summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.tito/packages/openshift-ansible2
-rw-r--r--openshift-ansible.spec63
-rw-r--r--roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json114
-rw-r--r--roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json24
-rw-r--r--roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json20
-rw-r--r--roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json18
-rw-r--r--roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json52
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py2
-rw-r--r--roles/openshift_logging/README.md3
-rw-r--r--roles/openshift_logging/tasks/install_curator.yaml2
-rw-r--r--roles/openshift_logging/tasks/install_elasticsearch.yaml2
-rw-r--r--roles/openshift_logging/tasks/install_kibana.yaml2
-rw-r--r--roles/openshift_logging/templates/curator.j26
-rw-r--r--roles/openshift_logging/templates/es.j26
-rw-r--r--roles/openshift_logging/templates/kibana.j26
-rw-r--r--roles/openshift_metrics/templates/hawkular_metrics_rc.j22
16 files changed, 228 insertions, 96 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible
index fd9a1844f..d29838038 100644
--- a/.tito/packages/openshift-ansible
+++ b/.tito/packages/openshift-ansible
@@ -1 +1 @@
-3.5.1-1 ./
+3.5.2-1 ./
diff --git a/openshift-ansible.spec b/openshift-ansible.spec
index 0b7c44660..85675f5f9 100644
--- a/openshift-ansible.spec
+++ b/openshift-ansible.spec
@@ -5,7 +5,7 @@
}
Name: openshift-ansible
-Version: 3.5.1
+Version: 3.5.2
Release: 1%{?dist}
Summary: Openshift and Atomic Enterprise Ansible
License: ASL 2.0
@@ -253,6 +253,67 @@ Atomic OpenShift Utilities includes
%changelog
+* Wed Jan 25 2017 Scott Dodson <sdodson@redhat.com> 3.5.2-1
+- Sync latest image streams (sdodson@redhat.com)
+- Fix containerized haproxy config (andrew@andrewklau.com)
+- Allow RHEL subscription for OSE 3.4 (lhuard@amadeus.com)
+- fixes BZ-1415447. Error when stopping heapster. Modify to be conditional
+ include (jcantril@redhat.com)
+- override nodename for gce with cloudprovider (jdetiber@redhat.com)
+- fixes jks generation, node labeling, and rerunning for oauth secrets
+ (ewolinet@redhat.com)
+- allow openshift_logging role to specify nodeSelectors (jcantril@redhat.com)
+- Remove is_containerized check for firewalld installs (rteague@redhat.com)
+- Clean up pylint for delete_empty_keys. (abutcher@redhat.com)
+- [os_firewall] Fix default iptables args. (abutcher@redhat.com)
+- Add new option 'openshift_docker_selinux_enabled' (rteague@redhat.com)
+- Temporary work-around for flake8 vs maccabe version conflict
+ (tbielawa@redhat.com)
+- do not set empty proxy env variable defaults (bparees@redhat.com)
+- fix BZ1414477. Use keytool on control node and require java
+ (jcantril@redhat.com)
+- Remove unused temporary directory in master config playbook.
+ (abutcher@redhat.com)
+- Added link to HOOKS in README (smilner@redhat.com)
+- HOOKS.md added documenting new hooks (smilner@redhat.com)
+- [os_firewall] Add -w flag to wait for iptables xtables lock.
+ (abutcher@redhat.com)
+- fixes BZ-1414625. Check for httpd-tools and java before install
+ (jcantril@redhat.com)
+- Add a mid upgrade hook, re-prefix variables. (dgoodwin@redhat.com)
+- treat force_pull as a bool (bparees@redhat.com)
+- Adding to ansible spec and changing logging jks generation to be a
+ local_action (ewolinet@redhat.com)
+- Add containzerized haproxy option (andrew@andrewklau.com)
+- Reorder node dnsmasq dependency s.t. networkmanager is restarted after
+ firewall changes have been applied. (abutcher@redhat.com)
+- Removing docker run strategy and make java a requirement for control host
+ (ewolinet@redhat.com)
+- Adding version to lib_openshift (kwoodson@redhat.com)
+- Updating to use docker run instead of scheduling jks gen pod
+ (ewolinet@redhat.com)
+- jenkins v1.3 templates should not enable oauth (gmontero@redhat.com)
+- fix oc_apply to allow running on any control node (jcantril@redhat.com)
+- g_master_mktemp in openshift-master conflicts with
+ openshift_master_certificates (rmeggins@redhat.com)
+- fixes #3127. Get files for oc_apply from remote host (jcantril@redhat.com)
+- Debug message before running hooks. (dgoodwin@redhat.com)
+- Cleaning repo cache earlier (rteague@redhat.com)
+- Added tar as a requirement per BZ1388445 (smilner@redhat.com)
+- fixes BZ141619. Corrects the variable in the README (jcantril@redhat.com)
+- Run user provided hooks prior to system/service restarts.
