summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/container_runtime/templates/crio.conf.j22
-rw-r--r--roles/contiv/tasks/pkgMgrInstallers/centos-install.yml2
-rw-r--r--roles/openshift_logging_elasticsearch/handlers/main.yml13
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/main.yaml21
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/restart_cluster.yml35
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/restart_es_node.yml35
-rw-r--r--roles/openshift_logging_elasticsearch/templates/es.j21
-rw-r--r--roles/openshift_logging_elasticsearch/vars/main.yml2
-rw-r--r--roles/openshift_node/templates/node.yaml.v1.j24
-rw-r--r--roles/openshift_repos/tasks/main.yaml4
-rw-r--r--roles/rhel_subscribe/tasks/main.yml55
-rw-r--r--roles/rhel_subscribe/tasks/satellite.yml2
-rw-r--r--roles/template_service_broker/defaults/main.yml1
-rw-r--r--roles/template_service_broker/tasks/install.yml3
14 files changed, 129 insertions, 51 deletions
diff --git a/roles/container_runtime/templates/crio.conf.j2 b/roles/container_runtime/templates/crio.conf.j2
index 3f066a17f..0a1ff2e0a 100644
--- a/roles/container_runtime/templates/crio.conf.j2
+++ b/roles/container_runtime/templates/crio.conf.j2
@@ -27,7 +27,7 @@ storage_option = [
[crio.api]
# listen is the path to the AF_LOCAL socket on which crio will listen.
-listen = "/var/run/crio.sock"
+listen = "/var/run/crio/crio.sock"
# stream_address is the IP address on which the stream server will listen
stream_address = ""
diff --git a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml
index 62b4716a3..a4d260279 100644
--- a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml
+++ b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml
@@ -27,7 +27,7 @@
- name: PkgMgr RHEL/CentOS | Install ovs
yum:
- pkg=openvswitch-2.5.0-2.el7.x86_64
+ pkg=openvswitch
state=present
environment:
http_proxy: "{{ http_proxy|default('') }}"
diff --git a/roles/openshift_logging_elasticsearch/handlers/main.yml b/roles/openshift_logging_elasticsearch/handlers/main.yml
new file mode 100644
index 000000000..fa56897d0
--- /dev/null
+++ b/roles/openshift_logging_elasticsearch/handlers/main.yml
@@ -0,0 +1,13 @@
+---
+- name: "Restarting logging-{{ _cluster_component }} cluster"
+ listen: "restart elasticsearch"
+ include_tasks: restart_cluster.yml
+ with_items: "{{ _restart_logging_components }}"
+ loop_control:
+ loop_var: _cluster_component
+ when: not logging_elasticsearch_rollout_override | bool
+
+## Stop this from running more than once
+- set_fact:
+ logging_elasticsearch_rollout_override: True
+ listen: "restart elasticsearch"
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml
index 8f2050043..5fe683ae5 100644
--- a/roles/openshift_logging_elasticsearch/tasks/main.yaml
+++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml
@@ -204,7 +204,21 @@
from_file:
elasticsearch.yml: "{{ tempdir }}/elasticsearch.yml"
logging.yml: "{{ tempdir }}/elasticsearch-logging.yml"
+ register: es_config_creation
+ notify: "restart elasticsearch"
+- when: es_config_creation.changed | bool
+ block:
+ - set_fact:
+ _restart_logging_components: "{{ _restart_logging_components | default([]) + [es_component] | unique }}"
+
+ - shell: >
+ oc get dc -l component="{{ es_component }}" -n "{{ openshift_logging_elasticsearch_namespace }}" -o name | cut -d'/' -f2
+ register: _es_dcs
+
+ - set_fact:
+ _restart_logging_nodes: "{{ _restart_logging_nodes | default([]) + [_es_dcs.stdout] | unique }}"
+ when: _es_dcs.stdout != ""
# secret
- name: Set ES secret
@@ -375,6 +389,13 @@
files:
- "{{ tempdir }}/templates/logging-es-dc.yml"
delete_after: true
+ register: es_dc_creation
+ notify: "restart elasticsearch"
+
+- set_fact:
+ _restart_logging_components: "{{ _restart_logging_components | default([]) + [es_component] | unique }}"
+ _restart_logging_nodes: "{{ _restart_logging_nodes | default([]) + [es_deploy_name] | unique }}"
+ when: es_dc_creation.changed | bool
- name: Retrieving the cert to use when generating secrets for the {{ es_component }} component
slurp:
diff --git a/roles/openshift_logging_elasticsearch/tasks/restart_cluster.yml b/roles/openshift_logging_elasticsearch/tasks/restart_cluster.yml
new file mode 100644
index 000000000..4a32453e3
--- /dev/null
+++ b/roles/openshift_logging_elasticsearch/tasks/restart_cluster.yml
@@ -0,0 +1,35 @@
+---
+## get all pods for the cluster
+- command: >
+ oc get pod -l component={{ _cluster_component }},provider=openshift -n {{ openshift_logging_elasticsearch_namespace }} -o jsonpath={.items[*].metadata.name}
+ register: _cluster_pods
+
+- name: "Disable shard balancing for logging-{{ _cluster_component }} cluster"
+ command: >
+ oc exec {{ _cluster_pods.stdout.split(' ')[0] }} -c elasticsearch -n {{ openshift_logging_elasticsearch_namespace }} -- {{ __es_local_curl }} -XPUT 'https://localhost:9200/_cluster/settings' -d '{ "transient": { "cluster.routing.allocation.enable" : "none" } }'
+ register: _disable_output
+ changed_when: "'\"acknowledged\":true' in _disable_output.stdout"
+ when: _cluster_pods.stdout_lines | count > 0
+
+- command: >
+ oc get dc -l component={{ _cluster_component }},provider=openshift -n {{ openshift_logging_elasticsearch_namespace }} -o jsonpath={.items[*].metadata.name}
+ register: _cluster_dcs
+
+## restart the node if it's dc is in the list of nodes to restart?
+- name: "Restart ES node {{ _es_node }}"
+ include_tasks: restart_es_node.yml
+ with_items: "{{ _restart_logging_nodes }}"
+ loop_control:
+ loop_var: _es_node
+ when: _es_node in _cluster_dcs.stdout
+
+## we may need a new first pod to run against -- fetch them all again
+- command: >
+ oc get pod -l component={{ _cluster_component }},provider=openshift -n {{ openshift_logging_elasticsearch_namespace }} -o jsonpath={.items[*].metadata.name}
+ register: _cluster_pods
+
+- name: "Enable shard balancing for logging-{{ _cluster_component }} cluster"
+ command: >
+ oc exec {{ _cluster_pods.stdout.split(' ')[0] }} -c elasticsearch -n {{ openshift_logging_elasticsearch_namespace }} -- {{ __es_local_curl }} -XPUT 'https://localhost:9200/_cluster/settings' -d '{ "transient": { "cluster.routing.allocation.enable" : "all" } }'
+ register: _enable_output
+ changed_when: "'\"acknowledged\":true' in _enable_output.stdout"
diff --git a/roles/openshift_logging_elasticsearch/tasks/restart_es_node.yml b/roles/openshift_logging_elasticsearch/tasks/restart_es_node.yml
new file mode 100644
index 000000000..b07b232ce
--- /dev/null
+++ b/roles/openshift_logging_elasticsearch/tasks/restart_es_node.yml
@@ -0,0 +1,35 @@
+---
+- name: "Rolling out new pod(s) for {{ _es_node }}"
+ command: >
+ oc rollout latest {{ _es_node }} -n {{ openshift_logging_elasticsearch_namespace }}
+
+- name: "Waiting for {{ _es_node }} to finish scaling up"
+ oc_obj:
+ state: list
+ name: "{{ _es_node }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
+ kind: dc
+ register: _dc_output
+ until:
+ - _dc_output.results.results[0].status is defined
+ - _dc_output.results.results[0].status.readyReplicas is defined
+ - _dc_output.results.results[0].status.readyReplicas > 0
+ retries: 60
+ delay: 30
+
+- name: Gettings name(s) of replica pod(s)
+ command: >
+ oc get pods -l deploymentconfig={{ _es_node }} -n {{ openshift_logging_elasticsearch_namespace }} -o jsonpath={.items[*].metadata.name}
+ register: _pods
+
+- name: "Waiting for ES to be ready for {{ _es_node }}"
+ shell: >
