summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.pylintrc3
-rw-r--r--CONTRIBUTING.md18
-rw-r--r--filter_plugins/oo_filters.py23
-rw-r--r--openshift-ansible.spec1
-rw-r--r--playbooks/adhoc/s3_registry/s3_registry.j223
-rw-r--r--playbooks/adhoc/s3_registry/s3_registry.yml78
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml31
-rw-r--r--playbooks/byo/openshift-preflight/check.yml39
-rw-r--r--playbooks/certificate_expiry/default.yaml (renamed from roles/openshift_certificate_expiry/examples/playbooks/default.yaml)0
-rw-r--r--playbooks/certificate_expiry/easy-mode.yaml (renamed from roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml)3
-rw-r--r--playbooks/certificate_expiry/html_and_json_default_paths.yaml (renamed from roles/openshift_certificate_expiry/examples/playbooks/html_and_json_default_paths.yaml)0
-rw-r--r--playbooks/certificate_expiry/longer-warning-period-json-results.yaml (renamed from roles/openshift_certificate_expiry/examples/playbooks/longer-warning-period-json-results.yaml)0
-rw-r--r--playbooks/certificate_expiry/longer_warning_period.yaml (renamed from roles/openshift_certificate_expiry/examples/playbooks/longer_warning_period.yaml)0
l---------playbooks/certificate_expiry/roles1
-rw-r--r--playbooks/common/openshift-cluster/openshift_hosted.yml4
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/masters.yml8
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/registry.yml35
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/router.yml12
-rw-r--r--playbooks/common/openshift-cluster/upgrades/etcd/backup.yml6
-rw-r--r--playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml15
-rw-r--r--playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml25
-rw-r--r--playbooks/common/openshift-cluster/upgrades/post_control_plane.yml93
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml45
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml45
-rw-r--r--playbooks/common/openshift-master/restart_hosts.yml16
-rw-r--r--roles/cockpit-ui/meta/main.yml2
-rw-r--r--roles/cockpit-ui/tasks/main.yml142
-rw-r--r--roles/lib_openshift/library/oadm_manage_node.py2
-rw-r--r--roles/lib_openshift/library/oc_edit.py5
-rw-r--r--roles/lib_openshift/library/oc_env.py1788
-rw-r--r--roles/lib_openshift/library/oc_label.py4
-rw-r--r--roles/lib_openshift/library/oc_obj.py5
-rw-r--r--roles/lib_openshift/library/oc_process.py5
-rw-r--r--roles/lib_openshift/library/oc_route.py3
-rw-r--r--roles/lib_openshift/library/oc_scale.py5
-rw-r--r--roles/lib_openshift/library/oc_secret.py5
-rw-r--r--roles/lib_openshift/library/oc_serviceaccount.py3
-rw-r--r--roles/lib_openshift/library/oc_serviceaccount_secret.py2
-rw-r--r--roles/lib_openshift/src/ansible/oc_env.py33
-rw-r--r--roles/lib_openshift/src/class/oadm_manage_node.py2
-rw-r--r--roles/lib_openshift/src/class/oc_edit.py5
-rw-r--r--roles/lib_openshift/src/class/oc_env.py142
-rw-r--r--roles/lib_openshift/src/class/oc_label.py4
-rw-r--r--roles/lib_openshift/src/class/oc_obj.py5
-rw-r--r--roles/lib_openshift/src/class/oc_process.py5
-rw-r--r--roles/lib_openshift/src/class/oc_route.py3
-rw-r--r--roles/lib_openshift/src/class/oc_scale.py5
-rw-r--r--roles/lib_openshift/src/class/oc_secret.py5
-rw-r--r--roles/lib_openshift/src/class/oc_serviceaccount.py3
-rw-r--r--roles/lib_openshift/src/class/oc_serviceaccount_secret.py2
-rw-r--r--roles/lib_openshift/src/doc/env83
-rw-r--r--roles/lib_openshift/src/sources.yml11
-rwxr-xr-xroles/lib_openshift/src/test/integration/oc_env.yml75
-rwxr-xr-xroles/lib_openshift/src/test/unit/oc_env.py444
-rw-r--r--roles/nuage_master/meta/main.yml1
-rw-r--r--roles/nuage_master/tasks/serviceaccount.yml16
-rw-r--r--roles/nuage_master/vars/main.yaml6
-rw-r--r--roles/openshift_certificate_expiry/README.md65
l---------roles/openshift_certificate_expiry/examples/playbooks1
-rw-r--r--roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml6
-rw-r--r--roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml6
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py43
-rw-r--r--roles/openshift_facts/tasks/main.yml104
-rw-r--r--roles/openshift_health_checker/HOWTO_CHECKS.md34
-rw-r--r--roles/openshift_health_checker/README.md45
-rw-r--r--roles/openshift_health_checker/action_plugins/openshift_health_check.py116
-rw-r--r--roles/openshift_health_checker/callback_plugins/zz_failure_summary.py (renamed from roles/openshift_preflight/verify_status/callback_plugins/zz_failure_summary.py)4
-rwxr-xr-xroles/openshift_health_checker/library/aos_version.py (renamed from roles/openshift_preflight/base/library/aos_version.py)45
-rwxr-xr-xroles/openshift_health_checker/library/check_yum_update.py (renamed from roles/openshift_preflight/base/library/check_yum_update.py)15
-rw-r--r--roles/openshift_health_checker/meta/main.yml (renamed from roles/openshift_preflight/init/meta/main.yml)0
-rw-r--r--roles/openshift_health_checker/openshift_checks/__init__.py84
-rw-r--r--roles/openshift_health_checker/openshift_checks/mixins.py21
-rw-r--r--roles/openshift_health_checker/openshift_checks/package_availability.py66
-rw-r--r--roles/openshift_health_checker/openshift_checks/package_update.py14
-rw-r--r--roles/openshift_health_checker/openshift_checks/package_version.py20
-rw-r--r--roles/openshift_hosted/meta/main.yml1
-rw-r--r--roles/openshift_hosted/tasks/registry/secure.yml56
-rw-r--r--roles/openshift_hosted/tasks/registry/storage/object_storage.yml22
-rw-r--r--roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml4
-rw-r--r--roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml4
-rw-r--r--roles/openshift_hosted_templates/files/v1.5/enterprise/metrics-deployer.yaml4
-rw-r--r--roles/openshift_hosted_templates/files/v1.5/origin/metrics-deployer.yaml4
-rw-r--r--roles/openshift_hosted_templates/tasks/main.yml2
-rw-r--r--roles/openshift_logging/defaults/main.yml26
-rw-r--r--roles/openshift_logging/tasks/delete_logging.yaml9
-rw-r--r--roles/openshift_logging/tasks/generate_routes.yaml20
-rw-r--r--roles/openshift_logging/tasks/label_node.yaml52
-rw-r--r--roles/openshift_logging/tasks/start_cluster.yaml114
-rw-r--r--roles/openshift_logging/tasks/stop_cluster.yaml107
-rw-r--r--roles/openshift_logging/tasks/upgrade_logging.yaml25
-rw-r--r--roles/openshift_logging/templates/route_reencrypt.j28
-rw-r--r--roles/openshift_manage_node/meta/main.yml15
-rw-r--r--roles/openshift_manage_node/tasks/main.yml66
-rw-r--r--roles/openshift_manageiq/meta/main.yml15
-rw-r--r--roles/openshift_manageiq/tasks/main.yaml37
-rw-r--r--roles/openshift_manageiq/vars/main.yml13
-rw-r--r--roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py3
-rw-r--r--roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py3
-rw-r--r--roles/openshift_metrics/defaults/main.yaml4
-rw-r--r--roles/openshift_metrics/tasks/install_metrics.yaml14
-rw-r--r--roles/openshift_node/tasks/main.yml6
-rw-r--r--roles/openshift_node_upgrade/tasks/main.yml6
-rw-r--r--roles/openshift_preflight/README.md52
-rw-r--r--roles/openshift_preflight/common/meta/main.yml3
-rw-r--r--roles/openshift_preflight/common/tasks/main.yml21
-rw-r--r--roles/openshift_preflight/init/tasks/main.yml4
-rw-r--r--roles/openshift_preflight/masters/meta/main.yml3
-rw-r--r--roles/openshift_preflight/masters/tasks/main.yml31
-rw-r--r--roles/openshift_preflight/nodes/meta/main.yml3
-rw-r--r--roles/openshift_preflight/nodes/tasks/main.yml41
-rw-r--r--roles/openshift_preflight/verify_status/tasks/main.yml8
-rw-r--r--roles/openshift_serviceaccounts/meta/main.yml1
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml20
-rw-r--r--roles/openshift_storage_nfs/tasks/main.yml1
-rw-r--r--roles/openshift_storage_nfs/templates/exports.j21
-rw-r--r--utils/src/ooinstall/variants.py3
116 files changed, 3831 insertions, 1035 deletions
diff --git a/.pylintrc b/.pylintrc
index a32bd3d68..ab842843a 100644
--- a/.pylintrc
+++ b/.pylintrc
@@ -18,7 +18,8 @@ persistent=no
load-plugins=
# Use multiple processes to speed up Pylint.
-jobs=1
+# Zero means use the total number of CPUs.
+jobs=0
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 83c844e28..dafa73bad 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -85,6 +85,24 @@ parallel
pip install tox detox
```
+---
+
+Note: before running `tox` or `detox`, ensure that the only virtualenvs within
+the repository root are the ones managed by `tox`, those in a `.tox`
+subdirectory.
+
+Use this command to list paths that are likely part of a virtualenv not managed
+by `tox`:
+
+```
+$ find . -path '*/bin/python' | grep -vF .tox
+```
+
+Extraneous virtualenvs cause tools such as `pylint` to take a very long time
+going through files that are part of the virtualenv.
+
+---
+
List the test environments available:
```
tox -l
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index c9390efe6..a833a5d93 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -242,6 +242,28 @@ def oo_combine_dict(data, in_joiner='=', out_joiner=' '):
return out_joiner.join([in_joiner.join([k, str(v)]) for k, v in data.items()])
+def oo_dict_to_list_of_dict(data, key_title='key', value_title='value'):
+ """Take a dict and arrange them as a list of dicts
+
+ Input data:
+ {'region': 'infra', 'test_k': 'test_v'}
+
+ Return data:
+ [{'key': 'region', 'value': 'infra'}, {'key': 'test_k', 'value': 'test_v'}]
+
+ Written for use of the oc_label module
+ """
+ if not isinstance(data, dict):
+ # pylint: disable=line-too-long
+ raise errors.AnsibleFilterError("|failed expects first param is a dict. Got %s. Type: %s" % (str(data), str(type(data))))
+
+ rval = []
+ for label in data.items():
+ rval.append({key_title: label[0], value_title: label[1]})
+
+ return rval
+
+
def oo_ami_selector(data, image_name):
""" This takes a list of amis and an image name and attempts to return
the latest ami.
@@ -951,6 +973,7 @@ class FilterModule(object):
"oo_ec2_volume_definition": oo_ec2_volume_definition,
"oo_combine_key_value": oo_combine_key_value,
"oo_combine_dict": oo_combine_dict,
+ "oo_dict_to_list_of_dict": oo_dict_to_list_of_dict,
"oo_split": oo_split,
"oo_filter_list": oo_filter_list,
"oo_parse_heat_stack_outputs": oo_parse_heat_stack_outputs,
diff --git a/openshift-ansible.spec b/openshift-ansible.spec
index 0ec12daa0..e49c54347 100644
--- a/openshift-ansible.spec
+++ b/openshift-ansible.spec
@@ -25,6 +25,7 @@ Requires: openshift-ansible-docs = %{version}-%{release}
Requires: java-1.8.0-openjdk-headless
Requires: httpd-tools
Requires: python-ruamel-yaml
+Requires: libselinux-python
%description
Openshift and Atomic Enterprise Ansible
diff --git a/playbooks/adhoc/s3_registry/s3_registry.j2 b/playbooks/adhoc/s3_registry/s3_registry.j2
deleted file mode 100644
index 10454ad11..000000000
--- a/playbooks/adhoc/s3_registry/s3_registry.j2
+++ /dev/null
@@ -1,23 +0,0 @@
-version: 0.1
-log:
- level: debug
-http:
- addr: :5000
-storage:
- cache:
- layerinfo: inmemory
- s3:
- accesskey: {{ aws_access_key }}
- secretkey: {{ aws_secret_key }}
- region: {{ aws_bucket_region }}
- bucket: {{ aws_bucket_name }}
- encrypt: true
- secure: true
- v4auth: true
- rootdirectory: /registry
-auth:
- openshift:
- realm: openshift
-middleware:
- repository:
- - name: openshift
diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml
deleted file mode 100644
index 2c79a1b4d..000000000
--- a/playbooks/adhoc/s3_registry/s3_registry.yml
+++ /dev/null
@@ -1,78 +0,0 @@
----
-# This playbook creates an S3 bucket named after your cluster and configures the docker-registry service to use the bucket as its backend storage.
-# Usage:
-# ansible-playbook s3_registry.yml -e clusterid="mycluster" -e aws_bucket="clusterid-docker" -e aws_region="us-east-1"
-#
-# The AWS access/secret keys should be the keys of a separate user (not your main user), containing only the necessary S3 access role.
-# The 'clusterid' is the short name of your cluster.
-
-- hosts: tag_clusterid_{{ clusterid }}:&tag_host-type_openshift-master
- remote_user: root
- gather_facts: False
-
- vars:
- aws_access_key: "{{ lookup('env', 'S3_ACCESS_KEY_ID') }}"
- aws_secret_key: "{{ lookup('env', 'S3_SECRET_ACCESS_KEY') }}"
- aws_bucket_name: "{{ aws_bucket | default(clusterid ~ '-docker') }}"
- aws_bucket_region: "{{ aws_region | default(lookup('env', 'S3_REGION') | default('us-east-1', true)) }}"
- aws_create_bucket: "{{ aws_create | default(True) }}"
- aws_tmp_path: "{{ aws_tmp_pathfile | default('/root/config.yml')}}"
- aws_delete_tmp_file: "{{ aws_delete_tmp | default(True) }}"
-
- tasks:
-
- - name: Check for AWS creds
- fail:
- msg: "Couldn't find {{ item }} creds in ENV"
- when: "{{ item }} == ''"
- with_items:
- - aws_access_key
- - aws_secret_key
-
- - name: Scale down registry
- command: oc scale --replicas=0 dc/docker-registry
-
- - name: Create S3 bucket
- when: aws_create_bucket | bool
- local_action:
- module: s3 bucket="{{ aws_bucket_name }}" mode=create
-
- - name: Set up registry environment variable
- command: oc env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registryconfig/config.yml
-
- - name: Generate docker registry config
- template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600
-
- - name: Determine if new secrets are needed
- command: oc get secrets
- register: secrets
-
- - name: Create registry secrets
- command: oc secrets new dockerregistry /root/config.yml
- when: "'dockerregistry' not in secrets.stdout"
-
- - name: Determine if service account contains secrets
- command: oc describe serviceaccount/registry
- register: serviceaccount
-
- - name: Add secrets to registry service account
- command: oc secrets add serviceaccount/registry secrets/dockerregistry
- when: "'dockerregistry' not in serviceaccount.stdout"
-
- - name: Determine if deployment config contains secrets
- command: oc volume dc/docker-registry --list
- register: dc
-
- - name: Add secrets to registry deployment config
- command: oc volume dc/docker-registry --add --name=dockersecrets -m /etc/registryconfig --type=secret --secret-name=dockerregistry
- when: "'dockersecrets' not in dc.stdout"
-
- - name: Wait for deployment config to take effect before scaling up
- pause: seconds=30
-
- - name: Scale up registry
- command: oc scale --replicas=1 dc/docker-registry
-
- - name: Delete temporary config file
- file: path={{ aws_tmp_path }} state=absent
- when: aws_delete_tmp_file | bool
diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml
index 13e1da961..5d3280328 100644
--- a/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml
@@ -22,12 +22,24 @@
hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config
serial: 1
any_errors_fatal: true
+
+ roles:
+ - lib_openshift
+
tasks:
- - name: Prepare for Node draining
- command: >
- {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename }} --schedulable=false
+ - name: Mark node unschedulable
+ oadm_manage_node:
+ node: "{{ openshift.node.nodename | lower }}"
+ schedulable: False
delegate_to: "{{ groups.oo_first_master.0 }}"
- when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_upgrade
+ retries: 10
+ delay: 5
+ register: node_unschedulable
+ until: node_unschedulable|succeeded
+ when:
+ - l_docker_upgrade is defined
+ - l_docker_upgrade | bool
+ - inventory_hostname in groups.oo_nodes_to_upgrade
- name: Drain Node for Kubelet upgrade
command: >
@@ -39,7 +51,12 @@
when: l_docker_upgrade is defined and l_docker_upgrade | bool
- name: Set node schedulability
- command: >
- {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename }} --schedulable=true
+ oadm_manage_node:
+ node: "{{ openshift.node.nodename | lower }}"
+ schedulable: True
delegate_to: "{{ groups.oo_first_master.0 }}"
- when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_upgrade and openshift.node.schedulable | bool
+ retries: 10
+ delay: 5
+ register: node_schedulable
+ until: node_schedulable|succeeded
+ when: node_unschedulable|changed
diff --git a/playbooks/byo/openshift-preflight/check.yml b/playbooks/byo/openshift-preflight/check.yml
index 32673d01d..c5f05d0f0 100644
--- a/playbooks/byo/openshift-preflight/check.yml
+++ b/playbooks/byo/openshift-preflight/check.yml
@@ -1,31 +1,12 @@
---
- hosts: OSEv3
- roles:
- - openshift_preflight/init
-
-- hosts: OSEv3
- name: checks that apply to all hosts
- gather_facts: no
- ignore_errors: yes
- roles:
- - openshift_preflight/common
-
-- hosts: masters
- name: checks that apply to masters
- gather_facts: no
- ignore_errors: yes
- roles:
- - openshift_preflight/masters
-
-- hosts: nodes
- name: checks that apply to nodes
- gather_facts: no
- ignore_errors: yes
- roles:
- - openshift_preflight/nodes
-
-- hosts: OSEv3
- name: verify check results
- gather_facts: no
- roles:
- - openshift_preflight/verify_status
+ name: run OpenShift health checks
+ roles:
+ - openshift_health_checker
+ post_tasks:
+ # NOTE: we need to use the old "action: name" syntax until
+ # https://github.com/ansible/ansible/issues/20513 is fixed.
+ - action: openshift_health_check
+ args:
+ checks:
+ - '@preflight'
diff --git a/roles/openshift_certificate_expiry/examples/playbooks/default.yaml b/playbooks/certificate_expiry/default.yaml
index 630135cae..630135cae 100644
--- a/roles/openshift_certificate_expiry/examples/playbooks/default.yaml
+++ b/playbooks/certificate_expiry/default.yaml
diff --git a/roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml b/playbooks/certificate_expiry/easy-mode.yaml
index d0209426f..ae41c7c14 100644
--- a/roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml
+++ b/playbooks/certificate_expiry/easy-mode.yaml
@@ -4,8 +4,6 @@
#
# This example enables HTML and JSON reports
#
-# The warning window is set very large so you will almost always get results back
-#
# All certificates (healthy or not) are included in the results
- name: Check cert expirys
@@ -13,7 +11,6 @@
become: yes
gather_facts: no
vars:
- openshift_certificate_expiry_warning_days: 1500
openshift_certificate_expiry_save_json_results: yes
openshift_certificate_expiry_generate_html_report: yes
openshift_certificate_expiry_show_all: yes
diff --git a/roles/openshift_certificate_expiry/examples/playbooks/html_and_json_default_paths.yaml b/playbooks/certificate_expiry/html_and_json_default_paths.yaml
index d80cb6ff4..d80cb6ff4 100644
--- a/roles/openshift_certificate_expiry/examples/playbooks/html_and_json_default_paths.yaml
+++ b/playbooks/certificate_expiry/html_and_json_default_paths.yaml
diff --git a/roles/openshift_certificate_expiry/examples/playbooks/longer-warning-period-json-results.yaml b/playbooks/certificate_expiry/longer-warning-period-json-results.yaml
index 87a0f3be4..87a0f3be4 100644
--- a/roles/openshift_certificate_expiry/examples/playbooks/longer-warning-period-json-results.yaml
+++ b/playbooks/certificate_expiry/longer-warning-period-json-results.yaml
diff --git a/roles/openshift_certificate_expiry/examples/playbooks/longer_warning_period.yaml b/playbooks/certificate_expiry/longer_warning_period.yaml
index 960457c4b..960457c4b 100644
--- a/roles/openshift_certificate_expiry/examples/playbooks/longer_warning_period.yaml
+++ b/playbooks/certificate_expiry/longer_warning_period.yaml
diff --git a/playbooks/certificate_expiry/roles b/playbooks/certificate_expiry/roles
new file mode 120000
index 000000000..b741aa3db
--- /dev/null
+++ b/playbooks/certificate_expiry/roles
@@ -0,0 +1 @@
+../../roles \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml
index ca4f5b8b2..06cda36a5 100644
--- a/playbooks/common/openshift-cluster/openshift_hosted.yml
+++ b/playbooks/common/openshift-cluster/openshift_hosted.yml
@@ -39,9 +39,9 @@
openshift_hosted_logging_elasticsearch_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs'] else '' }}"
openshift_hosted_logging_elasticsearch_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}"
openshift_hosted_logging_elasticsearch_ops_cluster_size: "{{ logging_elasticsearch_ops_cluster_size }}"
- openshift_hosted_logging_elasticsearch_ops_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}"
+ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic: "{{ 'true' if openshift_hosted_loggingops_storage_kind | default(none) == 'dynamic' else '' }}"
openshift_hosted_logging_elasticsearch_ops_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs' ] else '' }}"
- openshift_hosted_logging_elasticsearch_ops_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) =='dynamic' else '' }}"
+ openshift_hosted_logging_elasticsearch_ops_pvc_prefix: "{{ 'logging-es-ops' if openshift_hosted_loggingops_storage_kind | default(none) =='dynamic' else '' }}"
- role: cockpit-ui
when: ( openshift.common.version_gte_3_3_or_1_3 | bool ) and ( openshift_hosted_manage_registry | default(true) | bool ) and not (openshift.docker.hosted_registry_insecure | default(false) | bool)
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml b/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml
index f653a111f..c30889d64 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml
@@ -36,6 +36,14 @@
- "openshift-master.crt"
- "openshift-master.key"
- "openshift-master.kubeconfig"
+ - name: Remove generated etcd client certificates
+ file:
+ path: "{{ openshift.common.config_base }}/master/{{ item }}"
+ state: absent
+ with_items:
+ - "master.etcd-client.crt"
+ - "master.etcd-client.key"
+ when: groups.oo_etcd_to_config | default([]) | length == 0
roles:
- role: openshift_master_certificates
openshift_master_etcd_hosts: "{{ hostvars
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
index 18b93e1d6..6771cc98d 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml
@@ -2,6 +2,8 @@
- name: Update registry certificates
hosts: oo_first_master
vars:
+ roles:
+ - lib_openshift
tasks:
- name: Create temp directory for kubeconfig
command: mktemp -d /tmp/openshift-ansible-XXXXXX
@@ -46,12 +48,15 @@
# Replace dc/docker-registry certificate secret contents if set.
- block:
+ - name: Load lib_openshift modules
+ include_role:
+ name: lib_openshift
+
- name: Retrieve registry service IP
- command: >
- {{ openshift.common.client_binary }} get service docker-registry
- -o jsonpath='{.spec.clusterIP}'
- --config={{ mktemp.stdout }}/admin.kubeconfig
- -n default
+ oc_service:
+ namespace: default
+ name: docker-registry
+ state: list
register: docker_registry_service_ip
changed_when: false
@@ -65,18 +70,22 @@
--signer-cert={{ openshift.common.config_base }}/master/ca.crt
--signer-key={{ openshift.common.config_base }}/master/ca.key
--signer-serial={{ openshift.common.config_base }}/master/ca.serial.txt
- --hostnames="{{ docker_registry_service_ip.stdout }},docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}"
+ --hostnames="{{ docker_registry_service_ip.results.clusterip }},docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}"
--cert={{ openshift.common.config_base }}/master/registry.crt
--key={{ openshift.common.config_base }}/master/registry.key
- name: Update registry certificates secret
- shell: >
- {{ openshift.common.client_binary }} secret new registry-certificates
- {{ openshift.common.config_base }}/master/registry.crt
- {{ openshift.common.config_base }}/master/registry.key
- --config={{ mktemp.stdout }}/admin.kubeconfig
- -n default
- -o json | oc replace -f -
+ oc_secret:
+ kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+ name: registry-certificates
+ namespace: default
+ state: present
+ files:
+ - name: registry.crt
+ path: "{{ openshift.common.config_base }}/master/registry.crt"
+ - name: registry.key
+ path: "{{ openshift.common.config_base }}/master/registry.key"
+ run_once: true
when: l_docker_registry_dc.rc == 0 and 'registry-certificates' in docker_registry_secrets and 'REGISTRY_HTTP_TLS_CERTIFICATE' in docker_registry_env_vars and 'REGISTRY_HTTP_TLS_KEY' in docker_registry_env_vars
- name: Redeploy docker registry
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
index a9e9f0915..707fb6424 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
@@ -7,6 +7,8 @@
command: mktemp -d /tmp/openshift-ansible-XXXXXX
register: mktemp
changed_when: false
+ roles:
+ - lib_openshift
- name: Copy admin client config(s)
command: >
@@ -45,10 +47,12 @@
- block:
- name: Delete existing router certificate secret
- command: >
- {{ openshift.common.client_binary }} delete secret/router-certs
- --config={{ mktemp.stdout }}/admin.kubeconfig
- -n default
+ oc_secret:
+ kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+ name: router-certs
+ namespace: default
+ state: absent
+ run_once: true
- name: Remove router service annotations
command: >
diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
index 45aabf3e4..7ef79afa9 100644
--- a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
+++ b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml
@@ -29,12 +29,18 @@
- name: Check available disk space for etcd backup
shell: df --output=avail -k {{ openshift.common.data_dir }} | tail -n 1
register: avail_disk
+ # AUDIT:changed_when: `false` because we are only inspecting
+ # state, not manipulating anything
+ changed_when: false
# TODO: replace shell module with command and update later checks
- name: Check current embedded etcd disk usage
shell: du -k {{ openshift.etcd.etcd_data_dir }} | tail -n 1 | cut -f1
register: etcd_disk_usage
when: embedded_etcd | bool
+ # AUDIT:changed_when: `false` because we are only inspecting
+ # state, not manipulating anything
+ changed_when: false
- name: Abort if insufficient disk space for etcd backup
fail:
diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml
index 690858c53..a9b5b94e6 100644
--- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml
@@ -9,21 +9,36 @@
register: etcd_rpm_version
failed_when: false
when: not openshift.common.is_containerized | bool
+ # AUDIT:changed_when: `false` because we are only inspecting
+ # state, not manipulating anything
+ changed_when: false
+
- name: Record containerized etcd version
command: docker exec etcd_container rpm -qa --qf '%{version}' etcd\*
register: etcd_container_version
failed_when: false
when: openshift.common.is_containerized | bool
+ # AUDIT:changed_when: `false` because we are only inspecting
+ # state, not manipulating anything
+ changed_when: false
+
- name: Record containerized etcd version
command: docker exec etcd_container rpm -qa --qf '%{version}' etcd\*
register: etcd_container_version
failed_when: false
when: openshift.common.is_containerized | bool and not openshift.common.is_etcd_system_container | bool
+ # AUDIT:changed_when: `false` because we are only inspecting
+ # state, not manipulating anything
+ changed_when: false
+
- name: Record containerized etcd version
command: runc exec etcd_container rpm -qa --qf '%{version}' etcd\*
register: etcd_container_version
failed_when: false
when: openshift.common.is_containerized | bool and openshift.common.is_etcd_system_container | bool
+ # AUDIT:changed_when: `false` because we are only inspecting
+ # state, not manipulating anything
+ changed_when: false
# I really dislike this copy/pasta but I wasn't able to find a way to get it to loop
# through hosts, then loop through tasks only when appropriate
diff --git a/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml
index 37c89374c..046535680 100644
--- a/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml
@@ -1,20 +1,17 @@
---
- name: Filter list of nodes to be upgraded if necessary
hosts: oo_first_master
+
+ roles:
+ - lib_openshift
+
tasks:
- name: Retrieve list of openshift nodes matching upgrade label
- command: >
- {{ openshift.common.client_binary }}
- get nodes
- --config={{ openshift.common.config_base }}/master/admin.kubeconfig
- --selector={{ openshift_upgrade_nodes_label }}
- -o jsonpath='{.items[*].metadata.name}'
- register: matching_nodes
- changed_when: false
- when: openshift_upgrade_nodes_label is defined
-
- - set_fact:
- nodes_to_upgrade: "{{ matching_nodes.stdout.split(' ') }}"
+ oc_obj:
+ state: list
+ kind: node
+ selector: "{{ openshift_upgrade_nodes_label }}"
+ register: nodes_to_upgrade
when: openshift_upgrade_nodes_label is defined
# We got a list of nodes with the label, now we need to match these with inventory hosts
@@ -26,7 +23,9 @@
ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
ansible_become: "{{ g_sudo | default(omit) }}"
with_items: " {{ groups['oo_nodes_to_config'] }}"
- when: openshift_upgrade_nodes_label is defined and hostvars[item].openshift.common.hostname in nodes_to_upgrade
+ when:
+ - openshift_upgrade_nodes_label is defined
+ - hostvars[item].openshift.common.hostname in nodes_to_upgrade.results.results[0]['items'] | map(attribute='metadata.name') | list
changed_when: false
# Build up the oo_nodes_to_upgrade group, use the list filtered by label if
diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
index 4135f7e94..f0191e380 100644
--- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
@@ -9,77 +9,100 @@
registry_image: "{{ openshift.master.registry_url | replace( '${component}', 'docker-registry' ) | replace ( '${version}', openshift_image_tag ) }}"
router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', openshift_image_tag ) }}"
oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig"
- roles:
- - openshift_manageiq
- # Create the new templates shipped in 3.2, existing templates are left
- # unmodified. This prevents the subsequent role definition for
- # openshift_examples from failing when trying to replace templates that do
- # not already exist. We could have potentially done a replace --force to
- # create and update in one step.
- - openshift_examples
- - openshift_hosted_templates
- # Update the existing templates
- - role: openshift_examples
- registry_url: "{{ openshift.master.registry_url }}"
- openshift_examples_import_command: replace
- - role: openshift_hosted_templates
- registry_url: "{{ openshift.master.registry_url }}"
- openshift_hosted_templates_import_command: replace
- pre_tasks:
+ pre_tasks:
+ - name: Load lib_openshift modules
+ include_role:
+ name: lib_openshift
# TODO: remove temp_skip_router_registry_upgrade variable. This is a short term hack
# to allow ops to use this control plane upgrade, without triggering router/registry
# upgrade which has not yet been synced with their process.
- name: Collect all routers
- command: >
- {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json
+ oc_obj:
+ state: list
+ kind: pods
+ all_namespaces: True
+ selector: 'router'
register: all_routers
- failed_when: false
- changed_when: false
when: temp_skip_router_registry_upgrade is not defined
- - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}"
- when: all_routers.rc == 0 and temp_skip_router_registry_upgrade is not defined
+ - set_fact: haproxy_routers="{{ (all_routers.reults.results[0]['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}"
+ when:
+ - all_routers.results.returncode == 0
+ - temp_skip_router_registry_upgrade is not defined
- set_fact: haproxy_routers=[]
- when: all_routers.rc != 0 and temp_skip_router_registry_upgrade is not defined
+ when:
+ - all_routers.results.returncode != 0
+ - temp_skip_router_registry_upgrade is not defined
- name: Update router image to current version
- when: all_routers.rc == 0 and temp_skip_router_registry_upgrade is not defined
+ when:
+ - all_routers.results.returncode == 0
+ - temp_skip_router_registry_upgrade is not defined
command: >
{{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -n {{ item['namespace'] }} -p
'{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}'
--api-version=v1
with_items: "{{ haproxy_routers }}"
+ # AUDIT:changed_when_note: `false` not being set here. What we
+ # need to do is check the current router image version and see if
+ # this task needs to be ran.
- name: Check for default registry
- command: >
- {{ oc_cmd }} get -n default dc/docker-registry
+ oc_obj:
+ state: list
+ kind: dc
+ name: docker-registry
register: _default_registry
- failed_when: false
- changed_when: false
when: temp_skip_router_registry_upgrade is not defined
- name: Update registry image to current version
- when: _default_registry.rc == 0 and temp_skip_router_registry_upgrade is not defined
+ when:
+ - _default_registry.results.results[0] != {}
+ - temp_skip_router_registry_upgrade is not defined
command: >
{{ oc_cmd }} patch dc/docker-registry -n default -p
'{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}'
--api-version=v1
+ # AUDIT:changed_when_note: `false` not being set here. What we
+ # need to do is check the current registry image version and see
+ # if this task needs to be ran.
+
+ roles:
+ - openshift_manageiq
+ # Create the new templates shipped in 3.2, existing templates are left
+ # unmodified. This prevents the subsequent role definition for
+ # openshift_examples from failing when trying to replace templates that do
+ # not already exist. We could have potentially done a replace --force to
+ # create and update in one step.
+ - openshift_examples
+ - openshift_hosted_templates
+ # Update the existing templates
+ - role: openshift_examples
+ registry_url: "{{ openshift.master.registry_url }}"
+ openshift_examples_import_command: replace
+ - role: openshift_hosted_templates
+ registry_url: "{{ openshift.master.registry_url }}"
+ openshift_hosted_templates_import_command: replace
# Check for warnings to be printed at the end of the upgrade:
- name: Check for warnings
hosts: oo_masters_to_config
tasks:
# Check if any masters are using pluginOrderOverride and warn if so, only for 1.3/3.3 and beyond:
- - command: >
- grep pluginOrderOverride {{ openshift.common.config_base }}/master/master-config.yaml
+ - name: grep pluginOrderOverride
+ command: grep pluginOrderOverride {{ openshift.common.config_base }}/master/master-config.yaml
register: grep_plugin_order_override
when: openshift.common.version_gte_3_3_or_1_3 | bool
- failed_when: false
+ changed_when: false
+
- name: Warn if pluginOrderOverride is in use in master-config.yaml
- debug: msg="WARNING pluginOrderOverride is being deprecated in master-config.yaml, please see https://docs.openshift.com/enterprise/latest/architecture/additional_concepts/admission_controllers.html for more information."
- when: not grep_plugin_order_override | skipped and grep_plugin_order_override.rc == 0
+ debug:
+ msg: "WARNING pluginOrderOverride is being deprecated in master-config.yaml, please see https://docs.openshift.com/enterprise/latest/architecture/additional_concepts/admission_controllers.html for more information."
+ when:
+ - not grep_plugin_order_override | skipped
+ - grep_plugin_order_override.rc == 0
- include: ../reset_excluder.yml
tags:
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index db2c27919..a4aefcdac 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -238,29 +238,22 @@
any_errors_fatal: true
pre_tasks:
+ - name: Load lib_openshift modules
+ include_role:
+ name: lib_openshift
+
# TODO: To better handle re-trying failed upgrades, it would be nice to check if the node
# or docker actually needs an upgrade before proceeding. Perhaps best to save this until
# we merge upgrade functionality into the base roles and a normal config.yml playbook run.
- - name: Determine if node is currently scheduleable
- command: >
- {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} get node {{ openshift.node.nodename | lower }} -o json
- register: node_output
- delegate_to: "{{ groups.oo_first_master.0 }}"
- changed_when: false
-
- - set_fact:
- was_schedulable: "{{ 'unschedulable' not in (node_output.stdout | from_json).spec }}"
-
- name: Mark node unschedulable
- command: >
- {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=false
+ oadm_manage_node:
+ node: "{{ openshift.node.nodename | lower }}"
+ schedulable: False
delegate_to: "{{ groups.oo_first_master.0 }}"
- # NOTE: There is a transient "object has been modified" error here, allow a couple
- # retries for a more reliable upgrade.
- register: node_unsched
- until: node_unsched.rc == 0
- retries: 3
- delay: 1
+ retries: 10
+ delay: 5
+ register: node_unschedulable
+ until: node_unschedulable|succeeded
- name: Drain Node for Kubelet upgrade
command: >
@@ -268,17 +261,19 @@
delegate_to: "{{ groups.oo_first_master.0 }}"
roles:
+ - lib_openshift
- openshift_facts
- docker
- openshift_node_upgrade
post_tasks:
- name: Set node schedulability
- command: >
- {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=true
+ oadm_manage_node:
+ node: "{{ openshift.node.nodename | lower }}"
+ schedulable: True
delegate_to: "{{ groups.oo_first_master.0 }}"
- when: was_schedulable | bool
- register: node_sched
- until: node_sched.rc == 0
- retries: 3
- delay: 1
+ retries: 10
+ delay: 5
+ register: node_schedulable
+ until: node_schedulable|succeeded
+ when: node_unschedulable|changed
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
index e45b635f7..e3a98fd9b 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -7,29 +7,22 @@
any_errors_fatal: true
pre_tasks:
+ - name: Load lib_openshift modules
+ include_role:
+ name: lib_openshift
+
# TODO: To better handle re-trying failed upgrades, it would be nice to check if the node
# or docker actually needs an upgrade before proceeding. Perhaps best to save this until
# we merge upgrade functionality into the base roles and a normal config.yml playbook run.
- - name: Determine if node is currently scheduleable
- command: >
- {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} get node {{ openshift.node.nodename | lower }} -o json
- register: node_output
- delegate_to: "{{ groups.oo_first_master.0 }}"
- changed_when: false
-
- - set_fact:
- was_schedulable: "{{ 'unschedulable' not in (node_output.stdout | from_json).spec }}"
-
- name: Mark node unschedulable
- command: >
- {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=false
+ oadm_manage_node:
+ node: "{{ openshift.node.nodename | lower }}"
+ schedulable: False
delegate_to: "{{ groups.oo_first_master.0 }}"
- # NOTE: There is a transient "object has been modified" error here, allow a couple
- # retries for a more reliable upgrade.
- register: node_unsched
- until: node_unsched.rc == 0
- retries: 3
- delay: 1
+ retries: 10
+ delay: 5
+ register: node_unschedulable
+ until: node_unschedulable|succeeded
- name: Drain Node for Kubelet upgrade
command: >
@@ -37,20 +30,22 @@
delegate_to: "{{ groups.oo_first_master.0 }}"
roles:
+ - lib_openshift
- openshift_facts
- docker
- openshift_node_upgrade
post_tasks:
- name: Set node schedulability
- command: >
- {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=true
+ oadm_manage_node:
+ node: "{{ openshift.node.nodename | lower }}"
+ schedulable: True
delegate_to: "{{ groups.oo_first_master.0 }}"
- when: was_schedulable | bool
- register: node_sched
- until: node_sched.rc == 0
- retries: 3
- delay: 1
+ retries: 10
+ delay: 5
+ register: node_schedulable
+ until: node_schedulable|succeeded
+ when: node_unschedulable|changed
- include: ../reset_excluder.yml
tags:
diff --git a/playbooks/common/openshift-master/restart_hosts.yml b/playbooks/common/openshift-master/restart_hosts.yml
index a9750e40f..67ba0aa2e 100644
--- a/playbooks/common/openshift-master/restart_hosts.yml
+++ b/playbooks/common/openshift-master/restart_hosts.yml
@@ -7,14 +7,26 @@
ignore_errors: true
become: yes
+# WARNING: This process is riddled with weird behavior.
+
+# Workaround for https://github.com/ansible/ansible/issues/21269
+- set_fact:
+ wait_for_host: "{{ ansible_host }}"
+
+# Ansible's blog documents this *without* the port, which appears to now
+# just wait until the timeout value and then proceed without checking anything.
+# port is now required.
+#
+# However neither ansible_ssh_port or ansible_port are reliably defined, likely
+# only if overridden. Assume a default of 22.
- name: Wait for master to restart
local_action:
module: wait_for
- host="{{ ansible_host }}"
+ host="{{ wait_for_host }}"
state=started
delay=10
timeout=600
- port="{{ ansible_ssh_port }}"
+ port="{{ ansible_port | default(ansible_ssh_port | default(22,boolean=True),boolean=True) }}"
become: no
# Now that ssh is back up we can wait for API on the remote system,
diff --git a/roles/cockpit-ui/meta/main.yml b/roles/cockpit-ui/meta/main.yml
index 6ad2e324a..4d619fff6 100644
--- a/roles/cockpit-ui/meta/main.yml
+++ b/roles/cockpit-ui/meta/main.yml
@@ -11,3 +11,5 @@ galaxy_info:
- 7
categories:
- cloud
+dependencies:
+- role: lib_openshift
diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml
index f2ef4f161..8bd68787a 100644
--- a/roles/cockpit-ui/tasks/main.yml
+++ b/roles/cockpit-ui/tasks/main.yml
@@ -1,86 +1,58 @@
---
-- name: Create temp directory for kubeconfig
- command: mktemp -d /tmp/openshift-ansible-XXXXXX
- register: mktemp
- changed_when: False
-
-- set_fact:
- openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
-
-- name: Copy the admin client config(s)
- command: >
- cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
- changed_when: False
-
-- name: Determine if docker-registry service exists
- command: >
- {{ openshift.common.client_binary }} get svc/docker-registry
- --config={{ openshift_hosted_kubeconfig }}
- -n default
- register: check_docker_registry_exists
- failed_when: false
- changed_when: false
-
-- name: Create passthrough route for docker-registry
- command: >
- {{ openshift.common.client_binary }} create route passthrough
- --service docker-registry
- --config={{ openshift_hosted_kubeconfig }}
- -n default
- register: create_docker_registry_route
- changed_when: "'already exists' not in create_docker_registry_route.stderr"
- failed_when: "'already exists' not in create_docker_registry_route.stderr and create_docker_registry_route.rc != 0"
- when: check_docker_registry_exists.rc == 0
-
-- name: Create passthrough route for registry-console
- command: >
- {{ openshift.common.client_binary }} create route passthrough
- --service registry-console
- --port registry-console
- --config={{ openshift_hosted_kubeconfig }}
- -n default
- register: create_registry_console_route
- changed_when: "'already exists' not in create_registry_console_route.stderr"
- failed_when: "'already exists' not in create_registry_console_route.stderr and create_registry_console_route.rc != 0"
- when: check_docker_registry_exists.rc == 0
-
-- name: Retrieve docker-registry route
- command: >
- {{ openshift.common.client_binary }} get route docker-registry
- -o jsonpath='{.spec.host}'
- --config={{ openshift_hosted_kubeconfig }}
- -n default
- register: docker_registry_route
- changed_when: false
- when: check_docker_registry_exists.rc == 0
-
-- name: Retrieve cockpit kube url
- command: >
- {{ openshift.common.client_binary }} get route registry-console
- -o jsonpath='https://{.spec.host}'
- -n default
- register: registry_console_cockpit_kube_url
- changed_when: false
- when: check_docker_registry_exists.rc == 0
-
-# TODO: Need to fix the origin and enterprise templates so that they both respect IMAGE_PREFIX
-- name: Deploy registry-console
- command: >
- {{ openshift.common.client_binary }} new-app --template=registry-console
- {% if openshift_cockpit_deployer_prefix is defined %}-p IMAGE_PREFIX="{{ openshift_cockpit_deployer_prefix }}"{% endif %}
- {% if openshift_cockpit_deployer_version is defined %}-p IMAGE_VERSION="{{ openshift_cockpit_deployer_version }}"{% endif %}
- -p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}"
- -p REGISTRY_HOST="{{ docker_registry_route.stdout }}"
- -p COCKPIT_KUBE_URL="{{ registry_console_cockpit_kube_url.stdout }}"
- --config={{ openshift_hosted_kubeconfig }}
- -n default
- register: deploy_registry_console
- changed_when: "'already exists' not in deploy_registry_console.stderr"
- failed_when: "'already exists' not in deploy_registry_console.stderr and deploy_registry_console.rc != 0"
- when: check_docker_registry_exists.rc == 0
-
-- name: Delete temp directory
- file:
- name: "{{ mktemp.stdout }}"
- state: absent
- changed_when: False
+- block:
+ - name: Create passthrough route for docker-registry
+ oc_route:
+ kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+ name: docker-registry
+ namespace: default
+ service_name: docker-registry
+ state: present
+ tls_termination: passthrough
+ register: docker_registry_route
+
+ - name: Create passthrough route for registry-console
+ oc_route:
+ kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+ name: registry-console
+ namespace: default
+ service_name: registry-console
+ state: present
+ tls_termination: passthrough
+ register: registry_console_cockpit_kube
+
+ # XXX: Required for items still using command
+ - name: Create temp directory for kubeconfig
+ command: mktemp -d /tmp/openshift-ansible-XXXXXX
+ register: mktemp
+ changed_when: False
+
+ - set_fact:
+ openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+
+ - name: Copy the admin client config(s)
+ command: >
+ cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
+ changed_when: False
+
+ # TODO: Need to fix the origin and enterprise templates so that they both respect IMAGE_PREFIX
+ - name: Deploy registry-console
+ command: >
+ {{ openshift.common.client_binary }} new-app --template=registry-console
+ {% if openshift_cockpit_deployer_prefix is defined %}-p IMAGE_PREFIX="{{ openshift_cockpit_deployer_prefix }}"{% endif %}
+ {% if openshift_cockpit_deployer_version is defined %}-p IMAGE_VERSION="{{ openshift_cockpit_deployer_version }}"{% endif %}
+ -p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}"
+ -p REGISTRY_HOST="{{ docker_registry_route.results.results[0].spec.host }}"
+ -p COCKPIT_KUBE_URL="https://{{ registry_console_cockpit_kube.results.results[0].spec.host }}"
+ --config={{ openshift_hosted_kubeconfig }}
+ -n default
+ register: deploy_registry_console
+ changed_when: "'already exists' not in deploy_registry_console.stderr"
+ failed_when: "'already exists' not in deploy_registry_console.stderr and deploy_registry_console.rc != 0"
+
+ - name: Delete temp directory
+ file:
+ name: "{{ mktemp.stdout }}"
+ state: absent
+ changed_when: False
+ # XXX: End required for items still using command
+ run_once: true
diff --git a/roles/lib_openshift/library/oadm_manage_node.py b/roles/lib_openshift/library/oadm_manage_node.py
index 8e217ac28..6c0ff9b13 100644
--- a/roles/lib_openshift/library/oadm_manage_node.py
+++ b/roles/lib_openshift/library/oadm_manage_node.py
@@ -1296,7 +1296,7 @@ class ManageNode(OpenShiftCLI):
config,
verbose=False):
''' Constructor for ManageNode '''
- super(ManageNode, self).__init__(None, config.kubeconfig)
+ super(ManageNode, self).__init__(None, kubeconfig=config.kubeconfig, verbose=verbose)
self.config = config
def evacuate(self):
diff --git a/roles/lib_openshift/library/oc_edit.py b/roles/lib_openshift/library/oc_edit.py
index 11b87a015..a565b32f2 100644
--- a/roles/lib_openshift/library/oc_edit.py
+++ b/roles/lib_openshift/library/oc_edit.py
@@ -1314,13 +1314,10 @@ class Edit(OpenShiftCLI):
separator='.',
verbose=False):
''' Constructor for OpenshiftOC '''
- super(Edit, self).__init__(namespace, kubeconfig)
- self.namespace = namespace
+ super(Edit, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
self.kind = kind
self.name = resource_name
- self.kubeconfig = kubeconfig
self.separator = separator
- self.verbose = verbose
def get(self):
'''return a secret by name '''
diff --git a/roles/lib_openshift/library/oc_env.py b/roles/lib_openshift/library/oc_env.py
new file mode 100644
index 000000000..e00f5cdcc
--- /dev/null
+++ b/roles/lib_openshift/library/oc_env.py
@@ -0,0 +1,1788 @@
+#!/usr/bin/env python
+# pylint: disable=missing-docstring
+# flake8: noqa: T001
+# ___ ___ _ _ ___ ___ _ _____ ___ ___
+# / __| __| \| | __| _ \ /_\_ _| __| \
+# | (_ | _|| .` | _|| / / _ \| | | _|| |) |
+# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____
+# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _|
+# | |) | (_) | | .` | (_) || | | _|| |) | | | |
+# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_|
+#
+# Copyright 2016 Red Hat, Inc. and/or its affiliates
+# and other contributors as indicated by the @author tags.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# -*- -*- -*- Begin included fragment: lib/import.py -*- -*- -*-
+'''
+ OpenShiftCLI class that wraps the oc commands in a subprocess
+'''
+# pylint: disable=too-many-lines
+
+from __future__ import print_function
+import atexit
+import json
+import os
+import re
+import shutil
+import subprocess
+import tempfile
+# pylint: disable=import-error
+import ruamel.yaml as yaml
+from ansible.module_utils.basic import AnsibleModule
+
+# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: doc/env -*- -*- -*-
+
+DOCUMENTATION = '''
+---
+module: oc_env
+short_description: Modify, and idempotently manage openshift environment variables on pods, deploymentconfigs, and replication controllers.
+description:
+ - Modify openshift environment variables programmatically.
+options:
+ state:
+ description:
+ - Supported states, present, absent, list
+ - present - will ensure object is created or updated to the value specified
+ - list - will return a list of environment variables
+ - absent - will remove the environment varibale from the object
+ required: False
+ default: present
+ choices: ["present", 'absent', 'list']
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ name:
+ description:
+ - Name of the object that is being queried.
+ required: false
+ default: None
+ aliases: []
+ namespace:
+ description:
+ - The namespace where the object lives.
+ required: false
+ default: str
+ aliases: []
+ kind:
+ description:
+ - The kind attribute of the object.
+ required: False
+ default: dc
+ choices:
+ - rc
+ - dc
+ - pods
+ aliases: []
+ env_vars:
+ description:
+ - The environment variables to insert. The format is a dict of value pairs.
+ - e.g. {key1: value1, key2: value2})
+ required: False
+ default: None
+ aliases: []
+author:
+- "Kenny Woodson <kwoodson@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: query a list of env vars on dc
+ oc_env:
+ kind: dc
+ name: myawesomedc
+ namespace: phpapp
+
+- name: Set the following variables.
