diff options
16 files changed, 82 insertions, 59 deletions
diff --git a/playbooks/adhoc/bootstrap-fedora.yml b/playbooks/adhoc/bootstrap-fedora.yml index 0df77e309..471c41f16 100644 --- a/playbooks/adhoc/bootstrap-fedora.yml +++ b/playbooks/adhoc/bootstrap-fedora.yml @@ -1,5 +1,4 @@ - hosts: OSEv3 - gather_facts: false tasks: - name: install python and deps for ansible modules raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 3f5c37dde..049ac997c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -501,6 +501,7 @@ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings --exclude-groups=system:authenticated + --exclude-groups=system:authenticated:oauth --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml index 81dbba1e3..dbf746f12 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml @@ -109,6 +109,7 @@ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings --exclude-groups=system:authenticated + --exclude-groups=system:authenticated:oauth --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml index ebe9f0ad9..b00352539 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml @@ -94,6 +94,16 @@ - set_fact: ips: "{{ scratch_ip.results | default([]) | oo_collect('stdout') }}" +- set_fact: + node_label: + type: "{{ g_sub_host_type }}" + when: instances | length > 0 and type == "node" + +- set_fact: + node_label: + type: "{{ type }}" + when: instances | length > 0 and type != "node" + - name: Add new instances add_host: hostname: '{{ item.0 }}' @@ -101,6 +111,7 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: "tag_environment-{{ cluster_env }}, tag_host-type-{{ type }}, tag_sub-host-type-{{ g_sub_host_type }}, tag_clusterid-{{ cluster_id }}" + openshift_node_labels: "{{ node_label }}" with_together: - instances - ips diff --git a/playbooks/libvirt/openshift-cluster/templates/user-data b/playbooks/libvirt/openshift-cluster/templates/user-data index e0c966e45..ead881f78 100644 --- a/playbooks/libvirt/openshift-cluster/templates/user-data +++ b/playbooks/libvirt/openshift-cluster/templates/user-data @@ -3,7 +3,6 @@ disable_root: true hostname: {{ item[0] }} fqdn: {{ item[0] }}.example.com -manage_etc_hosts: true users: - default diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index 2187cefed..e9b9cf540 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -75,6 +75,8 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_etcd, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "etcd" with_together: - parsed_outputs.etcd_names - parsed_outputs.etcd_ips @@ -87,6 +89,8 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_master, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "master" with_together: - parsed_outputs.master_names - parsed_outputs.master_ips @@ -99,6 +103,8 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_compute, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "compute" with_together: - parsed_outputs.node_names - parsed_outputs.node_ips @@ -111,6 +117,8 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_infra, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "infra" with_together: - parsed_outputs.infra_names - parsed_outputs.infra_ips diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml index 635d8a419..5d133cf16 100644 --- a/roles/nuage_master/handlers/main.yaml +++ b/roles/nuage_master/handlers/main.yaml @@ -1,7 +1,7 @@ --- -- name: restart nuagekubemon +- name: restart nuage-openshift-monitor sudo: true - service: name=nuagekubemon state=restarted + service: name=nuage-openshift-monitor state=restarted - name: restart master service: name={{ openshift.common.service_type }}-master state=restarted diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index a7baadc76..20d105b9e 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -1,15 +1,15 @@ --- -- name: Create directory /usr/share/nuagekubemon +- name: Create directory /usr/share/nuage-openshift-monitor sudo: true - file: path=/usr/share/nuagekubemon state=directory + file: path=/usr/share/nuage-openshift-monitor state=directory - name: Create the log directory sudo: true - file: path={{ nuagekubemon_log_dir }} state=directory + file: path={{ nuage_openshift_monitor_log_dir }} state=directory -- name: Install Nuage Kubemon +- name: Install