diff options
346 files changed, 1753 insertions, 798 deletions
@@ -1,6 +1,21 @@ #!/bin/bash set -xeuo pipefail +# Essentially use a similar procedure other openshift-ansible PR tests use to +# determine which image tag should be used. This allows us to avoid hardcoding a +# specific version which quickly becomes stale. + +if [ -n "${PAPR_BRANCH:-}" ]; then + target_branch=$PAPR_BRANCH +else + target_branch=$PAPR_PULL_TARGET_BRANCH +fi + +# this is a bit wasteful, though there's no easy way to say "only clone up to +# the first tag in the branch" -- ideally, PAPR could help with caching here +git clone --branch $target_branch --single-branch https://github.com/openshift/origin +export OPENSHIFT_IMAGE_TAG=$(git -C origin describe --abbrev=0) + echo "Targeting OpenShift Origin $OPENSHIFT_IMAGE_TAG" pip install -r requirements.txt @@ -22,12 +37,15 @@ trap upload_journals ERR # https://github.com/openshift/openshift-ansible/issues/4478 is fixed. ansible-playbook -vvv -i .papr.inventory playbooks/byo/config.yml -e "openshift_image_tag=$OPENSHIFT_IMAGE_TAG" -# run a small subset of origin conformance tests to sanity -# check the cluster NB: we run it on the master since we may -# be in a different OSP network -ssh ocp-master docker run --rm --net=host --privileged \ - -v /etc/origin/master/admin.kubeconfig:/config \ - registry.fedoraproject.org/fedora:26 sh -c \ - '"dnf install -y origin-tests && \ - KUBECONFIG=/config /usr/libexec/origin/extended.test --ginkgo.v=1 \ - --ginkgo.noColor --ginkgo.focus=\"Services.*NodePort|EmptyDir\""' +### DISABLING TESTS FOR NOW, SEE: +### https://github.com/openshift/openshift-ansible/pull/6132 + +### # run a small subset of origin conformance tests to sanity +### # check the cluster NB: we run it on the master since we may +### # be in a different OSP network +### ssh ocp-master docker run --rm --net=host --privileged \ +### -v /etc/origin/master/admin.kubeconfig:/config \ +### registry.fedoraproject.org/fedora:27 sh -c \ +### '"dnf install -y origin-tests && \ +### KUBECONFIG=/config /usr/libexec/origin/extended.test --ginkgo.v=1 \ +### --ginkgo.noColor --ginkgo.focus=\"Services.*NodePort|EmptyDir\""' @@ -14,35 +14,28 @@ cluster: hosts: - name: ocp-master - distro: fedora/26/atomic + distro: fedora/27/atomic specs: ram: 4096 - name: ocp-node1 - distro: fedora/26/atomic + distro: fedora/27/atomic - name: ocp-node2 - distro: fedora/26/atomic + distro: fedora/27/atomic container: - image: registry.fedoraproject.org/fedora:26 + image: registry.fedoraproject.org/fedora:27 -# temp workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1483553 -#packages: -# - gcc -# - python-pip -# - python-devel -# - libffi-devel -# - openssl-devel -# - redhat-rpm-config +packages: + - gcc + - git + - python-pip + - python-devel + - libffi-devel + - openssl-devel + - redhat-rpm-config -context: 'fedora/26/atomic' - -env: - OPENSHIFT_IMAGE_TAG: v3.6.0 +context: 'fedora/27/atomic' tests: - # temp workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1483553 - - if (dnf distro-sync -y || :) |& grep -q -e BDB1539; then - rpm --rebuilddb; dnf distro-sync; - fi; dnf install -y gcc python-pip python-devel libffi-devel openssl-devel redhat-rpm-config - ./.papr.sh artifacts: diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index c1024572f..9db0b5c98 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.8.0-0.2.0 ./ +3.8.0-0.13.0 ./ diff --git a/README_CONTAINER_IMAGE.md b/README_CONTAINER_IMAGE.md index a2151352d..712c7c4b0 100644 --- a/README_CONTAINER_IMAGE.md +++ b/README_CONTAINER_IMAGE.md @@ -28,7 +28,7 @@ Here is an example of how to run a containerized `openshift-ansible` playbook th -v $HOME/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa:Z \ -v /etc/ansible/hosts:/tmp/inventory \ -e INVENTORY_FILE=/tmp/inventory \ - -e PLAYBOOK_FILE=playbooks/byo/openshift-checks/certificate_expiry/default.yaml \ + -e PLAYBOOK_FILE=playbooks/openshift-checks/certificate_expiry/default.yaml \ -e OPTS="-v" -t \ openshift/origin-ansible @@ -44,7 +44,7 @@ Here is a detailed explanation of the options used in the command above: * `-v /etc/ansible/hosts:/tmp/inventory` and `-e INVENTORY_FILE=/tmp/inventory` mount the Ansible inventory file into the container as `/tmp/inventory` and set the corresponding environment variable to point at it respectively. The example uses `/etc/ansible/hosts` as the inventory file as this is a default location, but your inventory is likely to be elsewhere so please adjust as needed. Note that depending on the file you point to you might have to handle SELinux labels in a similar way as with the ssh keys, e.g. by adding a `:z` flag to the volume mount, so again you might prefer to copy the inventory to a dedicated location first. -* `-e PLAYBOOK_FILE=playbooks/byo/openshift-checks/certificate_expiry/default.yaml` specifies the playbook to run as a relative path from the top level directory of openshift-ansible. +* `-e PLAYBOOK_FILE=playbooks/openshift-checks/certificate_expiry/default.yaml` specifies the playbook to run as a relative path from the top level directory of openshift-ansible. * `-e OPTS="-v"` and `-t` make the output look nicer: the `default.yaml` playbook does not generate results and runs quietly unless we add the `-v` option to the `ansible-playbook` invocation, and a TTY is allocated via `-t` so that Ansible adds color to the output. diff --git a/images/installer/README_INVENTORY_GENERATOR.md b/images/installer/README_INVENTORY_GENERATOR.md index 9c10e4b71..293bdb689 100644 --- a/images/installer/README_INVENTORY_GENERATOR.md +++ b/images/installer/README_INVENTORY_GENERATOR.md @@ -46,7 +46,7 @@ docker run -u `id -u` \ -v /tmp/origin/master/admin.kubeconfig:/opt/app-root/src/.kube/config:Z \ -v /tmp/origin/master/master-config.yaml:/opt/app-root/src/master-config.yaml:Z \ -e OPTS="-v --become-user root" \ - -e PLAYBOOK_FILE=playbooks/byo/openshift-checks/health.yml \ + -e PLAYBOOK_FILE=playbooks/openshift-checks/health.yml \ -e GENERATE_INVENTORY=true \ -e USER=`whoami` \ openshift/origin-ansible diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 98de1ae32..418241aa1 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -10,7 +10,7 @@ Name: openshift-ansible Version: 3.8.0 -Release: 0.2.0%{?dist} +Release: 0.13.0%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -285,6 +285,89 @@ Atomic OpenShift Utilities includes %changelog +* Thu Nov 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.13.0 +- + +* Thu Nov 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.12.0 +- + +* Thu Nov 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.11.0 +- + +* Thu Nov 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.10.0 +- tox.ini: simplify unit test reqs (lmeyer@redhat.com) +- Remove unused task files (rteague@redhat.com) +- Playbook Consolidation - openshift-provisioners (rteague@redhat.com) +- Include Deprecation - openshift-prometheus (rteague@redhat.com) +- Include Deprecation - openshift-node (rteague@redhat.com) +- Include Deprecation - openshift-management (rteague@redhat.com) +- Include Deprecation - openshift-glusterfs (rteague@redhat.com) +- Include Deprecation - openshift-master (rteague@redhat.com) +- Include Deprecation - openshift-hosted (rteague@redhat.com) +- Playbook Consolidation - openshift-service-catalog (rteague@redhat.com) +- Include Deprecation - openshift-nfs (rteague@redhat.com) +- Include Deprecation - openshift-metrics (rteague@redhat.com) +- Include Deprecation - openshift-etcd (rteague@redhat.com) +- Fix system_images_registry variable (mgugino@redhat.com) +- Include Deprecation - openshift-loadbalancer (rteague@redhat.com) +- Include Deprecation - openshift-checks (rteague@redhat.com) +- Playbook Consolidation - openshift-management (rteague@redhat.com) +- Playbook Consolidation - openshift-master (rteague@redhat.com) +- Playbook Consolidation - openshift-hosted (rteague@redhat.com) +- Place-holder for prerequisites.yml (mgugino@redhat.com) +- Cleanup etcd runtime variable. (mgugino@redhat.com) +- Fix uninstall option for prometheus (zgalor@redhat.com) +- Playbook Consolidation - openshift-glusterfs (rteague@redhat.com) +- Playbook Consolidation - openshift-metrics (rteague@redhat.com) +- Playbook Consolidation - openshift-loadbalancer (rteague@redhat.com) +- hosted_registry: clean up tmp mount point and fstab (dusty@dustymabe.com) + +* Wed Nov 22 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.9.0 +- Fix node system container var (mgugino@redhat.com) +- Add temporary playbook for CI test functionality (rteague@redhat.com) +- Playbook Consolidation - openshift-node (rteague@redhat.com) +- Fix logic for any sys containers (mgugino@redhat.com) +- containerPort must be an int; correctly quote/brace replicas value + (rmeggins@redhat.com) +- papr: use new PAPR_PULL_TARGET_BRANCH (jlebon@redhat.com) +- Refactor etcd image (mgugino@redhat.com) +- GlusterFS: Files and templates for 3.8 (jarrpa@redhat.com) +- Only remove empty keys from env if env exists (sdodson@redhat.com) +- Upgrade to etcd 3.2 (sdodson@redhat.com) +- Allow modifying and adding prometheus application arguments + (zgalor@redhat.com) +- Playbook Consolidation - openshift-nfs (rteague@redhat.com) +- Playbook Consolidation - openshift-etcd (rteague@redhat.com) +- Include Deprecation - Init Playbook Paths (rteague@redhat.com) + +* Mon Nov 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.8.0 +- + +* Mon Nov 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.7.0 +- + +* Mon Nov 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.6.0 +- + +* Sun Nov 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.5.0 +- + +* Sun Nov 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.4.0 +- bug 1498398. Enclose content between store tag (rromerom@redhat.com) + +* Fri Nov 17 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.3.0 +- papr: auto-detect image tag to use and bump to f27 (jlebon@redhat.com) +- Updating mtu value to int (kwoodson@redhat.com) +- fix the logging-es-prometheus selector (jcantril@redhat.com) +- GlusterFS: Add configuration for auto creating block-hosting volumes + (jarrpa@redhat.com) +- Playbook Consolidation - openshift-checks (rteague@redhat.com) +- Combine openshift_node and openshift_node_upgrade (mgugino@redhat.com) +- registry-console: align image and check (lmeyer@redhat.com) +- registry-console template 3.8 consistency (lmeyer@redhat.com) +- registry-console template 3.7 consistency (lmeyer@redhat.com) +- registry-console template 3.6 consistency (lmeyer@redhat.com) + * Thu Nov 16 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.2.0 - Fix openstack init (rteague@redhat.com) - Ensure node service is started. (kwoodson@redhat.com) diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml index fae30eb0a..5815c4975 100644 --- a/playbooks/aws/openshift-cluster/build_ami.yml +++ b/playbooks/aws/openshift-cluster/build_ami.yml @@ -33,7 +33,7 @@ # This is the part that installs all of the software and configs for the instance # to become a node. -- include: ../../common/openshift-node/image_prep.yml +- include: ../../openshift-node/private/image_prep.yml - include: seal_ami.yml vars: diff --git a/playbooks/aws/openshift-cluster/hosted.yml b/playbooks/aws/openshift-cluster/hosted.yml index db6e3b8e1..da7ec9d21 100644 --- a/playbooks/aws/openshift-cluster/hosted.yml +++ b/playbooks/aws/openshift-cluster/hosted.yml @@ -1,16 +1,19 @@ --- -- include: ../../common/openshift-cluster/openshift_hosted.yml +- include: ../../openshift-hosted/private/config.yml -- include: ../../common/openshift-cluster/openshift_metrics.yml +- include: ../../openshift-metrics/private/config.yml when: openshift_metrics_install_metrics | default(false) | bool - include: ../../common/openshift-cluster/openshift_logging.yml when: openshift_logging_install_logging | default(false) | bool -- include: ../../common/openshift-cluster/service_catalog.yml +- include: ../../openshift-prometheus/private/config.yml + when: openshift_hosted_prometheus_deploy | default(false) | bool + +- include: ../../openshift-service-catalog/private/config.yml when: openshift_enable_service_catalog | default(false) | bool -- include: ../../common/openshift-management/config.yml +- include: ../../openshift-management/private/config.yml when: openshift_management_install_management | default(false) | bool - name: Print deprecated variable warning message if necessary diff --git a/playbooks/aws/openshift-cluster/install.yml b/playbooks/aws/openshift-cluster/install.yml index 8756fb52a..f8206529a 100644 --- a/playbooks/aws/openshift-cluster/install.yml +++ b/playbooks/aws/openshift-cluster/install.yml @@ -19,28 +19,28 @@ include: ../../init/main.yml - name: perform the installer openshift-checks - include: ../../common/openshift-checks/install.yml + include: ../../openshift-checks/private/install.yml - name: etcd install - include: ../../common/openshift-etcd/config.yml + include: ../../openshift-etcd/private/config.yml - name: include nfs - include: ../../common/openshift-nfs/config.yml + include: ../../openshift-nfs/private/config.yml when: groups.oo_nfs_to_config | default([]) | count > 0 - name: include loadbalancer - include: ../../common/openshift-loadbalancer/config.yml + include: ../../openshift-loadbalancer/private/config.yml when: groups.oo_lb_to_config | default([]) | count > 0 - name: include openshift-master config - include: ../../common/openshift-master/config.yml + include: ../../openshift-master/private/config.yml - name: include master additional config - include: ../../common/openshift-master/additional_config.yml + include: ../../openshift-master/private/additional_config.yml - name: include master additional config - include: ../../common/openshift-node/config.yml + include: ../../openshift-node/private/config.yml - name: include openshift-glusterfs - include: ../../common/openshift-glusterfs/config.yml + include: ../../openshift-glusterfs/private/config.yml when: groups.oo_glusterfs_to_config | default([]) | count > 0 diff --git a/playbooks/byo/openshift-checks/certificate_expiry/roles b/playbooks/byo/openshift-checks/certificate_expiry/roles deleted file mode 120000 index 4bdbcbad3..000000000 --- a/playbooks/byo/openshift-checks/certificate_expiry/roles +++ /dev/null @@ -1 +0,0 @@ -../../../../roles
\ No newline at end of file diff --git a/playbooks/byo/openshift-checks/health.yml b/playbooks/byo/openshift-checks/health.yml deleted file mode 100644 index 0034251e3..000000000 --- a/playbooks/byo/openshift-checks/health.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-checks/health.yml diff --git a/playbooks/byo/openshift-checks/pre-install.yml b/playbooks/byo/openshift-checks/pre-install.yml deleted file mode 100644 index 1d35f601b..000000000 --- a/playbooks/byo/openshift-checks/pre-install.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-checks/pre-install.yml diff --git a/playbooks/byo/openshift-cluster/openshift-hosted.yml b/playbooks/byo/openshift-cluster/openshift-hosted.yml deleted file mode 100644 index 0855a2fb6..000000000 --- a/playbooks/byo/openshift-cluster/openshift-hosted.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-cluster/openshift_hosted.yml diff --git a/playbooks/byo/openshift-cluster/openshift-metrics.yml b/playbooks/byo/openshift-cluster/openshift-metrics.yml deleted file mode 100644 index e4c9ba1f7..000000000 --- a/playbooks/byo/openshift-cluster/openshift-metrics.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-cluster/openshift_metrics.yml diff --git a/playbooks/byo/openshift-cluster/openshift-prometheus.yml b/playbooks/byo/openshift-cluster/openshift-prometheus.yml deleted file mode 100644 index 634ee2a80..000000000 --- a/playbooks/byo/openshift-cluster/openshift-prometheus.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-cluster/openshift_prometheus.yml diff --git a/playbooks/byo/openshift-cluster/openshift-provisioners.yml b/playbooks/byo/openshift-cluster/openshift-provisioners.yml deleted file mode 100644 index 0949d33c9..000000000 --- a/playbooks/byo/openshift-cluster/openshift-provisioners.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-cluster/openshift_provisioners.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-certificates.yml index 6450a4d76..c26f11772 100644 --- a/playbooks/byo/openshift-cluster/redeploy-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-certificates.yml @@ -7,29 +7,29 @@ - include: ../../common/openshift-cluster/redeploy-certificates/etcd-backup.yml -- include: ../../common/openshift-etcd/certificates.yml +- include: ../../openshift-etcd/private/certificates.yml vars: etcd_certificates_redeploy: true - include: ../../common/openshift-cluster/redeploy-certificates/masters-backup.yml -- include: ../../common/openshift-master/certificates.yml +- include: ../../openshift-master/private/certificates.yml vars: openshift_certificates_redeploy: true - include: ../../common/openshift-cluster/redeploy-certificates/nodes-backup.yml -- include: ../../common/openshift-node/certificates.yml +- include: ../../openshift-node/private/certificates.yml vars: openshift_certificates_redeploy: true -- include: ../../common/openshift-etcd/restart.yml +- include: ../../openshift-etcd/private/restart.yml vars: g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}" -- include: ../../common/openshift-master/restart.yml +- include: ../../openshift-master/private/restart.yml -- include: ../../common/openshift-node/restart.yml +- include: ../../openshift-node/private/restart.yml - include: ../../common/openshift-cluster/redeploy-certificates/router.yml when: openshift_hosted_manage_router | default(true) | bool @@ -37,6 +37,6 @@ - include: ../../common/openshift-cluster/redeploy-certificates/registry.yml when: openshift_hosted_manage_registry | default(true) | bool -- include: ../../common/openshift-master/revert-client-ca.yml +- include: ../../openshift-master/private/revert-client-ca.yml -- include: ../../common/openshift-master/restart.yml +- include: ../../openshift-master/private/restart.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml index f3892f56f..94e50cc28 100644 --- a/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml @@ -7,12 +7,12 @@ - include: ../../common/openshift-cluster/redeploy-certificates/etcd-backup.yml -- include: ../../common/openshift-etcd/certificates.yml +- include: ../../openshift-etcd/private/certificates.yml vars: etcd_certificates_redeploy: true -- include: ../../common/openshift-etcd/restart.yml +- include: ../../openshift-etcd/private/restart.yml vars: g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}" -- include: ../../common/openshift-master/restart.yml +- include: ../../openshift-master/private/restart.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml index 6a4528b7f..88e52f809 100644 --- a/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml @@ -3,8 +3,8 @@ - include: ../../common/openshift-cluster/redeploy-certificates/masters-backup.yml -- include: ../../common/openshift-master/certificates.yml +- include: ../../openshift-master/private/certificates.yml vars: openshift_certificates_redeploy: true -- include: ../../common/openshift-master/restart.yml +- include: ../../openshift-master/private/restart.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml index 891c0e58c..2abbe78f1 100644 --- a/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml @@ -3,8 +3,8 @@ - include: ../../common/openshift-cluster/redeploy-certificates/nodes-backup.yml -- include: ../../common/openshift-node/certificates.yml +- include: ../../openshift-node/private/certificates.yml vars: openshift_certificates_redeploy: true -- include: ../../common/openshift-node/restart.yml +- include: ../../openshift-node/private/restart.yml diff --git a/playbooks/byo/openshift-cluster/service-catalog.yml b/playbooks/byo/openshift-cluster/service-catalog.yml deleted file mode 100644 index 7be63b0a5..000000000 --- a/playbooks/byo/openshift-cluster/service-catalog.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# -# This playbook is a preview of upcoming changes for installing -# Hosted logging on. See inventory/byo/hosts.*.example for the -# currently supported method. -# -- include: ../../init/main.yml - -- include: ../../common/openshift-cluster/service_catalog.yml diff --git a/playbooks/byo/openshift-etcd/certificates.yml b/playbooks/byo/openshift-etcd/certificates.yml deleted file mode 100644 index 0e9d42cd6..000000000 --- a/playbooks/byo/openshift-etcd/certificates.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/ca.yml - -- include: ../../common/openshift-etcd/certificates.yml diff --git a/playbooks/byo/openshift-etcd/config.yml b/playbooks/byo/openshift-etcd/config.yml deleted file mode 100644 index c6e0a9d90..000000000 --- a/playbooks/byo/openshift-etcd/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/config.yml diff --git a/playbooks/byo/openshift-etcd/embedded2external.yml b/playbooks/byo/openshift-etcd/embedded2external.yml deleted file mode 100644 index 492f677b0..000000000 --- a/playbooks/byo/openshift-etcd/embedded2external.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/embedded2external.yml diff --git a/playbooks/byo/openshift-etcd/migrate.yml b/playbooks/byo/openshift-etcd/migrate.yml deleted file mode 100644 index 3020e7db4..000000000 --- a/playbooks/byo/openshift-etcd/migrate.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/migrate.yml diff --git a/playbooks/byo/openshift-etcd/restart.yml b/playbooks/byo/openshift-etcd/restart.yml deleted file mode 100644 index 0889d91ba..000000000 --- a/playbooks/byo/openshift-etcd/restart.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/restart.yml diff --git a/playbooks/byo/openshift-etcd/scaleup.yml b/playbooks/byo/openshift-etcd/scaleup.yml deleted file mode 100644 index e7d62e264..000000000 --- a/playbooks/byo/openshift-etcd/scaleup.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-etcd/scaleup.yml diff --git a/playbooks/byo/openshift-glusterfs/config.yml b/playbooks/byo/openshift-glusterfs/config.yml deleted file mode 100644 index 120476bb8..000000000 --- a/playbooks/byo/openshift-glusterfs/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-glusterfs/config.yml diff --git a/playbooks/byo/openshift-glusterfs/registry.yml b/playbooks/byo/openshift-glusterfs/registry.yml deleted file mode 100644 index 32734f863..000000000 --- a/playbooks/byo/openshift-glusterfs/registry.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-glusterfs/registry.yml diff --git a/playbooks/byo/openshift-loadbalancer/config.yml b/playbooks/byo/openshift-loadbalancer/config.yml deleted file mode 100644 index 27925d2e9..000000000 --- a/playbooks/byo/openshift-loadbalancer/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-loadbalancer/config.yml diff --git a/playbooks/byo/openshift-management/add_container_provider.yml b/playbooks/byo/openshift-management/add_container_provider.yml deleted file mode 100644 index e2f558550..000000000 --- a/playbooks/byo/openshift-management/add_container_provider.