diff options
17 files changed, 102 insertions, 75 deletions
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml index d791e89f6..b61d9e58a 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml @@ -25,6 +25,9 @@ openshift_upgrade_min: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" # Pre-upgrade +- include: ../../../../common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml + tags: + - pre_upgrade - name: Update repos on control plane hosts hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml index d1c2bd17a..7ae1b3e6e 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml @@ -25,6 +25,9 @@ openshift_upgrade_min: "{{ '1.3' if deployment_type == 'origin' else '3.3' }}" # Pre-upgrade +- include: ../../../../common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml + tags: + - pre_upgrade - name: Update repos on control plane hosts hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml index f6e66c477..ec63ea60e 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml @@ -47,7 +47,7 @@ tags: - pre_upgrade -- include: ../disable_excluder.yml +- include: ../../../../common/openshift-cluster/disable_excluder.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml index e55ab1b16..6a6f0952b 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml @@ -101,3 +101,5 @@ - include: ../../../../common/openshift-cluster/upgrades/upgrade_nodes.yml - include: ../../../../common/openshift-cluster/upgrades/post_control_plane.yml + +- inlcude: ../../../../common/openshift-cluster/upgrades/v3_5/storage_upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml index e18b4280c..2d4e0ff1c 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml @@ -25,6 +25,9 @@ openshift_upgrade_min: "{{ '1.4' if deployment_type == 'origin' else '3.4' }}" # Pre-upgrade +- include: ../../../../common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml + tags: + - pre_upgrade - name: Update repos on control plane hosts hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config @@ -104,3 +107,5 @@ - include: ../../../../common/openshift-cluster/upgrades/upgrade_control_plane.yml - include: ../../../../common/openshift-cluster/upgrades/post_control_plane.yml + +- inlcude: ../../../../common/openshift-cluster/upgrades/v3_5/storage_upgrade.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/storage_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/storage_upgrade.yml new file mode 100644 index 000000000..48c69eccd --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_5/storage_upgrade.yml @@ -0,0 +1,18 @@ +--- +############################################################################### +# Post upgrade - Upgrade job storage +############################################################################### +- name: Upgrade job storage + hosts: oo_first_master + roles: + - { role: openshift_cli } + vars: + # Another spot where we assume docker is running and do not want to accidentally trigger an unsafe + # restart. + skip_docker_role: True + tasks: + - name: Upgrade job storage + command: > + {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig + migrate storage --include=jobs --confirm + run_once: true diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 11bd68207..9a1982076 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -1,64 +1,52 @@ --- -- block: - - name: Detecting Operating System - stat: - path: /run/ostree-booted - register: ostree_booted +- name: Detecting Operating System + stat: + path: /run/ostree-booted + register: ostree_booted - # Locally setup containerized facts for now - - set_fact: - l_is_atomic: "{{ ostree_booted.stat.exists }}" - - set_fact: - l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}" - l_is_openvswitch_system_container: "{{ (use_openvswitch_system_container | default(use_system_containers) | bool) }}" - l_is_node_system_container: "{{ (use_node_system_container | default(use_system_containers) | bool) }}" - l_is_master_system_container: "{{ (use_master_system_container | default(use_system_containers) | bool) }}" - l_is_etcd_system_container: "{{ (use_etcd_system_container | default(use_system_containers) | bool) }}" +# Locally setup containerized facts for now +- set_fact: + l_is_atomic: "{{ ostree_booted.stat.exists }}" +- set_fact: + l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}" + l_is_openvswitch_system_container: "{{ (use_openvswitch_system_container | default(use_system_containers) | bool) }}" + l_is_node_system_container: "{{ (use_node_system_container | default(use_system_containers) | bool) }}" + l_is_master_system_container: "{{ (use_master_system_container | default(use_system_containers) | bool) }}" + l_is_etcd_system_container: "{{ (use_etcd_system_container | default(use_system_containers) | bool) }}" - - name: Ensure various deps are installed - package: name={{ item }} state=present - with_items: "{{ required_packages }}" - when: not l_is_atomic | bool +- name: Ensure various deps are installed + package: name={{ item }} state=present + with_items: "{{ required_packages }}" + when: not l_is_atomic | bool - - name: Gather Cluster facts and set is_containerized if needed - openshift_facts: - role: common - local_facts: - debug_level: "{{ openshift_debug_level | default(2) }}" - # TODO: Deprecate deployment_type in favor of openshift_deployment_type - deployment_type: "{{ openshift_deployment_type | default(deployment_type) }}" - deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}" - cluster_id: "{{ openshift_cluster_id | default('default') }}" - hostname: "{{ openshift_hostname | default(None) }}" - ip: "{{ openshift_ip | default(None) }}" - is_containerized: "{{ l_is_containerized | default(None) }}" - is_openvswitch_system_container: "{{ l_is_openvswitch_system_container | default(false) }}" - is_node_system_container: "{{ l_is_node_system_container | default(false) }}" - is_master_system_container: "{{ l_is_master_system_container | default(false) }}" - is_etcd_system_container: "{{ l_is_etcd_system_container | default(false) }}" - system_images_registry: "{{ system_images_registry | default('') }}" - public_hostname: "{{ openshift_public_hostname | default(None) }}" - public_ip: "{{ openshift_public_ip | default(None) }}" - portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}" - http_proxy: "{{ openshift_http_proxy | default(None) }}" - https_proxy: "{{ openshift_https_proxy | default(None) }}" - no_proxy: "{{ openshift_no_proxy | default(None) }}" - generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" - no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}" - sdn_network_plugin_name: "{{ os_sdn_network_plugin_name | default(None) }}" - use_openshift_sdn: "{{ openshift_use_openshift_sdn | default(None) }}" +- name: Gather Cluster facts and set is_containerized if needed + openshift_facts: + role: common + local_facts: + debug_level: "{{ openshift_debug_level | default(2) }}" + # TODO: Deprecate deployment_type in favor of openshift_deployment_type + deployment_type: "{{ openshift_deployment_type | default(deployment_type) }}" + deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}" + cluster_id: "{{ openshift_cluster_id | default('default') }}" + hostname: "{{ openshift_hostname | default(None) }}" + ip: "{{ openshift_ip | default(None) }}" + is_containerized: "{{ l_is_containerized | default(None) }}" + is_openvswitch_system_container: "{{ l_is_openvswitch_system_container | default(false) }}" + is_node_system_container: "{{ l_is_node_system_container | default(false) }}" + is_master_system_container: "{{ l_is_master_system_container | default(false) }}" + is_etcd_system_container: "{{ l_is_etcd_system_container | default(false) }}" + system_images_registry: "{{ system_images_registry | default('') }}" + public_hostname: "{{ openshift_public_hostname | default(None) }}" + public_ip: "{{ openshift_public_ip | default(None) }}" + portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}" + http_proxy: "{{ openshift_http_proxy | default(None) }}" + https_proxy: "{{ openshift_https_proxy | default(None) }}" + no_proxy: "{{ openshift_no_proxy | default(None) }}" + generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" + no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}" + sdn_network_plugin_name: "{{ os_sdn_network_plugin_name | default(None) }}" + use_openshift_sdn: "{{ openshift_use_openshift_sdn | default(None) }}" - - name: Set repoquery command - set_fact: - repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" - - # This `when` allows us to skip this expensive block of tasks on - # subsequent calls to the `openshift_facts` role. You will notice - # speed-ups in proportion to the size of your cluster as this will - # skip all tasks on the next calls to the `openshift_facts` role. - when: - - openshift_facts_init is not defined - -- name: Record that openshift_facts has initialized +- name: Set repoquery command set_fact: - openshift_facts_init: true + repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index d9eebe688..87fc7068f 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -3,7 +3,7 @@ openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | d openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}" openshift_logging_use_ops: False openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" -openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://{{openshift.common.public_hostname}}:8443') }}" +openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':8443') }}" openshift_logging_namespace: logging openshift_logging_install_logging: True @@ -19,7 +19,7 @@ openshift_logging_curator_memory_limit: null openshift_logging_curator_ops_cpu_limit: 100m openshift_logging_curator_ops_memory_limit: null -openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.{{openshift.common.dns_domain}}') }}" +openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' + openshift.common.dns_domain) }}" openshift_logging_kibana_cpu_limit: null openshift_logging_kibana_memory_limit: null openshift_logging_kibana_proxy_debug: false @@ -39,7 +39,7 @@ openshift_logging_kibana_key: "" #for the public facing kibana certs openshift_logging_kibana_ca: "" -openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.{{openshift.common.dns_domain}}') }}" +openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.' + openshift.common.dns_domain) }}" openshift_logging_kibana_ops_cpu_limit: null openshift_logging_kibana_ops_memory_limit: null openshift_logging_kibana_ops_proxy_debug: false @@ -62,7 +62,7 @@ openshift_logging_es_client_cert: /etc/fluent/keys/cert openshift_logging_es_client_key: /etc/fluent/keys/key openshift_logging_es_cluster_size: "{{ openshift_hosted_logging_elasticsearch_cluster_size | default(1) }}" openshift_logging_es_cpu_limit: null -openshift_logging_es_memory_limit: 1024Mi +openshift_logging_es_memory_limit: 8Gi openshift_logging_es_pv_selector: null openshift_logging_es_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_pvc_dynamic | default(False) }}" openshift_logging_es_pvc_size: "{{ openshift_hosted_logging_elasticsearch_pvc_size | default('') }}" @@ -80,7 +80,7 @@ openshift_logging_es_ops_client_cert: /etc/fluent/keys/cert openshift_logging_es_ops_client_key: /etc/fluent/keys/key openshift_logging_es_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}" openshift_logging_es_ops_cpu_limit: null -openshift_logging_es_ops_memory_limit: 1024Mi +openshift_logging_es_ops_memory_limit: 8Gi openshift_logging_es_ops_pv_selector: None openshift_logging_es_ops_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic | default(False) }}" openshift_logging_es_ops_pvc_size: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_size | default('') }}" diff --git a/roles/openshift_logging/tasks/generate_secrets.yaml b/roles/openshift_logging/tasks/generate_secrets.yaml index 1829acaee..81fac8b5e 100644 --- a/roles/openshift_logging/tasks/generate_secrets.yaml +++ b/roles/openshift_logging/tasks/generate_secrets.yaml @@ -17,7 +17,7 @@ - name: Generating secrets for logging components template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml vars: - secret_name: logging-{{component}} + secret_name: "logging-{{component}}" secret_key_file: "{{component}}_key" secret_cert_file: "{{component}}_cert" secrets: diff --git a/roles/openshift_logging/tasks/start_cluster.yaml b/roles/openshift_logging/tasks/start_cluster.yaml index 3e97487dc..edbb62c3e 100644 --- a/roles/openshift_logging/tasks/start_cluster.yaml +++ b/roles/openshift_logging/tasks/start_cluster.yaml @@ -16,7 +16,7 @@ name: "{{ fluentd_host }}" kind: node state: add - label: "{{ openshift_logging_fluentd_nodeselector | oo_dict_to_list_of_dict }}" + labels: "{{ openshift_logging_fluentd_nodeselector | oo_dict_to_list_of_dict }}" with_items: "{{ openshift_logging_fluentd_hosts }}" loop_control: loop_var: fluentd_host diff --git a/roles/openshift_logging/tasks/stop_cluster.yaml b/roles/openshift_logging/tasks/stop_cluster.yaml index bae6aebbb..4b3722e29 100644 --- a/roles/openshift_logging/tasks/stop_cluster.yaml +++ b/roles/openshift_logging/tasks/stop_cluster.yaml @@ -16,7 +16,7 @@ name: "{{ fluentd_host }}" kind: node state: absent - label: "{{ openshift_logging_fluentd_nodeselector | oo_dict_to_list_of_dict }}" + labels: "{{ openshift_logging_fluentd_nodeselector | oo_dict_to_list_of_dict }}" with_items: "{{ openshift_logging_fluentd_hosts }}" loop_control: loop_var: fluentd_host diff --git a/roles/openshift_master_facts/filter_plugins/oo_filters.py b/roles/openshift_master_facts/filter_plugins/oo_filters.py new file mode 120000 index 000000000..6f9bc47c1 --- /dev/null +++ b/roles/openshift_master_facts/filter_plugins/oo_filters.py @@ -0,0 +1 @@ +../../../filter_plugins/oo_filters.py
