diff options
68 files changed, 917 insertions, 727 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 5976f188e..b8982c3a5 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.3.2-1 ./ +3.3.4-1 ./ diff --git a/DEPLOYMENT_TYPES.md b/DEPLOYMENT_TYPES.md index 1f64e223a..668d14fc0 100644 --- a/DEPLOYMENT_TYPES.md +++ b/DEPLOYMENT_TYPES.md @@ -15,7 +15,7 @@ The table below outlines the defaults per `deployment_type`. | **Image Streams** | centos | rhel + xpaas | N/A | rhel | -**NOTE** `enterprise` deloyment type is used for OpenShift Enterprise version +**NOTE** `enterprise` deployment type is used for OpenShift Enterprise version 3.0.x OpenShift Enterprise deployments utilizing version 3.1 and later will make use of the new `openshift-enterprise` deployment type. Additional work to migrate between the two will be forthcoming. diff --git a/callback_plugins/default.py b/callback_plugins/default.py new file mode 100644 index 000000000..31e3d7d4c --- /dev/null +++ b/callback_plugins/default.py @@ -0,0 +1,60 @@ +'''Plugin to override the default output logic.''' + +# upstream: https://gist.github.com/cliffano/9868180 + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +# For some reason this has to be done +import imp +import os + +ANSIBLE_PATH = imp.find_module('ansible')[1] +DEFAULT_PATH = os.path.join(ANSIBLE_PATH, 'plugins/callback/default.py') +DEFAULT_MODULE = imp.load_source( + 'ansible.plugins.callback.default', + DEFAULT_PATH +) + + +class CallbackModule(DEFAULT_MODULE.CallbackModule): # pylint: disable=too-few-public-methods,no-init + ''' + Override for the default callback module. + + Render std err/out outside of the rest of the result which it prints with + indentation. + ''' + CALLBACK_VERSION = 2.0 + CALLBACK_TYPE = 'stdout' + CALLBACK_NAME = 'default' + + def _dump_results(self, result): + '''Return the text to output for a result.''' + result['_ansible_verbose_always'] = True + + save = {} + for key in ['stdout', 'stdout_lines', 'stderr', 'stderr_lines', 'msg']: + if key in result: + save[key] = result.pop(key) + + output = DEFAULT_MODULE.CallbackModule._dump_results(self, result) + + for key in ['stdout', 'stderr', 'msg']: + if key in save and save[key]: + output += '\n\n%s:\n\n%s\n' % (key.upper(), save[key]) + + for key, value in save.items(): + result[key] = value + + return output diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index d706d0304..ec00a1646 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -660,7 +660,7 @@ class FilterModule(object): if kind == 'nfs': host = params['host'] if host == None: - if len(groups['oo_nfs_to_config']) > 0: + if 'oo_nfs_to_config' in groups and len(groups['oo_nfs_to_config']) > 0: host = groups['oo_nfs_to_config'][0] else: raise errors.AnsibleFilterError("|failed no storage host detected") diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index e038b39d5..8d2d95f8f 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -44,9 +44,6 @@ openshift_release=v3.2 # Install the openshift examples #openshift_install_examples=true -# Enable cluster metrics -#use_cluster_metrics=true - # Configure logoutURL in the master config for console customization # See: https://docs.openshift.org/latest/install_config/web_console_customization.html#changing-the-logout-url #openshift_master_logout_url=http://example.com @@ -326,11 +323,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Disable the OpenShift SDN plugin # openshift_use_openshift_sdn=False -# Configure SDN cluster network CIDR block. This network block should -# be a private block and should not conflict with existing network -# blocks in your infrastructure that pods may require access to. -# Can not be changed after deployment. +# Configure SDN cluster network and kubernetes service CIDR blocks. These +# network blocks should be private and should not conflict with network blocks +# in your infrastructure that pods may require access to. Can not be changed +# after deployment. #osm_cluster_network_cidr=10.1.0.0/16 +#openshift_portal_net=172.30.0.0/16 # Configure number of bits to allocate to each host’s subnet e.g. 8 # would mean a /24 network on the host. diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 5bfb451c5..d71ed5727 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -45,9 +45,6 @@ openshift_release=v1.2 # Install the openshift examples #openshift_install_examples=true -# Enable cluster metrics -#use_cluster_metrics=true - # Configure logoutURL in the master config for console customization # See: https://docs.openshift.org/latest/install_config/web_console_customization.html#changing-the-logout-url #openshift_master_logout_url=http://example.com @@ -333,11 +330,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Disable the OpenShift SDN plugin # openshift_use_openshift_sdn=False -# Configure SDN cluster network CIDR block. This network block should -# be a private block and should not conflict with existing network -# blocks in your infrastructure that pods may require access to. -# Can not be changed after deployment. +# Configure SDN cluster network and kubernetes service CIDR blocks. These +# network blocks should be private and should not conflict with network blocks +# in your infrastructure that pods may require access to. Can not be changed +# after deployment. #osm_cluster_network_cidr=10.1.0.0/16 +#openshift_portal_net=172.30.0.0/16 + # Configure number of bits to allocate to each host’s subnet e.g. 8 # would mean a /24 network on the host. diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 96a9db30d..ccff97b47 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -44,9 +44,6 @@ openshift_release=v3.2 # Install the openshift examples #openshift_install_examples=true -# Enable cluster metrics -#use_cluster_metrics=true - # Configure logoutURL in the master config for console customization # See: https://docs.openshift.org/latest/install_config/web_console_customization.html#changing-the-logout-url #openshift_master_logout_url=http://example.com @@ -327,11 +324,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Disable the OpenShift SDN plugin # openshift_use_openshift_sdn=False -# Configure SDN cluster network CIDR block. This network block should -# be a private block and should not conflict with existing network -# blocks in your infrastructure that pods may require access to. -# Can not be changed after deployment. +# Configure SDN cluster network and kubernetes service CIDR blocks. These +# network blocks should be private and should not conflict with network blocks +# in your infrastructure that pods may require access to. Can not be changed +# after deployment. #osm_cluster_network_cidr=10.1.0.0/16 +#openshift_portal_net=172.30.0.0/16 + # Configure number of bits to allocate to each host’s subnet e.g. 8 # would mean a /24 network on the host. diff --git a/library/rpm_q.py b/library/rpm_q.py new file mode 100644 index 000000000..ca3d0dd89 --- /dev/null +++ b/library/rpm_q.py @@ -0,0 +1,70 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# (c) 2015, Tobias Florek <tob@butter.sh> +# Licensed under the terms of the MIT License +""" +An ansible module to query the RPM database. For use, when yum/dnf are not +available. +""" + +# pylint: disable=redefined-builtin,wildcard-import,unused-wildcard-import +from ansible.module_utils.basic import * + +DOCUMENTATION = """ +--- +module: rpm_q +short_description: Query the RPM database +author: Tobias Florek +options: + name: + description: + - The name of the package to query + required: true + state: + description: + - Whether the package is supposed to be installed or not + choices: [present, absent] + default: present +""" + +EXAMPLES = """ +- rpm_q: name=ansible state=present +- rpm_q: name=ansible state=absent +""" + +RPM_BINARY = '/bin/rpm' + +def main(): + """ + Checks rpm -q for the named package and returns the installed packages + or None if not installed. + """ + module = AnsibleModule( + argument_spec=dict( + name=dict(required=True), + state=dict(default='present', choices=['present', 'absent']) + ), + supports_check_mode=True + ) + + name = module.params['name'] + state = module.params['state'] + + # pylint: disable=invalid-name + rc, out, err = module.run_command([RPM_BINARY, '-q', name]) + + installed = out.rstrip('\n').split('\n') + + if rc != 0: + if state == 'present': + module.fail_json(msg="%s is not installed" % name, stdout=out, stderr=err, rc=rc) + else: + module.exit_json(changed=False) + elif state == 'present': + module.exit_json(changed=False, installed_versions=installed) + else: + module.fail_json(msg="%s is installed", installed_versions=installed) + +if __name__ == '__main__': + main() diff --git a/lookup_plugins/oo_option.py b/lookup_plugins/oo_option.py index 3fc46ab9b..bca545771 100644 --- a/lookup_plugins/oo_option.py +++ b/lookup_plugins/oo_option.py @@ -33,15 +33,6 @@ except ImportError: def get_basedir(self, variables): return self.basedir -# pylint: disable=no-name-in-module,import-error -try: - # ansible-2.0 - from ansible import template -except ImportError: - # ansible 1.9.x - from ansible.utils import template - - # Reason: disable too-few-public-methods because the `run` method is the only # one required by the Ansible API # Status: permanently disabled @@ -65,28 +56,16 @@ class LookupModule(LookupBase): # which is not used # Status: permanently disabled unless Ansible API evolves # pylint: disable=unused-argument - def run(self, terms, inject=None, **kwargs): + def run(self, terms, variables, **kwargs): ''' Main execution path ''' - try: - terms = template.template(self.basedir, terms, inject) - # Reason: disable broad-except to really ignore any potential exception - # This is inspired by the upstream "env" lookup plugin: - # https://github.com/ansible/ansible/blob/devel/v1/ansible/runner/lookup_plugins/env.py#L29 - # pylint: disable=broad-except - except Exception: - pass - - if isinstance(terms, basestring): - terms = [terms] - ret = [] for term in terms: option_name = term.split()[0] cli_key = 'cli_' + option_name - if inject and cli_key in inject: - ret.append(inject[cli_key]) + if 'vars' in variables and cli_key in variables['vars']: + ret.append(variables['vars'][cli_key]) elif option_name in os.environ: ret.append(os.environ[option_name]) else: diff --git a/openshift-ansible.spec b/openshift-ansible.spec index f70193367..84b9c9518 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.3.2 +Version: 3.3.4 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -221,6 +221,63 @@ Atomic OpenShift Utilities includes %changelog +* Fri Jul 29 2016 Troy Dawson <tdawson@redhat.com> 3.3.4-1 +- a-o-i: Set roles on standalone storage (smunilla@redhat.com) +- Disable too many branches pylint (sdodson@redhat.com) +- a-o-i: write missing openshift_node_labels (dkorn@redhat.com) +- a-o-i: Support for arbitrary host-level variables (smunilla@redhat.com) +- Beautiful -v output from ansible (jamespic@gmail.com) +- a-o-i: Move inventory vars to the correct location (smunilla@redhat.com) +- Fix registry/router being created despite no infra nodes. + (dgoodwin@redhat.com) +- Document openshift_portal_net (sdodson@redhat.com) +- Stagger the start of master services. (abutcher@redhat.com) +- make rpm-q module pylint warning-free (tob@butter.sh) +- add rpm_q module to query rpm database (tob@butter.sh) + +* Wed Jul 27 2016 Troy Dawson <tdawson@redhat.com> 3.3.3-1 +- Template