+ (dgoodwin@redhat.com)
+- Implement pre/post master upgrade hooks. (dgoodwin@redhat.com)
+- Adding oc_obj to the lib_openshift library (kwoodson@redhat.com)
+- Addressing found issues with logging role (ewolinet@redhat.com)
+- Updated the generate.py scripts for tox and virtualenv. (kwoodson@redhat.com)
+- Adding tox tests for generated code. (kwoodson@redhat.com)
+- Perform master upgrades in a single play serially. (dgoodwin@redhat.com)
+- Validate system restart policy during pre-upgrade. (dgoodwin@redhat.com)
+- Correct consistency between upgrade playbooks (rteague@redhat.com)
+- Wait for nodes to be ready before proceeding with upgrade.
+ (dgoodwin@redhat.com)
+
* Wed Jan 18 2017 Scott Dodson <sdodson@redhat.com> 3.5.1-1
- More reliable wait for master after full host reboot. (dgoodwin@redhat.com)
- kubelet must have rw to cgroups for pod/qos cgroups to function
diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json
index 9dbbf89d1..9732e59e1 100644
--- a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json
+++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json
@@ -22,8 +22,11 @@
"name": "${NAME}"
},
"stringData" : {
- "databaseUser" : "${DATABASE_USER}",
- "databasePassword" : "${DATABASE_PASSWORD}"
+ "database-user" : "${DATABASE_USER}",
+ "database-password" : "${DATABASE_PASSWORD}",
+ "cakephp-secret-token" : "${CAKEPHP_SECRET_TOKEN}",
+ "cakephp-security-salt" : "${CAKEPHP_SECURITY_SALT}",
+ "cakephp-security-cipher-seed" : "${CAKEPHP_SECURITY_CIPHER_SEED}"
}
},
{
@@ -97,12 +100,12 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "php:5.6"
+ "name": "php:7.0"
},
"env": [
{
- "name": "COMPOSER_MIRROR",
- "value": "${COMPOSER_MIRROR}"
+ "name": "COMPOSER_MIRROR",
+ "value": "${COMPOSER_MIRROR}"
}
]
}
@@ -201,12 +204,12 @@
}
},
"livenessProbe": {
- "timeoutSeconds": 3,
- "initialDelaySeconds": 30,
- "httpGet": {
- "path": "/",
- "port": 8080
- }
+ "timeoutSeconds": 3,
+ "initialDelaySeconds": 30,
+ "httpGet": {
+ "path": "/",
+ "port": 8080
+ }
},
"env": [
{
@@ -226,7 +229,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databaseUser"
+ "key" : "database-user"
}
}
},
@@ -235,21 +238,36 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databasePassword"
+ "key" : "database-password"
}
}
},
{
"name": "CAKEPHP_SECRET_TOKEN",
- "value": "${CAKEPHP_SECRET_TOKEN}"
+ "valueFrom": {
+ "secretKeyRef" : {
+ "name" : "${NAME}",
+ "key" : "cakephp-secret-token"
+ }
+ }
},
{
"name": "CAKEPHP_SECURITY_SALT",
- "value": "${CAKEPHP_SECURITY_SALT}"
+ "valueFrom": {
+ "secretKeyRef" : {
+ "name" : "${NAME}",
+ "key" : "cakephp-security-salt"
+ }
+ }
},
{
"name": "CAKEPHP_SECURITY_CIPHER_SEED",
- "value": "${CAKEPHP_SECURITY_CIPHER_SEED}"
+ "valueFrom": {
+ "secretKeyRef" : {
+ "name" : "${NAME}",
+ "key" : "cakephp-security-cipher-seed"
+ }
+ }
},
{
"name": "OPCACHE_REVALIDATE_FREQ",
@@ -257,9 +275,9 @@
}
],
"resources": {
- "limits": {
- "memory": "${MEMORY_LIMIT}"
- }
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
}
}
]
@@ -313,7 +331,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "mysql:5.6"
+ "name": "mysql:5.7"
}
}
},
@@ -362,40 +380,40 @@
}
},
"livenessProbe": {
- "timeoutSeconds": 1,
- "initialDelaySeconds": 30,
- "tcpSocket": {
- "port": 3306
- }
+ "timeoutSeconds": 1,
+ "initialDelaySeconds": 30,
+ "tcpSocket": {
+ "port": 3306
+ }
},
"env": [
- {
- "name": "MYSQL_USER",
- "valueFrom": {
- "secretKeyRef" : {
- "name" : "${NAME}",
- "key" : "databaseUser"
- }
+ {
+ "name": "MYSQL_USER",
+ "valueFrom": {
+ "secretKeyRef" : {
+ "name" : "${NAME}",
+ "key" : "database-user"
+ }
+ }
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "valueFrom": {
+ "secretKeyRef" : {
+ "name" : "${NAME}",
+ "key" : "database-password"
}
- },
- {
- "name": "MYSQL_PASSWORD",
- "valueFrom": {