+ oc_env:
+ kind: dc
+ name: myawesomedc
+ namespace: phpapp
+ env_vars:
+ SUPER_TURBO_MODE: 'true'
+ ENABLE_PORTS: 'false'
+ SERVICE_PORT: 9999
+'''
+
+# -*- -*- -*- End included fragment: doc/env -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
+# noqa: E301,E302
+
+
+class YeditException(Exception):
+ ''' Exception class for Yedit '''
+ pass
+
+
+# pylint: disable=too-many-public-methods
+class Yedit(object):
+ ''' Class to modify yaml files '''
+ re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$"
+ re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)"
+ com_sep = set(['.', '#', '|', ':'])
+
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ filename=None,
+ content=None,
+ content_type='yaml',
+ separator='.',
+ backup=False):
+ self.content = content
+ self._separator = separator
+ self.filename = filename
+ self.__yaml_dict = content
+ self.content_type = content_type
+ self.backup = backup
+ self.load(content_type=self.content_type)
+ if self.__yaml_dict is None:
+ self.__yaml_dict = {}
+
+ @property
+ def separator(self):
+ ''' getter method for yaml_dict '''
+ return self._separator
+
+ @separator.setter
+ def separator(self):
+ ''' getter method for yaml_dict '''
+ return self._separator
+
+ @property
+ def yaml_dict(self):
+ ''' getter method for yaml_dict '''
+ return self.__yaml_dict
+
+ @yaml_dict.setter
+ def yaml_dict(self, value):
+ ''' setter method for yaml_dict '''
+ self.__yaml_dict = value
+
+ @staticmethod
+ def parse_key(key, sep='.'):
+ '''parse the key allowing the appropriate separator'''
+ common_separators = list(Yedit.com_sep - set([sep]))
+ return re.findall(Yedit.re_key % ''.join(common_separators), key)
+
+ @staticmethod
+ def valid_key(key, sep='.'):
+ '''validate the incoming key'''
+ common_separators = list(Yedit.com_sep - set([sep]))
+ if not re.match(Yedit.re_valid_key % ''.join(common_separators), key):
+ return False
+
+ return True
+
+ @staticmethod
+ def remove_entry(data, key, sep='.'):
+ ''' remove data at location key '''
+ if key == '' and isinstance(data, dict):
+ data.clear()
+ return True
+ elif key == '' and isinstance(data, list):
+ del data[:]
+ return True
+
+ if not (key and Yedit.valid_key(key, sep)) and \
+ isinstance(data, (list, dict)):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes[:-1]:
+ if dict_key and isinstance(data, dict):
+ data = data.get(dict_key, None)
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ return None
+
+ # process last index for remove
+ # expected list entry
+ if key_indexes[-1][0]:
+ if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501
+ del data[int(key_indexes[-1][0])]
+ return True
+
+ # expected dict entry
+ elif key_indexes[-1][1]:
+ if isinstance(data, dict):
+ del data[key_indexes[-1][1]]
+ return True
+
+ @staticmethod
+ def add_entry(data, key, item=None, sep='.'):
+ ''' Get an item from a dictionary with key notation a.b.c
+ d = {'a': {'b': 'c'}}}
+ key = a#b
+ return c
+ '''
+ if key == '':
+ pass
+ elif (not (key and Yedit.valid_key(key, sep)) and
+ isinstance(data, (list, dict))):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes[:-1]:
+ if dict_key:
+ if isinstance(data, dict) and dict_key in data and data[dict_key]: # noqa: E501
+ data = data[dict_key]
+ continue
+
+ elif data and not isinstance(data, dict):
+ return None
+
+ data[dict_key] = {}
+ data = data[dict_key]
+
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ return None
+
+ if key == '':
+ data = item
+
+ # process last index for add
+ # expected list entry
+ elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501
+ data[int(key_indexes[-1][0])] = item
+
+ # expected dict entry
+ elif key_indexes[-1][1] and isinstance(data, dict):
+ data[key_indexes[-1][1]] = item
+
+ return data
+
+ @staticmethod
+ def get_entry(data, key, sep='.'):
+ ''' Get an item from a dictionary with key notation a.b.c
+ d = {'a': {'b': 'c'}}}
+ key = a.b
+ return c
+ '''
+ if key == '':
+ pass
+ elif (not (key and Yedit.valid_key(key, sep)) and
+ isinstance(data, (list, dict))):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes:
+ if dict_key and isinstance(data, dict):
+ data = data.get(dict_key, None)
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ return None
+
+ return data
+
+ @staticmethod
+ def _write(filename, contents):
+ ''' Actually write the file contents to disk. This helps with mocking. '''
+
+ tmp_filename = filename + '.yedit'
+
+ with open(tmp_filename, 'w') as yfd:
+ yfd.write(contents)
+
+ os.rename(tmp_filename, filename)
+
+ def write(self):
+ ''' write to file '''
+ if not self.filename:
+ raise YeditException('Please specify a filename.')
+
+ if self.backup and self.file_exists():
+ shutil.copy(self.filename, self.filename + '.orig')
+
+ # pylint: disable=no-member
+ if hasattr(self.yaml_dict, 'fa'):
+ self.yaml_dict.fa.set_block_style()
+
+ Yedit._write(self.filename, yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper))
+
+ return (True, self.yaml_dict)
+
+ def read(self):
+ ''' read from file '''
+ # check if it exists
+ if self.filename is None or not self.file_exists():
+ return None
+
+ contents = None
+ with open(self.filename) as yfd:
+ contents = yfd.read()
+
+ return contents
+
+ def file_exists(self):
+ ''' return whether file exists '''
+ if os.path.exists(self.filename):
+ return True
+
+ return False
+
+ def load(self, content_type='yaml'):
+ ''' return yaml file '''
+ contents = self.read()
+
+ if not contents and not self.content:
+ return None
+
+ if self.content:
+ if isinstance(self.content, dict):
+ self.yaml_dict = self.content
+ return self.yaml_dict
+ elif isinstance(self.content, str):
+ contents = self.content
+
+ # check if it is yaml
+ try:
+ if content_type == 'yaml' and contents:
+ self.yaml_dict = yaml.load(contents, yaml.RoundTripLoader)
+ # pylint: disable=no-member
+ if hasattr(self.yaml_dict, 'fa'):
+ self.yaml_dict.fa.set_block_style()
+ elif content_type == 'json' and contents:
+ self.yaml_dict = json.loads(contents)
+ except yaml.YAMLError as err:
+ # Error loading yaml or json
+ raise YeditException('Problem with loading yaml file. %s' % err)
+
+ return self.yaml_dict
+
+ def get(self, key):
+ ''' get a specified key'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, key, self.separator)
+ except KeyError:
+ entry = None
+
+ return entry
+
+ def pop(self, path, key_or_item):
+ ''' remove a key, value pair from a dict or an item for a list'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ return (False, self.yaml_dict)
+
+ if isinstance(entry, dict):
+ # pylint: disable=no-member,maybe-no-member
+ if key_or_item in entry:
+ entry.pop(key_or_item)
+ return (True, self.yaml_dict)
+ return (False, self.yaml_dict)
+
+ elif isinstance(entry, list):
+ # pylint: disable=no-member,maybe-no-member
+ ind = None
+ try:
+ ind = entry.index(key_or_item)
+ except ValueError:
+ return (False, self.yaml_dict)
+
+ entry.pop(ind)
+ return (True, self.yaml_dict)
+
+ return (False, self.yaml_dict)
+
+ def delete(self, path):
+ ''' remove path from a dict'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ return (False, self.yaml_dict)
+
+ result = Yedit.remove_entry(self.yaml_dict, path, self.separator)
+ if not result:
+ return (False, self.yaml_dict)
+
+ return (True, self.yaml_dict)
+
+ def exists(self, path, value):
+ ''' check if value exists at path'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if isinstance(entry, list):
+ if value in entry:
+ return True
+ return False
+
+ elif isinstance(entry, dict):
+ if isinstance(value, dict):
+ rval = False
+ for key, val in value.items():
+ if entry[key] != val:
+ rval = False
+ break
+ else:
+ rval = True
+ return rval
+
+ return value in entry
+
+ return entry == value
+
+ def append(self, path, value):
+ '''append value to a list'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ self.put(path, [])
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ if not isinstance(entry, list):
+ return (False, self.yaml_dict)
+
+ # pylint: disable=no-member,maybe-no-member
+ entry.append(value)
+ return (True, self.yaml_dict)
+
+ # pylint: disable=too-many-arguments
+ def update(self, path, value, index=None, curr_value=None):
+ ''' put path, value into a dict '''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if isinstance(entry, dict):
+ # pylint: disable=no-member,maybe-no-member
+ if not isinstance(value, dict):
+ raise YeditException('Cannot replace key, value entry in ' +
+ 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501
+
+ entry.update(value)
+ return (True, self.yaml_dict)
+
+ elif isinstance(entry, list):
+ # pylint: disable=no-member,maybe-no-member
+ ind = None
+ if curr_value:
+ try:
+ ind = entry.index(curr_value)
+ except ValueError:
+ return (False, self.yaml_dict)
+
+ elif index is not None:
+ ind = index
+
+ if ind is not None and entry[ind] != value:
+ entry[ind] = value
+ return (True, self.yaml_dict)
+
+ # see if it exists in the list
+ try:
+ ind = entry.index(value)
+ except ValueError:
+ # doesn't exist, append it
+ entry.append(value)
+ return (True, self.yaml_dict)
+
+ # already exists, return
+ if ind is not None:
+ return (False, self.yaml_dict)
+ return (False, self.yaml_dict)
+
+ def put(self, path, value):
+ ''' put path, value into a dict '''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry == value:
+ return (False, self.yaml_dict)
+
+ # deepcopy didn't work
+ tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict,
+ default_flow_style=False),
+ yaml.RoundTripLoader)
+ # pylint: disable=no-member
+ if hasattr(self.yaml_dict, 'fa'):
+ tmp_copy.fa.set_block_style()
+ result = Yedit.add_entry(tmp_copy, path, value, self.separator)
+ if not result:
+ return (False, self.yaml_dict)
+
+ self.yaml_dict = tmp_copy
+
+ return (True, self.yaml_dict)
+
+ def create(self, path, value):
+ ''' create a yaml file '''
+ if not self.file_exists():
+ # deepcopy didn't work
+ tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, default_flow_style=False), # noqa: E501
+ yaml.RoundTripLoader)
+ # pylint: disable=no-member
+ if hasattr(self.yaml_dict, 'fa'):
+ tmp_copy.fa.set_block_style()
+ result = Yedit.add_entry(tmp_copy, path, value, self.separator)
+ if result:
+ self.yaml_dict = tmp_copy
+ return (True, self.yaml_dict)
+
+ return (False, self.yaml_dict)
+
+ @staticmethod
+ def get_curr_value(invalue, val_type):
+ '''return the current value'''
+ if invalue is None:
+ return None
+
+ curr_value = invalue
+ if val_type == 'yaml':
+ curr_value = yaml.load(invalue)
+ elif val_type == 'json':
+ curr_value = json.loads(invalue)
+
+ return curr_value
+
+ @staticmethod
+ def parse_value(inc_value, vtype=''):
+ '''determine value type passed'''
+ true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE',
+ 'on', 'On', 'ON', ]
+ false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE',
+ 'off', 'Off', 'OFF']
+
+ # It came in as a string but you didn't specify value_type as string
+ # we will convert to bool if it matches any of the above cases
+ if isinstance(inc_value, str) and 'bool' in vtype:
+ if inc_value not in true_bools and inc_value not in false_bools:
+ raise YeditException('Not a boolean type. str=[%s] vtype=[%s]'
+ % (inc_value, vtype))
+ elif isinstance(inc_value, bool) and 'str' in vtype:
+ inc_value = str(inc_value)
+
+ # If vtype is not str then go ahead and attempt to yaml load it.
+ if isinstance(inc_value, str) and 'str' not in vtype:
+ try:
+ inc_value = yaml.load(inc_value)
+ except Exception:
+ raise YeditException('Could not determine type of incoming ' +
+ 'value. value=[%s] vtype=[%s]'
+ % (type(inc_value), vtype))
+
+ return inc_value
+
+ # pylint: disable=too-many-return-statements,too-many-branches
+ @staticmethod
+ def run_ansible(module):
+ '''perform the idempotent crud operations'''
+ yamlfile = Yedit(filename=module.params['src'],
+ backup=module.params['backup'],
+ separator=module.params['separator'])
+
+ if module.params['src']:
+ rval = yamlfile.load()
+
+ if yamlfile.yaml_dict is None and \
+ module.params['state'] != 'present':
+ return {'failed': True,
+ 'msg': 'Error opening file [%s]. Verify that the ' +
+ 'file exists, that it is has correct' +
+ ' permissions, and is valid yaml.'}
+
+ if module.params['state'] == 'list':
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+ yamlfile.yaml_dict = content
+
+ if module.params['key']:
+ rval = yamlfile.get(module.params['key']) or {}
+
+ return {'changed': False, 'result': rval, 'state': "list"}
+
+ elif module.params['state'] == 'absent':
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+ yamlfile.yaml_dict = content
+
+ if module.params['update']:
+ rval = yamlfile.pop(module.params['key'],
+ module.params['value'])
+ else:
+ rval = yamlfile.delete(module.params['key'])
+
+ if rval[0] and module.params['src']:
+ yamlfile.write()
+
+ return {'changed': rval[0], 'result': rval[1], 'state': "absent"}
+
+ elif module.params['state'] == 'present':
+ # check if content is different than what is in the file
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+
+ # We had no edits to make and the contents are the same
+ if yamlfile.yaml_dict == content and \
+ module.params['value'] is None:
+ return {'changed': False,
+ 'result': yamlfile.yaml_dict,
+ 'state': "present"}
+
+ yamlfile.yaml_dict = content
+
+ # we were passed a value; parse it
+ if module.params['value']:
+ value = Yedit.parse_value(module.params['value'],
+ module.params['value_type'])
+ key = module.params['key']
+ if module.params['update']:
+ # pylint: disable=line-too-long
+ curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501
+ module.params['curr_value_format']) # noqa: E501
+
+ rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501
+
+ elif module.params['append']:
+ rval = yamlfile.append(key, value)
+ else:
+ rval = yamlfile.put(key, value)
+
+ if rval[0] and module.params['src']:
+ yamlfile.write()
+
+ return {'changed': rval[0],
+ 'result': rval[1], 'state': "present"}
+
+ # no edits to make
+ if module.params['src']:
+ # pylint: disable=redefined-variable-type
+ rval = yamlfile.write()
+ return {'changed': rval[0],
+ 'result': rval[1],
+ 'state': "present"}
+
+ return {'failed': True, 'msg': 'Unkown state passed'}
+
+# -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: lib/base.py -*- -*- -*-
+# pylint: disable=too-many-lines
+# noqa: E301,E302,E303,T001
+
+
+class OpenShiftCLIError(Exception):
+ '''Exception class for openshiftcli'''
+ pass
+
+
+# pylint: disable=too-few-public-methods
+class OpenShiftCLI(object):
+ ''' Class to wrap the command line tools '''
+ def __init__(self,
+ namespace,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False,
+ all_namespaces=False):
+ ''' Constructor for OpenshiftCLI '''
+ self.namespace = namespace
+ self.verbose = verbose
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
+ self.all_namespaces = all_namespaces
+
+ # Pylint allows only 5 arguments to be passed.
+ # pylint: disable=too-many-arguments
+ def _replace_content(self, resource, rname, content, force=False, sep='.'):
+ ''' replace the current object with the content '''
+ res = self._get(resource, rname)
+ if not res['results']:
+ return res
+
+ fname = Utils.create_tmpfile(rname + '-')
+
+ yed = Yedit(fname, res['results'][0], separator=sep)
+ changes = []
+ for key, value in content.items():
+ changes.append(yed.put(key, value))
+
+ if any([change[0] for change in changes]):
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self._replace(fname, force)
+
+ return {'returncode': 0, 'updated': False}
+
+ def _replace(self, fname, force=False):
+ '''replace the current object with oc replace'''
+ cmd = ['replace', '-f', fname]
+ if force:
+ cmd.append('--force')
+ return self.openshift_cmd(cmd)
+
+ def _create_from_content(self, rname, content):
+ '''create a temporary file and then call oc create on it'''
+ fname = Utils.create_tmpfile(rname + '-')
+ yed = Yedit(fname, content=content)
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self._create(fname)
+
+ def _create(self, fname):
+ '''call oc create on a filename'''
+ return self.openshift_cmd(['create', '-f', fname])
+
+ def _delete(self, resource, rname, selector=None):
+ '''call oc delete on a resource'''
+ cmd = ['delete', resource, rname]
+ if selector:
+ cmd.append('--selector=%s' % selector)
+
+ return self.openshift_cmd(cmd)
+
+ def _process(self, template_name, create=False, params=None, template_data=None): # noqa: E501
+ '''process a template
+
+ template_name: the name of the template to process
+ create: whether to send to oc create after processing
+ params: the parameters for the template
+ template_data: the incoming template's data; instead of a file
+ '''
+ cmd = ['process']
+ if template_data:
+ cmd.extend(['-f', '-'])
+ else:
+ cmd.append(template_name)
+ if params:
+ param_str = ["%s=%s" % (key, value) for key, value in params.items()]
+ cmd.append('-v')
+ cmd.extend(param_str)
+
+ results = self.openshift_cmd(cmd, output=True, input_data=template_data)
+
+ if results['returncode'] != 0 or not create:
+ return results
+
+ fname = Utils.create_tmpfile(template_name + '-')
+ yed = Yedit(fname, results['results'])
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self.openshift_cmd(['create', '-f', fname])
+
+ def _get(self, resource, rname=None, selector=None):
+ '''return a resource by name '''
+ cmd = ['get', resource]
+ if selector:
+ cmd.append('--selector=%s' % selector)
+ elif rname:
+ cmd.append(rname)
+
+ cmd.extend(['-o', 'json'])
+
+ rval = self.openshift_cmd(cmd, output=True)
+
+ # Ensure results are retuned in an array
+ if 'items' in rval:
+ rval['results'] = rval['items']
+ elif not isinstance(rval['results'], list):
+ rval['results'] = [rval['results']]
+
+ return rval
+
+ def _schedulable(self, node=None, selector=None, schedulable=True):
+ ''' perform oadm manage-node scheduable '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ cmd.append('--schedulable=%s' % schedulable)
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') # noqa: E501
+
+ def _list_pods(self, node=None, selector=None, pod_selector=None):
+ ''' perform oadm list pods
+
+ node: the node in which to list pods
+ selector: the label selector filter if provided
+ pod_selector: the pod selector filter if provided
+ '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ if pod_selector:
+ cmd.append('--pod-selector=%s' % pod_selector)
+
+ cmd.extend(['--list-pods', '-o', 'json'])
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+ # pylint: disable=too-many-arguments
+ def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False):
+ ''' perform oadm manage-node evacuate '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ if dry_run:
+ cmd.append('--dry-run')
+
+ if pod_selector:
+ cmd.append('--pod-selector=%s' % pod_selector)
+
+ if grace_period:
+ cmd.append('--grace-period=%s' % int(grace_period))
+
+ if force:
+ cmd.append('--force')
+
+ cmd.append('--evacuate')
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+ def _version(self):
+ ''' return the openshift version'''
+ return self.openshift_cmd(['version'], output=True, output_type='raw')
+
+ def _import_image(self, url=None, name=None, tag=None):
+ ''' perform image import '''
+ cmd = ['import-image']
+
+ image = '{0}'.format(name)
+ if tag:
+ image += ':{0}'.format(tag)
+
+ cmd.append(image)
+
+ if url:
+ cmd.append('--from={0}/{1}'.format(url, image))
+
+ cmd.append('-n{0}'.format(self.namespace))
+
+ cmd.append('--confirm')
+ return self.openshift_cmd(cmd)
+
+ def _run(self, cmds, input_data):
+ ''' Actually executes the command. This makes mocking easier. '''
+ curr_env = os.environ.copy()
+ curr_env.update({'KUBECONFIG': self.kubeconfig})
+ proc = subprocess.Popen(cmds,
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ env=curr_env)
+
+ stdout, stderr = proc.communicate(input_data)
+
+ return proc.returncode, stdout, stderr
+
+ # pylint: disable=too-many-arguments,too-many-branches
+ def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None):
+ '''Base command for oc '''
+ cmds = []
+ if oadm:
+ cmds = ['oadm']
+ else:
+ cmds = ['oc']
+
+ if self.all_namespaces:
+ cmds.extend(['--all-namespaces'])
+ elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']: # E501
+ cmds.extend(['-n', self.namespace])
+
+ cmds.extend(cmd)
+
+ rval = {}
+ results = ''
+ err = None
+
+ if self.verbose:
+ print(' '.join(cmds))
+
+ returncode, stdout, stderr = self._run(cmds, input_data)
+
+ rval = {"returncode": returncode,
+ "results": results,
+ "cmd": ' '.join(cmds)}
+
+ if returncode == 0:
+ if output:
+ if output_type == 'json':
+ try:
+ rval['results'] = json.loads(stdout)
+ except ValueError as err:
+ if "No JSON object could be decoded" in err.args:
+ err = err.args
+ elif output_type == 'raw':
+ rval['results'] = stdout
+
+ if self.verbose:
+ print("STDOUT: {0}".format(stdout))
+ print("STDERR: {0}".format(stderr))
+
+ if err:
+ rval.update({"err": err,
+ "stderr": stderr,
+ "stdout": stdout,
+ "cmd": cmds})
+
+ else:
+ rval.update({"stderr": stderr,
+ "stdout": stdout,
+ "results": {}})
+
+ return rval
+
+
+class Utils(object):
+ ''' utilities for openshiftcli modules '''
+
+ @staticmethod
+ def _write(filename, contents):
+ ''' Actually write the file contents to disk. This helps with mocking. '''
+
+ with open(filename, 'w') as sfd:
+ sfd.write(contents)
+
+ @staticmethod
+ def create_tmp_file_from_contents(rname, data, ftype='yaml'):
+ ''' create a file in tmp with name and contents'''
+
+ tmp = Utils.create_tmpfile(prefix=rname)
+
+ if ftype == 'yaml':
+ Utils._write(tmp, yaml.dump(data, Dumper=yaml.RoundTripDumper))
+ elif ftype == 'json':
+ Utils._write(tmp, json.dumps(data))
+ else:
+ Utils._write(tmp, data)
+
+ # Register cleanup when module is done
+ atexit.register(Utils.cleanup, [tmp])
+ return tmp
+
+ @staticmethod
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
+ ''' Generates and returns a temporary file name '''
+
+ with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
+ return tmp.name
+
+ @staticmethod
+ def create_tmp_files_from_contents(content, content_type=None):
+ '''Turn an array of dict: filename, content into a files array'''
+ if not isinstance(content, list):
+ content = [content]
+ files = []
+ for item in content:
+ path = Utils.create_tmp_file_from_contents(item['path'] + '-',
+ item['data'],
+ ftype=content_type)
+ files.append({'name': os.path.basename(item['path']),
+ 'path': path})
+ return files
+
+ @staticmethod
+ def cleanup(files):
+ '''Clean up on exit '''
+ for sfile in files:
+ if os.path.exists(sfile):
+ if os.path.isdir(sfile):
+ shutil.rmtree(sfile)
+ elif os.path.isfile(sfile):
+ os.remove(sfile)
+
+ @staticmethod
+ def exists(results, _name):
+ ''' Check to see if the results include the name '''
+ if not results:
+ return False
+
+ if Utils.find_result(results, _name):
+ return True
+
+ return False
+
+ @staticmethod
+ def find_result(results, _name):
+ ''' Find the specified result by name'''
+ rval = None
+ for result in results:
+ if 'metadata' in result and result['metadata']['name'] == _name:
+ rval = result
+ break
+
+ return rval
+
+ @staticmethod
+ def get_resource_file(sfile, sfile_type='yaml'):
+ ''' return the service file '''
+ contents = None
+ with open(sfile) as sfd:
+ contents = sfd.read()
+
+ if sfile_type == 'yaml':
+ contents = yaml.load(contents, yaml.RoundTripLoader)
+ elif sfile_type == 'json':
+ contents = json.loads(contents)
+
+ return contents
+
+ @staticmethod
+ def filter_versions(stdout):
+ ''' filter the oc version output '''
+
+ version_dict = {}
+ version_search = ['oc', 'openshift', 'kubernetes']
+
+ for line in stdout.strip().split('\n'):
+ for term in version_search:
+ if not line:
+ continue
+ if line.startswith(term):
+ version_dict[term] = line.split()[-1]
+
+ # horrible hack to get openshift version in Openshift 3.2
+ # By default "oc version in 3.2 does not return an "openshift" version
+ if "openshift" not in version_dict:
+ version_dict["openshift"] = version_dict["oc"]
+
+ return version_dict
+
+ @staticmethod
+ def add_custom_versions(versions):
+ ''' create custom versions strings '''
+
+ versions_dict = {}
+
+ for tech, version in versions.items():
+ # clean up "-" from version
+ if "-" in version:
+ version = version.split("-")[0]
+
+ if version.startswith('v'):
+ versions_dict[tech + '_numeric'] = version[1:].split('+')[0]
+ # "v3.3.0.33" is what we have, we want "3.3"
+ versions_dict[tech + '_short'] = version[1:4]
+
+ return versions_dict
+
+ @staticmethod
+ def openshift_installed():
+ ''' check if openshift is installed '''
+ import yum
+
+ yum_base = yum.YumBase()
+ if yum_base.rpmdb.searchNevra(name='atomic-openshift'):
+ return True
+
+ return False
+
+ # Disabling too-many-branches. This is a yaml dictionary comparison function
+ # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements
+ @staticmethod
+ def check_def_equal(user_def, result_def, skip_keys=None, debug=False):
+ ''' Given a user defined definition, compare it with the results given back by our query. '''
+
+ # Currently these values are autogenerated and we do not need to check them
+ skip = ['metadata', 'status']
+ if skip_keys:
+ skip.extend(skip_keys)
+
+ for key, value in result_def.items():
+ if key in skip:
+ continue
+
+ # Both are lists
+ if isinstance(value, list):
+ if key not in user_def:
+ if debug:
+ print('User data does not have key [%s]' % key)
+ print('User data: %s' % user_def)
+ return False
+
+ if not isinstance(user_def[key], list):
+ if debug:
+ print('user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key]))
+ return False
+
+ if len(user_def[key]) != len(value):
+ if debug:
+ print("List lengths are not equal.")
