diff options
49 files changed, 208 insertions, 377 deletions
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index cdfd93725..2a4f80a36 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,16 +1,3 @@ -### <HTPASSWD_AUTH> - -We are aware of the current issues related to htpasswd_auth failures -Please downgrade to ansible 2.2.0.0 until a fix is released. -You can track the status of the bug fix in this issue: -https://github.com/openshift/openshift-ansible/issues/3111 -Please erase this <HTPASSWD_AUTH> section if it does not apply to you. - -Thanks - 2017-01-31 - -### </HTPASSWD_AUTH> - - #### Description Provide a brief description of your issue here. For example: diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 13ff44567..030cb2838 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.6.22-1 ./ +3.6.23-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 166d21918..e5cef6ec1 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -9,7 +9,7 @@ %global __requires_exclude ^/usr/bin/ansible-playbook$ Name: openshift-ansible -Version: 3.6.22 +Version: 3.6.23 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -270,6 +270,22 @@ Atomic OpenShift Utilities includes %changelog +* Thu Apr 13 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.23-1 +- Refactor initialize groups tasks (rteague@redhat.com) +- tox tests: pin test requirement versions (lmeyer@redhat.com) +- skip PackageAvailability check if not yum (jvallejo@redhat.com) +- Document service_type for openshift-enterprise (rhcarvalho@gmail.com) +- Remove references to outdated deployment_type (rhcarvalho@gmail.com) +- Update deployment_type documentation (rhcarvalho@gmail.com) +- Document merge time trends page (rhcarvalho@gmail.com) +- Remove outdated documentation (rhcarvalho@gmail.com) +- Remove outdated build instructions (rhcarvalho@gmail.com) +- openshift_sanitize_inventory: disallow conflicting deployment types + (lmeyer@redhat.com) +- Refactor docker upgrade playbooks (rteague@redhat.com) +- Changed Hawkular Metrics secrets to use a format similar to the one + automatically generated by OpenShift (juraci@kroehling.de) + * Wed Apr 12 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.22-1 - Fixed spelling mistake. (kwoodson@redhat.com) - Remove unnecessary folder refs (rteague@redhat.com) diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index 4db0720d0..acf5469bf 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -1,4 +1,8 @@ --- +- include: initialize_groups.yml + tags: + - always + - include: ../../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml index 32f9ebfd3..9ce8f0d3c 100644 --- a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml +++ b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml @@ -1,26 +1,4 @@ --- -- name: Create initial host groups for localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml - - name: Evaluate group l_oo_all_hosts - add_host: - name: "{{ item }}" - groups: l_oo_all_hosts - with_items: "{{ g_all_hosts | default([]) }}" - changed_when: False - -- name: Create initial host groups for all hosts - hosts: l_oo_all_hosts - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml +- include: initialize_groups.yml - include: ../../common/openshift-cluster/enable_dnsmasq.yml diff --git a/playbooks/byo/openshift-cluster/initialize_groups.yml b/playbooks/byo/openshift-cluster/initialize_groups.yml new file mode 100644 index 000000000..2785dcc3b --- /dev/null +++ b/playbooks/byo/openshift-cluster/initialize_groups.yml @@ -0,0 +1,24 @@ +--- +- name: Create initial host groups for localhost + hosts: localhost + connection: local + become: no + gather_facts: no + tags: + - always + tasks: + - include_vars: cluster_hosts.yml + - name: Evaluate group l_oo_all_hosts + add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: "{{ g_all_hosts | default([]) }}" + changed_when: no + +- name: Create initial host groups for all hosts + hosts: l_oo_all_hosts + gather_facts: no + tags: + - always + tasks: + - include_vars: cluster_hosts.yml diff --git a/playbooks/byo/openshift-cluster/openshift-logging.yml b/playbooks/byo/openshift-cluster/openshift-logging.yml index f8eebe898..76f165c6d 100644 --- a/playbooks/byo/openshift-cluster/openshift-logging.yml +++ b/playbooks/byo/openshift-cluster/openshift-logging.yml @@ -4,29 +4,7 @@ # Hosted logging on. See inventory/byo/hosts.