diff options
29 files changed, 509 insertions, 75 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index bc2fab995..bfc9e0962 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.38-1 ./ +3.0.39-1 ./ diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 289e3b8f7..450101785 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -646,6 +646,30 @@ class FilterModule(object): persistent_volume_claims.append(persistent_volume_claim) return persistent_volume_claims + @staticmethod + def oo_31_rpm_rename_conversion(rpms, openshift_version=None): + """ Filters a list of 3.0 rpms and return the corresponding 3.1 rpms + names with proper version (if provided) + + If 3.1 rpms are passed in they will only be augmented with the + correct version. This is important for hosts that are running both + Masters and Nodes. + """ + if not isinstance(rpms, list): + raise errors.AnsibleFilterError("failed expects to filter on a list") + if openshift_version is not None and not isinstance(openshift_version, basestring): + raise errors.AnsibleFilterError("failed expects openshift_version to be a string") + + rpms_31 = [] + for rpm in rpms: + if not 'atomic' in rpm: + rpm = rpm.replace("openshift", "atomic-openshift") + if openshift_version: + rpm = rpm + openshift_version + rpms_31.append(rpm) + + return rpms_31 + def filters(self): """ returns a mapping of filters to methods """ return { @@ -671,4 +695,5 @@ class FilterModule(object): "oo_openshift_env": self.oo_openshift_env, "oo_persistent_volumes": self.oo_persistent_volumes, "oo_persistent_volume_claims": self.oo_persistent_volume_claims, + "oo_31_rpm_rename_conversion": self.oo_31_rpm_rename_conversion, } diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index 7f4a1a9d2..915a82579 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -98,8 +98,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Set cockpit plugins #osm_cockpit_plugins=['cockpit-kubernetes'] -# Native high availbility cluster method with optional load balancer. -# If no lb group is defined installer assumes that a load balancer has +# Native high availability cluster method with optional load balancer. +# If no lb group is defined, the installer assumes that a load balancer has # been preconfigured. For installation the value of # openshift_master_cluster_hostname must resolve to the load balancer # or to one or all of the masters defined in the inventory if no load @@ -247,7 +247,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # openshift-ansible will wait indefinitely for your input when it detects that the # value of openshift_hostname resolves to an IP address not bound to any local # interfaces. This mis-configuration is problematic for any pod leveraging host -# networking and liveness or readiness probes. +# networking and liveness or readiness probes. # Setting this variable to true will override that check. #openshift_override_hostname_check=true diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index aae987796..4fe514d97 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -103,8 +103,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Set cockpit plugins #osm_cockpit_plugins=['cockpit-kubernetes'] -# Native high availbility cluster method with optional load balancer. -# If no lb group is defined installer assumes that a load balancer has +# Native high availability cluster method with optional load balancer. +# If no lb group is defined, the installer assumes that a load balancer has # been preconfigured. For installation the value of # openshift_master_cluster_hostname must resolve to the load balancer # or to one or all of the masters defined in the inventory if no load @@ -252,7 +252,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # openshift-ansible will wait indefinitely for your input when it detects that the # value of openshift_hostname resolves to an IP address not bound to any local # interfaces. This mis-configuration is problematic for any pod leveraging host -# networking and liveness or readiness probes. +# networking and liveness or readiness probes. # Setting this variable to true will override that check. #openshift_override_hostname_check=true diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index f017f9a6e..26caba36a 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -98,8 +98,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Set cockpit plugins #osm_cockpit_plugins=['cockpit-kubernetes'] -# Native high availbility cluster method with optional load balancer. -# If no lb group is defined installer