diff options
Diffstat (limited to 'roles')
31 files changed, 384 insertions, 85 deletions
diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index 2ec62c37c..e0746d70d 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -1,5 +1,5 @@ --- -etcd_service: "{{ 'etcd' if not etcd_is_containerized | bool else 'etcd_container' }}" +etcd_service: "{{ 'etcd' if openshift.common.is_etcd_system_container | bool or not etcd_is_containerized | bool else 'etcd_container' }}" etcd_client_port: 2379 etcd_peer_port: 2380 etcd_url_scheme: http diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 41f25be70..5f3ca461e 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -14,13 +14,17 @@ command: docker pull {{ openshift.etcd.etcd_image }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" - when: etcd_is_containerized | bool + when: + - etcd_is_containerized | bool + - not openshift.common.is_etcd_system_container | bool - name: Install etcd container service file template: dest: "/etc/systemd/system/etcd_container.service" src: etcd.docker.service - when: etcd_is_containerized | bool + when: + - etcd_is_containerized | bool + - not openshift.common.is_etcd_system_container | bool - name: Ensure etcd datadir exists when containerized file: @@ -36,10 +40,22 @@ enabled: no masked: yes daemon_reload: yes - when: etcd_is_containerized | bool + when: + - etcd_is_containerized | bool + - not openshift.common.is_etcd_system_container | bool register: task_result failed_when: "task_result|failed and 'could not' not in task_result.msg|lower" +- name: Install etcd container service file + template: + dest: "/etc/systemd/system/etcd_container.service" + src: etcd.docker.service + when: etcd_is_containerized | bool and not openshift.common.is_etcd_system_container | bool + +- name: Install Etcd system container + include: system_container.yml + when: etcd_is_containerized | bool and openshift.common.is_etcd_system_container | bool + - name: Validate permissions on the config dir file: path: "{{ etcd_conf_dir }}" @@ -54,7 +70,7 @@ dest: /etc/etcd/etcd.conf backup: true notify: - - restart etcd + - restart etcd - name: Enable etcd systemd: diff --git a/roles/etcd/tasks/system_container.yml b/roles/etcd/tasks/system_container.yml new file mode 100644 index 000000000..241180e2c --- /dev/null +++ b/roles/etcd/tasks/system_container.yml @@ -0,0 +1,63 @@ +--- +- name: Pull etcd system container + command: atomic pull --storage=ostree {{ openshift.etcd.etcd_image }} + register: pull_result + changed_when: "'Pulling layer' in pull_result.stdout" + +- name: Check etcd system container package + command: > + atomic containers list --no-trunc -a -f container=etcd + register: result + +- name: Set initial Etcd cluster + set_fact: + etcd_initial_cluster: > + {% for host in etcd_peers | default([]) -%} + {% if loop.last -%} + {{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }} + {%- else -%} + {{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }}, + {%- endif -%} + {% endfor -%} + +- name: Update Etcd system container package + command: > + atomic containers update + --set ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }} + --set ETCD_NAME={{ etcd_hostname }} + --set ETCD_INITIAL_CLUSTER={{ etcd_initial_cluster | replace('\n', '') }} + --set ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }} + --set ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }} + --set ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }} + --set ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }} + --set ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }} + --set ETCD_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt + --set ETCD_CERT_FILE={{ etcd_system_container_conf_dir }}/server.crt + --set ETCD_KEY_FILE={{ etcd_system_container_conf_dir }}/server.key + --set ETCD_PEER_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt + --set ETCD_PEER_CERT_FILE={{ etcd_system_container_conf_dir }}/peer.crt + --set ETCD_PEER_KEY_FILE={{ etcd_system_container_conf_dir }}/peer.key + etcd + when: + - ("etcd" in result.stdout) + +- name: Install Etcd system container package + command: > + atomic install --system --name=etcd + --set ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }} + --set ETCD_NAME={{ etcd_hostname }} + --set ETCD_INITIAL_CLUSTER={{ etcd_initial_cluster | replace('\n', '') }} + --set ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }} + --set ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }} + --set ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }} + --set ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }} + --set ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }} + --set ETCD_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt + --set ETCD_CERT_FILE={{ etcd_system_container_conf_dir }}/server.crt + --set ETCD_KEY_FILE={{ etcd_system_container_conf_dir }}/server.key + --set ETCD_PEER_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt + --set ETCD_PEER_CERT_FILE={{ etcd_system_container_conf_dir }}/peer.crt + --set ETCD_PEER_KEY_FILE={{ etcd_system_container_conf_dir }}/peer.key + {{ openshift.etcd.etcd_image }} + when: + - ("etcd" not in result.stdout) diff --git a/roles/etcd_common/defaults/main.yml b/roles/etcd_common/defaults/main.yml index 93633e3e6..2eb9af921 100644 --- a/roles/etcd_common/defaults/main.yml +++ b/roles/etcd_common/defaults/main.yml @@ -1,6 +1,7 @@ --- # etcd server vars -etcd_conf_dir: /etc/etcd +etcd_conf_dir: "{{ '/etc/etcd' if not openshift.common.is_etcd_system_container else '/var/lib/etcd/etcd.etcd/etc' }}" +etcd_system_container_conf_dir: /var/lib/etcd/etc etcd_ca_file: "{{ etcd_conf_dir }}/ca.crt" etcd_cert_file: "{{ etcd_conf_dir }}/server.crt" etcd_key_file: "{{ etcd_conf_dir }}/server.key" diff --git a/roles/openshift_etcd_facts/vars/main.yml b/roles/openshift_etcd_facts/vars/main.yml index cae15d61a..82db36eba 100644 --- a/roles/openshift_etcd_facts/vars/main.yml +++ b/roles/openshift_etcd_facts/vars/main.yml @@ -5,6 +5,6 @@ etcd_hostname: "{{ openshift.common.hostname }}" etcd_ip: "{{ openshift.common.ip }}" etcd_cert_subdir: "etcd-{{ openshift.common.hostname }}" etcd_cert_prefix: -etcd_cert_config_dir: /etc/etcd +etcd_cert_config_dir: "{{ '/etc/etcd' if not openshift.common.is_etcd_system_container | bool else '/var/lib/etcd/etcd.etcd/etc' }}" etcd_peer_url_scheme: https etcd_url_scheme: https diff --git a/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml b/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml index c8e3d4083..4f25a9c8f 100644 --- a/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml +++ b/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml @@ -157,7 +157,7 @@ objects: - type: "ConfigChange" - type: "ImageChange" imageChangeParams: - automatic: false + automatic: true containerNames: - "cloudforms" from: @@ -202,7 +202,7 @@ objects: - type: "ImageChange" imageChangeParams: - automatic: false + automatic: true containerNames: - "memcached" from: @@ -286,7 +286,7 @@ objects: - type: "ImageChange" imageChangeParams: - automatic: false + automatic: true containerNames: - "postgresql" from: diff --git a/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml b/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml index c8e3d4083..4f25a9c8f 100644 --- a/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml +++ b/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml @@ -157,7 +157,7 @@ objects: - type: "ConfigChange" - type: "ImageChange" imageChangeParams: - automatic: false + automatic: true containerNames: - "cloudforms" from: @@ -202,7 +202,7 @@ objects: - type: "ImageChange" imageChangeParams: - automatic: false + automatic: true containerNames: - "memcached" from: @@ -286,7 +286,7 @@ objects: - type: "ImageChange" imageChangeParams: - automatic: false + automatic: true containerNames: - "postgresql" from: diff --git a/roles/openshift_facts/defaults/main.yml b/roles/openshift_facts/defaults/main.yml new file mode 100644 index 000000000..28b388560 --- /dev/null +++ b/roles/openshift_facts/defaults/main.yml @@ -0,0 +1,2 @@ +--- +use_system_containers: false diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index ec2942b69..97b3edd6e 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1785,11 +1785,14 @@ def set_container_facts_if_unset(facts): facts['etcd']['etcd_image'] = etcd_image if 'master' in facts and 'master_image' not in facts['master']: facts['master']['master_image'] = master_image + facts['master']['master_system_image'] = master_image if 'node' in facts: if 'node_image' not in facts['node']: facts['node']['node_image'] = node_image + facts['node']['node_system_image'] = node_image if 'ovs_image' not in facts['node']: facts['node']['ovs_image'] = ovs_image + facts['node']['ovs_system_image'] = ovs_image if safe_get_bool(facts['common']['is_containerized']): facts['common']['admin_binary'] = '/usr/local/bin/oadm' @@ -2078,6 +2081,25 @@ class OpenShiftFacts(object): create_pvc=False ) ), + loggingops=dict( + storage=dict( + kind=None, + volume=dict( + name='logging-es-ops', + size='10Gi' + ), + nfs=dict( + directory='/exports', + options='*(rw,root_squash)' + ), + host=None, + access=dict( + modes=['ReadWriteOnce'] + ), + create_pv=True, + create_pvc=False + ) + ), logging=dict( storage=dict( kind=None, diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index b7b521f1a..9a1982076 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -9,6 +9,10 @@ l_is_atomic: "{{ ostree_booted.stat.exists }}" - set_fact: l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}" + l_is_openvswitch_system_container: "{{ (use_openvswitch_system_container | default(use_system_containers) | bool) }}" + l_is_node_system_container: "{{ (use_node_system_container | default(use_system_containers) | bool) }}" + l_is_master_system_container: "{{ (use_master_system_container | default(use_system_containers) | bool) }}" + l_is_etcd_system_container: "{{ (use_etcd_system_container | default(use_system_containers) | bool) }}" - name: Ensure various deps are installed package: name={{ item }} state=present @@ -27,6 +31,11 @@ hostname: "{{ openshift_hostname | default(None) }}" ip: "{{ openshift_ip | default(None) }}" is_containerized: "{{ l_is_containerized | default(None) }}" + is_openvswitch_system_container: "{{ l_is_openvswitch_system_container | default(false) }}" + is_node_system_container: "{{ l_is_node_system_container | default(false) }}" + is_master_system_container: "{{ l_is_master_system_container | default(false) }}" + is_etcd_system_container: "{{ l_is_etcd_system_container | default(false) }}" + system_images_registry: "{{ system_images_registry | default('') }}" public_hostname: "{{ openshift_public_hostname | default(None) }}" public_ip: "{{ openshift_public_ip | default(None) }}" portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}" diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index 8aabb9f17..216a40874 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -57,10 +57,12 @@ run_once: true - name: "Add the secret to the registry's pod service accounts" - command: > - {{ openshift.common.client_binary }} secrets add {{ item }} registry-certificates - --config={{ openshift_hosted_kubeconfig }} - -n default + oc_serviceaccount_secret: + service_account: "{{ item }}" + secret: registry-certificates + namespace: default + kubeconfig: "{{ openshift_hosted_kubeconfig }}" + state: present with_items: - registry - default diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml index e56a68e27..15128784e 100644 --- a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml +++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml @@ -53,23 +53,13 @@ create -f - when: secrets.rc == 1 -- name: Determine if service account contains secrets - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_kubeconfig }} - --namespace={{ openshift.hosted.registry.namespace | default('default') }} - get serviceaccounts registry - -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}' - register: serviceaccount - changed_when: false - - name: Add secrets to registry service account - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_kubeconfig }} - --namespace={{ openshift.hosted.registry.namespace | default('default') }} - secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }} - when: serviceaccount.stdout == '' + oc_serviceaccount_secret: + service_account: registry + secret: "{{ registry_config_secret_name }}" + namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" + kubeconfig: "{{ openshift_hosted_kubeconfig }}" + state: present - name: Determine if deployment config contains secrets command: > diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 73849f46a..bdb168921 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -1,9 +1,9 @@ --- -openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default(docker.io/openshift/origin-) }}" -openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default(latest) }}" +openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}" +openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}" openshift_logging_use_ops: False openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" -openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default(https://{{openshift.common.public_hostname}}:8443) }}" +openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://{{openshift.common.public_hostname}}:8443') }}" openshift_logging_namespace: logging openshift_logging_install_logging: True @@ -27,7 +27,19 @@ openshift_logging_kibana_proxy_cpu_limit: null openshift_logging_kibana_proxy_memory_limit: null openshift_logging_kibana_replica_count: 1 -openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default(kibana-ops.