*.example for the # currently supported method. # -- name: Create initial host groups for localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml - - name: Evaluate group l_oo_all_hosts - add_host: - name: "{{ item }}" - groups: l_oo_all_hosts - with_items: "{{ g_all_hosts | default([]) }}" - changed_when: False - -- name: Create initial host groups for all hosts - hosts: l_oo_all_hosts - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml +- include: initialize_groups.yml - include: ../../common/openshift-cluster/openshift_logging.yml vars: diff --git a/playbooks/byo/openshift-cluster/redeploy-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-certificates.yml index ad24b9ad0..012ce69ec 100644 --- a/playbooks/byo/openshift-cluster/redeploy-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-certificates.yml @@ -1,4 +1,8 @@ --- +- include: initialize_groups.yml + tags: + - always + - include: ../../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml index ee49364fa..8516baee8 100644 --- a/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml @@ -1,4 +1,8 @@ --- +- include: initialize_groups.yml + tags: + - always + - include: ../../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml index 9c8248c4e..566e8b261 100644 --- a/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml @@ -1,4 +1,8 @@ --- +- include: initialize_groups.yml + tags: + - always + - include: ../../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml index 1695111d0..42777e5e6 100644 --- a/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml @@ -1,4 +1,8 @@ --- +- include: initialize_groups.yml + tags: + - always + - include: ../../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml b/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml index e44e95467..3b33e0d6f 100644 --- a/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml +++ b/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml @@ -1,4 +1,8 @@ --- +- include: initialize_groups.yml + tags: + - always + - include: ../../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml index 53ee68db9..30feabab3 100644 --- a/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml @@ -1,4 +1,8 @@ --- +- include: initialize_groups.yml + tags: + - always + - include: ../../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml index f8c267569..2630fb234 100644 --- a/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml @@ -1,4 +1,8 @@ --- +- include: initialize_groups.yml + tags: + - always + - include: ../../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml index 5c1c29395..7f31e26e1 100644 --- a/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml @@ -1,27 +1,5 @@ --- # Playbook to upgrade Docker to the max allowable version for an OpenShift cluster. -- name: Create initial host groups for localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../cluster_hosts.yml - - name: Evaluate group l_oo_all_hosts - add_host: - name: "{{ item }}" - groups: l_oo_all_hosts - with_items: "{{ g_all_hosts | default([]) }}" - changed_when: False - -- name: Create initial host groups for all hosts - hosts: l_oo_all_hosts - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../cluster_hosts.yml +- include: ../../initialize_groups.yml - include: ../../../../common/openshift-cluster/upgrades/docker/docker_upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml b/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml index 106dcc12d..8005a17a3 100644 --- a/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml +++ b/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml @@ -1,26 +1,4 @@ --- -- name: Create initial host groups for localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tags: - - always - tasks: - - include_vars: ../cluster_hosts.yml - - name: Evaluate group l_oo_all_hosts - add_host: - name: "{{ item }}" - groups: l_oo_all_hosts - with_items: "{{ g_all_hosts | default([]) }}" - changed_when: False - -- name: Create initial host groups for all hosts - hosts: l_oo_all_hosts - gather_facts: no - tags: - - always - tasks: - - include_vars: ../cluster_hosts.yml +- include: ../initialize_groups.yml - include: ../../../common/openshift-cluster/upgrades/etcd/main.