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/evaluate_groups.yml - -- include: ../../common/openshift-management/add_container_provider.yml diff --git a/playbooks/byo/openshift-management/config.yml b/playbooks/byo/openshift-management/config.yml deleted file mode 100644 index e699fd014..000000000 --- a/playbooks/byo/openshift-management/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-management/config.yml diff --git a/playbooks/byo/openshift-management/uninstall.yml b/playbooks/byo/openshift-management/uninstall.yml deleted file mode 100644 index e95c1c88a..000000000 --- a/playbooks/byo/openshift-management/uninstall.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- include: ../../common/openshift-management/uninstall.yml diff --git a/playbooks/byo/openshift-master/additional_config.yml b/playbooks/byo/openshift-master/additional_config.yml deleted file mode 100644 index 1454190b2..000000000 --- a/playbooks/byo/openshift-master/additional_config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-master/additional_config.yml diff --git a/playbooks/byo/openshift-master/certificates.yml b/playbooks/byo/openshift-master/certificates.yml deleted file mode 100644 index 344985244..000000000 --- a/playbooks/byo/openshift-master/certificates.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-master/certificates.yml diff --git a/playbooks/byo/openshift-master/config.yml b/playbooks/byo/openshift-master/config.yml deleted file mode 100644 index 913525e65..000000000 --- a/playbooks/byo/openshift-master/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-master/config.yml diff --git a/playbooks/byo/openshift-master/restart.yml b/playbooks/byo/openshift-master/restart.yml deleted file mode 100644 index d2031d928..000000000 --- a/playbooks/byo/openshift-master/restart.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-master/restart.yml diff --git a/playbooks/byo/openshift-nfs/config.yml b/playbooks/byo/openshift-nfs/config.yml deleted file mode 100644 index a5e6fe784..000000000 --- a/playbooks/byo/openshift-nfs/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-nfs/config.yml diff --git a/playbooks/byo/openshift-node/certificates.yml b/playbooks/byo/openshift-node/certificates.yml deleted file mode 100644 index 5342cf46b..000000000 --- a/playbooks/byo/openshift-node/certificates.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-node/certificates.yml diff --git a/playbooks/byo/openshift-node/config.yml b/playbooks/byo/openshift-node/config.yml deleted file mode 100644 index b157b13d6..000000000 --- a/playbooks/byo/openshift-node/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-node/config.yml diff --git a/playbooks/byo/openshift-node/network_manager.yml b/playbooks/byo/openshift-node/network_manager.yml index 3d96cbdd5..ca09fb65c 100644 --- a/playbooks/byo/openshift-node/network_manager.yml +++ b/playbooks/byo/openshift-node/network_manager.yml @@ -1,4 +1,3 @@ --- -- include: ../../init/evaluate_groups.yml - -- include: ../../common/openshift-node/network_manager.yml +# TODO (rteague): Temporarily leaving this playbook to allow CI tests to operate until CI jobs are updated. +- include: ../../openshift-node/network_manager.yml diff --git a/playbooks/byo/openshift-node/restart.yml b/playbooks/byo/openshift-node/restart.yml deleted file mode 100644 index 53a6b9ed4..000000000 --- a/playbooks/byo/openshift-node/restart.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-node/restart.yml diff --git a/playbooks/byo/openshift-preflight/check.yml b/playbooks/byo/openshift-preflight/check.yml deleted file mode 100644 index 2e53452a6..000000000 --- a/playbooks/byo/openshift-preflight/check.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# location is moved; this file remains so existing instructions keep working -- include: ../openshift-checks/pre-install.yml diff --git a/playbooks/certificate_expiry b/playbooks/certificate_expiry deleted file mode 120000 index 9cf5334a1..000000000 --- a/playbooks/certificate_expiry +++ /dev/null @@ -1 +0,0 @@ -byo/openshift-checks/certificate_expiry/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 3b4d6f9a6..2eeb81b86 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,35 +1,38 @@ --- -- include: ../openshift-checks/install.yml +- include: ../../openshift-checks/private/install.yml -- include: ../openshift-etcd/config.yml +- include: ../../openshift-etcd/private/config.yml -- include: ../openshift-nfs/config.yml +- include: ../../openshift-nfs/private/config.yml when: groups.oo_nfs_to_config | default([]) | count > 0 -- include: ../openshift-loadbalancer/config.yml +- include: ../../openshift-loadbalancer/private/config.yml when: groups.oo_lb_to_config | default([]) | count > 0 -- include: ../openshift-master/config.yml +- include: ../../openshift-master/private/config.yml -- include: ../openshift-master/additional_config.yml +- include: ../../openshift-master/private/additional_config.yml -- include: ../openshift-node/config.yml +- include: ../../openshift-node/private/config.yml -- include: ../openshift-glusterfs/config.yml +- include: ../../openshift-glusterfs/private/config.yml when: groups.oo_glusterfs_to_config | default([]) | count > 0 -- include: openshift_hosted.yml +- include: ../../openshift-hosted/private/config.yml -- include: openshift_metrics.yml +- include: ../../openshift-metrics/private/config.yml when: openshift_metrics_install_metrics | default(false) | bool - include: openshift_logging.yml when: openshift_logging_install_logging | default(false) | bool -- include: service_catalog.yml +- include: ../../openshift-prometheus/private/config.yml + when: openshift_hosted_prometheus_deploy | default(false) | bool + +- include: ../../openshift-service-catalog/private/config.yml when: openshift_enable_service_catalog | default(true) | bool -- include: ../openshift-management/config.yml +- include: ../../openshift-management/private/config.yml when: openshift_management_install_management | default(false) | bool - name: Print deprecated variable warning message if necessary diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml index 044875d1c..438f704bc 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml @@ -21,7 +21,7 @@ name: etcd tasks_from: remove_ca_certificates -- include: ../../openshift-etcd/ca.yml +- include: ../../../openshift-etcd/private/ca.yml - name: Create temp directory for syncing certs hosts: localhost @@ -39,13 +39,12 @@ tasks: - include_role: name: etcd - tasks_from: distribute_ca + tasks_from: distribute_ca.yml vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" etcd_sync_cert_dir: "{{ hostvars['localhost'].g_etcd_mktemp.stdout }}" etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" -- include: ../../openshift-etcd/restart.yml +- include: ../../../openshift-etcd/private/restart.yml # Do not restart etcd when etcd certificates were previously expired. when: ('expired' not in (hostvars | oo_select_keys(groups['etcd']) @@ -60,7 +59,6 @@ tasks_from: retrieve_ca_certificates vars: etcd_sync_cert_dir: "{{ hostvars['localhost'].g_etcd_mktemp.stdout }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - name: Distribute etcd CA to masters hosts: oo_masters_to_config @@ -84,7 +82,7 @@ state: absent changed_when: false -- include: ../../openshift-master/restart.yml +- include: ../../../openshift-master/private/restart.yml # Do not restart masters when master or etcd certificates were previously expired. when: # masters diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml index eb225dfb5..5a837d80d 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml @@ -207,7 +207,7 @@ group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" with_items: "{{ client_users }}" -- include: ../../openshift-master/restart.yml +- include: ../../../openshift-master/private/restart.yml # Do not restart masters when master or etcd certificates were previously expired. when: # masters @@ -272,7 +272,7 @@ state: absent changed_when: false -- include: ../../openshift-node/restart.yml +- include: ../../../openshift-node/private/restart.yml # Do not restart nodes when node, master or etcd certificates were previously expired. when: # nodes diff --git a/playbooks/common/openshift-cluster/tasks/set_etcd_launch_facts.yml b/playbooks/common/openshift-cluster/tasks/set_etcd_launch_facts.yml deleted file mode 100644 index eb118365a..000000000 --- a/playbooks/common/openshift-cluster/tasks/set_etcd_launch_facts.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- set_fact: k8s_type="etcd" - -- name: Generate etcd instance names(s) - set_fact: - scratch_name: "{{ openshift_cluster_id | default('default') }}-{{ k8s_type }}-{{ '%05x' | format(1048576 | random) }}" - register: etcd_names_output - with_sequence: count={{ num_etcd }} - -- set_fact: - etcd_names: "{{ etcd_names_output.results | default([]) - | oo_collect('ansible_facts') - | oo_collect('scratch_name') }}" diff --git a/playbooks/common/openshift-cluster/tasks/set_master_launch_facts.yml b/playbooks/common/openshift-cluster/tasks/set_master_launch_facts.yml deleted file mode 100644 index 783f70f50..000000000 --- a/playbooks/common/openshift-cluster/tasks/set_master_launch_facts.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- set_fact: k8s_type="master" - -- name: Generate master instance names(s) - set_fact: - scratch_name: "{{ openshift_cluster_id | default('default') }}-{{ k8s_type }}-{{ '%05x' | format(1048576 | random) }}" - register: master_names_output - with_sequence: count={{ num_masters }} - -- set_fact: - master_names: "{{ master_names_output.results | default([]) - | oo_collect('ansible_facts') - | oo_collect('scratch_name') }}" diff --git a/playbooks/common/openshift-cluster/tasks/set_node_launch_facts.yml b/playbooks/common/openshift-cluster/tasks/set_node_launch_facts.yml deleted file mode 100644 index c103e40a9..000000000 --- a/playbooks/common/openshift-cluster/tasks/set_node_launch_facts.