diff options
274 files changed, 2860 insertions, 2577 deletions
diff --git a/.redhat-ci.inventory b/.redhat-ci.inventory new file mode 100644 index 000000000..3c8296055 --- /dev/null +++ b/.redhat-ci.inventory @@ -0,0 +1,22 @@ +[OSEv3:children] +masters +nodes +etcd + +[OSEv3:vars] +ansible_ssh_user=root +ansible_python_interpreter=/usr/bin/python3 +deployment_type=origin +openshift_image_tag="{{ lookup('env', 'OPENSHIFT_IMAGE_TAG') }}" +openshift_master_default_subdomain="{{ lookup('env', 'RHCI_ocp_node1_IP') }}.xip.io" + +[masters] +ocp-master + +[etcd] +ocp-master + +[nodes] +ocp-master openshift_schedulable=false +ocp-node1 openshift_node_labels="{'region':'infra'}" +ocp-node2 openshift_node_labels="{'region':'infra'}" diff --git a/.redhat-ci.sh b/.redhat-ci.sh new file mode 100755 index 000000000..29d64e4d5 --- /dev/null +++ b/.redhat-ci.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -xeuo pipefail + +# F25 currently has 2.2.1, so install from pypi +pip install ansible==2.2.2.0 + +# do a simple ping to make sure the nodes are available +ansible -vvv -i .redhat-ci.inventory nodes -a 'rpm-ostree status' + +upload_journals() { + mkdir journals + for node in master node1 node2; do + ssh ocp-$node 'journalctl --no-pager || true' > journals/ocp-$node.log + done +} + +trap upload_journals ERR + +# run the actual installer +ansible-playbook -vvv -i .redhat-ci.inventory playbooks/byo/config.yml + +# run a small subset of origin conformance tests to sanity +# check the cluster NB: we run it on the master since we may +# be in a different OSP network +ssh ocp-master docker run --rm --net=host --privileged \ + -v /etc/origin/master/admin.kubeconfig:/config fedora:25 sh -c \ + '"dnf install -y origin-tests && \ + KUBECONFIG=/config /usr/libexec/origin/extended.test --ginkgo.v=1 \ + --ginkgo.noColor --ginkgo.focus=\"Services.*NodePort|EmptyDir\""' diff --git a/.redhat-ci.yml b/.redhat-ci.yml new file mode 100644 index 000000000..887cc6ef0 --- /dev/null +++ b/.redhat-ci.yml @@ -0,0 +1,30 @@ +--- + +cluster: + hosts: + - name: ocp-master + distro: fedora/25/atomic + - name: ocp-node1 + distro: fedora/25/atomic + - name: ocp-node2 + distro: fedora/25/atomic + container: + image: fedora:25 + +packages: + - gcc + - python-pip + - python-devel + - openssl-devel + - redhat-rpm-config + +context: 'fedora/25/atomic | origin/v3.6.0-alpha.1' + +env: + OPENSHIFT_IMAGE_TAG: v3.6.0-alpha.1 + +tests: + - sh .redhat-ci.sh + +artifacts: + - journals/ diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 14df49d42..03abd6d62 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.6.26-1 ./ +3.6.39-1 ./ @@ -1,12 +1,11 @@ -# openshift-ansible RPM Build instructions +# openshift-ansible build instructions + +## Build openshift-ansible RPMs We use tito to make building and tracking revisions easy. For more information on tito, please see the [Tito home page](https://github.com/dgoodwin/tito "Tito home page"). - -## Build openshift-ansible - - Change into openshift-ansible ``` cd openshift-ansible @@ -24,3 +23,22 @@ tito tag ``` tito build --rpm ``` + +## Build an openshift-ansible container image + +To build a container image of `openshift-ansible` using standalone **Docker**: + + cd openshift-ansible + docker build -t openshift/openshift-ansible . + +Alternatively this can be built using on **OpenShift** using a [build and image stream](https://docs.openshift.org/latest/architecture/core_concepts/builds_and_image_streams.html) with this command: + + oc new-build docker.io/aweiteka/playbook2image~https://github.com/openshift/openshift-ansible + +The progress of the build can be monitored with: + + oc logs -f bc/openshift-ansible + +Once built, the image will be visible in the Image Stream created by the same command: + + oc describe imagestream openshift-ansible diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a3ae3fd10..a000802e2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -66,9 +66,9 @@ These are plugins used in playbooks and roles: └── test Contains tests. ``` -## Building RPMs +## Building openshift-ansible RPMs and container images -See the [RPM build instructions](BUILD.md). +See the [build instructions in BUILD.md](BUILD.md). ## Running tests diff --git a/README_CONTAINER_IMAGE.md b/README_CONTAINER_IMAGE.md index 2499e01d4..29a99db3f 100644 --- a/README_CONTAINER_IMAGE.md +++ b/README_CONTAINER_IMAGE.md @@ -1,43 +1,49 @@ # Containerized openshift-ansible to run playbooks -The [Dockerfile](Dockerfile) in this repository uses the [playbook2image](https://github.com/aweiteka/playbook2image) source-to-image base image to containerize `openshift-ansible`. The resulting image can run any of the provided playbooks. +The [Dockerfile](Dockerfile) in this repository uses the [playbook2image](https://github.com/aweiteka/playbook2image) source-to-image base image to containerize `openshift-ansible`. The resulting image can run any of the provided playbooks. See [BUILD.md](BUILD.md) for image build instructions. -**Note**: at this time there are known issues that prevent to run this image for installation/upgrade purposes (i.e. run one of the config/upgrade playbooks) from within one of the hosts that is also an installation target at the same time: if the playbook you want to run attempts to manage the docker daemon and restart it (like install/upgrade playbooks do) this would kill the container itself during its operation. - -## Build - -To build a container image of `openshift-ansible`: - -1. Using standalone **Docker**: - - cd openshift-ansible - docker build -t openshift/openshift-ansible . +The image is designed to **run as a non-root user**. The container's UID is mapped to the username `default` at runtime. Therefore, the container's environment reflects that user's settings, and the configuration should match that. For example `$HOME` is `/opt/app-root/src`, so ssh keys are expected to be under `/opt/app-root/src/.ssh`. If you ran a container as `root` you would have to adjust the container's configuration accordingly, e.g. by placing ssh keys under `/root/.ssh` instead. Nevertheless, the expectation is that containers will be run as non-root; for example, this container image can be run inside OpenShift under the default `restricted` [security context constraint](https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#security-context-constraints). -1. Using an **OpenShift** build: - - oc new-build docker.io/aweiteka/playbook2image~https://github.com/openshift/openshift-ansible - oc describe imagestream openshift-ansible +**Note**: at this time there are known issues that prevent to run this image for installation/upgrade purposes (i.e. run one of the config/upgrade playbooks) from within one of the hosts that is also an installation target at the same time: if the playbook you want to run attempts to manage the docker daemon and restart it (like install/upgrade playbooks do) this would kill the container itself during its operation. ## Usage The `playbook2image` base image provides several options to control the behaviour of the containers. For more details on these options see the [playbook2image](https://github.com/aweiteka/playbook2image) documentation. -At the very least, when running a container using an image built this way you must specify: +At the very least, when running a container you must specify: + +1. An **inventory**. This can be a location inside the container (possibly mounted as a volume) with a path referenced via the `INVENTORY_FILE` environment variable. Alternatively you can serve the inventory file from a web server and use the `INVENTORY_URL` environment variable to fetch it, or `DYNAMIC_SCRIPT_URL` to download a script that provides a dynamic inventory. + +1. **ssh keys** so that Ansible can reach your hosts. These should be mounted as a volume under `/opt/app-root/src/.ssh` under normal usage (i.e. when running the container as non-root). -1. An **inventory** file. This can be mounted inside the container as a volume and specified with the `INVENTORY_FILE` environment variable. Alternatively you can serve the inventory file from a web server and use the `INVENTORY_URL` environment variable to fetch it. -1. **ssh keys** so that Ansible can reach your hosts. These should be mounted as a volume under `/opt/app-root/src/.ssh` -1. The **playbook** to run. This is set using the `PLAYBOOK_FILE` environment variable. If you don't specify a playbook the [`openshift_facts`](playbooks/byo/openshift_facts.yml) playbook will be run to collecting and show facts about your OpenShift environment. +1. The **playbook** to run. This is set using the `PLAYBOOK_FILE` environment variable. If you don't specify a playbook the [`openshift_facts`](playbooks/byo/openshift_facts.yml) playbook will be run to collect and show facts about your OpenShift environment. -Here is an example of how to run a containerized `openshift-ansible` playbook that will check the expiration dates of OpenShift's internal certificates using the [`openshift_certificate_expiry` role](roles/openshift_certificate_expiry). The inventory and ssh keys are mounted as volumes (the latter requires setting the uid in the container and SELinux label in the key file via `:Z` so they can be accessed) and the `PLAYBOOK_FILE` environment variable is set to point to an example certificate check playbook that is already part of the image: +Here is an example of how to run a containerized `openshift-ansible` playbook that will check the expiration dates of OpenShift's internal certificates using the [`openshift_certificate_expiry` role](roles/openshift_certificate_expiry): docker run -u `id -u` \ -v $HOME/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa:Z \ -v /etc/ansible/hosts:/tmp/inventory \ -e INVENTORY_FILE=/tmp/inventory \ - -e OPTS="-v" \ -e PLAYBOOK_FILE=playbooks/certificate_expiry/default.yaml \ + -e OPTS="-v" -t \ openshift/openshift-ansible -Further usage examples are available in the [examples directory](examples/). +You might want to adjust some of the options in the example to match your environment and/or preferences. For example: you might want to create a separate directory on the host where you'll copy the ssh key and inventory files prior to invocation to avoid unwanted SELinux re-labeling of the original files or paths (see below). + +Here is a detailed explanation of the options used in the command above: + +* ``-u `id -u` `` makes the container run with the same UID as the current user, which is required for permissions so that the ssh key can be read inside the container (ssh private keys are expected to be readable only by their owner). Usually you would invoke `docker run` as a non-root user that has privileges to run containers and leave that option as is. + +* `-v $HOME/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa:Z` mounts your ssh key (`$HOME/.ssh/id_rsa`) under the `default` user's `$HOME/.ssh` in the container (as explained above, `/opt/app-root/src` is the `$HOME` of the `default` user in the container). If you mount the ssh key into a non-standard location you can add an environment variable with `-e ANSIBLE_PRIVATE_KEY_FILE=/the/mount/point` or set `ansible_ssh_private_key_file=/the/mount/point` as a variable in the inventory to point Ansible at it. + + Note that the ssh key is mounted with the `:Z` flag: this is also required so that the container can read the ssh key from its restricted SELinux context; this means that *your original ssh key file will be re-labeled* to something like `system_u:object_r:container_file_t:s0:c113,c247`. For more details about `:Z` please check the `docker-run(1)` man page. Please keep this in mind when providing these volume mount specifications because this could have unexpected consequences: for example, if you mount (and therefore re-label) your whole `$HOME/.ssh` directory you will block `sshd` from accessing your keys. This is a reason why you might want to work on a separate copy of the ssh key, so that the original file's labels remain untouched. + +* `-v /etc/ansible/hosts:/tmp/inventory` and `-e INVENTORY_FILE=/tmp/inventory` mount the Ansible inventory file into the container as `/tmp/inventory` and set the corresponding environment variable to point at it respectively. The example uses `/etc/ansible/hosts` as the inventory file as this is a default location, but your inventory is likely to be elsewhere so please adjust as needed. Note that depending on the file you point to you might have to handle SELinux labels in a similar way as with the ssh keys, e.g. by adding a `:z` flag to the volume mount, so again you might prefer to copy the inventory to a dedicated location first. + +* `-e PLAYBOOK_FILE=playbooks/certificate_expiry/default.yaml` specifies the playbook to run as a relative path from the top level directory of openshift-ansible. + +* `-e OPTS="-v"` and `-t` make the output look nicer: the `default.yaml` playbook does not generate results and runs quietly unless we add the `-v` option to the `ansible-playbook` invocation, and a TTY is allocated via `-t` so that Ansible adds color to the output. + +Further usage examples are available in the [examples directory](examples/) with samples of how to use the image from within OpenShift. Additional usage information for images built from `playbook2image` like this one can be found in the [playbook2image examples](https://github.com/aweiteka/playbook2image/tree/master/examples). diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 61b8f9f37..0c081a635 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -9,7 +9,7 @@ %global __requires_exclude ^/usr/bin/ansible-playbook$ Name: openshift-ansible -Version: 3.6.26 +Version: 3.6.39 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -76,6 +76,9 @@ find -L %{buildroot}%{_datadir}/ansible/%{name}/playbooks -name filter_plugins - cp -rp roles %{buildroot}%{_datadir}/ansible/%{name}/ # remove contiv role rm -rf %{buildroot}%{_datadir}/ansible/%{name}/roles/contiv/* +# touch a file in contiv so that it can be added to SCM's +touch %{buildroot}%{_datadir}/ansible/%{name}/roles/contiv/.empty_dir + # openshift_master_facts symlinks filter_plugins/oo_filters.py from ansible_plugins/filter_plugins pushd %{buildroot}%{_datadir}/ansible/%{name}/roles/openshift_master_facts/filter_plugins ln -sf ../../../../../ansible_plugins/filter_plugins/oo_filters.py oo_filters.py @@ -270,6 +273,94 @@ Atomic OpenShift Utilities includes %changelog +* Thu Apr 27 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.39-1 +- Move container build instructions to BUILD.md (pep@redhat.com) +- Elaborate container image usage instructions (pep@redhat.com) + +* Wed Apr 26 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.38-1 +- .redhat-ci.yml: also publish journal logs (jlebon@redhat.com) +- Standardize all Origin versioning on 3.6 (rteague@redhat.com) +- integration tests: add CI scripts (lmeyer@redhat.com) +- preflight int tests: define image builds to support tests (lmeyer@redhat.com) +- preflight int tests: generalize; add tests (lmeyer@redhat.com) +- Add stub of preflight integration tests (rhcarvalho@gmail.com) +- Move Python unit tests to subdirectory (rhcarvalho@gmail.com) +- Revert "Add /etc/sysconfig/etcd to etcd_container" (sdodson@redhat.com) +- Replace original router cert variable names. (abutcher@redhat.com) +- oc_obj: Allow for multiple kinds in delete (jarrpa@redhat.com) +- Update v1.5 content (sdodson@redhat.com) +- Update v1.6 content (sdodson@redhat.com) +- Make the rhel_subscribe role subscribe to OSE 3.5 channel by default + (lhuard@amadeus.com) +- Addressing yamllint (ewolinet@redhat.com) +- Updating kibana-proxy secret key for server-tls entry (ewolinet@redhat.com) +- Pick from issue3896 (ewolinet@redhat.com) +- Cleanup comments and remove extraneous tasks (sdodson@redhat.com) +- Store backups in /var/lib/etcd/openshift-backup (sdodson@redhat.com) +- Create member/snap directory encase it doesn't exist (sdodson@redhat.com) +- Copy v3 data dir when performing backup (sdodson@redhat.com) + +* Tue Apr 25 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.37-1 +- Differentiate between service serving router certificate and custom + openshift_hosted_router_certificate when replacing the router certificate. + (abutcher@redhat.com) + +* Tue Apr 25 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.36-1 +- Update swap disable tasks (rteague@redhat.com) +- Removing resource version to remove object conflicts caused by race + conditions. (kwoodson@redhat.com) +- cast openshift_logging_use_mux_client to bool (rmeggins@redhat.com) +- mux does not require privileged, only hostmount-anyuid (rmeggins@redhat.com) +- Switched Heapster to use certificates generated by OpenShift + (juraci@kroehling.de) +- Use metrics and logging deployer tag v3.4 for enterprise (sdodson@redhat.com) +- Remove v1.5 and v1.6 metrics/logging templates (sdodson@redhat.com) + +* Sun Apr 23 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.35-1 +- + +* Fri Apr 21 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.34-1 +- GlusterFS: provide default for groups.oo_glusterfs_to_config in with_items + (jarrpa@redhat.com) + +* Fri Apr 21 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.33-1 +- Adding module calls instead of command for idempotency. (kwoodson@redhat.com) +- Use return_value when value is constant (pierre- + louis.bonicoli@libregerbil.fr) +- Add missing mock for locate_oc_binary method (pierre- + louis.bonicoli@libregerbil.fr) + +* Fri Apr 21 2017 Scott Dodson <sdodson@redhat.com> 3.6.32-1 +- Don't check excluder versions when they're not enabled (sdodson@redhat.com) + +* Fri Apr 21 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.31-1 +- Stop all services prior to upgrading, start all services after + (sdodson@redhat.com) + +* Thu Apr 20 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.30-1 +- Add Ansible syntax checks to tox (rteague@redhat.com) +- Add /etc/sysconfig/etcd to etcd_container (me@fale.io) +- openshift_version: improve messaging (lmeyer@redhat.com) +- Simplify memory availability check, review tests (rhcarvalho@gmail.com) +- Simplify mixin class (rhcarvalho@gmail.com) +- Simplify disk availability check, review tests (rhcarvalho@gmail.com) +- add disk and memory availability check tests (jvallejo@redhat.com) +- add ram and storage preflight check (jvallejo@redhat.com) +- Fix paths for file includes (rteague@redhat.com) +- Fix instantiation of action plugin in test fixture (rhcarvalho@gmail.com) +- Introduce Elasticsearch readiness probe (lukas.vlcek@gmail.com) +- added a empty file to the contiv empty dir. This allows contiv to be vendored + in git (mwoodson@redhat.com) + +* Wed Apr 19 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.29-1 +- Create openshift-metrics entrypoint playbook (rteague@redhat.com) + +* Tue Apr 18 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.28-1 +- Minor v3.6 upgrade docs fixes (rteague@redhat.com) + +* Tue Apr 18 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.27-1 +- repo: start testing PRs on Fedora Atomic Host (jlebon@redhat.com) + * Tue Apr 18 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.26-1 - Correct role dependencies (rteague@redhat.com) - Allow for GlusterFS to provide registry storage (jarrpa@redhat.com) diff --git a/playbooks/byo/openshift-cluster/openshift-metrics.yml b/playbooks/byo/openshift-cluster/openshift-metrics.yml new file mode 100644 index 000000000..5ad3a1a01 --- /dev/null +++ b/playbooks/byo/openshift-cluster/openshift-metrics.yml @@ -0,0 +1,4 @@ +--- +- include: initialize_groups.yml + +- include: ../../common/openshift-cluster/openshift_metrics.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/README.md b/playbooks/byo/openshift-cluster/upgrades/README.md index 0425ba518..0f64f40f3 100644 --- a/playbooks/byo/openshift-cluster/upgrades/README.md +++ b/playbooks/byo/openshift-cluster/upgrades/README.md @@ -4,5 +4,6 @@ cluster. Additional notes for the associated upgrade playbooks are provided in their respective directories. # Upgrades available -- [OpenShift Enterprise 3.4 to 3.5](v3_5/README.md) (works also to upgrade OpenShift origin from 1.4.x to 1.5.x) -- [OpenShift Enterprise 3.3 to 3.4](v3_4/README.md) (works also to upgrade OpenShift origin from 1.3.x to 1.4.x) +- [OpenShift Container Platform 3.5 to 3.6](v3_6/README.md) (works also to upgrade OpenShift Origin from 1.5.x to 3.6.x) +- [OpenShift Container Platform 3.4 to 3.5](v3_5/README.md) (works also to upgrade OpenShift Origin from 1.4.x to 1.5.x) +- [OpenShift Container Platform 3.3 to 3.4](v3_4/README.md) (works also to upgrade OpenShift Origin from 1.3.x to 1.4.x) diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_6/README.md index 930cc753c..797af671a 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/README.md +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/README.md @@ -1,11 +1,10 @@ -# v3.5 Major and Minor Upgrade Playbook +# v3.6 Major and Minor Upgrade Playbook ## Overview -This playbook currently performs the -following steps. +This playbook currently performs the following steps. * Upgrade and restart master services - * Unschedule node. + * Unschedule node * Upgrade and restart docker * Upgrade and restart node services * Modifies the subset of the configuration necessary @@ -15,4 +14,7 @@ following steps. * Updates image streams and quickstarts ## Usage + +``` ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml +``` diff --git a/playbooks/common/openshift-cluster/openshift_metrics.yml b/playbooks/common/openshift-cluster/openshift_metrics.yml index 9f38ceea6..bcff4a1a1 100644 --- a/playbooks/common/openshift-cluster/openshift_metrics.yml +++ b/playbooks/common/openshift-cluster/openshift_metrics.yml @@ -1,4 +1,6 @@ --- +- include: evaluate_groups.yml + - name: OpenShift Metrics hosts: oo_first_master roles: diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml index 3b26abcc7..4fa7f9cdf 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/ca.yml @@ -130,7 +130,7 @@ state: absent changed_when: false -- include: ../openshift-etcd/restart.yml +- include: ../../openshift-etcd/restart.yml # Update master config when ca-bundle not referenced. Services will be # restarted below after new CA certificate has been distributed. @@ -322,7 +322,7 @@ group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" with_items: "{{ client_users }}" -- include: ../openshift-master/restart.yml +- include: ../../openshift-master/restart.yml - name: Distribute OpenShift CA certificate to nodes hosts: oo_nodes_to_config @@ -371,4 +371,4 @@ state: absent changed_when: false -- include: ../openshift-node/restart.yml +- include: ../../openshift-node/restart.yml diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml index a7b614341..9f14f2d69 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml @@ -67,7 +67,66 @@ service.alpha.openshift.io/serving-cert-secret-name=router-certs --config={{ mktemp.stdout }}/admin.kubeconfig -n default - when: l_router_dc.rc == 0 and 'router-certs' in router_secrets + when: l_router_dc.rc == 0 and 'router-certs' in router_secrets and openshift_hosted_router_certificate is undefined + + - block: + - assert: + that: + - "'certfile' in openshift_hosted_router_certificate" + - "'keyfile' in openshift_hosted_router_certificate" + - "'cafile' in openshift_hosted_router_certificate" + msg: |- + openshift_hosted_router_certificate has been set in the inventory but is + missing one or more required keys. Ensure that 'certfile', 'keyfile', + and 'cafile' keys have been specified for the openshift_hosted_router_certificate + inventory variable. + + - name: Read router certificate and key + become: no + local_action: + module: slurp + src: "{{ item }}" + register: openshift_router_certificate_output + # Defaulting dictionary keys to none to avoid deprecation warnings + # (future fatal errors) during template evaluation. Dictionary keys + # won't be accessed unless openshift_hosted_router_certificate is + # defined and has all keys (certfile, keyfile, cafile) which we + # check above. + with_items: + - "{{ (openshift_hosted_router_certificate | default({'certfile':none})).certfile }}" + - "{{ (openshift_hosted_router_certificate | default({'keyfile':none})).keyfile }}" + - "{{ (openshift_hosted_router_certificate | default({'cafile':none})).cafile }}" + + - name: Write temporary router certificate file + copy: + content: "{% for certificate in openshift_router_certificate_output.results -%}{{ certificate.content | b64decode }}{% endfor -%}" + dest: "{{ mktemp.stdout }}/openshift-hosted-router-certificate.pem" + mode: 0600 + + - name: Write temporary router key file + copy: + content: "{{ (openshift_router_certificate_output.results + | oo_collect('content', {'source':(openshift_hosted_router_certificate | default({'keyfile':none})).keyfile}))[0] | b64decode }}" + dest: "{{ mktemp.stdout }}/openshift-hosted-router-certificate.key" + mode: 0600 + + - name: Replace router-certs secret + shell: > + {{ openshift.common.client_binary }} secrets new router-certs + tls.crt="{{ mktemp.stdout }}/openshift-hosted-router-certificate.pem" + tls.key="{{ mktemp.stdout }}/openshift-hosted-router-certificate.key" + --type=kubernetes.io/tls + --confirm + -o json | {{ openshift.common.client_binary }} replace -f - + + - name: Remove temporary router certificate and key files + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ mktemp.stdout }}/openshift-hosted-router-certificate.pem" + - "{{ mktemp.stdout }}/openshift-hosted-router-certificate.key" + when: l_router_dc.rc == 0 and 'router-certs' in router_secrets and openshift_hosted_router_certificate is defined - name: Redeploy router command: > diff --git a/playbooks/common/openshift-cluster/upgrades/disable_excluder.yml b/playbooks/common/openshift-cluster/upgrades/disable_excluder.yml index d1e431c5e..a30952929 100644 --- a/playbooks/common/openshift-cluster/upgrades/disable_excluder.yml +++ b/playbooks/common/openshift-cluster/upgrades/disable_excluder.yml @@ -5,12 +5,13 @@ tasks: - include: pre/validate_excluder.yml vars: - #repoquery_cmd: repoquery_cmd - #openshift_upgrade_target: openshift_upgrade_target - excluder: "{{ item }}" - with_items: - - "{{ openshift.common.service_type }}-docker-excluder" - - "{{ openshift.common.service_type }}-excluder" + excluder: "{{ openshift.common.service_type }}-docker-excluder" + when: enable_docker_excluder | default(enable_excluders) | default(True) | bool + - include: pre/validate_excluder.yml + vars: + excluder: "{{ openshift.common.service_type }}-excluder" + when: enable_openshift_excluder | default(enable_excluders) | default(True) | bool + # disable excluders based on their status - include_role: diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml index 7ef79afa9..fb51a0061 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml @@ -3,8 +3,8 @@ hosts: etcd_hosts_to_backup vars: embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" - timestamp: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" etcdctl_command: "{{ 'etcdctl' if not openshift.common.is_containerized or embedded_etcd else 'docker exec etcd_container etcdctl' if not openshift.common.is_etcd_system_container else 'runc exec etcd etcdctl' }}" + timestamp: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" roles: - openshift_facts tasks: @@ -13,29 +13,20 @@ role: etcd local_facts: {} when: "'etcd' not in openshift" - - - stat: path=/var/lib/openshift - register: var_lib_openshift - - - stat: path=/var/lib/origin - register: var_lib_origin - - - name: Create origin symlink if necessary - file: src=/var/lib/openshift/ dest=/var/lib/origin state=link - when: var_lib_openshift.stat.exists == True and var_lib_origin.stat.exists == False + - set_fact: + etcd_backup_dir: "{{ openshift.etcd.etcd_data_dir }}/openshift-backup-{{ backup_tag | default('') }}{{ timestamp }}" # TODO: replace shell module with command and update later checks - # We assume to be using the data dir for all backups. - name: Check available disk space for etcd backup - shell: df --output=avail -k {{ openshift.common.data_dir }} | tail -n 1 + shell: df --output=avail -k {{ openshift.etcd.etcd_data_dir }} | tail -n 1 register: avail_disk # AUDIT:changed_when: `false` because we are only inspecting # state, not manipulating anything changed_when: false # TODO: replace shell module with command and update later checks - - name: Check current embedded etcd disk usage - shell: du -k {{ openshift.etcd.etcd_data_dir }} | tail -n 1 | cut -f1 + - name: Check current etcd disk usage + shell: du --exclude='*openshift-backup*' -k {{ openshift.etcd.etcd_data_dir }} | tail -n 1 | cut -f1 register: etcd_disk_usage when: embedded_etcd | bool # AUDIT:changed_when: `false` because we are only inspecting @@ -52,37 +43,42 @@ # For non containerized and non embedded we should have the correct version of # etcd installed already. So don't do anything. # - # For embedded or containerized we need to use the latest because OCP 3.3 uses - # a version of etcd that can only be backed up with etcd-3.x and if it's - # containerized then etcd version may be newer than that on the host so - # upgrade it. - # - # On atomic we have neither yum nor dnf so ansible throws a hard to debug error - # if you use package there, like this: "Could not find a module for unknown." - # see https://bugzilla.redhat.com/show_bug.cgi?id=1408668 + # For containerized installs we now exec into etcd_container # - # TODO - We should refactor all containerized backups to use the containerized - # version of etcd to perform the backup rather than relying on the host's - # binaries. Until we do that we'll continue to have problems backing up etcd - # when atomic host has an older version than the version that's running in the - # container whether that's embedded or not - - name: Install latest etcd for containerized or embedded + # For embedded non containerized we need to ensure we have the latest version + # etcd on the host. + - name: Install latest etcd for embedded package: name: etcd state: latest - when: ( embedded_etcd | bool or openshift.common.is_containerized ) and not openshift.common.is_atomic + when: + - embedded_etcd | bool + - not openshift.common.is_atomic | bool - name: Generate etcd backup command: > {{ etcdctl_command }} backup --data-dir={{ openshift.etcd.etcd_data_dir }} - --backup-dir={{ openshift.common.data_dir }}/etcd-backup-{{ backup_tag | default('') }}{{ timestamp }} + --backup-dir={{ etcd_backup_dir }} + + # According to the docs change you can simply copy snap/db + # https://github.com/openshift/openshift-docs/commit/b38042de02d9780842dce95cfa0ef45d53b58bc6 + - name: Check for v3 data store + stat: + path: "{{ openshift.etcd.etcd_data_dir }}/member/snap/db" + register: v3_db + + - name: Copy etcd v3 data store + command: > + cp -a {{ openshift.etcd.etcd_data_dir }}/member/snap/db + {{ etcd_backup_dir }}/member/snap/ + when: v3_db.stat.exists - set_fact: etcd_backup_complete: True - name: Display location of etcd backup debug: - msg: "Etcd backup created in {{ openshift.common.data_dir }}/etcd-backup-{{ backup_tag | default('') }}{{ timestamp }}" + msg: "Etcd backup created in {{ etcd_backup_dir }}" - name: Gate on etcd backup hosts: localhost diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py index 4d083c4d5..8a311cd0f 100644 --- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py @@ -900,6 +900,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_adm_manage_node.py b/roles/lib_openshift/library/oc_adm_manage_node.py index 48e80a7cd..0930faadb 100644 --- a/roles/lib_openshift/library/oc_adm_manage_node.py +++ b/roles/lib_openshift/library/oc_adm_manage_node.py @@ -886,6 +886,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_adm_policy_group.py b/roles/lib_openshift/library/oc_adm_policy_group.py index 35168d1a3..6a7be65d0 100644 --- a/roles/lib_openshift/library/oc_adm_policy_group.py +++ b/roles/lib_openshift/library/oc_adm_policy_group.py @@ -872,6 +872,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_adm_policy_user.py b/roles/lib_openshift/library/oc_adm_policy_user.py