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml index d268850d8..690b663f4 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml @@ -2,6 +2,8 @@ # # Full Control Plane + Nodes Upgrade # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml index d11e51640..fca2c04f3 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml @@ -11,6 +11,8 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml index 5a0f143ac..d171ac3cd 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml @@ -4,6 +4,8 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml index 25d8cd2ba..217163802 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml @@ -2,6 +2,8 @@ # # Full Control Plane + Nodes Upgrade # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml index d52f3c111..d21c195bf 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml @@ -11,6 +11,8 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml index 07c734a40..7bb66611c 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml @@ -4,6 +4,8 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml index 86f5a36ca..f0900e04e 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml @@ -2,6 +2,8 @@ # # Full Control Plane + Nodes Upgrade # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml index a2f1cd2b1..e8d834a04 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml @@ -11,6 +11,8 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml index f858de3d5..c2a4debc8 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml @@ -4,6 +4,8 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml index 900bbc8d8..763e79e01 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -2,6 +2,8 @@ # # Full Control Plane + Nodes Upgrade # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 5bd0f7ac5..7a1377be2 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -11,6 +11,8 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml index 96d89dbdd..065746493 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml @@ -4,6 +4,8 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # +- include: ../../initialize_groups.yml + - include: ../../../../common/openshift-cluster/upgrades/init.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-etcd/restart.yml b/playbooks/byo/openshift-etcd/restart.yml index 19403116d..d43533641 100644 --- a/playbooks/byo/openshift-etcd/restart.yml +++ b/playbooks/byo/openshift-etcd/restart.yml @@ -1,4 +1,8 @@ --- +- include: ../openshift-cluster/initialize_groups.yml + tags: + - always + - include: ../../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/openshift-master/restart.yml b/playbooks/byo/openshift-master/restart.yml index 21e4cff1b..7988863f3 100644 --- a/playbooks/byo/openshift-master/restart.yml +++ b/playbooks/byo/openshift-master/restart.yml @@ -1,4 +1,8 @@ --- +- include: ../openshift-cluster/initialize_groups.yml + tags: + - always + - include: ../../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/openshift-master/scaleup.yml b/playbooks/byo/openshift-master/scaleup.yml index a5705e990..8aa07a664 100644 --- a/playbooks/byo/openshift-master/scaleup.yml +++ b/playbooks/byo/openshift-master/scaleup.yml @@ -1,27 +1,5 @@ --- -- name: Create initial host groups for localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml - - name: Evaluate group l_oo_all_hosts - add_host: - name: "{{ item }}" - groups: l_oo_all_hosts - with_items: "{{ g_all_hosts | default([]) }}" - changed_when: False - -- name: Create initial host groups for all hosts - hosts: l_oo_all_hosts - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml +- include: ../openshift-cluster/initialize_groups.yml - include: ../../common/openshift-master/scaleup.yml vars: diff --git a/playbooks/byo/openshift-node/restart.yml b/playbooks/byo/openshift-node/restart.yml index 6861625b9..92665d71d 100644 --- a/playbooks/byo/openshift-node/restart.yml +++ b/playbooks/byo/openshift-node/restart.yml @@ -1,4 +1,8 @@ --- +- include: ../openshift-cluster/initialize_groups.yml + tags: + - always + - include: ../../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml index 88d236b53..c6965fd6f 100644 --- a/playbooks/byo/openshift-node/scaleup.yml +++ b/playbooks/byo/openshift-node/scaleup.yml @@ -1,27 +1,5 @@ --- -- name: Create initial host groups for localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml - - name: Evaluate group l_oo_all_hosts - add_host: - name: "{{ item }}" - groups: l_oo_all_hosts - with_items: "{{ g_all_hosts | default([]) }}" - changed_when: False - -- name: Create initial host groups for all hosts - hosts: l_oo_all_hosts - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml +- include: ../openshift-cluster/initialize_groups.yml - include: ../../common/openshift-node/scaleup.yml vars: diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml index a21b6a0a5..3b10323d6 100644 --- a/playbooks/byo/openshift_facts.yml +++ b/playbooks/byo/openshift_facts.yml @@ -1,4 +1,8 @@ --- +- include: openshift-cluster/initialize_groups.yml + tags: + - always + - include: ../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml index 8c6d77024..777743def 100644 --- a/playbooks/byo/rhel_subscribe.yml +++ b/playbooks/byo/rhel_subscribe.yml @@ -1,4 +1,8 @@ --- +- include: openshift-cluster/initialize_groups.yml + tags: + - always + - include: ../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/common/openshift-cluster/openshift_logging.yml b/playbooks/common/openshift-cluster/openshift_logging.yml index d96a78c4c..57580406c 100644 --- a/playbooks/common/openshift-cluster/openshift_logging.yml +++ b/playbooks/common/openshift-cluster/openshift_logging.yml @@ -1,11 +1,13 @@ --- +- include: evaluate_groups.yml + - name: OpenShift Aggregated Logging hosts: oo_first_master roles: - openshift_logging - name: Update Master configs - hosts: masters:!oo_first_master + hosts: oo_masters:!oo_first_master tasks: - block: - include_role: diff --git a/playbooks/common/openshift-cluster/std_include.yml b/playbooks/common/openshift-cluster/std_include.yml index 74cc1d527..6ed31a644 100644 --- a/playbooks/common/openshift-cluster/std_include.yml +++ b/playbooks/common/openshift-cluster/std_include.yml @@ -1,28 +1,4 @@ --- -- name: Create initial host groups for localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml - - name: Evaluate group l_oo_all_hosts - add_host: - name: "{{ item }}" - groups: l_oo_all_hosts - with_items: "{{ g_all_hosts | default([]) }}" - changed_when: no - -- name: Create initial host groups for all hosts - hosts: l_oo_all_hosts - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml - - include: evaluate_groups.yml tags: - always diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml index cc1fa5a0a..cbf6d58b3 100644 --- a/playbooks/common/openshift-cluster/upgrades/init.yml +++ b/playbooks/common/openshift-cluster/upgrades/init.yml @@ -1,28 +1,4 @@ --- -- name: Create initial host groups for localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../../byo/openshift-cluster/cluster_hosts.yml - - name: Evaluate group l_oo_all_hosts - add_host: - name: "{{ item }}" - groups: l_oo_all_hosts - with_items: "{{ g_all_hosts | default([]) }}" - changed_when: False - -- name: Create initial host groups for all hosts - hosts: l_oo_all_hosts - gather_facts: no - tags: - - always - tasks: - - include_vars: ../../../byo/openshift-cluster/cluster_hosts.yml - - include: ../evaluate_groups.yml vars: # Do not allow adding hosts during upgrade. diff --git a/requirements.txt b/requirements.txt index