diff options
Diffstat (limited to 'roles')
26 files changed, 1470 insertions, 121 deletions
diff --git a/roles/lib_openshift_api/build/ansible/router.py b/roles/lib_openshift_api/build/ansible/router.py new file mode 100644 index 000000000..3b24c7b5e --- /dev/null +++ b/roles/lib_openshift_api/build/ansible/router.py @@ -0,0 +1,142 @@ +# pylint: skip-file + +def main(): + ''' + ansible oc module for secrets + ''' + + module = AnsibleModule( + argument_spec=dict( + state=dict(default='present', type='str', + choices=['present', 'absent']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + name=dict(default='router', type='str'), + + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + credentials=dict(default='/etc/origin/master/openshift-router.kubeconfig', type='str'), + cert_file=dict(default=None, type='str'), + key_file=dict(default=None, type='str'), + image=dict(default=None, type='str'), #'openshift3/ose-${component}:${version}' + latest_image=dict(default=False, type='bool'), + labels=dict(default=None, type='list'), + ports=dict(default=['80:80', '443:443'], type='list'), + replicas=dict(default=1, type='int'), + selector=dict(default=None, type='str'), + service_account=dict(default='router', type='str'), + router_type=dict(default='haproxy-router', type='str'), + host_network=dict(default=True, type='bool'), + # external host options + external_host=dict(default=None, type='str'), + external_host_vserver=dict(default=None, type='str'), + external_host_insecure=dict(default=False, type='bool'), + external_host_partition_path=dict(default=None, type='str'), + external_host_username=dict(default=None, type='str'), + external_host_password=dict(default=None, type='str'), + external_host_private_key=dict(default=None, type='str'), + # Metrics + expose_metrics=dict(default=False, type='bool'), + metrics_image=dict(default=None, type='str'), + # Stats + stats_user=dict(default=None, type='str'), + stats_password=dict(default=None, type='str'), + stats_port=dict(default=1936, type='int'), + + ), + mutually_exclusive=[["router_type", "images"]], + + supports_check_mode=True, + ) + + rconfig = RouterConfig(module.params['name'], + module.params['kubeconfig'], + {'credentials': {'value': module.params['credentials'], 'include': True}, + 'default_cert': {'value': None, 'include': True}, + 'cert_file': {'value': module.params['cert_file'], 'include': False}, + 'key_file': {'value': module.params['key_file'], 'include': False}, + 'image': {'value': module.params['image'], 'include': True}, + 'latest_image': {'value': module.params['latest_image'], 'include': True}, + 'labels': {'value': module.params['labels'], 'include': True}, + 'ports': {'value': ','.join(module.params['ports']), 'include': True}, + 'replicas': {'value': module.params['replicas'], 'include': True}, + 'selector': {'value': module.params['selector'], 'include': True}, + 'service_account': {'value': module.params['service_account'], 'include': True}, + 'router_type': {'value': module.params['router_type'], 'include': False}, + 'host_network': {'value': module.params['host_network'], 'include': True}, + 'external_host': {'value': module.params['external_host'], 'include': True}, + 'external_host_vserver': {'value': module.params['external_host_vserver'], + 'include': True}, + 'external_host_insecure': {'value': module.params['external_host_insecure'], + 'include': True}, + 'external_host_partition_path': {'value': module.params['external_host_partition_path'], + 'include': True}, + 'external_host_username': {'value': module.params['external_host_username'], + 'include': True}, + 'external_host_password': {'value': module.params['external_host_password'], + 'include': True}, + 'external_host_private_key': {'value': module.params['external_host_private_key'], + 'include': True}, + 'expose_metrics': {'value': module.params['expose_metrics'], 'include': True}, + 'metrics_image': {'value': module.params['metrics_image'], 'include': True}, + 'stats_user': {'value': module.params['stats_user'], 'include': True}, + 'stats_password': {'value': module.params['stats_password'], 'include': True}, + 'stats_port': {'value': module.params['stats_port'], 'include': True}, + }) + + + ocrouter = Router(rconfig) + + state = module.params['state'] + + ######## + # Delete + ######## + if state == 'absent': + if not ocrouter.exists(): + module.exit_json(changed=False, state="absent") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a delete.') + + api_rval = ocrouter.delete() + module.exit_json(changed=True, results=api_rval, state="absent") + + + if state == 'present': + ######## + # Create + ######## + if not ocrouter.exists(): + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a create.') + + api_rval = ocrouter.create() + + module.exit_json(changed=True, results=api_rval, state="present") + + ######## + # Update + ######## + if not ocrouter.needs_update(): + module.exit_json(changed=False, state="present") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed an update.') + + api_rval = ocrouter.update() + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + module.exit_json(changed=True, results=api_rval, state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * +main() diff --git a/roles/lib_openshift_api/build/generate.py b/roles/lib_openshift_api/build/generate.py index cf3f61d2c..9fc1986f1 100755 --- a/roles/lib_openshift_api/build/generate.py +++ b/roles/lib_openshift_api/build/generate.py @@ -33,6 +33,11 @@ FILES = {'oc_obj.py': ['src/base.py', 'src/edit.py', 'ansible/edit.py', ], + 'oadm_router.py': ['src/base.py', + '../../lib_yaml_editor/build/src/yedit.py', + 'src/router.py', + 'ansible/router.py', + ], } diff --git a/roles/lib_openshift_api/build/src/base.py b/roles/lib_openshift_api/build/src/base.py index 66831c4e2..257379d92 100644 --- a/roles/lib_openshift_api/build/src/base.py +++ b/roles/lib_openshift_api/build/src/base.py @@ -20,12 +20,12 @@ yaml.add_constructor(u'tag:yaml.org,2002:timestamp', timestamp_constructor) # pylint: disable=too-few-public-methods class OpenShiftCLI(object): - ''' Class to wrap the oc command line tools ''' + ''' Class to wrap the command line tools ''' def __init__(self, namespace, kubeconfig='/etc/origin/master/admin.kubeconfig', verbose=False): - ''' Constructor for OpenshiftOC ''' + ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose self.kubeconfig = kubeconfig @@ -58,15 +58,15 @@ class OpenShiftCLI(object): cmd = ['-n', self.namespace, 'replace', '-f', fname] if force: cmd.append('--force') - return self.oc_cmd(cmd) + return self.openshift_cmd(cmd) def _create(self, fname): '''return all pods ''' - return self.oc_cmd(['create', '-f', fname, '-n', self.namespace]) + return self.openshift_cmd(['create', '-f', fname, '-n', self.namespace]) def _delete(self, resource, rname): '''return all pods ''' - return self.oc_cmd(['delete', resource, rname, '-n', self.namespace]) + return self.openshift_cmd(['delete', resource, rname, '-n', self.namespace]) def _get(self, resource, rname=None): '''return a secret by name ''' @@ -74,7 +74,7 @@ class OpenShiftCLI(object): if rname: cmd.append(rname) - rval = self.oc_cmd(cmd, output=True) + rval = self.openshift_cmd(cmd, output=True) # Ensure results are retuned in an array if rval.has_key('items'): @@ -84,10 +84,15 @@ class OpenShiftCLI(object): return rval - def oc_cmd(self, cmd, output=False): + def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json'): '''Base command for oc ''' #cmds = ['/usr/bin/oc', '--config', self.kubeconfig] - cmds = ['/usr/bin/oc'] + cmds = [] + if oadm: + cmds = ['/usr/bin/oadm'] + else: + cmds = ['/usr/bin/oc'] + cmds.extend(cmd) rval = {} @@ -105,18 +110,21 @@ class OpenShiftCLI(object): proc.wait() stdout = proc.stdout.read() stderr = proc.stderr.read() - rval = {"returncode": proc.returncode, "results": results, + "cmd": ' '.join(cmds), } if proc.returncode == 0: if output: - try: - rval['results'] = json.loads(stdout) - except ValueError as err: - if "No JSON object could be decoded" in err.message: - err = err.message + if output_type == 'json': + try: + rval['results'] = json.loads(stdout) + except ValueError as err: + if "No JSON object could be