index 5f7e4b8fa..44923ecd2 100644 --- a/roles/lib_openshift/library/oc_adm_policy_user.py +++ b/roles/lib_openshift/library/oc_adm_policy_user.py @@ -872,6 +872,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') @@ -1960,7 +1967,7 @@ class PolicyUser(OpenShiftCLI): @property def policybindings(self): if self._policy_bindings is None: - results = self._get('clusterpolicybindings', None) + results = self._get('policybindings', None) if results['returncode'] != 0: raise OpenShiftCLIError('Could not retrieve policybindings') self._policy_bindings = results['results'][0]['items'][0] diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index a6718d921..0604f48bb 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -990,6 +990,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py index 0e4b336fb..bdcf94a58 100644 --- a/roles/lib_openshift/library/oc_adm_router.py +++ b/roles/lib_openshift/library/oc_adm_router.py @@ -1015,6 +1015,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_clusterrole.py b/roles/lib_openshift/library/oc_clusterrole.py index a34ce351e..af48ce636 100644 --- a/roles/lib_openshift/library/oc_clusterrole.py +++ b/roles/lib_openshift/library/oc_clusterrole.py @@ -864,6 +864,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') @@ -1531,10 +1538,10 @@ class Rule(object): results = [] for rule in inc_rules: - results.append(Rule(rule['apiGroups'], - rule['attributeRestrictions'], - rule['resources'], - rule['verbs'])) + results.append(Rule(rule.get('apiGroups', ['']), + rule.get('attributeRestrictions', None), + rule.get('resources', []), + rule.get('verbs', []))) return results @@ -1633,7 +1640,7 @@ class OCClusterRole(OpenShiftCLI): @property def clusterrole(self): ''' property for clusterrole''' - if not self._clusterrole: + if self._clusterrole is None: self.get() return self._clusterrole @@ -1669,6 +1676,7 @@ class OCClusterRole(OpenShiftCLI): elif 'clusterrole "{}" not found'.format(self.name) in result['stderr']: result['returncode'] = 0 + self.clusterrole = None return result @@ -1738,6 +1746,9 @@ class OCClusterRole(OpenShiftCLI): # Create it here api_rval = oc_clusterrole.create() + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + # return the created object api_rval = oc_clusterrole.get() diff --git a/roles/lib_openshift/library/oc_configmap.py b/roles/lib_openshift/library/oc_configmap.py index 69dd23a0e..385ed888b 100644 --- a/roles/lib_openshift/library/oc_configmap.py +++ b/roles/lib_openshift/library/oc_configmap.py @@ -870,6 +870,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_edit.py b/roles/lib_openshift/library/oc_edit.py index 70329ccfe..649de547e 100644 --- a/roles/lib_openshift/library/oc_edit.py +++ b/roles/lib_openshift/library/oc_edit.py @@ -914,6 +914,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_env.py b/roles/lib_openshift/library/oc_env.py index bda5eebc5..74bf63353 100644 --- a/roles/lib_openshift/library/oc_env.py +++ b/roles/lib_openshift/library/oc_env.py @@ -881,6 +881,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_group.py b/roles/lib_openshift/library/oc_group.py index 462e14868..2dd3d28ec 100644 --- a/roles/lib_openshift/library/oc_group.py +++ b/roles/lib_openshift/library/oc_group.py @@ -854,6 +854,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_image.py b/roles/lib_openshift/library/oc_image.py index 8aed060bb..bb7f97689 100644 --- a/roles/lib_openshift/library/oc_image.py +++ b/roles/lib_openshift/library/oc_image.py @@ -873,6 +873,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_label.py b/roles/lib_openshift/library/oc_label.py index 0d18a7afe..ec9abcda7 100644 --- a/roles/lib_openshift/library/oc_label.py +++ b/roles/lib_openshift/library/oc_label.py @@ -890,6 +890,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_obj.py b/roles/lib_openshift/library/oc_obj.py index 0b01670c6..3abd50a2e 100644 --- a/roles/lib_openshift/library/oc_obj.py +++ b/roles/lib_openshift/library/oc_obj.py @@ -98,7 +98,7 @@ options: aliases: [] kind: description: - - The kind attribute of the object. e.g. dc, bc, svc, route + - The kind attribute of the object. e.g. dc, bc, svc, route. May be a comma-separated list, e.g. "dc,po,svc". required: True default: None aliases: [] @@ -893,6 +893,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') @@ -1539,12 +1546,9 @@ class OCObject(OpenShiftCLI): # Delete ######## if state == 'absent': - # if we were passed a name, verify its not in our results - if params['name'] is not None and not Utils.exists(api_rval['results'], params['name']): - return {'changed': False, 'state': state} - - # verify results are empty for the selector - if params['selector'] is not None and len(api_rval['results']) == 0: + # verify its not in our results + if (params['name'] is not None or params['selector'] is not None) and \ + (len(api_rval['results']) == 0 or len(api_rval['results'][0].getattr('items', [])) == 0): return {'changed': False, 'state': state} if check_mode: diff --git a/roles/lib_openshift/library/oc_objectvalidator.py b/roles/lib_openshift/library/oc_objectvalidator.py index 9b321b47c..bc5245216 100644 --- a/roles/lib_openshift/library/oc_objectvalidator.py +++ b/roles/lib_openshift/library/oc_objectvalidator.py @@ -825,6 +825,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_process.py b/roles/lib_openshift/library/oc_process.py index 34f80ce13..de5426c51 100644 --- a/roles/lib_openshift/library/oc_process.py +++ b/roles/lib_openshift/library/oc_process.py @@ -882,6 +882,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_project.py b/roles/lib_openshift/library/oc_project.py index 331f31e41..02cd810ce 100644 --- a/roles/lib_openshift/library/oc_project.py +++ b/roles/lib_openshift/library/oc_project.py @@ -879,6 +879,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_pvc.py b/roles/lib_openshift/library/oc_pvc.py index 3e4601cc3..a9103ebf6 100644 --- a/roles/lib_openshift/library/oc_pvc.py +++ b/roles/lib_openshift/library/oc_pvc.py @@ -874,6 +874,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py index 755ab3b02..f005adffc 100644 --- a/roles/lib_openshift/library/oc_route.py +++ b/roles/lib_openshift/library/oc_route.py @@ -924,6 +924,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_scale.py b/roles/lib_openshift/library/oc_scale.py index 0c83338b0..9dcb38216 100644 --- a/roles/lib_openshift/library/oc_scale.py +++ b/roles/lib_openshift/library/oc_scale.py @@ -868,6 +868,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py index 26e52a926..2ac0abcec 100644 --- a/roles/lib_openshift/library/oc_secret.py +++ b/roles/lib_openshift/library/oc_secret.py @@ -914,6 +914,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_service.py b/roles/lib_openshift/library/oc_service.py index 440cda1b3..0af695e08 100644 --- a/roles/lib_openshift/library/oc_service.py +++ b/roles/lib_openshift/library/oc_service.py @@ -920,6 +920,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_serviceaccount.py b/roles/lib_openshift/library/oc_serviceaccount.py index 5eb36ee32..ba8a1fdac 100644 --- a/roles/lib_openshift/library/oc_serviceaccount.py +++ b/roles/lib_openshift/library/oc_serviceaccount.py @@ -866,6 +866,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_serviceaccount_secret.py b/roles/lib_openshift/library/oc_serviceaccount_secret.py index 1bc788e87..5bff7621c 100644 --- a/roles/lib_openshift/library/oc_serviceaccount_secret.py +++ b/roles/lib_openshift/library/oc_serviceaccount_secret.py @@ -866,6 +866,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_user.py b/roles/lib_openshift/library/oc_user.py index 3009e661a..450a30f57 100644 --- a/roles/lib_openshift/library/oc_user.py +++ b/roles/lib_openshift/library/oc_user.py @@ -926,6 +926,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_version.py b/roles/lib_openshift/library/oc_version.py index 88f295a74..0937df5a1 100644 --- a/roles/lib_openshift/library/oc_version.py +++ b/roles/lib_openshift/library/oc_version.py @@ -838,6 +838,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/library/oc_volume.py b/roles/lib_openshift/library/oc_volume.py index 5f936fb49..d0e7e77e1 100644 --- a/roles/lib_openshift/library/oc_volume.py +++ b/roles/lib_openshift/library/oc_volume.py @@ -903,6 +903,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/src/class/oc_adm_policy_user.py b/roles/lib_openshift/src/class/oc_adm_policy_user.py index 88fcc1ddc..37a685ebb 100644 --- a/roles/lib_openshift/src/class/oc_adm_policy_user.py +++ b/roles/lib_openshift/src/class/oc_adm_policy_user.py @@ -46,7 +46,7 @@ class PolicyUser(OpenShiftCLI): @property def policybindings(self): if self._policy_bindings is None: - results = self._get('clusterpolicybindings', None) + results = self._get('policybindings', None) if results['returncode'] != 0: raise OpenShiftCLIError('Could not retrieve policybindings') self._policy_bindings = results['results'][0]['items'][0] diff --git a/roles/lib_openshift/src/class/oc_clusterrole.py b/roles/lib_openshift/src/class/oc_clusterrole.py index 1d3d977db..ae6795446 100644 --- a/roles/lib_openshift/src/class/oc_clusterrole.py +++ b/roles/lib_openshift/src/class/oc_clusterrole.py @@ -22,7 +22,7 @@ class OCClusterRole(OpenShiftCLI): @property def clusterrole(self): ''' property for clusterrole''' - if not self._clusterrole: + if self._clusterrole is None: self.get() return self._clusterrole @@ -58,6 +58,7 @@ class OCClusterRole(OpenShiftCLI): elif 'clusterrole "{}" not found'.format(self.name) in result['stderr']: result['returncode'] = 0 + self.clusterrole = None return result @@ -127,6 +128,9 @@ class OCClusterRole(OpenShiftCLI): # Create it here api_rval = oc_clusterrole.create() + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + # return the created object api_rval = oc_clusterrole.get() diff --git a/roles/lib_openshift/src/class/oc_obj.py b/roles/lib_openshift/src/class/oc_obj.py index 667b98eac..89ee2f5a0 100644 --- a/roles/lib_openshift/src/class/oc_obj.py +++ b/roles/lib_openshift/src/class/oc_obj.py @@ -115,12 +115,9 @@ class OCObject(OpenShiftCLI): # Delete ######## if state == 'absent': - # if we were passed a name, verify its not in our results - if params['name'] is not None and not Utils.exists(api_rval['results'], params['name']): - return {'changed': False, 'state': state} - - # verify results are empty for the selector - if params['selector'] is not None and len(api_rval['results']) == 0: + # verify its not in our results + if (params['name'] is not None or params['selector'] is not None) and \ + (len(api_rval['results']) == 0 or len(api_rval['results'][0].getattr('items', [])) == 0): return {'changed': False, 'state': state} if check_mode: diff --git a/roles/lib_openshift/src/doc/obj b/roles/lib_openshift/src/doc/obj index e44843eb3..4ff912b2d 100644 --- a/roles/lib_openshift/src/doc/obj +++ b/roles/lib_openshift/src/doc/obj @@ -47,7 +47,7 @@ options: aliases: [] kind: description: - - The kind attribute of the object. e.g. dc, bc, svc, route + - The kind attribute of the object. e.g. dc, bc, svc, route. May be a comma-separated list, e.g. "dc,po,svc". required: True default: None aliases: [] diff --git a/roles/lib_openshift/src/lib/base.py b/roles/lib_openshift/src/lib/base.py index 1868b1420..fc1b6f1ec 100644 --- a/roles/lib_openshift/src/lib/base.py +++ b/roles/lib_openshift/src/lib/base.py @@ -76,6 +76,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') diff --git a/roles/lib_openshift/src/lib/rule.py b/roles/lib_openshift/src/lib/rule.py index 4590dcf90..fe5ed9723 100644 --- a/roles/lib_openshift/src/lib/rule.py +++ b/roles/lib_openshift/src/lib/rule.py @@ -136,9 +136,9 @@ class Rule(object): results = [] for rule in inc_rules: - results.append(Rule(rule['apiGroups'], - rule['attributeRestrictions'], - rule['resources'], - rule['verbs'])) + results.append(Rule(rule.get('apiGroups', ['']), + rule.get('attributeRestrictions', None), + rule.get('resources', []), + rule.get('verbs', []))) return results diff --git a/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py b/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py index bab36fddc..30e13ce4b 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py +++ b/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py @@ -205,10 +205,11 @@ class RegistryTest(unittest.TestCase): } ]}''' + @mock.patch('oc_adm_registry.locate_oc_binary') @mock.patch('oc_adm_registry.Utils._write') @mock.patch('oc_adm_registry.Utils.create_tmpfile_copy') @mock.patch('oc_adm_registry.Registry._run') - def test_state_present(self, mock_cmd, mock_tmpfile_copy, mock_write): + def test_state_present(self, mock_cmd, mock_tmpfile_copy, mock_write, mock_oc_binary): ''' Testing state present ''' params = {'state': 'present', 'debug': False, @@ -240,10 +241,9 @@ class RegistryTest(unittest.TestCase): (0, '', ''), ] - mock_tmpfile_copy.side_effect = [ - '/tmp/mocked_kubeconfig', - '/tmp/mocked_kubeconfig', - ] + mock_tmpfile_copy.return_value = '/tmp/mocked_kubeconfig' + + mock_oc_binary.return_value = 'oc' results = Registry.run_ansible(params, False) diff --git a/roles/lib_openshift/src/test/unit/test_oc_adm_router.py b/roles/lib_openshift/src/test/unit/test_oc_adm_router.py index 51393dbaf..5481ac623 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_adm_router.py +++ b/roles/lib_openshift/src/test/unit/test_oc_adm_router.py @@ -286,10 +286,11 @@ class RouterTest(unittest.TestCase): ] }''' + @mock.patch('oc_adm_router.locate_oc_binary') @mock.patch('oc_adm_router.Utils._write') @mock.patch('oc_adm_router.Utils.create_tmpfile_copy') @mock.patch('oc_adm_router.Router._run') - def test_state_present(self, mock_cmd, mock_tmpfile_copy, mock_write): + def test_state_present(self, mock_cmd, mock_tmpfile_copy, mock_write, mock_oc_binary): ''' Testing a create ''' params = {'state': 'present', 'debug': False, @@ -345,6 +346,10 @@ class RouterTest(unittest.TestCase): '/tmp/mocked_kubeconfig', ] + mock_oc_binary.side_effect = [ + 'oc', + ] + results = Router.run_ansible(params, False) self.assertTrue(results['changed']) diff --git a/roles/lib_openshift/src/test/unit/test_oc_objectvalidator.py b/roles/lib_openshift/src/test/unit/test_oc_objectvalidator.py index da326742f..b19a5a880 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_objectvalidator.py +++ b/roles/lib_openshift/src/test/unit/test_oc_objectvalidator.py @@ -25,9 +25,10 @@ class OCObjectValidatorTest(unittest.TestCase): maxDiff = None + @mock.patch('oc_objectvalidator.locate_oc_binary') @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy') @mock.patch('oc_objectvalidator.OCObjectValidator._run') - def test_no_data(self, mock_cmd, mock_tmpfile_copy): + def test_no_data(self, mock_cmd, mock_tmpfile_copy, mock_oc_binary): ''' Testing when both all objects are empty ''' # Arrange @@ -62,6 +63,10 @@ class OCObjectValidatorTest(unittest.TestCase): '/tmp/mocked_kubeconfig', ] + mock_oc_binary.side_effect = [ + 'oc', + ] + # Act results = OCObjectValidator.run_ansible(params) @@ -76,9 +81,10 @@ class OCObjectValidatorTest(unittest.TestCase): mock.call(['oc', 'get', 'namespace', '-o', 'json', '-n', 'default'], None), ]) + @mock.patch('oc_objectvalidator.locate_oc_binary') @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy') @mock.patch('oc_objectvalidator.OCObjectValidator._run') - def test_error_code(self, mock_cmd, mock_tmpfile_copy): + def test_error_code(self, mock_cmd, mock_tmpfile_copy, mock_oc_binary): ''' Testing when we fail to get objects ''' # Arrange @@ -98,6 +104,10 @@ class OCObjectValidatorTest(unittest.TestCase): '/tmp/mocked_kubeconfig', ] + mock_oc_binary.side_effect = [ + 'oc' + ] + error_results = { 'returncode': 1, 'stderr': 'Error.', @@ -120,9 +130,10 @@ class OCObjectValidatorTest(unittest.TestCase): mock.call(['oc', 'get', 'hostsubnet', '-o', 'json', '-n', 'default'], None), ]) + @mock.patch('oc_objectvalidator.locate_oc_binary') @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy') @mock.patch('oc_objectvalidator.OCObjectValidator._run') - def test_valid_both(self, mock_cmd, mock_tmpfile_copy): + def test_valid_both(self, mock_cmd, mock_tmpfile_copy, mock_oc_binary): ''' Testing when both all objects are valid ''' # Arrange @@ -427,6 +438,10 @@ class OCObjectValidatorTest(unittest.TestCase): '/tmp/mocked_kubeconfig', ] + mock_oc_binary.side_effect = [ + 'oc' + ] + # Act results = OCObjectValidator.run_ansible(params) @@ -441,9 +456,10 @@ class OCObjectValidatorTest(unittest.TestCase): mock.call(['oc', 'get', 'namespace', '-o', 'json', '-n', 'default'], None), ]) + @mock.patch('oc_objectvalidator.locate_oc_binary') @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy') @mock.patch('oc_objectvalidator.OCObjectValidator._run') - def test_invalid_both(self, mock_cmd, mock_tmpfile_copy): + def test_invalid_both(self, mock_cmd, mock_tmpfile_copy, mock_oc_binary): ''' Testing when all objects are invalid ''' # Arrange @@ -886,6 +902,10 @@ class OCObjectValidatorTest(unittest.TestCase): '/tmp/mocked_kubeconfig', ] + mock_oc_binary.side_effect = [ + 'oc' + ] + # Act results = OCObjectValidator.run_ansible(params) diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index 0f2bec6d3..c7e51bbfc 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -6,7 +6,7 @@ # This script should be run from openshift-ansible/roles/openshift_examples XPAAS_VERSION=ose-v1.3.6 -ORIGIN_VERSION=${1:-v1.6} +ORIGIN_VERSION=${1:-v3.6} RHAMP_TAG=1.0.0.GA RHAMP_TEMPLATE=https://raw.githubusercontent.com/3scale/rhamp-openshift-templates/${RHAMP_TAG}/apicast-gateway/apicast-gateway-template.yml EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION} diff --git a/roles/openshift_examples/files/examples/latest b/roles/openshift_examples/files/examples/latest index 536385712..08751d131 120000 --- a/roles/openshift_examples/files/examples/latest +++ b/roles/openshift_examples/files/examples/latest @@ -1 +1 @@ -v1.6
\ No newline at end of file +v3.6
\ No newline at end of file diff --git a/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-centos7.json index 1a90a9409..a81dbb654 100644 --- a/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-centos7.json @@ -800,7 +800,7 @@ "openshift.io/display-name": "Jenkins 1.X", "description": "Provides a Jenkins 1.X server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", - "tags": "jenkins", + "tags": "hidden,jenkins", "version": "1.x" }, "from": { diff --git a/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-rhel7.json index eb94c3bb4..2ed0efe1e 100644 --- a/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-rhel7.json +++ b/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-rhel7.json @@ -707,7 +707,7 @@ "openshift.io/display-name": "Jenkins 1.X", "description": "Provides a Jenkins 1.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", - "tags": "jenkins", + "tags": "hidden,jenkins", "version": "1.x" }, "from": { diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-pgsql-persistent.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-pgsql-persistent.json index fa31f7f61..a2b59c2d3 100644 --- a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-pgsql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-pgsql-persistent.json @@ -19,6 +19,17 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData": { + "database-password": "${DATABASE_PASSWORD}", + "connect-string": "Host=${DATABASE_SERVICE_NAME};Database=${DATABASE_NAME};Username=${DATABASE_USER};Password=${DATABASE_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -209,7 +220,12 @@ "env": [ { "name": "ConnectionString", - "value": "Host=${DATABASE_SERVICE_NAME};Database=${DATABASE_NAME};Username=${DATABASE_USER};Password=${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef": { + "name": "${NAME}", + "key": "connect-string" + } + } } ], "resources": { @@ -373,7 +389,12 @@ }, { "name": "POSTGRESQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef": { + "name": "${NAME}", + "key": "database-password" + } + } }, { "name": "POSTGRESQL_DATABASE", diff --git a/roles/openshift_examples/files/examples/v1.6/cfme-templates/cfme-pv-app-example.yaml b/roles/openshift_examples/files/examples/v3.6/cfme-templates/cfme-pv-app-example.yaml index 14bdd1dca..14bdd1dca 100644 --- a/roles/openshift_examples/files/examples/v1.6/cfme-templates/cfme-pv-app-example.yaml +++ b/roles/openshift_examples/files/examples/v3.6/cfme-templates/cfme-pv-app-example.yaml diff --git a/roles/openshift_examples/files/examples/v1.6/cfme-templates/cfme-pv-example.yaml b/roles/openshift_examples/files/examples/v3.6/cfme-templates/cfme-pv-example.yaml index 709d8d976..709d8d976 100644 --- a/roles/openshift_examples/files/examples/v1.6/cfme-templates/cfme-pv-example.yaml +++ b/roles/openshift_examples/files/examples/v3.6/cfme-templates/cfme-pv-example.yaml diff --git a/roles/openshift_examples/files/examples/v1.6/cfme-templates/cfme-template.yaml b/roles/openshift_examples/files/examples/v3.6/cfme-templates/cfme-template.yaml index 4f25a9c8f..4f25a9c8f 100644 --- a/roles/openshift_examples/files/examples/v1.6/cfme-templates/cfme-template.yaml +++ b/roles/openshift_examples/files/examples/v3.6/cfme-templates/cfme-template.yaml diff --git a/roles/openshift_examples/files/examples/v1.6/db-templates/README.md b/roles/openshift_examples/files/examples/v3.6/db-templates/README.md index a36d7ba7d..a36d7ba7d 100644 --- a/roles/openshift_examples/files/examples/v1.6/db-templates/README.md +++ b/roles/openshift_examples/files/examples/v3.6/db-templates/README.md diff --git a/roles/openshift_examples/files/examples/v1.6/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.6/db-templates/mariadb-ephemeral-template.json index f347f1f9f..f347f1f9f 100644 --- a/roles/openshift_examples/files/examples/v1.6/db-templates/mariadb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.6/db-templates/mariadb-ephemeral-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v3.6/db-templates/mariadb-persistent-template.json index 6ed744777..6ed744777 100644 --- a/roles/openshift_examples/files/examples/v1.6/db-templates/mariadb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.6/db-templates/mariadb-persistent-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.6/db-templates/mongodb-ephemeral-template.json index 97a8abf6d..97a8abf6d 100644 --- a/roles/openshift_examples/files/examples/v1.6/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.6/db-templates/mongodb-ephemeral-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v3.6/db-templates/mongodb-persistent-template.json index 0656219fb..0656219fb 100644 --- a/roles/openshift_examples/files/examples/v1.6/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.6/db-templates/mongodb-persistent-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.6/db-templates/mysql-ephemeral-template.json index d60b4647d..d60b4647d 100644 --- a/roles/openshift_examples/files/examples/v1.6/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.6/db-templates/mysql-ephemeral-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v3.6/db-templates/mysql-persistent-template.json index c2bfa40fd..c2bfa40fd 100644 --- a/roles/openshift_examples/files/examples/v1.6/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.6/db-templates/mysql-persistent-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.6/db-templates/postgresql-ephemeral-template.json index 7a16e742a..7a16e742a 100644 --- a/roles/openshift_examples/files/examples/v1.6/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.6/db-templates/postgresql-ephemeral-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v3.6/db-templates/postgresql-persistent-template.json index 242212d6f..242212d6f 100644 --- a/roles/openshift_examples/files/examples/v1.6/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.6/db-templates/postgresql-persistent-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/db-templates/redis-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.6/db-templates/redis-ephemeral-template.json index e9af50937..e9af50937 100644 --- a/roles/openshift_examples/files/examples/v1.6/db-templates/redis-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.6/db-templates/redis-ephemeral-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/db-templates/redis-persistent-template.json b/roles/openshift_examples/files/examples/v3.6/db-templates/redis-persistent-template.json index aa27578a9..aa27578a9 100644 --- a/roles/openshift_examples/files/examples/v1.6/db-templates/redis-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.6/db-templates/redis-persistent-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v3.6/image-streams/dotnet_imagestreams.json index 857ffa980..857ffa980 100644 --- a/roles/openshift_examples/files/examples/v1.6/image-streams/dotnet_imagestreams.json +++ b/roles/openshift_examples/files/examples/v3.6/image-streams/dotnet_imagestreams.json diff --git a/roles/openshift_examples/files/examples/v1.6/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v3.6/image-streams/image-streams-centos7.json index 1a90a9409..a81dbb654 100644 --- a/roles/openshift_examples/files/examples/v1.6/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/v3.6/image-streams/image-streams-centos7.json @@ -800,7 +800,7 @@ "openshift.io/display-name": "Jenkins 1.X", "description": "Provides a Jenkins 1.X server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", - "tags": "jenkins", + "tags": "hidden,jenkins", "version": "1.x" }, "from": { diff --git a/roles/openshift_examples/files/examples/v1.6/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/v3.6/image-streams/image-streams-rhel7.json index eb94c3bb4..2ed0efe1e 100644 --- a/roles/openshift_examples/files/examples/v1.6/image-streams/image-streams-rhel7.json +++ b/roles/openshift_examples/files/examples/v3.6/image-streams/image-streams-rhel7.json @@ -707,7 +707,7 @@ "openshift.io/display-name": "Jenkins 1.X", "description": "Provides a Jenkins 1.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", - "tags": "jenkins", + "tags": "hidden,jenkins", "version": "1.x" }, "from": { diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/README.md b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/README.md index f48d8d4a8..f48d8d4a8 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/README.md +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/README.md diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/apicast-gateway-template.yml b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/apicast-gateway-template.yml index 34f5fcbcc..34f5fcbcc 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/apicast-gateway-template.yml +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/apicast-gateway-template.yml diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/cakephp-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/cakephp-mysql-persistent.json index eb3d296be..eb3d296be 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/cakephp-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/cakephp-mysql-persistent.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/cakephp-mysql.json index da2454d2e..da2454d2e 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/cakephp-mysql.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/dancer-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/dancer-mysql-persistent.json index 81ae63416..81ae63416 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/dancer-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/dancer-mysql-persistent.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/dancer-mysql.json index 7a285dba8..7a285dba8 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/dancer-mysql.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/django-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/django-postgresql-persistent.json index 9f982c286..9f982c286 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/django-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/django-postgresql-persistent.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/django-postgresql.json index 7bee85ddd..7bee85ddd 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/django-postgresql.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/dotnet-example.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/dotnet-example.json index a09d71a00..a09d71a00 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/dotnet-example.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/dotnet-example.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/dotnet-pgsql-persistent.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/dotnet-pgsql-persistent.json index fa31f7f61..a2b59c2d3 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/dotnet-pgsql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/dotnet-pgsql-persistent.json @@ -19,6 +19,17 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData": { + "database-password": "${DATABASE_PASSWORD}", + "connect-string": "Host=${DATABASE_SERVICE_NAME};Database=${DATABASE_NAME};Username=${DATABASE_USER};Password=${DATABASE_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -209,7 +220,12 @@ "env": [ { "name": "ConnectionString", - "value": "Host=${DATABASE_SERVICE_NAME};Database=${DATABASE_NAME};Username=${DATABASE_USER};Password=${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef": { + "name": "${NAME}", + "key": "connect-string" + } + } } ], "resources": { @@ -373,7 +389,12 @@ }, { "name": "POSTGRESQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef": { + "name": "${NAME}", + "key": "database-password" + } + } }, { "name": "POSTGRESQL_DATABASE", diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/jenkins-ephemeral-template.json index 264e4b2de..264e4b2de 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/jenkins-ephemeral-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/jenkins-persistent-template.json index b47bdf353..b47bdf353 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/jenkins-persistent-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/nodejs-mongodb-persistent.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/nodejs-mongodb-persistent.json index 6ee999cb1..6ee999cb1 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/nodejs-mongodb-persistent.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/nodejs-mongodb-persistent.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/nodejs-mongodb.json index 5c177a7e0..5c177a7e0 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/nodejs-mongodb.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/rails-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/rails-postgresql-persistent.json index b400cfdb3..b400cfdb3 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/rails-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/rails-postgresql-persistent.json diff --git a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/rails-postgresql.json index fa67412ff..fa67412ff 100644 --- a/roles/openshift_examples/files/examples/v1.6/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.6/quickstart-templates/rails-postgresql.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-streams/fis-image-streams.json b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/fis-image-streams.json index 9d99973be..9d99973be 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-streams/fis-image-streams.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/fis-image-streams.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json index 049f3f884..049f3f884 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/amq62-basic.json index ab35afead..ab35afead 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/amq62-basic.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/amq62-basic.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/amq62-persistent-ssl.json index c12f06dec..c12f06dec 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/amq62-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/amq62-persistent-ssl.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/amq62-persistent.json index 897ce0395..897ce0395 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/amq62-persistent.