summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.tito/packages/openshift-ansible2
-rw-r--r--inventory/byo/hosts.byo.glusterfs.external.example4
-rw-r--r--inventory/byo/hosts.byo.glusterfs.mixed.example4
-rw-r--r--inventory/byo/hosts.byo.glusterfs.native.example4
-rw-r--r--inventory/byo/hosts.byo.glusterfs.registry-only.example4
-rw-r--r--inventory/byo/hosts.byo.glusterfs.storage-and-registry.example4
-rw-r--r--openshift-ansible.spec21
-rw-r--r--playbooks/byo/openshift-cluster/redeploy-certificates.yml4
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml14
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml2
-rw-r--r--playbooks/common/openshift-master/revert-client-ca.yml17
-rw-r--r--playbooks/common/openshift-master/scaleup.yml7
-rw-r--r--playbooks/common/openshift-master/tasks/wire_aggregator.yml7
-rw-r--r--roles/ansible_service_broker/defaults/main.yml1
-rw-r--r--roles/ansible_service_broker/tasks/generate_certs.yml35
-rw-r--r--roles/ansible_service_broker/tasks/install.yml144
-rw-r--r--roles/ansible_service_broker/tasks/remove.yml32
-rw-r--r--roles/ansible_service_broker/tasks/validate_facts.yml6
-rw-r--r--roles/ansible_service_broker/vars/default_images.yml2
-rw-r--r--roles/docker/defaults/main.yml3
-rw-r--r--roles/docker/tasks/main.yml54
-rw-r--r--roles/docker/tasks/systemcontainer_crio.yml4
-rw-r--r--roles/lib_openshift/library/oc_storageclass.py2
-rw-r--r--roles/lib_openshift/src/ansible/oc_storageclass.py2
-rw-r--r--roles/nuage_master/handlers/main.yaml7
-rw-r--r--roles/openshift_ca/tasks/main.yml30
-rw-r--r--roles/openshift_cli/library/openshift_container_binary_sync.py29
-rw-r--r--roles/openshift_examples/defaults/main.yml8
-rwxr-xr-xroles/openshift_examples/examples-sync.sh1
-rw-r--r--roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json316
-rw-r--r--roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json104
-rw-r--r--roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json214
-rw-r--r--roles/openshift_examples/tasks/main.yml4
-rw-r--r--roles/openshift_hosted/tasks/router.yml9
-rw-r--r--roles/openshift_hosted_metrics/handlers/main.yml7
-rw-r--r--roles/openshift_logging/handlers/main.yml7
-rw-r--r--roles/openshift_master/handlers/main.yml9
-rw-r--r--roles/openshift_master_facts/filter_plugins/openshift_master.py20
-rw-r--r--roles/openshift_metrics/handlers/main.yml7
-rw-r--r--roles/openshift_prometheus/tasks/main.yaml13
-rw-r--r--roles/openshift_prometheus/templates/prometheus.j250
-rw-r--r--roles/openshift_prometheus/vars/default_images.yml17
-rw-r--r--roles/openshift_prometheus/vars/openshift-enterprise.yml17
-rw-r--r--roles/template_service_broker/tasks/install.yml2
44 files changed, 1124 insertions, 126 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible
index 8ab4493f6..4e4490141 100644
--- a/.tito/packages/openshift-ansible
+++ b/.tito/packages/openshift-ansible
@@ -1 +1 @@
-3.7.0-0.195.0 ./
+3.7.0-0.197.0 ./
diff --git a/inventory/byo/hosts.byo.glusterfs.external.example b/inventory/byo/hosts.byo.glusterfs.external.example
index 5a284ce97..acf68266e 100644
--- a/inventory/byo/hosts.byo.glusterfs.external.example
+++ b/inventory/byo/hosts.byo.glusterfs.external.example
@@ -19,6 +19,7 @@
[OSEv3:children]
masters
nodes
+etcd
# Specify there will be GlusterFS nodes
glusterfs
@@ -39,6 +40,9 @@ node0 openshift_schedulable=True
node1 openshift_schedulable=True
node2 openshift_schedulable=True
+[etcd]
+master
+
# Specify the glusterfs group, which contains the nodes of the external
# GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname"
# and "glusterfs_devices" variables defined.
diff --git a/inventory/byo/hosts.byo.glusterfs.mixed.example b/inventory/byo/hosts.byo.glusterfs.mixed.example
index d16df6470..a559dc377 100644
--- a/inventory/byo/hosts.byo.glusterfs.mixed.example
+++ b/inventory/byo/hosts.byo.glusterfs.mixed.example
@@ -19,6 +19,7 @@
[OSEv3:children]
masters
nodes
+etcd
# Specify there will be GlusterFS nodes
glusterfs
@@ -42,6 +43,9 @@ node0 openshift_schedulable=True
node1 openshift_schedulable=True
node2 openshift_schedulable=True
+[etcd]
+master
+
# Specify the glusterfs group, which contains the nodes of the external
# GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname"
# and "glusterfs_devices" variables defined.
diff --git a/inventory/byo/hosts.byo.glusterfs.native.example b/inventory/byo/hosts.byo.glusterfs.native.example
index c1a1f6f84..ca4765c53 100644
--- a/inventory/byo/hosts.byo.glusterfs.native.example
+++ b/inventory/byo/hosts.byo.glusterfs.native.example
@@ -16,6 +16,7 @@
[OSEv3:children]
masters
nodes
+etcd
# Specify there will be GlusterFS nodes
glusterfs
@@ -34,6 +35,9 @@ node0 openshift_schedulable=True
node1 openshift_schedulable=True
node2 openshift_schedulable=True
+[etcd]
+master
+
# Specify the glusterfs group, which contains the nodes that will host
# GlusterFS storage pods. At a minimum, each node must have a
# "glusterfs_devices" variable defined. This variable is a list of block
diff --git a/inventory/byo/hosts.byo.glusterfs.registry-only.example b/inventory/byo/hosts.byo.glusterfs.registry-only.example
index 31a85ee42..32040f593 100644
--- a/inventory/byo/hosts.byo.glusterfs.registry-only.example
+++ b/inventory/byo/hosts.byo.glusterfs.registry-only.example
@@ -20,6 +20,7 @@
[OSEv3:children]
masters
nodes
+etcd
# Specify there will be GlusterFS nodes
glusterfs_registry
@@ -40,6 +41,9 @@ node0 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
node1 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
node2 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
+[etcd]
+master
+
# Specify the glusterfs group, which contains the nodes that will host
# GlusterFS storage pods. At a minimum, each node must have a
# "glusterfs_devices" variable defined. This variable is a list of block
diff --git a/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example
index 54bd89ddc..9bd37cbf6 100644
--- a/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example
+++ b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example
@@ -20,6 +20,7 @@
[OSEv3:children]
masters
nodes
+etcd
# Specify there will be GlusterFS nodes
glusterfs
glusterfs_registry
@@ -46,6 +47,9 @@ node3 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
node4 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
node5 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True
+[etcd]
+master
+
# Specify the glusterfs group, which contains the nodes that will host
# GlusterFS storage pods. At a minimum, each node must have a
# "glusterfs_devices" variable defined. This variable is a list of block
diff --git a/openshift-ansible.spec b/openshift-ansible.spec
index ba4605efc..b8944d0ae 100644
--- a/openshift-ansible.spec
+++ b/openshift-ansible.spec
@@ -10,7 +10,7 @@
Name: openshift-ansible
Version: 3.7.0
-Release: 0.195.0%{?dist}
+Release: 0.197.0%{?dist}
Summary: Openshift and Atomic Enterprise Ansible
License: ASL 2.0
URL: https://github.com/openshift/openshift-ansible
@@ -285,6 +285,25 @@ Atomic OpenShift Utilities includes
%changelog
+* Tue Nov 07 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.197.0
+- Temporarily set master servingInfo.clientCA as client-ca-bundle.crt during
+ rolling CA redeployment. (abutcher@redhat.com)
+- container-engine: ensure /var/lib/containers/ is properly labelled
+ (gscrivan@redhat.com)
+- Moving docker location to share path with system containers.
+ (kwoodson@redhat.com)
+- Retry restarting master controllers (mgugino@redhat.com)
+- Bug 1509680- Fix ansible-service-broker registry validations
+ (fabian@fabianism.us)
+- Fix preupgrade authorization objects are in sync (mgugino@redhat.com)
+- Bug 1507617- Move etcd into its own service/dc with SSL (fabian@fabianism.us)
+
+* Mon Nov 06 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.196.0
+- Bug 1509052 - Remove logfile from broker config (david.j.zager@gmail.com)
+- Fix github auth validation (mgugino@redhat.com)
+- Re-generate lib_openshift (mail@jkroepke.de)
+- Remove provisioner restrictions on oc_storageclass (mail@jkroepke.de)
+
* Mon Nov 06 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.195.0
- Bug 1507787- add full path to default asb etcd image (fabian@fabianism.us)
diff --git a/playbooks/byo/openshift-cluster/redeploy-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-certificates.yml
index 255b0dbf7..f53d34145 100644
--- a/playbooks/byo/openshift-cluster/redeploy-certificates.yml
+++ b/playbooks/byo/openshift-cluster/redeploy-certificates.yml
@@ -42,3 +42,7 @@
- include: ../../common/openshift-cluster/redeploy-certificates/registry.yml
when: openshift_hosted_manage_registry | default(true) | bool
+
+- include: ../../common/openshift-master/revert-client-ca.yml
+
+- include: ../../common/openshift-master/restart.yml
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml
index 2068ed199..e22c8cbdb 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml
@@ -43,11 +43,6 @@
when: (g_master_config_output.content|b64decode|from_yaml).oauthConfig.masterCA != 'ca-bundle.crt'
- modify_yaml:
dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
- yaml_key: servingInfo.clientCA
- yaml_value: ca.crt
- when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca.crt'
- - modify_yaml:
- dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
yaml_key: etcdClientInfo.ca
yaml_value: ca-bundle.crt
when:
@@ -67,6 +62,13 @@
when:
- groups.oo_etcd_to_config | default([]) | length == 0
- (g_master_config_output.content|b64decode|from_yaml).etcdConfig.servingInfo.clientCA != 'ca-bundle.crt'
+ # Set servingInfo.clientCA to client-ca-bundle.crt in order to roll the CA certificate.
