diff options
44 files changed, 1124 insertions, 126 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 8ab4493f6..4e4490141 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.7.0-0.195.0 ./ +3.7.0-0.197.0 ./ diff --git a/inventory/byo/hosts.byo.glusterfs.external.example b/inventory/byo/hosts.byo.glusterfs.external.example index 5a284ce97..acf68266e 100644 --- a/inventory/byo/hosts.byo.glusterfs.external.example +++ b/inventory/byo/hosts.byo.glusterfs.external.example @@ -19,6 +19,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs @@ -39,6 +40,9 @@ node0 openshift_schedulable=True node1 openshift_schedulable=True node2 openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes of the external # GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname" # and "glusterfs_devices" variables defined. diff --git a/inventory/byo/hosts.byo.glusterfs.mixed.example b/inventory/byo/hosts.byo.glusterfs.mixed.example index d16df6470..a559dc377 100644 --- a/inventory/byo/hosts.byo.glusterfs.mixed.example +++ b/inventory/byo/hosts.byo.glusterfs.mixed.example @@ -19,6 +19,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs @@ -42,6 +43,9 @@ node0 openshift_schedulable=True node1 openshift_schedulable=True node2 openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes of the external # GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname" # and "glusterfs_devices" variables defined. diff --git a/inventory/byo/hosts.byo.glusterfs.native.example b/inventory/byo/hosts.byo.glusterfs.native.example index c1a1f6f84..ca4765c53 100644 --- a/inventory/byo/hosts.byo.glusterfs.native.example +++ b/inventory/byo/hosts.byo.glusterfs.native.example @@ -16,6 +16,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs @@ -34,6 +35,9 @@ node0 openshift_schedulable=True node1 openshift_schedulable=True node2 openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes that will host # GlusterFS storage pods. At a minimum, each node must have a # "glusterfs_devices" variable defined. This variable is a list of block diff --git a/inventory/byo/hosts.byo.glusterfs.registry-only.example b/inventory/byo/hosts.byo.glusterfs.registry-only.example index 31a85ee42..32040f593 100644 --- a/inventory/byo/hosts.byo.glusterfs.registry-only.example +++ b/inventory/byo/hosts.byo.glusterfs.registry-only.example @@ -20,6 +20,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs_registry @@ -40,6 +41,9 @@ node0 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node1 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node2 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes that will host # GlusterFS storage pods. At a minimum, each node must have a # "glusterfs_devices" variable defined. This variable is a list of block diff --git a/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example index 54bd89ddc..9bd37cbf6 100644 --- a/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example +++ b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example @@ -20,6 +20,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs glusterfs_registry @@ -46,6 +47,9 @@ node3 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node4 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node5 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes that will host # GlusterFS storage pods. At a minimum, each node must have a # "glusterfs_devices" variable defined. This variable is a list of block diff --git a/openshift-ansible.spec b/openshift-ansible.spec index ba4605efc..b8944d0ae 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -10,7 +10,7 @@ Name: openshift-ansible Version: 3.7.0 -Release: 0.195.0%{?dist} +Release: 0.197.0%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -285,6 +285,25 @@ Atomic OpenShift Utilities includes %changelog +* Tue Nov 07 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.197.0 +- Temporarily set master servingInfo.clientCA as client-ca-bundle.crt during + rolling CA redeployment. (abutcher@redhat.com) +- container-engine: ensure /var/lib/containers/ is properly labelled + (gscrivan@redhat.com) +- Moving docker location to share path with system containers. + (kwoodson@redhat.com) +- Retry restarting master controllers (mgugino@redhat.com) +- Bug 1509680- Fix ansible-service-broker registry validations + (fabian@fabianism.us) +- Fix preupgrade authorization objects are in sync (mgugino@redhat.com) +- Bug 1507617- Move etcd into its own service/dc with SSL (fabian@fabianism.us) + +* Mon Nov 06 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.196.0 +- Bug 1509052 - Remove logfile from broker config (david.j.zager@gmail.com) +- Fix github auth validation (mgugino@redhat.com) +- Re-generate lib_openshift (mail@jkroepke.de) +- Remove provisioner restrictions on oc_storageclass (mail@jkroepke.de) + * Mon Nov 06 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.195.0 - Bug 1507787- add full path to default asb etcd image (fabian@fabianism.us) diff --git a/playbooks/byo/openshift-cluster/redeploy-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-certificates.yml index 255b0dbf7..f53d34145 100644 --- a/playbooks/byo/openshift-cluster/redeploy-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-certificates.yml @@ -42,3 +42,7 @@ - include: ../../common/openshift-cluster/redeploy-certificates/registry.yml when: openshift_hosted_manage_registry | default(true) | bool + +- include: ../../common/openshift-master/revert-client-ca.yml + +- include: ../../common/openshift-master/restart.yml diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml index 2068ed199..e22c8cbdb 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml @@ -43,11 +43,6 @@ when: (g_master_config_output.content|b64decode|from_yaml).oauthConfig.masterCA != 'ca-bundle.crt' - modify_yaml: dest: "{{ openshift.common.config_base }}/master/master-config.yaml" - yaml_key: servingInfo.clientCA - yaml_value: ca.crt - when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca.crt' - - modify_yaml: - dest: "{{ openshift.common.config_base }}/master/master-config.yaml" yaml_key: etcdClientInfo.ca yaml_value: ca-bundle.crt when: @@ -67,6 +62,13 @@ when: - groups.oo_etcd_to_config | default([]) | length == 0 - (g_master_config_output.content|b64decode|from_yaml).etcdConfig.servingInfo.clientCA != 'ca-bundle.crt' + # Set servingInfo.clientCA to client-ca-bundle.crt in order to roll the CA certificate. + # This change will be reverted in playbooks/byo/openshift-cluster/redeploy-certificates.yml + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: servingInfo.clientCA + yaml_value: client-ca-bundle.crt + when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'client-ca-bundle.crt' - name: Copy current OpenShift CA to legacy directory hosts: oo_masters_to_config @@ -155,6 +157,7 @@ - ca.key - ca-bundle.crt - ca.serial.txt + - client-ca-bundle.crt delegate_to: "{{ openshift_ca_host }}" run_once: true changed_when: false @@ -173,6 +176,7 @@ - ca.key - ca-bundle.crt - ca.serial.txt + - client-ca-bundle.crt - name: Update master client kubeconfig CA data kubeclient_ca: client_path: "{{ openshift.common.config_base }}/master/openshift-master.kubeconfig" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml index 8e4f99c91..022b4b4fb 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml @@ -15,7 +15,7 @@ - name: Confirm OpenShift authorization objects are in sync command: > {{ openshift.common.client_binary }} adm migrate authorization - when: openshift_version | version_compare('3.7','<') + when: openshift_upgrade_target | version_compare('3.8','<') changed_when: false register: l_oc_result until: l_oc_result.rc == 0 diff --git a/playbooks/common/openshift-master/revert-client-ca.yml b/playbooks/common/openshift-master/revert-client-ca.yml new file mode 100644 index 000000000..9ae23bf5b --- /dev/null +++ b/playbooks/common/openshift-master/revert-client-ca.yml @@ -0,0 +1,17 @@ +--- +- name: Set servingInfo.clientCA = ca.crt in master config + hosts: oo_masters_to_config + tasks: + - name: Read master config + slurp: + src: "{{ openshift.common.config_base }}/master/master-config.yaml" + register: g_master_config_output + + # servingInfo.clientCA may be set as the client-ca-bundle.crt from + # CA redeployment and this task reverts that change. + - name: Set servingInfo.clientCA = ca.crt in master config + modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: servingInfo.clientCA + yaml_value: ca.crt + when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca.crt' diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index f4dc9df8a..05b37d59f 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -22,8 +22,13 @@ - name: restart master api service: name={{ openshift.common.service_type }}-master-controllers state=restarted notify: verify api server + # We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - service: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 - name: verify api server command: > curl --silent --tlsv1.2 diff --git a/playbooks/common/openshift-master/tasks/wire_aggregator.yml b/playbooks/common/openshift-master/tasks/wire_aggregator.yml index 560eea785..df3ea27b4 100644 --- a/playbooks/common/openshift-master/tasks/wire_aggregator.yml +++ b/playbooks/common/openshift-master/tasks/wire_aggregator.yml @@ -179,8 +179,13 @@ - yedit_output.changed - openshift.master.cluster_method == 'native' +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: - yedit_output.changed - openshift.master.cluster_method == 'native' diff --git a/roles/ansible_service_broker/defaults/main.yml b/roles/ansible_service_broker/defaults/main.yml index dc05b03b5..34110ca99 100644 --- a/roles/ansible_service_broker/defaults/main.yml +++ b/roles/ansible_service_broker/defaults/main.yml @@ -14,3 +14,4 @@ ansible_service_broker_launch_apb_on_bind: false ansible_service_broker_image_pull_policy: IfNotPresent ansible_service_broker_sandbox_role: edit ansible_service_broker_auto_escalate: false +ansible_service_broker_local_registry_whitelist: [] diff --git a/roles/ansible_service_broker/tasks/generate_certs.yml b/roles/ansible_service_broker/tasks/generate_certs.yml new file mode 100644 index 000000000..85e67e00c --- /dev/null +++ b/roles/ansible_service_broker/tasks/generate_certs.yml @@ -0,0 +1,35 @@ +--- + +- when: ansible_service_broker_certs_dir is undefined + block: + - name: Create ansible-service-broker cert directory + file: + path: "{{ openshift.common.config_base }}/ansible-service-broker" + state: directory + mode: 0755 + check_mode: no + + - name: Create self signing ca cert + command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ openshift.common.config_base }}/ansible-service-broker/key.pem -out {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"' + args: + creates: '{{ openshift.common.config_base }}/ansible-service-broker/cert.pem' + + - name: Create self signed client cert + command: '{{ item.cmd }}' + args: + creates: '{{ item.creates }}' + with_items: + - cmd: openssl genrsa -out {{ openshift.common.config_base }}/ansible-service-broker/client.key 2048 + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.key' + - cmd: 'openssl req -new -key {{ openshift.common.config_base }}/ansible-service-broker/client.key -out {{ openshift.common.config_base }}/ansible-service-broker/client.csr -subj "/CN=client"' + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.csr' + - cmd: openssl x509 -req -in {{ openshift.common.config_base }}/ansible-service-broker/client.csr -CA {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -CAkey {{ openshift.common.config_base }}/ansible-service-broker/key.pem -CAcreateserial -out {{ openshift.common.config_base }}/ansible-service-broker/client.pem -days 1024 + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.pem' + + - set_fact: + ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker" + +- set_fact: + etcd_ca_cert: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/cert.pem') }}" + etcd_client_cert: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/client.pem') }}" + etcd_client_key: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/client.key') }}" diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index 89a84c4df..90a4418fb 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -32,6 +32,7 @@ - include: validate_facts.yml +- include: generate_certs.yml # Deployment of ansible-service-broker starts here - name: create openshift-ansible-service-broker project @@ -68,6 +69,9 @@ - apiGroups: ["authentication.k8s.io"] resources: ["tokenreviews"] verbs: ["create"] + - apiGroups: ["image.openshift.io", ""] + resources: ["images"] + verbs: ["get", "list"] - name: Create asb-access cluster role oc_clusterrole: @@ -116,6 +120,24 @@ kubernetes.io/service-account.name: asb-client type: kubernetes.io/service-account-token +- name: Create etcd-auth secret + oc_secret: + name: etcd-auth-secret + namespace: openshift-ansible-service-broker + contents: + - path: ca.crt + data: '{{ etcd_ca_cert }}' + +- name: Create broker-etcd-auth secret + oc_secret: + name: broker-etcd-auth-secret + namespace: openshift-ansible-service-broker + contents: + - path: client.crt + data: '{{ etcd_client_cert }}' + - path: client.key + data: '{{ etcd_client_key }}' + - oc_secret: state: list namespace: openshift-ansible-service-broker @@ -156,6 +178,34 @@ app: openshift-ansible-service-broker service: asb +- name: create asb-etcd service + oc_obj: + name: asb-etcd + namespace: openshift-ansible-service-broker + state: present + kind: Service + content: + path: /tmp/asbetcdsvcout + data: + apiVersion: v1 + kind: Service + metadata: + name: asb-etcd + labels: + app: etcd + service: asb-etcd + annotations: + service.alpha.openshift.io/serving-cert-secret-name: etcd-tls + spec: + ports: + - name: port-2379 + port: 2379 + targetPort: 2379 + protocol: TCP + selector: + app: etcd + service: asb-etcd + - name: create route for ansible-service-broker service oc_route: name: asb-1338 @@ -227,6 +277,8 @@ mountPath: /etc/ansible-service-broker - name: asb-tls mountPath: /etc/tls/private + - name: asb-etcd-auth + mountPath: /var/run/asb-etcd-auth ports: - containerPort: 1338 protocol: TCP @@ -249,7 +301,50 @@ scheme: HTTPS initialDelaySeconds: 15 timeoutSeconds: 1 + volumes: + - name: config-volume + configMap: + name: broker-config + items: + - key: broker-config + path: config.yaml + - name: asb-tls + secret: + secretName: asb-tls + - name: asb-etcd-auth + secret: + secretName: broker-etcd-auth-secret +- name: Create asb-etcd deployment config + oc_obj: + name: etcd + namespace: openshift-ansible-service-broker + state: present + kind: DeploymentConfig + content: + path: /tmp/dcout + data: + apiVersion: v1 + kind: DeploymentConfig + metadata: + name: asb-etcd + labels: + app: etcd + service: asb-etcd + spec: + replicas: 1 + selector: + app: etcd + strategy: + type: Rolling + template: + metadata: + labels: + app: etcd + service: asb-etcd + spec: + serviceAccount: asb + containers: - image: "{{ ansible_service_broker_etcd_image }}" name: etcd imagePullPolicy: IfNotPresent @@ -258,8 +353,12 @@ args: - "{{ ansible_service_broker_etcd_image_etcd_path }}" - "--data-dir=/data" - - "--listen-client-urls=http://0.0.0.0:2379" - - "--advertise-client-urls=http://0.0.0.0:2379" + - "--listen-client-urls=https://0.0.0.0:2379" + - "--advertise-client-urls=https://0.0.0.0:2379" + - "--client-cert-auth" + - "--trusted-ca-file=/var/run/etcd-auth-secret/ca.crt" + - "--cert-file=/etc/tls/private/tls.crt" + - "--key-file=/etc/tls/private/tls.key" ports: - containerPort: 2379 protocol: TCP @@ -267,21 +366,22 @@ - name: ETCDCTL_API value: "3" volumeMounts: - - mountPath: /data - name: etcd + - name: etcd + mountPath: /data + - name: etcd-tls + mountPath: /etc/tls/private + - name: etcd-auth + mountPath: /var/run/etcd-auth-secret volumes: - name: etcd persistentVolumeClaim: claimName: etcd - - name: config-volume - configMap: - name: broker-config - items: - - key: broker-config - path: config.yaml - - name: asb-tls + - name: etcd-tls secret: - secretName: asb-tls + secretName: etcd-tls + - name: etcd-auth + secret: + secretName: etcd-auth-secret # TODO: saw a oc_configmap in the library, but didn't understand how to get it to do the following: @@ -307,16 +407,19 @@ - type: {{ ansible_service_broker_registry_type }} name: {{ ansible_service_broker_registry_name }} url: {{ ansible_service_broker_registry_url }} - user: {{ ansible_service_broker_registry_user }} - pass: {{ ansible_service_broker_registry_password }} org: {{ ansible_service_broker_registry_organization }} tag: {{ ansible_service_broker_registry_tag }} white_list: {{ ansible_service_broker_registry_whitelist }} + - type: local_registry + namespaces: ['openshift'] + white_list: {{ ansible_service_broker_local_registry_whitelist }} dao: - etcd_host: 0.0.0.0 + etcd_host: asb-etcd.openshift-ansible-service-broker.svc etcd_port: 2379 + etcd_ca_file: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + etcd_client_cert: /var/run/asb-etcd-auth/client.crt + etcd_client_key: /var/run/asb-etcd-auth/client.key log: - logfile: /var/log/ansible-service-broker/asb.log stdout: true level: {{ ansible_service_broker_log_level }} color: true @@ -340,6 +443,15 @@ - type: basic enabled: false +- oc_secret: + name: asb-registry-auth + namespace: openshift-ansible-service-broker + state: present + contents: + - path: username + data: "{{ ansible_service_broker_registry_user }}" + - path: password + data: "{{ ansible_service_broker_registry_password }}" - name: Create the Broker resource in the catalog oc_obj: diff --git a/roles/ansible_service_broker/tasks/remove.yml b/roles/ansible_service_broker/tasks/remove.yml index 51b86fb26..a1ac740e0 100644 --- a/roles/ansible_service_broker/tasks/remove.yml +++ b/roles/ansible_service_broker/tasks/remove.yml @@ -46,18 +46,42 @@ resource_name: asb-access user: "system:serviceaccount:openshift-ansible-service-broker:asb-client" +- name: remove asb-registry auth secret + oc_secret: + state: absent + name: asb-registry-auth + namespace: openshift-ansible-service-broker + - name: remove asb-client token secret oc_secret: state: absent name: asb-client namespace: openshift-ansible-service-broker +- name: Remove etcd-auth secret + oc_secret: + state: absent + name: etcd-auth-secret + namespace: openshift-ansible-service-broker + +- name: Remove broker-etcd-auth secret + oc_secret: + state: absent + name: broker-etcd-auth-secret + namespace: openshift-ansible-service-broker + - name: remove ansible-service-broker service oc_service: name: asb namespace: openshift-ansible-service-broker state: absent +- name: remove asb-etcd service + oc_service: + state: absent + name: asb-etcd + namespace: openshift-ansible-service-broker + - name: remove etcd service oc_service: name: etcd @@ -83,6 +107,14 @@ kind: DeploymentConfig state: absent +- name: remove Ansible Service Broker etcd deployment config + oc_obj: + name: asb-etcd + namespace: openshift-ansible-service-broker + kind: DeploymentConfig + state: absent + + - name: remove secret for broker auth oc_obj: name: asb-client diff --git a/roles/ansible_service_broker/tasks/validate_facts.yml b/roles/ansible_service_broker/tasks/validate_facts.yml index 604d24e1d..a2345551b 100644 --- a/roles/ansible_service_broker/tasks/validate_facts.yml +++ b/roles/ansible_service_broker/tasks/validate_facts.yml @@ -1,11 +1,9 @@ --- - name: validate Dockerhub registry settings - fail: msg="To use the dockerhub registry, you must provide the ansible_service_broker_registry_user. ansible_service_broker_registry_password, and ansible_service_broker_registry_organization parameters" + fail: msg="To use the dockerhub registry, you must provide the ansible_service_broker_registry_organization" when: - ansible_service_broker_registry_type == 'dockerhub' - - not (ansible_service_broker_registry_user and - ansible_service_broker_registry_password and - ansible_service_broker_registry_organization) + - not ansible_service_broker_registry_organization - name: validate RHCC registry settings diff --git a/roles/ansible_service_broker/vars/default_images.yml b/roles/ansible_service_broker/vars/default_images.yml index 8438e993f..248e0363d 100644 --- a/roles/ansible_service_broker/vars/default_images.yml +++ b/roles/ansible_service_broker/vars/default_images.yml @@ -12,6 +12,6 @@ __ansible_service_broker_registry_name: dh __ansible_service_broker_registry_url: null __ansible_service_broker_registry_user: null __ansible_service_broker_registry_password: null -__ansible_service_broker_registry_organization: null +__ansible_service_broker_registry_organization: ansibleplaybookbundle __ansible_service_broker_registry_tag: latest __ansible_service_broker_registry_whitelist: [] diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index f6f2bd77e..c086c28df 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -33,3 +33,6 @@ r_crio_os_firewall_allow: openshift_docker_is_node_or_master: "{{ True if inventory_hostname in (groups['oo_masters_to_config']|default([])) or inventory_hostname in (groups['oo_nodes_to_config']|default([])) else False | bool }}" + +docker_alt_storage_path: /var/lib/containers/docker +docker_default_storage_path: /var/lib/docker diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 1539af53f..3c814d8d8 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -25,6 +25,15 @@ - not l_use_system_container - not l_use_crio_only +- name: Ensure /var/lib/containers exists + file: + path: /var/lib/containers + state: directory + +- name: Fix SELinux Permissions on /var/lib/containers + command: "restorecon -R /var/lib/containers/" + changed_when: false + - name: Use System Container Docker if Requested include: systemcontainer_docker.yml when: @@ -36,3 +45,48 @@ when: - l_use_crio - openshift_docker_is_node_or_master | bool + +- name: stat the docker data dir + stat: + path: "{{ docker_default_storage_path }}" + register: dockerstat + +- when: + - l_use_crio + - dockerstat.stat.islink is defined and not (dockerstat.stat.islink | bool) + block: + - name: stop the current running docker + systemd: + state: stopped + name: "{{ openshift.docker.service_name }}" + + - name: "Ensure {{ docker_alt_storage_path }} exists" + file: + path: "{{ docker_alt_storage_path }}" + state: directory + + - name: "Set the selinux context on {{ docker_alt_storage_path }}" + command: "semanage fcontext -a -e {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" + register: results + failed_when: + - results.rc == 1 + - "'already exists' not in results.stderr" + + - name: "restorecon the {{ docker_alt_storage_path }}" + command: "restorecon -r {{ docker_alt_storage_path }}" + + - name: Remove the old docker location + file: + state: absent + path: "{{ docker_default_storage_path }}" + + - name: Setup the link + file: + state: link + src: "{{ docker_alt_storage_path }}" + path: "{{ docker_default_storage_path }}" + + - name: start docker + systemd: + state: started + name: "{{ openshift.docker.service_name }}" diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 67ede0d21..1e2d64293 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -170,10 +170,6 @@ dest: /etc/cni/net.d/openshift-sdn.conf src: 80-openshift-sdn.conf.j2 -- name: Fix SELinux Permissions on /var/lib/containers - command: "restorecon -R /var/lib/containers/" - changed_when: false - - name: Start the CRI-O service systemd: name: "cri-o" diff --git a/roles/lib_openshift/library/oc_storageclass.py b/roles/lib_openshift/library/oc_storageclass.py index e88f3ae8d..7e7d0fa60 100644 --- a/roles/lib_openshift/library/oc_storageclass.py +++ b/roles/lib_openshift/library/oc_storageclass.py @@ -1664,7 +1664,7 @@ def main(): name=dict(default=None, type='str'), annotations=dict(default=None, type='dict'), parameters=dict(default=None, type='dict'), - provisioner=dict(required=True, type='str', choices=['aws-ebs', 'gce-pd', 'glusterfs', 'cinder']), + provisioner=dict(required=True, type='str'), api_version=dict(default='v1', type='str'), default_storage_class=dict(default="false", type='str'), ), diff --git a/roles/lib_openshift/src/ansible/oc_storageclass.py b/roles/lib_openshift/src/ansible/oc_storageclass.py index e9f3ebbd3..a8f371661 100644 --- a/roles/lib_openshift/src/ansible/oc_storageclass.py +++ b/roles/lib_openshift/src/ansible/oc_storageclass.py @@ -14,7 +14,7 @@ def main(): name=dict(default=None, type='str'), annotations=dict(default=None, type='dict'), parameters=dict(default=None, type='dict'), - provisioner=dict(required=True, type='str', choices=['aws-ebs', 'gce-pd', 'glusterfs', 'cinder']), + provisioner=dict(required=True, type='str'), api_version=dict(default='v1', type='str'), default_storage_class=dict(default="false", type='str'), ), diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml index 21da6b953..410b739e9 100644 --- a/roles/nuage_master/handlers/main.yaml +++ b/roles/nuage_master/handlers/main.yaml @@ -7,8 +7,13 @@ openshift.master.cluster_method == 'native' # TODO: need to fix up ignore_errors here +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: > (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index fad1ff5de..587526d07 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -106,6 +106,36 @@ delegate_to: "{{ openshift_ca_host }}" run_once: true +# Create client-ca-bundle.crt containing old and new OpenShift CA +# certificates. This bundle will be used when rolling the OpenShift CA +# certificate. +- name: Create client-ca-bundle.crt + block: + - command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: openshift_ca_clientconfig_tmpdir + delegate_to: "{{ openshift_ca_host }}" + - copy: + src: "{{ item }}" + dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/" + remote_src: true + with_items: "{{ g_master_legacy_ca_result.files | default([]) | oo_collect('path') }}" + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - copy: + src: "{{ openshift_ca_config_dir }}/ca.crt" + dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/" + remote_src: true + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - assemble: + src: "{{ openshift_ca_clientconfig_tmpdir.stdout }}" + dest: "{{ openshift_ca_config_dir }}/client-ca-bundle.crt" + mode: 0644 + owner: root + group: root + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - name: Test local loopback context command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} config view diff --git a/roles/openshift_cli/library/openshift_container_binary_sync.py b/roles/openshift_cli/library/openshift_container_binary_sync.py index b40c49701..08045794a 100644 --- a/roles/openshift_cli/library/openshift_container_binary_sync.py +++ b/roles/openshift_cli/library/openshift_container_binary_sync.py @@ -36,7 +36,7 @@ class BinarySyncer(object): self.changed = False self.output = [] self.bin_dir = '/usr/local/bin' - self.image = image + self._image = image self.tag = tag self.backend = backend self.temp_dir = None # TBD @@ -142,6 +142,33 @@ class BinarySyncer(object): self.output.append("Moved %s to %s." % (src_path, dest_path)) self.changed = True + @property + def raw_image(self): + """ + Returns the image as it was originally passed in to the instance. + + .. note:: + This image string will only work directly with the atomic command. + + :returns: The original image passed in. + :rtype: str + """ + return self._image + + @property + def image(self): + """ + Returns the image without atomic prefixes used to map to skopeo args. + + :returns: The image string without prefixes + :rtype: str + """ + image = self._image + for remove in ('oci:', 'http:', 'https:'): + if image.startswith(remove): + image = image.replace(remove, '') + return image + def main(): module = AnsibleModule( # noqa: F405 diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index fc4b56bbf..e623b33f3 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -10,10 +10,12 @@ content_version: "{{ openshift.common.examples_content_version }}" examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples" image_streams_base: "{{ examples_base }}/image-streams" -centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" +centos_image_streams: + - "{{ image_streams_base }}/image-streams-centos7.json" + - "{{ image_streams_base }}/dotnet_imagestreams_centos.json" rhel_image_streams: - - "{{ image_streams_base}}/image-streams-rhel7.json" - - "{{ image_streams_base}}/dotnet_imagestreams.json" + - "{{ image_streams_base }}/image-streams-rhel7.json" + - "{{ image_streams_base }}/dotnet_imagestreams.json" db_templates_base: "{{ examples_base }}/db-templates" xpaas_image_streams: "{{ examples_base }}/xpaas-streams/" xpaas_templates_base: "{{ examples_base }}/xpaas-templates" diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index 1a14c32f5..595190006 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -38,6 +38,7 @@ find 3scale-amp-openshift-templates-${RHAMP_TAG}/ -name '*.yml' -exec mv {} ${EX popd wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams.json +wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams_centos.