- "secretKeyRef" : {
- "name" : "${NAME}",
- "key" : "databasePassword"
- }
- }
- },
- {
- "name": "MYSQL_DATABASE",
- "value": "${DATABASE_NAME}"
}
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${DATABASE_NAME}"
+ }
],
"resources": {
- "limits": {
- "memory": "${MEMORY_MYSQL_LIMIT}"
- }
+ "limits": {
+ "memory": "${MEMORY_MYSQL_LIMIT}"
+ }
}
}
]
diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json
index dccb8bf7f..18100974b 100644
--- a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json
+++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json
@@ -22,8 +22,9 @@
"name": "${NAME}"
},
"stringData" : {
- "databaseUser" : "${DATABASE_USER}",
- "databasePassword" : "${DATABASE_PASSWORD}"
+ "database-user" : "${DATABASE_USER}",
+ "database-password" : "${DATABASE_PASSWORD}",
+ "keybase" : "${SECRET_KEY_BASE}"
}
},
{
@@ -97,7 +98,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "perl:5.20"
+ "name": "perl:5.24"
},
"env": [
{
@@ -207,7 +208,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databaseUser"
+ "key" : "database-user"
}
}
},
@@ -216,7 +217,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databasePassword"
+ "key" : "database-password"
}
}
},
@@ -226,7 +227,12 @@
},
{
"name": "SECRET_KEY_BASE",
- "value": "${SECRET_KEY_BASE}"
+ "valueFrom": {
+ "secretKeyRef" : {
+ "name" : "${NAME}",
+ "key" : "keybase"
+ }
+ }
},
{
"name": "PERL_APACHE2_RELOAD",
@@ -290,7 +296,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "mysql:5.6"
+ "name": "mysql:5.7"
}
}
},
@@ -351,7 +357,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databaseUser"
+ "key" : "database-user"
}
}
},
@@ -360,7 +366,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databasePassword"
+ "key" : "database-password"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json
index 59ff8a988..64b914e61 100644
--- a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json
+++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json
@@ -22,8 +22,9 @@
"name": "${NAME}"
},
"stringData" : {
- "databaseUser" : "${DATABASE_USER}",
- "databasePassword" : "${DATABASE_PASSWORD}"
+ "database-user" : "${DATABASE_USER}",
+ "database-password" : "${DATABASE_PASSWORD}",
+ "django-secret-key" : "${DJANGO_SECRET_KEY}"
}
},
{
@@ -218,7 +219,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databaseUser"
+ "key" : "database-user"
}
}
},
@@ -227,7 +228,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databasePassword"
+ "key" : "database-password"
}
}
},
@@ -237,7 +238,12 @@
},
{
"name": "DJANGO_SECRET_KEY",
- "value": "${DJANGO_SECRET_KEY}"
+ "valueFrom": {
+ "secretKeyRef" : {
+ "name" : "${NAME}",
+ "key" : "django-secret-key"
+ }
+ }
}
],
"resources": {
@@ -338,7 +344,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databaseUser"
+ "key" : "database-user"
}
}
},
@@ -347,7 +353,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databasePassword"
+ "key" : "database-password"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json
index 91f9ec7b3..6a55f0251 100644
--- a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json
+++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json
@@ -22,9 +22,9 @@
"name": "${NAME}"
},
"stringData": {
- "databaseUser": "${DATABASE_USER}",
- "databasePassword": "${DATABASE_PASSWORD}",
- "databaseAdminPassword" : "${DATABASE_ADMIN_PASSWORD}"
+ "database-user": "${DATABASE_USER}",
+ "database-password": "${DATABASE_PASSWORD}",
+ "database-admin-password" : "${DATABASE_ADMIN_PASSWORD}"
}
},
{
@@ -201,7 +201,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databaseUser"
+ "key" : "database-user"
}
}
},
@@ -210,7 +210,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databasePassword"
+ "key" : "database-password"
}
}
},
@@ -223,7 +223,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databaseAdminPassword"
