summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--.tito/packages/openshift-ansible2
-rw-r--r--filter_plugins/oo_filters.py30
-rw-r--r--inventory/byo/hosts.aep.example43
-rw-r--r--inventory/byo/hosts.origin.example43
-rw-r--r--inventory/byo/hosts.ose.example43
-rwxr-xr-xlibrary/modify_yaml.py (renamed from playbooks/common/openshift-master/library/modify_yaml.py)0
-rw-r--r--openshift-ansible.spec9
-rw-r--r--playbooks/adhoc/uninstall.yml1
-rw-r--r--playbooks/byo/openshift-cluster/config.yml18
-rw-r--r--playbooks/byo/openshift-cluster/enable_dnsmasq.yml18
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml29
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml29
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml27
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml50
-rw-r--r--playbooks/byo/openshift-master/restart.yml18
-rw-r--r--playbooks/byo/openshift-master/scaleup.yml18
-rw-r--r--playbooks/byo/openshift-node/scaleup.yml18
-rw-r--r--playbooks/byo/openshift_facts.yml12
-rw-r--r--playbooks/common/openshift-cluster/config.yml2
-rw-r--r--playbooks/common/openshift-cluster/enable_dnsmasq.yml66
-rw-r--r--playbooks/common/openshift-cluster/initialize_facts.yml7
l---------playbooks/common/openshift-cluster/library1
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml3
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j21
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster1
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml1
-rw-r--r--playbooks/common/openshift-cluster/validate_hostnames.yml2
l---------playbooks/common/openshift-master/library1
-rw-r--r--playbooks/common/openshift-node/config.yml23
-rw-r--r--playbooks/common/openshift-node/scaleup.yml5
-rw-r--r--roles/docker/tasks/main.yml4
-rw-r--r--roles/etcd_certificates/tasks/client.yml8
-rw-r--r--roles/etcd_certificates/tasks/server.yml12
-rw-r--r--roles/nuage_master/defaults/main.yaml4
-rw-r--r--roles/nuage_master/vars/main.yaml4
-rw-r--r--roles/openshift_common/meta/main.yml1
-rw-r--r--roles/openshift_docker/tasks/main.yml2
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py32
-rw-r--r--roles/openshift_manageiq/tasks/main.yaml10
-rw-r--r--roles/openshift_manageiq/vars/main.yml3
-rw-r--r--roles/openshift_master/defaults/main.yml28
-rw-r--r--roles/openshift_master/meta/main.yml22
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master.j26
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j26
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j26
-rw-r--r--roles/openshift_node/meta/main.yml1
-rw-r--r--roles/openshift_node/tasks/main.yml11
-rwxr-xr-xroles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh17
-rw-r--r--utils/src/ooinstall/openshift_ansible.py10
52 files changed, 543 insertions, 168 deletions
diff --git a/.gitignore b/.gitignore
index 626065fe1..dcea26d60 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,4 @@ multi_inventory.yaml
.vagrant
.tags*
ansible.cfg
+*.retry
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible
index 67ff60a4a..4fc92f3c7 100644
--- a/.tito/packages/openshift-ansible
+++ b/.tito/packages/openshift-ansible
@@ -1 +1 @@
-3.0.87-1 ./
+3.0.89-1 ./
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index 402103b09..e7409bf22 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -732,21 +732,22 @@ class FilterModule(object):
if 'hosted' in hostvars['openshift']:
for component in hostvars['openshift']['hosted']:
if 'storage' in hostvars['openshift']['hosted'][component]:
- kind = hostvars['openshift']['hosted'][component]['storage']['kind']
- create_pv = hostvars['openshift']['hosted'][component]['storage']['create_pv']
+ params = hostvars['openshift']['hosted'][component]['storage']
+ kind = params['kind']
+ create_pv = params['create_pv']
if kind != None and create_pv:
if kind == 'nfs':
- host = hostvars['openshift']['hosted'][component]['storage']['host']
+ host = params['host']
if host == None:
if len(groups['oo_nfs_to_config']) > 0:
host = groups['oo_nfs_to_config'][0]
else:
raise errors.AnsibleFilterError("|failed no storage host detected")
- directory = hostvars['openshift']['hosted'][component]['storage']['nfs']['directory']
- volume = hostvars['openshift']['hosted'][component]['storage']['volume']['name']
+ directory = params['nfs']['directory']
+ volume = params['volume']['name']
path = directory + '/' + volume
- size = hostvars['openshift']['hosted'][component]['storage']['volume']['size']
- access_modes = hostvars['openshift']['hosted'][component]['storage']['access_modes']
+ size = params['volume']['size']
+ access_modes = params['access_modes']
persistent_volume = dict(
name="{0}-volume".format(volume),
capacity=size,
@@ -756,6 +757,21 @@ class FilterModule(object):
server=host,
path=path)))
persistent_volumes.append(persistent_volume)
+ elif kind == 'openstack':
+ volume = params['volume']['name']
+ size = params['volume']['size']
+ access_modes = params['access_modes']
+ filesystem = params['openstack']['filesystem']
+ volume_id = params['openstack']['volumeID']
+ persistent_volume = dict(
+ name="{0}-volume".format(volume),
+ capacity=size,
+ access_modes=access_modes,
+ storage=dict(
+ cinder=dict(
+ fsType=filesystem,
+ volumeID=volume_id)))
+ persistent_volumes.append(persistent_volume)
else:
msg = "|failed invalid storage kind '{0}' for component '{1}'".format(
kind,
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example
index c18a423bf..6d03b5da8 100644
--- a/inventory/byo/hosts.aep.example
+++ b/inventory/byo/hosts.aep.example
@@ -187,6 +187,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Override the default pod eviction timeout
#openshift_master_pod_eviction_timeout=5m
+# Override the default oauth tokenConfig settings:
+# openshift_master_access_token_max_seconds=86400
+# openshift_master_auth_token_max_seconds=500
+
# default storage plugin dependencies to install, by default the ceph and
# glusterfs plugin dependencies will be installed, if available.
#osn_storage_plugin_deps=['ceph','glusterfs','iscsi']
@@ -308,9 +312,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
##
## Storage Kind
## Specifies which storage kind will be used for the registry.
-## "nfs" is the only supported kind at this time.