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- set_fact: k8s_type=node -- set_fact: sub_host_type="{{ type }}" -- set_fact: number_nodes="{{ count }}" - -- name: Generate node instance names(s) - set_fact: - scratch_name: "{{ openshift_cluster_id | default('default') }}-{{ k8s_type }}-{{ sub_host_type }}-{{ '%05x' | format(1048576 | random) }}" - register: node_names_output - with_sequence: count={{ number_nodes }} - -- set_fact: - node_names: "{{ node_names_output.results | default([]) - | oo_collect('ansible_facts') - | oo_collect('scratch_name') }}" diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml index 52345a9ba..2e3a7ae8b 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml @@ -16,7 +16,7 @@ changed_when: no - name: Get current version of Docker - command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" + command: "{{ repoquery_installed }} --qf '%{version}' docker" register: curr_docker_version retries: 4 until: curr_docker_version | succeeded diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml index d086cad00..531175c85 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml @@ -9,7 +9,6 @@ tasks_from: backup vars: r_etcd_common_backup_tag: "{{ etcd_backup_tag }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_etcd_common_backup_sufix_name: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml index d71c96cd7..c5ff4133c 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml @@ -2,60 +2,9 @@ - name: Determine etcd version hosts: oo_etcd_hosts_to_upgrade tasks: - - block: - - name: Record RPM based etcd version - command: rpm -qa --qf '%{version}' etcd\* - args: - warn: no - register: etcd_rpm_version - failed_when: false - # AUDIT:changed_when: `false` because we are only inspecting - # state, not manipulating anything - changed_when: false - - debug: - msg: "Etcd rpm version {{ etcd_rpm_version.stdout }} detected" - when: - - not openshift.common.is_containerized | bool - - - block: - - name: Record containerized etcd version (docker) - command: docker exec etcd_container rpm -qa --qf '%{version}' etcd\* - register: etcd_container_version_docker - failed_when: false - # AUDIT:changed_when: `false` because we are only inspecting - # state, not manipulating anything - changed_when: false - when: - - not openshift.common.is_etcd_system_container | bool - - # Given a register variables is set even if the whwen condition - # is false, we need to set etcd_container_version separately - - set_fact: - etcd_container_version: "{{ etcd_container_version_docker.stdout }}" - when: - - not openshift.common.is_etcd_system_container | bool - - - name: Record containerized etcd version (runc) - command: runc exec etcd rpm -qa --qf '%{version}' etcd\* - register: etcd_container_version_runc - failed_when: false - # AUDIT:changed_when: `false` because we are only inspecting - # state, not manipulating anything - changed_when: false - when: - - openshift.common.is_etcd_system_container | bool - - # Given a register variables is set even if the whwen condition - # is false, we need to set etcd_container_version separately - - set_fact: - etcd_container_version: "{{ etcd_container_version_runc.stdout }}" - when: - - openshift.common.is_etcd_system_container | bool - - - debug: - msg: "Etcd containerized version {{ etcd_container_version }} detected" - when: - - openshift.common.is_containerized | bool + - include_role: + name: etcd + tasks_from: version_detect.yml - include: upgrade_rpm_members.yml vars: @@ -93,6 +42,14 @@ vars: etcd_upgrade_version: '3.1.3' +- include: upgrade_rpm_members.yml + vars: + etcd_upgrade_version: '3.2' + +- include: upgrade_image_members.yml + vars: + etcd_upgrade_version: '3.2.7' + - name: Upgrade fedora to latest hosts: oo_etcd_hosts_to_upgrade serial: 1 @@ -101,7 +58,6 @@ name: etcd tasks_from: upgrade_image vars: - r_etcd_common_etcd_runtime: "host" etcd_peer: "{{ openshift.common.hostname }}" when: - ansible_distribution == 'Fedora' diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_image_members.yml b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_image_members.yml index e5e895775..6fca42bd0 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_image_members.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_image_members.yml @@ -11,7 +11,6 @@ tasks_from: upgrade_image vars: r_etcd_upgrade_version: "{{ etcd_upgrade_version }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" etcd_peer: "{{ openshift.common.hostname }}" when: - etcd_container_version | default('99') | version_compare(etcd_upgrade_version,'<') diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_rpm_members.yml b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_rpm_members.yml index a2a26bad4..51e8786b3 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_rpm_members.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_rpm_members.yml @@ -11,7 +11,6 @@ tasks_from: upgrade_rpm vars: r_etcd_upgrade_version: "{{ etcd_upgrade_version }}" - r_etcd_common_etcd_runtime: "host" etcd_peer: "{{ openshift.common.hostname }}" when: - etcd_rpm_version.stdout | default('99') | version_compare(etcd_upgrade_version, '<') diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index c634e0ab8..3aa9e0460 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -93,11 +93,11 @@ # not already exist. We could have potentially done a replace --force to # create and update in one step. - role: openshift_examples - when: openshift_install_examples | default(true,true) | bool + when: openshift_install_examples | default(true) | bool - openshift_hosted_templates # Update the existing templates - role: openshift_examples - when: openshift_install_examples | default(true,true) | bool + when: openshift_install_examples | default(true) | bool registry_url: "{{ openshift.master.registry_url }}" openshift_examples_import_command: replace - role: openshift_hosted_templates diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index fa65567c2..d08c6e940 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -85,10 +85,10 @@ - include: "{{ openshift_master_upgrade_hook }}" when: openshift_master_upgrade_hook is defined - - include: ../../openshift-master/restart_hosts.yml + - include: ../../../openshift-master/private/tasks/restart_hosts.yml when: openshift.common.rolling_restart_mode == 'system' - - include: ../../openshift-master/restart_services.yml + - include: ../../../openshift-master/private/tasks/restart_services.yml when: openshift.common.rolling_restart_mode == 'services' # Run the post-upgrade hook if defined: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml index ef52f214b..6cb6a665f 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -79,7 +79,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 4c6646a38..8f48bedcc 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -83,7 +83,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml index e3c012380..2b99568c7 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -83,7 +83,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index a88fa7b2e..d3d2046e6 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -87,7 +87,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml index 73df15d53..b602cdd0e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml @@ -83,7 +83,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml index 48d55c16f..da81e6dea 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml @@ -87,7 +87,7 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../openshift-master/validate_restart.yml +- include: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade diff --git a/playbooks/common/openshift-etcd/certificates.yml b/playbooks/common/openshift-etcd/certificates.yml deleted file mode 100644 index eb6b94f33..000000000 --- a/playbooks/common/openshift-etcd/certificates.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: server_certificates.yml - -- include: master_etcd_certificates.yml diff --git a/playbooks/common/openshift-etcd/restart.yml b/playbooks/common/openshift-etcd/restart.yml deleted file mode 100644 index 5eaea5ae8..000000000 --- a/playbooks/common/openshift-etcd/restart.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Restart etcd - hosts: oo_etcd_to_config - serial: 1 - tasks: - - name: restart etcd - service: - name: "{{ 'etcd_container' if openshift.common.etcd_runtime == 'docker' else 'etcd' }}" - state: restarted - when: - - not g_etcd_certificates_expired | default(false) | bool - -- name: Restart etcd - hosts: oo_etcd_to_config - tasks: - - name: stop etcd - service: - name: "{{ 'etcd_container' if openshift.common.etcd_runtime == 'docker' else 'etcd' }}" - state: stopped - when: - - g_etcd_certificates_expired | default(false) | bool - - name: start etcd - service: - name: "{{ 'etcd_container' if openshift.common.etcd_runtime == 'docker' else 'etcd' }}" - state: started - when: - - g_etcd_certificates_expired | default(false) | bool diff --git a/playbooks/common/openshift-loadbalancer/lookup_plugins b/playbooks/common/openshift-loadbalancer/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/common/openshift-loadbalancer/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-management/filter_plugins b/playbooks/common/openshift-management/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/common/openshift-management/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-master/filter_plugins b/playbooks/common/openshift-master/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/common/openshift-master/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-master/lookup_plugins b/playbooks/common/openshift-master/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/common/openshift-master/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-nfs/filter_plugins b/playbooks/common/openshift-nfs/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/common/openshift-nfs/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-nfs/lookup_plugins b/playbooks/common/openshift-nfs/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/common/openshift-nfs/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-nfs/roles b/playbooks/common/openshift-nfs/roles deleted file mode 120000 index e2b799b9d..000000000 --- a/playbooks/common/openshift-nfs/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles/
\ No newline at end of file diff --git a/playbooks/common/openshift-node/filter_plugins b/playbooks/common/openshift-node/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/common/openshift-node/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-node/image_prep.yml b/playbooks/common/openshift-node/image_prep.yml deleted file mode 100644 index 3c042acdc..000000000 --- a/playbooks/common/openshift-node/image_prep.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: normalize groups - include: ../../init/evaluate_groups.yml - -- name: initialize the facts - include: ../../init/facts.yml - -- name: initialize the repositories - include: ../../init/repos.yml - -- name: run node config setup - include: setup.yml - -- name: run node config - include: configure_nodes.yml - -- name: Re-enable excluders - include: enable_excluders.yml - -- name: Remove any undesired artifacts from build - include: clean_image.yml diff --git a/playbooks/common/openshift-node/lookup_plugins b/playbooks/common/openshift-node/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/common/openshift-node/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-node/roles b/playbooks/common/openshift-node/roles deleted file mode 120000 index e2b799b9d..000000000 --- a/playbooks/common/openshift-node/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles/
