diff options
48 files changed, 759 insertions, 511 deletions
@@ -2,7 +2,10 @@ #OpenShift Ansible -This repo contains Ansible code for OpenShift +This repo contains Ansible code for OpenShift. This repo and the origin RPMs +that it installs currently require a package that provides `docker`. Currently +the RPMs provided from dockerproject.org do not provide this requirement, though +they may in the future. ##Setup - Install base dependencies: diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index 1e050f0f6..cddd5175c 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -410,6 +410,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure usage of openshift_clock role. #openshift_clock_enabled=true +# OpenShift Per-Service Environment Variables +# Environment variables are added to /etc/sysconfig files for +# each OpenShift service: node, master (api and controllers). +# API and controllers environment variables are merged in single +# master environments. +#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"} +#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} +#openshift_node_env_vars={"ENABLE_HTTP2": "true"} + # host group for masters [masters] aep3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 104c64c23..7c9c7152b 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -415,6 +415,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure usage of openshift_clock role. #openshift_clock_enabled=true +# OpenShift Per-Service Environment Variables +# Environment variables are added to /etc/sysconfig files for +# each OpenShift service: node, master (api and controllers). +# API and controllers environment variables are merged in single +# master environments. +#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"} +#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} +#openshift_node_env_vars={"ENABLE_HTTP2": "true"} + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index ebac28fc6..55f9fa66c 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -410,6 +410,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure usage of openshift_clock role. #openshift_clock_enabled=true +# OpenShift Per-Service Environment Variables +# Environment variables are added to /etc/sysconfig files for +# each OpenShift service: node, master (api and controllers). +# API and controllers environment variables are merged in single +# master environments. +#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"} +#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} +#openshift_node_env_vars={"ENABLE_HTTP2": "true"} + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index dbf924683..4edd44fe4 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -7,253 +7,369 @@ # images # RPMs --- -- hosts: - - OSEv3:children +- hosts: OSEv3:children + become: yes + tasks: + - name: Detecting Operating System + shell: ls /run/ostree-booted + ignore_errors: yes + failed_when: false + register: ostree_output + + # Since we're not calling openshift_facts we'll do this for now + - set_fact: + is_atomic: "{{ ostree_output.rc == 0 }}" + - set_fact: + is_containerized: "{{ is_atomic or containerized | default(false) | bool }}" +- hosts: nodes become: yes + tasks: + - name: Stop services + service: name={{ item }} state=stopped + with_items: + - atomic-enterprise-node + - atomic-openshift-node + - openshift-node + - openvswitch + - origin-node + failed_when: false + + - name: unmask services + command: systemctl unmask "{{ item }}" + changed_when: False + failed_when: False + with_items: + - firewalld + + - name: Remove packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" + when: not is_atomic | bool + with_items: + - atomic-enterprise + - atomic-enterprise-node + - atomic-enterprise-sdn-ovs + - atomic-openshift + - atomic-openshift-clients + - atomic-openshift-node + - atomic-openshift-sdn-ovs + - cockpit-bridge + - cockpit-docker + - cockpit-shell + - cockpit-ws + - kubernetes-client + - openshift + - openshift-node + - openshift-sdn + - openshift-sdn-ovs + - openvswitch + - origin + - origin-clients + - origin-node + - origin-sdn-ovs + - tuned-profiles-atomic-enterprise-node + - tuned-profiles-atomic-openshift-node + - tuned-profiles-openshift-node + - tuned-profiles-origin-node + + - shell: systemctl reset-failed + changed_when: False + + - shell: systemctl daemon-reload + changed_when: False + + - name: Remove br0 interface + shell: ovs-vsctl del-br br0 + changed_when: False + failed_when: False + + - name: Remove linux interfaces + shell: ip link del "{{ item }}" + changed_when: False + failed_when: False + with_items: + - lbr0 + - vlinuxbr + - vovsbr + + - name: restart docker + service: name=docker state=restarted + + - name: restart NetworkManager + service: name=NetworkManager state=restarted + + - shell: find /var/lib/origin/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true + changed_when: False + + - shell: find /var/lib/atomic-enterprise/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true + changed_when: False + + - shell: find /var/lib/openshift/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true + changed_when: False + + - shell: docker rm -f "{{ item }}"-master "{{ item }}"-node + changed_when: False + failed_when: False + with_items: + - openshift-enterprise + - atomic-enterprise + - origin + + - shell: docker ps -a | grep Exited | egrep "{{ item }}" | awk '{print $1}' + changed_when: False + failed_when: False + register: exited_containers_to_delete + with_items: + - aep3.*/aep + - aep3.*/node + - aep3.*/openvswitch + - openshift3/ose + - openshift3/node + - openshift3/openvswitch + - openshift/origin + + - shell: "docker rm {{ item.stdout_lines | join(' ') }}" + changed_when: False + failed_when: False + with_items: "{{ exited_containers_to_delete.results }}" + + - shell: docker images | egrep {{ item }} | awk '{ print $3 }' + changed_when: False + failed_when: False + register: images_to_delete + with_items: + - registry\.access\..*redhat\.com/openshift3 + - registry\.access\..*redhat\.com/aep3 + - registry\.qe\.openshift\.com/.* + - registry\.access\..*redhat\.com/rhel7/etcd + - docker.io/openshift + when: openshift_uninstall_images | default(True) | bool + + - shell: "docker rmi -f {{ item.stdout_lines | join(' ') }}" + changed_when: False + failed_when: False + with_items: "{{ images_to_delete.results }}" + when: openshift_uninstall_images | default(True) | bool + + - name: Remove sdn drop files + file: + path: /run/openshift-sdn + state: absent + + - name: Remove remaining files + file: path={{ item }} state=absent + with_items: + - /etc/ansible/facts.d/openshift.fact + - /etc/atomic-enterprise + - /etc/openshift + - /etc/openshift-sdn + - /etc/origin + - /etc/systemd/system/atomic-openshift-node.service + - /etc/systemd/system/atomic-openshift-node-dep.service + - /etc/systemd/system/origin-node.service + - /etc/systemd/system/origin-node-dep.service + - /etc/systemd/system/openvswitch.service + - /etc/sysconfig/atomic-enterprise-node + - /etc/sysconfig/atomic-openshift-node + - /etc/sysconfig/atomic-openshift-node-dep + - /etc/sysconfig/origin-node + - /etc/sysconfig/origin-node-dep + - /etc/sysconfig/openshift-node + - /etc/sysconfig/openshift-node-dep + - /etc/sysconfig/openvswitch + - /etc/sysconfig/origin-node + - /etc/systemd/system/atomic-openshift-node.service.wants + - /run/openshift-sdn + - /var/lib/atomic-enterprise + - /var/lib/openshift + - /var/lib/origin + - /etc/NetworkManager/dispatcher.d/99-origin-dns.sh + - /etc/dnsmasq.d/origin-dns.conf + - /etc/dnsmasq.d/origin-upstream-dns.conf +- hosts: masters + become: yes tasks: - - name: Detecting Operating System - shell: ls /run/ostree-booted - ignore_errors: yes - failed_when: false - register: ostree_output - - # Since we're not calling openshift_facts we'll do this for now - - set_fact: - is_atomic: "{{ ostree_output.rc == 0 }}" - - set_fact: - is_containerized: "{{ is_atomic or containerized | default(false) | bool }}" - - - name: Stop services - service: name={{ item }} state=stopped - with_items: - - atomic-enterprise-master - - atomic-enterprise-node - - atomic-openshift-master - - atomic-openshift-master-api - - atomic-openshift-master-controllers - - atomic-openshift-node - - etcd - - haproxy - - openshift-master - - openshift-master-api - - openshift-master-controllers - - openshift-node - - openvswitch - - origin-master - - origin-master-api - - origin-master-controllers - - origin-node - - pcsd - failed_when: false - - - name: unmask services - command: systemctl unmask "{{ item }}" - changed_when: False - failed_when: False - with_items: - - etcd - - firewalld - - atomic-openshift-master - - - name: Stop additional atomic services - service: name={{ item }} state=stopped - when: is_containerized | bool - with_items: - - etcd_container - failed_when: false - - - name: Remove packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" - when: not is_atomic | bool - with_items: - - atomic-enterprise - - atomic-enterprise-master - - atomic-enterprise-node - - atomic-enterprise-sdn-ovs - - atomic-openshift - - atomic-openshift-clients - - atomic-openshift-master - - atomic-openshift-node - - atomic-openshift-sdn-ovs - - cockpit-bridge - - cockpit-docker - - cockpit-shell - - cockpit-ws - - corosync - - etcd - - haproxy - - kubernetes-client - - openshift - - openshift-master - - openshift-node - - openshift-sdn - - openshift-sdn-ovs - - openvswitch - - origin - - origin-clients - - origin-master - - origin-node - - origin-sdn-ovs - - pacemaker - - pcs - - tuned-profiles-atomic-enterprise-node - - tuned-profiles-atomic-openshift-node - - tuned-profiles-openshift-node - - tuned-profiles-origin-node - - - shell: systemctl reset-failed - changed_when: False - - - shell: systemctl daemon-reload - changed_when: False - - - name: Remove remaining files - file: path={{ item }} state=absent - with_items: - - "~{{ ansible_ssh_user }}/.kube" - - /etc/ansible/facts.d/openshift.fact - - /etc/atomic-enterprise - - /etc/corosync - - /etc/etcd - - /etc/openshift - - /etc/openshift-sdn - - /etc/origin - - /etc/systemd/system/atomic-openshift-master.service - - /etc/systemd/system/atomic-openshift-master-api.service - - /etc/systemd/system/atomic-openshift-master-controllers.service - - /etc/systemd/system/atomic-openshift-node.service - - /etc/systemd/system/atomic-openshift-node-dep.service - - /etc/systemd/system/origin-master.service - - /etc/systemd/system/origin-master-api.service - - /etc/systemd/system/origin-master-controllers.service - - /etc/systemd/system/origin-node.service - - /etc/systemd/system/origin-node-dep.service - - /etc/systemd/system/etcd_container.service - - /etc/systemd/system/openvswitch.service - - /etc/sysconfig/atomic-enterprise-master - - /etc/sysconfig/atomic-enterprise-master-api - - /etc/sysconfig/atomic-enterprise-master-controllers - - /etc/sysconfig/atomic-enterprise-node - - /etc/sysconfig/atomic-openshift-master - - /etc/sysconfig/atomic-openshift-master-api - - /etc/sysconfig/atomic-openshift-master-controllers - - /etc/sysconfig/atomic-openshift-node - - /etc/sysconfig/atomic-openshift-node-dep - - /etc/sysconfig/origin-master - - /etc/sysconfig/origin-master-api - - /etc/sysconfig/origin-master-controllers - - /etc/sysconfig/origin-node - - /etc/sysconfig/origin-node-dep - - /etc/sysconfig/openshift-master - - /etc/sysconfig/openshift-node - - /etc/sysconfig/openshift-node-dep - - /etc/sysconfig/openvswitch - - /etc/sysconfig/origin-master - - /etc/sysconfig/origin-master-api - - /etc/sysconfig/origin-master-controllers - - /etc/sysconfig/origin-node - - /etc/systemd/system/atomic-openshift-node.service.wants - - /root/.kube - - /run/openshift-sdn - - /usr/share/openshift/examples - - /var/lib/atomic-enterprise - - /var/lib/etcd - - /var/lib/openshift - - /var/lib/origin - - /var/lib/pacemaker - - /usr/lib/systemd/system/atomic-openshift-master-api.service - - /usr/lib/systemd/system/atomic-openshift-master-controllers.service - - /usr/lib/systemd/system/origin-master-api.service - - /usr/lib/systemd/system/origin-master-controllers.service - - /usr/local/bin/openshift - - /usr/local/bin/oadm - - /usr/local/bin/oc - - /usr/local/bin/kubectl - - /etc/NetworkManager/dispatcher.d/99-origin-dns.sh - - /etc/dnsmasq.d/origin-dns.conf - - /etc/dnsmasq.d/origin-upstream-dns.conf - - # Since we are potentially removing the systemd unit files for separated - # master-api and master-controllers services, so we need to reload the - # systemd configuration manager - - name: Reload systemd manager configuration - command: systemctl daemon-reload + - name: Stop services + service: name={{ item }} state=stopped + with_items: + - atomic-enterprise-master + - atomic-openshift-master + - atomic-openshift-master-api + - atomic-openshift-master-controllers + - openshift-master + - openshift-master-api + - openshift-master-controllers + - origin-master + - origin-master-api + - origin-master-controllers + - pcsd + failed_when: false -- hosts: nodes + - name: unmask services + command: systemctl unmask "{{ item }}" + changed_when: False + failed_when: False + with_items: + - firewalld + - atomic-openshift-master + + - name: Remove packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" + when: not is_atomic | bool + with_items: + - atomic-enterprise + - atomic-enterprise-master + - atomic-openshift + - atomic-openshift-clients + - atomic-openshift-master + - cockpit-bridge + - cockpit-docker + - cockpit-shell + - cockpit-ws + - corosync + - kubernetes-client + - openshift + - openshift-master + - origin + - origin-clients + - origin-master + - pacemaker + - pcs + + - shell: systemctl reset-failed + changed_when: False + + - shell: systemctl daemon-reload + changed_when: False + + - name: Remove remaining files + file: path={{ item }} state=absent + with_items: + - "~{{ ansible_ssh_user }}/.kube" + - /etc/ansible/facts.d/openshift.fact + - /etc/atomic-enterprise + - /etc/corosync + - /etc/openshift + - /etc/openshift-sdn + - /etc/origin + - /etc/systemd/system/atomic-openshift-master.service + - /etc/systemd/system/atomic-openshift-master-api.service + - /etc/systemd/system/atomic-openshift-master-controllers.service + - /etc/systemd/system/origin-master.service + - /etc/systemd/system/origin-master-api.service + - /etc/systemd/system/origin-master-controllers.service + - /etc/systemd/system/openvswitch.service + - /etc/sysconfig/atomic-enterprise-master + - /etc/sysconfig/atomic-enterprise-master-api + - /etc/sysconfig/atomic-enterprise-master-controllers + - /etc/sysconfig/atomic-openshift-master + - /etc/sysconfig/atomic-openshift-master-api + - /etc/sysconfig/atomic-openshift-master-controllers + - /etc/sysconfig/origin-master + - /etc/sysconfig/origin-master-api + - /etc/sysconfig/origin-master-controllers + - /etc/sysconfig/openshift-master + - /etc/sysconfig/openvswitch + - /etc/sysconfig/origin-master + - /etc/sysconfig/origin-master-api + - /etc/sysconfig/origin-master-controllers + - /root/.kube + - /usr/share/openshift/examples + - /var/lib/atomic-enterprise + - /var/lib/openshift + - /var/lib/origin + - /var/lib/pacemaker + - /var/lib/pcsd + - /usr/lib/systemd/system/atomic-openshift-master-api.service + - /usr/lib/systemd/system/atomic-openshift-master-controllers.service + - /usr/lib/systemd/system/origin-master-api.service + - /usr/lib/systemd/system/origin-master-controllers.service + - /usr/local/bin/openshift + - /usr/local/bin/oadm + - /usr/local/bin/oc + - /usr/local/bin/kubectl + + # Since we are potentially removing the systemd unit files for separated + # master-api and master-controllers services, so we need to reload the + # systemd configuration manager + - name: Reload systemd manager configuration + command: systemctl daemon-reload + +- hosts: etcd + become: yes + tasks: + - name: Stop services + service: name={{ item }} state=stopped + with_items: + - etcd + failed_when: false + + - name: unmask services + command: systemctl unmask "{{ item }}" + changed_when: False + failed_when: False + with_items: + - etcd + - firewalld + + - name: Stop additional atomic services + service: name={{ item }} state=stopped + when: is_containerized | bool + with_items: + - etcd_container + failed_when: false + + - name: Remove packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" + when: not is_atomic | bool + with_items: + - etcd + + - shell: systemctl reset-failed + changed_when: False + + - shell: systemctl daemon-reload + changed_when: False + + - name: Remove remaining files + file: path={{ item }} state=absent + with_items: + - /etc/ansible/facts.d/openshift.fact + - /etc/etcd + - /etc/systemd/system/etcd_container.service + - /var/lib/etcd + +- hosts: lb become: yes tasks: - - name: Remove br0 interface - shell: ovs-vsctl del-br br0 - changed_when: False - failed_when: False - - name: Remove linux interfaces - shell: ip link del "{{ item }}" - changed_when: False - failed_when: False - with_items: - - lbr0 - - vlinuxbr - - vovsbr - - name: restart docker - service: name=docker state=restarted - - - name: restart NetworkManager - service: name=NetworkManager state=restarted - - - shell: find /var/lib/origin/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true - changed_when: False - - - shell: find /var/lib/atomic-enterprise/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true - changed_when: False - - - shell: find /var/lib/openshift/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true - changed_when: False - - - shell: docker rm -f "{{ item }}"-master "{{ item }}"-node - changed_when: False - failed_when: False - with_items: - - openshift-enterprise - - atomic-enterprise - - origin - - - shell: docker ps -a | grep Exited | egrep "{{ item }}" | awk '{print $1}' - changed_when: False - failed_when: False - register: exited_containers_to_delete - with_items: - - aep3.*/aep - - aep3.*/node - - aep3.*/openvswitch - - openshift3/ose - - openshift3/node - - openshift3/openvswitch - - openshift/origin - - - shell: "docker rm {{ item.stdout_lines | join(' ') }}" - changed_when: False - failed_when: False - with_items: "{{ exited_containers_to_delete.results }}" - - - shell: docker images | egrep {{ item }} | awk '{ print $3 }' - changed_when: False - failed_when: False - register: images_to_delete - with_items: - - registry\.access\..*redhat\.com/openshift3 - - registry\.access\..*redhat\.com/aep3 - - registry\.qe\.openshift\.com/.* - - registry\.access\..*redhat\.com/rhel7/etcd - - docker.io/openshift - - - shell: "docker rmi -f {{ item.stdout_lines | join(' ') }}" - changed_when: False - failed_when: False - with_items: "{{ images_to_delete.results }}" - - - name: Remove sdn drop files - file: - path: /run/openshift-sdn - state: absent + - name: Stop services + service: name={{ item }} state=stopped + with_items: + - haproxy + failed_when: false + + - name: unmask services + command: systemctl unmask "{{ item }}" + changed_when: False + failed_when: False + with_items: + - firewalld + + - name: Remove packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" + when: not is_atomic | bool + with_items: + - haproxy + + - shell: systemctl reset-failed + changed_when: False + + - shell: systemctl daemon-reload + changed_when: False + + - name: Remove remaining files + file: path={{ item }} state=absent + with_items: + - /etc/ansible/facts.d/openshift.fact + - /var/lib/haproxy diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml index 6c12e8245..d7798d304 100644 --- a/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml @@ -4,26 +4,27 @@ roles: - openshift_facts tasks: + - fail: + msg: Cannot upgrade Docker on Atomic operating systems. + when: openshift.common.is_atomic | bool + - name: Determine available Docker version script: ../../../../common/openshift-cluster/upgrades/files/rpm_versions.sh docker register: g_docker_version_result - when: not openshift.common.is_atomic | bool - name: Check if Docker is installed command: rpm -q docker register: pkg_check failed_when: pkg_check.rc > 1 changed_when: no - when: not openshift.common.is_atomic | bool - set_fact: g_docker_version: "{{ g_docker_version_result.stdout | from_yaml }}" - when: not openshift.common.is_atomic | bool - name: Set fact if docker requires an upgrade set_fact: docker_upgrade: true - when: not openshift.common.is_atomic | bool and pkg_check.rc == 0 and g_docker_version.curr_version | version_compare('1.10','<') + when: pkg_check.rc == 0 and g_docker_version.curr_version | version_compare('1.10','<') - fail: msg: This playbook requires access to Docker 1.10 or later @@ -59,7 +60,7 @@ - "{{ openshift.common.service_type }}-master-api" - "{{ openshift.common.service_type }}-master-controllers" - "{{ openshift.common.service_type }}-node" - - etcd + - etcd_container - openvswitch failed_when: false when: docker_upgrade is defined and docker_upgrade | bool and openshift.common.is_containerized | bool @@ -77,7 +78,7 @@ - name: Restart containerized services service: name={{ item }} state=started with_items: - - etcd + - etcd_container - openvswitch - "{{ openshift.common.service_type }}-master" - "{{ openshift.common.service_type }}-master-api" diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/files/nuke_images.sh b/playbooks/byo/openshift-cluster/upgrades/docker/files/nuke_images.sh index 9a5ee2276..6b155f7fa 100644 --- a/playbooks/byo/openshift-cluster/upgrades/docker/files/nuke_images.sh +++ b/playbooks/byo/openshift-cluster/upgrades/docker/files/nuke_images.sh @@ -1,22 +1,22 @@ #!