summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.tito/packages/openshift-ansible2
-rw-r--r--filter_plugins/oo_filters.py25
-rw-r--r--inventory/byo/hosts.aep.example6
-rw-r--r--inventory/byo/hosts.origin.example6
-rw-r--r--inventory/byo/hosts.ose.example6
-rw-r--r--openshift-ansible.spec28
-rw-r--r--playbooks/adhoc/create_pv/create_pv.yaml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml12
-rw-r--r--playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml16
-rw-r--r--playbooks/libvirt/openshift-cluster/vars.yml3
-rw-r--r--playbooks/openstack/openshift-cluster/config.yml1
-rw-r--r--playbooks/openstack/openshift-cluster/dns.yml47
-rw-r--r--playbooks/openstack/openshift-cluster/files/heat_stack.yaml189
-rw-r--r--playbooks/openstack/openshift-cluster/launch.yml15
-rw-r--r--playbooks/openstack/openshift-cluster/update.yml2
-rw-r--r--playbooks/openstack/openshift-cluster/vars.yml6
-rw-r--r--roles/dns/README.md43
-rw-r--r--roles/dns/handlers/main.yml4
-rw-r--r--roles/dns/meta/main.yml7
-rw-r--r--roles/dns/tasks/main.yml22
-rw-r--r--roles/dns/templates/named.conf23
-rw-r--r--roles/dns/templates/openshift-cluster.zone14
-rw-r--r--roles/openshift_cluster_metrics/tasks/main.yml10
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py24
-rw-r--r--roles/openshift_master/tasks/main.yml4
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml32
-rw-r--r--roles/os_zabbix/vars/template_openshift_master.yml25
-rw-r--r--roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j28
-rw-r--r--utils/src/ooinstall/openshift_ansible.py2
29 files changed, 509 insertions, 75 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible
index bc2fab995..bfc9e0962 100644
--- a/.tito/packages/openshift-ansible
+++ b/.tito/packages/openshift-ansible
@@ -1 +1 @@
-3.0.38-1 ./
+3.0.39-1 ./
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index 289e3b8f7..450101785 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -646,6 +646,30 @@ class FilterModule(object):
persistent_volume_claims.append(persistent_volume_claim)
return persistent_volume_claims
+ @staticmethod
+ def oo_31_rpm_rename_conversion(rpms, openshift_version=None):
+ """ Filters a list of 3.0 rpms and return the corresponding 3.1 rpms
+ names with proper version (if provided)
+
+ If 3.1 rpms are passed in they will only be augmented with the
+ correct version. This is important for hosts that are running both
+ Masters and Nodes.
+ """
+ if not isinstance(rpms, list):
+ raise errors.AnsibleFilterError("failed expects to filter on a list")
+ if openshift_version is not None and not isinstance(openshift_version, basestring):
+ raise errors.AnsibleFilterError("failed expects openshift_version to be a string")
+
+ rpms_31 = []
+ for rpm in rpms:
+ if not 'atomic' in rpm:
+ rpm = rpm.replace("openshift", "atomic-openshift")
+ if openshift_version:
+ rpm = rpm + openshift_version
+ rpms_31.append(rpm)
+
+ return rpms_31
+
def filters(self):
""" returns a mapping of filters to methods """
return {
@@ -671,4 +695,5 @@ class FilterModule(object):
"oo_openshift_env": self.oo_openshift_env,
"oo_persistent_volumes": self.oo_persistent_volumes,
"oo_persistent_volume_claims": self.oo_persistent_volume_claims,
+ "oo_31_rpm_rename_conversion": self.oo_31_rpm_rename_conversion,
}
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example
index 7f4a1a9d2..915a82579 100644
--- a/inventory/byo/hosts.aep.example
+++ b/inventory/byo/hosts.aep.example
@@ -98,8 +98,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Set cockpit plugins
#osm_cockpit_plugins=['cockpit-kubernetes']
-# Native high availbility cluster method with optional load balancer.
-# If no lb group is defined installer assumes that a load balancer has
+# Native high availability cluster method with optional load balancer.
+# If no lb group is defined, the installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
@@ -247,7 +247,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# openshift-ansible will wait indefinitely for your input when it detects that the
# value of openshift_hostname resolves to an IP address not bound to any local
# interfaces. This mis-configuration is problematic for any pod leveraging host
-# networking and liveness or readiness probes.
+# networking and liveness or readiness probes.
# Setting this variable to true will override that check.
#openshift_override_hostname_check=true
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index aae987796..4fe514d97 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -103,8 +103,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Set cockpit plugins
#osm_cockpit_plugins=['cockpit-kubernetes']
-# Native high availbility cluster method with optional load balancer.
-# If no lb group is defined installer assumes that a load balancer has
+# Native high availability cluster method with optional load balancer.
+# If no lb group is defined, the installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
@@ -252,7 +252,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# openshift-ansible will wait indefinitely for your input when it detects that the
# value of openshift_hostname resolves to an IP address not bound to any local
# interfaces. This mis-configuration is problematic for any pod leveraging host
-# networking and liveness or readiness probes.
+# networking and liveness or readiness probes.