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams_centos.json wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-example.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-example.json wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-pgsql-persistent.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-pgsql-persistent.json wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-runtime-example.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-runtime-example.json diff --git a/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json index 0bb56452b..af66b9ea4 100644 --- a/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json @@ -31,6 +31,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.1" } }, { @@ -44,6 +48,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2" } }, { @@ -56,6 +64,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.3" } } ] @@ -84,6 +96,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.1" } }, { @@ -97,6 +113,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.2" } }, { @@ -109,6 +129,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.3" } } ] @@ -137,6 +161,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.0" } } ] @@ -165,6 +193,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.0" } } ] @@ -194,6 +226,10 @@ "sampleRef": "6.4.x", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.1" } }, { @@ -208,6 +244,10 @@ "sampleRef": "6.4.x", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.2" } }, { @@ -222,6 +262,10 @@ "sampleRef": "6.4.x", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.3" } }, { @@ -236,6 +280,10 @@ "sampleRef": "6.4.x", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.4" } }, { @@ -248,7 +296,12 @@ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", - "version": "1.5" + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.5" } } ] @@ -278,6 +331,10 @@ "sampleRef": "7.0.0.GA", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.3" } }, { @@ -292,6 +349,10 @@ "sampleRef": "7.0.0.GA", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.4" } }, { @@ -304,7 +365,44 @@ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "7.0.0.GA", - "version": "1.5" + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.5" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-eap71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss EAP 7.1" + } + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-eap-7/eap71-openshift", + "tags": [ + { + "name": "1.0-TP", + "annotations": { + "description": "JBoss EAP 7.1 Tech Preview.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:7.1,javaee:7,java:8,xpaas:1.0", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7-tech-preview/eap71-openshift:1.0" } } ] @@ -334,6 +432,10 @@ "sampleRef": "1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift:1.2" } } ] @@ -363,6 +465,10 @@ "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.3" } }, { @@ -375,7 +481,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.4" } } ] @@ -400,7 +511,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.0" } } ] @@ -430,6 +546,10 @@ "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.3" } }, { @@ -442,7 +562,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.4" } } ] @@ -467,7 +592,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.0" } } ] @@ -494,6 +624,10 @@ "supports": "datagrid:6.5,xpaas:1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.2" } }, { @@ -505,6 +639,10 @@ "supports": "datagrid:6.5,xpaas:1.4", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.3" } }, { @@ -514,7 +652,42 @@ "iconClass": "icon-jboss", "tags": "datagrid,jboss,xpaas", "supports":"datagrid:6.5,xpaas:1.4", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.4" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + } + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 S2I images.", + "iconClass": "icon-jboss", + "tags": "datagrid,jboss,xpaas", + "supports": "datagrid:7.1,xpaas:1.0", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.0" } } ] @@ -540,6 +713,39 @@ "tags": "client,jboss,xpaas", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-client-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP" + } + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 Client Modules for EAP.", + "iconClass": "icon-jboss", + "tags": "client,jboss,xpaas", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift:1.0" } } ] @@ -566,6 +772,10 @@ "supports": "datavirt:6.3,xpaas:1.4", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.0" } }, { @@ -577,6 +787,10 @@ "supports": "datavirt:6.3,xpaas:1.4", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.1" } }, { @@ -586,7 +800,12 @@ "iconClass": "icon-jboss", "tags": "datavirt,jboss,xpaas", "supports":"datavirt:6.3,xpaas:1.4", - "version": "1.2" + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.2" } } ] @@ -612,6 +831,10 @@ "tags": "client,jboss,xpaas", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.0" } } ] @@ -638,6 +861,10 @@ "supports": "amq:6.2,messaging,xpaas:1.1", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.1" } }, { @@ -649,6 +876,10 @@ "supports": "amq:6.2,messaging,xpaas:1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.2" } }, { @@ -660,6 +891,10 @@ "supports": "amq:6.2,messaging,xpaas:1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.3" } }, { @@ -669,7 +904,27 @@ "iconClass": "icon-jboss", "tags": "messaging,amq,jboss,xpaas", "supports":"amq:6.2,messaging,xpaas:1.4", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.4" + } + }, + { + "name": "1.5", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "supports":"amq:6.2,messaging,xpaas:1.5", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.5" } } ] @@ -696,6 +951,25 @@ "supports": "amq:6.3,messaging,xpaas:1.0", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss A-MQ 6.3 broker image.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "supports": "amq:6.3,messaging,xpaas:1.1", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.1" } } ] @@ -723,6 +997,10 @@ "supports": "sso:7.0,xpaas:1.3", "version": "1.3", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.3" } }, { @@ -734,6 +1012,10 @@ "supports": "sso:7.0,xpaas:1.4", "version": "1.4", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.4" } } ] @@ -761,6 +1043,10 @@ "supports": "sso:7.1,xpaas:1.4", "version": "1.0", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.0" } }, { @@ -772,6 +1058,10 @@ "supports": "sso:7.1,xpaas:1.4", "version": "1.1", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1" } } ] @@ -800,6 +1090,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.0" } }, { @@ -813,6 +1107,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.1" } } ] diff --git a/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json b/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json new file mode 100644 index 000000000..79afc355b --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json @@ -0,0 +1,104 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .NET