assumes that a load balancer has +# Native high availability cluster method with optional load balancer. +# If no lb group is defined, the installer assumes that a load balancer has # been preconfigured. For installation the value of # openshift_master_cluster_hostname must resolve to the load balancer # or to one or all of the masters defined in the inventory if no load @@ -247,7 +247,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # openshift-ansible will wait indefinitely for your input when it detects that the # value of openshift_hostname resolves to an IP address not bound to any local # interfaces. This mis-configuration is problematic for any pod leveraging host -# networking and liveness or readiness probes. +# networking and liveness or readiness probes. # Setting this variable to true will override that check. #openshift_override_hostname_check=true diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 218c714f5..b6efaafdb 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.38 +Version: 3.0.39 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -259,6 +259,32 @@ Atomic OpenShift Utilities includes %changelog +* Tue Feb 09 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.39-1 +- Bug 1304150 - Can't upgrade atomic-openshift to specified version + (bleanhar@redhat.com) +- Mask master service when using native ha (jdetiber@redhat.com) +- aoi: Safer check for master_routingconfig_subdomain (smunilla@redhat.com) +- Add a DNS server on OpenStack clusters (lhuard@amadeus.com) +- renamed /etc/openshift to /etc/origin (sten@redhat.com) +- gitignore : .tag* (atom editor tag files) (sdodson@redhat.com) +- Add an early check to ensure that node names resolve to an interface on the + host (sdodson@redhat.com) +- Allow compression option to be set to empty for non compressed QCow images + Support tgz and gzip compressed images (akram@free.fr) +- Replace status_changed bool (abutcher@redhat.com) +- Improve docs and consistency of setting the ssh_user (jdetiber@redhat.com) +- remove outdated comments (jdetiber@redhat.com) +- add etcd hosts for gce playbooks (jdetiber@redhat.com) +- GCE cloud provider updates (jdetiber@redhat.com) +- Remove extra nfs configuration. (abutcher@redhat.com) +- Do not apply the etcd_certificates role during node playbook. + (abutcher@redhat.com) +- Add g_new_node_hosts to cluster_hosts. (abutcher@redhat.com) +- Updating examples to use /etc/origin/master/htpasswd (jstuever@redhat.com) +- Refactor registry storage options. (abutcher@redhat.com) +- Additional overrides for cloud provider playbooks (jdetiber@redhat.com) +- Bring first etcd server up before others. (dgoodwin@redhat.com) + * Tue Feb 02 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.38-1 - aoi: Ask for osm_default_subdomain in interactive mode (smunilla@redhat.com) - add item to hold number of stray OVS rules found/removed (jdiaz@redhat.com) diff --git a/playbooks/adhoc/create_pv/create_pv.yaml b/playbooks/adhoc/create_pv/create_pv.yaml index 347d9f574..81c1ee653 100644 --- a/playbooks/adhoc/create_pv/create_pv.yaml +++ b/playbooks/adhoc/create_pv/create_pv.yaml @@ -150,7 +150,7 @@ # We have to use the shell module because we can't set env vars with the command module. - name: "Place PV into oc" - shell: "KUBECONFIG=/etc/openshift/master/admin.kubeconfig oc create -f {{ pv_template | quote }}" + shell: "KUBECONFIG=/etc/origin/master/admin.kubeconfig oc create -f {{ pv_template | quote }}" register: oc_output - debug: var=oc_output diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 8ec379109..55c36810f 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -229,12 +229,19 @@ hosts: oo_masters_to_config vars: openshift_version: "{{ openshift_pkg_version | default('') }}" + roles: + - openshift_facts tasks: - name: Upgrade to latest available kernel action: "{{ ansible_pkg_mgr}} name=kernel state=latest" - name: Upgrade master packages command: "{{ ansible_pkg_mgr}} update -y {{ openshift.common.service_type }}-master{{ openshift_version }}" + when: openshift_pkg_version is not defined + + - name: Upgrade packages + command: "{{ ansible_pkg_mgr}} install -y {{ openshift.common.installed_variant_rpms | oo_31_rpm_rename_conversion(openshift_version) | join (' ')}}" + when: openshift_pkg_version is defined and deployment_type == 'openshift-enterprise' - name: Ensure python-yaml present for config upgrade action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" @@ -415,6 +422,11 @@ tasks: - name: Upgrade node packages command: "{{ ansible_pkg_mgr }} update -y {{ openshift.common.service_type }}-node{{ openshift_version }}" + when: openshift_pkg_version is not defined + + - name: Upgrade packages + command: "{{ ansible_pkg_mgr}} install -y {{ openshift.common.installed_variant_rpms | oo_31_rpm_rename_conversion(openshift_version) | join (' ')}}" + when: openshift_pkg_version is defined and deployment_type == 'openshift-enterprise' - name: Restart node service service: name="{{ openshift.common.service_type }}-node" state=restarted diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml index ff1cedc94..ebe9f0ad9 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml @@ -13,16 +13,28 @@ get_url: url: '{{ image_url }}' sha256sum: '{{ image_sha256 }}' - dest: '{{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}' + dest: '{{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | reject("equalto", "") | join(".") }}' when: '{{ ( lookup("oo_option", "skip_image_download") | default("no", True) | lower ) in ["false", "no"] }}' register: downloaded_image -- name: Uncompress Base Cloud image +- name: Uncompress xz compressed base cloud image command: 'unxz -kf {{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}' args: creates: '{{ os_libvirt_storage_pool_path }}/{{ image_name }}' when: image_compression in ["xz"] and downloaded_image.changed +- name: Uncompress tgz compressed base cloud image + command: 'tar zxvf {{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}' + args: + creates: '{{ os_libvirt_storage_pool_path }}/{{ image_name }}' + when: image_compression in ["tgz"] and downloaded_image.changed + +- name: Uncompress gzip compressed base cloud image + command: 'gunzip {{ os_libvirt_storage_pool_path }}/{{ [image_name, image_compression] | join(".") }}' + args: + creates: '{{ os_libvirt_storage_pool_path }}/{{ image_name }}' + when: image_compression in ["gz"] and downloaded_image.changed + - name: Create the cloud-init config drive path file: dest: '{{ os_libvirt_storage_pool_path }}/{{ item }}_configdrive/' diff --git a/playbooks/libvirt/openshift-cluster/vars.yml b/playbooks/libvirt/openshift-cluster/vars.yml index da628786b..c78b52867 100644 --- a/playbooks/libvirt/openshift-cluster/vars.yml +++ b/playbooks/libvirt/openshift-cluster/vars.yml @@ -15,6 +15,7 @@ deployment_rhel7_ent_base: default('rhel-guest-image-7.2-20151102.0.x86_64.qcow2', True) }}" sha256: "{{ lookup('oo_option', 'image_sha256') | default('25f880767ec6bf71beb532e17f1c45231640bbfdfbbb1dffb79d2c1b328388e0', True) }}" + compression: "" ssh_user: openshift sudo: yes @@ -41,3 +42,5 @@ deployment_vars: enterprise: "{{ deployment_rhel7_ent_base }}" openshift-enterprise: "{{ deployment_rhel7_ent_base }}" atomic-enterprise: "{{ deployment_rhel7_ent_base }}" + + diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml index 438d5e24f..093beaf03 100644 --- a/playbooks/openstack/openshift-cluster/config.yml +++ b/playbooks/openstack/openshift-cluster/config.yml @@ -10,7 +10,6 @@ openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" - openshift_hostname: "{{ ansible_default_ipv4.address }}" openshift_registry_selector: 'type=infra' openshift_router_selector: 'type=infra' openshift_infra_nodes: "{{ g_infra_hosts }}" diff --git a/playbooks/openstack/openshift-cluster/dns.yml b/playbooks/openstack/openshift-cluster/dns.yml new file mode 100644 index 000000000..5e7671a48 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/dns.yml @@ -0,0 +1,47 @@ +- name: Populate oo_dns_hosts_to_update group + hosts: localhost + connection: local + become: no + gather_facts: no + vars_files: + - vars.yml + - cluster_hosts.yml + tasks: + - name: Evaluate oo_dns_hosts_to_update + add_host: + name: "{{ item }}" + groups: oo_dns_hosts_to_update + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + with_items: "{{ groups[cluster_id ~ '-dns'] }}" + + - name: Evaluate oo_hosts_to_add_in_dns + add_host: + name: "{{ item }}" + groups: oo_hosts_to_add_in_dns + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + with_items: "{{ groups['tag_clusterid_' ~ cluster_id] }}" + +- name: Gather facts + hosts: oo_hosts_to_add_in_dns + vars_files: + - vars.yml + - cluster_hosts.yml + +- name: Configure the DNS + hosts: oo_dns_hosts_to_update + vars_files: + - vars.yml + - cluster_hosts.yml + roles: + - role: rhel_subscribe + when: deployment_type in ["enterprise", "atomic-enterprise", "openshift-enterprise"] and + ansible_distribution == "RedHat" and + lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | + default('no', True) | lower in ['no', 