# Setting this variable to true will override that check.
#openshift_override_hostname_check=true
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index f017f9a6e..26caba36a 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -98,8 +98,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Set cockpit plugins
#osm_cockpit_plugins=['cockpit-kubernetes']
-# Native high availbility cluster method with optional load balancer.
-# If no lb group is defined installer assumes that a load balancer has
+# Native high availability cluster method with optional load balancer.
+# If no lb group is defined, the installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
@@ -247,7 +247,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# openshift-ansible will wait indefinitely for your input when it detects that the
# value of openshift_hostname resolves to an IP address not bound to any local
# interfaces. This mis-configuration is problematic for any pod leveraging host
-# networking and liveness or readiness probes.
+# networking and liveness or readiness probes.
# Setting this variable to true will override that check.
#openshift_override_hostname_check=true
diff --git a/openshift-ansible.spec b/openshift-ansible.spec
index 218c714f5..b6efaafdb 100644
--- a/openshift-ansible.spec
+++ b/openshift-ansible.spec
@@ -5,7 +5,7 @@
}
Name: openshift-ansible
-Version: 3.0.38
+Version: 3.0.39
Release: 1%{?dist}
Summary: Openshift and Atomic Enterprise Ansible
License: ASL 2.0
@@ -259,6 +259,32 @@ Atomic OpenShift Utilities includes
%changelog
+* Tue Feb 09 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.39-1
+- Bug 1304150 - Can't upgrade atomic-openshift to specified version
+ (bleanhar@redhat.com)
+- Mask master service when using native ha (jdetiber@redhat.com)
+- aoi: Safer check for master_routingconfig_subdomain (smunilla@redhat.com)
+- Add a DNS server on OpenStack clusters (lhuard@amadeus.com)
+- renamed /etc/openshift to /etc/origin (sten@redhat.com)
+- gitignore : .tag* (atom editor tag files) (sdodson@redhat.com)
+- Add an early check to ensure that node names resolve to an interface on the
+ host (sdodson@redhat.com)
+- Allow compression option to be set to empty for non compressed QCow images
+ Support tgz and gzip compressed images (akram@free.fr)
+- Replace status_changed bool (abutcher@redhat.com)
+- Improve docs and consistency of setting the ssh_user (jdetiber@redhat.com)
+- remove outdated comments (jdetiber@redhat.com)
+- add etcd hosts for gce playbooks (jdetiber@redhat.com)
+- GCE cloud provider updates (jdetiber@redhat.com)
+- Remove extra nfs configuration. (abutcher@redhat.com)
+- Do not apply the etcd_certificates role during node playbook.
+ (abutcher@redhat.com)
+- Add g_new_node_hosts to cluster_hosts. (abutcher@redhat.com)
+- Updating examples to use /etc/origin/master/htpasswd (jstuever@redhat.com)
+- Refactor registry storage options. (abutcher@redhat.com)
+- Additional overrides for cloud provider playbooks (jdetiber@redhat.com)
+- Bring first etcd server up before others. (dgoodwin@redhat.com)
+
* Tue Feb 02 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.38-1
- aoi: Ask for osm_default_subdomain in interactive mode (smunilla@redhat.com)
- add item to hold number of stray OVS rules found/removed (jdiaz@redhat.com)
diff --git a/playbooks/adhoc/create_pv/create_pv.yaml b/playbooks/adhoc/create_pv/create_pv.yaml
index 347d9f574..81c1ee653 100644
--- a/playbooks/adhoc/create_pv/create_pv.yaml
+++ b/playbooks/adhoc/create_pv/create_pv.yaml
@@ -150,7 +150,7 @@
# We have to use the shell module because we can't set env vars with the command module.
- name: "Place PV into oc"
- shell: "KUBECONFIG=/etc/openshift/master/admin.kubeconfig oc create -f {{ pv_template | quote }}"
+ shell: "KUBECONFIG=/etc/origin/master/admin.kubeconfig oc create -f {{ pv_template | quote }}"
register: oc_output
- debug: var=oc_output
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
index 8ec379109..55c36810f 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
@@ -229,12 +229,19 @@
hosts: oo_masters_to_config
vars:
openshift_version: "{{ openshift_pkg_version | default('') }}"
+ roles:
+ - openshift_facts
tasks:
- name: Upgrade to latest available kernel
action: "{{ ansible_pkg_mgr}} name=kernel state=latest"
- name: Upgrade master packages
command: "{{ ansible_pkg_mgr}} update -y {{ openshift.common.service_type }}-master{{ openshift_version }}"
+ when: openshift_pkg_version is not defined
+
+ - name: Upgrade packages
+ command: "{{ ansible_pkg_mgr}} install -y {{ openshift.common.installed_variant_rpms | oo_31_rpm_rename_conversion(openshift_version) | join (' ')}}"
+ when: openshift_pkg_version is defined and deployment_type == 'openshift-enterprise'