+ print("key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value)))
+ print("user_def: %s" % user_def[key])
+ print("value: %s" % value)
+ return False
+
+ for values in zip(user_def[key], value):
+ if isinstance(values[0], dict) and isinstance(values[1], dict):
+ if debug:
+ print('sending list - list')
+ print(type(values[0]))
+ print(type(values[1]))
+ result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug)
+ if not result:
+ print('list compare returned false')
+ return False
+
+ elif value != user_def[key]:
+ if debug:
+ print('value should be identical')
+ print(value)
+ print(user_def[key])
+ return False
+
+ # recurse on a dictionary
+ elif isinstance(value, dict):
+ if key not in user_def:
+ if debug:
+ print("user_def does not have key [%s]" % key)
+ return False
+ if not isinstance(user_def[key], dict):
+ if debug:
+ print("dict returned false: not instance of dict")
+ return False
+
+ # before passing ensure keys match
+ api_values = set(value.keys()) - set(skip)
+ user_values = set(user_def[key].keys()) - set(skip)
+ if api_values != user_values:
+ if debug:
+ print("keys are not equal in dict")
+ print(api_values)
+ print(user_values)
+ return False
+
+ result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
+ if not result:
+ if debug:
+ print("dict returned false")
+ print(result)
+ return False
+
+ # Verify each key, value pair is the same
+ else:
+ if key not in user_def or value != user_def[key]:
+ if debug:
+ print("value not equal; user_def does not have key")
+ print(key)
+ print(value)
+ if key in user_def:
+ print(user_def[key])
+ return False
+
+ if debug:
+ print('returning true')
+ return True
+
+
+class OpenShiftCLIConfig(object):
+ '''Generic Config'''
+ def __init__(self, rname, namespace, kubeconfig, options):
+ self.kubeconfig = kubeconfig
+ self.name = rname
+ self.namespace = namespace
+ self._options = options
+
+ @property
+ def config_options(self):
+ ''' return config options '''
+ return self._options
+
+ def to_option_list(self):
+ '''return all options as a string'''
+ return self.stringify()
+
+ def stringify(self):
+ ''' return the options hash as cli params in a string '''
+ rval = []
+ for key, data in self.config_options.items():
+ if data['include'] \
+ and (data['value'] or isinstance(data['value'], int)):
+ rval.append('--%s=%s' % (key.replace('_', '-'), data['value']))
+
+ return rval
+
+
+# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: lib/deploymentconfig.py -*- -*- -*-
+
+
+# pylint: disable=too-many-public-methods
+class DeploymentConfig(Yedit):
+ ''' Class to wrap the oc command line tools '''
+ default_deployment_config = '''
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+ name: default_dc
+ namespace: default
+spec:
+ replicas: 0
+ selector:
+ default_dc: default_dc
+ strategy:
+ resources: {}
+ rollingParams:
+ intervalSeconds: 1
+ maxSurge: 0
+ maxUnavailable: 25%
+ timeoutSeconds: 600
+ updatePercent: -25
+ updatePeriodSeconds: 1
+ type: Rolling
+ template:
+ metadata:
+ spec:
+ containers:
+ - env:
+ - name: default
+ value: default
+ image: default
+ imagePullPolicy: IfNotPresent
+ name: default_dc
+ ports:
+ - containerPort: 8000
+ hostPort: 8000
+ protocol: TCP
+ name: default_port
+ resources: {}
+ terminationMessagePath: /dev/termination-log
+ dnsPolicy: ClusterFirst
+ hostNetwork: true
+ nodeSelector:
+ type: compute
+ restartPolicy: Always
+ securityContext: {}
+ serviceAccount: default
+ serviceAccountName: default
+ terminationGracePeriodSeconds: 30
+ triggers:
+ - type: ConfigChange
+'''
+
+ replicas_path = "spec.replicas"
+ env_path = "spec.template.spec.containers[0].env"
+ volumes_path = "spec.template.spec.volumes"
+ container_path = "spec.template.spec.containers"
+ volume_mounts_path = "spec.template.spec.containers[0].volumeMounts"
+
+ def __init__(self, content=None):
+ ''' Constructor for deploymentconfig '''
+ if not content:
+ content = DeploymentConfig.default_deployment_config
+
+ super(DeploymentConfig, self).__init__(content=content)
+
+ # pylint: disable=no-member
+ def add_env_value(self, key, value):
+ ''' add key, value pair to env array '''
+ rval = False
+ env = self.get_env_vars()
+ if env:
+ env.append({'name': key, 'value': value})
+ rval = True
+ else:
+ result = self.put(DeploymentConfig.env_path, {'name': key, 'value': value})
+ rval = result[0]
+
+ return rval
+
+ def exists_env_value(self, key, value):
+ ''' return whether a key, value pair exists '''
+ results = self.get_env_vars()
+ if not results:
+ return False
+
+ for result in results:
+ if result['name'] == key and result['value'] == value:
+ return True
+
+ return False
+
+ def exists_env_key(self, key):
+ ''' return whether a key, value pair exists '''
+ results = self.get_env_vars()
+ if not results:
+ return False
+
+ for result in results:
+ if result['name'] == key:
+ return True
+
+ return False
+
+ def get_env_vars(self):
+ '''return a environment variables '''
+ return self.get(DeploymentConfig.env_path) or []
+
+ def delete_env_var(self, keys):
+ '''delete a list of keys '''
+ if not isinstance(keys, list):
+ keys = [keys]
+
+ env_vars_array = self.get_env_vars()
+ modified = False
+ idx = None
+ for key in keys:
+ for env_idx, env_var in enumerate(env_vars_array):
+ if env_var['name'] == key:
+ idx = env_idx
+ break
+
+ if idx:
+ modified = True
+ del env_vars_array[idx]
+
+ if modified:
+ return True
+
+ return False
+
+ def update_env_var(self, key, value):
+ '''place an env in the env var list'''
+
+ env_vars_array = self.get_env_vars()
+ idx = None
+ for env_idx, env_var in enumerate(env_vars_array):
+ if env_var['name'] == key:
+ idx = env_idx
+ break
+
+ if idx:
+ env_vars_array[idx]['value'] = value
+ else:
+ self.add_env_value(key, value)
+
+ return True
+
+ def exists_volume_mount(self, volume_mount):
+ ''' return whether a volume mount exists '''
+ exist_volume_mounts = self.get_volume_mounts()
+
+ if not exist_volume_mounts:
+ return False
+
+ volume_mount_found = False
+ for exist_volume_mount in exist_volume_mounts:
+ if exist_volume_mount['name'] == volume_mount['name']:
+ volume_mount_found = True
+ break
+
+ return volume_mount_found
+
+ def exists_volume(self, volume):
+ ''' return whether a volume exists '''
+ exist_volumes = self.get_volumes()
+
+ volume_found = False
+ for exist_volume in exist_volumes:
+ if exist_volume['name'] == volume['name']:
+ volume_found = True
+ break
+
+ return volume_found
+
+ def find_volume_by_name(self, volume, mounts=False):
+ ''' return the index of a volume '''
+ volumes = []
+ if mounts:
+ volumes = self.get_volume_mounts()
+ else:
+ volumes = self.get_volumes()
+ for exist_volume in volumes:
+ if exist_volume['name'] == volume['name']:
+ return exist_volume
+
+ return None
+
+ def get_replicas(self):
+ ''' return replicas setting '''
+ return self.get(DeploymentConfig.replicas_path)
+
+ def get_volume_mounts(self):
+ '''return volume mount information '''
+ return self.get_volumes(mounts=True)
+
+ def get_volumes(self, mounts=False):
+ '''return volume mount information '''
+ if mounts:
+ return self.get(DeploymentConfig.volume_mounts_path) or []
+
+ return self.get(DeploymentConfig.volumes_path) or []
+
+ def delete_volume_by_name(self, volume):
+ '''delete a volume '''
+ modified = False
+ exist_volume_mounts = self.get_volume_mounts()
+ exist_volumes = self.get_volumes()
+ del_idx = None
+ for idx, exist_volume in enumerate(exist_volumes):
+ if 'name' in exist_volume and exist_volume['name'] == volume['name']:
+ del_idx = idx
+ break
+
+ if del_idx != None:
+ del exist_volumes[del_idx]
+ modified = True
+
+ del_idx = None
+ for idx, exist_volume_mount in enumerate(exist_volume_mounts):
+ if 'name' in exist_volume_mount and exist_volume_mount['name'] == volume['name']:
+ del_idx = idx
+ break
+
+ if del_idx != None:
+ del exist_volume_mounts[idx]
+ modified = True
+
+ return modified
+
+ def add_volume_mount(self, volume_mount):
+ ''' add a volume or volume mount to the proper location '''
+ exist_volume_mounts = self.get_volume_mounts()
+
+ if not exist_volume_mounts and volume_mount:
+ self.put(DeploymentConfig.volume_mounts_path, [volume_mount])
+ else:
+ exist_volume_mounts.append(volume_mount)
+
+ def add_volume(self, volume):
+ ''' add a volume or volume mount to the proper location '''
+ exist_volumes = self.get_volumes()
+ if not volume:
+ return
+
+ if not exist_volumes:
+ self.put(DeploymentConfig.volumes_path, [volume])
+ else:
+ exist_volumes.append(volume)
+
+ def update_replicas(self, replicas):
+ ''' update replicas value '''
+ self.put(DeploymentConfig.replicas_path, replicas)
+
+ def update_volume(self, volume):
+ '''place an env in the env var list'''
+ exist_volumes = self.get_volumes()
+
+ if not volume:
+ return False
+
+ # update the volume
+ update_idx = None
+ for idx, exist_vol in enumerate(exist_volumes):
+ if exist_vol['name'] == volume['name']:
+ update_idx = idx
+ break
+
+ if update_idx != None:
+ exist_volumes[update_idx] = volume
+ else:
+ self.add_volume(volume)
+
+ return True
+
+ def update_volume_mount(self, volume_mount):
+ '''place an env in the env var list'''
+ modified = False
+
+ exist_volume_mounts = self.get_volume_mounts()
+
+ if not volume_mount:
+ return False
+
+ # update the volume mount
+ for exist_vol_mount in exist_volume_mounts:
+ if exist_vol_mount['name'] == volume_mount['name']:
+ if 'mountPath' in exist_vol_mount and \
+ str(exist_vol_mount['mountPath']) != str(volume_mount['mountPath']):
+ exist_vol_mount['mountPath'] = volume_mount['mountPath']
+ modified = True
+ break
+
+ if not modified:
+ self.add_volume_mount(volume_mount)
+ modified = True
+
+ return modified
+
+ def needs_update_volume(self, volume, volume_mount):
+ ''' verify a volume update is needed '''
+ exist_volume = self.find_volume_by_name(volume)
+ exist_volume_mount = self.find_volume_by_name(volume, mounts=True)
+ results = []
+ results.append(exist_volume['name'] == volume['name'])
+
+ if 'secret' in volume:
+ results.append('secret' in exist_volume)
+ results.append(exist_volume['secret']['secretName'] == volume['secret']['secretName'])
+ results.append(exist_volume_mount['name'] == volume_mount['name'])
+ results.append(exist_volume_mount['mountPath'] == volume_mount['mountPath'])
+
+ elif 'emptyDir' in volume:
+ results.append(exist_volume_mount['name'] == volume['name'])
+ results.append(exist_volume_mount['mountPath'] == volume_mount['mountPath'])
+
+ elif 'persistentVolumeClaim' in volume:
+ pvc = 'persistentVolumeClaim'
+ results.append(pvc in exist_volume)
+ if results[-1]:
+ results.append(exist_volume[pvc]['claimName'] == volume[pvc]['claimName'])
+
+ if 'claimSize' in volume[pvc]:
+ results.append(exist_volume[pvc]['claimSize'] == volume[pvc]['claimSize'])
+
+ elif 'hostpath' in volume:
+ results.append('hostPath' in exist_volume)
+ results.append(exist_volume['hostPath']['path'] == volume_mount['mountPath'])
+
+ return not all(results)
+
+ def needs_update_replicas(self, replicas):
+ ''' verify whether a replica update is needed '''
+ current_reps = self.get(DeploymentConfig.replicas_path)
+ return not current_reps == replicas
+
+# -*- -*- -*- End included fragment: lib/deploymentconfig.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: class/oc_env.py -*- -*- -*-
+
+
+# pylint: disable=too-many-instance-attributes
+class OCEnv(OpenShiftCLI):
+ ''' Class to wrap the oc command line tools '''
+
+ container_path = {"pod": "spec.containers[0].env",
+ "dc": "spec.template.spec.containers[0].env",
+ "rc": "spec.template.spec.containers[0].env",
+ }
+
+ # pylint allows 5. we need 6
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ namespace,
+ kind,
+ env_vars,
+ resource_name=None,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False):
+ ''' Constructor for OpenshiftOC '''
+ super(OCEnv, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
+ self.kind = kind
+ self.name = resource_name
+ self.env_vars = env_vars
+ self._resource = None
+
+ @property
+ def resource(self):
+ ''' property function for resource var'''
+ if not self._resource:
+ self.get()
+ return self._resource
+
+ @resource.setter
+ def resource(self, data):
+ ''' setter function for resource var'''
+ self._resource = data
+
+ def key_value_exists(self, key, value):
+ ''' return whether a key, value pair exists '''
+ return self.resource.exists_env_value(key, value)
+
+ def key_exists(self, key):
+ ''' return whether a key exists '''
+ return self.resource.exists_env_key(key)
+
+ def get(self):
+ '''return environment variables '''
+ result = self._get(self.kind, self.name)
+ if result['returncode'] == 0:
+ if self.kind == 'dc':
+ self.resource = DeploymentConfig(content=result['results'][0])
+ result['results'] = self.resource.get(OCEnv.container_path[self.kind]) or []
+ return result
+
+ def delete(self):
+ ''' delete environment variables '''
+ if self.resource.delete_env_var(self.env_vars.keys()):
+ return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
+
+ return {'returncode': 0, 'changed': False}
+
+ def put(self):
+ '''place env vars into dc '''
+ for update_key, update_value in self.env_vars.items():
+ self.resource.update_env_var(update_key, update_value)
+
+ return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
+
+ # pylint: disable=too-many-return-statements
+ @staticmethod
+ def run_ansible(params, check_mode):
+ '''run the idempotent ansible code'''
+
+ ocenv = OCEnv(params['namespace'],
+ params['kind'],
+ params['env_vars'],
+ resource_name=params['name'],
+ kubeconfig=params['kubeconfig'],
+ verbose=params['debug'])
+
+ state = params['state']
+
+ api_rval = ocenv.get()
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval['results'], 'state': "list"}
+
+ ########
+ # Delete
+ ########
+ if state == 'absent':
+ for key in params.get('env_vars', {}).keys():
+ if ocenv.resource.exists_env_key(key):
+
+ if check_mode:
+ return {'changed': False,
+ 'msg': 'CHECK_MODE: Would have performed a delete.'}
+
+ api_rval = ocenv.delete()
+
+ return {'changed': True, 'state': 'absent'}
+
+ return {'changed': False, 'state': 'absent'}
+
+ if state == 'present':
+ ########
+ # Create
+ ########
+ for key, value in params.get('env_vars', {}).items():
+ if not ocenv.key_value_exists(key, value):
+
+ if check_mode:
+ return {'changed': False,
+ 'msg': 'CHECK_MODE: Would have performed a create.'}
+
+ # Create it here
+ api_rval = ocenv.put()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = ocenv.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval['results'], 'state': 'present'}
+
+ return {'changed': False, 'results': api_rval['results'], 'state': 'present'}
+
+
+ return {'failed': True,
+ 'changed': False,
+ 'msg': 'Unknown state passed. %s' % state}
+
+# -*- -*- -*- End included fragment: class/oc_env.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: ansible/oc_env.py -*- -*- -*-
+
+def main():
+ '''
+ ansible oc module for environment variables
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'absent', 'list']),
+ debug=dict(default=False, type='bool'),
+ kind=dict(default='rc', choices=['dc', 'rc', 'pods'], type='str'),
+ namespace=dict(default='default', type='str'),
+ name=dict(default=None, required=True, type='str'),
+ env_vars=dict(default=None, type='dict'),
+ ),
+ mutually_exclusive=[["content", "files"]],
+
+ supports_check_mode=True,
+ )
+ results = OCEnv.run_ansible(module.params, module.check_mode)
+
+ if 'failed' in results:
+ module.fail_json(**results)
+
+ module.exit_json(**results)
+
+
+if __name__ == '__main__':
+ main()
+
+# -*- -*- -*- End included fragment: ansible/oc_env.py -*- -*- -*-
diff --git a/roles/lib_openshift/library/oc_label.py b/roles/lib_openshift/library/oc_label.py
index f67eb2552..e168614bd 100644
--- a/roles/lib_openshift/library/oc_label.py
+++ b/roles/lib_openshift/library/oc_label.py
@@ -1294,11 +1294,9 @@ class OCLabel(OpenShiftCLI):
selector=None,
verbose=False):
''' Constructor for OCLabel '''
- super(OCLabel, self).__init__(namespace, kubeconfig)
+ super(OCLabel, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
self.name = name
- self.namespace = namespace
self.kind = kind
- self.kubeconfig = kubeconfig
self.labels = labels
self._curr_labels = None
self.selector = selector
diff --git a/roles/lib_openshift/library/oc_obj.py b/roles/lib_openshift/library/oc_obj.py
index e4b8ac26c..d73d05472 100644
--- a/roles/lib_openshift/library/oc_obj.py
+++ b/roles/lib_openshift/library/oc_obj.py
@@ -1296,14 +1296,11 @@ class OCObject(OpenShiftCLI):
verbose=False,
all_namespaces=False):
''' Constructor for OpenshiftOC '''
- super(OCObject, self).__init__(namespace, kubeconfig,
+ super(OCObject, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose,
all_namespaces=all_namespaces)
self.kind = kind
- self.namespace = namespace
self.name = rname
self.selector = selector
- self.kubeconfig = kubeconfig
- self.verbose = verbose
def get(self):
'''return a kind by name '''
diff --git a/roles/lib_openshift/library/oc_process.py b/roles/lib_openshift/library/oc_process.py
index 702cb02d4..bcb4d2289 100644
--- a/roles/lib_openshift/library/oc_process.py
+++ b/roles/lib_openshift/library/oc_process.py
@@ -1286,14 +1286,11 @@ class OCProcess(OpenShiftCLI):
tdata=None,
verbose=False):
''' Constructor for OpenshiftOC '''
- super(OCProcess, self).__init__(namespace, kubeconfig)
- self.namespace = namespace
+ super(OCProcess, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
self.name = tname
self.data = tdata
self.params = params
self.create = create
- self.kubeconfig = kubeconfig
- self.verbose = verbose
self._template = None
@property
diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py
index 982a43ba3..d5dc84116 100644
--- a/roles/lib_openshift/library/oc_route.py
+++ b/roles/lib_openshift/library/oc_route.py
@@ -1461,9 +1461,8 @@ class OCRoute(OpenShiftCLI):
config,
verbose=False):
''' Constructor for OCVolume '''
- super(OCRoute, self).__init__(config.namespace, config.kubeconfig)
+ super(OCRoute, self).__init__(config.namespace, kubeconfig=config.kubeconfig, verbose=verbose)
self.config = config
- self.namespace = config.namespace
self._route = None
@property
diff --git a/roles/lib_openshift/library/oc_scale.py b/roles/lib_openshift/library/oc_scale.py
index 48a629b5e..be3b7f837 100644
--- a/roles/lib_openshift/library/oc_scale.py
+++ b/roles/lib_openshift/library/oc_scale.py
@@ -1629,13 +1629,10 @@ class OCScale(OpenShiftCLI):
kubeconfig='/etc/origin/master/admin.kubeconfig',
verbose=False):
''' Constructor for OCScale '''
- super(OCScale, self).__init__(namespace, kubeconfig)
+ super(OCScale, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
self.kind = kind
self.replicas = replicas
self.name = resource_name
- self.namespace = namespace
- self.kubeconfig = kubeconfig
- self.verbose = verbose
self._resource = None
@property
diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py
index 526474f17..8598cb0ec 100644
--- a/roles/lib_openshift/library/oc_secret.py
+++ b/roles/lib_openshift/library/oc_secret.py
@@ -1418,12 +1418,9 @@ class OCSecret(OpenShiftCLI):
kubeconfig='/etc/origin/master/admin.kubeconfig',
verbose=False):
''' Constructor for OpenshiftOC '''
- super(OCSecret, self).__init__(namespace, kubeconfig)
- self.namespace = namespace
+ super(OCSecret, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
self.name = secret_name
- self.kubeconfig = kubeconfig
self.decode = decode
- self.verbose = verbose
def get(self):
'''return a secret by name '''
diff --git a/roles/lib_openshift/library/oc_serviceaccount.py b/roles/lib_openshift/library/oc_serviceaccount.py
index cd0847963..fcc5bbfa7 100644
--- a/roles/lib_openshift/library/oc_serviceaccount.py
+++ b/roles/lib_openshift/library/oc_serviceaccount.py
@@ -1396,9 +1396,8 @@ class OCServiceAccount(OpenShiftCLI):
config,
verbose=False):
''' Constructor for OCVolume '''
- super(OCServiceAccount, self).__init__(config.namespace, config.kubeconfig)
+ super(OCServiceAccount, self).__init__(config.namespace, kubeconfig=config.kubeconfig, verbose=verbose)
self.config = config
- self.namespace = config.namespace
self.service_account = None
def exists(self):
diff --git a/roles/lib_openshift/library/oc_serviceaccount_secret.py b/roles/lib_openshift/library/oc_serviceaccount_secret.py
index e22ccbfc2..ef10162c2 100644
--- a/roles/lib_openshift/library/oc_serviceaccount_secret.py
+++ b/roles/lib_openshift/library/oc_serviceaccount_secret.py
@@ -1391,7 +1391,7 @@ class OCServiceAccountSecret(OpenShiftCLI):
kind = 'sa'
def __init__(self, config, verbose=False):
''' Constructor for OpenshiftOC '''
- super(OCServiceAccountSecret, self).__init__(config.namespace, config.kubeconfig)
+ super(OCServiceAccountSecret, self).__init__(config.namespace, kubeconfig=config.kubeconfig, verbose=verbose)
self.config = config
self.verbose = verbose
self._service_account = None
diff --git a/roles/lib_openshift/src/ansible/oc_env.py b/roles/lib_openshift/src/ansible/oc_env.py
new file mode 100644
index 000000000..e49295873
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_env.py
@@ -0,0 +1,33 @@
+# pylint: skip-file
+# flake8: noqa
+
+def main():
+ '''
+ ansible oc module for environment variables
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'absent', 'list']),
+ debug=dict(default=False, type='bool'),
+ kind=dict(default='rc', choices=['dc', 'rc', 'pods'], type='str'),
+ namespace=dict(default='default', type='str'),
+ name=dict(default=None, required=True, type='str'),
+ env_vars=dict(default=None, type='dict'),
+ ),
+ mutually_exclusive=[["content", "files"]],
+
+ supports_check_mode=True,
+ )
+ results = OCEnv.run_ansible(module.params, module.check_mode)
+
+ if 'failed' in results:
+ module.fail_json(**results)
+
+ module.exit_json(**results)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/lib_openshift/src/class/oadm_manage_node.py b/roles/lib_openshift/src/class/oadm_manage_node.py
index 61b6a5ebe..c07320477 100644
--- a/roles/lib_openshift/src/class/oadm_manage_node.py
+++ b/roles/lib_openshift/src/class/oadm_manage_node.py
@@ -23,7 +23,7 @@ class ManageNode(OpenShiftCLI):
config,
verbose=False):
''' Constructor for ManageNode '''
- super(ManageNode, self).__init__(None, config.kubeconfig)
+ super(ManageNode, self).__init__(None, kubeconfig=config.kubeconfig, verbose=verbose)
self.config = config
def evacuate(self):
diff --git a/roles/lib_openshift/src/class/oc_edit.py b/roles/lib_openshift/src/class/oc_edit.py
index 0734e2085..629e5a007 100644
--- a/roles/lib_openshift/src/class/oc_edit.py
+++ b/roles/lib_openshift/src/class/oc_edit.py
@@ -13,13 +13,10 @@ class Edit(OpenShiftCLI):
separator='.',
verbose=False):
''' Constructor for OpenshiftOC '''
- super(Edit, self).__init__(namespace, kubeconfig)
- self.namespace = namespace
+ super(Edit, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
self.kind = kind
self.name = resource_name
- self.kubeconfig = kubeconfig
self.separator = separator
- self.verbose = verbose
def get(self):
'''return a secret by name '''
diff --git a/roles/lib_openshift/src/class/oc_env.py b/roles/lib_openshift/src/class/oc_env.py
new file mode 100644
index 000000000..748b46cb5
--- /dev/null
+++ b/roles/lib_openshift/src/class/oc_env.py
@@ -0,0 +1,142 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+# pylint: disable=too-many-instance-attributes
+class OCEnv(OpenShiftCLI):
+ ''' Class to wrap the oc command line tools '''
+
+ container_path = {"pod": "spec.containers[0].env",
+ "dc": "spec.template.spec.containers[0].env",
+ "rc": "spec.template.spec.containers[0].env",
+ }
+
+ # pylint allows 5. we need 6
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ namespace,
+ kind,
+ env_vars,
+ resource_name=None,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False):
+ ''' Constructor for OpenshiftOC '''
+ super(OCEnv, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
+ self.kind = kind
+ self.name = resource_name
+ self.env_vars = env_vars
+ self._resource = None
+
+ @property
+ def resource(self):
+ ''' property function for resource var'''
+ if not self._resource:
+ self.get()
+ return self._resource
+
+ @resource.setter
+ def resource(self, data):
+ ''' setter function for resource var'''