\ No newline at end of file diff --git a/playbooks/init/facts.yml b/playbooks/init/facts.yml index 91223d368..6368eaa88 100644 --- a/playbooks/init/facts.yml +++ b/playbooks/init/facts.yml @@ -8,9 +8,8 @@ hosts: oo_all_hosts tasks: - name: load openshift_facts module - include_role: + import_role: name: openshift_facts - static: yes # TODO: Should this role be refactored into health_checks?? - name: Run openshift_sanitize_inventory to set variables @@ -30,18 +29,7 @@ - name: initialize_facts set fact for containerized and l_is_*_system_container set_fact: l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}" - l_is_openvswitch_system_container: "{{ (openshift_use_openvswitch_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" - l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" l_is_master_system_container: "{{ (openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" - l_is_etcd_system_container: "{{ (openshift_use_etcd_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" - - - name: initialize_facts set facts for l_any_system_container - set_fact: - l_any_system_container: "{{ l_is_etcd_system_container or l_is_openvswitch_system_container or l_is_node_system_container or l_is_master_system_container }}" - - - name: initialize_facts set fact for l_etcd_runtime - set_fact: - l_etcd_runtime: "{{ 'runc' if l_is_etcd_system_container else 'docker' if l_is_containerized else 'host' }}" # TODO: Should this be moved into health checks?? # Seems as though any check that happens with a corresponding fail should move into health_checks @@ -107,21 +95,12 @@ - ostree - runc when: - - l_any_system_container | bool - - - name: Default system_images_registry to a enterprise registry - set_fact: - system_images_registry: "registry.access.redhat.com" - when: - - system_images_registry is not defined - - openshift_deployment_type == "openshift-enterprise" - - - name: Default system_images_registry to community registry - set_fact: - system_images_registry: "docker.io" - when: - - system_images_registry is not defined - - openshift_deployment_type == "origin" + - > + (openshift_use_system_containers | default(False)) | bool + or (openshift_use_etcd_system_container | default(False)) | bool + or (openshift_use_openvswitch_system_container | default(False)) | bool + or (openshift_use_node_system_container | default(False)) | bool + or (openshift_use_master_system_container | default(False)) | bool - name: Gather Cluster facts and set is_containerized if needed openshift_facts: @@ -133,12 +112,7 @@ hostname: "{{ openshift_hostname | default(None) }}" ip: "{{ openshift_ip | default(None) }}" is_containerized: "{{ l_is_containerized | default(None) }}" - is_openvswitch_system_container: "{{ l_is_openvswitch_system_container | default(false) }}" - is_node_system_container: "{{ l_is_node_system_container | default(false) }}" is_master_system_container: "{{ l_is_master_system_container | default(false) }}" - is_etcd_system_container: "{{ l_is_etcd_system_container | default(false) }}" - etcd_runtime: "{{ l_etcd_runtime }}" - system_images_registry: "{{ system_images_registry }}" public_hostname: "{{ openshift_public_hostname | default(None) }}" public_ip: "{{ openshift_public_ip | default(None) }}" portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}" @@ -163,6 +137,7 @@ - name: initialize_facts set_fact repoquery command set_fact: repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" + repoquery_installed: "{{ 'dnf repoquery --latest-limit 1 -d 0 --disableexcludes=all --installed' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins --installed' }}" - name: initialize_facts set_fact on openshift_docker_hosted_registry_network set_fact: diff --git a/playbooks/init/main.yml b/playbooks/init/main.yml index 87ffeafc7..1d4f41ffc 100644 --- a/playbooks/init/main.yml +++ b/playbooks/init/main.yml @@ -13,17 +13,17 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- include: evaluate_groups.yml +- import_playbook: evaluate_groups.yml -- include: facts.yml +- import_playbook: facts.yml -- include: sanity_checks.yml +- import_playbook: sanity_checks.yml -- include: validate_hostnames.yml +- import_playbook: validate_hostnames.yml -- include: repos.yml +- import_playbook: repos.yml -- include: version.yml +- import_playbook: version.yml - name: Initialization Checkpoint End hosts: all diff --git a/playbooks/byo/openshift-checks/README.md b/playbooks/openshift-checks/README.md index b26e7d7ed..0b7ea91ff 100644 --- a/playbooks/byo/openshift-checks/README.md +++ b/playbooks/openshift-checks/README.md @@ -47,19 +47,19 @@ against your inventory file. Here is the step-by-step: 3. Run the appropriate playbook: ```console - $ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/pre-install.yml + $ ansible-playbook -i <inventory file> playbooks/openshift-checks/pre-install.yml ``` or ```console - $ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/health.yml + $ ansible-playbook -i <inventory file> playbooks/openshift-checks/health.yml ``` or ```console - $ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/certificate_expiry/default.yaml -v + $ ansible-playbook -i <inventory file> playbooks/openshift-checks/certificate_expiry/default.yaml -v ``` ### The adhoc playbook @@ -72,19 +72,19 @@ using the `-e` flag. For example, to run the `docker_storage` check: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml -e openshift_checks=docker_storage +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml -e openshift_checks=docker_storage ``` To run more checks, use a comma-separated list of check names: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml -e openshift_checks=docker_storage,disk_availability +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml -e openshift_checks=docker_storage,disk_availability ``` To run an entire class of checks, use the name of a check group tag, prefixed by `@`. This will run all checks tagged `preflight`: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml -e openshift_checks=@preflight +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml -e openshift_checks=@preflight ``` It is valid to specify multiple check tags and individual check names together @@ -94,7 +94,7 @@ To list all of the available checks and tags, run the adhoc playbook without setting the `openshift_checks` variable: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml ``` ## Running in a container diff --git a/playbooks/byo/openshift-checks/adhoc.yml b/playbooks/openshift-checks/adhoc.yml index 4ee9e75f1..414090733 100644 --- a/playbooks/byo/openshift-checks/adhoc.yml +++ b/playbooks/openshift-checks/adhoc.yml @@ -1,6 +1,6 @@ --- # NOTE: ideally this would be just part of a single play in -# common/openshift-checks/adhoc.yml that lists the existing checks when +# private/adhoc.yml that lists the existing checks when # openshift_checks is not set or run the requested checks. However, to actually # run the checks we need to have the included dependencies to run first and that # takes time. To speed up listing checks, we use this separate play that runs @@ -20,6 +20,6 @@ action: openshift_health_check when: openshift_checks is undefined or not openshift_checks -- include: ../../init/main.yml +- import_playbook: ../init/main.yml -- include: ../../common/openshift-checks/adhoc.yml +- import_playbook: private/adhoc.yml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/default.yaml b/playbooks/openshift-checks/certificate_expiry/default.yaml index 630135cae..630135cae 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/default.yaml +++ b/playbooks/openshift-checks/certificate_expiry/default.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml b/playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml index 378d1f154..378d1f154 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml +++ b/playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml b/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml index ae41c7c14..ae41c7c14 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +++ b/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml b/playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml index d80cb6ff4..d80cb6ff4 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml +++ b/playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml b/playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml index 2189455b7..2189455b7 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml +++ b/playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml b/playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml index 87a0f3be4..87a0f3be4 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml +++ b/playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml b/playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml index 960457c4b..960457c4b 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml +++ b/playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml diff --git a/playbooks/byo/openshift-checks/roles b/playbooks/openshift-checks/certificate_expiry/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-checks/roles +++ b/playbooks/openshift-checks/certificate_expiry/roles diff --git a/playbooks/openshift-checks/health.yml b/playbooks/openshift-checks/health.yml new file mode 100644 index 000000000..caac06626 --- /dev/null +++ b/playbooks/openshift-checks/health.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/health.yml diff --git a/playbooks/openshift-checks/pre-install.yml b/playbooks/openshift-checks/pre-install.yml new file mode 100644 index 000000000..4511f6e3c --- /dev/null +++ b/playbooks/openshift-checks/pre-install.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/pre-install.yml diff --git a/playbooks/common/openshift-checks/adhoc.yml b/playbooks/openshift-checks/private/adhoc.yml index d0deaeb65..d0deaeb65 100644 --- a/playbooks/common/openshift-checks/adhoc.yml +++ b/playbooks/openshift-checks/private/adhoc.yml diff --git a/playbooks/common/openshift-checks/health.yml b/playbooks/openshift-checks/private/health.yml index d0921b9d3..d0921b9d3 100644 --- a/playbooks/common/openshift-checks/health.yml +++ b/playbooks/openshift-checks/private/health.yml diff --git a/playbooks/common/openshift-checks/install.yml b/playbooks/openshift-checks/private/install.yml index 93cf6c359..93cf6c359 100644 --- a/playbooks/common/openshift-checks/install.yml +++ b/playbooks/openshift-checks/private/install.yml diff --git a/playbooks/common/openshift-checks/pre-install.yml b/playbooks/openshift-checks/private/pre-install.yml index 32449d4e4..32449d4e4 100644 --- a/playbooks/common/openshift-checks/pre-install.yml +++ b/playbooks/openshift-checks/private/pre-install.yml diff --git a/playbooks/byo/openshift-etcd/roles b/playbooks/openshift-checks/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-etcd/roles +++ b/playbooks/openshift-checks/private/roles diff --git a/playbooks/openshift-checks/roles b/playbooks/openshift-checks/roles new file mode 120000 index 000000000..b741aa3db --- /dev/null +++ b/playbooks/openshift-checks/roles @@ -0,0 +1 @@ +../../roles