- name: Ensure python-yaml present for config upgrade
action: "{{ ansible_pkg_mgr }} name=PyYAML state=present"
@@ -415,6 +422,11 @@
tasks:
- name: Upgrade node packages
command: "{{ ansible_pkg_mgr }} update -y {{ openshift.common.service_type }}-node{{ openshift_version }}"
+ when: openshift_pkg_version is not defined
+
+ - name: Upgrade packages
+ command: "{{ ansible_pkg_mgr}} install -y {{ openshift.common.installed_variant_rpms | oo_31_rpm_rename_conversion(openshift_version) | join (' ')}}"
+ when: openshift_pkg_version is defined and deployment_type == 'openshift-enterprise'
- name: Restart node service
service: name="{{ openshift.common.service_type }}-node" state=restarted
diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
index ff1cedc94..ebe9f0ad9 100644
--- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
+++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
@@ -13,16 +13,28 @@
get_url:
url: '{{ image_url }}'
sha256sum: '{{ image_sha256 }}'
- dest: '{{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}'
+ dest: '{{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | reject("equalto", "") | join(".") }}'
when: '{{ ( lookup("oo_option", "skip_image_download") | default("no", True) | lower ) in ["false", "no"] }}'
register: downloaded_image
-- name: Uncompress Base Cloud image
+- name: Uncompress xz compressed base cloud image
command: 'unxz -kf {{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}'
args:
creates: '{{ os_libvirt_storage_pool_path }}/{{ image_name }}'
when: image_compression in ["xz"] and downloaded_image.changed
+- name: Uncompress tgz compressed base cloud image
+ command: 'tar zxvf {{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}'
+ args:
+ creates: '{{ os_libvirt_storage_pool_path }}/{{ image_name }}'
+ when: image_compression in ["tgz"] and downloaded_image.changed
+
+- name: Uncompress gzip compressed base cloud image
+ command: 'gunzip {{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}'
+ args:
+ creates: '{{ os_libvirt_storage_pool_path }}/{{ image_name }}'
+ when: image_compression in ["gz"] and downloaded_image.changed
+
- name: Create the cloud-init config drive path
file:
dest: '{{ os_libvirt_storage_pool_path }}/{{ item }}_configdrive/'
diff --git a/playbooks/libvirt/openshift-cluster/vars.yml b/playbooks/libvirt/openshift-cluster/vars.yml
index da628786b..c78b52867 100644
--- a/playbooks/libvirt/openshift-cluster/vars.yml
+++ b/playbooks/libvirt/openshift-cluster/vars.yml
@@ -15,6 +15,7 @@ deployment_rhel7_ent_base:
default('rhel-guest-image-7.2-20151102.0.x86_64.qcow2', True) }}"
sha256: "{{ lookup('oo_option', 'image_sha256') |
default('25f880767ec6bf71beb532e17f1c45231640bbfdfbbb1dffb79d2c1b328388e0', True) }}"
+ compression: ""
ssh_user: openshift
sudo: yes
@@ -41,3 +42,5 @@ deployment_vars:
enterprise: "{{ deployment_rhel7_ent_base }}"
openshift-enterprise: "{{ deployment_rhel7_ent_base }}"
atomic-enterprise: "{{ deployment_rhel7_ent_base }}"
+
+
diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml
index 438d5e24f..093beaf03 100644
--- a/playbooks/openstack/openshift-cluster/config.yml
+++ b/playbooks/openstack/openshift-cluster/config.yml
@@ -10,7 +10,6 @@
openshift_cluster_id: "{{ cluster_id }}"
openshift_debug_level: "{{ debug_level }}"
openshift_deployment_type: "{{ deployment_type }}"
- openshift_hostname: "{{ ansible_default_ipv4.address }}"
openshift_registry_selector: 'type=infra'
openshift_router_selector: 'type=infra'
openshift_infra_nodes: "{{ g_infra_hosts }}"
diff --git a/playbooks/openstack/openshift-cluster/dns.yml b/playbooks/openstack/openshift-cluster/dns.yml
new file mode 100644
index 000000000..5e7671a48
--- /dev/null
+++ b/playbooks/openstack/openshift-cluster/dns.yml
@@ -0,0 +1,47 @@
+- name: Populate oo_dns_hosts_to_update group
+ hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ vars_files:
+ - vars.yml
+ - cluster_hosts.yml
+ tasks:
+ - name: Evaluate oo_dns_hosts_to_update
+ add_host:
+ name: "{{ item }}"
+ groups: oo_dns_hosts_to_update
+ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
+ ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
+ with_items: "{{ groups[cluster_id ~ '-dns'] }}"
+
+ - name: Evaluate oo_hosts_to_add_in_dns
+ add_host:
+ name: "{{ item }}"
+ groups: oo_hosts_to_add_in_dns
+ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
+ ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
+ with_items: "{{ groups['tag_clusterid_' ~ cluster_id] }}"
+
+- name: Gather facts
+ hosts: oo_hosts_to_add_in_dns
+ vars_files:
+ - vars.yml
+ - cluster_hosts.yml
+
+- name: Configure the DNS
+ hosts: oo_dns_hosts_to_update
+ vars_files:
+ - vars.yml
+ - cluster_hosts.yml
+ roles:
+ - role: rhel_subscribe