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/amq62-persistent.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/amq62-ssl.json index 97d110286..97d110286 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/amq62-ssl.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/amq62-ssl.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-basic.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-basic.json index 56e76016f..56e76016f 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-basic.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-basic.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-https.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-https.json index 639ac2e11..639ac2e11 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-https.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-https.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-mysql-persistent.json index 22ca3f0a0..22ca3f0a0 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-mysql-persistent.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-mysql.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-mysql.json index e1a585d24..e1a585d24 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-mysql.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-mysql.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-postgresql-persistent.json index 12720eb19..12720eb19 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-postgresql-persistent.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-postgresql.json index da8015fb0..da8015fb0 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datagrid65-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datagrid65-postgresql.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datavirt63-basic-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datavirt63-basic-s2i.json index 7d64dac98..7d64dac98 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datavirt63-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datavirt63-basic-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datavirt63-extensions-support-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datavirt63-extensions-support-s2i.json index 1e7c03b99..1e7c03b99 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datavirt63-extensions-support-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datavirt63-extensions-support-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datavirt63-secure-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datavirt63-secure-s2i.json index 07f926ff3..07f926ff3 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/datavirt63-secure-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/datavirt63-secure-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver62-amq-s2i.json index 754a3b4c0..754a3b4c0 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver62-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver62-amq-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver62-basic-s2i.json index 8be4ac90b..8be4ac90b 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver62-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver62-basic-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver62-https-s2i.json index bf9047599..bf9047599 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver62-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver62-https-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver63-amq-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver63-amq-s2i.json index 51e667e02..51e667e02 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver63-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver63-amq-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver63-basic-s2i.json index c5f0d006a..c5f0d006a 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver63-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver63-basic-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver63-https-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver63-https-s2i.json index 3db0e4c84..3db0e4c84 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/decisionserver63-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/decisionserver63-https-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-amq-persistent-s2i.json index 72dbb4302..72dbb4302 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-amq-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-amq-s2i.json index 9dd847451..9dd847451 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-amq-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-basic-s2i.json index 7b1800b7b..7b1800b7b 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-basic-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-https-s2i.json index 31716d84c..31716d84c 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-https-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-mongodb-persistent-s2i.json index 212431056..212431056 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-mongodb-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-mongodb-s2i.json index 13fbbdd93..13fbbdd93 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-mongodb-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-mysql-persistent-s2i.json index 69fdec206..69fdec206 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-mysql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-mysql-s2i.json index 2bd3c249f..2bd3c249f 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-mysql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-postgresql-persistent-s2i.json index 31f245950..31f245950 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-postgresql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-postgresql-s2i.json index eac964697..eac964697 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-postgresql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-sso-s2i.json index 09023be71..09023be71 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap64-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap64-sso-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-amq-persistent-s2i.json index f08cdf2f9..f08cdf2f9 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-amq-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-amq-s2i.json index 3ca9e9fab..3ca9e9fab 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-amq-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-basic-s2i.json index 83b4d5b24..83b4d5b24 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-basic-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-https-s2i.json index 1292442a4..1292442a4 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-https-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-mongodb-persistent-s2i.json index 99db77d58..99db77d58 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-mongodb-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-mongodb-s2i.json index c8150c231..c8150c231 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-mongodb-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-mysql-persistent-s2i.json index f8e5c2b04..f8e5c2b04 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-mysql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-mysql-s2i.json index 1edeb62e7..1edeb62e7 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-mysql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-postgresql-persistent-s2i.json index d11df06ee..d11df06ee 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-postgresql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-postgresql-s2i.json index 6b7f6d707..6b7f6d707 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-postgresql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-sso-s2i.json index 811602220..811602220 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/eap70-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/eap70-sso-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-basic-s2i.json index 413a6de87..413a6de87 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-basic-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-https-s2i.json index 610ea9441..610ea9441 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-https-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json index 6ef9d6e4c..6ef9d6e4c 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-mongodb-s2i.json index 9b48f8ae7..9b48f8ae7 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-mongodb-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json index 30af703ce..30af703ce 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-mysql-s2i.json index c2843af63..c2843af63 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-mysql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json index b8372f374..b8372f374 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-postgresql-s2i.json index cd5bb9fa4..cd5bb9fa4 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat7-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat7-postgresql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-basic-s2i.json index cb1e49d29..cb1e49d29 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-basic-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-https-s2i.json index 21d5662c7..21d5662c7 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-https-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json index 34657d826..34657d826 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-mongodb-s2i.json index 974cfaddb..974cfaddb 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-mongodb-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json index 7a8231cc5..7a8231cc5 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-mysql-s2i.json index cda21f237..cda21f237 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-mysql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json index 4dfc98015..4dfc98015 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-postgresql-s2i.json index f6c85668c..f6c85668c 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/jws30-tomcat8-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/jws30-tomcat8-postgresql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/karaf2-camel-amq-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/karaf2-camel-amq-template.json index cd0bec3c1..cd0bec3c1 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/karaf2-camel-amq-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/karaf2-camel-amq-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/karaf2-camel-log-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/karaf2-camel-log-template.json index 2ecce08a9..2ecce08a9 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/karaf2-camel-log-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/karaf2-camel-log-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/karaf2-camel-rest-sql-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/karaf2-camel-rest-sql-template.json index d80939efb..d80939efb 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/karaf2-camel-rest-sql-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/karaf2-camel-rest-sql-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/karaf2-cxf-rest-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/karaf2-cxf-rest-template.json index f99099868..f99099868 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/karaf2-cxf-rest-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/karaf2-cxf-rest-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/openjdk18-web-basic-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/openjdk18-web-basic-s2i.json index 143e16756..143e16756 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/openjdk18-web-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/openjdk18-web-basic-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json index 1dea463ac..1dea463ac 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-amq-mysql-s2i.json index 42264585b..42264585b 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-amq-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-amq-mysql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json index f6d0c99ed..f6d0c99ed 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-amq-postgresql-s2i.json index 41c726cf0..41c726cf0 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-amq-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-amq-postgresql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-basic-s2i.json index 170c919cb..170c919cb 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-basic-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-mysql-persistent-s2i.json index 89d0db1a6..89d0db1a6 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-mysql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-mysql-s2i.json index 26cab29f8..26cab29f8 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-mysql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-postgresql-persistent-s2i.json index 32a512829..32a512829 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-postgresql-persistent-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-postgresql-s2i.json index 55e2199bb..55e2199bb 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/processserver63-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/processserver63-postgresql-s2i.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-amq-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-amq-template.json index 8b3cd6ed0..8b3cd6ed0 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-amq-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-amq-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-config-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-config-template.json index bc5bbad22..bc5bbad22 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-config-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-config-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-drools-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-drools-template.json index e54fa0d59..e54fa0d59 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-drools-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-drools-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-infinispan-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-infinispan-template.json index 20ba97dac..20ba97dac 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-infinispan-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-infinispan-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-rest-sql-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-rest-sql-template.json index 555647fab..555647fab 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-rest-sql-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-rest-sql-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-teiid-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-teiid-template.json index cf9a4e903..cf9a4e903 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-teiid-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-teiid-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-template.json index c78a96f7c..c78a96f7c 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-xml-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-xml-template.json index 620425902..620425902 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-camel-xml-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-camel-xml-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-cxf-jaxrs-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-cxf-jaxrs-template.json index 15cfc93fd..15cfc93fd 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-cxf-jaxrs-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-cxf-jaxrs-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-cxf-jaxws-template.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-cxf-jaxws-template.json index c70ee7726..c70ee7726 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/spring-boot-cxf-jaxws-template.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/spring-boot-cxf-jaxws-template.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/sso70-https.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/sso70-https.json index fb0578a67..fb0578a67 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/sso70-https.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/sso70-https.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/sso70-mysql-persistent.json index dcbb24bf1..dcbb24bf1 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/sso70-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/sso70-mysql-persistent.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/sso70-mysql.json index 1768f7a1b..1768f7a1b 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/sso70-mysql.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/sso70-mysql.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/sso70-postgresql-persistent.json index 4c2f81f2e..4c2f81f2e 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/sso70-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/sso70-postgresql-persistent.json diff --git a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/sso70-postgresql.json index d8402ef72..d8402ef72 100644 --- a/roles/openshift_examples/files/examples/v1.6/xpaas-templates/sso70-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-templates/sso70-postgresql.json diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index adeb85c3f..ca0279426 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -911,7 +911,7 @@ def set_version_facts_if_unset(facts): version_gte_3_3_or_1_3 = version >= LooseVersion('1.3.0') version_gte_3_4_or_1_4 = version >= LooseVersion('1.4.0') version_gte_3_5_or_1_5 = version >= LooseVersion('1.5.0') - version_gte_3_6_or_1_6 = version >= LooseVersion('3.6.0') or version >= LooseVersion('1.6.0') + version_gte_3_6 = version >= LooseVersion('3.6.0') else: version_gte_3_1_or_1_1 = version >= LooseVersion('3.0.2.905') version_gte_3_1_1_or_1_1_1 = version >= LooseVersion('3.1.1') @@ -919,25 +919,26 @@ def set_version_facts_if_unset(facts): version_gte_3_3_or_1_3 = version >= LooseVersion('3.3.0') version_gte_3_4_or_1_4 = version >= LooseVersion('3.4.0') version_gte_3_5_or_1_5 = version >= LooseVersion('3.5.0') - version_gte_3_6_or_1_6 = version >= LooseVersion('3.6.0') + version_gte_3_6 = version >= LooseVersion('3.6.0') else: + # 'Latest' version is set to True, 'Next' versions set to False version_gte_3_1_or_1_1 = True version_gte_3_1_1_or_1_1_1 = True version_gte_3_2_or_1_2 = True version_gte_3_3_or_1_3 = True version_gte_3_4_or_1_4 = True version_gte_3_5_or_1_5 = True - version_gte_3_6_or_1_6 = False + version_gte_3_6 = True facts['common']['version_gte_3_1_or_1_1'] = version_gte_3_1_or_1_1 facts['common']['version_gte_3_1_1_or_1_1_1'] = version_gte_3_1_1_or_1_1_1 facts['common']['version_gte_3_2_or_1_2'] = version_gte_3_2_or_1_2 facts['common']['version_gte_3_3_or_1_3'] = version_gte_3_3_or_1_3 facts['common']['version_gte_3_4_or_1_4'] = version_gte_3_4_or_1_4 facts['common']['version_gte_3_5_or_1_5'] = version_gte_3_5_or_1_5 - facts['common']['version_gte_3_6_or_1_6'] = version_gte_3_6_or_1_6 + facts['common']['version_gte_3_6'] = version_gte_3_6 - if version_gte_3_6_or_1_6: - examples_content_version = 'v1.6' + if version_gte_3_6: + examples_content_version = 'v3.6' elif version_gte_3_5_or_1_5: examples_content_version = 'v1.5' elif version_gte_3_4_or_1_4: diff --git a/roles/openshift_health_checker/openshift_checks/disk_availability.py b/roles/openshift_health_checker/openshift_checks/disk_availability.py new file mode 100644 index 000000000..c2792a0fe --- /dev/null +++ b/roles/openshift_health_checker/openshift_checks/disk_availability.py @@ -0,0 +1,65 @@ +# pylint: disable=missing-docstring +from openshift_checks import OpenShiftCheck, OpenShiftCheckException, get_var +from openshift_checks.mixins import NotContainerizedMixin + + +class DiskAvailability(NotContainerizedMixin, OpenShiftCheck): + """Check that recommended disk space is available before a first-time install.""" + + name = "disk_availability" + tags = ["preflight"] + + # Values taken from the official installation documentation: + # https://docs.openshift.org/latest/install_config/install/prerequisites.html#system-requirements + recommended_disk_space_bytes = { + "masters": 40 * 10**9, + "nodes": 15 * 10**9, + "etcd": 20 * 10**9, + } + + @classmethod + def is_active(cls, task_vars): + """Skip hosts that do not have recommended disk space requirements.""" + group_names = get_var(task_vars, "group_names", default=[]) + has_disk_space_recommendation = bool(set(group_names).intersection(cls.recommended_disk_space_bytes)) + return super(DiskAvailability, cls).is_active(task_vars) and has_disk_space_recommendation + + def run(self, tmp, task_vars): + group_names = get_var(task_vars, "group_names") + ansible_mounts = get_var(task_vars, "ansible_mounts") + + min_free_bytes = max(self.recommended_disk_space_bytes.get(name, 0) for name in group_names) + free_bytes = self.openshift_available_disk(ansible_mounts) + + if free_bytes < min_free_bytes: + return { + 'failed': True, + 'msg': ( + 'Available disk space ({:.1f} GB) for the volume containing ' + '"/var" is below minimum recommended space ({:.1f} GB)' + ).format(float(free_bytes) / 10**9, float(min_free_bytes) / 10**9) + } + + return {} + + @staticmethod + def openshift_available_disk(ansible_mounts): + """Determine the available disk space for an OpenShift installation. + + ansible_mounts should be a list of dicts like the 'setup' Ansible module + returns. + """ + # priority list in descending order + supported_mnt_paths = ["/var", "/"] + available_mnts = {mnt.get("mount"): mnt for mnt in ansible_mounts} + + try: + for path in supported_mnt_paths: + if path in available_mnts: + return available_mnts[path]["size_available"] + except KeyError: + pass + + paths = ''.join(sorted(available_mnts)) or 'none' + msg = "Unable to determine available disk space. Paths mounted: {}.".format(paths) + raise OpenShiftCheckException(msg) diff --git a/roles/openshift_health_checker/openshift_checks/memory_availability.py b/roles/openshift_health_checker/openshift_checks/memory_availability.py new file mode 100644 index 000000000..28805dc37 --- /dev/null +++ b/roles/openshift_health_checker/openshift_checks/memory_availability.py @@ -0,0 +1,44 @@ +# pylint: disable=missing-docstring +from openshift_checks import OpenShiftCheck, get_var + + +class MemoryAvailability(OpenShiftCheck): + """Check that recommended memory is available.""" + + name = "memory_availability" + tags = ["preflight"] + + # Values taken from the official installation documentation: + # https://docs.openshift.org/latest/install_config/install/prerequisites.html#system-requirements + recommended_memory_bytes = { + "masters": 16 * 10**9, + "nodes": 8 * 10**9, + "etcd": 20 * 10**9, + } + + @classmethod + def is_active(cls, task_vars): + """Skip hosts that do not have recommended memory requirements.""" + group_names = get_var(task_vars, "group_names", default=[]) + has_memory_recommendation = bool(set(group_names).intersection(cls.recommended_memory_bytes)) + return super(MemoryAvailability, cls).is_active(task_vars) and has_memory_recommendation + + def run(self, tmp, task_vars): + group_names = get_var(task_vars, "group_names") + total_memory_bytes = get_var(task_vars, "ansible_memtotal_mb") * 10**6 + + min_memory_bytes = max(self.recommended_memory_bytes.get(name, 0) for name in group_names) + + if total_memory_bytes < min_memory_bytes: + return { + 'failed': True, + 'msg': ( + 'Available memory ({available:.1f} GB) ' + 'below recommended value ({recommended:.1f} GB)' + ).format( + available=float(total_memory_bytes) / 10**9, + recommended=float(min_memory_bytes) / 10**9, + ), + } + + return {} diff --git a/roles/openshift_health_checker/openshift_checks/mixins.py b/roles/openshift_health_checker/openshift_checks/mixins.py index 657e15160..20d160eaf 100644 --- a/roles/openshift_health_checker/openshift_checks/mixins.py +++ b/roles/openshift_health_checker/openshift_checks/mixins.py @@ -1,4 +1,8 @@ -# pylint: disable=missing-docstring +# pylint: disable=missing-docstring,too-few-public-methods +""" +Mixin classes meant to be used with subclasses of OpenShiftCheck. +""" + from openshift_checks import get_var @@ -7,12 +11,5 @@ class NotContainerizedMixin(object): @classmethod def is_active(cls, task_vars): - return ( - # This mixin is meant to be used with subclasses of OpenShiftCheck. - super(NotContainerizedMixin, cls).is_active(task_vars) and - not cls.is_containerized(task_vars) - ) - - @staticmethod - def is_containerized(task_vars): - return get_var(task_vars, "openshift", "common", "is_containerized") + is_containerized = get_var(task_vars, "openshift", "common", "is_containerized") + return super(NotContainerizedMixin, cls).is_active(task_vars) and not is_containerized diff --git a/roles/openshift_health_checker/test/action_plugin_test.py b/roles/openshift_health_checker/test/action_plugin_test.py index a877246f4..2693ae37b 100644 --- a/roles/openshift_health_checker/test/action_plugin_test.py +++ b/roles/openshift_health_checker/test/action_plugin_test.py @@ -1,5 +1,7 @@ import pytest +from ansible.playbook.play_context import PlayContext + from openshift_health_check import ActionModule, resolve_checks from openshift_checks import OpenShiftCheckException @@ -34,7 +36,7 @@ def fake_check(name='fake_check', tags=None, is_active=True, run_return=None, ru @pytest.fixture def plugin(): task = FakeTask('openshift_health_check', {'checks': ['fake_check']}) - plugin = ActionModule(task, None, None, None, None, None) + plugin = ActionModule(task, None, PlayContext(), None, None, None) return plugin diff --git a/roles/openshift_health_checker/test/disk_availability_test.py b/roles/openshift_health_checker/test/disk_availability_test.py new file mode 100644 index 000000000..970b474d7 --- /dev/null +++ b/roles/openshift_health_checker/test/disk_availability_test.py @@ -0,0 +1,155 @@ +import pytest + +from openshift_checks.disk_availability import DiskAvailability, OpenShiftCheckException + + +@pytest.mark.parametrize('group_names,is_containerized,is_active', [ + (['masters'], False, True), + # ensure check is skipped on containerized installs + (['masters'], True, False), + (['nodes'], False, True), + (['etcd'], False, True), + (['masters', 'nodes'], False, True), + (['masters', 'etcd'], False, True), + ([], False, False), + (['lb'], False, False), + (['nfs'], False, False), +]) +def test_is_active(group_names, is_containerized, is_active): + task_vars = dict( + group_names=group_names, + openshift=dict(common=dict(is_containerized=is_containerized)), + ) + assert DiskAvailability.is_active(task_vars=task_vars) == is_active + + +@pytest.mark.parametrize('ansible_mounts,extra_words', [ + ([], ['none']), # empty ansible_mounts + ([{'mount': '/mnt'}], ['/mnt']), # missing relevant mount paths + ([{'mount': '/var'}], ['/var']), # missing size_available +]) +def test_cannot_determine_available_disk(ansible_mounts, extra_words): + task_vars = dict( + group_names=['masters'], + ansible_mounts=ansible_mounts, + ) + check = DiskAvailability(execute_module=fake_execute_module) + + with pytest.raises(OpenShiftCheckException) as excinfo: + check.run(tmp=None, task_vars=task_vars) + + for word in 'determine available disk'.split() + extra_words: + assert word in str(excinfo.value) + + +@pytest.mark.parametrize('group_names,ansible_mounts', [ + ( + ['masters'], + [{ + 'mount': '/', + 'size_available': 40 * 10**9 + 1, + }], + ), + ( + ['nodes'], + [{ + 'mount': '/', + 'size_available': 15 * 10**9 + 1, + }], + ), + ( + ['etcd'], + [{ + 'mount': '/', + 'size_available': 20 * 10**9 + 1, + }], + ), + ( + ['etcd'], + [{ + # not enough space on / ... + 'mount': '/', + 'size_available': 0, + }, { + # ... but enough on /var + 'mount': '/var', + 'size_available': 20 * 10**9 + 1, + }], + ), +]) +def test_succeeds_with_recommended_disk_space(group_names, ansible_mounts): + task_vars = dict( + group_names=group_names, + ansible_mounts=ansible_mounts, + ) + + check = DiskAvailability(execute_module=fake_execute_module) + result = check.run(tmp=None, task_vars=task_vars) + + assert not result.get('failed', False) + + +@pytest.mark.parametrize('group_names,ansible_mounts,extra_words', [ + ( + ['masters'], + [{ + 'mount': '/', + 'size_available': 1, + }], + ['0.0 GB'], + ), + ( + ['nodes'], + [{ + 'mount': '/', + 'size_available': 1 * 10**9, + }], + ['1.0 GB'], + ), + ( + ['etcd'], + [{ + 'mount': '/', + 'size_available': 1, + }], + ['0.0 GB'], + ), + ( + ['nodes', 'masters'], + [{ + 'mount': '/', + # enough space for a node, not enough for a master + 'size_available': 15 * 10**9 + 1, + }], + ['15.0 GB'], + ), + ( + ['etcd'], + [{ + # enough space on / ... + 'mount': '/', + 'size_available': 20 * 10**9 + 1, + }, { + # .. but not enough on /var + 'mount': '/var', + 'size_available': 0, + }], + ['0.0 GB'], + ), +]) +def test_fails_with_insufficient_disk_space(group_names, ansible_mounts, extra_words): + task_vars = dict( + group_names=group_names, + ansible_mounts=ansible_mounts, + ) + + check = DiskAvailability(execute_module=fake_execute_module) + result = check.run(tmp=None, task_vars=task_vars) + + assert result['failed'] + for word in 'below recommended'.split() + extra_words: + assert word in result['msg'] + + +def fake_execute_module(*args): + raise AssertionError('this function should not be called') diff --git a/roles/openshift_health_checker/test/memory_availability_test.py b/roles/openshift_health_checker/test/memory_availability_test.py new file mode 100644 index 000000000..e161a5b9e --- /dev/null +++ b/roles/openshift_health_checker/test/memory_availability_test.py @@ -0,0 +1,91 @@ +import pytest + +from openshift_checks.memory_availability import MemoryAvailability + + +@pytest.mark.parametrize('group_names,is_active', [ + (['masters'], True), + (['nodes'], True), + (['etcd'], True), + (['masters', 'nodes'], True), + (['masters', 'etcd'], True), + ([], False), + (['lb'], False), + (['nfs'], False), +]) +def test_is_active(group_names, is_active): + task_vars = dict( + group_names=group_names, + ) + assert MemoryAvailability.is_active(task_vars=task_vars) == is_active + + +@pytest.mark.parametrize('group_names,ansible_memtotal_mb', [ + ( + ['masters'], + 17200, + ), + ( + ['nodes'], + 8200, + ), + ( + ['etcd'], + 22200, + ), + ( + ['masters', 'nodes'], + 17000, + ), +]) +def test_succeeds_with_recommended_memory(group_names, ansible_memtotal_mb): + task_vars = dict( + group_names=group_names, + ansible_memtotal_mb=ansible_memtotal_mb, + ) + + check = MemoryAvailability(execute_module=fake_execute_module) + result = check.run(tmp=None, task_vars=task_vars) + + assert not result.get('failed', False) + + +@pytest.mark.parametrize('group_names,ansible_memtotal_mb,extra_words', [ + ( + ['masters'], + 0, + ['0.0 GB'], + ), + ( + ['nodes'], + 100, + ['0.1 GB'], + ), + ( + ['etcd'], + -1, + ['0.0 GB'], + ), + ( + ['nodes', 'masters'], + # enough memory for a node, not enough for a master + 11000, + ['11.0 GB'], + ), +]) +def test_fails_with_insufficient_memory(group_names, ansible_memtotal_mb, extra_words): + task_vars = dict( + group_names=group_names, + ansible_memtotal_mb=ansible_memtotal_mb, + ) + + check = MemoryAvailability(execute_module=fake_execute_module) + result = check.run(tmp=None, task_vars=task_vars) + + assert result['failed'] + for word in 'below recommended'.split() + extra_words: + assert word in result['msg'] + + +def fake_execute_module(*args): + raise AssertionError('this function should not be called') diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index 596b36239..e7e62e5e4 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -24,9 +24,9 @@ openshift_hosted_routers: ports: - 80:80 - 443:443 - certificates: "{{ openshift_hosted_router_certificates | default({}) }}" + certificate: "{{ openshift_hosted_router_certificate | default({}) }}" -openshift_hosted_router_certificates: {} +openshift_hosted_router_certificate: {} openshift_hosted_registry_cert_expire_days: 730 openshift_hosted_router_create_certificate: False diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index c71d0a34f..e75e3b16f 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -25,13 +25,13 @@ hostnames: - "{{ openshift_master_default_subdomain }}" - "*.