diff options
| -rw-r--r-- | .tito/packages/.readme | 3 | ||||
| -rw-r--r-- | .tito/packages/openshift-ansible | 1 | ||||
| -rw-r--r-- | .tito/tito.props | 5 | ||||
| -rw-r--r-- | inventory/byo/hosts.example | 7 | ||||
| -rw-r--r-- | openshift-ansible.spec | 197 | ||||
| -rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 28 | ||||
| -rw-r--r-- | roles/openshift_master/tasks/main.yml | 5 | ||||
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 13 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/main.yml | 8 |
9 files changed, 258 insertions, 9 deletions
diff --git a/.tito/packages/.readme b/.tito/packages/.readme new file mode 100644 index 000000000..b9411e2d1 --- /dev/null +++ b/.tito/packages/.readme @@ -0,0 +1,3 @@ +the .tito/packages directory contains metadata files +named after their packages. Each file has the latest tagged +version and the project's relative directory. diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible new file mode 100644 index 000000000..adbed6b1d --- /dev/null +++ b/.tito/packages/openshift-ansible @@ -0,0 +1 @@ +3.0.2-1 ./ diff --git a/.tito/tito.props b/.tito/tito.props new file mode 100644 index 000000000..eab3f190d --- /dev/null +++ b/.tito/tito.props @@ -0,0 +1,5 @@ +[buildconfig] +builder = tito.builder.Builder +tagger = tito.tagger.VersionTagger +changelog_do_not_remove_cherrypick = 0 +changelog_format = %s (%ae) diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index 6b366cf87..dab75e17b 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -41,6 +41,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Allow all auth #openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] +# Project Configuration +#osm_project_request_message='' +#osm_project_request_template='' +#osm_mcs_allocator_range='s0:/2' +#osm_mcs_labels_per_project=5 +#osm_uid_allocator_range='1000000000-1999999999/10000' + # Configure Fluentd #use_fluentd=true diff --git a/openshift-ansible.spec b/openshift-ansible.spec new file mode 100644 index 000000000..0c754a7b9 --- /dev/null +++ b/openshift-ansible.spec @@ -0,0 +1,197 @@ +# %commit is intended to be set by tito custom builders provided +# in the .tito/lib directory. The values in this spec file will not be kept up to date. +%{!?commit: +%global commit c64d09e528ca433832c6b6e6f5c7734a9cc8ee6f +} + +Name: openshift-ansible +Version: 3.0.2 +Release: 1%{?dist} +Summary: Openshift and Atomic Enterprise Ansible +License: ASL 2.0 +URL: https://github.com/openshift/openshift-ansible +Source0: https://github.com/openshift/openshift-ansible/archive/%{commit}/%{name}-%{version}.tar.gz +BuildArch: noarch + +Requires: ansible + +%description +Openshift and Atomic Enterprise Ansible + +This repo contains Ansible code and playbooks +for Openshift and Atomic Enterprise. + +%prep +%setup -q + +%build + + +%install +# Base openshift-ansible install +mkdir -p %{buildroot}%{_datadir}/%{name} +mkdir -p %{buildroot}%{_datadir}/ansible/%{name} +mkdir -p %{buildroot}%{_datadir}/ansible_plugins + +# openshift-ansible-bin install +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{python_sitelib}/openshift_ansible +mkdir -p %{buildroot}/etc/bash_completion.d +mkdir -p %{buildroot}/etc/openshift_ansible +cp -p bin/{ossh,oscp,opssh,opscp,ohi} %{buildroot}%{_bindir} +cp -pP bin/openshift_ansible/* %{buildroot}%{python_sitelib}/openshift_ansible +cp -p bin/ossh_bash_completion %{buildroot}/etc/bash_completion.d +cp -p bin/openshift_ansible.conf.example %{buildroot}/etc/openshift_ansible/openshift_ansible.conf +# Fix links +rm -f %{buildroot}%{python_sitelib}/openshift_ansible/multi_ec2.py +rm -f %{buildroot}%{python_sitelib}/openshift_ansible/aws +ln -sf %{_datadir}/ansible/inventory/multi_ec2.py %{buildroot}%{python_sitelib}/openshift_ansible/multi_ec2.py +ln -sf %{_datadir}/ansible/inventory/aws %{buildroot}%{python_sitelib}/openshift_ansible/aws + +# openshift-ansible-docs install +# -docs are currently just %doc, no install needed + +# openshift-ansible-inventory install +mkdir -p %{buildroot}/etc/ansible +mkdir -p %{buildroot}%{_datadir}/ansible/inventory +mkdir -p %{buildroot}%{_datadir}/ansible/inventory/aws +mkdir -p %{buildroot}%{_datadir}/ansible/inventory/gce +cp -p inventory/multi_ec2.py %{buildroot}%{_datadir}/ansible/inventory +cp -p