\ No newline at end of file diff --git a/playbooks/openshift-etcd/certificates.yml b/playbooks/openshift-etcd/certificates.yml new file mode 100644 index 000000000..c06e3b575 --- /dev/null +++ b/playbooks/openshift-etcd/certificates.yml @@ -0,0 +1,6 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/ca.yml + +- import_playbook: private/certificates.yml diff --git a/playbooks/openshift-etcd/config.yml b/playbooks/openshift-etcd/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-etcd/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/openshift-etcd/embedded2external.yml b/playbooks/openshift-etcd/embedded2external.yml new file mode 100644 index 000000000..7d090fa9b --- /dev/null +++ b/playbooks/openshift-etcd/embedded2external.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/embedded2external.yml diff --git a/playbooks/openshift-etcd/migrate.yml b/playbooks/openshift-etcd/migrate.yml new file mode 100644 index 000000000..0340b74a5 --- /dev/null +++ b/playbooks/openshift-etcd/migrate.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/migrate.yml diff --git a/playbooks/common/openshift-etcd/ca.yml b/playbooks/openshift-etcd/private/ca.yml index ac5543be9..ac5543be9 100644 --- a/playbooks/common/openshift-etcd/ca.yml +++ b/playbooks/openshift-etcd/private/ca.yml diff --git a/playbooks/openshift-etcd/private/certificates.yml b/playbooks/openshift-etcd/private/certificates.yml new file mode 100644 index 000000000..7c45938c1 --- /dev/null +++ b/playbooks/openshift-etcd/private/certificates.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: server_certificates.yml + +- import_playbook: master_etcd_certificates.yml diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/openshift-etcd/private/config.yml index 3fe483785..f49a3ecaa 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/openshift-etcd/private/config.yml @@ -11,9 +11,9 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- include: ca.yml +- import_playbook: ca.yml -- include: certificates.yml +- import_playbook: certificates.yml - name: Configure etcd hosts: oo_etcd_to_config @@ -24,7 +24,6 @@ etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - role: nickhammond.logrotate - name: etcd Install Checkpoint End diff --git a/playbooks/common/openshift-etcd/embedded2external.yml b/playbooks/openshift-etcd/private/embedded2external.yml index b16b78c4f..514319b88 100644 --- a/playbooks/common/openshift-etcd/embedded2external.yml +++ b/playbooks/openshift-etcd/private/embedded2external.yml @@ -36,7 +36,6 @@ name: etcd tasks_from: backup vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_embedded_etcd: "{{ true }}" r_etcd_common_backup_sufix_name: "{{ embedded_etcd_backup_suffix }}" @@ -45,15 +44,14 @@ name: etcd tasks_from: backup.archive vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_embedded_etcd: "{{ true }}" r_etcd_common_backup_sufix_name: "{{ embedded_etcd_backup_suffix }}" # 3. deploy certificates (for etcd and master) -- include: ca.yml +- import_playbook: ca.yml -- include: server_certificates.yml +- import_playbook: server_certificates.yml - name: Backup etcd client certificates for master host hosts: oo_first_master @@ -63,12 +61,12 @@ tasks_from: backup_master_etcd_certificates - name: Redeploy master etcd certificates - include: master_etcd_certificates.yml + import_playbook: master_etcd_certificates.yml vars: etcd_certificates_redeploy: "{{ true }}" # 4. deploy external etcd -- include: ../openshift-etcd/config.yml +- import_playbook: config.yml # 5. stop external etcd - name: Cleanse etcd @@ -78,13 +76,9 @@ - include_role: name: etcd tasks_from: disable_etcd - vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - include_role: name: etcd tasks_from: clean_data - vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" # 6. copy the embedded etcd backup to the external host # TODO(jchaloup): if the etcd and first master are on the same host, just copy the directory @@ -101,7 +95,6 @@ name: etcd tasks_from: backup.fetch vars: - r_etcd_common_etcd_runtime: "{{ hostvars[groups.oo_first_master.0].openshift.common.etcd_runtime }}" etcd_backup_sync_directory: "{{ g_etcd_client_mktemp.stdout }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_embedded_etcd: "{{ true }}" @@ -112,7 +105,6 @@ name: etcd tasks_from: backup.copy vars: - r_etcd_common_etcd_runtime: "{{ hostvars[groups.oo_etcd_to_config.0].openshift.common.etcd_runtime }}" etcd_backup_sync_directory: "{{ g_etcd_client_mktemp.stdout }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" @@ -134,7 +126,6 @@ name: etcd tasks_from: backup.unarchive vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" @@ -142,7 +133,6 @@ name: etcd tasks_from: backup.force_new_cluster vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_backup_tag: pre-migrate r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" etcd_peer: "{{ openshift.common.ip }}" diff --git a/playbooks/byo/openshift-etcd/filter_plugins b/playbooks/openshift-etcd/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/byo/openshift-etcd/filter_plugins +++ b/playbooks/openshift-etcd/private/filter_plugins diff --git a/playbooks/byo/openshift-etcd/lookup_plugins b/playbooks/openshift-etcd/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/byo/openshift-etcd/lookup_plugins +++ b/playbooks/openshift-etcd/private/lookup_plugins diff --git a/playbooks/common/openshift-etcd/master_etcd_certificates.yml b/playbooks/openshift-etcd/private/master_etcd_certificates.yml index 0a25aac57..d98470db2 100644 --- a/playbooks/common/openshift-etcd/master_etcd_certificates.yml +++ b/playbooks/openshift-etcd/private/master_etcd_certificates.yml @@ -10,5 +10,4 @@ etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" etcd_cert_prefix: "master.etcd-" openshift_ca_host: "{{ groups.oo_first_master.0 }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config diff --git a/playbooks/common/openshift-etcd/migrate.yml b/playbooks/openshift-etcd/private/migrate.yml index 31362f2f6..4269918c2 100644 --- a/playbooks/common/openshift-etcd/migrate.yml +++ b/playbooks/openshift-etcd/private/migrate.yml @@ -48,7 +48,6 @@ name: etcd tasks_from: backup vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" r_etcd_common_backup_tag: pre-migration r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_etcd_common_backup_sufix_name: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" @@ -76,8 +75,6 @@ - include_role: name: etcd tasks_from: disable_etcd - vars: - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - name: Migrate data on first etcd hosts: oo_etcd_to_migrate[0] @@ -117,7 +114,7 @@ set_fact: r_etcd_migrate_success: true -- include: ./scaleup.yml +- import_playbook: scaleup.yml - name: Gate on etcd migration hosts: oo_masters_to_config diff --git a/playbooks/openshift-etcd/private/restart.yml b/playbooks/openshift-etcd/private/restart.yml new file mode 100644 index 000000000..0751480e2 --- /dev/null +++ b/playbooks/openshift-etcd/private/restart.yml @@ -0,0 +1,19 @@ +--- +- name: Restart etcd + hosts: oo_etcd_to_config + serial: 1 + tasks: + - include_role: + name: etcd + tasks_from: restart.yml + when: + - not g_etcd_certificates_expired | default(false) | bool + +- name: Restart etcd + hosts: oo_etcd_to_config + tasks: + - include_role: + name: etcd + tasks_from: restart.yml + when: + - g_etcd_certificates_expired | default(false) | bool diff --git a/playbooks/byo/openshift-glusterfs/roles b/playbooks/openshift-etcd/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-glusterfs/roles +++ b/playbooks/openshift-etcd/private/roles diff --git a/playbooks/common/openshift-etcd/scaleup.yml b/playbooks/openshift-etcd/private/scaleup.yml index 20061366c..fac8e3f02 100644 --- a/playbooks/common/openshift-etcd/scaleup.yml +++ b/playbooks/openshift-etcd/private/scaleup.yml @@ -36,7 +36,6 @@ vars: etcd_peers: "{{ groups.oo_new_etcd_to_config | default([], true) }}" etcd_certificates_etcd_hosts: "{{ groups.oo_new_etcd_to_config | default([], true) }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" roles: - role: os_firewall when: etcd_add_check.rc == 0 @@ -48,7 +47,6 @@ etcd_initial_cluster_state: "existing" etcd_initial_cluster: "{{ etcd_add_check.stdout_lines[3] | regex_replace('ETCD_INITIAL_CLUSTER=','') | regex_replace('\"','') }}" etcd_ca_setup: False - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - role: nickhammond.logrotate when: etcd_add_check.rc == 0 post_tasks: diff --git a/playbooks/common/openshift-etcd/server_certificates.yml b/playbooks/openshift-etcd/private/server_certificates.yml index 10e06747b..14c74baf3 100644 --- a/playbooks/common/openshift-etcd/server_certificates.yml +++ b/playbooks/openshift-etcd/private/server_certificates.yml @@ -12,4 +12,3 @@ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" diff --git a/playbooks/openshift-etcd/restart.yml b/playbooks/openshift-etcd/restart.yml new file mode 100644 index 000000000..041c1384d --- /dev/null +++ b/playbooks/openshift-etcd/restart.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/restart.yml diff --git a/playbooks/openshift-etcd/scaleup.yml b/playbooks/openshift-etcd/scaleup.yml new file mode 100644 index 000000000..7e9ab6834 --- /dev/null +++ b/playbooks/openshift-etcd/scaleup.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/scaleup.yml diff --git a/playbooks/byo/openshift-glusterfs/README.md b/playbooks/openshift-glusterfs/README.md index f62aea229..f62aea229 100644 --- a/playbooks/byo/openshift-glusterfs/README.md +++ b/playbooks/openshift-glusterfs/README.md diff --git a/playbooks/openshift-glusterfs/config.yml b/playbooks/openshift-glusterfs/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-glusterfs/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-glusterfs/config.yml b/playbooks/openshift-glusterfs/private/config.yml index 19e14ab3e..19e14ab3e 100644 --- a/playbooks/common/openshift-glusterfs/config.yml +++ b/playbooks/openshift-glusterfs/private/config.yml diff --git a/playbooks/byo/openshift-glusterfs/filter_plugins b/playbooks/openshift-glusterfs/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/byo/openshift-glusterfs/filter_plugins +++ b/playbooks/openshift-glusterfs/private/filter_plugins diff --git a/playbooks/byo/openshift-glusterfs/lookup_plugins b/playbooks/openshift-glusterfs/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/byo/openshift-glusterfs/lookup_plugins +++ b/playbooks/openshift-glusterfs/private/lookup_plugins diff --git a/playbooks/common/openshift-glusterfs/registry.yml b/playbooks/openshift-glusterfs/private/registry.yml index 80cf7529e..75c1f0300 100644 --- a/playbooks/common/openshift-glusterfs/registry.yml +++ b/playbooks/openshift-glusterfs/private/registry.yml @@ -1,5 +1,5 @@ --- -- include: config.yml +- import_playbook: config.yml - name: Initialize GlusterFS registry PV and PVC vars hosts: oo_first_master diff --git a/playbooks/common/openshift-etcd/roles b/playbooks/openshift-glusterfs/private/roles index e2b799b9d..e2b799b9d 120000 --- a/playbooks/common/openshift-etcd/roles +++ b/playbooks/openshift-glusterfs/private/roles diff --git a/playbooks/openshift-glusterfs/registry.yml b/playbooks/openshift-glusterfs/registry.yml new file mode 100644 index 000000000..5e3b18536 --- /dev/null +++ b/playbooks/openshift-glusterfs/registry.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/registry.yml diff --git a/playbooks/openshift-hosted/config.yml b/playbooks/openshift-hosted/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-hosted/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-cluster/cockpit-ui.yml b/playbooks/openshift-hosted/private/cockpit-ui.yml index 359132dd0..359132dd0 100644 --- a/playbooks/common/openshift-cluster/cockpit-ui.yml +++ b/playbooks/openshift-hosted/private/cockpit-ui.yml diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/openshift-hosted/private/config.yml index 15ee60dc0..036fe654d 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/openshift-hosted/private/config.yml @@ -11,22 +11,19 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- include: create_persistent_volumes.yml +- import_playbook: create_persistent_volumes.yml -- include: openshift_default_storage_class.yml +- import_playbook: openshift_default_storage_class.yml -- include: openshift_hosted_create_projects.yml +- import_playbook: openshift_hosted_create_projects.yml -- include: openshift_hosted_router.yml +- import_playbook: openshift_hosted_router.yml -- include: openshift_hosted_registry.yml +- import_playbook: openshift_hosted_registry.yml -- include: cockpit-ui.yml +- import_playbook: cockpit-ui.yml -- include: openshift_prometheus.yml - when: openshift_hosted_prometheus_deploy | default(False) | bool - -- include: install_docker_gc.yml +- import_playbook: install_docker_gc.yml when: - openshift_use_crio | default(False) | bool - openshift_crio_enable_docker_gc | default(False) | bool diff --git a/playbooks/common/openshift-cluster/create_persistent_volumes.yml b/playbooks/openshift-hosted/private/create_persistent_volumes.yml index 8a60a30b8..8a60a30b8 100644 --- a/playbooks/common/openshift-cluster/create_persistent_volumes.yml +++ b/playbooks/openshift-hosted/private/create_persistent_volumes.yml diff --git a/playbooks/common/openshift-cluster/install_docker_gc.yml b/playbooks/openshift-hosted/private/install_docker_gc.yml index 1e3dfee07..1e3dfee07 100644 --- a/playbooks/common/openshift-cluster/install_docker_gc.yml +++ b/playbooks/openshift-hosted/private/install_docker_gc.yml diff --git a/playbooks/common/openshift-cluster/openshift_default_storage_class.yml b/playbooks/openshift-hosted/private/openshift_default_storage_class.yml index 62fe0dd60..62fe0dd60 100644 --- a/playbooks/common/openshift-cluster/openshift_default_storage_class.yml +++ b/playbooks/openshift-hosted/private/openshift_default_storage_class.yml diff --git a/playbooks/common/openshift-cluster/openshift_hosted_create_projects.yml b/playbooks/openshift-hosted/private/openshift_hosted_create_projects.yml index d5ca5185c..d5ca5185c 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted_create_projects.yml +++ b/playbooks/openshift-hosted/private/openshift_hosted_create_projects.yml diff --git a/playbooks/common/openshift-cluster/openshift_hosted_registry.yml b/playbooks/openshift-hosted/private/openshift_hosted_registry.yml index 2a91a827c..2a91a827c 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted_registry.yml +++ b/playbooks/openshift-hosted/private/openshift_hosted_registry.yml diff --git a/playbooks/common/openshift-cluster/openshift_hosted_router.yml b/playbooks/openshift-hosted/private/openshift_hosted_router.yml index bcb5a34a4..bcb5a34a4 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted_router.yml +++ b/playbooks/openshift-hosted/private/openshift_hosted_router.yml diff --git a/playbooks/byo/openshift-management/roles b/playbooks/openshift-hosted/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-management/roles +++ b/playbooks/openshift-hosted/private/roles diff --git a/playbooks/openshift-loadbalancer/config.yml b/playbooks/openshift-loadbalancer/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-loadbalancer/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-loadbalancer/config.yml b/playbooks/openshift-loadbalancer/private/config.yml index d737b836b..d737b836b 100644 --- a/playbooks/common/openshift-loadbalancer/config.yml +++ b/playbooks/openshift-loadbalancer/private/config.yml diff --git a/playbooks/byo/openshift-master/filter_plugins b/playbooks/openshift-loadbalancer/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/byo/openshift-master/filter_plugins +++ b/playbooks/openshift-loadbalancer/private/filter_plugins diff --git a/playbooks/byo/openshift-master/lookup_plugins b/playbooks/openshift-loadbalancer/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/byo/openshift-master/lookup_plugins +++ b/playbooks/openshift-loadbalancer/private/lookup_plugins diff --git a/playbooks/byo/openshift-master/roles b/playbooks/openshift-loadbalancer/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-master/roles +++ b/playbooks/openshift-loadbalancer/private/roles diff --git a/playbooks/openshift-management/add_container_provider.yml b/playbooks/openshift-management/add_container_provider.yml new file mode 100644 index 000000000..e0970f525 --- /dev/null +++ b/playbooks/openshift-management/add_container_provider.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/evaluate_groups.yml + +- import_playbook: private/add_container_provider.yml diff --git a/playbooks/byo/openshift-management/add_many_container_providers.yml b/playbooks/openshift-management/add_many_container_providers.yml index 62fdb11c5..62fdb11c5 100644 --- a/playbooks/byo/openshift-management/add_many_container_providers.yml +++ b/playbooks/openshift-management/add_many_container_providers.yml diff --git a/playbooks/openshift-management/config.yml b/playbooks/openshift-management/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-management/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-management/add_container_provider.yml b/playbooks/openshift-management/private/add_container_provider.yml index facb3a5b9..facb3a5b9 100644 --- a/playbooks/common/openshift-management/add_container_provider.yml +++ b/playbooks/openshift-management/private/add_container_provider.yml diff --git a/playbooks/common/openshift-management/config.yml b/playbooks/openshift-management/private/config.yml index 3f1cdf713..3f1cdf713 100644 --- a/playbooks/common/openshift-management/config.yml +++ b/playbooks/openshift-management/private/config.yml diff --git a/playbooks/byo/openshift-node/filter_plugins b/playbooks/openshift-management/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/byo/openshift-node/filter_plugins +++ b/playbooks/openshift-management/private/filter_plugins diff --git a/playbooks/common/openshift-management/library b/playbooks/openshift-management/private/library index ba40d2f56..ba40d2f56 120000 --- a/playbooks/common/openshift-management/library +++ b/playbooks/openshift-management/private/library diff --git a/playbooks/byo/openshift-node/roles b/playbooks/openshift-management/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-node/roles +++ b/playbooks/openshift-management/private/roles diff --git a/playbooks/common/openshift-management/uninstall.yml b/playbooks/openshift-management/private/uninstall.yml index 9f35cc276..9f35cc276 100644 --- a/playbooks/common/openshift-management/uninstall.yml +++ b/playbooks/openshift-management/private/uninstall.yml diff --git a/playbooks/openshift-management/roles b/playbooks/openshift-management/roles new file mode 120000 index 000000000..b741aa3db --- /dev/null +++ b/playbooks/openshift-management/roles @@ -0,0 +1 @@ +../../roles
\ No newline at end of file diff --git a/playbooks/openshift-management/uninstall.yml b/playbooks/openshift-management/uninstall.yml new file mode 100644 index 000000000..c92ade786 --- /dev/null +++ b/playbooks/openshift-management/uninstall.yml @@ -0,0 +1,2 @@ +--- +- import_playbook: private/uninstall.yml diff --git a/playbooks/openshift-master/additional_config.yml b/playbooks/openshift-master/additional_config.yml new file mode 100644 index 000000000..8105f7f88 --- /dev/null +++ b/playbooks/openshift-master/additional_config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/additional_config.yml diff --git a/playbooks/openshift-master/certificates.yml b/playbooks/openshift-master/certificates.yml new file mode 100644 index 000000000..7ae87c09a --- /dev/null +++ b/playbooks/openshift-master/certificates.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/certificates.yml diff --git a/playbooks/openshift-master/config.yml b/playbooks/openshift-master/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-master/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-master/additional_config.yml b/playbooks/openshift-master/private/additional_config.yml index 32f638d42..b7cfbe4e4 100644 --- a/playbooks/common/openshift-master/additional_config.yml +++ b/playbooks/openshift-master/private/additional_config.yml @@ -24,7 +24,7 @@ - role: openshift_project_request_template when: openshift_project_request_template_manage - role: openshift_examples - when: openshift_install_examples | default(true, true) | bool + when: openshift_install_examples | default(true) | bool registry_url: "{{ openshift.master.registry_url }}" - role: openshift_hosted_templates registry_url: "{{ openshift.master.registry_url }}" diff --git a/playbooks/common/openshift-master/certificates.yml b/playbooks/openshift-master/private/certificates.yml index f6afbc36f..f6afbc36f 100644 --- a/playbooks/common/openshift-master/certificates.yml +++ b/playbooks/openshift-master/private/certificates.yml diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/openshift-master/private/config.yml index 6b0fd6b7c..afb8d6bd1 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/openshift-master/private/config.yml @@ -11,7 +11,7 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- include: certificates.yml +- import_playbook: certificates.yml - name: Disable excluders hosts: oo_masters_to_config @@ -229,7 +229,7 @@ hosts: oo_masters serial: 1 tasks: - - include: tasks/wire_aggregator.yml + - include_tasks: tasks/wire_aggregator.yml - name: Re-enable excluder if it was previously enabled hosts: oo_masters_to_config diff --git a/playbooks/common/openshift-etcd/filter_plugins b/playbooks/openshift-master/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/common/openshift-etcd/filter_plugins +++ b/playbooks/openshift-master/private/filter_plugins diff --git a/playbooks/common/openshift-master/library b/playbooks/openshift-master/private/library index d0b7393d3..d0b7393d3 120000 --- a/playbooks/common/openshift-master/library +++ b/playbooks/openshift-master/private/library diff --git a/playbooks/byo/openshift-node/lookup_plugins b/playbooks/openshift-master/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/byo/openshift-node/lookup_plugins +++ b/playbooks/openshift-master/private/lookup_plugins diff --git a/playbooks/common/openshift-master/restart.yml b/playbooks/openshift-master/private/restart.yml index 4d73b8124..5cb284935 100644 --- a/playbooks/common/openshift-master/restart.yml +++ b/playbooks/openshift-master/private/restart.yml @@ -1,5 +1,5 @@ --- -- include: validate_restart.yml +- import_playbook: validate_restart.yml - name: Restart masters hosts: oo_masters_to_config @@ -7,13 +7,12 @@ openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" serial: 1 handlers: - - include: ../../../roles/openshift_master/handlers/main.yml - static: yes + - import_tasks: ../../../roles/openshift_master/handlers/main.yml roles: - openshift_facts post_tasks: - - include: restart_hosts.yml + - include_tasks: tasks/restart_hosts.yml when: openshift_rolling_restart_mode | default('services') == 'system' - - include: restart_services.yml + - include_tasks: tasks/restart_services.yml when: openshift_rolling_restart_mode | default('services') == 'services' diff --git a/playbooks/common/openshift-master/revert-client-ca.yml b/playbooks/openshift-master/private/revert-client-ca.yml index 9ae23bf5b..9ae23bf5b 100644 --- a/playbooks/common/openshift-master/revert-client-ca.yml +++ b/playbooks/openshift-master/private/revert-client-ca.yml diff --git a/playbooks/common/openshift-glusterfs/roles b/playbooks/openshift-master/private/roles index e2b799b9d..e2b799b9d 120000 --- a/playbooks/common/openshift-glusterfs/roles +++ b/playbooks/openshift-master/private/roles diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/openshift-master/private/scaleup.yml index 4c415ebce..8229eccfa 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/openshift-master/private/scaleup.yml @@ -44,14 +44,14 @@ delay: 1 changed_when: false -- include: ../openshift-master/set_network_facts.yml +- import_playbook: set_network_facts.yml -- include: ../openshift-etcd/certificates.yml +- import_playbook: ../../openshift-etcd/private/certificates.yml -- include: ../openshift-master/config.yml +- import_playbook: config.yml -- include: ../openshift-loadbalancer/config.yml +- import_playbook: ../../openshift-loadbalancer/private/config.yml -- include: ../openshift-node/certificates.yml +- import_playbook: ../../openshift-node/private/certificates.yml -- include: ../openshift-node/config.yml +- import_playbook: ../../openshift-node/private/config.yml diff --git a/playbooks/common/openshift-master/set_network_facts.yml b/playbooks/openshift-master/private/set_network_facts.yml index 