{{ openshift_master_default_subdomain }}" - cert: "{{ ('/etc/origin/master/' ~ (item.certificates.certfile | basename)) if 'certfile' in item.certificates else ((openshift_master_config_dir) ~ '/openshift-router.crt') }}" - key: "{{ ('/etc/origin/master/' ~ (item.certificates.keyfile | basename)) if 'keyfile' in item.certificates else ((openshift_master_config_dir) ~ '/openshift-router.key') }}" + cert: "{{ ('/etc/origin/master/' ~ (item.certificate.certfile | basename)) if 'certfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.crt') }}" + key: "{{ ('/etc/origin/master/' ~ (item.certificate.keyfile | basename)) if 'keyfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.key') }}" with_items: "{{ openshift_hosted_routers }}" - - name: set the openshift_hosted_router_certificates + - name: set the openshift_hosted_router_certificate set_fact: - openshift_hosted_router_certificates: + openshift_hosted_router_certificate: certfile: "{{ openshift_master_config_dir ~ '/openshift-router.crt' }}" keyfile: "{{ openshift_master_config_dir ~ '/openshift-router.key' }}" cafile: "{{ openshift_master_config_dir ~ '/ca.crt' }}" @@ -44,7 +44,7 @@ backup: True dest: "/etc/origin/master/{{ item | basename }}" src: "{{ item }}" - with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificates') | + with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" when: not openshift_hosted_router_create_certificate @@ -82,9 +82,9 @@ service_account: "{{ item.serviceaccount | default('router') }}" selector: "{{ item.selector | default(none) }}" images: "{{ item.images | default(omit) }}" - cert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.certfile | basename)) if 'certfile' in item.certificates else omit }}" - key_file: "{{ ('/etc/origin/master/' ~ (item.certificates.keyfile | basename)) if 'keyfile' in item.certificates else omit }}" - cacert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.cafile | basename)) if 'cafile' in item.certificates else omit }}" + cert_file: "{{ ('/etc/origin/master/' ~ (item.certificate.certfile | basename)) if 'certfile' in item.certificate else omit }}" + key_file: "{{ ('/etc/origin/master/' ~ (item.certificate.keyfile | basename)) if 'keyfile' in item.certificate else omit }}" + cacert_file: "{{ ('/etc/origin/master/' ~ (item.certificate.cafile | basename)) if 'cafile' in item.certificate else omit }}" edits: "{{ openshift_hosted_router_edits | union(item.edits) }}" ports: "{{ item.ports }}" stats_port: "{{ item.stats_port }}" diff --git a/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml index c67058696..5abb2ef83 100644 --- a/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml +++ b/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml @@ -223,7 +223,7 @@ items: - description: 'Specify version for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.4.0", set version "3.4.0"' name: IMAGE_VERSION - value: "3.4.0" + value: "v3.4" - description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." name: IMAGE_PULL_SECRET diff --git a/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml index 6ead122c5..1d319eab8 100644 --- a/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml +++ b/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml @@ -105,7 +105,7 @@ parameters: - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION - value: "3.4.0" + value: "v3.4" - description: "Internal URL for the master, for authentication retrieval" name: MASTER_URL @@ -118,7 +118,7 @@ parameters: description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" name: MODE value: "deploy" -- +- description: "Set to true to continue even if the deployer runs into an error." name: CONTINUE_ON_ERROR value: "false" diff --git a/roles/openshift_hosted_templates/files/v1.5/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.5/enterprise/logging-deployer.yaml deleted file mode 100644 index fdfc285ca..000000000 --- a/roles/openshift_hosted_templates/files/v1.5/enterprise/logging-deployer.yaml +++ /dev/null @@ -1,345 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: -- - apiVersion: "v1" - kind: "Template" - metadata: - name: logging-deployer-account-template - annotations: - description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." - tags: "infrastructure" - objects: - - - apiVersion: v1 - kind: ServiceAccount - name: logging-deployer - metadata: - name: logging-deployer - labels: - logging-infra: deployer - provider: openshift - component: deployer - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-kibana - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-elasticsearch - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-fluentd - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-curator - - apiVersion: v1 - kind: ClusterRole - metadata: - name: oauth-editor - rules: - - resources: - - oauthclients - verbs: - - create - - delete - - apiVersion: v1 - kind: ClusterRole - metadata: - name: daemonset-admin - rules: - - resources: - - daemonsets - apiGroups: - - extensions - verbs: - - create - - get - - list - - watch - - delete - - update - - apiVersion: v1 - kind: ClusterRole - metadata: - name: rolebinding-reader - rules: - - resources: - - clusterrolebindings - verbs: - - get - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-deployer-edit-role - roleRef: - kind: ClusterRole - name: edit - subjects: - - kind: ServiceAccount - name: logging-deployer - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-deployer-dsadmin-role - roleRef: - kind: ClusterRole - name: daemonset-admin - subjects: - - kind: ServiceAccount - name: logging-deployer - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-elasticsearch-view-role - roleRef: - kind: ClusterRole - name: view - subjects: - - kind: ServiceAccount - name: aggregated-logging-elasticsearch -- - apiVersion: "v1" - kind: "Template" - metadata: - name: logging-deployer-template - annotations: - description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." - tags: "infrastructure" - labels: - logging-infra: deployer - provider: openshift - objects: - - - apiVersion: v1 - kind: Pod - metadata: - generateName: logging-deployer- - spec: - containers: - - image: ${IMAGE_PREFIX}logging-deployer:${IMAGE_VERSION} - imagePullPolicy: Always - name: deployer - volumeMounts: - - name: empty - mountPath: /etc/deploy - env: - - name: PROJECT - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: IMAGE_PREFIX - value: ${IMAGE_PREFIX} - - name: IMAGE_VERSION - value: ${IMAGE_VERSION} - - name: IMAGE_PULL_SECRET - value: ${IMAGE_PULL_SECRET} - - name: INSECURE_REGISTRY - value: ${INSECURE_REGISTRY} - - name: ENABLE_OPS_CLUSTER - value: ${ENABLE_OPS_CLUSTER} - - name: KIBANA_HOSTNAME - value: ${KIBANA_HOSTNAME} - - name: KIBANA_OPS_HOSTNAME - value: ${KIBANA_OPS_HOSTNAME} - - name: PUBLIC_MASTER_URL - value: ${PUBLIC_MASTER_URL} - - name: MASTER_URL - value: ${MASTER_URL} - - name: ES_INSTANCE_RAM - value: ${ES_INSTANCE_RAM} - - name: ES_PVC_SIZE - value: ${ES_PVC_SIZE} - - name: ES_PVC_PREFIX - value: ${ES_PVC_PREFIX} - - name: ES_PVC_DYNAMIC - value: ${ES_PVC_DYNAMIC} - - name: ES_CLUSTER_SIZE - value: ${ES_CLUSTER_SIZE} - - name: ES_NODE_QUORUM - value: ${ES_NODE_QUORUM} - - name: ES_RECOVER_AFTER_NODES - value: ${ES_RECOVER_AFTER_NODES} - - name: ES_RECOVER_EXPECTED_NODES - value: ${ES_RECOVER_EXPECTED_NODES} - - name: ES_RECOVER_AFTER_TIME - value: ${ES_RECOVER_AFTER_TIME} - - name: ES_OPS_INSTANCE_RAM - value: ${ES_OPS_INSTANCE_RAM} - - name: ES_OPS_PVC_SIZE - value: ${ES_OPS_PVC_SIZE} - - name: ES_OPS_PVC_PREFIX - value: ${ES_OPS_PVC_PREFIX} - - name: ES_OPS_PVC_DYNAMIC - value: ${ES_OPS_PVC_DYNAMIC} - - name: ES_OPS_CLUSTER_SIZE - value: ${ES_OPS_CLUSTER_SIZE} - - name: ES_OPS_NODE_QUORUM - value: ${ES_OPS_NODE_QUORUM} - - name: ES_OPS_RECOVER_AFTER_NODES - value: ${ES_OPS_RECOVER_AFTER_NODES} - - name: ES_OPS_RECOVER_EXPECTED_NODES - value: ${ES_OPS_RECOVER_EXPECTED_NODES} - - name: ES_OPS_RECOVER_AFTER_TIME - value: ${ES_OPS_RECOVER_AFTER_TIME} - - name: FLUENTD_NODESELECTOR - value: ${FLUENTD_NODESELECTOR} - - name: ES_NODESELECTOR - value: ${ES_NODESELECTOR} - - name: ES_OPS_NODESELECTOR - value: ${ES_OPS_NODESELECTOR} - - name: KIBANA_NODESELECTOR - value: ${KIBANA_NODESELECTOR} - - name: KIBANA_OPS_NODESELECTOR - value: ${KIBANA_OPS_NODESELECTOR} - - name: CURATOR_NODESELECTOR - value: ${CURATOR_NODESELECTOR} - - name: CURATOR_OPS_NODESELECTOR - value: ${CURATOR_OPS_NODESELECTOR} - - name: MODE - value: ${MODE} - dnsPolicy: ClusterFirst - restartPolicy: Never - serviceAccount: logging-deployer - volumes: - - name: empty - emptyDir: {} - parameters: - - - description: "The mode that the deployer runs in." - name: MODE - value: "install" - - - description: 'Specify prefix for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.3.0", set prefix "registry.access.redhat.com/openshift3/"' - name: IMAGE_PREFIX - value: "registry.access.redhat.com/openshift3/" - - - description: 'Specify version for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.3.0", set version "3.3.0"' - name: IMAGE_VERSION - value: "3.4.0" - - - description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." - name: IMAGE_PULL_SECRET - - - description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" - name: INSECURE_REGISTRY - value: "false" - - - description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." - name: ENABLE_OPS_CLUSTER - value: "false" - - - description: "(Deprecated) External hostname where clients will reach kibana" - name: KIBANA_HOSTNAME - value: "kibana.example.com" - - - description: "(Deprecated) External hostname at which admins will visit the ops Kibana." - name: KIBANA_OPS_HOSTNAME - value: kibana-ops.example.com - - - description: "(Deprecated) External URL for the master, for OAuth purposes" - name: PUBLIC_MASTER_URL - value: "https://localhost:8443" - - - description: "(Deprecated) Internal URL for the master, for authentication retrieval" - name: MASTER_URL - value: "https://kubernetes.default.svc.cluster.local" - - - description: "(Deprecated) How many instances of ElasticSearch to deploy." - name: ES_CLUSTER_SIZE - value: "1" - - - description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." - name: ES_INSTANCE_RAM - value: "8G" - - - description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." - name: ES_PVC_SIZE - - - description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." - name: ES_PVC_PREFIX - value: "logging-es-" - - - description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' - name: ES_PVC_DYNAMIC - - - description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." - name: ES_NODE_QUORUM - - - description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." - name: ES_RECOVER_AFTER_NODES - - - description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." - name: ES_RECOVER_EXPECTED_NODES - - - description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." - name: ES_RECOVER_AFTER_TIME - value: "5m" - - - description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." - name: ES_OPS_CLUSTER_SIZE - - - description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." - name: ES_OPS_INSTANCE_RAM - value: "8G" - - - description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." - name: ES_OPS_PVC_SIZE - - - description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." - name: ES_OPS_PVC_PREFIX - value: "logging-es-ops-" - - - description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' - name: ES_OPS_PVC_DYNAMIC - - - description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." - name: ES_OPS_NODE_QUORUM - - - description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." - name: ES_OPS_RECOVER_AFTER_NODES - - - description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." - name: ES_OPS_RECOVER_EXPECTED_NODES - - - description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." - name: ES_OPS_RECOVER_AFTER_TIME - value: "5m" - - - description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." - name: FLUENTD_NODESELECTOR - value: "logging-infra-fluentd=true" - - - description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." - name: ES_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." - name: ES_OPS_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Kibana cluster (label=value)." - name: KIBANA_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Kibana operations cluster (label=value)." - name: KIBANA_OPS_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Curator (label=value)." - name: CURATOR_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector operations Curator (label=value)." - name: CURATOR_OPS_NODESELECTOR - value: "" diff --git a/roles/openshift_hosted_templates/files/v1.5/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.5/enterprise/metrics-deployer.yaml deleted file mode 100644 index c4ab794ae..000000000 --- a/roles/openshift_hosted_templates/files/v1.5/enterprise/metrics-deployer.yaml +++ /dev/null @@ -1,168 +0,0 @@ -#!/bin/bash -# -# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates -# and other contributors as indicated by the @author tags. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -apiVersion: "v1" -kind: "Template" -metadata: - name: metrics-deployer-template - annotations: - description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." - tags: "infrastructure" -labels: - metrics-infra: deployer - provider: openshift - component: deployer -objects: -- - apiVersion: v1 - kind: Pod - metadata: - generateName: metrics-deployer- - spec: - securityContext: {} - containers: - - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} - name: deployer - securityContext: {} - volumeMounts: - - name: secret - mountPath: /secret - readOnly: true - - name: empty - mountPath: /etc/deploy - env: - - name: PROJECT - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: IMAGE_PREFIX - value: ${IMAGE_PREFIX} - - name: IMAGE_VERSION - value: ${IMAGE_VERSION} - - name: MASTER_URL - value: ${MASTER_URL} - - name: MODE - value: ${MODE} - - name: CONTINUE_ON_ERROR - value: ${CONTINUE_ON_ERROR} - - name: REDEPLOY - value: ${REDEPLOY} - - name: IGNORE_PREFLIGHT - value: ${IGNORE_PREFLIGHT} - - name: USE_PERSISTENT_STORAGE - value: ${USE_PERSISTENT_STORAGE} - - name: DYNAMICALLY_PROVISION_STORAGE - value: ${DYNAMICALLY_PROVISION_STORAGE} - - name: HAWKULAR_METRICS_HOSTNAME - value: ${HAWKULAR_METRICS_HOSTNAME} - - name: CASSANDRA_NODES - value: ${CASSANDRA_NODES} - - name: CASSANDRA_PV_SIZE - value: ${CASSANDRA_PV_SIZE} - - name: METRIC_DURATION - value: ${METRIC_DURATION} - - name: USER_WRITE_ACCESS - value: ${USER_WRITE_ACCESS} - - name: HEAPSTER_NODE_ID - value: ${HEAPSTER_NODE_ID} - - name: METRIC_RESOLUTION - value: ${METRIC_RESOLUTION} - - name: STARTUP_TIMEOUT - value: ${STARTUP_TIMEOUT} - dnsPolicy: ClusterFirst - restartPolicy: Never - serviceAccount: metrics-deployer - volumes: - - name: empty - emptyDir: {} - - name: secret - secret: - secretName: metrics-deployer -parameters: -- - description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "registry.access.redhat.com/openshift3/" -- - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' - name: IMAGE_VERSION - value: "v3.5" -- - description: "Internal URL for the master, for authentication retrieval" - name: MASTER_URL - value: "https://kubernetes.default.svc:443" -- - description: "External hostname where clients will reach Hawkular Metrics" - name: HAWKULAR_METRICS_HOSTNAME - required: true -- - description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" - name: MODE - value: "deploy" -- - description: "Set to true to continue even if the deployer runs into an error." - name: CONTINUE_ON_ERROR - value: "false" -- - description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" - name: REDEPLOY - value: "false" -- - description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." - name: IGNORE_PREFLIGHT - value: "false" -- - description: "Set to true for persistent storage, set to false to use non persistent storage" - name: USE_PERSISTENT_STORAGE - value: "true" -- - description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" - name: DYNAMICALLY_PROVISION_STORAGE - value: "false" -- - description: "The number of Cassandra Nodes to deploy for the initial cluster" - name: CASSANDRA_NODES - value: "1" -- - description: "The persistent volume size for each of the Cassandra nodes" - name: CASSANDRA_PV_SIZE - value: "10Gi" -- - description: "How many days metrics should be stored for." - name: METRIC_DURATION - value: "7" -- - description: "If a user accounts should be allowed to write metrics." - name: USER_WRITE_ACCESS - value: "false" -- - description: "The identifier used when generating metric ids in Hawkular" - name: HEAPSTER_NODE_ID - value: "nodename" -- - description: "How often metrics should be gathered. Defaults value of '30s' for 30 seconds" - name: METRIC_RESOLUTION - value: "30s" -- - description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart" - name: STARTUP_TIMEOUT - value: "500" diff --git a/roles/openshift_hosted_templates/files/v1.5/origin/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.5/origin/logging-deployer.yaml deleted file mode 100644 index 5b5503500..000000000 --- a/roles/openshift_hosted_templates/files/v1.5/origin/logging-deployer.yaml +++ /dev/null @@ -1,342 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: -- - apiVersion: "v1" - kind: "Template" - metadata: - name: logging-deployer-account-template - annotations: - description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." - tags: "infrastructure" - objects: - - - apiVersion: v1 - kind: ServiceAccount - name: logging-deployer - metadata: - name: logging-deployer - labels: - logging-infra: deployer - provider: openshift - component: deployer - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-kibana - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-elasticsearch - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-fluentd - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-curator - - apiVersion: v1 - kind: ClusterRole - metadata: - name: oauth-editor - rules: - - resources: - - oauthclients - verbs: - - create - - delete - - apiVersion: v1 - kind: ClusterRole - metadata: - name: daemonset-admin - rules: - - resources: - - daemonsets - apiGroups: - - extensions - verbs: - - create - - get - - list - - watch - - delete - - update - - apiVersion: v1 - kind: ClusterRole - metadata: - name: rolebinding-reader - rules: - - resources: - - clusterrolebindings - verbs: - - get - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-deployer-edit-role - roleRef: - name: edit - subjects: - - kind: ServiceAccount - name: logging-deployer - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-deployer-dsadmin-role - roleRef: - name: daemonset-admin - subjects: - - kind: ServiceAccount - name: logging-deployer - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-elasticsearch-view-role - roleRef: - name: view - subjects: - - kind: ServiceAccount - name: aggregated-logging-elasticsearch -- - apiVersion: "v1" - kind: "Template" - metadata: - name: logging-deployer-template - annotations: - description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." - tags: "infrastructure" - labels: - logging-infra: deployer - provider: openshift - objects: - - - apiVersion: v1 - kind: Pod - metadata: - generateName: logging-deployer- - spec: - containers: - - image: ${IMAGE_PREFIX}logging-deployment:${IMAGE_VERSION} - imagePullPolicy: Always - name: deployer - volumeMounts: - - name: empty - mountPath: /etc/deploy - env: - - name: PROJECT - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: IMAGE_PREFIX - value: ${IMAGE_PREFIX} - - name: IMAGE_VERSION - value: ${IMAGE_VERSION} - - name: IMAGE_PULL_SECRET - value: ${IMAGE_PULL_SECRET} - - name: INSECURE_REGISTRY - value: ${INSECURE_REGISTRY} - - name: ENABLE_OPS_CLUSTER - value: ${ENABLE_OPS_CLUSTER} - - name: KIBANA_HOSTNAME - value: ${KIBANA_HOSTNAME} - - name: KIBANA_OPS_HOSTNAME - value: ${KIBANA_OPS_HOSTNAME} - - name: PUBLIC_MASTER_URL - value: ${PUBLIC_MASTER_URL} - - name: MASTER_URL - value: ${MASTER_URL} - - name: ES_INSTANCE_RAM - value: ${ES_INSTANCE_RAM} - - name: ES_PVC_SIZE - value: ${ES_PVC_SIZE} - - name: ES_PVC_PREFIX - value: ${ES_PVC_PREFIX} - - name: ES_PVC_DYNAMIC - value: ${ES_PVC_DYNAMIC} - - name: ES_CLUSTER_SIZE - value: ${ES_CLUSTER_SIZE} - - name: ES_NODE_QUORUM - value: ${ES_NODE_QUORUM} - - name: ES_RECOVER_AFTER_NODES - value: ${ES_RECOVER_AFTER_NODES} - - name: ES_RECOVER_EXPECTED_NODES - value: ${ES_RECOVER_EXPECTED_NODES} - - name: ES_RECOVER_AFTER_TIME - value: ${ES_RECOVER_AFTER_TIME} - - name: ES_OPS_INSTANCE_RAM - value: ${ES_OPS_INSTANCE_RAM} - - name: ES_OPS_PVC_SIZE - value: ${ES_OPS_PVC_SIZE} - - name: ES_OPS_PVC_PREFIX - value: ${ES_OPS_PVC_PREFIX} - - name: ES_OPS_PVC_DYNAMIC - value: ${ES_OPS_PVC_DYNAMIC} - - name: ES_OPS_CLUSTER_SIZE - value: ${ES_OPS_CLUSTER_SIZE} - - name: ES_OPS_NODE_QUORUM - value: ${ES_OPS_NODE_QUORUM} - - name: ES_OPS_RECOVER_AFTER_NODES - value: ${ES_OPS_RECOVER_AFTER_NODES} - - name: ES_OPS_RECOVER_EXPECTED_NODES - value: ${ES_OPS_RECOVER_EXPECTED_NODES} - - name: ES_OPS_RECOVER_AFTER_TIME - value: ${ES_OPS_RECOVER_AFTER_TIME} - - name: FLUENTD_NODESELECTOR - value: ${FLUENTD_NODESELECTOR} - - name: ES_NODESELECTOR - value: ${ES_NODESELECTOR} - - name: ES_OPS_NODESELECTOR - value: ${ES_OPS_NODESELECTOR} - - name: KIBANA_NODESELECTOR - value: ${KIBANA_NODESELECTOR} - - name: KIBANA_OPS_NODESELECTOR - value: ${KIBANA_OPS_NODESELECTOR} - - name: CURATOR_NODESELECTOR - value: ${CURATOR_NODESELECTOR} - - name: CURATOR_OPS_NODESELECTOR - value: ${CURATOR_OPS_NODESELECTOR} - - name: MODE - value: ${MODE} - dnsPolicy: ClusterFirst - restartPolicy: Never - serviceAccount: logging-deployer - volumes: - - name: empty - emptyDir: {} - parameters: - - - description: "The mode that the deployer runs in." - name: MODE - value: "install" - - - description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "docker.io/openshift/origin-" - - - description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' - name: IMAGE_VERSION - value: "latest" - - - description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." - name: IMAGE_PULL_SECRET - - - description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" - name: INSECURE_REGISTRY - value: "false" - - - description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." - name: ENABLE_OPS_CLUSTER - value: "false" - - - description: "(Deprecated) External hostname where clients will reach kibana" - name: KIBANA_HOSTNAME - value: "kibana.example.com" - - - description: "(Deprecated) External hostname at which admins will visit the ops Kibana." - name: KIBANA_OPS_HOSTNAME - value: kibana-ops.example.com - - - description: "(Deprecated) External URL for the master, for OAuth purposes" - name: PUBLIC_MASTER_URL - value: "https://localhost:8443" - - - description: "(Deprecated) Internal URL for the master, for authentication retrieval" - name: MASTER_URL - value: "https://kubernetes.default.svc.cluster.local" - - - description: "(Deprecated) How many instances of ElasticSearch to deploy." - name: ES_CLUSTER_SIZE - value: "1" - - - description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." - name: ES_INSTANCE_RAM - value: "8G" - - - description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." - name: ES_PVC_SIZE - - - description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." - name: ES_PVC_PREFIX - value: "logging-es-" - - - description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' - name: ES_PVC_DYNAMIC - - - description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." - name: ES_NODE_QUORUM - - - description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." - name: ES_RECOVER_AFTER_NODES - - - description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." - name: ES_RECOVER_EXPECTED_NODES - - - description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." - name: ES_RECOVER_AFTER_TIME - value: "5m" - - - description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." - name: ES_OPS_CLUSTER_SIZE - - - description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." - name: ES_OPS_INSTANCE_RAM - value: "8G" - - - description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." - name: ES_OPS_PVC_SIZE - - - description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." - name: ES_OPS_PVC_PREFIX - value: "logging-es-ops-" - - - description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' - name: ES_OPS_PVC_DYNAMIC - - - description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." - name: ES_OPS_NODE_QUORUM - - - description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." - name: ES_OPS_RECOVER_AFTER_NODES - - - description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." - name: ES_OPS_RECOVER_EXPECTED_NODES - - - description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." - name: ES_OPS_RECOVER_AFTER_TIME - value: "5m" - - - description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." - name: FLUENTD_NODESELECTOR - value: "logging-infra-fluentd=true" - - - description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." - name: ES_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." - name: ES_OPS_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Kibana cluster (label=value)." - name: KIBANA_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Kibana operations cluster (label=value)." - name: KIBANA_OPS_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Curator (label=value)." - name: CURATOR_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector operations Curator (label=value)." - name: CURATOR_OPS_NODESELECTOR - value: "" diff --git a/roles/openshift_hosted_templates/files/v1.5/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.5/origin/metrics-deployer.yaml deleted file mode 100644 index d191c0439..000000000 --- a/roles/openshift_hosted_templates/files/v1.5/origin/metrics-deployer.yaml +++ /dev/null @@ -1,168 +0,0 @@ -#!/bin/bash -# -# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates -# and other contributors as indicated by the @author tags. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -apiVersion: "v1" -kind: "Template" -metadata: - name: metrics-deployer-template - annotations: - description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." - tags: "infrastructure" -labels: - metrics-infra: deployer - provider: openshift - component: deployer -objects: -- - apiVersion: v1 - kind: Pod - metadata: - generateName: metrics-deployer- - spec: - securityContext: {} - containers: - - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} - name: deployer - securityContext: {} - volumeMounts: - - name: secret - mountPath: /secret - readOnly: true - - name: empty - mountPath: /etc/deploy - env: - - name: PROJECT - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: IMAGE_PREFIX - value: ${IMAGE_PREFIX} - - name: IMAGE_VERSION - value: ${IMAGE_VERSION} - - name: MASTER_URL - value: ${MASTER_URL} - - name: MODE - value: ${MODE} - - name: CONTINUE_ON_ERROR - value: ${CONTINUE_ON_ERROR} - - name: REDEPLOY - value: ${REDEPLOY} - - name: IGNORE_PREFLIGHT - value: ${IGNORE_PREFLIGHT} - - name: USE_PERSISTENT_STORAGE - value: ${USE_PERSISTENT_STORAGE} - - name: DYNAMICALLY_PROVISION_STORAGE - value: ${DYNAMICALLY_PROVISION_STORAGE} - - name: HAWKULAR_METRICS_HOSTNAME - value: ${HAWKULAR_METRICS_HOSTNAME} - - name: CASSANDRA_NODES - value: ${CASSANDRA_NODES} - - name: CASSANDRA_PV_SIZE - value: ${CASSANDRA_PV_SIZE} - - name: METRIC_DURATION - value: ${METRIC_DURATION} - - name: USER_WRITE_ACCESS - value: ${USER_WRITE_ACCESS} - - name: HEAPSTER_NODE_ID - value: ${HEAPSTER_NODE_ID} - - name: METRIC_RESOLUTION - value: ${METRIC_RESOLUTION} - - name: STARTUP_TIMEOUT - value: ${STARTUP_TIMEOUT} - dnsPolicy: ClusterFirst - restartPolicy: Never - serviceAccount: metrics-deployer - volumes: - - name: empty - emptyDir: {} - - name: secret - secret: - secretName: metrics-deployer -parameters: -- - description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "openshift/origin-" -- - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' - name: IMAGE_VERSION - value: "latest" -- - description: "Internal URL for the master, for authentication retrieval" - name: MASTER_URL - value: "https://kubernetes.default.svc:443" -- - description: "External hostname where clients will reach Hawkular Metrics" - name: HAWKULAR_METRICS_HOSTNAME - required: true -- - description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" - name: MODE - value: "deploy" -- - description: "Set to true to continue even if the deployer runs into an error." - name: CONTINUE_ON_ERROR - value: "false" -- - description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" - name: REDEPLOY - value: "false" -- - description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." - name: IGNORE_PREFLIGHT - value: "false" -- - description: "Set to true for persistent storage, set to false to use non persistent storage" - name: USE_PERSISTENT_STORAGE - value: "true" -- - description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" - name: DYNAMICALLY_PROVISION_STORAGE - value: "false" -- - description: "The number of Cassandra Nodes to deploy for the initial cluster" - name: CASSANDRA_NODES - value: "1" -- - description: "The persistent volume size for each of the Cassandra nodes" - name: CASSANDRA_PV_SIZE - value: "10Gi" -- - description: "How many days metrics should be stored for." - name: METRIC_DURATION - value: "7" -- - description: "If a user accounts should be allowed to write metrics." - name: USER_WRITE_ACCESS - value: "false" -- - description: "The identifier used when generating metric ids in Hawkular" - name: HEAPSTER_NODE_ID - value: "nodename" -- - description: "How often metrics should be gathered. Defaults value of '30s' for 30 seconds" - name: METRIC_RESOLUTION - value: "30s" -- - description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart" - name: STARTUP_TIMEOUT - value: "500" diff --git a/roles/openshift_hosted_templates/files/v1.6/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.6/enterprise/logging-deployer.yaml deleted file mode 100644 index fdfc285ca..000000000 --- a/roles/openshift_hosted_templates/files/v1.6/enterprise/logging-deployer.yaml +++ /dev/null @@ -1,345 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: -- - apiVersion: "v1" - kind: "Template" - metadata: - name: logging-deployer-account-template - annotations: - description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." - tags: "infrastructure" - objects: - - - apiVersion: v1 - kind: ServiceAccount - name: logging-deployer - metadata: - name: logging-deployer - labels: - logging-infra: deployer - provider: openshift - component: deployer - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-kibana - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-elasticsearch - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-fluentd - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-curator - - apiVersion: v1 - kind: ClusterRole - metadata: - name: oauth-editor - rules: - - resources: - - oauthclients - verbs: - - create - - delete - - apiVersion: v1 - kind: ClusterRole - metadata: - name: daemonset-admin - rules: - - resources: - - daemonsets - apiGroups: - - extensions - verbs: - - create - - get - - list - - watch - - delete - - update - - apiVersion: v1 - kind: ClusterRole - metadata: - name: rolebinding-reader - rules: - - resources: - - clusterrolebindings - verbs: - - get - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-deployer-edit-role - roleRef: - kind: ClusterRole - name: edit - subjects: - - kind: ServiceAccount - name: logging-deployer - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-deployer-dsadmin-role - roleRef: - kind: ClusterRole - name: daemonset-admin - subjects: - - kind: ServiceAccount - name: logging-deployer - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-elasticsearch-view-role - roleRef: - kind: ClusterRole - name: view - subjects: - - kind: ServiceAccount - name: aggregated-logging-elasticsearch -- - apiVersion: "v1" - kind: "Template" - metadata: - name: logging-deployer-template - annotations: - description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." - tags: "infrastructure" - labels: - logging-infra: deployer - provider: openshift - objects: - - - apiVersion: v1 - kind: Pod - metadata: - generateName: logging-deployer- - spec: - containers: - - image: ${IMAGE_PREFIX}logging-deployer:${IMAGE_VERSION} - imagePullPolicy: Always - name: deployer - volumeMounts: - - name: empty - mountPath: /etc/deploy - env: - - name: PROJECT - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: IMAGE_PREFIX - value: ${IMAGE_PREFIX} - - name: IMAGE_VERSION - value: ${IMAGE_VERSION} - - name: IMAGE_PULL_SECRET - value: ${IMAGE_PULL_SECRET} - - name: INSECURE_REGISTRY - value: ${INSECURE_REGISTRY} - - name: ENABLE_OPS_CLUSTER - value: ${ENABLE_OPS_CLUSTER} - - name: KIBANA_HOSTNAME - value: ${KIBANA_HOSTNAME} - - name: KIBANA_OPS_HOSTNAME - value: ${KIBANA_OPS_HOSTNAME} - - name: PUBLIC_MASTER_URL - value: ${PUBLIC_MASTER_URL} - - name: MASTER_URL - value: ${MASTER_URL} - - name: ES_INSTANCE_RAM - value: ${ES_INSTANCE_RAM} - - name: ES_PVC_SIZE - value: ${ES_PVC_SIZE} - - name: ES_PVC_PREFIX - value: ${ES_PVC_PREFIX} - - name: ES_PVC_DYNAMIC - value: ${ES_PVC_DYNAMIC} - - name: ES_CLUSTER_SIZE - value: ${ES_CLUSTER_SIZE} - - name: ES_NODE_QUORUM - value: ${ES_NODE_QUORUM} - - name: ES_RECOVER_AFTER_NODES - value: ${ES_RECOVER_AFTER_NODES} - - name: ES_RECOVER_EXPECTED_NODES - value: ${ES_RECOVER_EXPECTED_NODES} - - name: ES_RECOVER_AFTER_TIME - value: ${ES_RECOVER_AFTER_TIME} - - name: ES_OPS_INSTANCE_RAM - value: ${ES_OPS_INSTANCE_RAM} - - name: ES_OPS_PVC_SIZE - value: ${ES_OPS_PVC_SIZE} - - name: ES_OPS_PVC_PREFIX - value: ${ES_OPS_PVC_PREFIX} - - name: ES_OPS_PVC_DYNAMIC - value: ${ES_OPS_PVC_DYNAMIC} - - name: ES_OPS_CLUSTER_SIZE - value: ${ES_OPS_CLUSTER_SIZE} - - name: ES_OPS_NODE_QUORUM - value: ${ES_OPS_NODE_QUORUM} - - name: ES_OPS_RECOVER_AFTER_NODES - value: ${ES_OPS_RECOVER_AFTER_NODES} - - name: ES_OPS_RECOVER_EXPECTED_NODES - value: ${ES_OPS_RECOVER_EXPECTED_NODES} - - name: ES_OPS_RECOVER_AFTER_TIME - value: ${ES_OPS_RECOVER_AFTER_TIME} - - name: FLUENTD_NODESELECTOR - value: ${FLUENTD_NODESELECTOR} - - name: ES_NODESELECTOR - value: ${ES_NODESELECTOR} - - name: ES_OPS_NODESELECTOR - value: ${ES_OPS_NODESELECTOR} - - name: KIBANA_NODESELECTOR - value: ${KIBANA_NODESELECTOR} - - name: KIBANA_OPS_NODESELECTOR - value: ${KIBANA_OPS_NODESELECTOR} - - name: CURATOR_NODESELECTOR - value: ${CURATOR_NODESELECTOR} - - name: CURATOR_OPS_NODESELECTOR - value: ${CURATOR_OPS_NODESELECTOR} - - name: MODE - value: ${MODE} - dnsPolicy: ClusterFirst - restartPolicy: Never - serviceAccount: logging-deployer - volumes: - - name: empty - emptyDir: {} - parameters: - - - description: "The mode that the deployer runs in." - name: MODE - value: "install" - - - description: 'Specify prefix for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.3.0", set prefix "registry.access.redhat.com/openshift3/"' - name: IMAGE_PREFIX - value: "registry.access.redhat.com/openshift3/" - - - description: 'Specify version for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.3.0", set version "3.3.0"' - name: IMAGE_VERSION - value: "3.4.0" - - - description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." - name: IMAGE_PULL_SECRET - - - description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" - name: INSECURE_REGISTRY - value: "false" - - - description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." - name: ENABLE_OPS_CLUSTER - value: "false" - - - description: "(Deprecated) External hostname where clients will reach kibana" - name: KIBANA_HOSTNAME - value: "kibana.example.com" - - - description: "(Deprecated) External hostname at which admins will visit the ops Kibana." - name: KIBANA_OPS_HOSTNAME - value: kibana-ops.example.com - - - description: "(Deprecated) External URL for the master, for OAuth purposes" - name: PUBLIC_MASTER_URL - value: "https://localhost:8443" - - - description: "(Deprecated) Internal URL for the master, for authentication retrieval" - name: MASTER_URL - value: "https://kubernetes.default.svc.cluster.local" - - - description: "(Deprecated) How many instances of ElasticSearch to deploy." - name: ES_CLUSTER_SIZE - value: "1" - - - description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." - name: ES_INSTANCE_RAM - value: "8G" - - - description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." - name: ES_PVC_SIZE - - - description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." - name: ES_PVC_PREFIX - value: "logging-es-" - - - description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' - name: ES_PVC_DYNAMIC - - - description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." - name: ES_NODE_QUORUM - - - description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." - name: ES_RECOVER_AFTER_NODES - - - description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." - name: ES_RECOVER_EXPECTED_NODES - - - description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." - name: ES_RECOVER_AFTER_TIME - value: "5m" - - - description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." - name: ES_OPS_CLUSTER_SIZE - - - description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." - name: ES_OPS_INSTANCE_RAM - value: "8G" - - - description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." - name: ES_OPS_PVC_SIZE - - - description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." - name: ES_OPS_PVC_PREFIX - value: "logging-es-ops-" - - - description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' - name: ES_OPS_PVC_DYNAMIC - - - description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." - name: ES_OPS_NODE_QUORUM - - - description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." - name: ES_OPS_RECOVER_AFTER_NODES - - - description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." - name: ES_OPS_RECOVER_EXPECTED_NODES - - - description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." - name: ES_OPS_RECOVER_AFTER_TIME - value: "5m" - - - description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." - name: FLUENTD_NODESELECTOR - value: "logging-infra-fluentd=true" - - - description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." - name: ES_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." - name: ES_OPS_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Kibana cluster (label=value)." - name: KIBANA_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Kibana operations cluster (label=value)." - name: KIBANA_OPS_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Curator (label=value)." - name: CURATOR_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector operations Curator (label=value)." - name: CURATOR_OPS_NODESELECTOR - value: "" diff --git a/roles/openshift_hosted_templates/files/v1.6/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.6/enterprise/metrics-deployer.yaml deleted file mode 100644 index c4ab794ae..000000000 --- a/roles/openshift_hosted_templates/files/v1.6/enterprise/metrics-deployer.yaml +++ /dev/null @@ -1,168 +0,0 @@ -#!/bin/bash -# -# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates -# and other contributors as indicated by the @author tags. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -apiVersion: "v1" -kind: "Template" -metadata: - name: metrics-deployer-template - annotations: - description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." - tags: "infrastructure" -labels: - metrics-infra: deployer - provider: openshift - component: deployer -objects: -- - apiVersion: v1 - kind: Pod - metadata: - generateName: metrics-deployer- - spec: - securityContext: {} - containers: - - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} - name: deployer - securityContext: {} - volumeMounts: - - name: secret - mountPath: /secret - readOnly: true - - name: empty - mountPath: /etc/deploy - env: - - name: PROJECT - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: IMAGE_PREFIX - value: ${IMAGE_PREFIX} - - name: IMAGE_VERSION - value: ${IMAGE_VERSION} - - name: MASTER_URL - value: ${MASTER_URL} - - name: MODE - value: ${MODE} - - name: CONTINUE_ON_ERROR - value: ${CONTINUE_ON_ERROR} - - name: REDEPLOY - value: ${REDEPLOY} - - name: IGNORE_PREFLIGHT - value: ${IGNORE_PREFLIGHT} - - name: USE_PERSISTENT_STORAGE - value: ${USE_PERSISTENT_STORAGE} - - name: DYNAMICALLY_PROVISION_STORAGE - value: ${DYNAMICALLY_PROVISION_STORAGE} - - name: HAWKULAR_METRICS_HOSTNAME - value: ${HAWKULAR_METRICS_HOSTNAME} - - name: CASSANDRA_NODES - value: ${CASSANDRA_NODES} - - name: CASSANDRA_PV_SIZE - value: ${CASSANDRA_PV_SIZE} - - name: METRIC_DURATION - value: ${METRIC_DURATION} - - name: USER_WRITE_ACCESS - value: ${USER_WRITE_ACCESS} - - name: HEAPSTER_NODE_ID - value: ${HEAPSTER_NODE_ID} - - name: METRIC_RESOLUTION - value: ${METRIC_RESOLUTION} - - name: STARTUP_TIMEOUT - value: ${STARTUP_TIMEOUT} - dnsPolicy: ClusterFirst - restartPolicy: Never - serviceAccount: metrics-deployer - volumes: - - name: empty - emptyDir: {} - - name: secret - secret: - secretName: metrics-deployer -parameters: -- - description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "registry.access.redhat.com/openshift3/" -- - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' - name: IMAGE_VERSION - value: "v3.5" -- - description: "Internal URL for the master, for authentication retrieval" - name: MASTER_URL - value: "https://kubernetes.default.svc:443" -- - description: "External hostname where clients will reach Hawkular Metrics" - name: HAWKULAR_METRICS_HOSTNAME - required: true -- - description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" - name: MODE - value: "deploy" -- - description: "Set to true to continue even if the deployer runs into an error." - name: CONTINUE_ON_ERROR - value: "false" -- - description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" - name: REDEPLOY - value: "false" -- - description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." - name: IGNORE_PREFLIGHT - value: "false" -- - description: "Set to true for persistent storage, set to false to use non persistent storage" - name: USE_PERSISTENT_STORAGE - value: "true" -- - description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" - name: DYNAMICALLY_PROVISION_STORAGE - value: "false" -- - description: "The number of Cassandra Nodes to deploy for the initial cluster" - name: CASSANDRA_NODES - value: "1" -- - description: "The persistent volume size for each of the Cassandra nodes" - name: CASSANDRA_PV_SIZE - value: "10Gi" -- - description: "How many days metrics should be stored for." - name: METRIC_DURATION - value: "7" -- - description: "If a user accounts should be allowed to write metrics." - name: USER_WRITE_ACCESS - value: "false" -- - description: "The identifier used when generating metric ids in Hawkular" - name: HEAPSTER_NODE_ID - value: "nodename" -- - description: "How often metrics should be gathered. Defaults value of '30s' for 30 seconds" - name: METRIC_RESOLUTION - value: "30s" -- - description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart" - name: STARTUP_TIMEOUT - value: "500" diff --git a/roles/openshift_hosted_templates/files/v1.6/origin/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.6/origin/logging-deployer.yaml deleted file mode 100644 index 5b5503500..000000000 --- a/roles/openshift_hosted_templates/files/v1.6/origin/logging-deployer.yaml +++ /dev/null @@ -1,342 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: -- - apiVersion: "v1" - kind: "Template" - metadata: - name: logging-deployer-account-template - annotations: - description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." - tags: "infrastructure" - objects: - - - apiVersion: v1 - kind: ServiceAccount - name: logging-deployer - metadata: - name: logging-deployer - labels: - logging-infra: deployer - provider: openshift - component: deployer - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-kibana - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-elasticsearch - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-fluentd - - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: aggregated-logging-curator - - apiVersion: v1 - kind: ClusterRole - metadata: - name: oauth-editor - rules: - - resources: - - oauthclients - verbs: - - create - - delete - - apiVersion: v1 - kind: ClusterRole - metadata: - name: daemonset-admin - rules: - - resources: - - daemonsets - apiGroups: - - extensions - verbs: - - create - - get - - list - - watch - - delete - - update - - apiVersion: v1 - kind: ClusterRole - metadata: - name: rolebinding-reader - rules: - - resources: - - clusterrolebindings - verbs: - - get - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-deployer-edit-role - roleRef: - name: edit - subjects: - - kind: ServiceAccount - name: logging-deployer - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-deployer-dsadmin-role - roleRef: - name: daemonset-admin - subjects: - - kind: ServiceAccount - name: logging-deployer - - - apiVersion: v1 - kind: RoleBinding - metadata: - name: logging-elasticsearch-view-role - roleRef: - name: view - subjects: - - kind: ServiceAccount - name: aggregated-logging-elasticsearch -- - apiVersion: "v1" - kind: "Template" - metadata: - name: logging-deployer-template - annotations: - description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." - tags: "infrastructure" - labels: - logging-infra: deployer - provider: openshift - objects: - - - apiVersion: v1 - kind: Pod - metadata: - generateName: logging-deployer- - spec: - containers: - - image: ${IMAGE_PREFIX}logging-deployment:${IMAGE_VERSION} - imagePullPolicy: Always - name: deployer - volumeMounts: - - name: empty - mountPath: /etc/deploy - env: - - name: PROJECT - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: IMAGE_PREFIX - value: ${IMAGE_PREFIX} - - name: IMAGE_VERSION - value: ${IMAGE_VERSION} - - name: IMAGE_PULL_SECRET - value: ${IMAGE_PULL_SECRET} - - name: INSECURE_REGISTRY - value: ${INSECURE_REGISTRY} - - name: ENABLE_OPS_CLUSTER - value: ${ENABLE_OPS_CLUSTER} - - name: KIBANA_HOSTNAME - value: ${KIBANA_HOSTNAME} - - name: KIBANA_OPS_HOSTNAME - value: ${KIBANA_OPS_HOSTNAME} - - name: PUBLIC_MASTER_URL - value: ${PUBLIC_MASTER_URL} - - name: MASTER_URL - value: ${MASTER_URL} - - name: ES_INSTANCE_RAM - value: ${ES_INSTANCE_RAM} - - name: ES_PVC_SIZE - value: ${ES_PVC_SIZE} - - name: ES_PVC_PREFIX - value: ${ES_PVC_PREFIX} - - name: ES_PVC_DYNAMIC - value: ${ES_PVC_DYNAMIC} - - name: ES_CLUSTER_SIZE - value: ${ES_CLUSTER_SIZE} - - name: ES_NODE_QUORUM - value: ${ES_NODE_QUORUM} - - name: ES_RECOVER_AFTER_NODES - value: ${ES_RECOVER_AFTER_NODES} - - name: ES_RECOVER_EXPECTED_NODES - value: ${ES_RECOVER_EXPECTED_NODES} - - name: ES_RECOVER_AFTER_TIME - value: ${ES_RECOVER_AFTER_TIME} - - name: ES_OPS_INSTANCE_RAM - value: ${ES_OPS_INSTANCE_RAM} - - name: ES_OPS_PVC_SIZE - value: ${ES_OPS_PVC_SIZE} - - name: ES_OPS_PVC_PREFIX - value: ${ES_OPS_PVC_PREFIX} - - name: ES_OPS_PVC_DYNAMIC - value: ${ES_OPS_PVC_DYNAMIC} - - name: ES_OPS_CLUSTER_SIZE - value: ${ES_OPS_CLUSTER_SIZE} - - name: ES_OPS_NODE_QUORUM - value: ${ES_OPS_NODE_QUORUM} - - name: ES_OPS_RECOVER_AFTER_NODES - value: ${ES_OPS_RECOVER_AFTER_NODES} - - name: ES_OPS_RECOVER_EXPECTED_NODES - value: ${ES_OPS_RECOVER_EXPECTED_NODES} - - name: ES_OPS_RECOVER_AFTER_TIME - value: ${ES_OPS_RECOVER_AFTER_TIME} - - name: FLUENTD_NODESELECTOR - value: ${FLUENTD_NODESELECTOR} - - name: ES_NODESELECTOR - value: ${ES_NODESELECTOR} - - name: ES_OPS_NODESELECTOR - value: ${ES_OPS_NODESELECTOR} - - name: KIBANA_NODESELECTOR - value: ${KIBANA_NODESELECTOR} - - name: KIBANA_OPS_NODESELECTOR - value: ${KIBANA_OPS_NODESELECTOR} - - name: CURATOR_NODESELECTOR - value: ${CURATOR_NODESELECTOR} - - name: CURATOR_OPS_NODESELECTOR - value: ${CURATOR_OPS_NODESELECTOR} - - name: MODE - value: ${MODE} - dnsPolicy: ClusterFirst - restartPolicy: Never - serviceAccount: logging-deployer - volumes: - - name: empty - emptyDir: {} - parameters: - - - description: "The mode that the deployer runs in." - name: MODE - value: "install" - - - description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "docker.io/openshift/origin-" - - - description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' - name: IMAGE_VERSION - value: "latest" - - - description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." - name: IMAGE_PULL_SECRET - - - description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" - name: INSECURE_REGISTRY - value: "false" - - - description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." - name: ENABLE_OPS_CLUSTER - value: "false" - - - description: "(Deprecated) External hostname where clients will reach kibana" - name: KIBANA_HOSTNAME - value: "kibana.example.com" - - - description: "(Deprecated) External hostname at which admins will visit the ops Kibana." - name: KIBANA_OPS_HOSTNAME - value: kibana-ops.example.com - - - description: "(Deprecated) External URL for the master, for OAuth purposes" - name: PUBLIC_MASTER_URL - value: "https://localhost:8443" - - - description: "(Deprecated) Internal URL for the master, for authentication retrieval" - name: MASTER_URL - value: "https://kubernetes.default.svc.cluster.local" - - - description: "(Deprecated) How many instances of ElasticSearch to deploy." - name: ES_CLUSTER_SIZE - value: "1" - - - description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." - name: ES_INSTANCE_RAM - value: "8G" - - - description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." - name: ES_PVC_SIZE - - - description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." - name: ES_PVC_PREFIX - value: "logging-es-" - - - description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' - name: ES_PVC_DYNAMIC - - - description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." - name: ES_NODE_QUORUM - - - description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." - name: ES_RECOVER_AFTER_NODES - - - description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." - name: ES_RECOVER_EXPECTED_NODES - - - description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." - name: ES_RECOVER_AFTER_TIME - value: "5m" - - - description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." - name: ES_OPS_CLUSTER_SIZE - - - description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." - name: ES_OPS_INSTANCE_RAM - value: "8G" - - - description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." - name: ES_OPS_PVC_SIZE - - - description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." - name: ES_OPS_PVC_PREFIX - value: "logging-es-ops-" - - - description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' - name: ES_OPS_PVC_DYNAMIC - - - description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." - name: ES_OPS_NODE_QUORUM - - - description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." - name: ES_OPS_RECOVER_AFTER_NODES - - - description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." - name: ES_OPS_RECOVER_EXPECTED_NODES - - - description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." - name: ES_OPS_RECOVER_AFTER_TIME - value: "5m" - - - description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." - name: FLUENTD_NODESELECTOR - value: "logging-infra-fluentd=true" - - - description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." - name: ES_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." - name: ES_OPS_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Kibana cluster (label=value)." - name: KIBANA_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Kibana operations cluster (label=value)." - name: KIBANA_OPS_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector Curator (label=value)." - name: CURATOR_NODESELECTOR - value: "" - - - description: "(Deprecated) Node selector operations Curator (label=value)." - name: CURATOR_OPS_NODESELECTOR - value: "" diff --git a/roles/openshift_hosted_templates/files/v1.6/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.6/origin/metrics-deployer.yaml deleted file mode 100644 index d191c0439..000000000 --- a/roles/openshift_hosted_templates/files/v1.6/origin/metrics-deployer.yaml +++ /dev/null @@ -1,168 +0,0 @@ -#!/bin/bash -# -# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates -# and other contributors as indicated by the @author tags. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -apiVersion: "v1" -kind: "Template" -metadata: - name: metrics-deployer-template - annotations: - description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." - tags: "infrastructure" -labels: - metrics-infra: deployer - provider: openshift - component: deployer -objects: -- - apiVersion: v1 - kind: Pod - metadata: - generateName: metrics-deployer- - spec: - securityContext: {} - containers: - - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} - name: deployer - securityContext: {} - volumeMounts: - - name: secret - mountPath: /secret - readOnly: true - - name: empty - mountPath: /etc/deploy - env: - - name: PROJECT - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: IMAGE_PREFIX - value: ${IMAGE_PREFIX} - - name: IMAGE_VERSION - value: ${IMAGE_VERSION} - - name: MASTER_URL - value: ${MASTER_URL} - - name: MODE - value: ${MODE} - - name: CONTINUE_ON_ERROR - value: ${CONTINUE_ON_ERROR} - - name: REDEPLOY - value: ${REDEPLOY} - - name: IGNORE_PREFLIGHT - value: ${IGNORE_PREFLIGHT} - - name: USE_PERSISTENT_STORAGE - value: ${USE_PERSISTENT_STORAGE} - - name: DYNAMICALLY_PROVISION_STORAGE - value: ${DYNAMICALLY_PROVISION_STORAGE} - - name: HAWKULAR_METRICS_HOSTNAME - value: ${HAWKULAR_METRICS_HOSTNAME} - - name: CASSANDRA_NODES - value: ${CASSANDRA_NODES} - - name: CASSANDRA_PV_SIZE - value: ${CASSANDRA_PV_SIZE} - - name: METRIC_DURATION - value: ${METRIC_DURATION} - - name: USER_WRITE_ACCESS - value: ${USER_WRITE_ACCESS} - - name: HEAPSTER_NODE_ID - value: ${HEAPSTER_NODE_ID} - - name: METRIC_RESOLUTION - value: ${METRIC_RESOLUTION} - - name: STARTUP_TIMEOUT - value: ${STARTUP_TIMEOUT} - dnsPolicy: ClusterFirst - restartPolicy: Never - serviceAccount: metrics-deployer - volumes: - - name: empty - emptyDir: {} - - name: secret - secret: - secretName: metrics-deployer -parameters: -- - description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "openshift/origin-" -- - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' - name: IMAGE_VERSION - value: "latest" -- - description: "Internal URL for the master, for authentication retrieval" - name: MASTER_URL - value: "https://kubernetes.default.svc:443" -- - description: "External hostname where clients will reach Hawkular Metrics" - name: HAWKULAR_METRICS_HOSTNAME - required: true -- - description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" - name: MODE - value: "deploy" -- - description: "Set to true to continue even if the deployer runs into an error." - name: CONTINUE_ON_ERROR - value: "false" -- - description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" - name: REDEPLOY - value: "false" -- - description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." - name: IGNORE_PREFLIGHT - value: "false" -- - description: "Set to true for persistent storage, set to false to use non persistent storage" - name: USE_PERSISTENT_STORAGE - value: "true" -- - description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" - name: DYNAMICALLY_PROVISION_STORAGE - value: "false" -- - description: "The number of Cassandra Nodes to deploy for the initial cluster" - name: CASSANDRA_NODES - value: "1" -- - description: "The persistent volume size for each of the Cassandra nodes" - name: CASSANDRA_PV_SIZE - value: "10Gi" -- - description: "How many days metrics should be stored for." - name: METRIC_DURATION - value: "7" -- - description: "If a user accounts should be allowed to write metrics." - name: USER_WRITE_ACCESS - value: "false" -- - description: "The identifier used when generating metric ids in Hawkular" - name: HEAPSTER_NODE_ID - value: "nodename" -- - description: "How often metrics should be gathered. Defaults value of '30s' for 30 seconds" - name: METRIC_RESOLUTION - value: "30s" -- - description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart" - name: STARTUP_TIMEOUT - value: "500" diff --git a/roles/openshift_hosted_templates/files/v1.6/enterprise/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.6/enterprise/registry-console.yaml index 28feac4e6..28feac4e6 100644 --- a/roles/openshift_hosted_templates/files/v1.6/enterprise/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.6/enterprise/registry-console.yaml diff --git a/roles/openshift_hosted_templates/files/v1.6/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml index 80cc4233b..80cc4233b 100644 --- a/roles/openshift_hosted_templates/files/v1.6/origin/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 96ed44011..5ee8d1e2a 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -119,6 +119,15 @@ openshift_logging_es_ops_number_of_replicas: 0 # storage related defaults openshift_logging_storage_access_modes: "{{ openshift_hosted_logging_storage_access_modes | default(['ReadWriteOnce']) }}" +# mux - secure_forward listener service +openshift_logging_mux_allow_external: False +openshift_logging_use_mux: "{{ openshift_logging_mux_allow_external | default(False) }}" +# this tells the fluentd node agent to use mux instead of sending directly to Elasticsearch +openshift_logging_use_mux_client: False +openshift_logging_mux_hostname: "{{ 'mux.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" +openshift_logging_mux_port: 24284 +openshift_logging_mux_cpu_limit: 100m +openshift_logging_mux_memory_limit: 512Mi # following can be uncommented to provide values for configmaps -- take care when providing file contents as it may cause your cluster to not operate correctly #es_logging_contents: @@ -127,3 +136,5 @@ openshift_logging_storage_access_modes: "{{ openshift_hosted_logging_storage_acc #fluentd_config_contents: #fluentd_throttle_contents: #fluentd_secureforward_contents: +#fluentd_mux_config_contents: +#fluentd_mux_secureforward_contents: diff --git a/roles/openshift_logging/tasks/delete_logging.yaml b/roles/openshift_logging/tasks/delete_logging.yaml index 188ea246c..2f5b68b4d 100644 --- a/roles/openshift_logging/tasks/delete_logging.yaml +++ b/roles/openshift_logging/tasks/delete_logging.yaml @@ -44,6 +44,7 @@ - logging-kibana - logging-kibana-proxy - logging-curator + - logging-mux ignore_errors: yes register: delete_result changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 @@ -109,5 +110,6 @@ - logging-curator - logging-elasticsearch - logging-fluentd + - logging-mux register: delete_result changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml index 740e490e1..b34df018d 100644 --- a/roles/openshift_logging/tasks/generate_certs.yaml +++ b/roles/openshift_logging/tasks/generate_certs.yaml @@ -45,6 +45,21 @@ - procure_component: kibana-internal hostnames: "kibana, kibana-ops, {{openshift_logging_kibana_hostname}}, {{openshift_logging_kibana_ops_hostname}}" +- include: procure_server_certs.yaml + loop_control: + loop_var: cert_info + with_items: + - procure_component: mux + hostnames: "logging-mux, {{openshift_logging_mux_hostname}}" + when: openshift_logging_use_mux + +- include: procure_shared_key.yaml + loop_control: + loop_var: shared_key_info + with_items: + - procure_component: mux + when: openshift_logging_use_mux + - name: Copy proxy TLS configuration file copy: src=server-tls.json dest={{generated_certs_dir}}/server-tls.json when: server_tls_json is undefined @@ -85,6 +100,14 @@ loop_control: loop_var: node_name +- name: Generate PEM cert for mux + include: generate_pems.yaml component={{node_name}} + with_items: + - system.logging.mux + loop_control: + loop_var: node_name + when: openshift_logging_use_mux + - name: Creating necessary JKS certs include: generate_jks.yaml diff --git a/roles/openshift_logging/tasks/generate_configmaps.yaml b/roles/openshift_logging/tasks/generate_configmaps.yaml index 253543f54..44bd0058a 100644 --- a/roles/openshift_logging/tasks/generate_configmaps.yaml +++ b/roles/openshift_logging/tasks/generate_configmaps.yaml @@ -134,3 +134,43 @@ when: fluentd_configmap.stdout is defined changed_when: no check_mode: no + +- block: + - copy: + src: fluent.conf + dest: "{{mktemp.stdout}}/fluent-mux.conf" + when: fluentd_mux_config_contents is undefined + changed_when: no + + - copy: + src: secure-forward.conf + dest: "{{mktemp.stdout}}/secure-forward-mux.conf" + when: fluentd_mux_securefoward_contents is undefined + changed_when: no + + - copy: + content: "{{fluentd_mux_config_contents}}" + dest: "{{mktemp.stdout}}/fluent-mux.conf" + when: fluentd_mux_config_contents is defined + changed_when: no + + - copy: + content: "{{fluentd_mux_secureforward_contents}}" + dest: "{{mktemp.stdout}}/secure-forward-mux.conf" + when: fluentd_mux_secureforward_contents is defined + changed_when: no + + - command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-mux + --from-file=fluent.conf={{mktemp.stdout}}/fluent-mux.conf + --from-file=secure-forward.conf={{mktemp.stdout}}/secure-forward-mux.conf -o yaml --dry-run + register: mux_configmap + changed_when: no + + - copy: + content: "{{mux_configmap.stdout}}" + dest: "{{mktemp.stdout}}/templates/logging-mux-configmap.yaml" + when: mux_configmap.stdout is defined + changed_when: no + check_mode: no + when: openshift_logging_use_mux diff --git a/roles/openshift_logging/tasks/generate_secrets.yaml b/roles/openshift_logging/tasks/generate_secrets.yaml index f396bcc6d..c1da49fd8 100644 --- a/roles/openshift_logging/tasks/generate_secrets.yaml +++ b/roles/openshift_logging/tasks/generate_secrets.yaml @@ -34,6 +34,36 @@ check_mode: no changed_when: no +- name: Retrieving the cert to use when generating secrets for mux + slurp: src="{{generated_certs_dir}}/{{item.file}}" + register: mux_key_pairs + with_items: + - { name: "ca_file", file: "ca.crt" } + - { name: "mux_key", file: "system.logging.mux.key"} + - { name: "mux_cert", file: "system.logging.mux.crt"} + - { name: "mux_shared_key", file: "mux_shared_key"} + when: openshift_logging_use_mux + +- name: Generating secrets for mux + template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml + vars: + secret_name: "logging-{{component}}" + secret_key_file: "{{component}}_key" + secret_cert_file: "{{component}}_cert" + secrets: + - {key: ca, value: "{{mux_key_pairs | entry_from_named_pair('ca_file')| b64decode }}"} + - {key: key, value: "{{mux_key_pairs | entry_from_named_pair(secret_key_file)| b64decode }}"} + - {key: cert, value: "{{mux_key_pairs | entry_from_named_pair(secret_cert_file)| b64decode }}"} + - {key: shared_key, value: "{{mux_key_pairs | entry_from_named_pair('mux_shared_key')| b64decode }}"} + secret_keys: ["ca", "cert", "key", "shared_key"] + with_items: + - mux + loop_control: + loop_var: component + check_mode: no + changed_when: no + when: openshift_logging_use_mux + - name: Generating secrets for kibana proxy template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml vars: @@ -43,7 +73,7 @@ - {key: session-secret, value: "{{session_secret}}"} - {key: server-key, value: "{{kibana_key_file}}"} - {key: server-cert, value: "{{kibana_cert_file}}"} - - {key: server-tls, value: "{{server_tls_file}}"} + - {key: server-tls.json, value: "{{server_tls_file}}"} secret_keys: ["server-tls.json", "server-key", "session-secret", "oauth-secret", "server-cert"] kibana_key_file: "{{key_pairs | entry_from_named_pair('kibana_internal_key')| b64decode }}" kibana_cert_file: "{{key_pairs | entry_from_named_pair('kibana_internal_cert')| b64decode }}" diff --git