+## "nfs" and "openstack" are supported kinds at this time.
##openshift_hosted_registry_storage_kind=nfs
##
+## Persistent Volume Access Mode
+## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce'
+##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+##
+## Registry Volume Name
+## Specify the storage volume name. This directory will be created
+## within openshift_hosted_registry_storage_nfs_directory if
+## specifying an [nfs] group. Ex. /exports/registry
+## This variable must be supplied if using a pre-existing nfs server.
+##openshift_hosted_registry_storage_volume_name=registry
+##
+## NFS Specific Options
+##
## Storage Host
## This variable can be used to identify a pre-existing storage host
## if a storage host group corresponding to the storage kind (such as
@@ -326,15 +343,19 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
## This variable must be supplied if using a pre-existing nfs server.
##openshift_hosted_registry_storage_nfs_directory=/exports
##
-## Registry Volume Name
-## Specify the storage volume name. This directory will be created
-## within openshift_hosted_registry_storage_nfs_directory if
-## specifying an [nfs] group. Ex. /exports/registry
-## This variable must be supplied if using a pre-existing nfs server.
-##openshift_hosted_registry_storage_volume_name=registry
+## Openstack Specific Options
##
-## Persistent Volume Access Mode
-##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+## Openstack Volume ID
+## Specify the identifier of the volume to use for the registry.
+## At this time, the volume has to be created manually by the administrator.
+##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57
+##
+## Openstack Volume Size
+##openshift_hosted_registry_storage_volume_size=10Gi
+##
+## Openstack Volume Filesystem
+## Specify the filesystem that will be used when formatting the volume
+##openshift_hosted_registry_storage_openstack_filesystem=ext4
# Configure node kubelet arguments
#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
@@ -365,9 +386,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#
# Most environments don't require a proxy between openshift masters, nodes, and
# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list.
-# If all of your hosts share a common domain you may wish to disable this and
+# If all of your hosts share a common domain you may wish to disable this and
# specify that domain above.
-#openshift_generate_no_proxy_hosts: True
+#openshift_generate_no_proxy_hosts=True
#
# These options configure the BuildDefaults admission controller which injects
# environment variables into Builds. These values will default to their
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index 28298d940..826f5656f 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -192,6 +192,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Override the default pod eviction timeout
#openshift_master_pod_eviction_timeout=5m
+# Override the default oauth tokenConfig settings:
+# openshift_master_access_token_max_seconds=86400
+# openshift_master_auth_token_max_seconds=500
+
# default storage plugin dependencies to install, by default the ceph and
# glusterfs plugin dependencies will be installed, if available.
#osn_storage_plugin_deps=['ceph','glusterfs','iscsi']
@@ -313,9 +317,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
##
## Storage Kind
## Specifies which storage kind will be used for the registry.
-## nfs is the only supported kind at this time.
+## "nfs" and "openstack" are supported kinds at this time.
##openshift_hosted_registry_storage_kind=nfs
##
+## Persistent Volume Access Mode
+## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce'
+##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+##
+## Registry Volume Name
+## Specify the storage volume name. This directory will be created
+## within openshift_hosted_registry_storage_nfs_directory if
+## specifying an [nfs] group. Ex. /exports/registry
+## This variable must be supplied if using a pre-existing nfs server.
+##openshift_hosted_registry_storage_volume_name=registry
+##
+## NFS Specific Options
+##
## Storage Host
## This variable can be used to identify a pre-existing storage host
## if a storage host group corresponding to the storage kind (such as
@@ -331,15 +348,19 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
## This variable must be supplied if using a pre-existing nfs server.
##openshift_hosted_registry_storage_nfs_directory=/exports
##
-## Registry Volume Name
-## Specify the storage volume name. This directory will be created
-## within openshift_hosted_registry_storage_nfs_directory if
-## specifying an [nfs] group. Ex: /exports/registry
-## This variable must be supplied if using a pre-existing nfs server.
-##openshift_hosted_registry_storage_volume_name=registry
+## Openstack Specific Options
##
-## Persistent Volume Access Mode
-##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+## Openstack Volume ID
+## Specify the identifier of the volume to use for the registry.
+## At this time, the volume has to be created manually by the administrator.
+##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57
+##
+## Openstack Volume Size
+##openshift_hosted_registry_storage_volume_size=10Gi
+##
+## Openstack Volume Filesystem
+## Specify the filesystem that will be used when formatting the volume
+##openshift_hosted_registry_storage_openstack_filesystem=ext4
# Configure node kubelet arguments
#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
@@ -370,9 +391,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#
# Most environments don't require a proxy between openshift masters, nodes, and
# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list.
-# If all of your hosts share a common domain you may wish to disable this and
+# If all of your hosts share a common domain you may wish to disable this and
# specify that domain above.
-#openshift_generate_no_proxy_hosts: True
+#openshift_generate_no_proxy_hosts=True
#
# These options configure the BuildDefaults admission controller which injects
# environment variables into Builds. These values will default to their
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index 38adfe572..f2f436082 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -188,6 +188,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Override the default pod eviction timeout
#openshift_master_pod_eviction_timeout=5m
+# Override the default oauth tokenConfig settings:
+# openshift_master_access_token_max_seconds=86400
+# openshift_master_auth_token_max_seconds=500
+
# default storage plugin dependencies to install, by default the ceph and
# glusterfs plugin dependencies will be installed, if available.
#osn_storage_plugin_deps=['ceph','glusterfs']
@@ -309,9 +313,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
##
## Storage Kind
## Specifies which storage kind will be used for the registry.
-## "nfs" is the only supported kind at this time.