+ "key" : "database-admin-password"
}
}
}
@@ -336,7 +336,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databaseUser"
+ "key" : "database-user"
}
}
},
@@ -345,7 +345,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databasePassword"
+ "key" : "database-password"
}
}
},
@@ -358,7 +358,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databaseAdminPassword"
+ "key" : "database-admin-password"
}
}
}
diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json
index 6373562c4..043554c79 100644
--- a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json
+++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json
@@ -22,11 +22,11 @@
"name": "${NAME}"
},
"stringData" : {
- "databaseUser" : "${DATABASE_USER}",
- "databasePassword" : "${DATABASE_PASSWORD}",
- "applicationUser" : "${APPLICATION_USER}",
- "applicationPassword" : "${APPLICATION_PASSWORD}",
- "keyBase" : "${SECRET_KEY_BASE}"
+ "database-user" : "${DATABASE_USER}",
+ "database-password" : "${DATABASE_PASSWORD}",
+ "application-user" : "${APPLICATION_USER}",
+ "application-password" : "${APPLICATION_PASSWORD}",
+ "keybase" : "${SECRET_KEY_BASE}"
}
},
{
@@ -104,8 +104,8 @@
},
"env": [
{
- "name": "RUBYGEM_MIRROR",
- "value": "${RUBYGEM_MIRROR}"
+ "name": "RUBYGEM_MIRROR",
+ "value": "${RUBYGEM_MIRROR}"
}
]
}
@@ -148,7 +148,7 @@
"strategy": {
"type": "Recreate",
"recreateParams": {
- "pre": {
+ "pre": {
"failurePolicy": "Abort",
"execNewPod": {
"command": [
@@ -224,7 +224,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databaseUser"
+ "key" : "database-user"
}
}
},
@@ -233,7 +233,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "databasePassword"
+ "key" : "database-password"
}
}
},
@@ -246,7 +246,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "keyBase"
+ "key" : "keybase"
}
}
},
@@ -267,7 +267,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "applicationUser"
+ "key" : "application-user"
}
}
},
@@ -276,7 +276,7 @@
"valueFrom": {
"secretKeyRef" : {
"name" : "${NAME}",
- "key" : "applicationPassword"
+ "key" : "application-password"
}
}
},
@@ -286,9 +286,9 @@
}
],
"resources": {
- "limits": {
- "memory": "${MEMORY_LIMIT}"
- }
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
}
}
]
@@ -400,11 +400,21 @@
"env": [
{
"name": "POSTGRESQL_USER",
- "value": "${DATABASE_USER}"
+ "valueFrom": {
+ "secretKeyRef" : {
+ "name" : "${NAME}",
+ "key" : "database-user"
+ }
+ }
},
{
"name": "POSTGRESQL_PASSWORD",
- "value": "${DATABASE_PASSWORD}"
+ "valueFrom": {
+ "secretKeyRef" : {
+ "name" : "${NAME}",
+ "key" : "database-password"
+ }
+ }
},
{
"name": "POSTGRESQL_DATABASE",
@@ -420,9 +430,9 @@
}
],
"resources": {
- "limits": {
- "memory": "${MEMORY_POSTGRESQL_LIMIT}"
- }
+ "limits": {
+ "memory": "${MEMORY_POSTGRESQL_LIMIT}"
+ }
}
}
]
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index c99452062..f7506bd63 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -1032,6 +1032,8 @@ def set_nodename(facts):
if 'node' in facts and 'common' in facts:
if 'cloudprovider' in facts and facts['cloudprovider']['kind'] == 'openstack':
facts['node']['nodename'] = facts['provider']['metadata']['hostname'].replace('.novalocal', '')
+ elif 'cloudprovider' in facts and facts['cloudprovider']['kind'] == 'gce':
+ facts['node']['nodename'] = '.'.split(facts['provider']['metadata']['hostname'])[0]
else:
facts['node']['nodename'] = facts['common']['hostname'].lower()
return facts
diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md
index 9b71dc676..856cfa2b9 100644
--- a/roles/openshift_logging/README.md
+++ b/roles/openshift_logging/README.md
@@ -35,6 +35,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log
- `openshift_logging_curator_log_level`: The log level for the Curator process. Defaults to 'ERROR'.
