summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.tito/packages/openshift-ansible2
-rw-r--r--DEPLOYMENT_TYPES.md19
-rw-r--r--filter_plugins/oo_filters.py21
-rw-r--r--inventory/byo/hosts.origin.example7
-rw-r--r--inventory/byo/hosts.ose.example7
-rw-r--r--openshift-ansible.spec7
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/registry.yml2
-rw-r--r--roles/lib_openshift/library/oc_configmap.py4
-rw-r--r--roles/lib_openshift/library/oc_process.py12
-rw-r--r--roles/lib_openshift/src/class/oc_configmap.py4
-rw-r--r--roles/lib_openshift/src/class/oc_process.py12
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py4
-rw-r--r--roles/openshift_hosted/tasks/registry/secure.yml3
-rw-r--r--roles/openshift_logging/tasks/generate_pems.yaml3
-rw-r--r--roles/openshift_logging/tasks/procure_server_certs.yaml36
-rw-r--r--roles/openshift_master_facts/filter_plugins/openshift_master.py17
-rw-r--r--roles/openshift_version/tasks/main.yml93
-rw-r--r--roles/openshift_version/tasks/set_version_containerized.yml21
-rw-r--r--roles/openshift_version/tasks/set_version_rpm.yml4
-rw-r--r--roles/os_firewall/tasks/firewall/firewalld.yml6
-rw-r--r--utils/src/ooinstall/ansible_plugins/facts_callback.py14
21 files changed, 215 insertions, 83 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible
index d42684482..1cd7bde30 100644
--- a/.tito/packages/openshift-ansible
+++ b/.tito/packages/openshift-ansible
@@ -1 +1 @@
-3.6.14-1 ./
+3.6.15-1 ./
diff --git a/DEPLOYMENT_TYPES.md b/DEPLOYMENT_TYPES.md
index 668d14fc0..42ac5635a 100644
--- a/DEPLOYMENT_TYPES.md
+++ b/DEPLOYMENT_TYPES.md
@@ -1,18 +1,17 @@
#Deployment Types
-This module supports OpenShift Origin, OpenShift Enterprise, and Atomic
-Enterprise Platform. Each deployment type sets various defaults used throughout
-your environment.
+This module supports OpenShift Origin and OpenShift Enterprise Each deployment
+type sets various defaults used throughout your environment.
The table below outlines the defaults per `deployment_type`.
-| deployment_type | origin | enterprise (< 3.1) | atomic-enterprise | openshift-enterprise (>= 3.1) |
-|-----------------------------------------------------------------|------------------------------------------|----------------------------------------|----------------------------------|----------------------------------|
-| **openshift.common.service_type** (also used for package names) | origin | openshift | atomic-openshift | |
-| **openshift.common.config_base** | /etc/origin | /etc/openshift | /etc/origin | /etc/origin |
-| **openshift.common.data_dir** | /var/lib/origin | /var/lib/openshift | /var/lib/origin | /var/lib/origin |
-| **openshift.master.registry_url openshift.node.registry_url** | openshift/origin-${component}:${version} | openshift3/ose-${component}:${version} | aos3/aos-${component}:${version} | aos3/aos-${component}:${version} |
-| **Image Streams** | centos | rhel + xpaas | N/A | rhel |
+| deployment_type | origin | enterprise (< 3.1) | openshift-enterprise (>= 3.1) |
+|-----------------------------------------------------------------|------------------------------------------|----------------------------------------|----------------------------------|
+| **openshift.common.service_type** (also used for package names) | origin | openshift | |
+| **openshift.common.config_base** | /etc/origin | /etc/openshift | /etc/origin |
+| **openshift.common.data_dir** | /var/lib/origin | /var/lib/openshift | /var/lib/origin |
+| **openshift.master.registry_url openshift.node.registry_url** | openshift/origin-${component}:${version} | openshift3/ose-${component}:${version} | aos3/aos-${component}:${version} |
+| **Image Streams** | centos | rhel + xpaas | rhel |
**NOTE** `enterprise` deployment type is used for OpenShift Enterprise version
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index a619f9ccb..b11fbc407 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -21,13 +21,16 @@ import pkg_resources
