diff options
455 files changed, 2253 insertions, 1237 deletions
@@ -1,6 +1,21 @@ #!/bin/bash set -xeuo pipefail +# Essentially use a similar procedure other openshift-ansible PR tests use to +# determine which image tag should be used. This allows us to avoid hardcoding a +# specific version which quickly becomes stale. + +if [ -n "${PAPR_BRANCH:-}" ]; then + target_branch=$PAPR_BRANCH +else + target_branch=$PAPR_PULL_TARGET_BRANCH +fi + +# this is a bit wasteful, though there's no easy way to say "only clone up to +# the first tag in the branch" -- ideally, PAPR could help with caching here +git clone --branch $target_branch --single-branch https://github.com/openshift/origin +export OPENSHIFT_IMAGE_TAG=$(git -C origin describe --abbrev=0) + echo "Targeting OpenShift Origin $OPENSHIFT_IMAGE_TAG" pip install -r requirements.txt @@ -22,12 +37,15 @@ trap upload_journals ERR # https://github.com/openshift/openshift-ansible/issues/4478 is fixed. ansible-playbook -vvv -i .papr.inventory playbooks/byo/config.yml -e "openshift_image_tag=$OPENSHIFT_IMAGE_TAG" -# run a small subset of origin conformance tests to sanity -# check the cluster NB: we run it on the master since we may -# be in a different OSP network -ssh ocp-master docker run --rm --net=host --privileged \ - -v /etc/origin/master/admin.kubeconfig:/config \ - registry.fedoraproject.org/fedora:26 sh -c \ - '"dnf install -y origin-tests && \ - KUBECONFIG=/config /usr/libexec/origin/extended.test --ginkgo.v=1 \ - --ginkgo.noColor --ginkgo.focus=\"Services.*NodePort|EmptyDir\""' +### DISABLING TESTS FOR NOW, SEE: +### https://github.com/openshift/openshift-ansible/pull/6132 + +### # run a small subset of origin conformance tests to sanity +### # check the cluster NB: we run it on the master since we may +### # be in a different OSP network +### ssh ocp-master docker run --rm --net=host --privileged \ +### -v /etc/origin/master/admin.kubeconfig:/config \ +### registry.fedoraproject.org/fedora:27 sh -c \ +### '"dnf install -y origin-tests && \ +### KUBECONFIG=/config /usr/libexec/origin/extended.test --ginkgo.v=1 \ +### --ginkgo.noColor --ginkgo.focus=\"Services.*NodePort|EmptyDir\""' @@ -14,35 +14,28 @@ cluster: hosts: - name: ocp-master - distro: fedora/26/atomic + distro: fedora/27/atomic specs: ram: 4096 - name: ocp-node1 - distro: fedora/26/atomic + distro: fedora/27/atomic - name: ocp-node2 - distro: fedora/26/atomic + distro: fedora/27/atomic container: - image: registry.fedoraproject.org/fedora:26 + image: registry.fedoraproject.org/fedora:27 -# temp workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1483553 -#packages: -# - gcc -# - python-pip -# - python-devel -# - libffi-devel -# - openssl-devel -# - redhat-rpm-config +packages: + - gcc + - git + - python-pip + - python-devel + - libffi-devel + - openssl-devel + - redhat-rpm-config -context: 'fedora/26/atomic' - -env: - OPENSHIFT_IMAGE_TAG: v3.6.0 +context: 'fedora/27/atomic' tests: - # temp workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1483553 - - if (dnf distro-sync -y || :) |& grep -q -e BDB1539; then - rpm --rebuilddb; dnf distro-sync; - fi; dnf install -y gcc python-pip python-devel libffi-devel openssl-devel redhat-rpm-config - ./.papr.sh artifacts: diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index c1024572f..9db0b5c98 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.8.0-0.2.0 ./ +3.8.0-0.13.0 ./ diff --git a/README_CONTAINER_IMAGE.md b/README_CONTAINER_IMAGE.md index a2151352d..712c7c4b0 100644 --- a/README_CONTAINER_IMAGE.md +++ b/README_CONTAINER_IMAGE.md @@ -28,7 +28,7 @@ Here is an example of how to run a containerized `openshift-ansible` playbook th -v $HOME/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa:Z \ -v /etc/ansible/hosts:/tmp/inventory \ -e INVENTORY_FILE=/tmp/inventory \ - -e PLAYBOOK_FILE=playbooks/byo/openshift-checks/certificate_expiry/default.yaml \ + -e PLAYBOOK_FILE=playbooks/openshift-checks/certificate_expiry/default.yaml \ -e OPTS="-v" -t \ openshift/origin-ansible @@ -44,7 +44,7 @@ Here is a detailed explanation of the options used in the command above: * `-v /etc/ansible/hosts:/tmp/inventory` and `-e INVENTORY_FILE=/tmp/inventory` mount the Ansible inventory file into the container as `/tmp/inventory` and set the corresponding environment variable to point at it respectively. The example uses `/etc/ansible/hosts` as the inventory file as this is a default location, but your inventory is likely to be elsewhere so please adjust as needed. Note that depending on the file you point to you might have to handle SELinux labels in a similar way as with the ssh keys, e.g. by adding a `:z` flag to the volume mount, so again you might prefer to copy the inventory to a dedicated location first. -* `-e PLAYBOOK_FILE=playbooks/byo/openshift-checks/certificate_expiry/default.yaml` specifies the playbook to run as a relative path from the top level directory of openshift-ansible. +* `-e PLAYBOOK_FILE=playbooks/openshift-checks/certificate_expiry/default.yaml` specifies the playbook to run as a relative path from the top level directory of openshift-ansible. * `-e OPTS="-v"` and `-t` make the output look nicer: the `default.yaml` playbook does not generate results and runs quietly unless we add the `-v` option to the `ansible-playbook` invocation, and a TTY is allocated via `-t` so that Ansible adds color to the output. diff --git a/images/installer/README_INVENTORY_GENERATOR.md b/images/installer/README_INVENTORY_GENERATOR.md index 9c10e4b71..293bdb689 100644 --- a/images/installer/README_INVENTORY_GENERATOR.md +++ b/images/installer/README_INVENTORY_GENERATOR.md @@ -46,7 +46,7 @@ docker run -u `id -u` \ -v /tmp/origin/master/admin.kubeconfig:/opt/app-root/src/.kube/config:Z \ -v /tmp/origin/master/master-config.yaml:/opt/app-root/src/master-config.yaml:Z \ -e OPTS="-v --become-user root" \ - -e PLAYBOOK_FILE=playbooks/byo/openshift-checks/health.yml \ + -e PLAYBOOK_FILE=playbooks/openshift-checks/health.yml \ -e GENERATE_INVENTORY=true \ -e USER=`whoami` \ openshift/origin-ansible diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index ccdec2da1..3a9944ba4 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -908,6 +908,14 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Enable template service broker (requires service catalog to be enabled, above) #template_service_broker_install=true +# Force a specific prefix (IE: registry) to use when pulling the service catalog image +# NOTE: The registry all the way up to the start of the image name must be provided. Two examples +# below are provided. +#openshift_service_catalog_image_prefix=docker.io/openshift/origin- +#openshift_service_catalog_image_prefix=registry.access.redhat.com/openshift3/ose- +# Force a specific image version to use when pulling the service catalog image +#openshift_service_catalog_image_version=v3.7 + # Configure one of more namespaces whose templates will be served by the TSB #openshift_template_service_broker_namespaces=['openshift'] diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 98de1ae32..418241aa1 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -10,7 +10,7 @@ Name: openshift-ansible Version: 3.8.0 -Release: 0.2.0%{?dist} +Release: 0.13.0%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -285,6 +285,89 @@ Atomic OpenShift Utilities includes %changelog +* Thu Nov 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.13.0 +- + +* Thu Nov 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.12.0 +- + +* Thu Nov 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.11.0 +- + +* Thu Nov 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.10.0 +- tox.ini: simplify unit test reqs (lmeyer@redhat.com) +- Remove unused task files (rteague@redhat.com) +- Playbook Consolidation - openshift-provisioners (rteague@redhat.com) +- Include Deprecation - openshift-prometheus (rteague@redhat.com) +- Include Deprecation - openshift-node (rteague@redhat.com) +- Include Deprecation - openshift-management (rteague@redhat.com) +- Include Deprecation - openshift-glusterfs (rteague@redhat.com) +- Include Deprecation - openshift-master (rteague@redhat.com) +- Include Deprecation - openshift-hosted (rteague@redhat.com) +- Playbook Consolidation - openshift-service-catalog (rteague@redhat.com) +- Include Deprecation - openshift-nfs (rteague@redhat.com) +- Include Deprecation - openshift-metrics (rteague@redhat.com) +- Include Deprecation - openshift-etcd (rteague@redhat.com) +- Fix system_images_registry variable (mgugino@redhat.com) +- Include Deprecation - openshift-loadbalancer (rteague@redhat.com) +- Include Deprecation - openshift-checks (rteague@redhat.com) +- Playbook Consolidation - openshift-management (rteague@redhat.com) +- Playbook Consolidation - openshift-master (rteague@redhat.com) +- Playbook Consolidation - openshift-hosted (rteague@redhat.com) +- Place-holder for prerequisites.yml (mgugino@redhat.com) +- Cleanup etcd runtime variable. (mgugino@redhat.com) +- Fix uninstall option for prometheus (zgalor@redhat.com) +- Playbook Consolidation - openshift-glusterfs (rteague@redhat.com) +- Playbook Consolidation - openshift-metrics (rteague@redhat.com) +- Playbook Consolidation - openshift-loadbalancer (rteague@redhat.com) +- hosted_registry: clean up tmp mount point and fstab (dusty@dustymabe.com) + +* Wed Nov 22 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.9.0 +- Fix node system container var (mgugino@redhat.com) +- Add temporary playbook for CI test functionality (rteague@redhat.com) +- Playbook Consolidation - openshift-node (rteague@redhat.com) +- Fix logic for any sys containers (mgugino@redhat.com) +- containerPort must be an int; correctly quote/brace replicas value + (rmeggins@redhat.com) +- papr: use new PAPR_PULL_TARGET_BRANCH (jlebon@redhat.com) +- Refactor etcd image (mgugino@redhat.com) +- GlusterFS: Files and templates for 3.8 (jarrpa@redhat.com) +- Only remove empty keys from env if env exists (sdodson@redhat.com) +- Upgrade to etcd 3.2 (sdodson@redhat.com) +- Allow modifying and adding prometheus application arguments + (zgalor@redhat.com) +- Playbook Consolidation - openshift-nfs (rteague@redhat.com) +- Playbook Consolidation - openshift-etcd (rteague@redhat.com) +- Include Deprecation - Init Playbook Paths (rteague@redhat.com) + +* Mon Nov 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.8.0 +- + +* Mon Nov 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.7.0 +- + +* Mon Nov 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.6.0 +- + +* Sun Nov 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.5.0 +- + +* Sun Nov 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.4.0 +- bug 1498398. Enclose content between store tag (rromerom@redhat.com) + +* Fri Nov 17 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.3.0 +- papr: auto-detect image tag to use and bump to f27 (jlebon@redhat.com) +- Updating mtu value to int (kwoodson@redhat.com) +- fix the logging-es-prometheus selector (jcantril@redhat.com) +- GlusterFS: Add configuration for auto creating block-hosting volumes + (jarrpa@redhat.com) +- Playbook Consolidation - openshift-checks (rteague@redhat.com) +- Combine openshift_node and openshift_node_upgrade (mgugino@redhat.com) +- registry-console: align image and check (lmeyer@redhat.com) +- registry-console template 3.8 consistency (lmeyer@redhat.com) +- registry-console template 3.7 consistency (lmeyer@redhat.com) +- registry-console template 3.6 consistency (lmeyer@redhat.com) + * Thu Nov 16 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.2.0 - Fix openstack init (rteague@redhat.com) - Ensure node service is started. (kwoodson@redhat.com) diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 5ed55a817..0c2a2c7e8 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -126,10 +126,14 @@ - origin-sdn-ovs - tuned-profiles-openshift-node - tuned-profiles-origin-node + register: result + until: result | success - name: Remove flannel package package: name=flannel state=absent when: openshift_use_flannel | default(false) | bool + register: result + until: result | success when: not is_atomic | bool - shell: systemctl reset-failed @@ -382,6 +386,8 @@ - origin-master - pacemaker - pcs + register: result + until: result | success - shell: systemctl reset-failed changed_when: False @@ -497,6 +503,8 @@ with_items: - etcd - etcd3 + register: result + until: result | success - shell: systemctl reset-failed changed_when: False @@ -554,6 +562,8 @@ when: not is_atomic | bool and openshift_remove_all | default(True) | bool with_items: - haproxy + register: result + until: result | success - shell: systemctl reset-failed changed_when: False diff --git a/playbooks/aws/openshift-cluster/accept.yml b/playbooks/aws/openshift-cluster/accept.yml index c2c8bea50..cab2f1e40 100755 --- a/playbooks/aws/openshift-cluster/accept.yml +++ b/playbooks/aws/openshift-cluster/accept.yml @@ -14,7 +14,7 @@ msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}" - name: bring lib_openshift into scope - include_role: + import_role: name: lib_openshift - name: fetch masters diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml index fae30eb0a..5815c4975 100644 --- a/playbooks/aws/openshift-cluster/build_ami.yml +++ b/playbooks/aws/openshift-cluster/build_ami.yml @@ -33,7 +33,7 @@ # This is the part that installs all of the software and configs for the instance # to become a node. -- include: ../../common/openshift-node/image_prep.yml +- include: ../../openshift-node/private/image_prep.yml - include: seal_ami.yml vars: diff --git a/playbooks/aws/openshift-cluster/hosted.yml b/playbooks/aws/openshift-cluster/hosted.yml index db6e3b8e1..da7ec9d21 100644 --- a/playbooks/aws/openshift-cluster/hosted.yml +++ b/playbooks/aws/openshift-cluster/hosted.yml @@ -1,16 +1,19 @@ --- -- include: ../../common/openshift-cluster/openshift_hosted.yml +- include: ../../openshift-hosted/private/config.yml -- include: ../../common/openshift-cluster/openshift_metrics.yml +- include: ../../openshift-metrics/private/config.yml when: openshift_metrics_install_metrics | default(false) | bool - include: ../../common/openshift-cluster/openshift_logging.yml when: openshift_logging_install_logging | default(false) | bool -- include: ../../common/openshift-cluster/service_catalog.yml +- include: ../../openshift-prometheus/private/config.yml + when: openshift_hosted_prometheus_deploy | default(false) | bool + +- include: ../../openshift-service-catalog/private/config.yml when: openshift_enable_service_catalog | default(false) | bool -- include: ../../common/openshift-management/config.yml +- include: ../../openshift-management/private/config.yml when: openshift_management_install_management | default(false) | bool - name: Print deprecated variable warning message if necessary diff --git a/playbooks/aws/openshift-cluster/install.yml b/playbooks/aws/openshift-cluster/install.yml index 8756fb52a..f8206529a 100644 --- a/playbooks/aws/openshift-cluster/install.yml +++ b/playbooks/aws/openshift-cluster/install.yml @@ -19,28 +19,28 @@ include: ../../init/main.yml - name: perform the installer openshift-checks - include: ../../common/openshift-checks/install.yml + include: ../../openshift-checks/private/install.yml - name: etcd install - include: ../../common/openshift-etcd/config.yml + include: ../../openshift-etcd/private/config.yml - name: include nfs - include: ../../common/openshift-nfs/config.yml + include: ../../openshift-nfs/private/config.yml when: groups.oo_nfs_to_config | default([]) | count > 0 - name: include loadbalancer - include: ../../common/openshift-loadbalancer/config.yml + include: ../../openshift-loadbalancer/private/config.yml when: groups.oo_lb_to_config | default([]) | count > 0 - name: include openshift-master config - include: ../../common/openshift-master/config.yml + include: ../../openshift-master/private/config.yml - name: include master additional config - include: ../../common/openshift-master/additional_config.yml + include: ../../openshift-master/private/additional_config.yml - name: include master additional config - include: ../../common/openshift-node/config.yml + include: ../../openshift-node/private/config.yml - name: include openshift-glusterfs - include: ../../common/openshift-glusterfs/config.yml + include: ../../openshift-glusterfs/private/config.yml when: groups.oo_glusterfs_to_config | default([]) | count > 0 diff --git a/playbooks/byo/openshift-checks/certificate_expiry/roles b/playbooks/byo/openshift-checks/certificate_expiry/roles deleted file mode 120000 index 4bdbcbad3..000000000 --- a/playbooks/byo/openshift-checks/certificate_expiry/roles +++ /dev/null @@ -1 +0,0 @@ -../../../../roles
\ No newline at end of file diff --git a/playbooks/byo/openshift-checks/health.yml b/playbooks/byo/openshift-checks/health.yml deleted file mode 100644 index 0034251e3..000000000 --- a/playbooks/byo/openshift-checks/health.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-checks/health.yml diff --git a/playbooks/byo/openshift-checks/pre-install.yml b/playbooks/byo/openshift-checks/pre-install.yml deleted file mode 100644 index 1d35f601b..000000000 --- a/playbooks/byo/openshift-checks/pre-install.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-checks/pre-install.yml diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml deleted file mode 100644 index b429e84e5..000000000 --- a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/evaluate_groups.yml - -- include: ../../common/openshift-cluster/enable_dnsmasq.yml diff --git a/playbooks/byo/openshift-cluster/openshift-hosted.yml b/playbooks/byo/openshift-cluster/openshift-hosted.yml deleted file mode 100644 index 0855a2fb6..000000000 --- a/playbooks/byo/openshift-cluster/openshift-hosted.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-cluster/openshift_hosted.yml diff --git a/playbooks/byo/openshift-cluster/openshift-metrics.yml b/playbooks/byo/openshift-cluster/openshift-metrics.yml deleted file mode 100644 index e4c9ba1f7..000000000 --- a/playbooks/byo/openshift-cluster/openshift-metrics.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-cluster/openshift_metrics.yml diff --git a/playbooks/byo/openshift-cluster/openshift-prometheus.yml b/playbooks/byo/openshift-cluster/openshift-prometheus.yml deleted file mode 100644 index 634ee2a80..000000000 --- a/playbooks/byo/openshift-cluster/openshift-prometheus.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-cluster/openshift_prometheus.yml diff --git a/playbooks/byo/openshift-cluster/openshift-provisioners.yml b/playbooks/byo/openshift-cluster/openshift-provisioners.yml deleted file mode 100644 index 0949d33c9..000000000 --- a/playbooks/byo/openshift-cluster/openshift-provisioners.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-cluster/openshift_provisioners.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-certificates.yml index 6450a4d76..c26f11772 100644 --- a/playbooks/byo/openshift-cluster/redeploy-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-certificates.yml @@ -7,29 +7,29 @@ - include: ../../common/openshift-cluster/redeploy-certificates/etcd-backup.yml -- include: ../../common/openshift-etcd/certificates.yml +- include: ../../openshift-etcd/private/certificates.yml vars: etcd_certificates_redeploy: true - include: ../../common/openshift-cluster/redeploy-certificates/masters-backup.yml -- include: ../../common/openshift-master/certificates.yml +- include: ../../openshift-master/private/certificates.yml vars: openshift_certificates_redeploy: true - include: ../../common/openshift-cluster/redeploy-certificates/nodes-backup.yml -- include: ../../common/openshift-node/certificates.yml +- include: ../../openshift-node/private/certificates.yml vars: openshift_certificates_redeploy: true -- include: ../../common/openshift-etcd/restart.yml +- include: ../../openshift-etcd/private/restart.yml vars: g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}" -- include: ../../common/openshift-master/restart.yml +- include: ../../openshift-master/private/restart.yml -- include: ../../common/openshift-node/restart.yml +- include: ../../openshift-node/private/restart.yml - include: ../../common/openshift-cluster/redeploy-certificates/router.yml when: openshift_hosted_manage_router | default(true) | bool @@ -37,6 +37,6 @@ - include: ../../common/openshift-cluster/redeploy-certificates/registry.yml when: openshift_hosted_manage_registry | default(true) | bool -- include: ../../common/openshift-master/revert-client-ca.yml +- include: ../../openshift-master/private/revert-client-ca.yml -- include: ../../common/openshift-master/restart.yml +- include: ../../openshift-master/private/restart.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml index f3892f56f..94e50cc28 100644 --- a/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml @@ -7,12 +7,12 @@ - include: ../../common/openshift-cluster/redeploy-certificates/etcd-backup.yml -- include: ../../common/openshift-etcd/certificates.yml +- include: ../../openshift-etcd/private/certificates.yml vars: etcd_certificates_redeploy: true -- include: ../../common/openshift-etcd/restart.yml +- include: ../../openshift-etcd/private/restart.yml vars: g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}" -- include: ../../common/openshift-master/restart.yml +- include: ../../openshift-master/private/restart.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml index 6a4528b7f..88e52f809 100644 --- a/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml @@ -3,8 +3,8 @@ - include: ../../common/openshift-cluster/redeploy-certificates/masters-backup.yml -- include: ../../common/openshift-master/certificates.yml +- include: ../../openshift-master/private/certificates.yml vars: openshift_certificates_redeploy: true -- include: ../../common/openshift-master/restart.yml +- include: ../../openshift-master/private/restart.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml index 891c0e58c..2abbe78f1 100644 --- a/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml @@ -3,8 +3,8 @@ - include: ../../common/openshift-cluster/redeploy-certificates/nodes-backup.yml -- include: ../../common/openshift-node/certificates.yml +- include: ../../openshift-node/private/certificates.yml vars: openshift_certificates_redeploy: true -- include: ../../common/openshift-node/restart.yml +- include: ../../openshift-node/private/restart.yml diff --git a/playbooks/byo/openshift-cluster/service-catalog.yml b/playbooks/byo/openshift-cluster/service-catalog.yml deleted file mode 100644 index 7be63b0a5..000000000 --- a/playbooks/byo/openshift-cluster/service-catalog.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# -# This playbook is a preview of upcoming changes for installing -# Hosted logging on. See inventory/byo/hosts.*.example for the -# currently supported method. -# -- include: ../../init/main.yml - -- include: ../../common/openshift-cluster/service_catalog.yml diff --git a/playbooks/byo/openshift-etcd/certificates.yml b/playbooks/byo/openshift-etcd/certificates.yml deleted file mode 100644 index 0e9d42cd6..000000000 --- a/playbooks/byo/openshift-etcd/certificates.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/ca.yml - -- include: ../../common/openshift-etcd/certificates.yml diff --git a/playbooks/byo/openshift-etcd/config.yml b/playbooks/byo/openshift-etcd/config.yml deleted file mode 100644 index c6e0a9d90..000000000 --- a/playbooks/byo/openshift-etcd/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/config.yml diff --git a/playbooks/byo/openshift-etcd/embedded2external.yml b/playbooks/byo/openshift-etcd/embedded2external.yml deleted file mode 100644 index 492f677b0..000000000 --- a/playbooks/byo/openshift-etcd/embedded2external.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/embedded2external.yml diff --git a/playbooks/byo/openshift-etcd/migrate.yml b/playbooks/byo/openshift-etcd/migrate.yml deleted file mode 100644 index 3020e7db4..000000000 --- a/playbooks/byo/openshift-etcd/migrate.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/migrate.yml diff --git a/playbooks/byo/openshift-etcd/restart.yml b/playbooks/byo/openshift-etcd/restart.yml deleted file mode 100644 index 0889d91ba..000000000 --- a/playbooks/byo/openshift-etcd/restart.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/restart.yml diff --git a/playbooks/byo/openshift-etcd/scaleup.yml b/playbooks/byo/openshift-etcd/scaleup.yml deleted file mode 100644 index e7d62e264..000000000 --- a/playbooks/byo/openshift-etcd/scaleup.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/scaleup.yml diff --git a/playbooks/byo/openshift-glusterfs/config.yml b/playbooks/byo/openshift-glusterfs/config.yml deleted file mode 100644 index 120476bb8..000000000 --- a/playbooks/byo/openshift-glusterfs/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-glusterfs/config.yml diff --git a/playbooks/byo/openshift-glusterfs/registry.yml b/playbooks/byo/openshift-glusterfs/registry.yml deleted file mode 100644 index 32734f863..000000000 --- a/playbooks/byo/openshift-glusterfs/registry.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-glusterfs/registry.yml diff --git a/playbooks/byo/openshift-loadbalancer/config.yml b/playbooks/byo/openshift-loadbalancer/config.yml deleted file mode 100644 index 27925d2e9..000000000 --- a/playbooks/byo/openshift-loadbalancer/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-loadbalancer/config.yml diff --git a/playbooks/byo/openshift-management/add_container_provider.yml b/playbooks/byo/openshift-management/add_container_provider.yml deleted file mode 100644 index e2f558550..000000000 --- a/playbooks/byo/openshift-management/add_container_provider.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/evaluate_groups.yml - -- include: ../../common/openshift-management/add_container_provider.yml diff --git a/playbooks/byo/openshift-management/config.yml b/playbooks/byo/openshift-management/config.yml deleted file mode 100644 index e699fd014..000000000 --- a/playbooks/byo/openshift-management/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-management/config.yml diff --git a/playbooks/byo/openshift-management/uninstall.yml b/playbooks/byo/openshift-management/uninstall.yml deleted file mode 100644 index e95c1c88a..000000000 --- a/playbooks/byo/openshift-management/uninstall.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- include: ../../common/openshift-management/uninstall.yml diff --git a/playbooks/byo/openshift-master/additional_config.yml b/playbooks/byo/openshift-master/additional_config.yml deleted file mode 100644 index 1454190b2..000000000 --- a/playbooks/byo/openshift-master/additional_config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-master/additional_config.yml diff --git a/playbooks/byo/openshift-master/certificates.yml b/playbooks/byo/openshift-master/certificates.yml deleted file mode 100644 index 344985244..000000000 --- a/playbooks/byo/openshift-master/certificates.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-master/certificates.yml diff --git a/playbooks/byo/openshift-master/config.yml b/playbooks/byo/openshift-master/config.yml deleted file mode 100644 index 913525e65..000000000 --- a/playbooks/byo/openshift-master/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-master/config.yml diff --git a/playbooks/byo/openshift-master/restart.yml b/playbooks/byo/openshift-master/restart.yml deleted file mode 100644 index d2031d928..000000000 --- a/playbooks/byo/openshift-master/restart.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-master/restart.yml diff --git a/playbooks/byo/openshift-nfs/config.yml b/playbooks/byo/openshift-nfs/config.yml deleted file mode 100644 index a5e6fe784..000000000 --- a/playbooks/byo/openshift-nfs/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-nfs/config.yml diff --git a/playbooks/byo/openshift-node/certificates.yml b/playbooks/byo/openshift-node/certificates.yml deleted file mode 100644 index 5342cf46b..000000000 --- a/playbooks/byo/openshift-node/certificates.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-node/certificates.yml diff --git a/playbooks/byo/openshift-node/config.yml b/playbooks/byo/openshift-node/config.yml deleted file mode 100644 index b157b13d6..000000000 --- a/playbooks/byo/openshift-node/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-node/config.yml diff --git a/playbooks/byo/openshift-node/network_manager.yml b/playbooks/byo/openshift-node/network_manager.yml index 3d96cbdd5..ca09fb65c 100644 --- a/playbooks/byo/openshift-node/network_manager.yml +++ b/playbooks/byo/openshift-node/network_manager.yml @@ -1,4 +1,3 @@ --- -- include: ../../init/evaluate_groups.yml - -- include: ../../common/openshift-node/network_manager.yml +# TODO (rteague): Temporarily leaving this playbook to allow CI tests to operate until CI jobs are updated. +- include: ../../openshift-node/network_manager.yml diff --git a/playbooks/byo/openshift-node/restart.yml b/playbooks/byo/openshift-node/restart.yml deleted file mode 100644 index 53a6b9ed4..000000000 --- a/playbooks/byo/openshift-node/restart.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-node/restart.yml diff --git a/playbooks/byo/openshift-preflight/check.yml b/playbooks/byo/openshift-preflight/check.yml deleted file mode 100644 index 2e53452a6..000000000 --- a/playbooks/byo/openshift-preflight/check.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# location is moved; this file remains so existing instructions keep working -- include: ../openshift-checks/pre-install.yml diff --git a/playbooks/certificate_expiry b/playbooks/certificate_expiry deleted file mode 120000 index 9cf5334a1..000000000 --- a/playbooks/certificate_expiry +++ /dev/null @@ -1 +0,0 @@ -byo/openshift-checks/certificate_expiry/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 3b4d6f9a6..2eeb81b86 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,35 +1,38 @@ --- -- include: ../openshift-checks/install.yml +- include: ../../openshift-checks/private/install.yml -- include: ../openshift-etcd/config.yml +- include: ../../openshift-etcd/private/config.yml -- include: ../openshift-nfs/config.yml +- include: ../../openshift-nfs/private/config.yml when: groups.oo_nfs_to_config | default([]) | count > 0 -- include: ../openshift-loadbalancer/config.yml +- include: ../../openshift-loadbalancer/private/config.yml when: groups.oo_lb_to_config | default([]) | count > 0 -- include: ../openshift-master/config.yml +- include: ../../openshift-master/private/config.yml -- include: ../openshift-master/additional_config.yml +- include: ../../openshift-master/private/additional_config.yml -- include: ../openshift-node/config.yml +- include: ../../openshift-node/private/config.yml -- include: ../openshift-glusterfs/config.yml +- include: ../../openshift-glusterfs/private/config.yml when: groups.oo_glusterfs_to_config | default([]) | count > 0 -- include: openshift_hosted.yml +- include: ../../openshift-hosted/private/config.yml -- include: openshift_metrics.yml +- include: ../../openshift-metrics/private/config.yml when: openshift_metrics_install_metrics | default(false) | bool - include: openshift_logging.yml when: openshift_logging_install_logging | default(false) | bool -- include: service_catalog.yml +- include: ../../openshift-prometheus/private/config.yml + when: openshift_hosted_prometheus_deploy | default(false) | bool + +- include: ../../openshift-service-catalog/private/config.yml when: openshift_enable_service_catalog | default(true) | bool -- include: ../openshift-management/config.yml +- include: ../../openshift-management/private/config.yml when: openshift_management_install_management | default(false) | bool - name: Print deprecated variable warning message if necessary diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml deleted file mode 100644 index f91361b67..000000000 --- a/playbooks/common/openshift-cluster/enable_dnsmasq.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Load openshift_facts - hosts: oo_masters_to_config:oo_nodes_to_config - roles: - - openshift_facts - -- name: Reconfigure masters to listen on our new dns_port - hosts: oo_masters_to_config - handlers: - - include: ../../../roles/openshift_master/handlers/main.yml - static: yes - vars: - os_firewall_allow: - - service: skydns tcp - port: "{{ openshift.master.dns_port }}/tcp" - - service: skydns udp - port: "{{ openshift.master.dns_port }}/udp" - roles: - - os_firewall - tasks: - - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: master - local_facts: - dns_port: '8053' - - modify_yaml: - dest: "{{ openshift.common.config_base }}/master/master-config.yaml" - yaml_key: dnsConfig.bindAddress - yaml_value: "{{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}" - notify: restart master api - - meta: flush_handlers - -- name: Configure nodes for dnsmasq - hosts: oo_nodes_to_config - handlers: - - include: ../../../roles/openshift_node/handlers/main.yml - static: yes - pre_tasks: - - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: node - local_facts: - dns_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" - roles: - - openshift_node_dnsmasq - post_tasks: - - modify_yaml: - dest: "{{ openshift.common.config_base }}/node/node-config.yaml" - yaml_key: dnsIP - yaml_value: "{{ openshift.node.dns_ip }}" - notify: restart node diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml index 044875d1c..438f704bc 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml @@ -21,7 +21,7 @@ name: etcd tasks_from: remove_ca_certificates -- include: ../../openshift-etcd/ca.yml +- include: ../../../openshift-etcd/private/ca.yml - name: Create temp directory for syncing certs hosts: localhost @@ -39,13 +39,12 @@ tasks: - include_role: name: etcd - tasks_from: distribute_ca + tasks_from: distribute_ca.yml vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" etcd_sync_cert_dir: "{{ hostvars['localhost'].g_etcd_mktemp.stdout }}" etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" -- include: ../../openshift-etcd/restart.yml +- include: ../../../openshift-etcd/private/restart.yml # Do not restart etcd when etcd certificates were previously expired. when: ('expired' not in (hostvars | oo_select_keys(groups['etcd']) @@ -60,7 +59,6 @@ tasks_from: retrieve_ca_certificates vars: etcd_sync_cert_dir: "{{ hostvars['localhost'].g_etcd_mktemp.stdout }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - name: Distribute etcd CA to masters hosts: oo_masters_to_config @@ -84,7 +82,7 @@ state: absent changed_when: false -- include: ../../openshift-master/restart.yml +- include: ../../../openshift-master/private/restart.yml # Do not restart masters when master or etcd certificates were previously expired. when: # masters diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml index eb225dfb5..5a837d80d 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml @@ -207,7 +207,7 @@ group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" with_items: "{{ client_users }}" -- include: ../../openshift-master/restart.yml +- include: ../../../openshift-master/private/restart.yml # Do not restart masters when master or etcd certificates were previously expired. when: # masters @@ -272,7 +272,7 @@ state: absent changed_when: false -- include: ../../openshift-node/restart.yml +- include: ../../../openshift-node/private/restart.yml # Do not restart nodes when node, master or etcd certificates were previously expired. when: # nodes diff --git a/playbooks/common/openshift-cluster/tasks/set_etcd_launch_facts.yml b/playbooks/common/openshift-cluster/tasks/set_etcd_launch_facts.yml deleted file mode 100644 index eb118365a..000000000 --- a/playbooks/common/openshift-cluster/tasks/set_etcd_launch_facts.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- set_fact: k8s_type="etcd" - -- name: Generate etcd instance names(s) - set_fact: - scratch_name: "{{ openshift_cluster_id | default('default') }}-{{ k8s_type }}-{{ '%05x' | format(1048576 | random) }}" - register: etcd_names_output - with_sequence: count={{ num_etcd }} - -- set_fact: - etcd_names: "{{ etcd_names_output.results | default([]) - | oo_collect('ansible_facts') - | oo_collect('scratch_name') }}" diff --git a/playbooks/common/openshift-cluster/tasks/set_master_launch_facts.yml b/playbooks/common/openshift-cluster/tasks/set_master_launch_facts.yml deleted file mode 100644 index 783f70f50..000000000 --- a/playbooks/common/openshift-cluster/tasks/set_master_launch_facts.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- set_fact: k8s_type="master" - -- name: Generate master instance names(s) - set_fact: - scratch_name: "{{ openshift_cluster_id | default('default') }}-{{ k8s_type }}-{{ '%05x' | format(1048576 | random) }}" - register: master_names_output - with_sequence: count={{ num_masters }} - -- set_fact: - master_names: "{{ master_names_output.results | default([]) - | oo_collect('ansible_facts') - | oo_collect('scratch_name') }}" diff --git a/playbooks/common/openshift-cluster/tasks/set_node_launch_facts.yml b/playbooks/common/openshift-cluster/tasks/set_node_launch_facts.yml deleted file mode 100644 index c103e40a9..000000000 --- a/playbooks/common/openshift-cluster/tasks/set_node_launch_facts.