+## "nfs" and "openstack" are supported kinds at this time.
##openshift_hosted_registry_storage_kind=nfs
##
+## Persistent Volume Access Mode
+## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce'
+##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+##
+## Registry Volume Name
+## Specify the storage volume name. This directory will be created
+## within openshift_hosted_registry_storage_nfs_directory if
+## specifying an [nfs] group. Ex. /exports/registry
+## This variable must be supplied if using a pre-existing nfs server.
+##openshift_hosted_registry_storage_volume_name=registry
+##
+## NFS Specific Options
+##
## Storage Host
## This variable can be used to identify a pre-existing storage host
## if a storage host group corresponding to the storage kind (such as
@@ -327,15 +344,19 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
## This variable must be supplied if using a pre-existing nfs server.
##openshift_hosted_registry_storage_nfs_directory=/exports
##
-## Registry Volume Name
-## Specify the storage volume name. This directory will be created
-## within openshift_hosted_registry_storage_nfs_directory if
-## specifying an [nfs] group Ex: /exports/registry
-## This variable must be supplied if using a pre-existing nfs server.
-##openshift_hosted_registry_storage_volume_name=registry
+## Openstack Specific Options
##
-## Persistent Volume Access Mode
-##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+## Openstack Volume ID
+## Specify the identifier of the volume to use for the registry.
+## At this time, the volume has to be created manually by the administrator.
+##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57
+##
+## Openstack Volume Size
+##openshift_hosted_registry_storage_volume_size=10Gi
+##
+## Openstack Volume Filesystem
+## Specify the filesystem that will be used when formatting the volume
+##openshift_hosted_registry_storage_openstack_filesystem=ext4
# Configure node kubelet arguments
#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
@@ -366,9 +387,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#
# Most environments don't require a proxy between openshift masters, nodes, and
# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list.
-# If all of your hosts share a common domain you may wish to disable this and
+# If all of your hosts share a common domain you may wish to disable this and
# specify that domain above.
-#openshift_generate_no_proxy_hosts: True
+#openshift_generate_no_proxy_hosts=True
#
# These options configure the BuildDefaults admission controller which injects
# environment variables into Builds. These values will default to their
diff --git a/playbooks/common/openshift-master/library/modify_yaml.py b/library/modify_yaml.py
index a4be10ca3..a4be10ca3 100755
--- a/playbooks/common/openshift-master/library/modify_yaml.py
+++ b/library/modify_yaml.py
diff --git a/openshift-ansible.spec b/openshift-ansible.spec
index 57cc726b5..6a5695177 100644
--- a/openshift-ansible.spec
+++ b/openshift-ansible.spec
@@ -5,7 +5,7 @@
}
Name: openshift-ansible
-Version: 3.0.87
+Version: 3.0.89
Release: 1%{?dist}
Summary: Openshift and Atomic Enterprise Ansible
License: ASL 2.0
@@ -183,6 +183,13 @@ Atomic OpenShift Utilities includes
%changelog
+* Mon May 09 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.89-1
+- Use yum swap to downgrade docker (sdodson@redhat.com)
+
+* Fri May 06 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.88-1
+- Open port 53 whenever we're unsure of version (sdodson@redhat.com)
+- Fix unsafe boolean handling on use_dnsmasq (sdodson@redhat.com)
+
* Wed Apr 27 2016 Troy Dawson <tdawson@redhat.com> 3.0.87-1
- a-o-i-: Allow empty proxy (smunilla@redhat.com)
- a-o-i: Populate groups for openshift_facts (smunilla@redhat.com)
diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml
index 0755d8bc5..a407e326b 100644
--- a/playbooks/adhoc/uninstall.yml
+++ b/playbooks/adhoc/uninstall.yml
@@ -60,6 +60,7 @@
with_items:
- etcd
- firewalld
+ - atomic-openshift-master
- name: Stop additional atomic services
service: name={{ item }} state=stopped
diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml
index 5887b3208..c5479d098 100644
--- a/playbooks/byo/openshift-cluster/config.yml
+++ b/playbooks/byo/openshift-cluster/config.yml
@@ -1,7 +1,21 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: g_all_hosts
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../common/openshift-cluster/config.yml
- vars_files:
- - ../../byo/openshift-cluster/cluster_hosts.yml
vars:
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_debug_level: "{{ debug_level | default(2) }}"
diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml
new file mode 100644
index 000000000..1c8d99341
--- /dev/null
+++ b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml
@@ -0,0 +1,18 @@
+---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: g_all_hosts
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+
+- include: ../../common/openshift-cluster/enable_dnsmasq.yml
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
index 628a07752..59d275d52 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
@@ -1,13 +1,28 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0
+ fail:
+ msg: "Unsupported ansible version: {{ ansible_version }} found."
+ when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge')
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: "{{ g_all_hosts }}"
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../../../common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
- vars_files:
- - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}"
vars:
- g_etcd_hosts: "{{ groups.etcd | default([]) }}"
- g_master_hosts: "{{ groups.masters | default([]) }}"
+ # Do not allow adding hosts during upgrade.
g_new_master_hosts: []
- g_nfs_hosts: "{{ groups.nfs | default([]) }}"
- g_node_hosts: "{{ groups.nodes | default([]) }}"
- g_lb_hosts: "{{ groups.lb | default([]) }}"
+ g_new_node_hosts: []
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_deployment_type: "{{ deployment_type }}"
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
index 8fadd2ce7..239da4df0 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
@@ -1,13 +1,28 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0
+ fail:
+ msg: "Unsupported ansible version: {{ ansible_version }} found."