import yaml
from ansible import errors
-# pylint no-name-in-module and import-error disabled here because pylint
-# fails to properly detect the packages when installed in a virtualenv
-from ansible.compat.six import string_types # pylint:disable=no-name-in-module,import-error
-from ansible.compat.six.moves.urllib.parse import urlparse # pylint:disable=no-name-in-module,import-error
-from ansible.module_utils._text import to_text
from ansible.parsing.yaml.dumper import AnsibleDumper
+# ansible.compat.six goes away with Ansible 2.4
+try:
+ from ansible.compat.six import string_types, u
+ from ansible.compat.six.moves.urllib.parse import urlparse
+except ImportError:
+ from ansible.module_utils.six import string_types, u
+ from ansible.module_utils.six.moves.urllib.parse import urlparse
+
HAS_OPENSSL = False
try:
import OpenSSL.crypto
@@ -655,11 +658,11 @@ def to_padded_yaml(data, level=0, indent=2, **kw):
return ""
try:
- transformed = yaml.dump(data, indent=indent, allow_unicode=True,
- default_flow_style=False,
- Dumper=AnsibleDumper, **kw)
+ transformed = u(yaml.dump(data, indent=indent, allow_unicode=True,
+ default_flow_style=False,
+ Dumper=AnsibleDumper, **kw))
padded = "\n".join([" " * level * indent + line for line in transformed.splitlines()])
- return to_text("\n{0}".format(padded))
+ return "\n{0}".format(padded)
except Exception as my_e:
raise errors.AnsibleFilterError('Failed to convert: %s' % my_e)
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index d61f033f8..27914e60a 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -757,13 +757,18 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# by deployment_type=origin
#openshift_enable_origin_repo=false
-# Validity of the auto-generated certificates in days.
+# Validity of the auto-generated OpenShift certificates in days.
# See also openshift_hosted_registry_cert_expire_days above.
#
#openshift_ca_cert_expire_days=1825
#openshift_node_cert_expire_days=730
#openshift_master_cert_expire_days=730
+# Validity of the auto-generated external etcd certificates in days.
+# Controls validity for etcd CA, peer, server and client certificates.
+#
+#etcd_ca_default_days=1825
+
# host group for masters
[masters]
ose3-master[1:3]-ansible.test.example.com
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index 823d6f58f..f0269bff8 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -754,13 +754,18 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Enable API service auditing, available as of 3.2
#openshift_master_audit_config={"basicAuditEnabled": true}
-# Validity of the auto-generated certificates in days.
+# Validity of the auto-generated OpenShift certificates in days.
# See also openshift_hosted_registry_cert_expire_days above.
#
#openshift_ca_cert_expire_days=1825
#openshift_node_cert_expire_days=730
#openshift_master_cert_expire_days=730
+# Validity of the auto-generated external etcd certificates in days.
+# Controls validity for etcd CA, peer, server and client certificates.
+#
+#etcd_ca_default_days=1825
+
# host group for masters
[masters]
ose3-master[1:3]-ansible.test.example.com
diff --git a/openshift-ansible.spec b/openshift-ansible.spec
index 7ffe69a79..992fe63c2 100644
--- a/openshift-ansible.spec
+++ b/openshift-ansible.spec
@@ -9,7 +9,7 @@
%global __requires_exclude ^/usr/bin/ansible-playbook$
Name: openshift-ansible
-Version: 3.6.14
+Version: 3.6.15
Release: 1%{?dist}
Summary: Openshift and Atomic Enterprise Ansible
License: ASL 2.0
@@ -270,6 +270,11 @@ Atomic OpenShift Utilities includes
%changelog
+* Tue Apr 04 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.15-1
+- Document etcd_ca_default_days in example inventories. (abutcher@redhat.com)
+- Fixed a bug. Ansible requires a msg param when module.fail_json.
