summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/haproxy/defaults/main.yml3
-rw-r--r--roles/haproxy/templates/haproxy.cfg.j225
-rw-r--r--roles/openshift_master/handlers/main.yml8
-rw-r--r--roles/openshift_master/tasks/main.yml84
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j218
5 files changed, 130 insertions, 8 deletions
diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml
index c002efdbc..16e9af4d1 100644
--- a/roles/haproxy/defaults/main.yml
+++ b/roles/haproxy/defaults/main.yml
@@ -1,7 +1,8 @@
---
haproxy_frontends:
- name: main
- bind: "*:80"
+ binds:
+ - "*:80"
default_backend: default
haproxy_backends:
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index bfcdcfdb1..fddf0ede1 100644
--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -35,13 +35,36 @@ defaults
{% for frontend in haproxy_frontends %}
frontend {{ frontend.name }}
- bind {{ frontend.bind }}
+{% for bind in frontend.binds %}
+ bind {{ bind }}
+{% endfor %}
default_backend {{ frontend.default_backend }}
+{% if 'mode' in frontend %}
+ mode {{ frontend.mode }}
+{% endif %}
+{% if 'options' in frontend %}
+{% for option in frontend.options %}
+ option {{ option }}
+{% endfor %}
+{% endif %}
+{% if 'redirects' in frontend %}
+{% for redirect in frontend.redirects %}
+ redirect {{ redirect }}
+{% endfor %}
+{% endif %}
{% endfor %}
{% for backend in haproxy_backends %}
backend {{ backend.name }}
balance {{ backend.balance }}
+{% if 'mode' in backend %}
+ mode {{ backend.mode }}
+{% endif %}
+{% if 'options' in backend %}
+{% for option in backend.options %}
+ option {{ option }}
+{% endfor %}
+{% endif %}
{% for server in backend.servers %}
server {{ server.name }} {{ server.address }} {{ server.opts }}
{% endfor %}
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml
index 37028e0f6..9ce4f512b 100644
--- a/roles/openshift_master/handlers/main.yml
+++ b/roles/openshift_master/handlers/main.yml
@@ -2,3 +2,11 @@
- name: restart master
service: name={{ openshift.common.service_type }}-master state=restarted
when: (not openshift_master_ha | bool) and (not master_service_status_changed | default(false))
+
+- name: restart master api
+ service: name={{ openshift.common.service_type }}-master-api state=restarted
+ when: openshift_master_ha | bool
+
+- name: restart master controllers
+ service: name={{ openshift.common.service_type }}-master-controllers state=restarted
+ when: openshift_master_ha | bool
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index f11582ce7..b23c19d37 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -91,6 +91,8 @@
creates: "{{ openshift_master_policy }}"
notify:
- restart master
+ - restart master api
+ - restart master controllers
- name: Create the scheduler config
template:
@@ -99,6 +101,8 @@
backup: true
notify:
- restart master
+ - restart master api
+ - restart master controllers
- name: Install httpd-tools if needed
yum: pkg=httpd-tools state=present
@@ -121,6 +125,30 @@
when: item.kind == 'HTPasswdPasswordIdentityProvider'
with_items: openshift.master.identity_providers
+# workaround for missing systemd unit files for controllers/api
+- name: Create the api service file
+ copy:
+ src: atomic-openshift-master-api.service
+ dest: /usr/lib/systemd/system/atomic-openshift-master-api.service
+ force: no
+- name: Create the controllers service file
+ copy:
+ src: atomic-openshift-master-controllers.service
+ dest: /usr/lib/systemd/system/atomic-openshift-master-controllers.service
+ force: no
+- name: Create the api env file
+ copy:
+ src: atomic-openshift-master-api
+ dest: /etc/sysconfig/atomic-openshift-master-api
+ force: no
+- name: Create the controllers env file
+ copy:
+ src: atomic-openshift-master-controllers
+ dest: /etc/sysconfig/atomic-openshift-master-controllers
+ force: no
+- command: systemctl daemon-reload
+# end workaround for missing systemd unit files
+
# TODO: add the validate parameter when there is a validation command to run
- name: Create master config
template:
@@ -129,6 +157,8 @@
backup: true
notify:
- restart master
+ - restart master api
+ - restart master controllers
- name: Configure master settings
lineinfile:
@@ -143,9 +173,61 @@
notify:
- restart master
+- name: Configure master api settings
+ lineinfile:
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+ regexp: "{{ item.regex }}"
+ line: "{{ item.line }}"
+ with_items:
+ - regex: '^OPTIONS='
+ line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8443 --master=https://{{ openshift.common.ip }}:8443"