+ when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge')
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: "{{ g_all_hosts }}"
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
- vars_files:
- - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}"
vars:
- g_etcd_hosts: "{{ groups.etcd | default([]) }}"
- g_master_hosts: "{{ groups.masters | default([]) }}"
+ # Do not allow adding hosts during upgrade.
g_new_master_hosts: []
- g_nfs_hosts: "{{ groups.nfs | default([]) }}"
- g_node_hosts: "{{ groups.nodes | default([]) }}"
- g_lb_hosts: "{{ groups.lb | default([]) }}"
+ g_new_node_hosts: []
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_deployment_type: "{{ deployment_type }}"
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
index 42078584b..9363442aa 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
@@ -1,12 +1,29 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0
+ fail:
+ msg: "Unsupported ansible version: {{ ansible_version }} found."
+ when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge')
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: "{{ g_all_hosts }}"
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../../../common/openshift-cluster/evaluate_groups.yml
vars:
- g_etcd_hosts: "{{ groups.etcd | default([]) }}"
- g_master_hosts: "{{ groups.masters | default([]) }}"
+ # Do not allow adding hosts during upgrade.
g_new_master_hosts: []
- g_nfs_hosts: "{{ groups.nfs | default([]) }}"
- g_node_hosts: "{{ groups.nodes | default([]) }}"
- g_lb_hosts: "{{ groups.lb | default([]) }}"
+ g_new_node_hosts: []
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_deployment_type: "{{ deployment_type }}"
- include: ../../../../common/openshift-cluster/upgrades/v3_1_minor/pre.yml
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
index 0c91b51d6..24617620b 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
@@ -1,14 +1,54 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0
+ fail:
+ msg: "Unsupported ansible version: {{ ansible_version }} found."
+ when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge')
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: g_all_hosts | default([])
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../../../common/openshift-cluster/evaluate_groups.yml
vars:
- g_etcd_hosts: "{{ groups.etcd | default([]) }}"
- g_master_hosts: "{{ groups.masters | default([]) }}"
+ # Do not allow adding hosts during upgrade.
g_new_master_hosts: []
- g_nfs_hosts: "{{ groups.nfs | default([]) }}"
- g_node_hosts: "{{ groups.nodes | default([]) }}"
- g_lb_hosts: "{{ groups.lb | default([]) }}"
+ g_new_node_hosts: []
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_deployment_type: "{{ deployment_type }}"
+
+- name: Set oo_options
+ hosts: oo_all_hosts
+ tasks:
+ - set_fact:
+ openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}"
+ when: openshift_docker_additional_registries is not defined
+ - set_fact:
+ openshift_docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') }}"
+ when: openshift_docker_insecure_registries is not defined
+ - set_fact:
+ openshift_docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') }}"
+ when: openshift_docker_blocked_registries is not defined
+ - set_fact:
+ openshift_docker_options: "{{ lookup('oo_option', 'docker_options') }}"
+ when: openshift_docker_options is not defined
+ - set_fact:
+ openshift_docker_log_driver: "{{ lookup('oo_option', 'docker_log_driver') }}"
+ when: openshift_docker_log_driver is not defined
+ - set_fact:
+ openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}"
+ when: openshift_docker_log_options is not defined
+
- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml
vars:
openshift_deployment_type: "{{ deployment_type }}"
diff --git a/playbooks/byo/openshift-master/restart.yml b/playbooks/byo/openshift-master/restart.yml
index a78a6aa3d..0cf669ae3 100644
--- a/playbooks/byo/openshift-master/restart.yml
+++ b/playbooks/byo/openshift-master/restart.yml
@@ -1,4 +1,18 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: g_all_hosts
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../common/openshift-master/restart.yml
- vars_files:
- - ../../byo/openshift-cluster/cluster_hosts.yml
diff --git a/playbooks/byo/openshift-master/scaleup.yml b/playbooks/byo/openshift-master/scaleup.yml
index 18797d02a..fced79262 100644
--- a/playbooks/byo/openshift-master/scaleup.yml
+++ b/playbooks/byo/openshift-master/scaleup.yml
@@ -1,7 +1,21 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: g_all_hosts
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../common/openshift-master/scaleup.yml
- vars_files:
- - ../../byo/openshift-cluster/cluster_hosts.yml
vars:
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_debug_level: "{{ debug_level | default(2) }}"
diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml
index 0343597b5..5737bb0e0 100644
--- a/playbooks/byo/openshift-node/scaleup.yml
+++ b/playbooks/byo/openshift-node/scaleup.yml
@@ -1,7 +1,21 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: g_all_hosts
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../common/openshift-node/scaleup.yml
- vars_files:
- - ../../byo/openshift-cluster/cluster_hosts.yml
vars:
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_debug_level: "{{ debug_level | default(2) }}"
diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml
index b694b6c08..db8703db6 100644
--- a/playbooks/byo/openshift_facts.yml
+++ b/playbooks/byo/openshift_facts.yml
@@ -1,11 +1,19 @@
---
-- name: Cluster hosts
- hosts: localhost
+- hosts: localhost
connection: local
become: no
gather_facts: no
tasks:
- include_vars: openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: g_all_hosts
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: openshift-cluster/cluster_hosts.yml
- include: ../common/openshift-cluster/evaluate_groups.yml
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 99b36098a..903babc45 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -1,6 +1,8 @@
---
- include: evaluate_groups.yml
+- include: initialize_facts.yml
+
- include: validate_hostnames.yml
- name: Set oo_options
diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml
new file mode 100644
index 000000000..f2bcc872f
--- /dev/null
+++ b/playbooks/common/openshift-cluster/enable_dnsmasq.yml
@@ -0,0 +1,66 @@
+---
+- include: evaluate_groups.yml
+
+- name: Load openshift_facts
+ hosts: oo_masters_to_config:oo_nodes_to_config
+ roles:
+ - openshift_facts