+ (kwoodson@redhat.com)
+
* Sat Apr 01 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.14-1
- Update v1.5 content (sdodson@redhat.com)
- Add v1.6 content (sdodson@redhat.com)
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
index e82996cf4..8c8062585 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
@@ -66,7 +66,7 @@
--signer-cert={{ openshift.common.config_base }}/master/ca.crt
--signer-key={{ openshift.common.config_base }}/master/ca.key
--signer-serial={{ openshift.common.config_base }}/master/ca.serial.txt
- --hostnames="{{ docker_registry_service_ip.results.clusterip }},docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}"
+ --hostnames="{{ docker_registry_service_ip.results.clusterip }},docker-registry.default.svc,docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}"
--cert={{ openshift.common.config_base }}/master/registry.crt
--key={{ openshift.common.config_base }}/master/registry.key
{% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %}
diff --git a/roles/lib_openshift/library/oc_configmap.py b/roles/lib_openshift/library/oc_configmap.py
index 96345ffe0..c60f4661c 100644
--- a/roles/lib_openshift/library/oc_configmap.py
+++ b/roles/lib_openshift/library/oc_configmap.py
@@ -1524,6 +1524,10 @@ class OCConfigMap(OpenShiftCLI):
if state == 'list':
return {'changed': False, 'results': api_rval, 'state': state}
+ if not params['name']:
+ return {'failed': True,
+ 'msg': 'Please specify a name when state is absent|present.'}
+
########
# Delete
########
diff --git a/roles/lib_openshift/library/oc_process.py b/roles/lib_openshift/library/oc_process.py
index d487746eb..112d9ab5f 100644
--- a/roles/lib_openshift/library/oc_process.py
+++ b/roles/lib_openshift/library/oc_process.py
@@ -1545,7 +1545,7 @@ class OCProcess(OpenShiftCLI):
if api_rval['returncode'] != 0:
return {"failed": True, "msg" : api_rval}
- return {"changed" : False, "results": api_rval, "state": "list"}
+ return {"changed" : False, "results": api_rval, "state": state}
elif state == 'present':
if check_mode and params['create']:
@@ -1567,9 +1567,9 @@ class OCProcess(OpenShiftCLI):
return {"failed": True, "msg": api_rval}
if params['create']:
- return {"changed": True, "results": api_rval, "state": "present"}
+ return {"changed": True, "results": api_rval, "state": state}
- return {"changed": False, "results": api_rval, "state": "present"}
+ return {"changed": False, "results": api_rval, "state": state}
# verify results
update = False
@@ -1584,13 +1584,13 @@ class OCProcess(OpenShiftCLI):
update = True
if not update:
- return {"changed": update, "results": api_rval, "state": "present"}
+ return {"changed": update, "results": api_rval, "state": state}
for cmd in rval:
if cmd['returncode'] != 0:
- return {"failed": True, "changed": update, "results": rval, "state": "present"}
+ return {"failed": True, "changed": update, "msg": rval, "state": state}
- return {"changed": update, "results": rval, "state": "present"}
+ return {"changed": update, "results": rval, "state": state}
# -*- -*- -*- End included fragment: class/oc_process.py -*- -*- -*-
diff --git a/roles/lib_openshift/src/class/oc_configmap.py b/roles/lib_openshift/src/class/oc_configmap.py
index 87de3e1df..de77d1102 100644
--- a/roles/lib_openshift/src/class/oc_configmap.py
+++ b/roles/lib_openshift/src/class/oc_configmap.py
@@ -127,6 +127,10 @@ class OCConfigMap(OpenShiftCLI):
if state == 'list':
return {'changed': False, 'results': api_rval, 'state': state}
+ if not params['name']:
+ return {'failed': True,
+ 'msg': 'Please specify a name when state is absent|present.'}
+
########
# Delete
########
diff --git a/roles/lib_openshift/src/class/oc_process.py b/roles/lib_openshift/src/class/oc_process.py
index 9d29938aa..eba9a43cd 100644
--- a/roles/lib_openshift/src/class/oc_process.py
