diff options
-rw-r--r-- | playbooks/common/openshift-cluster/additional_config.yml | 23 | ||||
-rw-r--r-- | playbooks/common/openshift-cluster/openshift_hosted.yml | 23 | ||||
-rw-r--r-- | playbooks/common/openshift-loadbalancer/config.yml | 2 | ||||
-rw-r--r-- | roles/cockpit/defaults/main.yml | 4 | ||||
-rw-r--r-- | roles/cockpit/meta/main.yml | 5 | ||||
-rw-r--r-- | roles/etcd/defaults/main.yaml | 6 | ||||
-rw-r--r-- | roles/etcd/meta/main.yml | 9 | ||||
-rw-r--r-- | roles/openshift_loadbalancer/defaults/main.yml | 10 | ||||
-rw-r--r-- | roles/openshift_loadbalancer/meta/main.yml | 5 | ||||
-rw-r--r-- | roles/openshift_metrics/tasks/main.yaml | 8 | ||||
-rw-r--r-- | roles/openshift_node/defaults/main.yml | 14 | ||||
-rw-r--r-- | roles/openshift_node/meta/main.yml | 15 | ||||
-rw-r--r-- | roles/openshift_storage_nfs/defaults/main.yml | 3 | ||||
-rw-r--r-- | roles/openshift_storage_nfs/meta/main.yml | 3 |
14 files changed, 69 insertions, 61 deletions
diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-cluster/additional_config.yml index 5ed1d3b3c..ebddc7841 100644 --- a/playbooks/common/openshift-cluster/additional_config.yml +++ b/playbooks/common/openshift-cluster/additional_config.yml @@ -28,25 +28,4 @@ - role: flannel_register when: openshift.common.use_flannel | bool -- name: Create persistent volumes and create hosted services - hosts: oo_first_master - vars: - attach_registry_volume: "{{ openshift.hosted.registry.storage.kind != None }}" - deploy_infra: "{{ openshift.master.infra_nodes | default([]) | length > 0 }}" - persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" - persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" - roles: - - role: openshift_persistent_volumes - when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0 - - role: openshift_serviceaccounts - openshift_serviceaccounts_names: - - router - - registry - openshift_serviceaccounts_namespace: default - openshift_serviceaccounts_sccs: - - privileged - - role: openshift_registry - registry_volume_claim: "{{ openshift.hosted.registry.storage.volume.name }}-claim" - when: deploy_infra | bool and attach_registry_volume | bool - - role: openshift_metrics - when: openshift.hosted.metrics.deploy | bool + diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index babb5ea71..811b3d685 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -1,3 +1,26 @@ +- name: Create persistent volumes and create hosted services + hosts: oo_first_master + vars: + attach_registry_volume: "{{ openshift.hosted.registry.storage.kind != None }}" + deploy_infra: "{{ openshift.master.infra_nodes | default([]) | length > 0 }}" + persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" + persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" + roles: + - role: openshift_persistent_volumes + when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0 + - role: openshift_serviceaccounts + openshift_serviceaccounts_names: + - router + - registry + openshift_serviceaccounts_namespace: default + openshift_serviceaccounts_sccs: + - privileged + - role: openshift_registry + registry_volume_claim: "{{ openshift.hosted.registry.storage.volume.name }}-claim" + when: deploy_infra | bool and attach_registry_volume | bool + - role: openshift_metrics + when: openshift.hosted.metrics.deploy | bool + - name: Create Hosted Resources hosts: oo_first_master pre_tasks: diff --git a/playbooks/common/openshift-loadbalancer/config.yml b/playbooks/common/openshift-loadbalancer/config.yml index f4392173a..51cea53a3 100644 --- a/playbooks/common/openshift-loadbalancer/config.yml +++ b/playbooks/common/openshift-loadbalancer/config.yml @@ -1,5 +1,7 @@ --- - name: Configure load balancers hosts: oo_lb_to_config + vars: + haproxy_frontend_port: "{{ openshift_master_api_port | default(8443) }}" roles: - role: openshift_loadbalancer diff --git a/roles/cockpit/defaults/main.yml b/roles/cockpit/defaults/main.yml deleted file mode 100644 index 9cf665841..000000000 --- a/roles/cockpit/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -os_firewall_allow: -- service: cockpit-ws - port: 9090/tcp diff --git a/roles/cockpit/meta/main.yml b/roles/cockpit/meta/main.yml index 1e3948b19..43047902d 100644 --- a/roles/cockpit/meta/main.yml +++ b/roles/cockpit/meta/main.yml @@ -12,4 +12,7 @@ galaxy_info: categories: - cloud dependencies: - - { role: os_firewall } +- role: os_firewall + os_firewall_allow: + - service: cockpit-ws + port: 