decoded" in err.message: + err = err.message + elif output_type == 'raw': + rval['results'] = stdout if self.verbose: print stdout @@ -219,11 +227,13 @@ class Utils(object): # Disabling too-many-branches. This is a yaml dictionary comparison function # pylint: disable=too-many-branches,too-many-return-statements @staticmethod - def check_def_equal(user_def, result_def, debug=False): + def check_def_equal(user_def, result_def, skip_keys=None, debug=False): ''' Given a user defined definition, compare it with the results given back by our query. ''' # Currently these values are autogenerated and we do not need to check them skip = ['metadata', 'status'] + if skip_keys: + skip.extend(skip_keys) for key, value in result_def.items(): if key in skip: @@ -232,11 +242,27 @@ class Utils(object): # Both are lists if isinstance(value, list): if not isinstance(user_def[key], list): + if debug: + print 'user_def[key] is not a list' return False - # lists should be identical - if value != user_def[key]: - return False + for values in zip(user_def[key], value): + if isinstance(values[0], dict) and isinstance(values[1], dict): + if debug: + print 'sending list - list' + print type(values[0]) + print type(values[1]) + result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug) + if not result: + print 'list compare returned false' + return False + + elif value != user_def[key]: + if debug: + print 'value should be identical' + print value + print user_def[key] + return False # recurse on a dictionary elif isinstance(value, dict): @@ -255,10 +281,11 @@ class Utils(object): print "keys are not equal in dict" return False - result = Utils.check_def_equal(user_def[key], value, debug=debug) + result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) if not result: if debug: print "dict returned false" + print result return False # Verify each key, value pair is the same diff --git a/roles/lib_openshift_api/build/src/obj.py b/roles/lib_openshift_api/build/src/obj.py index a3ad4b3c4..13aeba8e1 100644 --- a/roles/lib_openshift_api/build/src/obj.py +++ b/roles/lib_openshift_api/build/src/obj.py @@ -62,7 +62,7 @@ class OCObject(OpenShiftCLI): data = Utils.get_resource_file(files[0], content_type) # if equal then no need. So not equal is True - return not Utils.check_def_equal(data, objects['results'][0], True) + return not Utils.check_def_equal(data, objects['results'][0], skip_keys=None, debug=False) else: data = content diff --git a/roles/lib_openshift_api/build/src/router.py b/roles/lib_openshift_api/build/src/router.py new file mode 100644 index 000000000..69454d594 --- /dev/null +++ b/roles/lib_openshift_api/build/src/router.py @@ -0,0 +1,152 @@ +# pylint: skip-file + +import time + +class RouterConfig(object): + ''' RouterConfig is a DTO for the router. ''' + def __init__(self, rname, kubeconfig, router_options): + self.name = rname + self.kubeconfig = kubeconfig + self._router_options = router_options + + @property + def router_options(self): + ''' return router options ''' + return self._router_options + + def to_option_list(self): + ''' return all options as a string''' + return RouterConfig.stringify(self.router_options) + + @staticmethod + def stringify(options): + ''' return hash as list of key value pairs ''' + rval = [] + for key, data in options.items(): + if data['include'] and data['value']: + rval.append('--%s=%s' % (key.replace('_', '-'), data['value'])) + + return rval + +class Router(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + def __init__(self, + router_config, + verbose=False): + ''' Constructor for OpenshiftOC + + a router consists of 3 or more parts + - dc/router + - svc/router + - endpoint/router + ''' + super(Router, self).__init__('default', router_config.kubeconfig, verbose) + self.rconfig = router_config + self.verbose = verbose + self.router_parts = [{'kind': 'dc', 'name': self.rconfig.name}, + {'kind': 'svc', 'name': self.rconfig.name}, + #{'kind': 'endpoints', 'name': self.rconfig.name}, + ] + def get(self, filter_kind=None): + ''' return the self.router_parts ''' + rparts = self.router_parts + parts = [] + if filter_kind: + rparts = [part for part in self.router_parts if filter_kind == part['kind']] + + for part in rparts: + parts.append(self._get(part['kind'], rname=part['name'])) + + return parts + + def exists(self): + '''return a deploymentconfig by name ''' + parts = self.get() + for part in parts: + if part['returncode'] != 0: + return False + + return True + + def delete(self): + '''return all pods ''' + parts = [] + for part in self.router_parts: + parts.append(self._delete(part['kind'], part['name'])) + + return parts + + def create(self, dryrun=False, output=False, output_type='json'): + '''Create a deploymentconfig ''' + # We need to create the pem file + router_pem = '/tmp/router.pem' + with open(router_pem, 'w') as rfd: + rfd.write(open(self.rconfig.router_options['cert_file']['value']).read()) + rfd.write(open(self.rconfig.router_options['key_file']['value']).read()) + + atexit.register(Utils.cleanup, [router_pem]) + self.rconfig.router_options['default_cert']['value'] = router_pem + + options = self.rconfig.to_option_list() + + cmd = ['router'] + cmd.extend(options) + if dryrun: + cmd.extend(['--dry-run=True', '-o', 'json']) + + results = self.openshift_cmd(cmd, oadm=True, output=output, output_type=output_type) + + return results + + def update(self): + '''run update for the router. This performs a delete and then create ''' + parts = self.delete() + if any([part['returncode'] != 0 for part in parts]): + return parts + + # Ugly built in sleep here. + time.sleep(15) + + return self.create() + + def needs_update(self, verbose=False): + ''' check to see if we need to update ''' + dc_inmem = self.get(filter_kind='dc')[0] + if dc_inmem['returncode'] != 0: + return dc_inmem + + user_dc = self.create(dryrun=True, output=True, output_type='raw') + if user_dc['returncode'] != 0: + return user_dc + + # Since the output from oadm_router is returned as raw + # we need to parse it. The first line is the stats_password + user_dc_results = user_dc['results'].split('\n') + # stats_password = user_dc_results[0] + + # Load the string back into json and get the newly created dc + user_dc = json.loads('\n'.join(user_dc_results[1:]))['items'][0] + + # Router needs some exceptions. + # We do not want to check the autogenerated password for stats admin + if not self.rconfig.router_options['stats_password']['value']: + for idx, env_var in enumerate(user_dc['spec']['template']['spec']['containers'][0]['env']): + if env_var['name'] == 'STATS_PASSWORD': + env_var['value'] = \ + dc_inmem['results'][0]['spec']['template']['spec']['containers'][0]['env'][idx]['value'] + + # dry-run doesn't add the protocol to the ports section. We will manually do that. + for idx, port in enumerate(user_dc['spec']['template']['spec']['containers'][0]['ports']): + if not port.has_key('protocol'): + port['protocol'] = 'TCP' + + # These are different when generating + skip = ['dnsPolicy', + 'terminationGracePeriodSeconds', + 'restartPolicy', 'timeoutSeconds', + 'livenessProbe', 'readinessProbe', + 'terminationMessagePath', + 'rollingParams', + ] + + return not Utils.check_def_equal(user_dc, dc_inmem['results'][0], skip_keys=skip, debug=verbose) diff --git a/roles/lib_openshift_api/build/src/secret.py b/roles/lib_openshift_api/build/src/secret.py index af61dfa01..154716828 100644 --- a/roles/lib_openshift_api/build/src/secret.py +++ b/roles/lib_openshift_api/build/src/secret.py @@ -32,7 +32,7 @@ class Secret(OpenShiftCLI): cmd = ['-n%s' % self.namespace, 'secrets', 'new', self.name] cmd.extend(secrets) - return self.oc_cmd(cmd) + return self.openshift_cmd(cmd) def update(self, files, force=False): '''run update secret @@ -63,6 +63,6 @@ class Secret(OpenShiftCLI): cmd = ['-ojson', '-n%s' % self.namespace, 'secrets', 'new', self.name] cmd.extend(secrets) - return self.oc_cmd(cmd, output=True) + return self.openshift_cmd(cmd, output=True) diff --git a/roles/lib_openshift_api/build/test/router.yml b/roles/lib_openshift_api/build/test/router.yml new file mode 100755 index 000000000..7ab192b97 --- /dev/null +++ b/roles/lib_openshift_api/build/test/router.yml @@ -0,0 +1,79 @@ +#!