+++ b/roles/lib_openshift/src/class/oc_process.py
@@ -136,7 +136,7 @@ class OCProcess(OpenShiftCLI):
if api_rval['returncode'] != 0:
return {"failed": True, "msg" : api_rval}
- return {"changed" : False, "results": api_rval, "state": "list"}
+ return {"changed" : False, "results": api_rval, "state": state}
elif state == 'present':
if check_mode and params['create']:
@@ -158,9 +158,9 @@ class OCProcess(OpenShiftCLI):
return {"failed": True, "msg": api_rval}
if params['create']:
- return {"changed": True, "results": api_rval, "state": "present"}
+ return {"changed": True, "results": api_rval, "state": state}
- return {"changed": False, "results": api_rval, "state": "present"}
+ return {"changed": False, "results": api_rval, "state": state}
# verify results
update = False
@@ -175,11 +175,11 @@ class OCProcess(OpenShiftCLI):
update = True
if not update:
- return {"changed": update, "results": api_rval, "state": "present"}
+ return {"changed": update, "results": api_rval, "state": state}
for cmd in rval:
if cmd['returncode'] != 0:
- return {"failed": True, "changed": update, "results": rval, "state": "present"}
+ return {"failed": True, "changed": update, "msg": rval, "state": state}
- return {"changed": update, "results": rval, "state": "present"}
+ return {"changed": update, "results": rval, "state": state}
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index e1f4c4e6d..7edf141e5 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -936,7 +936,9 @@ def set_version_facts_if_unset(facts):
facts['common']['version_gte_3_5_or_1_5'] = version_gte_3_5_or_1_5
facts['common']['version_gte_3_6_or_1_6'] = version_gte_3_6_or_1_6
- if version_gte_3_5_or_1_5:
+ if version_gte_3_6_or_1_6:
+ examples_content_version = 'v1.6'
+ elif version_gte_3_5_or_1_5:
examples_content_version = 'v1.5'
elif version_gte_3_4_or_1_4:
examples_content_version = 'v1.4'
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 8a159bf73..29c164f52 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -53,7 +53,8 @@
signer_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
hostnames:
- "{{ docker_registry_service_ip.results.clusterip }}"
- - docker-registry.default.svc.cluster.local
+ - "{{ openshift_hosted_registry_name }}.default.svc"
+ - "{{ openshift_hosted_registry_name }}.default.svc.{{ openshift.common.dns_domain }}"
- "{{ docker_registry_route_hostname }}"
cert: "{{ openshift_master_config_dir }}/registry.crt"
key: "{{ openshift_master_config_dir }}/registry.key"
diff --git a/roles/openshift_logging/tasks/generate_pems.yaml b/roles/openshift_logging/tasks/generate_pems.yaml
index 289b72ea6..e8cececfb 100644
--- a/roles/openshift_logging/tasks/generate_pems.yaml
+++ b/roles/openshift_logging/tasks/generate_pems.yaml
@@ -15,6 +15,7 @@
-subj "/CN={{component}}/OU=OpenShift/O=Logging/subjectAltName=DNS.1=localhost{{cert_ext.stdout}}" -days 712 -nodes
when:
- not key_file.stat.exists
+ - cert_ext is defined
- cert_ext.stdout is defined
check_mode: no
@@ -24,7 +25,7 @@
-subj "/CN={{component}}/OU=OpenShift/O=Logging" -days 712 -nodes
when:
- not key_file.stat.exists
- - cert_ext.stdout is undefined
+ - cert_ext is undefined or cert_ext is defined and cert_ext.stdout is undefined
check_mode: no
- name: Sign cert request with CA for {{component}}
diff --git a/roles/openshift_logging/tasks/procure_server_certs.yaml b/roles/openshift_logging/tasks/procure_server_certs.yaml
index 44dd5e894..7ab140357 100644
--- a/roles/openshift_logging/tasks/procure_server_certs.yaml
+++ b/roles/openshift_logging/tasks/procure_server_certs.yaml
@@ -11,12 +11,18 @@
- name: Trying to discover server cert variable name for {{ cert_info.procure_component }}
set_fact: procure_component_crt={{ lookup('env', '{{cert_info.procure_component}}' + '_crt') }}
