diff options
-rw-r--r-- | .tito/packages/openshift-ansible | 2 | ||||
-rw-r--r-- | inventory/byo/hosts.origin.example | 10 | ||||
-rw-r--r-- | inventory/byo/hosts.ose.example | 9 | ||||
-rw-r--r-- | openshift-ansible.spec | 25 | ||||
-rw-r--r-- | playbooks/adhoc/bootstrap-fedora.yml | 1 | ||||
-rw-r--r-- | playbooks/common/openshift-cluster/upgrades/post.yml | 1 | ||||
-rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 5 | ||||
-rw-r--r-- | roles/openshift_node/tasks/storage_plugins/nfs.yml | 8 | ||||
-rw-r--r-- | utils/src/ooinstall/oo_config.py | 6 |
9 files changed, 59 insertions, 8 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index e53f089d5..8cbc56bc0 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.3.13-1 ./ +3.3.14-1 ./ diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 8e7883f3b..8dedba9f8 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -343,6 +343,16 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #osm_cluster_network_cidr=10.1.0.0/16 #openshift_portal_net=172.30.0.0/16 + +# ExternalIPNetworkCIDRs controls what values are acceptable for the +# service external IP field. If empty, no externalIP may be set. It +# may contain a list of CIDRs which are checked for access. If a CIDR +# is prefixed with !, IPs in that CIDR will be rejected. Rejections +# will be applied first, then the IP checked against one of the +# allowed CIDRs. You should ensure this range does not overlap with +# your nodes, pods, or service CIDRs for security reasons. +#openshift_master_external_ip_network_cidrs=['0.0.0.0/0'] + # Configure number of bits to allocate to each host’s subnet e.g. 8 # would mean a /24 network on the host. #osm_host_subnet_length=8 diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 0d358146c..7b6b5fcc5 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -339,6 +339,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_portal_net=172.30.0.0/16 +# ExternalIPNetworkCIDRs controls what values are acceptable for the +# service external IP field. If empty, no externalIP may be set. It +# may contain a list of CIDRs which are checked for access. If a CIDR +# is prefixed with !, IPs in that CIDR will be rejected. Rejections +# will be applied first, then the IP checked against one of the +# allowed CIDRs. You should ensure this range does not overlap with +# your nodes, pods, or service CIDRs for security reasons. +#openshift_master_external_ip_network_cidrs=['0.0.0.0/0'] + # Configure number of bits to allocate to each host’s subnet e.g. 8 # would mean a /24 network on the host. #osm_host_subnet_length=8 diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 0413a73d4..0b8a644fc 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.3.13 +Version: 3.3.14 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -221,6 +221,29 @@ Atomic OpenShift Utilities includes %changelog +* Tue Aug 23 2016 Scott Dodson <sdodson@redhat.com> 3.3.14-1 +- a-o-i: Fix ansible_ssh_user question (smunilla@redhat.com) +- Don't run node config upgrade hook if host is not a node. + (dgoodwin@redhat.com) +- Link ca to ca-bundle when ca-bundle does not exist. (abutcher@redhat.com) +- Better error if no OpenShift RPMs are available. (dgoodwin@redhat.com) +- Revert "Due to problems with with_fileglob lets avoid using it for now" + (sdodson@redhat.com) +- Replace some virsh commands by native virt_XXX ansible module + (lhuard@amadeus.com) +- Add warning at end of 3.3 upgrade if pluginOrderOverride is found. + (dgoodwin@redhat.com) +- a-o-i: Remove Legacy Config Upgrade (smunilla@redhat.com) +- Fix etcd uninstall (sdodson@redhat.com) +- Bug 1358951 - Error loading config, no such key: 'deployment' when using + previously valid answers file (smunilla@redhat.com) +- Fix standalone Docker upgrade missing symlink. (dgoodwin@redhat.com) +- Open OpenStack security group for the service node port range + (lhuard@amadeus.com) +- Fix the “node on master” feature (lhuard@amadeus.com) +- Due to problems with with_fileglob lets avoid using it for now + (sdodson@redhat.com) + * Fri Aug 19 2016 Troy Dawson <tdawson@redhat.com> 3.3.13-1 - Fix warnings in OpenStack provider with ansible 2.1 (lhuard@amadeus.com) - Mount /sys rw (sdodson@redhat.com) diff --git a/playbooks/adhoc/bootstrap-fedora.yml b/playbooks/adhoc/bootstrap-fedora.yml index 5ca383a37..b370d7fba 100644 --- a/playbooks/adhoc/bootstrap-fedora.yml +++ b/playbooks/adhoc/bootstrap-fedora.yml @@ -1,4 +1,5 @@ - hosts: OSEv3 + gather_facts: false tasks: - name: install python and deps for ansible modules raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python python2-firewall pyOpenSSL python-cryptography diff --git a/playbooks/common/openshift-cluster/upgrades/post.yml b/playbooks/common/openshift-cluster/upgrades/post.yml index 796634a5e..e43954453 100644 --- a/playbooks/common/openshift-cluster/upgrades/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/post.yml @@ -66,6 +66,7 @@ grep pluginOrderOverride {{ openshift.common.config_base }}/master/master-config.yaml register: grep_plugin_order_override when: openshift.common.version_gte_3_3_or_1_3 | bool + failed_when: false - name: Warn if pluginOrderOverride is in use in master-config.yaml debug: msg="WARNING pluginOrderOverride is being deprecated in master-config.yaml, please see https://docs.openshift.com/enterprise/latest/architecture/additional_concepts/admission_controllers.html for more information." when: not grep_plugin_order_override | skipped and grep_plugin_order_override.rc == 0 diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 31e86f5bd..0683fa95a 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -156,6 +156,7 @@ networkConfig: {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.common.portal_net }} + externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | to_padded_yaml(1,2) }} oauthConfig: {% if 'oauth_always_show_provider_selection' in openshift.master %} alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }} @@ -173,7 +174,7 @@ oauthConfig: {% if openshift.common.version_gte_3_2_or_1_2 | bool %} masterCA: ca-bundle.crt {% else %} - masterCA: ca.rt + masterCA: ca.crt {% endif %} masterPublicURL: {{ openshift.master.public_api_url }} masterURL: {{ openshift.master.api_url }} @@ -210,7 +211,7 @@ serviceAccountConfig: {% if openshift.common.version_gte_3_2_or_1_2 | bool %} masterCA: ca-bundle.crt {% else %} - masterCA: ca.rt + masterCA: ca.crt {% endif %} privateKeyFile: serviceaccounts.private.key publicKeyFiles: diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index e384c1bd7..22b539d16 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -17,16 +17,16 @@ persistent: yes when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_nfs_output.rc == 0 -- name: Check for existence of virt_sandbox_use_nfs seboolean +- name: Check for existence of virt_sandbox_use_nfs seboolean (RHEL) command: getsebool virt_sandbox_use_nfs register: virt_sandbox_use_nfs_output - when: ansible_selinux and ansible_selinux.status == "enabled" + when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled" failed_when: false changed_when: false -- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) +- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) (RHEL) seboolean: name: virt_sandbox_use_nfs state: yes persistent: yes - when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0 + when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0 diff --git a/utils/src/ooinstall/oo_config.py b/utils/src/ooinstall/oo_config.py index 9ef07bb82..0e855f437 100644 --- a/utils/src/ooinstall/oo_config.py +++ b/utils/src/ooinstall/oo_config.py @@ -264,6 +264,12 @@ class OOConfig(object): if config.get('ansible_ssh_user', False): new_config_data['deployment']['ansible_ssh_user'] = config['ansible_ssh_user'] + if config.get('variant', False): + new_config_data['variant'] = config['variant'] + + if config.get('variant_version', False): + new_config_data['variant_version'] = config['variant_version'] + for host in config['hosts']: host_props = {} host_props['roles'] = [] |