+ self._resource = data
+
+ def key_value_exists(self, key, value):
+ ''' return whether a key, value pair exists '''
+ return self.resource.exists_env_value(key, value)
+
+ def key_exists(self, key):
+ ''' return whether a key exists '''
+ return self.resource.exists_env_key(key)
+
+ def get(self):
+ '''return environment variables '''
+ result = self._get(self.kind, self.name)
+ if result['returncode'] == 0:
+ if self.kind == 'dc':
+ self.resource = DeploymentConfig(content=result['results'][0])
+ result['results'] = self.resource.get(OCEnv.container_path[self.kind]) or []
+ return result
+
+ def delete(self):
+ ''' delete environment variables '''
+ if self.resource.delete_env_var(self.env_vars.keys()):
+ return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
+
+ return {'returncode': 0, 'changed': False}
+
+ def put(self):
+ '''place env vars into dc '''
+ for update_key, update_value in self.env_vars.items():
+ self.resource.update_env_var(update_key, update_value)
+
+ return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
+
+ # pylint: disable=too-many-return-statements
+ @staticmethod
+ def run_ansible(params, check_mode):
+ '''run the idempotent ansible code'''
+
+ ocenv = OCEnv(params['namespace'],
+ params['kind'],
+ params['env_vars'],
+ resource_name=params['name'],
+ kubeconfig=params['kubeconfig'],
+ verbose=params['debug'])
+
+ state = params['state']
+
+ api_rval = ocenv.get()
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval['results'], 'state': "list"}
+
+ ########
+ # Delete
+ ########
+ if state == 'absent':
+ for key in params.get('env_vars', {}).keys():
+ if ocenv.resource.exists_env_key(key):
+
+ if check_mode:
+ return {'changed': False,
+ 'msg': 'CHECK_MODE: Would have performed a delete.'}
+
+ api_rval = ocenv.delete()
+
+ return {'changed': True, 'state': 'absent'}
+
+ return {'changed': False, 'state': 'absent'}
+
+ if state == 'present':
+ ########
+ # Create
+ ########
+ for key, value in params.get('env_vars', {}).items():
+ if not ocenv.key_value_exists(key, value):
+
+ if check_mode:
+ return {'changed': False,
+ 'msg': 'CHECK_MODE: Would have performed a create.'}
+
+ # Create it here
+ api_rval = ocenv.put()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = ocenv.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval['results'], 'state': 'present'}
+
+ return {'changed': False, 'results': api_rval['results'], 'state': 'present'}
+
+
+ return {'failed': True,
+ 'changed': False,
+ 'msg': 'Unknown state passed. %s' % state}
diff --git a/roles/lib_openshift/src/class/oc_label.py b/roles/lib_openshift/src/class/oc_label.py
index 8e1ba9ceb..bd312c170 100644
--- a/roles/lib_openshift/src/class/oc_label.py
+++ b/roles/lib_openshift/src/class/oc_label.py
@@ -17,11 +17,9 @@ class OCLabel(OpenShiftCLI):
selector=None,
verbose=False):
''' Constructor for OCLabel '''
- super(OCLabel, self).__init__(namespace, kubeconfig)
+ super(OCLabel, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
self.name = name
- self.namespace = namespace
self.kind = kind
- self.kubeconfig = kubeconfig
self.labels = labels
self._curr_labels = None
self.selector = selector
diff --git a/roles/lib_openshift/src/class/oc_obj.py b/roles/lib_openshift/src/class/oc_obj.py
index 2ec20e72c..21129a50c 100644
--- a/roles/lib_openshift/src/class/oc_obj.py
+++ b/roles/lib_openshift/src/class/oc_obj.py
@@ -16,14 +16,11 @@ class OCObject(OpenShiftCLI):
verbose=False,
all_namespaces=False):
''' Constructor for OpenshiftOC '''
- super(OCObject, self).__init__(namespace, kubeconfig,
+ super(OCObject, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose,
all_namespaces=all_namespaces)
self.kind = kind
- self.namespace = namespace
self.name = rname
self.selector = selector
- self.kubeconfig = kubeconfig
- self.verbose = verbose
def get(self):
'''return a kind by name '''
diff --git a/roles/lib_openshift/src/class/oc_process.py b/roles/lib_openshift/src/class/oc_process.py
index 80d81448d..9d29938aa 100644
--- a/roles/lib_openshift/src/class/oc_process.py
+++ b/roles/lib_openshift/src/class/oc_process.py
@@ -17,14 +17,11 @@ class OCProcess(OpenShiftCLI):
tdata=None,
verbose=False):
''' Constructor for OpenshiftOC '''
- super(OCProcess, self).__init__(namespace, kubeconfig)
- self.namespace = namespace
+ super(OCProcess, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
self.name = tname
self.data = tdata
self.params = params
self.create = create
- self.kubeconfig = kubeconfig
- self.verbose = verbose
self._template = None
@property
diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py
index 42388ad0b..cb743e19d 100644
--- a/roles/lib_openshift/src/class/oc_route.py
+++ b/roles/lib_openshift/src/class/oc_route.py
@@ -11,9 +11,8 @@ class OCRoute(OpenShiftCLI):
config,
verbose=False):
''' Constructor for OCVolume '''
- super(OCRoute, self).__init__(config.namespace, config.kubeconfig)
+ super(OCRoute, self).__init__(config.namespace, kubeconfig=config.kubeconfig, verbose=verbose)
self.config = config
- self.namespace = config.namespace
self._route = None
@property
diff --git a/roles/lib_openshift/src/class/oc_scale.py b/roles/lib_openshift/src/class/oc_scale.py
index 16255688b..6c3ceb8cf 100644
--- a/roles/lib_openshift/src/class/oc_scale.py
+++ b/roles/lib_openshift/src/class/oc_scale.py
@@ -15,13 +15,10 @@ class OCScale(OpenShiftCLI):
kubeconfig='/etc/origin/master/admin.kubeconfig',
verbose=False):
''' Constructor for OCScale '''
- super(OCScale, self).__init__(namespace, kubeconfig)
+ super(OCScale, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
self.kind = kind
self.replicas = replicas
self.name = resource_name
- self.namespace = namespace
- self.kubeconfig = kubeconfig
- self.verbose = verbose
self._resource = None
@property
diff --git a/roles/lib_openshift/src/class/oc_secret.py b/roles/lib_openshift/src/class/oc_secret.py
index e99999c37..5eac27572 100644
--- a/roles/lib_openshift/src/class/oc_secret.py
+++ b/roles/lib_openshift/src/class/oc_secret.py
@@ -17,12 +17,9 @@ class OCSecret(OpenShiftCLI):
kubeconfig='/etc/origin/master/admin.kubeconfig',
verbose=False):
''' Constructor for OpenshiftOC '''
- super(OCSecret, self).__init__(namespace, kubeconfig)
- self.namespace = namespace
+ super(OCSecret, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
self.name = secret_name
- self.kubeconfig = kubeconfig
self.decode = decode
- self.verbose = verbose
def get(self):
'''return a secret by name '''
diff --git a/roles/lib_openshift/src/class/oc_serviceaccount.py b/roles/lib_openshift/src/class/oc_serviceaccount.py
index 47c7b5c94..d6777afc1 100644
--- a/roles/lib_openshift/src/class/oc_serviceaccount.py
+++ b/roles/lib_openshift/src/class/oc_serviceaccount.py
@@ -12,9 +12,8 @@ class OCServiceAccount(OpenShiftCLI):
config,
verbose=False):
''' Constructor for OCVolume '''
- super(OCServiceAccount, self).__init__(config.namespace, config.kubeconfig)
+ super(OCServiceAccount, self).__init__(config.namespace, kubeconfig=config.kubeconfig, verbose=verbose)
self.config = config
- self.namespace = config.namespace
self.service_account = None
def exists(self):
diff --git a/roles/lib_openshift/src/class/oc_serviceaccount_secret.py b/roles/lib_openshift/src/class/oc_serviceaccount_secret.py
index 750a74d33..4f1c8c926 100644
--- a/roles/lib_openshift/src/class/oc_serviceaccount_secret.py
+++ b/roles/lib_openshift/src/class/oc_serviceaccount_secret.py
@@ -7,7 +7,7 @@ class OCServiceAccountSecret(OpenShiftCLI):
kind = 'sa'
def __init__(self, config, verbose=False):
''' Constructor for OpenshiftOC '''
- super(OCServiceAccountSecret, self).__init__(config.namespace, config.kubeconfig)
+ super(OCServiceAccountSecret, self).__init__(config.namespace, kubeconfig=config.kubeconfig, verbose=verbose)
self.config = config
self.verbose = verbose
self._service_account = None
diff --git a/roles/lib_openshift/src/doc/env b/roles/lib_openshift/src/doc/env
new file mode 100644
index 000000000..36edcd211
--- /dev/null
+++ b/roles/lib_openshift/src/doc/env
@@ -0,0 +1,83 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: oc_env
+short_description: Modify, and idempotently manage openshift environment variables on pods, deploymentconfigs, and replication controllers.
+description:
+ - Modify openshift environment variables programmatically.
+options:
+ state:
+ description:
+ - Supported states, present, absent, list
+ - present - will ensure object is created or updated to the value specified
+ - list - will return a list of environment variables
+ - absent - will remove the environment varibale from the object
+ required: False
+ default: present
+ choices: ["present", 'absent', 'list']
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ name:
+ description:
+ - Name of the object that is being queried.
+ required: false
+ default: None
+ aliases: []
+ namespace:
+ description:
+ - The namespace where the object lives.
+ required: false
+ default: str
+ aliases: []
+ kind:
+ description:
+ - The kind attribute of the object.
+ required: False
+ default: dc
+ choices:
+ - rc
+ - dc
+ - pods
+ aliases: []
+ env_vars:
+ description:
+ - The environment variables to insert. The format is a dict of value pairs.
+ - e.g. {key1: value1, key2: value2})
+ required: False
+ default: None
+ aliases: []
+author:
+- "Kenny Woodson <kwoodson@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: query a list of env vars on dc
+ oc_env:
+ kind: dc
+ name: myawesomedc
+ namespace: phpapp
+
+- name: Set the following variables.
+ oc_env:
+ kind: dc
+ name: myawesomedc
+ namespace: phpapp
+ env_vars:
+ SUPER_TURBO_MODE: 'true'
+ ENABLE_PORTS: 'false'
+ SERVICE_PORT: 9999
+'''
diff --git a/roles/lib_openshift/src/sources.yml b/roles/lib_openshift/src/sources.yml
index e9056655d..091aaef2e 100644
--- a/roles/lib_openshift/src/sources.yml
+++ b/roles/lib_openshift/src/sources.yml
@@ -19,6 +19,17 @@ oc_edit.py:
- class/oc_edit.py
- ansible/oc_edit.py
+oc_env.py:
+- doc/generated
+- doc/license
+- lib/import.py
+- doc/env
+- ../../lib_utils/src/class/yedit.py
+- lib/base.py
+- lib/deploymentconfig.py
+- class/oc_env.py
+- ansible/oc_env.py
+
oc_label.py:
- doc/generated
- doc/license
diff --git a/roles/lib_openshift/src/test/integration/oc_env.yml b/roles/lib_openshift/src/test/integration/oc_env.yml
new file mode 100755
index 000000000..cbb97ed46
--- /dev/null
+++ b/roles/lib_openshift/src/test/integration/oc_env.yml
@@ -0,0 +1,75 @@
+#!/usr/bin/ansible-playbook --module-path=../../../library/
+# ./oc_env.yml -e "cli_master_test=$OPENSHIFT_MASTER
+---
+- hosts: "{{ cli_master_test }}"
+ gather_facts: no
+ user: root
+ vars:
+ my_env_var:
+ SOMEKEY: SOMEVALUE
+
+ check_env_var:
+ name: DEFAULT_CERTIFICATE_DIR
+ value: /etc/pki/tls/private
+
+ tasks:
+ - name: list environment variables from router dc
+ oc_env:
+ state: list
+ name: router
+ namespace: default
+ kind: dc
+ register: envout
+ - debug: var=envout
+
+ - assert:
+ that:
+ - "'{{ check_env_var.name }}' == '{{ envout.results[0].name }}'"
+ - "{{ envout.results|length }} > 0"
+ msg: "Did not find environment variables."
+
+ - name: list environment variables from router dc
+ oc_env:
+ state: present
+ name: router
+ namespace: default
+ kind: dc
+ env_vars: "{{ my_env_var }}"
+ register: envout
+ - debug: var=envout
+
+ - assert:
+ that:
+ - "'SOMEKEY' == '{{ envout.results[-1].name }}'"
+ - "'SOMEVALUE' == '{{ envout.results[-1].value }}'"
+ msg: "Did not find updated environment variables."
+
+ - name: remove environment variables from router dc
+ oc_env:
+ state: absent
+ name: router
+ namespace: default
+ kind: dc
+ env_vars: "{{ my_env_var }}"
+ register: envout
+ - debug: var=envout
+
+ - assert:
+ that:
+ - envout.changed == True
+ msg: "state: Absent failed."
+
+ - name: list environment variables from router dc
+ oc_env:
+ state: list
+ name: router
+ namespace: default
+ kind: dc
+ register: envout
+ - debug: var=envout
+
+ - assert:
+ that:
+ - "'SOMEKEY' != '{{ envout.results[-1].name }}'"
+ - "'SOMEVALUE' != '{{ envout.results[-1].value }}'"
+ msg: "Did find updated environment variables."
diff --git a/roles/lib_openshift/src/test/unit/oc_env.py b/roles/lib_openshift/src/test/unit/oc_env.py
new file mode 100755
index 000000000..15bd7e464
--- /dev/null
+++ b/roles/lib_openshift/src/test/unit/oc_env.py
@@ -0,0 +1,444 @@
+#!/usr/bin/env python2
+'''
+ Unit tests for oc_env
+'''
+# To run:
+# ./oc_env.py
+#
+# .
+# Ran 1 test in 0.002s
+#
+# OK
+
+import os
+import sys
+import unittest
+import mock
+
+# Removing invalid variable names for tests so that I can
+# keep them brief
+# pylint: disable=invalid-name,no-name-in-module
+# Disable import-error b/c our libraries aren't loaded in jenkins
+# pylint: disable=import-error,wrong-import-position
+# place class in our python path
+module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501
+sys.path.insert(0, module_path)
+from oc_env import OCEnv # noqa: E402
+
+
+class OCEnvTest(unittest.TestCase):
+ '''
+ Test class for OCEnv
+ '''
+
+ def setUp(self):
+ ''' setup method will create a file and set to known configuration '''
+ pass
+
+ @mock.patch('oc_env.Utils.create_tmpfile_copy')
+ @mock.patch('oc_env.OCEnv._run')
+ def test_listing_all_env_vars(self, mock_cmd, mock_tmpfile_copy):
+ ''' Testing listing all environment variables from a dc'''
+
+ # Arrange
+
+ # run_ansible input parameters
+ params = {
+ 'state': 'list',
+ 'namespace': 'default',
+ 'name': 'router',
+ 'kind': 'dc',
+ 'env_vars': None,
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False,
+ }
+
+ dc_results = '''{
+ "apiVersion": "v1",
+ "kind": "DeploymentConfig",
+ "metadata": {
+ "creationTimestamp": "2017-02-02T15:58:49Z",
+ "generation": 8,
+ "labels": {
+ "router": "router"
+ },
+ "name": "router",
+ "namespace": "default",
+ "resourceVersion": "513678"
+ },
+ "spec": {
+ "replicas": 2,
+ "selector": {
+ "router": "router"
+ },
+ "template": {
+ "metadata": {
+ "creationTimestamp": null,
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "containers": [
+ {
+ "env": [
+ {
+ "name": "DEFAULT_CERTIFICATE_DIR",
+ "value": "/etc/pki/tls/private"
+ },
+ {
+ "name": "DEFAULT_CERTIFICATE_PATH",
+ "value": "/etc/pki/tls/private/tls.crt"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HOSTNAME"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HTTPS_VSERVER"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HTTP_VSERVER"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_INSECURE",
+ "value": "false"
+ }
+ ],
+ "name": "router"
+ }
+ ]
+ }
+ },
+ "test": false,
+ "triggers": [
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ }'''
+
+ # Return values of our mocked function call. These get returned once per call.
+ mock_cmd.side_effect = [
+ (0, dc_results, ''), # First call to the mock
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mock_adminkubeconfig',
+ ]
+
+ # Act
+ results = OCEnv.run_ansible(params, False)
+
+ # Assert
+ self.assertFalse(results['changed'])
+ for env_var in results['results']:
+ if env_var == {'name': 'DEFAULT_CERTIFICATE_DIR', 'value': '/etc/pki/tls/private'}:
+ break
+ else:
+ self.fail('Did not find environment variables in results.')
+ self.assertEqual(results['state'], 'list')
+
+ # Making sure our mocks were called as we expected
+ mock_cmd.assert_has_calls([
+ mock.call(['oc', '-n', 'default', 'get', 'dc', 'router', '-o', 'json'], None),
+ ])
+
+ @mock.patch('oc_env.Utils.create_tmpfile_copy')
+ @mock.patch('oc_env.OCEnv._run')
+ def test_adding_env_vars(self, mock_cmd, mock_tmpfile_copy):
+ ''' Test add environment variables to a dc'''
+
+ # Arrange
+
+ # run_ansible input parameters
+ params = {
+ 'state': 'present',
+ 'namespace': 'default',
+ 'name': 'router',
+ 'kind': 'dc',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False,
+ 'env_vars': {'SOMEKEY': 'SOMEVALUE'},
+ }
+
+ dc_results = '''{
+ "apiVersion": "v1",
+ "kind": "DeploymentConfig",
+ "metadata": {
+ "creationTimestamp": "2017-02-02T15:58:49Z",
+ "generation": 8,
+ "labels": {
+ "router": "router"
+ },
+ "name": "router",
+ "namespace": "default",
+ "resourceVersion": "513678"
+ },
+ "spec": {
+ "replicas": 2,
+ "selector": {
+ "router": "router"
+ },
+ "template": {
+ "metadata": {
+ "creationTimestamp": null,
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "containers": [
+ {
+ "env": [
+ {
+ "name": "DEFAULT_CERTIFICATE_DIR",
+ "value": "/etc/pki/tls/private"
+ },
+ {
+ "name": "DEFAULT_CERTIFICATE_PATH",
+ "value": "/etc/pki/tls/private/tls.crt"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HOSTNAME"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HTTPS_VSERVER"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HTTP_VSERVER"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_INSECURE",
+ "value": "false"
+ }
+ ],
+ "name": "router"
+ }
+ ]
+ }
+ },
+ "test": false,
+ "triggers": [
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ }'''
+
+ dc_results_after = '''{
+ "apiVersion": "v1",
+ "kind": "DeploymentConfig",
+ "metadata": {
+ "creationTimestamp": "2017-02-02T15:58:49Z",
+ "generation": 8,
+ "labels": {
+ "router": "router"
+ },
+ "name": "router",
+ "namespace": "default",
+ "resourceVersion": "513678"
+ },
+ "spec": {
+ "replicas": 2,
+ "selector": {
+ "router": "router"
+ },
+ "template": {
+ "metadata": {
+ "creationTimestamp": null,
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "containers": [
+ {
+ "env": [
+ {
+ "name": "DEFAULT_CERTIFICATE_DIR",
+ "value": "/etc/pki/tls/private"
+ },
+ {
+ "name": "DEFAULT_CERTIFICATE_PATH",
+ "value": "/etc/pki/tls/private/tls.crt"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HOSTNAME"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HTTPS_VSERVER"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HTTP_VSERVER"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_INSECURE",
+ "value": "false"
+ },
+ {
+ "name": "SOMEKEY",
+ "value": "SOMEVALUE"
+ }
+ ],
+ "name": "router"
+ }
+ ]
+ }
+ },
+ "test": false,
+ "triggers": [
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ }'''
+
+ # Return values of our mocked function call. These get returned once per call.
+ mock_cmd.side_effect = [
+ (0, dc_results, ''),
+ (0, dc_results, ''),
+ (0, dc_results_after, ''),
+ (0, dc_results_after, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mock_adminkubeconfig',
+ ]
+
+ # Act
+ results = OCEnv.run_ansible(params, False)
+
+ # Assert
+ self.assertTrue(results['changed'])
+ for env_var in results['results']:
+ if env_var == {'name': 'SOMEKEY', 'value': 'SOMEVALUE'}:
+ break
+ else:
+ self.fail('Did not find environment variables in results.')
+ self.assertEqual(results['state'], 'present')
+
+ # Making sure our mocks were called as we expected
+ mock_cmd.assert_has_calls([
+ mock.call(['oc', '-n', 'default', 'get', 'dc', 'router', '-o', 'json'], None),
+ ])
+
+ @mock.patch('oc_env.Utils.create_tmpfile_copy')
+ @mock.patch('oc_env.OCEnv._run')
+ def test_removing_env_vars(self, mock_cmd, mock_tmpfile_copy):
+ ''' Test add environment variables to a dc'''
+
+ # Arrange
+
+ # run_ansible input parameters
+ params = {
+ 'state': 'absent',
+ 'namespace': 'default',
+ 'name': 'router',
+ 'kind': 'dc',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False,
+ 'env_vars': {'SOMEKEY': 'SOMEVALUE'},
+ }
+
+ dc_results_before = '''{
+ "apiVersion": "v1",
+ "kind": "DeploymentConfig",
+ "metadata": {
+ "creationTimestamp": "2017-02-02T15:58:49Z",
+ "generation": 8,
+ "labels": {
+ "router": "router"
+ },
+ "name": "router",
+ "namespace": "default",
+ "resourceVersion": "513678"
+ },
+ "spec": {
+ "replicas": 2,
+ "selector": {
+ "router": "router"
+ },
+ "template": {
+ "metadata": {
+ "creationTimestamp": null,
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "containers": [
+ {
+ "env": [
+ {
+ "name": "DEFAULT_CERTIFICATE_DIR",
+ "value": "/etc/pki/tls/private"
+ },
+ {
+ "name": "DEFAULT_CERTIFICATE_PATH",
+ "value": "/etc/pki/tls/private/tls.crt"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HOSTNAME"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HTTPS_VSERVER"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_HTTP_VSERVER"
+ },
+ {
+ "name": "ROUTER_EXTERNAL_HOST_INSECURE",
+ "value": "false"
+ },
+ {
+ "name": "SOMEKEY",
+ "value": "SOMEVALUE"
+ }
+ ],
+ "name": "router"
+ }
+ ]
+ }
+ },
+ "test": false,
+ "triggers": [
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ }'''
+
+ # Return values of our mocked function call. These get returned once per call.
+ mock_cmd.side_effect = [
+ (0, dc_results_before, ''),
+ (0, dc_results_before, ''),
+ (0, '', ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mock_adminkubeconfig',
+ ]
+
+ # Act
+ results = OCEnv.run_ansible(params, False)
+
+ # Assert
+ self.assertTrue(results['changed'])
+ self.assertEqual(results['state'], 'absent')
+
+ # Making sure our mocks were called as we expected
+ mock_cmd.assert_has_calls([
+ mock.call(['oc', '-n', 'default', 'get', 'dc', 'router', '-o', 'json'], None),
+ ])
+
+ def tearDown(self):
+ '''TearDown method'''
+ pass
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml
index a8a9bd3b4..e3ed9ac71 100644
--- a/roles/nuage_master/meta/main.yml
+++ b/roles/nuage_master/meta/main.yml
@@ -17,6 +17,7 @@ dependencies:
- role: nuage_common
- role: openshift_etcd_client_certificates
- role: os_firewall
+- role: lib_openshift
os_firewall_allow:
- service: openshift-monitor
port: "{{ nuage_mon_rest_server_port }}/tcp"
diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml
index 41143772e..16ea08244 100644
--- a/roles/nuage_master/tasks/serviceaccount.yml
+++ b/roles/nuage_master/tasks/serviceaccount.yml
@@ -13,20 +13,16 @@
changed_when: false
- name: Create Admin Service Account
- shell: >
- echo {{ nuage_service_account_config | to_json | quote }} |
- {{ openshift.common.client_binary }} create
- -n default
- --config={{nuage_tmp_conf}}
- -f -
- register: osnuage_create_service_account
- failed_when: "'already exists' not in osnuage_create_service_account.stderr and osnuage_create_service_account.rc != 0"
- changed_when: osnuage_create_service_account.rc == 0
+ oc_serviceaccount:
+ kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+ name: nuage
+ namespace: default
+ state: present
- name: Configure role/user permissions
command: >
{{ openshift.common.client_binary }} adm {{item}}
- --config={{nuage_tmp_conf}}
+ --config={{ nuage_tmp_conf }}
with_items: "{{nuage_tasks}}"
register: osnuage_perm_task
failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml
index dba399a03..651d5775c 100644
--- a/roles/nuage_master/vars/main.yaml
+++ b/roles/nuage_master/vars/main.yaml
@@ -22,11 +22,5 @@ nuage_mon_rest_server_host: "{{ openshift.master.cluster_hostname | default(open
nuage_master_crt_dir: /usr/share/nuage-openshift-monitor
nuage_service_account: system:serviceaccount:default:nuage
-nuage_service_account_config:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: nuage
-
nuage_tasks:
- policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }}
diff --git a/roles/openshift_certificate_expiry/README.md b/roles/openshift_certificate_expiry/README.md
index 327cc004b..df43c3770 100644
--- a/roles/openshift_certificate_expiry/README.md
+++ b/roles/openshift_certificate_expiry/README.md
@@ -51,11 +51,11 @@ How to use the Certificate Expiration Checking Role.
Run one of the example playbooks using an inventory file
representative of your existing cluster. Some example playbooks are
-included in this repo, or you can read on below after this example to
+included in this role, or you can read on below after this example to
craft you own.
```
-$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml
+$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/easy-mode.yaml
```
Using the `easy-mode.yaml` playbook will produce:
@@ -65,16 +65,19 @@ Using the `easy-mode.yaml` playbook will produce:
* A stylized HTML report in `/tmp/`
+> **Note:** If you are running from an RPM install use
+> `/usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/easy-mode.yaml`
+> instead
+
## More Example Playbooks
> **Note:** These Playbooks are available to run directly out of the
-> [examples/playbooks/](examples/playbooks/) directory.