+ post_tasks:
+ - fail: msg="This playbook requires a master version of at least Origin 1.1 or OSE 3.1"
+ when: not openshift.common.version_gte_3_1_1_or_1_1_1 | bool
+
+- name: Reconfigure masters to listen on our new dns_port
+ hosts: oo_masters_to_config
+ handlers:
+ - include: ../../../roles/openshift_master/handlers/main.yml
+ vars:
+ os_firewall_allow:
+ - service: skydns tcp
+ port: "{{ openshift.master.dns_port }}/tcp"
+ - service: skydns udp
+ port: "{{ openshift.master.dns_port }}/udp"
+ roles:
+ - os_firewall
+ tasks:
+ - openshift_facts:
+ role: "{{ item.role }}"
+ local_facts: "{{ item.local_facts }}"
+ with_items:
+ - role: common
+ local_facts:
+ use_dnsmasq: True
+ - role: master
+ local_facts:
+ dns_port: '8053'
+ - modify_yaml:
+ dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ yaml_key: dnsConfig.bindAddress
+ yaml_value: "{{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}"
+ notify: restart master
+ - meta: flush_handlers
+
+- name: Configure nodes for dnsmasq
+ hosts: oo_nodes_to_config
+ handlers:
+ - include: ../../../roles/openshift_node/handlers/main.yml
+ pre_tasks:
+ - openshift_facts:
+ role: "{{ item.role }}"
+ local_facts: "{{ item.local_facts }}"
+ with_items:
+ - role: common
+ local_facts:
+ use_dnsmasq: True
+ - role: node
+ local_facts:
+ dns_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+ vars:
+ openshift_deployment_type: "{{ deployment_type }}"
+ roles:
+ - openshift_node_dnsmasq
+ post_tasks:
+ - modify_yaml:
+ dest: "{{ openshift.common.config_base }}/node/node-config.yaml"
+ yaml_key: dnsIP
+ yaml_value: "{{ openshift.node.dns_ip }}"
+ notify: restart node
diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml
new file mode 100644
index 000000000..9a844e216
--- /dev/null
+++ b/playbooks/common/openshift-cluster/initialize_facts.yml
@@ -0,0 +1,7 @@
+---
+- name: Initialize host facts
+ hosts: OSEv3
+ roles:
+ - openshift_facts
+ tasks:
+ - openshift_facts:
diff --git a/playbooks/common/openshift-cluster/library b/playbooks/common/openshift-cluster/library
new file mode 120000
index 000000000..d0b7393d3
--- /dev/null
+++ b/playbooks/common/openshift-cluster/library
@@ -0,0 +1 @@
+../../../library/ \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
index 51b108f6a..5b2bf9f93 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
@@ -36,7 +36,8 @@
- name: Ensure AOS 3.0.2 or Origin 1.0.6
hosts: oo_first_master
tasks:
- fail: This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later
+ - fail:
+ msg: "This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later"
when: _new_version.stdout | version_compare('1.0.6','<') or ( _new_version.stdout | version_compare('3.0','>=' and _new_version.stdout | version_compare('3.0.2','<') )
- name: Update cluster policy
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2
new file mode 120000
index 000000000..cf20e8959
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2
@@ -0,0 +1 @@
+../../../../../roles/openshift_master/templates/atomic-openshift-master.j2 \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker
new file mode 120000
index 000000000..5a3dd12b3
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker
@@ -0,0 +1 @@
+../../../../../roles/openshift_master/templates/docker \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster
new file mode 120000
index 000000000..3ee319365
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster
@@ -0,0 +1 @@
+../../../../../roles/openshift_master/templates/docker-cluster \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster
new file mode 120000
index 000000000..f44f8eb4f
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster
@@ -0,0 +1 @@
+../../../../../roles/openshift_master/templates/native-cluster \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml
index 3fd97ac14..12e2edfb9 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml
@@ -10,6 +10,7 @@
router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', 'v' + g_new_version ) }}"
oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig"
roles:
+ - openshift_manageiq
# Create the new templates shipped in 3.2, existing templates are left
# unmodified. This prevents the subsequent role definition for
# openshift_examples from failing when trying to replace templates that do
diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml
index 0f562e019..50e25984f 100644
--- a/playbooks/common/openshift-cluster/validate_hostnames.yml
+++ b/playbooks/common/openshift-cluster/validate_hostnames.yml
@@ -1,6 +1,4 @@
---
-- include: evaluate_groups.yml
-
- name: Gather and set facts for node hosts
hosts: oo_nodes_to_config
roles:
diff --git a/playbooks/common/openshift-master/library b/playbooks/common/openshift-master/library
new file mode 120000
index 000000000..d0b7393d3
--- /dev/null
+++ b/playbooks/common/openshift-master/library
@@ -0,0 +1 @@
+../../../library/ \ No newline at end of file
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index f0bb91568..b0407ef74 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -148,15 +148,15 @@
register: g_external_etcd_flannel_cert_stat_result
when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
- set_fact:
- etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results
+ etcd_client_flannel_certs_missing: "{{ False in g_external_etcd_flannel_cert_stat_result.results
| oo_collect(attribute='stat.exists')
- | list | intersect([false])}}"
+ | list }}"
etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }}
etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
etcd_cert_prefix: node.etcd-
etcd_hostname: "{{ openshift.common.hostname }}"
etcd_ip: "{{ openshift.common.ip }}"
- when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
+ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config | length > 0 and (openshift.common.use_flannel | bool)
- name: Configure flannel etcd certificates
hosts: oo_first_etcd
@@ -166,9 +166,8 @@
pre_tasks:
- set_fact:
etcd_needing_client_certs: "{{ hostvars
- | oo_select_keys(groups['oo_nodes_to_config'])
- | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ | oo_select_keys(groups['oo_nodes_to_config'])
+ | oo_filter_list('etcd_client_flannel_certs_missing') | default([]) }}"
roles:
- role: openshift_etcd_certificates
when: openshift_use_flannel | default(false) | bool
@@ -179,8 +178,7 @@
-C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
args:
creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ with_items: etcd_needing_client_certs | default([])