/usr/bin/ansible-playbook +--- +- hosts: "oo_clusterid_mwoodson:&oo_master_primary" + gather_facts: no + user: root + + tasks: + - oadm_router: + state: absent + credentials: /etc/origin/master/openshift-router.kubeconfig + service_account: router + replicas: 2 + namespace: default + selector: type=infra + cert_file: /etc/origin/master/named_certificates/12ab.mwoodson.openshiftapps.com.crt + key_file: /etc/origin/master/named_certificates/12ab.mwoodson.openshiftapps.com.key + register: routerout + + - debug: var=routerout + + - pause: + seconds: 10 + + - oadm_router: + credentials: /etc/origin/master/openshift-router.kubeconfig + service_account: router + replicas: 2 + namespace: default + selector: type=infra + cert_file: /etc/origin/master/named_certificates/12ab.mwoodson.openshiftapps.com.crt + key_file: /etc/origin/master/named_certificates/12ab.mwoodson.openshiftapps.com.key + register: routerout + + - debug: var=routerout + + - pause: + seconds: 10 + + - oadm_router: + credentials: /etc/origin/master/openshift-router.kubeconfig + service_account: router + replicas: 2 + namespace: default + selector: type=infra + cert_file: /etc/origin/master/named_certificates/12ab.mwoodson.openshiftapps.com.crt + key_file: /etc/origin/master/named_certificates/12ab.mwoodson.openshiftapps.com.key + register: routerout + + - debug: var=routerout + + - pause: + seconds: 10 + + - oadm_router: + credentials: /etc/origin/master/openshift-router.kubeconfig + service_account: router + replicas: 3 + namespace: default + selector: type=test + cert_file: /etc/origin/master/named_certificates/12ab.mwoodson.openshiftapps.com.crt + key_file: /etc/origin/master/named_certificates/12ab.mwoodson.openshiftapps.com.key + register: routerout + + - debug: var=routerout + + - pause: + seconds: 10 + + - oadm_router: + credentials: /etc/origin/master/openshift-router.kubeconfig + service_account: router + replicas: 2 + namespace: default + selector: type=infra + cert_file: /etc/origin/master/named_certificates/12ab.mwoodson.openshiftapps.com.crt + key_file: /etc/origin/master/named_certificates/12ab.mwoodson.openshiftapps.com.key + register: routerout + + - debug: var=routerout diff --git a/roles/lib_openshift_api/library/oadm_router.py b/roles/lib_openshift_api/library/oadm_router.py new file mode 100644 index 000000000..c6b45c14e --- /dev/null +++ b/roles/lib_openshift_api/library/oadm_router.py @@ -0,0 +1,807 @@ +#!/usr/bin/env python +# ___ ___ _ _ ___ ___ _ _____ ___ ___ +# / __| __| \| | __| _ \ /_\_ _| __| \ +# | (_ | _|| .` | _|| / / _ \| | | _|| |) | +# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ +# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _| +# | |) | (_) | | .` | (_) || | | _|| |) | | | | +# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_| +''' + OpenShiftCLI class that wraps the oc commands in a subprocess +''' + +import atexit +import json +import os +import shutil +import subprocess +import re + +import yaml +# This is here because of a bug that causes yaml +# to incorrectly handle timezone info on timestamps +def timestamp_constructor(_, node): + '''return timestamps as strings''' + return str(node.value) +yaml.add_constructor(u'tag:yaml.org,2002:timestamp', timestamp_constructor) + +# pylint: disable=too-few-public-methods +class OpenShiftCLI(object): + ''' Class to wrap the command line tools ''' + def __init__(self, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftCLI ''' + self.namespace = namespace + self.verbose = verbose + self.kubeconfig = kubeconfig + + # Pylint allows only 5 arguments to be passed. + # pylint: disable=too-many-arguments + def _replace_content(self, resource, rname, content, force=False): + ''' replace the current object with the content ''' + res = self._get(resource, rname) + if not res['results']: + return res + + fname = '/tmp/%s' % rname + yed = Yedit(fname, res['results'][0]) + changes = [] + for key, value in content.items(): + changes.append(yed.put(key, value)) + + if any([not change[0] for change in changes]): + return {'returncode': 0, 'updated': False} + + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._replace(fname, force) + + def _replace(self, fname, force=False): + '''return all pods ''' + cmd = ['-n', self.namespace, 'replace', '-f', fname] + if force: + cmd.append('--force') + return self.openshift_cmd(cmd) + + def _create(self, fname): + '''return all pods ''' + return self.openshift_cmd(['create', '-f', fname, '-n', self.namespace]) + + def _delete(self, resource, rname): + '''return all pods ''' + return self.openshift_cmd(['delete', resource, rname, '-n', self.namespace]) + + def _get(self, resource, rname=None): + '''return a secret by name ''' + cmd = ['get', resource, '-o', 'json', '-n', self.namespace] + if rname: + cmd.append(rname) + + rval = self.openshift_cmd(cmd, output=True) + + # Ensure results are retuned in an array + if rval.has_key('items'): + rval['results'] = rval['items'] + elif not isinstance(rval['results'], list): + rval['results'] = [rval['results']] + + return rval + + def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json'): + '''Base command for oc ''' + #cmds = ['/usr/bin/oc', '--config', self.kubeconfig] + cmds = [] + if oadm: + cmds = ['/usr/bin/oadm'] + else: + cmds = ['/usr/bin/oc'] + + cmds.extend(cmd) + + rval = {} + results = '' + err = None + + if self.verbose: + print ' '.join(cmds) + + proc = subprocess.Popen(cmds, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + env={'KUBECONFIG': self.kubeconfig}) + + proc.wait() + stdout = proc.stdout.read() + stderr = proc.stderr.read() + rval = {"returncode": proc.returncode, + "results": results, + "cmd": ' '.join(cmds), + } + + if proc.returncode == 0: + if output: + if output_type == 'json': + try: + rval['results'] = json.loads(stdout) + except ValueError as err: + if "No JSON object could be decoded" in err.message: + err = err.message + elif output_type == 'raw': + rval['results'] = stdout + + if self.verbose: + print stdout + print stderr + print + + if err: + rval.update({"err": err, + "stderr": stderr, + "stdout": stdout, + "cmd": cmds + }) + + else: + rval.update({"stderr": stderr, + "stdout": stdout, + "results": {}, + }) + + return rval + +class Utils(object): + ''' utilities for openshiftcli modules ''' + @staticmethod + def create_file(rname, data, ftype=None): + ''' create a file in tmp with name and contents''' + path = os.path.join('/tmp', rname) + with open(path, 'w') as fds: + if ftype == 'yaml': + fds.write(yaml.safe_dump(data, default_flow_style=False)) + + elif ftype == 'json': + fds.write(json.dumps(data)) + else: + fds.write(data) + + # Register cleanup when module is done + atexit.register(Utils.cleanup, [path]) + return path + + @staticmethod + def create_files_from_contents(data): + '''Turn an array of dict: filename, content into a files array''' + files = [] + + for sfile in data: + path = Utils.create_file(sfile['path'], sfile['content']) + files.append(path) + + return files + + @staticmethod + def cleanup(files): + '''Clean up on exit ''' + for sfile in files: + if os.path.exists(sfile): + if os.path.isdir(sfile): + shutil.rmtree(sfile) + elif os.path.isfile(sfile): + os.remove(sfile) + + + @staticmethod + def exists(results, _name): + ''' Check to see if the results include the name ''' + if not results: + return False + + + if Utils.find_result(results, _name): + return True + + return False + + @staticmethod + def find_result(results, _name): + ''' Find the specified result by name''' + rval = None + for result in results: + if result.has_key('metadata') and result['metadata']['name'] == _name: + rval = result + break + + return rval + + @staticmethod + def get_resource_file(sfile, sfile_type='yaml'): + ''' return the service file ''' + contents = None + with open(sfile) as sfd: + contents = sfd.read() + + if sfile_type == 'yaml': + contents = yaml.safe_load(contents) + elif sfile_type == 'json': + contents = json.loads(contents) + + return contents + + # Disabling too-many-branches. This is a yaml dictionary comparison function + # pylint: disable=too-many-branches,too-many-return-statements + @staticmethod + def