+> [/playbooks/certificate_expiry/](../../playbooks/certificate_expiry/) directory.
This example playbook is great if you're just wanting to **try the
-role out**. This playbook enables HTML and JSON reports. The warning
-window is set very large so you will almost always get results back.
-All certificates (healthy or not) are included in the results:
+role out**. This playbook enables HTML and JSON reports. All
+certificates (healthy or not) are included in the results:
```yaml
---
@@ -83,7 +86,6 @@ All certificates (healthy or not) are included in the results:
become: yes
gather_facts: no
vars:
- openshift_certificate_expiry_warning_days: 1500
openshift_certificate_expiry_save_json_results: yes
openshift_certificate_expiry_generate_html_report: yes
openshift_certificate_expiry_show_all: yes
@@ -91,11 +93,16 @@ All certificates (healthy or not) are included in the results:
- role: openshift_certificate_expiry
```
+**From git:**
+```
+$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/easy-mode.yaml
+```
+**From openshift-ansible-playbooks rpm:**
```
-$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml
+$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/easy-mode.yaml
```
-> [View This Playbook](examples/playbooks/easy-mode.yaml)
+> [View This Playbook](../../playbooks/certificate_expiry/easy-mode.yaml)
***
@@ -111,12 +118,16 @@ Default behavior:
- role: openshift_certificate_expiry
```
+**From git:**
```
-$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/default.yaml
+$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/default.yaml
+```
+**From openshift-ansible-playbooks rpm:**
+```
+$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/default.yaml
```
-
-> [View This Playbook](examples/playbooks/default.yaml)
+> [View This Playbook](../../playbooks/certificate_expiry/default.yaml)
***
@@ -136,12 +147,16 @@ Generate HTML and JSON artifacts in their default paths:
- role: openshift_certificate_expiry
```
+**From git:**
```
-$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/html_and_json_default_paths.yaml
+$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/html_and_json_default_paths.yaml
+```
+**From openshift-ansible-playbooks rpm:**
+```
+$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/html_and_json_default_paths.yaml
```
-
-> [View This Playbook](examples/playbooks/html_and_json_default_paths.yaml)
+> [View This Playbook](../../playbooks/certificate_expiry/html_and_json_default_paths.yaml)
***
@@ -160,12 +175,16 @@ the module out):
- role: openshift_certificate_expiry
```
+**From git:**
```
-$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/longer_warning_period.yaml
+$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/longer_warning_period.yaml
+```
+**From openshift-ansible-playbooks rpm:**
+```
+$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/longer_warning_period.yaml
```
-
-> [View This Playbook](examples/playbooks/longer_warning_period.yaml)
+> [View This Playbook](../../playbooks/certificate_expiry/longer_warning_period.yaml)
***
@@ -185,12 +204,16 @@ the module out) and save the results as a JSON file:
- role: openshift_certificate_expiry
```
+**From git:**
```
-$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/longer-warning-period-json-results.yaml
+$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/longer-warning-period-json-results.yaml
+```
+**From openshift-ansible-playbooks rpm:**
+```
+$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/longer-warning-period-json-results.yaml
```
-
-> [View This Playbook](examples/playbooks/longer-warning-period-json-results.yaml)
+> [View This Playbook](../../playbooks/certificate_expiry/longer-warning-period-json-results.yaml)
diff --git a/roles/openshift_certificate_expiry/examples/playbooks b/roles/openshift_certificate_expiry/examples/playbooks
new file mode 120000
index 000000000..586afb0d5
--- /dev/null
+++ b/roles/openshift_certificate_expiry/examples/playbooks
@@ -0,0 +1 @@
+../../../playbooks/certificate_expiry \ No newline at end of file
diff --git a/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml b/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml
index c8e3d4083..4f25a9c8f 100644
--- a/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml
+++ b/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml
@@ -157,7 +157,7 @@ objects:
- type: "ConfigChange"
- type: "ImageChange"
imageChangeParams:
- automatic: false
+ automatic: true
containerNames:
- "cloudforms"
from:
@@ -202,7 +202,7 @@ objects:
-
type: "ImageChange"
imageChangeParams:
- automatic: false
+ automatic: true
containerNames:
- "memcached"
from:
@@ -286,7 +286,7 @@ objects:
-
type: "ImageChange"
imageChangeParams:
- automatic: false
+ automatic: true
containerNames:
- "postgresql"
from:
diff --git a/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml b/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml
index c8e3d4083..4f25a9c8f 100644
--- a/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml
+++ b/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml
@@ -157,7 +157,7 @@ objects:
- type: "ConfigChange"
- type: "ImageChange"
imageChangeParams:
- automatic: false
+ automatic: true
containerNames:
- "cloudforms"
from:
@@ -202,7 +202,7 @@ objects:
-
type: "ImageChange"
imageChangeParams:
- automatic: false
+ automatic: true
containerNames:
- "memcached"
from:
@@ -286,7 +286,7 @@ objects:
-
type: "ImageChange"
imageChangeParams:
- automatic: false
+ automatic: true
containerNames:
- "postgresql"
from:
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 7a0642cce..ef7f159c5 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -788,8 +788,8 @@ def set_etcd_facts_if_unset(facts):
def set_deployment_facts_if_unset(facts):
""" Set Facts that vary based on deployment_type. This currently
- includes common.service_type, common.config_base, master.registry_url,
- node.registry_url, node.storage_plugin_deps
+ includes common.service_type, master.registry_url, node.registry_url,
+ node.storage_plugin_deps
Args:
facts (dict): existing facts
@@ -809,22 +809,6 @@ def set_deployment_facts_if_unset(facts):
elif deployment_type in ['enterprise']:
service_type = 'openshift'
facts['common']['service_type'] = service_type
- if 'config_base' not in facts['common']:
- config_base = '/etc/origin'
- if deployment_type in ['enterprise']:
- config_base = '/etc/openshift'
- # Handle upgrade scenarios when symlinks don't yet exist:
- if not os.path.exists(config_base) and os.path.exists('/etc/openshift'):
- config_base = '/etc/openshift'
- facts['common']['config_base'] = config_base
- if 'data_dir' not in facts['common']:
- data_dir = '/var/lib/origin'
- if deployment_type in ['enterprise']:
- data_dir = '/var/lib/openshift'
- # Handle upgrade scenarios when symlinks don't yet exist:
- if not os.path.exists(data_dir) and os.path.exists('/var/lib/openshift'):
- data_dir = '/var/lib/openshift'
- facts['common']['data_dir'] = data_dir
if 'docker' in facts:
deployment_type = facts['common']['deployment_type']
@@ -2001,7 +1985,9 @@ class OpenShiftFacts(object):
client_binary='oc', admin_binary='oadm',
dns_domain='cluster.local',
install_examples=True,
- debug_level=2)
+ debug_level=2,
+ config_base='/etc/origin',
+ data_dir='/var/lib/origin')
if 'master' in roles:
defaults['master'] = dict(api_use_ssl=True, api_port='8443',
@@ -2081,6 +2067,25 @@ class OpenShiftFacts(object):
create_pvc=False
)
),
+ loggingops=dict(
+ storage=dict(
+ kind=None,
+ volume=dict(
+ name='logging-es-ops',
+ size='10Gi'
+ ),
+ nfs=dict(
+ directory='/exports',
+ options='*(rw,root_squash)'
+ ),
+ host=None,
+ access=dict(
+ modes=['ReadWriteOnce']
+ ),
+ create_pv=True,
+ create_pvc=False
+ )
+ ),
logging=dict(
storage=dict(
kind=None,
diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml
index 9a1982076..11bd68207 100644
--- a/roles/openshift_facts/tasks/main.yml
+++ b/roles/openshift_facts/tasks/main.yml
@@ -1,52 +1,64 @@
---
-- name: Detecting Operating System
- stat:
- path: /run/ostree-booted
- register: ostree_booted
+- block:
+ - name: Detecting Operating System
+ stat:
+ path: /run/ostree-booted
+ register: ostree_booted
-# Locally setup containerized facts for now
-- set_fact:
- l_is_atomic: "{{ ostree_booted.stat.exists }}"
-- set_fact:
- l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}"
- l_is_openvswitch_system_container: "{{ (use_openvswitch_system_container | default(use_system_containers) | bool) }}"
- l_is_node_system_container: "{{ (use_node_system_container | default(use_system_containers) | bool) }}"
- l_is_master_system_container: "{{ (use_master_system_container | default(use_system_containers) | bool) }}"
- l_is_etcd_system_container: "{{ (use_etcd_system_container | default(use_system_containers) | bool) }}"
+ # Locally setup containerized facts for now
+ - set_fact:
+ l_is_atomic: "{{ ostree_booted.stat.exists }}"
+ - set_fact:
+ l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}"
+ l_is_openvswitch_system_container: "{{ (use_openvswitch_system_container | default(use_system_containers) | bool) }}"
+ l_is_node_system_container: "{{ (use_node_system_container | default(use_system_containers) | bool) }}"
+ l_is_master_system_container: "{{ (use_master_system_container | default(use_system_containers) | bool) }}"
+ l_is_etcd_system_container: "{{ (use_etcd_system_container | default(use_system_containers) | bool) }}"
-- name: Ensure various deps are installed
- package: name={{ item }} state=present
- with_items: "{{ required_packages }}"
- when: not l_is_atomic | bool
+ - name: Ensure various deps are installed
+ package: name={{ item }} state=present
+ with_items: "{{ required_packages }}"
+ when: not l_is_atomic | bool
-- name: Gather Cluster facts and set is_containerized if needed
- openshift_facts:
- role: common
- local_facts:
- debug_level: "{{ openshift_debug_level | default(2) }}"
- # TODO: Deprecate deployment_type in favor of openshift_deployment_type
- deployment_type: "{{ openshift_deployment_type | default(deployment_type) }}"
- deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}"
- cluster_id: "{{ openshift_cluster_id | default('default') }}"
- hostname: "{{ openshift_hostname | default(None) }}"
- ip: "{{ openshift_ip | default(None) }}"
- is_containerized: "{{ l_is_containerized | default(None) }}"
- is_openvswitch_system_container: "{{ l_is_openvswitch_system_container | default(false) }}"
- is_node_system_container: "{{ l_is_node_system_container | default(false) }}"
- is_master_system_container: "{{ l_is_master_system_container | default(false) }}"
- is_etcd_system_container: "{{ l_is_etcd_system_container | default(false) }}"
- system_images_registry: "{{ system_images_registry | default('') }}"
- public_hostname: "{{ openshift_public_hostname | default(None) }}"
- public_ip: "{{ openshift_public_ip | default(None) }}"
- portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}"
- http_proxy: "{{ openshift_http_proxy | default(None) }}"
- https_proxy: "{{ openshift_https_proxy | default(None) }}"
- no_proxy: "{{ openshift_no_proxy | default(None) }}"
- generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}"
- no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}"
- sdn_network_plugin_name: "{{ os_sdn_network_plugin_name | default(None) }}"
- use_openshift_sdn: "{{ openshift_use_openshift_sdn | default(None) }}"
+ - name: Gather Cluster facts and set is_containerized if needed
+ openshift_facts:
+ role: common
+ local_facts:
+ debug_level: "{{ openshift_debug_level | default(2) }}"
+ # TODO: Deprecate deployment_type in favor of openshift_deployment_type
+ deployment_type: "{{ openshift_deployment_type | default(deployment_type) }}"
+ deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}"
+ cluster_id: "{{ openshift_cluster_id | default('default') }}"
+ hostname: "{{ openshift_hostname | default(None) }}"
+ ip: "{{ openshift_ip | default(None) }}"
+ is_containerized: "{{ l_is_containerized | default(None) }}"
+ is_openvswitch_system_container: "{{ l_is_openvswitch_system_container | default(false) }}"
+ is_node_system_container: "{{ l_is_node_system_container | default(false) }}"
+ is_master_system_container: "{{ l_is_master_system_container | default(false) }}"
+ is_etcd_system_container: "{{ l_is_etcd_system_container | default(false) }}"
+ system_images_registry: "{{ system_images_registry | default('') }}"
+ public_hostname: "{{ openshift_public_hostname | default(None) }}"
+ public_ip: "{{ openshift_public_ip | default(None) }}"
+ portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}"
+ http_proxy: "{{ openshift_http_proxy | default(None) }}"
+ https_proxy: "{{ openshift_https_proxy | default(None) }}"
+ no_proxy: "{{ openshift_no_proxy | default(None) }}"
+ generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}"
+ no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}"
+ sdn_network_plugin_name: "{{ os_sdn_network_plugin_name | default(None) }}"
+ use_openshift_sdn: "{{ openshift_use_openshift_sdn | default(None) }}"
-- name: Set repoquery command
+ - name: Set repoquery command
+ set_fact:
+ repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}"
+
+ # This `when` allows us to skip this expensive block of tasks on
+ # subsequent calls to the `openshift_facts` role. You will notice
+ # speed-ups in proportion to the size of your cluster as this will
+ # skip all tasks on the next calls to the `openshift_facts` role.
+ when:
+ - openshift_facts_init is not defined
+
+- name: Record that openshift_facts has initialized
set_fact:
- repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}"
+ openshift_facts_init: true
diff --git a/roles/openshift_health_checker/HOWTO_CHECKS.md b/roles/openshift_health_checker/HOWTO_CHECKS.md
new file mode 100644
index 000000000..1573c14da
--- /dev/null
+++ b/roles/openshift_health_checker/HOWTO_CHECKS.md
@@ -0,0 +1,34 @@
+# OpenShift health checks
+
+This Ansible role contains health checks to diagnose problems in OpenShift
+environments.
+
+Checks are typically implemented as two parts:
+
+1. a Python module in [openshift_checks/](openshift_checks), with a class that
+ inherits from `OpenShiftCheck`.
+2. a custom Ansible module in [library/](library), for cases when the modules
+ shipped with Ansible do not provide the required functionality.
+
+The checks are called from an Ansible playbooks via the `openshift_health_check`
+action plugin. See
+[playbooks/byo/openshift-preflight/check.yml](../../playbooks/byo/openshift-preflight/check.yml)
+for an example.
+
+The action plugin dynamically discovers all checks and executes only those
+selected in the play.
+
+Checks can determine when they are active by implementing the method
+`is_active`. Inactive checks are skipped. This is similar to the `when`
+instruction in Ansible plays.
+
+Checks may have tags, which are a way to group related checks together. For
+instance, to run all preflight checks, pass in the group `'@preflight'` to
+`openshift_health_check`.
+
+Groups are automatically computed from tags.
+
+Groups and individual check names can be used together in the argument list to
+`openshift_health_check`.
+
+Look at existing checks for the implementation details.
diff --git a/roles/openshift_health_checker/README.md b/roles/openshift_health_checker/README.md
new file mode 100644
index 000000000..4ab5f1f7b
--- /dev/null
+++ b/roles/openshift_health_checker/README.md
@@ -0,0 +1,45 @@
+OpenShift Health Checker
+========================
+
+This role detects common problems with OpenShift installations or with
+environments prior to install.
+
+For more information about creating new checks, see [HOWTO_CHECKS.md](HOWTO_CHECKS.md).
+
+Requirements
+------------
+
+* Ansible 2.2+
+
+Role Variables
+--------------
+
+None
+
+Dependencies
+------------
+
+- openshift_facts
+
+Example Playbook
+----------------
+
+```yaml
+---
+- hosts: OSEv3
+ name: run OpenShift health checks
+ roles:
+ - openshift_health_checker
+ post_tasks:
+ - action: openshift_health_check
+```
+
+License
+-------
+
+Apache License Version 2.0
+
+Author Information
+------------------
+
+Customer Success team (dev@lists.openshift.redhat.com)
diff --git a/roles/openshift_health_checker/action_plugins/openshift_health_check.py b/roles/openshift_health_checker/action_plugins/openshift_health_check.py
new file mode 100644
index 000000000..0411797b1
--- /dev/null
+++ b/roles/openshift_health_checker/action_plugins/openshift_health_check.py
@@ -0,0 +1,116 @@
+"""
+Ansible action plugin to execute health checks in OpenShift clusters.
+"""
+# pylint: disable=wrong-import-position,missing-docstring,invalid-name
+import sys
+import os
+
+try:
+ from __main__ import display
+except ImportError:
+ from ansible.utils.display import Display
+ display = Display()
+
+from ansible.plugins.action import ActionBase
+
+# Augment sys.path so that we can import checks from a directory relative to
+# this callback plugin.
+sys.path.insert(1, os.path.dirname(os.path.dirname(__file__)))
+
+from openshift_checks import OpenShiftCheck, OpenShiftCheckException # noqa: E402
+
+
+class ActionModule(ActionBase):
+
+ def run(self, tmp=None, task_vars=None):
+ result = super(ActionModule, self).run(tmp, task_vars)
+
+ if task_vars is None:
+ task_vars = {}
+
+ if "openshift" not in task_vars:
+ result["failed"] = True
+ result["msg"] = "'openshift' is undefined, did 'openshift_facts' run?"
+ return result
+
+ try:
+ known_checks = self.load_known_checks()
+ except OpenShiftCheckException as e:
+ result["failed"] = True
+ result["msg"] = str(e)
+ return result
+
+ args = self._task.args
+ requested_checks = resolve_checks(args.get("checks", []), known_checks.values())
+
+ unknown_checks = requested_checks - set(known_checks)
+ if unknown_checks:
+ result["failed"] = True
+ result["msg"] = (
+ "One or more checks are unknown: {}. "
+ "Make sure there is no typo in the playbook and no files are missing."
+ ).format(", ".join(unknown_checks))
+ return result
+
+ result["checks"] = check_results = {}
+
+ for check_name in requested_checks & set(known_checks):
+ display.banner("CHECK [{} : {}]".format(check_name, task_vars["ansible_host"]))
+ check = known_checks[check_name]
+
+ if check.is_active(task_vars):
+ try:
+ r = check.run(tmp, task_vars)
+ except OpenShiftCheckException as e:
+ r = {}
+ r["failed"] = True
+ r["msg"] = str(e)
+ else:
+ r = {"skipped": True}
+
+ check_results[check_name] = r
+
+ if r.get("failed", False):
+ result["failed"] = True
+ result["msg"] = "One or more checks failed"
+
+ return result
+
+ def load_known_checks(self):
+ known_checks = {}
+
+ known_check_classes = set(cls for cls in OpenShiftCheck.subclasses())
+
+ for cls in known_check_classes:
+ check_name = cls.name
+ if check_name in known_checks:
+ other_cls = known_checks[check_name].__class__
+ raise OpenShiftCheckException(
+ "non-unique check name '{}' in: '{}.{}' and '{}.{}'".format(
+ check_name,
+ cls.__module__, cls.__name__,
+ other_cls.__module__, other_cls.__name__))
+ known_checks[check_name] = cls(module_executor=self._execute_module)
+
+ return known_checks
+
+
+def resolve_checks(names, all_checks):
+ """Returns a set of resolved check names.
+
+ Resolving a check name involves expanding tag references (e.g., '@tag') with
+ all the checks that contain the given tag.
+
+ names should be a sequence of strings.
+
+ all_checks should be a sequence of check classes/instances.
+ """
+ resolved = set()
+ for name in names:
+ if name.startswith("@"):
+ for check in all_checks:
+ if name[1:] in check.tags:
+ resolved.add(check.name)
+ else:
+ resolved.add(name)
+ return resolved
diff --git a/roles/openshift_preflight/verify_status/callback_plugins/zz_failure_summary.py b/roles/openshift_health_checker/callback_plugins/zz_failure_summary.py
index 180ed8d8f..8caefab15 100644
--- a/roles/openshift_preflight/verify_status/callback_plugins/zz_failure_summary.py
+++ b/roles/openshift_health_checker/callback_plugins/zz_failure_summary.py
@@ -3,6 +3,8 @@
Ansible callback plugin.
'''
+from pprint import pformat
+
from ansible.plugins.callback import CallbackBase
from ansible import constants as C
from ansible.utils.color import stringc
@@ -79,6 +81,8 @@ def _format_failure(failure):
(u'Task', task),
(u'Message', stringc(msg, C.COLOR_ERROR)),
)
+ if 'checks' in result._result:
+ rows += ((u'Details', stringc(pformat(result._result['checks']), C.COLOR_ERROR)),)
row_format = '{:10}{}'
return [row_format.format(header + u':', body) for header, body in rows]
diff --git a/roles/openshift_preflight/base/library/aos_version.py b/roles/openshift_health_checker/library/aos_version.py
index f7fcb6da5..13b7d310b 100755
--- a/roles/openshift_preflight/base/library/aos_version.py
+++ b/roles/openshift_health_checker/library/aos_version.py
@@ -1,57 +1,49 @@
#!/usr/bin/python
# vim: expandtab:tabstop=4:shiftwidth=4
'''
-An ansible module for determining if more than one minor version
-of any atomic-openshift package is available, which would indicate
-that multiple repos are enabled for different versions of the same
-thing which may cause problems.
+Ansible module for determining if multiple versions of an OpenShift package are
+available, and if the version requested is available down to the given
+precision.
-Also, determine if the version requested is available down to the
-precision requested.
+Multiple versions available suggest that multiple repos are enabled for the
+different versions, which may cause installation problems.
'''
-# import os
-# import sys
import yum # pylint: disable=import-error
+
from ansible.module_utils.basic import AnsibleModule
-def main(): # pylint: disable=missing-docstring
+def main(): # pylint: disable=missing-docstring,too-many-branches
module = AnsibleModule(
argument_spec=dict(
- version=dict(required=True)
+ prefix=dict(required=True), # atomic-openshift, origin, ...
+ version=dict(required=True),
),
supports_check_mode=True
)
- # NOTE(rhcarvalho): sosiouxme added _unmute, but I couldn't find a case yet
- # for when it is actually necessary. Leaving it commented out for now,
- # though this comment and the commented out code related to _unmute should
- # be deleted later if not proven necessary.
-
- # sys.stdout = os.devnull # mute yum so it doesn't break our output
- # sys.stderr = os.devnull # mute yum so it doesn't break our output
-
- # def _unmute(): # pylint: disable=missing-docstring
- # sys.stdout = sys.__stdout__
-
def bail(error): # pylint: disable=missing-docstring
- # _unmute()
module.fail_json(msg=error)
+ rpm_prefix = module.params['prefix']
+
+ if not rpm_prefix:
+ bail("prefix must not be empty")
+
yb = yum.YumBase() # pylint: disable=invalid-name
# search for package versions available for aos pkgs
expected_pkgs = [
- 'atomic-openshift',
- 'atomic-openshift-master',
- 'atomic-openshift-node',
+ rpm_prefix,
+ rpm_prefix + '-master',
+ rpm_prefix + '-node',
]
try:
pkgs = yb.pkgSack.returnPackages(patterns=expected_pkgs)
except yum.Errors.PackageSackError as e: # pylint: disable=invalid-name
# you only hit this if *none* of the packages are available
- bail('Unable to find any atomic-openshift packages. \nCheck your subscription and repo settings. \n%s' % e)
+ bail('Unable to find any OpenShift packages.\nCheck your subscription and repo settings.\n%s' % e)
# determine what level of precision we're expecting for the version
expected_version = module.params['version']
@@ -92,7 +84,6 @@ def main(): # pylint: disable=missing-docstring
msg += ' %s\n' % name
bail(msg + "There should only be one OpenShift version's repository enabled at a time.")
- # _unmute()
module.exit_json(changed=False)
diff --git a/roles/openshift_preflight/base/library/check_yum_update.py b/roles/openshift_health_checker/library/check_yum_update.py
index 296ebd44f..9bc14fd47 100755
--- a/roles/openshift_preflight/base/library/check_yum_update.py
+++ b/roles/openshift_health_checker/library/check_yum_update.py
@@ -8,9 +8,10 @@ parameters:
If omitted, all installed RPMs are considered for updates.
'''
-# import os
import sys
+
import yum # pylint: disable=import-error
+
from ansible.module_utils.basic import AnsibleModule
@@ -22,18 +23,7 @@ def main(): # pylint: disable=missing-docstring,too-many-branches
supports_check_mode=True
)
- # NOTE(rhcarvalho): sosiouxme added _unmute, but I couldn't find a case yet
- # for when it is actually necessary. Leaving it commented out for now,
- # though this comment and the commented out code related to _unmute should
- # be deleted later if not proven necessary.
-
- # sys.stdout = os.devnull # mute yum so it doesn't break our output
-
- # def _unmute(): # pylint: disable=missing-docstring
- # sys.stdout = sys.__stdout__
-
def bail(error): # pylint: disable=missing-docstring
- # _unmute()
module.fail_json(msg=error)
yb = yum.YumBase() # pylint: disable=invalid-name
@@ -108,7 +98,6 @@ def main(): # pylint: disable=missing-docstring,too-many-branches
bail('Unknown error(s) from dependency resolution. Exit Code: %d:\n%s' %
(txn_result, txn_msgs))
- # _unmute()
module.exit_json(changed=False)
diff --git a/roles/openshift_preflight/init/meta/main.yml b/roles/openshift_health_checker/meta/main.yml
index 0bbeadd34..0bbeadd34 100644
--- a/roles/openshift_preflight/init/meta/main.yml
+++ b/roles/openshift_health_checker/meta/main.yml
diff --git a/roles/openshift_health_checker/openshift_checks/__init__.py b/roles/openshift_health_checker/openshift_checks/__init__.py
new file mode 100644
index 000000000..c31242624
--- /dev/null
+++ b/roles/openshift_health_checker/openshift_checks/__init__.py
@@ -0,0 +1,84 @@
+"""
+Health checks for OpenShift clusters.
+"""
+
+import os
+from abc import ABCMeta, abstractmethod, abstractproperty
+from importlib import import_module
+import operator
+
+import six
+from six.moves import reduce
+
+
+class OpenShiftCheckException(Exception):
+ """Raised when a check cannot proceed."""
