From 03e6ae850ce718c008636bd8db093f453e62ccf3 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Thu, 12 Nov 2015 10:46:25 -0500 Subject: Refactor named certificates. --- playbooks/common/openshift-master/config.yml | 53 +++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 9 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index b1da85d5d..8719d080d 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -204,14 +204,6 @@ validate_checksum: yes with_items: masters_needing_certs -- name: Inspect named certificates - hosts: oo_first_master - tasks: - - name: Collect certificate names - set_fact: - parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}" - when: openshift_master_named_certificates is defined - - name: Compute haproxy_backend_servers hosts: localhost connection: local @@ -272,11 +264,54 @@ | map(attribute='stdout') | list) }}" +- name: Parse named certificates + hosts: localhost + vars: + internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}" + named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}" + named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].master_cert_config_dir }}/named_certificates/" + tasks: + - set_fact: + parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}" + when: named_certificates | length > 0 + +- name: Deploy named certificates + hosts: oo_masters_to_config + vars: + named_certs_dir: "{{ master_cert_config_dir }}/named_certificates/" + named_certs_specified: "{{ openshift_master_named_certificates is defined }}" + overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}" + roles: + - role: openshift_facts + post_tasks: + - openshift_facts: + role: master + local_facts: + named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}" + overwrite_additive_facts: "{{ overwrite_named_certs }}" + - name: Clear named certificates + file: + path: "{{ named_certs_dir }}" + state: absent + when: overwrite_named_certs | bool + - name: Ensure named certificate directory exists + file: + path: "{{ named_certs_dir }}" + state: directory + when: named_certs_specified | bool + - name: Land named certificates + copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}" + with_items: openshift_master_named_certificates + when: named_certs_specified | bool + - name: Land named certificate keys + copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" + with_items: openshift_master_named_certificates + when: named_certs_specified | bool + - name: Configure master instances hosts: oo_masters_to_config serial: 1 vars: - named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" openshift_master_count: "{{ groups.oo_masters_to_config | length }}" -- cgit v1.2.3 From 927e585bbeb049523313bacedc57efee2eacf232 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Mon, 16 Nov 2015 16:01:35 -0500 Subject: Add additive_facts_to_overwrite instead of overwriting all additive_facts --- playbooks/common/openshift-master/config.yml | 3 +- roles/openshift_facts/library/openshift_facts.py | 46 +++++++++++++++--------- 2 files changed, 31 insertions(+), 18 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 8719d080d..ff1579218 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -288,7 +288,8 @@ role: master local_facts: named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}" - overwrite_additive_facts: "{{ overwrite_named_certs }}" + additive_facts_to_overwrite: + - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}" - name: Clear named certificates file: path: "{{ named_certs_dir }}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 995d2c5fb..fc701d42b 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -864,13 +864,16 @@ def apply_provider_facts(facts, provider_facts): return facts -def merge_facts(orig, new, overwrite_additive_facts): +def merge_facts(orig, new, additive_facts_to_overwrite): """ Recursively merge facts dicts Args: orig (dict): existing facts new (dict): facts to update - overwrite_additive_facts (bool): overwrite additive facts + + additive_facts_to_overwrite (list): additive facts to overwrite in jinja + '.' notation ex: ['master.named_certificates'] + Returns: dict: the merged facts """ @@ -879,8 +882,14 @@ def merge_facts(orig, new, overwrite_additive_facts): for key, value in orig.iteritems(): if key in new: if isinstance(value, dict) and isinstance(new[key], dict): - facts[key] = merge_facts(value, new[key], overwrite_additive_facts) - elif key in additive_facts and not overwrite_additive_facts: + relevant_additive_facts = [] + # Keep additive_facts_to_overwrite if key matches + for item in additive_facts_to_overwrite: + if '.' in item and item.startswith(key + '.'): + relevant_additive_facts.append(item) + facts[key] = merge_facts(value, new[key], relevant_additive_facts) + elif key in additive_facts and key not in [x.split('.')[-1] for x in additive_facts_to_overwrite]: + # Fact is additive so we'll combine orig and new. if isinstance(value, list) and isinstance(new[key], list): new_fact = [] for item in copy.deepcopy(value) + copy.copy(new[key]): @@ -970,14 +979,15 @@ class OpenShiftFacts(object): role (str): role for setting local facts filename (str): local facts file to use local_facts (dict): local facts to set - overwrite_additive_facts (bool): overwrite additive facts + additive_facts_to_overwrite (list): additive facts to overwrite in jinja + '.' notation ex: ['master.named_certificates'] Raises: OpenShiftFactsUnsupportedRoleError: """ known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'dns', 'etcd'] - def __init__(self, role, filename, local_facts, overwrite_additive_facts=False): + def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=False): self.changed = False self.filename = filename if role not in self.known_roles: @@ -986,26 +996,27 @@ class OpenShiftFacts(object): ) self.role = role self.system_facts = ansible_facts(module) - self.facts = self.generate_facts(local_facts, overwrite_additive_facts) + self.facts = self.generate_facts(local_facts, additive_facts_to_overwrite) - def generate_facts(self, local_facts, overwrite_additive_facts): + def generate_facts(self, local_facts, additive_facts_to_overwrite): """ Generate facts Args: local_facts (dict): local_facts for overriding generated defaults - overwrite_additive_facts (dict): overwrite additive facts + additive_facts_to_overwrite (list): additive facts to overwrite in jinja + '.' notation ex: ['master.named_certificates'] Returns: dict: The generated facts """ - local_facts = self.init_local_facts(local_facts, overwrite_additive_facts) + local_facts = self.init_local_facts(local_facts, additive_facts_to_overwrite) roles = local_facts.keys() defaults = self.get_defaults(roles) provider_facts = self.init_provider_facts() facts = apply_provider_facts(defaults, provider_facts) - facts = merge_facts(facts, local_facts, overwrite_additive_facts) + facts = merge_facts(facts, local_facts, additive_facts_to_overwrite) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) facts = set_project_cfg_facts_if_unset(facts) @@ -1143,12 +1154,13 @@ class OpenShiftFacts(object): ) return provider_facts - def init_local_facts(self, facts=None, overwrite_additive_facts=False): + def init_local_facts(self, facts=None, additive_facts_to_overwrite=False): """ Initialize the provider facts Args: facts (dict): local facts to set - overwrite_additive_facts (bool): overwrite additive facts + additive_facts_to_overwrite (list): additive facts to overwrite in jinja + '.' notation ex: ['master.named_certificates'] Returns: dict: The result of merging the provided facts with existing @@ -1166,7 +1178,7 @@ class OpenShiftFacts(object): basestring): facts_to_set[arg] = module.from_json(facts_to_set[arg]) - new_local_facts = merge_facts(local_facts, facts_to_set, overwrite_additive_facts) + new_local_facts = merge_facts(local_facts, facts_to_set, additive_facts_to_overwrite) for facts in new_local_facts.values(): keys_to_delete = [] for fact, value in facts.iteritems(): @@ -1196,7 +1208,7 @@ def main(): role=dict(default='common', required=False, choices=OpenShiftFacts.known_roles), local_facts=dict(default=None, type='dict', required=False), - overwrite_additive_facts=dict(default=False, type='bool', required=False), + additive_facts_to_overwrite=dict(default=[], type='list', required=False), ), supports_check_mode=True, add_file_common_args=True, @@ -1204,10 +1216,10 @@ def main(): role = module.params['role'] local_facts = module.params['local_facts'] - overwrite_additive_facts = module.params['overwrite_additive_facts'] + additive_facts_to_overwrite = module.params['additive_facts_to_overwrite'] fact_file = '/etc/ansible/facts.d/openshift.fact' - openshift_facts = OpenShiftFacts(role, fact_file, local_facts, overwrite_additive_facts) + openshift_facts = OpenShiftFacts(role, fact_file, local_facts, additive_facts_to_overwrite) file_params = module.params.copy() file_params['path'] = fact_file -- cgit v1.2.3 From 4893e96fcb4fb27c7337f9f962e375aef2040233 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 17 Nov 2015 11:17:53 -0500 Subject: Fix ec2 instance type override --- README_AWS.md | 13 ++++++++++++- playbooks/aws/openshift-cluster/tasks/launch_instances.yml | 12 ++++-------- 2 files changed, 16 insertions(+), 9 deletions(-) (limited to 'playbooks') diff --git a/README_AWS.md b/README_AWS.md index d9e2ac5a9..16ccb07e8 100644 --- a/README_AWS.md +++ b/README_AWS.md @@ -81,9 +81,20 @@ Node specific defaults: - Docker volume type: gp2 (only applicable if ephemeral is false) - Docker volume iops: 500 (only applicable when volume type is io1) +Specifying ec2 instance type. +All instances: +- export ec2_instance_type='m4.large' +Master instances: +- export ec2_master_instance_type='m4.large' +Infra node instances: +- export ec2_infra_instance_type='m4.large' +Non-infra node instances: +- export ec2_node_instance_type='m4.large' +etcd instances: +- export ec2_etcd_instance_type='m4.large' + If needed, these values can be changed by setting environment variables on your system. -- export ec2_instance_type='m4.large' - export ec2_image='ami-307b3658' - export ec2_region='us-east-1' - export ec2_keypair='libra' diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml index 9c699120b..c40d5673f 100644 --- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml @@ -19,10 +19,6 @@ ec2_image: "{{ lookup('env', 'ec2_image') | default(deployment_vars[deployment_type].image, true) }}" when: ec2_image is not defined and not ec2_image_name -- set_fact: - ec2_instance_type: "{{ lookup('env', 'ec2_instance_type') - | default(deployment_vars[deployment_type].type, true) }}" - when: ec2_instance_type is not defined - set_fact: ec2_keypair: "{{ lookup('env', 'ec2_keypair') | default(deployment_vars[deployment_type].keypair, true) }}" @@ -37,25 +33,25 @@ when: ec2_assign_public_ip is not defined - set_fact: - ec2_instance_type: "{{ ec2_master_instance_type | default(deployment_vars[deployment_type].type, true) }}" + ec2_instance_type: "{{ ec2_master_instance_type | default(lookup('env', 'ec2_master_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}" ec2_security_groups: "{{ ec2_master_security_groups | default(deployment_vars[deployment_type].security_groups, true) }}" when: host_type == "master" and sub_host_type == "default" - set_fact: - ec2_instance_type: "{{ ec2_etcd_instance_type | default(deployment_vars[deployment_type].type, true) }}" + ec2_instance_type: "{{ ec2_etcd_instance_type | default(lookup('env', 'ec2_etcd_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}" ec2_security_groups: "{{ ec2_etcd_security_groups | default(deployment_vars[deployment_type].security_groups, true)}}" when: host_type == "etcd" and sub_host_type == "default" - set_fact: - ec2_instance_type: "{{ ec2_infra_instance_type | default(deployment_vars[deployment_type].type, true) }}" + ec2_instance_type: "{{ ec2_infra_instance_type | default(lookup('env', 'ec2_infra_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}" ec2_security_groups: "{{ ec2_infra_security_groups | default(deployment_vars[deployment_type].security_groups, true) }}" when: host_type == "node" and sub_host_type == "infra" - set_fact: - ec2_instance_type: "{{ ec2_node_instance_type | default(deployment_vars[deployment_type].type, true) }}" + ec2_instance_type: "{{ ec2_node_instance_type | default(lookup('env', 'ec2_node_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}" ec2_security_groups: "{{ ec2_node_security_groups | default(deployment_vars[deployment_type].security_groups, true) }}" when: host_type == "node" and sub_host_type == "compute" -- cgit v1.2.3 From 31dbbf54a22202dfcce44dbb82f8bfcb4ea5181c Mon Sep 17 00:00:00 2001 From: Chengcheng Mu Date: Wed, 18 Nov 2015 11:10:16 +0100 Subject: add a volume on master host, in AWS provisioning --- filter_plugins/oo_filters.py | 8 ++++++-- playbooks/aws/openshift-cluster/tasks/launch_instances.yml | 4 ++++ playbooks/aws/openshift-cluster/templates/user_data.j2 | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) (limited to 'playbooks') diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 2386b5878..4dfa33a2c 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -191,7 +191,11 @@ class FilterModule(object): { 'root': { 'volume_size': 10, 'device_type': 'gp2', 'iops': 500 - } + }, + 'docker': + { 'volume_size': 40, 'device_type': 'gp2', + 'iops': 500, 'ephemeral': 'true' + } }, 'node': { 'root': @@ -216,7 +220,7 @@ class FilterModule(object): root_vol['delete_on_termination'] = True if root_vol['device_type'] != 'io1': root_vol.pop('iops', None) - if host_type == 'node': + if host_type in ['master', 'node']: docker_vol = data[host_type]['docker'] docker_vol['device_name'] = '/dev/xvdb' docker_vol['delete_on_termination'] = True diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml index 9c699120b..f392fdbc3 100644 --- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml @@ -97,6 +97,10 @@ volume_size: "{{ lookup('env', 'os_master_root_vol_size') | default(25, true) }}" device_type: "{{ lookup('env', 'os_master_root_vol_type') | default('gp2', true) }}" iops: "{{ lookup('env', 'os_master_root_vol_iops') | default(500, true) }}" + docker: + volume_size: "{{ lookup('env', 'os_docker_vol_size') | default(10, true) }}" + device_type: "{{ lookup('env', 'os_docker_vol_type') | default('gp2', true) }}" + iops: "{{ lookup('env', 'os_docker_vol_iops') | default(500, true) }}" node: root: volume_size: "{{ lookup('env', 'os_node_root_vol_size') | default(85, true) }}" diff --git a/playbooks/aws/openshift-cluster/templates/user_data.j2 b/playbooks/aws/openshift-cluster/templates/user_data.j2 index 82c2f4d57..b7d89eac1 100644 --- a/playbooks/aws/openshift-cluster/templates/user_data.j2 +++ b/playbooks/aws/openshift-cluster/templates/user_data.j2 @@ -19,7 +19,7 @@ fs_setup: partition: auto {% endif %} -{% if type == 'node' %} +{% if type == 'node' or type == 'master' %} mounts: - [ xvdb ] - [ ephemeral0 ] -- cgit v1.2.3 From ff53975c238dc85a3f31610d605f0e9c2f57b2ab Mon Sep 17 00:00:00 2001 From: Lénaïc Huard Date: Wed, 18 Nov 2015 16:04:20 +0100 Subject: Add etcd nodes management in OpenStack Fixes #472 --- README_openstack.md | 1 + .../openshift-cluster/files/heat_stack.yaml | 88 ++++++++++++++++++++++ playbooks/openstack/openshift-cluster/launch.yml | 15 ++++ playbooks/openstack/openshift-cluster/vars.yml | 1 + roles/etcd_common/defaults/main.yml | 2 +- 5 files changed, 106 insertions(+), 1 deletion(-) (limited to 'playbooks') diff --git a/README_openstack.md b/README_openstack.md index 8d8f6ef3f..9a2b627e2 100644 --- a/README_openstack.md +++ b/README_openstack.md @@ -31,6 +31,7 @@ The following options are used only by `heat_stack.yaml`. They are so used only * `image_name`: Name of the image to use to spawn VMs * `public_key` (default to `~/.ssh/id_rsa.pub`): filename of the ssh public key +* `etcd_flavor` (default to `m1.small`): The ID or name of the flavor for the etcd nodes * `master_flavor` (default to `m1.small`): The ID or name of the flavor for the master * `node_flavor` (default to `m1.medium`): The ID or name of the flavor for the compute nodes * `infra_flavor` (default to `m1.small`): The ID or name of the flavor for the infrastructure nodes diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml index 40e4ab22c..bfd73c777 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml @@ -43,6 +43,11 @@ parameters: description: Source of legitimate ssh connections default: 0.0.0.0/0 + num_etcd: + type: number + label: Number of etcd nodes + description: Number of etcd nodes + num_masters: type: number label: Number of masters @@ -58,6 +63,11 @@ parameters: label: Number of infrastructure nodes description: Number of infrastructure nodes + etcd_image: + type: string + label: Etcd image + description: Name of the image for the etcd servers + master_image: type: string label: Master image @@ -73,6 +83,11 @@ parameters: label: Infra image description: Name of the image for the infra node servers + etcd_flavor: + type: string + label: Etcd flavor + description: Flavor of the etcd servers + master_flavor: type: string label: Master flavor @@ -90,6 +105,18 @@ parameters: outputs: + etcd_names: + description: Name of the etcds + value: { get_attr: [ etcd, name ] } + + etcd_ips: + description: IPs of the etcds + value: { get_attr: [ etcd, private_ip ] } + + etcd_floating_ips: + description: Floating IPs of the etcds + value: { get_attr: [ etcd, floating_ip ] } + master_names: description: Name of the masters value: { get_attr: [ masters, name ] } @@ -220,6 +247,37 @@ resources: port_range_min: 24224 port_range_max: 24224 + etcd-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-etcd-secgrp + params: + cluster_id: { get_param: cluster_id } + description: + str_replace: + template: Security group for cluster_id etcd cluster + params: + cluster_id: { get_param: cluster_id } + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: { get_param: ssh_incoming } + - direction: ingress + protocol: tcp + port_range_min: 2379 + port_range_max: 2379 + remote_mode: remote_group_id + remote_group_id: { get_resource: master-secgrp } + - direction: ingress + protocol: tcp + port_range_min: 2380 + port_range_max: 2380 + remote_mode: remote_group_id + node-secgrp: type: OS::Neutron::SecurityGroup properties: @@ -274,6 +332,36 @@ resources: port_range_min: 443 port_range_max: 443 + etcd: + type: OS::Heat::ResourceGroup + properties: + count: { get_param: num_etcd } + resource_def: + type: heat_stack_server.yaml + properties: + name: + str_replace: + template: cluster_id-k8s_type-%index% + params: + cluster_id: { get_param: cluster_id } + k8s_type: etcd + cluster_id: { get_param: cluster_id } + type: etcd + image: { get_param: etcd_image } + flavor: { get_param: etcd_flavor } + key_name: { get_resource: keypair } + net: { get_resource: net } + subnet: { get_resource: subnet } + secgrp: + - { get_resource: etcd-secgrp } + floating_network: { get_param: floating_ip_pool } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: { get_param: cluster_id } + depends_on: interface + masters: type: OS::Heat::ResourceGroup properties: diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index 651aef40b..b18512495 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -35,12 +35,15 @@ -P floating_ip_pool={{ openstack_floating_ip_pool }} -P ssh_public_key="{{ openstack_ssh_public_key }}" -P ssh_incoming={{ openstack_ssh_access_from }} + -P num_etcd={{ num_etcd }} -P num_masters={{ num_masters }} -P num_nodes={{ num_nodes }} -P num_infra={{ num_infra }} + -P etcd_image={{ deployment_vars[deployment_type].image }} -P master_image={{ deployment_vars[deployment_type].image }} -P node_image={{ deployment_vars[deployment_type].image }} -P infra_image={{ deployment_vars[deployment_type].image }} + -P etcd_flavor={{ openstack_flavor["etcd"] }} -P master_flavor={{ openstack_flavor["master"] }} -P node_flavor={{ openstack_flavor["node"] }} -P infra_flavor={{ openstack_flavor["infra"] }} @@ -61,6 +64,18 @@ - set_fact: parsed_outputs: "{{ stack_show_result | oo_parse_heat_stack_outputs }}" + - name: Add new etcd instances groups and variables + add_host: + hostname: '{{ item[0] }}' + ansible_ssh_host: '{{ item[2] }}' + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + groups: 'tag_env_{{ cluster_id }}, tag_host-type_etcd, tag_env-host-type_{{ cluster_id }}-openshift-etcd, tag_sub-host-type_default' + with_together: + - parsed_outputs.etcd_names + - parsed_outputs.etcd_ips + - parsed_outputs.etcd_floating_ips + - name: Add new master instances groups and variables add_host: hostname: '{{ item[0] }}' diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml index 262d3f4ed..e3796c91f 100644 --- a/playbooks/openstack/openshift-cluster/vars.yml +++ b/playbooks/openstack/openshift-cluster/vars.yml @@ -14,6 +14,7 @@ openstack_ssh_public_key: "{{ lookup('file', lookup('oo_option', 'public_k openstack_ssh_access_from: "{{ lookup('oo_option', 'ssh_from') | default('0.0.0.0/0', True) }}" openstack_flavor: + etcd: "{{ lookup('oo_option', 'etcd_flavor' ) | default('m1.small', True) }}" master: "{{ lookup('oo_option', 'master_flavor' ) | default('m1.small', True) }}" infra: "{{ lookup('oo_option', 'infra_flavor' ) | default('m1.small', True) }}" node: "{{ lookup('oo_option', 'node_flavor' ) | default('m1.medium', True) }}" diff --git a/roles/etcd_common/defaults/main.yml b/roles/etcd_common/defaults/main.yml index 96f4b63af..3af509448 100644 --- a/roles/etcd_common/defaults/main.yml +++ b/roles/etcd_common/defaults/main.yml @@ -1,5 +1,5 @@ --- -etcd_peers_group: etcd +etcd_peers_group: oo_etcd_to_config # etcd server vars etcd_conf_dir: /etc/etcd -- cgit v1.2.3 From f9d918450b27b8f7429f050ed5f781492406b385 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 18 Nov 2015 14:38:22 -0500 Subject: small tweaks for adding docker volume for aws master hosts --- filter_plugins/oo_filters.py | 4 ++-- playbooks/aws/openshift-cluster/tasks/launch_instances.yml | 3 +-- playbooks/aws/openshift-cluster/templates/user_data.j2 | 4 ++-- 3 files changed, 5 insertions(+), 6 deletions(-) (limited to 'playbooks') diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 4dfa33a2c..e50cca6a7 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -220,7 +220,7 @@ class FilterModule(object): root_vol['delete_on_termination'] = True if root_vol['device_type'] != 'io1': root_vol.pop('iops', None) - if host_type in ['master', 'node']: + if host_type in ['master', 'node'] and 'docker' in data[host_type]: docker_vol = data[host_type]['docker'] docker_vol['device_name'] = '/dev/xvdb' docker_vol['delete_on_termination'] = True @@ -231,7 +231,7 @@ class FilterModule(object): docker_vol.pop('delete_on_termination', None) docker_vol['ephemeral'] = 'ephemeral0' return [root_vol, docker_vol] - elif host_type == 'etcd': + elif host_type == 'etcd' and 'etcd' in data[host_type]: etcd_vol = data[host_type]['etcd'] etcd_vol['device_name'] = '/dev/xvdb' etcd_vol['delete_on_termination'] = True diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml index f392fdbc3..b109c165c 100644 --- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml @@ -81,7 +81,6 @@ - set_fact: latest_ami: "{{ ami_result.results | oo_ami_selector(ec2_image_name) }}" - user_data: "{{ lookup('template', '../templates/user_data.j2') }}" volume_defs: etcd: root: @@ -125,7 +124,7 @@ count: "{{ instances | length }}" vpc_subnet_id: "{{ ec2_vpc_subnet | default(omit, true) }}" assign_public_ip: "{{ ec2_assign_public_ip | default(omit, true) }}" - user_data: "{{ user_data }}" + user_data: "{{ lookup('template', '../templates/user_data.j2') }}" wait: yes instance_tags: created-by: "{{ created_by }}" diff --git a/playbooks/aws/openshift-cluster/templates/user_data.j2 b/playbooks/aws/openshift-cluster/templates/user_data.j2 index b7d89eac1..22ab84977 100644 --- a/playbooks/aws/openshift-cluster/templates/user_data.j2 +++ b/playbooks/aws/openshift-cluster/templates/user_data.j2 @@ -1,5 +1,5 @@ #cloud-config -{% if type =='etcd' %} +{% if type == 'etcd' and 'etcd' in volume_defs[type] %} cloud_config_modules: - disk_setup - mounts @@ -19,7 +19,7 @@ fs_setup: partition: auto {% endif %} -{% if type == 'node' or type == 'master' %} +{% if type in ['node', 'master'] and 'docker' in volume_defs[type] %} mounts: - [ xvdb ] - [ ephemeral0 ] -- cgit v1.2.3 From 666fd1d7ef9072f2b022260aebfdc55437be9220 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 18 Nov 2015 11:16:13 -0500 Subject: ec2 - force !requiretty for ssh_user --- playbooks/aws/openshift-cluster/templates/user_data.j2 | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'playbooks') diff --git a/playbooks/aws/openshift-cluster/templates/user_data.j2 b/playbooks/aws/openshift-cluster/templates/user_data.j2 index 82c2f4d57..ea4c05ca8 100644 --- a/playbooks/aws/openshift-cluster/templates/user_data.j2 +++ b/playbooks/aws/openshift-cluster/templates/user_data.j2 @@ -43,3 +43,10 @@ growpart: runcmd: - xfs_growfs /var {% endif %} + +{% if deployment_vars[deployment_type].sudo %} +- path: /etc/sudoers.d/99-{{ deployment_vars[deployment_type].ssh_user }}-cloud-init-requiretty + permissions: 440 + content: | + Defaults:{{ deployment_vars[deployment_type].ssh_user }} !requiretty +{% endif %} -- cgit v1.2.3 From ffca8e460a56578d4425c98bf3dea62d4d6cd669 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 18 Nov 2015 15:25:31 -0500 Subject: Uninstall - Remove systemd wants file for node --- playbooks/adhoc/uninstall.