+ when: deployment_type in ["enterprise", "atomic-enterprise", "openshift-enterprise"] and
+ ansible_distribution == "RedHat" and
+ lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
+ default('no', True) | lower in ['no', 'false']
+
+ - { role: dns,
+ dns_forwarders: "{{ openstack_network_dns }}",
+ dns_zones: [ novalocal, openstacklocal ],
+ dns_all_hosts: "{{ g_all_hosts }}" }
diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
index 4f6a59a30..ac1612634 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
@@ -14,10 +14,10 @@ parameters:
label: Cluster ID
description: Identifier of the cluster
- cidr:
+ subnet_24_prefix:
type: string
- label: CIDR
- description: CIDR of the network of the cluster
+ label: subnet /24 prefix
+ description: /24 subnet prefix of the network of the cluster (dot separated number triplet)
dns_nameservers:
type: comma_delimited_list
@@ -30,12 +30,6 @@ parameters:
description: Name of the external network
default: external
- floating_ip_pool:
- type: string
- label: Floating IP pool
- description: Floating IP pools
- default: external
-
ssh_public_key:
type: string
label: SSH public key
@@ -88,6 +82,11 @@ parameters:
label: Infra image
description: Name of the image for the infra node servers
+ dns_image:
+ type: string
+ label: DNS image
+ description: Name of the image for the DNS server
+
etcd_flavor:
type: string
label: Etcd flavor
@@ -108,6 +107,11 @@ parameters:
label: Infra flavor
description: Flavor of the infra node servers
+ dns_flavor:
+ type: string
+ label: DNS flavor
+ description: Flavor of the DNS server
+
outputs:
etcd_names:
@@ -158,6 +162,26 @@ outputs:
description: Floating IPs of the nodes
value: { get_attr: [ infra_nodes, floating_ip ] }
+ dns_name:
+ description: Name of the DNS
+ value:
+ get_attr:
+ - dns
+ - name
+
+ dns_floating_ip:
+ description: Floating IP of the DNS
+ value:
+ get_attr:
+ - dns
+ - addresses
+ - str_replace:
+ template: openshift-ansible-cluster_id-net
+ params:
+ cluster_id: { get_param: cluster_id }
+ - 1
+ - addr
+
resources:
net:
@@ -178,8 +202,27 @@ resources:
params:
cluster_id: { get_param: cluster_id }
network: { get_resource: net }
- cidr: { get_param: cidr }
- dns_nameservers: { get_param: dns_nameservers }
+ cidr:
+ str_replace:
+ template: subnet_24_prefix.0/24
+ params:
+ subnet_24_prefix: { get_param: subnet_24_prefix }
+ allocation_pools:
+ - start:
+ str_replace:
+ template: subnet_24_prefix.3
+ params:
+ subnet_24_prefix: { get_param: subnet_24_prefix }
+ end:
+ str_replace:
+ template: subnet_24_prefix.254
+ params:
+ subnet_24_prefix: { get_param: subnet_24_prefix }
+ dns_nameservers:
+ - str_replace:
+ template: subnet_24_prefix.2
+ params:
+ subnet_24_prefix: { get_param: subnet_24_prefix }
router:
type: OS::Neutron::Router
@@ -337,6 +380,44 @@ resources:
port_range_min: 443
port_range_max: 443
+ dns-secgrp:
+ type: OS::Neutron::SecurityGroup
+ properties:
+ name:
+ str_replace:
+ template: openshift-ansible-cluster_id-dns-secgrp
+ params:
+ cluster_id: { get_param: cluster_id }
+ description:
+ str_replace:
+ template: Security group for cluster_id cluster DNS
+ params:
+ cluster_id: { get_param: cluster_id }
+ rules:
+ - direction: ingress
+ protocol: tcp
+ port_range_min: 22
+ port_range_max: 22
+ remote_ip_prefix: { get_param: ssh_incoming }
+ - direction: ingress
+ protocol: udp
+ port_range_min: 53
+ port_range_max: 53
+ remote_mode: remote_group_id
+ remote_group_id: { get_resource: etcd-secgrp }
+ - direction: ingress
+ protocol: udp
+ port_range_min: 53
+ port_range_max: 53
+ remote_mode: remote_group_id
+ remote_group_id: { get_resource: master-secgrp }
+ - direction: ingress
+ protocol: udp
+ port_range_min: 53
+ port_range_max: 53
+ remote_mode: remote_group_id
+ remote_group_id: { get_resource: node-secgrp }
+
etcd:
type: OS::Heat::ResourceGroup
properties:
@@ -360,13 +441,14 @@ resources:
subnet: { get_resource: subnet }
secgrp:
- { get_resource: etcd-secgrp }
- floating_network: { get_param: floating_ip_pool }
+ floating_network: { get_param: external_net }
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: { get_param: cluster_id }
- depends_on: interface
+ depends_on:
+ - interface
masters:
type: OS::Heat::ResourceGroup
@@ -391,13 +473,14 @@ resources:
subnet: { get_resource: subnet }
secgrp:
- { get_resource: master-secgrp }
- floating_network: { get_param: floating_ip_pool }
+ floating_network: { get_param: external_net }
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: { get_param: cluster_id }
- depends_on: interface
+ depends_on:
+ - interface
compute_nodes:
type: OS::Heat::ResourceGroup
@@ -424,13 +507,14 @@ resources:
subnet: { get_resource: subnet }
secgrp:
- { get_resource: node-secgrp }
- floating_network: { get_param: floating_ip_pool }