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- set_fact: k8s_type=node -- set_fact: sub_host_type="{{ type }}" -- set_fact: number_nodes="{{ count }}" - -- name: Generate node instance names(s) - set_fact: - scratch_name: "{{ openshift_cluster_id | default('default') }}-{{ k8s_type }}-{{ sub_host_type }}-{{ '%05x' | format(1048576 | random) }}" - register: node_names_output - with_sequence: count={{ number_nodes }} - -- set_fact: - node_names: "{{ node_names_output.results | default([]) - | oo_collect('ansible_facts') - | oo_collect('scratch_name') }}" diff --git a/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml index 808cc562c..83be290e6 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml @@ -41,6 +41,8 @@ - name: Upgrade Docker package: name=docker{{ '-' + docker_version }} state=present + register: result + until: result | success - include: restart.yml when: not skip_docker_restart | default(False) | bool diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml index 52345a9ba..2e3a7ae8b 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml @@ -16,7 +16,7 @@ changed_when: no - name: Get current version of Docker - command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" + command: "{{ repoquery_installed }} --qf '%{version}' docker" register: curr_docker_version retries: 4 until: curr_docker_version | succeeded diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml index d086cad00..531175c85 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml @@ -9,7 +9,6 @@ tasks_from: backup vars: r_etcd_common_backup_tag: "{{ etcd_backup_tag }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_etcd_common_backup_sufix_name: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml index d71c96cd7..c5ff4133c 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml @@ -2,60 +2,9 @@ - name: Determine etcd version hosts: oo_etcd_hosts_to_upgrade tasks: - - block: - - name: Record RPM based etcd version - command: rpm -qa --qf '%{version}' etcd\* - args: - warn: no - register: etcd_rpm_version - failed_when: false - # AUDIT:changed_when: `false` because we are only inspecting - # state, not manipulating anything - changed_when: false - - debug: - msg: "Etcd rpm version {{ etcd_rpm_version.stdout }} detected" - when: - - not openshift.common.is_containerized | bool - - - block: - - name: Record containerized etcd version (docker) - command: docker exec etcd_container rpm -qa --qf '%{version}' etcd\* - register: etcd_container_version_docker - failed_when: false - # AUDIT:changed_when: `false` because we are only inspecting - # state, not manipulating anything - changed_when: false - when: - - not openshift.common.is_etcd_system_container | bool - - # Given a register variables is set even if the whwen condition - # is false, we need to set etcd_container_version separately - - set_fact: - etcd_container_version: "{{ etcd_container_version_docker.stdout }}" - when: - - not openshift.common.is_etcd_system_container | bool - - - name: Record containerized etcd version (runc) - command: runc exec etcd rpm -qa --qf '%{version}' etcd\* - register: etcd_container_version_runc - failed_when: false - # AUDIT:changed_when: `false` because we are only inspecting - # state, not manipulating anything - changed_when: false - when: - - openshift.common.is_etcd_system_container | bool - - # Given a register variables is set even if the whwen condition - # is false, we need to set etcd_container_version separately - - set_fact: - etcd_container_version: "{{ etcd_container_version_runc.stdout }}" - when: - - openshift.common.is_etcd_system_container | bool - - - debug: - msg: "Etcd containerized version {{ etcd_container_version }} detected" - when: - - openshift.common.is_containerized | bool + - include_role: + name: etcd + tasks_from: version_detect.yml - include: upgrade_rpm_members.yml vars: @@ -93,6 +42,14 @@ vars: etcd_upgrade_version: '3.1.3' +- include: upgrade_rpm_members.yml + vars: + etcd_upgrade_version: '3.2' + +- include: upgrade_image_members.yml + vars: + etcd_upgrade_version: '3.2.7' + - name: Upgrade fedora to latest hosts: oo_etcd_hosts_to_upgrade serial: 1 @@ -101,7 +58,6 @@ name: etcd tasks_from: upgrade_image vars: - r_etcd_common_etcd_runtime: "host" etcd_peer: "{{ openshift.common.hostname }}" when: - ansible_distribution == 'Fedora' diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_image_members.yml b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_image_members.yml index e5e895775..6fca42bd0 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_image_members.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_image_members.yml @@ -11,7 +11,6 @@ tasks_from: upgrade_image vars: r_etcd_upgrade_version: "{{ etcd_upgrade_version }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" etcd_peer: "{{ openshift.common.hostname }}" when: - etcd_container_version | default('99') | version_compare(etcd_upgrade_version,'<') diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_rpm_members.yml b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_rpm_members.yml index a2a26bad4..51e8786b3 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_rpm_members.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_rpm_members.yml @@ -11,7 +11,6 @@ tasks_from: upgrade_rpm vars: r_etcd_upgrade_version: "{{ etcd_upgrade_version }}" - r_etcd_common_etcd_runtime: "host" etcd_peer: "{{ openshift.common.hostname }}" when: - etcd_rpm_version.stdout | default('99') | version_compare(etcd_upgrade_version, '<') diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index c634e0ab8..c458184c9 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -14,8 +14,9 @@ pre_tasks: - name: Load lib_openshift modules - include_role: + import_role: name: lib_openshift + - name: Collect all routers oc_obj: state: list @@ -93,11 +94,11 @@ # not already exist. We could have potentially done a replace --force to # create and update in one step. - role: openshift_examples - when: openshift_install_examples | default(true,true) | bool + when: openshift_install_examples | default(true) | bool - openshift_hosted_templates # Update the existing templates - role: openshift_examples - when: openshift_install_examples | default(true,true) | bool + when: openshift_install_examples | default(true) | bool registry_url: "{{ openshift.master.registry_url }}" openshift_examples_import_command: replace - role: openshift_hosted_templates diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml index 13fa37b09..446f315d6 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml @@ -12,7 +12,7 @@ - name: Verify containers are available for upgrade command: > - docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} + docker pull {{ openshift_cli_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" when: openshift.common.is_containerized | bool diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index fa65567c2..d7a52707c 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -85,10 +85,10 @@ - include: "{{ openshift_master_upgrade_hook }}" when: openshift_master_upgrade_hook is defined - - include: ../../openshift-master/restart_hosts.yml + - include: ../../../openshift-master/private/tasks/restart_hosts.yml when: openshift.common.rolling_restart_mode == 'system' - - include: ../../openshift-master/restart_services.yml + - include: ../../../openshift-master/private/tasks/restart_services.yml when: openshift.common.rolling_restart_mode == 'services' # Run the post-upgrade hook if defined: @@ -291,7 +291,7 @@ pre_tasks: - name: Load lib_openshift modules - include_role: + import_role: name: lib_openshift # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml index 5dc8193a7..75ffd3fe9 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml @@ -8,7 +8,7 @@ pre_tasks: - name: Load lib_openshift modules - include_role: + import_role: name: lib_openshift # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml index ef52f214b..6cb6a665f 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -79,7 +79,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 4c6646a38..8f48bedcc 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -83,7 +83,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml index e3c012380..2b99568c7 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -83,7 +83,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index a88fa7b2e..d3d2046e6 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -87,7 +87,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml index 73df15d53..b602cdd0e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml @@ -83,7 +83,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml index 48d55c16f..da81e6dea 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml @@ -87,7 +87,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-etcd/certificates.yml b/playbooks/common/openshift-etcd/certificates.yml deleted file mode 100644 index eb6b94f33..000000000 --- a/playbooks/common/openshift-etcd/certificates.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: server_certificates.yml - -- include: master_etcd_certificates.yml diff --git a/playbooks/common/openshift-etcd/restart.yml b/playbooks/common/openshift-etcd/restart.yml deleted file mode 100644 index 5eaea5ae8..000000000 --- a/playbooks/common/openshift-etcd/restart.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Restart etcd - hosts: oo_etcd_to_config - serial: 1 - tasks: - - name: restart etcd - service: - name: "{{ 'etcd_container' if openshift.common.etcd_runtime == 'docker' else 'etcd' }}" - state: restarted - when: - - not g_etcd_certificates_expired | default(false) | bool - -- name: Restart etcd - hosts: oo_etcd_to_config - tasks: - - name: stop etcd - service: - name: "{{ 'etcd_container' if openshift.common.etcd_runtime == 'docker' else 'etcd' }}" - state: stopped - when: - - g_etcd_certificates_expired | default(false) | bool - - name: start etcd - service: - name: "{{ 'etcd_container' if openshift.common.etcd_runtime == 'docker' else 'etcd' }}" - state: started - when: - - g_etcd_certificates_expired | default(false) | bool diff --git a/playbooks/common/openshift-loadbalancer/lookup_plugins b/playbooks/common/openshift-loadbalancer/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/common/openshift-loadbalancer/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-management/filter_plugins b/playbooks/common/openshift-management/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/common/openshift-management/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-master/filter_plugins b/playbooks/common/openshift-master/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/common/openshift-master/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-master/lookup_plugins b/playbooks/common/openshift-master/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/common/openshift-master/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-nfs/filter_plugins b/playbooks/common/openshift-nfs/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/common/openshift-nfs/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-nfs/lookup_plugins b/playbooks/common/openshift-nfs/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/common/openshift-nfs/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-nfs/roles b/playbooks/common/openshift-nfs/roles deleted file mode 120000 index e2b799b9d..000000000 --- a/playbooks/common/openshift-nfs/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles/
\ No newline at end of file diff --git a/playbooks/common/openshift-node/filter_plugins b/playbooks/common/openshift-node/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/common/openshift-node/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-node/image_prep.yml b/playbooks/common/openshift-node/image_prep.yml deleted file mode 100644 index 3c042acdc..000000000 --- a/playbooks/common/openshift-node/image_prep.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: normalize groups - include: ../../init/evaluate_groups.yml - -- name: initialize the facts - include: ../../init/facts.yml - -- name: initialize the repositories - include: ../../init/repos.yml - -- name: run node config setup - include: setup.yml - -- name: run node config - include: configure_nodes.yml - -- name: Re-enable excluders - include: enable_excluders.yml - -- name: Remove any undesired artifacts from build - include: clean_image.yml diff --git a/playbooks/common/openshift-node/lookup_plugins b/playbooks/common/openshift-node/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/common/openshift-node/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-node/roles b/playbooks/common/openshift-node/roles deleted file mode 120000 index e2b799b9d..000000000 --- a/playbooks/common/openshift-node/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles/
\ No newline at end of file diff --git a/playbooks/init/facts.yml b/playbooks/init/facts.yml index 91223d368..1166ac538 100644 --- a/playbooks/init/facts.yml +++ b/playbooks/init/facts.yml @@ -8,9 +8,8 @@ hosts: oo_all_hosts tasks: - name: load openshift_facts module - include_role: + import_role: name: openshift_facts - static: yes # TODO: Should this role be refactored into health_checks?? - name: Run openshift_sanitize_inventory to set variables @@ -30,18 +29,6 @@ - name: initialize_facts set fact for containerized and l_is_*_system_container set_fact: l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}" - l_is_openvswitch_system_container: "{{ (openshift_use_openvswitch_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" - l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" - l_is_master_system_container: "{{ (openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" - l_is_etcd_system_container: "{{ (openshift_use_etcd_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" - - - name: initialize_facts set facts for l_any_system_container - set_fact: - l_any_system_container: "{{ l_is_etcd_system_container or l_is_openvswitch_system_container or l_is_node_system_container or l_is_master_system_container }}" - - - name: initialize_facts set fact for l_etcd_runtime - set_fact: - l_etcd_runtime: "{{ 'runc' if l_is_etcd_system_container else 'docker' if l_is_containerized else 'host' }}" # TODO: Should this be moved into health checks?? # Seems as though any check that happens with a corresponding fail should move into health_checks @@ -97,6 +84,8 @@ - "{{ 'python3-dbus' if ansible_distribution == 'Fedora' else 'dbus-python' }}" - "{{ 'python3-PyYAML' if ansible_distribution == 'Fedora' else 'PyYAML' }}" - yum-utils + register: result + until: result | success - name: Ensure various deps for running system containers are installed package: @@ -107,21 +96,14 @@ - ostree - runc when: - - l_any_system_container | bool - - - name: Default system_images_registry to a enterprise registry - set_fact: - system_images_registry: "registry.access.redhat.com" - when: - - system_images_registry is not defined - - openshift_deployment_type == "openshift-enterprise" - - - name: Default system_images_registry to community registry - set_fact: - system_images_registry: "docker.io" - when: - - system_images_registry is not defined - - openshift_deployment_type == "origin" + - > + (openshift_use_system_containers | default(False)) | bool + or (openshift_use_etcd_system_container | default(False)) | bool + or (openshift_use_openvswitch_system_container | default(False)) | bool + or (openshift_use_node_system_container | default(False)) | bool + or (openshift_use_master_system_container | default(False)) | bool + register: result + until: result | success - name: Gather Cluster facts and set is_containerized if needed openshift_facts: @@ -129,16 +111,9 @@ local_facts: deployment_type: "{{ openshift_deployment_type }}" deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}" - cli_image: "{{ osm_image | default(None) }}" hostname: "{{ openshift_hostname | default(None) }}" ip: "{{ openshift_ip | default(None) }}" is_containerized: "{{ l_is_containerized | default(None) }}" - is_openvswitch_system_container: "{{ l_is_openvswitch_system_container | default(false) }}" - is_node_system_container: "{{ l_is_node_system_container | default(false) }}" - is_master_system_container: "{{ l_is_master_system_container | default(false) }}" - is_etcd_system_container: "{{ l_is_etcd_system_container | default(false) }}" - etcd_runtime: "{{ l_etcd_runtime }}" - system_images_registry: "{{ system_images_registry }}" public_hostname: "{{ openshift_public_hostname | default(None) }}" public_ip: "{{ openshift_public_ip | default(None) }}" portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}" @@ -163,6 +138,7 @@ - name: initialize_facts set_fact repoquery command set_fact: repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" + repoquery_installed: "{{ 'dnf repoquery --latest-limit 1 -d 0 --disableexcludes=all --installed' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins --installed' }}" - name: initialize_facts set_fact on openshift_docker_hosted_registry_network set_fact: diff --git a/playbooks/init/main.yml b/playbooks/init/main.yml index 87ffeafc7..1d4f41ffc 100644 --- a/playbooks/init/main.yml +++ b/playbooks/init/main.yml @@ -13,17 +13,17 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- include: evaluate_groups.yml +- import_playbook: evaluate_groups.yml -- include: facts.yml +- import_playbook: facts.yml -- include: sanity_checks.yml +- import_playbook: sanity_checks.yml -- include: validate_hostnames.yml +- import_playbook: validate_hostnames.yml -- include: repos.yml +- import_playbook: repos.yml -- include: version.yml +- import_playbook: version.yml - name: Initialization Checkpoint End hosts: all diff --git a/playbooks/byo/openshift-checks/README.md b/playbooks/openshift-checks/README.md index b26e7d7ed..0b7ea91ff 100644 --- a/playbooks/byo/openshift-checks/README.md +++ b/playbooks/openshift-checks/README.md @@ -47,19 +47,19 @@ against your inventory file. Here is the step-by-step: 3. Run the appropriate playbook: ```console - $ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/pre-install.yml + $ ansible-playbook -i <inventory file> playbooks/openshift-checks/pre-install.yml ``` or ```console - $ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/health.yml + $ ansible-playbook -i <inventory file> playbooks/openshift-checks/health.yml ``` or ```console - $ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/certificate_expiry/default.yaml -v + $ ansible-playbook -i <inventory file> playbooks/openshift-checks/certificate_expiry/default.yaml -v ``` ### The adhoc playbook @@ -72,19 +72,19 @@ using the `-e` flag. For example, to run the `docker_storage` check: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml -e openshift_checks=docker_storage +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml -e openshift_checks=docker_storage ``` To run more checks, use a comma-separated list of check names: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml -e openshift_checks=docker_storage,disk_availability +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml -e openshift_checks=docker_storage,disk_availability ``` To run an entire class of checks, use the name of a check group tag, prefixed by `@`. This will run all checks tagged `preflight`: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml -e openshift_checks=@preflight +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml -e openshift_checks=@preflight ``` It is valid to specify multiple check tags and individual check names together @@ -94,7 +94,7 @@ To list all of the available checks and tags, run the adhoc playbook without setting the `openshift_checks` variable: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml ``` ## Running in a container diff --git a/playbooks/byo/openshift-checks/adhoc.yml b/playbooks/openshift-checks/adhoc.yml index 4ee9e75f1..414090733 100644 --- a/playbooks/byo/openshift-checks/adhoc.yml +++ b/playbooks/openshift-checks/adhoc.yml @@ -1,6 +1,6 @@ --- # NOTE: ideally this would be just part of a single play in -# common/openshift-checks/adhoc.yml that lists the existing checks when +# private/adhoc.yml that lists the existing checks when # openshift_checks is not set or run the requested checks. However, to actually # run the checks we need to have the included dependencies to run first and that # takes time. To speed up listing checks, we use this separate play that runs @@ -20,6 +20,6 @@ action: openshift_health_check when: openshift_checks is undefined or not openshift_checks -- include: ../../init/main.yml +- import_playbook: ../init/main.yml -- include: ../../common/openshift-checks/adhoc.yml +- import_playbook: private/adhoc.yml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/default.yaml b/playbooks/openshift-checks/certificate_expiry/default.yaml index 630135cae..630135cae 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/default.yaml +++ b/playbooks/openshift-checks/certificate_expiry/default.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml b/playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml index 378d1f154..378d1f154 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml +++ b/playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml b/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml index ae41c7c14..ae41c7c14 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +++ b/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml b/playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml index d80cb6ff4..d80cb6ff4 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml +++ b/playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml b/playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml index 2189455b7..2189455b7 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml +++ b/playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml b/playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml index 87a0f3be4..87a0f3be4 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml +++ b/playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml b/playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml index 960457c4b..960457c4b 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml +++ b/playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml diff --git a/playbooks/byo/openshift-checks/roles b/playbooks/openshift-checks/certificate_expiry/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-checks/roles +++ b/playbooks/openshift-checks/certificate_expiry/roles diff --git a/playbooks/openshift-checks/health.yml b/playbooks/openshift-checks/health.yml new file mode 100644 index 000000000..caac06626 --- /dev/null +++ b/playbooks/openshift-checks/health.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/health.yml diff --git a/playbooks/openshift-checks/pre-install.yml b/playbooks/openshift-checks/pre-install.yml new file mode 100644 index 000000000..4511f6e3c --- /dev/null +++ b/playbooks/openshift-checks/pre-install.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/pre-install.yml diff --git a/playbooks/common/openshift-checks/adhoc.yml b/playbooks/openshift-checks/private/adhoc.yml index d0deaeb65..d0deaeb65 100644 --- a/playbooks/common/openshift-checks/adhoc.yml +++ b/playbooks/openshift-checks/private/adhoc.yml diff --git a/playbooks/common/openshift-checks/health.yml b/playbooks/openshift-checks/private/health.yml index d0921b9d3..d0921b9d3 100644 --- a/playbooks/common/openshift-checks/health.yml +++ b/playbooks/openshift-checks/private/health.yml diff --git a/playbooks/common/openshift-checks/install.yml b/playbooks/openshift-checks/private/install.yml index 93cf6c359..93cf6c359 100644 --- a/playbooks/common/openshift-checks/install.yml +++ b/playbooks/openshift-checks/private/install.yml diff --git a/playbooks/common/openshift-checks/pre-install.yml b/playbooks/openshift-checks/private/pre-install.yml index 32449d4e4..32449d4e4 100644 --- a/playbooks/common/openshift-checks/pre-install.yml +++ b/playbooks/openshift-checks/private/pre-install.yml diff --git a/playbooks/byo/openshift-etcd/roles b/playbooks/openshift-checks/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-etcd/roles +++ b/playbooks/openshift-checks/private/roles diff --git a/playbooks/openshift-checks/roles b/playbooks/openshift-checks/roles new file mode 120000 index 000000000..b741aa3db --- /dev/null +++ b/playbooks/openshift-checks/roles @@ -0,0 +1 @@ +../../roles
\ No newline at end of file diff --git a/playbooks/openshift-etcd/certificates.yml b/playbooks/openshift-etcd/certificates.yml new file mode 100644 index 000000000..c06e3b575 --- /dev/null +++ b/playbooks/openshift-etcd/certificates.yml @@ -0,0 +1,6 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/ca.yml + +- import_playbook: private/certificates.yml diff --git a/playbooks/openshift-etcd/config.yml b/playbooks/openshift-etcd/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-etcd/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/openshift-etcd/embedded2external.yml b/playbooks/openshift-etcd/embedded2external.yml new file mode 100644 index 000000000..7d090fa9b --- /dev/null +++ b/playbooks/openshift-etcd/embedded2external.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/embedded2external.yml diff --git a/playbooks/openshift-etcd/migrate.yml b/playbooks/openshift-etcd/migrate.yml new file mode 100644 index 000000000..0340b74a5 --- /dev/null +++ b/playbooks/openshift-etcd/migrate.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/migrate.yml diff --git a/playbooks/common/openshift-etcd/ca.yml b/playbooks/openshift-etcd/private/ca.yml index ac5543be9..c9f186e72 100644 --- a/playbooks/common/openshift-etcd/ca.yml +++ b/playbooks/openshift-etcd/private/ca.yml @@ -2,6 +2,7 @@ - name: Generate new etcd CA hosts: oo_first_etcd roles: + - role: openshift_clock - role: openshift_etcd_facts tasks: - include_role: diff --git a/playbooks/openshift-etcd/private/certificates.yml b/playbooks/openshift-etcd/private/certificates.yml new file mode 100644 index 000000000..7c45938c1 --- /dev/null +++ b/playbooks/openshift-etcd/private/certificates.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: server_certificates.yml + +- import_playbook: master_etcd_certificates.yml diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/openshift-etcd/private/config.yml index 3fe483785..3d6c79834 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/openshift-etcd/private/config.yml @@ -11,20 +11,20 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- include: ca.yml +- import_playbook: ca.yml -- include: certificates.yml +- import_playbook: certificates.yml - name: Configure etcd hosts: oo_etcd_to_config any_errors_fatal: true roles: - role: os_firewall + - role: openshift_clock - role: openshift_etcd etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - role: nickhammond.logrotate - name: etcd Install Checkpoint End diff --git a/playbooks/common/openshift-etcd/embedded2external.yml b/playbooks/openshift-etcd/private/embedded2external.yml index b16b78c4f..514319b88 100644 --- a/playbooks/common/openshift-etcd/embedded2external.yml +++ b/playbooks/openshift-etcd/private/embedded2external.yml @@ -36,7 +36,6 @@ name: etcd tasks_from: backup vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_embedded_etcd: "{{ true }}" r_etcd_common_backup_sufix_name: "{{ embedded_etcd_backup_suffix }}" @@ -45,15 +44,14 @@ name: etcd tasks_from: backup.archive vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_embedded_etcd: "{{ true }}" r_etcd_common_backup_sufix_name: "{{ embedded_etcd_backup_suffix }}" # 3. deploy certificates (for etcd and master) -- include: ca.yml +- import_playbook: ca.yml -- include: server_certificates.yml +- import_playbook: server_certificates.yml - name: Backup etcd client certificates for master host hosts: oo_first_master @@ -63,12 +61,12 @@ tasks_from: backup_master_etcd_certificates - name: Redeploy master etcd certificates - include: master_etcd_certificates.yml + import_playbook: master_etcd_certificates.yml vars: etcd_certificates_redeploy: "{{ true }}" # 4. deploy external etcd -- include: ../openshift-etcd/config.yml +- import_playbook: config.yml # 5. stop external etcd - name: Cleanse etcd @@ -78,13 +76,9 @@ - include_role: name: etcd tasks_from: disable_etcd - vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - include_role: name: etcd tasks_from: clean_data - vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" # 6. copy the embedded etcd backup to the external host # TODO(jchaloup): if the etcd and first master are on the same host, just copy the directory @@ -101,7 +95,6 @@ name: etcd tasks_from: backup.fetch vars: - r_etcd_common_etcd_runtime: "{{ hostvars[groups.oo_first_master.0].openshift.common.etcd_runtime }}" etcd_backup_sync_directory: "{{ g_etcd_client_mktemp.stdout }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_embedded_etcd: "{{ true }}" @@ -112,7 +105,6 @@ name: etcd tasks_from: backup.copy vars: - r_etcd_common_etcd_runtime: "{{ hostvars[groups.oo_etcd_to_config.0].openshift.common.etcd_runtime }}" etcd_backup_sync_directory: "{{ g_etcd_client_mktemp.stdout }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" @@ -134,7 +126,6 @@ name: etcd tasks_from: backup.unarchive vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" @@ -142,7 +133,6 @@ name: etcd tasks_from: backup.force_new_cluster vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" etcd_peer: "{{ openshift.common.ip }}" diff --git a/playbooks/byo/openshift-etcd/filter_plugins b/playbooks/openshift-etcd/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/byo/openshift-etcd/filter_plugins +++ b/playbooks/openshift-etcd/private/filter_plugins diff --git a/playbooks/byo/openshift-etcd/lookup_plugins b/playbooks/openshift-etcd/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/byo/openshift-etcd/lookup_plugins +++ b/playbooks/openshift-etcd/private/lookup_plugins diff --git a/playbooks/common/openshift-etcd/master_etcd_certificates.yml b/playbooks/openshift-etcd/private/master_etcd_certificates.yml index 0a25aac57..d98470db2 100644 --- a/playbooks/common/openshift-etcd/master_etcd_certificates.yml +++ b/playbooks/openshift-etcd/private/master_etcd_certificates.yml @@ -10,5 +10,4 @@ etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" etcd_cert_prefix: "master.etcd-" openshift_ca_host: "{{ groups.oo_first_master.0 }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config diff --git a/playbooks/common/openshift-etcd/migrate.yml b/playbooks/openshift-etcd/private/migrate.yml index 31362f2f6..4269918c2 100644 --- a/playbooks/common/openshift-etcd/migrate.yml +++ b/playbooks/openshift-etcd/private/migrate.yml @@ -48,7 +48,6 @@ name: etcd tasks_from: backup vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_backup_tag: pre-migration r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_etcd_common_backup_sufix_name: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" @@ -76,8 +75,6 @@ - include_role: name: etcd tasks_from: disable_etcd - vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - name: Migrate data on first etcd hosts: oo_etcd_to_migrate[0] @@ -117,7 +114,7 @@ set_fact: r_etcd_migrate_success: true -- include: ./scaleup.yml +- import_playbook: scaleup.yml - name: Gate on etcd migration hosts: oo_masters_to_config diff --git a/playbooks/openshift-etcd/private/restart.yml b/playbooks/openshift-etcd/private/restart.yml new file mode 100644 index 000000000..0751480e2 --- /dev/null +++ b/playbooks/openshift-etcd/private/restart.yml @@ -0,0 +1,19 @@ +--- +- name: Restart etcd + hosts: oo_etcd_to_config + serial: 1 + tasks: + - include_role: + name: etcd + tasks_from: restart.yml + when: + - not g_etcd_certificates_expired | default(false) | bool + +- name: Restart etcd + hosts: oo_etcd_to_config + tasks: + - include_role: + name: etcd + tasks_from: restart.yml + when: + - g_etcd_certificates_expired | default(false) | bool diff --git a/playbooks/byo/openshift-glusterfs/roles b/playbooks/openshift-etcd/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-glusterfs/roles +++ b/playbooks/openshift-etcd/private/roles diff --git a/playbooks/common/openshift-etcd/scaleup.yml b/playbooks/openshift-etcd/private/scaleup.yml index 20061366c..fac8e3f02 100644 --- a/playbooks/common/openshift-etcd/scaleup.yml +++ b/playbooks/openshift-etcd/private/scaleup.yml @@ -36,7 +36,6 @@ vars: etcd_peers: "{{ groups.oo_new_etcd_to_config | default([], true) }}" etcd_certificates_etcd_hosts: "{{ groups.oo_new_etcd_to_config | default([], true) }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" roles: - role: os_firewall when: etcd_add_check.rc == 0 @@ -48,7 +47,6 @@ etcd_initial_cluster_state: "existing" etcd_initial_cluster: "{{ etcd_add_check.stdout_lines[3] | regex_replace('ETCD_INITIAL_CLUSTER=','') | regex_replace('\"','') }}" etcd_ca_setup: False - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - role: nickhammond.logrotate when: etcd_add_check.rc == 0 post_tasks: diff --git a/playbooks/common/openshift-etcd/server_certificates.yml b/playbooks/openshift-etcd/private/server_certificates.yml index 10e06747b..14c74baf3 100644 --- a/playbooks/common/openshift-etcd/server_certificates.yml +++ b/playbooks/openshift-etcd/private/server_certificates.yml @@ -12,4 +12,3 @@ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" diff --git a/playbooks/openshift-etcd/restart.yml b/playbooks/openshift-etcd/restart.yml new file mode 100644 index 000000000..041c1384d --- /dev/null +++ b/playbooks/openshift-etcd/restart.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/restart.yml diff --git a/playbooks/openshift-etcd/scaleup.yml b/playbooks/openshift-etcd/scaleup.yml new file mode 100644 index 000000000..7e9ab6834 --- /dev/null +++ b/playbooks/openshift-etcd/scaleup.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/scaleup.yml diff --git a/playbooks/byo/openshift-glusterfs/README.md b/playbooks/openshift-glusterfs/README.md index f62aea229..f62aea229 100644 --- a/playbooks/byo/openshift-glusterfs/README.md +++ b/playbooks/openshift-glusterfs/README.md diff --git a/playbooks/openshift-glusterfs/config.yml b/playbooks/openshift-glusterfs/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-glusterfs/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-glusterfs/config.yml b/playbooks/openshift-glusterfs/private/config.yml index 19e14ab3e..19e14ab3e 100644 --- a/playbooks/common/openshift-glusterfs/config.yml +++ b/playbooks/openshift-glusterfs/private/config.yml diff --git a/playbooks/byo/openshift-glusterfs/filter_plugins b/playbooks/openshift-glusterfs/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/byo/openshift-glusterfs/filter_plugins +++ b/playbooks/openshift-glusterfs/private/filter_plugins diff --git a/playbooks/byo/openshift-glusterfs/lookup_plugins b/playbooks/openshift-glusterfs/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/byo/openshift-glusterfs/lookup_plugins +++ b/playbooks/openshift-glusterfs/private/lookup_plugins diff --git a/playbooks/common/openshift-glusterfs/registry.yml b/playbooks/openshift-glusterfs/private/registry.yml index 80cf7529e..75c1f0300 100644 --- a/playbooks/common/openshift-glusterfs/registry.yml +++ b/playbooks/openshift-glusterfs/private/registry.yml @@ -1,5 +1,5 @@ --- -- include: config.yml +- import_playbook: config.yml - name: Initialize GlusterFS registry PV and PVC vars hosts: oo_first_master diff --git a/playbooks/common/openshift-etcd/roles b/playbooks/openshift-glusterfs/private/roles index e2b799b9d..e2b799b9d 120000 --- a/playbooks/common/openshift-etcd/roles +++ b/playbooks/openshift-glusterfs/private/roles diff --git a/playbooks/openshift-glusterfs/registry.yml b/playbooks/openshift-glusterfs/registry.yml new file mode 100644 index 000000000..5e3b18536 --- /dev/null +++ b/playbooks/openshift-glusterfs/registry.