Core on CentOS" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core Builder Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0", + "description": "Build and run .NET Core 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnet20", + "supports":"dotnet:2.0,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-runtime", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime (Latest)", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core Runtime available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0 Runtime", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-runtime-centos7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json index 0aad7fae6..af66b9ea4 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json @@ -31,6 +31,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.1" } }, { @@ -44,6 +48,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2" } }, { @@ -56,6 +64,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.3" } } ] @@ -84,6 +96,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.1" } }, { @@ -97,6 +113,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.2" } }, { @@ -109,6 +129,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.3" } } ] @@ -137,6 +161,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.0" } } ] @@ -165,6 +193,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.0" } } ] @@ -194,6 +226,10 @@ "sampleRef": "6.4.x", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.1" } }, { @@ -208,6 +244,10 @@ "sampleRef": "6.4.x", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.2" } }, { @@ -222,6 +262,10 @@ "sampleRef": "6.4.x", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.3" } }, { @@ -236,6 +280,10 @@ "sampleRef": "6.4.x", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.4" } }, { @@ -248,7 +296,12 @@ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", - "version": "1.5" + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.5" } } ] @@ -278,6 +331,10 @@ "sampleRef": "7.0.0.GA", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.3" } }, { @@ -292,6 +349,10 @@ "sampleRef": "7.0.0.GA", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.4" } }, { @@ -304,7 +365,12 @@ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "7.0.0.GA", - "version": "1.5" + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.5" } } ] @@ -366,6 +432,10 @@ "sampleRef": "1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift:1.2" } } ] @@ -395,6 +465,10 @@ "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.3" } }, { @@ -407,7 +481,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.4" } } ] @@ -432,7 +511,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.0" } } ] @@ -462,6 +546,10 @@ "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.3" } }, { @@ -474,7 +562,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.4" } } ] @@ -499,7 +592,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.0" } } ] @@ -526,6 +624,10 @@ "supports": "datagrid:6.5,xpaas:1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.2" } }, { @@ -537,6 +639,10 @@ "supports": "datagrid:6.5,xpaas:1.4", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.3" } }, { @@ -546,7 +652,12 @@ "iconClass": "icon-jboss", "tags": "datagrid,jboss,xpaas", "supports":"datagrid:6.5,xpaas:1.4", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.4" } } ] @@ -573,6 +684,10 @@ "supports": "datagrid:7.1,xpaas:1.0", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.0" } } ] @@ -598,6 +713,10 @@ "tags": "client,jboss,xpaas", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.0" } } ] @@ -623,6 +742,10 @@ "tags": "client,jboss,xpaas", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift:1.0" } } ] @@ -649,6 +772,10 @@ "supports": "datavirt:6.3,xpaas:1.4", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.0" } }, { @@ -660,6 +787,10 @@ "supports": "datavirt:6.3,xpaas:1.4", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.1" } }, { @@ -669,7 +800,12 @@ "iconClass": "icon-jboss", "tags": "datavirt,jboss,xpaas", "supports":"datavirt:6.3,xpaas:1.4", - "version": "1.2" + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.2" } } ] @@ -695,6 +831,10 @@ "tags": "client,jboss,xpaas", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.0" } } ] @@ -721,6 +861,10 @@ "supports": "amq:6.2,messaging,xpaas:1.1", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.1" } }, { @@ -732,6 +876,10 @@ "supports": "amq:6.2,messaging,xpaas:1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.2" } }, { @@ -743,6 +891,10 @@ "supports": "amq:6.2,messaging,xpaas:1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.3" } }, { @@ -752,7 +904,12 @@ "iconClass": "icon-jboss", "tags": "messaging,amq,jboss,xpaas", "supports":"amq:6.2,messaging,xpaas:1.4", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.4" } }, { @@ -762,7 +919,12 @@ "iconClass": "icon-jboss", "tags": "messaging,amq,jboss,xpaas", "supports":"amq:6.2,messaging,xpaas:1.5", - "version": "1.5" + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.5" } } ] @@ -789,6 +951,10 @@ "supports": "amq:6.3,messaging,xpaas:1.0", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.0" } }, { @@ -800,6 +966,10 @@ "supports": "amq:6.3,messaging,xpaas:1.1", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.1" } } ] @@ -827,6 +997,10 @@ "supports": "sso:7.0,xpaas:1.3", "version": "1.3", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.3" } }, { @@ -838,6 +1012,10 @@ "supports": "sso:7.0,xpaas:1.4", "version": "1.4", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.4" } } ] @@ -865,6 +1043,10 @@ "supports": "sso:7.1,xpaas:1.4", "version": "1.0", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.0" } }, { @@ -876,6 +1058,10 @@ "supports": "sso:7.1,xpaas:1.4", "version": "1.1", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1" } } ] @@ -904,6 +1090,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.0" } }, { @@ -917,6 +1107,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.1" } } ] diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index 1a4562776..356317431 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -63,8 +63,10 @@ - name: Import Centos Image streams command: > - {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig -n openshift -f {{ centos_image_streams }} + {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig -n openshift -f {{ item }} when: openshift_examples_load_centos | bool + with_items: + - "{{ centos_image_streams }}" register: oex_import_centos_streams failed_when: "'already exists' not in oex_import_centos_streams.stderr and oex_import_centos_streams.rc != 0" changed_when: false diff --git a/roles/openshift_hosted/tasks/router.yml b/roles/openshift_hosted/tasks/router.yml index 2aceef9e4..dd7053656 100644 --- a/roles/openshift_hosted/tasks/router.yml +++ b/roles/openshift_hosted/tasks/router.yml @@ -29,7 +29,9 @@ src: "{{ item }}" with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" - when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} + when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} or + ( openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length > 0 ) + # This is for when we desire a cluster signed cert # The certificate is generated and placed in master_config_dir/ @@ -42,8 +44,8 @@ hostnames: - "{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" - "*.