+ floating_network: { get_param: external_net }
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: { get_param: cluster_id }
- depends_on: interface
+ depends_on:
+ - interface
infra_nodes:
type: OS::Heat::ResourceGroup
@@ -458,10 +542,77 @@ resources:
secgrp:
- { get_resource: node-secgrp }
- { get_resource: infra-secgrp }
- floating_network: { get_param: floating_ip_pool }
+ floating_network: { get_param: external_net }
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: { get_param: cluster_id }
- depends_on: interface
+ depends_on:
+ - interface
+
+ dns:
+ type: OS::Nova::Server
+ properties:
+ name:
+ str_replace:
+ template: cluster_id-dns
+ params:
+ cluster_id: { get_param: cluster_id }
+ key_name: { get_resource: keypair }
+ image: { get_param: dns_image }
+ flavor: { get_param: dns_flavor }
+ networks:
+ - port: { get_resource: dns-port }
+ user_data: { get_resource: dns-config }
+ user_data_format: RAW
+
+ dns-port:
+ type: OS::Neutron::Port
+ properties:
+ network: { get_resource: net }
+ fixed_ips:
+ - subnet: { get_resource: subnet }
+ ip_address:
+ str_replace:
+ template: subnet_24_prefix.2
+ params:
+ subnet_24_prefix: { get_param: subnet_24_prefix }
+ security_groups:
+ - { get_resource: dns-secgrp }
+
+ dns-floating-ip:
+ type: OS::Neutron::FloatingIP
+ properties:
+ floating_network: { get_param: external_net }
+ port_id: { get_resource: dns-port }
+
+ dns-config:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: { get_file: user-data }
+ - config:
+ str_replace:
+ template: |
+ #cloud-config
+ write_files:
+ - path: /etc/sysconfig/network-scripts/ifcfg-eth0
+ content: |
+ DEVICE="eth0"
+ BOOTPROTO="dhcp"
+ DNS1="$dns1"
+ DNS2="$dns2"
+ PEERDNS="no"
+ ONBOOT="yes"
+ runcmd:
+ - [ "/usr/bin/systemctl", "restart", "network" ]
+ params:
+ $dns1:
+ get_param:
+ - dns_nameservers
+ - 0
+ $dns2:
+ get_param:
+ - dns_nameservers
+ - 1
diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml
index 76cc64a73..2187cefed 100644
--- a/playbooks/openstack/openshift-cluster/launch.yml
+++ b/playbooks/openstack/openshift-cluster/launch.yml
@@ -32,10 +32,9 @@
--timeout 3 --enable-rollback
-P cluster_env={{ cluster_env }}
-P cluster_id={{ cluster_id }}
- -P cidr={{ openstack_network_cidr }}
+ -P subnet_24_prefix={{ openstack_subnet_24_prefix }}
-P dns_nameservers={{ openstack_network_dns | join(",") }}
-P external_net={{ openstack_network_external_net }}
- -P floating_ip_pool={{ openstack_floating_ip_pool }}
-P ssh_public_key="{{ openstack_ssh_public_key }}"
-P ssh_incoming={{ openstack_ssh_access_from }}
-P num_etcd={{ num_etcd }}
@@ -46,10 +45,12 @@
-P master_image={{ deployment_vars[deployment_type].image }}
-P node_image={{ deployment_vars[deployment_type].image }}
-P infra_image={{ deployment_vars[deployment_type].image }}
+ -P dns_image={{ deployment_vars[deployment_type].image }}
-P etcd_flavor={{ openstack_flavor["etcd"] }}
-P master_flavor={{ openstack_flavor["master"] }}
-P node_flavor={{ openstack_flavor["node"] }}
-P infra_flavor={{ openstack_flavor["infra"] }}
+ -P dns_flavor=m1.small
openshift-ansible-{{ cluster_id }}-stack'
- name: Wait for OpenStack Stack readiness
@@ -115,6 +116,14 @@
- parsed_outputs.infra_ips
- parsed_outputs.infra_floating_ips
+ - name: Add DNS groups and variables
+ add_host:
+ hostname: '{{ parsed_outputs.dns_name }}'
+ ansible_ssh_host: '{{ parsed_outputs.dns_floating_ip }}'
+ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
+ ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
+ groups: '{{ cluster_id }}-dns'
+
- name: Wait for ssh
wait_for:
host: '{{ item }}'
@@ -123,6 +132,7 @@
- parsed_outputs.master_floating_ips
- parsed_outputs.node_floating_ips
- parsed_outputs.infra_floating_ips
+ - parsed_outputs.dns_floating_ip
- name: Wait for user setup
command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null {{ deployment_vars[deployment_type].ssh_user }}@{{ item }} echo {{ deployment_vars[deployment_type].ssh_user }} user is setup'
@@ -134,6 +144,7 @@
- parsed_outputs.master_floating_ips
- parsed_outputs.node_floating_ips
- parsed_outputs.infra_floating_ips
+ - parsed_outputs.dns_floating_ip
- include: update.yml
diff --git a/playbooks/openstack/openshift-cluster/update.yml b/playbooks/openstack/openshift-cluster/update.yml
index 2dc540978..16027b15c 100644
--- a/playbooks/openstack/openshift-cluster/update.yml
+++ b/playbooks/openstack/openshift-cluster/update.yml
@@ -1,4 +1,6 @@
---
+- include: dns.yml
+
- name: Populate oo_hosts_to_update group
hosts: localhost
connection: local
diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml
index 76cde1706..ee26d223e 100644
--- a/playbooks/openstack/openshift-cluster/vars.yml
+++ b/playbooks/openstack/openshift-cluster/vars.yml