check_def_equal(user_def, result_def, skip_keys=None, debug=False): + ''' Given a user defined definition, compare it with the results given back by our query. ''' + + # Currently these values are autogenerated and we do not need to check them + skip = ['metadata', 'status'] + if skip_keys: + skip.extend(skip_keys) + + for key, value in result_def.items(): + if key in skip: + continue + + # Both are lists + if isinstance(value, list): + if not isinstance(user_def[key], list): + if debug: + print 'user_def[key] is not a list' + return False + + for values in zip(user_def[key], value): + if isinstance(values[0], dict) and isinstance(values[1], dict): + if debug: + print 'sending list - list' + print type(values[0]) + print type(values[1]) + result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug) + if not result: + print 'list compare returned false' + return False + + elif value != user_def[key]: + if debug: + print 'value should be identical' + print value + print user_def[key] + return False + + # recurse on a dictionary + elif isinstance(value, dict): + if not isinstance(user_def[key], dict): + if debug: + print "dict returned false not instance of dict" + return False + + # before passing ensure keys match + api_values = set(value.keys()) - set(skip) + user_values = set(user_def[key].keys()) - set(skip) + if api_values != user_values: + if debug: + print api_values + print user_values + print "keys are not equal in dict" + return False + + result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) + if not result: + if debug: + print "dict returned false" + print result + return False + + # Verify each key, value pair is the same + else: + if not user_def.has_key(key) or value != user_def[key]: + if debug: + print "value not equal; user_def does not have key" + print value + print user_def[key] + return False + + return True + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([a-zA-Z-./]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([a-zA-Z-./]+)" + + def __init__(self, filename=None, content=None, content_type='yaml'): + self.content = content + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + if self.filename and not self.content: + self.load(content_type=self.content_type) + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def remove_entry(data, key): + ''' remove data at location key ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + curr_data = data + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and data.has_key(dict_key): + data = data[dict_key] + continue + + data[dict_key] = {} + data = data[dict_key] + + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for add + # expected list entry + if key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + return curr_data + + @staticmethod + def get_entry(data, key): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + return data + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + with open(self.filename, 'w') as yfd: + yfd.write(yaml.safe_dump(self.yaml_dict, default_flow_style=False)) + + def read(self): + ''' write to file ''' + # check if it exists + if not self.exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents: + return None + + # check if it is yaml + try: + if content_type == 'yaml': + self.yaml_dict = yaml.load(contents) + elif content_type == 'json': + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as _: + # Error loading yaml or json + return None + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + return entry + + def delete(self, key): + ''' remove key from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + if not entry: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, key) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def put(self, key, value): + ''' put key, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + result = Yedit.add_entry(self.yaml_dict, key, value) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def create(self, key, value): + ''' create a yaml file ''' + if not self.exists(): + self.yaml_dict = {key: value} + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + +import time + +class RouterConfig(object): + ''' RouterConfig is a DTO for the router. ''' + def __init__(self, rname, kubeconfig, router_options): + self.name = rname + self.kubeconfig = kubeconfig + self._router_options = router_options + + @property + def router_options(self): + ''' return router options ''' + return self._router_options + + def to_option_list(self): + ''' return all options as a string''' + return RouterConfig.stringify(self.router_options) + + @staticmethod + def stringify(options): + ''' return hash as list of key value pairs ''' + rval = [] + for key, data in options.items(): + if data['include'] and data['value']: + rval.append('--%s=%s' % (key.replace('_', '-'), data['value'])) + + return rval + +class Router(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + def __init__(self, + router_config, + verbose=False): + ''' Constructor for OpenshiftOC + + a router consists of 3 or more parts + - dc/router + - svc/router + - endpoint/router + ''' + super(Router, self).__init__('default', router_config.kubeconfig, verbose) + self.rconfig = router_config + self.verbose = verbose + self.router_parts = [{'kind': 'dc', 'name': self.rconfig.name}, + {'kind': 'svc', 'name': self.rconfig.name}, + #{'kind': 'endpoints', 'name': self.rconfig.name}, + ] + def get(self, filter_kind=None): + ''' return the self.router_parts ''' + rparts = self.router_parts + parts = [] + if filter_kind: + rparts = [part for part in self.router_parts if filter_kind == part['kind']] + + for part in rparts: + parts.append(self._get(part['kind'], rname=part['name'])) + + return parts + + def exists(self): + '''return a deploymentconfig by name ''' + parts = self.get() + for part in parts: + if part['returncode'] != 0: + return False + + return True + + def delete(self): + '''return all pods ''' + parts = [] + for part in self.router_parts: + parts.append(self._delete(part['kind'], part['name'])) + + return parts + + def create(self, dryrun=False, output=False, output_type='json'): + '''Create a deploymentconfig ''' + # We need to create the pem file + router_pem = '/tmp/router.pem' + with open(router_pem, 'w') as rfd: + rfd.write(open(self.rconfig.router_options['cert_file']['value']).read()) + rfd.write(open(self.rconfig.router_options['key_file']['value']).read()) + + atexit.register(Utils.cleanup, [router_pem]) + self.rconfig.router_options['default_cert']['value'] = router_pem + + options = self.rconfig.to_option_list() + + cmd = ['router'] + cmd.extend(options) + if dryrun: + cmd.extend(['--dry-run=True', '-o', 'json']) + + results = self.openshift_cmd(cmd, oadm=True, output=output, output_type=output_type) + + return results + + def update(self): + '''run update for the router. This performs a delete and then create ''' + parts = self.delete() + if any([part['returncode'] != 0 for part in parts]): + return parts + + # Ugly built in sleep here. + time.sleep(15) + + return self.create() + + def needs_update(self, verbose=False): + ''' check to see if we need to update ''' + dc_inmem = self.get(filter_kind='dc')[0] + if dc_inmem['returncode'] != 0: + return dc_inmem + + user_dc = self.create(dryrun=True, output=True, output_type='raw') + if user_dc['returncode'] != 0: + return user_dc + + # Since the output from oadm_router is returned as raw + # we need to parse it. The first line is the stats_password + user_dc_results = user_dc['results'].split('\n') + # stats_password = user_dc_results[0] + + # Load the string back into json and get the newly created dc + user_dc = json.loads('\n'.join(user_dc_results[1:]))['items'][0] + + # Router needs some exceptions. + # We do not want to check the autogenerated password for stats admin + if not self.rconfig.router_options['stats_password']['value']: + for idx, env_var in enumerate(user_dc['spec']['template']['spec']['containers'][0]['env']): + if env_var['name'] == 'STATS_PASSWORD': + env_var['value'] = \ + dc_inmem['results'][0]['spec']['template']['spec']['containers'][0]['env'][idx]['value'] + + # dry-run doesn't add the protocol to the ports section. We will manually do that. + for idx, port in