+ # This change will be reverted in playbooks/byo/openshift-cluster/redeploy-certificates.yml
+ - modify_yaml:
+ dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ yaml_key: servingInfo.clientCA
+ yaml_value: client-ca-bundle.crt
+ when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'client-ca-bundle.crt'
- name: Copy current OpenShift CA to legacy directory
hosts: oo_masters_to_config
@@ -155,6 +157,7 @@
- ca.key
- ca-bundle.crt
- ca.serial.txt
+ - client-ca-bundle.crt
delegate_to: "{{ openshift_ca_host }}"
run_once: true
changed_when: false
@@ -173,6 +176,7 @@
- ca.key
- ca-bundle.crt
- ca.serial.txt
+ - client-ca-bundle.crt
- name: Update master client kubeconfig CA data
kubeclient_ca:
client_path: "{{ openshift.common.config_base }}/master/openshift-master.kubeconfig"
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
index 8e4f99c91..022b4b4fb 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
@@ -15,7 +15,7 @@
- name: Confirm OpenShift authorization objects are in sync
command: >
{{ openshift.common.client_binary }} adm migrate authorization
- when: openshift_version | version_compare('3.7','<')
+ when: openshift_upgrade_target | version_compare('3.8','<')
changed_when: false
register: l_oc_result
until: l_oc_result.rc == 0
diff --git a/playbooks/common/openshift-master/revert-client-ca.yml b/playbooks/common/openshift-master/revert-client-ca.yml
new file mode 100644
index 000000000..9ae23bf5b
--- /dev/null
+++ b/playbooks/common/openshift-master/revert-client-ca.yml
@@ -0,0 +1,17 @@
+---
+- name: Set servingInfo.clientCA = ca.crt in master config
+ hosts: oo_masters_to_config
+ tasks:
+ - name: Read master config
+ slurp:
+ src: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ register: g_master_config_output
+
+ # servingInfo.clientCA may be set as the client-ca-bundle.crt from
+ # CA redeployment and this task reverts that change.
+ - name: Set servingInfo.clientCA = ca.crt in master config
+ modify_yaml:
+ dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ yaml_key: servingInfo.clientCA
+ yaml_value: ca.crt
+ when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca.crt'
diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml
index f4dc9df8a..05b37d59f 100644
--- a/playbooks/common/openshift-master/scaleup.yml
+++ b/playbooks/common/openshift-master/scaleup.yml
@@ -22,8 +22,13 @@
- name: restart master api
service: name={{ openshift.common.service_type }}-master-controllers state=restarted
notify: verify api server
+ # We retry the controllers because the API may not be 100% initialized yet.
- name: restart master controllers
- service: name={{ openshift.common.service_type }}-master-controllers state=restarted
+ command: "systemctl restart {{ openshift.common.service_type }}-master-controllers"
+ retries: 3
+ delay: 5
+ register: result
+ until: result.rc == 0
- name: verify api server
command: >
curl --silent --tlsv1.2
diff --git a/playbooks/common/openshift-master/tasks/wire_aggregator.yml b/playbooks/common/openshift-master/tasks/wire_aggregator.yml
index 560eea785..df3ea27b4 100644
--- a/playbooks/common/openshift-master/tasks/wire_aggregator.yml
+++ b/playbooks/common/openshift-master/tasks/wire_aggregator.yml
@@ -179,8 +179,13 @@
- yedit_output.changed
- openshift.master.cluster_method == 'native'
+# We retry the controllers because the API may not be 100% initialized yet.
- name: restart master controllers
- systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted
+ command: "systemctl restart {{ openshift.common.service_type }}-master-controllers"
+ retries: 3
+ delay: 5
+ register: result
+ until: result.rc == 0
when:
- yedit_output.changed
- openshift.master.cluster_method == 'native'
diff --git a/roles/ansible_service_broker/defaults/main.yml b/roles/ansible_service_broker/defaults/main.yml
index dc05b03b5..34110ca99 100644
--- a/roles/ansible_service_broker/defaults/main.yml
+++ b/roles/ansible_service_broker/defaults/main.yml
@@ -14,3 +14,4 @@ ansible_service_broker_launch_apb_on_bind: false
ansible_service_broker_image_pull_policy: IfNotPresent
ansible_service_broker_sandbox_role: edit
ansible_service_broker_auto_escalate: false
+ansible_service_broker_local_registry_whitelist: []
diff --git a/roles/ansible_service_broker/tasks/generate_certs.yml b/roles/ansible_service_broker/tasks/generate_certs.yml
new file mode 100644
index 000000000..85e67e00c
--- /dev/null
+++ b/roles/ansible_service_broker/tasks/generate_certs.yml
@@ -0,0 +1,35 @@
+---
+
+- when: ansible_service_broker_certs_dir is undefined
+ block:
+ - name: Create ansible-service-broker cert directory
+ file:
+ path: "{{ openshift.common.config_base }}/ansible-service-broker"
+ state: directory
+ mode: 0755
+ check_mode: no
+
+ - name: Create self signing ca cert
+ command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ openshift.common.config_base }}/ansible-service-broker/key.pem -out {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"'
+ args:
+ creates: '{{ openshift.common.config_base }}/ansible-service-broker/cert.pem'
+
+ - name: Create self signed client cert
+ command: '{{ item.cmd }}'
+ args:
+ creates: '{{ item.creates }}'
+ with_items:
+ - cmd: openssl genrsa -out {{ openshift.common.config_base }}/ansible-service-broker/client.key 2048
+ creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.key'
+ - cmd: 'openssl req -new -key {{ openshift.common.config_base }}/ansible-service-broker/client.key -out {{ openshift.common.config_base }}/ansible-service-broker/client.csr -subj "/CN=client"'
+ creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.csr'
+ - cmd: openssl x509 -req -in {{ openshift.common.config_base }}/ansible-service-broker/client.csr -CA {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -CAkey {{ openshift.common.config_base }}/ansible-service-broker/key.pem -CAcreateserial -out {{ openshift.common.config_base }}/ansible-service-broker/client.pem -days 1024
+ creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.pem'
+
+ - set_fact:
+ ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker"
+
+- set_fact:
+ etcd_ca_cert: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/cert.pem') }}"
+ etcd_client_cert: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/client.pem') }}"
+ etcd_client_key: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/client.key') }}"
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml
index 89a84c4df..90a4418fb 100644
--- a/roles/ansible_service_broker/tasks/install.yml
+++ b/roles/ansible_service_broker/tasks/install.yml
@@ -32,6 +32,7 @@
- include: validate_facts.yml
+- include: generate_certs.yml
# Deployment of ansible-service-broker starts here
- name: create openshift-ansible-service-broker project
@@ -68,6 +69,9 @@
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]
+ - apiGroups: ["image.openshift.io", ""]
+ resources: ["images"]
+ verbs: ["get", "list"]
- name: Create asb-access cluster role
oc_clusterrole:
@@ -116,6 +120,24 @@
kubernetes.io/service-account.name: asb-client
type: kubernetes.io/service-account-token
+- name: Create etcd-auth secret
+ oc_secret:
+ name: etcd-auth-secret
+ namespace: openshift-ansible-service-broker
+ contents:
+ - path: ca.crt
+ data: '{{ etcd_ca_cert }}'
+
+- name: Create broker-etcd-auth secret
+ oc_secret:
+ name: broker-etcd-auth-secret
+ namespace: openshift-ansible-service-broker
+ contents:
+ - path: client.crt
+ data: '{{ etcd_client_cert }}'
+ - path: client.key
+ data: '{{ etcd_client_key }}'
+
- oc_secret:
state: list
namespace: openshift-ansible-service-broker
@@ -156,6 +178,34 @@
app: openshift-ansible-service-broker
service: asb
+- name: create asb-etcd service
+ oc_obj:
+ name: asb-etcd
+ namespace: openshift-ansible-service-broker
+ state: present
+ kind: Service
+ content:
+ path: /tmp/asbetcdsvcout
+ data:
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: asb-etcd
+ labels:
+ app: etcd
+ service: asb-etcd
+ annotations:
+ service.alpha.openshift.io/serving-cert-secret-name: etcd-tls
+ spec:
+ ports:
+ - name: port-2379
+ port: 2379
+ targetPort: 2379
+ protocol: TCP
+ selector:
+ app: etcd
+ service: asb-etcd
+
- name: create route for ansible-service-broker service
oc_route:
name: asb-1338
@@ -227,6 +277,8 @@
mountPath: /etc/ansible-service-broker
- name: asb-tls
mountPath: /etc/tls/private
+ - name: asb-etcd-auth
+ mountPath: /var/run/asb-etcd-auth
ports:
- containerPort: 1338
protocol: TCP
@@ -249,7 +301,50 @@
scheme: HTTPS
initialDelaySeconds: 15
timeoutSeconds: 1
+ volumes:
+ - name: config-volume
+ configMap:
+ name: broker-config
+ items:
+ - key: broker-config
+ path: config.yaml
+ - name: asb-tls
+ secret:
+ secretName: asb-tls
+ - name: asb-etcd-auth
+ secret:
+ secretName: broker-etcd-auth-secret
+- name: Create asb-etcd deployment config
+ oc_obj:
+ name: etcd
+ namespace: openshift-ansible-service-broker
+ state: present
+ kind: DeploymentConfig
+ content:
+ path: /tmp/dcout
+ data:
+ apiVersion: v1
+ kind: DeploymentConfig
+ metadata:
+ name: asb-etcd
+ labels:
+ app: etcd
+ service: asb-etcd
+ spec:
+ replicas: 1
+ selector:
+ app: etcd
+ strategy:
+ type: Rolling
+ template:
+ metadata:
+ labels:
+ app: etcd
+ service: asb-etcd
+ spec:
+ serviceAccount: asb
+ containers:
- image: "{{ ansible_service_broker_etcd_image }}"
name: etcd
imagePullPolicy: IfNotPresent
@@ -258,8 +353,12 @@
args:
- "{{ ansible_service_broker_etcd_image_etcd_path }}"
- "--data-dir=/data"
- - "--listen-client-urls=http://0.0.0.0:2379"
- - "--advertise-client-urls=http://0.0.0.0:2379"
