diff options
16 files changed, 228 insertions, 96 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index fd9a1844f..d29838038 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.5.1-1 ./ +3.5.2-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 0b7c44660..85675f5f9 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.5.1 +Version: 3.5.2 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -253,6 +253,67 @@ Atomic OpenShift Utilities includes %changelog +* Wed Jan 25 2017 Scott Dodson <sdodson@redhat.com> 3.5.2-1 +- Sync latest image streams (sdodson@redhat.com) +- Fix containerized haproxy config (andrew@andrewklau.com) +- Allow RHEL subscription for OSE 3.4 (lhuard@amadeus.com) +- fixes BZ-1415447. Error when stopping heapster. Modify to be conditional + include (jcantril@redhat.com) +- override nodename for gce with cloudprovider (jdetiber@redhat.com) +- fixes jks generation, node labeling, and rerunning for oauth secrets + (ewolinet@redhat.com) +- allow openshift_logging role to specify nodeSelectors (jcantril@redhat.com) +- Remove is_containerized check for firewalld installs (rteague@redhat.com) +- Clean up pylint for delete_empty_keys. (abutcher@redhat.com) +- [os_firewall] Fix default iptables args. (abutcher@redhat.com) +- Add new option 'openshift_docker_selinux_enabled' (rteague@redhat.com) +- Temporary work-around for flake8 vs maccabe version conflict + (tbielawa@redhat.com) +- do not set empty proxy env variable defaults (bparees@redhat.com) +- fix BZ1414477. Use keytool on control node and require java + (jcantril@redhat.com) +- Remove unused temporary directory in master config playbook. + (abutcher@redhat.com) +- Added link to HOOKS in README (smilner@redhat.com) +- HOOKS.md added documenting new hooks (smilner@redhat.com) +- [os_firewall] Add -w flag to wait for iptables xtables lock. + (abutcher@redhat.com) +- fixes BZ-1414625. Check for httpd-tools and java before install + (jcantril@redhat.com) +- Add a mid upgrade hook, re-prefix variables. (dgoodwin@redhat.com) +- treat force_pull as a bool (bparees@redhat.com) +- Adding to ansible spec and changing logging jks generation to be a + local_action (ewolinet@redhat.com) +- Add containzerized haproxy option (andrew@andrewklau.com) +- Reorder node dnsmasq dependency s.t. networkmanager is restarted after + firewall changes have been applied. (abutcher@redhat.com) +- Removing docker run strategy and make java a requirement for control host + (ewolinet@redhat.com) +- Adding version to lib_openshift (kwoodson@redhat.com) +- Updating to use docker run instead of scheduling jks gen pod + (ewolinet@redhat.com) +- jenkins v1.3 templates should not enable oauth (gmontero@redhat.com) +- fix oc_apply to allow running on any control node (jcantril@redhat.com) +- g_master_mktemp in openshift-master conflicts with + openshift_master_certificates (rmeggins@redhat.com) +- fixes #3127. Get files for oc_apply from remote host (jcantril@redhat.com) +- Debug message before running hooks. (dgoodwin@redhat.com) +- Cleaning repo cache earlier (rteague@redhat.com) +- Added tar as a requirement per BZ1388445 (smilner@redhat.com) +- fixes BZ141619. Corrects the variable in the README (jcantril@redhat.com) +- Run user provided hooks prior to system/service restarts. + (dgoodwin@redhat.com) +- Implement pre/post master upgrade hooks. (dgoodwin@redhat.com) +- Adding oc_obj to the lib_openshift library (kwoodson@redhat.com) +- Addressing found issues with logging role (ewolinet@redhat.com) +- Updated the generate.py scripts for tox and virtualenv. (kwoodson@redhat.com) +- Adding tox tests for generated code. (kwoodson@redhat.com) +- Perform master upgrades in a single play serially. (dgoodwin@redhat.com) +- Validate system restart policy during pre-upgrade. (dgoodwin@redhat.com) +- Correct consistency between upgrade playbooks (rteague@redhat.com) +- Wait for nodes to be ready before proceeding with upgrade. + (dgoodwin@redhat.com) + * Wed Jan 18 2017 Scott Dodson <sdodson@redhat.com> 3.5.1-1 - More reliable wait for master after full host reboot. (dgoodwin@redhat.com) - kubelet must have rw to cgroups for pod/qos cgroups to function diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json index 9dbbf89d1..9732e59e1 100644 --- a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json @@ -22,8 +22,11 @@ "name": "${NAME}" }, "stringData" : { - "databaseUser" : "${DATABASE_USER}", - "databasePassword" : "${DATABASE_PASSWORD}" + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "cakephp-secret-token" : "${CAKEPHP_SECRET_TOKEN}", + "cakephp-security-salt" : "${CAKEPHP_SECURITY_SALT}", + "cakephp-security-cipher-seed" : "${CAKEPHP_SECURITY_CIPHER_SEED}" } }, { @@ -97,12 +100,12 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "php:5.6" + "name": "php:7.0" }, "env": [ { - "name": "COMPOSER_MIRROR", - "value": "${COMPOSER_MIRROR}" + "name": "COMPOSER_MIRROR", + "value": "${COMPOSER_MIRROR}" } ] } @@ -201,12 +204,12 @@ } }, "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/", - "port": 8080 - } + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } }, "env": [ { @@ -226,7 +229,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databaseUser" + "key" : "database-user" } } }, @@ -235,21 +238,36 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databasePassword" + "key" : "database-password" } } }, { "name": "CAKEPHP_SECRET_TOKEN", - "value": "${CAKEPHP_SECRET_TOKEN}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "cakephp-secret-token" + } + } }, { "name": "CAKEPHP_SECURITY_SALT", - "value": "${CAKEPHP_SECURITY_SALT}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "cakephp-security-salt" + } + } }, { "name": "CAKEPHP_SECURITY_CIPHER_SEED", - "value": "${CAKEPHP_SECURITY_CIPHER_SEED}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "cakephp-security-cipher-seed" + } + } }, { "name": "OPCACHE_REVALIDATE_FREQ", @@ -257,9 +275,9 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } + "limits": { + "memory": "${MEMORY_LIMIT}" + } } } ] @@ -313,7 +331,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "mysql:5.6" + "name": "mysql:5.7" } } }, @@ -362,40 +380,40 @@ } }, "livenessProbe": { - "timeoutSeconds": 1, - "initialDelaySeconds": 30, - "tcpSocket": { - "port": 3306 - } + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } }, "env": [ - { - "name": "MYSQL_USER", - "valueFrom": { - "secretKeyRef" : { - "name" : "${NAME}", - "key" : "databaseUser" - } + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" } - }, - { - "name": "MYSQL_PASSWORD", - "valueFrom": { - "secretKeyRef" : { - "name" : "${NAME}", - "key" : "databasePassword" - } - } - }, - { - "name": "MYSQL_DATABASE", - "value": "${DATABASE_NAME}" } + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + } ], "resources": { - "limits": { - "memory": "${MEMORY_MYSQL_LIMIT}" - } + "limits": { + "memory": "${MEMORY_MYSQL_LIMIT}" + } } } ] diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json index dccb8bf7f..18100974b 100644 --- a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json @@ -22,8 +22,9 @@ "name": "${NAME}" }, "stringData" : { - "databaseUser" : "${DATABASE_USER}", - "databasePassword" : "${DATABASE_PASSWORD}" + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "keybase" : "${SECRET_KEY_BASE}" } }, { @@ -97,7 +98,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "perl:5.20" + "name": "perl:5.24" }, "env": [ { @@ -207,7 +208,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databaseUser" + "key" : "database-user" } } }, @@ -216,7 +217,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databasePassword" + "key" : "database-password" } } }, @@ -226,7 +227,12 @@ }, { "name": "SECRET_KEY_BASE", - "value": "${SECRET_KEY_BASE}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "keybase" + } + } }, { "name": "PERL_APACHE2_RELOAD", @@ -290,7 +296,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "mysql:5.6" + "name": "mysql:5.7" } } }, @@ -351,7 +357,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databaseUser" + "key" : "database-user" } } }, @@ -360,7 +366,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databasePassword" + "key" : "database-password" } } }, diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json index 59ff8a988..64b914e61 100644 --- a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json @@ -22,8 +22,9 @@ "name": "${NAME}" }, "stringData" : { - "databaseUser" : "${DATABASE_USER}", - "databasePassword" : "${DATABASE_PASSWORD}" + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "django-secret-key" : "${DJANGO_SECRET_KEY}" } }, { @@ -218,7 +219,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databaseUser" + "key" : "database-user" } } }, @@ -227,7 +228,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databasePassword" + "key" : "database-password" } } }, @@ -237,7 +238,12 @@ }, { "name": "DJANGO_SECRET_KEY", - "value": "${DJANGO_SECRET_KEY}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "django-secret-key" + } + } } ], "resources": { @@ -338,7 +344,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databaseUser" + "key" : "database-user" } } }, @@ -347,7 +353,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databasePassword" + "key" : "database-password" } } }, diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json index 91f9ec7b3..6a55f0251 100644 --- a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json @@ -22,9 +22,9 @@ "name": "${NAME}" }, "stringData": { - "databaseUser": "${DATABASE_USER}", - "databasePassword": "${DATABASE_PASSWORD}", - "databaseAdminPassword" : "${DATABASE_ADMIN_PASSWORD}" + "database-user": "${DATABASE_USER}", + "database-password": "${DATABASE_PASSWORD}", + "database-admin-password" : "${DATABASE_ADMIN_PASSWORD}" } }, { @@ -201,7 +201,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databaseUser" + "key" : "database-user" } } }, @@ -210,7 +210,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databasePassword" + "key" : "database-password" } } }, @@ -223,7 +223,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databaseAdminPassword" + "key" : "database-admin-password" } } } @@ -336,7 +336,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databaseUser" + "key" : "database-user" } } }, @@ -345,7 +345,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databasePassword" + "key" : "database-password" } } }, @@ -358,7 +358,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databaseAdminPassword" + "key" : "database-admin-password" } } } diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json index 6373562c4..043554c79 100644 --- a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json @@ -22,11 +22,11 @@ "name": "${NAME}" }, "stringData" : { - "databaseUser" : "${DATABASE_USER}", - "databasePassword" : "${DATABASE_PASSWORD}", - "applicationUser" : "${APPLICATION_USER}", - "applicationPassword" : "${APPLICATION_PASSWORD}", - "keyBase" : "${SECRET_KEY_BASE}" + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "application-user" : "${APPLICATION_USER}", + "application-password" : "${APPLICATION_PASSWORD}", + "keybase" : "${SECRET_KEY_BASE}" } }, { @@ -104,8 +104,8 @@ }, "env": [ { - "name": "RUBYGEM_MIRROR", - "value": "${RUBYGEM_MIRROR}" + "name": "RUBYGEM_MIRROR", + "value": "${RUBYGEM_MIRROR}" } ] } @@ -148,7 +148,7 @@ "strategy": { "type": "Recreate", "recreateParams": { - "pre": { + "pre": { "failurePolicy": "Abort", "execNewPod": { "command": [ @@ -224,7 +224,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databaseUser" + "key" : "database-user" } } }, @@ -233,7 +233,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "databasePassword" + "key" : "database-password" } } }, @@ -246,7 +246,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "keyBase" + "key" : "keybase" } } }, @@ -267,7 +267,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "applicationUser" + "key" : "application-user" } } }, @@ -276,7 +276,7 @@ "valueFrom": { "secretKeyRef" : { "name" : "${NAME}", - "key" : "applicationPassword" + "key" : "application-password" } } }, @@ -286,9 +286,9 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } + "limits": { + "memory": "${MEMORY_LIMIT}" + } } } ] @@ -400,11 +400,21 @@ "env": [ { "name": "POSTGRESQL_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } }, { "name": "POSTGRESQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } }, { "name": "POSTGRESQL_DATABASE", @@ -420,9 +430,9 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_POSTGRESQL_LIMIT}" - } + "limits": { + "memory": "${MEMORY_POSTGRESQL_LIMIT}" + } } } ] diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index c99452062..f7506bd63 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1032,6 +1032,8 @@ def set_nodename(facts): if 'node' in facts and 'common' in facts: if 'cloudprovider' in facts and facts['cloudprovider']['kind'] == 'openstack': facts['node']['nodename'] = facts['provider']['metadata']['hostname'].replace('.novalocal', '') + elif 'cloudprovider' in facts and facts['cloudprovider']['kind'] == 'gce': + facts['node']['nodename'] = '.'