@@ -2,12 +2,10 @@
debug_level: 2
openstack_infra_heat_stack: "{{ lookup('oo_option', 'infra_heat_stack' ) |
default('files/heat_stack.yaml', True) }}"
-openstack_network_cidr: "{{ lookup('oo_option', 'net_cidr' ) |
- default('192.168.' + ( ( 1048576 | random % 256 ) | string() ) + '.0/24', True) }}"
+openstack_subnet_24_prefix: "{{ lookup('oo_option', 'subnet_24_prefix' ) |
+ default('192.168.' + ( ( 1048576 | random % 256 ) | string() ), True) }}"
openstack_network_external_net: "{{ lookup('oo_option', 'external_net' ) |
default('external', True) }}"
-openstack_floating_ip_pool: "{{ lookup('oo_option', 'floating_ip_pool' ) |
- default('external', True) }}"
openstack_network_dns: "{{ lookup('oo_option', 'dns' ) |
default('8.8.8.8,8.8.4.4', True) | oo_split() }}"
openstack_ssh_public_key: "{{ lookup('file', lookup('oo_option', 'public_key') |
diff --git a/roles/dns/README.md b/roles/dns/README.md
new file mode 100644
index 000000000..e238fb92e
--- /dev/null
+++ b/roles/dns/README.md
@@ -0,0 +1,43 @@
+dns
+===
+
+Configure a DNS server serving IPs of all the nodes of the cluster
+
+Requirements
+------------
+
+None
+
+Role Variables
+--------------
+
+| Name | Mandatory / Optional | Description |
+|------|----------------------|-------------|
+| `dns_zones` | Mandatory | DNS zones in which we must find the hosts |
+| `dns_forwarders` | If not set, the DNS will be a recursive non-forwarding DNS server | DNS forwarders to delegate the requests for hosts outside of `dns_zones` |
+| `dns_all_hosts` | Mandatory | Exhaustive list of hosts |
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+ - hosts: dns_hosts
+ roles:
+ - role: dns
+ dns_forwarders: [ '8.8.8.8', '8.8.4.4' ]
+ dns_zones: [ novalocal, openstacklocal ]
+ dns_all_hosts: "{{ g_all_hosts }}"
+
+License
+-------
+
+ASL 2.0
+
+Author Information
+------------------
+
+OpenShift operations, Red Hat, Inc
diff --git a/roles/dns/handlers/main.yml b/roles/dns/handlers/main.yml
new file mode 100644
index 000000000..ef101785e
--- /dev/null
+++ b/roles/dns/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart bind
+ service:
+ name: named
+ state: restarted
diff --git a/roles/dns/meta/main.yml b/roles/dns/meta/main.yml
new file mode 100644
index 000000000..b6e9d9ad0
--- /dev/null
+++ b/roles/dns/meta/main.yml
@@ -0,0 +1,7 @@
+---
+galaxy_info:
+ author: Lénaïc Huard
+ description: Deploy and configure a DNS server
+ company: Amadeus SAS
+ license: ASL 2.0
+dependencies: []
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
new file mode 100644
index 000000000..af728585d
--- /dev/null
+++ b/roles/dns/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Install Bind
+ action: "{{ ansible_pkg_mgr }} name=bind"
+
+- name: Configure Bind
+ template:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ validate: "{{ item.validate }}"
+ with_items:
+ - src: openshift-cluster.zone
+ dest: /var/named/openshift-cluster.zone
+ validate: "named-checkzone {{ dns_zones[0] }} %s"
+ - src: named.conf
+ dest: /etc/named.conf
+ validate: "named-checkconf %s"
+ notify: restart bind
+
+- name: Enable Bind
+ service:
+ name: named
+ state: started
+ enabled: yes
diff --git a/roles/dns/templates/named.conf b/roles/dns/templates/named.conf
new file mode 100644
index 000000000..22c1ff935
--- /dev/null
+++ b/roles/dns/templates/named.conf
@@ -0,0 +1,23 @@
+options
+{
+ directory "/var/named";
+
+ allow-query { {{ ansible_default_ipv4.network }}/24; };
+
+ recursion yes;
+
+{% if dns_forwarders is defined %}
+ forwarders {
+ {% for dns in dns_forwarders %}
+ {{ dns }};
+ {% endfor %}
+ };
+{% endif %}
+};
+{% for zone in dns_zones %}
+
+zone "{{ zone }}" IN {
+ type master;
+ file "openshift-cluster.zone";
+};
+{% endfor %}
diff --git a/roles/dns/templates/openshift-cluster.zone b/roles/dns/templates/openshift-cluster.zone
new file mode 100644
index 000000000..03f5dc089
--- /dev/null
+++ b/roles/dns/templates/openshift-cluster.zone
@@ -0,0 +1,14 @@
+$TTL 1d
+@ IN SOA {{ ansible_hostname }} openshift (
+ {{ ansible_date_time.epoch }} ; Serial (To be fixed before 2039)
+ 12h ; Refresh
+ 3m ; Retry
+ 4w ; Expire
+ 3h ; TTL for negative replies
+ )
+
+ IN NS {{ ansible_hostname }}
+{{ ansible_hostname }} IN A {{ ansible_default_ipv4.address }}
+{% for host in dns_all_hosts %}
+{{ hostvars[host].ansible_hostname }} IN A {{ hostvars[host]['ansible_default_ipv4'].address }}
+{% endfor %}
diff --git a/roles/openshift_cluster_metrics/tasks/main.yml b/roles/openshift_cluster_metrics/tasks/main.yml
index 9b7735e54..d45f62eca 100644
--- a/roles/openshift_cluster_metrics/tasks/main.yml
+++ b/roles/openshift_cluster_metrics/tasks/main.yml
@@ -3,12 +3,12 @@
- name: Install cluster metrics templates
copy:
src: cluster-metrics