a/roles/openshift_logging/tasks/generate_services.yaml b/roles/openshift_logging/tasks/generate_services.yaml index 5091c1209..e3a5c5eb3 100644 --- a/roles/openshift_logging/tasks/generate_services.yaml +++ b/roles/openshift_logging/tasks/generate_services.yaml @@ -85,3 +85,35 @@ when: openshift_logging_use_ops | bool check_mode: no changed_when: no + +- name: Generating logging-mux service for external connections + template: src=service.j2 dest={{mktemp.stdout}}/templates/logging-mux-svc.yaml + vars: + obj_name: logging-mux + ports: + - {port: "{{openshift_logging_mux_port}}", targetPort: mux-forward, name: mux-forward} + labels: + logging-infra: support + selector: + provider: openshift + component: mux + externalIPs: + - "{{ ansible_eth0.ipv4.address }}" + check_mode: no + changed_when: no + when: openshift_logging_mux_allow_external + +- name: Generating logging-mux service for intra-cluster connections + template: src=service.j2 dest={{mktemp.stdout}}/templates/logging-mux-svc.yaml + vars: + obj_name: logging-mux + ports: + - {port: "{{openshift_logging_mux_port}}", targetPort: mux-forward, name: mux-forward} + labels: + logging-infra: support + selector: + provider: openshift + component: mux + check_mode: no + changed_when: no + when: openshift_logging_use_mux and not openshift_logging_mux_allow_external diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml index 28fad420b..b80f37892 100644 --- a/roles/openshift_logging/tasks/install_elasticsearch.yaml +++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml @@ -5,60 +5,47 @@ - set_fact: openshift_logging_es_pvc_prefix="logging-es" when: "not openshift_logging_es_pvc_prefix or openshift_logging_es_pvc_prefix == ''" -- set_fact: es_pvc_pool={{[]}} - -- set_fact: openshift_logging_es_pvc_prefix="{{ openshift_logging_es_pvc_prefix | default('logging-es') }}" - -- name: Generate PersistentVolumeClaims - include: "{{ role_path}}/tasks/generate_pvcs.yaml" +### evaluate if the PVC attached to the dc currently matches the provided vars +## if it does then we reuse that pvc in the DC +- include: set_es_storage.yaml vars: - es_pv_selector: "{{openshift_logging_es_pv_selector}}" - es_pvc_dynamic: "{{openshift_logging_es_pvc_dynamic | bool}}" - es_pvc_names: "{{openshift_logging_facts.elasticsearch.pvcs.keys()}}" - es_pvc_prefix: "{{openshift_logging_es_pvc_prefix}}" - es_pvc_size: "{{openshift_logging_es_pvc_size}}" - es_dc_names: "{{openshift_logging_facts.elasticsearch.deploymentconfigs.keys()}}" - es_cluster_size: "{{openshift_logging_es_cluster_size}}" - es_access_modes: "{{ openshift_logging_storage_access_modes }}" - -# we should initialize the es_dc_pool with the current keys -- name: Init pool of DeploymentConfig names for Elasticsearch - set_fact: es_dc_pool={{ es_dc_pool | default([]) + [deploy_name] }} - with_items: "{{ openshift_logging_facts.elasticsearch.deploymentconfigs.keys() }}" + es_component: es + es_name: "{{ deployment.0 }}" + es_spec: "{{ deployment.1 }}" + es_node_selector: "{{ openshift_logging_es_nodeselector | default({}) }}" + es_pvc_names: "{{ openshift_logging_facts.elasticsearch.pvcs.keys() }}" + es_pvc_size: "{{ openshift_logging_es_pvc_size }}" + es_pvc_prefix: "{{ openshift_logging_es_pvc_prefix }}" + es_pvc_dynamic: "{{ openshift_logging_es_pvc_dynamic | bool }}" + es_pv_selector: "{{ openshift_logging_es_pv_selector }}" + es_cpu_limit: "{{ openshift_logging_es_cpu_limit }}" + es_memory_limit: "{{ openshift_logging_es_memory_limit }}" + es_number_of_shards: "{{ openshift_logging_es_number_of_shards }}" + es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas }}" + with_together: + - "{{ openshift_logging_facts.elasticsearch.deploymentconfigs.keys() }}" + - "{{ openshift_logging_facts.elasticsearch.deploymentconfigs.values() }}" loop_control: - loop_var: deploy_name + loop_var: deployment +## if it does not then we should create one that does and attach it -# This should be used to generate new DC names if necessary -- name: Create new DeploymentConfig names for Elasticsearch - set_fact: es_dc_pool={{es_dc_pool|default([]) + [deploy_name]}} +## create new dc/pvc is needed +- include: set_es_storage.yaml vars: - component: es - es_cluster_name: "{{component}}" - deploy_name_prefix: "logging-{{component}}" - deploy_name: "{{deploy_name_prefix}}-{{'abcdefghijklmnopqrstuvwxyz0123456789'|random_word(8)}}" - with_sequence: count={{ openshift_logging_es_cluster_size | int - openshift_logging_current_es_size | int }} - check_mode: no - -- name: Generate Elasticsearch DeploymentConfig - template: src=es.j2 dest={{mktemp.stdout}}/templates/logging-{{deploy_name}}-dc.yaml - vars: - component: es - logging_component: elasticsearch - deploy_name_prefix: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-elasticsearch:{{openshift_logging_image_version}}" - es_cluster_name: "{{component}}" - es_cpu_limit: "{{openshift_logging_es_cpu_limit }}" - es_memory_limit: "{{openshift_logging_es_memory_limit}}" - pvc_claim: "{{(es_pvc_pool | length > item.0) | ternary(es_pvc_pool[item.0], None)}}" - deploy_name: "{{item.1}}" - es_node_selector: "{{openshift_logging_es_nodeselector | default({}) }}" - es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim)}}" + es_component: es + es_name: "logging-es-{{'abcdefghijklmnopqrstuvwxyz0123456789'|random_word(8)}}" + es_spec: "{}" + es_node_selector: "{{ openshift_logging_es_nodeselector | default({}) }}" + es_pvc_names: "{{ openshift_logging_facts.elasticsearch.pvcs.keys() }}" + es_pvc_size: "{{ openshift_logging_es_pvc_size }}" + es_pvc_prefix: "{{ openshift_logging_es_pvc_prefix }}" + es_pvc_dynamic: "{{ openshift_logging_es_pvc_dynamic | bool }}" + es_pv_selector: "{{ openshift_logging_es_pv_selector }}" + es_cpu_limit: "{{ openshift_logging_es_cpu_limit }}" + es_memory_limit: "{{ openshift_logging_es_memory_limit }}" es_number_of_shards: "{{ openshift_logging_es_number_of_shards }}" es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas }}" - with_indexed_items: - - "{{ es_dc_pool }}" - check_mode: no - changed_when: no + with_sequence: count={{ openshift_logging_es_cluster_size | int - openshift_logging_facts.elasticsearch.deploymentconfigs | count }} # --------- Tasks for Operation clusters --------- @@ -73,74 +60,53 @@ es_dcs: "{{openshift_logging_facts.elasticsearch_ops.deploymentconfigs}}" cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" when: - - openshift_logging_use_ops | bool - - "{{es_dcs | length - openshift_logging_es_ops_cluster_size|int | abs > 1}}" + - openshift_logging_use_ops | bool + - "{{es_dcs | length - openshift_logging_es_ops_cluster_size|int | abs > 1}}" check_mode: no - set_fact: openshift_logging_es_ops_pvc_prefix="logging-es-ops" when: "not openshift_logging_es_ops_pvc_prefix or openshift_logging_es_ops_pvc_prefix == ''" -- set_fact: es_pvc_pool={{[]}} - -- name: Generate PersistentVolumeClaims for Ops - include: "{{ role_path}}/tasks/generate_pvcs.yaml" +- include: set_es_storage.yaml vars: - es_pvc_names: "{{openshift_logging_facts.elasticsearch_ops.pvcs.keys()}}" - es_dc_names: "{{openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys()}}" - es_pvc_size: "{{openshift_logging_es_ops_pvc_size}}" - es_pvc_prefix: "{{openshift_logging_es_ops_pvc_prefix}}" - es_cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" - es_pvc_dynamic: "{{openshift_logging_es_ops_pvc_dynamic | bool}}" - es_pv_selector: "{{openshift_logging_es_ops_pv_selector}}" - es_access_modes: "{{ openshift_logging_storage_access_modes }}" - when: - - openshift_logging_use_ops | bool - check_mode: no - -- name: Init pool of DeploymentConfig names for Elasticsearch Ops - set_fact: es_ops_dc_pool={{ es_ops_dc_pool | default([]) + [deploy_name] }} - with_items: "{{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() }}" + es_component: es-ops + es_name: "{{ deployment.0 }}" + es_spec: "{{ deployment.1 }}" + es_node_selector: "{{ openshift_logging_es_ops_nodeselector | default({}) }}" + es_pvc_names: "{{ openshift_logging_facts.elasticsearch_ops.pvcs.keys() }}" + es_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" + es_pvc_prefix: "{{ openshift_logging_es_ops_pvc_prefix }}" + es_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic | bool }}" + es_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" + es_cpu_limit: "{{ openshift_logging_es_ops_cpu_limit }}" + es_memory_limit: "{{ openshift_logging_es_ops_memory_limit }}" + es_number_of_shards: "{{ openshift_logging_es_ops_number_of_shards }}" + es_number_of_replicas: "{{ openshift_logging_es_ops_number_of_replicas }}" + with_together: + - "{{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() }}" + - "{{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.values() }}" loop_control: - loop_var: deploy_name - when: - - openshift_logging_use_ops | bool - -- name: Create new DeploymentConfig names for Elasticsearch Ops - set_fact: es_ops_dc_pool={{es_ops_dc_pool | default([]) + [deploy_name]}} - vars: - component: es-ops - es_cluster_name: "{{component}}" - deploy_name_prefix: "logging-{{component}}" - deploy_name: "{{deploy_name_prefix}}-{{'abcdefghijklmnopqrstuvwxyz0123456789'|random_word(8)}}" - cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" - with_sequence: count={{ openshift_logging_es_ops_cluster_size | int - openshift_logging_current_es_ops_size | int }} + loop_var: deployment when: - - openshift_logging_use_ops | bool - check_mode: no + - openshift_logging_use_ops | bool +## if it does not then we should create one that does and attach it -- name: Generate Elasticsearch DeploymentConfig for Ops - template: src=es.j2 dest={{mktemp.stdout}}/templates/logging-{{deploy_name}}-dc.yaml +## create new dc/pvc is needed +- include: set_es_storage.yaml vars: - component: es-ops - logging_component: elasticsearch - deploy_name_prefix: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-elasticsearch:{{openshift_logging_image_version}}" - pvc_claim: "{{(es_pvc_pool | length > item.0) | ternary(es_pvc_pool[item.0], None)}}" - deploy_name: "{{item.1}}" - es_cluster_name: "{{component}}" - es_cpu_limit: "{{openshift_logging_es_ops_cpu_limit }}" - es_memory_limit: "{{openshift_logging_es_ops_memory_limit}}" - es_node_quorum: "{{es_ops_node_quorum}}" - es_recover_after_nodes: "{{es_ops_recover_after_nodes}}" - es_recover_expected_nodes: "{{es_ops_recover_expected_nodes}}" - openshift_logging_es_recover_after_time: "{{openshift_logging_es_ops_recover_after_time}}" - es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({}) }}" - es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim,root='elasticsearch_ops')}}" + es_component: es-ops + es_name: "logging-es-ops-{{'abcdefghijklmnopqrstuvwxyz0123456789'|random_word(8)}}" + es_spec: "{}" + es_node_selector: "{{ openshift_logging_es_ops_nodeselector | default({}) }}" + es_pvc_names: "{{ openshift_logging_facts.elasticsearch_ops.pvcs.keys() }}" + es_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" + es_pvc_prefix: "{{ openshift_logging_es_ops_pvc_prefix }}" + es_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic | bool }}" + es_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" + es_cpu_limit: "{{ openshift_logging_es_ops_cpu_limit }}" + es_memory_limit: "{{ openshift_logging_es_ops_memory_limit }}" es_number_of_shards: "{{ openshift_logging_es_ops_number_of_shards }}" es_number_of_replicas: "{{ openshift_logging_es_ops_number_of_replicas }}" - with_indexed_items: - - "{{ es_ops_dc_pool | default([]) }}" + with_sequence: count={{ openshift_logging_es_ops_cluster_size | int - openshift_logging_facts.elasticsearch_ops.deploymentconfigs | count }} when: - - openshift_logging_use_ops | bool - check_mode: no - changed_when: no + - openshift_logging_use_ops | bool diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 83b68fa77..aec455c22 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -27,6 +27,10 @@ loop_control: loop_var: install_component +- name: Install logging mux + include: "{{ role_path }}/tasks/install_mux.yaml" + when: openshift_logging_use_mux + - find: paths={{ mktemp.stdout }}/templates patterns=*.yaml register: object_def_files changed_when: no diff --git a/roles/openshift_logging/tasks/install_mux.yaml b/roles/openshift_logging/tasks/install_mux.yaml new file mode 100644 index 000000000..296da626f --- /dev/null +++ b/roles/openshift_logging/tasks/install_mux.yaml @@ -0,0 +1,67 @@ +--- +- set_fact: mux_ops_host={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_host, openshift_logging_es_host) }} + check_mode: no + +- set_fact: mux_ops_port={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_port, openshift_logging_es_port) }} + check_mode: no + +- name: Check mux current replica count + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc/logging-mux + -o jsonpath='{.spec.replicas}' -n {{openshift_logging_namespace}} + register: mux_replica_count + when: not ansible_check_mode + ignore_errors: yes + changed_when: no + +- name: Generating mux deploymentconfig + template: src=mux.j2 dest={{mktemp.stdout}}/templates/logging-mux-dc.yaml + vars: + component: mux + logging_component: mux + deploy_name: "logging-{{component}}" + image: "{{openshift_logging_image_prefix}}logging-fluentd:{{openshift_logging_image_version}}" + es_host: logging-es + es_port: "{{openshift_logging_es_port}}" + ops_host: "{{ mux_ops_host }}" + ops_port: "{{ mux_ops_port }}" + mux_cpu_limit: "{{openshift_logging_mux_cpu_limit}}" + mux_memory_limit: "{{openshift_logging_mux_memory_limit}}" + replicas: "{{mux_replica_count.stdout | default (0)}}" + mux_node_selector: "{{openshift_logging_mux_nodeselector | default({})}}" + check_mode: no + changed_when: no + +- name: "Check mux hostmount-anyuid permissions" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig + get scc/hostmount-anyuid -o jsonpath='{.users}' + register: mux_hostmount_anyuid + check_mode: no + changed_when: no + +- name: "Set hostmount-anyuid permissions for mux" + command: > + {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy + add-scc-to-user hostmount-anyuid system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd + register: mux_output + failed_when: "mux_output.rc == 1 and 'exists' not in mux_output.stderr" + check_mode: no + when: mux_hostmount_anyuid.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1 + +- name: "Check mux cluster-reader permissions" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig + get clusterrolebinding/cluster-readers -o jsonpath='{.userNames}' + register: mux_cluster_reader + check_mode: no + changed_when: no + +- name: "Set cluster-reader permissions for mux" + command: > + {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy + add-cluster-role-to-user cluster-reader system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd + register: mux2_output + failed_when: "mux2_output.rc == 1 and 'exists' not in mux2_output.stderr" + check_mode: no + when: mux_cluster_reader.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1 diff --git a/roles/openshift_logging/tasks/oc_apply.yaml b/roles/openshift_logging/tasks/oc_apply.yaml index cb9509de1..c4db7d033 100644 --- a/roles/openshift_logging/tasks/oc_apply.yaml +++ b/roles/openshift_logging/tasks/oc_apply.yaml @@ -1,52 +1,52 @@ --- -- name: Checking generation of {{file_content.kind}} {{file_content.metadata.name}} - command: > - {{ openshift.common.client_binary }} - --config={{ kubeconfig }} - get {{file_content.kind}} {{file_content.metadata.name}} - -o jsonpath='{.metadata.resourceVersion}' - -n {{namespace}} - register: generation_init - failed_when: "'not found' not in generation_init.stderr and generation_init.stdout == ''" - changed_when: no +- oc_obj: + kind: "{{ file_content.kind }}" + name: "{{ file_content.metadata.name }}" + state: present + namespace: "{{ namespace }}" + files: + - "{{ file_name }}" + when: file_content.kind != "Service" -- name: Applying {{file_name}} - command: > - {{ openshift.common.client_binary }} --config={{ kubeconfig }} - apply -f {{ file_name }} - -n {{ namespace }} - register: generation_apply - failed_when: "'error' in generation_apply.stderr" - changed_when: no +## still need to do this for services until the template logic is replaced by oc_* +- block: + - name: Checking generation of {{file_content.kind}} {{file_content.metadata.name}} + command: > + {{ openshift.common.client_binary }} + --config={{ kubeconfig }} + get {{file_content.kind}} {{file_content.metadata.name}} + -o jsonpath='{.metadata.resourceVersion}' + -n {{namespace}} + register: generation_init + failed_when: "'not found' not in generation_init.stderr and generation_init.stdout == ''" + changed_when: no -- name: Determine change status of {{file_content.kind}} {{file_content.metadata.name}} - command: > - {{ openshift.common.client_binary }} --config={{ kubeconfig }} - get {{file_content.kind}} {{file_content.metadata.name}} - -o jsonpath='{.metadata.resourceVersion}' - -n {{namespace}} - register: generation_changed - failed_when: "'not found' not in generation_changed.stderr and generation_changed.stdout == ''" - changed_when: generation_changed.stdout | default (0) | int > generation_init.stdout | default(0) | int - when: - - "'field is immutable' not in generation_apply.stderr" + - name: Applying {{file_name}} + command: > + {{ openshift.common.client_binary }} --config={{ kubeconfig }} + apply -f {{ file_name }} + -n {{ namespace }} + register: generation_apply + failed_when: "'error' in generation_apply.stderr" + changed_when: no -- name: Removing previous {{file_name}} - command: > - {{ openshift.common.client_binary }} --config={{ kubeconfig }} - delete -f {{ file_name }} - -n {{ namespace }} - register: generation_delete - failed_when: "'error' in generation_delete.stderr" - changed_when: generation_delete.rc == 0 - when: "'field is immutable' in generation_apply.stderr" + - name: Removing previous {{file_name}} + command: > + {{ openshift.common.client_binary }} --config={{ kubeconfig }} + delete -f {{ file_name }} + -n {{ namespace }} + register: generation_delete + failed_when: "'error' in generation_delete.stderr" + changed_when: generation_delete.rc == 0 + when: "'field is immutable' in generation_apply.stderr" -- name: Recreating {{file_name}} - command: > - {{ openshift.common.client_binary }} --config={{ kubeconfig }} - apply -f {{ file_name }} - -n {{ namespace }} - register: generation_apply - failed_when: "'error' in generation_apply.stderr" - changed_when: generation_apply.rc == 0 - when: "'field is immutable' in generation_apply.stderr" + - name: Recreating {{file_name}} + command: > + {{ openshift.common.client_binary }} --config={{ kubeconfig }} + apply -f {{ file_name }} + -n {{ namespace }} + register: generation_apply + failed_when: "'error' in generation_apply.stderr" + changed_when: generation_apply.rc == 0 + when: "'field is immutable' in generation_apply.stderr" + when: file_content.kind == "Service" diff --git a/roles/openshift_logging/tasks/procure_shared_key.yaml b/roles/openshift_logging/tasks/procure_shared_key.yaml new file mode 100644 index 000000000..056ff6b98 --- /dev/null +++ b/roles/openshift_logging/tasks/procure_shared_key.yaml @@ -0,0 +1,25 @@ +--- +- name: Checking for {{ shared_key_info.procure_component }}_shared_key + stat: path="{{generated_certs_dir}}/{{ shared_key_info.procure_component }}_shared_key" + register: component_shared_key_file + check_mode: no + +- name: Trying to discover shared key variable name for {{ shared_key_info.procure_component }} + set_fact: procure_component_shared_key={{ lookup('env', '{{shared_key_info.procure_component}}' + '_shared_key') }} + when: + - shared_key_info[ shared_key_info.procure_component + '_shared_key' ] is defined + check_mode: no + +- name: Creating shared_key for {{ shared_key_info.procure_component }} + copy: content="{{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(64)}}" + dest="{{generated_certs_dir}}/{{shared_key_info.procure_component}}_shared_key" + check_mode: no + when: + - not component_shared_key_file.stat.exists + +- name: Copying shared key for {{ shared_key_info.procure_component }} to generated certs directory + copy: content="{{procure_component_shared_key}}" dest="{{generated_certs_dir}}/{{shared_key_info.procure_component}}_shared_key" + check_mode: no + when: + - shared_key_info[ shared_key_info.procure_component + '_shared_key' ] is defined + - not component_shared_key_file.stat.exists diff --git a/roles/openshift_logging/tasks/set_es_storage.yaml b/roles/openshift_logging/tasks/set_es_storage.yaml new file mode 100644 index 000000000..198b1d04d --- /dev/null +++ b/roles/openshift_logging/tasks/set_es_storage.yaml @@ -0,0 +1,82 @@ +--- +- set_fact: es_storage_type="{{ es_spec.volumes['elasticsearch-storage'] }}" + when: es_spec.volumes is defined + +- set_fact: es_storage_claim="{{ es_spec.volumes['elasticsearch-storage'].persistentVolumeClaim.claimName }}" + when: + - es_spec.volumes is defined + - es_storage_type.persistentVolumeClaim is defined + +- set_fact: es_storage_claim="" + when: + - not es_spec.volumes is defined or not es_storage_type.persistentVolumeClaim is defined + +## take an ES dc and evaluate its storage option +# if it is a hostmount or emptydir we don't do anything with it +# if its a pvc we see if the corresponding pvc matches the provided specs (if they exist) +- oc_obj: + state: list + kind: pvc + name: "{{ es_storage_claim }}" + namespace: "{{ openshift_logging_namespace }}" + register: pvc_spec + failed_when: pvc_spec.results.stderr is defined + when: + - es_spec.volumes is defined + - es_storage_type.persistentVolumeClaim is defined + +- set_fact: pvc_size="{{ pvc_spec.results.results[0].spec.resources.requests.storage }}" + when: + - pvc_spec.results is defined + - pvc_spec.results.results[0].spec is defined + +# if not create the pvc and use it +- block: + + - name: Generating PersistentVolumeClaims + template: src=pvc.j2 dest={{mktemp.stdout}}/templates/logging-{{obj_name}}-pvc.yaml + vars: + obj_name: "{{ es_pvc_prefix }}-{{ es_pvc_names | count }}" + size: "{{ es_pvc_size }}" + access_modes: "{{ openshift_logging_storage_access_modes }}" + pv_selector: "{{ es_pv_selector }}" + when: not es_pvc_dynamic | bool + check_mode: no + changed_when: no + + - name: Generating PersistentVolumeClaims - Dynamic + template: src=pvc.j2 dest={{mktemp.stdout}}/templates/logging-{{obj_name}}-pvc.yaml + vars: + obj_name: "{{ es_pvc_prefix }}-{{ es_pvc_names | count }}" + annotations: + volume.alpha.kubernetes.io/storage-class: "dynamic" + size: "{{ es_pvc_size }}" + access_modes: "{{ openshift_logging_storage_access_modes }}" + pv_selector: "{{ es_pv_selector }}" + when: es_pvc_dynamic | bool + check_mode: no + changed_when: no + + - set_fact: es_storage_claim="{{ es_pvc_prefix }}-{{ es_pvc_names | count }}" + + when: + - es_pvc_size | search('^\d.*') + - not es_spec.volumes is defined or not es_storage_claim | search( es_pvc_prefix ) or ( not pvc_size | search( es_pvc_size ) and not es_pvc_size | search( pvc_size ) ) + +- name: Generate Elasticsearch DeploymentConfig + template: src=es.j2 dest={{mktemp.stdout}}/templates/logging-{{deploy_name}}-dc.yaml + vars: + component: "{{ es_component }}" + deploy_name: "{{ es_name }}" + logging_component: elasticsearch + deploy_name_prefix: "logging-{{ es_component }}" + image: "{{openshift_logging_image_prefix}}logging-elasticsearch:{{openshift_logging_image_version}}" + es_cluster_name: "{{component}}" + es_cpu_limit: "{{ es_cpu_limit }}" + es_memory_limit: "{{ es_memory_limit }}" + es_node_selector: "{{ es_node_selector }}" + es_storage: "{{ openshift_logging_facts | es_storage( es_name, es_storage_claim ) }}" + es_number_of_shards: "{{ es_number_of_shards }}" + es_number_of_replicas: "{{ es_number_of_replicas }}" + check_mode: no + changed_when: no diff --git a/roles/openshift_logging/tasks/start_cluster.yaml b/roles/openshift_logging/tasks/start_cluster.yaml index edbb62c3e..1042b3daa 100644 --- a/roles/openshift_logging/tasks/start_cluster.yaml +++ b/roles/openshift_logging/tasks/start_cluster.yaml @@ -21,6 +21,26 @@ loop_control: loop_var: fluentd_host +- name: Retrieve mux + oc_obj: + state: list + kind: dc + selector: "component=mux" + namespace: "{{openshift_logging_namespace}}" + register: mux_dc + when: openshift_logging_use_mux + +- name: start mux + oc_scale: + kind: dc + name: "{{ object }}" + namespace: "{{openshift_logging_namespace}}" + replicas: "{{ openshift_logging_mux_replica_count | default (1) }}" + with_items: "{{ mux_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" + loop_control: + loop_var: object + when: openshift_logging_use_mux + - name: Retrieve elasticsearch oc_obj: state: list diff --git a/roles/openshift_logging/tasks/stop_cluster.yaml b/roles/openshift_logging/tasks/stop_cluster.yaml index 4b3722e29..d20c57cc1 100644 --- a/roles/openshift_logging/tasks/stop_cluster.yaml +++ b/roles/openshift_logging/tasks/stop_cluster.yaml @@ -21,6 +21,26 @@ loop_control: loop_var: fluentd_host +- name: Retrieve mux + oc_obj: + state: list + kind: dc + selector: "component=mux" + namespace: "{{openshift_logging_namespace}}" + register: mux_dc + when: openshift_logging_use_mux + +- name: stop mux + oc_scale: + kind: dc + name: "{{ object }}" + namespace: "{{openshift_logging_namespace}}" + replicas: 0 + with_items: "{{ mux_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" + loop_control: + loop_var: object + when: openshift_logging_use_mux + - name: Retrieve elasticsearch oc_obj: state: list diff --git a/roles/openshift_logging/templates/curator.j2 b/roles/openshift_logging/templates/curator.j2 index a0fefd882..c6284166b 100644 --- a/roles/openshift_logging/templates/curator.j2 +++ b/roles/openshift_logging/templates/curator.j2 @@ -89,9 +89,6 @@ spec: - name: config mountPath: /etc/curator/settings readOnly: true - - name: elasticsearch-storage - mountPath: /elasticsearch/persistent - readOnly: true volumes: - name: certs secret: @@ -99,5 +96,3 @@ spec: - name: config configMap: name: logging-curator - - name: elasticsearch-storage - emptyDir: {} diff --git a/roles/openshift_logging/templates/es.j2 b/roles/openshift_logging/templates/es.j2 index 16185fc1d..f89855bf5 100644 --- a/roles/openshift_logging/templates/es.j2 +++ b/roles/openshift_logging/templates/es.j2 @@ -95,6 +95,13 @@ spec: readOnly: true - name: elasticsearch-storage mountPath: /elasticsearch/persistent + readinessProbe: + exec: + command: + - "/usr/share/elasticsearch/probe/readiness.sh" + initialDelaySeconds: 5 + timeoutSeconds: 4 + periodSeconds: 5 volumes: - name: elasticsearch secret: diff --git a/roles/openshift_logging/templates/fluentd.j2 b/roles/openshift_logging/templates/fluentd.j2 index 0bf1686ad..d13691259 100644 --- a/roles/openshift_logging/templates/fluentd.j2 +++ b/roles/openshift_logging/templates/fluentd.j2 @@ -59,6 +59,11 @@ spec: - name: dockercfg mountPath: /etc/sysconfig/docker readOnly: true +{% if openshift_logging_use_mux_client | bool %} + - name: muxcerts + mountPath: /etc/fluent/muxkeys + readOnly: true +{% endif %} env: - name: "K8S_HOST_URL" value: "{{openshift_logging_master_url}}" @@ -122,6 +127,8 @@ spec: value: "{{openshift_logging_fluentd_journal_source | default('')}}" - name: "JOURNAL_READ_FROM_HEAD" value: "{{openshift_logging_fluentd_journal_read_from_head|lower}}" + - name: "USE_MUX_CLIENT" + value: "{{openshift_logging_use_mux_client| default('false')}}" volumes: - name: runlogjournal hostPath: @@ -147,3 +154,8 @@ spec: - name: dockercfg hostPath: path: /etc/sysconfig/docker +{% if openshift_logging_use_mux_client | bool %} + - name: muxcerts + secret: + secretName: logging-mux +{% endif %} diff --git a/roles/openshift_logging/templates/mux.j2 b/roles/openshift_logging/templates/mux.j2 new file mode 100644 index 000000000..41e6abd52 --- /dev/null +++ b/roles/openshift_logging/templates/mux.j2 @@ -0,0 +1,121 @@ +apiVersion: "v1" +kind: "DeploymentConfig" +metadata: + name: "{{deploy_name}}" + labels: + provider: openshift + component: "{{component}}" + logging-infra: "{{logging_component}}" +spec: + replicas: {{replicas|default(0)}} + selector: + provider: openshift + component: "{{component}}" + logging-infra: "{{logging_component}}" + strategy: + rollingParams: + intervalSeconds: 1 + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + name: "{{deploy_name}}" + labels: + logging-infra: "{{logging_component}}" + provider: openshift + component: "{{component}}" + spec: + serviceAccountName: aggregated-logging-fluentd +{% if mux_node_selector is iterable and mux_node_selector | length > 0 %} + nodeSelector: +{% for key, value in mux_node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} +{% endif %} + containers: + - name: "mux" + image: {{image}} + imagePullPolicy: Always +{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) %} + resources: + limits: +{% if mux_cpu_limit is not none %} + cpu: "{{mux_cpu_limit}}" +{% endif %} +{% if mux_memory_limit is not none %} + memory: "{{mux_memory_limit}}" +{% endif %} +{% endif %} + ports: + - containerPort: "{{ openshift_logging_mux_port }}" + name: mux-forward + volumeMounts: + - name: config + mountPath: /etc/fluent/configs.d/user + readOnly: true + - name: certs + mountPath: /etc/fluent/keys + readOnly: true + - name: dockerhostname + mountPath: /etc/docker-hostname + readOnly: true + - name: localtime + mountPath: /etc/localtime + readOnly: true + - name: muxcerts + mountPath: /etc/fluent/muxkeys + readOnly: true + env: + - name: "K8S_HOST_URL" + value: "{{openshift_logging_master_url}}" + - name: "ES_HOST" + value: "{{openshift_logging_es_host}}" + - name: "ES_PORT" + value: "{{openshift_logging_es_port}}" + - name: "ES_CLIENT_CERT" + value: "{{openshift_logging_es_client_cert}}" + - name: "ES_CLIENT_KEY" + value: "{{openshift_logging_es_client_key}}" + - name: "ES_CA" + value: "{{openshift_logging_es_ca}}" + - name: "OPS_HOST" + value: "{{ops_host}}" + - name: "OPS_PORT" + value: "{{ops_port}}" + - name: "OPS_CLIENT_CERT" + value: "{{openshift_logging_es_ops_client_cert}}" + - name: "OPS_CLIENT_KEY" + value: "{{openshift_logging_es_ops_client_key}}" + - name: "OPS_CA" + value: "{{openshift_logging_es_ops_ca}}" + - name: "USE_JOURNAL" + value: "false" + - name: "JOURNAL_SOURCE" + value: "{{openshift_logging_fluentd_journal_source | default('')}}" + - name: "JOURNAL_READ_FROM_HEAD" + value: "{{openshift_logging_fluentd_journal_read_from_head|lower}}" + - name: FORWARD_LISTEN_HOST + value: "{{ openshift_logging_mux_hostname }}" + - name: FORWARD_LISTEN_PORT + value: "{{ openshift_logging_mux_port }}" + - name: USE_MUX + value: "true" + - name: MUX_ALLOW_EXTERNAL + value: "{{ openshift_logging_mux_allow_external| default('false') }}" + volumes: + - name: config + configMap: + name: logging-mux + - name: certs + secret: + secretName: logging-fluentd + - name: dockerhostname + hostPath: + path: /etc/hostname + - name: localtime + hostPath: + path: /etc/localtime + - name: muxcerts + secret: + secretName: logging-mux diff --git a/roles/openshift_logging/templates/service.j2 b/roles/openshift_logging/templates/service.j2 index 6c4ec0c76..70644a39c 100644 --- a/roles/openshift_logging/templates/service.j2 +++ b/roles/openshift_logging/templates/service.j2 @@ -26,3 +26,9 @@ spec: {% for key, value in selector.iteritems() %} {{key}}: {{value}} {% endfor %} +{% if externalIPs is defined -%} + externalIPs: +{% for ip in externalIPs %} + - {{ ip }} +{% endfor %} +{% endif %} diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index f202486a5..cfc4e2722 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -3,24 +3,13 @@ msg: "The openshift_manageiq role requires OpenShift Enterprise 3.1 or Origin 1.1." when: not openshift.common.version_gte_3_1_or_1_1 | bool -- name: Copy Configuration to temporary conf - command: > - cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{manage_iq_tmp_conf}} - changed_when: false - - name: Add Management Infrastructure project - command: > - {{ openshift.common.client_binary }} adm new-project - management-infra - --description="Management Infrastructure" - --config={{manage_iq_tmp_conf}} - register: osmiq_create_mi_project - failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0" - changed_when: osmiq_create_mi_project.rc == 0 + oc_project: + name: management-infra + description: Management Infrastructure - name: Create Admin and Image Inspector Service Account oc_serviceaccount: - kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig" name: "{{ item }}" namespace: management-infra state: present @@ -28,51 +17,42 @@ - management-admin - inspector-admin -- name: Create Cluster Role - shell: > - echo {{ manageiq_cluster_role | to_json | quote }} | - {{ openshift.common.client_binary }} create - --config={{manage_iq_tmp_conf}} - -f - - register: osmiq_create_cluster_role - failed_when: "'already exists' not in osmiq_create_cluster_role.stderr and osmiq_create_cluster_role.rc != 0" - changed_when: osmiq_create_cluster_role.rc == 0 +- name: Create manageiq cluster role + oc_clusterrole: + name: management-infra-admin + rules: + - apiGroups: + - "" + resources: + - pods/proxy + verbs: + - "*" - name: Create Hawkular Metrics Admin Cluster Role - shell: > - echo {{ manageiq_metrics_admin_clusterrole | to_json | quote }} | - {{ openshift.common.client_binary }} - --config={{manage_iq_tmp_conf}} - create -f - - register: oshawkular_create_cluster_role - failed_when: "'already exists' not in oshawkular_create_cluster_role.stderr and oshawkular_create_cluster_role.rc != 0" - changed_when: oshawkular_create_cluster_role.rc == 0 - # AUDIT:changed_when_note: Checking the return code is insufficient - # here. We really need to verify the if the role even exists before - # we run this task. + oc_clusterrole: + name: hawkular-metrics-admin + rules: + - apiGroups: + - "" + resources: + - hawkular-alerts + - hawkular-metrics + verbs: + - "*" - name: Configure role/user permissions - command: > - {{ openshift.common.client_binary }} adm {{item}} - --config={{manage_iq_tmp_conf}} - with_items: "{{manage_iq_tasks}}" - register: osmiq_perm_task - failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0" - changed_when: osmiq_perm_task.rc == 0 - # AUDIT:changed_when_note: Checking the return code is insufficient - # here. We really need to compare the current role/user permissions - # with their expected state. I think we may have a module for this? - + oc_adm_policy_user: + namespace: management-infra + resource_name: "{{ item.resource_name }}" + resource_kind: "{{ item.resource_kind }}" + user: "{{ item.user }}" + with_items: "{{ manage_iq_tasks }}" - name: Configure 3_2 role/user permissions - command: > - {{ openshift.common.client_binary }} adm {{item}} - --config={{manage_iq_tmp_conf}} + oc_adm_policy_user: + namespace: management-infra + resource_name: "{{ item.resource_name }}" + resource_kind: "{{ item.resource_kind }}" + user: "{{ item.user }}" with_items: "{{manage_iq_openshift_3_2_tasks}}" - register: osmiq_perm_3_2_task - failed_when: osmiq_perm_3_2_task.rc != 0 - changed_when: osmiq_perm_3_2_task.rc == 0 when: openshift.common.version_gte_3_2_or_1_2 | bool - -- name: Clean temporary configuration file - file: path={{manage_iq_tmp_conf}} state=absent diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml index 9936bb126..15d667628 100644 --- a/roles/openshift_manageiq/vars/main.yml +++ b/roles/openshift_manageiq/vars/main.yml @@ -1,41 +1,31 @@ --- -openshift_master_config_dir: "{{ openshift.common.config_base }}/master" -manageiq_cluster_role: - apiVersion: v1 - kind: ClusterRole - metadata: - name: management-infra-admin - rules: - - resources: - - pods/proxy - verbs: - - '*' - -manageiq_metrics_admin_clusterrole: - apiVersion: v1 - kind: ClusterRole - metadata: - name: hawkular-metrics-admin - rules: - - apiGroups: - - "" - resources: - - hawkular-metrics - - hawkular-alerts - verbs: - - '*' - -manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig - manage_iq_tasks: -- policy add-role-to-user -n management-infra admin -z management-admin -- policy add-role-to-user -n management-infra management-infra-admin -z management-admin -- policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin -- policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin -- policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin -- policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin -- policy add-cluster-role-to-user self-provisioner system:serviceaccount:management-infra:management-admin -- policy add-cluster-role-to-user hawkular-metrics-admin system:serviceaccount:management-infra:management-admin +- resource_kind: role + resource_name: admin + user: management-admin +- resource_kind: role + resource_name: management-infra-admin + user: management-admin +- resource_kind: cluster-role + resource_name: cluster-reader + user: system:serviceaccount:management-infra:management-admin +- resource_kind: scc + resource_name: privileged + user: system:serviceaccount:management-infra:management-admin +- resource_kind: cluster-role + resource_name: system:image-puller + user: system:serviceaccount:management-infra:inspector-admin +- resource_kind: scc + resource_name: privileged + user: system:serviceaccount:management-infra:inspector-admin +- resource_kind: cluster-role + resource_name: self-provisioner + user: system:serviceaccount:management-infra:management-admin +- resource_kind: cluster-role + resource_name: hawkular-metrics-admin + user: system:serviceaccount:management-infra:management-admin manage_iq_openshift_3_2_tasks: -- policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin +- resource_kind: cluster-role + resource_name: system:image-auditor + user: system:serviceaccount:management-infra:management-admin diff --git a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py index 7f7bc4316..b50d6d9db 100644 --- a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py +++ b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py @@ -40,7 +40,7 @@ class LookupModule(LookupBase): # pylint: disable=line-too-long raise AnsibleError("Either OpenShift needs to be installed or openshift_release needs to be specified") if deployment_type == 'origin': - if short_version not in ['1.1', '1.2', '1.3', '1.4', '1.5', '1.6', '3.6', 'latest']: + if short_version not in ['1.1', '1.2', '1.3', '1.4', '1.5', '3.6', 'latest']: raise AnsibleError("Unknown short_version %s" % short_version) elif deployment_type == 'openshift-enterprise': if short_version not in ['3.1', '3.2', '3.3', '3.4', '3.5', '3.6', 'latest']: @@ -49,7 +49,7 @@ class LookupModule(LookupBase): raise AnsibleError("Unknown deployment_type %s" % deployment_type) if deployment_type == 'origin': - # convert short_version to enterpise short_version + # convert short_version to enterprise short_version short_version = re.sub('^1.', '3.', short_version) if short_version == 'latest': diff --git a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py index 66e6ecea3..a66cb3c88 100644 --- a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py +++ b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py @@ -41,7 +41,7 @@ class LookupModule(LookupBase): raise AnsibleError("Either OpenShift needs to be installed or openshift_release needs to be specified") if deployment_type == 'origin': - if short_version not in ['1.1', '1.2', '1.3', '1.4', '1.5', '1.6', '3.6', 'latest']: + if short_version not in ['1.1', '1.2', '1.3', '1.4', '1.5', '3.6', 'latest']: raise AnsibleError("Unknown short_version %s" % short_version) elif deployment_type == 'openshift-enterprise': if short_version not in ['3.1', '3.2', '3.3', '3.4', '3.5', '3.6', 'latest']: diff --git a/roles/openshift_master_facts/test/openshift_master_facts_default_predicates_tests.py b/roles/openshift_master_facts/test/openshift_master_facts_default_predicates_tests.py index 1fab84c71..4a28fb8f8 100644 --- a/roles/openshift_master_facts/test/openshift_master_facts_default_predicates_tests.py +++ b/roles/openshift_master_facts/test/openshift_master_facts_default_predicates_tests.py @@ -55,6 +55,8 @@ DEFAULT_PREDICATES_1_5 = [ {'name': 'CheckNodeDiskPressure'}, ] +DEFAULT_PREDICATES_3_6 = DEFAULT_PREDICATES_1_5 + REGION_PREDICATE = { 'name': 'Region', 'argument': { @@ -75,9 +77,8 @@ TEST_VARS = [ ('3.4', 'openshift-enterprise', DEFAULT_PREDICATES_1_4), ('1.5', 'origin', DEFAULT_PREDICATES_1_5), ('3.5', 'openshift-enterprise', DEFAULT_PREDICATES_1_5), - ('1.6', 'origin', DEFAULT_PREDICATES_1_5), - ('3.6', 'origin', DEFAULT_PREDICATES_1_5), - ('3.6', 'openshift-enterprise', DEFAULT_PREDICATES_1_5), + ('3.6', 'origin', DEFAULT_PREDICATES_3_6), + ('3.6', 'openshift-enterprise', DEFAULT_PREDICATES_3_6), ] diff --git a/roles/openshift_master_facts/test/openshift_master_facts_default_priorities_tests.py b/roles/openshift_master_facts/test/openshift_master_facts_default_priorities_tests.py index 1098f9391..97ef2387e 100644 --- a/roles/openshift_master_facts/test/openshift_master_facts_default_priorities_tests.py +++ b/roles/openshift_master_facts/test/openshift_master_facts_default_priorities_tests.py @@ -42,6 +42,8 @@ DEFAULT_PRIORITIES_1_5 = [ {'name': 'TaintTolerationPriority', 'weight': 1} ] +DEFAULT_PRIORITIES_3_6 = DEFAULT_PRIORITIES_1_5 + ZONE_PRIORITY = { 'name': 'Zone', 'argument': { @@ -63,9 +65,8 @@ TEST_VARS = [ ('3.4', 'openshift-enterprise', DEFAULT_PRIORITIES_1_4), ('1.5', 'origin', DEFAULT_PRIORITIES_1_5), ('3.5', 'openshift-enterprise', DEFAULT_PRIORITIES_1_5), - ('1.6', 'origin', DEFAULT_PRIORITIES_1_5), - ('3.6', 'origin', DEFAULT_PRIORITIES_1_5), - ('3.6', 'openshift-enterprise', DEFAULT_PRIORITIES_1_5), + ('3.6', 'origin', DEFAULT_PRIORITIES_3_6), + ('3.6', 'openshift-enterprise', DEFAULT_PRIORITIES_3_6), ] diff --git a/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml b/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml deleted file mode 100644 index ced2df1d0..000000000 --- a/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: generate heapster key/cert - command: > - {{ openshift.common.admin_binary }} ca create-server-cert - --config={{ mktemp.stdout }}/admin.kubeconfig - --key='{{ mktemp.stdout }}/heapster.key' - --cert='{{ mktemp.stdout }}/heapster.cert' - --hostnames=heapster - --signer-cert='{{ mktemp.stdout }}/ca.crt' - --signer-key='{{ mktemp.stdout }}/ca.key' - --signer-serial='{{ mktemp.stdout }}/ca.serial.txt' - -- when: "'secret/heapster-secrets' not in metrics_secrets.stdout_lines" - block: - - name: read files for the heapster secret - slurp: src={{ item }} - register: heapster_secret - with_items: - - "{{ mktemp.stdout }}/heapster.cert" - - "{{ mktemp.stdout }}/heapster.key" - - "{{ client_ca }}" - vars: - custom_ca: "{{ mktemp.stdout }}/heapster_client_ca.crt" - default_ca: "{{ openshift.common.config_base }}/master/ca-bundle.crt" - client_ca: "{{ custom_ca|exists|ternary(custom_ca, default_ca) }}" - - name: generate heapster secret template - template: - src: secret.j2 - dest: "{{ mktemp.stdout }}/templates/heapster_secrets.yaml" - force: no - vars: - name: heapster-secrets - labels: - metrics-infra: heapster - data: - heapster.cert: "{{ heapster_secret.results[0].content }}" - heapster.key: "{{ heapster_secret.results[1].content }}" - heapster.client-ca: "{{ heapster_secret.results[2].content }}" - heapster.allowed-users: > - {{ openshift_metrics_heapster_allowed_users|b64encode }} diff --git a/roles/openshift_metrics/tasks/generate_heapster_secrets.yaml b/roles/openshift_metrics/tasks/generate_heapster_secrets.yaml new file mode 100644 index 000000000..e81d90ae7 --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_heapster_secrets.yaml @@ -0,0 +1,14 @@ +--- +- name: generate heapster secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/heapster_secrets.yaml" + force: no + vars: + name: heapster-secrets + labels: + metrics-infra: heapster + data: + heapster.allowed-users: > + {{ openshift_metrics_heapster_allowed_users|b64encode }} + when: "'secret/heapster-secrets' not in metrics_secrets.stdout_lines" diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml index 8d27c4930..d13b96be1 100644 --- a/roles/openshift_metrics/tasks/install_heapster.yaml +++ b/roles/openshift_metrics/tasks/install_heapster.yaml @@ -41,6 +41,8 @@ - {port: 80, targetPort: http-endpoint} selector: name: "{{obj_name}}" + annotations: + service.alpha.openshift.io/serving-cert-secret-name: heapster-certs labels: metrics-infra: "{{obj_name}}" name: "{{obj_name}}" @@ -64,4 +66,4 @@ namespace: "{{ openshift_metrics_project }}" changed_when: no -- include: generate_heapster_certificates.yaml +- include: generate_heapster_secrets.yaml diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index f01ccfd58..ab998c2fb 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -34,9 +34,9 @@ spec: - "heapster-wrapper.sh" - "--wrapper.allowed_users_file=/secrets/heapster.allowed-users" - "--source=kubernetes.summary_api:${MASTER_URL}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250" - - "--tls_cert=/secrets/heapster.cert" - - "--tls_key=/secrets/heapster.key" - - "--tls_client_ca=/secrets/heapster.client-ca" + - "--tls_cert=/heapster-certs/tls.crt" + - "--tls_key=/heapster-certs/tls.key" + - "--tls_client_ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - "--allowed_users=%allowed_users%" - "--metric_resolution={{openshift_metrics_resolution}}" {% if not openshift_metrics_heapster_standalone %} @@ -80,6 +80,8 @@ spec: volumeMounts: - name: heapster-secrets mountPath: "/secrets" + - name: heapster-certs + mountPath: "/heapster-certs" {% if not openshift_metrics_heapster_standalone %} - name: hawkular-metrics-certs mountPath: "/hawkular-metrics-certs" @@ -94,6 +96,9 @@ spec: - name: heapster-secrets secret: secretName: heapster-secrets + - name: heapster-certs + secret: + secretName: heapster-certs {% if not openshift_metrics_heapster_standalone %} - name: hawkular-metrics-certs secret: diff --git a/roles/openshift_metrics/templates/service.j2 b/roles/openshift_metrics/templates/service.j2 index 8df89127b..ce0bc2eec 100644 --- a/roles/openshift_metrics/templates/service.j2 +++ b/roles/openshift_metrics/templates/service.j2 @@ -2,6 +2,12 @@ apiVersion: "v1" kind: "Service" metadata: name: "{{obj_name}}" +{% if annotations is defined%} + annotations: +{% for key, value in annotations.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} {% if labels is defined%} labels: {% for key, value in labels.iteritems() %} diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 59003bbf9..98139cac2 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -38,28 +38,33 @@ - name: Check for swap usage command: grep "^[^#].*swap" /etc/fstab # grep: match any lines which don't begin with '#' and contain 'swap' - # command: swapon --summary - # Alternate option, however if swap entries are in fstab, swap will be - # enabled at boot. Grepping fstab should catch a condition when swap was - # disabled, but the fstab entries were not removed. changed_when: false failed_when: false register: swap_result - # Disable Swap Block +# Disable Swap Block - block: - name: Disable swap command: swapoff --all - name: Remove swap entries from /etc/fstab + replace: + dest: /etc/fstab + regexp: '(^[^#].*swap.*)' + replace: '# \1' + backup: yes + + - name: Add notice about disabling swap lineinfile: dest: /etc/fstab - regexp: 'swap' - state: absent + line: '# OpenShift-Ansible Installer disabled swap per overcommit guidelines' + state: present - when: swap_result.stdout_lines | length > 0 - # End Disable Swap Block + when: + - swap_result.stdout_lines | length > 0 + - openshift_disable_swap | default(true) +# End Disable Swap Block # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging. diff --git a/roles/openshift_node_upgrade/tasks/docker/upgrade.yml b/roles/openshift_node_upgrade/tasks/docker/upgrade.yml index e91891ca9..416cf605a 100644 --- a/roles/openshift_node_upgrade/tasks/docker/upgrade.yml +++ b/roles/openshift_node_upgrade/tasks/docker/upgrade.yml @@ -6,20 +6,6 @@ # - docker_version # - skip_docker_restart -# We need docker service up to remove all the images, but these services will keep -# trying to re-start and thus re-pull the images we're trying to delete. -- name: Stop containerized services - service: name={{ item }} state=stopped - with_items: - - "{{ openshift.common.service_type }}-master" - - "{{ openshift.common.service_type }}-master-api" - - "{{ openshift.common.service_type }}-master-controllers" - - "{{ openshift.common.service_type }}-node" - - etcd_container - - openvswitch - failed_when: false - when: openshift.common.is_containerized | bool - - name: Check Docker image count shell: "docker images -aq | wc -l" register: docker_image_count @@ -45,5 +31,4 @@ - name: Upgrade Docker package: name=docker{{ '-' + docker_version }} state=present -- include: restart.yml - when: not skip_docker_restart | default(False) | bool +# starting docker happens back in ../main.yml where it calls ../restart.yml diff --git a/roles/openshift_node_upgrade/tasks/main.yml b/roles/openshift_node_upgrade/tasks/main.yml index 01bd3bf38..e725f4a5d 100644 --- a/roles/openshift_node_upgrade/tasks/main.yml +++ b/roles/openshift_node_upgrade/tasks/main.yml @@ -9,6 +9,28 @@ # - openshift_release # tasks file for openshift_node_upgrade + +- name: Stop node and openvswitch services + service: + name: "{{ item }}" + state: stopped + with_items: + - "{{ openshift.common.service_type }}-node" + - openvswitch + failed_when: false + +- name: Stop additional containerized services + service: + name: "{{ item }}" + state: stopped + with_items: + - "{{ openshift.common.service_type }}-master" + - "{{ openshift.common.service_type }}-master-controllers" + - "{{ openshift.common.service_type }}-master-api" + - etcd_container + failed_when: false + when: openshift.common.is_containerized | bool + - include: docker/upgrade.yml vars: # We will restart Docker ourselves after everything is ready: @@ -16,7 +38,6 @@ when: - l_docker_upgrade is defined - l_docker_upgrade | bool - - not openshift.common.is_containerized | bool - include: "{{ node_config_hook }}" when: node_config_hook is defined @@ -67,16 +88,6 @@ state: latest when: not openshift.common.is_containerized | bool -- name: Restart openvswitch - systemd: - name: openvswitch - state: started - when: - - not openshift.common.is_containerized | bool - -# Mandatory Docker restart, ensure all containerized services are running: -- include: docker/restart.yml - - name: Update oreg value yedit: src: "{{ openshift.common.config_base }}/node/node-config.yaml" @@ -88,10 +99,6 @@ - name: Check for swap usage command: grep "^[^#].*swap" /etc/fstab # grep: match any lines which don't begin with '#' and contain 'swap' - # command: swapon --summary - # Alternate option, however if swap entries are in fstab, swap will be - # enabled at boot. Grepping fstab should catch a condition when swap was - # disabled, but the fstab entries were not removed. changed_when: false failed_when: false register: swap_result @@ -103,19 +110,25 @@ command: swapoff --all - name: Remove swap entries from /etc/fstab + replace: + dest: /etc/fstab + regexp: '(^[^#].*swap.*)' + replace: '# \1' + backup: yes + + - name: Add notice about disabling swap lineinfile: dest: /etc/fstab - regexp: 'swap' - state: absent + line: '# OpenShift-Ansible Installer disabled swap per overcommit guidelines' + state: present - when: swap_result.stdout_lines | length > 0 + when: + - swap_result.stdout_lines | length > 0 + - openshift_disable_swap | default(true) # End Disable Swap Block -- name: Restart rpm node service - service: - name: "{{ openshift.common.service_type }}-node" - state: restarted - when: not openshift.common.is_containerized | bool +# Restart all services +- include: restart.yml - name: Wait for node to be ready oc_obj: diff --git a/roles/openshift_node_upgrade/tasks/docker/restart.yml b/roles/openshift_node_upgrade/tasks/restart.yml index 176fc3c0b..a9fab74e1 100644 --- a/roles/openshift_node_upgrade/tasks/docker/restart.yml +++ b/roles/openshift_node_upgrade/tasks/restart.yml @@ -12,7 +12,7 @@ openshift_facts: role: docker -- name: Restart containerized services +- name: Start services service: name={{ item }} state=started with_items: - etcd_container @@ -22,7 +22,6 @@ - "{{ openshift.common.service_type }}-master-controllers" - "{{ openshift.common.service_type }}-node" failed_when: false - when: openshift.common.is_containerized | bool - name: Wait for master API to come back online wait_for: diff --git a/roles/openshift_storage_glusterfs/files/v1.6/deploy-heketi-template.yml b/roles/openshift_storage_glusterfs/files/v3.6/deploy-heketi-template.yml index c9945be13..c9945be13 100644 --- a/roles/openshift_storage_glusterfs/files/v1.6/deploy-heketi-template.yml +++ b/roles/openshift_storage_glusterfs/files/v3.6/deploy-heketi-template.yml diff --git a/roles/openshift_storage_glusterfs/files/v1.6/glusterfs-registry-service.yml b/roles/openshift_storage_glusterfs/files/v3.6/glusterfs-registry-service.yml index 3f8d8f507..3f8d8f507 100644 --- a/roles/openshift_storage_glusterfs/files/v1.6/glusterfs-registry-service.yml +++ b/roles/openshift_storage_glusterfs/files/v3.6/glusterfs-registry-service.yml diff --git a/roles/openshift_storage_glusterfs/files/v1.6/glusterfs-template.yml b/roles/openshift_storage_glusterfs/files/v3.6/glusterfs-template.yml index c66705752..c66705752 100644 --- a/roles/openshift_storage_glusterfs/files/v1.6/glusterfs-template.yml +++ b/roles/openshift_storage_glusterfs/files/v3.6/glusterfs-template.yml diff --git a/roles/openshift_storage_glusterfs/files/v1.6/heketi-template.yml b/roles/openshift_storage_glusterfs/files/v3.6/heketi-template.yml index df045c170..df045c170 100644 --- a/roles/openshift_storage_glusterfs/files/v1.6/heketi-template.yml +++ b/roles/openshift_storage_glusterfs/files/v3.6/heketi-template.yml diff --git a/roles/openshift_storage_glusterfs/templates/v1.6/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.6/glusterfs-registry-endpoints.yml.j2 index d72d085c9..d72d085c9 100644 --- a/roles/openshift_storage_glusterfs/templates/v1.6/glusterfs-registry-endpoints.yml.j2 +++ b/roles/openshift_storage_glusterfs/templates/v3.6/glusterfs-registry-endpoints.yml.j2 diff --git a/roles/openshift_storage_glusterfs/templates/v1.6/topology.json.j2 b/roles/openshift_storage_glusterfs/templates/v3.6/topology.json.j2 index eb5b4544f..eb5b4544f 100644 --- a/roles/openshift_storage_glusterfs/templates/v1.6/topology.json.j2 +++ b/roles/openshift_storage_glusterfs/templates/v3.6/topology.json.j2 diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index c3d001bb4..fa9b20e92 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -7,8 +7,13 @@ # Block attempts to install origin without specifying some kind of version information. # This is because the latest tags for origin are usually alpha builds, which should not # be used by default. Users must indicate what they want. -- fail: - msg: "Must specify openshift_release or openshift_image_tag in inventory to install origin. (suggestion: add openshift_release=\"1.2\" to inventory)" +- name: Abort when we cannot safely guess what Origin image version the user wanted + fail: + msg: |- + To install a containerized Origin release, you must set openshift_release or + openshift_image_tag in your inventory to specify which version of the OpenShift + component images to use. You may want the latest (usually alpha) releases or + a more stable release. (Suggestion: add openshift_release="x.y" to inventory.) when: - is_containerized | bool - openshift.common.deployment_type == 'origin' @@ -27,7 +32,10 @@ when: openshift_release is defined # Verify that the image tag is in a valid format -- block: +- when: + - openshift_image_tag is defined + - openshift_image_tag != "latest" + block: # Verifies that when the deployment type is origin the version: # - starts with a v @@ -35,12 +43,14 @@ # It also allows for optional trailing data which: # - must start with a dash # - may contain numbers, letters, dashes and dots. - - name: Verify Origin openshift_image_tag is valid + - name: (Origin) Verify openshift_image_tag is valid + when: openshift.common.deployment_type == 'origin' assert: that: - "{{ openshift_image_tag|match('(^v?\\d+\\.\\d+\\.\\d+(-[\\w\\-\\.]*)?$)') }}" - msg: "openshift_image_tag must be in the format v#.#.#[-optional.#]. Examples: v1.2.3, v3.5.1-alpha.1" - when: openshift.common.deployment_type == 'origin' + msg: |- + openshift_image_tag must be in the format v#.#.#[-optional.#]. Examples: v1.2.3, v3.5.1-alpha.1 + You specified openshift_image_tag={{ openshift_image_tag }} # Verifies that when the deployment type is openshift-enterprise the version: # - starts with a v @@ -48,16 +58,14 @@ # It also allows for optional trailing data which: # - must start with a dash # - may contain numbers - - name: Verify Enterprise openshift_image_tag is valid + - name: (Enterprise) Verify openshift_image_tag is valid + when: openshift.common.deployment_type == 'openshift-enterprise' assert: that: - "{{ openshift_image_tag|match('(^v\\d+\\.\\d+[\\.\\d+]*(-\\d+)?$)') }}" - msg: "openshift_image_tag must be in the format v#.#[.#[.#]]. Examples: v1.2, v3.4.1, v3.5.1.3, v1.2-1, v1.2.3-4" - when: openshift.common.deployment_type == 'openshift-enterprise' - - when: - - openshift_image_tag is defined - - openshift_image_tag != "latest" + msg: |- + openshift_image_tag must be in the format v#.#[.#[.#]]. Examples: v1.2, v3.4.1, v3.5.1.3, v1.2-1, v1.2.3-4 + You specified openshift_image_tag={{ openshift_image_tag }} # Make sure we copy this to a fact if given a var: - set_fact: @@ -119,30 +127,42 @@ - fail: msg: openshift_version role was unable to set openshift_version + name: Abort if openshift_version was not set when: openshift_version is not defined - fail: msg: openshift_version role was unable to set openshift_image_tag + name: Abort if openshift_image_tag was not set when: openshift_image_tag is not defined - fail: msg: openshift_version role was unable to set openshift_pkg_version + name: Abort if openshift_pkg_version was not set when: openshift_pkg_version is not defined - fail: - msg: "No OpenShift version available, please ensure your systems are fully registered and have access to appropriate yum repositories." + msg: "No OpenShift version available; please ensure your systems are fully registered and have access to appropriate yum repositories." + name: Abort if openshift_pkg_version was not set when: - not is_containerized | bool - openshift_version == '0.0' -# We can't map an openshift_release to full rpm version like we can with containers, make sure +# We can't map an openshift_release to full rpm version like we can with containers; make sure # the rpm version we looked up matches the release requested and error out if not. -- fail: - msg: "Detected OpenShift version {{ openshift_version }} does not match requested openshift_release {{ openshift_release }}. You may need to adjust your yum repositories, inventory, or run the appropriate OpenShift upgrade playbook." +- name: For an RPM install, abort when the release requested does not match the available version. when: - not is_containerized | bool - openshift_release is defined - - not openshift_version.startswith(openshift_release) | bool + assert: + that: + - openshift_version.startswith(openshift_release) | bool + msg: |- + You requested openshift_release {{ openshift_release }}, which is not matched by + the latest OpenShift RPM we detected as {{ openshift.common.service_type }}-{{ openshift_version }} + on host {{ inventory_hostname }}. + We will only install the latest RPMs, so please ensure you are getting the release + you expect. You may need to adjust your Ansible inventory, modify the repositories + available on the host, or run the appropriate OpenShift upgrade playbook. # The end result of these three variables is quite important so make sure they are displayed and logged: - debug: var=openshift_release diff --git a/roles/rhel_subscribe/tasks/enterprise.yml b/roles/rhel_subscribe/tasks/enterprise.yml index 41673ee40..ea0c42150 100644 --- a/roles/rhel_subscribe/tasks/enterprise.yml +++ b/roles/rhel_subscribe/tasks/enterprise.yml @@ -7,7 +7,7 @@ when: deployment_type == 'enterprise' - set_fact: - default_ose_version: '3.4' + default_ose_version: '3.5' when: deployment_type in ['atomic-enterprise', 'openshift-enterprise'] - set_fact: @@ -16,10 +16,13 @@ - fail: msg: "{{ ose_version }} is not a valid version for {{ deployment_type }} deployment type" when: ( deployment_type == 'enterprise' and ose_version not in ['3.0'] ) or - ( deployment_type in ['atomic-enterprise', 'openshift-enterprise'] and ose_version not in ['3.1', '3.2', '3.3', '3.4'] ) + ( deployment_type in ['atomic-enterprise', 'openshift-enterprise'] and ose_version not in ['3.1', '3.2', '3.3', '3.4', '3.5'] ) - name: Enable RHEL repositories command: subscription-manager repos \ --enable="rhel-7-server-rpms" \ --enable="rhel-7-server-extras-rpms" \ - --enable="rhel-7-server-ose-{{ ose_version }}-rpms" + --enable="rhel-7-server-ose-{{ ose_version }}-rpms" \ + --enable="rhel-7-fast-datapath-rpms" + register: subscribe_repos + until: subscribe_repos | succeeded @@ -7,6 +7,7 @@ import os import fnmatch import re import sys +import subprocess import yaml # Always prefer setuptools over distutils @@ -199,6 +200,52 @@ class OpenShiftAnsibleGenerateValidation(Command): print('\nAll generate scripts passed.\n') +class OpenShiftAnsibleSyntaxCheck(Command): + ''' Command to run Ansible syntax check''' + description = "Run Ansible syntax check" + user_options = [] + + # Colors + FAIL = '\033[91m' # Red + ENDC = '\033[0m' # Reset + + def initialize_options(self): + ''' initialize_options ''' + pass + + def finalize_options(self): + ''' finalize_options ''' + pass + + def run(self): + ''' run command ''' + + has_errors = False + + for yaml_file in find_files( + os.path.join(os.getcwd(), 'playbooks', 'byo'), + None, None, r'\.ya?ml$'): + with open(yaml_file, 'r') as contents: + for line in contents: + # initialize_groups.yml is used to identify entry point playbooks + if re.search(r'initialize_groups\.yml', line): + print('-' * 60) + print('Syntax checking playbook: %s' % yaml_file) + try: + subprocess.check_output( + ['ansible-playbook', '-i localhost,', + '--syntax-check', yaml_file] + ) + except subprocess.CalledProcessError as cpe: + print('{}Execution failed: {}{}'.format( + self.FAIL, cpe, self.ENDC)) + has_errors = True + # Break for loop, no need to continue looping lines + break + if has_errors: + raise SystemExit(1) + + class UnsupportedCommand(Command): ''' Basic Command to override unsupported commands ''' user_options = [] @@ -242,6 +289,7 @@ setup( 'lint': OpenShiftAnsiblePylint, 'yamllint': OpenShiftAnsibleYamlLint, 'generate_validation': OpenShiftAnsibleGenerateValidation, + 'ansible_syntax': OpenShiftAnsibleSyntaxCheck, }, packages=[], ) diff --git a/test/integration/README.md b/test/integration/README.md new file mode 100644 index 000000000..948e44c50 --- /dev/null +++ b/test/integration/README.md @@ -0,0 +1,39 @@ +# Integration tests + +Integration tests exercise the OpenShift Ansible playbooks by running them +against an inventory with Docker containers as hosts. + +## Requirements + +The tests assume that: + +* docker is running on localhost and the present user has access to use it. +* golang is installed and the go binary is in PATH. +* python and tox are installed. + +## Building images + +The tests rely on images built in the local docker index. You can build them +from the repository root with: + +``` +./test/integration/build-images.sh +``` + +Use the `--help` option to view available options. + +## Running the tests + +From the repository root, run the integration tests with: + +``` +./test/integration/run-tests.sh +``` + +Use the `--help` option to view available options. + +You can also run tests more directly, for example to run a specific check: + +``` +go test ./test/integration/... -run TestPackageUpdateDepMissing +``` diff --git a/test/integration/build-images.sh b/test/integration/build-images.sh new file mode 100755 index 000000000..74a55fa51 --- /dev/null +++ b/test/integration/build-images.sh @@ -0,0 +1,101 @@ +#!