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/registry.yml diff --git a/playbooks/openshift-hosted/config.yml b/playbooks/openshift-hosted/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-hosted/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-cluster/cockpit-ui.yml b/playbooks/openshift-hosted/private/cockpit-ui.yml index 359132dd0..359132dd0 100644 --- a/playbooks/common/openshift-cluster/cockpit-ui.yml +++ b/playbooks/openshift-hosted/private/cockpit-ui.yml diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/openshift-hosted/private/config.yml index 15ee60dc0..036fe654d 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/openshift-hosted/private/config.yml @@ -11,22 +11,19 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- include: create_persistent_volumes.yml +- import_playbook: create_persistent_volumes.yml -- include: openshift_default_storage_class.yml +- import_playbook: openshift_default_storage_class.yml -- include: openshift_hosted_create_projects.yml +- import_playbook: openshift_hosted_create_projects.yml -- include: openshift_hosted_router.yml +- import_playbook: openshift_hosted_router.yml -- include: openshift_hosted_registry.yml +- import_playbook: openshift_hosted_registry.yml -- include: cockpit-ui.yml +- import_playbook: cockpit-ui.yml -- include: openshift_prometheus.yml - when: openshift_hosted_prometheus_deploy | default(False) | bool - -- include: install_docker_gc.yml +- import_playbook: install_docker_gc.yml when: - openshift_use_crio | default(False) | bool - openshift_crio_enable_docker_gc | default(False) | bool diff --git a/playbooks/common/openshift-cluster/create_persistent_volumes.yml b/playbooks/openshift-hosted/private/create_persistent_volumes.yml index 8a60a30b8..8a60a30b8 100644 --- a/playbooks/common/openshift-cluster/create_persistent_volumes.yml +++ b/playbooks/openshift-hosted/private/create_persistent_volumes.yml diff --git a/playbooks/common/openshift-cluster/install_docker_gc.yml b/playbooks/openshift-hosted/private/install_docker_gc.yml index 1e3dfee07..1e3dfee07 100644 --- a/playbooks/common/openshift-cluster/install_docker_gc.yml +++ b/playbooks/openshift-hosted/private/install_docker_gc.yml diff --git a/playbooks/common/openshift-cluster/openshift_default_storage_class.yml b/playbooks/openshift-hosted/private/openshift_default_storage_class.yml index 62fe0dd60..62fe0dd60 100644 --- a/playbooks/common/openshift-cluster/openshift_default_storage_class.yml +++ b/playbooks/openshift-hosted/private/openshift_default_storage_class.yml diff --git a/playbooks/common/openshift-cluster/openshift_hosted_create_projects.yml b/playbooks/openshift-hosted/private/openshift_hosted_create_projects.yml index d5ca5185c..d5ca5185c 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted_create_projects.yml +++ b/playbooks/openshift-hosted/private/openshift_hosted_create_projects.yml diff --git a/playbooks/common/openshift-cluster/openshift_hosted_registry.yml b/playbooks/openshift-hosted/private/openshift_hosted_registry.yml index 2a91a827c..2a91a827c 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted_registry.yml +++ b/playbooks/openshift-hosted/private/openshift_hosted_registry.yml diff --git a/playbooks/common/openshift-cluster/openshift_hosted_router.yml b/playbooks/openshift-hosted/private/openshift_hosted_router.yml index bcb5a34a4..bcb5a34a4 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted_router.yml +++ b/playbooks/openshift-hosted/private/openshift_hosted_router.yml diff --git a/playbooks/byo/openshift-management/roles b/playbooks/openshift-hosted/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-management/roles +++ b/playbooks/openshift-hosted/private/roles diff --git a/playbooks/openshift-loadbalancer/config.yml b/playbooks/openshift-loadbalancer/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-loadbalancer/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-loadbalancer/config.yml b/playbooks/openshift-loadbalancer/private/config.yml index d737b836b..d737b836b 100644 --- a/playbooks/common/openshift-loadbalancer/config.yml +++ b/playbooks/openshift-loadbalancer/private/config.yml diff --git a/playbooks/byo/openshift-master/filter_plugins b/playbooks/openshift-loadbalancer/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/byo/openshift-master/filter_plugins +++ b/playbooks/openshift-loadbalancer/private/filter_plugins diff --git a/playbooks/byo/openshift-master/lookup_plugins b/playbooks/openshift-loadbalancer/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/byo/openshift-master/lookup_plugins +++ b/playbooks/openshift-loadbalancer/private/lookup_plugins diff --git a/playbooks/byo/openshift-master/roles b/playbooks/openshift-loadbalancer/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-master/roles +++ b/playbooks/openshift-loadbalancer/private/roles diff --git a/playbooks/openshift-management/add_container_provider.yml b/playbooks/openshift-management/add_container_provider.yml new file mode 100644 index 000000000..e0970f525 --- /dev/null +++ b/playbooks/openshift-management/add_container_provider.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/evaluate_groups.yml + +- import_playbook: private/add_container_provider.yml diff --git a/playbooks/byo/openshift-management/add_many_container_providers.yml b/playbooks/openshift-management/add_many_container_providers.yml index 62fdb11c5..62fdb11c5 100644 --- a/playbooks/byo/openshift-management/add_many_container_providers.yml +++ b/playbooks/openshift-management/add_many_container_providers.yml diff --git a/playbooks/openshift-management/config.yml b/playbooks/openshift-management/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-management/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-management/add_container_provider.yml b/playbooks/openshift-management/private/add_container_provider.yml index facb3a5b9..facb3a5b9 100644 --- a/playbooks/common/openshift-management/add_container_provider.yml +++ b/playbooks/openshift-management/private/add_container_provider.yml diff --git a/playbooks/common/openshift-management/config.yml b/playbooks/openshift-management/private/config.yml index 3f1cdf713..3f1cdf713 100644 --- a/playbooks/common/openshift-management/config.yml +++ b/playbooks/openshift-management/private/config.yml diff --git a/playbooks/byo/openshift-node/filter_plugins b/playbooks/openshift-management/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/byo/openshift-node/filter_plugins +++ b/playbooks/openshift-management/private/filter_plugins diff --git a/playbooks/common/openshift-management/library b/playbooks/openshift-management/private/library index ba40d2f56..ba40d2f56 120000 --- a/playbooks/common/openshift-management/library +++ b/playbooks/openshift-management/private/library diff --git a/playbooks/byo/openshift-node/roles b/playbooks/openshift-management/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-node/roles +++ b/playbooks/openshift-management/private/roles diff --git a/playbooks/common/openshift-management/uninstall.yml b/playbooks/openshift-management/private/uninstall.yml index 9f35cc276..9f35cc276 100644 --- a/playbooks/common/openshift-management/uninstall.yml +++ b/playbooks/openshift-management/private/uninstall.yml diff --git a/playbooks/openshift-management/roles b/playbooks/openshift-management/roles new file mode 120000 index 000000000..b741aa3db --- /dev/null +++ b/playbooks/openshift-management/roles @@ -0,0 +1 @@ +../../roles
\ No newline at end of file diff --git a/playbooks/openshift-management/uninstall.yml b/playbooks/openshift-management/uninstall.yml new file mode 100644 index 000000000..c92ade786 --- /dev/null +++ b/playbooks/openshift-management/uninstall.yml @@ -0,0 +1,2 @@ +--- +- import_playbook: private/uninstall.yml diff --git a/playbooks/openshift-master/additional_config.yml b/playbooks/openshift-master/additional_config.yml new file mode 100644 index 000000000..8105f7f88 --- /dev/null +++ b/playbooks/openshift-master/additional_config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/additional_config.yml diff --git a/playbooks/openshift-master/certificates.yml b/playbooks/openshift-master/certificates.yml new file mode 100644 index 000000000..7ae87c09a --- /dev/null +++ b/playbooks/openshift-master/certificates.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/certificates.yml diff --git a/playbooks/openshift-master/config.yml b/playbooks/openshift-master/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-master/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-master/additional_config.yml b/playbooks/openshift-master/private/additional_config.yml index 32f638d42..b7cfbe4e4 100644 --- a/playbooks/common/openshift-master/additional_config.yml +++ b/playbooks/openshift-master/private/additional_config.yml @@ -24,7 +24,7 @@ - role: openshift_project_request_template when: openshift_project_request_template_manage - role: openshift_examples - when: openshift_install_examples | default(true, true) | bool + when: openshift_install_examples | default(true) | bool registry_url: "{{ openshift.master.registry_url }}" - role: openshift_hosted_templates registry_url: "{{ openshift.master.registry_url }}" diff --git a/playbooks/common/openshift-master/certificates.yml b/playbooks/openshift-master/private/certificates.yml index f6afbc36f..f6afbc36f 100644 --- a/playbooks/common/openshift-master/certificates.yml +++ b/playbooks/openshift-master/private/certificates.yml diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/openshift-master/private/config.yml index 6b0fd6b7c..afb8d6bd1 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/openshift-master/private/config.yml @@ -11,7 +11,7 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- include: certificates.yml +- import_playbook: certificates.yml - name: Disable excluders hosts: oo_masters_to_config @@ -229,7 +229,7 @@ hosts: oo_masters serial: 1 tasks: - - include: tasks/wire_aggregator.yml + - include_tasks: tasks/wire_aggregator.yml - name: Re-enable excluder if it was previously enabled hosts: oo_masters_to_config diff --git a/playbooks/common/openshift-etcd/filter_plugins b/playbooks/openshift-master/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/common/openshift-etcd/filter_plugins +++ b/playbooks/openshift-master/private/filter_plugins diff --git a/playbooks/common/openshift-master/library b/playbooks/openshift-master/private/library index d0b7393d3..d0b7393d3 120000 --- a/playbooks/common/openshift-master/library +++ b/playbooks/openshift-master/private/library diff --git a/playbooks/byo/openshift-node/lookup_plugins b/playbooks/openshift-master/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/byo/openshift-node/lookup_plugins +++ b/playbooks/openshift-master/private/lookup_plugins diff --git a/playbooks/common/openshift-master/restart.yml b/playbooks/openshift-master/private/restart.yml index 4d73b8124..5cb284935 100644 --- a/playbooks/common/openshift-master/restart.yml +++ b/playbooks/openshift-master/private/restart.yml @@ -1,5 +1,5 @@ --- -- include: validate_restart.yml +- import_playbook: validate_restart.yml - name: Restart masters hosts: oo_masters_to_config @@ -7,13 +7,12 @@ openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" serial: 1 handlers: - - include: ../../../roles/openshift_master/handlers/main.yml - static: yes + - import_tasks: ../../../roles/openshift_master/handlers/main.yml roles: - openshift_facts post_tasks: - - include: restart_hosts.yml + - include_tasks: tasks/restart_hosts.yml when: openshift_rolling_restart_mode | default('services') == 'system' - - include: restart_services.yml + - include_tasks: tasks/restart_services.yml when: openshift_rolling_restart_mode | default('services') == 'services' diff --git a/playbooks/common/openshift-master/revert-client-ca.yml b/playbooks/openshift-master/private/revert-client-ca.yml index 9ae23bf5b..9ae23bf5b 100644 --- a/playbooks/common/openshift-master/revert-client-ca.yml +++ b/playbooks/openshift-master/private/revert-client-ca.yml diff --git a/playbooks/common/openshift-glusterfs/roles b/playbooks/openshift-master/private/roles index e2b799b9d..e2b799b9d 120000 --- a/playbooks/common/openshift-glusterfs/roles +++ b/playbooks/openshift-master/private/roles diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/openshift-master/private/scaleup.yml index 4c415ebce..8229eccfa 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/openshift-master/private/scaleup.yml @@ -44,14 +44,14 @@ delay: 1 changed_when: false -- include: ../openshift-master/set_network_facts.yml +- import_playbook: set_network_facts.yml -- include: ../openshift-etcd/certificates.yml +- import_playbook: ../../openshift-etcd/private/certificates.yml -- include: ../openshift-master/config.yml +- import_playbook: config.yml -- include: ../openshift-loadbalancer/config.yml +- import_playbook: ../../openshift-loadbalancer/private/config.yml -- include: ../openshift-node/certificates.yml +- import_playbook: ../../openshift-node/private/certificates.yml -- include: ../openshift-node/config.yml +- import_playbook: ../../openshift-node/private/config.yml diff --git a/playbooks/common/openshift-master/set_network_facts.yml b/playbooks/openshift-master/private/set_network_facts.yml index 9a6cf26fc..9a6cf26fc 100644 --- a/playbooks/common/openshift-master/set_network_facts.yml +++ b/playbooks/openshift-master/private/set_network_facts.yml diff --git a/playbooks/common/openshift-master/restart_hosts.yml b/playbooks/openshift-master/private/tasks/restart_hosts.yml index a5dbe0590..a5dbe0590 100644 --- a/playbooks/common/openshift-master/restart_hosts.yml +++ b/playbooks/openshift-master/private/tasks/restart_hosts.yml diff --git a/playbooks/common/openshift-master/restart_services.yml b/playbooks/openshift-master/private/tasks/restart_services.yml index 4e1b3a3be..4e1b3a3be 100644 --- a/playbooks/common/openshift-master/restart_services.yml +++ b/playbooks/openshift-master/private/tasks/restart_services.yml diff --git a/playbooks/common/openshift-master/tasks/wire_aggregator.yml b/playbooks/openshift-master/private/tasks/wire_aggregator.yml index 97acc5d5d..97acc5d5d 100644 --- a/playbooks/common/openshift-master/tasks/wire_aggregator.yml +++ b/playbooks/openshift-master/private/tasks/wire_aggregator.yml diff --git a/playbooks/common/openshift-master/templates/openshift-ansible-catalog-console.js b/playbooks/openshift-master/private/templates/openshift-ansible-catalog-console.js index fd02325ba..fd02325ba 100644 --- a/playbooks/common/openshift-master/templates/openshift-ansible-catalog-console.js +++ b/playbooks/openshift-master/private/templates/openshift-ansible-catalog-console.js diff --git a/playbooks/common/openshift-master/validate_restart.yml b/playbooks/openshift-master/private/validate_restart.yml index 5dbb21502..5dbb21502 100644 --- a/playbooks/common/openshift-master/validate_restart.yml +++ b/playbooks/openshift-master/private/validate_restart.yml diff --git a/playbooks/openshift-master/restart.yml b/playbooks/openshift-master/restart.yml new file mode 100644 index 000000000..041c1384d --- /dev/null +++ b/playbooks/openshift-master/restart.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/restart.yml diff --git a/playbooks/byo/openshift-master/scaleup.yml b/playbooks/openshift-master/scaleup.yml index 4fdec5e7d..f717cd0e9 100644 --- a/playbooks/byo/openshift-master/scaleup.yml +++ b/playbooks/openshift-master/scaleup.yml @@ -1,5 +1,5 @@ --- -- include: ../../init/evaluate_groups.yml +- import_playbook: ../init/evaluate_groups.yml - name: Ensure there are new_masters or new_nodes hosts: localhost @@ -18,6 +18,6 @@ # Need a better way to do the above check for node without # running evaluate_groups and init/main.yml -- include: ../../init/main.yml +- import_playbook: ../init/main.yml -- include: ../../common/openshift-master/scaleup.yml +- import_playbook: private/scaleup.yml diff --git a/playbooks/openshift-metrics/config.yml b/playbooks/openshift-metrics/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-metrics/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-cluster/openshift_metrics.yml b/playbooks/openshift-metrics/private/config.yml index 80cd93e5f..80cd93e5f 100644 --- a/playbooks/common/openshift-cluster/openshift_metrics.yml +++ b/playbooks/openshift-metrics/private/config.yml diff --git a/playbooks/openshift-metrics/private/library b/playbooks/openshift-metrics/private/library new file mode 120000 index 000000000..ba40d2f56 --- /dev/null +++ b/playbooks/openshift-metrics/private/library @@ -0,0 +1 @@ +../../../library
\ No newline at end of file diff --git a/playbooks/common/openshift-checks/roles b/playbooks/openshift-metrics/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/common/openshift-checks/roles +++ b/playbooks/openshift-metrics/private/roles diff --git a/playbooks/openshift-nfs/config.yml b/playbooks/openshift-nfs/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-nfs/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-nfs/config.yml b/playbooks/openshift-nfs/private/config.yml index 6ea77e00b..6ea77e00b 100644 --- a/playbooks/common/openshift-nfs/config.yml +++ b/playbooks/openshift-nfs/private/config.yml diff --git a/playbooks/common/openshift-glusterfs/filter_plugins b/playbooks/openshift-nfs/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/common/openshift-glusterfs/filter_plugins +++ b/playbooks/openshift-nfs/private/filter_plugins diff --git a/playbooks/common/openshift-etcd/lookup_plugins b/playbooks/openshift-nfs/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/common/openshift-etcd/lookup_plugins +++ b/playbooks/openshift-nfs/private/lookup_plugins diff --git a/playbooks/common/openshift-loadbalancer/roles b/playbooks/openshift-nfs/private/roles index e2b799b9d..e2b799b9d 120000 --- a/playbooks/common/openshift-loadbalancer/roles +++ b/playbooks/openshift-nfs/private/roles diff --git a/playbooks/openshift-node/certificates.yml b/playbooks/openshift-node/certificates.yml new file mode 100644 index 000000000..7ae87c09a --- /dev/null +++ b/playbooks/openshift-node/certificates.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/certificates.yml diff --git a/playbooks/openshift-node/config.yml b/playbooks/openshift-node/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-node/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/openshift-node/network_manager.yml b/playbooks/openshift-node/network_manager.yml new file mode 100644 index 000000000..88a93952d --- /dev/null +++ b/playbooks/openshift-node/network_manager.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/evaluate_groups.yml + +- import_playbook: private/network_manager.yml diff --git a/playbooks/common/openshift-node/additional_config.yml b/playbooks/openshift-node/private/additional_config.yml index ac757397b..261e2048f 100644 --- a/playbooks/common/openshift-node/additional_config.yml +++ b/playbooks/openshift-node/private/additional_config.yml @@ -24,7 +24,7 @@ key: oo_nodes_use_{{ (openshift_use_kuryr | default(False)) | ternary('kuryr','nothing') }} changed_when: False -- include: etcd_client_config.yml +- import_playbook: etcd_client_config.yml vars: openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv:oo_nodes_use_kuryr" diff --git a/playbooks/common/openshift-node/certificates.yml b/playbooks/openshift-node/private/certificates.yml index 908885ee6..908885ee6 100644 --- a/playbooks/common/openshift-node/certificates.yml +++ b/playbooks/openshift-node/private/certificates.yml diff --git a/playbooks/common/openshift-node/clean_image.yml b/playbooks/openshift-node/private/clean_image.yml index 38753d0af..38753d0af 100644 --- a/playbooks/common/openshift-node/clean_image.yml +++ b/playbooks/openshift-node/private/clean_image.yml diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/openshift-node/private/config.yml index 28e3c1b1b..300a90371 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/openshift-node/private/config.yml @@ -11,19 +11,19 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- include: certificates.yml +- import_playbook: certificates.yml -- include: setup.yml +- import_playbook: setup.yml -- include: containerized_nodes.yml +- import_playbook: containerized_nodes.yml -- include: configure_nodes.yml +- import_playbook: configure_nodes.yml -- include: additional_config.yml +- import_playbook: additional_config.yml -- include: manage_node.yml +- import_playbook: manage_node.yml -- include: enable_excluders.yml +- import_playbook: enable_excluders.yml - name: Node Install Checkpoint End hosts: all diff --git a/playbooks/common/openshift-node/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml index 17259422d..06f3df9fa 100644 --- a/playbooks/common/openshift-node/configure_nodes.yml +++ b/playbooks/openshift-node/private/configure_nodes.yml @@ -12,6 +12,7 @@ }}" roles: - role: os_firewall + - role: openshift_clock - role: openshift_node - role: tuned - role: nickhammond.logrotate diff --git a/playbooks/common/openshift-node/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml index 6fac937e3..3c3ac3646 100644 --- a/playbooks/common/openshift-node/containerized_nodes.yml +++ b/playbooks/openshift-node/private/containerized_nodes.yml @@ -14,6 +14,7 @@ roles: - role: os_firewall + - role: openshift_clock - role: openshift_node openshift_ca_host: "{{ groups.oo_first_master.0 }}" - role: nickhammond.logrotate diff --git a/playbooks/common/openshift-node/enable_excluders.yml b/playbooks/openshift-node/private/enable_excluders.yml index 5288b14f9..5288b14f9 100644 --- a/playbooks/common/openshift-node/enable_excluders.yml +++ b/playbooks/openshift-node/private/enable_excluders.yml diff --git a/playbooks/common/openshift-node/etcd_client_config.yml b/playbooks/openshift-node/private/etcd_client_config.yml index c3fa38a81..c3fa38a81 100644 --- a/playbooks/common/openshift-node/etcd_client_config.yml +++ b/playbooks/openshift-node/private/etcd_client_config.yml diff --git a/playbooks/common/openshift-loadbalancer/filter_plugins b/playbooks/openshift-node/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/common/openshift-loadbalancer/filter_plugins +++ b/playbooks/openshift-node/private/filter_plugins diff --git a/playbooks/openshift-node/private/image_prep.yml b/playbooks/openshift-node/private/image_prep.yml new file mode 100644 index 000000000..b7ac27bda --- /dev/null +++ b/playbooks/openshift-node/private/image_prep.yml @@ -0,0 +1,21 @@ +--- +- name: normalize groups + import_playbook: ../../init/evaluate_groups.yml + +- name: initialize the facts + import_playbook: ../../init/facts.yml + +- name: initialize the repositories + import_playbook: ../../init/repos.yml + +- name: run node config setup + import_playbook: setup.yml + +- name: run node config + import_playbook: configure_nodes.yml + +- name: Re-enable excluders + import_playbook: enable_excluders.yml + +- name: Remove any undesired artifacts from build + import_playbook: clean_image.yml diff --git a/playbooks/common/openshift-glusterfs/lookup_plugins b/playbooks/openshift-node/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/common/openshift-glusterfs/lookup_plugins +++ b/playbooks/openshift-node/private/lookup_plugins diff --git a/playbooks/common/openshift-node/manage_node.yml b/playbooks/openshift-node/private/manage_node.yml index f48a19a9c..121c54a3d 100644 --- a/playbooks/common/openshift-node/manage_node.yml +++ b/playbooks/openshift-node/private/manage_node.yml @@ -6,6 +6,7 @@ roles: - role: openshift_manage_node openshift_master_host: "{{ groups.oo_first_master.0 }}" + openshift_manage_node_is_master: "{{ ('oo_masters_to_config' in group_names) | bool }}" tasks: - name: Create group for deployment type group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }} diff --git a/playbooks/common/openshift-node/network_manager.yml b/playbooks/openshift-node/private/network_manager.yml index c2efb0483..7211787be 100644 --- a/playbooks/common/openshift-node/network_manager.yml +++ b/playbooks/openshift-node/private/network_manager.yml @@ -1,5 +1,5 @@ --- -- include: ../../init/evaluate_groups.yml +- import_playbook: ../../init/evaluate_groups.yml - name: Install and configure NetworkManager hosts: oo_all_hosts @@ -9,6 +9,8 @@ package: name: 'NetworkManager' state: present + register: result + until: result | success - name: configure NetworkManager lineinfile: diff --git a/playbooks/common/openshift-node/restart.yml b/playbooks/openshift-node/private/restart.yml index c3beb59b7..c3beb59b7 100644 --- a/playbooks/common/openshift-node/restart.yml +++ b/playbooks/openshift-node/private/restart.yml diff --git a/playbooks/common/openshift-master/roles b/playbooks/openshift-node/private/roles index e2b799b9d..e2b799b9d 120000 --- a/playbooks/common/openshift-master/roles +++ b/playbooks/openshift-node/private/roles diff --git a/playbooks/common/openshift-node/setup.yml b/playbooks/openshift-node/private/setup.yml index 794c03a67..794c03a67 100644 --- a/playbooks/common/openshift-node/setup.yml +++ b/playbooks/openshift-node/private/setup.yml diff --git a/playbooks/openshift-node/restart.yml b/playbooks/openshift-node/restart.yml new file mode 100644 index 000000000..041c1384d --- /dev/null +++ b/playbooks/openshift-node/restart.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/restart.yml diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/openshift-node/scaleup.yml index bf1bbcf46..bdfd3d3e6 100644 --- a/playbooks/byo/openshift-node/scaleup.yml +++ b/playbooks/openshift-node/scaleup.yml @@ -1,5 +1,5 @@ --- -- include: ../../init/evaluate_groups.yml +- import_playbook: ../init/evaluate_groups.yml - name: Ensure there are new_nodes hosts: localhost @@ -16,6 +16,6 @@ # Need a better way to do the above check for node without # running evaluate_groups and init/main.yml -- include: ../../init/main.yml +- import_playbook: ../init/main.yml -- include: ../../common/openshift-node/config.yml +- import_playbook: private/config.yml diff --git a/playbooks/openshift-prometheus/config.yml b/playbooks/openshift-prometheus/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-prometheus/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-cluster/openshift_prometheus.yml b/playbooks/openshift-prometheus/private/config.yml index 7aa9a16e6..d13261a7a 100644 --- a/playbooks/common/openshift-cluster/openshift_prometheus.yml +++ b/playbooks/openshift-prometheus/private/config.yml @@ -11,7 +11,7 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- name: Create Hosted Resources - openshift_prometheus +- name: OpenShift Prometheus hosts: oo_first_master roles: - role: openshift_prometheus diff --git a/playbooks/common/openshift-management/roles b/playbooks/openshift-prometheus/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/common/openshift-management/roles +++ b/playbooks/openshift-prometheus/private/roles diff --git a/playbooks/openshift-provisioners/config.yml b/playbooks/openshift-provisioners/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-provisioners/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-cluster/openshift_provisioners.yml b/playbooks/openshift-provisioners/private/config.yml index b1ca6f606..b1ca6f606 100644 --- a/playbooks/common/openshift-cluster/openshift_provisioners.yml +++ b/playbooks/openshift-provisioners/private/config.yml diff --git a/playbooks/openshift-provisioners/private/roles b/playbooks/openshift-provisioners/private/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/openshift-provisioners/private/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/openshift-service-catalog/config.yml b/playbooks/openshift-service-catalog/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-service-catalog/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-cluster/service_catalog.yml b/playbooks/openshift-service-catalog/private/config.yml index 7bb8511f6..7bb8511f6 100644 --- a/playbooks/common/openshift-cluster/service_catalog.yml +++ b/playbooks/openshift-service-catalog/private/config.yml diff --git a/playbooks/openshift-service-catalog/private/roles b/playbooks/openshift-service-catalog/private/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/openshift-service-catalog/private/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/openstack/README.md b/playbooks/openstack/README.md index f3fe13530..c762169eb 100644 --- a/playbooks/openstack/README.md +++ b/playbooks/openstack/README.md @@ -6,7 +6,7 @@ etc.). The result is an environment ready for OpenShift installation via [openshift-ansible]. We provide everything necessary to be able to install OpenShift on -OpenStack (including the DNS and load balancer servers when +OpenStack (including the load balancer servers when necessary). In addition, we work on providing integration with the OpenStack-native services (storage, lbaas, baremetal as a service, dns, etc.). @@ -38,18 +38,6 @@ Optional: * External Neutron network with a floating IP address pool -## DNS Requirements - -OpenShift requires DNS to operate properly. OpenStack supports DNS-as-a-service -in the form of the Designate project, but the playbooks here don't support it -yet. Until we do, you will need to provide a DNS solution yourself (or in case -you are not running Designate when we do). - -If your server supports nsupdate, we will use it to add the necessary records. - -TODO(shadower): describe how to build a sample DNS server and how to configure -our playbooks for nsupdate. - ## Installation @@ -57,14 +45,13 @@ There are four main parts to the installation: 1. [Preparing Ansible and dependencies](#1-preparing-ansible-and-dependencies) 2. [Configuring the desired OpenStack environment and OpenShift cluster](#2-configuring-the-openstack-environment-and-openshift-cluster) -3. [Creating the OpenStack resources (VMs, networking, etc.)](#3-creating-the-openstack-resources-vms-networking-etc) -4. [Installing OpenShift](#4-installing-openshift) +3. [Creating the OpenStack Resources and Installing OpenShift](#3-creating-the-openstack-resources-and-installing-openshift) This guide is going to install [OpenShift Origin][origin] with [CentOS 7][centos7] images with minimal customisation. -We will create the VMs for running OpenShift, in a new Neutron -network, assign Floating IP addresses and configure DNS. +We will create the VMs for running OpenShift, in a new Neutron network and +assign Floating IP addresses. The OpenShift cluster will have a single Master node that will run `etcd`, a single Infra node and two App nodes. @@ -156,14 +143,6 @@ $ vi inventory/group_vars/all.yml 4. Set the `openshift_openstack_default_flavor` to the flavor you want your OpenShift VMs to use. - See `openstack flavor list` for the list of available flavors. -5. Set the `openshift_openstack_dns_nameservers` to the list of the IP addresses - of the DNS servers used for the **private** address resolution. - -**NOTE ON DNS**: at minimum, the OpenShift nodes need to be able to access each -other by their hostname. OpenStack doesn't provide this by default, so you -need to provide a DNS server. Put the address of that DNS server in -`openshift_openstack_dns_nameservers` variable. - @@ -191,7 +170,7 @@ the [Sample OpenShift Inventory][sample-openshift-inventory] and the [advanced configuration][advanced-configuration]. -### 3. Creating the OpenStack resources (VMs, networking, etc.) +### 3. Creating the OpenStack Resources and Installing OpenShift We provide an `ansible.cfg` file which has some useful defaults -- you should copy it to the directory you're going to run `ansible-playbook` from. @@ -200,11 +179,11 @@ copy it to the directory you're going to run `ansible-playbook` from. $ cp openshift-ansible/ansible.cfg ansible.cfg ``` -Then run the provisioning playbook -- this will create the OpenStack +Then run the provision + install playbook -- this will create the OpenStack resources: ```bash -$ ansible-playbook --user openshift -i inventory openshift-ansible/playbooks/openstack/openshift-cluster/provision.yaml +$ ansible-playbook --user openshift -i inventory openshift-ansible/playbooks/openstack/openshift-cluster/provision_install.yaml ``` If you're using multiple inventories, make sure you pass the path to @@ -214,15 +193,6 @@ If your SSH private key is not in `~/.ssh/id_rsa` use the `--private-key` option to specify the correct path. -### 4. Installing OpenShift - -Run the `byo/config.yml` playbook on top of the OpenStack nodes we have -prepared. - -```bash -$ ansible-playbook -i inventory openshift-ansible/playbooks/byo/config.yml -``` - ### Next Steps diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index 90cc20b98..c0bdf5020 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -47,44 +47,42 @@ Otherwise, even if there are differences between the two versions, installation ## Accessing the OpenShift Cluster -### Use the Cluster DNS +### Configure DNS -In addition to the OpenShift nodes, we created a DNS server with all -the necessary entries. We will configure your *Ansible host* to use -this new DNS and talk to the deployed OpenShift. +OpenShift requires two DNS records to function fully. The first one points to +the master/load balancer and provides the UI/API access. The other one is a +wildcard domain that resolves app route requests to the infra node. -First, get the DNS IP address: +If you followed the default installation from the README section, there is no +DNS configured. You should add two entries to the `/etc/hosts` file on the +Ansible host (where you to do a quick validation. A real deployment will +however require a DNS server with the following entries set. -```bash -$ openstack server show dns-0.openshift.example.com --format value --column addresses -openshift-ansible-openshift.example.com-net=192.168.99.11, 10.40.128.129 -``` - -Note the floating IP address (it's `10.40.128.129` in this case) -- if -you're not sure, try pinging them both -- it's the one that responds -to pings. +First, run the `openstack server list` command and note the floating IP +addresses of the *master* and *infra* nodes (we will use `10.40.128.130` for +master and `10.40.128.134` for infra here). -Next, edit your `/etc/resolv.conf` as root and put `nameserver DNS_IP` as your -**first entry**. - -If your `/etc/resolv.conf` currently looks like this: +Then add the following entries to your `/etc/hosts`: ``` -; generated by /usr/sbin/dhclient-script -search openstacklocal -nameserver 192.168.0.3 -nameserver 192.168.0.2 +10.40.128.130 console.openshift.example.com +10.40.128.134 cakephp-mysql-example-test.apps.openshift.example.com ``` -Change it to this: +This points the cluster domain (as defined in the +`openshift_master_cluster_public_hostname` Ansible variable in `OSEv3`) to the +master node and any routes for deployed apps to the infra node. + +If you deploy another app, it will end up with a different URL (e.g. +myapp-test.apps.openshift.example.com) and you will need to add that too. This +is why a real deployment should always run a DNS where the second entry will be +a wildcard `*.apps.openshift.example.com). + +This will be sufficient to validate the cluster here. + +Take a look at the [External DNS](#dns-configuration-variables) section for +configuring a DNS service. -``` -; generated by /usr/sbin/dhclient-script -search openstacklocal -nameserver 10.40.128.129 -nameserver 192.168.0.3 -nameserver 192.168.0.2 -``` ### Get the `oc` Client diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml index 1e55adb9e..90608bbc0 100644 --- a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml +++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml @@ -5,8 +5,7 @@ openshift_deployment_type: origin openshift_master_default_subdomain: "apps.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" openshift_master_cluster_method: native -openshift_master_cluster_hostname: "console.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" -openshift_master_cluster_public_hostname: "{{ openshift_master_cluster_hostname }}" +openshift_master_cluster_public_hostname: "console.