Nuage Openshift Monitor sudo: true - yum: name={{ nuage_kubemon_rpm }} state=present + yum: name={{ nuage_openshift_rpm }} state=present - name: Run the service account creation script sudo: true @@ -24,11 +24,11 @@ - nuage.key - nuage.kubeconfig -- name: Create nuagekubemon.yaml +- name: Create nuage-openshift-monitor.yaml sudo: true - template: src=nuagekubemon.j2 dest=/usr/share/nuagekubemon/nuagekubemon.yaml owner=root mode=0644 + template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644 notify: - restart master - restart master api - restart master controllers - - restart nuagekubemon + - restart nuage-openshift-monitor diff --git a/roles/nuage_master/templates/nuagekubemon.j2 b/roles/nuage_master/templates/nuage-openshift-monitor.j2 index fb586bcee..db8c3d85e 100644 --- a/roles/nuage_master/templates/nuagekubemon.j2 +++ b/roles/nuage_master/templates/nuage-openshift-monitor.j2 @@ -3,7 +3,7 @@ kubeConfig: {{ kube_config }} # name of the nuage service account, or another account with 'cluster-reader' # permissions # Openshift master config file -openshiftMasterConfig: {{ master_config_yaml }} +masterConfig: {{ master_config_yaml }} # URL of the VSD Architect vsdApiUrl: {{ vsd_api_url }} # API version to query against. Usually "v3_2" @@ -16,4 +16,4 @@ enterpriseName: {{ enterprise }} # Name of the domain in which pods will reside domainName: {{ domain }} # Location where logs should be saved -log_dir: {{ nuagekubemon_log_dir }} +log_dir: {{ nuage_openshift_monitor_log_dir }} diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml index db901fea6..c489feabe 100644 --- a/roles/nuage_master/vars/main.yaml +++ b/roles/nuage_master/vars/main.yaml @@ -1,7 +1,7 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" ca_cert: "{{ openshift_master_config_dir }}/ca.crt" admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig" -cert_output_dir: /usr/share/nuagekubemon -kube_config: /usr/share/nuagekubemon/nuage.kubeconfig -kubemon_yaml: /usr/share/nuagekubemon/nuagekubemon.yaml +cert_output_dir: /usr/share/nuage-openshift-monitor +kube_config: /usr/share/nuage-openshift-monitor/nuage.kubeconfig +kubemon_yaml: /usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml" diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml index e0117bf71..c1e49902d 100644 --- a/roles/nuage_node/tasks/main.yaml +++ b/roles/nuage_node/tasks/main.yaml @@ -22,16 +22,16 @@ - name: Copy the certificates and keys sudo: true - copy: src="/tmp/{{ item }}" dest="{{ vsp_k8s_dir }}/{{ item }}" + copy: src="/tmp/{{ item }}" dest="{{ vsp_openshift_dir }}/{{ item }}" with_items: - ca.crt - nuage.crt - nuage.key - nuage.kubeconfig -- name: Set the vsp-k8s.yaml +- name: Set the vsp-openshift.yaml sudo: true - template: src=vsp-k8s.j2 dest={{ vsp_k8s_yaml }} owner=root mode=0644 + template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644 notify: - restart vrs - restart node diff --git a/roles/nuage_node/templates/vsp-k8s.j2 b/roles/nuage_node/templates/vsp-openshift.j2 index 98d6c3a9c..98d6c3a9c 100644 --- a/roles/nuage_node/templates/vsp-k8s.j2 +++ b/roles/nuage_node/templates/vsp-openshift.j2 diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml index a6b7cf997..4975d17ed 100644 --- a/roles/nuage_node/vars/main.yaml +++ b/roles/nuage_node/vars/main.yaml @@ -1,9 +1,9 @@ --- vrs_config: /etc/default/openvswitch -vsp_k8s_dir: /usr/share/vsp-k8s -vsp_k8s_yaml: "{{ vsp_k8s_dir }}/vsp-k8s.yaml" -client_cert: "{{ vsp_k8s_dir }}/nuage.crt" -client_key: "{{ vsp_k8s_dir }}/nuage.key" -ca_cert: "{{ vsp_k8s_dir }}/ca.crt" +vsp_openshift_dir: /usr/share/vsp-openshift +vsp_openshift_yaml: "{{ vsp_openshift_dir }}/vsp-openshift.yaml" +client_cert: "{{ vsp_openshift_dir }}/nuage.crt" +client_key: "{{ vsp_openshift_dir }}/nuage.key" +ca_cert: "{{ vsp_openshift_dir }}/ca.crt" api_server: "{{ openshift_node_master_api_url }}" docker_bridge: "docker0" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 20f6cc5c8..25b9534dd 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -508,10 +508,11 @@ def set_url_facts_if_unset(facts): ports[prefix])) - r_lhn = "{0}:{1}".format(api_hostname, ports['api']).replace('.', '-') + r_lhn = "{0}:{1}".format(hostname, ports['api']).replace('.', '-') + r_lhu = "system:openshift-master/{0}:{1}".format(api_hostname, ports['api']).replace('.', '-') facts['master'].setdefault('loopback_cluster_name', r_lhn) facts['master'].setdefault('loopback_context_name', "default/{0}/system:openshift-master".format(r_lhn)) - facts['master'].setdefault('loopback_user', "system:openshift-master/{0}".format(r_lhn)) + facts['master'].setdefault('loopback_user', r_lhu) prefix_hosts = [('console', api_hostname), ('public_console', api_public_hostname)] for prefix, host in prefix_hosts: @@ -719,9 +720,9 @@ def set_version_facts_if_unset(facts): version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('1.1.1') version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('1.1.2') else: - version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('3.1.0') + version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('3.0.2.905') version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('3.1.1') - version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('3.2.0') + version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('3.1.1.901') else: version_gte_3_1_or_1_1 = True version_gte_3_1_1_or_1_1_1 = True diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 3613808b6..4aede31f6 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -240,36 +240,8 @@ - restart master api - restart master controllers -- name: Test local loopback context - command: > - {{ openshift.common.client_binary }} config view - --config={{ openshift_master_loopback_config }} - changed_when: false - register: loopback_config - -- command: > - {{ openshift.common.client_binary }} config set-cluster - --certificate-authority={{ openshift_master_config_dir }}/ca.crt - --embed-certs=true --server={{ openshift.master.loopback_api_url }} - {{ openshift.master.loopback_cluster_name }} - --config={{ openshift_master_loopback_config }} - when: loopback_context_string not in loopback_config.stdout - register: set_loopback_cluster - -- command: > - {{ openshift.common.client_binary }} config set-context - --cluster={{ openshift.master.loopback_cluster_name }} - --namespace=default --user={{ openshift.master.loopback_user }} - {{ openshift.master.loopback_context_name }} - --config={{ openshift_master_loopback_config }} - when: set_loopback_cluster | changed - register: set_loopback_context - -- command: > - {{ openshift.common.client_binary }} config use-context {{ openshift.master.loopback_context_name }} - --config={{ openshift_master_loopback_config }} - when: set_loopback_context | changed - register: set_current_context +- include: set_loopback_context.yml + when: openshift.common.version_gte_3_2_or_1_2 - name: Start and enable master service: name={{ openshift.common.service_type }}-master enabled=yes state=started diff --git a/roles/openshift_master/tasks/set_loopback_context.yml b/roles/openshift_master/tasks/set_loopback_context.yml new file mode 100644 index 000000000..9c3fb31dc --- /dev/null +++ b/roles/openshift_master/tasks/set_loopback_context.yml @@ -0,0 +1,31 @@ +--- +- name: Test local loopback context + command: > + {{ openshift.common.client_binary }} config view + --config={{ openshift_master_loopback_config }} + changed_when: false + register: loopback_config + +- command: > + {{ openshift.common.client_binary }} config set-cluster + --certificate-authority={{ openshift_master_config_dir }}/ca.crt + --embed-certs=true --server={{ openshift.master.loopback_api_url }} + {{ openshift.master.loopback_cluster_name }} + --config={{ openshift_master_loopback_config }} + when: loopback_context_string not in loopback_config.stdout + register: set_loopback_cluster + +- command: > + {{ openshift.common.client_binary }} config set-context + --cluster={{ openshift.master.loopback_cluster_name }} + --namespace=default --user={{ openshift.master.loopback_user }} + {{ openshift.master.loopback_context_name }} + --config={{ openshift_master_loopback_config }} + when: set_loopback_cluster | changed + register: set_loopback_context + +- command: > + {{ openshift.common.client_binary }} config use-context {{ openshift.master.loopback_context_name }} + --config={{ openshift_master_loopback_config }} + when: set_loopback_context | changed + register: set_current_context |