- `openshift_logging_curator_cpu_limit`: The amount of CPU to allocate to Curator. Default is '100m'.
- `openshift_logging_curator_memory_limit`: The amount of memory to allocate to Curator. Unset if not specified.
+- `openshift_logging_curator_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the curator pod will land.
- `openshift_logging_kibana_hostname`: The Kibana hostname. Defaults to 'kibana.example.com'.
- `openshift_logging_kibana_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified.
@@ -43,6 +44,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log
- `openshift_logging_kibana_proxy_cpu_limit`: The amount of CPU to allocate to Kibana proxy or unset if not specified.
- `openshift_logging_kibana_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified.
- `openshift_logging_kibana_replica_count`: The number of replicas Kibana should be scaled up to. Defaults to 1.
+- `openshift_logging_kibana_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land.
- `openshift_logging_fluentd_nodeselector`: The node selector that the Fluentd daemonset uses to determine where to deploy to. Defaults to '"logging-infra-fluentd": "true"'.
- `openshift_logging_fluentd_cpu_limit`: The CPU limit for Fluentd pods. Defaults to '100m'.
@@ -67,6 +69,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log
- `openshift_logging_es_pvc_prefix`: The prefix for the generated PVCs. Defaults to 'logging-es'.
- `openshift_logging_es_recover_after_time`: The amount of time ES will wait before it tries to recover. Defaults to '5m'.
- `openshift_logging_es_storage_group`: The storage group used for ES. Defaults to '65534'.
+- `openshift_logging_es_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land.
When `openshift_logging_use_ops` is `True`, there are some additional vars. These work the
same as above for their non-ops counterparts, but apply to the OPS cluster instance:
diff --git a/roles/openshift_logging/tasks/install_curator.yaml b/roles/openshift_logging/tasks/install_curator.yaml
index 8f2825552..fcfce4e1e 100644
--- a/roles/openshift_logging/tasks/install_curator.yaml
+++ b/roles/openshift_logging/tasks/install_curator.yaml
@@ -31,6 +31,7 @@
curator_cpu_limit: "{{openshift_logging_curator_cpu_limit }}"
curator_memory_limit: "{{openshift_logging_curator_memory_limit }}"
replicas: "{{curator_replica_count.stdout | default (0)}}"
+ curator_node_selector: "{{openshift_logging_curator_nodeselector | default({}) }}"
check_mode: no
changed_when: no
@@ -46,6 +47,7 @@
curator_cpu_limit: "{{openshift_logging_curator_ops_cpu_limit }}"
curator_memory_limit: "{{openshift_logging_curator_ops_memory_limit }}"
replicas: "{{curator_ops_replica_count.stdout | default (0)}}"
+ curator_node_selector: "{{openshift_logging_curator_ops_nodeselector | default({}) }}"
when: openshift_logging_use_ops
check_mode: no
changed_when: no
diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml
index fbba46a35..9b1c004f2 100644
--- a/roles/openshift_logging/tasks/install_elasticsearch.yaml
+++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml
@@ -33,6 +33,7 @@
volume_names: "{{es_pvc_pool | default([])}}"
pvc_claim: "{{(volume_names | length > item.0) | ternary(volume_names[item.0], None)}}"
deploy_name: "{{item.1}}"
+ es_node_selector: "{{openshift_logging_es_nodeselector | default({})}}"
with_indexed_items:
- "{{es_dc_pool | default([])}}"
check_mode: no
@@ -98,6 +99,7 @@
es_recover_after_nodes: "{{es_ops_recover_after_nodes}}"
es_recover_expected_nodes: "{{es_ops_recover_expected_nodes}}"
openshift_logging_es_recover_after_time: "{{openshift_logging_es_ops_recover_after_time}}"
+ es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({})}}"
with_indexed_items:
- "{{es_dc_pool_ops | default([])}}"
when:
diff --git a/roles/openshift_logging/tasks/install_kibana.yaml b/roles/openshift_logging/tasks/install_kibana.yaml
index de4b018dd..f4df7de0c 100644
--- a/roles/openshift_logging/tasks/install_kibana.yaml
+++ b/roles/openshift_logging/tasks/install_kibana.yaml
@@ -35,6 +35,7 @@
kibana_proxy_cpu_limit: "{{openshift_logging_kibana_proxy_cpu_limit }}"
kibana_proxy_memory_limit: "{{openshift_logging_kibana_proxy_memory_limit }}"
replicas: "{{kibana_replica_count.stdout | default (0)}}"
+ kibana_node_selector: "{{openshift_logging_kibana_nodeselector | default({}) }}"
check_mode: no
changed_when: no
@@ -53,6 +54,7 @@
kibana_proxy_cpu_limit: "{{openshift_logging_kibana_ops_proxy_cpu_limit }}"
kibana_proxy_memory_limit: "{{openshift_logging_kibana_ops_proxy_memory_limit }}"
replicas: "{{kibana_ops_replica_count.stdout | default (0)}}"
+ kibana_node_selector: "{{openshift_logging_kibana_ops_nodeselector | default({}) }}"
when: openshift_logging_use_ops
check_mode: no
changed_when: no
diff --git a/roles/openshift_logging/templates/curator.j2 b/roles/openshift_logging/templates/curator.j2
index d3b5d33a2..de6258eaa 100644
--- a/roles/openshift_logging/templates/curator.j2
+++ b/roles/openshift_logging/templates/curator.j2
@@ -28,6 +28,12 @@ spec:
spec:
terminationGracePeriod: 600
serviceAccountName: aggregated-logging-curator
+{% if curator_node_selector is iterable and curator_node_selector | length > 0 %}
+ nodeSelector:
+{% for key, value in curator_node_selector.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
containers:
-
name: "curator"
diff --git a/roles/openshift_logging/templates/es.j2 b/roles/openshift_logging/templates/es.j2
index 291589690..ec84c6b76 100644
--- a/roles/openshift_logging/templates/es.j2
+++ b/roles/openshift_logging/templates/es.j2
@@ -30,6 +30,12 @@ spec:
securityContext:
supplementalGroups:
- {{openshift_logging_es_storage_group}}
+{% if es_node_selector is iterable and es_node_selector | length > 0 %}
+ nodeSelector:
+{% for key, value in es_node_selector.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
containers:
-
name: "elasticsearch"
diff --git a/roles/openshift_logging/templates/kibana.j2 b/roles/openshift_logging/templates/kibana.j2
index 1ec97701a..b42f62850 100644
--- a/roles/openshift_logging/templates/kibana.j2
+++ b/roles/openshift_logging/templates/kibana.j2
@@ -27,6 +27,12 @@ spec:
component: "{{component}}"
spec:
serviceAccountName: aggregated-logging-kibana
+{% if kibana_node_selector is iterable and kibana_node_selector | length > 0 %}
+ nodeSelector:
+{% for key, value in kibana_node_selector.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
containers:
-
name: "kibana"
diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
index e6954ea44..f78621674 100644
--- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
+++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
@@ -37,6 +37,7 @@ spec:
- "-Dhawkular.metrics.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file"
- "-Dhawkular.metrics.allowed-cors-access-control-allow-headers=authorization"
- "-Dhawkular.metrics.default-ttl={{openshift_metrics_duration}}"
+ - "-Dhawkular.metrics.admin-tenant=_hawkular_admin"
- "-Dhawkular-alerts.cassandra-nodes=hawkular-cassandra"
- "-Dhawkular-alerts.cassandra-use-ssl"
- "-Dhawkular.alerts.openshift.auth-methods=openshift-oauth,htpasswd"
@@ -44,6 +45,7 @@ spec:
- "-Dhawkular.alerts.allowed-cors-access-control-allow-headers=authorization"
- "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true"
- "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true"
+ - "-Dcom.datastax.driver.FORCE_NIO=true"
- "-DKUBERNETES_MASTER_URL={{openshift_metrics_master_url}}"
- "-DUSER_WRITE_ACCESS={{openshift_metrics_hawkular_user_write_access}}"
- "--hmw.keystore=/secrets/hawkular-metrics.keystore"