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'playbooks') diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 565bb20a8..1a55eb053 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -161,6 +161,7 @@ - /etc/sysconfig/origin-master-api - /etc/sysconfig/origin-master-controllers - /etc/sysconfig/origin-node + - /etc/systemd/system/atomic-openshift-node.service.wants - /root/.kube - /run/openshift-sdn - /usr/share/openshift/examples -- cgit v1.2.3 From f5c376f6643b5791dabd197f368436d30fa8e4bc Mon Sep 17 00:00:00 2001 From: Romain Dossin Date: Thu, 19 Nov 2015 11:26:43 +0100 Subject: Differentiate machine types on GCE (master and nodes) --- README_GCE.md | 8 ++++++++ playbooks/gce/openshift-cluster/launch.yml | 4 ++++ playbooks/gce/openshift-cluster/tasks/launch_instances.yml | 4 ++-- playbooks/gce/openshift-cluster/vars.yml | 3 +++ 4 files changed, 17 insertions(+), 2 deletions(-) (limited to 'playbooks') diff --git a/README_GCE.md b/README_GCE.md index 50f8ade70..ea673b44d 100644 --- a/README_GCE.md +++ b/README_GCE.md @@ -43,7 +43,11 @@ Mandatory customization variables (check the values according to your tenant): * zone = europe-west1-d * network = default * gce_machine_type = n1-standard-2 +* gce_machine_master_type = n1-standard-1 +* gce_machine_node_type = n1-standard-2 * gce_machine_image = preinstalled-slave-50g-v5 +* gce_machine_master_image = preinstalled-slave-50g-v5 +* gce_machine_node_image = preinstalled-slave-50g-v5 1. vi ~/.gce/gce.ini @@ -56,7 +60,11 @@ gce_project_id = project_id zone = europe-west1-d network = default gce_machine_type = n1-standard-2 +gce_machine_master_type = n1-standard-1 +gce_machine_node_type = n1-standard-2 gce_machine_image = preinstalled-slave-50g-v5 +gce_machine_master_image = preinstalled-slave-50g-v5 +gce_machine_node_image = preinstalled-slave-50g-v5 ``` 1. Define the environment variable GCE_INI_PATH so gce.py can pick it up and bin/cluster can also read it diff --git a/playbooks/gce/openshift-cluster/launch.yml b/playbooks/gce/openshift-cluster/launch.yml index 8be5d53e7..d6ef57c45 100644 --- a/playbooks/gce/openshift-cluster/launch.yml +++ b/playbooks/gce/openshift-cluster/launch.yml @@ -16,6 +16,8 @@ cluster: "{{ cluster_id }}" type: "{{ k8s_type }}" g_sub_host_type: "default" + gce_machine_type: "{{ lookup('env', 'gce_machine_master_type') | default(lookup('env', 'gce_machine_type'), true) }}" + gce_machine_image: "{{ lookup('env', 'gce_machine_master_image') | default(lookup('env', 'gce_machine_image'), true) }}" - include: ../../common/openshift-cluster/tasks/set_node_launch_facts.yml vars: @@ -27,6 +29,8 @@ cluster: "{{ cluster_id }}" type: "{{ k8s_type }}" g_sub_host_type: "{{ sub_host_type }}" + gce_machine_type: "{{ lookup('env', 'gce_machine_node_type') | default(lookup('env', 'gce_machine_type'), true) }}" + gce_machine_image: "{{ lookup('env', 'gce_machine_node_image') | default(lookup('env', 'gce_machine_image'), true) }}" - include: ../../common/openshift-cluster/tasks/set_node_launch_facts.yml vars: diff --git a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml index c428cb465..de8a75b18 100644 --- a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml @@ -5,8 +5,8 @@ - name: Launch instance(s) gce: instance_names: "{{ instances }}" - machine_type: "{{ lookup('env', 'gce_machine_type') | default('n1-standard-1', true) }}" - image: "{{ lookup('env', 'gce_machine_image') | default(deployment_vars[deployment_type].image, true) }}" + machine_type: "{{ gce_machine_type | default(deployment_vars[deployment_type].machine_type, true) }}" + image: "{{ gce_machine_image | default(deployment_vars[deployment_type].image, true) }}" service_account_email: "{{ lookup('env', 'gce_service_account_email_address') }}" pem_file: "{{ lookup('env', 'gce_service_account_pem_file_path') }}" project_id: "{{ lookup('env', 'gce_project_id') }}" diff --git a/playbooks/gce/openshift-cluster/vars.yml b/playbooks/gce/openshift-cluster/vars.yml index 6de007807..a8ce8eb22 100644 --- a/playbooks/gce/openshift-cluster/vars.yml +++ b/playbooks/gce/openshift-cluster/vars.yml @@ -5,13 +5,16 @@ sdn_network_plugin: redhat/openshift-ovs-subnet deployment_vars: origin: image: preinstalled-slave-50g-v5 + machine_type: n1-standard-1 ssh_user: root sudo: yes online: image: libra-rhel7 + machine_type: n1-standard-1 ssh_user: root sudo: no enterprise: image: rhel-7 + machine_type: n1-standard-1 ssh_user: sudo: yes -- cgit v1.2.3 From df74a04e92b267a711e69b26dd0c7cd5375797c9 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Thu, 19 Nov 2015 08:43:22 -0500 Subject: Making the uninstall playbook more flexible This handles stage environments as well as the eventual change of aep3_beta to aep3 --- playbooks/adhoc/uninstall.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'playbooks') diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 1a55eb053..538414508 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -111,12 +111,12 @@ - atomic-enterprise - origin - - shell: docker ps -a | grep Exited | grep "{{ item }}" | awk '{print $1}' + - shell: docker ps -a | grep Exited | egrep "{{ item }}" | awk '{print $1}' changed_when: False failed_when: False register: exited_containers_to_delete with_items: - - aep3/aep + - aep3.*/aep - openshift3/ose - openshift/origin @@ -125,13 +125,13 @@ failed_when: False with_items: "{{ exited_containers_to_delete.results }}" - - shell: docker images | grep {{ item }} | awk '{ print $3 }' + - shell: docker images | egrep {{ item }} | awk '{ print $3 }' changed_when: False failed_when: False register: images_to_delete with_items: - - registry.access.redhat.com/openshift3 - - registry.access.redhat.com/aep3 + - registry\.access\..*redhat\.com/openshift3 + - registry\.access\..*redhat\.com/aep3 - docker.io/openshift - shell: "docker rmi -f {{ item.stdout_lines | join(' ') }}" -- cgit v1.2.3 From 8741b61d46361deffd5d67a310f1995ae2217b77 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Fri, 20 Nov 2015 09:17:16 -0500 Subject: Replace map with oo_collect to support python-jinja2 <2.7 --- playbooks/common/openshift-etcd/config.yml | 2 +- playbooks/common/openshift-master/config.yml | 8 ++++---- playbooks/common/openshift-node/config.yml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index ed23ada88..7d94ced2e 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -24,7 +24,7 @@ - /etc/etcd/ca.crt register: g_etcd_server_cert_stat_result - set_fact: - etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | map(attribute='stat.exists') + etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | oo_collect(attribute='stat.exists') | list | intersect([false])}}" etcd_cert_subdir: etcd-{{ openshift.common.hostname }} etcd_cert_config_dir: /etc/etcd diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index ff1579218..902fde956 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -60,7 +60,7 @@ register: g_external_etcd_cert_stat_result - set_fact: etcd_client_certs_missing: "{{ g_external_etcd_cert_stat_result.results - | map(attribute='stat.exists') + | oo_collect(attribute='stat.exists') | list | intersect([false])}}" etcd_cert_subdir: openshift-master-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" @@ -157,7 +157,7 @@ register: g_master_cert_stat_result - set_fact: master_certs_missing: "{{ False in (g_master_cert_stat_result.results - | map(attribute='stat.exists') + | oo_collect(attribute='stat.exists') | list ) }}" master_cert_subdir: master-{{ openshift.common.hostname }} master_cert_config_dir: "{{ openshift.common.config_base }}/master" @@ -257,11 +257,11 @@ - set_fact: session_auth_secret: "{{ openshift_master_session_auth_secrets | default(session_auth_output.results - | map(attribute='stdout') + | oo_collect(attribute='stdout') | list) }}" session_encryption_secret: "{{ openshift_master_session_encryption_secrets | default(session_encryption_output.results - | map(attribute='stdout') + | oo_collect(attribute='stdout') | list) }}" - name: Parse named certificates diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 8da9e231f..2b6171cb3 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -33,7 +33,7 @@ - server.crt register: stat_result - set_fact: - certs_missing: "{{ stat_result.results | map(attribute='stat.exists') + certs_missing: "{{ stat_result.results | oo_collect(attribute='stat.exists') | list | intersect([false])}}" node_subdir: node-{{ openshift.common.hostname }} config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}" @@ -48,7 +48,7 @@ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) - set_fact: etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results - | map(attribute='stat.exists') + | oo_collect(attribute='stat.exists') | list | intersect([false])}}" etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" -- cgit v1.2.3 From bc9a52fcc1b27379c093eac5d8b63e87c0511c35 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Mon, 23 Nov 2015 10:24:10 -0500 Subject: Add serviceAccountConfig.masterCA during 3.1 upgrade - uses the value of oauthConfig.masterCA if present, otherwise sets it to ca.crt --- .../openshift-cluster/upgrades/library/openshift_upgrade_config.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'playbooks') diff --git a/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py b/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py index a6721bb92..9a065fd1c 100755 --- a/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py +++ b/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py @@ -78,6 +78,10 @@ def upgrade_master_3_0_to_3_1(ansible_module, config_base, backup): config['kubernetesMasterConfig'].pop('apiLevels') changes.append('master-config.yaml: removed kubernetesMasterConfig.apiLevels') + # Add masterCA to serviceAccountConfig + if 'serviceAccountConfig' in config and 'masterCA' not in config['serviceAccountConfig']: + config['serviceAccountConfig']['masterCA'] = config['oauthConfig'].get('masterCA', 'ca.crt') + # Add proxyClientInfo to master-config if 'proxyClientInfo' not in config['kubernetesMasterConfig']: config['kubernetesMasterConfig']['proxyClientInfo'] = { -- cgit v1.2.3 From 6fa3dc760065e622efca6ce33fcf838177bcadff Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 13 Nov 2015 12:11:13 -0500 Subject: Improve scaleup playbook - modify evaluate host to set oo_nodes_to_config to a new variable g_new_nodes_group if defined rather than g_nodes_group and also skip adding the master when g_new_nodes_group is set. - Remove byo specific naming from playbooks/common/openshift-cluster/scaleup.yml and created a new playbooks/byo/openshift-cluster/scaleup.yml playbook. --- playbooks/byo/openshift-cluster/scaleup.yml | 10 ++++++++++ playbooks/common/openshift-cluster/evaluate_groups.yml | 13 +++++++++---- playbooks/common/openshift-cluster/scaleup.yml | 8 -------- 3 files changed, 19 insertions(+), 12 deletions(-) create mode 100644 playbooks/byo/openshift-cluster/scaleup.yml (limited to 'playbooks') diff --git a/playbooks/byo/openshift-cluster/scaleup.yml b/playbooks/byo/openshift-cluster/scaleup.yml new file mode 100644 index 000000000..70644d427 --- /dev/null +++ b/playbooks/byo/openshift-cluster/scaleup.yml @@ -0,0 +1,10 @@ +--- +- include: ../../common/openshift-cluster/scaleup.yml + vars: + g_etcd_group: "{{ 'etcd' }}" + g_masters_group: "{{ 'masters' }}" + g_new_nodes_group: "{{ 'new_nodes' }}" + g_lb_group: "{{ 'lb' }}" + openshift_cluster_id: "{{ cluster_id | default('default') }}" + openshift_debug_level: 2 + openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index 2bb69614f..34da372a4 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -12,8 +12,8 @@ when: g_masters_group is not defined - fail: - msg: This playbook requires g_nodes_group to be set - when: g_nodes_group is not defined + msg: This playbook requires g_nodes_group or g_new_nodes_group to be set + when: g_nodes_group is not defined and g_new_nodes_group is not defined - fail: msg: This playbook requires g_lb_group to be set @@ -35,14 +35,19 @@ ansible_sudo: "{{ g_sudo | default(omit) }}" with_items: groups[g_masters_group] | default([]) + # Use g_new_nodes_group if it exists otherwise g_nodes_group + - set_fact: + g_nodes_to_config: "{{ g_new_nodes_group | default(g_nodes_group | default([])) }}" + - name: Evaluate oo_nodes_to_config add_host: name: "{{ item }}" groups: oo_nodes_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_sudo: "{{ g_sudo | default(omit) }}" - with_items: groups[g_nodes_group] | default([]) + with_items: groups[g_nodes_to_config] | default([]) + # Skip adding the master to oo_nodes_to_config when g_new_nodes_group is - name: Evaluate oo_nodes_to_config add_host: name: "{{ item }}" @@ -50,7 +55,7 @@ ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_sudo: "{{ g_sudo | default(omit) }}" with_items: groups[g_masters_group] | default([]) - when: g_nodeonmaster is defined and g_nodeonmaster == true + when: g_nodeonmaster | default(false) == true and g_new_nodes_group is not defined - name: Evaluate oo_first_etcd add_host: diff --git a/playbooks/common/openshift-cluster/scaleup.yml b/playbooks/common/openshift-cluster/scaleup.yml index 6d2777732..e1778e41e 100644 --- a/playbooks/common/openshift-cluster/scaleup.yml +++ b/playbooks/common/openshift-cluster/scaleup.yml @@ -1,13 +1,5 @@ --- - include: evaluate_groups.yml - vars: - g_etcd_group: "{{ 'etcd' }}" - g_masters_group: "{{ 'masters' }}" - g_nodes_group: "{{ 'nodes' }}" - g_lb_group: "{{ 'lb' }}" - openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_debug_level: 2 - openshift_deployment_type: "{{ deployment_type }}" - include: ../openshift-node/config.yml vars: -- cgit v1.2.3 From 4ffde064c126e54930f776c727ab91b8c150166d Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 24 Nov 2015 14:34:12 -0500 Subject: start of aws scaleup --- playbooks/aws/openshift-cluster/scaleup.yml | 25 ++++++++++++++++++++++ .../openshift-cluster/tasks/launch_instances.yml | 16 ++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 