{{openshift.common.dns_domain}}) }}" +#The absolute path on the control node to the cert file to use +#for the public facing kibana certs +openshift_logging_kibana_cert: "" + +#The absolute path on the control node to the key file to use +#for the public facing kibana certs +openshift_logging_kibana_key: "" + +#The absolute path on the control node to the CA file to use +#for the public facing kibana certs +openshift_logging_kibana_ca: "" + +openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.{{openshift.common.dns_domain}}') }}" openshift_logging_kibana_ops_cpu_limit: null openshift_logging_kibana_ops_memory_limit: null openshift_logging_kibana_ops_proxy_debug: false @@ -54,7 +66,7 @@ openshift_logging_es_memory_limit: 1024Mi openshift_logging_es_pv_selector: null openshift_logging_es_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_pvc_dynamic | default(False) }}" openshift_logging_es_pvc_size: "{{ openshift_hosted_logging_elasticsearch_pvc_size | default('') }}" -openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default(logging-es) }}" +openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default('logging-es') }}" openshift_logging_es_recover_after_time: 5m openshift_logging_es_storage_group: 65534 @@ -72,7 +84,7 @@ openshift_logging_es_ops_memory_limit: 1024Mi openshift_logging_es_ops_pv_selector: None openshift_logging_es_ops_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic | default(False) }}" openshift_logging_es_ops_pvc_size: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_size | default('') }}" -openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | default(logging-es-ops) }}" +openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | default('logging-es-ops') }}" openshift_logging_es_ops_recover_after_time: 5m openshift_logging_es_ops_storage_group: 65534 diff --git a/roles/openshift_logging/tasks/generate_pvcs.yaml b/roles/openshift_logging/tasks/generate_pvcs.yaml index 601ec9e83..d782d621e 100644 --- a/roles/openshift_logging/tasks/generate_pvcs.yaml +++ b/roles/openshift_logging/tasks/generate_pvcs.yaml @@ -4,10 +4,10 @@ vars: pvc_name: "{{openshift_logging_es_pvc_prefix}}-{{item| int}}" start: "{{es_pvc_names | map('regex_search',openshift_logging_es_pvc_prefix+'.*')|select('string')|list|length}}" - with_sequence: start={{start}} end={{ (start|int > openshift_logging_es_cluster_size - 1) | ternary(start, openshift_logging_es_cluster_size - 1)}} + with_sequence: start={{start}} end={{ (start|int > openshift_logging_es_cluster_size|int - 1) | ternary(start, openshift_logging_es_cluster_size|int - 1)}} when: - openshift_logging_es_pvc_size | search('^\d.*') - - "{{ es_dc_names|default([]) | length < openshift_logging_es_cluster_size }}" + - "{{ es_dc_names|default([]) | length < openshift_logging_es_cluster_size|int }}" check_mode: no - name: Generating PersistentVolumeClaims diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml index 60694f67e..3c462378b 100644 --- a/roles/openshift_logging/tasks/generate_routes.yaml +++ b/roles/openshift_logging/tasks/generate_routes.yaml @@ -1,4 +1,20 @@ --- +- set_fact: kibana_key={{ lookup('file', openshift_logging_kibana_key) | b64encode }} + when: "{{ openshift_logging_kibana_key | trim | length > 0 }}" + changed_when: false + +- set_fact: kibana_cert={{ lookup('file', openshift_logging_kibana_cert)| b64encode }} + when: "{{openshift_logging_kibana_cert | trim | length > 0}}" + changed_when: false + +- set_fact: kibana_ca={{ lookup('file', openshift_logging_kibana_ca)| b64encode }} + when: "{{openshift_logging_kibana_ca | trim | length > 0}}" + changed_when: false + +- set_fact: kibana_ca={{key_pairs | entry_from_named_pair('ca_file') }} + when: kibana_ca is not defined + changed_when: false + - name: Generating logging routes template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml tags: routes @@ -6,7 +22,9 @@ obj_name: "{{route_info.name}}" route_host: "{{route_info.host}}" service_name: "{{route_info.name}}" - tls_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" + tls_key: "{{kibana_key | default('') | b64decode}}" + tls_cert: "{{kibana_cert | default('') | b64decode}}" + tls_ca_cert: "{{kibana_ca | b64decode}}" tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" labels: component: support diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml index 1d6e55e44..f9c2c81fb 100644 --- a/roles/openshift_logging/tasks/install_elasticsearch.yaml +++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml @@ -54,10 +54,10 @@ fail: msg="The openshift_logging_es_ops_cluster_size may not be scaled down more than 1 less (or 0) the number of Elasticsearch nodes already deployed" vars: es_dcs: "{{openshift_logging_facts.elasticsearch_ops.deploymentconfigs}}" - cluster_size: "{{openshift_logging_es_ops_cluster_size}}" + cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" when: - openshift_logging_use_ops | bool - - "{{es_dcs | length - openshift_logging_es_ops_cluster_size | abs > 1}}" + - "{{es_dcs | length - openshift_logging_es_ops_cluster_size|int | abs > 1}}" check_mode: no - name: Generate PersistentVolumeClaims for Ops @@ -66,7 +66,7 @@ es_pvc_names: "{{openshift_logging_facts.elasticsearch_ops.pvcs.keys()}}" es_dc_names: "{{openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys()}}" openshift_logging_es_pvc_prefix: "{{openshift_logging_es_ops_pvc_prefix}}" - openshift_logging_es_cluster_size: "{{openshift_logging_es_ops_cluster_size}}" + openshift_logging_es_cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" openshift_logging_es_pvc_size: "{{openshift_logging_es_ops_pvc_size}}" openshift_logging_es_pvc_dynamic: "{{openshift_logging_es_ops_pvc_dynamic}}" openshift_logging_es_pv_selector: "{{openshift_logging_es_ops_pv_selector}}" @@ -89,7 +89,7 @@ es_cluster_name: "{{component}}" deploy_name_prefix: "logging-{{component}}" deploy_name: "{{deploy_name_prefix}}-{{'abcdefghijklmnopqrstuvwxyz0123456789'|random_word(8)}}" - cluster_size: "{{openshift_logging_es_ops_cluster_size}}" + cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" with_sequence: count={{ openshift_logging_es_ops_cluster_size | int - openshift_logging_current_es_ops_size | int }} when: - openshift_logging_use_ops | bool diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index d52429f03..e23c3f9f1 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -9,11 +9,11 @@ - name: Validate Elasticsearch cluster size fail: msg="The openshift_logging_es_cluster_size may only be scaled down manually. Please see official documentation on how to do this." - when: openshift_logging_facts.elasticsearch.deploymentconfigs | length > openshift_logging_es_cluster_size + when: openshift_logging_facts.elasticsearch.deploymentconfigs | length > openshift_logging_es_cluster_size|int - name: Validate Elasticsearch Ops cluster size fail: msg="The openshift_logging_es_ops_cluster_size may only be scaled down manually. Please see official documentation on how to do this." - when: openshift_logging_facts.elasticsearch_ops.deploymentconfigs | length > openshift_logging_es_ops_cluster_size + when: openshift_logging_facts.elasticsearch_ops.deploymentconfigs | length > openshift_logging_es_ops_cluster_size|int - name: Install logging include: "{{ role_path }}/tasks/install_{{ install_component }}.yaml" diff --git a/roles/openshift_logging/templates/route_reencrypt.j2 b/roles/openshift_logging/templates/route_reencrypt.j2 index 8be30a2c4..341ffdd84 100644 --- a/roles/openshift_logging/templates/route_reencrypt.j2 +++ b/roles/openshift_logging/templates/route_reencrypt.j2 @@ -11,6 +11,14 @@ metadata: spec: host: {{ route_host }} tls: +{% if tls_key is defined and tls_key | length > 0 %} + key: | +{{ tls_key|indent(6, true) }} +{% if tls_cert is defined and tls_cert | length > 0 %} + certificate: | +{{ tls_cert|indent(6, true) }} +{% endif %} +{% endif %} caCertificate: | {% for line in tls_ca_cert.split('\n') %} {{ line }} diff --git a/roles/openshift_logging/vars/main.yaml b/roles/openshift_logging/vars/main.yaml index 11662c446..07cc05683 100644 --- a/roles/openshift_logging/vars/main.yaml +++ b/roles/openshift_logging/vars/main.yaml @@ -1,8 +1,8 @@ --- openshift_master_config_dir: "{{ openshift.common.config_base }}/master" -es_node_quorum: "{{openshift_logging_es_cluster_size/2 + 1}}" -es_recover_after_nodes: "{{openshift_logging_es_cluster_size - 1}}" -es_recover_expected_nodes: "{{openshift_logging_es_cluster_size}}" -es_ops_node_quorum: "{{openshift_logging_es_ops_cluster_size/2 + 1}}" -es_ops_recover_after_nodes: "{{openshift_logging_es_ops_cluster_size - 1}}" -es_ops_recover_expected_nodes: "{{openshift_logging_es_ops_cluster_size}}" +es_node_quorum: "{{openshift_logging_es_cluster_size|int/2 + 1}}" +es_recover_after_nodes: "{{openshift_logging_es_cluster_size|int - 1}}" +es_recover_expected_nodes: "{{openshift_logging_es_cluster_size|int}}" +es_ops_node_quorum: "{{openshift_logging_es_ops_cluster_size|int/2 + 1}}" +es_ops_recover_after_nodes: "{{openshift_logging_es_ops_cluster_size|int - 1}}" +es_ops_recover_expected_nodes: "{{openshift_logging_es_ops_cluster_size|int}}" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 9cd6b6c81..2ef61cddf 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -131,6 +131,10 @@ - name: Install the systemd units include: systemd_units.yml +- name: Install Master system container + include: system_container.yml + when: openshift.common.is_containerized | bool and openshift.common.is_master_system_container | bool + - name: Create session secrets file template: dest: "{{ openshift.master.session_secrets_file }}" diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml new file mode 100644 index 000000000..e3e3d7948 --- /dev/null +++ b/roles/openshift_master/tasks/system_container.yml @@ -0,0 +1,36 @@ +--- +- name: Pre-pull master system container image + command: > + atomic pull --storage=ostree {{ openshift.common.system_images_registry }}/{{ openshift.master.master_system_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Pulling layer' in pull_result.stdout" + +- name: Check Master system container package + command: > + atomic containers list --no-trunc -a -f container={{ openshift.common.service_type }}-master + register: result + +- name: Update Master system container package + command: > + atomic containers update {{ openshift.common.service_type }}-master + register: update_result + changed_when: "'Extracting' in update_result.stdout" + when: + - ("master" in result.stdout) + - (openshift.common.version is defined) and (openshift.common.version == openshift_version) | bool + +- name: Uninstall Master system container package + command: > + atomic uninstall {{ openshift.common.service_type }}-master + failed_when: False + when: + - ("master" in result.stdout) + - (openshift.common.version is not defined) or (openshift.common.version != openshift_version) | bool + +- name: Install Master system container package + command: > + atomic install --system --name={{ openshift.common.service_type }}-master {{ openshift.common.system_images_registry }}/{{ openshift.master.master_system_image }}:{{ openshift_image_tag }} + when: + - (openshift.common.version is not defined) or (openshift.common.version != openshift_version) or ("master" not in result.stdout) | bool + notify: + - restart master diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index 39ea42ab3..4ab98cbbb 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -20,14 +20,14 @@ docker pull {{ openshift.master.master_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" - when: openshift.common.is_containerized | bool + when: openshift.common.is_containerized | bool and not openshift.common.is_master_system_container | bool # workaround for missing systemd unit files - name: Create the systemd unit files template: src: "master_docker/master.docker.service.j2" dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master.service" - when: openshift.common.is_containerized | bool and (openshift.master.ha is not defined or not openshift.master.ha | bool) + when: openshift.common.is_containerized | bool and (openshift.master.ha is not defined or not openshift.master.ha | bool and not openshift.common.is_master_system_container | bool) register: create_master_unit_file - command: systemctl daemon-reload @@ -132,7 +132,7 @@ dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" src: master_docker/master.docker.service.j2 register: install_result - when: openshift.common.is_containerized | bool and openshift.master.ha is defined and not openshift.master.ha | bool + when: openshift.common.is_containerized | bool and openshift.master.ha is defined and not openshift.master.ha | bool and not openshift.common.is_master_system_container | bool - name: Preserve Master Proxy Config options command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master diff --git a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py index 0c94228c6..ef322bd7d 100644 --- a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py +++ b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py @@ -52,6 +52,9 @@ class LookupModule(LookupBase): # convert short_version to origin short_version short_version = re.sub('^3.', '1.', short_version) + if short_version == 'latest': + short_version = '1.6' + # Predicates ordered according to OpenShift Origin source: # origin/vendor/k8s.io/kubernetes/plugin/pkg/scheduler/algorithmprovider/defaults/defaults.go diff --git a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py index 95ace7923..6ad40e748 100644 --- a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py +++ b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py @@ -53,6 +53,9 @@ class LookupModule(LookupBase): # convert short_version to origin short_version short_version = re.sub('^3.', '1.', short_version) + if short_version == 'latest': + short_version = '1.6' + if short_version == '1.1': priorities.extend([ {'name': 'LeastRequestedPriority', 'weight': 1}, diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml index 66925c113..66a3abdbd 100644 --- a/roles/openshift_metrics/tasks/install_metrics.yaml +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -34,6 +34,20 @@ file_content: "{{ item.content | b64decode | from_yaml }}" with_items: "{{ object_defs.results }}" +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra + -o name + -n {{openshift_metrics_project}} + register: existing_metrics_rc + changed_when: no + +- name: Scaling down cluster to recognize changes + include: stop_metrics.yaml + when: "{{ existing_metrics_rc.stdout_lines | length > 0 }}" + - name: Scaling up cluster include: start_metrics.yaml tags: openshift_metrics_start_cluster diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e970c4cd1..691227915 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -60,6 +60,12 @@ state: present when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool +- name: Install conntrack-tools package + package: + name: "conntrack-tools" + state: present + when: not openshift.common.is_containerized | bool + - name: Install the systemd units include: systemd_units.yml @@ -69,7 +75,7 @@ - name: Persist net.ipv4.ip_forward sysctl entry sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes -- name: Start and enable openvswitch docker service +- name: Start and enable openvswitch service systemd: name: openvswitch.service enabled: yes diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml new file mode 100644 index 000000000..01e2d33c7 --- /dev/null +++ b/roles/openshift_node/tasks/node_system_container.yml @@ -0,0 +1,34 @@ +--- +- name: Pre-pull node system container image + command: > + atomic pull --storage=ostree {{ openshift.common.system_images_registry }}/{{ openshift.node.node_system_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Pulling layer' in pull_result.stdout" + +- name: Check Node system container package + command: > + atomic containers list --no-trunc -a -f container={{ openshift.common.service_type }}-node + register: result + +- name: Update Node system container package + command: > + atomic containers update {{ openshift.common.service_type }}-node + register: update_result + changed_when: "'Extracting' in update_result.stdout" + when: + - (openshift.common.version is defined) and (openshift.common.version == openshift_version) and ("node" in result.stdout) | bool + +- name: Uninstall Node system container package + command: > + atomic uninstall {{ openshift.common.service_type }}-node + failed_when: False + when: + - (openshift.common.version is not defined) or (openshift.common.version != openshift_version) and ("node" in result.stdout) | bool + +- name: Install Node system container package + command: > + atomic install --system --name={{ openshift.common.service_type }}-node {{ openshift.common.system_images_registry }}/{{ openshift.node.node_system_image }}:{{ openshift_image_tag }} + register: install_node_result + changed_when: "'Extracting' in pull_result.stdout" + when: + - (openshift.common.version is not defined) or (openshift.common.version != openshift_version) or ("node" not in result.stdout) | bool diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml new file mode 100644 index 000000000..47fac99eb --- /dev/null +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -0,0 +1,36 @@ +--- +- name: Pre-pull OpenVSwitch system container image + command: > + atomic pull --storage=ostree {{ openshift.common.system_images_registry }}/{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Pulling layer' in pull_result.stdout" + +- name: Check OpenvSwitch system container package + command: > + atomic containers list --no-trunc -a -f container=openvswitch + register: result + when: + - openshift.common.is_openvswitch_system_container | bool + +- name: Update OpenvSwitch system container package + command: > + atomic containers update openvswitch + register: update_result + changed_when: "'Extracting' in update_result.stdout" + when: + - (openshift.common.version is defined) and (openshift.common.version == openshift_version) and ("openvswitch" in result.stdout) | bool + +- name: Uninstall OpenvSwitch system container package + command: > + atomic uninstall openvswitch + failed_when: False + when: + - (openshift.common.version is not defined) or (openshift.common.version != openshift_version) and ("openvswitch" in result.stdout) | bool + +- name: Install OpenvSwitch system container package + command: > + atomic install --system --name=openvswitch {{ openshift.common.system_images_registry }}/{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} + when: + - (openshift.common.version is not defined) or (openshift.common.version != openshift_version) or ("openvswitch" not in result.stdout) | bool + notify: + - restart docker diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 5243a87fe..52482d09b 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -2,20 +2,6 @@ # This file is included both in the openshift_master role and in the upgrade # playbooks. -- name: Pre-pull node image - command: > - docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }} - register: pull_result - changed_when: "'Downloaded newer image' in pull_result.stdout" - when: openshift.common.is_containerized | bool - -- name: Pre-pull openvswitch image - command: > - docker pull {{ openshift.node.ovs_image }}:{{ openshift_image_tag }} - register: pull_result - changed_when: "'Downloaded newer image' in pull_result.stdout" - when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool - - name: Install Node dependencies docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node-dep.service" @@ -23,12 +9,21 @@ register: install_node_dep_result when: openshift.common.is_containerized | bool -- name: Install Node docker service file - template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" - src: openshift.docker.node.service - register: install_node_result - when: openshift.common.is_containerized | bool +- block: + - name: Pre-pull node image + command: > + docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" + + - name: Install Node docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" + src: openshift.docker.node.service + register: install_node_result + when: + - openshift.common.is_containerized | bool + - not openshift.common.is_node_system_container | bool - name: Create the openvswitch service env file template: @@ -39,6 +34,19 @@ notify: - restart openvswitch +- name: Install Node system container + include: node_system_container.yml + when: + - openshift.common.is_containerized | bool + - openshift.common.is_node_system_container | bool + +- name: Install OpenvSwitch system containers + include: openvswitch_system_container.yml + when: + - openshift.common.use_openshift_sdn | default(true) | bool + - openshift.common.is_containerized | bool + - openshift.common.is_openvswitch_system_container | bool + # May be a temporary workaround. # https://bugzilla.redhat.com/show_bug.cgi?id=1331590 - name: Create OpenvSwitch service.d directory @@ -54,13 +62,23 @@ notify: - restart openvswitch -- name: Install OpenvSwitch docker service file - template: - dest: "/etc/systemd/system/openvswitch.service" - src: openvswitch.docker.service - when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | default(true) | bool - notify: - - restart openvswitch +- block: + - name: Pre-pull openvswitch image + command: > + docker pull {{ openshift.node.ovs_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" + + - name: Install OpenvSwitch docker service file + template: + dest: "/etc/systemd/system/openvswitch.service" + src: openvswitch.docker.service + notify: + - restart openvswitch + when: + - openshift.common.is_containerized | bool + - openshift.common.use_openshift_sdn | default(true) | bool + - not openshift.common.is_openvswitch_system_container | bool - name: Configure Node settings lineinfile: diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index fd935f105..0d6b8b7d4 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -29,6 +29,7 @@ - "{{ openshift.hosted.registry }}" - "{{ openshift.hosted.metrics }}" - "{{ openshift.hosted.logging }}" + - "{{ openshift.hosted.loggingops }}" - name: Configure exports diff --git a/roles/openshift_storage_nfs/templates/exports.j2 b/roles/openshift_storage_nfs/templates/exports.j2 index 2d6dd85e3..8c6d4105c 100644 --- a/roles/openshift_storage_nfs/templates/exports.j2 +++ b/roles/openshift_storage_nfs/templates/exports.j2 @@ -1,3 +1,4 @@ {{ openshift.hosted.registry.storage.nfs.directory }}/{{ openshift.hosted.registry.storage.volume.name }} {{ openshift.hosted.registry.storage.nfs.options }} {{ openshift.hosted.metrics.storage.nfs.directory }}/{{ openshift.hosted.metrics.storage.volume.name }} {{ openshift.hosted.metrics.storage.nfs.options }} {{ openshift.hosted.logging.storage.nfs.directory }}/{{ openshift.hosted.logging.storage.volume.name }} {{ openshift.hosted.logging.storage.nfs.options }} +{{ openshift.hosted.loggingops.storage.nfs.directory }}/{{ openshift.hosted.loggingops.storage.volume.name }} {{ openshift.hosted.loggingops.storage.nfs.options }} |