+ - "--listen-client-urls=https://0.0.0.0:2379"
+ - "--advertise-client-urls=https://0.0.0.0:2379"
+ - "--client-cert-auth"
+ - "--trusted-ca-file=/var/run/etcd-auth-secret/ca.crt"
+ - "--cert-file=/etc/tls/private/tls.crt"
+ - "--key-file=/etc/tls/private/tls.key"
ports:
- containerPort: 2379
protocol: TCP
@@ -267,21 +366,22 @@
- name: ETCDCTL_API
value: "3"
volumeMounts:
- - mountPath: /data
- name: etcd
+ - name: etcd
+ mountPath: /data
+ - name: etcd-tls
+ mountPath: /etc/tls/private
+ - name: etcd-auth
+ mountPath: /var/run/etcd-auth-secret
volumes:
- name: etcd
persistentVolumeClaim:
claimName: etcd
- - name: config-volume
- configMap:
- name: broker-config
- items:
- - key: broker-config
- path: config.yaml
- - name: asb-tls
+ - name: etcd-tls
secret:
- secretName: asb-tls
+ secretName: etcd-tls
+ - name: etcd-auth
+ secret:
+ secretName: etcd-auth-secret
# TODO: saw a oc_configmap in the library, but didn't understand how to get it to do the following:
@@ -307,16 +407,19 @@
- type: {{ ansible_service_broker_registry_type }}
name: {{ ansible_service_broker_registry_name }}
url: {{ ansible_service_broker_registry_url }}
- user: {{ ansible_service_broker_registry_user }}
- pass: {{ ansible_service_broker_registry_password }}
org: {{ ansible_service_broker_registry_organization }}
tag: {{ ansible_service_broker_registry_tag }}
white_list: {{ ansible_service_broker_registry_whitelist }}
+ - type: local_registry
+ namespaces: ['openshift']
+ white_list: {{ ansible_service_broker_local_registry_whitelist }}
dao:
- etcd_host: 0.0.0.0
+ etcd_host: asb-etcd.openshift-ansible-service-broker.svc
etcd_port: 2379
+ etcd_ca_file: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
+ etcd_client_cert: /var/run/asb-etcd-auth/client.crt
+ etcd_client_key: /var/run/asb-etcd-auth/client.key
log:
- logfile: /var/log/ansible-service-broker/asb.log
stdout: true
level: {{ ansible_service_broker_log_level }}
color: true
@@ -340,6 +443,15 @@
- type: basic
enabled: false
+- oc_secret:
+ name: asb-registry-auth
+ namespace: openshift-ansible-service-broker
+ state: present
+ contents:
+ - path: username
+ data: "{{ ansible_service_broker_registry_user }}"
+ - path: password
+ data: "{{ ansible_service_broker_registry_password }}"
- name: Create the Broker resource in the catalog
oc_obj:
diff --git a/roles/ansible_service_broker/tasks/remove.yml b/roles/ansible_service_broker/tasks/remove.yml
index 51b86fb26..a1ac740e0 100644
--- a/roles/ansible_service_broker/tasks/remove.yml
+++ b/roles/ansible_service_broker/tasks/remove.yml
@@ -46,18 +46,42 @@
resource_name: asb-access
user: "system:serviceaccount:openshift-ansible-service-broker:asb-client"
+- name: remove asb-registry auth secret
+ oc_secret:
+ state: absent
+ name: asb-registry-auth
+ namespace: openshift-ansible-service-broker
+
- name: remove asb-client token secret
oc_secret:
state: absent
name: asb-client
namespace: openshift-ansible-service-broker
+- name: Remove etcd-auth secret
+ oc_secret:
+ state: absent
+ name: etcd-auth-secret
+ namespace: openshift-ansible-service-broker
+
+- name: Remove broker-etcd-auth secret
+ oc_secret:
+ state: absent
+ name: broker-etcd-auth-secret
+ namespace: openshift-ansible-service-broker
+
- name: remove ansible-service-broker service
oc_service:
name: asb
namespace: openshift-ansible-service-broker
state: absent
+- name: remove asb-etcd service
+ oc_service:
+ state: absent
+ name: asb-etcd
+ namespace: openshift-ansible-service-broker
+
- name: remove etcd service
oc_service:
name: etcd
@@ -83,6 +107,14 @@
kind: DeploymentConfig
state: absent
+- name: remove Ansible Service Broker etcd deployment config
+ oc_obj:
+ name: asb-etcd
+ namespace: openshift-ansible-service-broker
+ kind: DeploymentConfig
+ state: absent
+
+
- name: remove secret for broker auth
oc_obj:
name: asb-client
diff --git a/roles/ansible_service_broker/tasks/validate_facts.yml b/roles/ansible_service_broker/tasks/validate_facts.yml
index 604d24e1d..a2345551b 100644
--- a/roles/ansible_service_broker/tasks/validate_facts.yml
+++ b/roles/ansible_service_broker/tasks/validate_facts.yml
@@ -1,11 +1,9 @@
---
- name: validate Dockerhub registry settings
- fail: msg="To use the dockerhub registry, you must provide the ansible_service_broker_registry_user. ansible_service_broker_registry_password, and ansible_service_broker_registry_organization parameters"
+ fail: msg="To use the dockerhub registry, you must provide the ansible_service_broker_registry_organization"
when:
- ansible_service_broker_registry_type == 'dockerhub'
- - not (ansible_service_broker_registry_user and
- ansible_service_broker_registry_password and
- ansible_service_broker_registry_organization)
+ - not ansible_service_broker_registry_organization
- name: validate RHCC registry settings
diff --git a/roles/ansible_service_broker/vars/default_images.yml b/roles/ansible_service_broker/vars/default_images.yml
index 8438e993f..248e0363d 100644
--- a/roles/ansible_service_broker/vars/default_images.yml
+++ b/roles/ansible_service_broker/vars/default_images.yml
@@ -12,6 +12,6 @@ __ansible_service_broker_registry_name: dh
__ansible_service_broker_registry_url: null
__ansible_service_broker_registry_user: null
__ansible_service_broker_registry_password: null
-__ansible_service_broker_registry_organization: null
+__ansible_service_broker_registry_organization: ansibleplaybookbundle
__ansible_service_broker_registry_tag: latest
__ansible_service_broker_registry_whitelist: []
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index f6f2bd77e..c086c28df 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -33,3 +33,6 @@ r_crio_os_firewall_allow:
openshift_docker_is_node_or_master: "{{ True if inventory_hostname in (groups['oo_masters_to_config']|default([])) or inventory_hostname in (groups['oo_nodes_to_config']|default([])) else False | bool }}"
+
+docker_alt_storage_path: /var/lib/containers/docker
+docker_default_storage_path: /var/lib/docker
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 1539af53f..3c814d8d8 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -25,6 +25,15 @@
- not l_use_system_container
- not l_use_crio_only
+- name: Ensure /var/lib/containers exists
+ file:
+ path: /var/lib/containers
+ state: directory
+
+- name: Fix SELinux Permissions on /var/lib/containers
+ command: "restorecon -R /var/lib/containers/"
+ changed_when: false
+
- name: Use System Container Docker if Requested
include: systemcontainer_docker.yml
when:
@@ -36,3 +45,48 @@
when:
- l_use_crio
- openshift_docker_is_node_or_master | bool
+
+- name: stat the docker data dir
+ stat:
+ path: "{{ docker_default_storage_path }}"
+ register: dockerstat
+
+- when:
+ - l_use_crio
+ - dockerstat.stat.islink is defined and not (dockerstat.stat.islink | bool)
+ block:
+ - name: stop the current running docker
+ systemd:
+ state: stopped
+ name: "{{ openshift.docker.service_name }}"
+
+ - name: "Ensure {{ docker_alt_storage_path }} exists"
+ file:
+ path: "{{ docker_alt_storage_path }}"
+ state: directory
+
+ - name: "Set the selinux context on {{ docker_alt_storage_path }}"
+ command: "semanage fcontext -a -e {{ docker_default_storage_path }} {{ docker_alt_storage_path }}"
+ register: results
+ failed_when:
+ - results.rc == 1
+ - "'already exists' not in results.stderr"
+
+ - name: "restorecon the {{ docker_alt_storage_path }}"
+ command: "restorecon -r {{ docker_alt_storage_path }}"
+
+ - name: Remove the old docker location
+ file:
+ state: absent
+ path: "{{ docker_default_storage_path }}"
+
+ - name: Setup the link
+ file:
+ state: link
+ src: "{{ docker_alt_storage_path }}"
+ path: "{{ docker_default_storage_path }}"
+
+ - name: start docker
+ systemd:
+ state: started
+ name: "{{ openshift.docker.service_name }}"
diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml
index 67ede0d21..1e2d64293 100644
--- a/roles/docker/tasks/systemcontainer_crio.yml
+++ b/roles/docker/tasks/systemcontainer_crio.yml
@@ -170,10 +170,6 @@
dest: /etc/cni/net.d/openshift-sdn.conf
src: 80-openshift-sdn.conf.j2
-- name: Fix SELinux Permissions on /var/lib/containers
- command: "restorecon -R /var/lib/containers/"
- changed_when: false
-
- name: Start the CRI-O service
systemd:
name: "cri-o"
diff --git a/roles/lib_openshift/library/oc_storageclass.py b/roles/lib_openshift/library/oc_storageclass.py
index e88f3ae8d..7e7d0fa60 100644
--- a/roles/lib_openshift/library/oc_storageclass.py
+++ b/roles/lib_openshift/library/oc_storageclass.py
@@ -1664,7 +1664,7 @@ def main():
name=dict(default=None, type='str'),
annotations=dict(default=None, type='dict'),
parameters=dict(default=None, type='dict'),
- provisioner=dict(required=True, type='str', choices=['aws-ebs', 'gce-pd', 'glusterfs', 'cinder']),
+ provisioner=dict(required=True, type='str'),
api_version=dict(default='v1', type='str'),
default_storage_class=dict(default="false", type='str'),
),
diff --git a/roles/lib_openshift/src/ansible/oc_storageclass.py b/roles/lib_openshift/src/ansible/oc_storageclass.py
index e9f3ebbd3..a8f371661 100644
--- a/roles/lib_openshift/src/ansible/oc_storageclass.py
+++ b/roles/lib_openshift/src/ansible/oc_storageclass.py
@@ -14,7 +14,7 @@ def main():
name=dict(default=None, type='str'),
annotations=dict(default=None, type='dict'),
parameters=dict(default=None, type='dict'),
- provisioner=dict(required=True, type='str', choices=['aws-ebs', 'gce-pd', 'glusterfs', 'cinder']),
+ provisioner=dict(required=True, type='str'),
api_version=dict(default='v1', type='str'),
default_storage_class=dict(default="false", type='str'),
