diff options
| -rw-r--r-- | .tito/packages/openshift-ansible | 2 | ||||
| -rw-r--r-- | filter_plugins/openshift_master.py | 16 | ||||
| -rw-r--r-- | openshift-ansible.spec | 36 | ||||
| -rw-r--r-- | playbooks/adhoc/uninstall.yml | 8 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh | 2 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_docker_facts/tasks/main.yml | 4 | ||||
| -rw-r--r-- | roles/openshift_facts/tasks/main.yml | 4 | ||||
| -rw-r--r-- | roles/openshift_master/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/main.yml | 10 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/systemd_units.yml | 7 | ||||
| -rw-r--r-- | roles/openshift_node/templates/openshift.docker.node.dep.service | 11 | ||||
| -rw-r--r-- | roles/openshift_node/templates/openshift.docker.node.service | 5 | ||||
| -rwxr-xr-x | roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh | 3 | ||||
| -rw-r--r-- | roles/rhel_subscribe/tasks/enterprise.yml | 2 |
15 files changed, 91 insertions, 23 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 08d0c6d0a..91bbb3b6b 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.90-1 ./ +3.0.91-1 ./ diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index bb2f5ba7a..bb79b27d1 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -9,6 +9,7 @@ import sys import yaml from ansible import errors +from distutils.version import LooseVersion # pylint: disable=no-name-in-module,import-error try: @@ -77,10 +78,19 @@ class IdentityProviderBase(object): self._allow_additional = True @staticmethod - def validate_idp_list(idp_list): + def validate_idp_list(idp_list, openshift_version, deployment_type): ''' validates a list of idps ''' login_providers = [x.name for x in idp_list if x.login] + + multiple_logins_unsupported = False if len(login_providers) > 1: + if deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise']: + if LooseVersion(openshift_version) < LooseVersion('3.2'): + multiple_logins_unsupported = True + if deployment_type in ['origin']: + if LooseVersion(openshift_version) < LooseVersion('1.2'): + multiple_logins_unsupported = True + if multiple_logins_unsupported: raise errors.AnsibleFilterError("|failed multiple providers are " "not allowed for login. login " "providers: {0}".format(', '.join(login_providers))) @@ -461,7 +471,7 @@ class FilterModule(object): ''' Custom ansible filters for use by the openshift_master role''' @staticmethod - def translate_idps(idps, api_version): + def translate_idps(idps, api_version, openshift_version, deployment_type): ''' Translates a list of dictionaries into a valid identityProviders config ''' idp_list = [] @@ -478,7 +488,7 @@ class FilterModule(object): idp_list.append(idp_inst) - IdentityProviderBase.validate_idp_list(idp_list) + IdentityProviderBase.validate_idp_list(idp_list, openshift_version, deployment_type) return yaml.safe_dump([idp.to_dict() for idp in idp_list], default_flow_style=False) @staticmethod diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 8cf0a2059..6eceefbd4 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.90 +Version: 3.0.91 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -205,6 +205,40 @@ Atomic OpenShift Utilities includes %changelog +* Tue May 24 2016 Troy Dawson <tdawson@redhat.com> 3.0.91-1 +- Removed the echo line and replaced it with inline comment. To keep 99-origin- + dns.sh from adding a new line in /etc/resolv.conf everytime the + NetworkManager dispatcher script is executed. (jnordell@redhat.com) +- Extend multiple login provider check to include origin. (abutcher@redhat.com) +- Allow multiple login providers post 3.2. (abutcher@redhat.com) +- Make rhel_subscribe role able to subscribe for OSE 3.2 (lhuard@amadeus.com) +- Ensure yum-utils installed. (abutcher@redhat.com) +- Remove newline from docker_options template string. (abutcher@redhat.com) +- Use systemctl restart docker instead of ansible service. + (dgoodwin@redhat.com) +- Use cluster hostname while generating certificate on the master nodes + (vishal.patil@nuagenetworks.net) +- Fix playbooks/openshift-master/library move to symlink (sdodson@redhat.com) +- Task "Update router image to current version" failed, if router not in + default namespace (jkroepke@users.noreply.github.com) +- docker-current was