+ oc exec "{{ _pod }}" -c elasticsearch -n "{{ openshift_logging_elasticsearch_namespace }}" -- {{ __es_local_curl }} https://localhost:9200/_cat/health | cut -d' ' -f4
+ with_items: "{{ _pods.stdout.split(' ') }}"
+ loop_control:
+ loop_var: _pod
+ register: _pod_status
+ until: _pod_status.stdout in ['green', 'yellow']
+ retries: 60
+ delay: 5
+ changed_when: false
diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2
index bf04094a3..cf6ee36bb 100644
--- a/roles/openshift_logging_elasticsearch/templates/es.j2
+++ b/roles/openshift_logging_elasticsearch/templates/es.j2
@@ -17,6 +17,7 @@ spec:
logging-infra: "{{logging_component}}"
strategy:
type: Recreate
+ triggers: []
template:
metadata:
name: "{{deploy_name}}"
diff --git a/roles/openshift_logging_elasticsearch/vars/main.yml b/roles/openshift_logging_elasticsearch/vars/main.yml
index 09e2ee4d0..c8e995146 100644
--- a/roles/openshift_logging_elasticsearch/vars/main.yml
+++ b/roles/openshift_logging_elasticsearch/vars/main.yml
@@ -5,6 +5,8 @@ __allowed_es_types: ["data-master", "data-client", "master", "client"]
__es_log_appenders: ['file', 'console']
__kibana_index_modes: ["unique", "shared_ops"]
+__es_local_curl: "curl -s --cacert /etc/elasticsearch/secret/admin-ca --cert /etc/elasticsearch/secret/admin-cert --key /etc/elasticsearch/secret/admin-key"
+
# TODO: integrate these
openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
es_node_quorum: "{{ openshift_logging_elasticsearch_replica_count | int/2 + 1 }}"
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index 16fdde02e..261cac6f1 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -20,9 +20,9 @@ kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yam
container-runtime:
- remote
container-runtime-endpoint:
- - /var/run/crio.sock
+ - /var/run/crio/crio.sock
image-service-endpoint:
- - /var/run/crio.sock
+ - /var/run/crio/crio.sock
node-labels:
- router=true
- registry=true
diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml
index 83954eaf8..3a6667863 100644
--- a/roles/openshift_repos/tasks/main.yaml
+++ b/roles/openshift_repos/tasks/main.yaml
@@ -41,8 +41,8 @@
when:
- ansible_distribution == 'RedHat'
- deployment_type == 'openshift-enterprise'
- - (rhel_subscription_user or rhsub_user) is defined
- - (rhel_subscription_password or rhsub_pass) is defined
+ - rhsub_user is defined
+ - rhsub_password is defined
- include_tasks: centos_repos.yml
when:
diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml
index 74ee8bbfe..6337cd644 100644
--- a/roles/rhel_subscribe/tasks/main.yml
+++ b/roles/rhel_subscribe/tasks/main.yml
@@ -1,22 +1,8 @@
---
-- set_fact:
- rhel_subscription_pass: "{{ lookup('env', 'rhel_subscription_pass') | default(rhsub_pass | default(omit, True)) }}"
- rhel_subscription_pool: "{{ lookup('env', 'rhel_subscription_pool') | default(rhsub_pool | default('Red Hat OpenShift Container Platform, Premium*')) }}"
- rhel_subscription_user: "{{ lookup('env', 'rhel_subscription_user') | default(rhsub_user | default(omit, True)) }}"
- rhel_subscription_server: "{{ lookup('env', 'rhel_subscription_server') | default(rhsub_server | default(omit, True)) }}"
-
- fail:
msg: "This role is only supported for Red Hat hosts"
when: ansible_distribution != 'RedHat'
-- fail:
- msg: The rhel_subscription_user variable is required for this role.
- when: rhel_subscription_user is not defined or not rhsub_user is not defined
-
-- fail:
- msg: The rhel_subscription_pass variable is required for this role.
- when: rhel_subscription_pass is not defined or not rhsub_pass is not defined
-
- name: Install Red Hat Subscription manager
yum:
name: subscription-manager
@@ -25,21 +11,18 @@
until: result | success
- name: Is host already registered?
