_keypair: mmcgrath_libra -ec2_master_instance_type: t2.medium -ec2_master_security_groups: [ 'production', 'production-master' ] -ec2_infra_instance_type: c4.large -ec2_infra_security_groups: [ 'production', 'production-infra' ] -ec2_node_instance_type: m4.large -ec2_node_security_groups: [ 'production', 'production-node' ] -ec2_etcd_instance_type: m4.large -ec2_etcd_security_groups: [ 'production', 'production-etcd' ] -ec2_vpc_subnet: subnet-987c0def -ec2_assign_public_ip: yes diff --git a/playbooks/aws/openshift-cluster/vars.online.stage.yml b/playbooks/aws/openshift-cluster/vars.online.stage.yml deleted file mode 100644 index 1f9ac4252..000000000 --- a/playbooks/aws/openshift-cluster/vars.online.stage.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -ec2_image: ami-9101c8fa -ec2_image_name: libra-ops-rhel7* -ec2_region: us-east-1 -ec2_keypair: mmcgrath_libra -ec2_master_instance_type: t2.medium -ec2_master_security_groups: [ 'stage', 'stage-master' ] -ec2_infra_instance_type: c4.large -ec2_infra_security_groups: [ 'stage', 'stage-infra' ] -ec2_node_instance_type: m4.large -ec2_node_security_groups: [ 'stage', 'stage-node' ] -ec2_etcd_instance_type: m4.large -ec2_etcd_security_groups: [ 'stage', 'stage-etcd' ] -ec2_vpc_subnet: subnet-987c0def -ec2_assign_public_ip: yes diff --git a/playbooks/aws/openshift-cluster/vars.yml b/playbooks/aws/openshift-cluster/vars.yml index ae12286bd..8bda72ac2 100644 --- a/playbooks/aws/openshift-cluster/vars.yml +++ b/playbooks/aws/openshift-cluster/vars.yml @@ -3,42 +3,31 @@ debug_level: 2 deployment_rhel7_ent_base: # rhel-7.1, requires cloud access subscription - image: ami-10663b78 - image_name: - region: us-east-1 + image: "{{ lookup('oo_option', 'ec2_image') | default('ami-10251c7a', True) }}" + image_name: "{{ lookup('oo_option', 'ec2_image_name') | default(None, True) }}" + region: "{{ lookup('oo_option', 'ec2_region') | default('us-east-1', True) }}" ssh_user: ec2-user - sudo: yes - keypair: libra - type: m4.large - security_groups: [ 'public' ] - vpc_subnet: - assign_public_ip: + become: yes + keypair: "{{ lookup('oo_option', 'ec2_keypair') | default('libra', True) }}" + type: "{{ lookup('oo_option', 'ec2_instance_type') | default('m4.large', True) }}" + security_groups: "{{ lookup('oo_option', 'ec2_security_groups') | default([ 'public' ], True) }}" + vpc_subnet: "{{ lookup('oo_option', 'ec2_vpc_subnet') | default(omit, True) }}" + assign_public_ip: "{{ lookup('oo_option', 'ec2_assign_public_ip') | default(omit, True) }}" deployment_vars: origin: # centos-7, requires marketplace - image: ami-61bbf104 - image_name: - region: us-east-1 + image: "{{ lookup('oo_option', 'ec2_image') | default('ami-61bbf104', True) }}" + image_name: "{{ lookup('oo_option', 'ec2_image_name') | default(None, True) }}" + region: "{{ lookup('oo_option', 'ec2_region') | default('us-east-1', True) }}" ssh_user: centos - sudo: yes - keypair: libra - type: m4.large - security_groups: [ 'public' ] - vpc_subnet: - assign_public_ip: - online: - # private ami - image: ami-7a9e9812 - image_name: openshift-rhel7_* - region: us-east-1 - ssh_user: root - sudo: no - keypair: libra - type: m4.large - security_groups: [ 'public' ] - vpc_subnet: - assign_public_ip: + become: yes + keypair: "{{ lookup('oo_option', 'ec2_keypair') | default('libra', True) }}" + type: "{{ lookup('oo_option', 'ec2_instance_type') | default('m4.large', True) }}" + security_groups: "{{ lookup('oo_option', 'ec2_security_groups') | default([ 'public' ], True) }}" + vpc_subnet: "{{ lookup('oo_option', 'ec2_vpc_subnet') | default(omit, True) }}" + assign_public_ip: "{{ lookup('oo_option', 'ec2_assign_public_ip') | default(omit, True) }}" + enterprise: "{{ deployment_rhel7_ent_base }}" openshift-enterprise: "{{ deployment_rhel7_ent_base }}" atomic-enterprise: "{{ deployment_rhel7_ent_base }}" diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index 5887b3208..c5479d098 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -1,7 +1,21 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../common/openshift-cluster/config.yml - vars_files: - - ../../byo/openshift-cluster/cluster_hosts.yml vars: openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_debug_level: "{{ debug_level | default(2) }}" diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml new file mode 100644 index 000000000..1c8d99341 --- /dev/null +++ b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml @@ -0,0 +1,18 @@ +--- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + +- include: ../../common/openshift-cluster/enable_dnsmasq.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml index 0c91b51d6..a929e4a6a 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -7,8 +7,33 @@ g_nfs_hosts: "{{ groups.nfs | default([]) }}" g_node_hosts: "{{ groups.nodes | default([]) }}" g_lb_hosts: "{{ groups.lb | default([]) }}" + g_all_hosts: "{{ groups.masters | default([]) | union(groups.nodes | default([])) | union(groups.etcd | default([])) + | union(groups.lb | default([])) | union(groups.nfs | default([])) }}" openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_deployment_type: "{{ deployment_type }}" + +- name: Set oo_options + hosts: oo_all_hosts + tasks: + - set_fact: + openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}" + when: openshift_docker_additional_registries is not defined + - set_fact: + openshift_docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') }}" + when: openshift_docker_insecure_registries is not defined + - set_fact: + openshift_docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') }}" + when: openshift_docker_blocked_registries is not defined + - set_fact: + openshift_docker_options: "{{ lookup('oo_option', 'docker_options') }}" + when: openshift_docker_options is not defined + - set_fact: + openshift_docker_log_driver: "{{ lookup('oo_option', 'docker_log_driver') }}" + when: openshift_docker_log_driver is not defined + - set_fact: + openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}" + when: openshift_docker_log_options is not defined + - include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml vars: openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-master/restart.yml b/playbooks/byo/openshift-master/restart.yml index a78a6aa3d..0cf669ae3 100644 --- a/playbooks/byo/openshift-master/restart.yml +++ b/playbooks/byo/openshift-master/restart.yml @@ -1,4 +1,18 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../common/openshift-master/restart.yml - vars_files: - - ../../byo/openshift-cluster/cluster_hosts.yml diff --git a/playbooks/byo/openshift-master/scaleup.yml b/playbooks/byo/openshift-master/scaleup.yml index 18797d02a..fced79262 100644 --- a/playbooks/byo/openshift-master/scaleup.yml +++ b/playbooks/byo/openshift-master/scaleup.yml @@ -1,7 +1,21 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../common/openshift-master/scaleup.yml - vars_files: - - ../../byo/openshift-cluster/cluster_hosts.yml vars: openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_debug_level: "{{ debug_level | default(2) }}" diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml index 0343597b5..5737bb0e0 100644 --- a/playbooks/byo/openshift-node/scaleup.yml +++ b/playbooks/byo/openshift-node/scaleup.yml @@ -1,7 +1,21 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../common/openshift-node/scaleup.yml - vars_files: - - ../../byo/openshift-cluster/cluster_hosts.yml vars: openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_debug_level: "{{ debug_level | default(2) }}" diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml index 916dfd0a6..db8703db6 100644 --- a/playbooks/byo/openshift_facts.yml +++ b/playbooks/byo/openshift_facts.yml @@ -1,4 +1,22 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: openshift-cluster/cluster_hosts.yml + +- include: ../common/openshift-cluster/evaluate_groups.yml + - name: Gather Cluster facts hosts: OSEv3 roles: diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-cluster/additional_config.yml index c5a0f123c..5ed1d3b3c 100644 --- a/playbooks/common/openshift-cluster/additional_config.yml +++ b/playbooks/common/openshift-cluster/additional_config.yml @@ -27,10 +27,6 @@ (osm_use_cockpit | bool or osm_use_cockpit is undefined ) - role: flannel_register when: openshift.common.use_flannel | bool - - role: pods - when: openshift.common.deployment_type == 'online' - - role: os_env_extras - when: openshift.common.deployment_type == 'online' - name: Create persistent volumes and create hosted services hosts: oo_first_master diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 99b36098a..903babc45 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,6 +1,8 @@ --- - include: evaluate_groups.yml +- include: initialize_facts.yml + - include: validate_hostnames.yml - name: Set oo_options diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml new file mode 100644 index 000000000..f2bcc872f --- /dev/null +++ b/playbooks/common/openshift-cluster/enable_dnsmasq.yml @@ -0,0 +1,66 @@ +--- +- include: evaluate_groups.yml + +- name: Load openshift_facts + hosts: oo_masters_to_config:oo_nodes_to_config + roles: + - openshift_facts + post_tasks: + - fail: msg="This playbook requires a master version of at least Origin 1.1 or OSE 3.1" + when: not openshift.common.version_gte_3_1_1_or_1_1_1 | bool + +- name: Reconfigure masters to listen on our new dns_port + hosts: oo_masters_to_config + handlers: + - include: ../../../roles/openshift_master/handlers/main.yml + vars: + os_firewall_allow: + - service: skydns tcp + port: "{{ openshift.master.dns_port }}/tcp" + - service: skydns udp + port: "{{ openshift.master.dns_port }}/udp" + roles: + - os_firewall + tasks: + - openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + use_dnsmasq: True + - role: master + local_facts: + dns_port: '8053' + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: dnsConfig.bindAddress + yaml_value: "{{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}" + notify: restart master + - meta: flush_handlers + +- name: Configure nodes for dnsmasq + hosts: oo_nodes_to_config + handlers: + - include: ../../../roles/openshift_node/handlers/main.yml + pre_tasks: + - openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + use_dnsmasq: True + - role: node + local_facts: + dns_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + vars: + openshift_deployment_type: "{{ deployment_type }}" + roles: + - openshift_node_dnsmasq + post_tasks: + - modify_yaml: + dest: "{{ openshift.common.config_base }}/node/node-config.yaml" + yaml_key: dnsIP + yaml_value: "{{ openshift.node.dns_ip }}" + notify: restart node diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index ce0134c44..c5273b08f 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -34,15 +34,15 @@ name: "{{ item }}" groups: oo_all_hosts ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" - with_items: "{{ g_all_hosts | default([]) }}" + ansible_become: "{{ g_sudo | default(omit) }}" + with_items: g_all_hosts | default([]) - name: Evaluate oo_masters add_host: name: "{{ item }}" groups: oo_masters ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_master_hosts | union(g_new_master_hosts) | default([]) }}" - name: Evaluate oo_etcd_to_config @@ -50,7 +50,7 @@ name: "{{ item }}" groups: oo_etcd_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_etcd_hosts | default([]) }}" - name: Evaluate oo_masters_to_config @@ -58,7 +58,7 @@ name: "{{ item }}" groups: oo_masters_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_new_master_hosts | default(g_master_hosts | default([], true), true) }}" - name: Evaluate oo_nodes_to_config @@ -66,7 +66,7 @@ name: "{{ item }}" groups: oo_nodes_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_new_node_hosts | default(g_node_hosts | default([], true), true) }}" # Skip adding the master to oo_nodes_to_config when g_new_node_hosts is @@ -75,7 +75,7 @@ name: "{{ item }}" groups: oo_nodes_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_master_hosts | default([]) }}" when: g_nodeonmaster | default(false) == true and g_new_node_hosts is not defined @@ -91,7 +91,7 @@ name: "{{ g_master_hosts[0] }}" groups: oo_first_master ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" when: g_master_hosts|length > 0 - name: Evaluate oo_lb_to_config @@ -99,7 +99,7 @@ name: "{{ item }}" groups: oo_lb_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_lb_hosts | default([]) }}" - name: Evaluate oo_nfs_to_config @@ -107,5 +107,5 @@ name: "{{ item }}" groups: oo_nfs_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_nfs_hosts | default([]) }}" diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml new file mode 100644 index 000000000..9a844e216 --- /dev/null +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -0,0 +1,7 @@ +--- +- name: Initialize host facts + hosts: OSEv3 + roles: + - openshift_facts + tasks: + - openshift_facts: diff --git a/playbooks/common/openshift-cluster/library b/playbooks/common/openshift-cluster/library new file mode 120000 index 000000000..d0b7393d3 --- /dev/null +++ b/playbooks/common/openshift-cluster/library @@ -0,0 +1 @@ +../../../library/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/node_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/node_upgrade.yml new file mode 100644 index 000000000..a911f12be --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/node_upgrade.yml @@ -0,0 +1,24 @@ +- name: Prepare for Node evacuation + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=false + delegate_to: "{{ groups.oo_first_master.0 }}" + +- name: Evacuate Node for Kubelet upgrade + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --evacuate --force + delegate_to: "{{ groups.oo_first_master.0 }}" + +- include: rpm_upgrade.yml + vars: + component: "node" + openshift_version: "{{ openshift_pkg_version | default('') }}" + when: not openshift.common.is_containerized | bool + +- include: containerized_upgrade.yml + when: openshift.common.is_containerized | bool + +- name: Set node schedulability + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=true + delegate_to: "{{ groups.oo_first_master.0 }}" + when: openshift.node.schedulable | bool diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml index db1d420ac..1dd47dc15 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -2,10 +2,11 @@ ############################################################################### # Evaluate host groups and gather facts ############################################################################### -- name: Load openshift_facts +- name: Load openshift_facts and update repos hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config roles: - openshift_facts + - openshift_repos - name: Evaluate additional groups for upgrade hosts: localhost @@ -100,7 +101,7 @@ vars: target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" openshift_docker_hosted_registry_insecure: True - openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}" + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" handlers: - include: ../../../../../roles/openshift_master/handlers/main.yml - include: ../../../../../roles/openshift_node/handlers/main.