cadbbe0f5..d00de5ed4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,5 @@ +# Versions are pinned to prevent pypi releases arbitrarily breaking +# tests with new APIs/semantics. We want to update versions deliberately. ansible==2.2.2.0 click==6.7 pyOpenSSL==16.2.0 diff --git a/roles/openshift_health_checker/openshift_checks/package_version.py b/roles/openshift_health_checker/openshift_checks/package_version.py index cca2d8b75..682f6bd40 100644 --- a/roles/openshift_health_checker/openshift_checks/package_version.py +++ b/roles/openshift_health_checker/openshift_checks/package_version.py @@ -9,6 +9,13 @@ class PackageVersion(NotContainerizedMixin, OpenShiftCheck): name = "package_version" tags = ["preflight"] + @classmethod + def is_active(cls, task_vars): + """Skip hosts that do not have package requirements.""" + group_names = get_var(task_vars, "group_names", default=[]) + master_or_node = 'masters' in group_names or 'nodes' in group_names + return super(PackageVersion, cls).is_active(task_vars) and master_or_node + def run(self, tmp, task_vars): args = { "requested_openshift_release": get_var(task_vars, "openshift_release", default=''), diff --git a/roles/openshift_health_checker/test/package_version_test.py b/roles/openshift_health_checker/test/package_version_test.py index c6889ee9b..196d9816a 100644 --- a/roles/openshift_health_checker/test/package_version_test.py +++ b/roles/openshift_health_checker/test/package_version_test.py @@ -1,3 +1,5 @@ +import pytest + from openshift_checks.package_version import PackageVersion @@ -22,3 +24,23 @@ def test_package_version(): check = PackageVersion(execute_module=execute_module) result = check.run(tmp=None, task_vars=task_vars) assert result is return_value + + +@pytest.mark.parametrize('group_names,is_containerized,is_active', [ + (['masters'], False, True), + # ensure check is skipped on containerized installs + (['masters'], True, False), + (['nodes'], False, True), + (['masters', 'nodes'], False, True), + (['masters', 'etcd'], False, True), + ([], False, False), + (['etcd'], False, False), + (['lb'], False, False), + (['nfs'], False, False), +]) +def test_package_version_skip_when_not_master_nor_node(group_names, is_containerized, is_active): + task_vars = dict( + group_names=group_names, + openshift=dict(common=dict(is_containerized=is_containerized)), + ) + assert PackageVersion.is_active(task_vars=task_vars) == is_active diff --git a/roles/openshift_metrics/files/import_jks_certs.sh b/roles/openshift_metrics/files/import_jks_certs.sh deleted file mode 100755 index f977b6dd6..000000000 --- a/roles/openshift_metrics/files/import_jks_certs.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -# -# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates -# and other contributors as indicated by the @author tags. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -set -ex - -function import_certs() { - dir=$CERT_DIR - hawkular_metrics_keystore_password=$(echo $METRICS_KEYSTORE_PASSWD | base64 --decode) - hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 --decode) - hawkular_alias=`keytool -noprompt -list -keystore $dir/hawkular-metrics.truststore -storepass ${hawkular_metrics_truststore_password} | sed -n '7~2s/,.*$//p'` - - if [ ! -f $dir/hawkular-metrics.keystore ]; then - echo "Creating the Hawkular Metrics keystore from the PEM file" - keytool -importkeystore -v \ - -srckeystore $dir/hawkular-metrics.pkcs12 \ - -destkeystore $dir/hawkular-metrics.keystore \ - -srcstoretype PKCS12 \ - -deststoretype JKS \ - -srcstorepass $hawkular_metrics_keystore_password \ - -deststorepass $hawkular_metrics_keystore_password - fi - - cert_alias_names=(ca metricca) - - for cert_alias in ${cert_alias_names[*]}; do - if [[ ! ${hawkular_alias[*]} =~ "$cert_alias" ]]; then - echo "Importing the CA Certificate with alias $cert_alias into the Hawkular Metrics Truststore" - keytool -noprompt -import -v -trustcacerts -alias $cert_alias \ - -file ${dir}/ca.crt \ - -keystore $dir/hawkular-metrics.truststore \ - -trustcacerts \ - -storepass $hawkular_metrics_truststore_password - fi - done -} - -import_certs diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index 01fc1ef64..07b7eca33 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -13,21 +13,6 @@ hostnames: hawkular-cassandra changed_when: no -- slurp: src={{ mktemp.stdout }}/hawkular-metrics-truststore.pwd - register: hawkular_truststore_password - -- stat: path="{{mktemp.stdout}}/{{item}}" - register: pwd_file_stat - with_items: - - hawkular-metrics.pwd - - hawkular-metrics.htpasswd - changed_when: no - -- set_fact: - pwd_files: "{{pwd_files | default({}) | combine ({item.item: item.stat}) }}" - with_items: "{{pwd_file_stat.results}}" - changed_when: no - - name: generate password for hawkular metrics local_action: copy dest="{{ local_tmp.stdout}}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}" with_items: @@ -47,8 +32,6 @@ - hawkular-metrics.pwd - hawkular-metrics.htpasswd -- include: import_jks_certs.yaml - - name: read files for the hawkular-metrics secret shell: > printf '%s: ' '{{ item }}' @@ -56,13 +39,11 @@ register: hawkular_secrets with_items: - ca.crt - - hawkular-metrics.crt - - hawkular-metrics.keystore - - hawkular-metrics-keystore.pwd - - hawkular-metrics.truststore - - hawkular-metrics-truststore.pwd - hawkular-metrics.pwd - hawkular-metrics.htpasswd + - hawkular-metrics.crt + - hawkular-metrics.key + - hawkular-metrics.pem - hawkular-cassandra.crt - hawkular-cassandra.key - hawkular-cassandra.pem @@ -73,42 +54,23 @@ {{ hawkular_secrets.results|map(attribute='stdout')|join(' ')|from_yaml }} -- name: generate hawkular-metrics-secrets secret template - template: - src: secret.j2 - dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_secrets.yaml" - vars: - name: hawkular-metrics-secrets - labels: - metrics-infra: hawkular-metrics - data: - hawkular-metrics.keystore: > - {{ hawkular_secrets['hawkular-metrics.keystore'] }} - hawkular-metrics.keystore.password: > - {{ hawkular_secrets['hawkular-metrics-keystore.pwd'] }} - hawkular-metrics.truststore: > - {{ hawkular_secrets['hawkular-metrics.truststore'] }} - hawkular-metrics.truststore.password: > - {{ hawkular_secrets['hawkular-metrics-truststore.pwd'] }} - hawkular-metrics.keystore.alias: "{{ 'hawkular-metrics'|b64encode }}" - hawkular-metrics.htpasswd.file: > - {{ hawkular_secrets['hawkular-metrics.htpasswd'] }} - when: name not in metrics_secrets.stdout_lines - changed_when: no - -- name: generate hawkular-metrics-certificate secret template +- name: generate hawkular-metrics-certs secret template template: src: secret.j2 - dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_certificate.yaml" + dest: "{{ mktemp.stdout }}/templates/hawkular-metrics-certs.yaml" vars: - name: hawkular-metrics-certificate + name: hawkular-metrics-certs labels: - metrics-infra: hawkular-metrics + metrics-infra: hawkular-metrics-certs + annotations: + service.alpha.openshift.io/originating-service-name: hawkular-metrics data: - hawkular-metrics.certificate: > + tls.crt: > {{ hawkular_secrets['hawkular-metrics.crt'] }} - hawkular-metrics-ca.certificate: > - {{ hawkular_secrets['ca.crt'] }} + tls.key: > + {{ hawkular_secrets['hawkular-metrics.key'] }} + tls.truststore.crt: > + {{ hawkular_secrets['hawkular-cassandra.crt'] }} when: name not in metrics_secrets.stdout_lines changed_when: no @@ -122,6 +84,7 @@ metrics-infra: hawkular-metrics data: hawkular-metrics.username: "{{ 'hawkular'|b64encode }}" + hawkular-metrics.htpasswd: "{{ hawkular_secrets['hawkular-metrics.htpasswd'] }}" hawkular-metrics.password: > {{ hawkular_secrets['hawkular-metrics.pwd'] }} when: name not in metrics_secrets.stdout_lines diff --git a/roles/openshift_metrics/tasks/import_jks_certs.yaml b/roles/openshift_metrics/tasks/import_jks_certs.yaml deleted file mode 100644 index e098145e9..000000000 --- a/roles/openshift_metrics/tasks/import_jks_certs.