- when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined
+ when:
+ - cert_info.hostnames is undefined
+ - cert_info[ cert_info.procure_component + '_crt' ] is defined
+ - cert_info[ cert_info.procure_component + '_key' ] is defined
check_mode: no
- name: Trying to discover the server key variable name for {{ cert_info.procure_component }}
set_fact: procure_component_key={{ lookup('env', '{{cert_info.procure_component}}' + '_key') }}
- when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined
+ when:
+ - cert_info.hostnames is undefined
+ - cert_info[ cert_info.procure_component + '_crt' ] is defined
+ - cert_info[ cert_info.procure_component + '_key' ] is defined
check_mode: no
- name: Creating signed server cert and key for {{ cert_info.procure_component }}
@@ -27,26 +33,26 @@
--signer-serial={{generated_certs_dir}}/ca.serial.txt
check_mode: no
when:
- - cert_info.hostnames is defined
- - not component_key_file.stat.exists
- - not component_cert_file.stat.exists
+ - cert_info.hostnames is defined
+ - not component_key_file.stat.exists
+ - not component_cert_file.stat.exists
- name: Copying server key for {{ cert_info.procure_component }} to generated certs directory
copy: content="{{procure_component_key}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.key
check_mode: no
when:
- - cert_info.hostnames is undefined
- - "{{ cert_info.procure_component }}_crt is defined"
- - "{{ cert_info.procure_component }}_key is defined"
- - not component_key_file.stat.exists
- - not component_cert_file.stat.exists
+ - cert_info.hostnames is undefined
+ - cert_info[ cert_info.procure_component + '_crt' ] is defined
+ - cert_info[ cert_info.procure_component + '_key' ] is defined
+ - not component_key_file.stat.exists
+ - not component_cert_file.stat.exists
- name: Copying Server cert for {{ cert_info.procure_component }} to generated certs directory
copy: content="{{procure_component_crt}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.crt
check_mode: no
when:
- - cert_info.hostnames is undefined
- - "{{ cert_info.procure_component }}_crt is defined"
- - "{{ cert_info.procure_component }}_key is defined"
- - not component_key_file.stat.exists
- - not component_cert_file.stat.exists
+ - cert_info.hostnames is undefined
+ - cert_info[ cert_info.procure_component + '_crt' ] is defined
+ - cert_info[ cert_info.procure_component + '_key' ] is defined
+ - not component_key_file.stat.exists
+ - not component_cert_file.stat.exists
diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py
index 01806c97f..e570392ff 100644
--- a/roles/openshift_master_facts/filter_plugins/openshift_master.py
+++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py
@@ -14,9 +14,12 @@ from distutils.version import LooseVersion # pylint: disable=no-name-in-module,
from ansible import errors
from ansible.parsing.yaml.dumper import AnsibleDumper
from ansible.plugins.filter.core import to_bool as ansible_bool
-# pylint import-error disabled because pylint cannot find the package
-# when installed in a virtualenv
-from ansible.compat.six import string_types # pylint: disable=no-name-in-module,import-error
+
+# ansible.compat.six goes away with Ansible 2.4
+try:
+ from ansible.compat.six import string_types, u
+except ImportError:
+ from ansible.module_utils.six import string_types, u
import yaml
@@ -490,10 +493,10 @@ class FilterModule(object):
idp_list.append(idp_inst)
IdentityProviderBase.validate_idp_list(idp_list, openshift_version, deployment_type)
- return yaml.dump([idp.to_dict() for idp in idp_list],
- allow_unicode=True,
- default_flow_style=False,
- Dumper=AnsibleDumper)
+ return u(yaml.dump([idp.to_dict() for idp in idp_list],
+ allow_unicode=True,
+ default_flow_style=False,
+ Dumper=AnsibleDumper))
@staticmethod
def validate_pcs_cluster(data, masters=None):
diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml
index 35953b744..c3d001bb4 100644
--- a/roles/openshift_version/tasks/main.yml
+++ b/roles/openshift_version/tasks/main.yml
@@ -9,16 +9,55 @@
# be used by default. Users must indicate what they want.
- fail:
msg: "Must specify openshift_release or openshift_image_tag in inventory to install origin. (suggestion: add openshift_release=\"1.2\" to inventory)"
- when: is_containerized | bool and openshift.common.deployment_type == 'origin' and openshift_release is not defined and openshift_image_tag is not defined
+ when:
+ - is_containerized | bool
+ - openshift.common.deployment_type == 'origin'
+ - openshift_release is not defined
+ - openshift_image_tag is not defined
# Normalize some values that we need in a certain format that might be confusing:
- set_fact:
- openshift_image_tag: "{{ 'v' + openshift_image_tag }}"
- when: openshift_image_tag is defined and openshift_image_tag[0] != 'v' and openshift_image_tag != 'latest'
+ openshift_release: "{{ openshift_release[1:] }}"
+ when:
+ - openshift_release is defined
+ - openshift_release[0] == 'v'
- set_fact:
- openshift_pkg_version: "{{ '-' + openshift_pkg_version }}"
- when: openshift_pkg_version is defined and openshift_pkg_version[0] != '-'
+ openshift_release: "{{ openshift_release | string }}"
+ when: openshift_release is defined
+
+# Verify that the image tag is in a valid format
+- block:
+
+ # Verifies that when the deployment type is origin the version:
+ # - starts with a v
+ # - Has 3 integers seperated by dots
+ # It also allows for optional trailing data which:
+ # - must start with a dash
+ # - may contain numbers, letters, dashes and dots.
+ - name: Verify Origin openshift_image_tag is valid
+ assert:
+ that:
+ - "{{ openshift_image_tag|match('(^v?\\d+\\.\\d+\\.\\d+(-[\\w\\-\\.]*)?$)') }}"
+ msg: "openshift_image_tag must be in the format v#.#.#[-optional.#]. Examples: v1.2.3, v3.5.1-alpha.1"
+ when: openshift.common.deployment_type == 'origin'
+
+ # Verifies that when the deployment type is openshift-enterprise the version:
+ # - starts with a v
+ # - Has at least 2 integers seperated by dots
+ # It also allows for optional trailing data which:
+ # - must start with a dash
+ # - may contain numbers
+ - name: Verify Enterprise openshift_image_tag is valid
+ assert:
+ that:
+ - "{{ openshift_image_tag|match('(^v\\d+\\.\\d+[\\.\\d+]*(-\\d+)?$)') }}"
+ msg: "openshift_image_tag must be in the format v#.#[.#[.#]]. Examples: v1.2, v3.4.1, v3.5.1.3, v1.2-1, v1.2.3-4"
+ when: openshift.common.deployment_type == 'openshift-enterprise'
+
+ when:
+ - openshift_image_tag is defined
+ - openshift_image_tag != "latest"
# Make sure we copy this to a fact if given a var:
- set_fact:
@@ -30,7 +69,10 @@
- name: Use openshift.common.version fact as version to configure if already installed
set_fact:
openshift_version: "{{ openshift.common.version }}"
- when: openshift.common.version is defined and openshift_version is not defined and openshift_protect_installed_version | bool
+ when:
+ - openshift.common.version is defined
+ - openshift_version is not defined
+ - openshift_protect_installed_version | bool
- name: Set openshift_version for rpm installation
include: set_version_rpm.yml
@@ -40,17 +82,39 @@
include: set_version_containerized.yml
when: is_containerized | bool
+# Warn if the user has provided an openshift_image_tag but is not doing a containerized install
+# NOTE: This will need to be modified/removed for future container + rpm installations work.