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" osm_default_node_selector: 'region=primary' diff --git a/playbooks/openstack/sample-inventory/group_vars/all.yml b/playbooks/openstack/sample-inventory/group_vars/all.yml index 921edb867..ae1528123 100644 --- a/playbooks/openstack/sample-inventory/group_vars/all.yml +++ b/playbooks/openstack/sample-inventory/group_vars/all.yml @@ -10,7 +10,6 @@ openshift_openstack_dns_nameservers: [] #openshift_openstack_node_hostname: "app-node" #openshift_openstack_lb_hostname: "lb" #openshift_openstack_etcd_hostname: "etcd" -#openshift_openstack_dns_hostname: "dns" openshift_openstack_keypair_name: "openshift" openshift_openstack_external_network_name: "public" @@ -34,7 +33,6 @@ openshift_openstack_external_network_name: "public" #openshift_openstack_node_image_name: "centos7" #openshift_openstack_lb_image_name: "centos7" #openshift_openstack_etcd_image_name: "centos7" -#openshift_openstack_dns_image_name: "centos7" openshift_openstack_default_image_name: "centos7" openshift_openstack_num_masters: 1 @@ -49,7 +47,6 @@ openshift_openstack_num_nodes: 2 #openshift_openstack_node_flavor: "m1.medium" #openshift_openstack_lb_flavor: "m1.medium" #openshift_openstack_etcd_flavor: "m1.medium" -#openshift_openstack_dns_flavor: "m1.medium" openshift_openstack_default_flavor: "m1.medium" # # Numerical index of nodes to remove @@ -62,7 +59,6 @@ openshift_openstack_default_flavor: "m1.medium" #openshift_openstack_docker_infra_volume_size: "15" #openshift_openstack_docker_node_volume_size: "15" #openshift_openstack_docker_etcd_volume_size: "2" -#openshift_openstack_docker_dns_volume_size: "1" #openshift_openstack_docker_lb_volume_size: "5" openshift_openstack_docker_volume_size: "15" @@ -110,7 +106,6 @@ openshift_openstack_subnet_prefix: "192.168.99" # # Roll-your-own DNS -#openshift_openstack_num_dns: 0 #openshift_openstack_external_nsupdate_keys: # public: # key_secret: 'SKqKNdpfk7llKxZ57bbxUnUDobaaJp9t8CjXLJPl+fRI5mPcSBuxTAyvJPa6Y9R7vUg9DwCy/6WTpgLNqnV4Hg==' @@ -121,10 +116,6 @@ openshift_openstack_subnet_prefix: "192.168.99" # key_algorithm: 'hmac-md5' # server: '192.168.1.2' -# # Customize DNS server security options -#named_public_recursion: 'no' -#named_private_recursion: 'yes' - # NOTE(shadower): Do not change this value. The Ansible user is currently # hardcoded to `openshift`. diff --git a/playbooks/openstack/sample-inventory/inventory.py b/playbooks/openstack/sample-inventory/inventory.py index 47c56d94d..ad3fd936b 100755 --- a/playbooks/openstack/sample-inventory/inventory.py +++ b/playbooks/openstack/sample-inventory/inventory.py @@ -79,10 +79,19 @@ def build_inventory(): public_v4 = server.public_v4 or server.private_v4 if public_v4: - hostvars['public_v4'] = public_v4 + hostvars['public_v4'] = server.public_v4 + hostvars['openshift_public_ip'] = server.public_v4 # TODO(shadower): what about multiple networks? if server.private_v4: hostvars['private_v4'] = server.private_v4 + # NOTE(shadower): Yes, we set both hostname and IP to the private + # IP address for each node. OpenStack doesn't resolve nodes by + # name at all, so using a hostname here would require an internal + # DNS which would complicate the setup and potentially introduce + # performance issues. + hostvars['openshift_ip'] = server.private_v4 + hostvars['openshift_hostname'] = server.private_v4 + hostvars['openshift_public_hostname'] = server.name node_labels = server.metadata.get('node_labels') if node_labels: diff --git a/playbooks/prerequisites.yml b/playbooks/prerequisites.yml new file mode 100644 index 000000000..582dfe794 --- /dev/null +++ b/playbooks/prerequisites.yml @@ -0,0 +1,7 @@ +--- +- name: Place holder for prerequisites + hosts: localhost + gather_facts: false + tasks: + - name: Debug placeholder + debug: msg="Prerequisites ran." diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index 75be7a784..f9b9b3217 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -30,9 +30,9 @@ ansible_service_broker_image: "{{ ansible_service_broker_image_prefix }}ansible-service-broker:{{ ansible_service_broker_image_tag }}" ansible_service_broker_etcd_image: "{{ ansible_service_broker_etcd_image_prefix }}etcd:{{ ansible_service_broker_etcd_image_tag }}" -- include: validate_facts.yml +- include_tasks: validate_facts.yml -- include: generate_certs.yml +- include_tasks: generate_certs.yml # Deployment of ansible-service-broker starts here - name: create openshift-ansible-service-broker project diff --git a/roles/ansible_service_broker/tasks/main.yml b/roles/ansible_service_broker/tasks/main.yml index f5e06d163..4a3c15d01 100644 --- a/roles/ansible_service_broker/tasks/main.yml +++ b/roles/ansible_service_broker/tasks/main.yml @@ -1,8 +1,8 @@ --- # do any asserts here -- include: install.yml +- include_tasks: install.yml when: ansible_service_broker_install | bool -- include: remove.yml +- include_tasks: remove.yml when: ansible_service_broker_remove | bool diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml index 066ee3f3b..f63b3e49b 100644 --- a/roles/cockpit/tasks/main.yml +++ b/roles/cockpit/tasks/main.yml @@ -1,7 +1,6 @@ --- - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install cockpit-ws package: name={{ item }} state=present @@ -12,6 +11,8 @@ - cockpit-docker - "{{ cockpit_plugins }}" when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Enable cockpit-ws systemd: diff --git a/roles/contiv/tasks/download_bins.yml b/roles/contiv/tasks/download_bins.yml index 319fce46c..741c1d1da 100644 --- a/roles/contiv/tasks/download_bins.yml +++ b/roles/contiv/tasks/download_bins.yml @@ -8,6 +8,8 @@ yum: name: bzip2 state: installed + register: result + until: result | success - name: Download Bins | Download Contiv tar file get_url: diff --git a/roles/contiv/tasks/main.yml b/roles/contiv/tasks/main.yml index 40a0f9e61..cb9196a71 100644 --- a/roles/contiv/tasks/main.yml +++ b/roles/contiv/tasks/main.yml @@ -5,10 +5,10 @@ recurse: yes state: directory -- include: download_bins.yml +- include_tasks: download_bins.yml -- include: netmaster.yml +- include_tasks: netmaster.yml when: contiv_role == "netmaster" -- include: netplugin.yml +- include_tasks: netplugin.yml when: contiv_role == "netplugin" diff --git a/roles/contiv/tasks/netmaster.yml b/roles/contiv/tasks/netmaster.yml index cc52d3a43..6f15af8c2 100644 --- a/roles/contiv/tasks/netmaster.yml +++ b/roles/contiv/tasks/netmaster.yml @@ -1,8 +1,8 @@ --- -- include: netmaster_firewalld.yml +- include_tasks: netmaster_firewalld.yml when: has_firewalld -- include: netmaster_iptables.yml +- include_tasks: netmaster_iptables.yml when: not has_firewalld and has_iptables - name: Netmaster | Check is /etc/hosts file exists @@ -70,8 +70,8 @@ state: started register: netmaster_started -- include: aci.yml +- include_tasks: aci.yml when: contiv_fabric_mode == "aci" -- include: default_network.yml +- include_tasks: default_network.yml when: contiv_default_network == true diff --git a/roles/contiv/tasks/netplugin.yml b/roles/contiv/tasks/netplugin.yml index e861a2591..0b2f91bab 100644 --- a/roles/contiv/tasks/netplugin.yml +++ b/roles/contiv/tasks/netplugin.yml @@ -1,8 +1,8 @@ --- -- include: netplugin_firewalld.yml +- include_tasks: netplugin_firewalld.yml when: has_firewalld -- include: netplugin_iptables.yml +- include_tasks: netplugin_iptables.yml when: has_iptables - name: Netplugin | Ensure localhost entry correct in /etc/hosts @@ -19,7 +19,7 @@ line: '::1 ' state: absent -- include: ovs.yml +- include_tasks: ovs.yml when: netplugin_driver == "ovs" - name: Netplugin | Create Netplugin bin symlink diff --git a/roles/contiv/tasks/ovs.yml b/roles/contiv/tasks/ovs.yml index 0c1b994c7..5c92e90e9 100644 --- a/roles/contiv/tasks/ovs.yml +++ b/roles/contiv/tasks/ovs.yml @@ -1,5 +1,5 @@ --- -- include: packageManagerInstall.yml +- include_tasks: packageManagerInstall.yml when: source_type == "packageManager" tags: - binary-update diff --git a/roles/contiv/tasks/packageManagerInstall.yml b/roles/contiv/tasks/packageManagerInstall.yml index e0d48e643..d5726476c 100644 --- a/roles/contiv/tasks/packageManagerInstall.yml +++ b/roles/contiv/tasks/packageManagerInstall.yml @@ -3,7 +3,7 @@ set_fact: did_install: false -- include: pkgMgrInstallers/centos-install.yml +- include_tasks: pkgMgrInstallers/centos-install.yml when: (ansible_os_family == "RedHat") and not is_atomic diff --git a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml index 91e6aadf3..62b4716a3 100644 --- a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml +++ b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml @@ -3,6 +3,8 @@ yum: pkg=net-tools state=latest + register: result + until: result | success - name: PkgMgr RHEL/CentOS | Get openstack ocata rpm get_url: @@ -20,6 +22,8 @@ yum: name=/tmp/rdo-release-ocata-2.noarch.rpm state=present tags: - ovs_install + register: result + until: result | success - name: PkgMgr RHEL/CentOS | Install ovs yum: @@ -31,3 +35,5 @@ no_proxy: "{{ no_proxy|default('') }}" tags: - ovs_install + register: result + until: result | success diff --git a/roles/contiv_facts/tasks/fedora-install.yml b/roles/contiv_facts/tasks/fedora-install.yml index db56a18c0..a57f6eb19 100644 --- a/roles/contiv_facts/tasks/fedora-install.yml +++ b/roles/contiv_facts/tasks/fedora-install.yml @@ -3,6 +3,8 @@ yum: name: dnf state: installed + register: result + until: result | success - name: Update repo cache command: dnf update -y diff --git a/roles/contiv_facts/tasks/main.yml b/roles/contiv_facts/tasks/main.yml index 7a4972fca..3267a4ab0 100644 --- a/roles/contiv_facts/tasks/main.yml +++ b/roles/contiv_facts/tasks/main.yml @@ -81,8 +81,8 @@ has_iptables: false # collect information about what packages are installed -- include: rpm.yml +- include_tasks: rpm.yml when: has_rpm -- include: fedora-install.yml +- include_tasks: fedora-install.yml when: not is_atomic and ansible_distribution == "Fedora" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 69ee62790..b02a74711 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -2,7 +2,7 @@ # These tasks dispatch to the proper set of docker tasks based on the # inventory:openshift_docker_use_system_container variable -- include: udev_workaround.yml +- include_tasks: udev_workaround.yml when: docker_udev_workaround | default(False) | bool - set_fact: @@ -20,7 +20,7 @@ - not l_use_crio_only - name: Use Package Docker if Requested - include: package_docker.yml + include_tasks: package_docker.yml when: - not l_use_system_container - not l_use_crio_only @@ -35,13 +35,13 @@ changed_when: false - name: Use System Container Docker if Requested - include: systemcontainer_docker.yml + include_tasks: systemcontainer_docker.yml when: - l_use_system_container - not l_use_crio_only - name: Add CRI-O usage Requested - include: systemcontainer_crio.yml + include_tasks: systemcontainer_crio.yml when: - l_use_crio - openshift_docker_is_node_or_master | bool @@ -60,10 +60,11 @@ state: stopped name: "{{ openshift.docker.service_name }}" - - name: "Ensure {{ docker_alt_storage_path }} exists" - file: - path: "{{ docker_alt_storage_path }}" - state: directory + - name: copy "{{ docker_default_storage_path }}" to "{{ docker_alt_storage_path }}" + command: "cp -r {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" + register: results + failed_when: + - results.rc != 0 - name: "Set the selinux context on {{ docker_alt_storage_path }}" command: "semanage fcontext -a -e {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index 8121163a6..044b04478 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -1,6 +1,6 @@ --- - name: Get current installed Docker version - command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" + command: "{{ repoquery_installed }} --qf '%{version}' docker" when: not openshift.common.is_atomic | bool register: curr_docker_version retries: 4 @@ -33,9 +33,12 @@ # Make sure Docker is installed, but does not update a running version. # Docker upgrades are handled by a separate playbook. +# Note: The curr_docker_version.stdout check can be removed when https://github.com/ansible/ansible/issues/33187 gets fixed. - name: Install Docker package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present - when: not openshift.common.is_atomic | bool + when: not openshift.common.is_atomic | bool and not curr_docker_version | skipped and not curr_docker_version.stdout != '' + register: result + until: result | success - block: # Extend the default Docker service unit file when using iptables-services @@ -157,4 +160,4 @@ - meta: flush_handlers # This needs to run after docker is restarted to account for proxy settings. -- include: registry_auth.yml +- include_tasks: registry_auth.yml diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 3fe10454d..3439aa353 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -3,16 +3,10 @@ # TODO: Much of this file is shared with container engine tasks - set_fact: l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}" - when: l2_docker_insecure_registries | bool - set_fact: l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}" - when: l2_docker_additional_registries | bool -- set_fact: - l_crio_registries: "{{ ['docker.io'] }}" - when: not (l2_docker_additional_registries | bool) - set_fact: l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}" - when: l2_docker_additional_registries | bool - set_fact: l_openshift_image_tag: "{{ openshift_image_tag | string }}" @@ -35,6 +29,8 @@ name: container-selinux state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check we are not using node as a Docker container with CRI-O fail: msg='Cannot use CRI-O with node configured as a Docker container' @@ -48,6 +44,8 @@ name: atomic state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # At the time of writing the atomic command requires runc for it's own use. This # task is here in the even that the atomic package ever removes the dependency. @@ -56,6 +54,8 @@ name: runc state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check that overlay is in the kernel @@ -162,7 +162,7 @@ state: directory - name: setup firewall for CRI-O - include: crio_firewall.yml + include_tasks: crio_firewall.yml static: yes - name: Configure the CNI network @@ -182,6 +182,6 @@ # If we are using crio only, docker.service might not be available for # 'docker login' -- include: registry_auth.yml +- include_tasks: registry_auth.yml vars: openshift_docker_alternative_creds: "{{ l_use_crio_only }}" diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml index 84220fa66..881d83f50 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -34,6 +34,8 @@ name: container-selinux state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Used to pull and install the system container - name: Ensure atomic is installed @@ -41,6 +43,8 @@ name: atomic state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # At the time of writing the atomic command requires runc for it's own use. This # task is here in the even that the atomic package ever removes the dependency. @@ -49,11 +53,15 @@ name: runc state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Make sure Docker is installed so we are able to use the client - name: Install Docker so we can use the client package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Make sure docker is disabled. Errors are ignored. - name: Disable Docker @@ -177,6 +185,6 @@ # Since docker is running as a system container, docker login will fail to create # credentials. Use alternate method if requiring authenticated registries. -- include: registry_auth.yml +- include_tasks: registry_auth.yml vars: openshift_docker_alternative_creds: True diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index 4b734d4ed..a069e4d87 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -2,10 +2,18 @@ r_etcd_common_backup_tag: '' r_etcd_common_backup_sufix_name: '' +l_is_etcd_system_container: "{{ (openshift_use_etcd_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" + # runc, docker, host -r_etcd_common_etcd_runtime: "docker" +r_etcd_common_etcd_runtime: "{{ 'runc' if l_is_etcd_system_container else 'docker' if l_is_containerized else 'host' }}" r_etcd_common_embedded_etcd: false +osm_etcd_image: 'registry.access.redhat.com/rhel7/etcd' +etcd_image_dict: + origin: "registry.fedoraproject.org/f26/etcd" + openshift-enterprise: "{{ osm_etcd_image }}" +etcd_image: "{{ etcd_image_dict[openshift_deployment_type | default('origin')] }}" + # etcd run on a host => use etcdctl command directly # etcd run as a docker container => use docker exec # etcd run as a runc container => use runc exec diff --git a/roles/etcd/tasks/auxiliary/drop_etcdctl.yml b/roles/etcd/tasks/auxiliary/drop_etcdctl.yml index 11bd2310e..603f2531f 100644 --- a/roles/etcd/tasks/auxiliary/drop_etcdctl.yml +++ b/roles/etcd/tasks/auxiliary/drop_etcdctl.yml @@ -2,6 +2,8 @@ - name: Install etcd for etcdctl package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Configure etcd profile.d aliases template: diff --git a/roles/etcd/tasks/backup.archive.yml b/roles/etcd/tasks/backup.archive.yml index 6daa6dc51..a29a90ea3 100644 --- a/roles/etcd/tasks/backup.archive.yml +++ b/roles/etcd/tasks/backup.archive.yml @@ -1,3 +1,3 @@ --- -- include: backup/vars.yml -- include: backup/archive.yml +- include_tasks: backup/vars.yml +- include_tasks: backup/archive.yml diff --git a/roles/etcd/tasks/backup.copy.yml b/roles/etcd/tasks/backup.copy.yml index cc540cbca..6e8502e3b 100644 --- a/roles/etcd/tasks/backup.copy.yml +++ b/roles/etcd/tasks/backup.copy.yml @@ -1,3 +1,3 @@ --- -- include: backup/vars.yml -- include: backup/copy.yml +- include_tasks: backup/vars.yml +- include_tasks: backup/copy.yml diff --git a/roles/etcd/tasks/backup.fetch.yml b/roles/etcd/tasks/backup.fetch.yml index 26ec15043..d33878804 100644 --- a/roles/etcd/tasks/backup.fetch.yml +++ b/roles/etcd/tasks/backup.fetch.yml @@ -1,3 +1,3 @@ --- -- include: backup/vars.yml -- include: backup/fetch.yml +- include_tasks: backup/vars.yml +- include_tasks: backup/fetch.yml diff --git a/roles/etcd/tasks/backup.force_new_cluster.yml b/roles/etcd/tasks/backup.force_new_cluster.yml index d2e866416..7dd0899ee 100644 --- a/roles/etcd/tasks/backup.force_new_cluster.yml +++ b/roles/etcd/tasks/backup.force_new_cluster.yml @@ -1,5 +1,5 @@ --- -- include: backup/vars.yml +- include_tasks: backup/vars.yml - name: Move content of etcd backup under the etcd data directory command: > @@ -9,4 +9,4 @@ command: > chown -R etcd:etcd "{{ etcd_data_dir }}" -- include: auxiliary/force_new_cluster.yml +- include_tasks: auxiliary/force_new_cluster.yml diff --git a/roles/etcd/tasks/backup.unarchive.yml b/roles/etcd/tasks/backup.unarchive.yml index 77a637360..f92e87c3d 100644 --- a/roles/etcd/tasks/backup.unarchive.yml +++ b/roles/etcd/tasks/backup.unarchive.yml @@ -1,3 +1,3 @@ --- -- include: backup/vars.yml -- include: backup/unarchive.yml +- include_tasks: backup/vars.yml +- include_tasks: backup/unarchive.yml diff --git a/roles/etcd/tasks/backup.yml b/roles/etcd/tasks/backup.yml index c0538e596..60bb82100 100644 --- a/roles/etcd/tasks/backup.yml +++ b/roles/etcd/tasks/backup.yml @@ -1,2 +1,2 @@ --- -- include: backup/backup.yml +- include_tasks: backup/backup.yml diff --git a/roles/etcd/tasks/backup/backup.yml b/roles/etcd/tasks/backup/backup.yml index ca0d29155..9da023dbd 100644 --- a/roles/etcd/tasks/backup/backup.yml +++ b/roles/etcd/tasks/backup/backup.yml @@ -1,5 +1,5 @@ --- -- include: vars.yml +- include_tasks: vars.yml # TODO: replace shell module with command and update later checks - name: Check available disk space for etcd backup @@ -43,6 +43,8 @@ when: - r_etcd_common_embedded_etcd | bool - not l_ostree_booted.stat.exists | bool + register: result + until: result | success - name: Check selinux label of '{{ etcd_data_dir }}' command: > diff --git a/roles/etcd/tasks/backup_ca_certificates.yml b/roles/etcd/tasks/backup_ca_certificates.yml index a41b032f3..c87359900 100644 --- a/roles/etcd/tasks/backup_ca_certificates.yml +++ b/roles/etcd/tasks/backup_ca_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/backup_ca_certificates.yml +- include_tasks: certificates/backup_ca_certificates.yml diff --git a/roles/etcd/tasks/backup_generated_certificates.yml b/roles/etcd/tasks/backup_generated_certificates.yml index 8cf2a10cc..fa73ea590 100644 --- a/roles/etcd/tasks/backup_generated_certificates.yml +++ b/roles/etcd/tasks/backup_generated_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/backup_generated_certificates.yml +- include_tasks: certificates/backup_generated_certificates.yml diff --git a/roles/etcd/tasks/backup_master_etcd_certificates.yml b/roles/etcd/tasks/backup_master_etcd_certificates.yml index 129e1831c..5526825fa 100644 --- a/roles/etcd/tasks/backup_master_etcd_certificates.yml +++ b/roles/etcd/tasks/backup_master_etcd_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/backup_master_etcd_certificates.yml +- include_tasks: certificates/backup_master_etcd_certificates.yml diff --git a/roles/etcd/tasks/backup_server_certificates.yml b/roles/etcd/tasks/backup_server_certificates.yml index 267ffeb4d..5f3052be1 100644 --- a/roles/etcd/tasks/backup_server_certificates.yml +++ b/roles/etcd/tasks/backup_server_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/backup_server_certificates.yml +- include_tasks: certificates/backup_server_certificates.yml diff --git a/roles/etcd/tasks/ca.yml b/roles/etcd/tasks/ca.yml index cca1e9ad7..dd4b59e24 100644 --- a/roles/etcd/tasks/ca.yml +++ b/roles/etcd/tasks/ca.yml @@ -1,2 +1,2 @@ --- -- include: certificates/deploy_ca.yml +- include_tasks: certificates/deploy_ca.yml diff --git a/roles/etcd/tasks/certificates/deploy_ca.yml b/roles/etcd/tasks/certificates/deploy_ca.yml index 3d32290a2..bd4dafafd 100644 --- a/roles/etcd/tasks/certificates/deploy_ca.yml +++ b/roles/etcd/tasks/certificates/deploy_ca.yml @@ -6,6 +6,8 @@ when: not etcd_is_atomic | bool delegate_to: "{{ etcd_ca_host }}" run_once: true + register: result + until: result | success - file: path: "{{ item }}" diff --git a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml index 00b8f4a0b..f4726940a 100644 --- a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml +++ b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml @@ -4,6 +4,8 @@ name: "etcd{{ '-' + etcd_version if etcd_version is defined else '' }}" state: present when: not etcd_is_containerized | bool + register: result + until: result | success - name: Check status of etcd certificates stat: diff --git a/roles/etcd/tasks/check_cluster_health.yml b/roles/etcd/tasks/check_cluster_health.yml index 75c110972..3410528eb 100644 --- a/roles/etcd/tasks/check_cluster_health.yml +++ b/roles/etcd/tasks/check_cluster_health.yml @@ -1,2 +1,2 @@ --- -- include: migration/check_cluster_health.yml +- include_tasks: migration/check_cluster_health.yml diff --git a/roles/etcd/tasks/clean_data.yml b/roles/etcd/tasks/clean_data.yml index d131ffd21..12538c2d0 100644 --- a/roles/etcd/tasks/clean_data.yml +++ b/roles/etcd/tasks/clean_data.yml @@ -1,2 +1,2 @@ --- -- include: auxiliary/clean_data.yml +- include_tasks: auxiliary/clean_data.yml diff --git a/roles/etcd/tasks/client_certificates.yml b/roles/etcd/tasks/client_certificates.yml index 2f4108a0d..f3201816d 100644 --- a/roles/etcd/tasks/client_certificates.yml +++ b/roles/etcd/tasks/client_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/fetch_client_certificates_from_ca.yml +- include_tasks: certificates/fetch_client_certificates_from_ca.yml diff --git a/roles/etcd/tasks/disable_etcd.yml b/roles/etcd/tasks/disable_etcd.yml index 9202e6e48..55fb7f6ea 100644 --- a/roles/etcd/tasks/disable_etcd.yml +++ b/roles/etcd/tasks/disable_etcd.yml @@ -1,2 +1,2 @@ --- -- include: auxiliary/disable_etcd.yml +- include_tasks: auxiliary/disable_etcd.yml diff --git a/roles/etcd/tasks/distribute_ca b/roles/etcd/tasks/distribute_ca deleted file mode 100644 index 040c5f7af..000000000 --- a/roles/etcd/tasks/distribute_ca +++ /dev/null @@ -1,2 +0,0 @@ ---- -- include: certificates/distribute_ca.yml diff --git a/roles/etcd/tasks/distribute_ca.yml b/roles/etcd/tasks/distribute_ca.yml new file mode 100644 index 000000000..7d2607844 --- /dev/null +++ b/roles/etcd/tasks/distribute_ca.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: certificates/distribute_ca.yml diff --git a/roles/etcd/tasks/drop_etcdctl.yml b/roles/etcd/tasks/drop_etcdctl.yml index 4c1f609f7..3258ab1a8 100644 --- a/roles/etcd/tasks/drop_etcdctl.yml +++ b/roles/etcd/tasks/drop_etcdctl.yml @@ -1,2 +1,2 @@ --- -- include: auxiliary/drop_etcdctl.yml +- include_tasks: auxiliary/drop_etcdctl.yml diff --git a/roles/etcd/tasks/fetch_backup.yml b/roles/etcd/tasks/fetch_backup.yml deleted file mode 100644 index 513eed17a..000000000 --- a/roles/etcd/tasks/fetch_backup.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- include: backup/vars.yml - -- include: backup/archive.yml - -- include: backup/sync_backup.yml - -- include: backup/ diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 3e69af314..b2100801f 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -7,20 +7,21 @@ etcd_ip: "{{ etcd_ip }}" - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install etcd package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present when: not etcd_is_containerized | bool + register: result + until: result | success -- include: drop_etcdctl.yml +- include_tasks: drop_etcdctl.yml when: - openshift_etcd_etcdctl_profile | default(true) | bool - block: - name: Pull etcd container - command: docker pull {{ openshift.etcd.etcd_image }} + command: docker pull {{ etcd_image }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" @@ -30,7 +31,7 @@ src: etcd.docker.service when: - etcd_is_containerized | bool - - not openshift.common.is_etcd_system_container | bool + - not l_is_etcd_system_container | bool # Start secondary etcd instance for third party integrations # TODO: Determine an alternative to using thirdparty variable @@ -90,7 +91,7 @@ enabled: no masked: yes daemon_reload: yes - when: not openshift.common.is_etcd_system_container | bool + when: not l_is_etcd_system_container | bool register: task_result failed_when: task_result|failed and 'could not' not in task_result.msg|lower @@ -98,11 +99,11 @@ template: dest: "/etc/systemd/system/etcd_container.service" src: etcd.docker.service - when: not openshift.common.is_etcd_system_container | bool + when: not l_is_etcd_system_container | bool - name: Install Etcd system container - include: system_container.yml - when: openshift.common.is_etcd_system_container | bool + include_tasks: system_container.yml + when: l_is_etcd_system_container | bool when: etcd_is_containerized | bool - name: Validate permissions on the config dir diff --git a/roles/etcd/tasks/migrate.add_ttls.yml b/roles/etcd/tasks/migrate.add_ttls.yml index bc27e4ea1..1dd3c9269 100644 --- a/roles/etcd/tasks/migrate.add_ttls.yml +++ b/roles/etcd/tasks/migrate.add_ttls.yml @@ -1,2 +1,2 @@ --- -- include: migration/add_ttls.yml +- include_tasks: migration/add_ttls.yml diff --git a/roles/etcd/tasks/migrate.configure_master.yml b/roles/etcd/tasks/migrate.configure_master.yml index 3ada6e362..5be9cebd7 100644 --- a/roles/etcd/tasks/migrate.configure_master.yml +++ b/roles/etcd/tasks/migrate.configure_master.yml @@ -1,2 +1,2 @@ --- -- include: migration/configure_master.yml +- include_tasks: migration/configure_master.yml diff --git a/roles/etcd/tasks/migrate.pre_check.yml b/roles/etcd/tasks/migrate.pre_check.yml index 124d21561..4cb67d322 100644 --- a/roles/etcd/tasks/migrate.pre_check.yml +++ b/roles/etcd/tasks/migrate.pre_check.yml @@ -1,2 +1,2 @@ --- -- include: migration/check.yml +- include_tasks: migration/check.yml diff --git a/roles/etcd/tasks/migrate.yml b/roles/etcd/tasks/migrate.yml index 5d5385873..1a75f63f1 100644 --- a/roles/etcd/tasks/migrate.yml +++ b/roles/etcd/tasks/migrate.yml @@ -1,2 +1,2 @@ --- -- include: migration/migrate.yml +- include_tasks: migration/migrate.yml diff --git a/roles/etcd/tasks/migration/add_ttls.yml b/roles/etcd/tasks/migration/add_ttls.yml index 14625e49e..4bdc6bcc3 100644 --- a/roles/etcd/tasks/migration/add_ttls.yml +++ b/roles/etcd/tasks/migration/add_ttls.yml @@ -6,7 +6,7 @@ - set_fact: accessTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.accessTokenMaxAgeSeconds | default(86400) }}" - authroizeTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.authroizeTokenMaxAgeSeconds | default(500) }}" + authorizeTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.authorizeTokenMaxAgeSeconds | default(500) }}" controllerLeaseTTL: "{{ (g_master_config_output.content|b64decode|from_yaml).controllerLeaseTTL | default(30) }}" - name: Re-introduce leases (as a replacement for key TTLs) @@ -29,6 +29,6 @@ - keys: "/openshift.io/oauth/accesstokens" ttl: "{{ accessTokenMaxAgeSeconds }}s" - keys: "/openshift.io/oauth/authorizetokens" - ttl: "{{ authroizeTokenMaxAgeSeconds }}s" + ttl: "{{ authorizeTokenMaxAgeSeconds }}s" - keys: "/openshift.io/leases/controllers" ttl: "{{ controllerLeaseTTL }}s" diff --git a/roles/etcd/tasks/migration/check.yml b/roles/etcd/tasks/migration/check.yml index 5c45e5ae1..8ef81da28 100644 --- a/roles/etcd/tasks/migration/check.yml +++ b/roles/etcd/tasks/migration/check.yml @@ -1,7 +1,7 @@ --- # Check the cluster is healthy -- include: check_cluster_health.yml +- include_tasks: check_cluster_health.yml # Check if there is at least one v2 snapshot - name: Check if there is at least one v2 snapshot @@ -39,7 +39,7 @@ # - with_items not supported over block # Check the cluster status for the first time -- include: check_cluster_status.yml +- include_tasks: check_cluster_status.yml # Check the cluster status for the second time - block: @@ -50,7 +50,7 @@ seconds: 5 when: not l_etcd_cluster_status_ok | bool - - include: check_cluster_status.yml + - include_tasks: check_cluster_status.yml when: not l_etcd_cluster_status_ok | bool @@ -63,5 +63,5 @@ seconds: 5 when: not l_etcd_cluster_status_ok | bool - - include: check_cluster_status.yml + - include_tasks: check_cluster_status.yml when: not l_etcd_cluster_status_ok | bool diff --git a/roles/etcd/tasks/remove_ca_certificates.yml b/roles/etcd/tasks/remove_ca_certificates.yml index 36df1a1cc..c1ea4e6c9 100644 --- a/roles/etcd/tasks/remove_ca_certificates.yml +++ b/roles/etcd/tasks/remove_ca_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/remove_ca_certificates.yml +- include_tasks: certificates/remove_ca_certificates.yml diff --git a/roles/etcd/tasks/remove_generated_certificates.yml b/roles/etcd/tasks/remove_generated_certificates.yml index b10a4b32d..8cdeea187 100644 --- a/roles/etcd/tasks/remove_generated_certificates.yml +++ b/roles/etcd/tasks/remove_generated_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/remove_generated_certificates.yml +- include_tasks: certificates/remove_generated_certificates.yml diff --git a/roles/etcd/tasks/restart.yml b/roles/etcd/tasks/restart.yml new file mode 100644 index 000000000..d4a016eec --- /dev/null +++ b/roles/etcd/tasks/restart.yml @@ -0,0 +1,21 @@ +--- + +- name: restart etcd + service: + name: "{{ etcd_service }}" + state: restarted + when: + - not g_etcd_certificates_expired | default(false) | bool + +- name: stop etcd + service: + name: "{{ etcd_service }}" + state: stopped + when: + - g_etcd_certificates_expired | default(false) | bool +- name: start etcd + service: + name: "{{ etcd_service }}" + state: started + when: + - g_etcd_certificates_expired | default(false) | bool diff --git a/roles/etcd/tasks/retrieve_ca_certificates.yml b/roles/etcd/tasks/retrieve_ca_certificates.yml index bd6c4ec85..2184e669c 100644 --- a/roles/etcd/tasks/retrieve_ca_certificates.yml +++ b/roles/etcd/tasks/retrieve_ca_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/retrieve_ca_certificates.yml +- include_tasks: certificates/retrieve_ca_certificates.yml diff --git a/roles/etcd/tasks/server_certificates.yml b/roles/etcd/tasks/server_certificates.yml index ae26079f9..75c35d59e 100644 --- a/roles/etcd/tasks/server_certificates.yml +++ b/roles/etcd/tasks/server_certificates.yml @@ -1,6 +1,6 @@ --- -- include: ca.yml +- include_tasks: ca.yml when: - etcd_ca_setup | default(True) | bool -- include: certificates/fetch_server_certificates_from_ca.yml +- include_tasks: certificates/fetch_server_certificates_from_ca.yml diff --git a/roles/etcd/tasks/system_container.yml b/roles/etcd/tasks/system_container.yml index f71d9b551..82ac4fc84 100644 --- a/roles/etcd/tasks/system_container.yml +++ b/roles/etcd/tasks/system_container.yml @@ -5,7 +5,7 @@ tasks_from: proxy - name: Pull etcd system container - command: atomic pull --storage=ostree {{ openshift.etcd.etcd_image }} + command: atomic pull --storage=ostree {{ etcd_image }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" @@ -57,7 +57,7 @@ - name: Install or Update Etcd system container package oc_atomic_container: name: etcd - image: "{{ openshift.etcd.etcd_image }}" + image: "{{ etcd_image }}" state: latest values: - ETCD_DATA_DIR=/var/lib/etcd diff --git a/roles/etcd/tasks/upgrade/upgrade_image.yml b/roles/etcd/tasks/upgrade/upgrade_image.yml index 24071f9ad..6e712ba74 100644 --- a/roles/etcd/tasks/upgrade/upgrade_image.yml +++ b/roles/etcd/tasks/upgrade/upgrade_image.yml @@ -44,6 +44,8 @@ name: etcd state: latest when: not l_ostree_booted.stat.exists | bool + register: result + until: result | success - name: Verify cluster is healthy command: "{{ etcdctlv2 }} cluster-health" diff --git a/roles/etcd/tasks/upgrade/upgrade_rpm.yml b/roles/etcd/tasks/upgrade/upgrade_rpm.yml index 505e28afb..e98def46e 100644 --- a/roles/etcd/tasks/upgrade/upgrade_rpm.yml +++ b/roles/etcd/tasks/upgrade/upgrade_rpm.yml @@ -18,6 +18,8 @@ package: name: "{{ l_etcd_target_package }}" state: latest + register: result + until: result | success - lineinfile: destfile: "{{ etcd_conf_file }}" diff --git a/roles/etcd/tasks/upgrade_image.yml b/roles/etcd/tasks/upgrade_image.yml index 9e69027eb..35385cb9a 100644 --- a/roles/etcd/tasks/upgrade_image.yml +++ b/roles/etcd/tasks/upgrade_image.yml @@ -1,2 +1,2 @@ --- -- include: upgrade/upgrade_image.yml +- include_tasks: upgrade/upgrade_image.yml diff --git a/roles/etcd/tasks/upgrade_rpm.yml b/roles/etcd/tasks/upgrade_rpm.yml index 29603d2b6..fbd3cd919 100644 --- a/roles/etcd/tasks/upgrade_rpm.yml +++ b/roles/etcd/tasks/upgrade_rpm.yml @@ -1,2 +1,2 @@ --- -- include: upgrade/upgrade_rpm.yml +- include_tasks: upgrade/upgrade_rpm.yml diff --git a/roles/etcd/tasks/version_detect.yml b/roles/etcd/tasks/version_detect.yml new file mode 100644 index 000000000..fe1e418d8 --- /dev/null +++ b/roles/etcd/tasks/version_detect.yml @@ -0,0 +1,55 @@ +--- +- block: + - name: Record RPM based etcd version + command: rpm -qa --qf '%{version}' etcd\* + args: + warn: no + register: etcd_rpm_version + failed_when: false + # AUDIT:changed_when: `false` because we are only inspecting + # state, not manipulating anything + changed_when: false + - debug: + msg: "Etcd rpm version {{ etcd_rpm_version.stdout }} detected" + when: + - not openshift.common.is_containerized | bool + +- block: + - name: Record containerized etcd version (docker) + command: docker exec etcd_container rpm -qa --qf '%{version}' etcd\* + register: etcd_container_version_docker + failed_when: false + # AUDIT:changed_when: `false` because we are only inspecting + # state, not manipulating anything + changed_when: false + when: + - not l_is_etcd_system_container | bool + + # Given a register variables is set even if the whwen condition + # is false, we need to set etcd_container_version separately + - set_fact: + etcd_container_version: "{{ etcd_container_version_docker.stdout }}" + when: + - not l_is_etcd_system_container | bool + + - name: Record containerized etcd version (runc) + command: runc exec etcd rpm -qa --qf '%{version}' etcd\* + register: etcd_container_version_runc + failed_when: false + # AUDIT:changed_when: `false` because we are only inspecting + # state, not manipulating anything + changed_when: false + when: + - l_is_etcd_system_container | bool + + # Given a register variables is set even if the whwen condition + # is false, we need to set etcd_container_version separately + - set_fact: + etcd_container_version: "{{ etcd_container_version_runc.stdout }}" + when: + - l_is_etcd_system_container | bool + + - debug: + msg: "Etcd containerized version {{ etcd_container_version }} detected" + when: + - openshift.common.is_containerized | bool diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service index adeca7a91..99ae37319 100644 --- a/roles/etcd/templates/etcd.docker.service +++ b/roles/etcd/templates/etcd.docker.service @@ -7,7 +7,7 @@ PartOf={{ openshift.docker.service_name }}.service [Service] EnvironmentFile={{ etcd_conf_file }} ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }} -ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v {{ etcd_data_dir }}:{{ etcd_data_dir }}:z -v {{ etcd_conf_dir }}:{{ etcd_conf_dir }}:ro --env-file={{ etcd_conf_file }} --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} +ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v {{ etcd_data_dir }}:{{ etcd_data_dir }}:z -v {{ etcd_conf_dir }}:{{ etcd_conf_dir }}:ro --env-file={{ etcd_conf_file }} --net=host --entrypoint=/usr/bin/etcd {{ etcd_image }} ExecStop=/usr/bin/docker stop {{ etcd_service }} SyslogIdentifier=etcd_container Restart=always diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index 3a8945a82..befe1b2e6 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -3,6 +3,8 @@ become: yes package: name=flannel state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Set flannel etcd options become: yes diff --git a/roles/installer_checkpoint/README.md b/roles/installer_checkpoint/README.md index f8588c4bf..68c0357b6 100644 --- a/roles/installer_checkpoint/README.md +++ b/roles/installer_checkpoint/README.md @@ -64,11 +64,11 @@ phase are stored in the `phase_attributes` variable. }, 'installer_phase_etcd': { 'title': 'etcd Install', - 'playbook': 'playbooks/byo/openshift-etcd/config.yml' + 'playbook': 'playbooks/openshift-etcd/config.yml' }, 'installer_phase_nfs': { 'title': 'NFS Install', - 'playbook': 'playbooks/byo/openshift-nfs/config.yml' + 'playbook': 'playbooks/openshift-nfs/config.yml' }, #... } @@ -160,7 +160,7 @@ Health Check : Complete (0:01:10) etcd Install : Complete (0:02:58) Master Install : Complete (0:09:20) Master Additional Install : In Progress (0:20:04) - This phase can be restarted by running: playbooks/byo/openshift-master/additional_config.yml + This phase can be restarted by running: playbooks/openshift-master/additional_config.yml ``` [set_stats]: http://docs.ansible.com/ansible/latest/set_stats_module.html diff --git a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py index 556e9127f..3cb1fa8d0 100644 --- a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py +++ b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py @@ -46,43 +46,43 @@ class CallbackModule(CallbackBase): }, 'installer_phase_health': { 'title': 'Health Check', - 'playbook': 'playbooks/byo/openshift-checks/pre-install.yml' + 'playbook': 'playbooks/openshift-checks/pre-install.yml' }, 'installer_phase_etcd': { 'title': 'etcd Install', - 'playbook': 'playbooks/byo/openshift-etcd/config.yml' + 'playbook': 'playbooks/openshift-etcd/config.yml' }, 'installer_phase_nfs': { 'title': 'NFS Install', - 'playbook': 'playbooks/byo/openshift-nfs/config.yml' + 'playbook': 'playbooks/openshift-nfs/config.yml' }, 'installer_phase_loadbalancer': { 'title': 'Load balancer Install', - 'playbook': 'playbooks/byo/openshift-loadbalancer/config.yml' + 'playbook': 'playbooks/openshift-loadbalancer/config.yml' }, 'installer_phase_master': { 'title': 'Master Install', - 'playbook': 'playbooks/byo/openshift-master/config.yml' + 'playbook': 'playbooks/openshift-master/config.yml' }, 'installer_phase_master_additional': { 'title': 'Master Additional Install', - 'playbook': 'playbooks/byo/openshift-master/additional_config.yml' + 'playbook': 'playbooks/openshift-master/additional_config.yml' }, 