),
diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml
index 21da6b953..410b739e9 100644
--- a/roles/nuage_master/handlers/main.yaml
+++ b/roles/nuage_master/handlers/main.yaml
@@ -7,8 +7,13 @@
openshift.master.cluster_method == 'native'
# TODO: need to fix up ignore_errors here
+# We retry the controllers because the API may not be 100% initialized yet.
- name: restart master controllers
- systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted
+ command: "systemctl restart {{ openshift.common.service_type }}-master-controllers"
+ retries: 3
+ delay: 5
+ register: result
+ until: result.rc == 0
when: >
(openshift_master_ha | bool) and
(not master_controllers_service_status_changed | default(false)) and
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
index fad1ff5de..587526d07 100644
--- a/roles/openshift_ca/tasks/main.yml
+++ b/roles/openshift_ca/tasks/main.yml
@@ -106,6 +106,36 @@
delegate_to: "{{ openshift_ca_host }}"
run_once: true
+# Create client-ca-bundle.crt containing old and new OpenShift CA
+# certificates. This bundle will be used when rolling the OpenShift CA
+# certificate.
+- name: Create client-ca-bundle.crt
+ block:
+ - command: mktemp -d /tmp/openshift-ansible-XXXXXX
+ register: openshift_ca_clientconfig_tmpdir
+ delegate_to: "{{ openshift_ca_host }}"
+ - copy:
+ src: "{{ item }}"
+ dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/"
+ remote_src: true
+ with_items: "{{ g_master_legacy_ca_result.files | default([]) | oo_collect('path') }}"
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+ - copy:
+ src: "{{ openshift_ca_config_dir }}/ca.crt"
+ dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/"
+ remote_src: true
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+ - assemble:
+ src: "{{ openshift_ca_clientconfig_tmpdir.stdout }}"
+ dest: "{{ openshift_ca_config_dir }}/client-ca-bundle.crt"
+ mode: 0644
+ owner: root
+ group: root
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
- name: Test local loopback context
command: >
{{ hostvars[openshift_ca_host].openshift.common.client_binary }} config view
diff --git a/roles/openshift_cli/library/openshift_container_binary_sync.py b/roles/openshift_cli/library/openshift_container_binary_sync.py
index b40c49701..08045794a 100644
--- a/roles/openshift_cli/library/openshift_container_binary_sync.py
+++ b/roles/openshift_cli/library/openshift_container_binary_sync.py
@@ -36,7 +36,7 @@ class BinarySyncer(object):
self.changed = False
self.output = []
self.bin_dir = '/usr/local/bin'
- self.image = image
+ self._image = image
self.tag = tag
self.backend = backend
self.temp_dir = None # TBD
@@ -142,6 +142,33 @@ class BinarySyncer(object):
self.output.append("Moved %s to %s." % (src_path, dest_path))
self.changed = True
+ @property
+ def raw_image(self):
+ """
+ Returns the image as it was originally passed in to the instance.
+
+ .. note::
+ This image string will only work directly with the atomic command.
+
+ :returns: The original image passed in.
+ :rtype: str
+ """
+ return self._image
+
+ @property
+ def image(self):
+ """
+ Returns the image without atomic prefixes used to map to skopeo args.
+
+ :returns: The image string without prefixes
+ :rtype: str
+ """
+ image = self._image
+ for remove in ('oci:', 'http:', 'https:'):
+ if image.startswith(remove):
+ image = image.replace(remove, '')
+ return image
+
def main():
module = AnsibleModule( # noqa: F405
diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml
index fc4b56bbf..e623b33f3 100644
--- a/roles/openshift_examples/defaults/main.yml
+++ b/roles/openshift_examples/defaults/main.yml
@@ -10,10 +10,12 @@ content_version: "{{ openshift.common.examples_content_version }}"
examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples"
image_streams_base: "{{ examples_base }}/image-streams"
-centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json"
+centos_image_streams:
+ - "{{ image_streams_base }}/image-streams-centos7.json"
+ - "{{ image_streams_base }}/dotnet_imagestreams_centos.json"
rhel_image_streams:
- - "{{ image_streams_base}}/image-streams-rhel7.json"
- - "{{ image_streams_base}}/dotnet_imagestreams.json"
+ - "{{ image_streams_base }}/image-streams-rhel7.json"
+ - "{{ image_streams_base }}/dotnet_imagestreams.json"
db_templates_base: "{{ examples_base }}/db-templates"
xpaas_image_streams: "{{ examples_base }}/xpaas-streams/"
xpaas_templates_base: "{{ examples_base }}/xpaas-templates"
diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh
index 1a14c32f5..595190006 100755
--- a/roles/openshift_examples/examples-sync.sh
+++ b/roles/openshift_examples/examples-sync.sh
@@ -38,6 +38,7 @@ find 3scale-amp-openshift-templates-${RHAMP_TAG}/ -name '*.yml' -exec mv {} ${EX
popd
wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams.json
+wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams_centos.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams_centos.json
wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-example.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-example.json
wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-pgsql-persistent.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-pgsql-persistent.json
wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-runtime-example.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-runtime-example.json
diff --git a/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json
index 0bb56452b..af66b9ea4 100644
--- a/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json
+++ b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json
@@ -31,6 +31,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.1",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.1"
}
},
{
@@ -44,6 +48,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2"
}
},
{
@@ -56,6 +64,10 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.3"
}
}
]
@@ -84,6 +96,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.1",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.1"
}
},
{
@@ -97,6 +113,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.2"
}
},
{
@@ -109,6 +129,10 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.3"
}
}
]
@@ -137,6 +161,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.0"
}
}
]
@@ -165,6 +193,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.0"
}
}
]
@@ -194,6 +226,10 @@
"sampleRef": "6.4.x",
"version": "1.1",
"openshift.io/display-name": "Red Hat JBoss EAP 6.4"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.1"
}
},
{
@@ -208,6 +244,10 @@
"sampleRef": "6.4.x",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss EAP 6.4"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.2"
}
},
{
@@ -222,6 +262,10 @@
"sampleRef": "6.4.x",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss EAP 6.4"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.3"
}
},
{
@@ -236,6 +280,10 @@
"sampleRef": "6.4.x",
"version": "1.4",
"openshift.io/display-name": "Red Hat JBoss EAP 6.4"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.4"
}
},
{
@@ -248,7 +296,12 @@
"sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git",
"sampleContextDir": "kitchensink",
"sampleRef": "6.4.x",
- "version": "1.5"
+ "version": "1.5",
+ "openshift.io/display-name": "Red Hat JBoss EAP 6.4"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.5"
}
}
]
@@ -278,6 +331,10 @@
"sampleRef": "7.0.0.GA",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss EAP 7.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.3"
}
},
{
@@ -292,6 +349,10 @@
"sampleRef": "7.0.0.GA",
"version": "1.4",
"openshift.io/display-name": "Red Hat JBoss EAP 7.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.4"
}
},
{
@@ -304,7 +365,44 @@
"sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git",
"sampleContextDir": "kitchensink",
"sampleRef": "7.0.0.GA",
- "version": "1.5"
+ "version": "1.5",
+ "openshift.io/display-name": "Red Hat JBoss EAP 7.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.5"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "jboss-eap71-openshift",
+ "annotations": {
+ "openshift.io/display-name": "Red Hat JBoss EAP 7.1"
+ }
+ },
+ "spec": {
+ "dockerImageRepository": "registry.access.redhat.com/jboss-eap-7/eap71-openshift",
+ "tags": [
+ {
+ "name": "1.0-TP",
+ "annotations": {
+ "description": "JBoss EAP 7.1 Tech Preview.",
+ "iconClass": "icon-jboss",
+ "tags": "builder,eap,javaee,java,jboss,xpaas",
+ "supports":"eap:7.1,javaee:7,java:8,xpaas:1.0",
+ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git",
+ "sampleContextDir": "kitchensink",
+ "sampleRef": "7.0.0.GA",
+ "version": "1.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-7-tech-preview/eap71-openshift:1.0"
}
}
]
@@ -334,6 +432,10 @@
"sampleRef": "1.2",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift:1.2"
}
}
]
@@ -363,6 +465,10 @@
"sampleRef": "1.3",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.3"
}
},
{
@@ -375,7 +481,12 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "decisionserver/hellorules",
"sampleRef": "1.3",
- "version": "1.4"
+ "version": "1.4",
+ "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.4"
}
}
]
@@ -400,7 +511,12 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "decisionserver/hellorules",
"sampleRef": "1.3",
- "version": "1.0"
+ "version": "1.0",
+ "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.0"
}
}
]
@@ -430,6 +546,10 @@
"sampleRef": "1.3",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.3"
}
},
{
@@ -442,7 +562,12 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "processserver/library",
