diff options
| -rw-r--r-- | roles/lib_openshift/library/oc_adm_registry.py | 4 | ||||
| -rw-r--r-- | roles/lib_openshift/library/oc_adm_router.py | 21 | ||||
| -rw-r--r-- | roles/lib_openshift/src/ansible/oc_adm_router.py | 2 | ||||
| -rw-r--r-- | roles/lib_openshift/src/class/oc_adm_registry.py | 4 | ||||
| -rw-r--r-- | roles/lib_openshift/src/class/oc_adm_router.py | 19 | ||||
| -rw-r--r-- | roles/openshift_hosted/tasks/registry/storage/s3.yml | 4 | ||||
| -rw-r--r-- | roles/openshift_logging/tasks/update_master_config.yaml | 2 |
7 files changed, 42 insertions, 14 deletions
diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index f79c5222b..79af63fea 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -2247,7 +2247,7 @@ class Registry(OpenShiftCLI): # probably need to parse this # pylint thinks results is a string # pylint: disable=no-member - if results['returncode'] != 0 and results['results'].has_key('items'): + if results['returncode'] != 0 and 'items' in results['results']: return results service = None @@ -2328,7 +2328,7 @@ class Registry(OpenShiftCLI): # Currently we know that our deployment of a registry requires a few extra modifications # Modification 1 # we need specific environment variables to be set - for key, value in self.config.config_options['env_vars']['value'].items(): + for key, value in self.config.config_options['env_vars'].get('value', {}).items(): if not deploymentconfig.exists_env_key(key): deploymentconfig.add_env_value(key, value) else: diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py index c5545d2ba..324b87f84 100644 --- a/roles/lib_openshift/library/oc_adm_router.py +++ b/roles/lib_openshift/library/oc_adm_router.py @@ -2632,10 +2632,14 @@ class Router(OpenShiftCLI): return deploymentconfig + # pylint: disable=too-many-branches def _prepare_router(self): '''prepare router for instantiation''' - # We need to create the pem file - if self.config.config_options['default_cert']['value'] is None: + # if cacert, key, and cert were passed, combine them into a pem file + if (self.config.config_options['cacert_file']['value'] and + self.config.config_options['cert_file']['value'] and + self.config.config_options['key_file']['value']): + router_pem = '/tmp/router.pem' with open(router_pem, 'w') as rfd: rfd.write(open(self.config.config_options['cert_file']['value']).read()) @@ -2645,8 +2649,13 @@ class Router(OpenShiftCLI): rfd.write(open(self.config.config_options['cacert_file']['value']).read()) atexit.register(Utils.cleanup, [router_pem]) + self.config.config_options['default_cert']['value'] = router_pem + elif self.config.config_options['default_cert']['value'] is None: + # No certificate was passed to us. do not pass one to oc adm router + self.config.config_options['default_cert']['include'] = False + options = self.config.to_option_list() cmd = ['router', self.config.name, '-n', self.config.namespace] @@ -2687,7 +2696,8 @@ class Router(OpenShiftCLI): oc_objects['DeploymentConfig']['obj'] = self.add_modifications(oc_objects['DeploymentConfig']['obj']) for oc_type, oc_data in oc_objects.items(): - oc_data['path'] = Utils.create_tmp_file_from_contents(oc_type, oc_data['obj'].yaml_dict) + if oc_data['obj'] is not None: + oc_data['path'] = Utils.create_tmp_file_from_contents(oc_type, oc_data['obj'].yaml_dict) return oc_objects @@ -2697,7 +2707,8 @@ class Router(OpenShiftCLI): # pylint: disable=no-member for _, oc_data in self.prepared_router.items(): - results.append(self._create(oc_data['path'])) + if oc_data['obj'] is not None: + results.append(self._create(oc_data['path'])) rval = 0 for result in results: @@ -2958,8 +2969,10 @@ def main(): mutually_exclusive=[["router_type", "images"], ["key_file", "default_cert"], ["cert_file", "default_cert"], + ["cacert_file", "default_cert"], ], + required_together=[['cacert_file', 'cert_file', 'key_file']], supports_check_mode=True, ) results = Router.run_ansible(module.params, module.check_mode) diff --git a/roles/lib_openshift/src/ansible/oc_adm_router.py b/roles/lib_openshift/src/ansible/oc_adm_router.py index 48c9f0ec1..b6f8e90d0 100644 --- a/roles/lib_openshift/src/ansible/oc_adm_router.py +++ b/roles/lib_openshift/src/ansible/oc_adm_router.py @@ -51,8 +51,10 @@ def main(): mutually_exclusive=[["router_type", "images"], ["key_file", "default_cert"], ["cert_file", "default_cert"], + ["cacert_file", "default_cert"], ], + required_together=[['cacert_file', 