playbooks/aws/openshift-cluster/scaleup.yml (limited to 'playbooks') diff --git a/playbooks/aws/openshift-cluster/scaleup.yml b/playbooks/aws/openshift-cluster/scaleup.yml new file mode 100644 index 000000000..3c2deff70 --- /dev/null +++ b/playbooks/aws/openshift-cluster/scaleup.yml @@ -0,0 +1,25 @@ +--- + +- hosts: localhost + gather_facts: no + vars_files: + - vars.yml + tasks: + - set_fact: + g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" + +- include: ../../common/openshift-cluster/scaleup.yml + vars: + g_etcd_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-etcd' }}" + g_lb_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-lb' }}" + g_masters_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-master' }}" + g_new_nodes_group: 'nodes_to_add' + g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" + g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" + g_nodeonmaster: true + openshift_cluster_id: "{{ cluster_id }}" + openshift_debug_level: 2 + openshift_deployment_type: "{{ deployment_type }}" + openshift_hostname: "{{ ec2_private_ip_address }}" + openshift_public_hostname: "{{ ec2_ip_address }}" diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml index 22c617fea..15e775770 100644 --- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml @@ -190,6 +190,22 @@ - instances - ec2.instances +- name: Add new instances to nodes_to_add group if needed + add_host: + hostname: "{{ item.0 }}" + ansible_ssh_host: "{{ item.1.dns_name }}" + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + groups: nodes_to_add + ec2_private_ip_address: "{{ item.1.private_ip }}" + ec2_ip_address: "{{ item.1.public_ip }}" + openshift_node_labels: "{{ node_label }}" + logrotate_scripts: "{{ logrotate }}" + with_together: + - instances + - ec2.instances + when: oo_extend_env is defined and oo_extend_env | bool + - name: Wait for ssh wait_for: "port=22 host={{ item.dns_name }}" with_items: ec2.instances -- cgit v1.2.3 From b169e206f7964b3dcf3c1d142d945042618782a7 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 24 Nov 2015 14:47:54 -0500 Subject: more aws support for scaleup --- bin/cluster | 25 ++++++++++++ playbooks/aws/openshift-cluster/addNodes.yml | 58 ++++++++++++++++++++++++++++ playbooks/aws/openshift-cluster/scaleup.yml | 9 +++++ 3 files changed, 92 insertions(+) create mode 100644 playbooks/aws/openshift-cluster/addNodes.yml (limited to 'playbooks') diff --git a/bin/cluster b/bin/cluster index a3d4b629c..9b02b4347 100755 --- a/bin/cluster +++ b/bin/cluster @@ -67,6 +67,21 @@ class Cluster(object): self.action(args, inventory, env, playbook) + def addNodes(self, args): + """ + Add nodes to an existing cluster for given provider + :param args: command line arguments provided by user + """ + env = {'cluster_id': args.cluster_id, + 'deployment_type': self.get_deployment_type(args)} + playbook = "playbooks/{0}/openshift-cluster/addNodes.yml".format(args.provider) + inventory = self.setup_provider(args.provider) + + env['num_nodes'] = args.nodes + env['num_infra'] = args.infra + + self.action(args, inventory, env, playbook) + def terminate(self, args): """ Destroy OpenShift cluster @@ -292,6 +307,16 @@ if __name__ == '__main__': help='number of external etcd hosts to create in cluster') create_parser.set_defaults(func=cluster.create) + + create_parser = action_parser.add_parser('addNodes', help='Add nodes to a cluster', + parents=[meta_parser]) + create_parser.add_argument('-n', '--nodes', default=1, type=int, + help='number of nodes to add to the cluster') + create_parser.add_argument('-i', '--infra', default=1, type=int, + help='number of infra nodes to add to the cluster') + create_parser.set_defaults(func=cluster.addNodes) + + config_parser = action_parser.add_parser('config', help='Configure or reconfigure a cluster', parents=[meta_parser]) diff --git a/playbooks/aws/openshift-cluster/addNodes.yml b/playbooks/aws/openshift-cluster/addNodes.yml new file mode 100644 index 000000000..09bf34666 --- /dev/null +++ b/playbooks/aws/openshift-cluster/addNodes.yml @@ -0,0 +1,58 @@ +--- +- name: Launch instance(s) + hosts: localhost + connection: local + gather_facts: no + vars_files: + - vars.yml + - ["vars.{{ deployment_type }}.{{ cluster_id }}.yml", vars.defaults.yml] + tasks: + - fail: + msg: Deployment type not supported for aws provider yet + when: deployment_type == 'enterprise' + + - include: ../../common/openshift-cluster/tasks/set_etcd_launch_facts.yml + - include: tasks/launch_instances.yml + vars: + instances: "{{ etcd_names }}" + cluster: "{{ cluster_id }}" + type: "{{ k8s_type }}" + g_sub_host_type: "default" + + - include: ../../common/openshift-cluster/tasks/set_master_launch_facts.yml + - include: tasks/launch_instances.yml + vars: + instances: "{{ master_names }}" + cluster: "{{ cluster_id }}" + type: "{{ k8s_type }}" + g_sub_host_type: "default" + + - include: ../../common/openshift-cluster/tasks/set_node_launch_facts.yml + vars: + type: "compute" + count: "{{ num_nodes }}" + - include: tasks/launch_instances.yml + vars: + instances: "{{ node_names }}" + cluster: "{{ cluster_id }}" + type: "{{ k8s_type }}" + g_sub_host_type: "{{ sub_host_type }}" + + - include: ../../common/openshift-cluster/tasks/set_node_launch_facts.yml + vars: + type: "infra" + count: "{{ num_infra }}" + - include: tasks/launch_instances.yml + vars: + instances: "{{ node_names }}" + cluster: "{{ cluster_id }}" + type: "{{ k8s_type }}" + g_sub_host_type: "{{ sub_host_type }}" + + - add_host: + name: "{{ master_names.0 }}" + groups: service_master + when: master_names is defined and master_names.0 is defined + +- include: update.yml +- include: list.yml diff --git a/playbooks/aws/openshift-cluster/scaleup.yml b/playbooks/aws/openshift-cluster/scaleup.yml index 3c2deff70..d7454b6d6 100644 --- a/playbooks/aws/openshift-cluster/scaleup.yml +++ b/playbooks/aws/openshift-cluster/scaleup.yml @@ -8,6 +8,15 @@ - set_fact: g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" + - name: Evaluate oo_hosts_to_update + add_host: + name: "{{ item }}" + groups: oo_hosts_to_update + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + with_items: groups.nodes_to_add + +- include: ../../common/openshift-cluster/update_repos_and_packages.yml - include: ../../common/openshift-cluster/scaleup.yml vars: -- cgit v1.2.3 From ad94fc42f5529afe45d131cbe5de449128762f51 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 24 Nov 2015 14:51:36 -0500 Subject: fix addNodes.yml --- playbooks/aws/openshift-cluster/addNodes.yml | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) (limited to 'playbooks') diff --git a/playbooks/aws/openshift-cluster/addNodes.yml b/playbooks/aws/openshift-cluster/addNodes.yml index 09bf34666..1f941ac8c 100644 --- a/playbooks/aws/openshift-cluster/addNodes.yml +++ b/playbooks/aws/openshift-cluster/addNodes.yml @@ -11,22 +11,6 @@ msg: Deployment type not supported for aws provider yet when: deployment_type == 'enterprise' - - include: ../../common/openshift-cluster/tasks/set_etcd_launch_facts.yml - - include: tasks/launch_instances.yml - vars: - instances: "{{ etcd_names }}" - cluster: "{{ cluster_id }}" - type: "{{ k8s_type }}" - g_sub_host_type: "default" - - - include: ../../common/openshift-cluster/tasks/set_master_launch_facts.yml - - include: tasks/launch_instances.yml - vars: - instances: "{{ master_names }}" - cluster: "{{ cluster_id }}" - type: "{{ k8s_type }}" - g_sub_host_type: "default" - - include: ../../common/openshift-cluster/tasks/set_node_launch_facts.yml vars: type: "compute" @@ -49,10 +33,5 @@ type: "{{ k8s_type }}" g_sub_host_type: "{{ sub_host_type }}" - - add_host: - name: "{{ master_names.0 }}" - groups: service_master - when: master_names is defined and master_names.0 is defined - -- include: update.yml +- include: scaleup.yml - include: list.yml -- cgit v1.2.3 From 3c4cf6bf45c9629175addcbf6345d2da675c8185 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 24 Nov 2015 15:10:14 -0500 Subject: addtl aws fixes --- playbooks/aws/openshift-cluster/addNodes.yml | 2 ++ playbooks/aws/openshift-cluster/scaleup.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'playbooks') diff --git a/playbooks/aws/openshift-cluster/addNodes.yml b/playbooks/aws/openshift-cluster/addNodes.yml index 1f941ac8c..fff3e401b 100644 --- a/playbooks/aws/openshift-cluster/addNodes.yml +++ b/playbooks/aws/openshift-cluster/addNodes.yml @@ -6,6 +6,8 @@ vars_files: - vars.yml - ["vars.{{ deployment_type }}.{{ cluster_id }}.yml", vars.defaults.yml] + vars: + oo_extend_env: True tasks: - fail: msg: Deployment type not supported for aws provider yet diff --git a/playbooks/aws/openshift-cluster/scaleup.yml b/playbooks/aws/openshift-cluster/scaleup.yml index d7454b6d6..4415700a3 100644 --- a/playbooks/aws/openshift-cluster/scaleup.yml +++ b/playbooks/aws/openshift-cluster/scaleup.yml @@ -14,7 +14,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups.nodes_to_add + with_items: "{{ groups.nodes_to_add }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml -- cgit v1.2.3 From 4013fd47fed61ceb0b92cfa4c271b420b4ced66b Mon Sep 17 00:00:00 2001 From: Federico Simoncelli Date: Wed, 25 Nov 2015 14:08:49 +0100 Subject: Make sure that OpenSSL is installed before use Signed-off-by: Federico Simoncelli --- playbooks/common/openshift-master/config.yml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'playbooks') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 902fde956..2be25b1e3 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -244,6 +244,8 @@ - fail: msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length" when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) + - name: Install OpenSSL package + action: "{{ansible_pkg_mgr}} pkg=openssl state=present" - name: Generate session authentication key command: /usr/bin/openssl rand -base64 24 register: session_auth_output -- cgit v1.2.3 From 2bfed1383e4d8eed1e0ab3e4c99eecacc5936047 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 25 Nov 2015 13:22:52 -0500 Subject: Use admin.kubeconfig for get svc ip. --- playbooks/common/openshift-master/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 902fde956..f8d90374e 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -355,7 +355,7 @@ hosts: oo_first_master tasks: - name: Get master service ip - command: "{{ openshift.common.client_binary }} get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}" + command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}" register: master_service_ip_output when: openshift.common.version_greater_than_3_1_or_1_1 | bool - set_fact: -- cgit v1.2.3 From 4cdca359532a61f2dbaf1f36ea13093a27494617 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 25 Nov 2015 16:23:27 -0500 Subject: Uninstall: only restart docker on node hosts. --- playbooks/adhoc/uninstall.yml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'playbooks') diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 538414508..1f1ada3f0 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -181,5 +181,8 @@ - name: Reload systemd manager configuration command: systemctl daemon-reload +- hosts: nodes + sudo: yes + tasks: - name: restart docker service: name=docker state=restarted -- cgit v1.2.3 From 342cd8dd931d7006ad27f022735f6785b6c214c7 Mon Sep 17 00:00:00 2001 From: Urs Breu Date: Thu, 26 Nov 2015 09:18:05 +0100 Subject: Add -q flag to remove unwantend output (such as mirror and cache information) This prevents ansible failures when trying to set version facts --- playbooks/common/openshift-cluster/upgrades/files/versions.