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- stat: path="{{mktemp.stdout}}/hawkular-metrics.keystore" - register: metrics_keystore - check_mode: no - -- stat: path="{{mktemp.stdout}}/hawkular-metrics.truststore" - register: metrics_truststore - check_mode: no - -- block: - - slurp: src={{ mktemp.stdout }}/hawkular-metrics-keystore.pwd - register: metrics_keystore_password - - - fetch: - dest: "{{local_tmp.stdout}}/" - src: "{{ mktemp.stdout }}/{{item}}" - flat: yes - changed_when: False - with_items: - - hawkular-metrics.pkcs12 - - hawkular-metrics.crt - - ca.crt - - - local_action: command {{role_path}}/files/import_jks_certs.sh - environment: - CERT_DIR: "{{local_tmp.stdout}}" - METRICS_KEYSTORE_PASSWD: "{{metrics_keystore_password.content}}" - METRICS_TRUSTSTORE_PASSWD: "{{hawkular_truststore_password.content}}" - changed_when: False - - - copy: - dest: "{{mktemp.stdout}}/" - src: "{{item}}" - with_fileglob: "{{local_tmp.stdout}}/*.*store" - - when: not metrics_keystore.stat.exists or - not metrics_truststore.stat.exists diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml index c490bcdd3..8d27c4930 100644 --- a/roles/openshift_metrics/tasks/install_heapster.yaml +++ b/roles/openshift_metrics/tasks/install_heapster.yaml @@ -20,7 +20,7 @@ - set_fact: heapster_sa_secrets: "{{ heapster_sa_secrets + [item] }}" with_items: - - hawkular-metrics-certificate + - hawkular-metrics-certs - hawkular-metrics-account when: "not {{ openshift_metrics_heapster_standalone | bool }}" diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index 361378df3..401db4e58 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -40,24 +40,20 @@ spec: - "-Dhawkular.metrics.cassandra.nodes=hawkular-cassandra" - "-Dhawkular.metrics.cassandra.use-ssl" - "-Dhawkular.metrics.openshift.auth-methods=openshift-oauth,htpasswd" - - "-Dhawkular.metrics.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file" + - "-Dhawkular.metrics.openshift.htpasswd-file=/hawkular-account/hawkular-metrics.htpasswd" - "-Dhawkular.metrics.allowed-cors-access-control-allow-headers=authorization" - "-Dhawkular.metrics.default-ttl={{openshift_metrics_duration}}" - "-Dhawkular.metrics.admin-tenant=_hawkular_admin" - "-Dhawkular-alerts.cassandra-nodes=hawkular-cassandra" - "-Dhawkular-alerts.cassandra-use-ssl" - "-Dhawkular.alerts.openshift.auth-methods=openshift-oauth,htpasswd" - - "-Dhawkular.alerts.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file" + - "-Dhawkular.alerts.openshift.htpasswd-file=/hawkular-account/hawkular-metrics.htpasswd" - "-Dhawkular.alerts.allowed-cors-access-control-allow-headers=authorization" - "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true" - "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true" - "-Dcom.datastax.driver.FORCE_NIO=true" - "-DKUBERNETES_MASTER_URL={{openshift_metrics_master_url}}" - "-DUSER_WRITE_ACCESS={{openshift_metrics_hawkular_user_write_access}}" - - "--hmw.keystore=/secrets/hawkular-metrics.keystore" - - "--hmw.truststore=/secrets/hawkular-metrics.truststore" - - "--hmw.keystore_password_file=/secrets/hawkular-metrics.keystore.password" - - "--hmw.truststore_password_file=/secrets/hawkular-metrics.truststore.password" env: - name: POD_NAMESPACE valueFrom: @@ -67,6 +63,8 @@ spec: value: "{{ openshift_metrics_master_url }}" - name: JGROUPS_PASSWORD value: "{{ 17 | oo_random_word }}" + - name: TRUSTSTORE_AUTHORITIES + value: "/hawkular-metrics-certs/tls.truststore.crt" - name: OPENSHIFT_KUBE_PING_NAMESPACE valueFrom: fieldRef: @@ -76,10 +74,10 @@ spec: - name: STARTUP_TIMEOUT value: "{{ openshift_metrics_startup_timeout }}" volumeMounts: - - name: hawkular-metrics-secrets - mountPath: "/secrets" - - name: hawkular-metrics-client-secrets - mountPath: "/client-secrets" + - name: hawkular-metrics-certs + mountPath: "/hawkular-metrics-certs" + - name: hawkular-metrics-account + mountPath: "/hawkular-account" {% if ((openshift_metrics_hawkular_limits_cpu is defined and openshift_metrics_hawkular_limits_cpu is not none) or (openshift_metrics_hawkular_limits_memory is defined and openshift_metrics_hawkular_limits_memory is