'cert_file', 'key_file']], supports_check_mode=True, ) results = Router.run_ansible(module.params, module.check_mode) diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py index 8cb7aea31..eb78667ca 100644 --- a/roles/lib_openshift/src/class/oc_adm_registry.py +++ b/roles/lib_openshift/src/class/oc_adm_registry.py @@ -154,7 +154,7 @@ class Registry(OpenShiftCLI): # probably need to parse this # pylint thinks results is a string # pylint: disable=no-member - if results['returncode'] != 0 and results['results'].has_key('items'): + if results['returncode'] != 0 and 'items' in results['results']: return results service = None @@ -235,7 +235,7 @@ class Registry(OpenShiftCLI): # Currently we know that our deployment of a registry requires a few extra modifications # Modification 1 # we need specific environment variables to be set - for key, value in self.config.config_options['env_vars']['value'].items(): + for key, value in self.config.config_options['env_vars'].get('value', {}).items(): if not deploymentconfig.exists_env_key(key): deploymentconfig.add_env_value(key, value) else: diff --git a/roles/lib_openshift/src/class/oc_adm_router.py b/roles/lib_openshift/src/class/oc_adm_router.py index 9d61cfdf2..ab7c96927 100644 --- a/roles/lib_openshift/src/class/oc_adm_router.py +++ b/roles/lib_openshift/src/class/oc_adm_router.py @@ -180,10 +180,14 @@ class Router(OpenShiftCLI): return deploymentconfig + # pylint: disable=too-many-branches def _prepare_router(self): '''prepare router for instantiation''' - # We need to create the pem file - if self.config.config_options['default_cert']['value'] is None: + # if cacert, key, and cert were passed, combine them into a pem file + if (self.config.config_options['cacert_file']['value'] and + self.config.config_options['cert_file']['value'] and + self.config.config_options['key_file']['value']): + router_pem = '/tmp/router.pem' with open(router_pem, 'w') as rfd: rfd.write(open(self.config.config_options['cert_file']['value']).read()) @@ -193,8 +197,13 @@ class Router(OpenShiftCLI): rfd.write(open(self.config.config_options['cacert_file']['value']).read()) atexit.register(Utils.cleanup, [router_pem]) + self.config.config_options['default_cert']['value'] = router_pem + elif self.config.config_options['default_cert']['value'] is None: + # No certificate was passed to us. do not pass one to oc adm router + self.config.config_options['default_cert']['include'] = False + options = self.config.to_option_list() cmd = ['router', self.config.name, '-n', self.config.namespace] @@ -235,7 +244,8 @@ class Router(OpenShiftCLI): oc_objects['DeploymentConfig']['obj'] = self.add_modifications(oc_objects['DeploymentConfig']['obj']) for oc_type, oc_data in oc_objects.items(): - oc_data['path'] = Utils.create_tmp_file_from_contents(oc_type, oc_data['obj'].yaml_dict) + if oc_data['obj'] is not None: + oc_data['path'] = Utils.create_tmp_file_from_contents(oc_type, oc_data['obj'].yaml_dict) return oc_objects @@ -245,7 +255,8 @@ class Router(OpenShiftCLI): # pylint: disable=no-member for _, oc_data in self.prepared_router.items(): - results.append(self._create(oc_data['path'])) + if oc_data['obj'] is not None: + results.append(self._create(oc_data['path'])) rval = 0 for result in results: diff --git a/roles/openshift_hosted/tasks/registry/storage/s3.yml b/roles/openshift_hosted/tasks/registry/storage/s3.yml index 7d51594bd..16709dfef 100644 --- a/roles/openshift_hosted/tasks/registry/storage/s3.yml +++ b/roles/openshift_hosted/tasks/registry/storage/s3.yml @@ -31,8 +31,8 @@ namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" name: docker-registry-s3-cloudfront contents: - path: cloudfront.pem - data: "{{ lookup('file', openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile) }}" + - path: cloudfront.pem + data: "{{ lookup('file', openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile) }}" - name: Add cloudfront secret to the registry deployment config command: > diff --git a/roles/openshift_logging/tasks/update_master_config.yaml b/roles/openshift_logging/tasks/update_master_config.yaml index af303c47c..cef835668 100644 --- a/roles/openshift_logging/tasks/update_master_config.yaml +++ b/roles/openshift_logging/tasks/update_master_config.yaml @@ -5,3 +5,5 @@ yaml_key: assetConfig.loggingPublicURL yaml_value: "https://{{ openshift_logging_kibana_hostname }}" notify: restart master + tags: + - update_master_config |