inventory/multi_ec2.yaml.example %{buildroot}/etc/ansible/multi_ec2.yaml +cp -p inventory/aws/hosts/ec2.py %{buildroot}%{_datadir}/ansible/inventory/aws +cp -p inventory/gce/hosts/gce.py %{buildroot}%{_datadir}/ansible/inventory/gce + +# openshift-ansible-playbooks install +cp -rp playbooks %{buildroot}%{_datadir}/ansible/%{name}/ + +# openshift-ansible-roles install +cp -rp roles %{buildroot}%{_datadir}/ansible/%{name}/ + +# openshift-ansible-filter-plugins install +cp -rp filter_plugins %{buildroot}%{_datadir}/ansible_plugins/ + +# openshift-ansible-lookup-plugins install +cp -rp lookup_plugins %{buildroot}%{_datadir}/ansible_plugins/ + +# Base openshift-ansible files +%files +%doc LICENSE.md README* +%dir %{_datadir}/ansible/%{name} + +# ---------------------------------------------------------------------------------- +# openshift-ansible-bin subpackage +# ---------------------------------------------------------------------------------- +%package bin +Summary: Openshift and Atomic Enterprise Ansible Scripts for working with metadata hosts +Requires: %{name}-inventory +Requires: python2 +BuildRequires: python2-devel +BuildArch: noarch + +%description bin +Scripts to make it nicer when working with hosts that are defined only by metadata. + +%files bin +%{_bindir}/* +%{python_sitelib}/openshift_ansible/ +/etc/bash_completion.d/* +%config(noreplace) /etc/openshift_ansible/ + + +# ---------------------------------------------------------------------------------- +# openshift-ansible-docs subpackage +# ---------------------------------------------------------------------------------- +%package docs +Summary: Openshift and Atomic Enterprise Ansible documents +Requires: %{name} +BuildArch: noarch + +%description docs +%{summary}. + +%files docs +%doc docs + +# ---------------------------------------------------------------------------------- +# openshift-ansible-inventory subpackage +# ---------------------------------------------------------------------------------- +%package inventory +Summary: Openshift and Atomic Enterprise Ansible Inventories +Requires: python2 +BuildArch: noarch + +%description inventory +Ansible Inventories used with the openshift-ansible scripts and playbooks. + +%files inventory +%config(noreplace) /etc/ansible/* +%dir %{_datadir}/ansible/inventory +%{_datadir}/ansible/inventory/multi_ec2.py* +%{_datadir}/ansible/inventory/aws/ec2.py* +%{_datadir}/ansible/inventory/gce/gce.py* + + +# ---------------------------------------------------------------------------------- +# openshift-ansible-playbooks subpackage +# ---------------------------------------------------------------------------------- +%package playbooks +Summary: Openshift and Atomic Enterprise Ansible Playbooks +Requires: %{name} +BuildArch: noarch + +%description playbooks +%{summary}. + +%files playbooks +%{_datadir}/ansible/%{name}/playbooks + + +# ---------------------------------------------------------------------------------- +# openshift-ansible-roles subpackage +# ---------------------------------------------------------------------------------- +%package roles +Summary: Openshift and Atomic Enterprise Ansible roles +Requires: %{name} +BuildArch: noarch + +%description roles +%{summary}. + +%files roles +%{_datadir}/ansible/%{name}/roles + + +# ---------------------------------------------------------------------------------- +# openshift-ansible-filter-plugins subpackage +# ---------------------------------------------------------------------------------- +%package filter-plugins +Summary: Openshift and Atomic Enterprise Ansible filter plugins +Requires: %{name} +BuildArch: noarch + +%description filter-plugins +%{summary}. + +%files filter-plugins +%{_datadir}/ansible_plugins/filter_plugins + + +# ---------------------------------------------------------------------------------- +# openshift-ansible-lookup-plugins subpackage +# ---------------------------------------------------------------------------------- +%package lookup-plugins +Summary: Openshift and Atomic Enterprise Ansible lookup plugins +Requires: %{name} +BuildArch: noarch + +%description lookup-plugins +%{summary}. + +%files lookup-plugins +%{_datadir}/ansible_plugins/lookup_plugins + + +%changelog +* Mon Oct 19 2015 Troy Dawson <tdawson@redhat.com> 3.0.2-1 +- Initial Package + diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 3570de693..4880e0bcb 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -362,6 +362,33 @@ def set_metrics_facts_if_unset(facts): facts['common']['use_cluster_metrics'] = use_cluster_metrics return facts +def set_project_config_facts_if_unset(facts): + """ Set Project Configuration facts if not already present in facts dict + dict: + Args: + facts (dict): existing facts + Returns: + dict: the facts dict updated with the generated Project Configuration + facts if they were not already present + + """ + + config={ + 'default_node_selector': '', + 'project_request_message': '', + 'project_request_template': '', + 'mcs_allocator_range': 's0:/2', + 'mcs_labels_per_project': 5, + 'uid_allocator_range': '1000000000-1999999999/10000' + } + + if 'master' in facts: + for key,value in config.items(): + if key not in facts['master']: + facts['master'][key] = value + + return facts + def set_identity_providers_if_unset(facts): """ Set identity_providers fact if not already present in facts dict @@ -807,6 +834,7 @@ class OpenShiftFacts(object): facts = merge_facts(facts, local_facts) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) + facts = set_project_config_facts_if_unset(facts) facts = set_fluentd_facts_if_unset(facts) facts = set_node_schedulability(facts) facts = set_master_selectors(facts) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index fca41307d..94eb73346 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -52,6 +52,11 @@ default_subdomain: "{{ osm_default_subdomain | default(None) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" default_node_selector: "{{ osm_default_node_selector | default(None) }}" + project_request_message: "{{ osm_project_request_message | default(None) }}" + project_request_template: "{{ osm_project_request_template | default(None) }}" + mcs_allocator_range: "{{ osm_mcs_allocator_range | default(None) }}" + mcs_labels_per_project: "{{ osm_mcs_labels_per_project | default(None) }}" + uid_allocator_range: "{{ osm_uid_allocator_range | default(None) }}" router_selector: "{{ openshift_router_selector | default(None) }}" registry_selector: "{{ openshift_registry_selector | default(None) }}" api_server_args: "{{ osm_api_server_args | default(None) }}" diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 6e45eaad7..90234bacc 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -97,15 +97,14 @@ policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} openshiftInfrastructureNamespace: openshift-infra openshiftSharedResourcesNamespace: openshift -{# TODO: Allow users to override projectConfig items #} projectConfig: - defaultNodeSelector: "{{ openshift.master.default_node_selector | default("") }}" - projectRequestMessage: "" - projectRequestTemplate: "" + defaultNodeSelector: "{{ openshift.master.default_node_selector }}" + projectRequestMessage: "{{ openshift.master.project_request_message }}" + projectRequestTemplate: "{{ openshift.master.project_request_template }}" securityAllocator: - mcsAllocatorRange: s0:/2 - mcsLabelsPerProject: 5 - uidAllocatorRange: 1000000000-1999999999/10000 + mcsAllocatorRange: "{{ openshift.master.mcs_allocator_range }}" + mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }} + uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}" routingConfig: subdomain: "{{ openshift.master.default_subdomain | default("") }}" serviceAccountConfig: diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index a7d63befa..98271c8b3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -30,6 +30,8 @@ kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" + docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" + docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. @@ -68,12 +70,14 @@ register: docker_check # TODO: Enable secure registry when code available in origin -- name: Secure Registry +- name: Secure Registry and Logs Options lineinfile: dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ -{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" +{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \ +{% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }} {% endif %} \ +{% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '" when: docker_check.stat.isreg notify: - restart docker |