{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" - cert: "{{ ('/etc/origin/master/' ~ (item.certificate.certfile | basename)) if 'certfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.crt') }}" - key: "{{ ('/etc/origin/master/' ~ (item.certificate.keyfile | basename)) if 'keyfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.key') }}" + cert: "{{ openshift_master_config_dir ~ '/openshift-router.crt' }}" + key: "{{ openshift_master_config_dir ~ '/openshift-router.key' }}" with_items: "{{ openshift_hosted_routers }}" - name: set the openshift_hosted_router_certificate @@ -55,6 +57,7 @@ when: - openshift_hosted_router_create_certificate | bool - openshift_hosted_router_certificate == {} + - openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length == 0 - name: Create the router service account(s) oc_serviceaccount: diff --git a/roles/openshift_hosted_metrics/handlers/main.yml b/roles/openshift_hosted_metrics/handlers/main.yml index ce7688581..88b893448 100644 --- a/roles/openshift_hosted_metrics/handlers/main.yml +++ b/roles/openshift_hosted_metrics/handlers/main.yml @@ -4,8 +4,13 @@ when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server diff --git a/roles/openshift_logging/handlers/main.yml b/roles/openshift_logging/handlers/main.yml index ce7688581..acc838bd1 100644 --- a/roles/openshift_logging/handlers/main.yml +++ b/roles/openshift_logging/handlers/main.yml @@ -4,8 +4,13 @@ when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "{{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index d5094c2c9..f88c4a7dc 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -9,10 +9,13 @@ notify: - Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: - name: "{{ openshift.common.service_type }}-master-controllers" - state: restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: - not (master_controllers_service_status_changed | default(false) | bool) - openshift.master.cluster_method == 'native' diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py index a4f410296..97a5179e0 100644 --- a/roles/openshift_master_facts/filter_plugins/openshift_master.py +++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py @@ -326,10 +326,8 @@ class IdentityProviderOauthBase(IdentityProviderBase): self._required += [['clientID', 'client_id'], ['clientSecret', 'client_secret']] def validate(self): - ''' validate this idp instance ''' - if self.challenge: - raise errors.AnsibleFilterError("|failed provider {0} does not " - "allow challenge authentication".format(self.__class__.__name__)) + ''' validate an instance of this idp class ''' + pass class OpenIDIdentityProvider(IdentityProviderOauthBase): @@ -428,6 +426,12 @@ class GoogleIdentityProvider(IdentityProviderOauthBase): IdentityProviderOauthBase.__init__(self, api_version, idp) self._optional += [['hostedDomain', 'hosted_domain']] + def validate(self): + ''' validate this idp instance ''' + if self.challenge: + raise errors.AnsibleFilterError("|failed provider {0} does not " + "allow challenge authentication".format(self.__class__.__name__)) + class GitHubIdentityProvider(IdentityProviderOauthBase): """ GitHubIdentityProvider @@ -446,6 +450,12 @@ class GitHubIdentityProvider(IdentityProviderOauthBase): self._optional += [['organizations'], ['teams']] + def validate(self): + ''' validate this idp instance ''' + if self.challenge: + raise errors.AnsibleFilterError("|failed provider {0} does not " + "allow challenge authentication".format(self.__class__.__name__)) + class FilterModule(object): ''' Custom ansible filters for use by the openshift_master role''' @@ -510,7 +520,7 @@ class FilterModule(object): 'master.kubelet-client.crt', 'master.kubelet-client.key'] if bool(include_ca): - certs += ['ca.crt', 'ca.key', 'ca-bundle.crt'] + certs += ['ca.crt', 'ca.key', 'ca-bundle.crt', 'client-ca-bundle.crt'] if bool(include_keys): certs += ['serviceaccounts.private.key', 'serviceaccounts.public.key'] diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml index ce7688581..88b893448 100644 --- a/roles/openshift_metrics/handlers/main.yml +++ b/roles/openshift_metrics/handlers/main.yml @@ -4,8 +4,13 @@ when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server diff --git a/roles/openshift_prometheus/tasks/main.yaml b/roles/openshift_prometheus/tasks/main.yaml index 332104d77..5cc9a67eb 100644 --- a/roles/openshift_prometheus/tasks/main.yaml +++ b/roles/openshift_prometheus/tasks/main.yaml @@ -2,20 +2,9 @@ - name: Set default image variables based on deployment_type include_vars: "{{ item }}" with_first_found: - - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "{{ openshift_deployment_type }}.yml" - "default_images.yml" -- name: Set image facts - set_fact: - openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default(__openshift_prometheus_image_prefix) }}" - openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default(__openshift_prometheus_image_version) }}" - openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(openshift_prometheus_image_prefix) }}" - openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default(__openshift_prometheus_proxy_image_version) }}" - openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(openshift_prometheus_image_prefix) }}" - openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default(__openshift_prometheus_alertmanager_image_version) }}" - openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(openshift_prometheus_image_prefix) }}" - openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default(__openshift_prometheus_alertbuffer_image_version) }}" - - name: Create temp directory for doing work in on target command: mktemp -td openshift-prometheus-ansible-XXXXXX register: mktemp diff --git a/roles/openshift_prometheus/templates/prometheus.j2 b/roles/openshift_prometheus/templates/prometheus.j2 index 916c57aa2..456db3a57 100644 --- a/roles/openshift_prometheus/templates/prometheus.j2 +++ b/roles/openshift_prometheus/templates/prometheus.j2 @@ -23,28 +23,28 @@ spec: {% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %} nodeSelector: {% for key, value in openshift_prometheus_node_selector.iteritems() %} - {{key}}: "{{value}}" + {{ key }}: "{{ value }}" {% endfor %} {% endif %} containers: # Deploy Prometheus behind an oauth proxy - name: prom-proxy - image: "{{openshift_prometheus_proxy_image_prefix}}oauth-proxy:{{openshift_prometheus_proxy_image_version}}" + image: "{{ l_openshift_prometheus_proxy_image_prefix }}oauth-proxy:{{ l_openshift_prometheus_proxy_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_requests }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_limit }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_limit }}" {% endif %} ports: - containerPort: 8443 @@ -79,22 +79,22 @@ spec: - --storage.tsdb.min-block-duration=2m - --config.file=/etc/prometheus/prometheus.yml - --web.listen-address=localhost:9090 - image: "{{openshift_prometheus_image_prefix}}prometheus:{{openshift_prometheus_image_version}}" + image: "{{ l_openshift_prometheus_image_prefix }}prometheus:{{ l_openshift_prometheus_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_memory_requests is defined and openshift_prometheus_memory_requests is not none %} - memory: "{{openshift_prometheus_memory_requests}}" + memory: "{{ openshift_prometheus_memory_requests }}" {% endif %} {% if openshift_prometheus_cpu_requests is defined and openshift_prometheus_cpu_requests is not none %} - cpu: "{{openshift_prometheus_cpu_requests}}" + cpu: "{{ openshift_prometheus_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_memory_limit is defined and openshift_prometheus_memory_limit is not none %} memory: "{{ openshift_prometheus_memory_limit }}" {% endif %} {% if openshift_prometheus_cpu_limit is defined and openshift_prometheus_cpu_limit is not none %} - cpu: "{{openshift_prometheus_cpu_limit}}" + cpu: "{{ openshift_prometheus_cpu_limit }}" {% endif %} volumeMounts: @@ -105,22 +105,22 @@ spec: # Deploy alertmanager behind prometheus-alert-buffer behind an oauth proxy - name: alerts-proxy - image: "{{openshift_prometheus_proxy_image_prefix}}oauth-proxy:{{openshift_prometheus_proxy_image_version}}" + image: "{{ l_openshift_prometheus_proxy_image_prefix }}oauth-proxy:{{ l_openshift_prometheus_proxy_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_requests }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_limit }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_limit }}" {% endif %} ports: - containerPort: 9443 @@ -149,22 +149,22 @@ spec: - name: alert-buffer args: - --storage-path=/alert-buffer/messages.db - image: "{{openshift_prometheus_alertbuffer_image_prefix}}prometheus-alert-buffer:{{openshift_prometheus_alertbuffer_image_version}}" + image: "{{ l_openshift_prometheus_alertbuffer_image_prefix }}prometheus-alert-buffer:{{ l_openshift_prometheus_alertbuffer_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_alertbuffer_memory_requests is defined and openshift_prometheus_alertbuffer_memory_requests is not none %} - memory: "{{openshift_prometheus_alertbuffer_memory_requests}}" + memory: "{{ openshift_prometheus_alertbuffer_memory_requests }}" {% endif %} {% if openshift_prometheus_alertbuffer_cpu_requests is defined and openshift_prometheus_alertbuffer_cpu_requests is not none %} - cpu: "{{openshift_prometheus_alertbuffer_cpu_requests}}" + cpu: "{{ openshift_prometheus_alertbuffer_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_alertbuffer_memory_limit is defined and openshift_prometheus_alertbuffer_memory_limit is not none %} - memory: "{{openshift_prometheus_alertbuffer_memory_limit}}" + memory: "{{ openshift_prometheus_alertbuffer_memory_limit }}" {% endif %} {% if openshift_prometheus_alertbuffer_cpu_limit is defined and openshift_prometheus_alertbuffer_cpu_limit is not none %} - cpu: "{{openshift_prometheus_alertbuffer_cpu_limit}}" + cpu: "{{ openshift_prometheus_alertbuffer_cpu_limit }}" {% endif %} volumeMounts: - mountPath: /alert-buffer @@ -176,22 +176,22 @@ spec: - name: alertmanager args: - -config.file=/etc/alertmanager/alertmanager.yml - image: "{{openshift_prometheus_alertmanager_image_prefix}}prometheus-alertmanager:{{openshift_prometheus_alertmanager_image_version}}" + image: "{{ l_openshift_prometheus_alertmanager_image_prefix }}prometheus-alertmanager:{{ l_openshift_prometheus_alertmanager_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_alertmanager_memory_requests is defined and openshift_prometheus_alertmanager_memory_requests is not none %} - memory: "{{openshift_prometheus_alertmanager_memory_requests}}" + memory: "{{ openshift_prometheus_alertmanager_memory_requests }}" {% endif %} {% if openshift_prometheus_alertmanager_cpu_requests is defined and openshift_prometheus_alertmanager_cpu_requests is not none %} - cpu: "{{openshift_prometheus_alertmanager_cpu_requests}}" + cpu: "{{ openshift_prometheus_alertmanager_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_alertmanager_memory_limit is defined and openshift_prometheus_alertmanager_memory_limit is not none %} - memory: "{{openshift_prometheus_alertmanager_memory_limit}}" + memory: "{{ openshift_prometheus_alertmanager_memory_limit }}" {% endif %} {% if openshift_prometheus_alertmanager_cpu_limit is defined and openshift_prometheus_alertmanager_cpu_limit is not none %} - cpu: "{{openshift_prometheus_alertmanager_cpu_limit}}" + cpu: "{{ openshift_prometheus_alertmanager_cpu_limit }}" {% endif %} ports: - containerPort: 9093 diff --git a/roles/openshift_prometheus/vars/default_images.yml b/roles/openshift_prometheus/vars/default_images.yml index 4092eb2d4..ad52a3125 100644 --- a/roles/openshift_prometheus/vars/default_images.yml +++ b/roles/openshift_prometheus/vars/default_images.yml @@ -1,7 +1,12 @@ --- -# image defaults -__openshift_prometheus_image_prefix: "openshift/" -__openshift_prometheus_image_version: "v2.0.0-dev.3" -__openshift_prometheus_proxy_image_version: "v1.0.0" -__openshift_prometheus_alertmanager_image_version: "v0.9.1" -__openshift_prometheus_alertbuffer_image_version: "v0.0.2" +# image prefix defaults +l_openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default('openshift/') }}" +l_openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}" + +# image version defaults +l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v2.0.0-dev.3') }}" +l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v1.0.0') }}" +l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v0.9.1') }}" +l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v0.0.2') }}" diff --git a/roles/openshift_prometheus/vars/openshift-enterprise.yml b/roles/openshift_prometheus/vars/openshift-enterprise.yml index 0b45e03d3..9bb4c99bb 100644 --- a/roles/openshift_prometheus/vars/openshift-enterprise.yml +++ b/roles/openshift_prometheus/vars/openshift-enterprise.yml @@ -1,7 +1,12 @@ --- -# image defaults -__openshift_prometheus_image_prefix: "registry.access.redhat.com/openshift3/" -__openshift_prometheus_image_version: "v3.7" -__openshift_prometheus_proxy_image_version: "v3.7" -__openshift_prometheus_alertmanager_image_version: "v3.7" -__openshift_prometheus_alertbuffer_image_version: "v3.7" +# image prefix defaults +l_openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +l_openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}" + +# image version defaults +l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v3.7') }}" +l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v3.7') }}" +l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v3.7') }}" +l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v3.7') }}" diff --git a/roles/template_service_broker/tasks/install.yml b/roles/template_service_broker/tasks/install.yml index 6a532a206..a78e4825b 100644 --- a/roles/template_service_broker/tasks/install.yml +++ b/roles/template_service_broker/tasks/install.yml @@ -45,7 +45,7 @@ oc process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" --param API_SERVER_CONFIG="{{ config['content'] | b64decode }}" --param IMAGE="{{ template_service_broker_prefix }}{{ template_service_broker_image_name }}:{{ template_service_broker_version }}" - | kubectl apply -f - + | {{ openshift.common.client_binary }} apply -f - # reconcile with rbac - name: Reconcile with RBAC file |