+- name: Warn if openshift_image_tag is defined when not doing a containerized install
+ debug:
+ msg: >
+ openshift_image_tag is used for containerized installs. If you are trying to
+ specify an image for a non-container install see oreg_url.
+ when:
+ - not is_containerized | bool
+ - openshift_image_tag is defined
+
+
# At this point we know openshift_version is set appropriately. Now we set
# openshift_image_tag and openshift_pkg_version, so all roles can always assume
# each of this variables *will* be set correctly and can use them per their
# intended purpose.
-- set_fact:
- openshift_image_tag: v{{ openshift_version }}
+- block:
+ - debug:
+ msg: "openshift_image_tag was not defined. Falling back to v{{ openshift_version }}"
+
+ - set_fact:
+ openshift_image_tag: v{{ openshift_version }}
+
when: openshift_image_tag is not defined
-- set_fact:
- openshift_pkg_version: -{{ openshift_version }}
+- block:
+ - debug:
+ msg: "openshift_pkg_version was not defined. Falling back to -{{ openshift_version }}"
+
+ - set_fact:
+ openshift_pkg_version: -{{ openshift_version }}
+
when: openshift_pkg_version is not defined
- fail:
@@ -67,13 +131,18 @@
- fail:
msg: "No OpenShift version available, please ensure your systems are fully registered and have access to appropriate yum repositories."
- when: not is_containerized | bool and openshift_version == '0.0'
+ when:
+ - not is_containerized | bool
+ - openshift_version == '0.0'
# We can't map an openshift_release to full rpm version like we can with containers, make sure
# the rpm version we looked up matches the release requested and error out if not.
- fail:
msg: "Detected OpenShift version {{ openshift_version }} does not match requested openshift_release {{ openshift_release }}. You may need to adjust your yum repositories, inventory, or run the appropriate OpenShift upgrade playbook."
- when: not is_containerized | bool and openshift_release is defined and not openshift_version.startswith(openshift_release) | bool
+ when:
+ - not is_containerized | bool
+ - openshift_release is defined
+ - not openshift_version.startswith(openshift_release) | bool
# The end result of these three variables is quite important so make sure they are displayed and logged:
- debug: var=openshift_release
diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml
index cd0f20ae9..0ec4c49d6 100644
--- a/roles/openshift_version/tasks/set_version_containerized.yml
+++ b/roles/openshift_version/tasks/set_version_containerized.yml
@@ -4,12 +4,16 @@
# Expects a leading "v" in inventory, strip it off here unless
# openshift_image_tag=latest
openshift_version: "{{ openshift_image_tag[1:].split('-')[0] if openshift_image_tag != 'latest' else openshift_image_tag }}"
- when: openshift_image_tag is defined and openshift_version is not defined
+ when:
+ - openshift_image_tag is defined
+ - openshift_version is not defined
- name: Set containerized version to configure if openshift_release specified
set_fact:
openshift_version: "{{ openshift_release }}"
- when: openshift_release is defined and openshift_version is not defined
+ when:
+ - openshift_release is defined
+ - openshift_version is not defined
- name: Lookup latest containerized version if no version specified
command: >
@@ -20,7 +24,10 @@
# Origin latest = pre-release version (i.e. v1.3.0-alpha.1-321-gb095e3a)
- set_fact:
openshift_version: "{{ (cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-'))[1:] }}"