"sampleRef": "1.3",
- "version": "1.4"
+ "version": "1.4",
+ "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.4"
}
}
]
@@ -467,7 +592,12 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "processserver/library",
"sampleRef": "1.3",
- "version": "1.0"
+ "version": "1.0",
+ "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.0"
}
}
]
@@ -494,6 +624,10 @@
"supports": "datagrid:6.5,xpaas:1.2",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss Data Grid 6.5"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.2"
}
},
{
@@ -505,6 +639,10 @@
"supports": "datagrid:6.5,xpaas:1.4",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss Data Grid 6.5"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.3"
}
},
{
@@ -514,7 +652,42 @@
"iconClass": "icon-jboss",
"tags": "datagrid,jboss,xpaas",
"supports":"datagrid:6.5,xpaas:1.4",
- "version": "1.4"
+ "version": "1.4",
+ "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.4"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "jboss-datagrid71-openshift",
+ "annotations": {
+ "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1"
+ }
+ },
+ "spec": {
+ "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift",
+ "tags": [
+ {
+ "name": "1.0",
+ "annotations": {
+ "description": "JBoss Data Grid 7.1 S2I images.",
+ "iconClass": "icon-jboss",
+ "tags": "datagrid,jboss,xpaas",
+ "supports": "datagrid:7.1,xpaas:1.0",
+ "version": "1.0",
+ "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.0"
}
}
]
@@ -540,6 +713,39 @@
"tags": "client,jboss,xpaas",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.0"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "jboss-datagrid71-client-openshift",
+ "annotations": {
+ "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP"
+ }
+ },
+ "spec": {
+ "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift",
+ "tags": [
+ {
+ "name": "1.0",
+ "annotations": {
+ "description": "JBoss Data Grid 7.1 Client Modules for EAP.",
+ "iconClass": "icon-jboss",
+ "tags": "client,jboss,xpaas",
+ "version": "1.0",
+ "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift:1.0"
}
}
]
@@ -566,6 +772,10 @@
"supports": "datavirt:6.3,xpaas:1.4",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.0"
}
},
{
@@ -577,6 +787,10 @@
"supports": "datavirt:6.3,xpaas:1.4",
"version": "1.1",
"openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.1"
}
},
{
@@ -586,7 +800,12 @@
"iconClass": "icon-jboss",
"tags": "datavirt,jboss,xpaas",
"supports":"datavirt:6.3,xpaas:1.4",
- "version": "1.2"
+ "version": "1.2",
+ "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.2"
}
}
]
@@ -612,6 +831,10 @@
"tags": "client,jboss,xpaas",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.0"
}
}
]
@@ -638,6 +861,10 @@
"supports": "amq:6.2,messaging,xpaas:1.1",
"version": "1.1",
"openshift.io/display-name": "Red Hat JBoss A-MQ 6.2"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.1"
}
},
{
@@ -649,6 +876,10 @@
"supports": "amq:6.2,messaging,xpaas:1.2",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss A-MQ 6.2"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.2"
}
},
{
@@ -660,6 +891,10 @@
"supports": "amq:6.2,messaging,xpaas:1.3",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss A-MQ 6.2"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.3"
}
},
{
@@ -669,7 +904,27 @@
"iconClass": "icon-jboss",
"tags": "messaging,amq,jboss,xpaas",
"supports":"amq:6.2,messaging,xpaas:1.4",
- "version": "1.4"
+ "version": "1.4",
+ "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.4"
+ }
+ },
+ {
+ "name": "1.5",
+ "annotations": {
+ "description": "JBoss A-MQ 6.2 broker image.",
+ "iconClass": "icon-jboss",
+ "tags": "messaging,amq,jboss,xpaas",
+ "supports":"amq:6.2,messaging,xpaas:1.5",
+ "version": "1.5",
+ "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.5"
}
}
]
@@ -696,6 +951,25 @@
"supports": "amq:6.3,messaging,xpaas:1.0",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss A-MQ 6.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.0"
+ }
+ },
+ {
+ "name": "1.1",
+ "annotations": {
+ "description": "JBoss A-MQ 6.3 broker image.",
+ "iconClass": "icon-jboss",
+ "tags": "messaging,amq,jboss,xpaas",
+ "supports": "amq:6.3,messaging,xpaas:1.1",
+ "version": "1.1",
+ "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.1"
}
}
]
@@ -723,6 +997,10 @@
"supports": "sso:7.0,xpaas:1.3",
"version": "1.3",
"openshift.io/display-name": "Red Hat Single Sign-On 7.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.3"
}
},
{
@@ -734,6 +1012,10 @@
"supports": "sso:7.0,xpaas:1.4",
"version": "1.4",
"openshift.io/display-name": "Red Hat Single Sign-On 7.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.4"
}
}
]
@@ -761,6 +1043,10 @@
"supports": "sso:7.1,xpaas:1.4",
"version": "1.0",
"openshift.io/display-name": "Red Hat Single Sign-On 7.1"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.0"
}
},
{
@@ -772,6 +1058,10 @@
"supports": "sso:7.1,xpaas:1.4",
"version": "1.1",
"openshift.io/display-name": "Red Hat Single Sign-On 7.1"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1"
}
}
]
@@ -800,6 +1090,10 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts",
"sampleContextDir": "undertow-servlet",
"version": "1.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.0"
}
},
{
@@ -813,6 +1107,10 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts",
"sampleContextDir": "undertow-servlet",
"version": "1.1"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.1"
}
}
]
diff --git a/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json b/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json
new file mode 100644
index 000000000..79afc355b
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json
@@ -0,0 +1,104 @@
+{
+ "kind": "ImageStreamList",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "dotnet-image-streams",
+ "annotations": {
+ "description": "ImageStream definitions for .NET Core on CentOS"
+ }
+ },
+ "items": [
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "dotnet",
+ "annotations": {
+ "openshift.io/display-name": ".NET Core Builder Images"
+ }
+ },
+ "spec": {
+ "tags": [
+ {
+ "name": "latest",
+ "annotations": {
+ "openshift.io/display-name": ".NET Core (Latest)",
+ "description": "Build and run .NET Core applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.",
+ "iconClass": "icon-dotnet",
+ "tags": "builder,.net,dotnet,dotnetcore",
+ "supports":"dotnet",
+ "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git",
+ "sampleContextDir": "app",
+ "sampleRef": "dotnetcore-2.0"
+ },
+ "from": {
+ "kind": "ImageStreamTag",
+ "name": "2.0"
+ }
+ },
+ {
+ "name": "2.0",
+ "annotations": {
+ "openshift.io/display-name": ".NET Core 2.0",
+ "description": "Build and run .NET Core 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.",
+ "iconClass": "icon-dotnet",
+ "tags": "builder,.net,dotnet,dotnetcore,rh-dotnet20",
+ "supports":"dotnet:2.0,dotnet",
+ "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git",
+ "sampleContextDir": "app",
+ "sampleRef": "dotnetcore-2.0",
+ "version": "2.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.centos.org/dotnet/dotnet-20-centos7:latest"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "dotnet-runtime",
+ "annotations": {
+ "openshift.io/display-name": ".NET Core Runtime Images"
+ }
+ },
+ "spec": {
+ "tags": [
+ {
+ "name": "latest",
+ "annotations": {
+ "openshift.io/display-name": ".NET Core Runtime (Latest)",
+ "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core Runtime available on OpenShift, including major versions updates.",
+ "iconClass": "icon-dotnet",
+ "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime",
+ "supports":"dotnet-runtime"
+ },
+ "from": {
+ "kind": "ImageStreamTag",
+ "name": "2.0"
+ }
+ },
+ {
+ "name": "2.0",
+ "annotations": {
+ "openshift.io/display-name": ".NET Core 2.0 Runtime",
+ "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.",
+ "iconClass": "icon-dotnet",
+ "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime",
+ "supports":"dotnet-runtime",
+ "version": "2.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.centos.org/dotnet/dotnet-20-runtime-centos7:latest"
+ }
+ }
+ ]
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json
index 0aad7fae6..af66b9ea4 100644
--- a/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json
+++ b/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json
@@ -31,6 +31,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.1",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.1"
}
},
{
@@ -44,6 +48,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2"
}
},
{
@@ -56,6 +64,10 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.3"
}
}
]
@@ -84,6 +96,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.1",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.1"
}
},
{
@@ -97,6 +113,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.2"
}
},
{
@@ -109,6 +129,10 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.3"
}
}
]
@@ -137,6 +161,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.0"
}
}
]
@@ -165,6 +193,10 @@
"sampleContextDir": "tomcat-websocket-chat",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.0"
}
}
]
@@ -194,6 +226,10 @@
"sampleRef": "6.4.x",
"version": "1.1",
"openshift.io/display-name": "Red Hat JBoss EAP 6.4"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.1"
}
},
{
@@ -208,6 +244,10 @@
"sampleRef": "6.4.x",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss EAP 6.4"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.2"
}
},
{