/bin/bash # Stop any running containers -running_container_count=`docker ps -q | wc -l` -if test $running_container_count -gt 0 +running_container_ids=`docker ps -q` +if test -n "$running_container_ids" then - docker stop $(docker ps -q) + docker stop $running_container_ids fi # Delete all containers -container_count=`docker ps -a -q | wc -l` -if test $container_count -gt 0 +container_ids=`docker ps -a -q` +if test -n "$container_ids" then - docker rm -f -v $(docker ps -a -q) + docker rm -f -v $container_ids fi # Delete all images (forcefully) -image_count=`docker images -q | wc -l` -if test $image_count -gt 0 +image_ids=`docker images -q` +if test -n "$image_ids" then # Taken from: https://gist.github.com/brianclements/f72b2de8e307c7b56689#gistcomment-1443144 docker rmi $(docker images | grep "$2/\|/$2 \| $2 \|$2 \|$2-\|$2_" | awk '{print $1 ":" $2}') 2>/dev/null || echo "No images matching \"$2\" left to purge." diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-cluster/additional_config.yml index ebddc7841..a34322754 100644 --- a/playbooks/common/openshift-cluster/additional_config.yml +++ b/playbooks/common/openshift-cluster/additional_config.yml @@ -17,6 +17,7 @@ - role: openshift_master_cluster when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker" - role: openshift_examples + registry_url: "{{ openshift.master.registry_url }}" when: openshift.common.install_examples | bool - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml index cda490b1f..37f523246 100644 --- a/playbooks/common/openshift-cluster/initialize_facts.yml +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -1,6 +1,7 @@ --- - name: Initialize host facts hosts: oo_all_hosts + any_errors_fatal: true roles: - openshift_facts tasks: diff --git a/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh index a2a9579b5..8d7543f3c 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh @@ -1,7 +1,11 @@ #!/bin/bash - -installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | sort -r | tr '\n' ' ') -available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ') +if [ `which dnf 2> /dev/null` ]; then + installed=$(dnf repoquery --installed --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null) + installed=$(dnf repoquery --available --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null) +else + installed=$(repoquery --plugins --pkgnarrow=installed --qf '%{version}-%{release}' "${@}" 2> /dev/null) + available=$(repoquery --plugins --pkgnarrow=available --qf '%{version}-%{release}' "${@}" 2> /dev/null) +fi echo "---" echo "curr_version: ${installed}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml index 5b2bf9f93..e31e7f8a3 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml @@ -109,5 +109,6 @@ vars: openshift_examples_import_command: "update" openshift_deployment_type: "{{ deployment_type }}" + registry_url: "{{ openshift.master.registry_url }}" roles: - openshift_examples diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 3a4c58e43..c3c1240d8 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -569,6 +569,7 @@ # Update the existing templates - role: openshift_examples openshift_examples_import_command: replace + registry_url: "{{ openshift.master.registry_url }}" pre_tasks: - name: Collect all routers command: > diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml index 196393b2a..f030eed18 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml @@ -19,6 +19,7 @@ # Update the existing templates - role: openshift_examples openshift_examples_import_command: replace + registry_url: "{{ openshift.master.registry_url }}" pre_tasks: - name: Collect all routers command: > diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml new file mode 100644 index 000000000..c7b18f51b --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml @@ -0,0 +1,14 @@ +- name: Check if Docker is installed + command: rpm -q docker + register: pkg_check + failed_when: pkg_check.rc > 1 + changed_when: no + +- name: Upgrade Docker + command: "{{ ansible_pkg_mgr}} update -y docker" + when: pkg_check.rc == 0 and g_docker_version.curr_version | version_compare('1.9','<') + register: docker_upgrade + +- name: Restart Docker + command: systemctl restart docker + when: docker_upgrade | changed diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml index 31e76805c..c16965a35 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml @@ -19,6 +19,7 @@ - openshift_examples # Update the existing templates - role: openshift_examples + registry_url: "{{ openshift.master.registry_url }}" openshift_examples_import_command: replace pre_tasks: - name: Collect all routers diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml index 6bff16674..f163cca86 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -8,6 +8,18 @@ - openshift_facts - openshift_repos +- name: Set openshift_no_proxy_internal_hostnames + hosts: oo_masters_to_config:oo_nodes_to_config + tasks: + - set_fact: + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + openshift_generate_no_proxy_hosts | default(True) | bool }}" + - name: Evaluate additional groups for upgrade hosts: localhost connection: local @@ -200,6 +212,9 @@ msg: Upgrade packages not found when: openshift_image_tag is not defined and (g_aos_versions.avail_version | default(g_aos_versions.curr_version, true) | version_compare(target_version, '<')) +- name: Verify docker upgrade targets + hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config + tasks: - name: Determine available Docker script: ../files/rpm_versions.sh docker register: g_docker_version_result @@ -254,7 +269,7 @@ - name: Backup etcd hosts: etcd_hosts_to_backup vars: - embedded_etcd: "{{ openshift.master.embedded_etcd }}" + embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" timestamp: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" roles: - openshift_facts diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml index 156e80c0f..964257af5 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -3,13 +3,13 @@ # The restart playbook should be run after this playbook completes. ############################################################################### -- include: ../../../../byo/openshift-cluster/upgrades/docker/docker_upgrade.yml - -- name: Update Docker facts - hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config +- name: Upgrade docker + hosts: oo_masters_to_config:oo_nodes_to_config roles: - openshift_facts tasks: + - include: docker_upgrade.yml + when: not openshift.common.is_atomic | bool - name: Set post docker install facts openshift_facts: role: "{{ item.role }}" @@ -20,6 +20,15 @@ openshift_image_tag: "v{{ g_new_version }}" openshift_version: "{{ g_new_version }}" +- name: Upgrade docker + hosts: oo_etcd_to_config + roles: + - openshift_facts + tasks: + # Upgrade docker when host is not atomic and host is not a non-containerized etcd node + - include: docker_upgrade.yml + when: not openshift.common.is_atomic | bool and not ('oo_etcd_to_config' in group_names and not openshift.common.is_containerized) + # The cli image is used by openshift_docker_facts to determine the currently installed # version. We need to explicitly pull the latest image to handle cases where # the locally cached 'latest' tag is older the g_new_version. diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 6cb3a954f..a95de8cf3 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -1,6 +1,7 @@ --- - name: Set etcd facts needed for generating certs hosts: oo_etcd_to_config + any_errors_fatal: true roles: - openshift_facts tasks: diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 0ca148169..7a59f3ea3 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -46,7 +46,7 @@ openshift_hosted_metrics_duration: "{{ lookup('oo_option', 'openshift_hosted_metrics_duration') | default(7) }}" when: openshift_hosted_metrics_duration is not defined - set_fact: - openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default(10) }}" + openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default('10s', true) }}" when: openshift_hosted_metrics_resolution is not defined roles: - openshift_facts diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 3368e7cd9..1f5f891c7 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,32 +1,4 @@ --- -# Going forward we require Docker 1.10 or greater. If the user has a lesser version installed they must run a separate upgrade process. -- name: Get current installed Docker version - command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" - when: not openshift.common.is_atomic | bool - register: curr_docker_version - changed_when: false - -# TODO: The use of upgrading var will be removed in the coming upgrade refactor. This is a temporary -# fix to wory around the fact that right now, this role is called during upgrade, before we're -# ready to upgrade Docker. -- name: Fail if Docker upgrade is required - fail: - msg: "Docker {{ curr_docker_version.stdout }} must be upgraded to Docker 1.10 or greater" - when: not upgrading | bool and not curr_docker_version | skipped and curr_docker_version.stdout | default('0.0', True) | version_compare('1.10', '<') - -- name: Get latest available version of Docker - command: > - {{ repoquery_cmd }} --qf '%{version}' "docker" - register: avail_docker_version - failed_when: false - changed_when: false - when: not curr_docker_version.stdout | default('0.0', True) | version_compare('1.10', '>=') and not openshift.common.is_atomic | bool - -- name: Verify Docker >= 1.10 is available - fail: - msg: "Docker {{ avail_docker_version.stdout }} is available, but 1.10 or greater is required" - when: not avail_docker_version | skipped and avail_docker_version.stdout | default('0.0', True) | version_compare('1.10', '<') - - stat: path=/etc/sysconfig/docker-storage register: docker_storage_check diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml index 606cdb9b9..f81f99e2b 100644 --- a/roles/docker/vars/main.yml +++ b/roles/docker/vars/main.yml @@ -1,3 +1,2 @@ --- -repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" udevw_udevd_dir: /etc/systemd/system/systemd-udevd.service.d diff --git a/roles/openshift_docker_facts/vars/main.yml b/roles/openshift_docker_facts/vars/main.yml index f7ad1b329..55c04b0c1 100644 --- a/roles/openshift_docker_facts/vars/main.yml +++ b/roles/openshift_docker_facts/vars/main.yml @@ -1,2 +1,2 @@ --- -repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" +repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index 976ff7702..d88014bea 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -20,3 +20,5 @@ infrastructure_origin_base: "{{ examples_base }}/infrastructure-templates/origin infrastructure_enterprise_base: "{{ examples_base }}/infrastructure-templates/enterprise" openshift_examples_import_command: "create" +registry_url: "" +registry_host: "{{ registry_url.split('/')[0] if '.' in registry_url.split('/')[0] else '' }}"
\ No newline at end of file diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index f9d194909..24c18f2b8 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -41,7 +41,7 @@ wget https://raw.githubusercontent.com/jboss-fuse/application-templates/master/f wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/metrics-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-metrics/enterprise/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/enterprise/metrics-deployer.yaml -wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployment/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/logging-deployer.yaml +wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployer/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/logging-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/enterprise/deployment/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/enterprise/logging-deployer.yaml popd diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json index 0e618624b..9a935be5e 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json @@ -85,7 +85,7 @@ "containers": [ { "name": "mongodb", - "image": "mongodb", + "image": " ", "ports": [ { "containerPort": 27017, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json index 07290b1ea..4f73d00cc 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json @@ -102,7 +102,7 @@ "containers": [ { "name": "mongodb", - "image": "mongodb", + "image": " ", "ports": [ { "containerPort": 27017, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json index 1457d288c..5f133b946 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json @@ -85,7 +85,7 @@ "containers": [ { "name": "mysql", - "image": "mysql", + "image": " ", "ports": [ { "containerPort": 3306, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json index e39ee57c8..88d8c3940 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json @@ -3,7 +3,6 @@ "apiVersion": "v1", "metadata": { "name": "mysql-persistent", - "creationTimestamp": null, "annotations": { "description": "MySQL database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mysql-database", @@ -15,28 +14,18 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${DATABASE_SERVICE_NAME}", - "creationTimestamp": null + "name": "${DATABASE_SERVICE_NAME}" }, "spec": { "ports": [ { "name": "mysql", - "protocol": "TCP", - "port": 3306, - "targetPort": 3306, - "nodePort": 0 + "port": 3306 } ], "selector": { "name": "${DATABASE_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - }, - "status": { - "loadBalancer": {} + } } }, { @@ -60,8 +49,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "${DATABASE_SERVICE_NAME}", - "creationTimestamp": null + "name": "${DATABASE_SERVICE_NAME}" }, "spec": { "strategy": { @@ -79,8 +67,7 @@ "kind": "ImageStreamTag", "name": "mysql:latest", "namespace": "${NAMESPACE}" - }, - "lastTriggeredImage": "" + } } }, { @@ -93,7 +80,6 @@ }, "template": { "metadata": { - "creationTimestamp": null, "labels": { "name": "${DATABASE_SERVICE_NAME}" } @@ -102,11 +88,10 @@ "containers": [ { "name": "mysql", - "image": "mysql", + "image": " ", "ports": [ { - "containerPort": 3306, - "protocol": "TCP" + "containerPort": 3306 } ], "readinessProbe": { @@ -149,13 +134,7 @@ "mountPath": "/var/lib/mysql/data" } ], - "terminationMessagePath": "/dev/termination-log", - "imagePullPolicy": "IfNotPresent", - "capabilities": {}, - "securityContext": { - "capabilities": {}, - "privileged": false - } + "imagePullPolicy": "IfNotPresent" } ], "volumes": [ @@ -165,13 +144,10 @@ "claimName": "${DATABASE_SERVICE_NAME}" } } - ], - "restartPolicy": "Always", - "dnsPolicy": "ClusterFirst" + ] } } - }, - "status": {} + } } ], "parameters": [ @@ -179,7 +155,8 @@ "name": "MEMORY_LIMIT", "displayName": "Memory Limit", "description": "Maximum amount of memory the container can use.", - "value": "512Mi" + "value": "512Mi", + "required": true }, { "name": "NAMESPACE", diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json index 39a71f25c..e90244a6b 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json @@ -85,7 +85,7 @@ "containers": [ { "name": "postgresql", - "image": "postgresql", + "image": " ", "ports": [ { "containerPort": 5432, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json index 347e01de3..7b05076a5 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json @@ -102,7 +102,7 @@ "containers": [ { "name": "postgresql", - "image": "postgresql", + "image": " ", "ports": [ { "containerPort": 5432, diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml index 67e49f327..032f94a18 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml @@ -54,6 +54,8 @@ objects: value: ${IMAGE_VERSION} - name: MASTER_URL value: ${MASTER_URL} + - name: MODE + value: ${MODE} - name: REDEPLOY value: ${REDEPLOY} - name: USE_PERSISTENT_STORAGE @@ -66,6 +68,8 @@ objects: value: ${CASSANDRA_PV_SIZE} - name: METRIC_DURATION value: ${METRIC_DURATION} + - name: METRIC_RESOLUTION + value: ${METRIC_RESOLUTION} dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: metrics-deployer @@ -83,7 +87,7 @@ parameters: - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION - value: "3.2.0" + value: "3.2.1" - description: "Internal URL for the master, for authentication retrieval" name: MASTER_URL @@ -93,7 +97,11 @@ parameters: name: HAWKULAR_METRICS_HOSTNAME required: true - - description: "If set to true the deployer will try and delete all the existing components before trying to redeploy." + description: "Can be set to: 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process)" + name: MODE + value: "deploy" +- + description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" name: REDEPLOY value: "false" - @@ -112,3 +120,7 @@ parameters: description: "How many days metrics should be stored for." name: METRIC_DURATION value: "7" +- + description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds" + name: METRIC_RESOLUTION + value: "10s" diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml index fd5841db7..77ffee7f9 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml @@ -10,7 +10,8 @@ items: description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." tags: "infrastructure" objects: - - apiVersion: v1 + - + apiVersion: v1 kind: ServiceAccount name: logging-deployer metadata: @@ -19,8 +20,6 @@ items: logging-infra: deployer provider: openshift component: deployer - secrets: - - name: logging-deployer - apiVersion: v1 kind: ServiceAccount @@ -67,18 +66,39 @@ items: - watch - delete - update + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-edit-role + roleRef: + kind: ClusterRole + name: edit + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-dsadmin-role + roleRef: + kind: ClusterRole + name: daemonset-admin + subjects: + - kind: ServiceAccount + name: logging-deployer - apiVersion: "v1" kind: "Template" metadata: name: logging-deployer-template annotations: - description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account and 'logging-deployer' secret." + description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." tags: "infrastructure" labels: logging-infra: deployer provider: openshift - component: deployer objects: - apiVersion: v1 @@ -91,9 +111,6 @@ items: imagePullPolicy: Always name: deployer volumeMounts: - - name: secret - mountPath: /secret - readOnly: true - name: empty mountPath: /etc/deploy env: @@ -125,6 +142,8 @@ items: value: ${ES_PVC_SIZE} - name: ES_PVC_PREFIX value: ${ES_PVC_PREFIX} + - name: ES_PVC_DYNAMIC + value: ${ES_PVC_DYNAMIC} - name: ES_CLUSTER_SIZE value: ${ES_CLUSTER_SIZE} - name: ES_NODE_QUORUM @@ -141,6 +160,8 @@ items: value: ${ES_OPS_PVC_SIZE} - name: ES_OPS_PVC_PREFIX value: ${ES_OPS_PVC_PREFIX} + - name: ES_OPS_PVC_DYNAMIC + value: ${ES_OPS_PVC_DYNAMIC} - name: ES_OPS_CLUSTER_SIZE value: ${ES_OPS_CLUSTER_SIZE} - name: ES_OPS_NODE_QUORUM @@ -173,130 +194,133 @@ items: volumes: - name: empty emptyDir: {} - - name: secret - secret: - secretName: logging-deployer parameters: - - description: "If true, set up to use a second ES cluster for ops logs." + description: "The mode that the deployer runs in." + name: MODE + value: "install" + - + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" + - + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" + - + description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." + name: IMAGE_PULL_SECRET + - + description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" + name: INSECURE_REGISTRY + value: "false" + - + description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." name: ENABLE_OPS_CLUSTER value: "false" - - description: "External hostname where clients will reach kibana" + description: "(Deprecated) External hostname where clients will reach kibana" name: KIBANA_HOSTNAME - required: true + value: "kibana.example.com" - - description: "External hostname at which admins will visit the ops Kibana." + description: "(Deprecated) External hostname at which admins will visit the ops Kibana." name: KIBANA_OPS_HOSTNAME value: kibana-ops.example.com - - description: "External URL for the master, for OAuth purposes" + description: "(Deprecated) External URL for the master, for OAuth purposes" name: PUBLIC_MASTER_URL - required: true + value: "https://localhost:8443" - - description: "Internal URL for the master, for authentication retrieval" + description: "(Deprecated) Internal URL for the master, for authentication retrieval" name: MASTER_URL value: "https://kubernetes.default.svc.cluster.local" - - description: "How many instances of ElasticSearch to deploy." + description: "(Deprecated) How many instances of ElasticSearch to deploy." name: ES_CLUSTER_SIZE - required: true + value: "1" - - description: "Amount of RAM to reserve per ElasticSearch instance." + description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." name: ES_INSTANCE_RAM value: "8G" - - description: "Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." name: ES_PVC_SIZE - - description: "Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." name: ES_PVC_PREFIX value: "logging-es-" - - description: "Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' + name: ES_PVC_DYNAMIC + - + description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." name: ES_NODE_QUORUM - - description: "Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." name: ES_RECOVER_AFTER_NODES - - description: "Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." name: ES_RECOVER_EXPECTED_NODES - - description: "Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." name: ES_RECOVER_AFTER_TIME value: "5m" - - description: "How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." name: ES_OPS_CLUSTER_SIZE - - description: "Amount of RAM to reserve per ops ElasticSearch instance." + description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." name: ES_OPS_INSTANCE_RAM value: "8G" - - description: "Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." name: ES_OPS_PVC_SIZE - - description: "Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." name: ES_OPS_PVC_PREFIX value: "logging-es-ops-" - - description: "Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' + name: ES_OPS_PVC_DYNAMIC + - + description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." name: ES_OPS_NODE_QUORUM - - description: "Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." name: ES_OPS_RECOVER_AFTER_NODES - - description: "Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." name: ES_OPS_RECOVER_EXPECTED_NODES - - description: "Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." name: ES_OPS_RECOVER_AFTER_TIME value: "5m" - - description: "The nodeSelector used for the Fluentd DaemonSet." + description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." name: FLUENTD_NODESELECTOR value: "logging-infra-fluentd=true" - - description: "Node selector Elasticsearch cluster (label=value)." + description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." name: ES_NODESELECTOR value: "" - - description: "Node selector Elasticsearch operations cluster (label=value)." + description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." name: ES_OPS_NODESELECTOR value: "" - - description: "Node selector Kibana cluster (label=value)." + description: "(Deprecated) Node selector Kibana cluster (label=value)." name: KIBANA_NODESELECTOR value: "" - - description: "Node selector Kibana operations cluster (label=value)." + description: "(Deprecated) Node selector Kibana operations cluster (label=value)." name: KIBANA_OPS_NODESELECTOR value: "" - - description: "Node selector Curator (label=value)." + description: "(Deprecated) Node selector Curator (label=value)." name: CURATOR_NODESELECTOR value: "" - - description: "Node selector operations Curator (label=value)." + description: "(Deprecated) Node selector operations Curator (label=value)." name: CURATOR_OPS_NODESELECTOR value: "" - - - description: "The mode that the deployer runs in." - name: MODE - value: "install" - - - description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "docker.io/openshift/origin-" - - - description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' - name: IMAGE_VERSION - value: "latest" - - - description: 'Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry.' - name: IMAGE_PULL_SECRET - - - description: 'Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)' - name: INSECURE_REGISTRY - value: "false" diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml index 8fb594ce8..89639fd67 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml @@ -34,9 +34,11 @@ objects: metadata: generateName: metrics-deployer- spec: + securityContext: {} containers: - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} name: deployer + securityContext: {} volumeMounts: - name: secret mountPath: /secret @@ -48,6 +50,10 @@ objects: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name - name: IMAGE_PREFIX value: ${IMAGE_PREFIX} - name: IMAGE_VERSION diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json index f044152b3..dda16ecfa 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json @@ -437,7 +437,7 @@ }, { "name": "DJANGO_SECRET_KEY", - "displayName": "Djange Secret Key", + "displayName": "Django Secret Key", "description": "Set this to a long random string.", "generate": "expression", "from": "[\\w]{50}" diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json index 67fce4a46..d1ae6de90 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json @@ -12,35 +12,10 @@ }, "objects": [ { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "web", - "protocol": "TCP", - "port": 8080, - "targetPort": 8080, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - }, - { "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "jenkins", + "name": "${JENKINS_SERVICE_NAME}", "creationTimestamp": null }, "spec": { @@ -77,7 +52,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jenkins:latest", + "name": "${JENKINS_IMAGE_STREAM_TAG}", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -102,7 +77,7 @@ "containers": [ { "name": "jenkins", - "image": "JENKINS_IMAGE", + "image": " ", "readinessProbe": { "timeoutSeconds": 3, "initialDelaySeconds": 3, @@ -126,10 +101,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${JENKINS_SERVICE_NAME}-data", @@ -158,22 +133,35 @@ } } } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 8080, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "value": "openshift" - }, - { "name": "JENKINS_SERVICE_NAME", "displayName": "Jenkins Service Name", "description": "The name of the OpenShift Service exposed for the Jenkins container.", @@ -185,6 +173,24 @@ "description": "Password for the Jenkins 'admin' user.", "generate": "expression", "value": "password" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Jenkins ImageStream Namespace", + "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", + "value": "openshift" + }, + { + "name": "JENKINS_IMAGE_STREAM_TAG", + "displayName": "Jenkins ImageStreamTag", + "description": "Name of the ImageStreamTag to be used for the Jenkins image.", + "value": "jenkins:latest" } ], "labels": { diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json index ef04b4482..c7bc3f2fa 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json @@ -12,35 +12,10 @@ }, "objects": [ { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "web", - "protocol": "TCP", - "port": 8080, - "targetPort": 8080, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - }, - { "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "jenkins", + "name": "${JENKINS_SERVICE_NAME}", "creationTimestamp": null }, "spec": { @@ -82,7 +57,7 @@ }, "spec": { "strategy": { - "type": "Recreate" + "type": "Recreate" }, "triggers": [ { @@ -94,7 +69,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jenkins:latest", + "name": "${JENKINS_IMAGE_STREAM_TAG}", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -119,7 +94,7 @@ "containers": [ { "name": "jenkins", - "image": "JENKINS_IMAGE", + "image": " ", "readinessProbe": { "timeoutSeconds": 3, "initialDelaySeconds": 3, @@ -143,10 +118,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${JENKINS_SERVICE_NAME}-data", @@ -175,22 +150,35 @@ } } } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 8080, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "value": "openshift" - }, - { "name": "JENKINS_SERVICE_NAME", "displayName": "Jenkins Service Name", "description": "The name of the OpenShift Service exposed for the Jenkins container.", @@ -204,11 +192,29 @@ "value": "password" }, { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { "name": "VOLUME_CAPACITY", "displayName": "Volume Capacity", "description": "Volume space available for data, e.g. 512Mi, 2Gi.", "value": "1Gi", "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Jenkins ImageStream Namespace", + "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", + "value": "openshift" + }, + { + "name": "JENKINS_IMAGE_STREAM_TAG", + "displayName": "Jenkins ImageStreamTag", + "description": "Name of the ImageStreamTag to be used for the Jenkins image.", + "value": "jenkins:latest" } ], "labels": { diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index a5731be09..fb10188f2 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -4,6 +4,11 @@ src: "examples/{{ content_version }}/" dest: "{{ examples_base }}/" +- name: Modify registry paths if registry_url is not registry.access.redhat.com + shell: > + find {{ examples_base }} -type f | xargs -n 1 sed -i 's|registry.access.redhat.com|{{ registry_host | quote }}|g' + when: registry_host != '' + # RHEL and Centos image streams are mutually exclusive - name: Import RHEL streams command: > diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 2f8af2454..a5ccfb152 