'installer_phase_node': { 'title': 'Node Install', - 'playbook': 'playbooks/byo/openshift-node/config.yml' + 'playbook': 'playbooks/openshift-node/config.yml' }, 'installer_phase_glusterfs': { 'title': 'GlusterFS Install', - 'playbook': 'playbooks/byo/openshift-glusterfs/config.yml' + 'playbook': 'playbooks/openshift-glusterfs/config.yml' }, 'installer_phase_hosted': { 'title': 'Hosted Install', - 'playbook': 'playbooks/byo/openshift-cluster/openshift-hosted.yml' + 'playbook': 'playbooks/openshift-hosted/config.yml' }, 'installer_phase_metrics': { 'title': 'Metrics Install', - 'playbook': 'playbooks/byo/openshift-cluster/openshift-metrics.yml' + 'playbook': 'playbooks/openshift-metrics/config.yml' }, 'installer_phase_logging': { 'title': 'Logging Install', @@ -90,15 +90,15 @@ class CallbackModule(CallbackBase): }, 'installer_phase_prometheus': { 'title': 'Prometheus Install', - 'playbook': 'playbooks/byo/openshift-cluster/openshift-prometheus.yml' + 'playbook': 'playbooks/openshift-prometheus/config.yml' }, 'installer_phase_servicecatalog': { 'title': 'Service Catalog Install', - 'playbook': 'playbooks/byo/openshift-cluster/service-catalog.yml' + 'playbook': 'playbooks/openshift-service-catalog/config.yml' }, 'installer_phase_management': { 'title': 'Management Install', - 'playbook': 'playbooks/byo/openshift-management/config.yml' + 'playbook': 'playbooks/openshift-management/config.yml' }, } diff --git a/roles/kuryr/tasks/master.yaml b/roles/kuryr/tasks/master.yaml index 55ab16f74..1cc6d2375 100644 --- a/roles/kuryr/tasks/master.yaml +++ b/roles/kuryr/tasks/master.yaml @@ -1,6 +1,6 @@ --- -- name: Perform OpenShit ServiceAccount config - include: serviceaccount.yaml +- name: Perform OpenShift ServiceAccount config + include_tasks: serviceaccount.yaml - name: Create kuryr manifests tempdir command: mktemp -d diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py index 146f71f68..5969da7ca 100644 --- a/roles/lib_openshift/library/oc_adm_router.py +++ b/roles/lib_openshift/library/oc_adm_router.py @@ -3154,14 +3154,14 @@ def main(): external_host_insecure=dict(default=False, type='bool'), external_host_partition_path=dict(default=None, type='str'), external_host_username=dict(default=None, type='str'), - external_host_password=dict(default=None, type='str'), - external_host_private_key=dict(default=None, type='str'), + external_host_password=dict(default=None, type='str', no_log=True), + external_host_private_key=dict(default=None, type='str', no_log=True), # Metrics expose_metrics=dict(default=False, type='bool'), metrics_image=dict(default=None, type='str'), # Stats stats_user=dict(default=None, type='str'), - stats_password=dict(default=None, type='str'), + stats_password=dict(default=None, type='str', no_log=True), stats_port=dict(default=1936, type='int'), # extra cacert_file=dict(default=None, type='str'), diff --git a/roles/lib_openshift/src/ansible/oc_adm_router.py b/roles/lib_openshift/src/ansible/oc_adm_router.py index c6563cc2f..52499b273 100644 --- a/roles/lib_openshift/src/ansible/oc_adm_router.py +++ b/roles/lib_openshift/src/ansible/oc_adm_router.py @@ -34,14 +34,14 @@ def main(): external_host_insecure=dict(default=False, type='bool'), external_host_partition_path=dict(default=None, type='str'), external_host_username=dict(default=None, type='str'), - external_host_password=dict(default=None, type='str'), - external_host_private_key=dict(default=None, type='str'), + external_host_password=dict(default=None, type='str', no_log=True), + external_host_private_key=dict(default=None, type='str', no_log=True), # Metrics expose_metrics=dict(default=False, type='bool'), metrics_image=dict(default=None, type='str'), # Stats stats_user=dict(default=None, type='str'), - stats_password=dict(default=None, type='str'), + stats_password=dict(default=None, type='str', no_log=True), stats_port=dict(default=1936, type='int'), # extra cacert_file=dict(default=None, type='str'), diff --git a/roles/nickhammond.logrotate/tasks/main.yml b/roles/nickhammond.logrotate/tasks/main.yml index 657cb10ec..32d3acb86 100644 --- a/roles/nickhammond.logrotate/tasks/main.yml +++ b/roles/nickhammond.logrotate/tasks/main.yml @@ -2,6 +2,8 @@ - name: nickhammond.logrotate | Install logrotate package: name=logrotate state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: nickhammond.logrotate | Setup logrotate.d scripts template: diff --git a/roles/nickhammond.logrotate/templates/logrotate.d.j2 b/roles/nickhammond.logrotate/templates/logrotate.d.j2 index 6453be6b2..1ad1c595c 100644 --- a/roles/nickhammond.logrotate/templates/logrotate.d.j2 +++ b/roles/nickhammond.logrotate/templates/logrotate.d.j2 @@ -7,7 +7,7 @@ {% endfor -%} {% endif %} {%- if item.scripts is defined -%} - {%- for name, script in item.scripts.iteritems() -%} + {%- for name, script in item.scripts.items() -%} {{ name }} {{ script }} endscript diff --git a/roles/nuage_ca/tasks/main.yaml b/roles/nuage_ca/tasks/main.yaml index 8d73e6840..46929fa1f 100644 --- a/roles/nuage_ca/tasks/main.yaml +++ b/roles/nuage_ca/tasks/main.yaml @@ -2,6 +2,8 @@ - name: Install openssl package: name=openssl state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Create CA directory file: path="{{ nuage_ca_dir }}" state=directory diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index f3c487132..c264427de 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -1,7 +1,6 @@ --- - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Set the Nuage certificate directory fact for Atomic hosts set_fact: @@ -62,7 +61,7 @@ become: yes file: path={{ nuage_mon_rest_server_logdir }} state=directory -- include: serviceaccount.yml +- include_tasks: serviceaccount.yml - name: Download the certs and keys become: yes @@ -82,7 +81,7 @@ - nuage.key - nuage.kubeconfig -- include: certificates.yml +- include_tasks: certificates.yml - name: Install Nuage VSD user certificate become: yes diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml index 9db9dbb6a..c6b7a9b10 100644 --- a/roles/nuage_node/tasks/main.yaml +++ b/roles/nuage_node/tasks/main.yaml @@ -31,7 +31,7 @@ - nuage.key - nuage.kubeconfig -- include: certificates.yml +- include_tasks: certificates.yml - name: Add additional Docker mounts for Nuage for atomic hosts become: yes @@ -44,8 +44,7 @@ - restart node ignore_errors: true -- include: iptables.yml +- include_tasks: iptables.yml - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 31f0f8e7a..05e0a1352 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -13,6 +13,7 @@ state: present when: not openshift.common.is_containerized | bool register: install_result + until: install_result | success delegate_to: "{{ openshift_ca_host }}" run_once: true diff --git a/roles/openshift_certificate_expiry/README.md b/roles/openshift_certificate_expiry/README.md index f19a421cb..48338ca1b 100644 --- a/roles/openshift_certificate_expiry/README.md +++ b/roles/openshift_certificate_expiry/README.md @@ -54,7 +54,7 @@ included in this role, or you can [read on below for more examples](#more-exampl to help you craft you own. ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/easy-mode.yaml ``` Using the `easy-mode.yaml` playbook will produce: @@ -65,7 +65,7 @@ Using the `easy-mode.yaml` playbook will produce: > **Note:** If you are running from an RPM install use -> `/usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml` +> `/usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml` > instead ## Run from a container @@ -80,7 +80,7 @@ There are several [examples](../../examples/README.md) in the `examples` directo ## More Example Playbooks > **Note:** These Playbooks are available to run directly out of the -> [/playbooks/byo/openshift-checks/certificate_expiry/](../../playbooks/byo/openshift-checks/certificate_expiry/) directory. +> [/playbooks/openshift-checks/certificate_expiry/](../../playbooks/openshift-checks/certificate_expiry/) directory. ### Default behavior @@ -99,14 +99,14 @@ This playbook just invokes the certificate expiration check role with default op **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/default.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/default.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/default.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/default.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/default.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/default.yaml) ### Easy mode @@ -130,14 +130,14 @@ certificates (healthy or not) are included in the results: **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/easy-mode.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/easy-mode.yaml) ### Easy mode and upload reports to masters @@ -193,14 +193,14 @@ options via environment variables: **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml) ### Generate HTML and JSON artifacts in their default paths @@ -219,14 +219,14 @@ $ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/by **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml) ### Generate HTML and JSON reports in a custom path @@ -250,14 +250,14 @@ This example customizes the report generation path to point to a specific path ( **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml) ### Long warning window @@ -278,14 +278,14 @@ the module out): **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml) ### Long warning window and JSON report @@ -307,14 +307,14 @@ the module out) and save the results as a JSON file: **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml) diff --git a/roles/openshift_cli/defaults/main.yml b/roles/openshift_cli/defaults/main.yml index ed97d539c..82da0639e 100644 --- a/roles/openshift_cli/defaults/main.yml +++ b/roles/openshift_cli/defaults/main.yml @@ -1 +1,6 @@ --- +system_images_registry_dict: + openshift-enterprise: "registry.access.redhat.com" + origin: "docker.io" + +system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}" diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 14d8a3325..7b046b2c4 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -8,17 +8,19 @@ - name: Install clients package: name={{ openshift.common.service_type }}-clients state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - block: - name: Pull CLI Image command: > - docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} + docker pull {{ openshift_cli_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" - name: Copy client binaries/symlinks out of CLI image for use on the host openshift_container_binary_sync: - image: "{{ openshift.common.cli_image }}" + image: "{{ openshift_cli_image }}" tag: "{{ openshift_image_tag }}" backend: "docker" when: @@ -28,13 +30,13 @@ - block: - name: Pull CLI Image command: > - atomic pull --storage ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.common.cli_image }}:{{ openshift_image_tag }} + atomic pull --storage ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift_cli_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Copy client binaries/symlinks out of CLI image for use on the host openshift_container_binary_sync: - image: "{{ '' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.common.cli_image }}" + image: "{{ '' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift_cli_image }}" tag: "{{ openshift_image_tag }}" backend: "atomic" when: @@ -47,3 +49,5 @@ - name: Install bash completion for oc tools package: name=bash-completion state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success diff --git a/roles/openshift_clock/tasks/main.yaml b/roles/openshift_clock/tasks/main.yaml index f8b02524a..82c73b583 100644 --- a/roles/openshift_clock/tasks/main.yaml +++ b/roles/openshift_clock/tasks/main.yaml @@ -9,6 +9,8 @@ when: - openshift_clock_enabled | bool - chrony_installed.rc != 0 + register: result + until: result | success - name: Start and enable ntpd/chronyd command: timedatectl set-ntp true diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml index ab3055c8b..dff492a69 100644 --- a/roles/openshift_cloud_provider/tasks/main.yml +++ b/roles/openshift_cloud_provider/tasks/main.yml @@ -11,11 +11,11 @@ state: directory when: has_cloudprovider | bool -- include: openstack.yml +- include_tasks: openstack.yml when: cloudprovider_is_openstack | bool -- include: aws.yml +- include_tasks: aws.yml when: cloudprovider_is_aws | bool -- include: gce.yml +- include_tasks: gce.yml when: cloudprovider_is_gce | bool diff --git a/roles/openshift_etcd/meta/main.yml b/roles/openshift_etcd/meta/main.yml index de36b201b..7cc548f69 100644 --- a/roles/openshift_etcd/meta/main.yml +++ b/roles/openshift_etcd/meta/main.yml @@ -13,7 +13,6 @@ galaxy_info: - cloud dependencies: - role: openshift_etcd_facts -- role: openshift_clock - role: openshift_docker when: openshift.common.is_containerized | bool - role: etcd diff --git a/roles/openshift_etcd_facts/tasks/main.yml b/roles/openshift_etcd_facts/tasks/main.yml index 22fb39006..ed97d539c 100644 --- a/roles/openshift_etcd_facts/tasks/main.yml +++ b/roles/openshift_etcd_facts/tasks/main.yml @@ -1,5 +1 @@ --- -- openshift_facts: - role: etcd - local_facts: - etcd_image: "{{ osm_etcd_image | default(None) }}" diff --git a/roles/openshift_excluder/tasks/disable.yml b/roles/openshift_excluder/tasks/disable.yml index 5add25b45..21801b994 100644 --- a/roles/openshift_excluder/tasks/disable.yml +++ b/roles/openshift_excluder/tasks/disable.yml @@ -2,11 +2,11 @@ - when: r_openshift_excluder_verify_upgrade block: - name: Include verify_upgrade.yml when upgrading - include: verify_upgrade.yml + include_tasks: verify_upgrade.yml # unexclude the current openshift/origin-excluder if it is installed so it can be updated - name: Disable excluders before the upgrade to remove older excluding expressions - include: unexclude.yml + include_tasks: unexclude.yml vars: # before the docker excluder can be updated, it needs to be disabled # to remove older excluded packages that are no longer excluded @@ -15,12 +15,12 @@ # Install any excluder that is enabled - name: Include install.yml - include: install.yml + include_tasks: install.yml # And finally adjust an excluder in order to update host components correctly. First # exclude then unexclude - name: Include exclude.yml - include: exclude.yml + include_tasks: exclude.yml vars: # Enable the docker excluder only if it is overridden # BZ #1430612: docker excluders should be enabled even during installation and upgrade @@ -30,7 +30,7 @@ # All excluders that are to be disabled are disabled - name: Include unexclude.yml - include: unexclude.yml + include_tasks: unexclude.yml vars: # If the docker override is not set, default to the generic behaviour # BZ #1430612: docker excluders should be enabled even during installation and upgrade diff --git a/roles/openshift_excluder/tasks/enable.yml b/roles/openshift_excluder/tasks/enable.yml index fce44cfb5..7c3742a06 100644 --- a/roles/openshift_excluder/tasks/enable.yml +++ b/roles/openshift_excluder/tasks/enable.yml @@ -1,6 +1,6 @@ --- - name: Install excluders - include: install.yml + include_tasks: install.yml - name: Enable excluders - include: exclude.yml + include_tasks: exclude.yml diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml index 7a5bebf6f..3ac55894f 100644 --- a/roles/openshift_excluder/tasks/install.yml +++ b/roles/openshift_excluder/tasks/install.yml @@ -13,6 +13,8 @@ when: - r_openshift_excluder_enable_docker_excluder | bool - ansible_pkg_mgr == "yum" + register: result + until: result | success # For DNF we do not need the "*" and if we add it, it causes an error because @@ -26,6 +28,8 @@ when: - r_openshift_excluder_enable_docker_excluder | bool - ansible_pkg_mgr == "dnf" + register: result + until: result | success - name: Install openshift excluder - yum package: @@ -34,6 +38,8 @@ when: - r_openshift_excluder_enable_openshift_excluder | bool - ansible_pkg_mgr == "yum" + register: result + until: result | success # For DNF we do not need the "*" and if we add it, it causes an error because # it's not a valid pkg_spec @@ -46,6 +52,8 @@ when: - r_openshift_excluder_enable_openshift_excluder | bool - ansible_pkg_mgr == "dnf" + register: result + until: result | success - set_fact: r_openshift_excluder_install_ran: True diff --git a/roles/openshift_excluder/tasks/main.yml b/roles/openshift_excluder/tasks/main.yml index db20b4012..93d6ef149 100644 --- a/roles/openshift_excluder/tasks/main.yml +++ b/roles/openshift_excluder/tasks/main.yml @@ -32,7 +32,7 @@ - r_openshift_excluder_upgrade_target is not defined - name: Include main action task file - include: "{{ r_openshift_excluder_action }}.yml" + include_tasks: "{{ r_openshift_excluder_action }}.yml" when: - not ostree_booted.stat.exists | bool diff --git a/roles/openshift_excluder/tasks/verify_upgrade.yml b/roles/openshift_excluder/tasks/verify_upgrade.yml index 42026664a..b55a9af23 100644 --- a/roles/openshift_excluder/tasks/verify_upgrade.yml +++ b/roles/openshift_excluder/tasks/verify_upgrade.yml @@ -1,12 +1,12 @@ --- - name: Verify Docker Excluder version - include: verify_excluder.yml + include_tasks: verify_excluder.yml vars: excluder: "{{ r_openshift_excluder_service_type }}-docker-excluder" when: r_openshift_excluder_enable_docker_excluder | bool - name: Verify OpenShift Excluder version - include: verify_excluder.yml + include_tasks: verify_excluder.yml vars: excluder: "{{ r_openshift_excluder_service_type }}-excluder" when: r_openshift_excluder_enable_openshift_excluder | bool diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml index 4cb5418c6..b7acb0c5a 100644 --- a/roles/openshift_expand_partition/tasks/main.yml +++ b/roles/openshift_expand_partition/tasks/main.yml @@ -2,6 +2,8 @@ - name: Ensure growpart is installed package: name=cloud-utils-growpart state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Determine if growpart is installed command: "rpm -q cloud-utils-growpart" diff --git a/roles/openshift_facts/defaults/main.yml b/roles/openshift_facts/defaults/main.yml new file mode 100644 index 000000000..7064d727a --- /dev/null +++ b/roles/openshift_facts/defaults/main.yml @@ -0,0 +1,6 @@ +--- +openshift_cli_image_dict: + origin: 'openshift/origin' + openshift-enterprise: 'openshift3/ose' + +openshift_cli_image: "{{ osm_image | default(openshift_cli_image_dict[openshift_deployment_type]) }}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 99ebb7e36..bbcdbadd8 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -446,24 +446,6 @@ def normalize_provider_facts(provider, metadata): return facts -def set_node_schedulability(facts): - """ Set schedulable facts if not already present in facts dict - Args: - facts (dict): existing facts - Returns: - dict: the facts dict updated with the generated schedulable - facts if they were not already present - - """ - if 'node' in facts: - if 'schedulable' not in facts['node']: - if 'master' in facts: - facts['node']['schedulable'] = False - else: - facts['node']['schedulable'] = True - return facts - - # pylint: disable=too-many-branches def set_selectors(facts): """ Set selectors facts if not already present in facts dict @@ -516,49 +498,6 @@ def set_selectors(facts): return facts -def set_dnsmasq_facts_if_unset(facts): - """ Set dnsmasq facts if not already present in facts - Args: - facts (dict) existing facts - Returns: - facts (dict) updated facts with values set if not previously set - """ - - if 'common' in facts: - if 'master' in facts and 'dns_port' not in facts['master']: - facts['master']['dns_port'] = 8053 - - return facts - - -def set_project_cfg_facts_if_unset(facts): - """ Set Project Configuration facts if not already present in facts dict - dict: - Args: - facts (dict): existing facts - Returns: - dict: the facts dict updated with the generated Project Configuration - facts if they were not already present - - """ - - config = { - 'default_node_selector': '', - 'project_request_message': '', - 'project_request_template': '', - 'mcs_allocator_range': 's0:/2', - 'mcs_labels_per_project': 5, - 'uid_allocator_range': '1000000000-1999999999/10000' - } - - if 'master' in facts: - for key, value in config.items(): - if key not in facts['master']: - facts['master'][key] = value - - return facts - - def set_identity_providers_if_unset(facts): """ Set identity_providers fact if not already present in facts dict @@ -1563,7 +1502,8 @@ def set_builddefaults_facts(facts): # Scaffold out the full expected datastructure facts['master']['admission_plugin_config'] = {'BuildDefaults': {'configuration': {'env': {}}}} facts['master']['admission_plugin_config'].update(builddefaults['config']) - delete_empty_keys(facts['master']['admission_plugin_config']['BuildDefaults']['configuration']['env']) + if 'env' in facts['master']['admission_plugin_config']['BuildDefaults']['configuration']: + delete_empty_keys(facts['master']['admission_plugin_config']['BuildDefaults']['configuration']['env']) return facts @@ -1627,20 +1567,16 @@ def set_container_facts_if_unset(facts): deployment_type = facts['common']['deployment_type'] if deployment_type == 'openshift-enterprise': master_image = 'openshift3/ose' - cli_image = master_image node_image = 'openshift3/node' ovs_image = 'openshift3/openvswitch' - etcd_image = 'registry.access.redhat.com/rhel7/etcd' pod_image = 'openshift3/ose-pod' router_image = 'openshift3/ose-haproxy-router' registry_image = 'openshift3/ose-docker-registry' deployer_image = 'openshift3/ose-deployer' else: master_image = 'openshift/origin' - cli_image = master_image node_image = 'openshift/node' ovs_image = 'openshift/openvswitch' - etcd_image = 'registry.access.redhat.com/rhel7/etcd' pod_image = 'openshift/origin-pod' router_image = 'openshift/origin-haproxy-router' registry_image = 'openshift/origin-docker-registry' @@ -1657,8 +1593,6 @@ def set_container_facts_if_unset(facts): if 'is_containerized' not in facts['common']: facts['common']['is_containerized'] = facts['common']['is_atomic'] - if 'cli_image' not in facts['common']: - facts['common']['cli_image'] = cli_image if 'pod_image' not in facts['common']: facts['common']['pod_image'] = pod_image if 'router_image' not in facts['common']: @@ -1667,8 +1601,6 @@ def set_container_facts_if_unset(facts): facts['common']['registry_image'] = registry_image if 'deployer_image' not in facts['common']: facts['common']['deployer_image'] = deployer_image - if 'etcd' in facts and 'etcd_image' not in facts['etcd']: - facts['etcd']['etcd_image'] = etcd_image if 'master' in facts and 'master_image' not in facts['master']: facts['master']['master_image'] = master_image facts['master']['master_system_image'] = master_image @@ -1840,8 +1772,6 @@ class OpenShiftFacts(object): facts = migrate_oauth_template_facts(facts) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) - facts = set_project_cfg_facts_if_unset(facts) - facts = set_node_schedulability(facts) facts = set_selectors(facts) facts = set_identity_providers_if_unset(facts) facts = set_deployment_facts_if_unset(facts) @@ -1851,7 +1781,6 @@ class OpenShiftFacts(object): facts = build_controller_args(facts) facts = build_api_server_args(facts) facts = set_version_facts_if_unset(facts) - facts = set_dnsmasq_facts_if_unset(facts) facts = set_aggregate_facts(facts) facts = set_etcd_facts_if_unset(facts) facts = set_proxy_facts(facts) @@ -1972,6 +1901,7 @@ class OpenShiftFacts(object): glusterfs=dict( endpoints='glusterfs-registry-endpoints', path='glusterfs-registry-volume', + ips=[], readOnly=False, swap=False, swapcopy=True), @@ -2256,14 +2186,27 @@ class OpenShiftFacts(object): oo_env_facts = dict() current_level = oo_env_facts keys = self.split_openshift_env_fact_keys(fact, openshift_env_structures)[1:] + if len(keys) > 0 and keys[0] != self.role: continue - for key in keys: - if key == keys[-1]: - current_level[key] = value - elif key not in current_level: - current_level[key] = dict() - current_level = current_level[key] + + # Build a dictionary from the split fact keys. + # After this loop oo_env_facts is the resultant dictionary. + # For example: + # fact = "openshift_metrics_install_metrics" + # value = 'true' + # keys = ['metrics', 'install', 'metrics'] + # result = {'metrics': {'install': {'metrics': 'true'}}} + for i, _ in enumerate(keys): + # This is the last key. Set the value. + if i == (len(keys) - 1): + current_level[keys[i]] = value + # This is a key other than the last key. Set as + # dictionary and continue. + else: + current_level[keys[i]] = dict() + current_level = current_level[keys[i]] + facts_to_set = merge_facts(orig=facts_to_set, new=oo_env_facts, additive_facts_to_overwrite=[], diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md index d6f6e3e09..a1c2c3956 100644 --- a/roles/openshift_hosted/README.md +++ b/roles/openshift_hosted/README.md @@ -34,13 +34,27 @@ variables also control configuration behavior: | Name | Default value | Description | |----------------------------------------------|---------------|------------------------------------------------------------------------------| -| openshift_hosted_registry_glusterfs_swap | False | Whether to swap an existing registry's storage volume for a GlusterFS volume | -| openshift_hosted_registry_glusterfs_swapcopy | True | If swapping, also copy the current contents of the registry volume | +| openshift_hosted_registry_storage_glusterfs_endpoints | glusterfs-registry-endpoints | The name for the Endpoints resource that will point the registry to the GlusterFS nodes +| openshift_hosted_registry_storage_glusterfs_path | glusterfs-registry-volume | The name for the GlusterFS volume that will provide registry storage +| openshift_hosted_registry_storage_glusterfs_readonly | False | Whether the GlusterFS volume should be read-only +| openshift_hosted_registry_storage_glusterfs_swap | False | Whether to swap an existing registry's storage volume for a GlusterFS volume +| openshift_hosted_registry_storage_glusterfs_swapcopy | True | If swapping, copy the contents of the pre-existing registry storage to the new GlusterFS volume +| openshift_hosted_registry_storage_glusterfs_ips | `[]` | A list of IP addresses of the nodes of the GlusterFS cluster to use for hosted registry storage + +**NOTE:** Configuring a value for +`openshift_hosted_registry_storage_glusterfs_ips` with a `glusterfs_registry` +host group is not allowed. Specifying a `glusterfs_registry` host group +indicates that a new GlusterFS cluster should be configured, whereas +specifying `openshift_hosted_registry_storage_glusterfs_ips` indicates wanting +to use a pre-configured GlusterFS cluster for the registry storage. + +_ Dependencies ------------ * openshift_hosted_facts +* openshift_persistent_volumes Example Playbook ---------------- @@ -56,6 +70,10 @@ Example Playbook cafile: /path/to/my-router-ca.crt openshift_hosted_router_registryurl: 'registry.access.redhat.com/openshift3/ose-haproxy-router:v3.0.2.0' openshift_hosted_router_selector: 'type=infra' + openshift_hosted_registry_storage_kind=glusterfs + openshift_hosted_registry_storage_glusterfs_path=external_glusterfs_volume_name + openshift_hosted_registry_storage_glusterfs_ips=['192.168.20.239','192.168.20.96','192.168.20.114'] + ``` License diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index 2af42fba4..e70c0c420 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -70,7 +70,6 @@ r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | defau openshift_hosted_registry_name: docker-registry openshift_hosted_registry_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}" openshift_hosted_registry_cert_expire_days: 730 - r_openshift_hosted_registry_os_firewall_deny: [] r_openshift_hosted_registry_os_firewall_allow: - service: Docker Registry Port diff --git a/roles/openshift_hosted/tasks/registry.yml b/roles/openshift_hosted/tasks/registry.yml index eaaac9da2..9f2ef4e40 100644 --- a/roles/openshift_hosted/tasks/registry.yml +++ b/roles/openshift_hosted/tasks/registry.yml @@ -1,4 +1,10 @@ --- +- name: Create temp directory for doing work in + command: mktemp -d /tmp/openshift-hosted-ansible-XXXXXX + register: mktempHosted + changed_when: False + check_mode: no + - name: setup firewall include: firewall.yml vars: @@ -36,13 +42,13 @@ l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}" when: l_node_count | int > 0 - - name: set openshift_hosted facts set_fact: openshift_hosted_registry_replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}" openshift_hosted_registry_namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" openshift_hosted_registry_selector: "{{ openshift.hosted.registry.selector }}" openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}" + openshift_hosted_registry_storage_glusterfs_ips: "{%- set gluster_ips = [] %}{% if groups.glusterfs_registry is defined %}{% for node in groups.glusterfs_registry %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% elif groups.glusterfs is defined %}{% for node in groups.glusterfs %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% else %}{{ openshift.hosted.registry.storage.glusterfs.ips }}{% endif %}" - name: Update registry environment variables when pushing via dns set_fact: @@ -113,6 +119,11 @@ when: - openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack', 'glusterfs'] +- include: storage/glusterfs_endpoints.yml + when: + - openshift_hosted_registry_storage_glusterfs_ips|length > 0 + - openshift.hosted.registry.storage.kind | default(none) in ['glusterfs'] + - name: Create OpenShift registry oc_adm_registry: name: "{{ openshift_hosted_registry_name }}" @@ -141,3 +152,10 @@ - include: storage/glusterfs.yml when: - openshift.hosted.registry.storage.kind | default(none) == 'glusterfs' or openshift.hosted.registry.storage.glusterfs.swap + +- name: Delete temp directory + file: + name: "{{ mktempHosted.stdout }}" + state: absent + changed_when: False + check_mode: no diff --git a/roles/openshift_hosted/tasks/storage/glusterfs.yml b/roles/openshift_hosted/tasks/storage/glusterfs.yml index c2954fde1..7cae67baa 100644 --- a/roles/openshift_hosted/tasks/storage/glusterfs.yml +++ b/roles/openshift_hosted/tasks/storage/glusterfs.yml @@ -12,7 +12,7 @@ namespace: "{{ openshift_hosted_registry_namespace }}" state: list kind: pod - selector: "{% for label, value in registry_dc.results.results[0].spec.selector.iteritems() %}{{ label }}={{ value }}{% if not loop.last %},{% endif %}{% endfor %}" + selector: "{% for label, value in registry_dc.results.results[0].spec.selector.items() %}{{ label }}={{ value }}{% if not loop.last %},{% endif %}{% endfor %}" register: registry_pods until: - "registry_pods.results.results[0]['items'] | count > 0" @@ -35,7 +35,7 @@ mount: state: mounted fstype: glusterfs - src: "{% if 'glusterfs_registry' in groups %}{% set node = groups.glusterfs_registry[0] %}{% else %}{% set node = groups.glusterfs[0] %}{% endif %}{% if 'glusterfs_hostname' in hostvars[node] %}{{ hostvars[node].glusterfs_hostname }}{% elif 'openshift' in hostvars[node] %}{{ hostvars[node].openshift.node.nodename }}{% else %}{{ node }}{% endif %}:/{{ openshift.hosted.registry.storage.glusterfs.path }}" + src: "{% if 'glusterfs_registry' in groups %}{% set node = groups.glusterfs_registry[0] %}{% elif 'glusterfs' in groups %}{% set node = groups.glusterfs[0] %}{% endif %}{% if openshift_hosted_registry_storage_glusterfs_ips is defined and openshift_hosted_registry_storage_glusterfs_ips|length > 0 %}{{ openshift_hosted_registry_storage_glusterfs_ips[0] }}{% elif 'glusterfs_hostname' in hostvars[node] %}{{ hostvars[node].glusterfs_hostname }}{% elif 'openshift' in hostvars[node] %}{{ hostvars[node].openshift.node.nodename }}{% else %}{{ node }}{% endif %}:/{{ openshift.hosted.registry.storage.glusterfs.path }}" name: "{{ mktemp.stdout }}" - name: Set registry volume permissions @@ -79,14 +79,7 @@ - REGISTRY_STORAGE_MAINTENANCE_READONLY_ENABLED: 'true' when: openshift.hosted.registry.storage.glusterfs.swap -- name: Unmount registry volume +- name: Unmount registry volume and clean up mount point/fstab mount: - state: unmounted - name: "{{ mktemp.stdout }}" - -- name: Delete temp mount directory - file: - dest: "{{ mktemp.stdout }}" state: absent - changed_when: False - check_mode: no + name: "{{ mktemp.stdout }}" diff --git a/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml b/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml new file mode 100644 index 000000000..0f4381748 --- /dev/null +++ b/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml @@ -0,0 +1,16 @@ +--- +- name: Generate GlusterFS registry endpoints + template: + src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-endpoints.yml.j2" + dest: "{{ mktempHosted.stdout }}/glusterfs-registry-endpoints.yml" + +- name: Generate GlusterFS registry service + template: + src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-service.yml.j2" + dest: "{{ mktempHosted.stdout }}/glusterfs-registry-service.yml" + +- name: Create GlusterFS registry service and endpoint + command: "{{ openshift.common.client_binary }} apply -f {{ item }} -n {{ openshift.hosted.registry.namespace | default('default') }}" + with_items: + - "{{ mktempHosted.stdout }}/glusterfs-registry-service.yml" + - "{{ mktempHosted.stdout }}/glusterfs-registry-endpoints.yml" diff --git a/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2 new file mode 100644 index 000000000..607d25533 --- /dev/null +++ b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} +subsets: +- addresses: +{% for ip in openshift_hosted_registry_storage_glusterfs_ips %} + - ip: {{ ip }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2 b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2 new file mode 100644 index 000000000..452c7c3e1 --- /dev/null +++ b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2 new file mode 100644 index 000000000..607d25533 --- /dev/null +++ b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} +subsets: +- addresses: +{% for ip in openshift_hosted_registry_storage_glusterfs_ips %} + - ip: {{ ip }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2 b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2 new file mode 100644 index 000000000..452c7c3e1 --- /dev/null +++ b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml index 69b061fc5..79c5793d9 100644 --- a/roles/openshift_loadbalancer/tasks/main.yml +++ b/roles/openshift_loadbalancer/tasks/main.yml @@ -1,11 +1,12 @@ --- - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install haproxy package: name=haproxy state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Pull haproxy image command: > diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml index 6e3204589..d6ac88dcc 100644 --- a/roles/openshift_logging/tasks/generate_jks.yaml +++ b/roles/openshift_logging/tasks/generate_jks.yaml @@ -24,21 +24,25 @@ local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r" when: elasticsearch_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/logging-es.jks" state=touch mode="u=rw,g=r,o=r" when: logging_es_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/system.admin.jks" state=touch mode="u=rw,g=r,o=r" when: system_admin_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/truststore.jks" state=touch mode="u=rw,g=r,o=r" when: truststore_jks.stat.exists changed_when: False + become: no - name: pulling down signing items from host fetch: @@ -57,10 +61,12 @@ vars: - top_dir: "{{local_tmp.stdout}}" when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists + become: no - name: Run JKS generation script local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}} check_mode: no + become: no when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists - name: Pushing locally generated JKS certs to remote host... diff --git a/roles/openshift_logging_curator/templates/curator.j2 b/roles/openshift_logging_curator/templates/curator.j2 index 462128366..8acff8141 100644 --- a/roles/openshift_logging_curator/templates/curator.j2 +++ b/roles/openshift_logging_curator/templates/curator.j2 @@ -30,7 +30,7 @@ spec: serviceAccountName: aggregated-logging-curator {% if curator_node_selector is iterable and curator_node_selector | length > 0 %} nodeSelector: -{% for key, value in curator_node_selector.iteritems() %} +{% for key, value in curator_node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index 2bd02af60..770892d52 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -270,7 +270,7 @@ port: 443 targetPort: 4443 selector: - component: "{{ es_component }}-prometheus" + component: "{{ es_component }}" provider: openshift - oc_edit: diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index 0c7d8b46e..0bfa9e85b 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -34,7 +34,7 @@ spec: {% endfor %} {% if es_node_selector is iterable and es_node_selector | length > 0 %} nodeSelector: -{% for key, value in es_node_selector.iteritems() %} +{% for key, value in es_node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_logging_elasticsearch/templates/pvc.j2 b/roles/openshift_logging_elasticsearch/templates/pvc.j2 index 063f9c5ae..3c6896df4 100644 --- a/roles/openshift_logging_elasticsearch/templates/pvc.j2 +++ b/roles/openshift_logging_elasticsearch/templates/pvc.j2 @@ -6,7 +6,7 @@ metadata: logging-infra: support {% if annotations is defined %} annotations: -{% for key,value in annotations.iteritems() %} +{% for key,value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} @@ -14,7 +14,7 @@ spec: {% if pv_selector is defined and pv_selector is mapping %} selector: matchLabels: -{% for key,value in pv_selector.iteritems() %} +{% for key,value in pv_selector.