enumerate(user_dc['spec']['template']['spec']['containers'][0]['ports']): + if not port.has_key('protocol'): + port['protocol'] = 'TCP' + + # These are different when generating + skip = ['dnsPolicy', + 'terminationGracePeriodSeconds', + 'restartPolicy', 'timeoutSeconds', + 'livenessProbe', 'readinessProbe', + 'terminationMessagePath', + 'rollingParams', + ] + + return not Utils.check_def_equal(user_dc, dc_inmem['results'][0], skip_keys=skip, debug=verbose) + +def main(): + ''' + ansible oc module for secrets + ''' + + module = AnsibleModule( + argument_spec=dict( + state=dict(default='present', type='str', + choices=['present', 'absent']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + name=dict(default='router', type='str'), + + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + credentials=dict(default='/etc/origin/master/openshift-router.kubeconfig', type='str'), + cert_file=dict(default=None, type='str'), + key_file=dict(default=None, type='str'), + image=dict(default=None, type='str'), #'openshift3/ose-${component}:${version}' + latest_image=dict(default=False, type='bool'), + labels=dict(default=None, type='list'), + ports=dict(default=['80:80', '443:443'], type='list'), + replicas=dict(default=1, type='int'), + selector=dict(default=None, type='str'), + service_account=dict(default='router', type='str'), + router_type=dict(default='haproxy-router', type='str'), + host_network=dict(default=True, type='bool'), + # external host options + external_host=dict(default=None, type='str'), + external_host_vserver=dict(default=None, type='str'), + external_host_insecure=dict(default=False, type='bool'), + external_host_partition_path=dict(default=None, type='str'), + external_host_username=dict(default=None, type='str'), + external_host_password=dict(default=None, type='str'), + external_host_private_key=dict(default=None, type='str'), + # Metrics + expose_metrics=dict(default=False, type='bool'), + metrics_image=dict(default=None, type='str'), + # Stats + stats_user=dict(default=None, type='str'), + stats_password=dict(default=None, type='str'), + stats_port=dict(default=1936, type='int'), + + ), + mutually_exclusive=[["router_type", "images"]], + + supports_check_mode=True, + ) + + rconfig = RouterConfig(module.params['name'], + module.params['kubeconfig'], + {'credentials': {'value': module.params['credentials'], 'include': True}, + 'default_cert': {'value': None, 'include': True}, + 'cert_file': {'value': module.params['cert_file'], 'include': False}, + 'key_file': {'value': module.params['key_file'], 'include': False}, + 'image': {'value': module.params['image'], 'include': True}, + 'latest_image': {'value': module.params['latest_image'], 'include': True}, + 'labels': {'value': module.params['labels'], 'include': True}, + 'ports': {'value': ','.join(module.params['ports']), 'include': True}, + 'replicas': {'value': module.params['replicas'], 'include': True}, + 'selector': {'value': module.params['selector'], 'include': True}, + 'service_account': {'value': module.params['service_account'], 'include': True}, + 'router_type': {'value': module.params['router_type'], 'include': False}, + 'host_network': {'value': module.params['host_network'], 'include': True}, + 'external_host': {'value': module.params['external_host'], 'include': True}, + 'external_host_vserver': {'value': module.params['external_host_vserver'], + 'include': True}, + 'external_host_insecure': {'value': module.params['external_host_insecure'], + 'include': True}, + 'external_host_partition_path': {'value': module.params['external_host_partition_path'], + 'include': True}, + 'external_host_username': {'value': module.params['external_host_username'], + 'include': True}, + 'external_host_password': {'value': module.params['external_host_password'], + 'include': True}, + 'external_host_private_key': {'value': module.params['external_host_private_key'], + 'include': True}, + 'expose_metrics': {'value': module.params['expose_metrics'], 'include': True}, + 'metrics_image': {'value': module.params['metrics_image'], 'include': True}, + 'stats_user': {'value': module.params['stats_user'], 'include': True}, + 'stats_password': {'value': module.params['stats_password'], 'include': True}, + 'stats_port': {'value': module.params['stats_port'], 'include': True}, + }) + + + ocrouter = Router(rconfig) + + state = module.params['state'] + + ######## + # Delete + ######## + if state == 'absent': + if not ocrouter.exists(): + module.exit_json(changed=False, state="absent") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a delete.') + + api_rval = ocrouter.delete() + module.exit_json(changed=True, results=api_rval, state="absent") + + + if state == 'present': + ######## + # Create + ######## + if not ocrouter.exists(): + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a create.') + + api_rval = ocrouter.create() + + module.exit_json(changed=True, results=api_rval, state="present") + + ######## + # Update + ######## + if not ocrouter.needs_update(): + module.exit_json(changed=False, state="present") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed an update.') + + api_rval = ocrouter.update() + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + module.exit_json(changed=True, results=api_rval, state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * +main() diff --git a/roles/lib_openshift_api/library/oc_edit.py b/roles/lib_openshift_api/library/oc_edit.py index 44e77331d..e43b6175a 100644 --- a/roles/lib_openshift_api/library/oc_edit.py +++ b/roles/lib_openshift_api/library/oc_edit.py @@ -27,12 +27,12 @@ yaml.add_constructor(u'tag:yaml.org,2002:timestamp', timestamp_constructor) # pylint: disable=too-few-public-methods class OpenShiftCLI(object): - ''' Class to wrap the oc command line tools ''' + ''' Class to wrap the command line tools ''' def __init__(self, namespace, kubeconfig='/etc/origin/master/admin.kubeconfig', verbose=False): - ''' Constructor for OpenshiftOC ''' + ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose self.kubeconfig = kubeconfig @@ -65,15 +65,15 @@ class OpenShiftCLI(object): cmd = ['-n', self.namespace, 'replace', '-f', fname] if force: cmd.append('--force') - return self.oc_cmd(cmd) + return self.openshift_cmd(cmd) def _create(self, fname): '''return all pods ''' - return self.oc_cmd(['create', '-f', fname, '-n', self.namespace]) + return self.openshift_cmd(['create', '-f', fname, '-n', self.namespace]) def _delete(self, resource, rname): '''return all pods ''' - return self.oc_cmd(['delete', resource, rname, '-n', self.namespace]) + return self.openshift_cmd(['delete', resource, rname, '-n', self.namespace]) def _get(self, resource, rname=None): '''return a secret by name ''' @@ -81,7 +81,7 @@ class OpenShiftCLI(object): if rname: cmd.append(rname) - rval = self.oc_cmd(cmd, output=True) + rval = self.openshift_cmd(cmd, output=True) # Ensure results are retuned in an array if rval.has_key('items'): @@ -91,10 +91,15 @@ class OpenShiftCLI(object): return rval - def oc_cmd(self, cmd, output=False): + def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json'): '''Base command for oc ''' #cmds = ['/usr/bin/oc', '--config', self.kubeconfig] - cmds = ['/usr/bin/oc'] + cmds = [] + if oadm: + cmds = ['/usr/bin/oadm'] + else: + cmds = ['/usr/bin/oc'] + cmds.extend(cmd) rval = {} @@ -112,18 +117,21 @@ class OpenShiftCLI(object): proc.wait() stdout = proc.stdout.read() stderr = proc.stderr.read() - rval = {"returncode": proc.returncode, "results": results, + "cmd": ' '.join(cmds), } if proc.returncode == 0: if output: - try: - rval['results'] = json.loads(stdout) - except ValueError as err: - if "No JSON object could be decoded" in err.message: - err = err.message + if output_type == 'json': + try: + rval['results'] = json.loads(stdout) + except ValueError as err: + if "No JSON object could be decoded" in err.message: + err = err.message + elif output_type == 'raw': + rval['results'] = stdout if self.verbose: print stdout @@ -226,11 +234,13 @@ class Utils(object): # Disabling too-many-branches. This is a yaml dictionary comparison function # pylint: disable=too-many-branches,too-many-return-statements @staticmethod - def