/bin/bash + +# This is intended to run either locally (in which case a push is not +# necessary) or in a CI job (where the results should be pushed to a +# registry for use in later CI test jobs). Images are tagged locally with +# both the base name (e.g. "test-target-base") and with the prefix given; +# then only the prefixed name is pushed if --push is specified, assuming +# any necessary credentials are available for the push. The same prefix +# can then be used for the testing script. By default a local (non-registry) +# prefix is used and no push can occur. To push to e.g. dockerhub: +# +# ./build-images.sh --push --prefix=docker.io/openshift/ansible-integration- + +set -o errexit +set -o nounset +set -o pipefail + +STARTTIME=$(date +%s) +source_root=$(dirname "${0}") + +prefix="${PREFIX:-openshift-ansible-integration-}" +push=false +verbose=false +build_options="${DOCKER_BUILD_OPTIONS:-}" +help=false + +for args in "$@" +do + case $args in + --prefix=*) + prefix="${args#*=}" + ;; + --push) + push=true + ;; + --no-cache) + build_options="${build_options} --no-cache" + ;; + --verbose) + verbose=true + ;; + --help) + help=true + ;; + esac +done + +if [ "$help" = true ]; then + echo "Builds the docker images for openshift-ansible integration tests" + echo "and pushes them to a central registry." + echo + echo "Options: " + echo " --prefix=PREFIX" + echo " The prefix to use for the image names." + echo " default: openshift-ansible-integration-" + echo + echo " --push" + echo " If set will push the tagged image" + echo + echo " --no-cache" + echo " If set will perform the build without a cache." + echo + echo " --verbose" + echo " Enables printing of the commands as they run." + echo + echo " --help" + echo " Prints this help message" + echo + exit 0 +fi + +if [ "$verbose" = true ]; then + set -x +fi + + +declare -a build_order ; declare -A images +build_order+=( test-target-base ) ; images[test-target-base]=openshift_health_checker/builds/test-target-base +build_order+=( preflight-aos-package-checks ); images[preflight-aos-package-checks]=openshift_health_checker/builds/aos-package-checks +for image in "${build_order[@]}"; do + BUILD_STARTTIME=$(date +%s) + docker_tag=${prefix}${image} + echo + echo "--- Building component '$image' with docker tag '$docker_tag' ---" + docker build ${build_options} -t $image -t $docker_tag "$source_root/${images[$image]}" + echo + BUILD_ENDTIME=$(date +%s); echo "--- build $docker_tag took $(($BUILD_ENDTIME - $BUILD_STARTTIME)) seconds ---" + if [ "$push" = true ]; then + docker push $docker_tag + PUSH_ENDTIME=$(date +%s); echo "--- push $docker_tag took $(($PUSH_ENDTIME - $BUILD_ENDTIME)) seconds ---" + fi +done + +echo +echo +echo "++ Active images" +docker images | grep ${prefix} | sort +echo + + +ret=$?; ENDTIME=$(date +%s); echo "$0 took $(($ENDTIME - $STARTTIME)) seconds"; exit "$ret" diff --git a/test/integration/openshift_health_checker/builds/aos-package-checks/Dockerfile b/test/integration/openshift_health_checker/builds/aos-package-checks/Dockerfile new file mode 100644 index 000000000..8542029f6 --- /dev/null +++ b/test/integration/openshift_health_checker/builds/aos-package-checks/Dockerfile @@ -0,0 +1,30 @@ +FROM test-target-base + +RUN yum install -y rpm-build rpmdevtools createrepo && \ + rpmdev-setuptree && \ + mkdir -p /mnt/localrepo +ADD root / + +# we will build some RPMs that can be used to break yum update in tests. +RUN cd /root/rpmbuild/SOURCES && \ + mkdir break-yum-update-1.0 && \ + tar zfc foo.tgz break-yum-update-1.0 && \ + rpmbuild -bb /root/break-yum-update.spec && \ + yum install -y /root/rpmbuild/RPMS/noarch/break-yum-update-1.0-1.noarch.rpm && \ + rpmbuild -bb /root/break-yum-update-2.spec && \ + mkdir /mnt/localrepo/break-yum && \ + cp /root/rpmbuild/RPMS/noarch/break-yum-update-1.0-2.noarch.rpm /mnt/localrepo/break-yum && \ + createrepo /mnt/localrepo/break-yum + +# we'll also build some RPMs that can be used to exercise OCP package version tests. +RUN cd /root/rpmbuild/SOURCES && \ + mkdir atomic-openshift-3.2 && \ + mkdir atomic-openshift-3.3 && \ + tar zfc ose.tgz atomic-openshift-3.{2,3} && \ + rpmbuild -bb /root/ose-3.2.spec && \ + rpmbuild -bb /root/ose-3.3.spec && \ + mkdir /mnt/localrepo/ose-3.{2,3} && \ + cp /root/rpmbuild/RPMS/noarch/atomic-openshift*-3.2-1.noarch.rpm /mnt/localrepo/ose-3.2 && \ + createrepo /mnt/localrepo/ose-3.2 && \ + cp /root/rpmbuild/RPMS/noarch/atomic-openshift*-3.3-1.noarch.rpm /mnt/localrepo/ose-3.3 && \ + createrepo /mnt/localrepo/ose-3.3 diff --git a/test/integration/openshift_health_checker/builds/aos-package-checks/root/etc/yum.repos.d/break-yum.repo b/test/integration/openshift_health_checker/builds/aos-package-checks/root/etc/yum.repos.d/break-yum.repo new file mode 100644 index 000000000..f5ccd2d19 --- /dev/null +++ b/test/integration/openshift_health_checker/builds/aos-package-checks/root/etc/yum.repos.d/break-yum.repo @@ -0,0 +1,5 @@ +[break-yum] +name=break-yum +baseurl=file:///mnt/localrepo/break-yum +enabled=0 +gpgcheck=0 diff --git a/test/integration/openshift_health_checker/builds/aos-package-checks/root/etc/yum.repos.d/ose-3.2.repo b/test/integration/openshift_health_checker/builds/aos-package-checks/root/etc/yum.repos.d/ose-3.2.repo new file mode 100644 index 000000000..3064d6dbb --- /dev/null +++ b/test/integration/openshift_health_checker/builds/aos-package-checks/root/etc/yum.repos.d/ose-3.2.repo @@ -0,0 +1,5 @@ +[ose-3.2] +name=ose-3.2 +baseurl=file:///mnt/localrepo/ose-3.2 +enabled=0 +gpgcheck=0 diff --git a/test/integration/openshift_health_checker/builds/aos-package-checks/root/etc/yum.repos.d/ose-3.3.repo b/test/integration/openshift_health_checker/builds/aos-package-checks/root/etc/yum.repos.d/ose-3.3.repo new file mode 100644 index 000000000..1466da476 --- /dev/null +++ b/test/integration/openshift_health_checker/builds/aos-package-checks/root/etc/yum.repos.d/ose-3.3.repo @@ -0,0 +1,5 @@ +[ose-3.3] +name=ose-3.3 +baseurl=file:///mnt/localrepo/ose-3.3 +enabled=0 +gpgcheck=0 diff --git a/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/break-yum-update-2.spec b/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/break-yum-update-2.spec new file mode 100644 index 000000000..ebd7eb443 --- /dev/null +++ b/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/break-yum-update-2.spec @@ -0,0 +1,33 @@ +Name: break-yum-update +Version: 1.0 +Release: 2 +Summary: Package for breaking updates by requiring things that don't exist + +License: NA + +Requires: package-that-does-not-exist +Source0: http://example.com/foo.tgz +BuildArch: noarch + +%description +Package for breaking updates by requiring things that don't exist + + +%prep +%setup -q + + +%build + + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT + + +%files +%doc + + + +%changelog diff --git a/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/break-yum-update.spec b/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/break-yum-update.spec new file mode 100644 index 000000000..c40675f90 --- /dev/null +++ b/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/break-yum-update.spec @@ -0,0 +1,32 @@ +Name: break-yum-update +Version: 1.0 +Release: 1 +Summary: Package for breaking updates by requiring things that don't exist + +License: NA + +Source0: http://example.com/foo.tgz +BuildArch: noarch + +%description +Package for breaking updates by requiring things that don't exist + + +%prep +%setup -q + + +%build + + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT + + +%files +%doc + + + +%changelog diff --git a/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/ose-3.2.spec b/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/ose-3.2.spec new file mode 100644 index 000000000..dbc9f0c8e --- /dev/null +++ b/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/ose-3.2.spec @@ -0,0 +1,44 @@ +Name: atomic-openshift +Version: 3.2 +Release: 1 +Summary: package the critical aos packages + +License: NA + +Source0: http://example.com/ose.tgz +BuildArch: noarch + +%package master +Summary: package the critical aos packages +%package node +Summary: package the critical aos packages + +%description +Package for pretending to provide AOS + +%description master +Package for pretending to provide AOS + +%description node +Package for pretending to provide AOS + +%prep +%setup -q + + +%build + + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT + + +%files +%files master +%files node +%doc + + + +%changelog diff --git a/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/ose-3.3.spec b/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/ose-3.3.spec new file mode 100644 index 000000000..9546e8430 --- /dev/null +++ b/test/integration/openshift_health_checker/builds/aos-package-checks/root/root/ose-3.3.spec @@ -0,0 +1,44 @@ +Name: atomic-openshift +Version: 3.3 +Release: 1 +Summary: package the critical aos packages + +License: NA + +Source0: http://example.com/ose.tgz +BuildArch: noarch + +%package master +Summary: package the critical aos packages +%package node +Summary: package the critical aos packages + +%description +Package for pretending to provide AOS + +%description master +Package for pretending to provide AOS + +%description node +Package for pretending to provide AOS + +%prep +%setup -q + + +%build + + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT + + +%files +%files master +%files node +%doc + + + +%changelog diff --git a/test/integration/openshift_health_checker/builds/test-target-base/Dockerfile b/test/integration/openshift_health_checker/builds/test-target-base/Dockerfile new file mode 100644 index 000000000..39b33c057 --- /dev/null +++ b/test/integration/openshift_health_checker/builds/test-target-base/Dockerfile @@ -0,0 +1,2 @@ +FROM centos/systemd +RUN yum install -y iproute python-dbus PyYAML yum-utils diff --git a/test/integration/openshift_health_checker/common.go b/test/integration/openshift_health_checker/common.go new file mode 100644 index 000000000..a92d6861d --- /dev/null +++ b/test/integration/openshift_health_checker/common.go @@ -0,0 +1,99 @@ +package test + +import ( + "bytes" + "os" + "os/exec" + "path/filepath" + "strings" + "syscall" + "testing" +) + +// A PlaybookTest executes a given Ansible playbook and checks the exit code and +// output contents. +type PlaybookTest struct { + // inputs + Path string + // expected outputs + ExitCode int + Output []string // zero or more strings that should be in the output +} + +// Run runs the PlaybookTest. +func (p PlaybookTest) Run(t *testing.T) { + // A PlaybookTest is intended to be run in parallel with other tests. + t.Parallel() + + cmd := exec.Command("ansible-playbook", "-i", "/dev/null", p.Path) + cmd.Env = append(os.Environ(), "ANSIBLE_FORCE_COLOR=1") + b, err := cmd.CombinedOutput() + + // Check exit code. + if (err == nil) && (p.ExitCode != 0) { + p.checkExitCode(t, 0, p.ExitCode, cmd, b) + } + if (err != nil) && (p.ExitCode == 0) { + got, ok := getExitCode(err) + if !ok { + t.Logf("unexpected error (%T): %[1]v", err) + p.logCmdAndOutput(t, cmd, b) + t.FailNow() + } + p.checkExitCode(t, got, p.ExitCode, cmd, b) + } + + // Check output contents. + var missing []string + for _, s := range p.Output { + if !bytes.Contains(b, []byte(s)) { + missing = append(missing, s) + } + } + if len(missing) > 0 { + t.Logf("missing in output: %q", missing) + p.logCmdAndOutput(t, cmd, b) + t.FailNow() + } +} + +// getExitCode returns an exit code and true if the exit code could be taken +// from err, false otherwise. +// The implementation is GOOS-specific, and currently only supports Linux. +func getExitCode(err error) (int, bool) { + exitErr, ok := err.(*exec.ExitError) + if !ok { + return -1, false + } + waitStatus, ok := exitErr.Sys().(syscall.WaitStatus) + if !ok { + return -1, false + } + return waitStatus.ExitStatus(), true +} + +// checkExitCode marks the test as failed when got is different than want. +func (p PlaybookTest) checkExitCode(t *testing.T, got, want int, cmd *exec.Cmd, output []byte) { + if got == want { + return + } + t.Logf("got exit code %v, want %v", got, want) + p.logCmdAndOutput(t, cmd, output) + t.FailNow() +} + +// logCmdAndOutput logs how to re-run a command and a summary of the output of +// its last execution for debugging. +func (p PlaybookTest) logCmdAndOutput(t *testing.T, cmd *exec.Cmd, output []byte) { + const maxLines = 10 + lines := bytes.Split(bytes.TrimRight(output, "\n"), []byte("\n")) + if len(lines) > maxLines { + lines = append([][]byte{[]byte("...")}, lines[len(lines)-maxLines:len(lines)]...) + } + output = bytes.Join(lines, []byte("\n")) + dir, err := filepath.Abs(cmd.Dir) + if err != nil { + panic(err) + } + t.Logf("\n$ (cd %s && %s)\n%s", dir, strings.Join(cmd.Args, " "), output) +} diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_availability_missing_required.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_availability_missing_required.yml new file mode 100644 index 000000000..31d0d521e --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_availability_missing_required.yml @@ -0,0 +1,20 @@ +--- +- include: ../../setup_container.yml + vars: + image: preflight-aos-package-checks + l_host_vars: + deployment_type: openshift-enterprise + +- name: Fail as required packages cannot be installed + hosts: all + roles: + - openshift_health_checker + tasks: + - block: + + - action: openshift_health_check + args: + checks: [ 'package_availability' ] + + always: # destroy the container whether check passed or not + - include: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_availability_succeeds.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_availability_succeeds.yml new file mode 100644 index 000000000..16ff41673 --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_availability_succeeds.yml @@ -0,0 +1,20 @@ +--- +- include: ../../setup_container.yml + vars: + image: preflight-aos-package-checks + l_host_vars: + deployment_type: origin + +- name: Succeeds as Origin packages are public + hosts: all + roles: + - openshift_health_checker + tasks: + - block: + + - action: openshift_health_check + args: + checks: [ 'package_availability' ] + + always: # destroy the container whether check passed or not + - include: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_update_dep_missing.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_update_dep_missing.yml new file mode 100644 index 000000000..7b6e71f91 --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_update_dep_missing.yml @@ -0,0 +1,24 @@ +--- +- include: ../../setup_container.yml + vars: + image: preflight-aos-package-checks + l_host_vars: + openshift_deployment_type: openshift-enterprise + openshift_release: 3.2 + +- name: Fails when a dependency required for update is missing + hosts: all + roles: + - openshift_health_checker + tasks: + - block: + + - include: tasks/enable_repo.yml + vars: { repo_name: "break-yum" } + + - action: openshift_health_check + args: + checks: [ 'package_update' ] + + always: # destroy the container whether check passed or not + - include: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_broken.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_broken.yml new file mode 100644 index 000000000..c2e9c3866 --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_broken.yml @@ -0,0 +1,31 @@ +--- +- include: ../../setup_container.yml + vars: + image: preflight-aos-package-checks + l_host_vars: + openshift_deployment_type: openshift-enterprise + openshift_release: 3.2 + +- name: Fails when a repo definition is completely broken + hosts: all + roles: + - openshift_health_checker + tasks: + - block: + + - include: tasks/enable_repo.yml + vars: { repo_name: "break-yum" } + + - name: Break the break-yum repo + replace: + dest: /etc/yum.repos.d/break-yum.repo + backup: no + regexp: "^baseurl" + replace: "#baseurl" + + - action: openshift_health_check + args: + checks: [ 'package_update' ] + + always: # destroy the container whether check passed or not + - include: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_disabled.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_disabled.yml new file mode 100644 index 000000000..98d41aad4 --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_disabled.yml @@ -0,0 +1,21 @@ +--- +- include: ../../setup_container.yml + vars: + image: preflight-aos-package-checks + l_host_vars: + openshift_deployment_type: openshift-enterprise + openshift_release: 3.2 + +- name: Succeeds when nothing blocks a yum update + hosts: all + roles: + - openshift_health_checker + tasks: + - block: + + - action: openshift_health_check + args: + checks: [ 'package_update' ] + + always: # destroy the container whether check passed or not + - include: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_unreachable.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_unreachable.yml new file mode 100644 index 000000000..60ab9942a --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_unreachable.yml @@ -0,0 +1,27 @@ +--- +- include: ../../setup_container.yml + vars: + image: preflight-aos-package-checks + l_host_vars: + openshift_deployment_type: openshift-enterprise + openshift_release: 3.2 + +- name: Fails when repo content is not available + hosts: all + roles: + - openshift_health_checker + tasks: + - block: + + - include: tasks/enable_repo.yml + vars: { repo_name: "break-yum" } + + - name: Remove the local repo entirely + file: path=/mnt/localrepo state=absent + + - action: openshift_health_check + args: + checks: [ 'package_update' ] + + always: # destroy the container whether check passed or not + - include: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_version_matches.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_version_matches.yml new file mode 100644 index 000000000..cd60dee5a --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_version_matches.yml @@ -0,0 +1,24 @@ +--- +- include: ../../setup_container.yml + vars: + image: preflight-aos-package-checks + l_host_vars: + deployment_type: openshift-enterprise + openshift_release: 3.2 + +- name: Success when AOS version matches openshift_release + hosts: all + roles: + - openshift_health_checker + tasks: + - block: + + - include: tasks/enable_repo.yml + vars: { repo_name: "ose-3.2" } + + - action: openshift_health_check + args: + checks: [ 'package_version' ] + + always: # destroy the container whether check passed or not + - include: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_version_mismatches.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_version_mismatches.yml new file mode 100644 index 000000000..5939a1ef1 --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_version_mismatches.yml @@ -0,0 +1,24 @@ +--- +- include: ../../setup_container.yml + vars: + image: preflight-aos-package-checks + l_host_vars: + deployment_type: openshift-enterprise + openshift_release: 3.3 + +- name: Failure when AOS version doesn't match openshift_release + hosts: all + roles: + - openshift_health_checker + tasks: + - block: + + - include: tasks/enable_repo.yml + vars: { repo_name: "ose-3.2" } + + - action: openshift_health_check + args: + checks: [ 'package_version' ] + + always: # destroy the container whether check passed or not + - include: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_version_multiple.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_version_multiple.yml new file mode 100644 index 000000000..be0f9bc7a --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_version_multiple.yml @@ -0,0 +1,26 @@ +--- +- include: ../../setup_container.yml + vars: + image: preflight-aos-package-checks + l_host_vars: + openshift_deployment_type: openshift-enterprise + +- name: Fails when multiple AOS versions are available + hosts: all + roles: + - openshift_health_checker + tasks: + - block: + + - include: tasks/enable_repo.yml + vars: { repo_name: "ose-3.2" } + + - include: tasks/enable_repo.yml + vars: { repo_name: "ose-3.3" } + + - action: openshift_health_check + args: + checks: [ 'package_version' ] + + always: # destroy the container whether check passed or not + - include: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_version_origin.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_version_origin.yml new file mode 100644 index 000000000..da3f6b844 --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_version_origin.yml @@ -0,0 +1,20 @@ +--- +- include: ../../setup_container.yml + vars: + image: preflight-aos-package-checks + l_host_vars: + openshift_deployment_type: origin + +- name: Succeeds with Origin although multiple versions are available + hosts: all + roles: + - openshift_health_checker + tasks: + - block: + + - action: openshift_health_check + args: + checks: [ 'package_version' ] + + always: # destroy the container whether check passed or not + - include: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/roles b/test/integration/openshift_health_checker/preflight/playbooks/roles new file mode 120000 index 000000000..6bc1a7aef --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/roles @@ -0,0 +1 @@ +../../../../../roles
\ No newline at end of file diff --git a/test/integration/openshift_health_checker/preflight/playbooks/tasks/enable_repo.yml b/test/integration/openshift_health_checker/preflight/playbooks/tasks/enable_repo.yml new file mode 100644 index 000000000..aaacf205e --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/playbooks/tasks/enable_repo.yml @@ -0,0 +1,9 @@ +--- +- name: Enable {{ repo_name }} repo + # believe it or not we can't use the yum_repository module for this. + # https://github.com/ansible/ansible-modules-extras/issues/2384 + ini_file: + dest: /etc/yum.repos.d/{{ repo_name }}.repo + section: "{{ repo_name }}" + option: enabled + value: 1 diff --git a/test/integration/openshift_health_checker/preflight/preflight_test.go b/test/integration/openshift_health_checker/preflight/preflight_test.go new file mode 100644 index 000000000..05ddf139f --- /dev/null +++ b/test/integration/openshift_health_checker/preflight/preflight_test.go @@ -0,0 +1,105 @@ +package preflight + +import ( + "testing" + + . ".." +) + +func TestPackageUpdateDepMissing(t *testing.T) { + PlaybookTest{ + Path: "playbooks/package_update_dep_missing.yml", + ExitCode: 2, + Output: []string{ + "check \"package_update\":", + "Could not perform a yum update.", + "break-yum-update-1.0-2.noarch requires package-that-does-not-exist", + }, + }.Run(t) +} + +func TestPackageUpdateRepoBroken(t *testing.T) { + PlaybookTest{ + Path: "playbooks/package_update_repo_broken.yml", + ExitCode: 2, + Output: []string{ + "check \"package_update\":", + "Error with yum repository configuration: Cannot find a valid baseurl for repo", + }, + }.Run(t) +} + +func TestPackageUpdateRepoDisabled(t *testing.T) { + PlaybookTest{ + Path: "playbooks/package_update_repo_disabled.yml", + ExitCode: 0, + Output: []string{ + "CHECK [package_update", + }, + }.Run(t) +} + +func TestPackageUpdateRepoUnreachable(t *testing.T) { + PlaybookTest{ + Path: "playbooks/package_update_repo_unreachable.yml", + ExitCode: 2, + Output: []string{ + "check \"package_update\":", + "Error getting data from at least one yum repository", + }, + }.Run(t) +} + +func TestPackageVersionMatches(t *testing.T) { + PlaybookTest{ + Path: "playbooks/package_version_matches.yml", + ExitCode: 0, + Output: []string{ + "CHECK [package_version", + }, + }.Run(t) +} + +func TestPackageVersionMismatches(t *testing.T) { + PlaybookTest{ + Path: "playbooks/package_version_mismatches.yml", + ExitCode: 2, + Output: []string{ + "check \"package_version\":", + "Not all of the required packages are available at requested version", + }, + }.Run(t) +} + +func TestPackageVersionMultiple(t *testing.T) { + PlaybookTest{ + Path: "playbooks/package_version_multiple.yml", + ExitCode: 2, + Output: []string{ + "check \"package_version\":", + "Multiple minor versions of these packages are available", + }, + }.Run(t) +} + +func TestPackageAvailabilityMissingRequired(t *testing.T) { + PlaybookTest{ + Path: "playbooks/package_availability_missing_required.yml", + ExitCode: 2, + Output: []string{ + "check \"package_availability\":", + "Cannot install all of the necessary packages.", + "atomic-openshift", + }, + }.Run(t) +} + +func TestPackageAvailabilitySucceeds(t *testing.T) { + PlaybookTest{ + Path: "playbooks/package_availability_succeeds.yml", + ExitCode: 0, + Output: []string{ + "CHECK [package_availability", + }, + }.Run(t) +} diff --git a/test/integration/openshift_health_checker/setup_container.yml b/test/integration/openshift_health_checker/setup_container.yml new file mode 100644 index 000000000..8793d954e --- /dev/null +++ b/test/integration/openshift_health_checker/setup_container.yml @@ -0,0 +1,45 @@ +--- +# Include this play once for each container you want to create and use as a test host. +# +# Optional parameters on the include are as follows: +# * scenario = unique name for the container to be started +# * image = name of the image to start in the container +# * command = command to run in the container +# * l_groups = host groups that the container should be added to +# * l_host_vars = any variables that should be added to the host + +- name: Start container for specified test host + gather_facts: no + hosts: localhost + connection: local + tasks: + + - set_fact: + # This is a little weird but if we use a var instead of a fact, + # a different random value is generated for each task. See: + # https://opensolitude.com/2015/05/27/ansible-lookups-variables-vs-facts.html + container_name: openshift_ansible_test_{{ scenario | default(100000000000000 | random) }} + + - name: start container + docker_container: + name: "{{ container_name }}" + image: "{{ lookup('env', 'IMAGE_PREFIX') | default('openshift-ansible-integration-', true) }}{{ image | default('test-target-base') }}" + command: "{{ command | default('sleep 1800') }}" + recreate: yes + # NOTE: When/if we need to run containers that are docker hosts as well: + # volumes: [ "/var/run/docker.sock:/var/run/docker.sock:z" ] + + - name: add container as host in inventory + add_host: + ansible_connection: docker + name: "{{ container_name }}" + groups: '{{ l_groups | default("masters,nodes,etcd") }}' + + # There ought to be a better way to transfer the host vars, but see: + # https://groups.google.com/forum/#!topic/Ansible-project/Jwx8RYhqxPA + - name: set host facts per test parameters + set_fact: + "{{ item.key }}": "{{ item.value }}" + delegate_facts: True + delegate_to: "{{ container_name }}" + with_dict: "{{ l_host_vars | default({}) }}" diff --git a/test/integration/openshift_health_checker/teardown_container.yml b/test/integration/openshift_health_checker/teardown_container.yml new file mode 100644 index 000000000..fe11e2617 --- /dev/null +++ b/test/integration/openshift_health_checker/teardown_container.yml @@ -0,0 +1,23 @@ +--- + +# Include this to delete the current test host container. +# +# In order to recover from test exceptions, this cleanup is expected to +# be done in an "always:" task on the same block as the test task(s). So +# it happens in a task "on" the host being tested. In order to delete the +# host's container, the task uses its own hostname (which is same as the +# container name) but delegates the docker action to localhost. + +- block: + + # so handlers don't break the test by trying to run after teardown: + - meta: flush_handlers + + always: + + - name: delete test container + delegate_to: localhost + connection: local + docker_container: + name: "{{ inventory_hostname }}" + state: absent diff --git a/test/integration/run-tests.sh b/test/integration/run-tests.sh new file mode 100755 index 000000000..680b64602 --- /dev/null +++ b/test/integration/run-tests.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +# This script runs the golang integration tests in the directories underneath. +# It should be run from the same directory it is in, or in a directory above. +# Specify the same image prefix used (if any) with build-images.sh +# +# Example: +# ./run-tests.sh --prefix=docker.io/openshift/ansible-integration- --parallel=16 + +set -o errexit +set -o nounset +set -o pipefail + +source_root=$(dirname "${0}") + +prefix="${PREFIX:-openshift-ansible-integration-}" +gotest_options="${GOTEST_OPTIONS:--v}" +push=false +verbose=false +help=false + +for args in "$@" +do + case $args in + --prefix=*) + prefix="${args#*=}" + ;; + --parallel=*) + gotest_options="${gotest_options} -parallel ${args#*=}" + ;; + --verbose) + verbose=true + ;; + --help) + help=true + ;; + esac +done + +if [ "$help" = true ]; then + echo "Runs the openshift-ansible integration tests." + echo + echo "Options: " + echo " --prefix=PREFIX" + echo " The prefix to use for the image names." + echo " default: openshift-ansible-integration-" + echo + echo " --parallel=NUMBER" + echo " Number of tests to run in parallel." + echo " default: GOMAXPROCS (typically, number of processors)" + echo + echo " --verbose" + echo " Enables printing of the commands as they run." + echo + echo " --help" + echo " Prints this help message" + echo + exit 0 +fi + + + +if ! [ -d $source_root/../../.tox/integration ]; then + # have tox create a consistent virtualenv + pushd $source_root/../..; tox -e integration; popd +fi +# use the virtualenv from tox +set +o nounset; source $source_root/../../.tox/integration/bin/activate; set -o nounset + +if [ "$verbose" = true ]; then + set -x +fi + +# Run the tests. NOTE: "go test" requires a relative path for this purpose. +# The PWD trick below will only work if cwd is in/above where this script lives. +retval=0 +IMAGE_PREFIX="${prefix}" env -u GOPATH \ + go test ./${source_root#$PWD}/... ${gotest_options} + + diff --git a/test/openshift_version_tests.py b/test/openshift_version_tests.py index 52e9a9888..393a4d6ba 100644 --- a/test/openshift_version_tests.py +++ b/test/openshift_version_tests.py @@ -44,7 +44,7 @@ class OpenShiftVersionTests(unittest.TestCase): {'name': 'oo_version_gte_3_5_or_1_5', 'positive_enterprise_version': '3.6.0', 'negative_enterprise_version': '3.4.0', - 'positive_origin_version': '1.6.0', + 'positive_origin_version': '3.6.0', 'negative_origin_version': '1.4.0'}] def test_legacy_gte_filters(self): diff --git a/test/modify_yaml_tests.py b/test/unit/modify_yaml_tests.py index 0dc25df82..65b2db44c 100644 --- a/test/modify_yaml_tests.py +++ b/test/unit/modify_yaml_tests.py @@ -5,7 +5,7 @@ import os import sys import unittest -sys.path = [os.path.abspath(os.path.dirname(__file__) + "/../library/")] + sys.path +sys.path = [os.path.abspath(os.path.dirname(__file__) + "/../../library/")] + sys.path # pylint: disable=import-error from modify_yaml import set_key # noqa: E402 @@ -3,6 +3,7 @@ minversion=2.3.1 envlist = py{27,35}-{flake8,pylint,unit} py27-{yamllint,ansible_syntax,generate_validation} + integration skipsdist=True skip_missing_interpreters=True @@ -12,6 +13,7 @@ deps = -rrequirements.txt -rtest-requirements.txt py35-flake8: flake8-bugbear==17.3.0 + integration: docker-py==1.10.6 commands = unit: pip install -e utils @@ -21,4 +23,10 @@ commands = yamllint: python setup.py yamllint generate_validation: python setup.py generate_validation # TODO(rhcarvalho): check syntax of other important entrypoint playbooks - ansible_syntax: ansible-playbook --syntax-check playbooks/byo/config.yml + ansible_syntax: python setup.py ansible_syntax + # ansible 2.2.2+ unfortunately breaks the integration test runner + # because it can no longer set facts on the test docker hosts. + # So for now, install separate ansible version for integration. + # PR that fixes it: https://github.com/ansible/ansible/pull/23599 + # Once that PR is available, drop this and use same ansible. + integration: pip install ansible==2.2.1.0 diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py index a6d784dea..71dcf87aa 100644 --- a/utils/src/ooinstall/cli_installer.py +++ b/utils/src/ooinstall/cli_installer.py @@ -34,6 +34,12 @@ UPGRADE_MAPPINGS = { '3.5': { 'minor_version': '3.5', 'minor_playbook': 'v3_5/upgrade.yml', + 'major_playbook': 'v3_6/upgrade.yml', + 'major_version': '3.6', + }, + '3.6': { + 'minor_version': '3.6', + 'minor_playbook': 'v3_6/upgrade.yml', }, } |