.split(facts['provider']['metadata']['hostname'])[0] else: facts['node']['nodename'] = facts['common']['hostname'].lower() return facts diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index 9b71dc676..856cfa2b9 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -35,6 +35,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_curator_log_level`: The log level for the Curator process. Defaults to 'ERROR'. - `openshift_logging_curator_cpu_limit`: The amount of CPU to allocate to Curator. Default is '100m'. - `openshift_logging_curator_memory_limit`: The amount of memory to allocate to Curator. Unset if not specified. +- `openshift_logging_curator_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the curator pod will land. - `openshift_logging_kibana_hostname`: The Kibana hostname. Defaults to 'kibana.example.com'. - `openshift_logging_kibana_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified. @@ -43,6 +44,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_kibana_proxy_cpu_limit`: The amount of CPU to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_replica_count`: The number of replicas Kibana should be scaled up to. Defaults to 1. +- `openshift_logging_kibana_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land. - `openshift_logging_fluentd_nodeselector`: The node selector that the Fluentd daemonset uses to determine where to deploy to. Defaults to '"logging-infra-fluentd": "true"'. - `openshift_logging_fluentd_cpu_limit`: The CPU limit for Fluentd pods. Defaults to '100m'. @@ -67,6 +69,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_es_pvc_prefix`: The prefix for the generated PVCs. Defaults to 'logging-es'. - `openshift_logging_es_recover_after_time`: The amount of time ES will wait before it tries to recover. Defaults to '5m'. - `openshift_logging_es_storage_group`: The storage group used for ES. Defaults to '65534'. +- `openshift_logging_es_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land. When `openshift_logging_use_ops` is `True`, there are some additional vars. These work the same as above for their non-ops counterparts, but apply to the OPS cluster instance: diff --git a/roles/openshift_logging/tasks/install_curator.yaml b/roles/openshift_logging/tasks/install_curator.yaml index 8f2825552..fcfce4e1e 100644 --- a/roles/openshift_logging/tasks/install_curator.yaml +++ b/roles/openshift_logging/tasks/install_curator.yaml @@ -31,6 +31,7 @@ curator_cpu_limit: "{{openshift_logging_curator_cpu_limit }}" curator_memory_limit: "{{openshift_logging_curator_memory_limit }}" replicas: "{{curator_replica_count.stdout | default (0)}}" + curator_node_selector: "{{openshift_logging_curator_nodeselector | default({}) }}" check_mode: no changed_when: no @@ -46,6 +47,7 @@ curator_cpu_limit: "{{openshift_logging_curator_ops_cpu_limit }}" curator_memory_limit: "{{openshift_logging_curator_ops_memory_limit }}" replicas: "{{curator_ops_replica_count.stdout | default (0)}}" + curator_node_selector: "{{openshift_logging_curator_ops_nodeselector | default({}) }}" when: openshift_logging_use_ops check_mode: no changed_when: no diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml index fbba46a35..9b1c004f2 100644 --- a/roles/openshift_logging/tasks/install_elasticsearch.yaml +++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml @@ -33,6 +33,7 @@ volume_names: "{{es_pvc_pool | default([])}}" pvc_claim: "{{(volume_names | length > item.0) | ternary(volume_names[item.0], None)}}" deploy_name: "{{item.1}}" + es_node_selector: "{{openshift_logging_es_nodeselector | default({})}}" with_indexed_items: - "{{es_dc_pool | default([])}}" check_mode: no @@ -98,6 +99,7 @@ es_recover_after_nodes: "{{es_ops_recover_after_nodes}}" es_recover_expected_nodes: "{{es_ops_recover_expected_nodes}}" openshift_logging_es_recover_after_time: "{{openshift_logging_es_ops_recover_after_time}}" + es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({})}}" with_indexed_items: - "{{es_dc_pool_ops | default([])}}" when: diff --git a/roles/openshift_logging/tasks/install_kibana.yaml b/roles/openshift_logging/tasks/install_kibana.yaml index de4b018dd..f4df7de0c 100644 --- a/roles/openshift_logging/tasks/install_kibana.yaml +++ b/roles/openshift_logging/tasks/install_kibana.yaml @@ -35,6 +35,7 @@ kibana_proxy_cpu_limit: "{{openshift_logging_kibana_proxy_cpu_limit }}" kibana_proxy_memory_limit: "{{openshift_logging_kibana_proxy_memory_limit }}" replicas: "{{kibana_replica_count.stdout | default (0)}}" + kibana_node_selector: "{{openshift_logging_kibana_nodeselector | default({}) }}" check_mode: no changed_when: no @@ -53,6 +54,7 @@ kibana_proxy_cpu_limit: "{{openshift_logging_kibana_ops_proxy_cpu_limit }}" kibana_proxy_memory_limit: "{{openshift_logging_kibana_ops_proxy_memory_limit }}" replicas: "{{kibana_ops_replica_count.stdout | default (0)}}" + kibana_node_selector: "{{openshift_logging_kibana_ops_nodeselector | default({}) }}" when: openshift_logging_use_ops check_mode: no changed_when: no diff --git a/roles/openshift_logging/templates/curator.j2 b/roles/openshift_logging/templates/curator.j2 index d3b5d33a2..de6258eaa 100644 --- a/roles/openshift_logging/templates/curator.j2 +++ b/roles/openshift_logging/templates/curator.j2 @@ -28,6 +28,12 @@ spec: spec: terminationGracePeriod: 600 serviceAccountName: aggregated-logging-curator +{% if curator_node_selector is iterable and curator_node_selector | length > 0 %} + nodeSelector: +{% for key, value in curator_node_selector.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} containers: - name: "curator" diff --git a/roles/openshift_logging/templates/es.j2 b/roles/openshift_logging/templates/es.j2 index 291589690..ec84c6b76 100644 --- a/roles/openshift_logging/templates/es.j2 +++ b/roles/openshift_logging/templates/es.j2 @@ -30,6 +30,12 @@ spec: securityContext: supplementalGroups: - {{openshift_logging_es_storage_group}} +{% if es_node_selector is iterable and es_node_selector | length > 0 %} + nodeSelector: +{% for key, value in es_node_selector.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} containers: - name: "elasticsearch" diff --git a/roles/openshift_logging/templates/kibana.j2 b/roles/openshift_logging/templates/kibana.j2 index 1ec97701a..b42f62850 100644 --- a/roles/openshift_logging/templates/kibana.j2 +++ b/roles/openshift_logging/templates/kibana.j2 @@ -27,6 +27,12 @@ spec: component: "{{component}}" spec: serviceAccountName: aggregated-logging-kibana +{% if kibana_node_selector is iterable and kibana_node_selector | length > 0 %} + nodeSelector: +{% for key, value in kibana_node_selector.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} containers: - name: "kibana" diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index e6954ea44..f78621674 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -37,6 +37,7 @@ spec: - "-Dhawkular.metrics.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file" - "-Dhawkular.metrics.allowed-cors-access-control-allow-headers=authorization" - "-Dhawkular.metrics.default-ttl={{openshift_metrics_duration}}" + - "-Dhawkular.metrics.admin-tenant=_hawkular_admin" - "-Dhawkular-alerts.cassandra-nodes=hawkular-cassandra" - "-Dhawkular-alerts.cassandra-use-ssl" - "-Dhawkular.alerts.openshift.auth-methods=openshift-oauth,htpasswd" @@ -44,6 +45,7 @@ spec: - "-Dhawkular.alerts.allowed-cors-access-control-allow-headers=authorization" - "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true" - "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true" + - "-Dcom.datastax.driver.FORCE_NIO=true" - "-DKUBERNETES_MASTER_URL={{openshift_metrics_master_url}}" - "-DUSER_WRITE_ACCESS={{openshift_metrics_hawkular_user_write_access}}" - "--hmw.keystore=/secrets/hawkular-metrics.keystore" |