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-cluster/upgrades/files/versions.sh b/playbooks/common/openshift-cluster/upgrades/files/versions.sh index f90719cab..c7c966b60 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/versions.sh @@ -2,9 +2,9 @@ yum_installed=$(yum list installed "$@" 2>&1 | tail -n +2 | grep -v 'Installed Packages' | grep -v 'Red Hat Subscription Management' | grep -v 'Error:' | awk '{ print $2 }' | tr '\n' ' ') -yum_available=$(yum list available "$@" 2>&1 | tail -n +2 | grep -v 'Available Packages' | grep -v 'Red Hat Subscription Management' | grep -v 'el7ose' | grep -v 'Error:' | awk '{ print $2 }' | tr '\n' ' ') +yum_available=$(yum list available -q "$@" 2>&1 | tail -n +2 | grep -v 'Available Packages' | grep -v 'Red Hat Subscription Management' | grep -v 'el7ose' | grep -v 'Error:' | awk '{ print $2 }' | tr '\n' ' ') echo "---" -echo "curr_version: ${yum_installed}" +echo "curr_version: ${yum_installed}" echo "avail_version: ${yum_available}" -- cgit v1.2.3 From 018fc6ad154b51f9ff1c7e355072993758125a21 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 25 Nov 2015 15:06:40 -0500 Subject: Clarify the preflight port check output --- .../openshift-cluster/upgrades/files/pre-upgrade-check | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check b/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check index b5459f312..e5c958ebb 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check +++ b/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check @@ -111,13 +111,16 @@ def print_validation_header(): overwhelming the user. """ print """\ -At least one port name does not validate. Valid port names: +At least one port name is invalid and must be corrected before upgrading. +Please update or remove any resources with invalid port names. - * must be less that 16 chars + Valid port names must: + + * be less that 16 characters * have at least one letter - * only a-z0-9- - * do not start or end with - - * Dashes may not be next to eachother ('--') + * contain only a-z0-9- + * not start or end with - + * not contain dashes next to each other ('--') """ @@ -142,9 +145,9 @@ def main(): # Where the magic happens first_error = True for kind, path in [ + ('deploymentconfigs', ("spec", "template", "spec", "containers")), ('replicationcontrollers', ("spec", "template", "spec", "containers")), - ('pods', ("spec", "containers")), - ('deploymentconfigs', ("spec", "template", "spec", "containers"))]: + ('pods', ("spec", "containers"))]: for item in list_items(kind): namespace = item["metadata"]["namespace"] item_name = item["metadata"]["name"] -- cgit v1.2.3 From 830b2891f8628828bc4385ebafb71f4174f79a05 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 24 Nov 2015 10:32:53 -0500 Subject: 3.1 upgrade - use --api-version for patch commands --- .../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index eea147229..cc7367801 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -517,24 +517,29 @@ - _default_router.rc == 0 - "'false' in _scc.stdout" command: > - {{ oc_cmd }} patch scc/privileged -p '{"allowHostPorts":true,"allowHostNetwork":true}' --loglevel=9 + {{ oc_cmd }} patch scc/privileged -p + '{"allowHostPorts":true,"allowHostNetwork":true}' --loglevel=9 + --api-version=v1 - name: Update deployment config to 1.0.4/3.0.1 spec when: _default_router.rc == 0 command: > {{ oc_cmd }} patch dc/router -p '{"spec":{"strategy":{"rollingParams":{"updatePercent":-10},"spec":{"serviceAccount":"router","serviceAccountName":"router"}}}}' + --api-version=v1 - name: Switch to hostNetwork=true when: _default_router.rc == 0 command: > {{ oc_cmd }} patch dc/router -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}' + --api-version=v1 - name: Update router image to current version when: _default_router.rc == 0 command: > {{ oc_cmd }} patch dc/router -p '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}' + --api-version=v1 - name: Check for default registry command: > @@ -548,3 +553,4 @@ command: > {{ oc_cmd }} patch dc/docker-registry -p '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' + --api-version=v1 -- cgit v1.2.3 From a2dc715e54f47fa2abbac58d9d04565837bc6e56 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 24 Nov 2015 10:49:44 -0500 Subject: Set api version for oc commands --- playbooks/common/openshift-master/config.yml | 7 ++++++- roles/openshift_cluster_metrics/tasks/main.yml | 6 +++--- roles/openshift_serviceaccounts/tasks/main.yml | 6 ++++-- 3 files changed, 13 insertions(+), 6 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 43e7836b3..f382494bd 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -353,11 +353,16 @@ - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool + # TODO: Setting the cluster dns ip should be pushed into openshift-facts - name: Determine cluster dns ip hosts: oo_first_master tasks: - name: Get master service ip - command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}" + command: > + {{ openshift.common.client_binary }} -n default + --config={{ openshift.common.config_base }}/master/admin.kubeconfig + get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\} + --output-version=v1 register: master_service_ip_output when: openshift.common.version_greater_than_3_1_or_1_1 | bool - set_fact: diff --git a/roles/openshift_cluster_metrics/tasks/main.yml b/roles/openshift_cluster_metrics/tasks/main.yml index 3938aba4c..9b7735e54 100644 --- a/roles/openshift_cluster_metrics/tasks/main.yml +++ b/roles/openshift_cluster_metrics/tasks/main.yml @@ -7,7 +7,7 @@ - name: Create InfluxDB Services command: > - {{ openshift.common.client_binary }} create -f + {{ openshift.common.client_binary }} create -f /etc/openshift/cluster-metrics/influxdb.yaml register: oex_influxdb_services failed_when: "'already exists' not in oex_influxdb_services.stderr and oex_influxdb_services.rc != 0" @@ -15,14 +15,14 @@ - name: Create Heapster Service Account command: > - {{ openshift.common.client_binary }} create -f + {{ openshift.common.client_binary }} create -f /etc/openshift/cluster-metrics/heapster-serviceaccount.yaml register: oex_heapster_serviceaccount failed_when: "'already exists' not in oex_heapster_serviceaccount.stderr and oex_heapster_serviceaccount.rc != 0" changed_when: false - name: Add cluster-reader role to Heapster - command: > + command: > {{ openshift.common.admin_binary }} policy add-cluster-role-to-user cluster-reader diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index d93a25a21..e558a83a2 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -13,7 +13,9 @@ changed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc == 0" - name: Get current security context constraints - shell: "{{ openshift.common.client_binary }} get scc privileged -o yaml > /tmp/scc.yaml" + shell: > + {{ openshift.common.client_binary }} get scc privileged -o yaml + --output-version=v1 > /tmp/scc.yaml - name: Add security context constraint for {{ item }} lineinfile: @@ -23,4 +25,4 @@ with_items: accounts - name: Apply new scc rules for service accounts - command: "{{ openshift.common.client_binary }} update -f /tmp/scc.yaml" + command: "{{ openshift.common.client_binary }} update -f /tmp/scc.yaml --api-version=v1" -- cgit v1.2.3 From 526038fa15a6c02661f2315278c086477157b87f Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 24 Nov 2015 14:14:28 -0500 Subject: remove debug logging from scc/privileged patch command --- playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index cc7367801..00ebf4ce6 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -518,8 +518,7 @@ - "'false' in _scc.stdout" command: > {{ oc_cmd }} patch scc/privileged -p - '{"allowHostPorts":true,"allowHostNetwork":true}' --loglevel=9 - --api-version=v1 + '{"allowHostPorts":true,"allowHostNetwork":true}' --api-version=v1 - name: Update deployment config to 1.0.4/3.0.1 spec when: _default_router.rc == 0 -- cgit v1.2.3 From af4602744d0a45b858f0cc78d05cf1b70e7fd921 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Mon, 30 Nov 2015 17:27:31 -0500 Subject: Fix ec2 instance type lookups --- playbooks/aws/openshift-cluster/tasks/launch_instances.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'playbooks') diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml index 15e775770..99f0577fc 100644 --- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml @@ -33,25 +33,25 @@ when: ec2_assign_public_ip is not defined - set_fact: - ec2_instance_type: "{{ ec2_master_instance_type | default(lookup('env', 'ec2_master_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}" + ec2_instance_type: "{{ ec2_master_instance_type | default(lookup('env', 'ec2_master_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" ec2_security_groups: "{{ ec2_master_security_groups | default(deployment_vars[deployment_type].security_groups, true) }}" when: host_type == "master" and sub_host_type == "default" - set_fact: - ec2_instance_type: "{{ ec2_etcd_instance_type | default(lookup('env', 'ec2_etcd_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}" + ec2_instance_type: "{{ ec2_etcd_instance_type | default(lookup('env', 'ec2_etcd_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" ec2_security_groups: "{{ ec2_etcd_security_groups | default(deployment_vars[deployment_type].security_groups, true)}}" when: host_type == "etcd" and sub_host_type == "default" - set_fact: - ec2_instance_type: "{{ ec2_infra_instance_type | default(lookup('env', 'ec2_infra_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}" + ec2_instance_type: "{{ ec2_infra_instance_type | default(lookup('env', 'ec2_infra_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" ec2_security_groups: "{{ ec2_infra_security_groups | default(deployment_vars[deployment_type].security_groups, true) }}" when: host_type == "node" and sub_host_type == "infra" - set_fact: - ec2_instance_type: "{{ ec2_node_instance_type | default(lookup('env', 'ec2_node_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}" + ec2_instance_type: "{{ ec2_node_instance_type | default(lookup('env', 'ec2_node_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" ec2_security_groups: "{{ ec2_node_security_groups | default(deployment_vars[deployment_type].security_groups, true) }}" when: host_type == "node" and sub_host_type == "compute" -- cgit v1.2.3 From 6a71953ec28a358223a96444ea6ba5b2139becde Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 1 Dec 2015 11:44:13 -0500 Subject: Fix kubernetes service ip gathering. --- playbooks/common/openshift-master/config.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index f382494bd..1c8a92122 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -358,11 +358,8 @@ hosts: oo_first_master tasks: - name: Get master service ip - command: > - {{ openshift.common.client_binary }} -n default - --config={{ openshift.common.config_base }}/master/admin.kubeconfig - get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\} - --output-version=v1 + # This command has to be on a single line. + command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\} --output-version=v1" register: master_service_ip_output when: openshift.common.version_greater_than_3_1_or_1_1 | bool - set_fact: -- cgit v1.2.3 From 91411addfbaec7db5a039358d9fac8736f064b57 Mon Sep 17 00:00:00 2001 From: Stefanie Forrester Date: Wed, 25 Nov 2015 13:03:58 -0500 Subject: added upgrade playbook for online --- .../upgrades/v3_0_to_v3_1/upgrade.yml | 33 ++++++++++++++++++++++ .../upgrades/v3_0_to_v3_1/upgrade.yml | 4 +-- roles/openshift_facts/library/openshift_facts.py | 2 +- 3 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml (limited to 'playbooks') diff --git a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml new file mode 100644 index 000000000..8cad51b5e --- /dev/null +++ b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -0,0 +1,33 @@ +--- +# This playbook upgrades an existing AWS cluster, leaving nodes untouched if used with an 'online' deployment type. +# Usage: +# ansible-playbook playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml -e deployment_type=online -e cluster_id= +- hosts: localhost + gather_facts: no + vars_files: + - ../../vars.yml + - "../../vars.{{ deployment_type }}.{{ cluster_id }}.yml" + + tasks: + - set_fact: + g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" + + - set_fact: + tmp_nodes_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-node' }}" + when: deployment_type != 'online' + +- include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml + vars: + g_etcd_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-etcd' }}" + g_lb_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-lb' }}" + g_masters_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-master' }}" + g_nodes_group: "{{ tmp_nodes_group | default('') }}" + g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" + g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" + g_nodeonmaster: true + openshift_cluster_id: "{{ cluster_id }}" + openshift_debug_level: 2 + openshift_deployment_type: "{{ deployment_type }}" + openshift_hostname: "{{ ec2_private_ip_address }}" + openshift_public_hostname: "{{ ec2_ip_address }}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 00ebf4ce6..0309e8a77 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -36,9 +36,9 @@ - fail: msg: > - This upgrade is only supported for origin and openshift-enterprise + This upgrade is only supported for origin, openshift-enterprise, and online deployment types - when: deployment_type not in ['origin','openshift-enterprise'] + when: deployment_type not in ['origin','openshift-enterprise', 'online'] - fail: msg: > diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index b60e42c71..2fd7be07c 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -623,7 +623,7 @@ def set_deployment_facts_if_unset(facts): service_type = 'atomic-openshift' if deployment_type == 'origin': service_type = 'origin' - elif deployment_type in ['enterprise', 'online']: + elif deployment_type in ['enterprise']: service_type = 'openshift' facts['common']['service_type'] = service_type if 'config_base' not in facts['common']: -- cgit v1.2.3 From af009a7a51d7b6f5799a14c452cc7db92727135e Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Wed, 18 Nov 2015 16:19:19 -0600 Subject: Fedora changes: - ansible bootstrap playbook for Fedora 23+ - add conditionals to handle yum vs dnf - add Fedora OpenShift COPR - update BYO host README for repo configs and fedora bootstrap Fix typo in etcd README, remove unnecessary parens in openshift_node main.yml rebase on master, update package cache refresh handler for yum vs dnf Fix typo in etcd README, remove unnecessary parens in openshift_node main.yml --- README_origin.md | 15 ++++++++ inventory/byo/hosts.example | 4 +++ playbooks/adhoc/bootstrap-fedora.yml | 5 +++ playbooks/adhoc/uninstall.yml | 34 +++++++++++++++++- roles/ansible/tasks/main.yml | 7 ++++ roles/cockpit/tasks/main.yml | 12 +++++++ roles/copr_cli/tasks/main.yml | 6 ++++ roles/docker/tasks/main.yml | 5 +++ roles/etcd/README.md | 2 +- roles/etcd/tasks/main.yml | 5 +++ roles/flannel/README.md | 3 +- roles/flannel/tasks/main.yml | 6 ++++ roles/fluentd_master/tasks/main.yml | 7 ++++ roles/fluentd_node/tasks/main.yml | 7 ++++ roles/haproxy/tasks/main.yml | 7 ++++ roles/kube_nfs_volumes/tasks/main.yml | 5 +++ roles/kube_nfs_volumes/tasks/nfs.yml | 5 +++ roles/openshift_ansible_inventory/tasks/main.yml | 10 ++++++ roles/openshift_expand_partition/README.md | 2 +- roles/openshift_expand_partition/tasks/main.yml | 5 +++ roles/openshift_facts/tasks/main.yml | 7 ++++ roles/openshift_master/tasks/main.yml | 20 +++++++++-- roles/openshift_master_ca/tasks/main.yml | 6 ++++ roles/openshift_node/tasks/main.yml | 13 ++++++- .../openshift_node/tasks/storage_plugins/ceph.yml | 7 ++++ .../tasks/storage_plugins/glusterfs.yml | 7 ++++ .../repos/maxamillion-fedora-openshift-fedora.repo | 8 +++++ roles/openshift_repos/handlers/main.yml | 5 ++- roles/openshift_repos/tasks/main.yaml | 42 +++++++++++++++++----- roles/openshift_storage_nfs_lvm/tasks/nfs.yml | 5 +++ roles/os_env_extras/tasks/main.yaml | 7 ++++ roles/os_firewall/tasks/firewall/firewalld.yml | 8 +++++ roles/os_firewall/tasks/firewall/iptables.yml | 11 ++++++ roles/os_update_latest/tasks/main.yml | 5 +++ roles/yum_repos/README.md | 2 +- utils/site_assets/oo-install-bootstrap.sh | 9 ++++- 36 files changed, 296 insertions(+), 18 deletions(-) create mode 100644 playbooks/adhoc/bootstrap-fedora.yml create mode 100644 roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo (limited to 'playbooks') diff --git a/README_origin.md b/README_origin.md index cb213a93a..343ecda3d 100644 --- a/README_origin.md +++ b/README_origin.md @@ -39,6 +39,12 @@ subscription-manager repos \ ``` * Configuration of router is not automated yet * Configuration of docker-registry is not automated yet +* Fedora 23+ doesn't come with python2 and will need a quick bootstrap. Setup + your inventory as described below and run the following (substituting the + `$PATH_TO_INVENTORY_FILE` with the actual path to your inventory file): +```sh +ansible-playbook ./playbooks/adhoc/bootstrap-fedora.yml -i $PATH_TO_INVENTORY_FILE +``` ## Configuring the host inventory [Ansible docs](http://docs.ansible.com/intro_inventory.html) @@ -59,6 +65,7 @@ nodes # Set variables common for all OSEv3 hosts [OSv3:vars] + # SSH user, this user should allow ssh based auth without requiring a password ansible_ssh_user=root @@ -75,6 +82,14 @@ osv3-master.example.com [nodes] osv3-master.example.com osv3-node[1:2].example.com + +# host group for etcd +[etcd] +osv3-etcd[1:3].example.com + +[lb] +osv3-lb.example.com + ``` The hostnames above should resolve both from the hosts themselves and diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index 1a67cc290..29d81d64f 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -36,6 +36,10 @@ deployment_type=atomic-enterprise # Origin copr repo #openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, gpgkey: 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}] +# Origin Fedora copr repo +# Use this if you are installing on Fedora +#openshift_additional_repos=[{'id': 'fedora-openshift-origin-copr', 'name': 'OpenShift Origin COPR for Fedora', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/fedora-$releasever-$basearch/', 'enabled': 1, 'gpgcheck': 1, gpgkey: 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/pubkey.gpg'}] + # htpasswd auth openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/openshift/htpasswd'}] diff --git a/playbooks/adhoc/bootstrap-fedora.yml b/playbooks/adhoc/bootstrap-fedora.yml new file mode 100644 index 000000000..de9f36c8a --- /dev/null +++ b/playbooks/adhoc/bootstrap-fedora.yml @@ -0,0 +1,5 @@ +- hosts: OSv3 + gather_facts: false + tasks: + - name: install python and deps for ansible modules + raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 1f1ada3f0..08a2ea6fb 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -48,7 +48,39 @@ - pcsd - yum: name={{ item }} state=absent - when: not is_atomic | bool + when: ansible_pkg_mgr == "yum" and not is_atomic | bool + with_items: + - atomic-enterprise + - atomic-enterprise-master + - atomic-enterprise-node + - atomic-enterprise-sdn-ovs + - atomic-openshift + - atomic-openshift-clients + - atomic-openshift-master + - atomic-openshift-node + - atomic-openshift-sdn-ovs + - corosync + - etcd + - openshift + - openshift-master + - openshift-node + - openshift-sdn + - openshift-sdn-ovs + - openvswitch + - origin + - origin-clients + - origin-master + - origin-node + - origin-sdn-ovs + - pacemaker + - pcs + - tuned-profiles-atomic-enterprise-node + - tuned-profiles-atomic-openshift-node + - tuned-profiles-openshift-node + - tuned-profiles-origin-node + + - dnf: name={{ item }} state=absent + when: ansible_pkg_mgr == "dnf" and not is_atomic | bool with_items: - atomic-enterprise - atomic-enterprise-master diff --git a/roles/ansible/tasks/main.yml b/roles/ansible/tasks/main.yml index 5d20a3b35..f79273824 100644 --- a/roles/ansible/tasks/main.yml +++ b/roles/ansible/tasks/main.yml @@ -5,6 +5,13 @@ yum: pkg: ansible state: installed + when: ansible_pkg_mgr == "yum" + +- name: Install Ansible + dnf: + pkg: ansible + state: installed + when: ansible_pkg_mgr == "dnf" - include: config.yml vars: diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml index 875cbad21..8410e7c90 100644 --- a/roles/cockpit/tasks/main.yml +++ b/roles/cockpit/tasks/main.yml @@ -8,6 +8,18 @@ - cockpit-shell - cockpit-bridge - "{{ cockpit_plugins }}" + when: ansible_pkg_mgr == "yum" + +- name: Install cockpit-ws + dnf: + name: "{{ item }}" + state: present + with_items: + - cockpit-ws + - cockpit-shell + - cockpit-bridge + - "{{ cockpit_plugins }}" + when: ansible_pkg_mgr == "dnf" - name: Enable cockpit-ws service: diff --git a/roles/copr_cli/tasks/main.yml b/roles/copr_cli/tasks/main.yml index f7ef1c26e..f8496199d 100644 --- a/roles/copr_cli/tasks/main.yml +++ b/roles/copr_cli/tasks/main.yml @@ -2,3 +2,9 @@ - yum: name: copr-cli state: present + when: ansible_pkg_mgr == "yum" + +- dnf: + name: copr-cli + state: present + when: ansible_pkg_mgr == "dnf" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 96949230d..dd4401389 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -2,6 +2,11 @@ # tasks file for docker - name: Install docker yum: pkg=docker + when: ansible_pkg_mgr == "yum" + +- name: Install docker + dnf: pkg=docker + when: ansible_pkg_mgr == "dnf" - name: enable and start the docker service service: name=docker enabled=yes state=started diff --git a/roles/etcd/README.md b/roles/etcd/README.md index 88e4ff874..329a926c0 100644 --- a/roles/etcd/README.md +++ b/roles/etcd/README.md @@ -7,7 +7,7 @@ Requirements ------------ This role assumes it's being deployed on a RHEL/Fedora based host with package -named 'etcd' available via yum. +named 'etcd' available via yum or dnf (conditionally). Role Variables -------------- diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index fcbdecd37..efaab5f31 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -9,6 +9,11 @@ - name: Install etcd yum: pkg=etcd-2.* state=present + when: ansible_pkg_mgr == "yum" + +- name: Install etcd + dnf: pkg=etcd* state=present + when: ansible_pkg_mgr == "dnf" - name: Validate permissions on the config dir file: diff --git a/roles/flannel/README.md b/roles/flannel/README.md index b8aa830ac..8f271aada 100644 --- a/roles/flannel/README.md +++ b/roles/flannel/README.md @@ -7,7 +7,8 @@ Requirements ------------ This role assumes it's being deployed on a RHEL/Fedora based host with package -named 'flannel' available via yum, in version superior to 0.3. +named 'flannel' available via yum or dnf (conditionally), in version superior +to 0.3. Role Variables -------------- diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index acfb009ec..86e1bc96e 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -2,6 +2,12 @@ - name: Install flannel sudo: true yum: pkg=flannel state=present + when: ansible_pkg_mgr == "yum" + +- name: Install flannel + sudo: true + dnf: pkg=flannel state=present + when: ansible_pkg_mgr == "dnf" - name: Set flannel etcd url sudo: true diff --git a/roles/fluentd_master/tasks/main.yml b/roles/fluentd_master/tasks/main.yml index 55cd94460..43c499b4d 100644 --- a/roles/fluentd_master/tasks/main.yml +++ b/roles/fluentd_master/tasks/main.yml @@ -4,6 +4,13 @@ yum: name: 'http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state: present + when: ansible_pkg_mgr == "yum" + +- name: download and install td-agent + dnf: + name: 'http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' + state: present + when: ansible_pkg_mgr == "dnf" - name: Verify fluentd plugin installed command: '/opt/td-agent/embedded/bin/gem query -i fluent-plugin-kubernetes' diff --git a/roles/fluentd_node/tasks/main.yml b/roles/fluentd_node/tasks/main.yml index f9ef30b83..827a1c075 100644 --- a/roles/fluentd_node/tasks/main.yml +++ b/roles/fluentd_node/tasks/main.yml @@ -4,6 +4,13 @@ yum: name: 'http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state: present + when: ansible_pkg_mgr == "yum" + +- name: download and install td-agent + dnf: + name: 'http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' + state: present + when: ansible_pkg_mgr == "dnf" - name: Verify fluentd plugin installed command: '/opt/td-agent/embedded/bin/gem query -i fluent-plugin-kubernetes' diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 5638b7313..5d015fadd 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -3,6 +3,13 @@ yum: pkg: haproxy state: present + when: ansible_pkg_mgr == "yum" + +- name: Install haproxy + dnf: + pkg: haproxy + state: present + when: ansible_pkg_mgr == "dnf" - name: Configure haproxy template: diff --git a/roles/kube_nfs_volumes/tasks/main.yml b/roles/kube_nfs_volumes/tasks/main.yml index d1dcf261a..3fcb9fd18 100644 --- a/roles/kube_nfs_volumes/tasks/main.yml +++ b/roles/kube_nfs_volumes/tasks/main.yml @@ -1,6 +1,11 @@ --- - name: Install pyparted (RedHat/Fedora) yum: name=pyparted,python-httplib2 state=present + when: ansible_pkg_mgr == "yum" + +- name: Install pyparted (RedHat/Fedora) + dnf: name=pyparted,python-httplib2 state=present + when: ansible_pkg_mgr == "dnf" - name: partition the drives partitionpool: disks={{ disks }} force={{ force }} sizes={{ sizes }} diff --git a/roles/kube_nfs_volumes/tasks/nfs.yml b/roles/kube_nfs_volumes/tasks/nfs.yml index 559fcf17c..a58a7b824 100644 --- a/roles/kube_nfs_volumes/tasks/nfs.yml +++ b/roles/kube_nfs_volumes/tasks/nfs.yml @@ -1,6 +1,11 @@ --- - name: Install NFS server on Fedora/Red Hat yum: name=nfs-utils state=present + when: ansible_pkg_mgr == "yum" + +- name: Install NFS server on Fedora/Red Hat + dnf: name=nfs-utils state=present + when: ansible_pkg_mgr == "dnf" - name: Start rpcbind on Fedora/Red Hat service: name=rpcbind state=started enabled=yes diff --git a/roles/openshift_ansible_inventory/tasks/main.yml b/roles/openshift_ansible_inventory/tasks/main.yml index f6919dada..2b99f8bcd 100644 --- a/roles/openshift_ansible_inventory/tasks/main.yml +++ b/roles/openshift_ansible_inventory/tasks/main.yml @@ -2,6 +2,16 @@ - yum: name: "{{ item }}" state: present + when: ansible_pkg_mgr == "yum" + with_items: + - openshift-ansible-inventory + - openshift-ansible-inventory-aws + - openshift-ansible-inventory-gce + +- dnf: + name: "{{ item }}" + state: present + when: ansible_pkg_mgr == "dnf" with_items: - openshift-ansible-inventory - openshift-ansible-inventory-aws diff --git a/roles/openshift_expand_partition/README.md b/roles/openshift_expand_partition/README.md index cd394e1ba..aed4ec871 100644 --- a/roles/openshift_expand_partition/README.md +++ b/roles/openshift_expand_partition/README.md @@ -8,7 +8,7 @@ partition, and then expanding the file system on the partition. * A machine with a disk that is not fully utilized -* cloud-utils-growpart rpm (either installed or avialable via yum) +* cloud-utils-growpart rpm (either installed or avialable via yum or dnf) * The partition you are expanding needs to be at the end of the partition list diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml index 8bc399070..42e7903fd 100644 --- a/roles/openshift_expand_partition/tasks/main.yml +++ b/roles/openshift_expand_partition/tasks/main.yml @@ -1,6 +1,11 @@ --- - name: Ensure growpart is installed yum: pkg=cloud-utils-growpart state=present + when: ansible_pkg_mgr == "yum" + +- name: Ensure growpart is installed + dnf: pkg=cloud-utils-growpart state=present + when: ansible_pkg_mgr == "dnf" - name: Grow the partitions command: "growpart {{oep_drive}} {{oep_partition}}" diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 913f0dc78..2e889d7d5 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -8,6 +8,13 @@ - name: Ensure PyYaml is installed yum: pkg={{ item }} state=installed + when: ansible_pkg_mgr == "yum" + with_items: + - PyYAML + +- name: Ensure PyYaml is installed + dnf: pkg={{ item }} state=installed + when: ansible_pkg_mgr == "dnf" with_items: - PyYAML diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 2cf2a53c4..9d7880041 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -79,6 +79,12 @@ - name: Install Master package yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present + when: ansible_pkg_mgr == "yum" + register: install_result + +- name: Install Master package + dnf: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present + when: ansible_pkg_mgr == "dnf" register: install_result # TODO: These values need to be configurable @@ -118,7 +124,12 @@ - name: Install httpd-tools if needed yum: pkg=httpd-tools state=present - when: item.kind == 'HTPasswdPasswordIdentityProvider' + when: (ansible_pkg_mgr == "yum") and (item.kind == 'HTPasswdPasswordIdentityProvider') + with_items: openshift.master.identity_providers + +- name: Install httpd-tools if needed + dnf: pkg=httpd-tools state=present + when: (ansible_pkg_mgr == "dnf") and (item.kind == 'HTPasswdPasswordIdentityProvider') with_items: openshift.master.identity_providers - name: Ensure htpasswd directory exists @@ -263,7 +274,12 @@ - name: Install cluster packages yum: pkg=pcs state=present - when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' + when: (ansible_pkg_mgr == "yum") and openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' + register: install_result + +- name: Install cluster packages + dnf: pkg=pcs state=present + when: (ansible_pkg_mgr == "dnf") and openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' register: install_result - name: Start and enable cluster service diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 314f068e7..caac13be3 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -1,6 +1,12 @@ --- - name: Install the base package for admin tooling yum: pkg={{ openshift.common.service_type }}{{ openshift_version }} state=present + when: ansible_pkg_mgr == "yum" + register: install_result + +- name: Install the base package for admin tooling + dnf: pkg={{ openshift.common.service_type }}{{ openshift_version }} state=present + when: ansible_pkg_mgr == "dnf" register: install_result - name: Reload generated facts diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 42d984a09..36bcc1a90 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -40,12 +40,23 @@ # problems because the rpms don't pin the version properly. - name: Install Node package yum: pkg={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present + when: ansible_pkg_mgr == "yum" + register: node_install_result + +- name: Install Node package + dnf: pkg={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present + when: ansible_pkg_mgr == "dnf" register: node_install_result - name: Install sdn-ovs package yum: pkg={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present register: sdn_install_result - when: openshift.common.use_openshift_sdn + when: ansible_pkg_mgr == "yum" and openshift.common.use_openshift_sdn + +- name: Install sdn-ovs package + dnf: pkg={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present + register: sdn_install_result + when: ansible_pkg_mgr == "dnf" and openshift.common.use_openshift_sdn # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml index b6936618a..b5146dcac 100644 --- a/roles/openshift_node/tasks/storage_plugins/ceph.yml +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -3,3 +3,10 @@ yum: pkg: ceph-common state: installed + when: ansible_pkg_mgr == "yum" + +- name: Install Ceph storage plugin dependencies + dnf: + pkg: ceph-common + state: installed + when: ansible_pkg_mgr == "dnf" diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index decf4f49d..a357023e1 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -3,6 +3,13 @@ yum: pkg: glusterfs-fuse state: installed + when: ansible_pkg_mgr == "yum" + +- name: Install GlusterFS storage plugin dependencies + dnf: + pkg: glusterfs-fuse + state: installed + when: ansible_pkg_mgr == "dnf" - name: Set sebooleans to allow gluster storage plugin access from containers seboolean: diff --git a/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo b/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo new file mode 100644 index 000000000..bc0435d82 --- /dev/null +++ b/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo @@ -0,0 +1,8 @@ +[maxamillion-fedora-openshift] +name=Copr repo for fedora-openshift owned by maxamillion +baseurl=https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/fedora-$releasever-$basearch/ +skip_if_unavailable=True +gpgcheck=1 +gpgkey=https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/pubkey.gpg +enabled=1 +enabled_metadata=1 \ No newline at end of file diff --git a/roles/openshift_repos/handlers/main.yml b/roles/openshift_repos/handlers/main.yml index 26558a455..fed4ab2f0 100644 --- a/roles/openshift_repos/handlers/main.yml +++ b/roles/openshift_repos/handlers/main.yml @@ -1,3 +1,6 @@ --- -- name: refresh package cache +- name: refresh yum cache command: yum clean all + +- name: refresh dnf cache + command: dnf clean all diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 66be0cb7b..c55b5df89 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -14,38 +14,64 @@ yum: pkg: libselinux-python state: present + when: ansible_pkg_mgr == "yum" + +- name: Ensure libselinux-python is installed + dnf: + pkg: libselinux-python + state: present + when: ansible_pkg_mgr == "dnf" - name: Create any additional repos that are defined template: src: yum_repo.j2 dest: /etc/yum.repos.d/openshift_additional.repo when: openshift_additional_repos | length > 0 - notify: refresh package cache + notify: refresh yum cache - name: Remove the additional repos if no longer defined file: dest: /etc/yum.repos.d/openshift_additional.repo state: absent when: openshift_additional_repos | length == 0 - notify: refresh package cache + notify: refresh yum cache -- name: Remove any yum repo files for other deployment types +- name: Remove any yum repo files for other deployment types RHEL/CentOS file: path: "/etc/yum.repos.d/{{ item | basename }}" state: absent with_fileglob: - '*/repos/*' - when: not (item | search("/files/" ~ openshift_deployment_type ~ "/repos")) - notify: refresh package cache + when: not (item | search("/files/" ~ openshift_deployment_type ~ "/repos")) and + (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") + notify: refresh yum cache + +- name: Remove any yum repo files for other deployment types Fedora + file: + path: "/etc/yum.repos.d/{{ item | basename }}" + state: absent + with_fileglob: + - '*/repos/*' + when: not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) and + (ansible_distribution == "Fedora") + notify: refresh dnf cache - name: Configure gpg keys if needed copy: src={{ item }} dest=/etc/pki/rpm-gpg/ with_fileglob: - "{{ openshift_deployment_type }}/gpg_keys/*" - notify: refresh package cache + notify: refresh yum cache -- name: Configure yum repositories +- name: Configure yum repositories RHEL/CentOS copy: src={{ item }} dest=/etc/yum.repos.d/ with_fileglob: - "{{ openshift_deployment_type }}/repos/*" - notify: refresh package cache + notify: refresh yum cache + when: (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") + +- name: Configure yum repositories Fedora + copy: src={{ item }} dest=/etc/yum.repos.d/ + with_fileglob: + - "fedora-{{ openshift_deployment_type }}/repos/*" + notify: refresh dnf cache + when: (ansible_distribution == "Fedora") diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml index 65ae069df..bf23dfe98 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml @@ -1,6 +1,11 @@ --- - name: Install NFS server yum: name=nfs-utils state=present + when: ansible_pkg_mgr == "yum" + +- name: Install NFS server + dnf: name=nfs-utils state=present + when: ansible_pkg_mgr == "dnf" - name: Start rpcbind service: name=rpcbind state=started enabled=yes diff --git a/roles/os_env_extras/tasks/main.yaml b/roles/os_env_extras/tasks/main.yaml index 96b12ad5b..29599559c 100644 --- a/roles/os_env_extras/tasks/main.yaml +++ b/roles/os_env_extras/tasks/main.yaml @@ -15,3 +15,10 @@ yum: pkg: bash-completion state: installed + when: ansible_pkg_mgr == "yum" + +- name: Bash Completion + dnf: + pkg: bash-completion + state: installed + when: ansible_pkg_mgr == "dnf" diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml index 5089eb3e0..cf2a2c733 100644 --- a/roles/os_firewall/tasks/firewall/firewalld.yml +++ b/roles/os_firewall/tasks/firewall/firewalld.yml @@ -3,6 +3,14 @@ yum: name: firewalld state: present + when: ansible_pkg_mgr == "yum" + register: install_result + +- name: Install firewalld packages + dnf: + name: firewalld + state: present + when: ansible_pkg_mgr == "dnf" register: install_result - name: Check if iptables-services is installed diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 9af9d8d29..36d51504c 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -6,6 +6,17 @@ with_items: - iptables - iptables-services + when: ansible_pkg_mgr == "yum" + register: install_result + +- name: Install iptables packages + dnf: + name: "{{ item }}" + state: present + with_items: + - iptables + - iptables-services + when: ansible_pkg_mgr == "dnf" register: install_result - name: Check if firewalld is installed diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml index 4a2c3d47a..40eec8d35 100644 --- a/roles/os_update_latest/tasks/main.yml +++ b/roles/os_update_latest/tasks/main.yml @@ -1,3 +1,8 @@ --- - name: Update all packages yum: name=* state=latest + when: ansible_pkg_mgr == "yum" + +- name: Update all packages + dnf: name=* state=latest + when: ansible_pkg_mgr == "dnf" diff --git a/roles/yum_repos/README.md b/roles/yum_repos/README.md index 51ecd5d34..908ab4972 100644 --- a/roles/yum_repos/README.md +++ b/roles/yum_repos/README.md @@ -6,7 +6,7 @@ This role allows easy deployment of yum repository config files. Requirements ------------ -Yum +Yum or dnf Role Variables -------------- diff --git a/utils/site_assets/oo-install-bootstrap.sh b/utils/site_assets/oo-install-bootstrap.sh index e1b2cec90..3847c029a 100755 --- a/utils/site_assets/oo-install-bootstrap.sh +++ b/utils/site_assets/oo-install-bootstrap.sh @@ -9,6 +9,13 @@ cmdlnargs="$@" : ${OO_INSTALL_LOG:=${TMPDIR}/INSTALLPKGNAME.log} [[ $TMPDIR != */ ]] && TMPDIR="${TMPDIR}/" +if rpm -q dnf; +then + PKG_MGR="dnf" +else + PKG_MGR="yum" +fi + if [ $OO_INSTALL_CONTEXT != 'origin_vm' ] then clear @@ -18,7 +25,7 @@ if [ -e /etc/redhat-release ] then for i in python python-virtualenv openssh-clients gcc do - rpm -q $i >/dev/null 2>&1 || { echo >&2 "Missing installation dependency detected. Please run \"yum install ${i}\"."; exit 1; } + rpm -q $i >/dev/null 2>&1 || { echo >&2 "Missing installation dependency detected. Please run \"${PKG_MGR} install ${i}\"."; exit 1; } done fi for i in python virtualenv ssh gcc -- cgit v1.2.3 From 205496053be231b99f8b92adcf79c39122e4c689 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 2 Dec 2015 16:55:54 -0500 Subject: Fix openshift_facts playbook for yum/dnf changes --- playbooks/byo/openshift_facts.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'playbooks') diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml index 6d7c12fd4..babdfb952 100644 --- a/playbooks/byo/openshift_facts.yml +++ b/playbooks/byo/openshift_facts.yml @@ -1,7 +1,6 @@ --- - name: Gather Cluster facts - hosts: all - gather_facts: no + hosts: OSEv3 roles: - openshift_facts tasks: -- cgit v1.2.3 From 192ccc8e6e6f465351828f32e9dc43b840897b67 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 1 Dec 2015 16:30:05 -0500 Subject: Refactor dns options and facts. --- inventory/byo/hosts.example | 3 +++ playbooks/common/openshift-cluster/config.yml | 3 --- playbooks/common/openshift-master/config.yml | 16 ---------------- roles/openshift_facts/library/openshift_facts.py | 8 ++++---- roles/openshift_master/tasks/main.yml | 8 +------- roles/openshift_node/tasks/main.yml | 7 +------ roles/openshift_node/templates/node.yaml.v1.j2 | 6 ++++-- 7 files changed, 13 insertions(+), 38 deletions(-) (limited to 'playbooks') diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index 1a67cc290..dd8d8f855 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -154,6 +154,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # entries for the interfaces attached to the host. #openshift_set_hostname=True +# Configure dnsIP in the node config +#openshift_dns_ip=172.30.0.1 + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index a8bd634d3..482fa8441 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -6,6 +6,3 @@ - include: ../openshift-master/config.yml - include: ../openshift-node/config.yml - vars: - osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}" - osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].cluster_dns_ip }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 1c8a92122..785a78497 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -353,22 +353,6 @@ - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool - # TODO: Setting the cluster dns ip should be pushed into