diff options
8 files changed, 72 insertions, 50 deletions
diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml index 6d83d2527..18f99728c 100644 --- a/playbooks/common/openshift-cluster/initialize_facts.yml +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -1,7 +1,11 @@ --- +- name: Ensure that all non-node hosts are accessible + hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_nfs_to_config + any_errors_fatal: true + tasks: + - name: Initialize host facts hosts: oo_all_hosts - any_errors_fatal: true roles: - openshift_facts tasks: diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml index 2f384ddea..a1bd1bd92 100644 --- a/playbooks/common/openshift-cluster/initialize_openshift_version.yml +++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml @@ -12,9 +12,10 @@ {{ repoquery_cmd }} --installed --qf '%{version}' "yum" register: yum_ver_test changed_when: false + when: not openshift.common.is_atomic | bool - fail: msg: Incompatible versions of yum and subscription-manager found. You may need to update yum and yum-utils. - when: "'Plugin \"search-disabled-repos\" requires API 2.7. Supported API is 2.6.' in yum_ver_test.stdout" + when: "not openshift.common.is_atomic | bool and 'Plugin \"search-disabled-repos\" requires API 2.7. Supported API is 2.6.' in yum_ver_test.stdout" - name: Determine openshift_version to configure on first master hosts: oo_first_master diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 4824eeef3..e28da5713 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -139,6 +139,8 @@ - role: nuage_node when: openshift.common.use_nuage | bool - role: nickhammond.logrotate + - role: openshift_manage_node + openshift_master_host: "{{ groups.oo_first_master.0 }}" tasks: - name: Create group for deployment type group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }} @@ -152,35 +154,3 @@ tasks: - file: name={{ mktemp.stdout }} state=absent changed_when: False - -- name: Set node schedulability - hosts: oo_first_master - vars: - openshift_nodes: "{{ groups.oo_nodes_to_config | default([]) }}" - pre_tasks: - # Necessary because when you're on a node that's also a master the master will be - # restarted after the node restarts docker and it will take up to 60 seconds for - # systemd to start the master again - - name: Wait for master API to become available before proceeding - # Using curl here since the uri module requires python-httplib2 and - # wait_for port doesn't provide health information. - command: > - curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} - --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} - {{ openshift.master.api_url }}/healthz/ready - args: - # Disables the following warning: - # Consider using get_url or uri module rather than running curl - warn: no - register: api_available_output - until: api_available_output.stdout == 'ok' - retries: 120 - delay: 1 - changed_when: false - when: openshift.common.is_containerized | bool - roles: - - openshift_manage_node diff --git a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml index b7604580c..87b30aee4 100644 --- a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml @@ -13,7 +13,7 @@ # unsupported in 1.9.+ #service_account_permissions: "datastore,logging-write" tags: - - created-by-{{ lookup('env', 'LOGNAME') |default(cluster, true) }} + - created-by-{{ lookup('env', 'LOGNAME') | regex_replace('[^a-z0-9]+', '') | default(cluster, true) }} - environment-{{ cluster_env }} - clusterid-{{ cluster_id }} - host-type-{{ type }} diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index 28e4e46e9..88cdd2d89 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -3,18 +3,51 @@ command: mktemp -d /tmp/openshift-ansible-XXXXXX register: mktemp changed_when: False + delegate_to: "{{ openshift_master_host }}" + run_once: true - set_fact: openshift_manage_node_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + delegate_to: "{{ openshift_master_host }}" + run_once: true - name: Copy the admin client config(s) command: > cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_manage_node_kubeconfig }} changed_when: False + delegate_to: "{{ openshift_master_host }}" + run_once: true + +# Necessary because when you're on a node that's also a master the master will be +# restarted after the node restarts docker and it will take up to 60 seconds for +# systemd to start the master again +- name: Wait for master API to become available before proceeding + # Using curl here since the uri module requires python-httplib2 and + # wait_for port doesn't provide health information. + command: > + curl --silent --tlsv1.2 + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} + {{ openshift_node_master_api_url }}/healthz/ready + args: + # Disables the following warning: + # Consider using get_url or uri module rather than running curl + warn: no + register: api_available_output + until: api_available_output.stdout == 'ok' + retries: 120 + delay: 1 + changed_when: false + when: openshift.common.is_containerized | bool + delegate_to: "{{ openshift_master_host }}" + run_once: true - name: Wait for Node Registration command: > - {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.node.nodename }} + {{ openshift.common.client_binary }} get node {{ openshift.node.nodename }} --config={{ openshift_manage_node_kubeconfig }} -n default register: omd_get_node @@ -22,26 +55,29 @@ retries: 50 delay: 5 changed_when: false - with_items: "{{ openshift_nodes }}" + when: "'nodename' in openshift.node" + delegate_to: "{{ openshift_master_host }}" - name: Set node schedulability command: > - {{ openshift.common.client_binary }} adm manage-node {{ hostvars[item].openshift.node.nodename }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }} + {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename }} --schedulable={{ 'true' if openshift.node.schedulable | bool else 'false' }} --config={{ openshift_manage_node_kubeconfig }} -n default - with_items: "{{ openshift_nodes }}" - when: hostvars[item].openshift.node.nodename is defined + when: "'nodename' in openshift.node" + delegate_to: "{{ openshift_master_host }}" - name: Label nodes command: > - {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.node.nodename }} {{ hostvars[item].openshift.node.labels | oo_combine_dict }} + {{ openshift.common.client_binary }} label --overwrite node {{ openshift.node.nodename }} {{ openshift.node.labels | oo_combine_dict }} --config={{ openshift_manage_node_kubeconfig }} -n default - with_items: "{{ openshift_nodes }}" - when: hostvars[item].openshift.node.nodename is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {} + when: "'nodename' in openshift.node and 'labels' in openshift.node and openshift.node.labels != {}" + delegate_to: "{{ openshift_master_host }}" - name: Delete temp directory file: name: "{{ mktemp.stdout }}" state: absent changed_when: False + delegate_to: "{{ openshift_master_host }}" + run_once: true diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 3364fe1b3..612cc0e20 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -40,9 +40,15 @@ state: present when: not openshift.common.is_containerized | bool +- name: Check for tuned package + command: rpm -q tuned + register: tuned_installed + changed_when: false + failed_when: false + - name: Set atomic-guest tuned profile command: "tuned-adm profile atomic-guest" - when: openshift.common.is_atomic | bool + when: tuned_installed.rc == 0 and openshift.common.is_atomic | bool - name: Install sdn-ovs package package: diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index ced0fa663..c3d5efb9e 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -36,6 +36,7 @@ if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then UPSTREAM_DNS_TMP=`mktemp` UPSTREAM_DNS_TMP_SORTED=`mktemp` CURRENT_UPSTREAM_DNS_SORTED=`mktemp` + NEW_RESOLV_CONF=`mktemp` ###################################################################### # couldn't find an existing method to determine if the interface owns the @@ -85,13 +86,17 @@ EOF systemctl restart dnsmasq fi - sed -i '0,/^nameserver/ s/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf - - if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then - echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> /etc/resolv.conf + # Only if dnsmasq is running properly make it our only nameserver + if `systemctl -q is-active dnsmasq.service`; then + sed -e '/^nameserver.*$/d' /etc/resolv.conf > ${NEW_RESOLV_CONF} + echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF} + if ! grep -q '99-origin-dns.sh' ${NEW_RESOLV_CONF}; then + echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF} + fi + cp -Z ${NEW_RESOLV_CONF} /etc/resolv.conf fi fi # Clean up after yourself - rm -f $UPSTREAM_DNS_TMP $UPSTREAM_DNS_TMP_SORTED $CURRENT_UPSTREAM_DNS_SORTED + rm -f $UPSTREAM_DNS_TMP $UPSTREAM_DNS_TMP_SORTED $CURRENT_UPSTREAM_DNS_SORTED $NEW_RESOLV_CONF fi diff --git a/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 b/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 index 0f3d84e75..3c4d2f56c 100644 --- a/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 +++ b/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 @@ -11,7 +11,7 @@ "capacity": { "storage": "{{ osnl_volume_size }}Gi" }, - "accessModes": [ "ReadWriteMany" ], + "accessModes": [ "ReadWriteOnce", "ReadWriteMany" ], "persistentVolumeReclaimPolicy": "Recycle", "nfs": { "Server": "{{ inventory_hostname }}", |