not none) or (openshift_metrics_hawkular_requests_cpu is defined and openshift_metrics_hawkular_requests_cpu is not none) @@ -118,9 +116,9 @@ spec: command: - "/opt/hawkular/scripts/hawkular-metrics-liveness.py" volumes: - - name: hawkular-metrics-secrets + - name: hawkular-metrics-certs secret: - secretName: hawkular-metrics-secrets - - name: hawkular-metrics-client-secrets + secretName: hawkular-metrics-certs + - name: hawkular-metrics-account secret: secretName: hawkular-metrics-account diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index 7c837db4d..f01ccfd58 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -43,15 +43,15 @@ spec: - "--wrapper.username_file=/hawkular-account/hawkular-metrics.username" - "--wrapper.password_file=/hawkular-account/hawkular-metrics.password" - "--wrapper.endpoint_check=https://hawkular-metrics:443/hawkular/metrics/status" - - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{openshift_metrics_node_id}}&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)" + - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{openshift_metrics_node_id}}&caCert=/hawkular-metrics-certs/tls.crt&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)" {% endif %} env: - name: STARTUP_TIMEOUT value: "{{ openshift_metrics_startup_timeout }}" -{% if ((openshift_metrics_heapster_limits_cpu is defined and openshift_metrics_heapster_limits_cpu is not none) +{% if ((openshift_metrics_heapster_limits_cpu is defined and openshift_metrics_heapster_limits_cpu is not none) or (openshift_metrics_heapster_limits_memory is defined and openshift_metrics_heapster_limits_memory is not none) or (openshift_metrics_heapster_requests_cpu is defined and openshift_metrics_heapster_requests_cpu is not none) - or (openshift_metrics_heapster_requests_memory is defined and openshift_metrics_heapster_requests_memory is not none)) + or (openshift_metrics_heapster_requests_memory is defined and openshift_metrics_heapster_requests_memory is not none)) %} resources: {% if (openshift_metrics_heapster_limits_cpu is not none @@ -65,8 +65,8 @@ spec: memory: "{{openshift_metrics_heapster_limits_memory}}" {% endif %} {% endif %} -{% if (openshift_metrics_heapster_requests_cpu is not none - or openshift_metrics_heapster_requests_memory is not none) +{% if (openshift_metrics_heapster_requests_cpu is not none + or openshift_metrics_heapster_requests_memory is not none) %} requests: {% if openshift_metrics_heapster_requests_cpu is not none %} @@ -81,8 +81,8 @@ spec: - name: heapster-secrets mountPath: "/secrets" {% if not openshift_metrics_heapster_standalone %} - - name: hawkular-metrics-certificate - mountPath: "/hawkular-cert" + - name: hawkular-metrics-certs + mountPath: "/hawkular-metrics-certs" - name: hawkular-metrics-account mountPath: "/hawkular-account" readinessProbe: @@ -95,9 +95,9 @@ spec: secret: secretName: heapster-secrets {% if not openshift_metrics_heapster_standalone %} - - name: hawkular-metrics-certificate + - name: hawkular-metrics-certs secret: - secretName: hawkular-metrics-certificate + secretName: hawkular-metrics-certs - name: hawkular-metrics-account secret: secretName: hawkular-metrics-account diff --git a/test-requirements.txt b/test-requirements.txt index 805828e1c..585cca0b9 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,11 +1,14 @@ +# Versions are pinned to prevent pypi releases arbitrarily breaking +# tests with new APIs/semantics. We want to update versions deliberately. + # flake8 must be listed before pylint to avoid dependency conflicts -flake8 -flake8-mutable -flake8-print -pylint -setuptools-lint -yamllint -coverage -mock -pytest -pytest-cov +flake8==3.3.0 +flake8-mutable==1.1.0 +flake8-print==2.0.2 +pylint==1.6.5 +setuptools-lint==0.5.2 +yamllint==1.6.1 +coverage==4.3.4 +mock==2.0.0 +pytest==3.0.7 +pytest-cov==2.4.0 @@ -11,7 +11,7 @@ skip_install=True deps = -rrequirements.txt -rtest-requirements.txt - py35-flake8: flake8-bugbear + py35-flake8: flake8-bugbear==17.3.0 commands = unit: pip install -e utils |