'false'] + + - { role: dns, + dns_forwarders: "{{ openstack_network_dns }}", + dns_zones: [ novalocal, openstacklocal ], + dns_all_hosts: "{{ g_all_hosts }}" } diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml index 4f6a59a30..ac1612634 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml @@ -14,10 +14,10 @@ parameters: label: Cluster ID description: Identifier of the cluster - cidr: + subnet_24_prefix: type: string - label: CIDR - description: CIDR of the network of the cluster + label: subnet /24 prefix + description: /24 subnet prefix of the network of the cluster (dot separated number triplet) dns_nameservers: type: comma_delimited_list @@ -30,12 +30,6 @@ parameters: description: Name of the external network default: external - floating_ip_pool: - type: string - label: Floating IP pool - description: Floating IP pools - default: external - ssh_public_key: type: string label: SSH public key @@ -88,6 +82,11 @@ parameters: label: Infra image description: Name of the image for the infra node servers + dns_image: + type: string + label: DNS image + description: Name of the image for the DNS server + etcd_flavor: type: string label: Etcd flavor @@ -108,6 +107,11 @@ parameters: label: Infra flavor description: Flavor of the infra node servers + dns_flavor: + type: string + label: DNS flavor + description: Flavor of the DNS server + outputs: etcd_names: @@ -158,6 +162,26 @@ outputs: description: Floating IPs of the nodes value: { get_attr: [ infra_nodes, floating_ip ] } + dns_name: + description: Name of the DNS + value: + get_attr: + - dns + - name + + dns_floating_ip: + description: Floating IP of the DNS + value: + get_attr: + - dns + - addresses + - str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: { get_param: cluster_id } + - 1 + - addr + resources: net: @@ -178,8 +202,27 @@ resources: params: cluster_id: { get_param: cluster_id } network: { get_resource: net } - cidr: { get_param: cidr } - dns_nameservers: { get_param: dns_nameservers } + cidr: + str_replace: + template: subnet_24_prefix.0/24 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } + allocation_pools: + - start: + str_replace: + template: subnet_24_prefix.3 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } + end: + str_replace: + template: subnet_24_prefix.254 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } + dns_nameservers: + - str_replace: + template: subnet_24_prefix.2 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } router: type: OS::Neutron::Router @@ -337,6 +380,44 @@ resources: port_range_min: 443 port_range_max: 443 + dns-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-dns-secgrp + params: + cluster_id: { get_param: cluster_id } + description: + str_replace: + template: Security group for cluster_id cluster DNS + params: + cluster_id: { get_param: cluster_id } + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: { get_param: ssh_incoming } + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_mode: remote_group_id + remote_group_id: { get_resource: etcd-secgrp } + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_mode: remote_group_id + remote_group_id: { get_resource: master-secgrp } + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_mode: remote_group_id + remote_group_id: { get_resource: node-secgrp } + etcd: type: OS::Heat::ResourceGroup properties: @@ -360,13 +441,14 @@ resources: subnet: { get_resource: subnet } secgrp: - { get_resource: etcd-secgrp } - floating_network: { get_param: floating_ip_pool } + floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } - depends_on: interface + depends_on: + - interface masters: type: OS::Heat::ResourceGroup @@ -391,13 +473,14 @@ resources: subnet: { get_resource: subnet } secgrp: - { get_resource: master-secgrp } - floating_network: { get_param: floating_ip_pool } + floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } - depends_on: interface + depends_on: + - interface compute_nodes: type: OS::Heat::ResourceGroup @@ -424,13 +507,14 @@ resources: subnet: { get_resource: subnet } secgrp: - { get_resource: node-secgrp } - floating_network: { get_param: floating_ip_pool } + floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } - depends_on: interface + depends_on: + - interface infra_nodes: type: OS::Heat::ResourceGroup @@ -458,10 +542,77 @@ resources: secgrp: - { get_resource: node-secgrp } - { get_resource: infra-secgrp } - floating_network: { get_param: floating_ip_pool } + floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } - depends_on: interface + depends_on: + - interface + + dns: + type: OS::Nova::Server + properties: + name: + str_replace: + template: cluster_id-dns + params: + cluster_id: { get_param: cluster_id } + key_name: { get_resource: keypair } + image: { get_param: dns_image } + flavor: { get_param: dns_flavor } + networks: + - port: { get_resource: dns-port } + user_data: { get_resource: dns-config } + user_data_format: RAW + + dns-port: + type: OS::Neutron::Port + properties: + network: { get_resource: net } + fixed_ips: + - subnet: { get_resource: subnet } + ip_address: + str_replace: + template: subnet_24_prefix.2 + params: + subnet_24_prefix: { get_param: subnet_24_prefix } + security_groups: + - { get_resource: dns-secgrp } + + dns-floating-ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: { get_param: external_net } + port_id: { get_resource: dns-port } + + dns-config: + type: OS::Heat::MultipartMime + properties: + parts: + - config: { get_file: user-data } + - config: + str_replace: + template: | + #cloud-config + write_files: + - path: /etc/sysconfig/network-scripts/ifcfg-eth0 + content: | + DEVICE="eth0" + BOOTPROTO="dhcp" + DNS1="$dns1" + DNS2="$dns2" + PEERDNS="no" + ONBOOT="yes" + runcmd: + - [ "/usr/bin/systemctl", "restart", "network" ] + params: + $dns1: + get_param: + - dns_nameservers + - 0 + $dns2: + get_param: + - dns_nameservers + - 1 diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index 76cc64a73..2187cefed 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -32,10 +32,9 @@ --timeout 3 --enable-rollback -P cluster_env={{ cluster_env }} -P cluster_id={{ cluster_id }} - -P cidr={{ openstack_network_cidr }} + -P subnet_24_prefix={{ openstack_subnet_24_prefix }} -P dns_nameservers={{ openstack_network_dns | join(",") }} -P external_net={{ openstack_network_external_net }} - -P floating_ip_pool={{ openstack_floating_ip_pool }} -P ssh_public_key="{{ openstack_ssh_public_key }}" -P ssh_incoming={{ openstack_ssh_access_from }} -P num_etcd={{ num_etcd }} @@ -46,10 +45,12 @@ -P master_image={{ deployment_vars[deployment_type].image }} -P node_image={{ deployment_vars[deployment_type].image }} -P infra_image={{ deployment_vars[deployment_type].image }} + -P dns_image={{ deployment_vars[deployment_type].image }} -P etcd_flavor={{ openstack_flavor["etcd"] }} -P master_flavor={{ openstack_flavor["master"] }} -P node_flavor={{ openstack_flavor["node"] }} -P infra_flavor={{ openstack_flavor["infra"] }} + -P dns_flavor=m1.small openshift-ansible-{{ cluster_id }}-stack' - name: Wait for OpenStack Stack readiness @@ -115,6 +116,14 @@ - parsed_outputs.infra_ips - parsed_outputs.infra_floating_ips + - name: Add DNS groups and variables + add_host: + hostname: '{{ parsed_outputs.dns_name }}' + ansible_ssh_host: '{{ parsed_outputs.dns_floating_ip }}' + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" + groups: '{{ cluster_id }}-dns' + - name: Wait for ssh wait_for: host: '{{ item }}' @@ -123,6 +132,7 @@ - parsed_outputs.master_floating_ips - parsed_outputs.node_floating_ips - parsed_outputs.infra_floating_ips + - parsed_outputs.dns_floating_ip - name: Wait for user setup command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null {{ deployment_vars[deployment_type].ssh_user }}@{{ item }} echo {{ deployment_vars[deployment_type].ssh_user }} user is setup' @@ -134,6 +144,7 @@ - parsed_outputs.master_floating_ips - parsed_outputs.node_floating_ips - parsed_outputs.infra_floating_ips + - parsed_outputs.dns_floating_ip - include: update.yml diff --git a/playbooks/openstack/openshift-cluster/update.yml b/playbooks/openstack/openshift-cluster/update.yml index 2dc540978..16027b15c 100644 --- a/playbooks/openstack/openshift-cluster/update.yml +++ b/playbooks/openstack/openshift-cluster/update.yml @@ -1,4 +1,6 @@ --- +- include: dns.yml + - name: Populate oo_hosts_to_update group hosts: localhost connection: local diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml index 76cde1706..ee26d223e 100644 --- a/playbooks/openstack/openshift-cluster/vars.yml +++ b/playbooks/openstack/openshift-cluster/vars.yml @@ -2,12 +2,10 @@ debug_level: 2 openstack_infra_heat_stack: "{{ lookup('oo_option', 'infra_heat_stack' ) | default('files/heat_stack.yaml', True) }}" -openstack_network_cidr: "{{ lookup('oo_option', 'net_cidr' ) | - default('192.168.' + ( ( 1048576 | random % 256 ) | string() ) + '.0/24', True) }}" +openstack_subnet_24_prefix: "{{ lookup('oo_option', 'subnet_24_prefix' ) | + default('192.168.' + ( ( 1048576 | random % 256 ) | string() ), True) }}" openstack_network_external_net: "{{ lookup('oo_option', 