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 b/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 index cf8a9e65f..d2e8b8bcb 100644 --- a/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 +++ b/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 @@ -4,7 +4,7 @@ metadata: name: "{{obj_name}}" {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 index 5a4f7f762..3bd29163b 100644 --- a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 +++ b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 @@ -42,7 +42,7 @@ objects: component: eventrouter logging-infra: eventrouter provider: openshift - replicas: ${REPLICAS} + replicas: "${{ '{{' }}REPLICAS{{ '}}' }}" template: metadata: labels: @@ -55,7 +55,7 @@ objects: serviceAccountName: aggregated-logging-eventrouter {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{ key }}: "{{ value }}" {% endfor %} {% endif %} diff --git a/roles/openshift_logging_fluentd/files/secure-forward.conf b/roles/openshift_logging_fluentd/files/secure-forward.conf index f4483df79..87410c1c5 100644 --- a/roles/openshift_logging_fluentd/files/secure-forward.conf +++ b/roles/openshift_logging_fluentd/files/secure-forward.conf @@ -1,3 +1,4 @@ +# <store> # @type secure_forward # self_hostname ${HOSTNAME} @@ -22,3 +23,4 @@ # specify hostlabel for FQDN verification if ipaddress is used for host # hostlabel server.fqdn.example.com # </server> +# </store> diff --git a/roles/openshift_logging_kibana/templates/kibana.j2 b/roles/openshift_logging_kibana/templates/kibana.j2 index 4ff86729a..57d216373 100644 --- a/roles/openshift_logging_kibana/templates/kibana.j2 +++ b/roles/openshift_logging_kibana/templates/kibana.j2 @@ -29,7 +29,7 @@ spec: serviceAccountName: aggregated-logging-kibana {% if kibana_node_selector is iterable and kibana_node_selector | length > 0 %} nodeSelector: -{% for key, value in kibana_node_selector.iteritems() %} +{% for key, value in kibana_node_selector.items() %} {{ key }}: "{{ value }}" {% endfor %} {% endif %} diff --git a/roles/openshift_logging_kibana/templates/route_reencrypt.j2 b/roles/openshift_logging_kibana/templates/route_reencrypt.j2 index cf8a9e65f..d2e8b8bcb 100644 --- a/roles/openshift_logging_kibana/templates/route_reencrypt.j2 +++ b/roles/openshift_logging_kibana/templates/route_reencrypt.j2 @@ -4,7 +4,7 @@ metadata: name: "{{obj_name}}" {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_logging_mux/files/secure-forward.conf b/roles/openshift_logging_mux/files/secure-forward.conf index f4483df79..87410c1c5 100644 --- a/roles/openshift_logging_mux/files/secure-forward.conf +++ b/roles/openshift_logging_mux/files/secure-forward.conf @@ -1,3 +1,4 @@ +# <store> # @type secure_forward # self_hostname ${HOSTNAME} @@ -22,3 +23,4 @@ # specify hostlabel for FQDN verification if ipaddress is used for host # hostlabel server.fqdn.example.com # </server> +# </store> diff --git a/roles/openshift_logging_mux/templates/mux.j2 b/roles/openshift_logging_mux/templates/mux.j2 index cfb13d59b..2337c33d5 100644 --- a/roles/openshift_logging_mux/templates/mux.j2 +++ b/roles/openshift_logging_mux/templates/mux.j2 @@ -29,7 +29,7 @@ spec: serviceAccountName: aggregated-logging-mux {% if mux_node_selector is iterable and mux_node_selector | length > 0 %} nodeSelector: -{% for key, value in mux_node_selector.iteritems() %} +{% for key, value in mux_node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} @@ -59,7 +59,7 @@ spec: {% endif %} {% endif %} ports: - - containerPort: "{{ openshift_logging_mux_port }}" + - containerPort: {{ openshift_logging_mux_port }} name: mux-forward volumeMounts: - name: config diff --git a/roles/openshift_manage_node/defaults/main.yml b/roles/openshift_manage_node/defaults/main.yml new file mode 100644 index 000000000..f0e728a3f --- /dev/null +++ b/roles/openshift_manage_node/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# openshift_manage_node_is_master is set at the play level. +openshift_manage_node_is_master: False + +# Default is to be schedulable except for master nodes. +l_openshift_manage_schedulable: "{{ openshift_schedulable | default(not openshift_manage_node_is_master) }}" diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index fbbac1176..247757ca9 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -37,7 +37,7 @@ - name: Set node schedulability oc_adm_manage_node: node: "{{ openshift.node.nodename | lower }}" - schedulable: "{{ 'true' if openshift.node.schedulable | bool else 'false' }}" + schedulable: "{{ 'true' if l_openshift_manage_schedulable | bool else 'false' }}" retries: 10 delay: 5 register: node_schedulable diff --git a/roles/openshift_management/tasks/add_container_provider.yml b/roles/openshift_management/tasks/add_container_provider.yml index 50a5252cc..24b2ce6ac 100644 --- a/roles/openshift_management/tasks/add_container_provider.yml +++ b/roles/openshift_management/tasks/add_container_provider.yml @@ -1,8 +1,4 @@ --- -- name: Ensure lib_openshift modules are available - include_role: - role: lib_openshift - - name: Ensure OpenShift facts module is available include_role: role: openshift_facts diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 3fb94fff8..8e4a46ebb 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -7,6 +7,22 @@ openshift_master_debug_level: "{{ debug_level | default(2) }}" r_openshift_master_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_openshift_master_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" +system_images_registry_dict: + openshift-enterprise: "registry.access.redhat.com" + origin: "docker.io" + +system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}" + +l_is_master_system_container: "{{ (openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" + +openshift_master_dns_port: 8053 +osm_default_node_selector: '' +osm_project_request_template: '' +osm_mcs_allocator_range: 's0:/2' +osm_mcs_labels_per_project: 5 +osm_uid_allocator_range: '1000000000-1999999999/10000' +osm_project_request_message: '' + openshift_node_ips: [] r_openshift_master_clean_install: false r_openshift_master_etcd3_storage: false @@ -18,9 +34,9 @@ default_r_openshift_master_os_firewall_allow: - service: api controllers https port: "{{ openshift.master.controllers_port }}/tcp" - service: skydns tcp - port: "{{ openshift.master.dns_port }}/tcp" + port: "{{ openshift_master_dns_port }}/tcp" - service: skydns udp - port: "{{ openshift.master.dns_port }}/udp" + port: "{{ openshift_master_dns_port }}/udp" - service: etcd embedded port: 4001/tcp cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index b6d3539b1..e52cd6231 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -31,8 +31,7 @@ - openshift.common.is_containerized | bool - name: Open up firewall ports - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install Master package package: @@ -40,6 +39,8 @@ state: present when: - not openshift.common.is_containerized | bool + register: result + until: result | success - name: Create r_openshift_master_data_dir file: @@ -89,6 +90,8 @@ - item.kind == 'HTPasswdPasswordIdentityProvider' - not openshift.common.is_atomic | bool with_items: "{{ openshift.master.identity_providers }}" + register: result + until: result | success - name: Ensure htpasswd directory exists file: @@ -172,16 +175,16 @@ no_proxy_etcd_host_ips: "{{ openshift_no_proxy_etcd_host_ips }}" - name: Update journald config - include: journald.yml + include_tasks: journald.yml - name: Install the systemd units - include: systemd_units.yml + include_tasks: systemd_units.yml - name: Install Master system container - include: system_container.yml + include_tasks: system_container.yml when: - openshift.common.is_containerized | bool - - openshift.common.is_master_system_container | bool + - l_is_master_system_container | bool - name: Create session secrets file template: @@ -212,10 +215,10 @@ - restart master api - restart master controllers -- include: bootstrap_settings.yml +- include_tasks: bootstrap_settings.yml when: openshift_master_bootstrap_enabled | default(False) -- include: set_loopback_context.yml +- include_tasks: set_loopback_context.yml - name: Start and enable master api on first master systemd: @@ -273,7 +276,7 @@ # A separate wait is required here for native HA since notifies will # be resolved after all tasks in the role. -- include: check_master_api_is_ready.yml +- include_tasks: check_master_api_is_ready.yml when: - openshift.master.cluster_method == 'native' - master_api_service_status_changed | bool @@ -307,6 +310,7 @@ - openshift.master.cluster_method == 'pacemaker' - not openshift.common.is_containerized | bool register: l_install_result + until: l_install_result | success - name: Start and enable cluster service systemd: @@ -323,5 +327,5 @@ - l_install_result | changed - name: node bootstrap settings - include: bootstrap.yml + include_tasks: bootstrap.yml when: openshift_master_bootstrap_enabled | default(False) diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml index 843352532..23386f11b 100644 --- a/roles/openshift_master/tasks/system_container.yml +++ b/roles/openshift_master/tasks/system_container.yml @@ -6,7 +6,7 @@ - name: Pre-pull master system container image command: > - atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }} + atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }} register: l_pull_result changed_when: "'Pulling layer' in l_pull_result.stdout" @@ -18,7 +18,7 @@ - name: Install or Update HA api master system container oc_atomic_container: name: "{{ openshift.common.service_type }}-master-api" - image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}" state: latest values: - COMMAND=api @@ -26,7 +26,7 @@ - name: Install or Update HA controller master system container oc_atomic_container: name: "{{ openshift.common.service_type }}-master-controllers" - image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}" state: latest values: - COMMAND=controllers diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index b0fa72f19..9d11ed574 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -9,7 +9,7 @@ when: - openshift.common.is_containerized | bool -- include: registry_auth.yml +- include_tasks: registry_auth.yml - name: Disable the legacy master service if it exists systemd: @@ -26,7 +26,7 @@ ignore_errors: true when: - openshift.master.cluster_method == "native" - - not openshift.common.is_master_system_container | bool + - not l_is_master_system_container | bool # This is the image used for both HA and non-HA clusters: - name: Pre-pull master image @@ -36,7 +36,7 @@ changed_when: "'Downloaded newer image' in l_pull_result.stdout" when: - openshift.common.is_containerized | bool - - not openshift.common.is_master_system_container | bool + - not l_is_master_system_container | bool - name: Create the ha systemd unit files template: @@ -44,7 +44,7 @@ dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master-{{ item }}.service" when: - openshift.master.cluster_method == "native" - - not openshift.common.is_master_system_container | bool + - not l_is_master_system_container | bool with_items: - api - controllers @@ -64,7 +64,7 @@ - controllers when: - openshift.master.cluster_method == "native" - - not openshift.common.is_master_system_container | bool + - not l_is_master_system_container | bool - name: Preserve Master API Proxy Config options command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api diff --git a/roles/openshift_master/tasks/upgrade.yml b/roles/openshift_master/tasks/upgrade.yml index 92371921d..f84cf2f6e 100644 --- a/roles/openshift_master/tasks/upgrade.yml +++ b/roles/openshift_master/tasks/upgrade.yml @@ -1,16 +1,16 @@ --- -- include: upgrade/rpm_upgrade.yml +- include_tasks: upgrade/rpm_upgrade.yml when: not openshift.common.is_containerized | bool -- include: upgrade/upgrade_scheduler.yml +- include_tasks: upgrade/upgrade_scheduler.yml # master_config_hook is passed in from upgrade play. -- include: "upgrade/{{ master_config_hook }}" +- include_tasks: "upgrade/{{ master_config_hook }}" when: master_config_hook is defined -- include: journald.yml +- include_tasks: journald.yml -- include: systemd_units.yml +- include_tasks: systemd_units.yml - name: Check for ca-bundle.crt stat: diff --git a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml index f914a9978..caab3045a 100644 --- a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml +++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml @@ -18,3 +18,5 @@ - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}" - "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}" - "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" + register: result + until: result | success diff --git a/roles/openshift_master/templates/htpasswd.j2 b/roles/openshift_master/templates/htpasswd.j2 index ba2c02e20..7e2e05076 100644 --- a/roles/openshift_master/templates/htpasswd.j2 +++ b/roles/openshift_master/templates/htpasswd.j2 @@ -1,5 +1,5 @@ {% if 'htpasswd_users' in openshift.master %} -{% for user,pass in openshift.master.htpasswd_users.iteritems() %} +{% for user,pass in openshift.master.htpasswd_users.items() %} {{ user ~ ':' ~ pass }} {% endfor %} {% endif %} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 629fe3286..a0f00e545 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -65,7 +65,7 @@ disabledFeatures: {{ openshift.master.disabled_features | to_json }} {% endif %} {% if openshift.master.embedded_dns | bool %} dnsConfig: - bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }} + bindAddress: {{ openshift.master.bind_addr }}:{{ openshift_master_dns_port }} bindNetwork: tcp4 {% endif %} etcdClientInfo: @@ -196,13 +196,13 @@ policyConfig: openshiftInfrastructureNamespace: openshift-infra openshiftSharedResourcesNamespace: openshift projectConfig: - defaultNodeSelector: "{{ openshift.master.default_node_selector }}" - projectRequestMessage: "{{ openshift.master.project_request_message }}" - projectRequestTemplate: "{{ openshift.master.project_request_template }}" + defaultNodeSelector: "{{ osm_default_node_selector }}" + projectRequestMessage: "{{ osm_project_request_message }}" + projectRequestTemplate: "{{ osm_project_request_template }}" securityAllocator: - mcsAllocatorRange: "{{ openshift.master.mcs_allocator_range }}" - mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }} - uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}" + mcsAllocatorRange: "{{ osm_mcs_allocator_range }}" + mcsLabelsPerProject: {{ osm_mcs_labels_per_project }} + uidAllocatorRange: "{{ osm_uid_allocator_range }}" routingConfig: subdomain: "{{ openshift_master_default_subdomain | default("") }}" serviceAccountConfig: diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml index 40705d357..41bfc72cb 100644 --- a/roles/openshift_master_cluster/tasks/main.yml +++ b/roles/openshift_master_cluster/tasks/main.yml @@ -10,5 +10,5 @@ failed_when: false when: openshift.master.cluster_method == "pacemaker" -- include: configure.yml +- include_tasks: configure.yml when: "pcs_status | failed and 'Error: cluster is not currently running on this node' in pcs_status.stderr" diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index cf0be3bef..20cc5358e 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -55,8 +55,6 @@ embedded_etcd: "{{ openshift_master_embedded_etcd | default(None) }}" embedded_kube: "{{ openshift_master_embedded_kube | default(None) }}" embedded_dns: "{{ openshift_master_embedded_dns | default(None) }}" - # defaults to 8053 when using dnsmasq in 1.2/3.2 - dns_port: "{{ openshift_master_dns_port | default(None) }}" bind_addr: "{{ openshift_master_bind_addr | default(None) }}" pod_eviction_timeout: "{{ openshift_master_pod_eviction_timeout | default(None) }}" session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}" @@ -77,12 +75,6 @@ sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}" sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" - default_node_selector: "{{ osm_default_node_selector | default(None) }}" - project_request_message: "{{ osm_project_request_message | default(None) }}" - project_request_template: "{{ osm_project_request_template | default(None) }}" - mcs_allocator_range: "{{ osm_mcs_allocator_range | default(None) }}" - mcs_labels_per_project: "{{ osm_mcs_labels_per_project | default(None) }}" - uid_allocator_range: "{{ osm_uid_allocator_range | default(None) }}" registry_selector: "{{ openshift_registry_selector | default(None) }}" api_server_args: "{{ osm_api_server_args | default(None) }}" controller_args: "{{ osm_controller_args | default(None) }}" diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml index 3dc15d58b..bb842d710 100644 --- a/roles/openshift_metrics/tasks/generate_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_certificates.yaml @@ -8,4 +8,4 @@ --serial='{{ mktemp.stdout }}/ca.serial.txt' --name="metrics-signer@{{lookup('pipe','date +%s')}}" -- include: generate_hawkular_certificates.yaml +- include_tasks: generate_hawkular_certificates.yaml diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index 31129a6ac..0fd19c9f8 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -1,13 +1,13 @@ --- - name: generate hawkular-metrics certificates - include: setup_certificate.yaml + include_tasks: setup_certificate.yaml vars: component: hawkular-metrics hostnames: "hawkular-metrics,hawkular-metrics.{{ openshift_metrics_project }}.svc.cluster.local,{{ openshift_metrics_hawkular_hostname }}" changed_when: no - name: generate hawkular-cassandra certificates - include: setup_certificate.yaml + include_tasks: setup_certificate.yaml vars: component: hawkular-cassandra hostnames: hawkular-cassandra diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml index 0eb852d91..a33b28ba7 100644 --- a/roles/openshift_metrics/tasks/install_heapster.yaml +++ b/roles/openshift_metrics/tasks/install_heapster.yaml @@ -66,4 +66,4 @@ namespace: "{{ openshift_metrics_project }}" changed_when: no -- include: generate_heapster_secrets.yaml +- include_tasks: generate_heapster_secrets.yaml diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml index fdf4ae57f..49d1d8cf1 100644 --- a/roles/openshift_metrics/tasks/install_metrics.yaml +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -1,8 +1,8 @@ --- -- include: pre_install.yaml +- include_tasks: pre_install.yaml - name: Install Metrics - include: "{{ role_path }}/tasks/install_{{ include_file }}.yaml" + include_tasks: "install_{{ include_file }}.yaml" with_items: - support - heapster @@ -13,11 +13,11 @@ when: not openshift_metrics_heapster_standalone | bool - name: Install Heapster Standalone - include: install_heapster.yaml + include_tasks: install_heapster.yaml when: openshift_metrics_heapster_standalone | bool - name: Install Hawkular OpenShift Agent (HOSA) - include: install_hosa.yaml + include_tasks: install_hosa.yaml when: openshift_metrics_install_hawkular_agent | default(false) | bool - find: @@ -34,7 +34,7 @@ changed_when: no - name: Create objects - include: oc_apply.yaml + include_tasks: oc_apply.yaml vars: kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" namespace: "{{ openshift_metrics_project }}" @@ -58,7 +58,7 @@ changed_when: no - name: Create Hawkular Agent objects - include: oc_apply.yaml + include_tasks: oc_apply.yaml vars: kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" namespace: "{{ openshift_metrics_hawkular_agent_namespace }}" @@ -67,7 +67,7 @@ with_items: "{{ hawkular_agent_object_defs.results }}" when: openshift_metrics_install_hawkular_agent | bool -- include: update_master_config.yaml +- include_tasks: update_master_config.yaml - command: > {{openshift.common.client_binary}} @@ -80,11 +80,11 @@ changed_when: no - name: Scaling down cluster to recognize changes - include: stop_metrics.yaml + include_tasks: stop_metrics.yaml when: existing_metrics_rc.stdout_lines | length > 0 - name: Scaling up cluster - include: start_metrics.yaml + include_tasks: start_metrics.yaml tags: openshift_metrics_start_cluster when: - openshift_metrics_start_cluster | default(true) | bool diff --git a/roles/openshift_metrics/tasks/install_support.yaml b/roles/openshift_metrics/tasks/install_support.yaml index 584e3be05..c3727d530 100644 --- a/roles/openshift_metrics/tasks/install_support.yaml +++ b/roles/openshift_metrics/tasks/install_support.yaml @@ -19,7 +19,7 @@ - fail: msg="'keytool' is unavailable. Please install java-1.8.0-openjdk-headless on the control node" when: keytool_check.rc == 1 -- include: generate_certificates.yaml -- include: generate_serviceaccounts.yaml -- include: generate_services.yaml -- include: generate_rolebindings.yaml +- include_tasks: generate_certificates.yaml +- include_tasks: generate_serviceaccounts.yaml +- include_tasks: generate_services.yaml +- include_tasks: generate_rolebindings.yaml diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 10509fc1e..9dfe360bb 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -43,15 +43,15 @@ check_mode: no tags: metrics_init -- include: install_metrics.yaml +- include_tasks: install_metrics.yaml when: - openshift_metrics_install_metrics | bool -- include: uninstall_metrics.yaml +- include_tasks: uninstall_metrics.yaml when: - not openshift_metrics_install_metrics | bool -- include: uninstall_hosa.yaml +- include_tasks: uninstall_hosa.yaml when: not openshift_metrics_install_hawkular_agent | bool - name: Delete temp directory diff --git a/roles/openshift_metrics/tasks/uninstall_metrics.yaml b/roles/openshift_metrics/tasks/uninstall_metrics.yaml index 403b1252c..1265c7bfd 100644 --- a/roles/openshift_metrics/tasks/uninstall_metrics.yaml +++ b/roles/openshift_metrics/tasks/uninstall_metrics.yaml @@ -1,6 +1,6 @@ --- - name: stop metrics - include: stop_metrics.yaml + include_tasks: stop_metrics.yaml - name: remove metrics components command: > diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index 6a3811598..11476bf75 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -24,7 +24,7 @@ spec: - {{openshift_metrics_cassandra_storage_group}} {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index 0662bea53..e976bc222 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -19,7 +19,7 @@ spec: serviceAccount: hawkular {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 index 40d09e9fa..04e2b2937 100644 --- a/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 +++ b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 @@ -19,7 +19,7 @@ spec: serviceAccount: hawkular-openshift-agent {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index e732c1eee..0d4dd0e2b 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -20,7 +20,7 @@ spec: serviceAccountName: heapster {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2 index b4e6a1503..9a4b428ec 100644 --- a/roles/openshift_metrics/templates/pvc.j2 +++ b/roles/openshift_metrics/templates/pvc.j2 @@ -7,13 +7,13 @@ metadata: metrics-infra: support {% elif labels %} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{ key }}: {{ value }} {% endfor %} {% endif %} {% if annotations is defined and annotations %} annotations: -{% for key,value in annotations.iteritems() %} +{% for key,value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} @@ -21,7 +21,7 @@ spec: {% if pv_selector is defined and pv_selector is mapping %} selector: matchLabels: -{% for key,value in pv_selector.iteritems() %} +{% for key,value in pv_selector.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/rolebinding.j2 b/roles/openshift_metrics/templates/rolebinding.j2 index 5230f0780..a9a24c157 100644 --- a/roles/openshift_metrics/templates/rolebinding.j2 +++ b/roles/openshift_metrics/templates/rolebinding.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if labels is defined %} labels: -{% for k, v in labels.iteritems() %} +{% for k, v in labels.items() %} {{ k }}: {{ v }} {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/route.j2 b/roles/openshift_metrics/templates/route.j2 index 253d6ecf5..9d628b666 100644 --- a/roles/openshift_metrics/templates/route.j2 +++ b/roles/openshift_metrics/templates/route.j2 @@ -7,7 +7,7 @@ metadata: {% endif %} {% if labels is defined and labels %} labels: -{% for k, v in labels.iteritems() %} +{% for k, v in labels.items() %} {{ k }}: {{ v }} {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/secret.j2 b/roles/openshift_metrics/templates/secret.j2 index 5b9dba122..b788be04e 100644 --- a/roles/openshift_metrics/templates/secret.j2 +++ b/roles/openshift_metrics/templates/secret.j2 @@ -4,15 +4,15 @@ metadata: name: "{{ name }}" {% if annotations is defined%} annotations: -{% for key, value in annotations.iteritems() %} +{% for key, value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} labels: -{% for k, v in labels.iteritems() %} +{% for k, v in labels.items() %} {{ k }}: {{ v }} {% endfor %} data: -{% for k, v in data.iteritems() %} +{% for k, v in data.items() %} {{ k }}: {{ v }} {% endfor %} diff --git a/roles/openshift_metrics/templates/service.j2 b/roles/openshift_metrics/templates/service.j2 index ce0bc2eec..4d23982f1 100644 --- a/roles/openshift_metrics/templates/service.j2 +++ b/roles/openshift_metrics/templates/service.j2 @@ -4,13 +4,13 @@ metadata: name: "{{obj_name}}" {% if annotations is defined%} annotations: -{% for key, value in annotations.iteritems() %} +{% for key, value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} @@ -22,7 +22,7 @@ spec: ports: {% for port in ports %} - -{% for key, value in port.iteritems() %} +{% for key, value in port.items() %} {{key}}: {{value}} {% endfor %} {% if port.targetPort is undefined %} @@ -33,6 +33,6 @@ spec: targetPort: {{service_targetPort}} {% endif %} selector: - {% for key, value in selector.iteritems() %} + {% for key, value in selector.items() %} {{key}}: {{value}} {% endfor %} diff --git a/roles/openshift_metrics/templates/serviceaccount.j2 b/roles/openshift_metrics/templates/serviceaccount.j2 index b22acc594..ea19f17d7 100644 --- a/roles/openshift_metrics/templates/serviceaccount.j2 +++ b/roles/openshift_metrics/templates/serviceaccount.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_nfs/tasks/setup.yml b/roles/openshift_nfs/tasks/setup.yml index 3070de495..edb854467 100644 --- a/roles/openshift_nfs/tasks/setup.yml +++ b/roles/openshift_nfs/tasks/setup.yml @@ -5,6 +5,8 @@ - name: Install nfs-utils package: name=nfs-utils state=present + register: result + until: result | success - name: Configure NFS lineinfile: diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 89d154ad7..5a0c09f5c 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,12 +1,28 @@ --- openshift_node_debug_level: "{{ debug_level | default(2) }}" +openshift_node_dnsmasq_install_network_manager_hook: true + +# lo must always be present in this list or dnsmasq will conflict with +# the node's dns service. +openshift_node_dnsmasq_except_interfaces: +- lo + r_openshift_node_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" +l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" + openshift_deployment_type: "{{ openshift_deployment_type | default('origin') }}" openshift_service_type: "{{ 'origin' if openshift_deployment_type == 'origin' else 'atomic-openshift' }}" +system_images_registry_dict: + openshift-enterprise: "registry.access.redhat.com" + origin: "docker.io" + +system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}" +l_is_openvswitch_system_container: "{{ (openshift_use_openvswitch_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" + openshift_image_tag: '' default_r_openshift_node_image_prep_packages: diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node/files/networkmanager/99-origin-dns.sh index f4e48b5b7..f4e48b5b7 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node/files/networkmanager/99-origin-dns.sh diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index b102c1b18..229c6bbed 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,4 +1,15 @@ --- +- name: restart NetworkManager + systemd: + name: NetworkManager + state: restarted + enabled: True + +- name: restart dnsmasq + systemd: + name: dnsmasq + state: restarted + - name: restart openvswitch systemd: name: openvswitch diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index c32aa1600..927d107c6 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -17,11 +17,8 @@ dependencies: - role: lib_openshift - role: lib_os_firewall when: not (openshift_node_upgrade_in_progress | default(False)) -- role: openshift_clock - when: not (openshift_node_upgrade_in_progress | default(False)) - role: openshift_docker - role: openshift_cloud_provider when: not (openshift_node_upgrade_in_progress | default(False)) -- role: openshift_node_dnsmasq - role: lib_utils when: openshift_node_upgrade_in_progress | default(False) diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml index b8be50f6c..a042bc01b 100644 --- a/roles/openshift_node/tasks/bootstrap.yml +++ b/roles/openshift_node/tasks/bootstrap.yml @@ -4,6 +4,8 @@ name: "{{ item }}" state: present with_items: "{{ r_openshift_node_image_prep_packages }}" + register: result + until: result | success - name: create the directory for node file: @@ -32,8 +34,7 @@ regexp: "^CONFIG_FILE=.*" - name: include aws sysconfig credentials - include: aws.yml - static: yes + import_tasks: aws.yml when: not (openshift_node_use_instance_profiles | default(False)) #- name: update the ExecStart to have bootstrap diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml index 2fea33454..741a2234f 100644 --- a/roles/openshift_node/tasks/config.yml +++ b/roles/openshift_node/tasks/config.yml @@ -1,6 +1,6 @@ --- - name: Install the systemd units - include: systemd_units.yml + include_tasks: systemd_units.yml - name: Start and enable openvswitch service systemd: @@ -47,8 +47,7 @@ - restart node - name: include aws provider credentials - include: aws.yml - static: yes + import_tasks: aws.yml when: not (openshift_node_use_instance_profiles | default(False)) # Necessary because when you're on a node that's also a master the master will be diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node/tasks/dnsmasq.yml index 9bbaafc29..f210a3a21 100644 --- a/roles/openshift_node_dnsmasq/tasks/main.yml +++ b/roles/openshift_node/tasks/dnsmasq.yml @@ -13,6 +13,8 @@ - name: Install dnsmasq package: name=dnsmasq state=installed when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: ensure origin/node directory exists file: @@ -59,9 +61,9 @@ state: started # Dynamic NetworkManager based dispatcher -- include: ./network-manager.yml +- include_tasks: dnsmasq/network-manager.yml when: network_manager_active | bool # Relies on ansible in order to configure static config -- include: ./no-network-manager.yml +- include_tasks: dnsmasq/no-network-manager.yml when: not network_manager_active | bool diff --git a/roles/openshift_node_dnsmasq/tasks/network-manager.yml b/roles/openshift_node/tasks/dnsmasq/network-manager.yml index e5a92a630..e5a92a630 100644 --- a/roles/openshift_node_dnsmasq/tasks/network-manager.yml +++ b/roles/openshift_node/tasks/dnsmasq/network-manager.yml diff --git a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml index 8a7da66c2..541c8115a 100644 --- a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml +++ b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml @@ -7,5 +7,7 @@ name: NetworkManager state: present notify: restart NetworkManager + register: result + until: result | success -- include: ./network-manager.yml +- include_tasks: network-manager.yml diff --git a/roles/openshift_node/tasks/docker/upgrade.yml b/roles/openshift_node/tasks/docker/upgrade.yml index ebe87d6fd..d743d2188 100644 --- a/roles/openshift_node/tasks/docker/upgrade.yml +++ b/roles/openshift_node/tasks/docker/upgrade.yml @@ -36,5 +36,7 @@ - name: Upgrade Docker package: name=docker{{ '-' + docker_version }} state=present + register: result + until: result | success # starting docker happens back in ../main.yml where it calls ../restart.yml diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml index 6b7e40491..1ed4a05c1 100644 --- a/roles/openshift_node/tasks/install.yml +++ b/roles/openshift_node/tasks/install.yml @@ -5,6 +5,8 @@ package: name: "{{ openshift.common.service_type }}-node{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" state: present + register: result + until: result | success - name: Install sdn-ovs package package: @@ -12,15 +14,19 @@ state: present when: - openshift_node_use_openshift_sdn | bool + register: result + until: result | success - name: Install conntrack-tools package package: name: "conntrack-tools" state: present + register: result + until: result | success - when: - openshift.common.is_containerized | bool - - not openshift.common.is_node_system_container | bool + - not l_is_node_system_container | bool block: - name: Pre-pull node image when containerized command: > diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index eae9ca7bc..d46b1f9c3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -6,9 +6,10 @@ - deployment_type == 'openshift-enterprise' - not openshift_use_crio | default(false) +- include: dnsmasq.yml + - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml #### Disable SWAP ##### # https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory @@ -41,7 +42,7 @@ #### End Disable Swap Block #### - name: include node installer - include: install.yml + include_tasks: install.yml - name: Restart cri-o systemd: @@ -66,34 +67,34 @@ sysctl_file: "/etc/sysctl.d/99-openshift.conf" reload: yes -- include: registry_auth.yml +- include_tasks: registry_auth.yml - name: include standard node config - include: config.yml + include_tasks: config.yml #### Storage class plugins here #### - name: NFS storage plugin configuration - include: storage_plugins/nfs.yml + include_tasks: storage_plugins/nfs.yml tags: - nfs - name: GlusterFS storage plugin configuration - include: storage_plugins/glusterfs.yml + include_tasks: storage_plugins/glusterfs.yml when: "'glusterfs' in openshift.node.storage_plugin_deps" - name: Ceph storage plugin configuration - include: storage_plugins/ceph.yml + include_tasks: storage_plugins/ceph.yml when: "'ceph' in openshift.node.storage_plugin_deps" - name: iSCSI storage plugin configuration - include: storage_plugins/iscsi.yml + include_tasks: storage_plugins/iscsi.yml when: "'iscsi' in openshift.node.storage_plugin_deps" ##### END Storage ##### -- include: config/workaround-bz1331590-ovs-oom-fix.yml +- include_tasks: config/workaround-bz1331590-ovs-oom-fix.yml when: openshift_node_use_openshift_sdn | default(true) | bool - name: include bootstrap node config - include: bootstrap.yml + include_tasks: bootstrap.yml when: openshift_node_bootstrap diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml index 164a79b39..73dc9e130 100644 --- a/roles/openshift_node/tasks/node_system_container.yml +++ b/roles/openshift_node/tasks/node_system_container.yml @@ -6,14 +6,14 @@ - name: Pre-pull node system container image command: > - atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }} + atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Install or Update node system container oc_atomic_container: name: "{{ openshift.common.service_type }}-node" - image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}" values: - "DNS_DOMAIN={{ openshift.common.dns_domain }}" - "DOCKER_SERVICE={{ openshift.docker.service_name }}.service" diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml index 0f73ce454..8c3548475 100644 --- a/roles/openshift_node/tasks/openvswitch_system_container.yml +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -17,14 +17,14 @@ - name: Pre-pull OpenVSwitch system container image command: > - atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} + atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Install or Update OpenVSwitch system container oc_atomic_container: name: openvswitch - image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }}" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }}" state: latest values: - "DOCKER_SERVICE={{ l_service_name }}" diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml index 037efe81a..72a3b837f 100644 --- a/roles/openshift_node/tasks/storage_plugins/ceph.yml +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -2,3 +2,5 @@ - name: Install Ceph storage plugin dependencies package: name=ceph-common state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index 1b8a7ad50..08ea71a0c 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -2,6 +2,8 @@ - name: Install GlusterFS storage plugin dependencies package: name=glusterfs-fuse state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check for existence of fusefs sebooleans command: getsebool {{ item }} diff --git a/roles/openshift_node/tasks/storage_plugins/iscsi.yml b/roles/openshift_node/tasks/storage_plugins/iscsi.yml index 1c5478c55..ece68dc71 100644 --- a/roles/openshift_node/tasks/storage_plugins/iscsi.yml +++ b/roles/openshift_node/tasks/storage_plugins/iscsi.yml @@ -2,3 +2,5 @@ - name: Install iSCSI storage plugin dependencies package: name=iscsi-initiator-utils state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 7e1035893..5eacf42e8 