- dest: /etc/openshift/
+ dest: /etc/origin/
- name: Create InfluxDB Services
command: >
{{ openshift.common.client_binary }} create -f
- /etc/openshift/cluster-metrics/influxdb.yaml
+ /etc/origin/cluster-metrics/influxdb.yaml
register: oex_influxdb_services
failed_when: "'already exists' not in oex_influxdb_services.stderr and oex_influxdb_services.rc != 0"
changed_when: false
@@ -16,7 +16,7 @@
- name: Create Heapster Service Account
command: >
{{ openshift.common.client_binary }} create -f
- /etc/openshift/cluster-metrics/heapster-serviceaccount.yaml
+ /etc/origin/cluster-metrics/heapster-serviceaccount.yaml
register: oex_heapster_serviceaccount
failed_when: "'already exists' not in oex_heapster_serviceaccount.stderr and oex_heapster_serviceaccount.rc != 0"
changed_when: false
@@ -35,7 +35,7 @@
- name: Create Heapster Services
command: >
{{ openshift.common.client_binary }} create -f
- /etc/openshift/cluster-metrics/heapster.yaml
+ /etc/origin/cluster-metrics/heapster.yaml
register: oex_heapster_services
failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0"
changed_when: false
@@ -43,7 +43,7 @@
- name: Create Grafana Services
command: >
{{ openshift.common.client_binary }} create -f
- /etc/openshift/cluster-metrics/grafana.yaml
+ /etc/origin/cluster-metrics/grafana.yaml
register: oex_grafana_services
failed_when: "'already exists' not in oex_grafana_services.stderr and oex_grafana_services.rc != 0"
changed_when: false
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 85c8abdf0..d11af307b 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -1070,6 +1070,28 @@ def set_container_facts_if_unset(facts):
return facts
+def set_installed_variant_rpm_facts(facts):
+ """ Set RPM facts of installed variant
+ Args:
+ facts (dict): existing facts
+ Returns:
+ dict: the facts dict updated with installed_variant_rpms
+ """
+ installed_rpms = []
+ for base_rpm in ['openshift', 'atomic-openshift', 'origin']:
+ optional_rpms = ['master', 'node', 'clients', 'sdn-ovs']
+ variant_rpms = [base_rpm] + \
+ ['{0}-{1}'.format(base_rpm, r) for r in optional_rpms] + \
+ ['tuned-profiles-%s-node' % base_rpm]
+ for rpm in variant_rpms:
+ exit_code, _, _ = module.run_command(['rpm', '-q', rpm])
+ if exit_code == 0:
+ installed_rpms.append(rpm)
+
+ facts['common']['installed_variant_rpms'] = installed_rpms
+ return facts
+
+
class OpenShiftFactsInternalError(Exception):
"""Origin Facts Error"""
@@ -1159,6 +1181,8 @@ class OpenShiftFacts(object):
facts = set_aggregate_facts(facts)
facts = set_etcd_facts_if_unset(facts)
facts = set_container_facts_if_unset(facts)
+ if not facts['common']['is_containerized']:
+ facts = set_installed_variant_rpm_facts(facts)
return dict(openshift=facts)
def get_defaults(self, roles):
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index aa5e593b6..83f6f7542 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -285,6 +285,10 @@
master_service_status_changed: "{{ start_result | changed }}"
when: not openshift_master_ha | bool
+- name: Mask master service
+ command: systemctl mask {{ openshift.common.service_type }}-master
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
+
- name: Start and enable master api
service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started
when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 5cf4bf7af..3b584f8eb 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -1,12 +1,4 @@
---
-- name: Install iptables packages
- action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
- with_items:
- - iptables
- - iptables-services
- register: install_result
- when: not openshift.common.is_atomic | bool
-
- name: Check if firewalld is installed
command: rpm -q firewalld
register: pkg_check
@@ -20,6 +12,22 @@
enabled: no
when: pkg_check.rc == 0
+# TODO: submit PR upstream to add mask/unmask to service module
+- name: Mask firewalld service
+ command: systemctl mask firewalld
+ register: result
+ changed_when: "'firewalld' in result.stdout"
+ when: pkg_check.rc == 0
+ ignore_errors: yes
+
+- name: Install iptables packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items:
+ - iptables
+ - iptables-services
+ register: install_result
+ when: not openshift.common.is_atomic | bool
+
- name: Reload systemd units
command: systemctl daemon-reload
when: install_result | changed
@@ -35,14 +43,6 @@
pause: seconds=10
when: result | changed
-# TODO: submit PR upstream to add mask/unmask to service module
-- name: Mask firewalld service
- command: systemctl mask firewalld
- register: result
- changed_when: "'firewalld' in result.stdout"
- when: pkg_check.rc == 0
- ignore_errors: yes
-
- name: Add iptables allow rules
os_firewall_manage_iptables:
name: "{{ item.service }}"