named certificates with_items. (abutcher@redhat.com) +- Replace master_cert_config_dir with common config_base fact. + (abutcher@redhat.com) +- remove outdated openshift_cluster_metrics role (jdetiber@redhat.com) +- Fix "deloyment" typo in deployment types doc (lxia@redhat.com) +- Add missing nuke_images.sh symlink. (dgoodwin@redhat.com) +- a-o-i: Persist Roles Variables (smunilla@redhat.com) +- Default nodes matching selectors when not collected. (abutcher@redhat.com) +- Copy openshift binaries instead of using wrapper script. + (dgoodwin@redhat.com) +- Correct relative include for ansible version check. (abutcher@redhat.com) +- Fix libvirt provider for Ansible 2.1.0.0 (lhuard@amadeus.com) +- Re-arrange master and node role dependencies. (abutcher@redhat.com) +- Refactor openshift certificates roles. (abutcher@redhat.com) +- Check ansible version prior to evaluating cluster hosts and groups. + (abutcher@redhat.com) +- Stop reporting changes when docker pull is already up to date. + (dgoodwin@redhat.com) +- a-o-i: Write Role variable groups (smunilla@redhat.com) +- Slight modification to error when using mismatched openshift_release. + (dgoodwin@redhat.com) +- fix "databcase" typo in example roles (lxia@redhat.com) +- Secure router only when openshift.hosted.router.certificate.contents exists. + (abutcher@redhat.com) +- Add jenkinstemplate (sdodson@redhat.com) +- Fix bugs with origin 1.2 rpm based upgrades. (dgoodwin@redhat.com) +- Sync latest image streams and templates (sdodson@redhat.com) +- Ensure 'oo_nfs_to_config' in groups prior to checking group length when nfs + host unset. (abutcher@redhat.com) +- We have proper ansible support and requirements in place now, de-revert this + commit (tbielawa@redhat.com) +- Skip docker upgrades on Atomic. (dgoodwin@redhat.com) +- Resolve some deprecation warnings. (abutcher@redhat.com) +- a-o-i: Looser facts requirements for unattended (smunilla@redhat.com) +- Temporarily link registry config templates for ansible 1.9.x support. + (abutcher@redhat.com) +- Remove relative lookup for registry config and check for skipped update in + registry redeploy conditional. (abutcher@redhat.com) +- Arbitrary Installer yaml (smunilla@redhat.com) +- Check for existence of sebooleans prior to setting. (abutcher@redhat.com) +- Require ansible-2.1 (abutcher@redhat.com) + * Sun Jul 17 2016 Scott Dodson <sdodson@redhat.com> 3.3.2-1 - Convert openshift_release and openshift_version to strings for startswith (sdodson@redhat.com) diff --git a/playbooks/adhoc/bootstrap-fedora.yml b/playbooks/adhoc/bootstrap-fedora.yml index b380a74d6..5ca383a37 100644 --- a/playbooks/adhoc/bootstrap-fedora.yml +++ b/playbooks/adhoc/bootstrap-fedora.yml @@ -1,4 +1,4 @@ - hosts: OSEv3 tasks: - name: install python and deps for ansible modules - raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python python2-firewall + raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python python2-firewall pyOpenSSL python-cryptography diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml index d6b5700b0..647c72239 100644 --- a/playbooks/aws/openshift-cluster/config.yml +++ b/playbooks/aws/openshift-cluster/config.yml @@ -1,3 +1,6 @@ +--- +- include: ../../common/openshift-cluster/verify_ansible_version.yml + - hosts: localhost gather_facts: no tasks: diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index 3477b2dc4..0a931fbe0 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -1,4 +1,6 @@ --- +- include: ../../common/openshift-cluster/verify_ansible_version.yml + - hosts: localhost connection: local become: no diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml index 8c89e118e..e28313221 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml @@ -1,4 +1,6 @@ --- +- include: ../../../../common/openshift-cluster/verify_ansible_version.yml + - hosts: localhost connection: local become: no diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml index db8703db6..d966b58fd 100644 --- a/playbooks/byo/openshift_facts.yml +++ b/playbooks/byo/openshift_facts.yml @@ -1,4 +1,6 @@ --- +- include: ../common/openshift-cluster/verify_ansible_version.yml + - hosts: localhost connection: local become: no diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-cluster/additional_config.yml index a34322754..e9fb3de96 100644 --- a/playbooks/common/openshift-cluster/additional_config.yml +++ b/playbooks/common/openshift-cluster/additional_config.yml @@ -19,8 +19,6 @@ - role: openshift_examples registry_url: "{{ openshift.master.registry_url }}" when: openshift.common.install_examples | bool - - role: openshift_cluster_metrics - when: openshift.common.use_cluster_metrics | bool - role: openshift_manageiq when: openshift.common.use_manageiq | bool - role: cockpit diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/nuke_images.sh b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/nuke_images.sh new file mode 120000 index 000000000..49a51bba9 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/nuke_images.sh @@ -0,0 +1 @@ +../files/nuke_images.sh
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml index 7a8dfdf91..a32123952 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -87,7 +87,7 @@ # Request openshift_release 3.2 and let the openshift_version role handle converting this # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "3.2" + openshift_release: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" openshift_protect_installed_version: False # Docker role (a dependency) should be told not to do anything to installed version # of docker, we handle this separately during upgrade. (the inventory may have a @@ -163,6 +163,8 @@ - name: Verify containers are available for upgrade command: > docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" when: openshift.common.is_containerized | bool - name: Check latest available OpenShift RPM version @@ -176,8 +178,12 @@ - name: Verify OpenShift 3.2 RPMs are available for upgrade fail: msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but 3.2 or greater is required" - when: not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare('3.2', '<') + when: deployment_type != 'origin' and not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<') + - name: Verify Origin 1.2 RPMs are available for upgrade + fail: + msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but 1.2 or greater is required" + when: deployment_type == 'origin' and not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<') # TODO: Are these two grep checks necessary anymore? # Note: the version number is hardcoded here in hopes of catching potential diff --git a/playbooks/common/openshift-cluster/verify_ansible_version.yml b/playbooks/common/openshift-cluster/verify_ansible_version.yml new file mode 100644 index 000000000..2a143b065 --- /dev/null +++ b/playbooks/common/openshift-cluster/verify_ansible_version.yml @@ -0,0 +1,10 @@ +--- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Verify Ansible version is greater than or equal to 2.1.0.0 + fail: + msg: "Unsupported ansible version: {{ ansible_version.full }} found" + when: not ansible_version.full | version_compare('2.1.0.0', 'ge') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index bb8fb77b6..34c96a3af 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -156,79 +156,6 @@ - master.etcd-ca.crt when: etcd_client_certs_missing is defined and etcd_client_certs_missing -- name: Determine if master certificates need to be generated - hosts: oo_first_master:oo_masters_to_config - tasks: - - set_fact: - openshift_master_certs_no_etcd: - - admin.crt - - master.kubelet-client.crt - - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}" - - master.server.crt - - openshift-master.crt - - openshift-registry.crt - - openshift-router.crt - - etcd.server.crt - openshift_master_certs_etcd: - - master.etcd-client.crt - - - set_fact: - openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd)) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else openshift_master_certs_no_etcd }}" - - - name: Check status of master certificates - stat: - path: "{{ openshift.common.config_base }}/master/{{ item }}" - with_items: "{{ openshift_master_certs }}" - register: g_master_cert_stat_result - - set_fact: - master_certs_missing: "{{ False in (g_master_cert_stat_result.results - | oo_collect(attribute='stat.exists') - | list ) }}" - master_cert_subdir: master-{{ openshift.common.hostname }} - master_cert_config_dir: "{{ openshift.common.config_base }}/master" - -- name: Configure master certificates - hosts: oo_first_master - vars: - master_generated_certs_dir: "{{ openshift.common.config_base }}/generated-configs" - masters_needing_certs: "{{ hostvars - | oo_select_keys(groups['oo_masters_to_config'] | difference(groups['oo_first_master'])) - | oo_filter_list(filter_attr='master_certs_missing') }}" - master_hostnames: "{{ hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('openshift.common.all_hostnames') - | oo_flatten | unique }}" - sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" - roles: - - openshift_master_certificates - post_tasks: - - name: Remove generated etcd client certs when using external etcd - file: - path: "{{ master_generated_certs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" - state: absent - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config - with_nested: - - "{{ masters_needing_certs | default([]) }}" - - - master.etcd-client.crt - - master.etcd-client.key - - - name: Create a tarball of the master certs - command: > - tar -czvf {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz - -C {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }} . - args: - creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz" - with_items: "{{ masters_needing_certs | default([]) }}" - - - name: Retrieve the master cert tarball from the master - fetch: - src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz" - dest: "{{ sync_tmpdir }}/" - flat: yes - fail_on_missing: yes - validate_checksum: yes - with_items: "{{ masters_needing_certs | default([]) }}" - - name: Check for cached session secrets hosts: oo_first_master roles: @@ -243,7 +170,7 @@ - name: Generate master session secrets hosts: oo_first_master vars: - g_session_secrets_present: "{{ (openshift.master.session_auth_secrets | default([]) and openshift.master.session_encryption_secrets | default([])) | length > 0 }}" + g_session_secrets_present: "{{ (openshift.master.session_auth_secrets | default([])) | length > 0 and (openshift.master.session_encryption_secrets | default([])) | length > 0 }}" g_session_auth_secrets: "{{ [ 24 | oo_generate_secret ] }}" g_session_encryption_secrets: "{{ [ 24 | oo_generate_secret ] }}" roles: @@ -263,7 +190,7 @@ vars: internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}" named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}" - named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].master_cert_config_dir }}/named_certificates/" + named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].openshift.common.config_base }}/master/named_certificates/" tasks: - set_fact: parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}" @@ -272,7 +199,7 @@ - name: Deploy named certificates hosts: oo_masters_to_config vars: - named_certs_dir: "{{ master_cert_config_dir }}/named_certificates/" + named_certs_dir: "{{ openshift.common.config_base }}/master/named_certificates/" named_certs_specified: "{{ openshift_master_named_certificates is defined }}" overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}" roles: @@ -297,17 +224,16 @@ when: named_certs_specified | bool - name: Land named certificates copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}" - with_items: openshift_master_named_certificates + with_items: "{{ openshift_master_named_certificates }}" when: named_certs_specified | bool - name: Land named certificate keys copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" mode=0600 - with_items: openshift_master_named_certificates + with_items: "{{ openshift_master_named_certificates }}" when: named_certs_specified | bool - name: Configure masters hosts: oo_masters_to_config any_errors_fatal: true - serial: 1 vars: sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" openshift_master_ha: "{{ openshift.master.ha }}" @@ -321,19 +247,18 @@ }}" when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and openshift_generate_no_proxy_hosts | default(True) | bool }}" - pre_tasks: - - name: Ensure certificate directory exists - file: - path: "{{ openshift.common.config_base }}/master" - state: directory - when: master_certs_missing | bool and 'oo_first_master' not in group_names - - name: Unarchive the tarball on the master - unarchive: - src: "{{ sync_tmpdir }}/{{ master_cert_subdir }}.tgz" - dest: "{{ master_cert_config_dir }}" - when: master_certs_missing | bool and 'oo_first_master' not in group_names roles: - - openshift_master + - role: openshift_master + openshift_ca_host: "{{ groups.oo_first_master.0 }}" + openshift_master_etcd_hosts: "{{ hostvars + | oo_select_keys(groups['oo_etcd_to_config'] | default([])) + | oo_collect('openshift.common.hostname') + | default(none, true) }}" + openshift_master_hostnames: "{{ hostvars + | oo_select_keys(groups['oo_masters_to_config'] | default([])) + | oo_collect('openshift.common.all_hostnames') + | oo_flatten | unique }}" + openshift_master_hosts: "{{ groups.oo_masters_to_config }}" - role: nickhammond.logrotate - role: nuage_master when: openshift.common.use_nuage | bool diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 80659dc52..a8c49d37b 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -19,23 +19,6 @@ labels: "{{ openshift_node_labels | default(None) }}" annotations: "{{ openshift_node_annotations | default(None) }}" schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" - - name: Check status of node certificates - stat: - path: "{{ openshift.common.config_base }}/node/{{ item }}" - with_items: - - "system:node:{{ openshift.common.hostname }}.crt" - - "system:node:{{ openshift.common.hostname }}.key" - - "system:node:{{ openshift.common.hostname }}.kubeconfig" - - ca.crt - - server.key - - server.crt - register: stat_result - - set_fact: - certs_missing: "{{ stat_result.results | oo_collect(attribute='stat.exists') - | list | intersect([false])}}" - node_subdir: node-{{ openshift.common.hostname }} - config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}" - node_cert_dir: "{{ openshift.common.config_base }}/node" - name: Create temp directory for syncing certs hosts: localhost @@ -48,53 +31,6 @@ register: mktemp changed_when: False -- name: Create node certificates - hosts: oo_first_master - vars: - nodes_needing_certs: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config'] - | default([])) - | oo_filter_list(filter_attr='certs_missing') }}" - sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" - roles: - - openshift_node_certificates - post_tasks: - - name: Create a tarball of the node config directories - command: > - tar -czvf {{ item.config_dir }}.tgz - --transform 's|system:{{ item.node_subdir }}|node|' - -C {{ item.config_dir }} . - args: - creates: "{{ item.config_dir }}.tgz" - with_items: "{{ nodes_needing_certs | default([]) }}" - - - name: Retrieve the node config tarballs from the master - fetch: - src: "{{ item.config_dir }}.tgz" - dest: "{{ sync_tmpdir }}/" - flat: yes - fail_on_missing: yes - validate_checksum: yes - with_items: "{{ nodes_needing_certs | default([]) }}" - -- name: Deploy node certificates - hosts: oo_nodes_to_config - vars: - sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" - tasks: - - name: Ensure certificate directory exists - file: - path: "{{ node_cert_dir }}" - state: directory - # TODO: notify restart node - # possibly test service started time against certificate/config file - # timestamps in node to trigger notify - - name: Unarchive the tarball on the node - unarchive: - src: "{{ sync_tmpdir }}/{{ node_subdir }}.tgz" - dest: "{{ node_cert_dir }}" - when: certs_missing - - name: Evaluate node groups hosts: localhost become: no @@ -124,7 +60,8 @@ when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - - openshift_node + - role: openshift_node + openshift_ca_host: "{{ groups.oo_first_master.0 }}" - name: Configure node instances hosts: oo_nodes_to_config:!oo_containerized_master_nodes @@ -140,7 +77,8 @@ when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - - openshift_node + - role: openshift_node + openshift_ca_host: "{{ groups.oo_first_master.0 }}" - name: Gather and set facts for flannel certificatess hosts: oo_nodes_to_config diff --git a/playbooks/libvirt/openshift-cluster/config.yml b/playbooks/libvirt/openshift-cluster/config.yml index a28e59a87..299325fc4 100644 --- a/playbooks/libvirt/openshift-cluster/config.yml +++ b/playbooks/libvirt/openshift-cluster/config.yml @@ -2,6 +2,9 @@ # TODO: need to figure out a plan for setting hostname, currently the default # is localhost, so no hostname value (or public_hostname) value is getting # assigned + +- include: ../../common/openshift-cluster/verify_ansible_version.yml + - hosts: localhost gather_facts: no tasks: diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml index 833586ffa..cc34d0ef9 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml @@ -39,14 +39,14 @@ file: dest: '{{ libvirt_storage_pool_path }}/{{ item }}_configdrive/' state: directory - with_items: instances + with_items: '{{ instances }}' - name: Create the cloud-init config drive files template: src: '{{ item[1] }}' dest: '{{ libvirt_storage_pool_path }}/{{ item[0] }}_configdrive/{{ item[1] }}' with_nested: - - instances + - '{{ instances }}' - [ user-data, meta-data ] - name: Create the cloud-init config drive @@ -54,18 +54,18 @@ args: chdir: '{{ libvirt_storage_pool_path }}/{{ item }}_configdrive/' creates: '{{ libvirt_storage_pool_path }}/{{ item }}_cloud-init.iso' - with_items: instances + with_items: '{{ instances }}' - name: Refresh the libvirt storage pool for openshift command: 'virsh -c {{ libvirt_uri }} pool-refresh {{ libvirt_storage_pool }}' - name: Create VM drives command: 'virsh -c {{ libvirt_uri }} vol-create-as {{ libvirt_storage_pool }} {{ item }}.qcow2 10G --format qcow2 --backing-vol {{ image_name }} --backing-vol-format qcow2' - with_items: instances + with_items: '{{ instances }}' - name: Create VM docker drives command: 'virsh -c {{ libvirt_uri }} vol-create-as {{ libvirt_storage_pool }} {{ item }}-docker.qcow2 10G --format qcow2 --allocation 0' - with_items: instances + with_items: '{{ instances }}' - name: Create VMs virt: @@ -73,14 +73,14 @@ command: define xml: "{{ lookup('template', '../templates/domain.xml') }}" uri: '{{ libvirt_uri }}' - with_items: instances + with_items: '{{ instances }}' - name: Start VMs virt: name: '{{ item }}' state: running uri: '{{ libvirt_uri }}' - with_items: instances + with_items: '{{ instances }}' - name: Wait for the VMs to get an IP shell: 'virsh -c {{ libvirt_uri }} net-dhcp-leases {{ libvirt_network }} | egrep -c ''{{ instances | join("|") }}''' @@ -93,7 +93,7 @@ - name: Collect IP addresses of the VMs shell: 'virsh -c {{ libvirt_uri }} net-dhcp-leases {{ libvirt_network }} | awk ''$6 == "{{ item }}" {gsub(/\/.*/, "", $5); print $5}''' register: scratch_ip - with_items: instances + with_items: '{{ instances }}' - set_fact: ips: "{{ scratch_ip.results | default([]) | oo_collect('stdout') }}" @@ -117,14 +117,14 @@ groups: "tag_environment-{{ cluster_env }}, tag_host-type-{{ type }}, tag_sub-host-type-{{ g_sub_host_type }}, tag_clusterid-{{ cluster_id }}" openshift_node_labels: "{{ node_label }}" with_together: - - instances - - ips + - '{{ instances }}' + - '{{ ips }}' - name: Wait for ssh wait_for: host: '{{ item }}' port: 22 - with_items: ips + with_items: '{{ ips }}' - name: Wait for openshift user setup command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null openshift@{{ item.1 }} echo openshift user is setup' @@ -133,5 +133,5 @@ retries: 30 delay: 1 with_together: - - instances - - ips + - '{{ instances }}' + - '{{ ips }}'
\ No newline at end of file diff --git a/playbooks/libvirt/openshift-cluster/templates/domain.xml b/playbooks/libvirt/openshift-cluster/templates/domain.xml index b645a791a..88504a5f6 100644 --- a/playbooks/libvirt/openshift-cluster/templates/domain.xml +++ b/playbooks/libvirt/openshift-cluster/templates/domain.xml @@ -19,6 +19,9 @@ <apic/> <pae/> </features> + <cpu mode='host-model'> + <model fallback='allow'/> + </cpu> <clock offset='utc'> <timer name='rtc' tickpolicy='catchup'/> <timer name='pit' tickpolicy='delay'/> diff --git a/playbooks/libvirt/openshift-cluster/terminate.yml b/playbooks/libvirt/openshift-cluster/terminate.yml index baef911f9..df5c52f2d 100644 --- a/playbooks/libvirt/openshift-cluster/terminate.yml +++ b/playbooks/libvirt/openshift-cluster/terminate.yml @@ -15,7 +15,7 @@ groups: oo_hosts_to_terminate ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - with_items: groups[cluster_group] | default([]) + with_items: '{{ groups[cluster_group] | default([]) }}' - name: Unsubscribe VMs hosts: oo_hosts_to_terminate @@ -42,30 +42,30 @@ command: '{{ item[1] }}' uri: '{{ libvirt_uri }}' with_nested: - - groups['oo_hosts_to_terminate'] + - "{{ groups['oo_hosts_to_terminate'] }}" - [ destroy, undefine ] - name: Delete VM drives command: 'virsh -c {{ libvirt_uri }} vol-delete --pool {{ libvirt_storage_pool }} {{ item }}.qcow2' args: removes: '{{ libvirt_storage_pool_path }}/{{ item }}.qcow2' - with_items: groups['oo_hosts_to_terminate'] + with_items: "{{ groups['oo_hosts_to_terminate'] }}" - name: Delete VM docker drives command: 'virsh -c {{ libvirt_uri }} vol-delete --pool {{ libvirt_storage_pool }} {{ item }}-docker.qcow2' args: removes: '{{ libvirt_storage_pool_path }}/{{ item }}-docker.qcow2' - with_items: groups['oo_hosts_to_terminate'] + with_items: "{{ groups['oo_hosts_to_terminate'] }}" - name: Delete the VM cloud-init image file: path: '{{ libvirt_storage_pool_path }}/{{ item }}_cloud-init.iso' state: absent - with_items: groups['oo_hosts_to_terminate'] + with_items: "{{ groups['oo_hosts_to_terminate'] }}" - name: Remove the cloud-init config directory file: path: '{{ libvirt_storage_pool_path }}/{{ item }}_configdrive/' state: absent - with_items: groups['oo_hosts_to_terminate'] + with_items: "{{ groups['oo_hosts_to_terminate'] }}" diff --git a/playbooks/libvirt/openshift-cluster/update.yml b/playbooks/libvirt/openshift-cluster/update.yml index 28362c984..a152135fc 100644 --- a/playbooks/libvirt/openshift-cluster/update.yml +++ b/playbooks/libvirt/openshift-cluster/update.yml @@ -7,7 +7,7 @@ - add_host: name: "{{ item }}" groups: l_oo_all_hosts - with_items: g_all_hosts + with_items: '{{ g_all_hosts }}' - hosts: l_oo_all_hosts gather_facts: no @@ -30,7 +30,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - with_items: g_all_hosts | default([]) + with_items: '{{ g_all_hosts | default([]) }}' - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml index 1366c83ca..f6550b2c4 100644 --- a/playbooks/openstack/openshift-cluster/config.yml +++ b/playbooks/openstack/openshift-cluster/config.yml @@ -1,4 +1,6 @@ --- +- include: ../../common/openshift-cluster/verify_ansible_version.yml + - hosts: localhost gather_facts: no tasks: diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 71735dc25..75d40216d 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -12,6 +12,8 @@ - name: Pull etcd container command: docker pull {{ openshift.etcd.etcd_image }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" when: etcd_is_containerized | bool - name: Install etcd container service file diff --git a/roles/openshift_ca/README.md b/roles/openshift_ca/README.md new file mode 100644 index 000000000..96c9cd5f2 --- /dev/null +++ b/roles/openshift_ca/README.md @@ -0,0 +1,48 @@ +OpenShift CA +============ + +This role delegates all tasks to the `openshift_ca_host` such that this role can be depended on by other OpenShift certificate roles. + +Requirements +------------ + +Role Variables +-------------- + +From this role: + +| Name | Default value | Description | +|-------------------------|-----------------------------------------------|-----------------------------------------------------------------------------| +| openshift_ca_host | None (Required) | The hostname of the system where the OpenShift CA will be created. | +| openshift_ca_config_dir | `{{ openshift.common.config_base }}/master` | CA certificate directory. | +| openshift_ca_cert | `{{ openshift_ca_config_dir }}/ca.crt` | CA certificate path including CA certificate filename. | +| openshift_ca_key | `{{ openshift_ca_config_dir }}/ca.key` | CA key path including CA key filename. | +| openshift_ca_serial | `{{ openshift_ca_config_dir }}/ca.serial.txt` | CA serial path including CA serial filename. | +| openshift_version | `{{ openshift_pkg_version }}` | OpenShift package version. | + +Dependencies +------------ + +* openshift_repos +* openshift_cli + +Example Playbook +---------------- + +``` +- name: Create OpenShift CA + hosts: localhost + roles: + - role: openshift_ca + openshift_ca_host: master1.example.com +``` + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_master_ca/meta/main.yml b/roles/openshift_ca/meta/main.yml index b5dd466c9..a08aa1686 100644 --- a/roles/openshift_master_ca/meta/main.yml +++ b/roles/openshift_ca/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: author: Jason DeTiberus - description: + description: OpenShift CA company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.8 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,5 +13,5 @@ galaxy_info: - cloud - system dependencies: -- { role: openshift_repos } -- { role: openshift_cli } +- role: openshift_repos +- role: openshift_cli diff --git a/roles/openshift_ca/vars/main.yml b/roles/openshift_ca/vars/main.yml new file mode 100644 index 000000000..a32e385ec --- /dev/null +++ b/roles/openshift_ca/vars/main.yml @@ -0,0 +1,6 @@ +--- +openshift_ca_config_dir: "{{ openshift.common.config_base }}/master" +openshift_ca_cert: "{{ openshift_ca_config_dir }}/ca.crt" +openshift_ca_key: "{{ openshift_ca_config_dir }}/ca.key" +openshift_ca_serial: "{{ openshift_ca_config_dir }}/ca.serial.txt" +openshift_version: "{{ openshift_pkg_version | default('') }}" diff --git a/roles/openshift_cli/library/openshift_container_binary_sync.py b/roles/openshift_cli/library/openshift_container_binary_sync.py new file mode 100644 index 000000000..fd290c6fc --- /dev/null +++ b/roles/openshift_cli/library/openshift_container_binary_sync.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# vim: expandtab:tabstop=4:shiftwidth=4 +# pylint: disable=missing-docstring,invalid-name +# + +import random +import tempfile +import shutil +import os.path + +# pylint: disable=redefined-builtin,wildcard-import,unused-wildcard-import +from ansible.module_utils.basic import * + + +DOCUMENTATION = ''' +--- +module: openshift_container_binary_sync +short_description: Copies OpenShift binaries out of the given image tag to host system. +''' + + +class BinarySyncError(Exception): + def __init__(self, msg): + super(BinarySyncError, self).__init__(msg) + self.msg = msg + + +# pylint: disable=too-few-public-methods +class BinarySyncer(object): + """ + Syncs the openshift, oc, oadm, and kubectl binaries/symlinks out of + a container onto the host system. + """ + + def __init__(self, module, image, tag): + self.module = module + self.changed = False + self.output = [] + self.bin_dir = '/usr/local/bin' + self.image = image + self.tag = tag + self.temp_dir = None # TBD + + def sync(self): + container_name = "openshift-cli-%s" % random.randint(1, 100000) + rc, stdout, stderr = self.module.run_command(['docker', 'create', '--name', + container_name, '%s:%s' % (self.image, self.tag)]) + if rc: + raise BinarySyncError("Error creating temporary docker container. stdout=%s, stderr=%s" % + (stdout, stderr)) + self.output.append(stdout) + try: + self.temp_dir = tempfile.mkdtemp() + self.output.append("Using temp dir: %s" % self.temp_dir) + + rc, stdout, stderr = self.module.run_command(['docker', 'cp', "%s:/usr/bin/openshift" % container_name, + self.temp_dir]) + if rc: + raise BinarySyncError("Error copying file from docker container: stdout=%s, stderr=%s" % + (stdout, stderr)) + + rc, stdout, stderr = self.module.run_command(['docker', 'cp', "%s:/usr/bin/oc" % container_name, + self.temp_dir]) + if rc: + raise BinarySyncError("Error copying file from docker container: stdout=%s, stderr=%s" % + (stdout, stderr)) + + self._sync_binary('openshift') + + # In older versions, oc was a symlink to openshift: + if os.path.islink(os.path.join(self.temp_dir, 'oc')): + self._sync_symlink('oc', 'openshift') + else: + self._sync_binary('oc') + + # Ensure correct symlinks created: + self._sync_symlink('kubectl', 'openshift') + self._sync_symlink('oadm', 'openshift') + finally: + shutil.rmtree(self.temp_dir) + self.module.run_command(['docker', 'rm', container_name]) + + def _sync_symlink(self, binary_name, link_to): + """ Ensure the given binary name exists and links to the expected binary. """ + link_path = os.path.join(self.bin_dir, binary_name) + link_dest = os.path.join(self.bin_dir, binary_name) + if not os.path.exists(link_path) or \ + not os.path.islink(link_path) or \ + os.path.realpath(link_path) != os.path.realpath(link_dest): + if os.path.exists(link_path): + os.remove(link_path) + os.symlink(link_to, os.path.join(self.bin_dir, binary_name)) + self.output.append("Symlinked %s to %s." % (link_path, link_dest)) + self.changed = True + + def _sync_binary(self, binary_name): + src_path = os.path.join(self.temp_dir, binary_name) + dest_path = os.path.join(self.bin_dir, binary_name) + incoming_checksum = self.module.run_command(['sha256sum', src_path])[1] + if not os.path.exists(dest_path) or self.module.run_command(['sha256sum', dest_path])[1] != incoming_checksum: + shutil.move(src_path, dest_path) + self.output.append("Moved %s to %s." % (src_path, dest_path)) + self.changed = True + + +def main(): + module = AnsibleModule( + argument_spec=dict( + image=dict(required=True), + tag=dict(required=True), + ), + supports_check_mode=True + ) + + image = module.params['image'] + tag = module.params['tag'] + + binary_syncer = BinarySyncer(module, image, tag) + + try: + binary_syncer.sync() + except BinarySyncError as ex: + module.fail_json(msg=ex.msg) + + return module.exit_json(changed=binary_syncer.changed, + output=binary_syncer.output) + + +if __name__ == '__main__': + main() diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 4d6219b94..11c73b25c 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -6,24 +6,14 @@ - name: Pull CLI Image command: > docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" when: openshift.common.is_containerized | bool -- name: Create /usr/local/bin/openshift cli wrapper - template: - src: openshift.j2 - dest: /usr/local/bin/openshift - mode: 0755 - when: openshift.common.is_containerized | bool - -- name: Create client symlinks - file: - path: "{{ item }}" - state: link - src: /usr/local/bin/openshift - with_items: - - /usr/local/bin/oadm - - /usr/local/bin/oc - - /usr/local/bin/kubectl +- name: Copy client binaries/symlinks out of CLI image for use on the host + openshift_container_binary_sync: + image: "{{ openshift.common.cli_image }}" + tag: "{{ openshift_image_tag }}" when: openshift.common.is_containerized | bool - name: Reload facts to pick up installed OpenShift version diff --git a/roles/openshift_cli/templates/openshift.j2 b/roles/openshift_cli/templates/openshift.j2 deleted file mode 100644 index 7786acead..000000000 --- a/roles/openshift_cli/templates/openshift.j2 +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -if [ ! -d ~/.kube ]; then - mkdir -m 0700 ~/.kube -fi -cmd=`basename $0` -user=`id -u` -group=`id -g` -image_tag="{{ openshift_image_tag }}" - ->&2 echo """ -================================================================================ -ATTENTION: You are running ${cmd} via a wrapper around 'docker run {{ openshift.common.cli_image }}:${image_tag}'. -This wrapper is intended only to be used to bootstrap an environment. Please -install client tools on another host once you have granted cluster-admin -privileges to a user. -{% if openshift.common.deployment_type in ['openshift-enterprise','atomic-enterprise'] %} -See https://docs.openshift.com/enterprise/latest/cli_reference/get_started_cli.html -{% else %} -See https://docs.openshift.org/latest/cli_reference/get_started_cli.html -{% endif %} -================================================================================= -""" - -if [ -n "$image_tag" ]; then - image_tag=":$image_tag" -fi - -docker run -i --privileged --net=host --user=${user}:${group} -v ~/.kube:/root/.kube -v /tmp:/tmp -v {{ openshift.common.config_base}}:{{ openshift.common.config_base }} -e KUBECONFIG=/root/.kube/config --entrypoint ${cmd} --rm {{ openshift.common.cli_image }}${image_tag} "${@}" diff --git a/roles/openshift_cluster_metrics/README.md b/roles/openshift_cluster_metrics/README.md deleted file mode 100644 index 9fdfab8e3..000000000 --- a/roles/openshift_cluster_metrics/README.md +++ /dev/null @@ -1,36 +0,0 @@ -#openshift_cluster_metrics - -This role configures Cluster wide metrics. It does setting up three services: -* Metrics are stored in InfluxDB for querying. -* Heapster reads all nodes and pods from the master, then connects to eachs node's kubelet to retrieve pod metrics. -* Grafan allows users to create dashboards of metrics from InfluxDB - -## Requirements - -Running OpenShift cluster - -## Role Variables - -``` -# Enable cluster metrics -use_cluster_metrics=true -``` - -## Dependencies - -None - -## Example Playbook - -TODO - -## Security Note -Opening up the read-only port exposes information about the running pods (such as namespace, pod name, labels, etc.) to unauthenticated clients. The requirement to open up this read-only port will be fixed in future versions. - -##License - -Apache License, Version 2.0 - -## Author Information - -Diego Castro (diego.castro@getupcloud.com) diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml deleted file mode 100644 index bff422efc..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: - - - apiVersion: "v1" - kind: "Service" - metadata: - labels: - provider: "fabric8" - component: "grafana" - name: "grafana" - spec: - ports: - - - port: 80 - targetPort: "http" - selector: - provider: "fabric8" - component: "grafana" - - - apiVersion: "v1" - kind: "ReplicationController" - metadata: - labels: - provider: "fabric8" - component: "grafana" - name: "grafana" - spec: - replicas: 1 - selector: - provider: "fabric8" - component: "grafana" - template: - metadata: - labels: - provider: "fabric8" - component: "grafana" - spec: - containers: - - - env: - - - name: "INFLUXDB_SERVICE_NAME" - value: "INFLUXDB_MONITORING" - - - name: "GRAFANA_DEFAULT_DASHBOARD" - value: "/dashboard/file/kubernetes.json" - image: "fabric8/grafana:1.9.1_2" - name: "grafana" - ports: - - - containerPort: 3000 - name: "http"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml deleted file mode 100644 index 1de2ad699..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: heapster