\ No newline at end of file diff --git a/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py index 6d009077a..6d009077a 100644 --- a/filter_plugins/openshift_master.py +++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py diff --git a/roles/openshift_master_facts/lookup_plugins/oo_option.py b/roles/openshift_master_facts/lookup_plugins/oo_option.py new file mode 120000 index 000000000..5ae43f8dd --- /dev/null +++ b/roles/openshift_master_facts/lookup_plugins/oo_option.py @@ -0,0 +1 @@ +../../../lookup_plugins/oo_option.py
\ No newline at end of file diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 74885d713..6f8f09b22 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -6,7 +6,8 @@ openshift_master_default_subdomain: "{{ osm_default_subdomain | default(None) }}" when: openshift_master_default_subdomain is not defined -- fail: +- name: Verify required variables are set + fail: msg: openshift_master_default_subdomain must be set to deploy metrics when: openshift_hosted_metrics_deploy | default(false) | bool and openshift_master_default_subdomain | default("") == "" @@ -17,7 +18,8 @@ # path must stay consistent. As such if openshift_hosted_metrics_public_url is set in # inventory, we extract the hostname, and then reset openshift_hosted_metrics_public_url # to the format that we know is valid. (This may change in future) -- set_fact: +- name: Set g_metrics_hostname + set_fact: g_metrics_hostname: "{{ openshift_hosted_metrics_public_url | default('hawkular-metrics.' ~ (openshift_master_default_subdomain)) | oo_hostname_from_url }}" @@ -108,7 +110,8 @@ path: "{{ openshift_master_scheduler_conf }}" register: scheduler_config_stat -- set_fact: +- name: Set Default scheduler predicates and priorities + set_fact: openshift_master_scheduler_default_predicates: "{{ lookup('openshift_master_facts_default_predicates') }}" openshift_master_scheduler_default_priorities: "{{ lookup('openshift_master_facts_default_priorities') }}" @@ -118,14 +121,17 @@ src: "{{ openshift_master_scheduler_conf }}" register: current_scheduler_config - - set_fact: + - name: Set openshift_master_scheduler_current_config + set_fact: openshift_master_scheduler_current_config: "{{ current_scheduler_config.content | b64decode | from_json }}" - - fail: + - name: Test if scheduler config is readable + fail: msg: "Unknown scheduler config apiVersion {{ openshift_master_scheduler_config.apiVersion }}" when: "{{ openshift_master_scheduler_current_config.apiVersion | default(None) != 'v1' }}" - - set_fact: + - name: Set current scheduler predicates and priorities + set_fact: openshift_master_scheduler_current_predicates: "{{ openshift_master_scheduler_current_config.predicates }}" openshift_master_scheduler_current_priorities: "{{ openshift_master_scheduler_current_config.priorities }}" when: "{{ scheduler_config_stat.stat.exists }}" diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml index f7cba0093..7af3f9467 100644 --- a/roles/openshift_metrics/tasks/generate_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_certificates.yaml @@ -6,6 +6,6 @@ --key='{{ mktemp.stdout }}/ca.key' --cert='{{ mktemp.stdout }}/ca.crt' --serial='{{ mktemp.stdout }}/ca.serial.txt' - --name="metrics-signer@$(date +%s)" + --name="metrics-signer@{{lookup('pipe','date +%s')}}" - include: generate_hawkular_certificates.yaml diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index 854697abb..9e7140bfa 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -3,7 +3,7 @@ include: setup_certificate.yaml vars: component: hawkular-metrics - hostnames: "hawkular-metrics,{{ openshift_metrics_hawkular_hostname }}" + hostnames: "hawkular-metrics,hawkular-metrics.{{ openshift_metrics_project }}.svc.cluster.local,{{ openshift_metrics_hawkular_hostname }}" changed_when: no - name: generate hawkular-cassandra certificates |