- name: Retrieve the etcd cert tarballs
fetch:
src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
@@ -188,8 +186,7 @@
flat: yes
fail_on_missing: yes
validate_checksum: yes
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ with_items: etcd_needing_client_certs | default([])
- name: Copy the external etcd flannel certs to the nodes
hosts: oo_nodes_to_config
@@ -200,12 +197,12 @@
file:
path: "{{ openshift.common.config_base }}/node"
state: directory
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ when: etcd_client_flannel_certs_missing | default(false) | bool
- name: Unarchive the tarball on the master
unarchive:
src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
dest: "{{ etcd_cert_config_dir }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ when: etcd_client_flannel_certs_missing | default(false) | bool
- file:
path: "{{ etcd_cert_config_dir }}/{{ item }}"
owner: root
@@ -215,7 +212,7 @@
- node.etcd-client.crt
- node.etcd-client.key
- node.etcd-ca.crt
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ when: etcd_client_flannel_certs_missing | default(false) | bool
- name: Additional node config
diff --git a/playbooks/common/openshift-node/scaleup.yml b/playbooks/common/openshift-node/scaleup.yml
index d36f7acea..1d79db353 100644
--- a/playbooks/common/openshift-node/scaleup.yml
+++ b/playbooks/common/openshift-node/scaleup.yml
@@ -1,6 +1,11 @@
---
- include: ../openshift-cluster/evaluate_groups.yml
+- name: Gather facts
+ hosts: oo_etcd_to_config:oo_masters_to_config:oo_nodes_to_config
+ roles:
+ - openshift_facts
+
- name: Configure docker hosts
hosts: oo_nodes_to_config
vars:
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index e4a31c692..b9b2666fb 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -16,7 +16,7 @@
when: docker_storage_check.stat.exists | bool and not docker_version_result | skipped and docker_version_result.stdout | default('0.0', True) | version_compare('1.9', '>=') and docker_version | version_compare('1.9', '<')
- name: Downgrade docker if necessary
- command: "{{ ansible_pkg_mgr }} downgrade -y docker-{{ docker_version }}"
+ command: "{{ ansible_pkg_mgr }} swap -y docker-* docker-*{{ docker_version }}"
register: docker_downgrade_result
when: not docker_version_result | skipped and docker_version_result.stdout | default('0.0', True) | version_compare(docker_version, 'gt')
@@ -69,7 +69,7 @@
reg_flag: --insecure-registry
notify:
- restart docker
-
+
- name: Set Proxy Settings
lineinfile:
dest: /etc/sysconfig/docker
diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml
index b497a46c0..a9f130bb9 100644
--- a/roles/etcd_certificates/tasks/client.yml
+++ b/roles/etcd_certificates/tasks/client.yml
@@ -4,7 +4,7 @@
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
- name: Create the client csr
command: >
@@ -19,7 +19,7 @@
~ item.etcd_cert_prefix ~ 'client.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
- name: Sign and create the client crt
command: >
@@ -33,10 +33,10 @@
~ item.etcd_cert_prefix ~ 'client.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml
index 934b8b805..223917ccd 100644
--- a/roles/etcd_certificates/tasks/server.yml
+++ b/roles/etcd_certificates/tasks/server.yml
@@ -4,7 +4,7 @@
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Create the server csr
command: >
@@ -19,7 +19,7 @@
~ item.etcd_cert_prefix ~ 'server.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Sign and create the server crt
command: >
@@ -33,7 +33,7 @@
~ item.etcd_cert_prefix ~ 'server.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Create the peer csr
command: >
@@ -48,7 +48,7 @@
~ item.etcd_cert_prefix ~ 'peer.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Sign and create the peer crt
command: >
@@ -62,10 +62,10 @@
~ item.etcd_cert_prefix ~ 'peer.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
diff --git a/roles/nuage_master/defaults/main.yaml b/roles/nuage_master/defaults/main.yaml
new file mode 100644
index 000000000..cf670a9e1
--- /dev/null
+++ b/roles/nuage_master/defaults/main.yaml
@@ -0,0 +1,4 @@
+---
+nuage_master_cspadminpasswd: ""
+nuage_master_adminusername: admin
+nuage_master_adminuserpasswd: admin
diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml
index d3536eb33..5bc735bb6 100644
--- a/roles/nuage_master/vars/main.yaml
+++ b/roles/nuage_master/vars/main.yaml
@@ -28,7 +28,3 @@ nuage_service_account_config:
nuage_tasks:
- policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }}
-
-nuage_master_cspadminpasswd: ''
-nuage_master_adminusername: 'admin'
-nuage_master_adminuserpasswd: 'admin'
diff --git a/roles/openshift_common/meta/main.yml b/roles/openshift_common/meta/main.yml
index 02150406d..f1cf3e161 100644
--- a/roles/openshift_common/meta/main.yml
+++ b/roles/openshift_common/meta/main.yml
@@ -12,6 +12,5 @@ galaxy_info:
categories:
- cloud
dependencies:
-- role: os_firewall
- role: openshift_facts
- role: openshift_repos
diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml
index 10f47f9b2..4e5cec82f 100644
--- a/roles/openshift_docker/tasks/main.yml
+++ b/roles/openshift_docker/tasks/main.yml
@@ -25,5 +25,5 @@
- role: docker
local_facts:
openshift_image_tag: "{{ l_image_tag | default(None) }}"
- openshift_version: "{{ l_image_tag.split('-')[0] if l_image_tag is defined else '' | oo_image_tag_to_rpm_version }}"
+ openshift_version: "{{ l_image_tag.split('-')[0] | oo_image_tag_to_rpm_version if l_image_tag is defined else '' }}"
when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 643984982..b1ad537bc 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -19,8 +19,8 @@ EXAMPLES = '''
import ConfigParser
import copy
+import io
import os
-import StringIO
import yaml
from distutils.util import strtobool
from distutils.version import LooseVersion
@@ -499,12 +499,12 @@ def set_dnsmasq_facts_if_unset(facts):
"""
if 'common' in facts:
- if 'use_dnsmasq' not in facts['common'] and facts['common']['version_gte_3_2_or_1_2']:
+ if 'use_dnsmasq' not in facts['common'] and safe_get_bool(facts['common']['version_gte_3_2_or_1_2']):
facts['common']['use_dnsmasq'] = True
else:
facts['common']['use_dnsmasq'] = False
if 'master' in facts and 'dns_port' not in facts['master']:
- if facts['common']['use_dnsmasq']:
+ if safe_get_bool(facts['common']['use_dnsmasq']):
facts['master']['dns_port'] = 8053
else:
facts['master']['dns_port'] = 53
@@ -689,7 +689,7 @@ def set_etcd_facts_if_unset(facts):
If anything goes wrong parsing these, the fact will not be set.