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml index 7a2718e1b..5c96ad094 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml @@ -4,3 +4,6 @@ - name: Ensure python-yaml present for config upgrade action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" when: not openshift.common.is_atomic | bool + +- name: Restart node service + service: name="{{ openshift.common.service_type }}-node" state=restarted diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml index a5556d430..a91727ecd 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -88,23 +88,13 @@ ############################################################################### - name: Upgrade nodes hosts: oo_nodes_to_config + serial: 1 roles: - openshift_facts handlers: - include: ../../../../../roles/openshift_node/handlers/main.yml tasks: - - include: rpm_upgrade.yml - vars: - component: "node" - openshift_version: "{{ openshift_pkg_version | default('') }}" - when: not openshift.common.is_containerized | bool - - - include: containerized_upgrade.yml - when: openshift.common.is_containerized | bool - - # This will restart the node - - name: Restart openvswitch service - service: name="{{ openshift.common.service_type }}-node" state=restarted + - include: node_upgrade.yml - set_fact: node_update_complete: True @@ -139,7 +129,7 @@ origin_reconcile_bindings: "{{ deployment_type == 'origin' and g_new_version | version_compare('1.0.6', '>') }}" ent_reconcile_bindings: true openshift_docker_hosted_registry_insecure: True - openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}" + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" tasks: - name: Verifying the correct commandline tools are available shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}} diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml index 0f562e019..50e25984f 100644 --- a/playbooks/common/openshift-cluster/validate_hostnames.yml +++ b/playbooks/common/openshift-cluster/validate_hostnames.yml @@ -1,6 +1,4 @@ --- -- include: evaluate_groups.yml - - name: Gather and set facts for node hosts hosts: oo_nodes_to_config roles: diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 01c092625..6cb3a954f 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -53,7 +53,7 @@ -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} . args: creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" - with_items: etcd_needing_server_certs + with_items: "{{ etcd_needing_server_certs | default([]) }}" - name: Retrieve the etcd cert tarballs fetch: src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" @@ -61,7 +61,7 @@ flat: yes fail_on_missing: yes validate_checksum: yes - with_items: etcd_needing_server_certs + with_items: "{{ etcd_needing_server_certs | default([]) }}" # Configure a first etcd host to avoid conflicts in choosing a leader # if other members come online too quickly. diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index c9d94bec5..1f5e3aaff 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -35,14 +35,19 @@ - set_fact: openshift_master_debug_level: "{{ t_oo_option_master_debug_level }}" when: openshift_master_debug_level is not defined and t_oo_option_master_debug_level != "" - + - set_fact: - openshift_master_default_subdomain: "{{ lookup('oo_option', 'openshift_master_default_subdomain') | default(None) }}" + openshift_master_default_subdomain: "{{ lookup('oo_option', 'openshift_master_default_subdomain') | default(None, true) }}" when: openshift_master_default_subdomain is not defined - set_fact: openshift_hosted_metrics_deploy: "{{ lookup('oo_option', 'openshift_hosted_metrics_deploy') | default(false, true) }}" when: openshift_hosted_metrics_deploy is not defined - + - set_fact: + openshift_hosted_metrics_duration: "{{ lookup('oo_option', 'openshift_hosted_metrics_duration') | default(7) }}" + when: openshift_hosted_metrics_duration is not defined + - set_fact: + openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default(10) }}" + when: openshift_hosted_metrics_resolution is not defined roles: - openshift_facts post_tasks: @@ -115,7 +120,7 @@ -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} . args: creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" - with_items: etcd_needing_client_certs + with_items: "{{ etcd_needing_client_certs | default([]) }}" - name: Retrieve the etcd cert tarballs fetch: src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" @@ -123,7 +128,7 @@ flat: yes fail_on_missing: yes validate_checksum: yes - with_items: etcd_needing_client_certs + with_items: "{{ etcd_needing_client_certs | default([]) }}" - name: Copy the external etcd certs to the masters hosts: oo_masters_to_config @@ -173,7 +178,7 @@ - name: Check status of master certificates stat: path: "{{ openshift.common.config_base }}/master/{{ item }}" - with_items: openshift_master_certs + with_items: "{{ openshift_master_certs }}" register: g_master_cert_stat_result - set_fact: master_certs_missing: "{{ False in (g_master_cert_stat_result.results @@ -208,7 +213,7 @@ state: absent when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config with_nested: - - masters_needing_certs + - "{{ masters_needing_certs | default([]) }}" - - master.etcd-client.crt - master.etcd-client.key @@ -218,7 +223,7 @@ -C {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }} . args: creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz" - with_items: masters_needing_certs + with_items: "{{ masters_needing_certs | default([]) }}" - name: Retrieve the master cert tarball from the master fetch: @@ -227,7 +232,7 @@ flat: yes fail_on_missing: yes validate_checksum: yes - with_items: masters_needing_certs + with_items: "{{ masters_needing_certs | default([]) }}" - name: Configure load balancers hosts: oo_lb_to_config @@ -362,13 +367,6 @@ group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }} changed_when: False -# Additional instance config for online deployments -- name: Additional instance config - hosts: oo_masters_deployment_type_online - roles: - - pods - - os_env_extras - - name: Delete temporary directory on localhost hosts: localhost connection: local diff --git a/playbooks/common/openshift-master/library b/playbooks/common/openshift-master/library new file mode 120000 index 000000000..d0b7393d3 --- /dev/null +++ b/playbooks/common/openshift-master/library @@ -0,0 +1 @@ +../../../library/
\ No newline at end of file diff --git a/playbooks/common/openshift-master/restart.yml b/playbooks/common/openshift-master/restart.yml index 02449e40d..57a63cfee 100644 --- a/playbooks/common/openshift-master/restart.yml +++ b/playbooks/common/openshift-master/restart.yml @@ -97,7 +97,7 @@ name: "{{ item }}" groups: oo_active_masters ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ groups.oo_masters_to_config | default([]) }}" when: (hostvars[item]['is_active'] | default(false)) | bool - name: Evaluate oo_current_masters @@ -105,7 +105,7 @@ name: "{{ item }}" groups: oo_current_masters ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ groups.oo_masters_to_config | default([]) }}" when: (hostvars[item]['current_host'] | default(false)) | bool diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 897e91190..b0407ef74 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -66,7 +66,7 @@ -C {{ item.config_dir }} . args: creates: "{{ item.config_dir }}.tgz" - with_items: nodes_needing_certs + with_items: "{{ nodes_needing_certs | default([]) }}" - name: Retrieve the node config tarballs from the master fetch: @@ -75,7 +75,7 @@ flat: yes fail_on_missing: yes validate_checksum: yes - with_items: nodes_needing_certs + with_items: "{{ nodes_needing_certs | default([]) }}" - name: Deploy node certificates hosts: oo_nodes_to_config @@ -105,7 +105,7 @@ name: "{{ item }}" groups: oo_containerized_master_nodes ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ groups.oo_nodes_to_config | default([]) }}" when: hostvars[item].openshift.common.is_containerized | bool and (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config) @@ -118,7 +118,7 @@ # TODO: configure these based on # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of # hardcoding - openshift_docker_hosted_registry_insecure: True + openshift_docker_hosted_registry_insecure: "{{ openshift.docker.hosted_registry_insecure | default(True) }}" openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" roles: - openshift_node @@ -131,7 +131,7 @@ # TODO: configure these based on # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of # hardcoding - openshift_docker_hosted_registry_insecure: True + openshift_docker_hosted_registry_insecure: "{{ openshift.docker.hosted_registry_insecure | default(True) }}" openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" roles: - openshift_node @@ -148,15 +148,15 @@ register: g_external_etcd_flannel_cert_stat_result when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) - set_fact: - etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results + etcd_client_flannel_certs_missing: "{{ False in g_external_etcd_flannel_cert_stat_result.results | oo_collect(attribute='stat.exists') - | list | intersect([false])}}" + | list }}" etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" etcd_cert_prefix: node.etcd- etcd_hostname: "{{ openshift.common.hostname }}" etcd_ip: "{{ openshift.common.ip }}" - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config | length > 0 and (openshift.common.use_flannel | bool) - name: Configure flannel etcd certificates hosts: oo_first_etcd @@ -166,9 +166,8 @@ pre_tasks: - set_fact: etcd_needing_client_certs: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + | oo_select_keys(groups['oo_nodes_to_config']) + | oo_filter_list('etcd_client_flannel_certs_missing') | default([]) }}" roles: - role: openshift_etcd_certificates when: openshift_use_flannel | default(false) | bool @@ -179,8 +178,7 @@ -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} . args: creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" - with_items: etcd_needing_client_certs - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + with_items: etcd_needing_client_certs | default([]) - name: Retrieve the etcd cert tarballs fetch: src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" @@ -188,8 +186,7 @@ flat: yes fail_on_missing: yes validate_checksum: yes - with_items: etcd_needing_client_certs - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + with_items: etcd_needing_client_certs | default([]) - name: Copy the external etcd flannel certs to the nodes hosts: oo_nodes_to_config @@ -200,12 +197,12 @@ file: path: "{{ openshift.common.config_base }}/node" state: directory - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - name: Unarchive the tarball on the master unarchive: src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz" dest: "{{ etcd_cert_config_dir }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - file: path: "{{ etcd_cert_config_dir }}/{{ item }}" owner: root @@ -215,7 +212,7 @@ - node.etcd-client.crt - node.etcd-client.key - node.etcd-ca.crt - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - name: Additional node config @@ -245,14 +242,6 @@ - file: name={{ mktemp.stdout }} state=absent changed_when: False -# Additional config for online type deployments -- name: Additional instance config - hosts: oo_nodes_deployment_type_online - gather_facts: no - roles: - - os_env_extras - - os_env_extras_node - - name: Set schedulability hosts: oo_first_master vars: diff --git a/playbooks/common/openshift-node/scaleup.yml b/playbooks/common/openshift-node/scaleup.yml index d36f7acea..1d79db353 100644 --- a/playbooks/common/openshift-node/scaleup.yml +++ b/playbooks/common/openshift-node/scaleup.yml @@ -1,6 +1,11 @@ --- - include: ../openshift-cluster/evaluate_groups.yml +- name: Gather facts + hosts: oo_etcd_to_config:oo_masters_to_config:oo_nodes_to_config + roles: + - openshift_facts + - name: Configure docker hosts hosts: oo_nodes_to_config vars: diff --git a/playbooks/gce/openshift-cluster/config.yml b/playbooks/gce/openshift-cluster/config.yml index 283f460a9..475d29293 100644 --- a/playbooks/gce/openshift-cluster/config.yml +++ b/playbooks/gce/openshift-cluster/config.yml @@ -5,7 +5,7 @@ - ../../gce/openshift-cluster/cluster_hosts.yml vars: g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo: "{{ deployment_vars[deployment_type].sudo }}" + g_sudo: "{{ deployment_vars[deployment_type].become }}" g_nodeonmaster: true openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: "{{ debug_level }}" diff --git a/playbooks/gce/openshift-cluster/list.yml b/playbooks/gce/openshift-cluster/list.yml index 992033d16..c29cac272 100644 --- a/playbooks/gce/openshift-cluster/list.yml +++ b/playbooks/gce/openshift-cluster/list.yml @@ -15,7 +15,7 @@ name: "{{ item }}" groups: oo_list_hosts ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: groups[scratch_group] | default([], true) | difference(['localhost']) | difference(groups.status_terminated | default([], true)) - name: List Hosts diff --git a/playbooks/gce/openshift-cluster/service.yml b/playbooks/gce/openshift-cluster/service.yml index 914f38c1f..13b267976 100644 --- a/playbooks/gce/openshift-cluster/service.yml +++ b/playbooks/gce/openshift-cluster/service.yml @@ -15,14 +15,14 @@ name: "{{ item }}" groups: g_service_nodes ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: "{{ node_hosts | default([]) | difference(['localhost']) | difference(groups.status_terminated) }}" - add_host: name: "{{ item }}" groups: g_service_masters ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: "{{ master_hosts | default([]) | difference(['localhost']) | difference(groups.status_terminated) }}" - include: ../../common/openshift-node/service.yml diff --git a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml index 8ebf71cd4..e3efd8566 100644 --- a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml @@ -39,7 +39,7 @@ hostname: "{{ item.name }}" ansible_ssh_host: "{{ item.public_ip }}" ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" groups: "{{ item.tags | oo_prepend_strings_in_list('tag_') | join(',') }}" gce_public_ip: "{{ item.public_ip }}" gce_private_ip: "{{ item.private_ip }}" diff --git a/playbooks/gce/openshift-cluster/terminate.yml b/playbooks/gce/openshift-cluster/terminate.yml index d835c53ba..6a0ac088a 100644 --- a/playbooks/gce/openshift-cluster/terminate.yml +++ b/playbooks/gce/openshift-cluster/terminate.yml @@ -11,7 +11,7 @@ name: "{{ item }}" groups: oo_hosts_to_terminate ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: (groups['tag_clusterid-' ~ cluster_id] | default([])) | difference(['localhost']) - name: Unsubscribe VMs diff --git a/playbooks/gce/openshift-cluster/update.yml b/playbooks/gce/openshift-cluster/update.yml index 2dc540978..9b7a2777a 100644 --- a/playbooks/gce/openshift-cluster/update.yml +++ b/playbooks/gce/openshift-cluster/update.yml @@ -13,7 +13,7 @@ name: "{{ item }}" groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: "{{ g_all_hosts | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/gce/openshift-cluster/vars.yml b/playbooks/gce/openshift-cluster/vars.yml index d173213fc..13c754c1e 100644 --- a/playbooks/gce/openshift-cluster/vars.yml +++ b/playbooks/gce/openshift-cluster/vars.yml @@ -5,19 +5,14 @@ deployment_rhel7_ent_base: image: "{{ lookup('oo_option', 'image_name') | default('rhel-7', True) }}" machine_type: "{{ lookup('oo_option', 'machine_type') | default('n1-standard-1', True) }}" ssh_user: "{{ lookup('env', 'gce_ssh_user') | default(ansible_ssh_user, true) }}" - sudo: yes + become: yes deployment_vars: origin: image: "{{ lookup('oo_option', 'image_name') | default('centos-7', True) }}" machine_type: "{{ lookup('oo_option', 'machine_type') | default('n1-standard-1', True) }}" ssh_user: "{{ lookup('env', 'gce_ssh_user') | default(ansible_ssh_user, true) }}" - sudo: yes - online: - image: libra-rhel7 - machine_type: n1-standard-1 - ssh_user: root - sudo: no + become: yes enterprise: "{{ deployment_rhel7_ent_base }}" openshift-enterprise: "{{ deployment_rhel7_ent_base }}" atomic-enterprise: "{{ deployment_rhel7_ent_base }}" diff --git a/playbooks/libvirt/openshift-cluster/config.yml b/playbooks/libvirt/openshift-cluster/config.yml index 5bfe61657..81a6fff0d 100644 --- a/playbooks/libvirt/openshift-cluster/config.yml +++ b/playbooks/libvirt/openshift-cluster/config.yml @@ -8,7 +8,7 @@ - ../../libvirt/openshift-cluster/cluster_hosts.yml vars: g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo: "{{ deployment_vars[deployment_type].sudo }}" + g_sudo: "{{ deployment_vars[deployment_type].become }}" g_nodeonmaster: true openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: "{{ debug_level }}" diff --git a/playbooks/libvirt/openshift-cluster/launch.yml b/playbooks/libvirt/openshift-cluster/launch.yml index 701d57d26..2475b9d6b 100644 --- a/playbooks/libvirt/openshift-cluster/launch.yml +++ b/playbooks/libvirt/openshift-cluster/launch.yml @@ -12,9 +12,6 @@ image_name: "{{ deployment_vars[deployment_type].image.name }}" image_compression: "{{ deployment_vars[deployment_type].image.compression }}" tasks: - - fail: msg="Deployment type not supported for libvirt provider yet" - when: deployment_type == 'online' - - include: tasks/configure_libvirt.yml - include: ../../common/openshift-cluster/tasks/set_etcd_launch_facts.yml diff --git a/playbooks/libvirt/openshift-cluster/list.yml b/playbooks/libvirt/openshift-cluster/list.yml index 6cb81ee79..eb64544db 100644 --- a/playbooks/libvirt/openshift-cluster/list.yml +++ b/playbooks/libvirt/openshift-cluster/list.yml @@ -15,7 +15,7 @@ name: "{{ item }}" groups: oo_list_hosts ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: groups[scratch_group] | default([]) | difference(['localhost']) - name: List Hosts diff --git a/playbooks/libvirt/openshift-cluster/service.yml b/playbooks/libvirt/openshift-cluster/service.yml index cd07c8701..8bd24a8cf 100644 --- a/playbooks/libvirt/openshift-cluster/service.yml +++ b/playbooks/libvirt/openshift-cluster/service.yml @@ -18,7 +18,7 @@ add_host: name: "{{ item }}" ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" groups: g_service_masters with_items: "{{ g_master_hosts | default([]) }}" @@ -26,7 +26,7 @@ add_host: name: "{{ item }}" ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" groups: g_service_nodes with_items: "{{ g_node_hosts | default([]) }}" diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml index 937a765fa..7231f255a 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml @@ -1,7 +1,7 @@ --- # TODO: Add support for choosing base image based on deployment_type and os # wanted (os wanted needs support added in bin/cluster with sane defaults: -# fedora/centos for origin, rhel for online/enterprise) +# fedora/centos for origin, rhel for enterprise) # TODO: create a role to encapsulate some of this complexity, possibly also # create a module to manage the storage tasks, network tasks, and possibly @@ -113,7 +113,7 @@ hostname: '{{ item.0 }}' ansible_ssh_host: '{{ item.1 }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" groups: "tag_environment-{{ cluster_env }}, tag_host-type-{{ type }}, tag_sub-host-type-{{ g_sub_host_type }}, tag_clusterid-{{ cluster_id }}" openshift_node_labels: "{{ node_label }}" with_together: diff --git a/playbooks/libvirt/openshift-cluster/terminate.yml b/playbooks/libvirt/openshift-cluster/terminate.yml index d6251ac83..baef911f9 100644 --- a/playbooks/libvirt/openshift-cluster/terminate.yml +++ b/playbooks/libvirt/openshift-cluster/terminate.yml @@ -14,7 +14,7 @@ name: "{{ item }}" groups: oo_hosts_to_terminate ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: groups[cluster_group] | default([]) - name: Unsubscribe VMs diff --git a/playbooks/libvirt/openshift-cluster/update.yml b/playbooks/libvirt/openshift-cluster/update.yml index 2dc540978..9b7a2777a 100644 --- a/playbooks/libvirt/openshift-cluster/update.yml +++ b/playbooks/libvirt/openshift-cluster/update.yml @@ -13,7 +13,7 @@ name: "{{ item }}" groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: "{{ g_all_hosts | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/libvirt/openshift-cluster/vars.yml b/playbooks/libvirt/openshift-cluster/vars.yml index aa0c69e08..4daaf1c91 100644 --- a/playbooks/libvirt/openshift-cluster/vars.yml +++ b/playbooks/libvirt/openshift-cluster/vars.yml @@ -20,7 +20,7 @@ deployment_rhel7_ent_base: default('25f880767ec6bf71beb532e17f1c45231640bbfdfbbb1dffb79d2c1b328388e0', True) }}" compression: "" ssh_user: openshift - sudo: yes + become: yes deployment_vars: origin: @@ -34,14 +34,7 @@ deployment_vars: sha256: "{{ lookup('oo_option', 'image_sha256') | default('dd0f5e610e7c5ffacaca35ed7a78a19142a588f4543da77b61c1fb0d74400471', True) }}" ssh_user: openshift - sudo: yes - online: - image: - url: - name: - sha256: - ssh_user: root - sudo: no + become: yes enterprise: "{{ deployment_rhel7_ent_base }}" openshift-enterprise: "{{ deployment_rhel7_ent_base }}" atomic-enterprise: "{{ deployment_rhel7_ent_base }}" diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml index 319202982..9c0ca9af9 100644 --- a/playbooks/openstack/openshift-cluster/config.yml +++ b/playbooks/openstack/openshift-cluster/config.yml @@ -6,7 +6,7 @@ vars: g_nodeonmaster: true g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo: "{{ deployment_vars[deployment_type].sudo }}" + g_sudo: "{{ deployment_vars[deployment_type].become }}" openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/openstack/openshift-cluster/dns.yml b/playbooks/openstack/openshift-cluster/dns.yml index 5e7671a48..31113d5f0 100644 --- a/playbooks/openstack/openshift-cluster/dns.yml +++ b/playbooks/openstack/openshift-cluster/dns.yml @@ -12,7 +12,7 @@ name: "{{ item }}" groups: oo_dns_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: "{{ groups[cluster_id ~ '-dns'] }}" - name: Evaluate oo_hosts_to_add_in_dns @@ -20,7 +20,7 @@ name: "{{ item }}" groups: oo_hosts_to_add_in_dns ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: "{{ groups['tag_clusterid_' ~ cluster_id] }}" - name: Gather facts diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index 0afcad72e..3d4fe42d0 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -7,10 +7,6 @@ vars_files: - vars.yml tasks: - - fail: - msg: "Deployment type not supported for OpenStack provider yet" - when: deployment_type == 'online' - # TODO: Write an Ansible module for dealing with HEAT stacks # Dealing with the outputs is currently terrible @@ -106,7 +102,7 @@ hostname: '{{ item[0] }}' ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_etcd, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' openshift_node_labels: type: "etcd" @@ -120,7 +116,7 @@ hostname: '{{ item[0] }}' ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_master, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' openshift_node_labels: type: "master" @@ -134,7 +130,7 @@ hostname: '{{ item[0] }}' ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_compute, tag_clusterid_{{ cluster_id }}' openshift_node_labels: type: "compute" @@ -148,7 +144,7 @@ hostname: '{{ item[0] }}' ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_infra, tag_clusterid_{{ cluster_id }}' openshift_node_labels: type: "infra" @@ -162,7 +158,7 @@ hostname: '{{ parsed_outputs.dns_name }}' ansible_ssh_host: '{{ parsed_outputs.dns_floating_ip }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" groups: '{{ cluster_id }}-dns' - name: Wait for ssh diff --git a/playbooks/openstack/openshift-cluster/list.yml b/playbooks/openstack/openshift-cluster/list.yml index 123ebd323..ba9c6bf9c 100644 --- a/playbooks/openstack/openshift-cluster/list.yml +++ b/playbooks/openstack/openshift-cluster/list.yml @@ -16,7 +16,7 @@ groups: oo_list_hosts ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_ssh_host: "{{ hostvars[item].ansible_ssh_host | default(item) }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: groups[scratch_group] | default([]) | difference(['localhost']) - name: List Hosts diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml index a1fb41b53..5bd8476f1 100644 --- a/playbooks/openstack/openshift-cluster/terminate.yml +++ b/playbooks/openstack/openshift-cluster/terminate.yml @@ -10,7 +10,7 @@ name: "{{ item }}" groups: oo_hosts_to_terminate ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([])) - name: Unsubscribe VMs diff --git a/playbooks/openstack/openshift-cluster/update.yml b/playbooks/openstack/openshift-cluster/update.yml index 16027b15c..539af6524 100644 --- a/playbooks/openstack/openshift-cluster/update.yml +++ b/playbooks/openstack/openshift-cluster/update.yml @@ -15,7 +15,7 @@ name: "{{ item }}" groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" with_items: "{{ g_all_hosts | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml index ee26d223e..84cba0506 100644 --- a/playbooks/openstack/openshift-cluster/vars.yml +++ b/playbooks/openstack/openshift-cluster/vars.yml @@ -21,17 +21,13 @@ openstack_flavor: deployment_rhel7_ent_base: image: "{{ lookup('oo_option', 'image_name') | default('rhel-guest-image-7.2-20151102.0.x86_64', True) }}" ssh_user: openshift - sudo: yes + become: yes deployment_vars: origin: image: "{{ lookup('oo_option', 'image_name') | default('centos-70-raw', True) }}" ssh_user: openshift - sudo: yes - online: - image: - ssh_user: root - sudo: no + become: yes enterprise: "{{ deployment_rhel7_ent_base }}" openshift-enterprise: "{{ deployment_rhel7_ent_base }}" atomic-enterprise: "{{ deployment_rhel7_ent_base }}" diff --git a/roles/cockpit/defaults/main.yml b/roles/cockpit/defaults/main.yml index ffd55f1dd..9cf665841 100644 --- a/roles/cockpit/defaults/main.yml +++ b/roles/cockpit/defaults/main.yml @@ -1,5 +1,4 @@ --- -os_firewall_use_firewalld: false os_firewall_allow: - service: cockpit-ws port: 9090/tcp diff --git a/roles/dns/README.md b/roles/dns/README.md index e238fb92e..7e0140772 100644 --- a/roles/dns/README.md +++ b/roles/dns/README.md @@ -16,6 +16,7 @@ Role Variables | `dns_zones` | Mandatory | DNS zones in which we must find the hosts | | `dns_forwarders` | If not set, the DNS will be a recursive non-forwarding DNS server | DNS forwarders to delegate the requests for hosts outside of `dns_zones` | | `dns_all_hosts` | Mandatory | Exhaustive list of hosts | +| `base_docker_image` | Optional | Base docker image to build Bind image from, used only in containerized deployments | Dependencies ------------ @@ -31,6 +32,7 @@ Example Playbook dns_forwarders: [ '8.8.8.8', '8.8.4.4' ] dns_zones: [ novalocal, openstacklocal ] dns_all_hosts: "{{ g_all_hosts }}" + base_docker_image: 'centos:centos7' License ------- diff --git a/roles/dns/defaults/main.yml b/roles/dns/defaults/main.yml new file mode 100644 index 000000000..82055c8cd --- /dev/null +++ b/roles/dns/defaults/main.yml @@ -0,0 +1,2 @@ +--- +base_docker_image: "{{ 'centos:centos7' if openshift.common.deployment_type == 'origin' else 'rhel7' }}" diff --git a/roles/dns/meta/main.yml b/roles/dns/meta/main.yml index b6e9d9ad0..048274c49 100644 --- a/roles/dns/meta/main.yml +++ b/roles/dns/meta/main.yml @@ -4,4 +4,5 @@ galaxy_info: description: Deploy and configure a DNS server company: Amadeus SAS license: ASL 2.0 -dependencies: [] +dependencies: +- { role: openshift_facts } diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml index af728585d..57a7e6269 100644 --- a/roles/dns/tasks/main.yml +++ b/roles/dns/tasks/main.yml @@ -1,18 +1,46 @@ - name: Install Bind action: "{{ ansible_pkg_mgr }} name=bind" + when: not openshift.common.is_containerized | bool + +- name: Create docker build dir + file: path=/tmp/dockerbuild state=directory + when: openshift.common.is_containerized | bool + +- name: Install dockerfile + template: + dest: "/tmp/dockerbuild/Dockerfile" + src: Dockerfile + register: install_result + when: openshift.common.is_containerized | bool + +- name: Build Bind image + docker_image: path="/tmp/dockerbuild" name="bind" state=present + when: openshift.common.is_containerized | bool + +- name: Install bind service file + template: + dest: "/etc/systemd/system/named.service" + src: named.service.j2 + register: install_result + when: openshift.common.is_containerized | bool + +- name: reload systemd + command: /usr/bin/systemctl --system daemon-reload + when: openshift.common.is_containerized | bool and install_result | changed + +- name: Create bind zone dir + file: path=/var/named state=directory + when: openshift.common.is_containerized | bool - name: Configure Bind template: src: "{{ item.src }}" dest: "{{ item.dest }}" - validate: "{{ item.validate }}" with_items: - src: openshift-cluster.zone dest: /var/named/openshift-cluster.zone - validate: "named-checkzone {{ dns_zones[0] }} %s" - src: named.conf dest: /etc/named.conf - validate: "named-checkconf %s" notify: restart bind - name: Enable Bind diff --git a/roles/dns/templates/Dockerfile b/roles/dns/templates/Dockerfile new file mode 100644 index 000000000..cdff0a228 --- /dev/null +++ b/roles/dns/templates/Dockerfile @@ -0,0 +1,11 @@ +FROM {{ base_docker_image }} +MAINTAINER Jan Provaznik <jprovazn@redhat.com> + +# install main packages: +RUN yum -y update; yum clean all; +RUN yum -y install bind-utils bind + +EXPOSE 53 + +# start services: +CMD ["/usr/sbin/named", "-f"] diff --git a/roles/dns/templates/named.service.j2 b/roles/dns/templates/named.service.j2 new file mode 100644 index 000000000..566739f25 --- /dev/null +++ b/roles/dns/templates/named.