missing from the containerized atomic-openshift- + node.service file (maci.stgn@gmail.com) +- fixed issue with blank spaces instead commas as variables template separators + (j.david.nieto@gmail.com) +- Refactor where we compute no_proxy hostnames (sdodson@redhat.com) +- Fix for ansible v2 (sdodson@redhat.com) +- Fix rhel_subscribe (sdodson@redhat.com) +- remove interpolated g_all_hosts with_items arg from upgrade playbooks + (cboggs@rallydev.com) +- Set openshift.common.hostname early in playbook execution. + (abutcher@redhat.com) +- Fix 'recursive loop detected in template string' for upgrading variable. + (abutcher@redhat.com) +- a-o-i: No proxy questions for 3.0/3.1 (smunilla@redhat.com) +- Fix minor upgrades in 3.1 (sdodson@redhat.com) +- Don't pull cli image when we're not containerized (sdodson@redhat.com) +- Check consumed pools prior to attaching. (abutcher@redhat.com) + * Mon May 16 2016 Troy Dawson <tdawson@redhat.com> 3.0.90-1 - Fixes for openshift_docker_hosted_registry_insecure var. (dgoodwin@redhat.com) diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index a407e326b..6b1f2f6dd 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -173,12 +173,12 @@ changed_when: False failed_when: False with_items: "{{ images_to_delete.results }}" - + - name: Remove sdn drop files - file: + file: path: /run/openshift-sdn state: absent - + - name: restart docker service: name: docker @@ -199,6 +199,7 @@ - /etc/systemd/system/atomic-openshift-master-api.service - /etc/systemd/system/atomic-openshift-master-controllers.service - /etc/systemd/system/atomic-openshift-node.service + - /etc/systemd/system/atomic-openshift-node-dep.service - /etc/systemd/system/etcd_container.service - /etc/systemd/system/openvswitch.service - /etc/sysconfig/atomic-enterprise-master @@ -211,6 +212,7 @@ - /etc/sysconfig/atomic-openshift-node - /etc/sysconfig/openshift-master - /etc/sysconfig/openshift-node + - /etc/sysconfig/openshift-node - /etc/sysconfig/openvswitch - /etc/sysconfig/origin-master - /etc/sysconfig/origin-master-api diff --git a/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh index 96944a78b..9bbeff660 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh @@ -2,7 +2,7 @@ # Here we don't really care if this is a master, api, controller or node image. # We just need to know the version of one of them. -unit_file=$(ls /etc/systemd/system/${1}*.service | head -n1) +unit_file=$(ls /etc/systemd/system/${1}*.service | grep -v node-dep | head -n1) if [ ${1} == "origin" ]; then image_name="openshift/origin" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml index 3f4a0b280..31e76805c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml @@ -52,7 +52,7 @@ - name: Update registry image to current version when: _default_registry.rc == 0 command: > - {{ oc_cmd }} patch dc/docker-registry -p -n default + {{ oc_cmd }} patch dc/docker-registry -n default -p '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' --api-version=v1 diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index 0e51fd16f..43359dcb5 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -32,9 +32,7 @@ docker_no_proxy: "{{ openshift.common.no_proxy | default(omit) }}" - set_fact: - docker_options: > - --insecure-registry={{ openshift.docker.hosted_registry_network }} - {{ openshift.docker.options | default ('') }} + docker_options: "--insecure-registry={{ openshift.docker.hosted_registry_network }} {{ openshift.docker.options | default ('') }}" when: openshift.docker.hosted_registry_insecure | default(False) | bool and openshift.docker.hosted_registry_network is defined - set_fact: diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index f092f021f..ca1a9b1e4 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -19,6 +19,10 @@ action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" when: not l_is_atomic | bool +- name: Ensure yum-utils is installed + action: "{{ ansible_pkg_mgr }} name=yum-utils state=present" + when: not l_is_atomic | bool + - name: Gather Cluster facts and set is_containerized if needed openshift_facts: role: common diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index fe0784ea2..63a54a0d9 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -139,7 +139,7 @@ - restart master api - set_fact: - translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1') }}" + translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1', openshift.common.version, openshift.common.deployment_type) }}" # TODO: add the validate parameter when there is a validation command to run - name: Create master config diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index be70a170d..e8bd13855 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -52,8 +52,9 @@ - name: Reload systemd units command: systemctl daemon-reload - when: openshift.common.is_containerized | bool and ( ( install_node_result | changed ) - or ( install_ovs_sysconfig | changed ) ) + when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed) + notify: + - restart node - name: Start and enable openvswitch docker service service: name=openvswitch.service enabled=yes state=started @@ -113,16 +114,15 @@ service: name={{ openshift.common.service_type }}-node enabled=yes state=started register: node_start_result ignore_errors: yes - + - name: Check logs on failure command: journalctl -xe register: node_failure when: node_start_result | failed - + - name: Dump failure information debug: var=node_failure when: node_start_result | failed - - set_fact: node_service_status_changed: "{{ node_start_result | changed }}" diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index f3262803a..e2a268260 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -1,6 +1,13 @@ # This file is included both in the openshift_master role and in the upgrade # playbooks. +- name: Install Node dependencies docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node-dep.service" + src: openshift.docker.node.dep.service + register: install_node_dep_result + when: openshift.common.is_containerized | bool + - name: Install Node docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service new file mode 100644 index 000000000..f66a78479 --- /dev/null +++ b/roles/openshift_node/templates/openshift.docker.node.dep.service @@ -0,0 +1,11 @@ +[Unit] +Requires=docker.service +After=docker.service +PartOf={{ openshift.common.service_type }}-node.service +Before={{ openshift.common.service_type }}-node.service + + +[Service] +ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" +ExecStop= +SyslogIdentifier={{ openshift.common.service_type }}-node-dep diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index cb0043667..443e18498 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -8,11 +8,14 @@ Requires=docker.service Requires=openvswitch.service {% endif %} Wants={{ openshift.common.service_type }}-master.service +Requires={{ openshift.common.service_type }}-node-dep.service +After={{ openshift.common.service_type }}-node-dep.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node -ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /usr/bin/docker-current:/usr/bin/docker-current:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev {{ openshift.node.node_image }}:${IMAGE_VERSION} +ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node SyslogIdentifier={{ openshift.common.service_type }}-node diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index 09bae1777..0d7941e4c 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -51,7 +51,6 @@ EOF done systemctl restart dnsmasq - sed -i 's/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf - echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> /etc/resolv.conf + sed -i 's/^nameserver.*$/nameserver '"${def_route_ip}"' # updated by \/etc\/NetworkManager\/dispatcher.d\/99-origin-dns.sh/g' /etc/resolv.conf fi fi diff --git a/roles/rhel_subscribe/tasks/enterprise.yml b/roles/rhel_subscribe/tasks/enterprise.yml index 08540f440..c4aa7db6a 100644 --- a/roles/rhel_subscribe/tasks/enterprise.yml +++ b/roles/rhel_subscribe/tasks/enterprise.yml @@ -16,7 +16,7 @@ - fail: msg: "{{ ose_version }} is not a valid version for {{ deployment_type }} deployment type" when: ( deployment_type == 'enterprise' and ose_version not in ['3.0'] ) or - ( deployment_type in ['atomic-enterprise', 'openshift-enterprise'] and ose_version not in ['3.1'] ) + ( deployment_type in ['atomic-enterprise', 'openshift-enterprise'] and ose_version not in ['3.1', '3.2'] ) - name: Enable RHEL repositories command: subscription-manager repos \ |