@@ -222,6 +262,10 @@
"sampleRef": "6.4.x",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss EAP 6.4"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.3"
}
},
{
@@ -236,6 +280,10 @@
"sampleRef": "6.4.x",
"version": "1.4",
"openshift.io/display-name": "Red Hat JBoss EAP 6.4"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.4"
}
},
{
@@ -248,7 +296,12 @@
"sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git",
"sampleContextDir": "kitchensink",
"sampleRef": "6.4.x",
- "version": "1.5"
+ "version": "1.5",
+ "openshift.io/display-name": "Red Hat JBoss EAP 6.4"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.5"
}
}
]
@@ -278,6 +331,10 @@
"sampleRef": "7.0.0.GA",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss EAP 7.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.3"
}
},
{
@@ -292,6 +349,10 @@
"sampleRef": "7.0.0.GA",
"version": "1.4",
"openshift.io/display-name": "Red Hat JBoss EAP 7.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.4"
}
},
{
@@ -304,7 +365,12 @@
"sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git",
"sampleContextDir": "kitchensink",
"sampleRef": "7.0.0.GA",
- "version": "1.5"
+ "version": "1.5",
+ "openshift.io/display-name": "Red Hat JBoss EAP 7.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.5"
}
}
]
@@ -366,6 +432,10 @@
"sampleRef": "1.2",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift:1.2"
}
}
]
@@ -395,6 +465,10 @@
"sampleRef": "1.3",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.3"
}
},
{
@@ -407,7 +481,12 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "decisionserver/hellorules",
"sampleRef": "1.3",
- "version": "1.4"
+ "version": "1.4",
+ "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.4"
}
}
]
@@ -432,7 +511,12 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "decisionserver/hellorules",
"sampleRef": "1.3",
- "version": "1.0"
+ "version": "1.0",
+ "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.0"
}
}
]
@@ -462,6 +546,10 @@
"sampleRef": "1.3",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.3"
}
},
{
@@ -474,7 +562,12 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "processserver/library",
"sampleRef": "1.3",
- "version": "1.4"
+ "version": "1.4",
+ "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.4"
}
}
]
@@ -499,7 +592,12 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
"sampleContextDir": "processserver/library",
"sampleRef": "1.3",
- "version": "1.0"
+ "version": "1.0",
+ "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.0"
}
}
]
@@ -526,6 +624,10 @@
"supports": "datagrid:6.5,xpaas:1.2",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss Data Grid 6.5"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.2"
}
},
{
@@ -537,6 +639,10 @@
"supports": "datagrid:6.5,xpaas:1.4",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss Data Grid 6.5"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.3"
}
},
{
@@ -546,7 +652,12 @@
"iconClass": "icon-jboss",
"tags": "datagrid,jboss,xpaas",
"supports":"datagrid:6.5,xpaas:1.4",
- "version": "1.4"
+ "version": "1.4",
+ "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.4"
}
}
]
@@ -573,6 +684,10 @@
"supports": "datagrid:7.1,xpaas:1.0",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Data Grid 7.1"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.0"
}
}
]
@@ -598,6 +713,10 @@
"tags": "client,jboss,xpaas",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.0"
}
}
]
@@ -623,6 +742,10 @@
"tags": "client,jboss,xpaas",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift:1.0"
}
}
]
@@ -649,6 +772,10 @@
"supports": "datavirt:6.3,xpaas:1.4",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.0"
}
},
{
@@ -660,6 +787,10 @@
"supports": "datavirt:6.3,xpaas:1.4",
"version": "1.1",
"openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.1"
}
},
{
@@ -669,7 +800,12 @@
"iconClass": "icon-jboss",
"tags": "datavirt,jboss,xpaas",
"supports":"datavirt:6.3,xpaas:1.4",
- "version": "1.2"
+ "version": "1.2",
+ "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.2"
}
}
]
@@ -695,6 +831,10 @@
"tags": "client,jboss,xpaas",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.0"
}
}
]
@@ -721,6 +861,10 @@
"supports": "amq:6.2,messaging,xpaas:1.1",
"version": "1.1",
"openshift.io/display-name": "Red Hat JBoss A-MQ 6.2"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.1"
}
},
{
@@ -732,6 +876,10 @@
"supports": "amq:6.2,messaging,xpaas:1.2",
"version": "1.2",
"openshift.io/display-name": "Red Hat JBoss A-MQ 6.2"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.2"
}
},
{
@@ -743,6 +891,10 @@
"supports": "amq:6.2,messaging,xpaas:1.3",
"version": "1.3",
"openshift.io/display-name": "Red Hat JBoss A-MQ 6.2"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.3"
}
},
{
@@ -752,7 +904,12 @@
"iconClass": "icon-jboss",
"tags": "messaging,amq,jboss,xpaas",
"supports":"amq:6.2,messaging,xpaas:1.4",
- "version": "1.4"
+ "version": "1.4",
+ "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.4"
}
},
{
@@ -762,7 +919,12 @@
"iconClass": "icon-jboss",
"tags": "messaging,amq,jboss,xpaas",
"supports":"amq:6.2,messaging,xpaas:1.5",
- "version": "1.5"
+ "version": "1.5",
+ "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.5"
}
}
]
@@ -789,6 +951,10 @@
"supports": "amq:6.3,messaging,xpaas:1.0",
"version": "1.0",
"openshift.io/display-name": "Red Hat JBoss A-MQ 6.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.0"
}
},
{
@@ -800,6 +966,10 @@
"supports": "amq:6.3,messaging,xpaas:1.1",
"version": "1.1",
"openshift.io/display-name": "Red Hat JBoss A-MQ 6.3"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.1"
}
}
]
@@ -827,6 +997,10 @@
"supports": "sso:7.0,xpaas:1.3",
"version": "1.3",
"openshift.io/display-name": "Red Hat Single Sign-On 7.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.3"
}
},
{
@@ -838,6 +1012,10 @@
"supports": "sso:7.0,xpaas:1.4",
"version": "1.4",
"openshift.io/display-name": "Red Hat Single Sign-On 7.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.4"
}
}
]
@@ -865,6 +1043,10 @@
"supports": "sso:7.1,xpaas:1.4",
"version": "1.0",
"openshift.io/display-name": "Red Hat Single Sign-On 7.1"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.0"
}
},
{
@@ -876,6 +1058,10 @@
"supports": "sso:7.1,xpaas:1.4",
"version": "1.1",
"openshift.io/display-name": "Red Hat Single Sign-On 7.1"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1"
}
}
]
@@ -904,6 +1090,10 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts",
"sampleContextDir": "undertow-servlet",
"version": "1.0"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.0"
}
},
{
@@ -917,6 +1107,10 @@
"sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts",
"sampleContextDir": "undertow-servlet",
"version": "1.1"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.1"
}
}
]
diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml
index 1a4562776..356317431 100644
--- a/roles/openshift_examples/tasks/main.yml
+++ b/roles/openshift_examples/tasks/main.yml
@@ -63,8 +63,10 @@
- name: Import Centos Image streams
command: >
- {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig -n openshift -f {{ centos_image_streams }}
+ {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig -n openshift -f {{ item }}
when: openshift_examples_load_centos | bool
+ with_items:
+ - "{{ centos_image_streams }}"
register: oex_import_centos_streams
failed_when: "'already exists' not in oex_import_centos_streams.stderr and oex_import_centos_streams.rc != 0"
changed_when: false
diff --git a/roles/openshift_hosted/tasks/router.yml b/roles/openshift_hosted/tasks/router.yml
index 2aceef9e4..dd7053656 100644
--- a/roles/openshift_hosted/tasks/router.yml
+++ b/roles/openshift_hosted/tasks/router.yml
@@ -29,7 +29,9 @@
src: "{{ item }}"
with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') |
oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}"
- when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {}
+ when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} or
+ ( openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length > 0 )
+
# This is for when we desire a cluster signed cert
# The certificate is generated and placed in master_config_dir/
@@ -42,8 +44,8 @@
hostnames:
- "{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}"
- "*.{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}"
- cert: "{{ ('/etc/origin/master/' ~ (item.certificate.certfile | basename)) if 'certfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.crt') }}"
- key: "{{ ('/etc/origin/master/' ~ (item.certificate.keyfile | basename)) if 'keyfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.key') }}"
+ cert: "{{ openshift_master_config_dir ~ '/openshift-router.crt' }}"
+ key: "{{ openshift_master_config_dir ~ '/openshift-router.key' }}"
with_items: "{{ openshift_hosted_routers }}"
- name: set the openshift_hosted_router_certificate
@@ -55,6 +57,7 @@
when:
- openshift_hosted_router_create_certificate | bool
- openshift_hosted_router_certificate == {}
+ - openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length == 0
- name: Create the router service account(s)
oc_serviceaccount:
diff --git a/roles/openshift_hosted_metrics/handlers/main.yml b/roles/openshift_hosted_metrics/handlers/main.yml
index ce7688581..88b893448 100644
--- a/roles/openshift_hosted_metrics/handlers/main.yml
+++ b/roles/openshift_hosted_metrics/handlers/main.yml
@@ -4,8 +4,13 @@
when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
notify: Verify API Server
+# We retry the controllers because the API may not be 100% initialized yet.