'external_net' ) | default('external', True) }}" -openstack_floating_ip_pool: "{{ lookup('oo_option', 'floating_ip_pool' ) | - default('external', True) }}" openstack_network_dns: "{{ lookup('oo_option', 'dns' ) | default('8.8.8.8,8.8.4.4', True) | oo_split() }}" openstack_ssh_public_key: "{{ lookup('file', lookup('oo_option', 'public_key') | diff --git a/roles/dns/README.md b/roles/dns/README.md new file mode 100644 index 000000000..e238fb92e --- /dev/null +++ b/roles/dns/README.md @@ -0,0 +1,43 @@ +dns +=== + +Configure a DNS server serving IPs of all the nodes of the cluster + +Requirements +------------ + +None + +Role Variables +-------------- + +| Name | Mandatory / Optional | Description | +|------|----------------------|-------------| +| `dns_zones` | Mandatory | DNS zones in which we must find the hosts | +| `dns_forwarders` | If not set, the DNS will be a recursive non-forwarding DNS server | DNS forwarders to delegate the requests for hosts outside of `dns_zones` | +| `dns_all_hosts` | Mandatory | Exhaustive list of hosts | + +Dependencies +------------ + +None + +Example Playbook +---------------- + + - hosts: dns_hosts + roles: + - role: dns + dns_forwarders: [ '8.8.8.8', '8.8.4.4' ] + dns_zones: [ novalocal, openstacklocal ] + dns_all_hosts: "{{ g_all_hosts }}" + +License +------- + +ASL 2.0 + +Author Information +------------------ + +OpenShift operations, Red Hat, Inc diff --git a/roles/dns/handlers/main.yml b/roles/dns/handlers/main.yml new file mode 100644 index 000000000..ef101785e --- /dev/null +++ b/roles/dns/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart bind + service: + name: named + state: restarted diff --git a/roles/dns/meta/main.yml b/roles/dns/meta/main.yml new file mode 100644 index 000000000..b6e9d9ad0 --- /dev/null +++ b/roles/dns/meta/main.yml @@ -0,0 +1,7 @@ +--- +galaxy_info: + author: Lénaïc Huard + description: Deploy and configure a DNS server + company: Amadeus SAS + license: ASL 2.0 +dependencies: [] diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml new file mode 100644 index 000000000..af728585d --- /dev/null +++ b/roles/dns/tasks/main.yml @@ -0,0 +1,22 @@ +- name: Install Bind + action: "{{ ansible_pkg_mgr }} name=bind" + +- name: Configure Bind + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + validate: "{{ item.validate }}" + with_items: + - src: openshift-cluster.zone + dest: /var/named/openshift-cluster.zone + validate: "named-checkzone {{ dns_zones[0] }} %s" + - src: named.conf + dest: /etc/named.conf + validate: "named-checkconf %s" + notify: restart bind + +- name: Enable Bind + service: + name: named + state: started + enabled: yes diff --git a/roles/dns/templates/named.conf b/roles/dns/templates/named.conf new file mode 100644 index 000000000..22c1ff935 --- /dev/null +++ b/roles/dns/templates/named.conf @@ -0,0 +1,23 @@ +options +{ + directory "/var/named"; + + allow-query { {{ ansible_default_ipv4.network }}/24; }; + + recursion yes; + +{% if dns_forwarders is defined %} + forwarders { + {% for dns in dns_forwarders %} + {{ dns }}; + {% endfor %} + }; +{% endif %} +}; +{% for zone in dns_zones %} + +zone "{{ zone }}" IN { + type master; + file "openshift-cluster.zone"; +}; +{% endfor %} diff --git a/roles/dns/templates/openshift-cluster.zone b/roles/dns/templates/openshift-cluster.zone new file mode 100644 index 000000000..03f5dc089 --- /dev/null +++ b/roles/dns/templates/openshift-cluster.zone @@ -0,0 +1,14 @@ +$TTL 1d +@ IN SOA {{ ansible_hostname }} openshift ( + {{ ansible_date_time.epoch }} ; Serial (To be fixed before 2039) + 12h ; Refresh + 3m ; Retry + 4w ; Expire + 3h ; TTL for negative replies + ) + + IN NS {{ ansible_hostname }} +{{ ansible_hostname }} IN A {{ ansible_default_ipv4.address }} +{% for host in dns_all_hosts %} +{{ hostvars[host].ansible_hostname }} IN A {{ hostvars[host]['ansible_default_ipv4'].address }} +{% endfor %} diff --git a/roles/openshift_cluster_metrics/tasks/main.yml b/roles/openshift_cluster_metrics/tasks/main.yml index 9b7735e54..d45f62eca 100644 --- a/roles/openshift_cluster_metrics/tasks/main.yml +++ b/roles/openshift_cluster_metrics/tasks/main.yml @@ -3,12 +3,12 @@ - name: Install cluster metrics templates copy: src: cluster-metrics - dest: /etc/openshift/ + dest: /etc/origin/ - name: Create InfluxDB Services command: > {{ openshift.common.client_binary }} create -f - /etc/openshift/cluster-metrics/influxdb.yaml + /etc/origin/cluster-metrics/influxdb.yaml register: oex_influxdb_services failed_when: "'already exists' not in