diff --git a/roles/os_zabbix/vars/template_openshift_master.yml b/roles/os_zabbix/vars/template_openshift_master.yml
index 9d20eb012..5aae2496a 100644
--- a/roles/os_zabbix/vars/template_openshift_master.yml
+++ b/roles/os_zabbix/vars/template_openshift_master.yml
@@ -2,13 +2,13 @@
g_template_openshift_master:
name: Template Openshift Master
zitems:
- - name: create_app
+ - name: openshift.master.app.create
applications:
- Openshift Master
- key: create_app
+ key: openshift.master.app.create
- - key: openshift.master.registry.healthz
- description: "Shows the health status of the cluster's docker registry"
+ - key: openshift.master.registry.healthy_pct
+ description: "Shows the percentage of healthy registries in the cluster"
type: int
applications:
- Openshift Master
@@ -288,14 +288,14 @@ g_template_openshift_master:
# Put triggers that depend on other triggers here (deps must be created first)
- name: 'Application creation has failed on {HOST.NAME}'
- expression: '{Template Openshift Master:create_app.last(#1)}=1 and {Template Openshift Master:create_app.last(#2)}=1'
+ expression: '{Template Openshift Master:openshift.master.app.create.last(#1)}=1 and {Template Openshift Master:openshift.master.app.create.last(#2)}=1'
url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_create_app.asciidoc'
dependencies:
- 'Openshift Master process not running on {HOST.NAME}'
priority: avg
- name: 'Application creation has failed multiple times in the last hour on {HOST.NAME}'
- expression: '{Template Openshift Master:create_app.sum(1h)}>3'
+ expression: '{Template Openshift Master:openshift.master.app.create.sum(1h)}>3'
url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_create_app.asciidoc'
dependencies:
- 'Openshift Master process not running on {HOST.NAME}'
@@ -333,9 +333,16 @@ g_template_openshift_master:
- 'Openshift Master process not running on {HOST.NAME}'
priority: avg
- - name: 'Docker Registry check failed on {HOST.NAME}'
- expression: '{Template Openshift Master:openshift.master.registry.healthz.max(#2)}<1'
- url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_master.asciidoc'
+ - name: 'One or more Docker Registries is unhealthy according to {HOST.NAME}'
+ expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<100 and {Template Openshift Master:openshift.master.registry.healthy_pct.max(#2)}>50'
+ url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc'
+ dependencies:
+ - 'Openshift Master process not running on {HOST.NAME}'
+ priority: avg
+
+ - name: 'Multiple Docker Registries are unhealthy according to {HOST.NAME}'
+ expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<51'
+ url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc'
dependencies:
- 'Openshift Master process not running on {HOST.NAME}'
priority: high
diff --git a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
index ac950b4e5..453a9a3b4 100644
--- a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
+++ b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
@@ -58,10 +58,10 @@ ExecStart=/usr/bin/docker run --name {{ osohm_host_monitoring }}
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/run/openvswitch:/var/run/openvswitch \
{% if hostvars[inventory_hostname]['ec2_tag_host-type'] == 'master' %}
- -v /etc/openshift/master/admin.kubeconfig:/etc/openshift/master/admin.kubeconfig \
- -v /etc/openshift/master/master.etcd-client.crt:/etc/openshift/master/master.etcd-client.crt \
- -v /etc/openshift/master/master.etcd-client.key:/etc/openshift/master/master.etcd-client.key \
- -v /etc/openshift/master/master-config.yaml:/etc/openshift/master/master-config.yaml \
+ -v /etc/origin/master/admin.kubeconfig:/etc/origin/master/admin.kubeconfig \
+ -v /etc/origin/master/master.etcd-client.crt:/etc/origin/master/master.etcd-client.crt \
+ -v /etc/origin/master/master.etcd-client.key:/etc/origin/master/master.etcd-client.key \
+ -v /etc/origin/master/master-config.yaml:/etc/origin/master/master-config.yaml \
{% endif %}
{{ osohm_docker_registry_url }}{{ osohm_host_monitoring }}
diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py
index cbb6f33e1..042ce1023 100644
--- a/utils/src/ooinstall/openshift_ansible.py
+++ b/utils/src/ooinstall/openshift_ansible.py
@@ -114,7 +114,7 @@ def write_inventory_vars(base_inventory, multiple_masters, proxy):
base_inventory.write('openshift_master_cluster_method=native\n')
base_inventory.write("openshift_master_cluster_hostname={}\n".format(proxy.hostname))
base_inventory.write("openshift_master_cluster_public_hostname={}\n".format(proxy.public_hostname))
- if CFG.settings['master_routingconfig_subdomain']:
+ if CFG.settings.get('master_routingconfig_subdomain', False):
base_inventory.write("osm_default_subdomain={}\n".format(CFG.settings['master_routingconfig_subdomain']))