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Requires=docker.service +After=docker.service +PartOf=docker.service + +[Service] +Type=simple +TimeoutStartSec=5m +ExecStartPre=/usr/bin/docker run --rm -v /etc/named.conf:/etc/named.conf -v /var/named:/var/named:z bind named-checkconf -z /etc/named.conf +ExecStartPre=-/usr/bin/docker rm -f bind +ExecStart=/usr/bin/docker run --name bind -p 53:53/udp -v /var/log:/var/log -v /etc/named.conf:/etc/named.conf -v /var/named:/var/named:z bind +ExecStop=/usr/bin/docker stop bind + +[Install] +WantedBy=docker.service diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 4a47a60fa..b9b2666fb 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -16,7 +16,7 @@ when: docker_storage_check.stat.exists | bool and not docker_version_result | skipped and docker_version_result.stdout | default('0.0', True) | version_compare('1.9', '>=') and docker_version | version_compare('1.9', '<') - name: Downgrade docker if necessary - command: "{{ ansible_pkg_mgr }} downgrade -y docker-{{ docker_version }}" + command: "{{ ansible_pkg_mgr }} swap -y docker-* docker-*{{ docker_version }}" register: docker_downgrade_result when: not docker_version_result | skipped and docker_version_result.stdout | default('0.0', True) | version_compare(docker_version, 'gt') @@ -70,6 +70,22 @@ notify: - restart docker +- name: Set Proxy Settings + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^{{ item.reg_conf_var }}=.*$' + line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val }}'" + state: "{{ 'present' if item.reg_fact_val != '' else 'absent'}}" + with_items: + - reg_conf_var: HTTP_PROXY + reg_fact_val: "{{ docker_http_proxy | default('') }}" + - reg_conf_var: HTTPS_PROXY + reg_fact_val: "{{ docker_https_proxy | default('') }}" + - reg_conf_var: NO_PROXY + reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}" + notify: + - restart docker + - name: Set various docker options lineinfile: dest: /etc/sysconfig/docker diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index a2212bacd..1cb055816 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -15,7 +15,6 @@ etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_p etcd_data_dir: /var/lib/etcd/ -os_firewall_use_firewalld: False os_firewall_allow: - service: etcd port: "{{etcd_client_port}}/tcp" diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml index 7bf95809f..a9f130bb9 100644 --- a/roles/etcd_certificates/tasks/client.yml +++ b/roles/etcd_certificates/tasks/client.yml @@ -4,7 +4,7 @@ path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" state: directory mode: 0700 - with_items: etcd_needing_client_certs + with_items: etcd_needing_client_certs | default([]) - name: Create the client csr command: > @@ -19,7 +19,7 @@ ~ item.etcd_cert_prefix ~ 'client.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: etcd_needing_client_certs + with_items: etcd_needing_client_certs | default([]) - name: Sign and create the client crt command: > @@ -33,10 +33,10 @@ ~ item.etcd_cert_prefix ~ 'client.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: etcd_needing_client_certs + with_items: etcd_needing_client_certs | default([]) - file: src: "{{ etcd_ca_cert }}" dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" state: hard - with_items: etcd_needing_client_certs + with_items: etcd_needing_client_certs | default([]) diff --git a/roles/etcd_certificates/tasks/main.yml b/roles/etcd_certificates/tasks/main.yml index 3bb715943..17092ca58 100644 --- a/roles/etcd_certificates/tasks/main.yml +++ b/roles/etcd_certificates/tasks/main.yml @@ -1,6 +1,6 @@ --- - include: client.yml - when: etcd_needing_client_certs is defined and etcd_needing_client_certs + when: etcd_needing_client_certs | default([]) | length > 0 - include: server.yml - when: etcd_needing_server_certs is defined and etcd_needing_server_certs + when: etcd_needing_server_certs | default([]) | length > 0 diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml index 2589c5192..223917ccd 100644 --- a/roles/etcd_certificates/tasks/server.yml +++ b/roles/etcd_certificates/tasks/server.yml @@ -4,7 +4,7 @@ path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" state: directory mode: 0700 - with_items: etcd_needing_server_certs + with_items: etcd_needing_server_certs | default([]) - name: Create the server csr command: > @@ -19,7 +19,7 @@ ~ item.etcd_cert_prefix ~ 'server.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: etcd_needing_server_certs + with_items: etcd_needing_server_certs | default([]) - name: Sign and create the server crt command: > @@ -33,7 +33,7 @@ ~ item.etcd_cert_prefix ~ 'server.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: etcd_needing_server_certs + with_items: etcd_needing_server_certs | default([]) - name: Create the peer csr command: > @@ -48,7 +48,7 @@ ~ item.etcd_cert_prefix ~ 'peer.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: etcd_needing_server_certs + with_items: etcd_needing_server_certs | default([]) - name: Sign and create the peer crt command: > @@ -62,10 +62,10 @@ ~ item.etcd_cert_prefix ~ 'peer.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: etcd_needing_server_certs + with_items: etcd_needing_server_certs | default([]) - file: src: "{{ etcd_ca_cert }}" dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" state: hard - with_items: etcd_needing_server_certs + with_items: etcd_needing_server_certs | default([]) diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml index f9b9ae7f1..981ea5c7a 100644 --- a/roles/flannel/handlers/main.yml +++ b/roles/flannel/handlers/main.yml @@ -1,8 +1,8 @@ --- - name: restart flanneld - sudo: true + become: yes service: name=flanneld state=restarted - name: restart docker - sudo: true + become: yes service: name=docker state=restarted diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index aa27b674e..6b6dfb423 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: Install flannel - sudo: true + become: yes action: "{{ ansible_pkg_mgr }} name=flannel state=present" when: not openshift.common.is_containerized | bool - name: Set flannel etcd url - sudo: true + become: yes lineinfile: dest: /etc/sysconfig/flanneld backrefs: yes @@ -13,7 +13,7 @@ line: '\1{{ etcd_hosts|join(",") }}' - name: Set flannel etcd key - sudo: true + become: yes lineinfile: dest: /etc/sysconfig/flanneld backrefs: yes @@ -21,7 +21,7 @@ line: '\1{{ flannel_etcd_key }}' - name: Set flannel options - sudo: true + become: yes lineinfile: dest: /etc/sysconfig/flanneld backrefs: yes @@ -29,7 +29,7 @@ line: '\1--iface {{ flannel_interface }} --etcd-cafile={{ etcd_peer_ca_file }} --etcd-keyfile={{ etcd_peer_key_file }} --etcd-certfile={{ etcd_peer_cert_file }}' - name: Enable flanneld - sudo: true + become: yes service: name: flanneld state: started @@ -37,7 +37,7 @@ register: start_result - name: Remove docker bridge ip - sudo: true + become: yes shell: ip a del `ip a show docker0 | grep "inet[[:space:]]" | awk '{print $2}'` dev docker0 notify: - restart docker diff --git a/roles/flannel_register/tasks/main.yml b/roles/flannel_register/tasks/main.yml index 1629157c8..845b7ef40 100644 --- a/roles/flannel_register/tasks/main.yml +++ b/roles/flannel_register/tasks/main.yml @@ -1,14 +1,14 @@ --- - name: Assures /etc/flannel dir exists - sudo: true + become: yes file: path=/etc/flannel state=directory - name: Generate etcd configuration for etcd - sudo: true + become: yes template: src: "flannel-config.json" dest: "/etc/flannel/config.json" - name: Insert flannel configuration into etcd - sudo: true + become: yes command: 'curl -L --cacert "{{ etcd_peer_ca_file }}" --cert "{{ etcd_peer_cert_file }}" --key "{{ etcd_peer_key_file }}" "{{ etcd_hosts[0] }}/v2/keys{{ flannel_etcd_key }}/config" -XPUT --data-urlencode value@/etc/flannel/config.json' diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml index 937d94209..a1524cfe1 100644 --- a/roles/haproxy/defaults/main.yml +++ b/roles/haproxy/defaults/main.yml @@ -15,7 +15,6 @@ haproxy_backends: address: 127.0.0.1:9000 opts: check -os_firewall_use_firewalld: False os_firewall_allow: - service: haproxy stats port: "9000/tcp" diff --git a/roles/kube_nfs_volumes/README.md b/roles/kube_nfs_volumes/README.md index 1520f79b2..dd91ad8b1 100644 --- a/roles/kube_nfs_volumes/README.md +++ b/roles/kube_nfs_volumes/README.md @@ -94,7 +94,7 @@ partitions. * Create an ansible playbook, say `setupnfs.yaml`: ``` - hosts: nfsservers - sudo: yes + become: yes roles: - role: kube_nfs_volumes disks: "/dev/sdb,/dev/sdc" diff --git a/roles/nuage_master/defaults/main.yaml b/roles/nuage_master/defaults/main.yaml new file mode 100644 index 000000000..cf670a9e1 --- /dev/null +++ b/roles/nuage_master/defaults/main.yaml @@ -0,0 +1,4 @@ +--- +nuage_master_cspadminpasswd: "" +nuage_master_adminusername: admin +nuage_master_adminuserpasswd: admin diff --git a/roles/nuage_master/files/serviceaccount.sh b/roles/nuage_master/files/serviceaccount.sh deleted file mode 100644 index f6fdb8a8d..000000000 --- a/roles/nuage_master/files/serviceaccount.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash -# Parse CLI options -for i in "$@"; do - case $i in - --master-cert-dir=*) - MASTER_DIR="${i#*=}" - CA_CERT=${MASTER_DIR}/ca.crt - CA_KEY=${MASTER_DIR}/ca.key - CA_SERIAL=${MASTER_DIR}/ca.serial.txt - ADMIN_FILE=${MASTER_DIR}/admin.kubeconfig - ;; - --server=*) - SERVER="${i#*=}" - ;; - --output-cert-dir=*) - OUTDIR="${i#*=}" - CONFIG_FILE=${OUTDIR}/nuage.kubeconfig - ;; - esac -done - -# If any are missing, print the usage and exit -if [ -z $SERVER ] || [ -z $OUTDIR ] || [ -z $MASTER_DIR ]; then - echo "Invalid syntax: $@" - echo "Usage:" - echo " $0 --server=<address>:<port> --output-cert-dir=/path/to/output/dir/ --master-cert-dir=/path/to/master/" - echo "--master-cert-dir: Directory where the master's configuration is held" - echo "--server: Address of Kubernetes API server (default port is 8443)" - echo "--output-cert-dir: Directory to put artifacts in" - echo "" - echo "All options are required" - exit 1 -fi - -# Login as admin so that we can create the service account -oc login -u system:admin --config=$ADMIN_FILE || exit 1 -oc project default --config=$ADMIN_FILE - -ACCOUNT_CONFIG=' -{ - "apiVersion": "v1", - "kind": "ServiceAccount", - "metadata": { - "name": "nuage" - } -} -' - -# Create the account with the included info -echo $ACCOUNT_CONFIG|oc create --config=$ADMIN_FILE -f - - -# Add the cluser-reader role, which allows this service account read access to -# everything in the cluster except secrets -oadm policy add-cluster-role-to-user cluster-reader system:serviceaccounts:default:nuage --config=$ADMIN_FILE - -# Generate certificates and a kubeconfig for the service account -oadm create-api-client-config --certificate-authority=${CA_CERT} --client-dir=${OUTDIR} --signer-cert=${CA_CERT} --signer-key=${CA_KEY} --signer-serial=${CA_SERIAL} --user=system:serviceaccounts:default:nuage --master=${SERVER} --public-master=${SERVER} --basename='nuage' - -# Verify the finalized kubeconfig -if ! [ $(oc whoami --config=$CONFIG_FILE) == 'system:serviceaccounts:default:nuage' ]; then - echo "Service account creation failed!" - exit 1 -fi diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml index 5d133cf16..56224cf82 100644 --- a/roles/nuage_master/handlers/main.yaml +++ b/roles/nuage_master/handlers/main.yaml @@ -1,6 +1,6 @@ --- - name: restart nuage-openshift-monitor - sudo: true + become: yes service: name=nuage-openshift-monitor state=restarted - name: restart master diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index abeee3d71..b8eaede3b 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -1,22 +1,20 @@ --- - name: Create directory /usr/share/nuage-openshift-monitor - sudo: true + become: yes file: path=/usr/share/nuage-openshift-monitor state=directory - name: Create the log directory - sudo: true + become: yes file: path={{ nuage_mon_rest_server_logdir }} state=directory - name: Install Nuage Openshift Monitor - sudo: true + become: yes yum: name={{ nuage_openshift_rpm }} state=present -- name: Run the service account creation script - sudo: true - script: serviceaccount.sh --server={{ openshift.master.api_url }} --output-cert-dir={{ cert_output_dir }} --master-cert-dir={{ openshift_master_config_dir }} +- include: serviceaccount.yml - name: Download the certs and keys - sudo: true + become: yes fetch: src={{ cert_output_dir }}/{{ item }} dest=/tmp/{{ item }} flat=yes with_items: - ca.crt @@ -27,7 +25,7 @@ - include: certificates.yml - name: Create nuage-openshift-monitor.yaml - sudo: true + become: yes template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644 notify: - restart master diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml new file mode 100644 index 000000000..5b4af5824 --- /dev/null +++ b/roles/nuage_master/tasks/serviceaccount.yml @@ -0,0 +1,51 @@ +--- +- name: Create temporary directory for admin kubeconfig + command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig + register: nuage_tmp_conf_mktemp + changed_when: False + +- set_fact: + nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}" + +- name: Copy Configuration to temporary conf + command: > + cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}} + changed_when: false + +- name: Create Admin Service Account + shell: > + echo {{ nuage_service_account_config | to_json | quote }} | + {{ openshift.common.client_binary }} create + -n default + --config={{nuage_tmp_conf}} + -f - + register: osnuage_create_service_account + failed_when: "'already exists' not in osnuage_create_service_account.stderr and osnuage_create_service_account.rc != 0" + changed_when: osnuage_create_service_account.rc == 0 + +- name: Configure role/user permissions + command: > + {{ openshift.common.admin_binary }} {{item}} + --config={{nuage_tmp_conf}} + with_items: "{{nuage_tasks}}" + register: osnuage_perm_task + failed_when: "'already exists' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0" + changed_when: osnuage_perm_task.rc == 0 + +- name: Generate the node client config + command: > + {{ openshift.common.admin_binary }} create-api-client-config + --certificate-authority={{ openshift_master_ca_cert }} + --client-dir={{ cert_output_dir }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.api_url }} + --signer-cert={{ openshift_master_ca_cert }} + --signer-key={{ openshift_master_ca_key }} + --signer-serial={{ openshift_master_ca_serial }} + --basename='nuage' + --user={{ nuage_service_account }} + +- name: Clean temporary configuration file + command: > + rm -f {{nuage_tmp_conf}} + changed_when: false diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml index c4c15d65c..5bc735bb6 100644 --- a/roles/nuage_master/vars/main.yaml +++ b/roles/nuage_master/vars/main.yaml @@ -1,4 +1,7 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" +openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" +openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" +openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" ca_cert: "{{ openshift_master_config_dir }}/ca.crt" admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig" cert_output_dir: /usr/share/nuage-openshift-monitor @@ -15,6 +18,13 @@ nuage_ca_master_rest_server_key: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonSe nuage_ca_master_rest_server_crt: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.crt" nuage_master_crt_dir : /usr/share/nuage-openshift-monitor -nuage_master_cspadminpasswd: '' -nuage_master_adminsusername: 'admin' -nuage_master_adminuserpasswd: 'admin' +nuage_service_account: system:serviceaccount:default:nuage + +nuage_service_account_config: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: nuage + +nuage_tasks: + - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }} diff --git a/roles/nuage_node/handlers/main.yaml b/roles/nuage_node/handlers/main.yaml index 25482a845..5f2b97ae2 100644 --- a/roles/nuage_node/handlers/main.yaml +++ b/roles/nuage_node/handlers/main.yaml @@ -1,8 +1,8 @@ --- - name: restart vrs - sudo: true + become: yes service: name=openvswitch state=restarted - name: restart node - sudo: true + become: yes service: name={{ openshift.common.service_type }}-node state=restarted diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml index d7dd53802..1146573d3 100644 --- a/roles/nuage_node/tasks/main.yaml +++ b/roles/nuage_node/tasks/main.yaml @@ -1,27 +1,27 @@ --- - name: Install Nuage VRS - sudo: true + become: yes yum: name={{ vrs_rpm }} state=present - name: Set the uplink interface - sudo: true + become: yes lineinfile: dest={{ vrs_config }} regexp=^NETWORK_UPLINK_INTF line='NETWORK_UPLINK_INTF={{ uplink_interface }}' - name: Set the Active Controller - sudo: true + become: yes lineinfile: dest={{ vrs_config }} regexp=^ACTIVE_CONTROLLER line='ACTIVE_CONTROLLER={{ vsc_active_ip }}' - name: Set the Standby Controller - sudo: true + become: yes lineinfile: dest={{ vrs_config }} regexp=^STANDBY_CONTROLLER line='STANDBY_CONTROLLER={{ vsc_standby_ip }}' when: vsc_standby_ip is defined - name: Install plugin rpm - sudo: true + become: yes yum: name={{ plugin_rpm }} state=present - name: Copy the certificates and keys - sudo: true + become: yes copy: src="/tmp/{{ item }}" dest="{{ vsp_openshift_dir }}/{{ item }}" with_items: - ca.crt @@ -32,7 +32,7 @@ - include: certificates.yml - name: Set the vsp-openshift.yaml - sudo: true + become: yes template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644 notify: - restart vrs diff --git a/roles/openshift_builddefaults/meta/main.yml b/roles/openshift_builddefaults/meta/main.yml new file mode 100644 index 000000000..422d08400 --- /dev/null +++ b/roles/openshift_builddefaults/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Scott Dodson + description: OpenShift Build Defaults configuration + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_facts diff --git a/roles/openshift_builddefaults/tasks/main.yml b/roles/openshift_builddefaults/tasks/main.yml new file mode 100644 index 000000000..6a4e919e8 --- /dev/null +++ b/roles/openshift_builddefaults/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Set builddefaults + openshift_facts: + role: builddefaults + # TODO: add ability to define builddefaults env vars sort of like this + # may need to move the config generation to a filter however. + # openshift_env: "{{ hostvars + # | oo_merge_hostvars(vars, inventory_hostname) + # | oo_openshift_env }}" + # openshift_env_structures: + # - 'openshift.builddefaults.env.*' + local_facts: + http_proxy: "{{ openshift_builddefaults_http_proxy | default(None) }}" + https_proxy: "{{ openshift_builddefaults_https_proxy | default(None) }}" + no_proxy: "{{ openshift_builddefaults_no_proxy | default(None) }}" + git_http_proxy: "{{ openshift_builddefaults_git_http_proxy | default(None) }}" + git_https_proxy: "{{ openshift_builddefaults_git_https_proxy | default(None) }}" + +- name: Set builddefaults config structure + openshift_facts: + role: builddefaults + local_facts: + config: "{{ openshift_builddefaults_json | default(builddefaults_yaml) }}" + diff --git a/roles/openshift_builddefaults/vars/main.yml b/roles/openshift_builddefaults/vars/main.yml new file mode 100644 index 000000000..9727c73a5 --- /dev/null +++ b/roles/openshift_builddefaults/vars/main.yml @@ -0,0 +1,15 @@ +--- +builddefaults_yaml: + BuildDefaults: + configuration: + apiVersion: v1 + kind: BuildDefaultsConfig + gitHTTPProxy: "{{ openshift.builddefaults.git_http_proxy | default('', true) }}" + gitHTTPSProxy: "{{ openshift.builddefaults.git_https_proxy | default('', true) }}" + env: + - name: HTTP_PROXY + value: "{{ openshift.builddefaults.http_proxy | default('', true) }}" + - name: HTTPS_PROXY + value: "{{ openshift.builddefaults.https_proxy | default('', true) }}" + - name: NO_PROXY + value: "{{ openshift.builddefaults.no_proxy | default('', true) | join(',') }}" diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml index d7442924f..6111d1207 100644 --- a/roles/openshift_cloud_provider/tasks/main.yml +++ b/roles/openshift_cloud_provider/tasks/main.yml @@ -2,8 +2,8 @@ - name: Set cloud provider facts openshift_facts: role: cloudprovider - openshift_env: "{{ hostvars[inventory_hostname] - | oo_merge_dicts(hostvars) + openshift_env: "{{ hostvars + | oo_merge_hostvars(vars, inventory_hostname) | oo_openshift_env }}" openshift_env_structures: - 'openshift.cloudprovider.aws.*' diff --git a/roles/openshift_cloud_provider/templates/openstack.conf.j2 b/roles/openshift_cloud_provider/templates/openstack.conf.j2 index 1b70edc16..8a06b3a08 100644 --- a/roles/openshift_cloud_provider/templates/openstack.conf.j2 +++ b/roles/openshift_cloud_provider/templates/openstack.conf.j2 @@ -11,7 +11,6 @@ tenant-name = {{ openshift.cloudprovider.openstack.tenant_name }} region = {{ openshift.cloudprovider.openstack.region }} {% endif %} {% if 'lb_subnet_id' in openshift.cloudprovider.openstack %} -+ -+[LoadBalancer] -+subnet-id = {{ openshift.cloudprovider.openstack.lb_subnet_id }} -+{% endif %} +[LoadBalancer] +subnet-id = {{ openshift.cloudprovider.openstack.lb_subnet_id }} +{% endif %} diff --git a/roles/openshift_cluster_metrics/tasks/main.yml b/roles/openshift_cluster_metrics/tasks/main.yml index d45f62eca..1fc8a074a 100644 --- a/roles/openshift_cluster_metrics/tasks/main.yml +++ b/roles/openshift_cluster_metrics/tasks/main.yml @@ -28,7 +28,6 @@ cluster-reader system:serviceaccount:default:heapster register: oex_cluster_header_role - register: oex_cluster_header_role failed_when: "'already exists' not in oex_cluster_header_role.stderr and oex_cluster_header_role.rc != 0" changed_when: false diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index d5166b52e..4ec255dbc 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -27,7 +27,6 @@ use_nuage: "{{ openshift_use_nuage | default(None) }}" use_manageiq: "{{ openshift_use_manageiq | default(None) }}" data_dir: "{{ openshift_data_dir | default(None) }}" - portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}" use_dnsmasq: "{{ openshift_use_dnsmasq | default(None) }}" # Using oo_image_tag_to_rpm_version here is a workaround for how diff --git a/roles/openshift_common/vars/main.yml b/roles/openshift_common/vars/main.yml deleted file mode 100644 index 50816d319..000000000 --- a/roles/openshift_common/vars/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# TODO: Upstream kubernetes only supports iptables currently, if this changes, -# then these variable should be moved to defaults -# TODO: it might be possible to still use firewalld if we wire up the created -# chains with the public zone (or the zone associated with the correct -# interfaces) -os_firewall_use_firewalld: False diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml index 23613b762..10f47f9b2 100644 --- a/roles/openshift_docker/tasks/main.yml +++ b/roles/openshift_docker/tasks/main.yml @@ -4,12 +4,13 @@ # openshift_image_tag correctly for upgrades. - name: Set version when containerized command: > - docker run --rm {{ openshift.common.cli_image }}:latest version + docker run --rm {{ openshift.common.cli_image }} version register: cli_image_version when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is not defined - set_fact: - l_image_tag: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0] }}" + l_image_tag: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-') if openshift.common.deployment_type == 'origin' else + cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0] }}" when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is not defined - set_fact: @@ -23,6 +24,6 @@ with_items: - role: docker local_facts: - openshift_image_tag: "{{ l_image_tag }}" - openshift_version: "{{ l_image_tag if l_image_tag is defined else '' | oo_image_tag_to_rpm_version }}" + openshift_image_tag: "{{ l_image_tag | default(None) }}" + openshift_version: "{{ l_image_tag.split('-')[0] if l_image_tag is defined else '' | oo_image_tag_to_rpm_version }}" when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index 89393168b..3acd2bba8 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -27,6 +27,9 @@ docker_log_options: "{{ openshift.docker.log_options | default(omit) }}" docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub | default(omit) }}" + docker_http_proxy: "{{ openshift.common.http_proxy | default(omit) }}" + docker_https_proxy: "{{ openshift.common.https_proxy | default(omit) }}" + docker_no_proxy: "{{ openshift.common.no_proxy | default(omit) }}" - set_fact: docker_options: > diff --git a/roles/openshift_etcd_facts/meta/main.yml b/roles/openshift_etcd_facts/meta/main.yml index 18d289ea1..925aa9f92 100644 --- a/roles/openshift_etcd_facts/meta/main.yml +++ b/roles/openshift_etcd_facts/meta/main.yml @@ -12,4 +12,4 @@ galaxy_info: categories: - cloud dependencies: -- role: openshift_common +- role: openshift_facts diff --git a/roles/openshift_expand_partition/README.md b/roles/openshift_expand_partition/README.md index aed4ec871..c9c7b378c 100644 --- a/roles/openshift_expand_partition/README.md +++ b/roles/openshift_expand_partition/README.md @@ -45,7 +45,7 @@ space on /dev/xvda, and the file system will be expanded to fill the new partition space. - hosts: mynodes - sudo: no + become: no remote_user: root gather_facts: no roles: @@ -68,7 +68,7 @@ partition space. * Create an ansible playbook, say `expandvar.yaml`: ``` - hosts: mynodes - sudo: no + become: no remote_user: root gather_facts: no roles: diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 6a35eb0a1..cb8301da4 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -499,12 +499,12 @@ def set_dnsmasq_facts_if_unset(facts): """ if 'common' in facts: - if 'use_dnsmasq' not in facts['common'] and facts['common']['version_gte_3_2_or_1_2']: + if 'use_dnsmasq' not in facts['common'] and safe_get_bool(facts['common']['version_gte_3_2_or_1_2']): facts['common']['use_dnsmasq'] = True else: facts['common']['use_dnsmasq'] = False if 'master' in facts and 'dns_port' not in facts['master']: - if facts['common']['use_dnsmasq']: + if safe_get_bool(facts['common']['use_dnsmasq']): facts['master']['dns_port'] = 8053 else: facts['master']['dns_port'] = 53 @@ -1276,7 +1276,12 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw facts[key] = copy.deepcopy(value) new_keys = set(new.keys()) - set(orig.keys()) for key in new_keys: - facts[key] = copy.deepcopy(new[key]) + # Watchout for JSON facts that sometimes load as strings. + # (can happen if the JSON contains a boolean) + if key in inventory_json_facts and isinstance(new[key], basestring): + facts[key] = yaml.safe_load(new[key]) + else: + facts[key] = copy.deepcopy(new[key]) return facts def save_local_facts(filename, facts): @@ -1327,6 +1332,23 @@ def get_local_facts_from_file(filename): return local_facts +def sort_unique(alist): + """ Sorts and de-dupes a list + + Args: + list: a list + Returns: + list: a sorted de-duped list + """ + + alist.sort() + out = list() + for i in alist: + if i not in out: + out.append(i) + + return out + def safe_get_bool(fact): """ Get a boolean fact safely. @@ -1337,6 +1359,62 @@ def safe_get_bool(fact): """ return bool(strtobool(str(fact))) +def set_proxy_facts(facts): + """ Set global proxy facts and promote defaults from http_proxy, https_proxy, + no_proxy to the more specific builddefaults and builddefaults_git vars. + 1. http_proxy, https_proxy, no_proxy + 2. builddefaults_* + 3. builddefaults_git_* + + Args: + facts(dict): existing facts + Returns: + facts(dict): Updated facts with missing values + """ + if 'common' in facts: + common = facts['common'] + if 'http_proxy' in common or 'https_proxy' in common: + if 'no_proxy' in common and \ + isinstance(common['no_proxy'], basestring): + common['no_proxy'] = common['no_proxy'].split(",") + elif 'no_proxy' not in common: + common['no_proxy'] = [] + if 'generate_no_proxy_hosts' in common and \ + safe_get_bool(common['generate_no_proxy_hosts']): + if 'no_proxy_internal_hostnames' in common: + common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(',')) + common['no_proxy'].append('.' + common['dns_domain']) + # We always add ourselves no matter what + common['no_proxy'].append(common['hostname']) + common['no_proxy'] = sort_unique(common['no_proxy']) + facts['common'] = common + + if 'builddefaults' in facts: + builddefaults = facts['builddefaults'] + common = facts['common'] + # Copy values from common to builddefaults + if 'http_proxy' not in builddefaults and 'http_proxy' in common: + builddefaults['http_proxy'] = common['http_proxy'] + if 'https_proxy' not in builddefaults and 'https_proxy' in common: + builddefaults['https_proxy'] = common['https_proxy'] + if 'no_proxy' not in builddefaults