diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/haproxy/defaults/main.yml | 3 | ||||
-rw-r--r-- | roles/haproxy/templates/haproxy.cfg.j2 | 25 | ||||
-rw-r--r-- | roles/openshift_master/handlers/main.yml | 8 | ||||
-rw-r--r-- | roles/openshift_master/tasks/main.yml | 84 | ||||
-rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 18 |
5 files changed, 130 insertions, 8 deletions
diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml index c002efdbc..16e9af4d1 100644 --- a/roles/haproxy/defaults/main.yml +++ b/roles/haproxy/defaults/main.yml @@ -1,7 +1,8 @@ --- haproxy_frontends: - name: main - bind: "*:80" + binds: + - "*:80" default_backend: default haproxy_backends: diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 index bfcdcfdb1..fddf0ede1 100644 --- a/roles/haproxy/templates/haproxy.cfg.j2 +++ b/roles/haproxy/templates/haproxy.cfg.j2 @@ -35,13 +35,36 @@ defaults {% for frontend in haproxy_frontends %} frontend {{ frontend.name }} - bind {{ frontend.bind }} +{% for bind in frontend.binds %} + bind {{ bind }} +{% endfor %} default_backend {{ frontend.default_backend }} +{% if 'mode' in frontend %} + mode {{ frontend.mode }} +{% endif %} +{% if 'options' in frontend %} +{% for option in frontend.options %} + option {{ option }} +{% endfor %} +{% endif %} +{% if 'redirects' in frontend %} +{% for redirect in frontend.redirects %} + redirect {{ redirect }} +{% endfor %} +{% endif %} {% endfor %} {% for backend in haproxy_backends %} backend {{ backend.name }} balance {{ backend.balance }} +{% if 'mode' in backend %} + mode {{ backend.mode }} +{% endif %} +{% if 'options' in backend %} +{% for option in backend.options %} + option {{ option }} +{% endfor %} +{% endif %} {% for server in backend.servers %} server {{ server.name }} {{ server.address }} {{ server.opts }} {% endfor %} diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index 37028e0f6..9ce4f512b 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -2,3 +2,11 @@ - name: restart master service: name={{ openshift.common.service_type }}-master state=restarted when: (not openshift_master_ha | bool) and (not master_service_status_changed | default(false)) + +- name: restart master api + service: name={{ openshift.common.service_type }}-master-api state=restarted + when: openshift_master_ha | bool + +- name: restart master controllers + service: name={{ openshift.common.service_type }}-master-controllers state=restarted + when: openshift_master_ha | bool diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index f11582ce7..b23c19d37 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -91,6 +91,8 @@ creates: "{{ openshift_master_policy }}" notify: - restart master + - restart master api + - restart master controllers - name: Create the scheduler config template: @@ -99,6 +101,8 @@ backup: true notify: - restart master + - restart master api + - restart master controllers - name: Install httpd-tools if needed yum: pkg=httpd-tools state=present @@ -121,6 +125,30 @@ when: item.kind == 'HTPasswdPasswordIdentityProvider' with_items: openshift.master.identity_providers +# workaround for missing systemd unit files for controllers/api +- name: Create the api service file + copy: + src: atomic-openshift-master-api.service + dest: /usr/lib/systemd/system/atomic-openshift-master-api.service + force: no +- name: Create the controllers service file + copy: + src: atomic-openshift-master-controllers.service + dest: /usr/lib/systemd/system/atomic-openshift-master-controllers.service + force: no +- name: Create the api env file + copy: + src: atomic-openshift-master-api + dest: /etc/sysconfig/atomic-openshift-master-api + force: no +- name: Create the controllers env file + copy: + src: atomic-openshift-master-controllers + dest: /etc/sysconfig/atomic-openshift-master-controllers + force: no +- command: systemctl daemon-reload +# end workaround for missing systemd unit files + # TODO: add the validate parameter when there is a validation command to run - name: Create master config template: @@ -129,6 +157,8 @@ backup: true notify: - restart master + - restart master api + - restart master controllers - name: Configure master settings lineinfile: @@ -143,9 +173,61 @@ notify: - restart master +- name: Configure master api settings + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + with_items: + - regex: '^OPTIONS=' + line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8443 --master=https://{{ openshift.common.ip }}:8443" + - regex: '^CONFIG_FILE=' + line: "CONFIG_FILE={{ openshift_master_config_file }}" + notify: + - restart master api + +- name: Configure master controller settings + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + with_items: + - regex: '^OPTIONS=' + line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8444" + - regex: '^CONFIG_FILE=' + line: "CONFIG_FILE={{ openshift_master_config_file }}" + notify: + - restart master controllers + - name: Start and enable master service: name={{ openshift.common.service_type }}-master enabled=yes state=started -# when: not openshift_master_ha | bool + when: not openshift_master_ha | bool + register: start_result + +# workaround for start bug when configuring ha +- name: Start master for ha workaround + service: name={{ openshift.common.service_type }}-master state=started + when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master + +- name: pause for 30 seconds to let master finish starting up for ha workaround + pause: seconds=30 + when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master + +- name: Stop master for ha workaround + service: name={{ openshift.common.service_type }}-master state=stopped + when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master +# end workaround for start bug when configuring ha + +- fail: + +- name: Start and enable master api + service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started + when: openshift_master_ha | bool + register: start_result + +- name: Start and enable master controller + service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started + when: openshift_master_ha | bool register: start_result - set_fact: diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 877c44772..3f2c51417 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -10,13 +10,16 @@ assetConfig: publicURL: {{ openshift.master.public_console_url }}/ servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }} + bindNetwork: tcp4 certFile: master.server.crt clientCA: "" keyFile: master.server.key maxRequestsInFlight: 0 requestTimeoutSeconds: 0 +controllerLeaseTTL: 0 +controllers: '*' corsAllowedOrigins: -{% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] | unique %} +{% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} - {{ origin }} {% endfor %} {% for custom_origin in openshift.master.custom_cors_origins | default("") %} @@ -29,8 +32,10 @@ corsAllowedOrigins: disabledFeatures: {{ openshift.master.disabled_features | to_json }} {% endif %} {% if openshift.master.embedded_dns | bool %} +disabledFeatures: null dnsConfig: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }} + bindNetwork: tcp4 {% endif %} etcdClientInfo: ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} @@ -81,13 +86,13 @@ kubernetesMasterConfig: apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }} controllerArguments: {{ controller_args if controller_args is defined else 'null' }} masterCount: {{ openshift.master.master_count }} - masterIP: "" - podEvictionTimeout: "" + masterIP: {{ openshift.common.ip }} + podEvictionTimeout: 5m proxyClientInfo: certFile: master.proxy-client.crt keyFile: master.proxy-client.key schedulerConfigFile: {{ openshift_master_scheduler_conf }} - servicesNodePortRange: "" + servicesNodePortRange: 30000-32767 servicesSubnet: {{ openshift.master.portal_net }} staticNodeNames: {{ openshift_node_ips | default([], true) }} {% endif %} @@ -105,6 +110,7 @@ networkConfig: # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.master.portal_net }} {% include 'v1_partials/oauthConfig.j2' %} +pauseControllers: false policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} openshiftInfrastructureNamespace: openshift-infra @@ -118,8 +124,9 @@ projectConfig: mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }} uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}" routingConfig: - subdomain: "{{ openshift.master.default_subdomain | default("") }}" + subdomain: "{{ openshift.master.default_subdomain | default("router.default.svc.cluster.local") }}" serviceAccountConfig: + limitSecretReferences: false managedNames: - default - builder @@ -130,6 +137,7 @@ serviceAccountConfig: - serviceaccounts.public.key servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} + bindNetwork: tcp4 certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key |