diff options
Diffstat (limited to 'roles')
38 files changed, 111 insertions, 110 deletions
diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml index 066ee3f3b..34754502a 100644 --- a/roles/cockpit/tasks/main.yml +++ b/roles/cockpit/tasks/main.yml @@ -1,7 +1,6 @@ --- - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install cockpit-ws package: name={{ item }} state=present diff --git a/roles/contiv/tasks/main.yml b/roles/contiv/tasks/main.yml index 40a0f9e61..cb9196a71 100644 --- a/roles/contiv/tasks/main.yml +++ b/roles/contiv/tasks/main.yml @@ -5,10 +5,10 @@ recurse: yes state: directory -- include: download_bins.yml +- include_tasks: download_bins.yml -- include: netmaster.yml +- include_tasks: netmaster.yml when: contiv_role == "netmaster" -- include: netplugin.yml +- include_tasks: netplugin.yml when: contiv_role == "netplugin" diff --git a/roles/contiv/tasks/netmaster.yml b/roles/contiv/tasks/netmaster.yml index cc52d3a43..6f15af8c2 100644 --- a/roles/contiv/tasks/netmaster.yml +++ b/roles/contiv/tasks/netmaster.yml @@ -1,8 +1,8 @@ --- -- include: netmaster_firewalld.yml +- include_tasks: netmaster_firewalld.yml when: has_firewalld -- include: netmaster_iptables.yml +- include_tasks: netmaster_iptables.yml when: not has_firewalld and has_iptables - name: Netmaster | Check is /etc/hosts file exists @@ -70,8 +70,8 @@ state: started register: netmaster_started -- include: aci.yml +- include_tasks: aci.yml when: contiv_fabric_mode == "aci" -- include: default_network.yml +- include_tasks: default_network.yml when: contiv_default_network == true diff --git a/roles/contiv/tasks/netplugin.yml b/roles/contiv/tasks/netplugin.yml index e861a2591..0b2f91bab 100644 --- a/roles/contiv/tasks/netplugin.yml +++ b/roles/contiv/tasks/netplugin.yml @@ -1,8 +1,8 @@ --- -- include: netplugin_firewalld.yml +- include_tasks: netplugin_firewalld.yml when: has_firewalld -- include: netplugin_iptables.yml +- include_tasks: netplugin_iptables.yml when: has_iptables - name: Netplugin | Ensure localhost entry correct in /etc/hosts @@ -19,7 +19,7 @@ line: '::1 ' state: absent -- include: ovs.yml +- include_tasks: ovs.yml when: netplugin_driver == "ovs" - name: Netplugin | Create Netplugin bin symlink diff --git a/roles/contiv/tasks/ovs.yml b/roles/contiv/tasks/ovs.yml index 0c1b994c7..5c92e90e9 100644 --- a/roles/contiv/tasks/ovs.yml +++ b/roles/contiv/tasks/ovs.yml @@ -1,5 +1,5 @@ --- -- include: packageManagerInstall.yml +- include_tasks: packageManagerInstall.yml when: source_type == "packageManager" tags: - binary-update diff --git a/roles/contiv/tasks/packageManagerInstall.yml b/roles/contiv/tasks/packageManagerInstall.yml index e0d48e643..d5726476c 100644 --- a/roles/contiv/tasks/packageManagerInstall.yml +++ b/roles/contiv/tasks/packageManagerInstall.yml @@ -3,7 +3,7 @@ set_fact: did_install: false -- include: pkgMgrInstallers/centos-install.yml +- include_tasks: pkgMgrInstallers/centos-install.yml when: (ansible_os_family == "RedHat") and not is_atomic diff --git a/roles/contiv_facts/tasks/main.yml b/roles/contiv_facts/tasks/main.yml index 7a4972fca..3267a4ab0 100644 --- a/roles/contiv_facts/tasks/main.yml +++ b/roles/contiv_facts/tasks/main.yml @@ -81,8 +81,8 @@ has_iptables: false # collect information about what packages are installed -- include: rpm.yml +- include_tasks: rpm.yml when: has_rpm -- include: fedora-install.yml +- include_tasks: fedora-install.yml when: not is_atomic and ansible_distribution == "Fedora" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 55052b0a3..b02a74711 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -60,10 +60,11 @@ state: stopped name: "{{ openshift.docker.service_name }}" - - name: "Ensure {{ docker_alt_storage_path }} exists" - file: - path: "{{ docker_alt_storage_path }}" - state: directory + - name: copy "{{ docker_default_storage_path }}" to "{{ docker_alt_storage_path }}" + command: "cp -r {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" + register: results + failed_when: + - results.rc != 0 - name: "Set the selinux context on {{ docker_alt_storage_path }}" command: "semanage fcontext -a -e {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index e6c3fe4d7..5437275a2 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -1,6 +1,6 @@ --- - name: Get current installed Docker version - command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" + command: "{{ repoquery_installed }} --qf '%{version}' docker" when: not openshift.common.is_atomic | bool register: curr_docker_version retries: 4 @@ -33,9 +33,10 @@ # Make sure Docker is installed, but does not update a running version. # Docker upgrades are handled by a separate playbook. +# Note: The curr_docker_version.stdout check can be removed when https://github.com/ansible/ansible/issues/33187 gets fixed. - name: Install Docker package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present - when: not openshift.common.is_atomic | bool + when: not openshift.common.is_atomic | bool and not curr_docker_version | skipped and not curr_docker_version.stdout != '' - block: # Extend the default Docker service unit file when using iptables-services diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 3e5bdf32c..17800d4e5 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -3,16 +3,10 @@ # TODO: Much of this file is shared with container engine tasks - set_fact: l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}" - when: l2_docker_insecure_registries | bool - set_fact: l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}" - when: l2_docker_additional_registries | bool -- set_fact: - l_crio_registries: "{{ ['docker.io'] }}" - when: not (l2_docker_additional_registries | bool) - set_fact: l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}" - when: l2_docker_additional_registries | bool - set_fact: l_openshift_image_tag: "{{ openshift_image_tag | string }}" diff --git a/roles/kuryr/tasks/master.yaml b/roles/kuryr/tasks/master.yaml index 55ab16f74..1cc6d2375 100644 --- a/roles/kuryr/tasks/master.yaml +++ b/roles/kuryr/tasks/master.yaml @@ -1,6 +1,6 @@ --- -- name: Perform OpenShit ServiceAccount config - include: serviceaccount.yaml +- name: Perform OpenShift ServiceAccount config + include_tasks: serviceaccount.yaml - name: Create kuryr manifests tempdir command: mktemp -d diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index f3c487132..c264427de 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -1,7 +1,6 @@ --- - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Set the Nuage certificate directory fact for Atomic hosts set_fact: @@ -62,7 +61,7 @@ become: yes file: path={{ nuage_mon_rest_server_logdir }} state=directory -- include: serviceaccount.yml +- include_tasks: serviceaccount.yml - name: Download the certs and keys become: yes @@ -82,7 +81,7 @@ - nuage.key - nuage.kubeconfig -- include: certificates.yml +- include_tasks: certificates.yml - name: Install Nuage VSD user certificate become: yes diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml index 9db9dbb6a..c6b7a9b10 100644 --- a/roles/nuage_node/tasks/main.yaml +++ b/roles/nuage_node/tasks/main.yaml @@ -31,7 +31,7 @@ - nuage.key - nuage.kubeconfig -- include: certificates.yml +- include_tasks: certificates.yml - name: Add additional Docker mounts for Nuage for atomic hosts become: yes @@ -44,8 +44,7 @@ - restart node ignore_errors: true -- include: iptables.yml +- include_tasks: iptables.yml - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml index ab3055c8b..dff492a69 100644 --- a/roles/openshift_cloud_provider/tasks/main.yml +++ b/roles/openshift_cloud_provider/tasks/main.yml @@ -11,11 +11,11 @@ state: directory when: has_cloudprovider | bool -- include: openstack.yml +- include_tasks: openstack.yml when: cloudprovider_is_openstack | bool -- include: aws.yml +- include_tasks: aws.yml when: cloudprovider_is_aws | bool -- include: gce.yml +- include_tasks: gce.yml when: cloudprovider_is_gce | bool