check_def_equal(user_def, result_def, debug=False): + def check_def_equal(user_def, result_def, skip_keys=None, debug=False): ''' Given a user defined definition, compare it with the results given back by our query. ''' # Currently these values are autogenerated and we do not need to check them skip = ['metadata', 'status'] + if skip_keys: + skip.extend(skip_keys) for key, value in result_def.items(): if key in skip: @@ -239,11 +249,27 @@ class Utils(object): # Both are lists if isinstance(value, list): if not isinstance(user_def[key], list): + if debug: + print 'user_def[key] is not a list' return False - # lists should be identical - if value != user_def[key]: - return False + for values in zip(user_def[key], value): + if isinstance(values[0], dict) and isinstance(values[1], dict): + if debug: + print 'sending list - list' + print type(values[0]) + print type(values[1]) + result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug) + if not result: + print 'list compare returned false' + return False + + elif value != user_def[key]: + if debug: + print 'value should be identical' + print value + print user_def[key] + return False # recurse on a dictionary elif isinstance(value, dict): @@ -262,10 +288,11 @@ class Utils(object): print "keys are not equal in dict" return False - result = Utils.check_def_equal(user_def[key], value, debug=debug) + result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) if not result: if debug: print "dict returned false" + print result return False # Verify each key, value pair is the same diff --git a/roles/lib_openshift_api/library/oc_obj.py b/roles/lib_openshift_api/library/oc_obj.py index c058072e3..f0ea66aee 100644 --- a/roles/lib_openshift_api/library/oc_obj.py +++ b/roles/lib_openshift_api/library/oc_obj.py @@ -27,12 +27,12 @@ yaml.add_constructor(u'tag:yaml.org,2002:timestamp', timestamp_constructor) # pylint: disable=too-few-public-methods class OpenShiftCLI(object): - ''' Class to wrap the oc command line tools ''' + ''' Class to wrap the command line tools ''' def __init__(self, namespace, kubeconfig='/etc/origin/master/admin.kubeconfig', verbose=False): - ''' Constructor for OpenshiftOC ''' + ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose self.kubeconfig = kubeconfig @@ -65,15 +65,15 @@ class OpenShiftCLI(object): cmd = ['-n', self.namespace, 'replace', '-f', fname] if force: cmd.append('--force') - return self.oc_cmd(cmd) + return self.openshift_cmd(cmd) def _create(self, fname): '''return all pods ''' - return self.oc_cmd(['create', '-f', fname, '-n', self.namespace]) + return self.openshift_cmd(['create', '-f', fname, '-n', self.namespace]) def _delete(self, resource, rname): '''return all pods ''' - return self.oc_cmd(['delete', resource, rname, '-n', self.namespace]) + return self.openshift_cmd(['delete', resource, rname, '-n', self.namespace]) def _get(self, resource, rname=None): '''return a secret by name ''' @@ -81,7 +81,7 @@ class OpenShiftCLI(object): if rname: cmd.append(rname) - rval = self.oc_cmd(cmd, output=True) + rval = self.openshift_cmd(cmd, output=True) # Ensure results are retuned in an array if rval.has_key('items'): @@ -91,10 +91,15 @@ class OpenShiftCLI(object): return rval - def oc_cmd(self, cmd, output=False): + def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json'): '''Base command for oc ''' #cmds = ['/usr/bin/oc', '--config', self.kubeconfig] - cmds = ['/usr/bin/oc'] + cmds = [] + if oadm: + cmds = ['/usr/bin/oadm'] + else: + cmds = ['/usr/bin/oc'] + cmds.extend(cmd) rval = {} @@ -112,18 +117,21 @@ class OpenShiftCLI(object): proc.wait() stdout = proc.stdout.read() stderr = proc.stderr.read() - rval = {"returncode": proc.returncode, "results": results, + "cmd": ' '.join(cmds), } if proc.returncode == 0: if output: - try: - rval['results'] = json.loads(stdout) - except ValueError as err: - if "No JSON object could be decoded" in err.message: - err = err.message + if output_type == 'json': + try: + rval['results'] = json.loads(stdout) + except ValueError as err: + if "No JSON object could be decoded" in err.message: + err = err.message + elif output_type == 'raw': + rval['results'] = stdout if self.verbose: print stdout @@ -226,11 +234,13 @@ class Utils(object): # Disabling too-many-branches. This is a yaml dictionary comparison function # pylint: disable=too-many-branches,too-many-return-statements @staticmethod - def check_def_equal(user_def, result_def, debug=False): + def check_def_equal(user_def, result_def, skip_keys=None, debug=False): ''' Given a user defined definition, compare it with the results given back by our query. ''' # Currently these values are autogenerated and we do not need to check them skip = ['metadata', 'status'] + if skip_keys: + skip.extend(skip_keys) for key, value in result_def.items(): if key in skip: @@ -239,11 +249,27 @@ class Utils(object): # Both are lists if isinstance(value, list): if not isinstance(user_def[key], list): + if debug: + print 'user_def[key] is not a list' return False - # lists should be identical - if value != user_def[key]: - return False + for values in zip(user_def[key], value): + if isinstance(values[0], dict) and isinstance(values[1], dict): + if debug: + print 'sending list - list' + print type(values[0]) + print type(values[1]) + result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug) + if not result: + print 'list compare returned false' + return False + + elif value != user_def[key]: + if debug: + print 'value should be identical' + print value + print user_def[key] + return False # recurse on a dictionary elif isinstance(value, dict): @@ -262,10 +288,11 @@ class Utils(object): print "keys are not equal in dict" return False - result = Utils.check_def_equal(user_def[key], value, debug=debug) + result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) if not result: if debug: print "dict returned false" + print result return False # Verify each key, value pair is the same @@ -549,7 +576,7 @@ class OCObject(OpenShiftCLI): data = Utils.get_resource_file(files[0], content_type) # if equal then no need. So not equal is True - return not Utils.check_def_equal(data, objects['results'][0], True) + return not Utils.check_def_equal(data, objects['results'][0], skip_keys=None, debug=False) else: data = content diff --git a/roles/lib_openshift_api/library/oc_secret.py b/roles/lib_openshift_api/library/oc_secret.py index a03022e35..ca58d7139 100644 --- a/roles/lib_openshift_api/library/oc_secret.py +++ b/roles/lib_openshift_api/library/oc_secret.py @@ -27,12 +27,12 @@ yaml.add_constructor(u'tag:yaml.org,2002:timestamp', timestamp_constructor) # pylint: disable=too-few-public-methods class OpenShiftCLI(object): - ''' Class to wrap the oc command line tools ''' + ''' Class to wrap the command line tools ''' def __init__(self, namespace, kubeconfig='/etc/origin/master/admin.kubeconfig', verbose=False): - ''' Constructor for OpenshiftOC ''' + ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose self.kubeconfig = kubeconfig @@ -65,15 +65,15 @@ class OpenShiftCLI(object): cmd = ['-n', self.namespace, 'replace', '-f', fname] if force: cmd.append('--force') - return self.oc_cmd(cmd) + return self.openshift_cmd(cmd) def _create(self, fname): '''return all pods ''' - return self.oc_cmd(['create', '-f', fname, '-n', self.namespace]) + return self.openshift_cmd(['create', '-f', fname, '-n', self.namespace]) def _delete(self, resource, rname): '''return all pods ''' - return self.oc_cmd(['delete', resource, rname, '-n', self.namespace]) + return self.openshift_cmd(['delete', resource, rname, '-n', self.namespace]) def _get(self, resource, rname=None): '''return a secret by name ''' @@ -81,7 +81,7 @@ class OpenShiftCLI(object): if rname: cmd.append(rname) - rval = self.oc_cmd(cmd, output=True) + rval = self.openshift_cmd(cmd, output=True) # Ensure results are retuned in an array if rval.has_key('items'): @@ -91,10 +91,15 @@ class OpenShiftCLI(object): return rval - def oc_cmd(self, cmd, output=False): + def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json'): '''Base command for oc ''' #cmds = ['/usr/bin/oc', '--config', self.kubeconfig] - cmds = ['/usr/bin/oc'] + cmds = [] + if oadm: + cmds = ['/usr/bin/oadm'] + else: + cmds = ['/usr/bin/oc'] + cmds.extend(cmd) rval = {} @@ -112,18 +117,21 @@ class OpenShiftCLI(object): proc.wait() stdout = proc.stdout.read() stderr = proc.stderr.read() - rval = {"returncode": proc.returncode, "results": results, + "cmd": ' '.join(cmds), } if proc.returncode == 0: if output: - try: - rval['results'] = json.loads(stdout) - except ValueError as err: - if "No JSON object could be decoded" in err.message: - err = err.message + if output_type == 'json': + try: + rval['results'] = json.loads(stdout) + except ValueError as err: + if "No JSON object could be decoded" in err.message: + err = err.message + elif output_type == 'raw': + rval['results'] = stdout if self.verbose: print stdout @@ -226,11 +234,13 @@ class Utils(object): # Disabling too-many-branches. This is a yaml dictionary comparison function # pylint: disable=too-many-branches,too-many-return-statements @staticmethod - def check_def_equal(user_def, result_def, debug=False): + def check_def_equal(user_def, result_def, skip_keys=None, debug=False): ''' Given a user defined definition, compare it with the results given back by our query. ''' # Currently these values are autogenerated and we do not need to check them skip = ['metadata', 'status'] + if skip_keys: + skip.extend(skip_keys) for key, value in result_def.items(): if key in skip: @@ -239,11 +249,27 @@ class Utils(object): # Both are lists if isinstance(value, list): if not isinstance(user_def[key], list): + if debug: + print 'user_def[key] is not a list' return False - # lists should be identical - if value != user_def[key]: - return False + for values in zip(user_def[key], value): + if isinstance(values[0], dict) and isinstance(values[1], dict): + if debug: + print 'sending list - list' + print type(values[0]) + print type(values[1]) + result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug) + if not result: + print 'list compare returned false' + return False + + elif value != user_def[key]: + if debug: + print 'value should be identical' + print value + print user_def[key] + return False # recurse on a dictionary elif isinstance(value, dict): @@ -262,10 +288,11 @@ class Utils(object): print "keys are not equal in dict" return False - result = Utils.check_def_equal(user_def[key], value, debug=debug) + result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) if not result: if debug: print "dict returned false" + print result return False # Verify each key, value pair is the same @@ -519,7 +546,7 @@ class Secret(OpenShiftCLI): cmd = ['-n%s' % self.namespace, 'secrets', 'new', self.name] cmd.extend(secrets) - return self.oc_cmd(cmd) + return self.openshift_cmd(cmd) def update(self, files, force=False): '''run update secret @@ -550,7 +577,7 @@ class Secret(OpenShiftCLI): cmd = ['-ojson', '-n%s' % self.namespace, 'secrets', 'new', self.name] cmd.extend(secrets) - return self.oc_cmd(cmd, output=True) + return self.openshift_cmd(cmd, output=True) diff --git a/roles/lib_zabbix/library/zbx_user.py b/roles/lib_zabbix/library/zbx_user.py index d10ffb9ff..68c5cfbfe 100644 --- a/roles/lib_zabbix/library/zbx_user.py +++ b/roles/lib_zabbix/library/zbx_user.py @@ -97,6 +97,7 @@ def main(): last_name=dict(default=None, type='str'), user_type=dict(default=None, type='str'), password=dict(default=None, type='str'), + refresh=dict(default=None, type='int'), update_password=dict(default=False, type='bool'), user_groups=dict(default=[], type='list'), state=dict(default='present', type='str'), @@ -137,6 +138,7 @@ def main(): 'usrgrps': get_usergroups(zapi, module.params['user_groups']), 'name': module.params['first_name'], 'surname': module.params['last_name'], + 'refresh': module.params['refresh'], 'type': get_usertype(module.params['user_type']), } diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index 1848619e0..eb762e33f 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -52,4 +52,4 @@ set_fact: docker_version: "{{ '1.8.2' }}" when: " ( common_version.stdout | default('0.0', True) | version_compare('3.2','<') and openshift.common.service_type == 'atomic-openshift' ) or - ( common_version.stdout | default('0.0', True) | version_compare('1.2','<') and openshift.common.service_type == 'origin' )" + ( common_version.stdout | default('0.0', True) | version_compare('1.1.4','<') and openshift.common.service_type == 'origin' )" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 0d31d4ddf..32e608e86 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -837,6 +837,25 @@ def set_sdn_facts_if_unset(facts, system_facts): return facts +def migrate_oauth_template_facts(facts): + """ + Migrate an old oauth template fact to a newer format if it's present. + + The legacy 'oauth_template' fact was just a filename, and assumed you were + setting the 'login' template. + + The new pluralized 'oauth_templates' fact is a dict mapping the template + name to a filename. + + Simplify the code after this by merging the old fact into the new. + """ + if 'master' in facts and 'oauth_template' in facts['master']: + if 'oauth_templates' not in facts['master']: + facts['master']['oauth_templates'] = {"login": facts['master']['oauth_template']} + elif 'login' not in facts['master']['oauth_templates']: + facts['master']['oauth_templates']['login'] = facts['master']['oauth_template'] + return facts + def format_url(use_ssl, hostname, port, path=''): """ Format url based on ssl flag, hostname, port and path @@ -924,12 +943,13 @@ def build_kubelet_args(facts): if 'node' in facts: kubelet_args = {} if 'cloudprovider' in facts: - if facts['cloudprovider']['kind'] == 'aws': - kubelet_args['cloud-provider'] = ['aws'] - kubelet_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] - if facts['cloudprovider']['kind'] == 'openstack': - kubelet_args['cloud-provider'] = ['openstack'] - kubelet_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if 'kind' in facts['cloudprovider']: + if facts['cloudprovider']['kind'] == 'aws': + kubelet_args['cloud-provider'] = ['aws'] + kubelet_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] + if facts['cloudprovider']['kind'] == 'openstack': + kubelet_args['cloud-provider'] = ['openstack'] + kubelet_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] if kubelet_args != {}: facts = merge_facts({'node': {'kubelet_args': kubelet_args}}, facts, [], []) return facts @@ -941,12 +961,13 @@ def build_controller_args(facts): if 'master' in facts: controller_args = {} if 'cloudprovider' in facts: - if facts['cloudprovider']['kind'] == 'aws': - controller_args['cloud-provider'] = ['aws'] - controller_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] - if facts['cloudprovider']['kind'] == 'openstack': - controller_args['cloud-provider'] = ['openstack'] - controller_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if 'kind' in facts['cloudprovider']: + if facts['cloudprovider']['kind'] == 'aws': + controller_args['cloud-provider'] = ['aws'] + controller_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] + if facts['cloudprovider']['kind'] == 'openstack': + controller_args['cloud-provider'] = ['openstack'] + controller_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] if controller_args != {}: facts = merge_facts({'master': {'controller_args': controller_args}}, facts, [], []) return facts @@ -958,12 +979,13 @@ def build_api_server_args(facts): if 'master' in facts: api_server_args = {} if 'cloudprovider' in facts: - if facts['cloudprovider']['kind'] == 'aws': - api_server_args['cloud-provider'] = ['aws'] - api_server_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] - if facts['cloudprovider']['kind'] == 'openstack': - api_server_args['cloud-provider'] = ['openstack'] - api_server_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if 'kind' in facts['cloudprovider']: + if facts['cloudprovider']['kind'] == 'aws': + api_server_args['cloud-provider'] = ['aws'] + api_server_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] + if facts['cloudprovider']['kind'] == 'openstack': + api_server_args['cloud-provider'] = ['openstack'] + api_server_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] if api_server_args != {}: facts = merge_facts({'master': {'api_server_args': api_server_args}}, facts, [], []) return