+ pass
+
+
+@six.add_metaclass(ABCMeta)
+class OpenShiftCheck(object):
+ """A base class for defining checks for an OpenShift cluster environment."""
+
+ def __init__(self, module_executor):
+ self.module_executor = module_executor
+
+ @abstractproperty
+ def name(self):
+ """The name of this check, usually derived from the class name."""
+ return "openshift_check"
+
+ @property
+ def tags(self):
+ """A list of tags that this check satisfy.
+
+ Tags are used to reference multiple checks with a single '@tagname'
+ special check name.
+ """
+ return []
+
+ @classmethod
+ def is_active(cls, task_vars): # pylint: disable=unused-argument
+ """Returns true if this check applies to the ansible-playbook run."""
+ return True
+
+ @abstractmethod
+ def run(self, tmp, task_vars):
+ """Executes a check, normally implemented as a module."""
+ return {}
+
+ @classmethod
+ def subclasses(cls):
+ """Returns a generator of subclasses of this class and its subclasses."""
+ for subclass in cls.__subclasses__(): # pylint: disable=no-member
+ yield subclass
+ for subclass in subclass.subclasses():
+ yield subclass
+
+
+def get_var(task_vars, *keys, **kwargs):
+ """Helper function to get deeply nested values from task_vars.
+
+ Ansible task_vars structures are Python dicts, often mapping strings to
+ other dicts. This helper makes it easier to get a nested value, raising
+ OpenShiftCheckException when a key is not found.
+ """
+ try:
+ value = reduce(operator.getitem, keys, task_vars)
+ except (KeyError, TypeError):
+ if "default" in kwargs:
+ return kwargs["default"]
+ raise OpenShiftCheckException("'{}' is undefined".format(".".join(map(str, keys))))
+ return value
+
+
+# Dynamically import all submodules for the side effect of loading checks.
+
+EXCLUDES = (
+ "__init__.py",
+ "mixins.py",
+)
+
+for name in os.listdir(os.path.dirname(__file__)):
+ if name.endswith(".py") and name not in EXCLUDES:
+ import_module(__package__ + "." + name[:-3])
diff --git a/roles/openshift_health_checker/openshift_checks/mixins.py b/roles/openshift_health_checker/openshift_checks/mixins.py
new file mode 100644
index 000000000..4029fba62
--- /dev/null
+++ b/roles/openshift_health_checker/openshift_checks/mixins.py
@@ -0,0 +1,21 @@
+# pylint: disable=missing-docstring
+from openshift_checks import get_var
+
+
+class NotContainerized(object):
+ """Mixin for checks that are only active when not in containerized mode."""
+
+ @classmethod
+ def is_active(cls, task_vars):
+ return (
+ # This mixin is meant to be used with subclasses of
+ # OpenShiftCheck. Pylint disables this by default on mixins,
+ # though it relies on the class name ending in 'mixin'.
+ # pylint: disable=no-member
+ super(NotContainerized, cls).is_active(task_vars) and
+ not cls.is_containerized(task_vars)
+ )
+
+ @staticmethod
+ def is_containerized(task_vars):
+ return get_var(task_vars, "openshift", "common", "is_containerized")
diff --git a/roles/openshift_health_checker/openshift_checks/package_availability.py b/roles/openshift_health_checker/openshift_checks/package_availability.py
new file mode 100644
index 000000000..8faeef5ee
--- /dev/null
+++ b/roles/openshift_health_checker/openshift_checks/package_availability.py
@@ -0,0 +1,66 @@
+# pylint: disable=missing-docstring
+from openshift_checks import OpenShiftCheck, get_var
+from openshift_checks.mixins import NotContainerized
+
+
+class PackageAvailability(NotContainerized, OpenShiftCheck):
+ """Check that required RPM packages are available."""
+
+ name = "package_availability"
+ tags = ["preflight"]
+
+ def run(self, tmp, task_vars):
+ rpm_prefix = get_var(task_vars, "openshift", "common", "service_type")
+ group_names = get_var(task_vars, "group_names", default=[])
+
+ packages = set()
+
+ if "masters" in group_names:
+ packages.update(self.master_packages(rpm_prefix))
+ if "nodes" in group_names:
+ packages.update(self.node_packages(rpm_prefix))
+
+ args = {"packages": sorted(set(packages))}
+ return self.module_executor("check_yum_update", args, tmp, task_vars)
+
+ @staticmethod
+ def master_packages(rpm_prefix):
+ return [
+ "{rpm_prefix}".format(rpm_prefix=rpm_prefix),
+ "{rpm_prefix}-clients".format(rpm_prefix=rpm_prefix),
+ "{rpm_prefix}-master".format(rpm_prefix=rpm_prefix),
+ "bash-completion",
+ "cockpit-bridge",
+ "cockpit-docker",
+ "cockpit-kubernetes",
+ "cockpit-shell",
+ "cockpit-ws",
+ "etcd",
+ "httpd-tools",
+ ]
+
+ @staticmethod
+ def node_packages(rpm_prefix):
+ return [
+ "{rpm_prefix}".format(rpm_prefix=rpm_prefix),
+ "{rpm_prefix}-node".format(rpm_prefix=rpm_prefix),
+ "{rpm_prefix}-sdn-ovs".format(rpm_prefix=rpm_prefix),
+ "bind",
+ "ceph-common",
+ "dnsmasq",
+ "docker",
+ "firewalld",
+ "flannel",
+ "glusterfs-fuse",
+ "iptables-services",
+ "iptables",
+ "iscsi-initiator-utils",
+ "libselinux-python",
+ "nfs-utils",
+ "ntp",
+ "openssl",
+ "pyparted",
+ "python-httplib2",
+ "PyYAML",
+ "yum-utils",
+ ]
diff --git a/roles/openshift_health_checker/openshift_checks/package_update.py b/roles/openshift_health_checker/openshift_checks/package_update.py
new file mode 100644
index 000000000..86b7b6245
--- /dev/null
+++ b/roles/openshift_health_checker/openshift_checks/package_update.py
@@ -0,0 +1,14 @@
+# pylint: disable=missing-docstring
+from openshift_checks import OpenShiftCheck
+from openshift_checks.mixins import NotContainerized
+
+
+class PackageUpdate(NotContainerized, OpenShiftCheck):
+ """Check that there are no conflicts in RPM packages."""
+
+ name = "package_update"
+ tags = ["preflight"]
+
+ def run(self, tmp, task_vars):
+ args = {"packages": []}
+ return self.module_executor("check_yum_update", args, tmp, task_vars)
diff --git a/roles/openshift_health_checker/openshift_checks/package_version.py b/roles/openshift_health_checker/openshift_checks/package_version.py
new file mode 100644
index 000000000..7fa09cbfd
--- /dev/null
+++ b/roles/openshift_health_checker/openshift_checks/package_version.py
@@ -0,0 +1,20 @@
+# pylint: disable=missing-docstring
+from openshift_checks import OpenShiftCheck, get_var
+from openshift_checks.mixins import NotContainerized
+
+
+class PackageVersion(NotContainerized, OpenShiftCheck):
+ """Check that available RPM packages match the required versions."""
+
+ name = "package_version"
+ tags = ["preflight"]
+
+ def run(self, tmp, task_vars):
+ rpm_prefix = get_var(task_vars, "openshift", "common", "service_type")
+ openshift_release = get_var(task_vars, "openshift_release")
+
+ args = {
+ "prefix": rpm_prefix,
+ "version": openshift_release,
+ }
+ return self.module_executor("aos_version", args, tmp, task_vars)
diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml
index ca5e88b15..ced71bb41 100644
--- a/roles/openshift_hosted/meta/main.yml
+++ b/roles/openshift_hosted/meta/main.yml
@@ -14,6 +14,7 @@ galaxy_info:
dependencies:
- role: openshift_cli
- role: openshift_hosted_facts
+- role: lib_openshift
- role: openshift_projects
openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
- role: openshift_serviceaccounts
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index d87a3847c..8b44b94c6 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -1,13 +1,13 @@
---
- name: Create passthrough route for docker-registry
- command: >
- {{ openshift.common.client_binary }} create route passthrough
- --service docker-registry
- --config={{ openshift_hosted_kubeconfig }}
- -n default
- register: create_docker_registry_route
- changed_when: "'already exists' not in create_docker_registry_route.stderr"
- failed_when: "'already exists' not in create_docker_registry_route.stderr and create_docker_registry_route.rc != 0"
+ oc_route:
+ kubeconfig: "{{ openshift_hosted_kubeconfig }}"
+ name: docker-registry
+ namespace: default
+ service_name: docker-registry
+ state: present
+ tls_termination: passthrough
+ run_once: true
- name: Determine if registry certificate must be created
stat:
@@ -20,11 +20,10 @@
failed_when: false
- name: Retrieve registry service IP
- command: >
- {{ openshift.common.client_binary }} get service docker-registry
- -o jsonpath='{.spec.clusterIP}'
- --config={{ openshift_hosted_kubeconfig }}
- -n default
+ oc_service:
+ namespace: default
+ name: docker-registry
+ state: list
register: docker_registry_service_ip
changed_when: false
@@ -37,27 +36,32 @@
--signer-cert={{ openshift_master_config_dir }}/ca.crt
--signer-key={{ openshift_master_config_dir }}/ca.key
--signer-serial={{ openshift_master_config_dir }}/ca.serial.txt
- --hostnames="{{ docker_registry_service_ip.stdout }},docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}"
+ --hostnames="{{ docker_registry_service_ip.results.clusterip }},docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}"
--cert={{ openshift_master_config_dir }}/registry.crt
--key={{ openshift_master_config_dir }}/registry.key
when: False in (docker_registry_certificates_stat_result.results | default([]) | oo_collect(attribute='stat.exists') | list)
- name: Create the secret for the registry certificates
- command: >
- {{ openshift.common.client_binary }} secrets new registry-certificates
- {{ openshift_master_config_dir }}/registry.crt
- {{ openshift_master_config_dir }}/registry.key
- --config={{ openshift_hosted_kubeconfig }}
- -n default
+ oc_secret:
+ kubeconfig: "{{ openshift_hosted_kubeconfig }}"
+ name: registry-certificates
+ namespace: default
+ state: present
+ files:
+ - name: registry.crt
+ path: "{{ openshift_master_config_dir }}/registry.crt"
+ - name: registry.key
+ path: "{{ openshift_master_config_dir }}/registry.key"
register: create_registry_certificates_secret
- changed_when: "'already exists' not in create_registry_certificates_secret.stderr"
- failed_when: "'already exists' not in create_registry_certificates_secret.stderr and create_registry_certificates_secret.rc != 0"
+ run_once: true
- name: "Add the secret to the registry's pod service accounts"
- command: >
- {{ openshift.common.client_binary }} secrets add {{ item }} registry-certificates
- --config={{ openshift_hosted_kubeconfig }}
- -n default
+ oc_serviceaccount_secret:
+ service_account: "{{ item }}"
+ secret: registry-certificates
+ namespace: default
+ kubeconfig: "{{ openshift_hosted_kubeconfig }}"
+ state: present
with_items:
- registry
- default
diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
index e56a68e27..15128784e 100644
--- a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
+++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
@@ -53,23 +53,13 @@
create -f -
when: secrets.rc == 1
-- name: Determine if service account contains secrets
- command: >
- {{ openshift.common.client_binary }}
- --config={{ openshift_hosted_kubeconfig }}
- --namespace={{ openshift.hosted.registry.namespace | default('default') }}
- get serviceaccounts registry
- -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}'
- register: serviceaccount
- changed_when: false
-
- name: Add secrets to registry service account
- command: >
- {{ openshift.common.client_binary }}
- --config={{ openshift_hosted_kubeconfig }}
- --namespace={{ openshift.hosted.registry.namespace | default('default') }}
- secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }}
- when: serviceaccount.stdout == ''
+ oc_serviceaccount_secret:
+ service_account: registry
+ secret: "{{ registry_config_secret_name }}"
+ namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
+ kubeconfig: "{{ openshift_hosted_kubeconfig }}"
+ state: present
- name: Determine if deployment config contains secrets
command: >
diff --git a/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml
index 66051755c..6ead122c5 100644
--- a/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml
+++ b/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml
@@ -159,9 +159,9 @@ parameters:
name: HEAPSTER_NODE_ID
value: "nodename"
-
- description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds"
+ description: "How often metrics should be gathered. Defaults value of '30s' for 30 seconds"
name: METRIC_RESOLUTION
- value: "15s"
+ value: "30s"
-
description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart"
name: STARTUP_TIMEOUT
diff --git a/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml
index 54691572a..d191c0439 100644
--- a/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml
+++ b/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml
@@ -159,9 +159,9 @@ parameters:
name: HEAPSTER_NODE_ID
value: "nodename"
-
- description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds"
+ description: "How often metrics should be gathered. Defaults value of '30s' for 30 seconds"
name: METRIC_RESOLUTION
- value: "15s"
+ value: "30s"
-
description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart"
name: STARTUP_TIMEOUT
diff --git a/roles/openshift_hosted_templates/files/v1.5/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.5/enterprise/metrics-deployer.yaml
index 66051755c..6ead122c5 100644
--- a/roles/openshift_hosted_templates/files/v1.5/enterprise/metrics-deployer.yaml
+++ b/roles/openshift_hosted_templates/files/v1.5/enterprise/metrics-deployer.yaml
@@ -159,9 +159,9 @@ parameters:
name: HEAPSTER_NODE_ID
value: "nodename"
-
- description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds"
+ description: "How often metrics should be gathered. Defaults value of '30s' for 30 seconds"
name: METRIC_RESOLUTION
- value: "15s"
+ value: "30s"
-
description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart"
name: STARTUP_TIMEOUT
diff --git a/roles/openshift_hosted_templates/files/v1.5/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.5/origin/metrics-deployer.yaml
index 54691572a..d191c0439 100644
--- a/roles/openshift_hosted_templates/files/v1.5/origin/metrics-deployer.yaml
+++ b/roles/openshift_hosted_templates/files/v1.5/origin/metrics-deployer.yaml
@@ -159,9 +159,9 @@ parameters:
name: HEAPSTER_NODE_ID
value: "nodename"
-
- description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds"
+ description: "How often metrics should be gathered. Defaults value of '30s' for 30 seconds"
name: METRIC_RESOLUTION
- value: "15s"
+ value: "30s"
-
description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart"
name: STARTUP_TIMEOUT
diff --git a/roles/openshift_hosted_templates/tasks/main.yml b/roles/openshift_hosted_templates/tasks/main.yml
index 7d176bce3..89b92dfcc 100644
--- a/roles/openshift_hosted_templates/tasks/main.yml
+++ b/roles/openshift_hosted_templates/tasks/main.yml
@@ -4,6 +4,8 @@
become: False
register: copy_hosted_templates_mktemp
run_once: True
+ # AUDIT:changed_when: not set here because this task actually
+ # creates something
- name: Create tar of OpenShift examples
local_action: command tar -C "{{ role_path }}/files/{{ content_version }}/{{ hosted_deployment_type }}" -cvf "{{ copy_hosted_templates_mktemp.stdout }}/openshift-hosted-templates.tar" .
diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml
index 73849f46a..d9eebe688 100644
--- a/roles/openshift_logging/defaults/main.yml
+++ b/roles/openshift_logging/defaults/main.yml
@@ -1,9 +1,9 @@
---
-openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default(docker.io/openshift/origin-) }}"
-openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default(latest) }}"
+openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}"
+openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}"
openshift_logging_use_ops: False
openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}"
-openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default(https://{{openshift.common.public_hostname}}:8443) }}"
+openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://{{openshift.common.public_hostname}}:8443') }}"
openshift_logging_namespace: logging
openshift_logging_install_logging: True
@@ -19,7 +19,7 @@ openshift_logging_curator_memory_limit: null
openshift_logging_curator_ops_cpu_limit: 100m
openshift_logging_curator_ops_memory_limit: null
-openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default(kibana.{{openshift.common.dns_domain}}) }}"
+openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.{{openshift.common.dns_domain}}') }}"
openshift_logging_kibana_cpu_limit: null
openshift_logging_kibana_memory_limit: null
openshift_logging_kibana_proxy_debug: false
@@ -27,7 +27,19 @@ openshift_logging_kibana_proxy_cpu_limit: null
openshift_logging_kibana_proxy_memory_limit: null
openshift_logging_kibana_replica_count: 1
-openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default(kibana-ops.{{openshift.common.dns_domain}}) }}"
+#The absolute path on the control node to the cert file to use
+#for the public facing kibana certs
+openshift_logging_kibana_cert: ""
+
+#The absolute path on the control node to the key file to use
+#for the public facing kibana certs
+openshift_logging_kibana_key: ""
+
+#The absolute path on the control node to the CA file to use
+#for the public facing kibana certs
+openshift_logging_kibana_ca: ""
+
+openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.{{openshift.common.dns_domain}}') }}"
openshift_logging_kibana_ops_cpu_limit: null
openshift_logging_kibana_ops_memory_limit: null
openshift_logging_kibana_ops_proxy_debug: false
@@ -54,7 +66,7 @@ openshift_logging_es_memory_limit: 1024Mi
openshift_logging_es_pv_selector: null
openshift_logging_es_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_pvc_dynamic | default(False) }}"
openshift_logging_es_pvc_size: "{{ openshift_hosted_logging_elasticsearch_pvc_size | default('') }}"
-openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default(logging-es) }}"
+openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default('logging-es') }}"
openshift_logging_es_recover_after_time: 5m
openshift_logging_es_storage_group: 65534
@@ -72,7 +84,7 @@ openshift_logging_es_ops_memory_limit: 1024Mi
openshift_logging_es_ops_pv_selector: None
openshift_logging_es_ops_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic | default(False) }}"
openshift_logging_es_ops_pvc_size: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_size | default('') }}"
-openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | default(logging-es-ops) }}"
+openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | default('logging-es-ops') }}"
openshift_logging_es_ops_recover_after_time: 5m
openshift_logging_es_ops_storage_group: 65534
diff --git a/roles/openshift_logging/tasks/delete_logging.yaml b/roles/openshift_logging/tasks/delete_logging.yaml
index 908f3ee88..188ea246c 100644
--- a/roles/openshift_logging/tasks/delete_logging.yaml
+++ b/roles/openshift_logging/tasks/delete_logging.yaml
@@ -80,16 +80,15 @@
# delete our service accounts
- name: delete service accounts
- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
- delete serviceaccount {{ item }} -n {{ openshift_logging_namespace }} --ignore-not-found=true
+ oc_serviceaccount:
+ name: "{{ item }}"
+ namespace: "{{ openshift_logging_namespace }}"
+ state: absent
with_items:
- aggregated-logging-elasticsearch
- aggregated-logging-kibana
- aggregated-logging-curator
- aggregated-logging-fluentd
- register: delete_result
- changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0
# delete our roles
- name: delete roles
diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml
index 60694f67e..3c462378b 100644
--- a/roles/openshift_logging/tasks/generate_routes.yaml
+++ b/roles/openshift_logging/tasks/generate_routes.yaml
@@ -1,4 +1,20 @@
---
+- set_fact: kibana_key={{ lookup('file', openshift_logging_kibana_key) | b64encode }}
+ when: "{{ openshift_logging_kibana_key | trim | length > 0 }}"
+ changed_when: false
+
+- set_fact: kibana_cert={{ lookup('file', openshift_logging_kibana_cert)| b64encode }}
+ when: "{{openshift_logging_kibana_cert | trim | length > 0}}"
+ changed_when: false
+
+- set_fact: kibana_ca={{ lookup('file', openshift_logging_kibana_ca)| b64encode }}
+ when: "{{openshift_logging_kibana_ca | trim | length > 0}}"
+ changed_when: false
+
+- set_fact: kibana_ca={{key_pairs | entry_from_named_pair('ca_file') }}
+ when: kibana_ca is not defined
+ changed_when: false
+
- name: Generating logging routes
template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml
tags: routes
@@ -6,7 +22,9 @@
obj_name: "{{route_info.name}}"
route_host: "{{route_info.host}}"
service_name: "{{route_info.name}}"
- tls_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
+ tls_key: "{{kibana_key | default('') | b64decode}}"
+ tls_cert: "{{kibana_cert | default('') | b64decode}}"
+ tls_ca_cert: "{{kibana_ca | b64decode}}"
tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
labels:
component: support
diff --git a/roles/openshift_logging/tasks/label_node.yaml b/roles/openshift_logging/tasks/label_node.yaml
deleted file mode 100644
index ebe8f1ca8..000000000
--- a/roles/openshift_logging/tasks/label_node.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
----
-- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get node {{host}}
- -o jsonpath='{.metadata.labels}'
- register: node_labels
- when: not ansible_check_mode
- changed_when: no
-
-- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig label node {{host}} {{label}}={{value}}
- register: label_result
- failed_when: label_result.rc == 1 and 'exists' not in label_result.stderr
- when:
- - value is defined
- - node_labels.stdout is defined
- - label not in node_labels.stdout
- - unlabel is not defined or not unlabel
- - not ansible_check_mode
-
-- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get node {{host}}
- -o jsonpath='{.metadata.labels.{{ label }}}'
- register: label_value
- ignore_errors: yes
- changed_when: no
- when:
- - value is defined
- - node_labels.stdout is defined
- - label in node_labels.stdout
- - unlabel is not defined or not unlabel
- - not ansible_check_mode
-
-- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig label node {{host}} {{label}}={{value}} --overwrite
- register: label_result
- failed_when: label_result.rc == 1 and 'exists' not in label_result.stderr
- when:
- - value is defined
- - label_value.stdout is defined
- - label_value.stdout != value
- - unlabel is not defined or not unlabel
- - not ansible_check_mode
-
-- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig label node {{host}} {{label}}-
- register: label_result
- failed_when: label_result.rc == 1 and 'exists' not in label_result.stderr
- when:
- - unlabel is defined
- - unlabel
- - not ansible_check_mode
- - label in node_labels.stdout
diff --git a/roles/openshift_logging/tasks/start_cluster.yaml b/roles/openshift_logging/tasks/start_cluster.yaml
index 69d2b2b6b..3e97487dc 100644
--- a/roles/openshift_logging/tasks/start_cluster.yaml
+++ b/roles/openshift_logging/tasks/start_cluster.yaml
@@ -1,125 +1,133 @@
---
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get node -o name
- register: fluentd_hosts
+- name: Retrieve list of fluentd hosts
+ oc_obj:
+ state: list
+ kind: node
when: "'--all' in openshift_logging_fluentd_hosts"
- check_mode: no
- changed_when: no
+ register: fluentd_hosts
-- set_fact: openshift_logging_fluentd_hosts={{ fluentd_hosts.stdout_lines | regex_replace('node/', '') }}
+- name: Set fact openshift_logging_fluentd_hosts
+ set_fact:
+ openshift_logging_fluentd_hosts: "{{ fluentd_hosts.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
when: "'--all' in openshift_logging_fluentd_hosts"
- name: start fluentd
- include: label_node.yaml
- vars:
- host: "{{fluentd_host}}"
- label: "{{openshift_logging_fluentd_nodeselector.keys()[0]}}"
- value: "{{openshift_logging_fluentd_nodeselector.values()[0]}}"
+ oc_label:
+ name: "{{ fluentd_host }}"
+ kind: node
+ state: add
+ label: "{{ openshift_logging_fluentd_nodeselector | oo_dict_to_list_of_dict }}"
with_items: "{{ openshift_logging_fluentd_hosts }}"
loop_control:
loop_var: fluentd_host
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=es -o name -n {{openshift_logging_namespace}}
+- name: Retrieve elasticsearch
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=es"
+ namespace: "{{openshift_logging_namespace}}"
register: es_dc
- check_mode: no
- changed_when: no
- name: start elasticsearch
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: 1
- with_items: "{{es_dc.stdout_lines}}"
+ with_items: "{{ es_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=kibana -o name -n {{openshift_logging_namespace}}
+- name: Retrieve kibana
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=kibana"
+ namespace: "{{openshift_logging_namespace}}"
register: kibana_dc
- check_mode: no
- changed_when: no
- name: start kibana
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: "{{ openshift_logging_kibana_replica_count | default (1) }}"
- with_items: "{{kibana_dc.stdout_lines}}"
+ with_items: "{{ kibana_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=curator -o name -n {{openshift_logging_namespace}}
+- name: Retrieve curator
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=curator"
+ namespace: "{{openshift_logging_namespace}}"
register: curator_dc
- check_mode: no
- changed_when: no
- name: start curator
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: 1
- with_items: "{{curator_dc.stdout_lines}}"
+ with_items: "{{ curator_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=es-ops -o name -n {{openshift_logging_namespace}}
+- name: Retrieve elasticsearch-ops
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=es-ops"
+ namespace: "{{openshift_logging_namespace}}"
register: es_dc
- check_mode: no
- changed_when: no
- name: start elasticsearch-ops
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: 1
- with_items: "{{es_dc.stdout_lines}}"
+ with_items: "{{ es_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
when: openshift_logging_use_ops | bool
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=kibana-ops -o name -n {{openshift_logging_namespace}}
+- name: Retrieve kibana-ops
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=kibana-ops"
+ namespace: "{{openshift_logging_namespace}}"
register: kibana_dc
- check_mode: no
- changed_when: no
- name: start kibana-ops
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: "{{ openshift_logging_kibana_ops_replica_count | default (1) }}"
- with_items: "{{kibana_dc.stdout_lines}}"
+ with_items: "{{ kibana_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
when: openshift_logging_use_ops | bool
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=curator-ops -o name -n {{openshift_logging_namespace}}
+- name: Retrieve curator
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=curator-ops"
+ namespace: "{{openshift_logging_namespace}}"
register: curator_dc
- check_mode: no
- changed_when: no
- name: start curator-ops
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: 1
