diff options
| -rw-r--r-- | playbooks/common/openshift-cluster/initialize_facts.yml | 1 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh | 10 | ||||
| -rw-r--r-- | playbooks/common/openshift-etcd/config.yml | 1 | ||||
| -rw-r--r-- | roles/docker/vars/main.yml | 1 | ||||
| -rw-r--r-- | roles/openshift_docker_facts/vars/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_examples/tasks/main.yml | 43 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/storage_plugins/nfs.yml | 7 | ||||
| -rwxr-xr-x | roles/os_firewall/library/os_firewall_manage_iptables.py | 10 |
8 files changed, 25 insertions, 50 deletions
diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml index cda490b1f..37f523246 100644 --- a/playbooks/common/openshift-cluster/initialize_facts.yml +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -1,6 +1,7 @@ --- - name: Initialize host facts hosts: oo_all_hosts + any_errors_fatal: true roles: - openshift_facts tasks: diff --git a/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh index a2a9579b5..8d7543f3c 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh @@ -1,7 +1,11 @@ #!/bin/bash - -installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | sort -r | tr '\n' ' ') -available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ') +if [ `which dnf 2> /dev/null` ]; then + installed=$(dnf repoquery --installed --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null) + installed=$(dnf repoquery --available --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null) +else + installed=$(repoquery --plugins --pkgnarrow=installed --qf '%{version}-%{release}' "${@}" 2> /dev/null) + available=$(repoquery --plugins --pkgnarrow=available --qf '%{version}-%{release}' "${@}" 2> /dev/null) +fi echo "---" echo "curr_version: ${installed}" diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 6cb3a954f..a95de8cf3 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -1,6 +1,7 @@ --- - name: Set etcd facts needed for generating certs hosts: oo_etcd_to_config + any_errors_fatal: true roles: - openshift_facts tasks: diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml index 606cdb9b9..f81f99e2b 100644 --- a/roles/docker/vars/main.yml +++ b/roles/docker/vars/main.yml @@ -1,3 +1,2 @@ --- -repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" udevw_udevd_dir: /etc/systemd/system/systemd-udevd.service.d diff --git a/roles/openshift_docker_facts/vars/main.yml b/roles/openshift_docker_facts/vars/main.yml index f7ad1b329..55c04b0c1 100644 --- a/roles/openshift_docker_facts/vars/main.yml +++ b/roles/openshift_docker_facts/vars/main.yml @@ -1,2 +1,2 @@ --- -repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" +repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index e9966d735..fb10188f2 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -1,46 +1,9 @@ --- -###################################################################### -# Copying Examples -# -# We used to use the copy module to transfer the openshift examples to -# the remote. Then it started taking more than a minute to transfer -# the files. As noted in the module: -# -# "The 'copy' module recursively copy facility does not scale to -# lots (>hundreds) of files." -# -# The `synchronize` module is suggested as an alternative, we can't -# use it either due to changes introduced in Ansible 2.x. -- name: Create local temp dir for OpenShift examples copy - local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX - become: False - register: copy_examples_mktemp - run_once: True - -- name: Create tar of OpenShift examples - local_action: command tar -C "{{ role_path }}/files/examples/{{ content_version }}/" -cvf "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar" . - become: False - register: copy_examples_tar - -- name: Create the remote OpenShift examples directory - file: - dest: "{{ examples_base }}" - state: directory - mode: 0755 - -- name: Unarchive the OpenShift examples on the remote - unarchive: - src: "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar" +- name: Copy openshift examples + copy: + src: "examples/{{ content_version }}/" dest: "{{ examples_base }}/" -- name: Cleanup the OpenShift Examples temp dir - become: False - local_action: file dest="{{ copy_examples_mktemp.stdout }}" state=absent - -# Done copying examples -###################################################################### -# Begin image streams - - name: Modify registry paths if registry_url is not registry.access.redhat.com shell: > find {{ examples_base }} -type f | xargs -n 1 sed -i 's|registry.access.redhat.com|{{ registry_host | quote }}|g' diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 14a613786..8380714d4 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -9,3 +9,10 @@ state: yes persistent: yes when: ansible_selinux and ansible_selinux.status == "enabled" + +- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) + seboolean: + name: virt_sandbox_use_nfs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" diff --git a/roles/os_firewall/library/os_firewall_manage_iptables.py b/roles/os_firewall/library/os_firewall_manage_iptables.py index 1cb539a8c..190016c14 100755 --- a/roles/os_firewall/library/os_firewall_manage_iptables.py +++ b/roles/os_firewall/library/os_firewall_manage_iptables.py @@ -37,14 +37,14 @@ class IpTablesSaveError(IpTablesError): class IpTablesCreateChainError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateChainError, self).__init__(msg, cmd, exit_code, output) self.chain = chain class IpTablesCreateJumpRuleError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateJumpRuleError, self).__init__(msg, cmd, exit_code, output) self.chain = chain @@ -152,11 +152,11 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes continue last_rule_target = rule[1] - # Naively assume that if the last row is a REJECT rule, then - # we can add insert our rule right before it, otherwise we + # Naively assume that if the last row is a REJECT or DROP rule, + # then we can insert our rule right before it, otherwise we # assume that we can just append the rule. if (last_rule_num and last_rule_target - and last_rule_target == 'REJECT'): + and last_rule_target in ['REJECT', 'DROP']): # insert rule cmd = self.cmd + ['-I', self.jump_rule_chain, str(last_rule_num)] |