summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--playbooks/common/openshift-cluster/additional_config.yml23
-rw-r--r--playbooks/common/openshift-cluster/openshift_hosted.yml23
-rw-r--r--playbooks/common/openshift-loadbalancer/config.yml2
-rw-r--r--roles/cockpit/defaults/main.yml4
-rw-r--r--roles/cockpit/meta/main.yml5
-rw-r--r--roles/etcd/defaults/main.yaml6
-rw-r--r--roles/etcd/meta/main.yml9
-rw-r--r--roles/openshift_loadbalancer/defaults/main.yml10
-rw-r--r--roles/openshift_loadbalancer/meta/main.yml5
-rw-r--r--roles/openshift_metrics/tasks/main.yaml8
-rw-r--r--roles/openshift_node/defaults/main.yml14
-rw-r--r--roles/openshift_node/meta/main.yml15
-rw-r--r--roles/openshift_storage_nfs/defaults/main.yml3
-rw-r--r--roles/openshift_storage_nfs/meta/main.yml3
14 files changed, 69 insertions, 61 deletions
diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-cluster/additional_config.yml
index 5ed1d3b3c..ebddc7841 100644
--- a/playbooks/common/openshift-cluster/additional_config.yml
+++ b/playbooks/common/openshift-cluster/additional_config.yml
@@ -28,25 +28,4 @@
- role: flannel_register
when: openshift.common.use_flannel | bool
-- name: Create persistent volumes and create hosted services
- hosts: oo_first_master
- vars:
- attach_registry_volume: "{{ openshift.hosted.registry.storage.kind != None }}"
- deploy_infra: "{{ openshift.master.infra_nodes | default([]) | length > 0 }}"
- persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
- persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
- roles:
- - role: openshift_persistent_volumes
- when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0
- - role: openshift_serviceaccounts
- openshift_serviceaccounts_names:
- - router
- - registry
- openshift_serviceaccounts_namespace: default
- openshift_serviceaccounts_sccs:
- - privileged
- - role: openshift_registry
- registry_volume_claim: "{{ openshift.hosted.registry.storage.volume.name }}-claim"
- when: deploy_infra | bool and attach_registry_volume | bool
- - role: openshift_metrics
- when: openshift.hosted.metrics.deploy | bool
+
diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml
index babb5ea71..811b3d685 100644
--- a/playbooks/common/openshift-cluster/openshift_hosted.yml
+++ b/playbooks/common/openshift-cluster/openshift_hosted.yml
@@ -1,3 +1,26 @@
+- name: Create persistent volumes and create hosted services
+ hosts: oo_first_master
+ vars:
+ attach_registry_volume: "{{ openshift.hosted.registry.storage.kind != None }}"
+ deploy_infra: "{{ openshift.master.infra_nodes | default([]) | length > 0 }}"
+ persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
+ persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
+ roles:
+ - role: openshift_persistent_volumes
+ when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0
+ - role: openshift_serviceaccounts
+ openshift_serviceaccounts_names:
+ - router
+ - registry
+ openshift_serviceaccounts_namespace: default
+ openshift_serviceaccounts_sccs:
+ - privileged
+ - role: openshift_registry
+ registry_volume_claim: "{{ openshift.hosted.registry.storage.volume.name }}-claim"
+ when: deploy_infra | bool and attach_registry_volume | bool
+ - role: openshift_metrics
+ when: openshift.hosted.metrics.deploy | bool
+
- name: Create Hosted Resources
hosts: oo_first_master
pre_tasks:
diff --git a/playbooks/common/openshift-loadbalancer/config.yml b/playbooks/common/openshift-loadbalancer/config.yml
index f4392173a..51cea53a3 100644
--- a/playbooks/common/openshift-loadbalancer/config.yml
+++ b/playbooks/common/openshift-loadbalancer/config.yml
@@ -1,5 +1,7 @@
---
- name: Configure load balancers
hosts: oo_lb_to_config
+ vars:
+ haproxy_frontend_port: "{{ openshift_master_api_port | default(8443) }}"
roles:
- role: openshift_loadbalancer
diff --git a/roles/cockpit/defaults/main.yml b/roles/cockpit/defaults/main.yml
deleted file mode 100644
index 9cf665841..000000000
--- a/roles/cockpit/defaults/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-os_firewall_allow:
-- service: cockpit-ws
- port: 9090/tcp
diff --git a/roles/cockpit/meta/main.yml b/roles/cockpit/meta/main.yml
index 1e3948b19..43047902d 100644
--- a/roles/cockpit/meta/main.yml
+++ b/roles/cockpit/meta/main.yml
@@ -12,4 +12,7 @@ galaxy_info:
categories:
- cloud
dependencies:
- - { role: os_firewall }
+- role: os_firewall
+ os_firewall_allow:
+ - service: cockpit-ws
+ port: 9090/tcp
diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml
index 1cb055816..2ec62c37c 100644
--- a/roles/etcd/defaults/main.yaml
+++ b/roles/etcd/defaults/main.yaml
@@ -14,9 +14,3 @@ etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_clien
etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}"
etcd_data_dir: /var/lib/etcd/
-
-os_firewall_allow:
-- service: etcd
- port: "{{etcd_client_port}}/tcp"
-- service: etcd peering
- port: "{{ etcd_peer_port }}/tcp"
diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml
index a71b36237..7156a9fff 100644
--- a/roles/etcd/meta/main.yml
+++ b/roles/etcd/meta/main.yml
@@ -16,5 +16,10 @@ galaxy_info:
- cloud
- system
dependencies:
-- { role: os_firewall }
-- { role: etcd_common }
+- role: os_firewall
+ os_firewall_allow:
+ - service: etcd
+ port: "{{etcd_client_port}}/tcp"
+ - service: etcd peering
+ port: "{{ etcd_peer_port }}/tcp"
+- role: etcd_common
diff --git a/roles/openshift_loadbalancer/defaults/main.yml b/roles/openshift_loadbalancer/defaults/main.yml
index a1524cfe1..5c480f7c2 100644
--- a/roles/openshift_loadbalancer/defaults/main.yml
+++ b/roles/openshift_loadbalancer/defaults/main.yml
@@ -1,10 +1,10 @@
---
-haproxy_frontend_port: 80
+haproxy_frontend_port: 8443
haproxy_frontends:
- name: main
binds:
- - "*:80"
+ - "*:8443"
default_backend: default
haproxy_backends:
@@ -14,9 +14,3 @@ haproxy_backends:
- name: web01
address: 127.0.0.1:9000
opts: check
-
-os_firewall_allow:
-- service: haproxy stats
- port: "9000/tcp"
-- service: haproxy balance
- port: "{{ haproxy_frontend_port }}/tcp"
diff --git a/roles/openshift_loadbalancer/meta/main.yml b/roles/openshift_loadbalancer/meta/main.yml
index fe336acf7..96a737d2f 100644
--- a/roles/openshift_loadbalancer/meta/main.yml
+++ b/roles/openshift_loadbalancer/meta/main.yml
@@ -12,4 +12,9 @@ galaxy_info:
dependencies:
- role: openshift_facts
- role: os_firewall
+ os_firewall_allow:
+ - service: haproxy stats
+ port: "9000/tcp"
+ - service: haproxy balance
+ port: "{{ haproxy_frontend_port }}/tcp"
- role: openshift_repos
diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml
index bee1bab90..43b85204a 100644
--- a/roles/openshift_metrics/tasks/main.yaml
+++ b/roles/openshift_metrics/tasks/main.yaml
@@ -54,3 +54,11 @@
command: >
rm -rf {{hawkular_tmp_conf}}
changed_when: false
+
+- name: "Wait for image pull and deployer pod"
+ shell: "{{ openshift.common.client_binary }} get pods -n openshift-infra | grep metrics-deployer.*Completed"
+ register: result
+ until: result.rc == 0
+ retries: 60
+ delay: 10
+
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index 91aed7aa3..efff5d6cd 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -1,16 +1,2 @@
---
-os_firewall_allow:
-- service: Kubernetes kubelet
- port: 10250/tcp
-- service: http
- port: 80/tcp
-- service: https
- port: 443/tcp
-- service: Openshift kubelet ReadOnlyPort
- port: 10255/tcp
-- service: Openshift kubelet ReadOnlyPort udp
- port: 10255/udp
-- service: OpenShift OVS sdn
- port: 4789/udp
- when: openshift.node.use_openshift_sdn | bool
openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index 31547b846..97ab8241b 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -19,4 +19,17 @@ dependencies:
- role: openshift_node_dnsmasq
when: openshift.common.use_dnsmasq
- role: os_firewall
-
+ os_firewall_allow:
+ - service: Kubernetes kubelet
+ port: 10250/tcp
+ - service: http
+ port: 80/tcp
+ - service: https
+ port: 443/tcp
+ - service: Openshift kubelet ReadOnlyPort
+ port: 10255/tcp
+ - service: Openshift kubelet ReadOnlyPort udp
+ port: 10255/udp
+ - service: OpenShift OVS sdn
+ port: 4789/udp
+ when: openshift.node.use_openshift_sdn | bool
diff --git a/roles/openshift_storage_nfs/defaults/main.yml b/roles/openshift_storage_nfs/defaults/main.yml
index df0bb9fd4..7f3c054e7 100644
--- a/roles/openshift_storage_nfs/defaults/main.yml
+++ b/roles/openshift_storage_nfs/defaults/main.yml
@@ -16,6 +16,3 @@ openshift:
options: "*(rw,root_squash)"
volume:
name: "metrics"
-os_firewall_allow:
-- service: nfs
- port: "2049/tcp"
diff --git a/roles/openshift_storage_nfs/meta/main.yml b/roles/openshift_storage_nfs/meta/main.yml
index d675e0750..865865d9c 100644
--- a/roles/openshift_storage_nfs/meta/main.yml
+++ b/roles/openshift_storage_nfs/meta/main.yml
@@ -11,5 +11,8 @@ galaxy_info:
- 7
dependencies:
- role: os_firewall
+ os_firewall_allow:
+ - service: nfs
+ port: "2049/tcp"
- role: openshift_hosted_facts
- role: openshift_repos