9090/tcp diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index 1cb055816..2ec62c37c 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -14,9 +14,3 @@ etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_clien etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}" etcd_data_dir: /var/lib/etcd/ - -os_firewall_allow: -- service: etcd - port: "{{etcd_client_port}}/tcp" -- service: etcd peering - port: "{{ etcd_peer_port }}/tcp" diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml index a71b36237..7156a9fff 100644 --- a/roles/etcd/meta/main.yml +++ b/roles/etcd/meta/main.yml @@ -16,5 +16,10 @@ galaxy_info: - cloud - system dependencies: -- { role: os_firewall } -- { role: etcd_common } +- role: os_firewall + os_firewall_allow: + - service: etcd + port: "{{etcd_client_port}}/tcp" + - service: etcd peering + port: "{{ etcd_peer_port }}/tcp" +- role: etcd_common diff --git a/roles/openshift_loadbalancer/defaults/main.yml b/roles/openshift_loadbalancer/defaults/main.yml index a1524cfe1..5c480f7c2 100644 --- a/roles/openshift_loadbalancer/defaults/main.yml +++ b/roles/openshift_loadbalancer/defaults/main.yml @@ -1,10 +1,10 @@ --- -haproxy_frontend_port: 80 +haproxy_frontend_port: 8443 haproxy_frontends: - name: main binds: - - "*:80" + - "*:8443" default_backend: default haproxy_backends: @@ -14,9 +14,3 @@ haproxy_backends: - name: web01 address: 127.0.0.1:9000 opts: check - -os_firewall_allow: -- service: haproxy stats - port: "9000/tcp" -- service: haproxy balance - port: "{{ haproxy_frontend_port }}/tcp" diff --git a/roles/openshift_loadbalancer/meta/main.yml b/roles/openshift_loadbalancer/meta/main.yml index fe336acf7..96a737d2f 100644 --- a/roles/openshift_loadbalancer/meta/main.yml +++ b/roles/openshift_loadbalancer/meta/main.yml @@ -12,4 +12,9 @@ galaxy_info: dependencies: - role: openshift_facts - role: os_firewall + os_firewall_allow: + - service: haproxy stats + port: "9000/tcp" + - service: haproxy balance + port: "{{ haproxy_frontend_port }}/tcp" - role: openshift_repos diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index bee1bab90..43b85204a 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -54,3 +54,11 @@ command: > rm -rf {{hawkular_tmp_conf}} changed_when: false + +- name: "Wait for image pull and deployer pod" + shell: "{{ openshift.common.client_binary }} get pods -n openshift-infra | grep metrics-deployer.*Completed" + register: result + until: result.rc == 0 + retries: 60 + delay: 10 + diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 91aed7aa3..efff5d6cd 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,16 +1,2 @@ --- -os_firewall_allow: -- service: Kubernetes kubelet - port: 10250/tcp -- service: http - port: 80/tcp -- service: https - port: 443/tcp -- service: Openshift kubelet ReadOnlyPort - port: 10255/tcp -- service: Openshift kubelet ReadOnlyPort udp - port: 10255/udp -- service: OpenShift OVS sdn - port: 4789/udp - when: openshift.node.use_openshift_sdn | bool openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}" diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 31547b846..97ab8241b 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -19,4 +19,17 @@ dependencies: - role: openshift_node_dnsmasq when: openshift.common.use_dnsmasq - role: os_firewall - + os_firewall_allow: + - service: Kubernetes kubelet + port: 10250/tcp + - service: http + port: 80/tcp + - service: https + port: 443/tcp + - service: Openshift kubelet ReadOnlyPort + port: 10255/tcp + - service: Openshift kubelet ReadOnlyPort udp + port: 10255/udp + - service: OpenShift OVS sdn + port: 4789/udp + when: openshift.node.use_openshift_sdn | bool diff --git a/roles/openshift_storage_nfs/defaults/main.yml b/roles/openshift_storage_nfs/defaults/main.yml index df0bb9fd4..7f3c054e7 100644 --- a/roles/openshift_storage_nfs/defaults/main.yml +++ b/roles/openshift_storage_nfs/defaults/main.yml @@ -16,6 +16,3 @@ openshift: options: "*(rw,root_squash)" volume: name: "metrics" -os_firewall_allow: -- service: nfs - port: "2049/tcp" diff --git a/roles/openshift_storage_nfs/meta/main.yml b/roles/openshift_storage_nfs/meta/main.yml index d675e0750..865865d9c 100644 --- a/roles/openshift_storage_nfs/meta/main.yml +++ b/roles/openshift_storage_nfs/meta/main.yml @@ -11,5 +11,8 @@ galaxy_info: - 7 dependencies: - role: os_firewall + os_firewall_allow: + - service: nfs + port: "2049/tcp" - role: openshift_hosted_facts - role: openshift_repos |