diff --git a/roles/openshift_excluder/tasks/disable.yml b/roles/openshift_excluder/tasks/disable.yml index 5add25b45..21801b994 100644 --- a/roles/openshift_excluder/tasks/disable.yml +++ b/roles/openshift_excluder/tasks/disable.yml @@ -2,11 +2,11 @@ - when: r_openshift_excluder_verify_upgrade block: - name: Include verify_upgrade.yml when upgrading - include: verify_upgrade.yml + include_tasks: verify_upgrade.yml # unexclude the current openshift/origin-excluder if it is installed so it can be updated - name: Disable excluders before the upgrade to remove older excluding expressions - include: unexclude.yml + include_tasks: unexclude.yml vars: # before the docker excluder can be updated, it needs to be disabled # to remove older excluded packages that are no longer excluded @@ -15,12 +15,12 @@ # Install any excluder that is enabled - name: Include install.yml - include: install.yml + include_tasks: install.yml # And finally adjust an excluder in order to update host components correctly. First # exclude then unexclude - name: Include exclude.yml - include: exclude.yml + include_tasks: exclude.yml vars: # Enable the docker excluder only if it is overridden # BZ #1430612: docker excluders should be enabled even during installation and upgrade @@ -30,7 +30,7 @@ # All excluders that are to be disabled are disabled - name: Include unexclude.yml - include: unexclude.yml + include_tasks: unexclude.yml vars: # If the docker override is not set, default to the generic behaviour # BZ #1430612: docker excluders should be enabled even during installation and upgrade diff --git a/roles/openshift_excluder/tasks/enable.yml b/roles/openshift_excluder/tasks/enable.yml index fce44cfb5..7c3742a06 100644 --- a/roles/openshift_excluder/tasks/enable.yml +++ b/roles/openshift_excluder/tasks/enable.yml @@ -1,6 +1,6 @@ --- - name: Install excluders - include: install.yml + include_tasks: install.yml - name: Enable excluders - include: exclude.yml + include_tasks: exclude.yml diff --git a/roles/openshift_excluder/tasks/main.yml b/roles/openshift_excluder/tasks/main.yml index db20b4012..93d6ef149 100644 --- a/roles/openshift_excluder/tasks/main.yml +++ b/roles/openshift_excluder/tasks/main.yml @@ -32,7 +32,7 @@ - r_openshift_excluder_upgrade_target is not defined - name: Include main action task file - include: "{{ r_openshift_excluder_action }}.yml" + include_tasks: "{{ r_openshift_excluder_action }}.yml" when: - not ostree_booted.stat.exists | bool diff --git a/roles/openshift_excluder/tasks/verify_upgrade.yml b/roles/openshift_excluder/tasks/verify_upgrade.yml index 42026664a..b55a9af23 100644 --- a/roles/openshift_excluder/tasks/verify_upgrade.yml +++ b/roles/openshift_excluder/tasks/verify_upgrade.yml @@ -1,12 +1,12 @@ --- - name: Verify Docker Excluder version - include: verify_excluder.yml + include_tasks: verify_excluder.yml vars: excluder: "{{ r_openshift_excluder_service_type }}-docker-excluder" when: r_openshift_excluder_enable_docker_excluder | bool - name: Verify OpenShift Excluder version - include: verify_excluder.yml + include_tasks: verify_excluder.yml vars: excluder: "{{ r_openshift_excluder_service_type }}-excluder" when: r_openshift_excluder_enable_openshift_excluder | bool diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 99bc12514..e9a51e55b 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -13,6 +13,8 @@ system_images_registry_dict: system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}" +l_is_master_system_container: "{{ (openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" + openshift_node_ips: [] r_openshift_master_clean_install: false r_openshift_master_etcd3_storage: false diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index b6d3539b1..d570a1c7f 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -31,8 +31,7 @@ - openshift.common.is_containerized | bool - name: Open up firewall ports - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install Master package