oex_influxdb_services.stderr and oex_influxdb_services.rc != 0" changed_when: false @@ -16,7 +16,7 @@ - name: Create Heapster Service Account command: > {{ openshift.common.client_binary }} create -f - /etc/openshift/cluster-metrics/heapster-serviceaccount.yaml + /etc/origin/cluster-metrics/heapster-serviceaccount.yaml register: oex_heapster_serviceaccount failed_when: "'already exists' not in oex_heapster_serviceaccount.stderr and oex_heapster_serviceaccount.rc != 0" changed_when: false @@ -35,7 +35,7 @@ - name: Create Heapster Services command: > {{ openshift.common.client_binary }} create -f - /etc/openshift/cluster-metrics/heapster.yaml + /etc/origin/cluster-metrics/heapster.yaml register: oex_heapster_services failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0" changed_when: false @@ -43,7 +43,7 @@ - name: Create Grafana Services command: > {{ openshift.common.client_binary }} create -f - /etc/openshift/cluster-metrics/grafana.yaml + /etc/origin/cluster-metrics/grafana.yaml register: oex_grafana_services failed_when: "'already exists' not in oex_grafana_services.stderr and oex_grafana_services.rc != 0" changed_when: false diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 85c8abdf0..d11af307b 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1070,6 +1070,28 @@ def set_container_facts_if_unset(facts): return facts +def set_installed_variant_rpm_facts(facts): + """ Set RPM facts of installed variant + Args: + facts (dict): existing facts + Returns: + dict: the facts dict updated with installed_variant_rpms + """ + installed_rpms = [] + for base_rpm in ['openshift', 'atomic-openshift', 'origin']: + optional_rpms = ['master', 'node', 'clients', 'sdn-ovs'] + variant_rpms = [base_rpm] + \ + ['{0}-{1}'.format(base_rpm, r) for r in optional_rpms] + \ + ['tuned-profiles-%s-node' % base_rpm] + for rpm in variant_rpms: + exit_code, _, _ = module.run_command(['rpm', '-q', rpm]) + if exit_code == 0: + installed_rpms.append(rpm) + + facts['common']['installed_variant_rpms'] = installed_rpms + return facts + + class OpenShiftFactsInternalError(Exception): """Origin Facts Error""" @@ -1159,6 +1181,8 @@ class OpenShiftFacts(object): facts = set_aggregate_facts(facts) facts = set_etcd_facts_if_unset(facts) facts = set_container_facts_if_unset(facts) + if not facts['common']['is_containerized']: + facts = set_installed_variant_rpm_facts(facts) return dict(openshift=facts) def get_defaults(self, roles): diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index aa5e593b6..83f6f7542 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -285,6 +285,10 @@ master_service_status_changed: "{{ start_result | changed }}" when: not openshift_master_ha | bool +- name: Mask master service + command: systemctl mask {{ openshift.common.service_type }}-master + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' + - name: Start and enable master api service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 5cf4bf7af..3b584f8eb 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -1,12 +1,4 @@ --- -- name: Install iptables packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: - - iptables - - iptables-services - register: install_result - when: not openshift.common.is_atomic | bool - - name: Check if firewalld is installed command: rpm -q firewalld register: pkg_check @@ -20,6 +12,22 @@ enabled: no when: pkg_check.rc == 0 +# TODO: submit PR upstream to add mask/unmask to service module +- name: Mask firewalld service + command: systemctl mask firewalld + register: result + changed_when: "'firewalld' in result.stdout" + when: pkg_check.rc == 0 + ignore_errors: yes + +- name: Install iptables packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: + - iptables + - iptables-services + register: install_result + when: not openshift.common.is_atomic | bool + - name: Reload systemd units command: systemctl daemon-reload when: install_result | changed @@ -35,14 +43,6 @@ pause: seconds=10 when: result | changed -# TODO: submit PR upstream to add mask/unmask to service module -- name: Mask firewalld service - command: systemctl mask firewalld - register: result - changed_when: "'firewalld' in result.stdout" - when: pkg_check.rc == 0 - ignore_errors: yes - - name: Add iptables allow rules os_firewall_manage_iptables: name: "{{ item.service }}" diff --git a/roles/os_zabbix/vars/template_openshift_master.yml b/roles/os_zabbix/vars/template_openshift_master.yml index 9d20eb012..5aae2496a 100644 --- a/roles/os_zabbix/vars/template_openshift_master.yml +++ b/roles/os_zabbix/vars/template_openshift_master.yml @@ -2,13 +2,13 @@ g_template_openshift_master: name: Template Openshift Master zitems: - - name: create_app + - name: openshift.master.app.create applications: - Openshift Master - key: create_app + key: openshift.master.app.create - - key: openshift.master.registry.healthz - description: "Shows the health status of the cluster's docker registry" + - key: openshift.master.registry.healthy_pct + description: "Shows the percentage of healthy registries in the cluster" type: int applications: - Openshift Master @@ -288,14 +288,14 @@ g_template_openshift_master: # Put triggers that depend on other triggers here (deps must be created first) - name: 'Application creation has failed on {HOST.NAME}' - expression: '{Template Openshift Master:create_app.last(#1)}=1 and {Template Openshift Master:create_app.last(#2)}=1' + expression: '{Template Openshift Master:openshift.master.app.create.last(#1)}=1 and {Template Openshift Master:openshift.master.app.create.last(#2)}=1' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_create_app.asciidoc' dependencies: - 'Openshift Master process not running on {HOST.NAME}' priority: avg - name: 'Application creation has failed multiple times in the last hour on {HOST.NAME}' - expression: '{Template Openshift Master:create_app.sum(1h)}>3' + expression: '{Template Openshift Master:openshift.master.app.create.sum(1h)}>3' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_create_app.asciidoc' dependencies: - 'Openshift Master process not running on {HOST.NAME}' @@ -333,9 +333,16 @@ g_template_openshift_master: - 'Openshift Master process not running on {HOST.NAME}' priority: avg - - name: 'Docker Registry check failed on {HOST.NAME}' - expression: '{Template Openshift Master:openshift.master.registry.healthz.max(#2)}<1' - url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_master.asciidoc' + - name: 'One or more Docker Registries is unhealthy according to {HOST.NAME}' + expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<100 and {Template Openshift Master:openshift.master.registry.healthy_pct.max(#2)}>50' + url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc' + dependencies: + - 'Openshift Master process not running on {HOST.NAME}' + priority: avg + + - name: 'Multiple Docker Registries are unhealthy according to {HOST.NAME}' + expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<51' + url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc' dependencies: - 'Openshift Master process not running on {HOST.NAME}' priority: high diff --git a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 index ac950b4e5..453a9a3b4 100644 --- a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 +++ b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 @@ -58,10 +58,10 @@ ExecStart=/usr/bin/docker run --name {{ osohm_host_monitoring }} -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/openvswitch:/var/run/openvswitch \ {% if hostvars[inventory_hostname]['ec2_tag_host-type'] == 'master' %} - -v /etc/openshift/master/admin.kubeconfig:/etc/openshift/master/admin.kubeconfig \ - -v /etc/openshift/master/master.etcd-client.crt:/etc/openshift/master/master.etcd-client.crt \ - -v /etc/openshift/master/master.etcd-client.key:/etc/openshift/master/master.etcd-client.key \ - -v /etc/openshift/master/master-config.yaml:/etc/openshift/master/master-config.yaml \ + -v /etc/origin/master/admin.kubeconfig:/etc/origin/master/admin.kubeconfig \ + -v /etc/origin/master/master.etcd-client.crt:/etc/origin/master/master.etcd-client.crt \ + -v /etc/origin/master/master.etcd-client.key:/etc/origin/master/master.etcd-client.key \ + -v /etc/origin/master/master-config.yaml:/etc/origin/master/master-config.yaml \ {% endif %} {{ osohm_docker_registry_url }}{{ osohm_host_monitoring }} diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py index cbb6f33e1..042ce1023 100644 --- a/utils/src/ooinstall/openshift_ansible.py +++ b/utils/src/ooinstall/openshift_ansible.py @@ -114,7 +114,7 @@ def write_inventory_vars(base_inventory, multiple_masters, proxy): base_inventory.write('openshift_master_cluster_method=native\n') base_inventory.write("openshift_master_cluster_hostname={}\n".format(proxy.hostname)) base_inventory.write("openshift_master_cluster_public_hostname={}\n".format(proxy.public_hostname)) - if CFG.settings['master_routingconfig_subdomain']: + if CFG.settings.get('master_routingconfig_subdomain', False): base_inventory.write("osm_default_subdomain={}\n".format(CFG.settings['master_routingconfig_subdomain'])) |