diff options
21 files changed, 215 insertions, 83 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index d42684482..1cd7bde30 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.6.14-1 ./ +3.6.15-1 ./ diff --git a/DEPLOYMENT_TYPES.md b/DEPLOYMENT_TYPES.md index 668d14fc0..42ac5635a 100644 --- a/DEPLOYMENT_TYPES.md +++ b/DEPLOYMENT_TYPES.md @@ -1,18 +1,17 @@ #Deployment Types -This module supports OpenShift Origin, OpenShift Enterprise, and Atomic -Enterprise Platform. Each deployment type sets various defaults used throughout -your environment. +This module supports OpenShift Origin and OpenShift Enterprise Each deployment +type sets various defaults used throughout your environment. The table below outlines the defaults per `deployment_type`. -| deployment_type | origin | enterprise (< 3.1) | atomic-enterprise | openshift-enterprise (>= 3.1) | -|-----------------------------------------------------------------|------------------------------------------|----------------------------------------|----------------------------------|----------------------------------| -| **openshift.common.service_type** (also used for package names) | origin | openshift | atomic-openshift | | -| **openshift.common.config_base** | /etc/origin | /etc/openshift | /etc/origin | /etc/origin | -| **openshift.common.data_dir** | /var/lib/origin | /var/lib/openshift | /var/lib/origin | /var/lib/origin | -| **openshift.master.registry_url openshift.node.registry_url** | openshift/origin-${component}:${version} | openshift3/ose-${component}:${version} | aos3/aos-${component}:${version} | aos3/aos-${component}:${version} | -| **Image Streams** | centos | rhel + xpaas | N/A | rhel | +| deployment_type | origin | enterprise (< 3.1) | openshift-enterprise (>= 3.1) | +|-----------------------------------------------------------------|------------------------------------------|----------------------------------------|----------------------------------| +| **openshift.common.service_type** (also used for package names) | origin | openshift | | +| **openshift.common.config_base** | /etc/origin | /etc/openshift | /etc/origin | +| **openshift.common.data_dir** | /var/lib/origin | /var/lib/openshift | /var/lib/origin | +| **openshift.master.registry_url openshift.node.registry_url** | openshift/origin-${component}:${version} | openshift3/ose-${component}:${version} | aos3/aos-${component}:${version} | +| **Image Streams** | centos | rhel + xpaas | rhel | **NOTE** `enterprise` deployment type is used for OpenShift Enterprise version diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index a619f9ccb..b11fbc407 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -21,13 +21,16 @@ import pkg_resources import yaml from ansible import errors -# pylint no-name-in-module and import-error disabled here because pylint -# fails to properly detect the packages when installed in a virtualenv -from ansible.compat.six import string_types # pylint:disable=no-name-in-module,import-error -from ansible.compat.six.moves.urllib.parse import urlparse # pylint:disable=no-name-in-module,import-error -from ansible.module_utils._text import to_text from ansible.parsing.yaml.dumper import AnsibleDumper +# ansible.compat.six goes away with Ansible 2.4 +try: + from ansible.compat.six import string_types, u + from ansible.compat.six.moves.urllib.parse import urlparse +except ImportError: + from ansible.module_utils.six import string_types, u + from ansible.module_utils.six.moves.urllib.parse import urlparse + HAS_OPENSSL = False try: import OpenSSL.crypto @@ -655,11 +658,11 @@ def to_padded_yaml(data, level=0, indent=2, **kw): return "" try: - transformed = yaml.dump(data, indent=indent, allow_unicode=True, - default_flow_style=False, - Dumper=AnsibleDumper, **kw) + transformed = u(yaml.dump(data, indent=indent, allow_unicode=True, + default_flow_style=False, + Dumper=AnsibleDumper, **kw)) padded = "\n".join([" " * level * indent + line for line in transformed.splitlines()]) - return to_text("\n{0}".format(padded)) + return "\n{0}".format(padded) except Exception as my_e: raise errors.AnsibleFilterError('Failed to convert: %s' % my_e) diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index d61f033f8..27914e60a 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -757,13 +757,18 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # by deployment_type=origin #openshift_enable_origin_repo=false -# Validity of the auto-generated certificates in days. +# Validity of the auto-generated OpenShift certificates in days. # See also openshift_hosted_registry_cert_expire_days