package: @@ -172,16 +171,16 @@ no_proxy_etcd_host_ips: "{{ openshift_no_proxy_etcd_host_ips }}" - name: Update journald config - include: journald.yml + include_tasks: journald.yml - name: Install the systemd units - include: systemd_units.yml + include_tasks: systemd_units.yml - name: Install Master system container - include: system_container.yml + include_tasks: system_container.yml when: - openshift.common.is_containerized | bool - - openshift.common.is_master_system_container | bool + - l_is_master_system_container | bool - name: Create session secrets file template: @@ -212,10 +211,10 @@ - restart master api - restart master controllers -- include: bootstrap_settings.yml +- include_tasks: bootstrap_settings.yml when: openshift_master_bootstrap_enabled | default(False) -- include: set_loopback_context.yml +- include_tasks: set_loopback_context.yml - name: Start and enable master api on first master systemd: @@ -273,7 +272,7 @@ # A separate wait is required here for native HA since notifies will # be resolved after all tasks in the role. -- include: check_master_api_is_ready.yml +- include_tasks: check_master_api_is_ready.yml when: - openshift.master.cluster_method == 'native' - master_api_service_status_changed | bool @@ -323,5 +322,5 @@ - l_install_result | changed - name: node bootstrap settings - include: bootstrap.yml + include_tasks: bootstrap.yml when: openshift_master_bootstrap_enabled | default(False) diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index b0fa72f19..9d11ed574 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -9,7 +9,7 @@ when: - openshift.common.is_containerized | bool -- include: registry_auth.yml +- include_tasks: registry_auth.yml - name: Disable the legacy master service if it exists systemd: @@ -26,7 +26,7 @@ ignore_errors: true when: - openshift.master.cluster_method == "native" - - not openshift.common.is_master_system_container | bool + - not l_is_master_system_container | bool # This is the image used for both HA and non-HA clusters: - name: Pre-pull master image @@ -36,7 +36,7 @@ changed_when: "'Downloaded newer image' in l_pull_result.stdout" when: - openshift.common.is_containerized | bool - - not openshift.common.is_master_system_container | bool + - not l_is_master_system_container | bool - name: Create the ha systemd unit files template: @@ -44,7 +44,7 @@ dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master-{{ item }}.service" when: - openshift.master.cluster_method == "native" - - not openshift.common.is_master_system_container | bool + - not l_is_master_system_container | bool with_items: - api - controllers @@ -64,7 +64,7 @@ - controllers when: - openshift.master.cluster_method == "native" - - not openshift.common.is_master_system_container | bool + - not l_is_master_system_container | bool - name: Preserve Master API Proxy Config options command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api diff --git a/roles/openshift_master/tasks/upgrade.yml b/roles/openshift_master/tasks/upgrade.yml index 92371921d..f84cf2f6e 100644 --- a/roles/openshift_master/tasks/upgrade.yml +++ b/roles/openshift_master/tasks/upgrade.yml @@ -1,16 +1,16 @@ --- -- include: upgrade/rpm_upgrade.yml +- include_tasks: upgrade/rpm_upgrade.yml when: not openshift.common.is_containerized | bool -- include: upgrade/upgrade_scheduler.yml +- include_tasks: upgrade/upgrade_scheduler.yml # master_config_hook is passed in from upgrade play. -- include: "upgrade/{{ master_config_hook }}" +- include_tasks: "upgrade/{{ master_config_hook }}" when: master_config_hook is defined -- include: journald.yml +- include_tasks: journald.yml -- include: systemd_units.yml +- include_tasks: systemd_units.yml - name: Check for ca-bundle.crt stat: diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml index 40705d357..41bfc72cb 100644 --- a/roles/openshift_master_cluster/tasks/main.yml +++ b/roles/openshift_master_cluster/tasks/main.yml @@ -10,5 +10,5 @@ failed_when: false when: openshift.master.cluster_method == "pacemaker" -- include: configure.yml +- include_tasks: configure.yml when: "pcs_status | failed and 'Error: cluster is not currently running on this node' in pcs_status.stderr" diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index d249278dc..62208c155 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -14,6 +14,7 @@ system_images_registry_dict: origin: "docker.io" system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}" +l_is_openvswitch_system_container: "{{ (openshift_use_openvswitch_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" openshift_image_tag: '' diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml index b8be50f6c..ac43ef039 100644 --- a/roles/openshift_node/tasks/bootstrap.yml +++ b/roles/openshift_node/tasks/bootstrap.yml @@ -32,8 +32,7 @@ regexp: "^CONFIG_FILE=.*" - name: include aws sysconfig credentials - include: aws.yml - static: yes + import_tasks: aws.yml when: not (openshift_node_use_instance_profiles | default(False)) #- name: update the ExecStart to have bootstrap diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml index 2fea33454..741a2234f 100644 --- a/roles/openshift_node/tasks/config.yml +++ b/roles/openshift_node/tasks/config.yml @@ -1,6 +1,6 @@ --- - name: Install the systemd units - include: systemd_units.yml + include_tasks: systemd_units.yml - name: Start and enable openvswitch service systemd: @@ -47,8 +47,7 @@ - restart node - name: include aws provider credentials - include: aws.yml - static: yes + import_tasks: aws.yml when: not (openshift_node_use_instance_profiles | default(False)) # Necessary because when you're on a node that's also a master the master will be diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index eae9ca7bc..8e9d1d1b5 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -7,8 +7,7 @@ - not openshift_use_crio | default(false) - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml #### Disable SWAP ##### # https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory @@ -41,7 +40,7 @@ #### End Disable Swap Block #### - name: include node installer - include: install.yml + include_tasks: install.yml - name: Restart cri-o systemd: @@ -66,34 +65,34 @@ sysctl_file: "/etc/sysctl.d/99-openshift.conf" reload: yes -- include: registry_auth.yml +- include_tasks: registry_auth.yml - name: include standard node config - include: config.yml + include_tasks: config.yml #### Storage class plugins here #### - name: NFS storage plugin configuration - include: storage_plugins/nfs.yml + include_tasks: storage_plugins/nfs.yml tags: - nfs - name: GlusterFS storage plugin configuration - include: storage_plugins/glusterfs.yml + include_tasks: storage_plugins/glusterfs.yml when: "'glusterfs' in openshift.node.storage_plugin_deps" - name: Ceph storage plugin configuration - include: storage_plugins/ceph.yml + include_tasks: storage_plugins/ceph.yml when: "'ceph' in openshift.node.storage_plugin_deps" - name: iSCSI storage plugin configuration - include: storage_plugins/iscsi.yml + include_tasks: storage_plugins/iscsi.yml when: "'iscsi' in openshift.node.storage_plugin_deps" ##### END Storage ##### -- include: config/workaround-bz1331590-ovs-oom-fix.yml +- include_tasks: config/workaround-bz1331590-ovs-oom-fix.yml when: openshift_node_use_openshift_sdn | default(true) | bool - name: include bootstrap node config - include: bootstrap.yml + include_tasks: bootstrap.yml when: openshift_node_bootstrap diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 9b4c24dfe..397e1ba18 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -11,21 +11,21 @@ - when: openshift.common.is_containerized | bool block: - name: include node deps docker service file - include: config/install-node-deps-docker-service-file.yml + include_tasks: config/install-node-deps-docker-service-file.yml - name: include ovs service environment file - include: config/install-ovs-service-env-file.yml + include_tasks: config/install-ovs-service-env-file.yml - name: Install Node system container - include: node_system_container.yml + include_tasks: node_system_container.yml when: - l_is_node_system_container | bool - name: Install OpenvSwitch system containers - include: openvswitch_system_container.yml + include_tasks: openvswitch_system_container.yml when: - openshift_node_use_openshift_sdn | bool - - openshift.common.is_openvswitch_system_container | bool + - l_is_openvswitch_system_container | bool - block: - name: Pre-pull openvswitch image @@ -34,11 +34,11 @@ register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" - - include: config/install-ovs-docker-service-file.yml + - include_tasks: config/install-ovs-docker-service-file.yml when: - openshift.common.is_containerized | bool - openshift_node_use_openshift_sdn | bool - - not openshift.common.is_openvswitch_system_container | bool + - not l_is_openvswitch_system_container | bool -- include: config/configure-node-settings.yml -- include: config/configure-proxy-settings.yml +- include_tasks: config/configure-node-settings.yml +- include_tasks: config/configure-proxy-settings.yml diff --git a/roles/openshift_node/tasks/upgrade.yml b/roles/openshift_node/tasks/upgrade.yml index 2bca1e974..fb21b39a1 100644 --- a/roles/openshift_node/tasks/upgrade.yml +++ b/roles/openshift_node/tasks/upgrade.yml @@ -10,7 +10,7 @@ # tasks file for openshift_node_upgrade -- include: registry_auth.yml +- include_tasks: registry_auth.yml - name: Stop node and openvswitch services service: @@ -48,7 +48,7 @@ - openshift.common.is_containerized | bool - openshift_use_openshift_sdn | bool -- include: docker/upgrade.yml +- include_tasks: docker/upgrade.yml vars: # We will restart Docker ourselves after everything is ready: skip_docker_restart: True @@ -56,10 +56,10 @@ - l_docker_upgrade is defined - l_docker_upgrade | bool -- include: "{{ node_config_hook }}" +- include_tasks: "{{ node_config_hook }}" when: node_config_hook is defined -- include: upgrade/rpm_upgrade.yml +- include_tasks: upgrade/rpm_upgrade.yml vars: component: "node" openshift_version: "{{ openshift_pkg_version | default('') }}" @@ -70,7 +70,7 @@ path: "/etc/systemd/system/docker.service.d/docker-sdn-ovs.conf" state: absent -- include: upgrade/containerized_node_upgrade.yml +- include_tasks: upgrade/containerized_node_upgrade.yml when: openshift.common.is_containerized | bool - name: Ensure containerized services stopped before Docker restart @@ -165,7 +165,7 @@ value: "/etc/origin/node/resolv.conf" # Restart all services -- include: upgrade/restart.yml +- include_tasks: upgrade/restart.yml - name: Wait for node to be ready oc_obj: diff --git a/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml b/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml index 96b94d8b6..245de60a7 100644 --- a/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml @@ -6,7 +6,7 @@ skip_node_svc_handlers: True - name: Update systemd units - include: ../systemd_units.yml + include_tasks: ../systemd_units.yml # This is a no-op because of skip_node_svc_handlers, but lets us trigger it before end of # play when the node has already been marked schedulable again. (this would look strange diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml index 9bbaafc29..a33b78780 100644 --- a/roles/openshift_node_dnsmasq/tasks/main.yml +++ b/roles/openshift_node_dnsmasq/tasks/main.yml @@ -59,9 +59,9 @@ state: started # Dynamic NetworkManager based dispatcher -- include: ./network-manager.yml +- include_tasks: ./network-manager.yml when: network_manager_active | bool # Relies on ansible in order to configure static config -- include: ./no-network-manager.yml +- include_tasks: ./no-network-manager.yml when: not network_manager_active | bool diff --git a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml index 8a7da66c2..dede2fb8f 100644 --- a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml +++ b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml @@ -8,4 +8,4 @@ state: present notify: restart NetworkManager -- include: ./network-manager.yml +- include_tasks: network-manager.yml diff --git a/roles/openshift_node_group/tasks/main.yml b/roles/openshift_node_group/tasks/main.yml index c7c15683d..43ecf1b8b 100644 --- a/roles/openshift_node_group/tasks/main.yml +++ b/roles/openshift_node_group/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Build node config maps - include: create_config.yml + include_tasks: create_config.yml vars: openshift_node_group_name: "{{ node_group.name }}" openshift_node_group_edits: "{{ node_group.edits | default([]) }}" diff --git a/roles/openshift_prometheus/README.md b/roles/openshift_prometheus/README.md index 5bf6e7d77..f1eca1da6 100644 --- a/roles/openshift_prometheus/README.md +++ b/roles/openshift_prometheus/README.md @@ -25,6 +25,10 @@ For default values, see [`defaults/main.yaml`](defaults/main.yaml). - `openshift_prometheus_args`: Modify or add arguments for prometheus application +- `openshift_prometheus_hostname`: specify the hostname for the route to prometheus `prometheus-{{openshift_prometheus_namespace}}.{{openshift_master_default_subdomain}}` + +- `openshift_prometheus_alerts_hostname`: specify the hostname for the route to prometheus-alerts `prometheus_alerts-{{openshift_prometheus_namespace}}.{{openshift_master_default_subdomain}}` + e.g ``` openshift_prometheus_args=['--storage.tsdb.retention=6h', '--storage.tsdb.min-block-duration=5s', '--storage.tsdb.max-block-duration=6m'] diff --git a/roles/openshift_prometheus/defaults/main.yaml b/roles/openshift_prometheus/defaults/main.yaml index 1b4a12cac..df331a4bb 100644 --- a/roles/openshift_prometheus/defaults/main.yaml +++ b/roles/openshift_prometheus/defaults/main.yaml @@ -4,6 +4,10 @@ openshift_prometheus_state: present openshift_prometheus_namespace: openshift-metrics +# defaults hosts for routes +openshift_prometheus_hostname: prometheus-{{openshift_prometheus_namespace}}.{{openshift_master_default_subdomain}} +openshift_prometheus_alerts_hostname: alerts-{{openshift_prometheus_namespace}}.{{openshift_master_default_subdomain}} + openshift_prometheus_node_selector: {"region":"infra"} # additional prometheus rules file diff --git a/roles/openshift_prometheus/tasks/install_prometheus.yaml b/roles/openshift_prometheus/tasks/install_prometheus.yaml index 50736a9ee..ad15dc65f 100644 --- a/roles/openshift_prometheus/tasks/install_prometheus.yaml +++ b/roles/openshift_prometheus/tasks/install_prometheus.yaml @@ -113,12 +113,15 @@ oc_route: state: present name: "{{ item.name }}" + host: "{{ item.host }}" namespace: "{{ openshift_prometheus_namespace }}" service_name: "{{ item.name }}" tls_termination: reencrypt with_items: - name: prometheus + host: "{{ openshift_prometheus_hostname }}" - name: alerts + host: "{{ openshift_prometheus_alerts_hostname }}" # Storage - name: create prometheus pvc diff --git a/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml b/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml index 9c1409dee..63dd5cce6 100644 --- a/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml +++ b/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml @@ -83,7 +83,6 @@ objects: containers: - name: glusterblock-provisioner image: ${IMAGE_NAME}:${IMAGE_VERSION} - image: gluster/glusterblock-provisioner:latest imagePullPolicy: IfNotPresent env: - name: PROVISIONER_NAME diff --git a/roles/openshift_storage_glusterfs/files/v3.8/glusterblock-provisioner.yml b/roles/openshift_storage_glusterfs/files/v3.8/glusterblock-provisioner.yml index 9c1409dee..63dd5cce6 100644 --- a/roles/openshift_storage_glusterfs/files/v3.8/glusterblock-provisioner.yml +++ b/roles/openshift_storage_glusterfs/files/v3.8/glusterblock-provisioner.yml @@ -83,7 +83,6 @@ objects: containers: - name: glusterblock-provisioner image: ${IMAGE_NAME}:${IMAGE_VERSION} - image: gluster/glusterblock-provisioner:latest imagePullPolicy: IfNotPresent env: - name: PROVISIONER_NAME |