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml deleted file mode 100644 index 83e314074..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: - - - apiVersion: "v1" - kind: "ReplicationController" - metadata: - labels: - provider: "fabric8" - component: "heapster" - name: "heapster" - spec: - replicas: 1 - selector: - provider: "fabric8" - component: "heapster" - template: - metadata: - labels: - provider: "fabric8" - component: "heapster" - spec: - containers: - - - args: - - "-source=kubernetes:https://kubernetes.default.svc.cluster.local?auth=&insecure=true&useServiceAccount=true" - - "-sink=influxdb:http://influxdb-monitoring.default.svc.cluster.local:8086" - image: "kubernetes/heapster:V0.14.2" - name: "heapster" - serviceAccount: "heapster"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml deleted file mode 100644 index 6f67c3d7c..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: - - - apiVersion: "v1" - kind: "Service" - metadata: - labels: - provider: "fabric8" - component: "influxdb-monitoring" - name: "influxdb-monitoring" - spec: - ports: - - - port: 8086 - targetPort: "http" - selector: - provider: "fabric8" - component: "influxdb-monitoring" - - - apiVersion: "v1" - kind: "ReplicationController" - metadata: - labels: - provider: "fabric8" - component: "influxdb-monitoring" - name: "influxdb-monitoring" - spec: - replicas: 1 - selector: - provider: "fabric8" - component: "influxdb-monitoring" - template: - metadata: - labels: - provider: "fabric8" - component: "influxdb-monitoring" - spec: - containers: - - - env: - - - name: "PRE_CREATE_DB" - value: "k8s;grafana" - image: "fabric8/influxdb:0.8.8" - name: "influxdb" - ports: - - - containerPort: 8090 - name: "raft" - - - containerPort: 8099 - name: "protobuf" - - - containerPort: 8083 - name: "admin" - - - containerPort: 8086 - name: "http" - volumeMounts: - - - mountPath: "/data" - name: "influxdb-data" - volumes: - - - emptyDir: - name: "influxdb-data"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/tasks/main.yml b/roles/openshift_cluster_metrics/tasks/main.yml deleted file mode 100644 index 1fc8a074a..000000000 --- a/roles/openshift_cluster_metrics/tasks/main.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- - -- name: Install cluster metrics templates - copy: - src: cluster-metrics - dest: /etc/origin/ - -- name: Create InfluxDB Services - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/influxdb.yaml - register: oex_influxdb_services - failed_when: "'already exists' not in oex_influxdb_services.stderr and oex_influxdb_services.rc != 0" - changed_when: false - -- name: Create Heapster Service Account - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/heapster-serviceaccount.yaml - register: oex_heapster_serviceaccount - failed_when: "'already exists' not in oex_heapster_serviceaccount.stderr and oex_heapster_serviceaccount.rc != 0" - changed_when: false - -- name: Add cluster-reader role to Heapster - command: > - {{ openshift.common.admin_binary }} policy - add-cluster-role-to-user - cluster-reader - system:serviceaccount:default:heapster - register: oex_cluster_header_role - failed_when: "'already exists' not in oex_cluster_header_role.stderr and oex_cluster_header_role.rc != 0" - changed_when: false - -- name: Create Heapster Services - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/heapster.yaml - register: oex_heapster_services - failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0" - changed_when: false - -- name: Create Grafana Services - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/grafana.yaml - register: oex_grafana_services - failed_when: "'already exists' not in oex_grafana_services.stderr and oex_grafana_services.rc != 0" - changed_when: false - diff --git a/roles/openshift_examples/README.md b/roles/openshift_examples/README.md index 6ddbe7017..8cc479c73 100644 --- a/roles/openshift_examples/README.md +++ b/roles/openshift_examples/README.md @@ -25,7 +25,7 @@ Role Variables |-------------------------------------|-----------------------------------------------------|------------------------------------------| | openshift_examples_load_centos | true when openshift_deployment_typenot 'enterprise' | Load centos image streams | | openshift_examples_load_rhel | true if openshift_deployment_type is 'enterprise' | Load rhel image streams | -| openshift_examples_load_db_templates| true | Loads databcase templates | +| openshift_examples_load_db_templates| true | Loads database templates | | openshift_examples_load_quickstarts | true | Loads quickstarts ie: nodejs, rails, etc | | openshift_examples_load_xpaas | false | Loads xpass streams and templates | diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index 14a7cb56e..d80e7f086 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -1,9 +1,46 @@ --- -- name: Copy openshift examples - copy: - src: "examples/{{ content_version }}/" +###################################################################### +# Copying Examples +# +# We used to use the copy module to transfer the openshift examples to +# the remote. Then it started taking more than a minute to transfer +# the files. As noted in the module: +# +# "The 'copy' module recursively copy facility does not scale to +# lots (>hundreds) of files." +# +# The `synchronize` module is suggested as an alternative, we can't +# use it either due to changes introduced in Ansible 2.x. +- name: Create local temp dir for OpenShift examples copy + local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX + become: False + register: copy_examples_mktemp + run_once: True + +- name: Create tar of OpenShift examples + local_action: command tar -C "{{ role_path }}/files/examples/{{ content_version }}/" -cvf "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar" . + become: False + register: copy_examples_tar + +- name: Create the remote OpenShift examples directory + file: + dest: "{{ examples_base }}" + state: directory + mode: 0755 + +- name: Unarchive the OpenShift examples on the remote + unarchive: + src: "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar" dest: "{{ examples_base }}/" +- name: Cleanup the OpenShift Examples temp dir + become: False + local_action: file dest="{{ copy_examples_mktemp.stdout }}" state=absent + +# Done copying examples +###################################################################### +# Begin image streams + - name: Modify registry paths if registry_url is not registry.access.redhat.com shell: > find {{ examples_base }} -type f | xargs -n 1 sed -i 's|registry.access.redhat.com|{{ registry_host | quote }}|g' diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 54bdbc775..659f4eba6 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -480,23 +480,6 @@ def set_selectors(facts): return facts -def set_metrics_facts_if_unset(facts): - """ Set cluster metrics facts if not already present in facts dict - dict: the facts dict updated with the generated cluster metrics facts if - missing - Args: - facts (dict): existing facts - Returns: - dict: the facts dict updated with the generated cluster metrics - facts if they were not already present - - """ - if 'common' in facts: - if 'use_cluster_metrics' not in facts['common']: - use_cluster_metrics = False - facts['common']['use_cluster_metrics'] = use_cluster_metrics - return facts - def set_dnsmasq_facts_if_unset(facts): """ Set dnsmasq facts if not already present in facts Args: @@ -1674,7 +1657,6 @@ class OpenShiftFacts(object): facts = set_nuage_facts_if_unset(facts) facts = set_node_schedulability(facts) facts = set_selectors(facts) - facts = set_metrics_facts_if_unset(facts) facts = set_identity_providers_if_unset(facts) facts = set_sdn_facts_if_unset(facts, self.system_facts) facts = set_deployment_facts_if_unset(facts) diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 2aca35ce1..4dbbd7f45 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -1,9 +1,4 @@ --- -- name: Verify Ansible version is greater than or equal to 2.1.0.0 - fail: - msg: "Unsupported ansible version: {{ ansible_version.full }} found" - when: not ansible_version.full | version_compare('2.1.0.0', 'ge') - - name: Detecting Operating System stat: path: /run/ostree-booted diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index a242ce30f..08c7e944e 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -9,7 +9,22 @@ when: openshift.hosted.registry.replicas | default(none) is none - set_fact: - replicas: "{{ openshift.hosted.registry.replicas | default(((openshift_hosted_registry_nodes_json.stdout | from_json)['items'] | length) if openshift.hosted.registry.storage.kind | default(none) is not none else 1) }}" + l_node_count: "{{ (openshift_hosted_registry_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length }}" + +# Determine the default number of registry/router replicas to use if no count +# has been specified. +# If no registry nodes defined, the default should be 0. +- set_fact: + l_default_replicas: 0 + when: l_node_count | int == 0 + +# If registry nodes are defined and the registry storage kind is defined, default should be the number of registry nodes, otherwise just 1: +- set_fact: + l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}" + when: l_node_count | int > 0 + +- set_fact: + replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}" - name: Create OpenShift registry command: > @@ -32,9 +47,10 @@ register: openshift_hosted_registry_results changed_when: "'service exists' not in openshift_hosted_registry_results.stdout" failed_when: "openshift_hosted_registry_results.rc != 0 and 'service exists' not in openshift_hosted_registry_results.stdout and 'deployment_config' not in openshift_hosted_registry_results.stderr and 'service' not in openshift_hosted_registry_results.stderr" + when: replicas | int > 0 - include: storage/object_storage.yml - when: openshift.hosted.registry.storage.kind | default(none) == 'object' + when: replicas | int > 0 and openshift.hosted.registry.storage.kind | default(none) == 'object' - include: storage/persistent_volume.yml - when: openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack'] + when: replicas | int > 0 and openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack'] diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index 95f0617dc..d0a129c95 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -1,7 +1,7 @@ --- - fail: msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable." - when: openshift_hosted_router_certificate is defined and ('certfile' not in openshift_hosted_router_certificate or 'keyfile' not in openshift_hosted_router_certificate or 'cafile' not in openshift_hosted_router_certificate) + when: openshift_hosted_router_certificate is defined and ('certfile' not in openshift_hosted_router_certificate or 'keyfile' not in openshift_hosted_router_certificate or 'cafile' not in openshift_hosted_router_certificate) - name: Read router certificate and key become: no @@ -32,7 +32,7 @@ content: "{{ openshift.hosted.router.certificate.contents }}" dest: "{{ openshift_master_config_dir }}/openshift-router.pem" mode: 0600 - when: openshift.hosted.router.certificate | default(none) is not none + when: "'certificate' in openshift.hosted.router and 'contents' in openshift.hosted.router.certificate" - name: Retrieve list of openshift nodes matching router selector command: > @@ -44,7 +44,7 @@ when: openshift.hosted.router.replicas | default(none) is none - set_fact: - replicas: "{{ openshift.hosted.router.replicas | default((openshift_hosted_router_nodes_json.stdout | from_json)['items'] | length) }}" + replicas: "{{ openshift.hosted.router.replicas | default((openshift_hosted_router_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length) }}" - name: Create OpenShift router command: > @@ -53,7 +53,7 @@ {% if replicas > 1 -%} --replicas={{ replicas }} {% endif -%} - {% if openshift.hosted.router.certificate | default(none) is not none -%} + {% if 'certificate' in openshift.hosted.router and 'contents' in openshift.hosted.router.certificate -%} --default-cert={{ openshift_master_config_dir }}/openshift-router.pem {% endif -%} --namespace={{ openshift.hosted.router.namespace | default('default') }} @@ -73,3 +73,4 @@ register: openshift_hosted_router_results changed_when: "'service exists' not in openshift_hosted_router_results.stdout" failed_when: "openshift_hosted_router_results.rc != 0 and 'service exists' not in openshift_hosted_router_results.stdout and 'deployment_config' not in openshift_hosted_router_results.stderr and 'service' not in openshift_hosted_router_results.stderr" + when: replicas | int > 0 diff --git a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 index 05e360d3b..b9a279f5f 100644 --- a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 +++ b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 @@ -7,6 +7,7 @@ global user haproxy group haproxy daemon + log /dev/log local0 info # turn on stats unix socket stats socket /var/lib/haproxy/stats diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index 0a69b3eef..be70d9102 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: Master company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.7 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,8 +13,7 @@ galaxy_info: - cloud dependencies: - role: openshift_clock -- role: openshift_docker -- role: openshift_cli +- role: openshift_master_certificates - role: openshift_cloud_provider - role: openshift_builddefaults - role: openshift_master_facts diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 7a80ed8e3..115a64aeb 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -30,6 +30,8 @@ - name: Pull master image command: > docker pull {{ openshift.master.master_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" when: openshift.common.is_containerized | bool - name: Create openshift.common.data_dir @@ -178,7 +180,10 @@ changed_when: false - name: Stop and disable non-HA master when running HA - service: name={{ openshift.common.service_type }}-master enabled=no state=stopped + service: + name: "{{ openshift.common.service_type }}-master" + enabled: no + state: stopped when: openshift_master_ha | bool and 'LoadState=not-found' not in master_svc_show.stdout - set_fact: @@ -189,9 +194,24 @@ command: systemctl mask {{ openshift.common.service_type }}-master when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and not openshift.common.is_containerized | bool -- name: Start and enable master api - service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started +- name: Start and enable master api on first master + service: + name: "{{ openshift.common.service_type }}-master-api" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname == openshift_master_hosts[0] + register: start_result + +- pause: + seconds: 15 when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' + +- name: Start and enable master api all masters + service: + name: "{{ openshift.common.service_type }}-master-api" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname != openshift_master_hosts[0] register: start_result - set_fact: @@ -210,12 +230,28 @@ until: api_available_output.stdout == 'ok' retries: 120 delay: 1 + run_once: true changed_when: false when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and master_api_service_status_changed | bool -- name: Start and enable master controller - service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started +- name: Start and enable master controller on first master + service: + name: "{{ openshift.common.service_type }}-master-controllers" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname == openshift_master_hosts[0] + register: start_result + +- pause: + seconds: 15 when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' + +- name: Start and enable master controller on all masters + service: + name: "{{ openshift.common.service_type }}-master-controllers" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname != openshift_master_hosts[0] register: start_result - set_fact: diff --git a/roles/openshift_master_ca/README.md b/roles/openshift_master_ca/README.md deleted file mode 100644 index 5b2d3601b..000000000 --- a/roles/openshift_master_ca/README.md +++ /dev/null @@ -1,34 +0,0 @@ -OpenShift Master CA -======================== - -TODO - -Requirements ------------- - -TODO - -Role Variables --------------- - -TODO - -Dependencies ------------- - -TODO - -Example Playbook ----------------- - -TODO - -License -------- - -Apache License Version 2.0 - -Author Information ------------------- - -Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml deleted file mode 100644 index ae99467f0..000000000 --- a/roles/openshift_master_ca/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Install the base package for admin tooling - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" - when: not openshift.common.is_containerized | bool - register: install_result - -- name: Reload generated facts - openshift_facts: - when: install_result | changed - -- name: Create openshift_master_config_dir if it doesn't exist - file: - path: "{{ openshift_master_config_dir }}" - state: directory - -- name: Create the master certificates if they do not already exist - command: > - {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ master_hostnames | join(',') }} - --master={{ openshift.master.api_url }} - --public-master={{ openshift.master.public_api_url }} - --cert-dir={{ openshift_master_config_dir }} --overwrite=false - when: master_certs_missing | bool diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml deleted file mode 100644 index 1f6af808c..000000000 --- a/roles/openshift_master_ca/vars/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -openshift_master_config_dir: "{{ openshift.common.config_base }}/master" -openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" -openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" -openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" diff --git a/roles/openshift_master_certificates/README.md b/roles/openshift_master_certificates/README.md index ba3d5f28c..a80d47040 100644 --- a/roles/openshift_master_certificates/README.md +++ b/roles/openshift_master_certificates/README.md @@ -1,27 +1,44 @@ OpenShift Master Certificates ======================== -TODO +This role determines if OpenShift master certificates must be created, delegates certificate creation to the `openshift_ca_host` and then deploys those certificates to master hosts which this role is being applied to. If this role is applied to the `openshift_ca_host`, certificate deployment will be skipped. Requirements ------------ -TODO - Role Variables -------------- -TODO +From `openshift_ca`: + +| Name | Default value | Description | +|---------------------------------------|---------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------| +| openshift_ca_host | None (Required) | The hostname of the system where the OpenShift CA will be (or has been) created. | + +From this role: + +| Name | Default value | Description | +|---------------------------------------|---------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------| +| openshift_generated_configs_dir | `{{ openshift.common.config_base }}/generated-configs` | Directory in which per-master generated config directories will be created on the `openshift_ca_host`. | +| openshift_master_cert_subdir | `master-{{ openshift.common.hostname }}` | Directory within `openshift_generated_configs_dir` where per-master configurations will be placed on the `openshift_ca_host`. | +| openshift_master_config_dir | `{{ openshift.common.config_base }}/master` | Master configuration directory in which certificates will be deployed on masters. | +| openshift_master_generated_config_dir | `{{ openshift_generated_configs_dir }}/{{ openshift_master_cert_subdir }` | Full path to the per-master generated config directory. | Dependencies ------------ -TODO +* openshift_ca Example Playbook ---------------- -TODO +``` +- name: Create OpenShift Master Certificates + hosts: masters + roles: + - role: openshift_master_certificates + openshift_ca_host: master1.example.com +``` License ------- diff --git a/roles/openshift_master_certificates/meta/main.yml b/roles/openshift_master_certificates/meta/main.yml index fd7b73b0f..dd19c8ded 100644 --- a/roles/openshift_master_certificates/meta/main.yml +++ b/roles/openshift_master_certificates/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: author: Jason DeTiberus - description: + description: OpenShift Master Certificates company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.8 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- { role: openshift_master_ca } +- role: openshift_ca diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index 394f9d381..6fb5830cf 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -1,38 +1,123 @@ --- +- set_fact: + openshift_master_certs_no_etcd: + - admin.crt + - master.kubelet-client.crt + - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}" + - master.server.crt + - openshift-master.crt + - openshift-registry.crt + - openshift-router.crt + - etcd.server.crt + openshift_master_certs_etcd: + - master.etcd-client.crt + +- set_fact: + openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd )) if openshift_master_etcd_hosts | length > 0 else openshift_master_certs_no_etcd }}" + +- name: Check status of master certificates + stat: + path: "{{ openshift_master_config_dir }}/{{ item }}" + with_items: + - "{{ openshift_master_certs }}" + register: g_master_cert_stat_result + +- set_fact: + master_certs_missing: "{{ False in (g_master_cert_stat_result.results + | oo_collect(attribute='stat.exists') + | list) }}" + - name: Ensure the generated_configs directory present file: - path: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}" + path: "{{ openshift_master_generated_config_dir }}" state: directory mode: 0700 - with_items: "{{ masters_needing_certs | default([]) }}" + when: master_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" - file: - src: "{{ openshift_master_config_dir }}/{{ item.1 }}" - dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" + src: "{{ openshift_master_config_dir }}/{{ item }}" + dest: "{{ openshift_master_generated_config_dir }}/{{ item }}" state: hard - with_nested: - - "{{ masters_needing_certs | default([]) }}" - - - - ca.crt - - ca.key - - ca.serial.txt + with_items: + - ca.crt + - ca.key + - ca.serial.txt + when: master_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" - name: Create the master certificates if they do not already exist command: > {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ item.openshift.common.all_hostnames | join(',') }} - --master={{ item.openshift.master.api_url }} - --public-master={{ item.openshift.master.public_api_url }} - --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }} + --hostnames={{ openshift.common.all_hostnames | join(',') }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.public_api_url }} + --cert-dir={{ openshift_master_generated_config_dir }} --overwrite=false - when: item.master_certs_missing | bool - with_items: "{{ masters_needing_certs | default([]) }}" + when: master_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" - file: - src: "{{ openshift_master_config_dir }}/{{ item.1 }}" - dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" + src: "{{ openshift_master_config_dir }}/{{ item }}" + dest: "{{ openshift_master_generated_config_dir }}/{{ item }}" state: hard force: true - with_nested: - - "{{ masters_needing_certs | default([]) }}" + with_items: - "{{ hostvars[inventory_hostname] | certificates_to_synchronize }}" + when: master_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" + +- name: Remove generated etcd client certs when using external etcd + file: + path: "{{ openshift_master_generated_config_dir }}/{{ item }}" + state: absent + when: openshift_master_etcd_hosts | length > 0 + with_items: + - master.etcd-client.crt + - master.etcd-client.key + delegate_to: "{{ openshift_ca_host }}" + +- name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX + register: g_master_mktemp + changed_when: False + when: master_certs_missing | bool + delegate_to: localhost + become: no + +- name: Create a tarball of the master certs + command: > + tar -czvf {{ openshift_master_generated_config_dir }}.tgz + -C {{ openshift_master_generated_config_dir }} . + args: + creates: "{{ openshift_master_generated_config_dir }}.tgz" + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host + delegate_to: "{{ openshift_ca_host }}" + +- name: Retrieve the master cert tarball from the master + fetch: + src: "{{ openshift_master_generated_config_dir }}.tgz" + dest: "{{ g_master_mktemp.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host + delegate_to: "{{ openshift_ca_host }}" + +- name: Ensure certificate directory exists + file: + path: "{{ openshift_master_config_dir }}" + state: directory + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host + +- name: Unarchive the tarball on the master + unarchive: + src: "{{ g_master_mktemp.stdout }}/{{ openshift_master_cert_subdir }}.tgz" + dest: "{{ openshift_master_config_dir }}" + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host + +- file: name={{ g_master_mktemp.stdout }} state=absent + changed_when: False + when: master_certs_missing | bool + delegate_to: localhost + become: no diff --git a/roles/openshift_master_certificates/vars/main.yml b/roles/openshift_master_certificates/vars/main.yml index 3f18ddc79..66f2e5162 100644 --- a/roles/openshift_master_certificates/vars/main.yml +++ b/roles/openshift_master_certificates/vars/main.yml @@ -1,3 +1,5 @@ --- openshift_generated_configs_dir: "{{ openshift.common.config_base }}/generated-configs" +openshift_master_cert_subdir: "master-{{ openshift.common.hostname }}" openshift_master_config_dir: "{{ openshift.common.config_base }}/master" +openshift_master_generated_config_dir: "{{ openshift_generated_configs_dir }}/{{ openshift_master_cert_subdir }}" diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 97ab8241b..fd493340b 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: OpenShift Node company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.7 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -14,6 +14,7 @@ galaxy_info: dependencies: - role: openshift_clock - role: openshift_docker +- role: openshift_node_certificates - role: openshift_cloud_provider - role: openshift_common - role: openshift_node_dnsmasq diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 97a21544d..889541e25 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -41,11 +41,15 @@ - name: Pull node image command: > docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" when: openshift.common.is_containerized | bool - name: Pull OpenVSwitch image command: > docker pull {{ openshift.node.ovs_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool - name: Install the systemd units @@ -129,12 +133,12 @@ service: name={{ openshift.common.service_type }}-node enabled=yes state=started register: node_start_result ignore_errors: yes - + - name: Wait 30 seconds for docker initialization whenever node has failed pause: seconds: 30 when: node_start_result | failed - + - name: Start and enable node again service: name={{ openshift.common.service_type }}-node enabled=yes state=started register: node_start_result diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 9ba1a01dd..a37770c4a 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -34,7 +34,6 @@ servingInfo: clientCA: ca.crt keyFile: server.key volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes -{% include 'partials/kubeletArguments.j2' %} proxyArguments: proxy-mode: - {{ openshift.node.proxy_mode }} diff --git a/roles/openshift_node/templates/partials/kubeletArguments.j2 b/roles/openshift_node/templates/partials/kubeletArguments.j2 deleted file mode 100644 index 6c3bd04c5..000000000 --- a/roles/openshift_node/templates/partials/kubeletArguments.j2 +++ /dev/null @@ -1,5 +0,0 @@ -{% if openshift.common.use_cluster_metrics | bool %} -kubeletArguments: - "read-only-port": - - "10255" -{% endif %}
\ No newline at end of file diff --git a/roles/openshift_node_certificates/README.md b/roles/openshift_node_certificates/README.md index 6264d253a..f56066b29 100644 --- a/roles/openshift_node_certificates/README.md +++ b/roles/openshift_node_certificates/README.md @@ -1,27 +1,44 @@ -OpenShift/Atomic Enterprise Node Certificates -============================================= +OpenShift Node Certificates +=========================== -TODO +This role determines if OpenShift node certificates must be created, delegates certificate creation to the `openshift_ca_host` and then deploys those certificates to node hosts which this role is being applied to. Requirements ------------ -TODO - Role Variables -------------- -TODO +From `openshift_ca`: + +| Name | Default value | Description | +|-------------------------------------|-------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------| +| openshift_ca_host | None (Required) | The hostname of the system where the OpenShift CA will be (or has been) created. | + +From this role: + +| Name | Default value | Description | +|-------------------------------------|-------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------| +| openshift_generated_configs_dir | `{{ openshift.common.config_base }}/generated-configs` | Directory in which per-node generated config directories will be created on the `openshift_ca_host`. | +| openshift_node_cert_subdir | `node-{{ openshift.common.hostname }}` | Directory within `openshift_generated_configs_dir` where per-node certificates will be placed on the `openshift_ca_host`. | +| openshift_node_config_dir | `{{ openshift.common.config_base }}/node` | Node configuration directory in which certificates will be deployed on nodes. | +| openshift_node_generated_config_dir | `{{ openshift_generated_configs_dir }}/{{ openshift_node_cert_subdir }` | Full path to the per-node generated config directory. | Dependencies ------------ -TODO +* openshift_ca Example Playbook ---------------- -TODO +``` +- name: Create OpenShift Node Certificates + hosts: nodes + roles: + - role: openshift_node_certificates + openshift_ca_host: master1.example.com +``` License ------- diff --git a/roles/openshift_node_certificates/meta/main.yml b/roles/openshift_node_certificates/meta/main.yml index f3236e850..50a862ee9 100644 --- a/roles/openshift_node_certificates/meta/main.yml +++ b/roles/openshift_node_certificates/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: author: Jason DeTiberus - description: + description: OpenShift Node Certificates company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.8 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- { role: openshift_facts } +- role: openshift_facts diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 216c11093..0e69dc6f0 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -1,36 +1,117 @@ --- -- name: Create openshift_generated_configs_dir if it doesn\'t exist +- name: Ensure CA certificate exists on openshift_ca_host + stat: + path: "{{ openshift_ca_cert }}" + register: g_ca_cert_stat_result + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- fail: + msg: > + CA certificate {{ openshift_ca_cert }} doesn't exist on CA host + {{ openshift_ca_host }}. Apply 'openshift_ca' role to + {{ openshift_ca_host }}. + when: not g_ca_cert_stat_result.stat.exists | bool + run_once: true + +- name: Check status of node certificates + stat: + path: "{{ openshift.common.config_base }}/node/{{ item }}" + with_items: + - "system:node:{{ openshift.common.hostname }}.crt" + - "system:node:{{ openshift.common.hostname }}.key" + - "system:node:{{ openshift.common.hostname }}.kubeconfig" + - ca.crt + - server.key + - server.crt + register: g_node_cert_stat_result + +- set_fact: + node_certs_missing: "{{ False in (g_node_cert_stat_result.results + | oo_collect(attribute='stat.exists') + | list) }}" + +- name: Create openshift_generated_configs_dir if it does not exist file: path: "{{ openshift_generated_configs_dir }}" state: directory mode: 0700 - when: nodes_needing_certs | length > 0 + when: node_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" - name: Generate the node client config command: > {{ openshift.common.admin_binary }} create-api-client-config - --certificate-authority={{ openshift_master_ca_cert }} - --client-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }} + --certificate-authority={{ openshift_ca_cert }} + --client-dir={{ openshift_node_generated_config_dir }} --groups=system:nodes - --master={{ openshift.master.api_url }} - --signer-cert={{ openshift_master_ca_cert }} - --signer-key={{ openshift_master_ca_key }} - --signer-serial={{ openshift_master_ca_serial }} - --user=system:node:{{ item.openshift.common.hostname }} + --master={{ hostvars[openshift_ca_host].openshift.master.api_url }} + --signer-cert={{ openshift_ca_cert }} + --signer-key={{ openshift_ca_key }} + --signer-serial={{ openshift_ca_serial }} + --user=system:node:{{ openshift.common.hostname }} args: - creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" - with_items: "{{ nodes_needing_certs | default([]) }}" + creates: "{{ openshift_node_generated_config_dir }}" + when: node_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" - name: Generate the node server certificate command: > {{ openshift.common.admin_binary }} ca create-server-cert - --cert={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt - --key={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.key + --cert={{ openshift_node_generated_config_dir }}/server.crt + --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key --overwrite=true - --hostnames={{ item.openshift.common.all_hostnames |join(",") }} - --signer-cert={{ openshift_master_ca_cert }} - --signer-key={{ openshift_master_ca_key }} - --signer-serial={{ openshift_master_ca_serial }} + --hostnames={{ openshift.common.all_hostnames |join(",") }} + --signer-cert={{ openshift_ca_cert }} + --signer-key={{ openshift_ca_key }} + --signer-serial={{ openshift_ca_serial }} + args: + creates: "{{ openshift_node_generated_config_dir }}/server.crt" + when: node_certs_missing | bool + delegate_to: "{{ openshift_ca_host}}" + +- name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX + register: node_cert_mktemp + changed_when: False + when: node_certs_missing | bool + delegate_to: localhost + become: no + +- name: Create a tarball of the node config directories + command: > + tar -czvf {{ openshift_node_generated_config_dir }}.tgz + --transform 's|system:{{ openshift_node_cert_subdir }}|node|' + -C {{ openshift_node_generated_config_dir }} . args: - creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt" - with_items: "{{ nodes_needing_certs | default([]) }}" + creates: "{{ openshift_node_generated_config_dir }}.tgz" + when: node_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" + +- name: Retrieve the node config tarballs from the master + fetch: + src: "{{ openshift_node_generated_config_dir }}.tgz" + dest: "{{ node_cert_mktemp.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + when: node_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" + +- name: Ensure certificate directory exists + file: + path: "{{ openshift_node_cert_dir }}" + state: directory + when: node_certs_missing | bool + +- name: Unarchive the tarball on the node + unarchive: + src: "{{ node_cert_mktemp.stdout }}/{{ openshift_node_cert_subdir }}.tgz" + dest: "{{ openshift_node_cert_dir }}" + when: node_certs_missing | bool + +- file: name={{ node_cert_mktemp.stdout }} state=absent + changed_when: False + when: node_certs_missing | bool + delegate_to: localhost + become: no diff --git a/roles/openshift_node_certificates/vars/main.yml b/roles/openshift_node_certificates/vars/main.yml index 61fbb1e51..17ad8106d 100644 --- a/roles/openshift_node_certificates/vars/main.yml +++ b/roles/openshift_node_certificates/vars/main.yml @@ -1,7 +1,11 @@ --- -openshift_node_config_dir: "{{ openshift.common.config_base }}/node" -openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_generated_configs_dir: "{{ openshift.common.config_base }}/generated-configs" -openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" -openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" -openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" +openshift_node_cert_dir: "{{ openshift.common.config_base }}/node" +openshift_node_cert_subdir: "node-{{ openshift.common.hostname }}" +openshift_node_config_dir: "{{ openshift.common.config_base }}/node" +openshift_node_generated_config_dir: "{{ openshift_generated_configs_dir }}/{{ openshift_node_cert_subdir }}" + +openshift_ca_config_dir: "{{ openshift.common.config_base }}/master" +openshift_ca_cert: "{{ openshift_ca_config_dir }}/ca.crt" +openshift_ca_key: "{{ openshift_ca_config_dir }}/ca.key" +openshift_ca_serial: "{{ openshift_ca_config_dir }}/ca.serial.txt" diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index 0a134f557..6e5d2b22c 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -76,5 +76,12 @@ # We can't map an openshift_release to full rpm version like we can with containers, make sure # the rpm version we looked up matches the release requested and error out if not. - fail: - msg: "Detected openshift version {{ openshift_version }} does not match requested openshift_release {{ openshift_release }}. You may need to adjust your yum repositories or specify an exact openshift_pkg_version." + msg: "Detected OpenShift version {{ openshift_version }} does not match requested openshift_release {{ openshift_release }}. You may need to adjust your yum repositories, inventory, or run the appropriate OpenShift upgrade playbook." when: not is_containerized | bool and openshift_release is defined and not openshift_version.startswith(openshift_release) | bool + +# The end result of these three variables is quite important so make sure they are displayed and logged: +- debug: var=openshift_release + +- debug: var=openshift_image_tag + +- debug: var=openshift_pkg_version diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py index d052ad852..9fbb61a46 100644 --- a/utils/src/ooinstall/cli_installer.py +++ b/utils/src/ooinstall/cli_installer.py @@ -322,9 +322,7 @@ Note: Containerized storage hosts are not currently supported. else: host_props['connect_to'] = hostname_or_ip host_props['preconfigured'] = False - host_props['master'] = False - host_props['node'] = False - host_props['storage'] = True + host_props['roles'] = ['storage'] storage = Host(**host_props) hosts.append(storage) @@ -512,13 +510,6 @@ def error_if_missing_info(oo_cfg): sys.exit(1) oo_cfg.settings['variant_version'] = version.name - missing_facts = oo_cfg.calc_missing_facts() - if len(missing_facts) > 0: - missing_info = True - click.echo('For unattended installs, facts must be provided for all masters/nodes:') - for host in missing_facts: - click.echo('Host "%s" missing facts: %s' % (host, ", ".join(missing_facts[host]))) - # check that all listed host roles are included listed_roles = get_host_roles_set(oo_cfg) configured_roles = set([role for role in oo_cfg.deployment.roles]) @@ -991,7 +982,7 @@ def install(ctx, force, gen_inventory): # TODO: if there are *new* nodes and this is a live install, we may need the user # to confirm the settings for new nodes. Look into this once we're distinguishing # between new and pre-existing nodes. - if len(oo_cfg.calc_missing_facts()) > 0: + if not ctx.obj['unattended'] and len(oo_cfg.calc_missing_facts()) > 0: confirm_hosts_facts(oo_cfg, callback_facts) # Write quick installer config file to disk: diff --git a/utils/src/ooinstall/oo_config.py b/utils/src/ooinstall/oo_config.py index cfea44b62..e37892c9b 100644 --- a/utils/src/ooinstall/oo_config.py +++ b/utils/src/ooinstall/oo_config.py @@ -56,6 +56,8 @@ class Host(object): # allowable roles: master, node, etcd, storage, master_lb, new self.roles = kwargs.get('roles', []) + self.other_variables = kwargs.get('other_variables', {}) + if self.connect_to is None: raise OOConfigInvalidHostError( "You must specify either an ip or hostname as 'connect_to'") @@ -71,7 +73,8 @@ class Host(object): d = {} for prop in ['ip', 'hostname', 'public_ip', 'public_hostname', 'connect_to', - 'preconfigured', 'containerized', 'schedulable', 'roles', 'node_labels']: + 'preconfigured', 'containerized', 'schedulable', 'roles', 'node_labels', + 'other_variables']: # If the property is defined (not None or False), export it: if getattr(self, prop): d[prop] = getattr(self, prop) @@ -315,6 +318,9 @@ class OOConfig(object): for host in self.deployment.hosts: p_settings['deployment']['hosts'].append(host.to_dict()) + for name, role in self.deployment.roles.iteritems(): + p_settings['deployment']['roles'][name] = role.variables + try: p_settings['variant'] = self.settings['variant'] p_settings['variant_version'] = self.settings['variant_version'] diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py index 8f7cf07e7..bcf06b599 100644 --- a/utils/src/ooinstall/openshift_ansible.py +++ b/utils/src/ooinstall/openshift_ansible.py @@ -49,23 +49,7 @@ def generate_inventory(hosts): write_inventory_vars(base_inventory, multiple_masters, proxy) - # Find the correct deployment type for ansible: - ver = find_variant(CFG.settings['variant'], - version=CFG.settings.get('variant_version', None))[1] - base_inventory.write('deployment_type={}\n'.format(ver.ansible_key)) - if 'OO_INSTALL_ADDITIONAL_REGISTRIES' in os.environ: - base_inventory.write('openshift_docker_additional_registries={}\n' - .format(os.environ['OO_INSTALL_ADDITIONAL_REGISTRIES'])) - if 'OO_INSTALL_INSECURE_REGISTRIES' in os.environ: - base_inventory.write('openshift_docker_insecure_registries={}\n' - .format(os.environ['OO_INSTALL_INSECURE_REGISTRIES'])) - if 'OO_INSTALL_PUDDLE_REPO' in os.environ: - # We have to double the '{' here for literals - base_inventory.write("openshift_additional_repos=[{{'id': 'ose-devel', " - "'name': 'ose-devel', " - "'baseurl': '{}', " - "'enabled': 1, 'gpgcheck': 0}}]\n".format(os.environ['OO_INSTALL_PUDDLE_REPO'])) base_inventory.write('\n[masters]\n') for master in masters: @@ -133,6 +117,7 @@ def write_inventory_children(base_inventory, multiple_masters, proxy, scaleup): if not getattr(proxy, 'preconfigured', True): base_inventory.write('lb\n') +# pylint: disable=too-many-branches def write_inventory_vars(base_inventory, multiple_masters, proxy): global CFG base_inventory.write('\n[OSEv3:vars]\n') @@ -162,9 +147,28 @@ def write_inventory_vars(base_inventory, multiple_masters, proxy): write_proxy_settings(base_inventory) + # Find the correct deployment type for ansible: + ver = find_variant(CFG.settings['variant'], + version=CFG.settings.get('variant_version', None))[1] + base_inventory.write('deployment_type={}\n'.format(ver.ansible_key)) + + if 'OO_INSTALL_ADDITIONAL_REGISTRIES' in os.environ: + base_inventory.write('openshift_docker_additional_registries={}\n' + .format(os.environ['OO_INSTALL_ADDITIONAL_REGISTRIES'])) + if 'OO_INSTALL_INSECURE_REGISTRIES' in os.environ: + base_inventory.write('openshift_docker_insecure_registries={}\n' + .format(os.environ['OO_INSTALL_INSECURE_REGISTRIES'])) + if 'OO_INSTALL_PUDDLE_REPO' in os.environ: + # We have to double the '{' here for literals + base_inventory.write("openshift_additional_repos=[{{'id': 'ose-devel', " + "'name': 'ose-devel', " + "'baseurl': '{}', " + "'enabled': 1, 'gpgcheck': 0}}]\n".format(os.environ['OO_INSTALL_PUDDLE_REPO'])) + for name, role_obj in CFG.deployment.roles.iteritems(): if role_obj.variables: - base_inventory.write("{}:vars".format(name)) + group_name = ROLES_TO_GROUPS_MAP.get(name, name) + base_inventory.write("\n[{}:vars]\n".format(group_name)) for variable, value in role_obj.variables.iteritems(): inventory_var = VARIABLES_MAP.get(variable, variable) if value: @@ -190,6 +194,7 @@ def write_proxy_settings(base_inventory): pass +# pylint: disable=too-many-branches def write_host(host, inventory, schedulable=None): global CFG @@ -204,6 +209,11 @@ def write_host(host, inventory, schedulable=None): facts += ' openshift_public_hostname={}'.format(host.public_hostname) if host.containerized: facts += ' containerized={}'.format(host.containerized) + if host.other_variables: + for variable, value in host.other_variables.iteritems(): + facts += " {}={}".format(variable, value) + if host.node_labels: + facts += ' openshift_node_labels="{}"'.format(host.node_labels) # Distinguish between three states, no schedulability specified (use default), # explicitly set to True, or explicitly set to False: |