facts @@ -1118,12 +1140,21 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw """ additive_facts = ['named_certificates'] protected_facts = ['ha', 'master_count'] + + # Facts we do not ever want to merge. These originate in inventory variables + # and typically contain JSON dicts. We don't ever want to trigger a merge + # here, just completely overwrite with the new if they are present there. + overwrite_facts = ['admission_plugin_config', + 'kube_admission_plugin_config'] + facts = dict() for key, value in orig.iteritems(): # Key exists in both old and new facts. if key in new: + if key in overwrite_facts: + facts[key] = copy.deepcopy(new[key]) # Continue to recurse if old and new fact is a dictionary. - if isinstance(value, dict) and isinstance(new[key], dict): + elif isinstance(value, dict) and isinstance(new[key], dict): # Collect the subset of additive facts to overwrite if # key matches. These will be passed to the subsequent # merge_facts call. @@ -1441,6 +1472,7 @@ class OpenShiftFacts(object): local_facts, additive_facts_to_overwrite, protected_facts_to_overwrite) + facts = migrate_oauth_template_facts(facts) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) facts = set_project_cfg_facts_if_unset(facts) diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 7f1576682..862cfa8f1 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -4,7 +4,7 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_version }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} +{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 index 5e6577d95..66d76978e 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 @@ -12,7 +12,7 @@ Requires=docker.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api Environment=GOTRACEBACK=crash ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api LimitNOFILE=131072 diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 index 04c84a84a..75759c133 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 @@ -11,7 +11,7 @@ PartOf=docker.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers Environment=GOTRACEBACK=crash ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers LimitNOFILE=131072 diff --git a/roles/openshift_master/templates/docker/master.docker.service.j2 b/roles/openshift_master/templates/docker/master.docker.service.j2 index 6bd0dcf56..d02fc5342 100644 --- a/roles/openshift_master/templates/docker/master.docker.service.j2 +++ b/roles/openshift_master/templates/docker/master.docker.service.j2 @@ -8,7 +8,7 @@ Wants=etcd_container.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master Restart=always diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 813a58d60..e89fdc0ce 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -1,3 +1,10 @@ +admissionConfig: +{% if 'admission_plugin_order' in openshift.master %} + pluginOrderOverride:{{ openshift.master.admission_plugin_order | to_padded_yaml(level=2) }} +{% endif %} +{% if 'admission_plugin_config' in openshift.master %} + pluginConfig:{{ openshift.master.admission_plugin_config | to_padded_yaml(level=2) }} +{% endif %} apiLevels: {% if not openshift.common.version_gte_3_1_or_1_1 | bool %} - v1beta3 @@ -96,6 +103,13 @@ kubernetesMasterConfig: - v1beta3 - v1 {% endif %} + admissionConfig: +{% if 'kube_admission_plugin_order' in openshift.master %} + pluginOrderOverride:{{ openshift.master.kube_admission_plugin_order | to_padded_yaml(level=3) }} +{% endif %} +{% if 'kube_admission_plugin_config' in openshift.master %} + pluginConfig:{{ openshift.master.kube_admission_plugin_config | to_padded_yaml(level=3) }} +{% endif %} apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }} controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }} masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }} @@ -123,9 +137,11 @@ networkConfig: # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.master.portal_net }} oauthConfig: -{% if 'oauth_template' in openshift.master %} - templates: - login: {{ openshift.master.oauth_template }} +{% if 'oauth_always_show_provider_selection' in openshift.master %} + alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }} +{% endif %} +{% if 'oauth_templates' in openshift.master %} + templates:{{ openshift.master.oauth_templates | to_padded_yaml(level=2) }} {% endif %} assetPublicURL: {{ openshift.master.public_console_url }}/ grantConfig: diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index fa2323a2c..69754ee10 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -4,7 +4,7 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_version }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} +{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 632dfbb8a..048a4305a 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -4,7 +4,7 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_version }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} +{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 2a3e38af4..f43b8c59d 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -65,3 +65,10 @@ master_image: "{{ osm_image | default(None) }}" scheduler_predicates: "{{ openshift_master_scheduler_predicates | default(None) }}" scheduler_priorities: "{{ openshift_master_scheduler_priorities | default(None) }}" + admission_plugin_order: "{{openshift_master_admission_plugin_order | default(None) }}" + admission_plugin_config: "{{openshift_master_admission_plugin_config | default(None) }}" + kube_admission_plugin_order: "{{openshift_master_kube_admission_plugin_order | default(None) }}" + kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}" + oauth_template: "{{ openshift_master_oauth_template | default(None) }}" # deprecated in origin 1.2 / OSE 3.2 + oauth_templates: "{{ openshift_master_oauth_templates | default(None) }}" + oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}" diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 80b3e710d..eca4848c1 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -92,7 +92,7 @@ line: "AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}" - regex: '^AWS_SECRET_ACCESS_KEY=' line: "AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}" - when: "'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws" + when: "'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws" notify: - restart node diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index a8accca47..ff5a97fe0 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -12,7 +12,7 @@ Wants={{ openshift.common.service_type }}-master.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node -ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev {{ openshift.node.node_image }}:${IMAGE_VERSION} +ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev {{ openshift.node.node_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node SyslogIdentifier={{ openshift.common.service_type }}-node diff --git a/roles/openshift_storage_nfs/README.md b/roles/openshift_storage_nfs/README.md index dd988b849..dec5bf131 100644 --- a/roles/openshift_storage_nfs/README.md +++ b/roles/openshift_storage_nfs/README.md @@ -21,23 +21,22 @@ From this role: | openshift_hosted_registry_storage_volume_name | registry | Registry volume within openshift_hosted_registry_volume_dir | | openshift_hosted_registry_storage_nfs_options | *(rw,root_squash) | NFS options for configured exports. | - -From openshift_common: -| Name | Default Value | | -|-------------------------------|----------------|----------------------------------------| -| openshift_debug_level | 2 | Global openshift debug log verbosity | - - Dependencies ------------ +* os_firewall +* openshift_facts +* openshift_repos + Example Playbook ---------------- +``` - name: Configure nfs hosts hosts: oo_nfs_to_config roles: - role: openshift_storage_nfs +``` License ------- diff --git a/roles/openshift_storage_nfs/meta/main.yml b/roles/openshift_storage_nfs/meta/main.yml index 2975daf52..c6815d697 100644 --- a/roles/openshift_storage_nfs/meta/main.yml +++ b/roles/openshift_storage_nfs/meta/main.yml @@ -11,5 +11,5 @@ galaxy_info: - 7 dependencies: - { role: os_firewall } -- { role: openshift_common } +- { role: openshift_facts } - { role: openshift_repos } |