- when: openshift_version is not defined and openshift.common.deployment_type == 'origin' and cli_image_version.stdout_lines[0].split('-') | length > 1
+ when:
+ - openshift_version is not defined
+ - openshift.common.deployment_type == 'origin'
+ - cli_image_version.stdout_lines[0].split('-') | length > 1
- set_fact:
openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}"
@@ -32,11 +39,15 @@
command: >
docker run --rm {{ openshift.common.cli_image }}:v{{ openshift_version }} version
register: cli_image_version
- when: openshift_version is defined and openshift_version.split('.') | length == 2
+ when:
+ - openshift_version is defined
+ - openshift_version.split('.') | length == 2
- set_fact:
openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}"
- when: openshift_version is defined and openshift_version.split('.') | length == 2
+ when:
+ - openshift_version is defined
+ - openshift_version.split('.') | length == 2
# We finally have the specific version. Now we clean up any strange
# dangly +c0mm1t-offset tags in the version. See also,
diff --git a/roles/openshift_version/tasks/set_version_rpm.yml b/roles/openshift_version/tasks/set_version_rpm.yml
index 0c2ef4bb7..c7604af1a 100644
--- a/roles/openshift_version/tasks/set_version_rpm.yml
+++ b/roles/openshift_version/tasks/set_version_rpm.yml
@@ -3,7 +3,9 @@
set_fact:
# Expects a leading "-" in inventory, strip it off here, and remove trailing release,
openshift_version: "{{ openshift_pkg_version[1:].split('-')[0] }}"
- when: openshift_pkg_version is defined and openshift_version is not defined
+ when:
+ - openshift_pkg_version is defined
+ - openshift_version is not defined
# if {{ openshift.common.service_type}}-excluder is enabled,
# the repoquery for {{ openshift.common.service_type}} will not work.
diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml
index 2b40eee1b..4b2979887 100644
--- a/roles/os_firewall/tasks/firewall/firewalld.yml
+++ b/roles/os_firewall/tasks/firewall/firewalld.yml
@@ -34,6 +34,12 @@
pause: seconds=10
when: result | changed
+- name: Restart polkitd
+ systemd:
+ name: polkit
+ state: restarted
+ when: result | changed
+
# Fix suspected race between firewalld and polkit BZ1436964
- name: Wait for polkit action to have been created
command: pkaction --action-id=org.fedoraproject.FirewallD1.config.info
diff --git a/utils/src/ooinstall/ansible_plugins/facts_callback.py b/utils/src/ooinstall/ansible_plugins/facts_callback.py
index c881e4b92..433e29dde 100644
--- a/utils/src/ooinstall/ansible_plugins/facts_callback.py
+++ b/utils/src/ooinstall/ansible_plugins/facts_callback.py
@@ -7,6 +7,12 @@ import yaml
from ansible.plugins.callback import CallbackBase
from ansible.parsing.yaml.dumper import AnsibleDumper
+# ansible.compat.six goes away with Ansible 2.4
+try:
+ from ansible.compat.six import u
+except ImportError:
+ from ansible.module_utils.six import u
+
# pylint: disable=super-init-not-called
class CallbackModule(CallbackBase):
@@ -39,10 +45,10 @@ class CallbackModule(CallbackBase):
facts = abridged_result['result']['ansible_facts']['openshift']
hosts_yaml = {}
hosts_yaml[res._host.get_name()] = facts
- to_dump = yaml.dump(hosts_yaml,
- allow_unicode=True,
- default_flow_style=False,
- Dumper=AnsibleDumper)
+ to_dump = u(yaml.dump(hosts_yaml,
+ allow_unicode=True,
+ default_flow_style=False,
+ Dumper=AnsibleDumper))
os.write(self.hosts_yaml, to_dump)
def v2_runner_on_skipped(self, res):