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -2,6 +2,8 @@ - name: Install NFS storage plugin dependencies package: name=nfs-utils state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check for existence of nfs sebooleans command: getsebool {{ item }} diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 9c182ade6..397e1ba18 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -3,7 +3,7 @@ template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" src: "{{ openshift.common.is_containerized | bool | ternary('openshift.docker.node.service', 'node.service.j2') }}" - when: not openshift.common.is_node_system_container | bool + when: not l_is_node_system_container | bool notify: - reload systemd units - restart node @@ -11,21 +11,21 @@ - when: openshift.common.is_containerized | bool block: - name: include node deps docker service file - include: config/install-node-deps-docker-service-file.yml + include_tasks: config/install-node-deps-docker-service-file.yml - name: include ovs service environment file - include: config/install-ovs-service-env-file.yml + include_tasks: config/install-ovs-service-env-file.yml - name: Install Node system container - include: node_system_container.yml + include_tasks: node_system_container.yml when: - - openshift.common.is_node_system_container | bool + - l_is_node_system_container | bool - name: Install OpenvSwitch system containers - include: openvswitch_system_container.yml + include_tasks: openvswitch_system_container.yml when: - openshift_node_use_openshift_sdn | bool - - openshift.common.is_openvswitch_system_container | bool + - l_is_openvswitch_system_container | bool - block: - name: Pre-pull openvswitch image @@ -34,11 +34,11 @@ register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" - - include: config/install-ovs-docker-service-file.yml + - include_tasks: config/install-ovs-docker-service-file.yml when: - openshift.common.is_containerized | bool - openshift_node_use_openshift_sdn | bool - - not openshift.common.is_openvswitch_system_container | bool + - not l_is_openvswitch_system_container | bool -- include: config/configure-node-settings.yml -- include: config/configure-proxy-settings.yml +- include_tasks: config/configure-node-settings.yml +- include_tasks: config/configure-proxy-settings.yml diff --git a/roles/openshift_node/tasks/upgrade.yml b/roles/openshift_node/tasks/upgrade.yml index 2bca1e974..561b56918 100644 --- a/roles/openshift_node/tasks/upgrade.yml +++ b/roles/openshift_node/tasks/upgrade.yml @@ -10,7 +10,7 @@ # tasks file for openshift_node_upgrade -- include: registry_auth.yml +- include_tasks: registry_auth.yml - name: Stop node and openvswitch services service: @@ -48,7 +48,7 @@ - openshift.common.is_containerized | bool - openshift_use_openshift_sdn | bool -- include: docker/upgrade.yml +- include_tasks: docker/upgrade.yml vars: # We will restart Docker ourselves after everything is ready: skip_docker_restart: True @@ -56,10 +56,10 @@ - l_docker_upgrade is defined - l_docker_upgrade | bool -- include: "{{ node_config_hook }}" +- include_tasks: "{{ node_config_hook }}" when: node_config_hook is defined -- include: upgrade/rpm_upgrade.yml +- include_tasks: upgrade/rpm_upgrade.yml vars: component: "node" openshift_version: "{{ openshift_pkg_version | default('') }}" @@ -70,7 +70,7 @@ path: "/etc/systemd/system/docker.service.d/docker-sdn-ovs.conf" state: absent -- include: upgrade/containerized_node_upgrade.yml +- include_tasks: upgrade/containerized_node_upgrade.yml when: openshift.common.is_containerized | bool - name: Ensure containerized services stopped before Docker restart @@ -107,6 +107,8 @@ name: openvswitch state: latest when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Update oreg value yedit: @@ -165,7 +167,7 @@ value: "/etc/origin/node/resolv.conf" # Restart all services -- include: upgrade/restart.yml +- include_tasks: upgrade/restart.yml - name: Wait for node to be ready oc_obj: @@ -179,5 +181,4 @@ retries: 24 delay: 5 -- include_role: - name: openshift_node_dnsmasq +- include_tasks: dnsmasq.yml diff --git a/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml b/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml index 96b94d8b6..245de60a7 100644 --- a/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml @@ -6,7 +6,7 @@ skip_node_svc_handlers: True - name: Update systemd units - include: ../systemd_units.yml + include_tasks: ../systemd_units.yml # This is a no-op because of skip_node_svc_handlers, but lets us trigger it before end of # play when the node has already been marked schedulable again. (this would look strange diff --git a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml index a998acf21..fcbe1a598 100644 --- a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml @@ -8,10 +8,14 @@ # We verified latest rpm available is suitable, so just yum update. - name: Upgrade packages package: "name={{ openshift.common.service_type }}-{{ component }}{{ openshift_pkg_version }} state=present" + register: result + until: result | success - name: Ensure python-yaml present for config upgrade package: name=PyYAML state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Install Node service file template: diff --git a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 b/roles/openshift_node/templates/node-dnsmasq.conf.j2 index 3caa3bd4a..3caa3bd4a 100644 --- a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 +++ b/roles/openshift_node/templates/node-dnsmasq.conf.j2 diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node/templates/origin-dns.conf.j2 index 6543c7c3e..6543c7c3e 100644 --- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 +++ b/roles/openshift_node/templates/origin-dns.conf.j2 diff --git a/roles/openshift_node_dnsmasq/README.md b/roles/openshift_node_dnsmasq/README.md deleted file mode 100644 index 4596190d7..000000000 --- a/roles/openshift_node_dnsmasq/README.md +++ /dev/null @@ -1,27 +0,0 @@ -OpenShift Node DNS resolver -=========================== - -Configure dnsmasq to act as a DNS resolver for an OpenShift node. - -Requirements ------------- - -Role Variables --------------- - -From this role: - -| Name | Default value | Description | -|-----------------------------------------------------|---------------|-----------------------------------------------------------------------------------| -| openshift_node_dnsmasq_install_network_manager_hook | true | Install NetworkManager hook updating /etc/resolv.conf with local dnsmasq instance | - -Dependencies ------------- - -* openshift_common -* openshift_node_facts - -License -------- - -Apache License Version 2.0 diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml deleted file mode 100644 index ebcff46b5..000000000 --- a/roles/openshift_node_dnsmasq/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -openshift_node_dnsmasq_install_network_manager_hook: true - -# lo must always be present in this list or dnsmasq will conflict with -# the node's dns service. -openshift_node_dnsmasq_except_interfaces: -- lo diff --git a/roles/openshift_node_dnsmasq/handlers/main.yml b/roles/openshift_node_dnsmasq/handlers/main.yml deleted file mode 100644 index 9f98126a0..000000000 --- a/roles/openshift_node_dnsmasq/handlers/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: restart NetworkManager - systemd: - name: NetworkManager - state: restarted - enabled: True - -- name: restart dnsmasq - systemd: - name: dnsmasq - state: restarted diff --git a/roles/openshift_node_dnsmasq/meta/main.yml b/roles/openshift_node_dnsmasq/meta/main.yml deleted file mode 100644 index d80ed1b72..000000000 --- a/roles/openshift_node_dnsmasq/meta/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -galaxy_info: - author: Scott Dodson - description: OpenShift Node DNSMasq support - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 2.2 - platforms: - - name: EL - versions: - - 7 - categories: - - cloud -dependencies: -- role: openshift_node_facts diff --git a/roles/openshift_node_facts/tasks/main.yml b/roles/openshift_node_facts/tasks/main.yml index b45130400..d33d09980 100644 --- a/roles/openshift_node_facts/tasks/main.yml +++ b/roles/openshift_node_facts/tasks/main.yml @@ -15,7 +15,6 @@ kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" labels: "{{ openshift_node_labels | default(None) }}" registry_url: "{{ oreg_url_node | default(oreg_url) | default(None) }}" - schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" set_node_ip: "{{ openshift_set_node_ip | default(None) }}" diff --git a/roles/openshift_node_group/defaults/main.yml b/roles/openshift_node_group/defaults/main.yml index d398a7fdc..7c81409a5 100644 --- a/roles/openshift_node_group/defaults/main.yml +++ b/roles/openshift_node_group/defaults/main.yml @@ -23,4 +23,4 @@ openshift_node_group_network_plugin_default: "{{ os_sdn_network_plugin_name | de openshift_node_group_network_plugin: "{{ openshift_node_group_network_plugin_default }}" openshift_node_group_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" openshift_node_group_node_data_dir: "{{ openshift_node_group_node_data_dir_default }}" -openshift_node_group_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) }}" +openshift_node_group_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) | int }}" diff --git a/roles/openshift_node_group/tasks/main.yml b/roles/openshift_node_group/tasks/main.yml index c7c15683d..43ecf1b8b 100644 --- a/roles/openshift_node_group/tasks/main.yml +++ b/roles/openshift_node_group/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Build node config maps - include: create_config.yml + include_tasks: create_config.yml vars: openshift_node_group_name: "{{ node_group.name }}" openshift_node_group_edits: "{{ node_group.edits | default([]) }}" diff --git a/roles/openshift_node_group/templates/node-config.yaml.j2 b/roles/openshift_node_group/templates/node-config.yaml.j2 index 5e22dc6d2..3fd16247c 100644 --- a/roles/openshift_node_group/templates/node-config.yaml.j2 +++ b/roles/openshift_node_group/templates/node-config.yaml.j2 @@ -33,7 +33,7 @@ masterClientConnectionOverrides: qps: 20 masterKubeConfig: node.kubeconfig networkConfig: - mtu: "{{ openshift_node_group_network_mtu }}" + mtu: {{ openshift_node_group_network_mtu }} networkPluginName: {{ openshift_node_group_network_plugin }} nodeIP: "" podManifestConfig: null diff --git a/roles/openshift_openstack/tasks/node-packages.yml b/roles/openshift_openstack/tasks/node-packages.yml index 7864f5269..e41104af1 100644 --- a/roles/openshift_openstack/tasks/node-packages.yml +++ b/roles/openshift_openstack/tasks/node-packages.yml @@ -6,6 +6,8 @@ name: "{{ item }}" state: latest with_items: "{{ openshift_openstack_required_packages }}" + register: result + until: result | success - name: Install debug packages (optional) yum: @@ -13,3 +15,5 @@ state: latest with_items: "{{ openshift_openstack_debug_packages }}" when: openshift_openstack_install_debug_packages|bool + register: result + until: result | success diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2 index bfa65b460..0e7538629 100644 --- a/roles/openshift_openstack/templates/heat_stack.yaml.j2 +++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2 @@ -724,7 +724,7 @@ resources: type: node subtype: app node_labels: -{% for k, v in openshift_openstack_cluster_node_labels.app.iteritems() %} +{% for k, v in openshift_openstack_cluster_node_labels.app.items() %} {{ k|e }}: {{ v|e }} {% endfor %} image: {{ openshift_openstack_node_image }} @@ -788,7 +788,7 @@ resources: type: node subtype: infra node_labels: -{% for k, v in openshift_openstack_cluster_node_labels.infra.iteritems() %} +{% for k, v in openshift_openstack_cluster_node_labels.infra.items() %} {{ k|e }}: {{ v|e }} {% endfor %} image: {{ openshift_openstack_infra_image }} diff --git a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 index 9c5103597..ee9dac7cb 100644 --- a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 +++ b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 @@ -9,7 +9,7 @@ items: name: "{{ volume.name }}" {% if volume.labels is defined and volume.labels is mapping %} labels: -{% for key,value in volume.labels.iteritems() %} +{% for key,value in volume.labels.items() %} {{ key }}: {{ value }} {% endfor %} {% endif %} diff --git a/roles/openshift_prometheus/README.md b/roles/openshift_prometheus/README.md index 92f74928c..f1eca1da6 100644 --- a/roles/openshift_prometheus/README.md +++ b/roles/openshift_prometheus/README.md @@ -23,6 +23,17 @@ For default values, see [`defaults/main.yaml`](defaults/main.yaml). - `openshift_prometheus_<COMPONENT>_image_version`: specify image version for the component +- `openshift_prometheus_args`: Modify or add arguments for prometheus application + +- `openshift_prometheus_hostname`: specify the hostname for the route to prometheus `prometheus-{{openshift_prometheus_namespace}}.{{openshift_master_default_subdomain}}` + +- `openshift_prometheus_alerts_hostname`: specify the hostname for the route to prometheus-alerts `prometheus_alerts-{{openshift_prometheus_namespace}}.{{openshift_master_default_subdomain}}` + +e.g +``` +openshift_prometheus_args=['--storage.tsdb.retention=6h', '--storage.tsdb.min-block-duration=5s', '--storage.tsdb.max-block-duration=6m'] +``` + ## PVC related variables Each prometheus component (prometheus, alertmanager, alertbuffer) can set pv claim by setting corresponding role variable: ``` diff --git a/roles/openshift_prometheus/defaults/main.yaml b/roles/openshift_prometheus/defaults/main.yaml index 4e2cea0b9..df331a4bb 100644 --- a/roles/openshift_prometheus/defaults/main.yaml +++ b/roles/openshift_prometheus/defaults/main.yaml @@ -4,11 +4,18 @@ openshift_prometheus_state: present openshift_prometheus_namespace: openshift-metrics +# defaults hosts for routes +openshift_prometheus_hostname: prometheus-{{openshift_prometheus_namespace}}.{{openshift_master_default_subdomain}} +openshift_prometheus_alerts_hostname: alerts-{{openshift_prometheus_namespace}}.{{openshift_master_default_subdomain}} + openshift_prometheus_node_selector: {"region":"infra"} # additional prometheus rules file openshift_prometheus_additional_rules_file: null +#prometheus application arguments +openshift_prometheus_args: ['--storage.tsdb.retention=6h', '--storage.tsdb.min-block-duration=2m'] + # storage # One of ['emptydir', 'pvc'] openshift_prometheus_storage_type: "emptydir" diff --git a/roles/openshift_prometheus/tasks/install_prometheus.yaml b/roles/openshift_prometheus/tasks/install_prometheus.yaml index 21da4bc9d..ad15dc65f 100644 --- a/roles/openshift_prometheus/tasks/install_prometheus.yaml +++ b/roles/openshift_prometheus/tasks/install_prometheus.yaml @@ -3,7 +3,7 @@ # namespace - name: Add prometheus project oc_project: - state: "{{ state }}" + state: present name: "{{ openshift_prometheus_namespace }}" node_selector: "{{ openshift_prometheus_node_selector | oo_selector_to_string_list() }}" description: Prometheus @@ -11,7 +11,7 @@ # secrets - name: Set alert and prometheus secrets oc_secret: - state: "{{ state }}" + state: present name: "{{ item }}-proxy" namespace: "{{ openshift_prometheus_namespace }}" contents: @@ -24,7 +24,7 @@ # serviceaccount - name: create prometheus serviceaccount oc_serviceaccount: - state: "{{ state }}" + state: present name: prometheus namespace: "{{ openshift_prometheus_namespace }}" # TODO add annotations when supproted @@ -48,7 +48,7 @@ # create clusterrolebinding for prometheus serviceaccount - name: Set cluster-reader permissions for prometheus oc_adm_policy_user: - state: "{{ state }}" + state: present namespace: "{{ openshift_prometheus_namespace }}" resource_kind: cluster-role resource_name: cluster-reader @@ -58,7 +58,7 @@ # TODO join into 1 task with loop - name: Create prometheus service oc_service: - state: "{{ state }}" + state: present name: "{{ item.name }}" namespace: "{{ openshift_prometheus_namespace }}" selector: @@ -76,7 +76,7 @@ - name: Create alerts service oc_service: - state: "{{ state }}" + state: present name: "{{ item.name }}" namespace: "{{ openshift_prometheus_namespace }}" selector: @@ -111,14 +111,17 @@ # create prometheus and alerts routes - name: create prometheus and alerts routes oc_route: - state: "{{ state }}" + state: present name: "{{ item.name }}" + host: "{{ item.host }}" namespace: "{{ openshift_prometheus_namespace }}" service_name: "{{ item.name }}" tls_termination: reencrypt with_items: - name: prometheus + host: "{{ openshift_prometheus_hostname }}" - name: alerts + host: "{{ openshift_prometheus_alerts_hostname }}" # Storage - name: create prometheus pvc @@ -185,7 +188,7 @@ # In prometheus configmap create "additional.rules" section if file exists - name: Set prometheus configmap oc_configmap: - state: "{{ state }}" + state: present name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" from_file: @@ -196,7 +199,7 @@ - name: Set prometheus configmap oc_configmap: - state: "{{ state }}" + state: present name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" from_file: @@ -212,7 +215,7 @@ - name: Set alertmanager configmap oc_configmap: - state: "{{ state }}" + state: present name: "prometheus-alerts" namespace: "{{ openshift_prometheus_namespace }}" from_file: @@ -229,7 +232,7 @@ - name: Set prometheus stateful set oc_obj: - state: "{{ state }}" + state: present name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" kind: statefulset diff --git a/roles/openshift_prometheus/tasks/main.yaml b/roles/openshift_prometheus/tasks/main.yaml index 5cc9a67eb..38798e1f5 100644 --- a/roles/openshift_prometheus/tasks/main.yaml +++ b/roles/openshift_prometheus/tasks/main.yaml @@ -20,9 +20,11 @@ mode: 0755 changed_when: False -- include: install_prometheus.yaml - vars: - state: "{{ openshift_prometheus_state }}" +- include_tasks: install_prometheus.yaml + when: openshift_prometheus_state == 'present' + +- include_tasks: uninstall_prometheus.yaml + when: openshift_prometheus_state == 'absent' - name: Delete temp directory file: diff --git a/roles/openshift_prometheus/tasks/uninstall_prometheus.yaml b/roles/openshift_prometheus/tasks/uninstall_prometheus.yaml new file mode 100644 index 000000000..d746402db --- /dev/null +++ b/roles/openshift_prometheus/tasks/uninstall_prometheus.yaml @@ -0,0 +1,7 @@ +--- + +# remove namespace - This will delete all the objects inside the namespace +- name: Remove prometheus project + oc_project: + state: absent + name: "{{ openshift_prometheus_namespace }}" diff --git a/roles/openshift_prometheus/templates/prometheus.j2 b/roles/openshift_prometheus/templates/prometheus.j2 index 456db3a57..d780550b8 100644 --- a/roles/openshift_prometheus/templates/prometheus.j2 +++ b/roles/openshift_prometheus/templates/prometheus.j2 @@ -22,7 +22,7 @@ spec: serviceAccountName: prometheus {% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %} nodeSelector: -{% for key, value in openshift_prometheus_node_selector.iteritems() %} +{% for key, value in openshift_prometheus_node_selector.items() %} {{ key }}: "{{ value }}" {% endfor %} {% endif %} @@ -75,8 +75,9 @@ spec: - name: prometheus args: - - --storage.tsdb.retention=6h - - --storage.tsdb.min-block-duration=2m +{% for arg in openshift_prometheus_args %} + - {{ arg }} +{% endfor %} - --config.file=/etc/prometheus/prometheus.yml - --web.listen-address=localhost:9090 image: "{{ l_openshift_prometheus_image_prefix }}prometheus:{{ l_openshift_prometheus_image_version }}" diff --git a/roles/openshift_prometheus/vars/default_images.yml b/roles/openshift_prometheus/vars/default_images.yml index ad52a3125..31f6c1bb1 100644 --- a/roles/openshift_prometheus/vars/default_images.yml +++ b/roles/openshift_prometheus/vars/default_images.yml @@ -6,7 +6,7 @@ l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_alter l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}" # image version defaults -l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v2.0.0-dev.3') }}" +l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v2.0.0') }}" l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v1.0.0') }}" l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v0.9.1') }}" l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v0.0.2') }}" diff --git a/roles/openshift_provisioners/tasks/install_provisioners.yaml b/roles/openshift_provisioners/tasks/install_provisioners.yaml index 324fdcc82..2d1217c74 100644 --- a/roles/openshift_provisioners/tasks/install_provisioners.yaml +++ b/roles/openshift_provisioners/tasks/install_provisioners.yaml @@ -16,10 +16,10 @@ when: (openshift_provisioners_efs | bool) and openshift_provisioners_efs_aws_secret_access_key is not defined - name: Install support - include: install_support.yaml + include_tasks: install_support.yaml - name: Install EFS - include: install_efs.yaml + include_tasks: install_efs.yaml when: openshift_provisioners_efs | bool - find: paths={{ mktemp.stdout }}/templates patterns=*.yaml @@ -32,7 +32,7 @@ changed_when: no - name: Create objects - include: oc_apply.yaml + include_tasks: oc_apply.yaml vars: - kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" - namespace: "{{ openshift_provisioners_project }}" @@ -51,5 +51,5 @@ when: ansible_check_mode - name: Scaling up cluster - include: start_cluster.yaml + include_tasks: start_cluster.yaml when: start_cluster | default(true) | bool diff --git a/roles/openshift_provisioners/tasks/install_support.yaml b/roles/openshift_provisioners/tasks/install_support.yaml index d6db81ab9..93c4c394d 100644 --- a/roles/openshift_provisioners/tasks/install_support.yaml +++ b/roles/openshift_provisioners/tasks/install_support.yaml @@ -10,8 +10,8 @@ changed_when: False check_mode: no -- include: generate_secrets.yaml +- include_tasks: generate_secrets.yaml -- include: generate_clusterrolebindings.yaml +- include_tasks: generate_clusterrolebindings.yaml -- include: generate_serviceaccounts.yaml +- include_tasks: generate_serviceaccounts.yaml diff --git a/roles/openshift_provisioners/tasks/main.yaml b/roles/openshift_provisioners/tasks/main.yaml index a50c78c97..4ba26b2b8 100644 --- a/roles/openshift_provisioners/tasks/main.yaml +++ b/roles/openshift_provisioners/tasks/main.yaml @@ -12,10 +12,10 @@ check_mode: no tags: provisioners_init -- include: "{{ role_path }}/tasks/install_provisioners.yaml" +- include_tasks: install_provisioners.yaml when: openshift_provisioners_install_provisioners | default(false) | bool -- include: "{{ role_path }}/tasks/uninstall_provisioners.yaml" +- include_tasks: uninstall_provisioners.yaml when: not openshift_provisioners_install_provisioners | default(false) | bool - name: Delete temp directory diff --git a/roles/openshift_provisioners/tasks/uninstall_provisioners.yaml b/roles/openshift_provisioners/tasks/uninstall_provisioners.yaml index 0be4bc7d2..602dee773 100644 --- a/roles/openshift_provisioners/tasks/uninstall_provisioners.yaml +++ b/roles/openshift_provisioners/tasks/uninstall_provisioners.yaml @@ -1,6 +1,6 @@ --- - name: stop provisioners - include: stop_cluster.yaml + include_tasks: stop_cluster.yaml # delete the deployment objects that we had created - name: delete provisioner api objects diff --git a/roles/openshift_provisioners/templates/clusterrolebinding.j2 b/roles/openshift_provisioners/templates/clusterrolebinding.j2 index 994afa32d..1f26c93a4 100644 --- a/roles/openshift_provisioners/templates/clusterrolebinding.j2 +++ b/roles/openshift_provisioners/templates/clusterrolebinding.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_provisioners/templates/efs.j2 b/roles/openshift_provisioners/templates/efs.j2 index 81b9ccca5..37fd02977 100644 --- a/roles/openshift_provisioners/templates/efs.j2 +++ b/roles/openshift_provisioners/templates/efs.j2 @@ -22,7 +22,7 @@ spec: serviceAccountName: "{{deploy_serviceAccount}}" {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_provisioners/templates/pv.j2 b/roles/openshift_provisioners/templates/pv.j2 index f81b1617a..b648cd15e 100644 --- a/roles/openshift_provisioners/templates/pv.j2 +++ b/roles/openshift_provisioners/templates/pv.j2 @@ -4,13 +4,13 @@ metadata: name: {{obj_name}} {% if annotations is defined %} annotations: -{% for key,value in annotations.iteritems() %} +{% for key,value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_provisioners/templates/pvc.j2 b/roles/openshift_provisioners/templates/pvc.j2 index 0dd8772eb..0a88b7c88 100644 --- a/roles/openshift_provisioners/templates/pvc.j2 +++ b/roles/openshift_provisioners/templates/pvc.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if annotations is defined %} annotations: -{% for key,value in annotations.iteritems() %} +{% for key,value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} @@ -12,7 +12,7 @@ spec: {% if pv_selector is defined and pv_selector is mapping %} selector: matchLabels: -{% for key,value in pv_selector.iteritems() %} +{% for key,value in pv_selector.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_provisioners/templates/secret.j2 b/roles/openshift_provisioners/templates/secret.j2 index 78824095b..2fbb28829 100644 --- a/roles/openshift_provisioners/templates/secret.j2 +++ b/roles/openshift_provisioners/templates/secret.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_provisioners/templates/serviceaccount.j2 b/roles/openshift_provisioners/templates/serviceaccount.j2 index b22acc594..ea19f17d7 100644 --- a/roles/openshift_provisioners/templates/serviceaccount.j2 +++ b/roles/openshift_provisioners/templates/serviceaccount.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 95ba9fe4c..5e7bde1e1 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -9,6 +9,8 @@ # TODO: This needs to be removed and placed into a role - name: Ensure libselinux-python is installed package: name=libselinux-python state=present + register: result + until: result | success - name: Remove openshift_additional.repo file file: @@ -35,7 +37,7 @@ - when: r_openshift_repos_has_run is not defined block: - - include: centos_repos.yml + - include_tasks: centos_repos.yml when: - ansible_os_family == "RedHat" - ansible_distribution != "Fedora" diff --git a/roles/openshift_sanitize_inventory/tasks/deprecations.yml b/roles/openshift_sanitize_inventory/tasks/deprecations.yml index 94d3acffc..795b8ee60 100644 --- a/roles/openshift_sanitize_inventory/tasks/deprecations.yml +++ b/roles/openshift_sanitize_inventory/tasks/deprecations.yml @@ -16,6 +16,6 @@ # for with_fileglob Ansible resolves the path relative to the roles/<rolename>/files directory - name: Assign deprecated variables to correct counterparts - include: "{{ item }}" + include_tasks: "{{ item }}" with_fileglob: - "../tasks/__deprecations_*.yml" diff --git a/roles/openshift_sanitize_inventory/tasks/main.yml b/roles/openshift_sanitize_inventory/tasks/main.yml index 70b236033..77428272c 100644 --- a/roles/openshift_sanitize_inventory/tasks/main.yml +++ b/roles/openshift_sanitize_inventory/tasks/main.yml @@ -1,7 +1,7 @@ --- # We should print out deprecations prior to any failures so that if a play does fail for other reasons # the user would also be aware of any deprecated variables they should note to adjust -- include: deprecations.yml +- include_tasks: deprecations.yml - name: Abort when conflicting deployment type variables are set when: @@ -53,7 +53,7 @@ openshift_release is "{{ openshift_release }}" which is not a valid version string. Please set it to a version string like "3.4". -- include: unsupported.yml +- include_tasks: unsupported.yml when: - not openshift_enable_unsupported_configurations | default(false) | bool diff --git a/roles/openshift_sanitize_inventory/tasks/unsupported.yml b/roles/openshift_sanitize_inventory/tasks/unsupported.yml index b70ab90a1..1c4984467 100644 --- a/roles/openshift_sanitize_inventory/tasks/unsupported.yml +++ b/roles/openshift_sanitize_inventory/tasks/unsupported.yml @@ -40,3 +40,27 @@ openshift_master_dynamic_provisioning_enabled to True and set an openshift_cloudprovider_kind. You can disable this check with 'dynamic_volumes_check=False'. + +#if we have registry backend as glusterfs, and we have clashing configuration. +- name: Ensure the hosted registry's GlusterFS storage is configured correctly + when: + - openshift_hosted_registry_storage_kind | default(none) in ['glusterfs'] + - openshift_hosted_registry_storage_glusterfs_ips is defined and openshift_hosted_registry_storage_glusterfs_ips != '' + - "'glusterfs_registry' in groups | default([])" + fail: + msg: |- + Configuring a value for openshift_hosted_registry_storage_glusterfs_ips and with a glusterfs_registry host group is not allowed. + Specifying a glusterfs_registry host group indicates that a new GlusterFS cluster should be configured, whereas + specifying openshift_hosted_registry_storage_glusterfs_ips indicates wanting to use a pre-configured GlusterFS cluster for the registry storage. + +#if we have registry backend as glusterfs and no gluster specified. +- name: Ensure the hosted registry's GlusterFS storage is configured correctly + when: + - openshift_hosted_registry_storage_kind | default(none) in ['glusterfs'] + - not openshift_hosted_registry_storage_glusterfs_ips is defined + - not 'glusterfs_registry' in groups | default([]) + - not 'glusterfs' in groups | default([]) + fail: + msg: |- + Configuring a value for openshift_hosted_registry_storage_kind=glusterfs without a any glusterfs option is not allowed. + Specify either openshift_hosted_registry_storage_glusterfs_ips variable or glusterfs, glusterfs_registry host groups. diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml index 3507330e3..41a6691c9 100644 --- a/roles/openshift_service_catalog/tasks/install.yml +++ b/roles/openshift_service_catalog/tasks/install.yml @@ -40,7 +40,7 @@ command: > {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig adm pod-network make-projects-global kube-service-catalog -- include: generate_certs.yml +- include_tasks: generate_certs.yml - copy: src: kubeservicecatalog_roles_bindings.yml @@ -252,7 +252,7 @@ session_affinity: None service_type: ClusterIP -- include: start_api_server.yml +- include_tasks: start_api_server.yml - name: Delete temp directory file: diff --git a/roles/openshift_service_catalog/tasks/main.yml b/roles/openshift_service_catalog/tasks/main.yml index dc0d6a370..ffdbe2b11 100644 --- a/roles/openshift_service_catalog/tasks/main.yml +++ b/roles/openshift_service_catalog/tasks/main.yml @@ -1,8 +1,8 @@ --- # do any asserts here -- include: install.yml +- include_tasks: install.yml when: not openshift_service_catalog_remove | default(false) | bool -- include: remove.yml +- include_tasks: remove.yml when: openshift_service_catalog_remove | default(false) | bool diff --git a/roles/openshift_service_catalog/templates/api_server.j2 b/roles/openshift_service_catalog/templates/api_server.j2 index 0e5bb7230..4f51b8c3c 100644 --- a/roles/openshift_service_catalog/templates/api_server.j2 +++ b/roles/openshift_service_catalog/templates/api_server.j2 @@ -19,7 +19,7 @@ spec: spec: serviceAccountName: service-catalog-apiserver nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} containers: diff --git a/roles/openshift_service_catalog/templates/controller_manager.j2 b/roles/openshift_service_catalog/templates/controller_manager.j2 index e5e5f6b50..137222f04 100644 --- a/roles/openshift_service_catalog/templates/controller_manager.j2 +++ b/roles/openshift_service_catalog/templates/controller_manager.j2 @@ -19,7 +19,7 @@ spec: spec: serviceAccountName: service-catalog-controller nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} containers: diff --git a/roles/openshift_storage_glusterfs/README.md b/roles/openshift_storage_glusterfs/README.md index 03c157313..be749a2e1 100644 --- a/roles/openshift_storage_glusterfs/README.md +++ b/roles/openshift_storage_glusterfs/README.md @@ -87,7 +87,9 @@ GlusterFS cluster into a new or existing OpenShift cluster: | openshift_storage_glusterfs_block_deploy | True | Deploy glusterblock provisioner service | openshift_storage_glusterfs_block_image | 'gluster/glusterblock-provisioner'| Container image to use for glusterblock-provisioner pod, enterprise default is 'rhgs3/rhgs-gluster-block-prov-rhel7' | openshift_storage_glusterfs_block_version | 'latest' | Container image version to use for glusterblock-provisioner pod -| openshift_storage_glusterfs_block_max_host_vol | 15 | Max number of GlusterFS volumes to host glusterblock volumes +| openshift_storage_glusterfs_block_host_vol_create| True | Automatically create GlusterFS volumes to host glusterblock volumes. **NOTE:** If this is False, block-hosting volumes will need to be manually created before glusterblock volumes can be provisioned +| openshift_storage_glusterfs_block_host_vol_size | 100 | Size, in GB, of GlusterFS volumes that will be automatically create to host glusterblock volumes if not enough space is available for a glusterblock volume create request. **NOTE:** This value is effectively an upper limit on the size of glusterblock volumes unless you manually create larger GlusterFS block-hosting volumes +| openshift_storage_glusterfs_block_host_vol_max | 15 | Max number of GlusterFS volumes to host glusterblock volumes | openshift_storage_glusterfs_s3_deploy | True | Deploy gluster-s3 service | openshift_storage_glusterfs_s3_image | 'gluster/gluster-object'| Container image to use for gluster-s3 pod, enterprise default is 'rhgs3/rhgs-gluster-s3-server-rhel7' | openshift_storage_glusterfs_s3_version | 'latest' | Container image version to use for gluster=s3 pod @@ -131,8 +133,7 @@ are an exception: | openshift_storage_glusterfs_registry_heketi_admin_key | auto-generated | Separate from the above | openshift_storage_glusterfs_registry_heketi_user_key | auto-generated | Separate from the above -Additionally, this role's behavior responds to the following registry-specific -variables: +Additionally, this role's behavior responds to several registry-specific variables in the [openshift_hosted role](../openshift_hosted/README.md): | Name | Default value | Description | |-------------------------------------------------------|------------------------------|-----------------------------------------| diff --git a/roles/openshift_storage_glusterfs/defaults/main.yml b/roles/openshift_storage_glusterfs/defaults/main.yml index c3db36d37..814d6ff28 100644 --- a/roles/openshift_storage_glusterfs/defaults/main.yml +++ b/roles/openshift_storage_glusterfs/defaults/main.yml @@ -10,7 +10,9 @@ openshift_storage_glusterfs_version: 'latest' openshift_storage_glusterfs_block_deploy: True openshift_storage_glusterfs_block_image: "{{ 'rhgs3/rhgs-gluster-block-prov-rhel7' | quote if deployment_type == 'openshift-enterprise' else 'gluster/glusterblock-provisioner' | quote }}" openshift_storage_glusterfs_block_version: 'latest' -openshift_storage_glusterfs_block_max_host_vol: 15 +openshift_storage_glusterfs_block_host_vol_create: True +openshift_storage_glusterfs_block_host_vol_size: 100 +openshift_storage_glusterfs_block_host_vol_max: 15 openshift_storage_glusterfs_s3_deploy: True openshift_storage_glusterfs_s3_image: "{{ 'rhgs3/rhgs-gluster-s3-server-rhel7' | quote if deployment_type == 'openshift-enterprise' else 'gluster/gluster-object' | quote }}" openshift_storage_glusterfs_s3_version: 'latest' @@ -54,7 +56,9 @@ openshift_storage_glusterfs_registry_version: "{{ openshift_storage_glusterfs_ve openshift_storage_glusterfs_registry_block_deploy: "{{ openshift_storage_glusterfs_block_deploy }}" openshift_storage_glusterfs_registry_block_image: "{{ openshift_storage_glusterfs_block_image }}" openshift_storage_glusterfs_registry_block_version: "{{ openshift_storage_glusterfs_block_version }}" -openshift_storage_glusterfs_registry_block_max_host_vol: "{{ openshift_storage_glusterfs_block_max_host_vol }}" +openshift_storage_glusterfs_registry_block_host_vol_create: "{{ openshift_storage_glusterfs_block_host_vol_create }}" +openshift_storage_glusterfs_registry_block_host_vol_size: "{{ openshift_storage_glusterfs_block_host_vol_size }}" +openshift_storage_glusterfs_registry_block_host_vol_max: "{{ openshift_storage_glusterfs_block_host_vol_max }}" openshift_storage_glusterfs_registry_s3_deploy: "{{ openshift_storage_glusterfs_s3_deploy }}" openshift_storage_glusterfs_registry_s3_image: "{{ openshift_storage_glusterfs_s3_image }}" openshift_storage_glusterfs_registry_s3_version: "{{ openshift_storage_glusterfs_s3_version }}" diff --git a/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml b/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml index 2cc69644c..63dd5cce6 100644 --- a/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml +++ b/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml @@ -2,7 +2,7 @@ kind: Template apiVersion: v1 metadata: - name: glusterblock + name: glusterblock-provisioner labels: glusterfs: block-template glusterblock: template @@ -83,7 +83,6 @@ objects: containers: - name: glusterblock-provisioner image: ${IMAGE_NAME}:${IMAGE_VERSION} - image: gluster/glusterblock-provisioner:latest imagePullPolicy: IfNotPresent env: - name: PROVISIONER_NAME diff --git a/roles/openshift_storage_glusterfs/files/v3.8/deploy-heketi-template.yml b/roles/openshift_storage_glusterfs/files/v3.8/deploy-heketi-template.yml new file mode 100644 index 000000000..34af652c2 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/deploy-heketi-template.yml @@ -0,0 +1,133 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: deploy-heketi + labels: + glusterfs: heketi-template + deploy-heketi: support + annotations: + description: Bootstrap Heketi installation + tags: glusterfs,heketi,installation +objects: +- kind: Service + apiVersion: v1 + metadata: + name: deploy-heketi-${CLUSTER_NAME} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-service + deploy-heketi: support + annotations: + description: Exposes Heketi service + spec: + ports: + - name: deploy-heketi-${CLUSTER_NAME} + port: 8080 + targetPort: 8080 + selector: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod +- kind: Route + apiVersion: v1 + metadata: + name: ${HEKETI_ROUTE} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-route + deploy-heketi: support + spec: + to: + kind: Service + name: deploy-heketi-${CLUSTER_NAME} +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: deploy-heketi-${CLUSTER_NAME} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-dc + deploy-heketi: support + annotations: + description: Defines how to deploy Heketi + spec: + replicas: 1 + selector: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod + triggers: + - type: ConfigChange + strategy: + type: Recreate + template: + metadata: + name: deploy-heketi + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod + deploy-heketi: support + spec: + serviceAccountName: heketi-${CLUSTER_NAME}-service-account + containers: + - name: heketi + image: ${IMAGE_NAME}:${IMAGE_VERSION} + env: + - name: HEKETI_USER_KEY + value: ${HEKETI_USER_KEY} + - name: HEKETI_ADMIN_KEY + value: ${HEKETI_ADMIN_KEY} + - name: HEKETI_EXECUTOR + value: ${HEKETI_EXECUTOR} + - name: HEKETI_FSTAB + value: ${HEKETI_FSTAB} + - name: HEKETI_SNAPSHOT_LIMIT + value: '14' + - name: HEKETI_KUBE_GLUSTER_DAEMONSET + value: '1' + ports: + - containerPort: 8080 + volumeMounts: + - name: db + mountPath: /var/lib/heketi + - name: config + mountPath: /etc/heketi + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 3 + httpGet: + path: /hello + port: 8080 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 30 + httpGet: + path: /hello + port: 8080 + volumes: + - name: db + - name: config + secret: + secretName: heketi-${CLUSTER_NAME}-config-secret +parameters: +- name: HEKETI_USER_KEY + displayName: Heketi User Secret + description: Set secret for those creating volumes as type _user_ +- name: HEKETI_ADMIN_KEY + displayName: Heketi Administrator Secret + description: Set secret for administration of the Heketi service as user _admin_ +- name: HEKETI_EXECUTOR + displayName: heketi executor type + description: Set the executor type, kubernetes or ssh + value: kubernetes +- name: HEKETI_FSTAB + displayName: heketi fstab path + description: Set the fstab path, file that is populated with bricks that heketi creates + value: /var/lib/heketi/fstab +- name: HEKETI_ROUTE + displayName: heketi route name + description: Set the hostname for the route URL + value: "heketi-glusterfs" +- name: IMAGE_NAME + displayName: heketi container image name + required: True +- name: IMAGE_VERSION + displayName: heketi container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify this heketi service, useful for running multiple heketi instances + value: glusterfs diff --git a/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-pvcs-template.yml b/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-pvcs-template.yml new file mode 100644 index 000000000..064b51473 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-pvcs-template.yml @@ -0,0 +1,67 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: gluster-s3-pvcs + labels: + glusterfs: s3-pvcs-template + gluster-s3: pvcs-template + annotations: + description: Gluster S3 service template + tags: glusterfs,heketi,gluster-s3 +objects: +- kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: "${PVC}" + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-storage + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-pvc + annotations: + volume.beta.kubernetes.io/storage-class: "glusterfs-${CLUSTER_NAME}" + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: "${PVC_SIZE}" +- kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: "${META_PVC}" + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-storage + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-meta-pvc + annotations: + volume.beta.kubernetes.io/storage-class: "glusterfs-${CLUSTER_NAME}" + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: "${META_PVC_SIZE}" +parameters: +- name: S3_ACCOUNT + displayName: S3 Account Name + description: S3 storage account which will provide storage on GlusterFS volumes + required: true +- name: PVC + displayName: Primary GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage + required: true +- name: PVC_SIZE + displayName: Primary GlusterFS-backed PVC capacity + description: Capacity for GlusterFS-backed PVC for object storage + value: 2Gi +- name: META_PVC + displayName: Metadata GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage metadata + required: true +- name: META_PVC_SIZE + displayName: Metadata GlusterFS-backed PVC capacity + description: Capacity for GlusterFS-backed PVC for object storage metadata + value: 1Gi +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage diff --git a/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-template.yml b/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-template.yml new file mode 100644 index 000000000..896a1b226 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-template.yml @@ -0,0 +1,140 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: gluster-s3 + labels: + glusterfs: s3-template + gluster-s3: template + annotations: + description: Gluster S3 service template + tags: glusterfs,heketi,gluster-s3 +objects: +- kind: Service + apiVersion: v1 + metadata: + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-service + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-service + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-service + spec: + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 + selector: + glusterfs: s3-pod + type: ClusterIP + sessionAffinity: None + status: + loadBalancer: {} +- kind: Route + apiVersion: v1 + metadata: + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-route + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-route + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-route + spec: + to: + kind: Service + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-service +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-dc + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-dc + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-dc + annotations: + openshift.io/scc: privileged + description: Defines how to deploy gluster s3 object storage + spec: + replicas: 1 + selector: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-pod + template: + metadata: + name: gluster-${CLUSTER_NAME}-${S3_ACCOUNT}-s3 + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-pod + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-pod + spec: + containers: + - name: gluster-s3 + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + ports: + - name: gluster + containerPort: 8080 + protocol: TCP + env: + - name: S3_ACCOUNT + value: "${S3_ACCOUNT}" + - name: S3_USER + value: "${S3_USER}" + - name: S3_PASSWORD + value: "${S3_PASSWORD}" + resources: {} + volumeMounts: + - name: gluster-vol1 + mountPath: "/mnt/gluster-object/${S3_ACCOUNT}" + - name: gluster-vol2 + mountPath: "/mnt/gluster-object/gsmetadata" + - name: glusterfs-cgroup + readOnly: true + mountPath: "/sys/fs/cgroup" + terminationMessagePath: "/dev/termination-log" + securityContext: + privileged: true + volumes: + - name: glusterfs-cgroup + hostPath: + path: "/sys/fs/cgroup" + - name: gluster-vol1 + persistentVolumeClaim: + claimName: ${PVC} + - name: gluster-vol2 + persistentVolumeClaim: + claimName: ${META_PVC} + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + serviceAccountName: default + serviceAccount: default + securityContext: {} +parameters: +- name: IMAGE_NAME + displayName: glusterblock provisioner container image name + required: True +- name: IMAGE_VERSION + displayName: glusterblock provisioner container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage +- name: S3_ACCOUNT + displayName: S3 Account Name + description: S3 storage account which will provide storage on GlusterFS volumes + required: true +- name: S3_USER + displayName: S3 User + description: S3 user who can access the S3 storage account + required: true +- name: S3_PASSWORD + displayName: S3 User Password + description: Password for the S3 user + required: true +- name: PVC + displayName: Primary GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage + value: gluster-s3-claim +- name: META_PVC + displayName: Metadata GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage metadata + value: gluster-s3-meta-claim +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage diff --git a/roles/openshift_storage_glusterfs/files/v3.8/glusterblock-provisioner.yml b/roles/openshift_storage_glusterfs/files/v3.8/glusterblock-provisioner.yml new file mode 100644 index 000000000..63dd5cce6 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/glusterblock-provisioner.yml @@ -0,0 +1,104 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: glusterblock-provisioner + labels: + glusterfs: block-template + glusterblock: template + annotations: + description: glusterblock provisioner template + tags: glusterfs +objects: +- kind: ClusterRole + apiVersion: v1 + metadata: + name: glusterblock-provisioner-runner + labels: + glusterfs: block-provisioner-runner-clusterrole + glusterblock: provisioner-runner-clusterrole + rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "delete"] + - apiGroups: [""] + resources: ["routes"] + verbs: ["get", "list"] +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: glusterblock-${CLUSTER_NAME}-provisioner + labels: + glusterfs: block-${CLUSTER_NAME}-provisioner-sa + glusterblock: ${CLUSTER_NAME}-provisioner-sa +- apiVersion: v1 + kind: ClusterRoleBinding + metadata: + name: glusterblock-${CLUSTER_NAME}-provisioner + roleRef: + name: glusterblock-provisioner-runner + subjects: + - kind: ServiceAccount + name: glusterblock-${CLUSTER_NAME}-provisioner + namespace: ${NAMESPACE} +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: glusterblock-${CLUSTER_NAME}-provisioner-dc + labels: + glusterfs: block-${CLUSTER_NAME}-provisioner-dc + glusterblock: ${CLUSTER_NAME}-provisioner-dc + annotations: + description: Defines how to deploy the glusterblock provisioner pod. + spec: + replicas: 1 + selector: + glusterfs: block-${CLUSTER_NAME}-provisioner-pod + triggers: + - type: ConfigChange + strategy: + type: Recreate + template: + metadata: + name: glusterblock-provisioner + labels: + glusterfs: block-${CLUSTER_NAME}-provisioner-pod + spec: + serviceAccountName: glusterblock-${CLUSTER_NAME}-provisioner + containers: + - name: glusterblock-provisioner + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + env: + - name: PROVISIONER_NAME + value: gluster.org/glusterblock +parameters: +- name: IMAGE_NAME + displayName: glusterblock provisioner container image name + required: True +- name: IMAGE_VERSION + displayName: glusterblock provisioner container image version + required: True +- name: NAMESPACE + displayName: glusterblock provisioner namespace + description: The namespace in which these resources are being created + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage diff --git a/roles/openshift_storage_glusterfs/files/v3.8/glusterfs-template.yml b/roles/openshift_storage_glusterfs/files/v3.8/glusterfs-template.yml new file mode 100644 index 000000000..09850a2c2 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/glusterfs-template.yml @@ -0,0 +1,154 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: glusterfs + labels: + glusterfs: template + annotations: + description: GlusterFS DaemonSet template + tags: glusterfs +objects: +- kind: DaemonSet + apiVersion: extensions/v1beta1 + metadata: + name: glusterfs-${CLUSTER_NAME} + labels: + glusterfs: ${CLUSTER_NAME}-daemonset + annotations: + description: GlusterFS DaemonSet + tags: glusterfs + spec: + selector: + matchLabels: + glusterfs: ${CLUSTER_NAME}-pod + template: + metadata: + name: glusterfs-${CLUSTER_NAME} + labels: + glusterfs: ${CLUSTER_NAME}-pod + glusterfs-node: pod + spec: + nodeSelector: "${{NODE_LABELS}}" + hostNetwork: true + containers: + - name: glusterfs + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + env: + - name: GB_GLFS_LRU_COUNT + value: "${GB_GLFS_LRU_COUNT}" + - name: TCMU_LOGDIR + value: "${TCMU_LOGDIR}" + resources: + requests: + memory: 100Mi + cpu: 100m + volumeMounts: + - name: glusterfs-heketi + mountPath: "/var/lib/heketi" + - name: glusterfs-run + mountPath: "/run" + - name: glusterfs-lvm + mountPath: "/run/lvm" + - name: glusterfs-etc + mountPath: "/etc/glusterfs" + - name: glusterfs-logs + mountPath: "/var/log/glusterfs" + - name: glusterfs-config + mountPath: "/var/lib/glusterd" + - name: glusterfs-dev + mountPath: "/dev" + - name: glusterfs-misc + mountPath: "/var/lib/misc/glusterfsd" + - name: glusterfs-cgroup + mountPath: "/sys/fs/cgroup" + readOnly: true + - name: glusterfs-ssl + mountPath: "/etc/ssl" + readOnly: true + securityContext: + capabilities: {} + privileged: true + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 40 + exec: + command: + - "/bin/bash" + - "-c" + - systemctl status glusterd.service + periodSeconds: 25 + successThreshold: 1 + failureThreshold: 15 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 40 + exec: + command: + - "/bin/bash" + - "-c" + - systemctl status glusterd.service + periodSeconds: 25 + successThreshold: 1 + failureThreshold: 15 + terminationMessagePath: "/dev/termination-log" + volumes: + - name: glusterfs-heketi + hostPath: + path: "/var/lib/heketi" + - name: glusterfs-run + emptyDir: {} + - name: glusterfs-lvm + hostPath: + path: "/run/lvm" + - name: glusterfs-etc + hostPath: + path: "/etc/glusterfs" + - name: glusterfs-logs + hostPath: + path: "/var/log/glusterfs" + - name: glusterfs-config + hostPath: + path: "/var/lib/glusterd" + - name: glusterfs-dev + hostPath: + path: "/dev" + - name: glusterfs-misc + hostPath: + path: "/var/lib/misc/glusterfsd" + - name: glusterfs-cgroup + hostPath: + path: "/sys/fs/cgroup" + - name: glusterfs-ssl + hostPath: + path: "/etc/ssl" + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} +parameters: +- name: NODE_LABELS + displayName: Daemonset Node Labels + description: Labels which define the daemonset node selector. Must contain at least one label of the format \'glusterfs=<CLUSTER_NAME>-host\' + value: '{ "glusterfs": "storage-host" }' +- name: IMAGE_NAME + displayName: GlusterFS container image name + required: True +- name: IMAGE_VERSION + displayName: GlusterFS container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage +- name: GB_GLFS_LRU_COUNT + displayName: Maximum number of block hosting volumes + description: This value is to set maximum number of block hosting volumes. + value: "15" + required: true +- name: TCMU_LOGDIR + displayName: Tcmu runner log directory + description: This value is to set tcmu runner log directory + value: "/var/log/glusterfs/gluster-block" + required: true diff --git a/roles/openshift_storage_glusterfs/files/v3.8/heketi-template.yml b/roles/openshift_storage_glusterfs/files/v3.8/heketi-template.yml new file mode 100644 index 000000000..28cdb2982 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/heketi-template.yml @@ -0,0 +1,136 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: heketi + labels: + glusterfs: heketi-template + annotations: + description: Heketi service deployment template + tags: glusterfs,heketi +objects: +- kind: Service + apiVersion: v1 + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-service + heketi: ${CLUSTER_NAME}-service + annotations: + description: Exposes Heketi service + spec: + ports: + - name: heketi + port: 8080 + targetPort: 8080 + selector: + glusterfs: heketi-${CLUSTER_NAME}-pod +- kind: Route + apiVersion: v1 + metadata: + name: ${HEKETI_ROUTE} + labels: + glusterfs: heketi-${CLUSTER_NAME}-route + heketi: ${CLUSTER_NAME}-route + spec: + to: + kind: Service + name: heketi-${CLUSTER_NAME} +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-dc + heketi: ${CLUSTER_NAME}-dc + annotations: + description: Defines how to deploy Heketi + spec: + replicas: 1 + selector: + glusterfs: heketi-${CLUSTER_NAME}-pod + triggers: + - type: ConfigChange + strategy: + type: Recreate + template: + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-pod + heketi: ${CLUSTER_NAME}-pod + spec: + serviceAccountName: heketi-${CLUSTER_NAME}-service-account + containers: + - name: heketi + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + env: + - name: HEKETI_USER_KEY + value: ${HEKETI_USER_KEY} + - name: HEKETI_ADMIN_KEY + value: ${HEKETI_ADMIN_KEY} + - name: HEKETI_EXECUTOR + value: ${HEKETI_EXECUTOR} + - name: HEKETI_FSTAB + value: ${HEKETI_FSTAB} + - name: HEKETI_SNAPSHOT_LIMIT + value: '14' + - name: HEKETI_KUBE_GLUSTER_DAEMONSET + value: '1' + ports: + - containerPort: 8080 + volumeMounts: + - name: db + mountPath: /var/lib/heketi + - name: config + mountPath: /etc/heketi + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 3 + httpGet: + path: /hello + port: 8080 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 30 + httpGet: + path: /hello + port: 8080 + volumes: + - name: db + glusterfs: + endpoints: heketi-db-${CLUSTER_NAME}-endpoints + path: heketidbstorage + - name: config + secret: + secretName: heketi-${CLUSTER_NAME}-config-secret +parameters: +- name: HEKETI_USER_KEY + displayName: Heketi User Secret + description: Set secret for those creating volumes as type _user_ +- name: HEKETI_ADMIN_KEY + displayName: Heketi Administrator Secret + description: Set secret for administration of the Heketi service as user _admin_ +- name: HEKETI_EXECUTOR + displayName: heketi executor type + description: Set the executor type, kubernetes or ssh + value: kubernetes +- name: HEKETI_FSTAB + displayName: heketi fstab path + description: Set the fstab path, file that is populated with bricks that heketi creates + value: /var/lib/heketi/fstab +- name: HEKETI_ROUTE + displayName: heketi route name + description: Set the hostname for the route URL + value: "heketi-glusterfs" +- name: IMAGE_NAME + displayName: heketi container image name + required: True +- name: IMAGE_VERSION + displayName: heketi container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify this heketi service, useful for running multiple heketi instances + value: glusterfs diff --git a/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml index bba1de654..d6be8c726 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml @@ -29,21 +29,21 @@ src: "{{ openshift.common.examples_content_version }}/{{ item }}" dest: "{{ mktemp.stdout }}/{{ item }}" with_items: - - "glusterblock-template.yml" + - "glusterblock-provisioner.yml" - name: Create glusterblock provisioner template oc_obj: namespace: "{{ glusterfs_namespace }}" kind: template - name: "glusterblock" + name: "glusterblock-provisioner" state: present files: - - "{{ mktemp.stdout }}/glusterblock-template.yml" + - "{{ mktemp.stdout }}/glusterblock-provisioner.yml" - name: Deploy glusterblock provisioner oc_process: namespace: "{{ glusterfs_namespace }}" - template_name: "glusterblock" + template_name: "glusterblock-provisioner" create: True params: IMAGE_NAME: "{{ glusterfs_block_image }}" diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index 2a678af57..4b33e91b4 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -4,6 +4,8 @@ when: - not openshift.common.is_atomic | bool - not glusterfs_heketi_is_native | bool + register: result + until: result | success - name: Verify heketi-cli is installed shell: "command -v {{ glusterfs_heketi_cli }} >/dev/null 2>&1 || { echo >&2 'ERROR: Make sure heketi-cli is available, then re-run the installer'; exit 1; }" diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml index e2d740f35..71c1311cd 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml @@ -12,7 +12,9 @@ glusterfs_block_deploy: "{{ openshift_storage_glusterfs_block_deploy | bool }}" glusterfs_block_image: "{{ openshift_storage_glusterfs_block_image }}" glusterfs_block_version: "{{ openshift_storage_glusterfs_block_version }}" - glusterfs_block_max_host_vol: "{{ openshift_storage_glusterfs_block_max_host_vol }}" + glusterfs_block_host_vol_create: "{{ openshift_storage_glusterfs_block_host_vol_create }}" + glusterfs_block_host_vol_size: "{{ openshift_storage_glusterfs_block_host_vol_size }}" + glusterfs_block_host_vol_max: "{{ openshift_storage_glusterfs_block_host_vol_max }}" glusterfs_s3_deploy: "{{ openshift_storage_glusterfs_s3_deploy | bool }}" glusterfs_s3_image: "{{ openshift_storage_glusterfs_s3_image }}" glusterfs_s3_version: "{{ openshift_storage_glusterfs_s3_version }}" @@ -42,6 +44,6 @@ glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_heketi_ssh_sudo | bool }}" glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_heketi_ssh_keyfile }}" glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_heketi_fstab }}" - glusterfs_nodes: "{{ groups.glusterfs }}" + glusterfs_nodes: "{{ groups.glusterfs | default([]) }}" - include: glusterfs_common.yml diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml index f98d4c62f..30e83e79b 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml @@ -77,6 +77,14 @@ files: - "{{ mktemp.stdout }}/glusterfs-template.yml" +- name: Check GlusterFS DaemonSet status + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: daemonset + name: glusterfs-{{ glusterfs_name }} + state: list + register: glusterfs_ds + - name: Deploy GlusterFS pods oc_process: namespace: "{{ glusterfs_namespace }}" @@ -87,7 +95,9 @@ IMAGE_VERSION: "{{ glusterfs_version }}" NODE_LABELS: "{{ glusterfs_nodeselector }}" CLUSTER_NAME: "{{ glusterfs_name }}" - GB_GLFS_LRU_COUNT: "{{ glusterfs_block_max_host_vol }}" + GB_GLFS_LRU_COUNT: "{{ glusterfs_block_host_vol_max }}" + when: (glusterfs_ds.results.results[0].status is not defined) or + (glusterfs_ds.results.results[0].status.numberReady | default(0) < glusterfs_ds.results.results[0].status.desiredNumberScheduled | default(glusterfs_nodes | count)) - name: Wait for GlusterFS pods oc_obj: diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml index baac52179..d3cba61cf 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml @@ -12,7 +12,9 @@ glusterfs_block_deploy: "{{ openshift_storage_glusterfs_registry_block_deploy | bool }}" glusterfs_block_image: "{{ openshift_storage_glusterfs_registry_block_image }}" glusterfs_block_version: "{{ openshift_storage_glusterfs_registry_block_version }}" - glusterfs_block_max_host_vol: "{{ openshift_storage_glusterfs_registry_block_max_host_vol }}" + glusterfs_block_host_vol_create: "{{ openshift_storage_glusterfs_registry_block_host_vol_create }}" + glusterfs_block_host_vol_size: "{{ openshift_storage_glusterfs_registry_block_host_vol_size }}" + glusterfs_block_host_vol_max: "{{ openshift_storage_glusterfs_registry_block_host_vol_max }}" glusterfs_s3_deploy: "{{ openshift_storage_glusterfs_registry_s3_deploy | bool }}" glusterfs_s3_image: "{{ openshift_storage_glusterfs_registry_s3_image }}" glusterfs_s3_version: "{{ openshift_storage_glusterfs_registry_s3_version }}" @@ -42,52 +44,13 @@ glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_registry_heketi_ssh_sudo | bool }}" glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_registry_heketi_ssh_keyfile }}" glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_registry_heketi_fstab }}" - glusterfs_nodes: "{{ groups.glusterfs_registry | default(groups.glusterfs) }}" + glusterfs_nodes: "{% if groups.glusterfs_registry is defined %}{% set nodes = groups.glusterfs_registry %}{% elif 'groups.glusterfs' is defined %}{% set nodes = groups.glusterfs %}{% else %}{% set nodes = '[]' %}{% endif %}{{ nodes }}" - include: glusterfs_common.yml when: - glusterfs_nodes | default([]) | count > 0 - "'glusterfs' not in groups or glusterfs_nodes != groups.glusterfs" -- name: Delete pre-existing GlusterFS registry resources - oc_obj: - namespace: "{{ glusterfs_namespace }}" - kind: "{{ item.kind }}" - name: "{{ item.name }}" - state: absent - with_items: - - kind: "svc" - name: "glusterfs-{{ glusterfs_name | default }}-endpoints" - failed_when: False - -- name: Generate GlusterFS registry endpoints - template: - src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-endpoints.yml.j2" - dest: "{{ mktemp.stdout }}/glusterfs-registry-endpoints.yml" - -- name: Copy GlusterFS registry service - template: - src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-service.yml.j2" - dest: "{{ mktemp.stdout }}/glusterfs-registry-service.yml" - -- name: Create GlusterFS registry endpoints - oc_obj: - namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" - state: present - kind: endpoints - name: "glusterfs-{{ glusterfs_name }}-endpoints" - files: - - "{{ mktemp.stdout }}/glusterfs-registry-endpoints.yml" - -- name: Create GlusterFS registry service - oc_obj: - namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" - state: present - kind: service - name: "glusterfs-{{ glusterfs_name }}-endpoints" - files: - - "{{ mktemp.stdout }}/glusterfs-registry-service.yml" - - name: Check if GlusterFS registry volume exists command: "{{ glusterfs_heketi_client }} volume list" register: registry_volume diff --git a/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 b/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 index 579b11bb7..565e9be98 100644 --- a/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 +++ b/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 @@ -31,6 +31,12 @@ "port" : "{{ glusterfs_heketi_ssh_port }}", "user" : "{{ glusterfs_heketi_ssh_user }}", "sudo" : {{ glusterfs_heketi_ssh_sudo | lower }} - } + }, + + "_auto_create_block_hosting_volume": "Creates Block Hosting volumes automatically if not found or exsisting volume exhausted", + "auto_create_block_hosting_volume": {{ glusterfs_block_host_vol_create | lower }}, + + "_block_hosting_volume_size": "New block hosting volume will be created in size mentioned, This is considered only if auto-create is enabled.", + "block_hosting_volume_size": {{ glusterfs_block_host_vol_size }} } } diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-endpoints.yml.j2 new file mode 100644 index 000000000..11c9195bb --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: glusterfs-{{ glusterfs_name }}-endpoints +subsets: +- addresses: +{% for node in glusterfs_nodes %} + - ip: {{ hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip) }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-service.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-service.yml.j2 new file mode 100644 index 000000000..3f869d2b7 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: glusterfs-{{ glusterfs_name }}-endpoints +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-storageclass.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-storageclass.yml.j2 new file mode 100644 index 000000000..095fb780f --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-storageclass.yml.j2 @@ -0,0 +1,13 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: glusterfs-{{ glusterfs_name }} +provisioner: kubernetes.io/glusterfs +parameters: + resturl: "http://{% if glusterfs_heketi_is_native %}{{ glusterfs_heketi_route }}{% else %}{{ glusterfs_heketi_url }}:{{ glusterfs_heketi_port }}{% endif %}" + restuser: "admin" +{% if glusterfs_heketi_admin_key is defined %} + secretNamespace: "{{ glusterfs_namespace }}" + secretName: "heketi-{{ glusterfs_name }}-admin-secret" +{%- endif -%} diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/heketi-endpoints.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/heketi-endpoints.yml.j2 new file mode 100644 index 000000000..99cbdf748 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/heketi-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: heketi-db-{{ glusterfs_name }}-endpoints +subsets: +- addresses: +{% for node in glusterfs_nodes %} + - ip: {{ hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip) }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/heketi-service.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/heketi-service.yml.j2 new file mode 100644 index 000000000..dcb896441 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/heketi-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: heketi-db-{{ glusterfs_name }}-endpoints +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/heketi.json.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/heketi.json.j2 new file mode 100644 index 000000000..565e9be98 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/heketi.json.j2 @@ -0,0 +1,42 @@ +{ + "_port_comment": "Heketi Server Port Number", + "port" : "8080", + + "_use_auth": "Enable JWT authorization. Please enable for deployment", + "use_auth" : false, + + "_jwt" : "Private keys for access", + "jwt" : { + "_admin" : "Admin has access to all APIs", + "admin" : { + "key" : "My Secret" + }, + "_user" : "User only has access to /volumes endpoint", + "user" : { + "key" : "My Secret" + } + }, + + "_glusterfs_comment": "GlusterFS Configuration", + "glusterfs" : { + + "_executor_comment": "Execute plugin. Possible choices: mock, kubernetes, ssh", + "executor" : "{{ glusterfs_heketi_executor }}", + + "_db_comment": "Database file name", + "db" : "/var/lib/heketi/heketi.db", + + "sshexec" : { + "keyfile" : "/etc/heketi/private_key", + "port" : "{{ glusterfs_heketi_ssh_port }}", + "user" : "{{ glusterfs_heketi_ssh_user }}", + "sudo" : {{ glusterfs_heketi_ssh_sudo | lower }} + }, + + "_auto_create_block_hosting_volume": "Creates Block Hosting volumes automatically if not found or exsisting volume exhausted", + "auto_create_block_hosting_volume": {{ glusterfs_block_host_vol_create | lower }}, + + "_block_hosting_volume_size": "New block hosting volume will be created in size mentioned, This is considered only if auto-create is enabled.", + "block_hosting_volume_size": {{ glusterfs_block_host_vol_size }} + } +} diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/topology.json.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/topology.json.j2 new file mode 100644 index 000000000..d6c28f6dd --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/topology.json.j2 @@ -0,0 +1,49 @@ +{ + "clusters": [ +{%- set clusters = {} -%} +{%- for node in glusterfs_nodes -%} + {%- set cluster = hostvars[node].glusterfs_cluster if 'glusterfs_cluster' in node else '1' -%} + {%- if cluster in clusters -%} + {%- set _dummy = clusters[cluster].append(node) -%} + {%- else -%} + {%- set _dummy = clusters.update({cluster: [ node, ]}) -%} + {%- endif -%} +{%- endfor -%} +{%- for cluster in clusters -%} + { + "nodes": [ +{%- for node in clusters[cluster] -%} + { + "node": { + "hostnames": { + "manage": [ +{%- if 'glusterfs_hostname' in hostvars[node] -%} + "{{ hostvars[node].glusterfs_hostname }}" +{%- elif 'openshift' in hostvars[node] -%} + "{{ hostvars[node].openshift.node.nodename }}" +{%- else -%} + "{{ node }}" +{%- endif -%} + ], + "storage": [ +{%- if 'glusterfs_ip' in hostvars[node] -%} + "{{ hostvars[node].glusterfs_ip }}" +{%- else -%} + "{{ hostvars[node].openshift.common.ip }}" +{%- endif -%} + ] + }, + "zone": {{ hostvars[node].glusterfs_zone | default(1) }} + }, + "devices": [ +{%- for device in hostvars[node].glusterfs_devices -%} + "{{ device }}"{% if not loop.last %},{% endif %} +{%- endfor -%} + ] + }{% if not loop.last %},{% endif %} +{%- endfor -%} + ] + }{% if not loop.last %},{% endif %} +{%- endfor -%} + ] +} diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index c4e023c1e..c25cad74c 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -1,10 +1,11 @@ --- - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install nfs-utils package: name=nfs-utils state=present + register: result + until: result | success - name: Configure NFS lineinfile: diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml index 03f4fcec0..bee786a90 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml @@ -2,6 +2,8 @@ - name: Install NFS server package: name=nfs-utils state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Start rpcbind systemd: diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index 1c8b9046c..4f9158ade 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -93,11 +93,11 @@ - inventory_hostname in groups['oo_masters_to_config'] or inventory_hostname in groups['oo_nodes_to_config'] block: - name: Set openshift_version for rpm installation - include: set_version_rpm.yml + include_tasks: set_version_rpm.yml when: not is_containerized | bool - name: Set openshift_version for containerized installation - include: set_version_containerized.yml + include_tasks: set_version_containerized.yml when: is_containerized | bool - block: diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml index b727eb74d..574e89899 100644 --- a/roles/openshift_version/tasks/set_version_containerized.yml +++ b/roles/openshift_version/tasks/set_version_containerized.yml @@ -20,7 +20,7 @@ - name: Lookup latest containerized version if no version specified command: > - docker run --rm {{ openshift.common.cli_image }}:latest version + docker run --rm {{ openshift_cli_image }}:latest version register: cli_image_version when: - openshift_version is not defined @@ -43,7 +43,7 @@ # and use that value instead. - name: Set precise containerized version to configure if openshift_release specified command: > - docker run --rm {{ openshift.common.cli_image }}:v{{ openshift_version }} version + docker run --rm {{ openshift_cli_image }}:v{{ openshift_version }} version register: cli_image_version when: - openshift_version is defined diff --git a/roles/os_firewall/tasks/firewalld.yml b/roles/os_firewall/tasks/firewalld.yml index 54430f402..1e27ebaf9 100644 --- a/roles/os_firewall/tasks/firewalld.yml +++ b/roles/os_firewall/tasks/firewalld.yml @@ -8,6 +8,8 @@ package: name: firewalld state: present + register: result + until: result | success - name: Ensure iptables services are not enabled systemd: diff --git a/roles/os_firewall/tasks/iptables.yml b/roles/os_firewall/tasks/iptables.yml index 2d74f2e48..a7c13e487 100644 --- a/roles/os_firewall/tasks/iptables.yml +++ b/roles/os_firewall/tasks/iptables.yml @@ -22,6 +22,8 @@ - iptables - iptables-services when: not r_os_firewall_is_atomic | bool + register: result + until: result | success - name: Start and enable iptables service systemd: diff --git a/roles/os_firewall/tasks/main.yml b/roles/os_firewall/tasks/main.yml index c477d386c..99084cd3f 100644 --- a/roles/os_firewall/tasks/main.yml +++ b/roles/os_firewall/tasks/main.yml @@ -8,12 +8,12 @@ set_fact: r_os_firewall_is_atomic: "{{ r_os_firewall_ostree_booted.stat.exists }}" -- include: firewalld.yml +- include_tasks: firewalld.yml when: - os_firewall_enabled | bool - os_firewall_use_firewalld | bool -- include: iptables.yml +- include_tasks: iptables.yml when: - os_firewall_enabled | bool - not os_firewall_use_firewalld | bool diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml index 6b5fd0106..60d665587 100644 --- a/roles/os_update_latest/tasks/main.yml +++ b/roles/os_update_latest/tasks/main.yml @@ -1,3 +1,5 @@ --- - name: Update all packages package: name=* state=latest + register: result + until: result | success diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml index b06f51908..9ca49b569 100644 --- a/roles/rhel_subscribe/tasks/main.yml +++ b/roles/rhel_subscribe/tasks/main.yml @@ -36,6 +36,8 @@ yum: name: subscription-manager state: present + register: result + until: result | success - name: RedHat subscriptions redhat_subscription: diff --git a/roles/template_service_broker/tasks/main.yml b/roles/template_service_broker/tasks/main.yml index 6a4d89a46..71c8ca470 100644 --- a/roles/template_service_broker/tasks/main.yml +++ b/roles/template_service_broker/tasks/main.yml @@ -1,8 +1,8 @@ --- # do any asserts here -- include: install.yml +- include_tasks: install.yml when: template_service_broker_install | bool -- include: remove.yml +- include_tasks: remove.yml when: template_service_broker_remove | bool @@ -12,11 +12,11 @@ skip_install=True deps = -rrequirements.txt -rtest-requirements.txt + unit: -eutils py35-flake8: flake8-bugbear==17.3.0 integration: docker-py==1.10.6 commands = - unit: pip install -e utils unit: pytest {posargs} flake8: flake8 {posargs} pylint: python setup.py lint diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py index ca5e7dc1a..1e2af2c61 100644 --- a/utils/src/ooinstall/openshift_ansible.py +++ b/utils/src/ooinstall/openshift_ansible.py @@ -281,7 +281,7 @@ def run_main_playbook(inventory_file, hosts, hosts_to_run_on, verbose=False): global CFG if len(hosts_to_run_on) != len(hosts): main_playbook_path = os.path.join(CFG.ansible_playbook_directory, - 'playbooks/byo/openshift-node/scaleup.yml') + 'playbooks/openshift-node/scaleup.yml') else: main_playbook_path = os.path.join(CFG.ansible_playbook_directory, 'playbooks/byo/openshift-cluster/config.yml') |