- name: restart master controllers
- systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted
+ command: "systemctl restart {{ openshift.common.service_type }}-master-controllers"
+ retries: 3
+ delay: 5
+ register: result
+ until: result.rc == 0
when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
- name: Verify API Server
diff --git a/roles/openshift_logging/handlers/main.yml b/roles/openshift_logging/handlers/main.yml
index ce7688581..acc838bd1 100644
--- a/roles/openshift_logging/handlers/main.yml
+++ b/roles/openshift_logging/handlers/main.yml
@@ -4,8 +4,13 @@
when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
notify: Verify API Server
+# We retry the controllers because the API may not be 100% initialized yet.
- name: restart master controllers
- systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted
+ command: "{{ openshift.common.service_type }}-master-controllers"
+ retries: 3
+ delay: 5
+ register: result
+ until: result.rc == 0
when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
- name: Verify API Server
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml
index d5094c2c9..f88c4a7dc 100644
--- a/roles/openshift_master/handlers/main.yml
+++ b/roles/openshift_master/handlers/main.yml
@@ -9,10 +9,13 @@
notify:
- Verify API Server
+# We retry the controllers because the API may not be 100% initialized yet.
- name: restart master controllers
- systemd:
- name: "{{ openshift.common.service_type }}-master-controllers"
- state: restarted
+ command: "systemctl restart {{ openshift.common.service_type }}-master-controllers"
+ retries: 3
+ delay: 5
+ register: result
+ until: result.rc == 0
when:
- not (master_controllers_service_status_changed | default(false) | bool)
- openshift.master.cluster_method == 'native'
diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py
index a4f410296..97a5179e0 100644
--- a/roles/openshift_master_facts/filter_plugins/openshift_master.py
+++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py
@@ -326,10 +326,8 @@ class IdentityProviderOauthBase(IdentityProviderBase):
self._required += [['clientID', 'client_id'], ['clientSecret', 'client_secret']]
def validate(self):
- ''' validate this idp instance '''
- if self.challenge:
- raise errors.AnsibleFilterError("|failed provider {0} does not "
- "allow challenge authentication".format(self.__class__.__name__))
+ ''' validate an instance of this idp class '''
+ pass
class OpenIDIdentityProvider(IdentityProviderOauthBase):
@@ -428,6 +426,12 @@ class GoogleIdentityProvider(IdentityProviderOauthBase):
IdentityProviderOauthBase.__init__(self, api_version, idp)
self._optional += [['hostedDomain', 'hosted_domain']]
+ def validate(self):
+ ''' validate this idp instance '''
+ if self.challenge:
+ raise errors.AnsibleFilterError("|failed provider {0} does not "
+ "allow challenge authentication".format(self.__class__.__name__))
+
class GitHubIdentityProvider(IdentityProviderOauthBase):
""" GitHubIdentityProvider
@@ -446,6 +450,12 @@ class GitHubIdentityProvider(IdentityProviderOauthBase):
self._optional += [['organizations'],
['teams']]
+ def validate(self):
+ ''' validate this idp instance '''
+ if self.challenge:
+ raise errors.AnsibleFilterError("|failed provider {0} does not "
+ "allow challenge authentication".format(self.__class__.__name__))
+
class FilterModule(object):
''' Custom ansible filters for use by the openshift_master role'''
@@ -510,7 +520,7 @@ class FilterModule(object):
'master.kubelet-client.crt',
'master.kubelet-client.key']
if bool(include_ca):
- certs += ['ca.crt', 'ca.key', 'ca-bundle.crt']
+ certs += ['ca.crt', 'ca.key', 'ca-bundle.crt', 'client-ca-bundle.crt']
if bool(include_keys):
certs += ['serviceaccounts.private.key',
'serviceaccounts.public.key']
diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml
index ce7688581..88b893448 100644
--- a/roles/openshift_metrics/handlers/main.yml
+++ b/roles/openshift_metrics/handlers/main.yml
@@ -4,8 +4,13 @@
when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
notify: Verify API Server
+# We retry the controllers because the API may not be 100% initialized yet.
- name: restart master controllers
- systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted
+ command: "systemctl restart {{ openshift.common.service_type }}-master-controllers"
+ retries: 3
+ delay: 5
+ register: result
+ until: result.rc == 0
when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
- name: Verify API Server
diff --git a/roles/openshift_prometheus/tasks/main.yaml b/roles/openshift_prometheus/tasks/main.yaml
index 332104d77..5cc9a67eb 100644
--- a/roles/openshift_prometheus/tasks/main.yaml
+++ b/roles/openshift_prometheus/tasks/main.yaml
@@ -2,20 +2,9 @@
- name: Set default image variables based on deployment_type
include_vars: "{{ item }}"
with_first_found:
- - "{{ openshift_deployment_type | default(deployment_type) }}.yml"
+ - "{{ openshift_deployment_type }}.yml"
- "default_images.yml"
-- name: Set image facts
- set_fact:
- openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default(__openshift_prometheus_image_prefix) }}"
- openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default(__openshift_prometheus_image_version) }}"
- openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(openshift_prometheus_image_prefix) }}"
- openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default(__openshift_prometheus_proxy_image_version) }}"
- openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(openshift_prometheus_image_prefix) }}"
- openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default(__openshift_prometheus_alertmanager_image_version) }}"
- openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(openshift_prometheus_image_prefix) }}"
- openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default(__openshift_prometheus_alertbuffer_image_version) }}"
-
- name: Create temp directory for doing work in on target
command: mktemp -td openshift-prometheus-ansible-XXXXXX
register: mktemp
diff --git a/roles/openshift_prometheus/templates/prometheus.j2 b/roles/openshift_prometheus/templates/prometheus.j2
index 916c57aa2..456db3a57 100644
--- a/roles/openshift_prometheus/templates/prometheus.j2
+++ b/roles/openshift_prometheus/templates/prometheus.j2
@@ -23,28 +23,28 @@ spec:
{% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %}
nodeSelector:
{% for key, value in openshift_prometheus_node_selector.iteritems() %}
- {{key}}: "{{value}}"
+ {{ key }}: "{{ value }}"
{% endfor %}
{% endif %}
containers:
# Deploy Prometheus behind an oauth proxy
- name: prom-proxy
- image: "{{openshift_prometheus_proxy_image_prefix}}oauth-proxy:{{openshift_prometheus_proxy_image_version}}"
+ image: "{{ l_openshift_prometheus_proxy_image_prefix }}oauth-proxy:{{ l_openshift_prometheus_proxy_image_version }}"
imagePullPolicy: IfNotPresent
resources:
requests:
{% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %}
- memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}"
+ memory: "{{ openshift_prometheus_oauth_proxy_memory_requests }}"
{% endif %}
{% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %}
- cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}"
+ cpu: "{{ openshift_prometheus_oauth_proxy_cpu_requests }}"
{% endif %}
limits:
{% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %}
- memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}"
+ memory: "{{ openshift_prometheus_oauth_proxy_memory_limit }}"
{% endif %}
{% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %}
- cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}"
+ cpu: "{{ openshift_prometheus_oauth_proxy_cpu_limit }}"
{% endif %}
ports:
- containerPort: 8443
@@ -79,22 +79,22 @@ spec:
- --storage.tsdb.min-block-duration=2m
- --config.file=/etc/prometheus/prometheus.yml
- --web.listen-address=localhost:9090
- image: "{{openshift_prometheus_image_prefix}}prometheus:{{openshift_prometheus_image_version}}"
+ image: "{{ l_openshift_prometheus_image_prefix }}prometheus:{{ l_openshift_prometheus_image_version }}"
imagePullPolicy: IfNotPresent
resources:
requests:
{% if openshift_prometheus_memory_requests is defined and openshift_prometheus_memory_requests is not none %}
- memory: "{{openshift_prometheus_memory_requests}}"