"""
- if 'master' in facts and facts['master']['embedded_etcd']:
+ if 'master' in facts and safe_get_bool(facts['master']['embedded_etcd']):
etcd_facts = facts['etcd'] if 'etcd' in facts else dict()
if 'etcd_data_dir' not in etcd_facts:
@@ -716,8 +716,8 @@ def set_etcd_facts_if_unset(facts):
# Read ETCD_DATA_DIR from /etc/etcd/etcd.conf:
try:
# Add a fake section for parsing:
- ini_str = '[root]\n' + open('/etc/etcd/etcd.conf', 'r').read()
- ini_fp = StringIO.StringIO(ini_str)
+ ini_str = unicode('[root]\n' + open('/etc/etcd/etcd.conf', 'r').read(), 'utf-8')
+ ini_fp = io.StringIO(ini_str)
config = ConfigParser.RawConfigParser()
config.readfp(ini_fp)
etcd_data_dir = config.get('root', 'ETCD_DATA_DIR')
@@ -1374,18 +1374,19 @@ def set_proxy_facts(facts):
if 'common' in facts:
common = facts['common']
if 'http_proxy' in common or 'https_proxy' in common:
+ if 'no_proxy' in common and \
+ isinstance(common['no_proxy'], basestring):
+ common['no_proxy'] = common['no_proxy'].split(",")
+ elif 'no_proxy' not in common:
+ common['no_proxy'] = []
if 'generate_no_proxy_hosts' in common and \
- common['generate_no_proxy_hosts']:
- if 'no_proxy' in common and \
- isinstance(common['no_proxy'], basestring):
- common['no_proxy'] = common['no_proxy'].split(",")
- else:
- common['no_proxy'] = []
+ safe_get_bool(common['generate_no_proxy_hosts']):
if 'no_proxy_internal_hostnames' in common:
common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(','))
common['no_proxy'].append('.' + common['dns_domain'])
- common['no_proxy'].append(common['hostname'])
- common['no_proxy'] = sort_unique(common['no_proxy'])
+ # We always add ourselves no matter what
+ common['no_proxy'].append(common['hostname'])
+ common['no_proxy'] = sort_unique(common['no_proxy'])
facts['common'] = common
if 'builddefaults' in facts:
@@ -1735,6 +1736,9 @@ class OpenShiftFacts(object):
nfs=dict(
directory='/exports',
options='*(rw,root_squash)'),
+ openstack=dict(
+ filesystem='ext4',
+ volumeID='123'),
host=None,
access_modes=['ReadWriteMany'],
create_pv=True
diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
index 2a651df65..de0a7000e 100644
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -59,6 +59,16 @@
failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0"
changed_when: osmiq_perm_task.rc == 0
+- name: Configure 3_2 role/user permissions
+ command: >
+ {{ openshift.common.admin_binary }} {{item}}
+ --config={{manage_iq_tmp_conf}}
+ with_items: "{{manage_iq_openshift_3_2_tasks}}"
+ register: osmiq_perm_3_2_task
+ failed_when: osmiq_perm_3_2_task.rc != 0
+ changed_when: osmiq_perm_3_2_task.rc == 0
+ when: openshift.common.version_gte_3_2_or_1_2 | bool
+
- name: Clean temporary configuration file
command: >
rm -f {{manage_iq_tmp_conf}}
diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml
index 69ee2cb4c..b2aed79c7 100644
--- a/roles/openshift_manageiq/vars/main.yml
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -30,3 +30,6 @@ manage_iq_tasks:
- policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin
- policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin
- policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin
+
+manage_iq_openshift_3_2_tasks:
+ - policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index 09bde6002..dbd62c80f 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -1,32 +1,4 @@
---
openshift_node_ips: []
-
# TODO: update setting these values based on the facts
-os_firewall_allow:
-- service: etcd embedded
- port: 4001/tcp
-- service: api server https
- port: "{{ openshift.master.api_port }}/tcp"
-- service: api controllers https
- port: "{{ openshift.master.controllers_port }}/tcp"
-- service: skydns tcp
- port: "{{ openshift.master.dns_port }}/tcp"
-- service: skydns udp
- port: "{{ openshift.master.dns_port }}/udp"
-- service: Fluentd td-agent tcp
- port: 24224/tcp
-- service: Fluentd td-agent udp
- port: 24224/udp
-- service: pcsd
- port: 2224/tcp
-- service: Corosync UDP
- port: 5404/udp
-- service: Corosync UDP
- port: 5405/udp
-os_firewall_deny:
-- service: api server http
- port: 8080/tcp
-- service: former etcd peer port
- port: 7001/tcp
-
openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml
index e882e0b8b..d8834d27f 100644
--- a/roles/openshift_master/meta/main.yml
+++ b/roles/openshift_master/meta/main.yml
@@ -18,3 +18,25 @@ dependencies:
- role: openshift_builddefaults
- role: openshift_master_facts
- role: openshift_hosted_facts
+- role: os_firewall
+ os_firewall_allow:
+ - service: etcd embedded
+ port: 4001/tcp
+ - service: api server https
+ port: "{{ openshift.master.api_port }}/tcp"
+ - service: api controllers https
+ port: "{{ openshift.master.controllers_port }}/tcp"
+ - service: skydns tcp
+ port: "{{ openshift.master.dns_port }}/tcp"
+ - service: skydns udp
+ port: "{{ openshift.master.dns_port }}/udp"
+ - service: Fluentd td-agent tcp
+ port: 24224/tcp
+ - service: Fluentd td-agent udp
+ port: 24224/udp
+ - service: pcsd
+ port: 2224/tcp
+ - service: Corosync UDP
+ port: 5404/udp
+ - service: Corosync UDP
+ port: 5405/udp
diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2
index 4cf632841..026787421 100644
--- a/roles/openshift_master/templates/atomic-openshift-master.j2
+++ b/roles/openshift_master/templates/atomic-openshift-master.j2
@@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
# Proxy configuration
# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