- command: bash -c "subscription-manager version"
+ command: "subscription-manager version"
register: rh_subscribed
- changed_when: "'not registered' in rh_subscribed.stdout"
- ignore_errors: yes
+ changed_when: False
- name: Register host
redhat_subscription:
- username: "{{ rhel_subscription_user }}"
- password: "{{ rhel_subscription_pass }}"
+ username: "{{ rhsub_user }}"
+ password: "{{ rhsub_pass }}"
register: rh_subscription
until: rh_subscription | succeeded
when:
- "'not registered' in rh_subscribed.stdout"
- - rhel_subscription_user is defined
- - rhel_subscription_pass is defined
- fail:
msg: 'Unable to register host with Red Hat Subscription Manager'
@@ -48,34 +31,18 @@
- rh_subscription.failed
- name: Determine if OpenShift Pool Already Attached
- command: bash -c "subscription-manager list --consumed --pool-only --matches '*OpenShift*' | grep {{ rhel_subscription_pool }}"
+ command: "subscription-manager list --consumed --pool-only --matches '*OpenShift*'"
register: openshift_pool_attached
- changed_when: rhel_subscription_pool not in openshift_pool_attached.stdout
- failed_when: openshift_pool_attached.rc == 2
+ changed_when: False
ignore_errors: yes
-- name: Retrieve the OpenShift Pool ID
- command: bash -c "subscription-manager list --available --pool-only --matches '*OpenShift*' | grep {{ rhel_subscription_pool }}"
- register: openshift_pool_retrieve
- changed_when: rhel_subscription_pool in openshift_pool_retrieve.stdout
- when: rhel_subscription_pool not in openshift_pool_attached.stdout
- ignore_errors: yes
-
-- fail:
- msg: "Unable to find pool matching {{ rhel_subscription_pool }} in available pools"
- when:
- - rhel_subscription_pool not in openshift_pool_attached.stdout
- - rhel_subscription_pool not in openshift_pool_retrieve.stdout
-
- name: Attach to OpenShift Pool
- command: bash -c "subscription-manager attach --pool {{ rhel_subscription_pool }}"
+ command: "subscription-manager attach --pool {{ rhsub_pool }}"
register: openshift_pool_attached
changed_when: "'Successfully attached a subscription' in openshift_pool_attached.stdout"
- when: rhel_subscription_pool not in openshift_pool_attached.stdout
+ when: rhsub_pool not in openshift_pool_attached.stdout
-- include_role:
- role: rhel_subscribe
- tasks_from: satellite
+- include_tasks: satellite.yml
when:
- - (rhel_subscription_server or rhsub_server) is defined
- - (rhel_subscription_server or rhsub_server)
+ - rhsub_server is defined
+ - rhsub_server
diff --git a/roles/rhel_subscribe/tasks/satellite.yml b/roles/rhel_subscribe/tasks/satellite.yml
index b2b2a621d..dadbe3487 100644
--- a/roles/rhel_subscribe/tasks/satellite.yml
+++ b/roles/rhel_subscribe/tasks/satellite.yml
@@ -1,5 +1,5 @@
---
- name: Satellite preparation
- command: "rpm -Uvh http://{{ rhel_subscription_server }}/pub/katello-ca-consumer-latest.noarch.rpm"
+ command: "rpm -Uvh http://{{ rhsub_server }}/pub/katello-ca-consumer-latest.noarch.rpm"
args:
creates: /etc/rhsm/ca/katello-server-ca.pem
diff --git a/roles/template_service_broker/defaults/main.yml b/roles/template_service_broker/defaults/main.yml
index 421b4ecf9..c32872d24 100644
--- a/roles/template_service_broker/defaults/main.yml
+++ b/roles/template_service_broker/defaults/main.yml
@@ -3,3 +3,4 @@
template_service_broker_remove: False
template_service_broker_install: True
openshift_template_service_broker_namespaces: ['openshift']
+template_service_broker_selector: { "region": "infra" }
diff --git a/roles/template_service_broker/tasks/install.yml b/roles/template_service_broker/tasks/install.yml
index 99a58baff..1253c1133 100644
--- a/roles/template_service_broker/tasks/install.yml
+++ b/roles/template_service_broker/tasks/install.yml
@@ -15,6 +15,8 @@
- oc_project:
name: openshift-template-service-broker
state: present
+ node_selector:
+ - ""
- command: mktemp -d /tmp/tsb-ansible-XXXXXX
register: mktemp
@@ -45,6 +47,7 @@
{{ openshift.common.client_binary }} process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}"
--param API_SERVER_CONFIG="{{ config['content'] | b64decode }}"
--param IMAGE="{{ template_service_broker_prefix }}{{ template_service_broker_image_name }}:{{ template_service_broker_version }}"
+ --param NODE_SELECTOR={{ template_service_broker_selector | to_json | quote }}
| {{ openshift.common.client_binary }} apply -f -
# reconcile with rbac