- with_items: "{{curator_dc.stdout_lines}}"
+ with_items: "{{ curator_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
when: openshift_logging_use_ops | bool
diff --git a/roles/openshift_logging/tasks/stop_cluster.yaml b/roles/openshift_logging/tasks/stop_cluster.yaml
index 7826efabe..bae6aebbb 100644
--- a/roles/openshift_logging/tasks/stop_cluster.yaml
+++ b/roles/openshift_logging/tasks/stop_cluster.yaml
@@ -1,118 +1,133 @@
---
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get node -o name
- register: fluentd_hosts
+- name: Retrieve list of fluentd hosts
+ oc_obj:
+ state: list
+ kind: node
when: "'--all' in openshift_logging_fluentd_hosts"
- changed_when: no
+ register: fluentd_hosts
-- set_fact: openshift_logging_fluentd_hosts={{ fluentd_hosts.stdout_lines | regex_replace('node/', '') }}
+- name: Set fact openshift_logging_fluentd_hosts
+ set_fact:
+ openshift_logging_fluentd_hosts: "{{ fluentd_hosts.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
when: "'--all' in openshift_logging_fluentd_hosts"
- name: stop fluentd
- include: label_node.yaml
- vars:
- host: "{{fluentd_host}}"
- label: "{{openshift_logging_fluentd_nodeselector.keys()[0]}}"
- unlabel: True
+ oc_label:
+ name: "{{ fluentd_host }}"
+ kind: node
+ state: absent
+ label: "{{ openshift_logging_fluentd_nodeselector | oo_dict_to_list_of_dict }}"
with_items: "{{ openshift_logging_fluentd_hosts }}"
loop_control:
loop_var: fluentd_host
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=es -o name -n {{openshift_logging_namespace}}
+- name: Retrieve elasticsearch
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=es"
+ namespace: "{{openshift_logging_namespace}}"
register: es_dc
- changed_when: no
- name: stop elasticsearch
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: 0
- with_items: "{{es_dc.stdout_lines}}"
+ with_items: "{{ es_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=kibana -o name -n {{openshift_logging_namespace}}
+- name: Retrieve kibana
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=kibana"
+ namespace: "{{openshift_logging_namespace}}"
register: kibana_dc
- changed_when: no
- name: stop kibana
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: 0
- with_items: "{{kibana_dc.stdout_lines}}"
+ with_items: "{{ kibana_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=curator -o name -n {{openshift_logging_namespace}}
+- name: Retrieve curator
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=curator"
+ namespace: "{{openshift_logging_namespace}}"
register: curator_dc
- changed_when: no
- name: stop curator
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: 0
- with_items: "{{curator_dc.stdout_lines}}"
+ with_items: "{{ curator_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=es-ops -o name -n {{openshift_logging_namespace}}
+- name: Retrieve elasticsearch-ops
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=es-ops"
+ namespace: "{{openshift_logging_namespace}}"
register: es_dc
- changed_when: no
- name: stop elasticsearch-ops
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: 0
- with_items: "{{es_dc.stdout_lines}}"
+ with_items: "{{ es_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
when: openshift_logging_use_ops | bool
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=kibana-ops -o name -n {{openshift_logging_namespace}}
+- name: Retrieve kibana-ops
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=kibana-ops"
+ namespace: "{{openshift_logging_namespace}}"
register: kibana_dc
- changed_when: no
- name: stop kibana-ops
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: 0
- with_items: "{{kibana_dc.stdout_lines}}"
+ with_items: "{{ kibana_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
when: openshift_logging_use_ops | bool
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=curator-ops -o name -n {{openshift_logging_namespace}}
+- name: Retrieve curator
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=curator-ops"
+ namespace: "{{openshift_logging_namespace}}"
register: curator_dc
- changed_when: no
- name: stop curator-ops
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
- kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig"
replicas: 0
- with_items: "{{curator_dc.stdout_lines}}"
+ with_items: "{{ curator_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
when: openshift_logging_use_ops | bool
diff --git a/roles/openshift_logging/tasks/upgrade_logging.yaml b/roles/openshift_logging/tasks/upgrade_logging.yaml
index 0dc31932c..0421cdf58 100644
--- a/roles/openshift_logging/tasks/upgrade_logging.yaml
+++ b/roles/openshift_logging/tasks/upgrade_logging.yaml
@@ -8,29 +8,34 @@
start_cluster: False
# start ES so that we can run migrate script
-- command: >
- {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=es -o name -n {{openshift_logging_namespace}}
+- name: Retrieve elasticsearch
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=es"
+ namespace: "{{openshift_logging_namespace}}"
register: es_dc
- check_mode: no
- name: start elasticsearch
oc_scale:
kind: dc
- name: "{{object.split('/')[1]}}"
+ name: "{{ object }}"
namespace: "{{openshift_logging_namespace}}"
replicas: 1
- with_items: "{{es_dc.stdout_lines}}"
+ with_items: "{{ es_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
loop_control:
loop_var: object
-- command: >
- {{ openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get pods -n {{openshift_logging_namespace}} -l component=es -o jsonpath='{.items[?(@.status.phase == "Running")].metadata.name}'
+- name: Wait for pods to stop
+ oc_obj:
+ state: list
+ kind: dc
+ selector: "component=es"
+ namespace: "{{openshift_logging_namespace}}"
register: running_pod
- until: running_pod.stdout != ''
+ until: running_pod.results.results.items[?(@.status.phase == "Running")].metadata.name != ''
retries: 30
delay: 10
- changed_when: no
- check_mode: no
- name: Run upgrade script
script: es_migration.sh {{openshift.common.config_base}}/logging/ca.crt {{openshift.common.config_base}}/logging/system.admin.key {{openshift.common.config_base}}/logging/system.admin.crt {{openshift_logging_es_host}} {{openshift_logging_es_port}} {{openshift_logging_namespace}}
diff --git a/roles/openshift_logging/templates/route_reencrypt.j2 b/roles/openshift_logging/templates/route_reencrypt.j2
index 8be30a2c4..341ffdd84 100644
--- a/roles/openshift_logging/templates/route_reencrypt.j2
+++ b/roles/openshift_logging/templates/route_reencrypt.j2
@@ -11,6 +11,14 @@ metadata:
spec:
host: {{ route_host }}
tls:
+{% if tls_key is defined and tls_key | length > 0 %}
+ key: |
+{{ tls_key|indent(6, true) }}
+{% if tls_cert is defined and tls_cert | length > 0 %}
+ certificate: |
+{{ tls_cert|indent(6, true) }}
+{% endif %}
+{% endif %}
caCertificate: |
{% for line in tls_ca_cert.split('\n') %}
{{ line }}
diff --git a/roles/openshift_manage_node/meta/main.yml b/roles/openshift_manage_node/meta/main.yml
new file mode 100644
index 000000000..d90cd28cf
--- /dev/null
+++ b/roles/openshift_manage_node/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: OpenShift Red Hat
+ description: OpenShift Manage Node
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 2.2
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- role: lib_openshift
diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml
index c06758833..9a883feed 100644
--- a/roles/openshift_manage_node/tasks/main.yml
+++ b/roles/openshift_manage_node/tasks/main.yml
@@ -1,23 +1,4 @@
---
-- name: Create temp directory for kubeconfig
- command: mktemp -d /tmp/openshift-ansible-XXXXXX
- register: mktemp
- changed_when: False
- delegate_to: "{{ openshift_master_host }}"
- run_once: true
-
-- set_fact:
- openshift_manage_node_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
- delegate_to: "{{ openshift_master_host }}"
- run_once: true
-
-- name: Copy the admin client config(s)
- command: >
- cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_manage_node_kubeconfig }}
- changed_when: False
- delegate_to: "{{ openshift_master_host }}"
- run_once: true
-
# Necessary because when you're on a node that's also a master the master will be
# restarted after the node restarts docker and it will take up to 60 seconds for
# systemd to start the master again
@@ -46,38 +27,37 @@
run_once: true
- name: Wait for Node Registration
- command: >
- {{ hostvars[openshift_master_host].openshift.common.client_binary }} get node {{ openshift.node.nodename }}
- --config={{ openshift_manage_node_kubeconfig }}
- -n default
- register: omd_get_node
- until: omd_get_node.rc == 0
+ oc_obj:
+ name: "{{ openshift.node.nodename }}"
+ kind: node
+ state: list
+ register: get_node
+ until: "'metadata' in get_node.results.results[0]"
retries: 50
delay: 5
- changed_when: false
when: "'nodename' in openshift.node"
delegate_to: "{{ openshift_master_host }}"
- name: Set node schedulability
- command: >
- {{ hostvars[openshift_master_host].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename }} --schedulable={{ 'true' if openshift.node.schedulable | bool else 'false' }}
- --config={{ openshift_manage_node_kubeconfig }}
- -n default
+ oadm_manage_node:
+ node: "{{ openshift.node.nodename | lower }}"
+ schedulable: "{{ 'true' if openshift.node.schedulable | bool else 'false' }}"
+ retries: 10
+ delay: 5
+ register: node_schedulable
+ until: node_schedulable|succeeded
when: "'nodename' in openshift.node"
delegate_to: "{{ openshift_master_host }}"
- name: Label nodes
- command: >
- {{ hostvars[openshift_master_host].openshift.common.client_binary }} label --overwrite node {{ openshift.node.nodename }} {{ openshift.node.labels | oo_combine_dict }}
- --config={{ openshift_manage_node_kubeconfig }}
- -n default
- when: "'nodename' in openshift.node and 'labels' in openshift.node and openshift.node.labels != {}"
- delegate_to: "{{ openshift_master_host }}"
-
-- name: Delete temp directory
- file:
- name: "{{ mktemp.stdout }}"
- state: absent
- changed_when: False
+ oc_label:
+ name: "{{ openshift.node.nodename }}"
+ kind: node
+ state: add
+ labels: "{{ openshift.node.labels | oo_dict_to_list_of_dict }}"
+ namespace: default
+ when:
+ - "'nodename' in openshift.node"
+ - "'labels' in openshift.node"
+ - openshift.node.labels != {}
delegate_to: "{{ openshift_master_host }}"
- run_once: true
diff --git a/roles/openshift_manageiq/meta/main.yml b/roles/openshift_manageiq/meta/main.yml
new file mode 100644
index 000000000..6c96a91bf
--- /dev/null
+++ b/roles/openshift_manageiq/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: Erez Freiberger
+ description: ManageIQ
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 2.1
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- role: lib_openshift
diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
index a7214482f..f202486a5 100644
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -18,27 +18,15 @@
failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0"
changed_when: osmiq_create_mi_project.rc == 0
-- name: Create Admin Service Account
- shell: >
- echo {{ manageiq_service_account | to_json | quote }} |
- {{ openshift.common.client_binary }} create
- -n management-infra
- --config={{manage_iq_tmp_conf}}
- -f -
- register: osmiq_create_service_account
- failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
- changed_when: osmiq_create_service_account.rc == 0
-
-- name: Create Image Inspector Service Account
- shell: >
- echo {{ manageiq_image_inspector_service_account | to_json | quote }} |
- {{ openshift.common.client_binary }} create
- -n management-infra
- --config={{manage_iq_tmp_conf}}
- -f -
- register: osmiq_create_service_account
- failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
- changed_when: osmiq_create_service_account.rc == 0
+- name: Create Admin and Image Inspector Service Account
+ oc_serviceaccount:
+ kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+ name: "{{ item }}"
+ namespace: management-infra
+ state: present
+ with_items:
+ - management-admin
+ - inspector-admin
- name: Create Cluster Role
shell: >
@@ -59,6 +47,9 @@
register: oshawkular_create_cluster_role
failed_when: "'already exists' not in oshawkular_create_cluster_role.stderr and oshawkular_create_cluster_role.rc != 0"
changed_when: oshawkular_create_cluster_role.rc == 0
+ # AUDIT:changed_when_note: Checking the return code is insufficient
+ # here. We really need to verify the if the role even exists before
+ # we run this task.
- name: Configure role/user permissions
command: >
@@ -68,6 +59,10 @@
register: osmiq_perm_task
failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0"
changed_when: osmiq_perm_task.rc == 0
+ # AUDIT:changed_when_note: Checking the return code is insufficient
+ # here. We really need to compare the current role/user permissions
+ # with their expected state. I think we may have a module for this?
+
- name: Configure 3_2 role/user permissions
command: >
diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml
index 3f24fd6be..9936bb126 100644
--- a/roles/openshift_manageiq/vars/main.yml
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -1,4 +1,5 @@
---
+openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
manageiq_cluster_role:
apiVersion: v1
kind: ClusterRole
@@ -24,18 +25,6 @@ manageiq_metrics_admin_clusterrole:
verbs:
- '*'
-manageiq_service_account:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: management-admin
-
-manageiq_image_inspector_service_account:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: inspector-admin
-
manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig
manage_iq_tasks:
diff --git a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py
index 0c94228c6..ef322bd7d 100644
--- a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py
+++ b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py
@@ -52,6 +52,9 @@ class LookupModule(LookupBase):
# convert short_version to origin short_version
short_version = re.sub('^3.', '1.', short_version)
+ if short_version == 'latest':
+ short_version = '1.6'
+
# Predicates ordered according to OpenShift Origin source:
# origin/vendor/k8s.io/kubernetes/plugin/pkg/scheduler/algorithmprovider/defaults/defaults.go
diff --git a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py
index 95ace7923..6ad40e748 100644
--- a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py
+++ b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py
@@ -53,6 +53,9 @@ class LookupModule(LookupBase):
# convert short_version to origin short_version
short_version = re.sub('^3.', '1.', short_version)
+ if short_version == 'latest':
+ short_version = '1.6'
+
if short_version == '1.1':
priorities.extend([
{'name': 'LeastRequestedPriority', 'weight': 1},
diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml
index 0cfbac8a9..edaa7d0df 100644
--- a/roles/openshift_metrics/defaults/main.yaml
+++ b/roles/openshift_metrics/defaults/main.yaml
@@ -32,10 +32,10 @@ openshift_metrics_heapster_requests_memory: 0.9375G
openshift_metrics_heapster_requests_cpu: null
openshift_metrics_heapster_nodeselector: ""
-openshift_metrics_hostname: "hawkular-metrics.{{openshift_master_default_subdomain}}"
+openshift_metrics_hawkular_hostname: "hawkular-metrics.{{openshift_master_default_subdomain}}"
openshift_metrics_duration: 7
-openshift_metrics_resolution: 15s
+openshift_metrics_resolution: 30s
#####
# Caution should be taken for the following defaults before
diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml
index 66925c113..66a3abdbd 100644
--- a/roles/openshift_metrics/tasks/install_metrics.yaml
+++ b/roles/openshift_metrics/tasks/install_metrics.yaml
@@ -34,6 +34,20 @@
file_content: "{{ item.content | b64decode | from_yaml }}"
with_items: "{{ object_defs.results }}"
+- command: >
+ {{openshift.common.client_binary}}
+ --config={{mktemp.stdout}}/admin.kubeconfig
+ get rc
+ -l metrics-infra
+ -o name
+ -n {{openshift_metrics_project}}
+ register: existing_metrics_rc
+ changed_when: no
+
+- name: Scaling down cluster to recognize changes
+ include: stop_metrics.yaml
+ when: "{{ existing_metrics_rc.stdout_lines | length > 0 }}"
+
- name: Scaling up cluster
include: start_metrics.yaml
tags: openshift_metrics_start_cluster
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 3e888b77f..691227915 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -60,6 +60,12 @@
state: present
when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool
+- name: Install conntrack-tools package
+ package:
+ name: "conntrack-tools"
+ state: present
+ when: not openshift.common.is_containerized | bool
+
- name: Install the systemd units
include: systemd_units.yml
diff --git a/roles/openshift_node_upgrade/tasks/main.yml b/roles/openshift_node_upgrade/tasks/main.yml
index b1d5f0e0f..609ca2a6e 100644
--- a/roles/openshift_node_upgrade/tasks/main.yml
+++ b/roles/openshift_node_upgrade/tasks/main.yml
@@ -75,3 +75,9 @@
# so containerized services should restart quickly as well.
retries: 24
delay: 5
+ # AUDIT:changed_when: `false` because we are only inspecting the
+ # state of the node, we aren't changing anything (we changed node
+ # service state in the previous task). You could say we shouldn't
+ # override this because something will be changing (the state of a
+ # service), but that should be part of the last task.
+ changed_when: false
diff --git a/roles/openshift_preflight/README.md b/roles/openshift_preflight/README.md
deleted file mode 100644
index b6d3542d3..000000000
--- a/roles/openshift_preflight/README.md
+++ /dev/null
@@ -1,52 +0,0 @@
-OpenShift Preflight Checks
-==========================
-
-This role detects common problems prior to installing OpenShift.
-
-Requirements
-------------
-
-* Ansible 2.2+
-
-Role Variables
---------------
-
-None
-
-Dependencies
-------------
-
-None
-
-Example Playbook
-----------------
-
-```yaml
----
-- hosts: OSEv3
- roles:
- - openshift_preflight/init
-
-- hosts: OSEv3
- name: checks that apply to all hosts
- gather_facts: no
- ignore_errors: yes
- roles:
- - openshift_preflight/common
-
-- hosts: OSEv3
- name: verify check results
- gather_facts: no
- roles:
- - openshift_preflight/verify_status
-```
-
-License
--------
-
-Apache License Version 2.0
-
-Author Information
-------------------
-
-Customer Success team (dev@lists.openshift.redhat.com)
diff --git a/roles/openshift_preflight/common/meta/main.yml b/roles/openshift_preflight/common/meta/main.yml
deleted file mode 100644
index 6f23cbf3b..000000000
--- a/roles/openshift_preflight/common/meta/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-dependencies:
- - role: openshift_preflight/base
diff --git a/roles/openshift_preflight/common/tasks/main.yml b/roles/openshift_preflight/common/tasks/main.yml
deleted file mode 100644
index f1a4a160e..000000000
--- a/roles/openshift_preflight/common/tasks/main.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-# check content available on all hosts
-- when: not openshift.common.is_containerized | bool
- block:
-
- - name: determine if yum update will work
- action: check_yum_update
- register: r
-
- - set_fact:
- oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'determine if yum update will work'})] }}"
-
- - name: determine if expected version matches what is available
- aos_version:
- version: "{{ openshift_release }}"
- when:
- - deployment_type == "openshift-enterprise"
- register: r
-
- - set_fact:
- oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'determine if expected version matches what is available'})] }}"
diff --git a/roles/openshift_preflight/init/tasks/main.yml b/roles/openshift_preflight/init/tasks/main.yml
deleted file mode 100644
index bf2d82196..000000000
--- a/roles/openshift_preflight/init/tasks/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-- name: set common variables
- set_fact:
- oo_preflight_check_results: "{{ oo_preflight_check_results | default([]) }}"
diff --git a/roles/openshift_preflight/masters/meta/main.yml b/roles/openshift_preflight/masters/meta/main.yml
deleted file mode 100644
index 6f23cbf3b..000000000
--- a/roles/openshift_preflight/masters/meta/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-dependencies:
- - role: openshift_preflight/base
diff --git a/roles/openshift_preflight/masters/tasks/main.yml b/roles/openshift_preflight/masters/tasks/main.yml
deleted file mode 100644
index 35fb1e3ca..000000000
--- a/roles/openshift_preflight/masters/tasks/main.yml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-# determine if yum install of master pkgs will work
-- when: not openshift.common.is_containerized | bool
- block:
-
- - name: main master packages availability
- check_yum_update:
- packages:
- - "{{ openshift.common.service_type }}"
- - "{{ openshift.common.service_type }}-clients"
- - "{{ openshift.common.service_type }}-master"
- register: r
-
- - set_fact:
- oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'main master packages availability'})] }}"
-
- - name: other master packages availability
- check_yum_update:
- packages:
- - etcd
- - bash-completion
- - cockpit-bridge
- - cockpit-docker
- - cockpit-kubernetes
- - cockpit-shell
- - cockpit-ws
- - httpd-tools
- register: r
-
- - set_fact:
- oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'other master packages availability'})] }}"
diff --git a/roles/openshift_preflight/nodes/meta/main.yml b/roles/openshift_preflight/nodes/meta/main.yml
deleted file mode 100644
index 6f23cbf3b..000000000
--- a/roles/openshift_preflight/nodes/meta/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-dependencies:
- - role: openshift_preflight/base
diff --git a/roles/openshift_preflight/nodes/tasks/main.yml b/roles/openshift_preflight/nodes/tasks/main.yml
deleted file mode 100644
index a10e69024..000000000
--- a/roles/openshift_preflight/nodes/tasks/main.yml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-# determine if yum install of node pkgs will work
-- when: not openshift.common.is_containerized | bool
- block:
-
- - name: main node packages availability
- check_yum_update:
- packages:
- - "{{ openshift.common.service_type }}"
- - "{{ openshift.common.service_type }}-node"
- - "{{ openshift.common.service_type }}-sdn-ovs"
- register: r
-
- - set_fact:
- oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'main node packages availability'})] }}"
-
- - name: other node packages availability
- check_yum_update:
- packages:
- - docker
- - PyYAML
- - firewalld
- - iptables
- - iptables-services
- - nfs-utils
- - ntp
- - yum-utils
- - dnsmasq
- - libselinux-python
- - ceph-common
- - glusterfs-fuse
- - iscsi-initiator-utils
- - pyparted
- - python-httplib2
- - openssl
- - flannel
- - bind
- register: r
-
- - set_fact:
- oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'other node packages availability'})] }}"
diff --git a/roles/openshift_preflight/verify_status/tasks/main.yml b/roles/openshift_preflight/verify_status/tasks/main.yml
deleted file mode 100644
index 36ccf648a..000000000
--- a/roles/openshift_preflight/verify_status/tasks/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-- name: find check failures
- set_fact:
- oo_preflight_check_failures: "{{ oo_preflight_check_results | select('failed', 'equalto', True) | list }}"
-
-- name: ensure all checks succeed
- action: fail
- when: oo_preflight_check_failures
diff --git a/roles/openshift_serviceaccounts/meta/main.yml b/roles/openshift_serviceaccounts/meta/main.yml
index a2c9fee70..7a30c220f 100644
--- a/roles/openshift_serviceaccounts/meta/main.yml
+++ b/roles/openshift_serviceaccounts/meta/main.yml
@@ -13,3 +13,4 @@ galaxy_info:
- cloud
dependencies:
- { role: openshift_facts }
+- { role: lib_openshift }
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
index d83ccf7de..1d570fa5b 100644
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ b/roles/openshift_serviceaccounts/tasks/main.yml
@@ -1,21 +1,11 @@
---
-- name: test if service accounts exists
- command: >
- {{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }}
- with_items: "{{ openshift_serviceaccounts_names }}"
- failed_when: false
- changed_when: false
- register: account_test
-
- name: create the service account
- shell: >
- echo {{ lookup('template', '../templates/serviceaccount.j2')
- | from_yaml | to_json | quote }} | {{ openshift.common.client_binary }}
- -n {{ openshift_serviceaccounts_namespace }} create -f -
- when: item.1.rc != 0
- with_together:
+ oc_serviceaccount:
+ name: "{{ item }}"
+ namespace: "{{ openshift_serviceaccounts_namespace }}"
+ state: present
+ with_items:
- "{{ openshift_serviceaccounts_names }}"
- - "{{ account_test.results }}"
- name: test if scc needs to be updated
command: >
diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml
index fd935f105..0d6b8b7d4 100644
--- a/roles/openshift_storage_nfs/tasks/main.yml
+++ b/roles/openshift_storage_nfs/tasks/main.yml
@@ -29,6 +29,7 @@
- "{{ openshift.hosted.registry }}"
- "{{ openshift.hosted.metrics }}"
- "{{ openshift.hosted.logging }}"
+ - "{{ openshift.hosted.loggingops }}"
- name: Configure exports
diff --git a/roles/openshift_storage_nfs/templates/exports.j2 b/roles/openshift_storage_nfs/templates/exports.j2
index 2d6dd85e3..8c6d4105c 100644
--- a/roles/openshift_storage_nfs/templates/exports.j2
+++ b/roles/openshift_storage_nfs/templates/exports.j2
@@ -1,3 +1,4 @@
{{ openshift.hosted.registry.storage.nfs.directory }}/{{ openshift.hosted.registry.storage.volume.name }} {{ openshift.hosted.registry.storage.nfs.options }}
{{ openshift.hosted.metrics.storage.nfs.directory }}/{{ openshift.hosted.metrics.storage.volume.name }} {{ openshift.hosted.metrics.storage.nfs.options }}
{{ openshift.hosted.logging.storage.nfs.directory }}/{{ openshift.hosted.logging.storage.volume.name }} {{ openshift.hosted.logging.storage.nfs.options }}
+{{ openshift.hosted.loggingops.storage.nfs.directory }}/{{ openshift.hosted.loggingops.storage.volume.name }} {{ openshift.hosted.loggingops.storage.nfs.options }}
diff --git a/utils/src/ooinstall/variants.py b/utils/src/ooinstall/variants.py
index a45be98bf..f25266f29 100644
--- a/utils/src/ooinstall/variants.py
+++ b/utils/src/ooinstall/variants.py
@@ -39,7 +39,7 @@ class Variant(object):
# WARNING: Keep the versions ordered, most recent first:
OSE = Variant('openshift-enterprise', 'OpenShift Container Platform', [
- Version('3.4', 'openshift-enterprise'),
+ Version('3.5', 'openshift-enterprise'),
])
REG = Variant('openshift-enterprise', 'Registry', [
@@ -51,6 +51,7 @@ origin = Variant('origin', 'OpenShift Origin', [
])
LEGACY = Variant('openshift-enterprise', 'OpenShift Container Platform', [
+ Version('3.4', 'openshift-enterprise'),
Version('3.3', 'openshift-enterprise'),
Version('3.2', 'openshift-enterprise'),
Version('3.1', 'openshift-enterprise'),