+ memory: "{{ openshift_prometheus_memory_requests }}"
{% endif %}
{% if openshift_prometheus_cpu_requests is defined and openshift_prometheus_cpu_requests is not none %}
- cpu: "{{openshift_prometheus_cpu_requests}}"
+ cpu: "{{ openshift_prometheus_cpu_requests }}"
{% endif %}
limits:
{% if openshift_prometheus_memory_limit is defined and openshift_prometheus_memory_limit is not none %}
memory: "{{ openshift_prometheus_memory_limit }}"
{% endif %}
{% if openshift_prometheus_cpu_limit is defined and openshift_prometheus_cpu_limit is not none %}
- cpu: "{{openshift_prometheus_cpu_limit}}"
+ cpu: "{{ openshift_prometheus_cpu_limit }}"
{% endif %}
volumeMounts:
@@ -105,22 +105,22 @@ spec:
# Deploy alertmanager behind prometheus-alert-buffer behind an oauth proxy
- name: alerts-proxy
- image: "{{openshift_prometheus_proxy_image_prefix}}oauth-proxy:{{openshift_prometheus_proxy_image_version}}"
+ image: "{{ l_openshift_prometheus_proxy_image_prefix }}oauth-proxy:{{ l_openshift_prometheus_proxy_image_version }}"
imagePullPolicy: IfNotPresent
resources:
requests:
{% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %}
- memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}"
+ memory: "{{ openshift_prometheus_oauth_proxy_memory_requests }}"
{% endif %}
{% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %}
- cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}"
+ cpu: "{{ openshift_prometheus_oauth_proxy_cpu_requests }}"
{% endif %}
limits:
{% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %}
- memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}"
+ memory: "{{ openshift_prometheus_oauth_proxy_memory_limit }}"
{% endif %}
{% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %}
- cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}"
+ cpu: "{{ openshift_prometheus_oauth_proxy_cpu_limit }}"
{% endif %}
ports:
- containerPort: 9443
@@ -149,22 +149,22 @@ spec:
- name: alert-buffer
args:
- --storage-path=/alert-buffer/messages.db
- image: "{{openshift_prometheus_alertbuffer_image_prefix}}prometheus-alert-buffer:{{openshift_prometheus_alertbuffer_image_version}}"
+ image: "{{ l_openshift_prometheus_alertbuffer_image_prefix }}prometheus-alert-buffer:{{ l_openshift_prometheus_alertbuffer_image_version }}"
imagePullPolicy: IfNotPresent
resources:
requests:
{% if openshift_prometheus_alertbuffer_memory_requests is defined and openshift_prometheus_alertbuffer_memory_requests is not none %}
- memory: "{{openshift_prometheus_alertbuffer_memory_requests}}"
+ memory: "{{ openshift_prometheus_alertbuffer_memory_requests }}"
{% endif %}
{% if openshift_prometheus_alertbuffer_cpu_requests is defined and openshift_prometheus_alertbuffer_cpu_requests is not none %}
- cpu: "{{openshift_prometheus_alertbuffer_cpu_requests}}"
+ cpu: "{{ openshift_prometheus_alertbuffer_cpu_requests }}"
{% endif %}
limits:
{% if openshift_prometheus_alertbuffer_memory_limit is defined and openshift_prometheus_alertbuffer_memory_limit is not none %}
- memory: "{{openshift_prometheus_alertbuffer_memory_limit}}"
+ memory: "{{ openshift_prometheus_alertbuffer_memory_limit }}"
{% endif %}
{% if openshift_prometheus_alertbuffer_cpu_limit is defined and openshift_prometheus_alertbuffer_cpu_limit is not none %}
- cpu: "{{openshift_prometheus_alertbuffer_cpu_limit}}"
+ cpu: "{{ openshift_prometheus_alertbuffer_cpu_limit }}"
{% endif %}
volumeMounts:
- mountPath: /alert-buffer
@@ -176,22 +176,22 @@ spec:
- name: alertmanager
args:
- -config.file=/etc/alertmanager/alertmanager.yml
- image: "{{openshift_prometheus_alertmanager_image_prefix}}prometheus-alertmanager:{{openshift_prometheus_alertmanager_image_version}}"
+ image: "{{ l_openshift_prometheus_alertmanager_image_prefix }}prometheus-alertmanager:{{ l_openshift_prometheus_alertmanager_image_version }}"
imagePullPolicy: IfNotPresent
resources:
requests:
{% if openshift_prometheus_alertmanager_memory_requests is defined and openshift_prometheus_alertmanager_memory_requests is not none %}
- memory: "{{openshift_prometheus_alertmanager_memory_requests}}"
+ memory: "{{ openshift_prometheus_alertmanager_memory_requests }}"
{% endif %}
{% if openshift_prometheus_alertmanager_cpu_requests is defined and openshift_prometheus_alertmanager_cpu_requests is not none %}
- cpu: "{{openshift_prometheus_alertmanager_cpu_requests}}"
+ cpu: "{{ openshift_prometheus_alertmanager_cpu_requests }}"
{% endif %}
limits:
{% if openshift_prometheus_alertmanager_memory_limit is defined and openshift_prometheus_alertmanager_memory_limit is not none %}
- memory: "{{openshift_prometheus_alertmanager_memory_limit}}"
+ memory: "{{ openshift_prometheus_alertmanager_memory_limit }}"
{% endif %}
{% if openshift_prometheus_alertmanager_cpu_limit is defined and openshift_prometheus_alertmanager_cpu_limit is not none %}
- cpu: "{{openshift_prometheus_alertmanager_cpu_limit}}"
+ cpu: "{{ openshift_prometheus_alertmanager_cpu_limit }}"
{% endif %}
ports:
- containerPort: 9093
diff --git a/roles/openshift_prometheus/vars/default_images.yml b/roles/openshift_prometheus/vars/default_images.yml
index 4092eb2d4..ad52a3125 100644
--- a/roles/openshift_prometheus/vars/default_images.yml
+++ b/roles/openshift_prometheus/vars/default_images.yml
@@ -1,7 +1,12 @@
---
-# image defaults
-__openshift_prometheus_image_prefix: "openshift/"
-__openshift_prometheus_image_version: "v2.0.0-dev.3"
-__openshift_prometheus_proxy_image_version: "v1.0.0"
-__openshift_prometheus_alertmanager_image_version: "v0.9.1"
-__openshift_prometheus_alertbuffer_image_version: "v0.0.2"
+# image prefix defaults
+l_openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default('openshift/') }}"
+l_openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(l_openshift_prometheus_image_prefix) }}"
+l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(l_openshift_prometheus_image_prefix) }}"
+l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}"
+
+# image version defaults
+l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v2.0.0-dev.3') }}"
+l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v1.0.0') }}"
+l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v0.9.1') }}"
+l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v0.0.2') }}"
diff --git a/roles/openshift_prometheus/vars/openshift-enterprise.yml b/roles/openshift_prometheus/vars/openshift-enterprise.yml
index 0b45e03d3..9bb4c99bb 100644
--- a/roles/openshift_prometheus/vars/openshift-enterprise.yml
+++ b/roles/openshift_prometheus/vars/openshift-enterprise.yml
@@ -1,7 +1,12 @@
---
-# image defaults
-__openshift_prometheus_image_prefix: "registry.access.redhat.com/openshift3/"
-__openshift_prometheus_image_version: "v3.7"
-__openshift_prometheus_proxy_image_version: "v3.7"
-__openshift_prometheus_alertmanager_image_version: "v3.7"
-__openshift_prometheus_alertbuffer_image_version: "v3.7"
+# image prefix defaults
+l_openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default('registry.access.redhat.com/openshift3/') }}"
+l_openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(l_openshift_prometheus_image_prefix) }}"
+l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(l_openshift_prometheus_image_prefix) }}"
+l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}"
+
+# image version defaults
+l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v3.7') }}"
+l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v3.7') }}"
+l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v3.7') }}"
+l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v3.7') }}"
diff --git a/roles/template_service_broker/tasks/install.yml b/roles/template_service_broker/tasks/install.yml
index 6a532a206..a78e4825b 100644
--- a/roles/template_service_broker/tasks/install.yml
+++ b/roles/template_service_broker/tasks/install.yml
@@ -45,7 +45,7 @@
oc process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}"
--param API_SERVER_CONFIG="{{ config['content'] | b64decode }}"
--param IMAGE="{{ template_service_broker_prefix }}{{ template_service_broker_image_name }}:{{ template_service_broker_version }}"
- | kubectl apply -f -
+ | {{ openshift.common.client_binary }} apply -f -
# reconcile with rbac
- name: Reconcile with RBAC file