+ - regex: '^CONFIG_FILE='
+ line: "CONFIG_FILE={{ openshift_master_config_file }}"
+ notify:
+ - restart master api
+
+- name: Configure master controller settings
+ lineinfile:
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+ regexp: "{{ item.regex }}"
+ line: "{{ item.line }}"
+ with_items:
+ - regex: '^OPTIONS='
+ line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8444"
+ - regex: '^CONFIG_FILE='
+ line: "CONFIG_FILE={{ openshift_master_config_file }}"
+ notify:
+ - restart master controllers
+
- name: Start and enable master
service: name={{ openshift.common.service_type }}-master enabled=yes state=started
-# when: not openshift_master_ha | bool
+ when: not openshift_master_ha | bool
+ register: start_result
+
+# workaround for start bug when configuring ha
+- name: Start master for ha workaround
+ service: name={{ openshift.common.service_type }}-master state=started
+ when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master
+
+- name: pause for 30 seconds to let master finish starting up for ha workaround
+ pause: seconds=30
+ when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master
+
+- name: Stop master for ha workaround
+ service: name={{ openshift.common.service_type }}-master state=stopped
+ when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master
+# end workaround for start bug when configuring ha
+
+- fail:
+
+- name: Start and enable master api
+ service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started
+ when: openshift_master_ha | bool
+ register: start_result
+
+- name: Start and enable master controller
+ service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started
+ when: openshift_master_ha | bool
register: start_result
- set_fact:
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 877c44772..3f2c51417 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -10,13 +10,16 @@ assetConfig:
publicURL: {{ openshift.master.public_console_url }}/
servingInfo:
bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }}
+ bindNetwork: tcp4
certFile: master.server.crt
clientCA: ""
keyFile: master.server.key
maxRequestsInFlight: 0
requestTimeoutSeconds: 0
+controllerLeaseTTL: 0
+controllers: '*'
corsAllowedOrigins:
-{% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] | unique %}
+{% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %}
- {{ origin }}
{% endfor %}
{% for custom_origin in openshift.master.custom_cors_origins | default("") %}
@@ -29,8 +32,10 @@ corsAllowedOrigins:
disabledFeatures: {{ openshift.master.disabled_features | to_json }}
{% endif %}
{% if openshift.master.embedded_dns | bool %}
+disabledFeatures: null
dnsConfig:
bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}
+ bindNetwork: tcp4
{% endif %}
etcdClientInfo:
ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }}
@@ -81,13 +86,13 @@ kubernetesMasterConfig:
apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }}
controllerArguments: {{ controller_args if controller_args is defined else 'null' }}
masterCount: {{ openshift.master.master_count }}
- masterIP: ""
- podEvictionTimeout: ""
+ masterIP: {{ openshift.common.ip }}
+ podEvictionTimeout: 5m
proxyClientInfo:
certFile: master.proxy-client.crt
keyFile: master.proxy-client.key
schedulerConfigFile: {{ openshift_master_scheduler_conf }}
- servicesNodePortRange: ""
+ servicesNodePortRange: 30000-32767
servicesSubnet: {{ openshift.master.portal_net }}
staticNodeNames: {{ openshift_node_ips | default([], true) }}
{% endif %}
@@ -105,6 +110,7 @@ networkConfig:
# serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet
serviceNetworkCIDR: {{ openshift.master.portal_net }}
{% include 'v1_partials/oauthConfig.j2' %}
+pauseControllers: false
policyConfig:
bootstrapPolicyFile: {{ openshift_master_policy }}
openshiftInfrastructureNamespace: openshift-infra
@@ -118,8 +124,9 @@ projectConfig:
mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }}
uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}"
routingConfig:
- subdomain: "{{ openshift.master.default_subdomain | default("") }}"
+ subdomain: "{{ openshift.master.default_subdomain | default("router.default.svc.cluster.local") }}"
serviceAccountConfig:
+ limitSecretReferences: false
managedNames:
- default
- builder
@@ -130,6 +137,7 @@ serviceAccountConfig:
- serviceaccounts.public.key
servingInfo:
bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.api_port }}
+ bindNetwork: tcp4
certFile: master.server.crt
clientCA: ca.crt
keyFile: master.server.key