and 'no_proxy' in common: + builddefaults['no_proxy'] = common['no_proxy'] + if 'git_http_proxy' not in builddefaults and 'http_proxy' in builddefaults: + builddefaults['git_http_proxy'] = builddefaults['http_proxy'] + if 'git_https_proxy' not in builddefaults and 'https_proxy' in builddefaults: + builddefaults['git_https_proxy'] = builddefaults['https_proxy'] + # If we're actually defining a proxy config then create kube_admission_plugin_config + # if it doesn't exist, then merge builddefaults[config] structure + # into kube_admission_plugin_config + if 'kube_admission_plugin_config' not in facts['master']: + facts['master']['kube_admission_plugin_config'] = dict() + if 'config' in builddefaults and ('http_proxy' in builddefaults or \ + 'https_proxy' in builddefaults): + facts['master']['kube_admission_plugin_config'].update(builddefaults['config']) + facts['builddefaults'] = builddefaults + + return facts + # pylint: disable=too-many-statements def set_container_facts_if_unset(facts): """ Set containerized facts. @@ -1470,7 +1548,8 @@ class OpenShiftFacts(object): Raises: OpenShiftFactsUnsupportedRoleError: """ - known_roles = ['cloudprovider', + known_roles = ['builddefaults', + 'cloudprovider', 'common', 'docker', 'etcd', @@ -1558,6 +1637,7 @@ class OpenShiftFacts(object): facts = set_manageiq_facts_if_unset(facts) facts = set_aggregate_facts(facts) facts = set_etcd_facts_if_unset(facts) + facts = set_proxy_facts(facts) if not safe_get_bool(facts['common']['is_containerized']): facts = set_installed_variant_rpm_facts(facts) return dict(openshift=facts) @@ -1621,7 +1701,8 @@ class OpenShiftFacts(object): auth_token_max_seconds=500, oauth_grant_method='auto', scheduler_predicates=scheduler_predicates, - scheduler_priorities=scheduler_priorities) + scheduler_priorities=scheduler_priorities, + dynamic_provisioning_enabled=True) if 'node' in roles: defaults['node'] = dict(labels={}, annotations={}, @@ -1644,6 +1725,8 @@ class OpenShiftFacts(object): defaults['hosted'] = dict( metrics=dict( deploy=False, + duration=7, + resolution=10, storage=dict( kind=None, volume=dict( diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 36def57c8..ff726ae24 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -5,15 +5,13 @@ when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') - name: Detecting Operating System - shell: ls /run/ostree-booted - ignore_errors: yes - failed_when: false - changed_when: false - register: ostree_output + stat: + path: /run/ostree-booted + register: ostree_booted # Locally setup containerized facts for now - set_fact: - l_is_atomic: "{{ ostree_output.rc == 0 }}" + l_is_atomic: "{{ ostree_booted.stat.exists }}" - set_fact: l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}" @@ -33,3 +31,19 @@ is_containerized: "{{ l_is_containerized | default(None) }}" public_hostname: "{{ openshift_public_hostname | default(None) }}" public_ip: "{{ openshift_public_ip | default(None) }}" + portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}" + +# had to be done outside of the above because hostname isn't yet set +- name: Gather hostnames for proxy configuration + openshift_facts: + role: common + local_facts: + http_proxy: "{{ openshift_http_proxy | default(None) }}" + https_proxy: "{{ openshift_https_proxy | default(None) }}" + no_proxy: "{{ openshift_no_proxy | default(None) }}" + generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" + no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" diff --git a/roles/openshift_hosted_facts/tasks/main.yml b/roles/openshift_hosted_facts/tasks/main.yml index f595e1e81..2a11e6cbd 100644 --- a/roles/openshift_hosted_facts/tasks/main.yml +++ b/roles/openshift_hosted_facts/tasks/main.yml @@ -2,6 +2,6 @@ - name: Set hosted facts openshift_facts: role: hosted - openshift_env: "{{ hostvars[inventory_hostname] - | oo_merge_dicts(hostvars) + openshift_env: "{{ hostvars + | oo_merge_hostvars(vars, inventory_hostname) | oo_openshift_env }}" diff --git a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml index d8a5b62a0..072f7bb4e 100644 --- a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml +++ b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml @@ -15,43 +15,52 @@ changed_when: False - name: "Create logging project" - command: {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project logging + command: > + {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project logging - name: "Changing projects" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging - name: "Creating logging deployer secret" - command: " {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }}" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }} register: secret_output failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr" - name: "Copy serviceAccount file" - copy: dest=/tmp/logging-deployer-sa.yaml - src={{role_path}}/files/logging-deployer-sa.yaml - force=yes + copy: + dest: /tmp/logging-deployer-sa.yaml + src: "{{role_path}}/files/logging-deployer-sa.yaml" + force: yes - name: "Create logging-deployer service account" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /tmp/logging-deployer-sa.yaml" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /tmp/logging-deployer-sa.yaml register: deployer_output failed_when: "deployer_output.rc == 1 and 'exists' not in deployer_output.stderr" - name: "Set permissions for logging-deployer service account" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-role-to-user edit system:serviceaccount:logging:logging-deployer" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-role-to-user edit system:serviceaccount:logging:logging-deployer register: permiss_output failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr" - name: "Set permissions for fluentd" - command: {{ openshift.common.admin_binary}} policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd + command: > + {{ openshift.common.admin_binary}} policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd register: fluentd_output failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr" - name: "Set additional permissions for fluentd" - command: {{ openshift.common.admin_binary}} policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd + command: > + {{ openshift.common.admin_binary}} policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd register: fluentd2_output failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr" - name: "Create deployer template" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml -n openshift" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml -n openshift register: template_output failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr" @@ -90,13 +99,12 @@ - name: "Scale fluentd deployment config" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }}" - + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }} - - name: "Scale fluentd replication controller" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale rc/logging-fluentd-1 --replicas={{ fluentd_replicas | default('1') }}" - - debug: msg="Logging components deployed. Note persistant volume for elasticsearch must be setup manually" + - debug: + msg: "Logging components deployed. Note persistant volume for elasticsearch must be setup manually" - name: Delete temp directory file: diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index cee1f1738..291cdbbb5 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -6,7 +6,7 @@ retries: 50 delay: 5 changed_when: false - with_items: openshift_nodes + with_items: "{{ openshift_nodes }}" - name: Set node schedulability command: > diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 09bde6002..16df984f9 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -13,6 +13,14 @@ os_firewall_allow: port: "{{ openshift.master.dns_port }}/tcp" - service: skydns udp port: "{{ openshift.master.dns_port }}/udp" +# On HA masters version_gte facts are not properly set so open port 53 +# whenever we're not certain of the need +- service: legacy skydns tcp + port: "53/tcp" + when: "{{ 'version' not in openshift.common or openshift.common.version == None }}" +- service: legacy skydns udp + port: "53/udp" + when: "{{ 'version' not in openshift.common or openshift.common.version == None }}" - service: Fluentd td-agent tcp port: 24224/tcp - service: Fluentd td-agent udp diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index 0d4241e2c..e882e0b8b 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -15,5 +15,6 @@ dependencies: - role: openshift_docker - role: openshift_cli - role: openshift_cloud_provider +- role: openshift_builddefaults - role: openshift_master_facts - role: openshift_hosted_facts diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 18a42bf93..fe0784ea2 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -78,23 +78,50 @@ action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present" when: (item.kind == 'HTPasswdPasswordIdentityProvider') and not openshift.common.is_atomic | bool - with_items: openshift.master.identity_providers + with_items: "{{ openshift.master.identity_providers }}" - name: Ensure htpasswd directory exists file: path: "{{ item.filename | dirname }}" state: directory when: item.kind == 'HTPasswdPasswordIdentityProvider' - with_items: openshift.master.identity_providers + with_items: "{{ openshift.master.identity_providers }}" - name: Create the htpasswd file if needed - copy: + template: dest: "{{ item.filename }}" - content: "" + src: htpasswd.j2 mode: 0600 - force: no + backup: yes when: item.kind == 'HTPasswdPasswordIdentityProvider' - with_items: openshift.master.identity_providers + with_items: "{{ openshift.master.identity_providers }}" + +- name: Create the ldap ca file if needed + copy: + dest: "{{ item.ca if 'ca' in item and '/' in item.ca else openshift_master_config_dir ~ '/' ~ item.ca | default('ldap_ca.crt') }}" + content: "{{ openshift.master.ldap_ca }}" + mode: 0600 + backup: yes + when: openshift.master.ldap_ca is defined and item.kind == 'LDAPPasswordIdentityProvider' + with_items: "{{ openshift.master.identity_providers }}" + +- name: Create the openid ca file if needed + copy: + dest: "{{ item.ca if 'ca' in item and '/' in item.ca else openshift_master_config_dir ~ '/' ~ item.ca | default('openid_ca.crt') }}" + content: "{{ openshift.master.openid_ca }}" + mode: 0600 + backup: yes + when: openshift.master.openid_ca is defined and item.kind == 'OpenIDIdentityProvider' and item.ca | default('') != '' + with_items: "{{ openshift.master.identity_providers }}" + +- name: Create the request header ca file if needed + copy: + dest: "{{ item.clientCA if 'clientCA' in item and '/' in item.clientCA else openshift_master_config_dir ~ '/' ~ item.clientCA | default('request_header_ca.crt') }}" + content: "{{ openshift.master.request_header_ca }}" + mode: 0600 + backup: yes + when: openshift.master.request_header_ca is defined and item.kind == 'RequestHeaderIdentityProvider' and item.clientCA | default('') != '' + with_items: "{{ openshift.master.identity_providers }}" - name: Install the systemd units include: systemd_units.yml @@ -212,7 +239,7 @@ mode: 0700 owner: "{{ item }}" group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" - with_items: client_users + with_items: "{{ client_users }}" # TODO: Update this file if the contents of the source file are not present in # the dest file, will need to make sure to ignore things that could be added @@ -220,7 +247,7 @@ command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config args: creates: ~{{ item }}/.kube/config - with_items: client_users + with_items: "{{ client_users }}" - name: Update the permissions on the admin client config(s) file: @@ -229,4 +256,4 @@ mode: 0700 owner: "{{ item }}" group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" - with_items: client_users + with_items: "{{ client_users }}" diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 862cfa8f1..4cf632841 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -10,8 +10,13 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} # Proxy configuration -# Origin uses standard HTTP_PROXY environment variables. Be sure to set -# NO_PROXY for your master -#NO_PROXY=master.example.com -#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT -#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT +# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy +{% if 'http_proxy' in openshift.common %} +HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +{% endif %} +{% if 'https_proxy' in openshift.common %} +HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +{% endif %} +{% if 'no_proxy' in openshift.common %} +NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +{% endif %} diff --git a/roles/openshift_master/templates/htpasswd.j2 b/roles/openshift_master/templates/htpasswd.j2 new file mode 100644 index 000000000..ba2c02e20 --- /dev/null +++ b/roles/openshift_master/templates/htpasswd.j2 @@ -0,0 +1,5 @@ +{% if 'htpasswd_users' in openshift.master %} +{% for user,pass in openshift.master.htpasswd_users.iteritems() %} +{{ user ~ ':' ~ pass }} +{% endfor %} +{% endif %} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 979b428bf..48bb8a13f 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -209,3 +209,5 @@ servingInfo: {% endfor %} {% endfor %} {% endif %} +volumeConfig: + dynamicProvisioningEnabled: {{ openshift.master.dynamic_provisioning_enabled }} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 69754ee10..01a8428a0 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -10,8 +10,13 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} # Proxy configuration -# Origin uses standard HTTP_PROXY environment variables. Be sure to set -# NO_PROXY for your master -#NO_PROXY=master.example.com -#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT -#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT +# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy +{% if 'http_proxy' in openshift.common %} +HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +{% endif %} +{% if 'https_proxy' in openshift.common %} +HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +{% endif %} +{% if 'no_proxy' in openshift.common %} +NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +{% endif %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 048a4305a..89ccb1eed 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -10,8 +10,13 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} # Proxy configuration -# Origin uses standard HTTP_PROXY environment variables. Be sure to set -# NO_PROXY for your master -#NO_PROXY=master.example.com -#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT -#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT +# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy +{% if 'http_proxy' in openshift.common %} +HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +{% endif %} +{% if 'https_proxy' in openshift.common %} +HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +{% endif %} +{% if 'no_proxy' in openshift.common %} +NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +{% endif %} diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index 9017b7d2b..394f9d381 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -4,14 +4,14 @@ path: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}" state: directory mode: 0700 - with_items: masters_needing_certs + with_items: "{{ masters_needing_certs | default([]) }}" - file: src: "{{ openshift_master_config_dir }}/{{ item.1 }}" dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" state: hard with_nested: - - masters_needing_certs + - "{{ masters_needing_certs | default([]) }}" - - ca.crt - ca.key @@ -26,7 +26,7 @@ --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }} --overwrite=false when: item.master_certs_missing | bool - with_items: masters_needing_certs + with_items: "{{ masters_needing_certs | default([]) }}" - file: src: "{{ openshift_master_config_dir }}/{{ item.1 }}" @@ -34,5 +34,5 @@ state: hard force: true with_nested: - - masters_needing_certs + - "{{ masters_needing_certs | default([]) }}" - "{{ hostvars[inventory_hostname] | certificates_to_synchronize }}" diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index a020fdb41..0cbbaffc2 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -22,7 +22,6 @@ extension_scripts: "{{ openshift_master_extension_scripts | default(None) }}" extension_stylesheets: "{{ openshift_master_extension_stylesheets | default(None) }}" extensions: "{{ openshift_master_extensions | default(None) }}" - oauth_template: "{{ openshift_master_oauth_template | default(None) }}" etcd_hosts: "{{ openshift_master_etcd_hosts | default(None) }}" etcd_port: "{{ openshift_master_etcd_port | default(None) }}" etcd_use_ssl: "{{ openshift_master_etcd_use_ssl | default(None) }}" @@ -42,11 +41,15 @@ access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}" auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}" identity_providers: "{{ openshift_master_identity_providers | default(None) }}" + htpasswd_users: "{{ openshift_master_htpasswd_users | default(lookup('file', openshift_master_htpasswd_file) | oo_htpasswd_users_from_file if openshift_master_htpasswd_file is defined else None) }}" + ldap_ca: "{{ openshift_master_ldap_ca | default(lookup('file', openshift_master_ldap_ca_file) if openshift_master_ldap_ca_file is defined else None) }}" + openid_ca: "{{ openshift_master_openid_ca | default(lookup('file', openshift_master_openid_ca_file) if openshift_master_openid_ca_file is defined else None) }}" + request_header_ca: "{{ openshift_master_request_header_ca | default(lookup('file', openshift_master_request_header_ca_file) if openshift_master_request_header_ca_file is defined else None) }}" registry_url: "{{ oreg_url | default(None) }}" oauth_grant_method: "{{ openshift_master_oauth_grant_method | default(None) }}" sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}" sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" - default_subdomain: "{{ openshift_master_default_subdomain | default(osm_default_subdomain) | default(None) }}" + default_subdomain: "{{ openshift_master_default_subdomain | default(osm_default_subdomain | default(None), true) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" default_node_selector: "{{ osm_default_node_selector | default(None) }}" project_request_message: "{{ osm_project_request_message | default(None) }}" @@ -72,3 +75,4 @@ oauth_templates: "{{ openshift_master_oauth_templates | default(None) }}" oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}" image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}" + dynamic_provisioning_enabled: "{{ openshift_master_dynamic_provisioning_enabled | default(None) }}" diff --git a/roles/openshift_master_facts/vars/main.yml b/roles/openshift_master_facts/vars/main.yml new file mode 100644 index 000000000..3b0ee2761 --- /dev/null +++ b/roles/openshift_master_facts/vars/main.yml @@ -0,0 +1,14 @@ +builddefaults_yaml: + BuildDefaults: + configuration: + apiVersion: v1 + kind: BuildDefaultsConfig + gitHTTPProxy: "{{ openshift.master.builddefaults_git_http_proxy | default(omit, true) }}" + gitHTTPSProxy: "{{ openshift.master.builddefaults_git_https_proxy | default(omit, true) }}" + env: + - name: HTTP_PROXY + value: "{{ openshift.master.builddefaults_http_proxy | default(omit, true) }}" + - name: HTTPS_PROXY + value: "{{ openshift.master.builddefaults_https_proxy | default(omit, true) }}" + - name: NO_PROXY + value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}"
\ No newline at end of file diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md index 610917d7d..2e903379a 100644 --- a/roles/openshift_metrics/README.md +++ b/roles/openshift_metrics/README.md @@ -6,12 +6,13 @@ OpenShift Metrics Installation Requirements ------------ It requires subdomain fqdn to be set. -If persistence is enabled, then it also requires NFS +If persistence is enabled, then it also requires NFS. Role Variables -------------- From this role: + | Name | Default value | | |-------------------------------------------------|-----------------------|-------------------------------------------------------------| | openshift_hosted_metrics_deploy | False | If metrics should be deployed | @@ -19,9 +20,12 @@ From this role: | openshift_hosted_metrics_storage_volume_name | metrics | Metrics volume within openshift_hosted_metrics_volume_dir | | openshift_hosted_metrics_storage_volume_size | 10Gi | Metrics volume size | | openshift_hosted_metrics_storage_nfs_options | *(rw,root_squash) | NFS options for configured exports. | +| openshift_hosted_metrics_duration | 7 | Metrics query duration | +| openshift_hosted_metrics_resolution | 10 | Metrics resolution | From openshift_common: + | Name | Default Value | | |---------------------------------------|----------------|----------------------------------------| | openshift_master_default_subdomain | null | Subdomain FQDN (Mandatory) | @@ -35,10 +39,12 @@ openshift_examples Example Playbook ---------------- +``` - name: Configure openshift-metrics hosts: oo_first_master roles: - role: openshift_metrics +``` License ------- diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 1a86cb1ea..ca29ad6e1 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -20,6 +20,7 @@ {{ openshift.common.client_binary }} secrets new metrics-deployer nothing=/dev/null + --config={{hawkular_tmp_conf}} -n openshift-infra register: deployer_create_secret failed_when: "'already exists' not in deployer_create_secret.stderr and deployer_create_secret.rc !=0" @@ -43,8 +44,9 @@ shell: > {{ openshift.common.client_binary }} process -f \ /usr/share/openshift/examples/infrastructure-templates/{{ hawkular_type }}/metrics-deployer.yaml -v \ - HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }},USE_PERSISTENT_STORAGE={{ hawkular_persistence }} | \ - {{ openshift.common.client_binary }} create -n openshift-infra -f - + HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }} USE_PERSISTENT_STORAGE={{ hawkular_persistence }} \ + METRIC_DURATION={{ openshift.hosted.metrics.duration }} METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} | + {{ openshift.common.client_binary }} create -n openshift-infra --config={{hawkular_tmp_conf}} -f - register: oex_heapster_services failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0" changed_when: false @@ -52,4 +54,4 @@ - name: Clean temporary config file command: > rm -rf {{hawkular_tmp_conf}} - changed_when: false
\ No newline at end of file + changed_when: false diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index c9a7a40c8..216c11093 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Create openshift_generated_configs_dir if it doesn't exist +- name: Create openshift_generated_configs_dir if it doesn\'t exist file: path: "{{ openshift_generated_configs_dir }}" state: directory @@ -19,7 +19,7 @@ --user=system:node:{{ item.openshift.common.hostname }} args: creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" - with_items: nodes_needing_certs + with_items: "{{ nodes_needing_certs | default([]) }}" - name: Generate the node server certificate command: > @@ -33,4 +33,4 @@ --signer-serial={{ openshift_master_ca_serial }} args: creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt" - with_items: nodes_needing_certs + with_items: "{{ nodes_needing_certs | default([]) }}" diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index 51e0751e9..691fa32f3 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -46,7 +46,6 @@ EOF for ns in ${DHCP4_DOMAIN_NAME_SERVERS}; do echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf done - echo "listen-address=${def_route_ip}" >> /etc/dnsmasq.d/origin-upstream-dns.conf systemctl restart dnsmasq sed -i 's/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf diff --git a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml index cda90bd10..4d1bd3794 100644 --- a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml +++ b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml @@ -1,2 +1,2 @@ --- -- fail: msg="Not implemented"
\ No newline at end of file +- fail: msg="Currently, NetworkManager must be installed and enabled prior to installation."
\ No newline at end of file diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index 5dd28d52a..bafda9695 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -1,7 +1,7 @@ - name: test if service accounts exists command: > {{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }} - with_items: openshift_serviceaccounts_names + with_items: "{{ openshift_serviceaccounts_names }}" failed_when: false changed_when: false register: account_test @@ -13,8 +13,8 @@ -n {{ openshift_serviceaccounts_namespace }} create -f - when: item.1.rc != 0 with_together: - - openshift_serviceaccounts_names - - account_test.results + - "{{ openshift_serviceaccounts_names }}" + - "{{ account_test.results }}" - name: test if scc needs to be updated command: > @@ -22,7 +22,7 @@ changed_when: false failed_when: false register: scc_test - with_items: openshift_serviceaccounts_sccs + with_items: "{{ openshift_serviceaccounts_sccs }}" - name: Grant the user access to the privileged scc command: > @@ -30,8 +30,8 @@ privileged system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }} when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}" with_nested: - - openshift_serviceaccounts_names - - scc_test.results + - "{{ openshift_serviceaccounts_names }}" + - "{{ scc_test.results }}" - include: legacy_add_scc_to_user.yml when: not openshift.common.version_gte_3_1_or_1_1 diff --git a/roles/openshift_storage_nfs/defaults/main.yml b/roles/openshift_storage_nfs/defaults/main.yml index 90592e9d0..df0bb9fd4 100644 --- a/roles/openshift_storage_nfs/defaults/main.yml +++ b/roles/openshift_storage_nfs/defaults/main.yml @@ -16,7 +16,6 @@ openshift: options: "*(rw,root_squash)" volume: name: "metrics" -os_firewall_use_firewalld: False os_firewall_allow: - service: nfs port: "2049/tcp" diff --git a/roles/openshift_storage_nfs_lvm/README.md b/roles/openshift_storage_nfs_lvm/README.md index 1ee02e18a..3680ef5b5 100644 --- a/roles/openshift_storage_nfs_lvm/README.md +++ b/roles/openshift_storage_nfs_lvm/README.md @@ -62,7 +62,7 @@ Both of them are mounted into `/exports/openshift` directory. Both directories exported via NFS. json files are created in /root. - hosts: nfsservers - sudo: no + become: no remote_user: root gather_facts: no roles: @@ -87,7 +87,7 @@ exported via NFS. json files are created in /root. * Create an ansible playbook, say `setupnfs.yaml`: ``` - hosts: nfsservers - sudo: no + become: no remote_user: root gather_facts: no roles: diff --git a/roles/os_env_extras/files/irbrc b/roles/os_env_extras/files/irbrc deleted file mode 100644 index 47374e920..000000000 --- a/roles/os_env_extras/files/irbrc +++ /dev/null @@ -1,2 +0,0 @@ -require 'irb/completion' -IRB.conf[:PROMPT_MODE] = :SIMPLE diff --git a/roles/os_env_extras/files/vimrc b/roles/os_env_extras/files/vimrc deleted file mode 100644 index 537b944ed..000000000 --- a/roles/os_env_extras/files/vimrc +++ /dev/null @@ -1,12 +0,0 @@ -set tabstop=4 -set shiftwidth=4 -set expandtab -set list - -"flag problematic whitespace (trailing and spaces before tabs) -"Note you get the same by doing let c_space_errors=1 but -"this rule really applies to everything. -highlight RedundantSpaces term=standout ctermbg=red guibg=red -match RedundantSpaces /\s\+$\| \+\ze\t/ "\ze sets end of match so only spaces highlighted -"use :set list! to toggle visible whitespace on/off -set listchars=tab:>-,trail:.,extends:> diff --git a/roles/os_env_extras/tasks/main.yaml b/roles/os_env_extras/tasks/main.yaml deleted file mode 100644 index 628df713a..000000000 --- a/roles/os_env_extras/tasks/main.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# environment configuration role, configures irbrc, vimrc - -- name: Ensure irbrc is installed for user root - copy: - src: irbrc - dest: /root/.irbrc - -- name: Ensure vimrc is installed for user root - copy: - src: vimrc - dest: /root/.vimrc - -- name: Bash Completion - action: "{{ ansible_pkg_mgr }} name=bash-completion state=present" - when: not openshift.common.is_containerized | bool