above. # #openshift_ca_cert_expire_days=1825 #openshift_node_cert_expire_days=730 #openshift_master_cert_expire_days=730 +# Validity of the auto-generated external etcd certificates in days. +# Controls validity for etcd CA, peer, server and client certificates. +# +#etcd_ca_default_days=1825 + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 823d6f58f..f0269bff8 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -754,13 +754,18 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Enable API service auditing, available as of 3.2 #openshift_master_audit_config={"basicAuditEnabled": true} -# Validity of the auto-generated certificates in days. +# Validity of the auto-generated OpenShift certificates in days. # See also openshift_hosted_registry_cert_expire_days above. # #openshift_ca_cert_expire_days=1825 #openshift_node_cert_expire_days=730 #openshift_master_cert_expire_days=730 +# Validity of the auto-generated external etcd certificates in days. +# Controls validity for etcd CA, peer, server and client certificates. +# +#etcd_ca_default_days=1825 + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 7ffe69a79..992fe63c2 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -9,7 +9,7 @@ %global __requires_exclude ^/usr/bin/ansible-playbook$ Name: openshift-ansible -Version: 3.6.14 +Version: 3.6.15 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -270,6 +270,11 @@ Atomic OpenShift Utilities includes %changelog +* Tue Apr 04 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.15-1 +- Document etcd_ca_default_days in example inventories. (abutcher@redhat.com) +- Fixed a bug. Ansible requires a msg param when module.fail_json. + (kwoodson@redhat.com) + * Sat Apr 01 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.14-1 - Update v1.5 content (sdodson@redhat.com) - Add v1.6 content (sdodson@redhat.com) diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml index e82996cf4..8c8062585 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml @@ -66,7 +66,7 @@ --signer-cert={{ openshift.common.config_base }}/master/ca.crt --signer-key={{ openshift.common.config_base }}/master/ca.key --signer-serial={{ openshift.common.config_base }}/master/ca.serial.txt - --hostnames="{{ docker_registry_service_ip.results.clusterip }},docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}" + --hostnames="{{ docker_registry_service_ip.results.clusterip }},docker-registry.default.svc,docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}" --cert={{ openshift.common.config_base }}/master/registry.crt --key={{ openshift.common.config_base }}/master/registry.key {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} diff --git a/roles/lib_openshift/library/oc_configmap.py b/roles/lib_openshift/library/oc_configmap.py index 96345ffe0..c60f4661c 100644 --- a/roles/lib_openshift/library/oc_configmap.py +++ b/roles/lib_openshift/library/oc_configmap.py @@ -1524,6 +1524,10 @@ class OCConfigMap(OpenShiftCLI): if state == 'list': return {'changed': False, 'results': api_rval, 'state': state} + if not params['name']: + return {'failed': True, + 'msg': 'Please specify a name when state is absent|present.'} + ######## # Delete ######## diff --git a/roles/lib_openshift/library/oc_process.py b/roles/lib_openshift/library/oc_process.py index d487746eb..112d9ab5f 100644 --- a/roles/lib_openshift/library/oc_process.py +++ b/roles/lib_openshift/library/oc_process.py @@ -1545,7 +1545,7 @@ class OCProcess(OpenShiftCLI): if api_rval['returncode'] != 0: return {"failed": True, "msg" : api_rval} - return {"changed" : False, "results": api_rval, "state": "list"} + return {"changed" : False, "results": api_rval, "state": state} elif state == 'present': if check_mode and params['create']: @@ -1567,9 +1567,9 @@ class OCProcess(OpenShiftCLI): return {"failed": True, "msg": api_rval} if params['create']: - return {"changed": True, "results": api_rval, "state": "present"} + return {"changed": True, "results": api_rval, "state": state} - return {"changed": False, "results": api_rval, "state": "present"} + return {"changed": False, "results": api_rval, "state": state} # verify results update = False @@ -1584,13 +1584,13 @@ class OCProcess(OpenShiftCLI): update = True if not update: - return {"changed": update, "results": api_rval, "state": "present"} + return {"changed": update, "results": api_rval, "state": state} for cmd in rval: if cmd['returncode'] != 0: - return {"failed": True, "changed": update, "results": rval, "state": "present"} + return {"failed": True, "changed": update, "msg": rval, "state": state} - return {"changed": update, "results": rval, "state": "present"} + return {"changed": update, "results": rval, "state": state} # -*- -*- -*- End included fragment: class/oc_process.py -*- -*- -*- diff --git a/roles/lib_openshift/src/class/oc_configmap.py b/roles/lib_openshift/src/class/oc_configmap.py index 87de3e1df..de77d1102 100644 --- a/roles/lib_openshift/src/class/oc_configmap.py +++ b/roles/lib_openshift/src/class/oc_configmap.py @@ -127,6 +127,10 @@ class OCConfigMap(OpenShiftCLI): if state == 'list': return {'changed': False, 'results': api_rval, 'state': state} + if not params['name']: + return {'failed': True, + 'msg': 'Please specify a name when state is absent|present.'