{% if 'http_proxy' in openshift.common %}
-HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+HTTP_PROXY={{ openshift.common.http_proxy | default('') }}
{% endif %}
{% if 'https_proxy' in openshift.common %}
-HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+HTTPS_PROXY={{ openshift.common.https_proxy | default('')}}
{% endif %}
{% if 'no_proxy' in openshift.common %}
-NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}
{% endif %}
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
index 01a8428a0..02c22e374 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
@@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
# Proxy configuration
# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
{% if 'http_proxy' in openshift.common %}
-HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+HTTP_PROXY={{ openshift.common.http_proxy | default('') }}
{% endif %}
{% if 'https_proxy' in openshift.common %}
-HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+HTTPS_PROXY={{ openshift.common.https_proxy | default('')}}
{% endif %}
{% if 'no_proxy' in openshift.common %}
-NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}
{% endif %}
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
index 89ccb1eed..644640577 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
@@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
# Proxy configuration
# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
{% if 'http_proxy' in openshift.common %}
-HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+HTTP_PROXY={{ openshift.common.http_proxy | default('') }}
{% endif %}
{% if 'https_proxy' in openshift.common %}
-HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+HTTPS_PROXY={{ openshift.common.https_proxy | default('')}}
{% endif %}
{% if 'no_proxy' in openshift.common %}
-NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}
{% endif %}
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index ca0c332ea..db1776632 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -17,4 +17,5 @@ dependencies:
- role: openshift_common
- role: openshift_node_dnsmasq
when: openshift.common.use_dnsmasq
+- role: os_firewall
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 06fde88af..be70a170d 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -112,6 +112,17 @@
- name: Start and enable node
service: name={{ openshift.common.service_type }}-node enabled=yes state=started
register: node_start_result
+ ignore_errors: yes
+
+- name: Check logs on failure
+ command: journalctl -xe
+ register: node_failure
+ when: node_start_result | failed
+
+- name: Dump failure information
+ debug: var=node_failure
+ when: node_start_result | failed
+
- set_fact:
node_service_status_changed: "{{ node_start_result | changed }}"
diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
index 691fa32f3..09bae1777 100755
--- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
+++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
@@ -8,10 +8,12 @@
# a pod would fail.
#
# To use this,
-# Drop this script in /etc/NetworkManager/dispatcher.d/
-# systemctl restart NetworkManager
-# Configure node-config.yaml to set dnsIP: to the ip address of this
-# node
+# - If this host is also a master, reconfigure master dnsConfig to listen on
+# 8053 to avoid conflicts on port 53 and open port 8053 in the firewall
+# - Drop this script in /etc/NetworkManager/dispatcher.d/
+# - systemctl restart NetworkManager
+# - Configure node-config.yaml to set dnsIP: to the ip address of this
+# node
#
# Test it:
# host kubernetes.default.svc.cluster.local
@@ -31,7 +33,8 @@ if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then
def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }')
def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}')
def_route_ip=$(/sbin/ip route get to ${def_route} | awk '{print $5}')
- if [[ ${DEVICE_IFACE} == ${def_route_int} ]]; then
+ if [[ ${DEVICE_IFACE} == ${def_route_int} && \
+ -n "${IP4_NAMESERVERS}" ]]; then
if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then
cat << EOF > /etc/dnsmasq.d/origin-dns.conf
strict-order
@@ -42,8 +45,8 @@ server=/30.172.in-addr.arpa/172.30.0.1
EOF
fi
# zero out our upstream servers list and feed it into dnsmasq
- echo '' > /etc/dnsmasq.d/origin-upstream-dns.conf
- for ns in ${DHCP4_DOMAIN_NAME_SERVERS}; do
+ echo -n > /etc/dnsmasq.d/origin-upstream-dns.conf
+ for ns in ${IP4_NAMESERVERS}; do
echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf
done
systemctl restart dnsmasq
diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py
index 5ace63918..97aee0b53 100644
--- a/utils/src/ooinstall/openshift_ansible.py
+++ b/utils/src/ooinstall/openshift_ansible.py
@@ -135,6 +135,16 @@ def write_inventory_vars(base_inventory, multiple_masters, proxy):
#base_inventory.write('openshift_image_tag=v{}\n'.format(CFG.settings.get('variant_version')))
base_inventory.write('openshift_image_tag=v{}\n'.format('3.1.1.6'))
+ if CFG.settings.get('openshift_http_proxy', ''):
+ base_inventory.write("openshift_http_proxy={}\n".format(
+ CFG.settings['openshift_http_proxy']))
+ if CFG.settings.get('openshift_https_proxy', ''):
+ base_inventory.write("openshift_https_proxy={}\n".format(
+ CFG.settings['openshift_https_proxy']))
+ if CFG.settings.get('openshift_no_proxy', ''):
+ base_inventory.write("openshift_no_proxy={}\n".format(
+ CFG.settings['openshift_no_proxy']))
+
def write_host(host, inventory, schedulable=None):
global CFG