\ No newline at end of file diff --git a/roles/os_env_extras_node/tasks/main.yml b/roles/os_env_extras_node/tasks/main.yml deleted file mode 100644 index 208065df2..000000000 --- a/roles/os_env_extras_node/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# From the origin rpm there exists instructions on how to -# setup origin properly. The following steps come from there -- name: Change root to be in the Docker group - user: name=root groups=dockerroot append=yes diff --git a/roles/os_firewall/defaults/main.yml b/roles/os_firewall/defaults/main.yml index e3176e611..c870a301a 100644 --- a/roles/os_firewall/defaults/main.yml +++ b/roles/os_firewall/defaults/main.yml @@ -1,3 +1,9 @@ --- os_firewall_enabled: True -os_firewall_use_firewalld: True +# TODO: Upstream kubernetes only supports iptables currently +# TODO: it might be possible to still use firewalld if we wire up the created +# chains with the public zone (or the zone associated with the correct +# interfaces) +os_firewall_use_firewalld: False +os_firewall_allow: [] +os_firewall_deny: [] diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml index ac4600f83..5ddca1fc0 100644 --- a/roles/os_firewall/tasks/firewall/firewalld.yml +++ b/roles/os_firewall/tasks/firewall/firewalld.yml @@ -24,6 +24,18 @@ command: systemctl daemon-reload when: install_result | changed +- name: Determine if firewalld service masked + command: > + systemctl is-enabled firewalld + register: os_firewall_firewalld_masked_output + changed_when: false + failed_when: false + +- name: Unmask firewalld service + command: > + systemctl unmask firewalld + when: os_firewall_firewalld_masked_output.stdout == "masked" + - name: Start and enable firewalld service service: name: firewalld @@ -52,29 +64,25 @@ port: "{{ item.port }}" permanent: false state: enabled - with_items: os_firewall_allow - when: os_firewall_allow is defined + with_items: "{{ os_firewall_allow }}" - name: Persist firewalld allow rules firewalld: port: "{{ item.port }}" permanent: true state: enabled - with_items: os_firewall_allow - when: os_firewall_allow is defined + with_items: "{{ os_firewall_allow }}" - name: Remove firewalld allow rules firewalld: port: "{{ item.port }}" permanent: false state: disabled - with_items: os_firewall_deny - when: os_firewall_deny is defined + with_items: "{{ os_firewall_deny }}" - name: Persist removal of firewalld allow rules firewalld: port: "{{ item.port }}" permanent: true state: disabled - with_items: os_firewall_deny - when: os_firewall_deny is defined + with_items: "{{ os_firewall_deny }}" diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 3b584f8eb..774916798 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -32,6 +32,24 @@ command: systemctl daemon-reload when: install_result | changed +- name: Determine if iptables service masked + command: > + systemctl is-enabled {{ item }} + with_items: + - iptables + - ip6tables + register: os_firewall_iptables_masked_output + changed_when: false + failed_when: false + +- name: Unmask iptables service + command: > + systemctl unmask {{ item }} + with_items: + - iptables + - ip6tables + when: "'masked' in os_firewall_iptables_masked_output.results | map(attribute='stdout')" + - name: Start and enable iptables service service: name: iptables @@ -49,8 +67,7 @@ action: add protocol: "{{ item.port.split('/')[1] }}" port: "{{ item.port.split('/')[0] }}" - with_items: os_firewall_allow - when: os_firewall_allow is defined + with_items: "{{ os_firewall_allow }}" - name: Remove iptables rules os_firewall_manage_iptables: @@ -58,5 +75,4 @@ action: remove protocol: "{{ item.port.split('/')[1] }}" port: "{{ item.port.split('/')[0] }}" - with_items: os_firewall_deny - when: os_firewall_deny is defined + with_items: "{{ os_firewall_deny }}" diff --git a/roles/pods/README.md b/roles/pods/README.md deleted file mode 100644 index 225dd44b9..000000000 --- a/roles/pods/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/pods/files/pods/docker-registry.json b/roles/pods/files/pods/docker-registry.json deleted file mode 100644 index a480e6b30..000000000 --- a/roles/pods/files/pods/docker-registry.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "kind": "Pod", - "version": "v1beta2", - "desiredState": { - "manifest": { - "version": "v1beta1", - "containers": [{ - "name": "docker-registry", - "image": "registry", - "volumeMounts": [{ - "name": "data", - "mountPath": "/var/lib/docker-registry" - }], - "ports": [{ - "containerPort": 5000, - "hostPort": 9999 - }] - }], - "volumes": [{ - "name": "data", - "source": { - "emptyDir": true - } - }] - } - }, - "labels": { - "name": "docker-registry" - } -} diff --git a/roles/pods/files/pods/fedora_apache.json b/roles/pods/files/pods/fedora_apache.json deleted file mode 100644 index 187927559..000000000 --- a/roles/pods/files/pods/fedora_apache.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "id": "apache", - "kind": "Pod", - "apiVersion": "v1beta2", - "desiredState": { - "manifest": { - "version": "v1beta1", - "id": "apache-1", - "containers": [{ - "name": "master", - "image": "fedora/apache", - "ports": [{ - "containerPort": 80, - "hostPort": 80 - }] - }] - } - }, - "labels": { - "name": "apache", - "distro": "fedora" - } -} diff --git a/roles/pods/files/pods/frontend-controller.json b/roles/pods/files/pods/frontend-controller.json deleted file mode 100644 index 2a2cdea9a..000000000 --- a/roles/pods/files/pods/frontend-controller.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "id": "frontendController", - "kind": "ReplicationController", - "apiVersion": "v1beta2", - "desiredState": { - "replicas": 2, - "replicaSelector": {"name": "frontend"}, - "podTemplate": { - "desiredState": { - "manifest": { - "version": "v1beta1", - "id": "frontendController", - "containers": [{ - "name": "php-redis", - "image": "brendanburns/php-redis", - "ports": [{"containerPort": 80, "hostPort": 8000}] - }] - } - }, - "labels": {"name": "frontend"} - }}, - "labels": {"name": "frontend"} -} diff --git a/roles/pods/files/pods/redis-master-service.json b/roles/pods/files/pods/redis-master-service.json deleted file mode 100644 index 0f590272d..000000000 --- a/roles/pods/files/pods/redis-master-service.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "id": "redismaster", - "kind": "Service", - "apiVersion": "v1beta2", - "port": 10000, - "containerPort": 6379, - "selector": { - "name": "redis-master" - } -} diff --git a/roles/pods/files/pods/redis-master.json b/roles/pods/files/pods/redis-master.json deleted file mode 100644 index 0a281a045..000000000 --- a/roles/pods/files/pods/redis-master.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "id": "redis-master-2", - "kind": "Pod", - "apiVersion": "v1beta2", - "desiredState": { - "manifest": { - "version": "v1beta1", - "id": "redis-master-2", - "containers": [{ - "name": "master", - "image": "dockerfile/redis", - "ports": [{ - "containerPort": 6379, - "hostPort": 6379 - }] - }] - } - }, - "labels": { - "name": "redis-master" - } -} diff --git a/roles/pods/files/pods/redis-slave-controller.json b/roles/pods/files/pods/redis-slave-controller.json deleted file mode 100644 index b85fff66a..000000000 --- a/roles/pods/files/pods/redis-slave-controller.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "id": "redisSlaveController", - "kind": "ReplicationController", - "apiVersion": "v1beta2", - "desiredState": { - "replicas": 2, - "replicaSelector": {"name": "redisslave"}, - "podTemplate": { - "desiredState": { - "manifest": { - "version": "v1beta1", - "id": "redisSlaveController", - "containers": [{ - "name": "slave", - "image": "brendanburns/redis-slave", - "ports": [{"containerPort": 6379, "hostPort": 6380}] - }] - } - }, - "labels": {"name": "redisslave"} - }}, - "labels": {"name": "redisslave"} -} - diff --git a/roles/pods/files/pods/redis-slave-service.json b/roles/pods/files/pods/redis-slave-service.json deleted file mode 100644 index e1c5029f6..000000000 --- a/roles/pods/files/pods/redis-slave-service.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "id": "redisslave", - "kind": "Service", - "apiVersion": "v1beta2", - "port": 10001, - "containerPort": 6379, - "labels": { - "name": "redisslave" - }, - "selector": { - "name": "redisslave" - } -} diff --git a/roles/pods/files/pods/registry-service.json b/roles/pods/files/pods/registry-service.json deleted file mode 100644 index 3a711a1ac..000000000 --- a/roles/pods/files/pods/registry-service.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "id": "dockerregistry", - "kind": "Service", - "apiVersion": "v1beta2", - "port": 8888, - "selector": { - "name": "docker-registry" - } -} - diff --git a/roles/pods/meta/main.yml b/roles/pods/meta/main.yml deleted file mode 100644 index bddf14bb2..000000000 --- a/roles/pods/meta/main.yml +++ /dev/null @@ -1,124 +0,0 @@ ---- -galaxy_info: - author: your name - description: - company: your company (optional) - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: license (GPLv2, CC-BY, etc) - min_ansible_version: 1.2 - # - # Below are all platforms currently available. Just uncomment - # the ones that apply to your role. If you don't see your - # platform on this list, let us know and we'll get it added! - # - #platforms: - #- name: EL - # versions: - # - all - # - 5 - # - 6 - # - 7 - #- name: GenericUNIX - # versions: - # - all - # - any - #- name: Fedora - # versions: - # - all - # - 16 - # - 17 - # - 18 - # - 19 - # - 20 - #- name: opensuse - # versions: - # - all - # - 12.1 - # - 12.2 - # - 12.3 - # - 13.1 - # - 13.2 - #- name: Amazon - # versions: - # - all - # - 2013.03 - # - 2013.09 - #- name: GenericBSD - # versions: - # - all - # - any - #- name: FreeBSD - # versions: - # - all - # - 8.0 - # - 8.1 - # - 8.2 - # - 8.3 - # - 8.4 - # - 9.0 - # - 9.1 - # - 9.1 - # - 9.2 - #- name: Ubuntu - # versions: - # - all - # - lucid - # - maverick - # - natty - # - oneiric - # - precise - # - quantal - # - raring - # - saucy - # - trusty - #- name: SLES - # versions: - # - all - # - 10SP3 - # - 10SP4 - # - 11 - # - 11SP1 - # - 11SP2 - # - 11SP3 - #- name: GenericLinux - # versions: - # - all - # - any - #- name: Debian - # versions: - # - all - # - etch - # - lenny - # - squeeze - # - wheezy - # - # Below are all categories currently available. Just as with - # the platforms above, uncomment those that apply to your role. - # - #categories: - #- cloud - #- cloud:ec2 - #- cloud:gce - #- cloud:rax - #- clustering - #- database - #- database:nosql - #- database:sql - #- development - #- monitoring - #- networking - #- packaging - #- system - #- web -dependencies: [] - # List your role dependencies here, one per line. Only - # dependencies available via galaxy should be listed here. - # Be sure to remove the '[]' above if you add dependencies - # to this list. - diff --git a/roles/pods/tasks/main.yml b/roles/pods/tasks/main.yml deleted file mode 100644 index 30c387c65..000000000 --- a/roles/pods/tasks/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Transfer the fedora_apache pod template - file: path=/usr/local/etc/pods state=directory - -- name: Transfer the fedora_apache pod template - copy: directory_mode=on src=pods/ dest=/usr/local/etc/pods/ diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py index 3d6b24138..eacf340aa 100644 --- a/utils/src/ooinstall/cli_installer.py +++ b/utils/src/ooinstall/cli_installer.py @@ -520,6 +520,34 @@ def error_if_missing_info(oo_cfg): if missing_info: sys.exit(1) +def get_proxy_hostnames_and_excludes(): + message = """ +If a proxy is needed to reach HTTP and HTTPS traffic please enter the name below. +This proxy will be configured by default for all processes needing to reach systems outside +the cluster. + +More advanced configuration is possible if using ansible directly: + +https://docs.openshift.com/enterprise/latest/install_config/http_proxies.html +""" + click.echo(message) + + message = "Specify your http proxy ? (ENTER for none)" + http_proxy_hostname = click.prompt(message, default='') + + message = "Specify your https proxy ? (ENTER for none)" + https_proxy_hostname = click.prompt(message, default=http_proxy_hostname) + + if http_proxy_hostname or https_proxy_hostname: + message = """ +All hosts in your openshift inventory will automatically be added to the NO_PROXY value. +Please provide any additional hosts to be added to NO_PROXY. (ENTER for none) +""" + proxy_excludes = click.prompt(message, default='') + else: + proxy_excludes = '' + + return http_proxy_hostname, https_proxy_hostname, proxy_excludes def get_missing_info_from_user(oo_cfg): """ Prompts the user for any information missing from the given configuration. """ @@ -566,6 +594,13 @@ https://docs.openshift.com/enterprise/latest/admin_guide/install/prerequisites.h oo_cfg.settings['master_routingconfig_subdomain'] = get_master_routingconfig_subdomain() click.clear() + if not oo_cfg.settings.get('openshift_http_proxy', None): + http_proxy, https_proxy, proxy_excludes = get_proxy_hostnames_and_excludes() + oo_cfg.settings['openshift_http_proxy'] = http_proxy + oo_cfg.settings['openshift_https_proxy'] = https_proxy + oo_cfg.settings['openshift_no_proxy'] = proxy_excludes + click.clear() + return oo_cfg diff --git a/utils/src/ooinstall/oo_config.py b/utils/src/ooinstall/oo_config.py index 0f1f5caf7..24dfbe013 100644 --- a/utils/src/ooinstall/oo_config.py +++ b/utils/src/ooinstall/oo_config.py @@ -11,6 +11,8 @@ PERSIST_SETTINGS = [ 'ansible_config', 'ansible_log_path', 'master_routingconfig_subdomain', + 'proxy', + 'proxy_exclude_hosts', 'variant', 'variant_version', 'version', diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py index cf2ca51ca..5ace63918 100644 --- a/utils/src/ooinstall/openshift_ansible.py +++ b/utils/src/ooinstall/openshift_ansible.py @@ -121,7 +121,7 @@ def write_inventory_vars(base_inventory, multiple_masters, proxy): base_inventory.write('\n[OSEv3:vars]\n') base_inventory.write('ansible_ssh_user={}\n'.format(CFG.settings['ansible_ssh_user'])) if CFG.settings['ansible_ssh_user'] != 'root': - base_inventory.write('ansible_become=true\n') + base_inventory.write('ansible_become=yes\n') if multiple_masters and proxy is not None: base_inventory.write('openshift_master_cluster_method=native\n') base_inventory.write("openshift_master_cluster_hostname={}\n".format(proxy.hostname)) @@ -129,7 +129,8 @@ def write_inventory_vars(base_inventory, multiple_masters, proxy): "openshift_master_cluster_public_hostname={}\n".format(proxy.public_hostname)) if CFG.settings.get('master_routingconfig_subdomain', False): base_inventory.write( - "openshift_master_default_subdomain={}\n".format(CFG.settings['master_routingconfig_subdomain'])) + "openshift_master_default_subdomain={}\n".format( + CFG.settings['master_routingconfig_subdomain'])) if CFG.settings.get('variant_version', None) == '3.1': #base_inventory.write('openshift_image_tag=v{}\n'.format(CFG.settings.get('variant_version'))) base_inventory.write('openshift_image_tag=v{}\n'.format('3.1.1.6')) @@ -169,7 +170,7 @@ def write_host(host, inventory, schedulable=None): if no_pwd_sudo == 1: print 'The atomic-openshift-installer requires sudo access without a password.' sys.exit(1) - facts += ' ansible_become=true' + facts += ' ansible_become=yes' inventory.write('{} {}\n'.format(host.connect_to, facts)) diff --git a/utils/test/fixture.py b/utils/test/fixture.py index 1657d8f46..e01eaebaf 100644 --- a/utils/test/fixture.py +++ b/utils/test/fixture.py @@ -201,6 +201,9 @@ def build_input(ssh_user=None, hosts=None, variant_num=None, inputs.append(storage) inputs.append('subdomain.example.com') + inputs.append('proxy.example.com') + inputs.append('proxy-private.example.com') + inputs.append('exclude.example.com') # TODO: support option 2, fresh install if add_nodes: |