} + ######## # Delete ######## diff --git a/roles/lib_openshift/src/class/oc_process.py b/roles/lib_openshift/src/class/oc_process.py index 9d29938aa..eba9a43cd 100644 --- a/roles/lib_openshift/src/class/oc_process.py +++ b/roles/lib_openshift/src/class/oc_process.py @@ -136,7 +136,7 @@ class OCProcess(OpenShiftCLI): if api_rval['returncode'] != 0: return {"failed": True, "msg" : api_rval} - return {"changed" : False, "results": api_rval, "state": "list"} + return {"changed" : False, "results": api_rval, "state": state} elif state == 'present': if check_mode and params['create']: @@ -158,9 +158,9 @@ class OCProcess(OpenShiftCLI): return {"failed": True, "msg": api_rval} if params['create']: - return {"changed": True, "results": api_rval, "state": "present"} + return {"changed": True, "results": api_rval, "state": state} - return {"changed": False, "results": api_rval, "state": "present"} + return {"changed": False, "results": api_rval, "state": state} # verify results update = False @@ -175,11 +175,11 @@ class OCProcess(OpenShiftCLI): update = True if not update: - return {"changed": update, "results": api_rval, "state": "present"} + return {"changed": update, "results": api_rval, "state": state} for cmd in rval: if cmd['returncode'] != 0: - return {"failed": True, "changed": update, "results": rval, "state": "present"} + return {"failed": True, "changed": update, "msg": rval, "state": state} - return {"changed": update, "results": rval, "state": "present"} + return {"changed": update, "results": rval, "state": state} diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index e1f4c4e6d..7edf141e5 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -936,7 +936,9 @@ def set_version_facts_if_unset(facts): facts['common']['version_gte_3_5_or_1_5'] = version_gte_3_5_or_1_5 facts['common']['version_gte_3_6_or_1_6'] = version_gte_3_6_or_1_6 - if version_gte_3_5_or_1_5: + if version_gte_3_6_or_1_6: + examples_content_version = 'v1.6' + elif version_gte_3_5_or_1_5: examples_content_version = 'v1.5' elif version_gte_3_4_or_1_4: examples_content_version = 'v1.4' diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index 8a159bf73..29c164f52 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -53,7 +53,8 @@ signer_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" hostnames: - "{{ docker_registry_service_ip.results.clusterip }}" - - docker-registry.default.svc.cluster.local + - "{{ openshift_hosted_registry_name }}.default.svc" + - "{{ openshift_hosted_registry_name }}.default.svc.{{ openshift.common.dns_domain }}" - "{{ docker_registry_route_hostname }}" cert: "{{ openshift_master_config_dir }}/registry.crt" key: "{{ openshift_master_config_dir }}/registry.key" diff --git a/roles/openshift_logging/tasks/generate_pems.yaml b/roles/openshift_logging/tasks/generate_pems.yaml index 289b72ea6..e8cececfb 100644 --- a/roles/openshift_logging/tasks/generate_pems.yaml +++ b/roles/openshift_logging/tasks/generate_pems.yaml @@ -15,6 +15,7 @@ -subj "/CN={{component}}/OU=OpenShift/O=Logging/subjectAltName=DNS.1=localhost{{cert_ext.stdout}}" -days 712 -nodes when: - not key_file.stat.exists + - cert_ext is defined - cert_ext.stdout is defined check_mode: no @@ -24,7 +25,7 @@ -subj "/CN={{component}}/OU=OpenShift/O=Logging" -days 712 -nodes when: - not key_file.stat.exists - - cert_ext.stdout is undefined + - cert_ext is undefined or cert_ext is defined and cert_ext.stdout is undefined check_mode: no - name: Sign cert request with CA for {{component}} diff --git a/roles/openshift_logging/tasks/procure_server_certs.yaml b/roles/openshift_logging/tasks/procure_server_certs.yaml index 44dd5e894..7ab140357 100644 --- a/roles/openshift_logging/tasks/procure_server_certs.yaml +++ b/roles/openshift_logging/tasks/procure_server_certs.yaml @@ -11,12 +11,18 @@ - name: Trying to discover server cert variable name for {{ cert_info.procure_component }} set_fact: procure_component_crt={{ lookup('env', '{{cert_info.procure_component}}' + '_crt') }} - when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined + when: + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined check_mode: no - name: Trying to discover the server key variable name for {{ cert_info.procure_component }} set_fact: procure_component_key={{ lookup('env', '{{cert_info.procure_component}}' + '_key') }} - when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined + when: + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined check_mode: no - name: Creating signed server cert and key for {{ cert_info.procure_component }} @@ -27,26 +33,26 @@ --signer-serial={{generated_certs_dir}}/ca.serial.txt check_mode: no when: - - cert_info.hostnames is defined - - not component_key_file.stat.exists - - not component_cert_file.stat.exists + - cert_info.hostnames is defined + - not component_key_file.stat.exists + - not component_cert_file.stat.exists - name: Copying server key for {{ cert_info.procure_component }} to generated certs directory copy: content="{{procure_component_key}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.key check_mode: no when: - - cert_info.hostnames is undefined - - "{{ cert_info.procure_component }}_crt is defined" - - "{{ cert_info.procure_component }}_key is defined" - - not component_key_file.stat.exists - - not component_cert_file.stat.exists + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined + - not component_key_file.stat.exists + - not component_cert_file.stat.exists - name: Copying Server cert for {{ cert_info.procure_component }} to generated certs directory copy: content="{{procure_component_crt}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.crt check_mode: no when: - - cert_info.hostnames is undefined - - "{{ cert_info.procure_component }}_crt is defined" - - "{{ cert_info.procure_component }}_key is defined" - - not component_key_file.stat.exists - - not component_cert_file.stat.exists + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined + - not component_key_file.stat.exists + - not component_cert_file.stat.exists diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py index 01806c97f..e570392ff 100644 --- a/roles/openshift_master_facts/filter_plugins/openshift_master.py +++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py @@ -14,9 +14,12 @@ from distutils.version import LooseVersion # pylint: disable=no-name-in-module, from ansible import errors from ansible.parsing.yaml.dumper import AnsibleDumper from ansible.plugins.filter.core import to_bool as ansible_bool -# pylint import-error disabled because pylint cannot find the package -# when installed in a virtualenv -from ansible.compat.six import string_types # pylint: disable=no-name-in-module,import-error + +# ansible.compat.six goes away with Ansible 2.4 +try: + from ansible.compat.six import string_types, u +except ImportError: + from ansible.module_utils.six import string_types, u import yaml @@ -490,10 +493,10 @@ class FilterModule(object): idp_list.append(idp_inst) IdentityProviderBase.validate_idp_list(idp_list, openshift_version, deployment_type) - return yaml.dump([idp.to_dict() for idp in idp_list], - allow_unicode=True, - default_flow_style=False, - Dumper=AnsibleDumper) + return u(yaml.dump([idp.to_dict() for idp in idp_list], + allow_unicode=True, + default_flow_style=False, + Dumper=AnsibleDumper)) @staticmethod def validate_pcs_cluster(data, masters=None): diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index 35953b744..c3d001bb4 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -9,16 +9,55 @@ # be used by default. Users must indicate what they want. - fail: msg: "Must specify openshift_release or openshift_image_tag in inventory to install origin. (suggestion: add openshift_release=\"1.2\" to inventory)" - when: is_containerized | bool and openshift.common.deployment_type == 'origin' and openshift_release is not defined and openshift_image_tag is not defined + when: + - is_containerized | bool + - openshift.common.deployment_type == 'origin' + - openshift_release is not defined + - openshift_image_tag is not defined # Normalize some values that we need in a certain format that might be confusing: - set_fact: - openshift_image_tag: "{{ 'v' + openshift_image_tag }}" - when: openshift_image_tag is defined and openshift_image_tag[0] != 'v' and openshift_image_tag != 'latest' + openshift_release: "{{ openshift_release[1:] }}" + when: + - openshift_release is defined + - openshift_release[0] == 'v' - set_fact: - openshift_pkg_version: "{{ '-' + openshift_pkg_version }}" - when: openshift_pkg_version is defined and openshift_pkg_version[0] != '-' + openshift_release: "{{ openshift_release | string }}" + when: openshift_release is defined + +# Verify that the image tag is in a valid format +- block: + + # Verifies that when the deployment type is origin the version: + # - starts with a v + # - Has 3 integers seperated by dots + # It also allows for optional trailing data which: + # - must start with a dash + # - may contain numbers, letters, dashes and dots. + - name: Verify Origin openshift_image_tag is valid + assert: + that: + - "{{ openshift_image_tag|match('(^v?