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1749,7 +1749,7 @@ class OpenShiftFacts(object): metrics=dict( deploy=False, duration=7, - resolution=10, + resolution='10s', storage=dict( kind=None, volume=dict( diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 026787421..3d532db04 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -9,6 +9,12 @@ AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} +{% if 'api_env_vars' in openshift.master or 'controllers_env_vars' in openshift.master -%} +{% for key, value in openshift.master.api_env_vars.items() | default([]) | union(openshift.master.controllers_env_vars.items() | default([])) -%} +{{ key }}={{ value }} +{% endfor -%} +{% endif -%} + # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 02c22e374..ab560b1bd 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -9,6 +9,12 @@ AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} +{% if 'api_env_vars' in openshift.master -%} +{% for key, value in openshift.master.api_env_vars.items() -%} +{{ key }}={{ value }} +{% endfor -%} +{% endif -%} + # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 644640577..1a83b98e1 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -9,6 +9,12 @@ AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} +{% if 'controllers_env_vars' in openshift.master -%} +{% for key, value in openshift.master.controllers_env_vars.items() -%} +{{ key }}={{ value }} +{% endfor -%} +{% endif -%} + # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index d51c5a0a3..3377e29e6 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -78,3 +78,5 @@ image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}" dynamic_provisioning_enabled: "{{ openshift_master_dynamic_provisioning_enabled | default(None) }}" max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}" + api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}" + controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}" diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md index 2e903379a..f7ec86c55 100644 --- a/roles/openshift_metrics/README.md +++ b/roles/openshift_metrics/README.md @@ -21,7 +21,7 @@ From this role: | openshift_hosted_metrics_storage_volume_size | 10Gi | Metrics volume size | | openshift_hosted_metrics_storage_nfs_options | *(rw,root_squash) | NFS options for configured exports. | | openshift_hosted_metrics_duration | 7 | Metrics query duration | -| openshift_hosted_metrics_resolution | 10 | Metrics resolution | +| openshift_hosted_metrics_resolution | 10s | Metrics resolution | From openshift_common: diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 657e99e87..165010afb 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -26,6 +26,7 @@ proxy_mode: "{{ openshift_node_proxy_mode | default('iptables') }}" local_quota_per_fsgroup: "{{ openshift_node_local_quota_per_fsgroup | default(None) }}" dns_ip: "{{ openshift_dns_ip | default(none) | get_dns_ip(hostvars[inventory_hostname])}}" + env_vars: "{{ openshift_node_env_vars | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging. @@ -91,6 +92,16 @@ notify: - restart node +- name: Configure Node Environment Variables + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + create: true + with_dict: "{{ openshift.node.env_vars | default({}) }}" + notify: + - restart node + - name: Additional storage plugin configuration include: storage_plugins/main.yml @@ -110,18 +121,23 @@ changed_when: false when: openshift.common.is_containerized | bool +- name: Start and enable node dep + service: name={{ openshift.common.service_type }}-node-dep enabled=yes state=started + when: openshift.common.is_containerized | bool + - name: Start and enable node service: name={{ openshift.common.service_type }}-node enabled=yes state=started register: node_start_result ignore_errors: yes - -- name: Check logs on failure - command: journalctl -xe - register: node_failure + +- name: Wait 30 seconds for docker initialization whenever node has failed + pause: + seconds: 30 when: node_start_result | failed - -- name: Dump failure information - debug: var=node_failure + +- name: Start and enable node again + service: name={{ openshift.common.service_type }}-node enabled=yes state=started + register: node_start_result when: node_start_result | failed - set_fact: diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 14a613786..8380714d4 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -9,3 +9,10 @@ state: yes persistent: yes when: ansible_selinux and ansible_selinux.status == "enabled" + +- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) + seboolean: + name: virt_sandbox_use_nfs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service index f66a78479..0fb34cffd 100644 --- a/roles/openshift_node/templates/openshift.docker.node.dep.service +++ b/roles/openshift_node/templates/openshift.docker.node.dep.service @@ -6,6 +6,6 @@ Before={{ openshift.common.service_type }}-node.service [Service] -ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" +ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" ExecStop= SyslogIdentifier={{ openshift.common.service_type }}-node-dep diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml index 4cb24469d..7147b78f5 100644 --- a/roles/openshift_node_dnsmasq/tasks/main.yml +++ b/roles/openshift_node_dnsmasq/tasks/main.yml @@ -3,15 +3,16 @@ command: > systemctl show NetworkManager register: nm_show - + changed_when: false + - name: Set fact using_network_manager set_fact: network_manager_active: "{{ True if 'ActiveState=active' in nm_show.stdout else False }}" - + - name: Install dnsmasq action: "{{ ansible_pkg_mgr }} name=dnsmasq state=installed" when: not openshift.common.is_atomic | bool - + - name: Install dnsmasq configuration template: src: origin-dns.conf.j2 @@ -20,8 +21,7 @@ # Dynamic NetworkManager based dispatcher - include: ./network-manager.yml when: network_manager_active | bool - + # Relies on ansible in order to configure static config - include: ./no-network-manager.yml when: not network_manager_active | bool - diff --git a/roles/os_firewall/library/os_firewall_manage_iptables.py b/roles/os_firewall/library/os_firewall_manage_iptables.py index 1cb539a8c..190016c14 100755 --- a/roles/os_firewall/library/os_firewall_manage_iptables.py +++ b/roles/os_firewall/library/os_firewall_manage_iptables.py @@ -37,14 +37,14 @@ class IpTablesSaveError(IpTablesError): class IpTablesCreateChainError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateChainError, self).__init__(msg, cmd, exit_code, output) self.chain = chain class IpTablesCreateJumpRuleError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateJumpRuleError, self).__init__(msg, cmd, exit_code, output) self.chain = chain @@ -152,11 +152,11 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes continue last_rule_target = rule[1] - # Naively assume that if the last row is a REJECT rule, then - # we can add insert our rule right before it, otherwise we + # Naively assume that if the last row is a REJECT or DROP rule, + # then we can insert our rule right before it, otherwise we # assume that we can just append the rule. if (last_rule_num and last_rule_target - and last_rule_target == 'REJECT'): + and last_rule_target in ['REJECT', 'DROP']): # insert rule cmd = self.cmd + ['-I', self.jump_rule_chain, str(last_rule_num)] |