openshift-facts -- name: Determine cluster dns ip - hosts: oo_first_master - tasks: - - name: Get master service ip - # This command has to be on a single line. - command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\} --output-version=v1" - register: master_service_ip_output - when: openshift.common.version_greater_than_3_1_or_1_1 | bool - - set_fact: - cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}" - when: not openshift.common.version_greater_than_3_1_or_1_1 | bool - - set_fact: - cluster_dns_ip: "{{ master_service_ip_output.stdout }}" - when: openshift.common.version_greater_than_3_1_or_1_1 | bool - - name: Enable cockpit hosts: oo_first_master vars: diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index b60e42c71..e937b742e 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -528,9 +528,9 @@ def set_aggregate_facts(facts): internal_hostnames.add(facts['common']['hostname']) internal_hostnames.add(facts['common']['ip']) + cluster_domain = facts['common']['dns_domain'] + if 'master' in facts: - # FIXME: not sure why but facts['dns']['domain'] fails - cluster_domain = 'cluster.local' if 'cluster_hostname' in facts['master']: all_hostnames.add(facts['master']['cluster_hostname']) if 'cluster_public_hostname' in facts['master']: @@ -985,7 +985,7 @@ class OpenShiftFacts(object): Raises: OpenShiftFactsUnsupportedRoleError: """ - known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'dns', 'etcd'] + known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'etcd'] def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=False): self.changed = False @@ -1056,6 +1056,7 @@ class OpenShiftFacts(object): public_hostname=hostname) common['client_binary'] = 'oc' if os.path.isfile('/usr/bin/oc') else 'osc' common['admin_binary'] = 'oadm' if os.path.isfile('/usr/bin/oadm') else 'osadm' + common['dns_domain'] = 'cluster.local' defaults['common'] = common if 'master' in roles: @@ -1076,7 +1077,6 @@ class OpenShiftFacts(object): node = dict(labels={}, annotations={}, portal_net='172.30.0.0/16', iptables_sync_period='5s', set_node_ip=False) defaults['node'] = node - return defaults def guess_host_provider(self): diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 2cf2a53c4..5d4ddfca0 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -81,14 +81,8 @@ yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present register: install_result -# TODO: These values need to be configurable -- name: Set dns facts +- name: Re-gather package dependent master facts openshift_facts: - role: dns - local_facts: - ip: "{{ openshift_master_cluster_vip | default(openshift.common.ip, true) | default(None) }}" - domain: cluster.local - when: openshift.master.embedded_dns - name: Create config parent directory if it does not exist file: diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 42d984a09..1d3ac7c09 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -1,11 +1,5 @@ --- # TODO: allow for overriding default ports where possible -- fail: - msg: This role requres that osn_cluster_dns_domain is set - when: osn_cluster_dns_domain is not defined or not osn_cluster_dns_domain -- fail: - msg: This role requres that osn_cluster_dns_ip is set - when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip - fail: msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] @@ -20,6 +14,7 @@ hostname: "{{ openshift_hostname | default(none) }}" public_hostname: "{{ openshift_public_hostname | default(none) }}" deployment_type: "{{ openshift_deployment_type }}" + dns_ip: "{{ openshift_dns_ip | default(openshift_master_cluster_vip | default(None, true), true) }}" - role: node local_facts: annotations: "{{ openshift_node_annotations | default(none) }}" diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 41a303dee..23bd81f91 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -1,7 +1,9 @@ allowDisabledDocker: false apiVersion: v1 -dnsDomain: {{ osn_cluster_dns_domain }} -dnsIP: {{ osn_cluster_dns_ip }} +dnsDomain: {{ openshift.common.dns_domain }} +{% if 'dns_ip' in openshift.common %} +dnsIP: {{ openshift.common.dns_ip }} +{% endif %} dockerConfig: execHandlerName: "" iptablesSyncPeriod: "{{ openshift.node.iptables_sync_period }}" -- cgit v1.2.3 From 04ce758d35666c9f887a9bb1b44ccae1d20ee908 Mon Sep 17 00:00:00 2001 From: enoodle Date: Mon, 23 Nov 2015 17:46:27 +0200 Subject: ManageIQ Service Account: added role for ManageIQ service account Signed-off-by: enoodle --- playbooks/common/openshift-master/config.yml | 2 + roles/openshift_common/tasks/main.yml | 1 + roles/openshift_facts/library/openshift_facts.py | 2 +- roles/openshift_manageiq/tasks/main.yaml | 50 ++++++++++++++++++++++++ roles/openshift_manageiq/vars/main.yml | 24 ++++++++++++ 5 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 roles/openshift_manageiq/tasks/main.yaml create mode 100644 roles/openshift_manageiq/vars/main.yml (limited to 'playbooks') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 902fde956..7bdaca2c9 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -350,6 +350,8 @@ - openshift_examples - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool + - role: openshift_manageiq + when: openshift.common.use_manageiq | bool - name: Determine cluster dns ip hosts: oo_first_master diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index 55065b3de..c0982290d 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -22,6 +22,7 @@ deployment_type: "{{ openshift_deployment_type }}" use_fluentd: "{{ openshift_use_fluentd | default(None) }}" use_flannel: "{{ openshift_use_flannel | default(None) }}" + use_manageiq: "{{ openshift_use_manageiq | default(None) }}" # For enterprise versions < 3.1 and origin versions < 1.1 we want to set the # hostname by default. diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index b60e42c71..0100aa54f 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1053,7 +1053,7 @@ class OpenShiftFacts(object): common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, deployment_type='origin', hostname=hostname, - public_hostname=hostname) + public_hostname=hostname, use_manageiq=False) common['client_binary'] = 'oc' if os.path.isfile('/usr/bin/oc') else 'osc' common['admin_binary'] = 'oadm' if os.path.isfile('/usr/bin/oadm') else 'osadm' defaults['common'] = common diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml new file mode 100644 index 000000000..2d3187e21 --- /dev/null +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -0,0 +1,50 @@ +--- +- name: Copy Configuration to temporary conf + command: > + cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{manage_iq_tmp_conf}} + changed_when: false + +- name: Add Managment Infrastructure project + command: > + {{ openshift.common.admin_binary }} new-project + management-infra + --description="Management Infrastructure" + --config={{manage_iq_tmp_conf}} + register: osmiq_create_mi_project + failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0" + changed_when: osmiq_create_mi_project.rc == 0 + +- name: Create Service Account + shell: > + echo {{ manageiq_service_account | to_json | quote }} | + {{ openshift.common.client_binary }} create + -n management-infra + --config={{manage_iq_tmp_conf}} + -f - + register: osmiq_create_service_account + failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0" + changed_when: osmiq_create_service_account.rc == 0 + +- name: Create Cluster Role + shell: > + echo {{ manageiq_cluster_role | to_json | quote }} | + {{ openshift.common.client_binary }} create + --config={{manage_iq_tmp_conf}} + -f - + register: osmiq_create_cluster_role + failed_when: "'already exists' not in osmiq_create_cluster_role.stderr and osmiq_create_cluster_role.rc != 0" + changed_when: osmiq_create_cluster_role.rc == 0 + +- name: Configure role/user permissions + command: > + {{ openshift.common.admin_binary }} {{item}} + --config={{manage_iq_tmp_conf}} + with_items: "{{manage_iq_tasks}}" + register: osmiq_perm_task + failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0" + changed_when: osmiq_perm_task.rc == 0 + +- name: Clean temporary configuration file + command: > + rm -f {{manage_iq_tmp_conf}} + changed_when: false diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml new file mode 100644 index 000000000..77e1c304b --- /dev/null +++ b/roles/openshift_manageiq/vars/main.yml @@ -0,0 +1,24 @@ +manageiq_cluster_role: + apiVersion: v1 + kind: ClusterRole + metadata: + name: management-infra-admin + rules: + - resources: + - pods/proxy + verbs: + - '*' + +manageiq_service_account: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: management-admin + +manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig + +manage_iq_tasks: + - policy add-role-to-user -n management-infra admin -z management-admin + - policy add-role-to-user -n management-infra management-infra-admin -z management-admin + - policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin + - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin -- cgit v1.2.3 From 208063939b6b97b80b4bd3ab12358fb745993d44 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Fri, 4 Dec 2015 08:53:30 -0500 Subject: Pass in and use first_master_ip as dnsIP for pre 3.1 nodes. --- playbooks/common/openshift-cluster/scaleup.yml | 2 -- playbooks/common/openshift-node/config.yml | 2 ++ playbooks/gce/openshift-cluster/join_node.yml | 2 -- roles/openshift_node/tasks/main.yml | 5 ++++- 4 files changed, 6 insertions(+), 5 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-cluster/scaleup.yml b/playbooks/common/openshift-cluster/scaleup.yml index e1778e41e..d2ba3fc7a 100644 --- a/playbooks/common/openshift-cluster/scaleup.yml +++ b/playbooks/common/openshift-cluster/scaleup.yml @@ -3,6 +3,4 @@ - include: ../openshift-node/config.yml vars: - osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}" - osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}" openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 2b6171cb3..952a9fd51 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -158,8 +158,10 @@ vars: sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" + # TODO: Prefix flannel role variables. etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}" embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" + openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" pre_tasks: - name: Ensure certificate directory exists file: diff --git a/playbooks/gce/openshift-cluster/join_node.yml b/playbooks/gce/openshift-cluster/join_node.yml index c8f6065cd..5ae3a8fef 100644 --- a/playbooks/gce/openshift-cluster/join_node.yml +++ b/playbooks/gce/openshift-cluster/join_node.yml @@ -45,5 +45,3 @@ openshift_use_openshift_sdn: true openshift_node_labels: "{{ lookup('oo_option', 'openshift_node_labels') }} " os_sdn_network_plugin_name: "redhat/openshift-ovs-subnet" - osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}" - osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].cluster_dns_ip }}" diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 29e7eb532..110556b4a 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -14,7 +14,10 @@ hostname: "{{ openshift_hostname | default(none) }}" public_hostname: "{{ openshift_public_hostname | default(none) }}" deployment_type: "{{ openshift_deployment_type }}" - dns_ip: "{{ openshift_dns_ip | default(openshift_master_cluster_vip | default(None, true), true) }}" + # TODO: Replace this with a lookup or filter plugin. + dns_ip: "{{ openshift_dns_ip + | default(openshift_master_cluster_vip + | default(None if openshift.common.version_greater_than_3_1_or_1_1 | bool else openshift_node_first_master_ip | default(None, true), true), true) }}" - role: node local_facts: annotations: "{{ openshift_node_annotations | default(none) }}" -- cgit v1.2.3 From dd17fd49597ec27f66ff9436f211036125dbb08f Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 9 Dec 2015 12:08:56 -0500 Subject: Simplify session secrets overrides. --- playbooks/common/openshift-master/config.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index becd68dbe..196cdc8fe 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -249,22 +249,14 @@ - name: Generate session authentication key command: /usr/bin/openssl rand -base64 24 register: session_auth_output - with_sequence: count=1 when: openshift_master_session_auth_secrets is undefined - name: Generate session encryption key command: /usr/bin/openssl rand -base64 24 register: session_encryption_output - with_sequence: count=1 when: openshift_master_session_encryption_secrets is undefined - set_fact: - session_auth_secret: "{{ openshift_master_session_auth_secrets - | default(session_auth_output.results - | oo_collect(attribute='stdout') - | list) }}" - session_encryption_secret: "{{ openshift_master_session_encryption_secrets - | default(session_encryption_output.results - | oo_collect(attribute='stdout') - | list) }}" + session_auth_secret: "{{ openshift_master_session_auth_secrets | default([session_auth_output.stdout]) }}" + session_encryption_secret: "{{ openshift_master_session_encryption_secrets | default([session_encryption_output.stdout]) }}" - name: Parse named certificates hosts: localhost -- cgit v1.2.3