\\d+\\.\\d+\\.\\d+(-[\\w\\-\\.]*)?$)') }}" + msg: "openshift_image_tag must be in the format v#.#.#[-optional.#]. Examples: v1.2.3, v3.5.1-alpha.1" + when: openshift.common.deployment_type == 'origin' + + # Verifies that when the deployment type is openshift-enterprise the version: + # - starts with a v + # - Has at least 2 integers seperated by dots + # It also allows for optional trailing data which: + # - must start with a dash + # - may contain numbers + - name: Verify Enterprise openshift_image_tag is valid + assert: + that: + - "{{ openshift_image_tag|match('(^v\\d+\\.\\d+[\\.\\d+]*(-\\d+)?$)') }}" + msg: "openshift_image_tag must be in the format v#.#[.#[.#]]. Examples: v1.2, v3.4.1, v3.5.1.3, v1.2-1, v1.2.3-4" + when: openshift.common.deployment_type == 'openshift-enterprise' + + when: + - openshift_image_tag is defined + - openshift_image_tag != "latest" # Make sure we copy this to a fact if given a var: - set_fact: @@ -30,7 +69,10 @@ - name: Use openshift.common.version fact as version to configure if already installed set_fact: openshift_version: "{{ openshift.common.version }}" - when: openshift.common.version is defined and openshift_version is not defined and openshift_protect_installed_version | bool + when: + - openshift.common.version is defined + - openshift_version is not defined + - openshift_protect_installed_version | bool - name: Set openshift_version for rpm installation include: set_version_rpm.yml @@ -40,17 +82,39 @@ include: set_version_containerized.yml when: is_containerized | bool +# Warn if the user has provided an openshift_image_tag but is not doing a containerized install +# NOTE: This will need to be modified/removed for future container + rpm installations work. +- name: Warn if openshift_image_tag is defined when not doing a containerized install + debug: + msg: > + openshift_image_tag is used for containerized installs. If you are trying to + specify an image for a non-container install see oreg_url. + when: + - not is_containerized | bool + - openshift_image_tag is defined + + # At this point we know openshift_version is set appropriately. Now we set # openshift_image_tag and openshift_pkg_version, so all roles can always assume # each of this variables *will* be set correctly and can use them per their # intended purpose. -- set_fact: - openshift_image_tag: v{{ openshift_version }} +- block: + - debug: + msg: "openshift_image_tag was not defined. Falling back to v{{ openshift_version }}" + + - set_fact: + openshift_image_tag: v{{ openshift_version }} + when: openshift_image_tag is not defined -- set_fact: - openshift_pkg_version: -{{ openshift_version }} +- block: + - debug: + msg: "openshift_pkg_version was not defined. Falling back to -{{ openshift_version }}" + + - set_fact: + openshift_pkg_version: -{{ openshift_version }} + when: openshift_pkg_version is not defined - fail: @@ -67,13 +131,18 @@ - fail: msg: "No OpenShift version available, please ensure your systems are fully registered and have access to appropriate yum repositories." - when: not is_containerized | bool and openshift_version == '0.0' + when: + - not is_containerized | bool + - openshift_version == '0.0' # We can't map an openshift_release to full rpm version like we can with containers, make sure # the rpm version we looked up matches the release requested and error out if not. - fail: msg: "Detected OpenShift version {{ openshift_version }} does not match requested openshift_release {{ openshift_release }}. You may need to adjust your yum repositories, inventory, or run the appropriate OpenShift upgrade playbook." - when: not is_containerized | bool and openshift_release is defined and not openshift_version.startswith(openshift_release) | bool + when: + - not is_containerized | bool + - openshift_release is defined + - not openshift_version.startswith(openshift_release) | bool # The end result of these three variables is quite important so make sure they are displayed and logged: - debug: var=openshift_release diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml index cd0f20ae9..0ec4c49d6 100644 --- a/roles/openshift_version/tasks/set_version_containerized.yml +++ b/roles/openshift_version/tasks/set_version_containerized.yml @@ -4,12 +4,16 @@ # Expects a leading "v" in inventory, strip it off here unless # openshift_image_tag=latest openshift_version: "{{ openshift_image_tag[1:].split('-')[0] if openshift_image_tag != 'latest' else openshift_image_tag }}" - when: openshift_image_tag is defined and openshift_version is not defined + when: + - openshift_image_tag is defined + - openshift_version is not defined - name: Set containerized version to configure if openshift_release specified set_fact: openshift_version: "{{ openshift_release }}" - when: openshift_release is defined and openshift_version is not defined + when: + - openshift_release is defined + - openshift_version is not defined - name: Lookup latest containerized version if no version specified command: > @@ -20,7 +24,10 @@ # Origin latest = pre-release version (i.e. v1.3.0-alpha.1-321-gb095e3a) - set_fact: openshift_version: "{{ (cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-'))[1:] }}" - when: openshift_version is not defined and openshift.common.deployment_type == 'origin' and cli_image_version.stdout_lines[0].split('-') | length > 1 + when: + - openshift_version is not defined + - openshift.common.deployment_type == 'origin' + - cli_image_version.stdout_lines[0].split('-') | length > 1 - set_fact: openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" @@ -32,11 +39,15 @@ command: > docker run --rm {{ openshift.common.cli_image }}:v{{ openshift_version }} version register: cli_image_version - when: openshift_version is defined and openshift_version.split('.') | length == 2 + when: + - openshift_version is defined + - openshift_version.split('.') | length == 2 - set_fact: openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" - when: openshift_version is defined and openshift_version.split('.') | length == 2 + when: + - openshift_version is defined + - openshift_version.split('.') | length == 2 # We finally have the specific version. Now we clean up any strange # dangly +c0mm1t-offset tags in the version. See also, diff --git a/roles/openshift_version/tasks/set_version_rpm.yml b/roles/openshift_version/tasks/set_version_rpm.yml index 0c2ef4bb7..c7604af1a 100644 --- a/roles/openshift_version/tasks/set_version_rpm.yml +++ b/roles/openshift_version/tasks/set_version_rpm.yml @@ -3,7 +3,9 @@ set_fact: # Expects a leading "-" in inventory, strip it off here, and remove trailing release, openshift_version: "{{ openshift_pkg_version[1:].split('-')[0] }}" - when: openshift_pkg_version is defined and openshift_version is not defined + when: + - openshift_pkg_version is defined + - openshift_version is not defined # if {{ openshift.common.service_type}}-excluder is enabled, # the repoquery for {{ openshift.common.service_type}} will not work. diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml index 2b40eee1b..4b2979887 100644 --- a/roles/os_firewall/tasks/firewall/firewalld.yml +++ b/roles/os_firewall/tasks/firewall/firewalld.yml @@ -34,6 +34,12 @@ pause: seconds=10 when: result | changed +- name: Restart polkitd + systemd: + name: polkit + state: restarted + when: result | changed + # Fix suspected race between firewalld and polkit BZ1436964 - name: Wait for polkit action to have been created command: pkaction --action-id=org.fedoraproject.FirewallD1.config.info diff --git a/utils/src/ooinstall/ansible_plugins/facts_callback.py b/utils/src/ooinstall/ansible_plugins/facts_callback.py index c881e4b92..433e29dde 100644 --- a/utils/src/ooinstall/ansible_plugins/facts_callback.py +++ b/utils/src/ooinstall/ansible_plugins/facts_callback.py @@ -7,6 +7,12 @@ import yaml from ansible.plugins.callback import CallbackBase from ansible.parsing.yaml.dumper import AnsibleDumper +# ansible.compat.six goes away with Ansible 2.4 +try: + from ansible.compat.six import u +except ImportError: + from ansible.module_utils.six import u + # pylint: disable=super-init-not-called class CallbackModule(CallbackBase): @@ -39,10 +45,10 @@ class CallbackModule(CallbackBase): facts = abridged_result['result']['ansible_facts']['openshift'] hosts_yaml = {} hosts_yaml[res._host.get_name()] = facts - to_dump = yaml.dump(hosts_yaml, - allow_unicode=True, - default_flow_style=False, - Dumper=AnsibleDumper) + to_dump = u(yaml.dump(hosts_yaml, + allow_unicode=True, + default_flow_style=False, + Dumper=AnsibleDumper)) os.write(self.hosts_yaml, to_dump) def v2_runner_on_skipped(self, res): |