9a6cf26fc..9a6cf26fc 100644 --- a/playbooks/common/openshift-master/set_network_facts.yml +++ b/playbooks/openshift-master/private/set_network_facts.yml diff --git a/playbooks/common/openshift-master/restart_hosts.yml b/playbooks/openshift-master/private/tasks/restart_hosts.yml index a5dbe0590..a5dbe0590 100644 --- a/playbooks/common/openshift-master/restart_hosts.yml +++ b/playbooks/openshift-master/private/tasks/restart_hosts.yml diff --git a/playbooks/common/openshift-master/restart_services.yml b/playbooks/openshift-master/private/tasks/restart_services.yml index 4e1b3a3be..4e1b3a3be 100644 --- a/playbooks/common/openshift-master/restart_services.yml +++ b/playbooks/openshift-master/private/tasks/restart_services.yml diff --git a/playbooks/common/openshift-master/tasks/wire_aggregator.yml b/playbooks/openshift-master/private/tasks/wire_aggregator.yml index 97acc5d5d..97acc5d5d 100644 --- a/playbooks/common/openshift-master/tasks/wire_aggregator.yml +++ b/playbooks/openshift-master/private/tasks/wire_aggregator.yml diff --git a/playbooks/common/openshift-master/templates/openshift-ansible-catalog-console.js b/playbooks/openshift-master/private/templates/openshift-ansible-catalog-console.js index fd02325ba..fd02325ba 100644 --- a/playbooks/common/openshift-master/templates/openshift-ansible-catalog-console.js +++ b/playbooks/openshift-master/private/templates/openshift-ansible-catalog-console.js diff --git a/playbooks/common/openshift-master/validate_restart.yml b/playbooks/openshift-master/private/validate_restart.yml index 5dbb21502..5dbb21502 100644 --- a/playbooks/common/openshift-master/validate_restart.yml +++ b/playbooks/openshift-master/private/validate_restart.yml diff --git a/playbooks/openshift-master/restart.yml b/playbooks/openshift-master/restart.yml new file mode 100644 index 000000000..041c1384d --- /dev/null +++ b/playbooks/openshift-master/restart.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/restart.yml diff --git a/playbooks/byo/openshift-master/scaleup.yml b/playbooks/openshift-master/scaleup.yml index 4fdec5e7d..f717cd0e9 100644 --- a/playbooks/byo/openshift-master/scaleup.yml +++ b/playbooks/openshift-master/scaleup.yml @@ -1,5 +1,5 @@ --- -- include: ../../init/evaluate_groups.yml +- import_playbook: ../init/evaluate_groups.yml - name: Ensure there are new_masters or new_nodes hosts: localhost @@ -18,6 +18,6 @@ # Need a better way to do the above check for node without # running evaluate_groups and init/main.yml -- include: ../../init/main.yml +- import_playbook: ../init/main.yml -- include: ../../common/openshift-master/scaleup.yml +- import_playbook: private/scaleup.yml diff --git a/playbooks/openshift-metrics/config.yml b/playbooks/openshift-metrics/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-metrics/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-cluster/openshift_metrics.yml b/playbooks/openshift-metrics/private/config.yml index 80cd93e5f..80cd93e5f 100644 --- a/playbooks/common/openshift-cluster/openshift_metrics.yml +++ b/playbooks/openshift-metrics/private/config.yml diff --git a/playbooks/openshift-metrics/private/library b/playbooks/openshift-metrics/private/library new file mode 120000 index 000000000..ba40d2f56 --- /dev/null +++ b/playbooks/openshift-metrics/private/library @@ -0,0 +1 @@ +../../../library
\ No newline at end of file diff --git a/playbooks/common/openshift-checks/roles b/playbooks/openshift-metrics/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/common/openshift-checks/roles +++ b/playbooks/openshift-metrics/private/roles diff --git a/playbooks/openshift-nfs/config.yml b/playbooks/openshift-nfs/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-nfs/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-nfs/config.yml b/playbooks/openshift-nfs/private/config.yml index 6ea77e00b..6ea77e00b 100644 --- a/playbooks/common/openshift-nfs/config.yml +++ b/playbooks/openshift-nfs/private/config.yml diff --git a/playbooks/common/openshift-glusterfs/filter_plugins b/playbooks/openshift-nfs/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/common/openshift-glusterfs/filter_plugins +++ b/playbooks/openshift-nfs/private/filter_plugins diff --git a/playbooks/common/openshift-etcd/lookup_plugins b/playbooks/openshift-nfs/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/common/openshift-etcd/lookup_plugins +++ b/playbooks/openshift-nfs/private/lookup_plugins diff --git a/playbooks/common/openshift-loadbalancer/roles b/playbooks/openshift-nfs/private/roles index e2b799b9d..e2b799b9d 120000 --- a/playbooks/common/openshift-loadbalancer/roles +++ b/playbooks/openshift-nfs/private/roles diff --git a/playbooks/openshift-node/certificates.yml b/playbooks/openshift-node/certificates.yml new file mode 100644 index 000000000..7ae87c09a --- /dev/null +++ b/playbooks/openshift-node/certificates.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/certificates.yml diff --git a/playbooks/openshift-node/config.yml b/playbooks/openshift-node/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-node/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/openshift-node/network_manager.yml b/playbooks/openshift-node/network_manager.yml new file mode 100644 index 000000000..88a93952d --- /dev/null +++ b/playbooks/openshift-node/network_manager.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/evaluate_groups.yml + +- import_playbook: private/network_manager.yml diff --git a/playbooks/common/openshift-node/additional_config.yml b/playbooks/openshift-node/private/additional_config.yml index ac757397b..261e2048f 100644 --- a/playbooks/common/openshift-node/additional_config.yml +++ b/playbooks/openshift-node/private/additional_config.yml @@ -24,7 +24,7 @@ key: oo_nodes_use_{{ (openshift_use_kuryr | default(False)) | ternary('kuryr','nothing') }} changed_when: False -- include: etcd_client_config.yml +- import_playbook: etcd_client_config.yml vars: openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv:oo_nodes_use_kuryr" diff --git a/playbooks/common/openshift-node/certificates.yml b/playbooks/openshift-node/private/certificates.yml index 908885ee6..908885ee6 100644 --- a/playbooks/common/openshift-node/certificates.yml +++ b/playbooks/openshift-node/private/certificates.yml diff --git a/playbooks/common/openshift-node/clean_image.yml b/playbooks/openshift-node/private/clean_image.yml index 38753d0af..38753d0af 100644 --- a/playbooks/common/openshift-node/clean_image.yml +++ b/playbooks/openshift-node/private/clean_image.yml diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/openshift-node/private/config.yml index 28e3c1b1b..300a90371 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/openshift-node/private/config.yml @@ -11,19 +11,19 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- include: certificates.yml +- import_playbook: certificates.yml -- include: setup.yml +- import_playbook: setup.yml -- include: containerized_nodes.yml +- import_playbook: containerized_nodes.yml -- include: configure_nodes.yml +- import_playbook: configure_nodes.yml -- include: additional_config.yml +- import_playbook: additional_config.yml -- include: manage_node.yml +- import_playbook: manage_node.yml -- include: enable_excluders.yml +- import_playbook: enable_excluders.yml - name: Node Install Checkpoint End hosts: all diff --git a/playbooks/common/openshift-node/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml index 17259422d..17259422d 100644 --- a/playbooks/common/openshift-node/configure_nodes.yml +++ b/playbooks/openshift-node/private/configure_nodes.yml diff --git a/playbooks/common/openshift-node/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml index 6fac937e3..6fac937e3 100644 --- a/playbooks/common/openshift-node/containerized_nodes.yml +++ b/playbooks/openshift-node/private/containerized_nodes.yml diff --git a/playbooks/common/openshift-node/enable_excluders.yml b/playbooks/openshift-node/private/enable_excluders.yml index 5288b14f9..5288b14f9 100644 --- a/playbooks/common/openshift-node/enable_excluders.yml +++ b/playbooks/openshift-node/private/enable_excluders.yml diff --git a/playbooks/common/openshift-node/etcd_client_config.yml b/playbooks/openshift-node/private/etcd_client_config.yml index c3fa38a81..c3fa38a81 100644 --- a/playbooks/common/openshift-node/etcd_client_config.yml +++ b/playbooks/openshift-node/private/etcd_client_config.yml diff --git a/playbooks/common/openshift-loadbalancer/filter_plugins b/playbooks/openshift-node/private/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/common/openshift-loadbalancer/filter_plugins +++ b/playbooks/openshift-node/private/filter_plugins diff --git a/playbooks/openshift-node/private/image_prep.yml b/playbooks/openshift-node/private/image_prep.yml new file mode 100644 index 000000000..b7ac27bda --- /dev/null +++ b/playbooks/openshift-node/private/image_prep.yml @@ -0,0 +1,21 @@ +--- +- name: normalize groups + import_playbook: ../../init/evaluate_groups.yml + +- name: initialize the facts + import_playbook: ../../init/facts.yml + +- name: initialize the repositories + import_playbook: ../../init/repos.yml + +- name: run node config setup + import_playbook: setup.yml + +- name: run node config + import_playbook: configure_nodes.yml + +- name: Re-enable excluders + import_playbook: enable_excluders.yml + +- name: Remove any undesired artifacts from build + import_playbook: clean_image.yml diff --git a/playbooks/common/openshift-glusterfs/lookup_plugins b/playbooks/openshift-node/private/lookup_plugins index ac79701db..ac79701db 120000 --- a/playbooks/common/openshift-glusterfs/lookup_plugins +++ b/playbooks/openshift-node/private/lookup_plugins diff --git a/playbooks/common/openshift-node/manage_node.yml b/playbooks/openshift-node/private/manage_node.yml index f48a19a9c..f48a19a9c 100644 --- a/playbooks/common/openshift-node/manage_node.yml +++ b/playbooks/openshift-node/private/manage_node.yml diff --git a/playbooks/common/openshift-node/network_manager.yml b/playbooks/openshift-node/private/network_manager.yml index c2efb0483..fffed4dfb 100644 --- a/playbooks/common/openshift-node/network_manager.yml +++ b/playbooks/openshift-node/private/network_manager.yml @@ -1,5 +1,5 @@ --- -- include: ../../init/evaluate_groups.yml +- import_playbook: ../../init/evaluate_groups.yml - name: Install and configure NetworkManager hosts: oo_all_hosts diff --git a/playbooks/common/openshift-node/restart.yml b/playbooks/openshift-node/private/restart.yml index c3beb59b7..c3beb59b7 100644 --- a/playbooks/common/openshift-node/restart.yml +++ b/playbooks/openshift-node/private/restart.yml diff --git a/playbooks/common/openshift-master/roles b/playbooks/openshift-node/private/roles index e2b799b9d..e2b799b9d 120000 --- a/playbooks/common/openshift-master/roles +++ b/playbooks/openshift-node/private/roles diff --git a/playbooks/common/openshift-node/setup.yml b/playbooks/openshift-node/private/setup.yml index 794c03a67..794c03a67 100644 --- a/playbooks/common/openshift-node/setup.yml +++ b/playbooks/openshift-node/private/setup.yml diff --git a/playbooks/openshift-node/restart.yml b/playbooks/openshift-node/restart.yml new file mode 100644 index 000000000..041c1384d --- /dev/null +++ b/playbooks/openshift-node/restart.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/restart.yml diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/openshift-node/scaleup.yml index bf1bbcf46..bdfd3d3e6 100644 --- a/playbooks/byo/openshift-node/scaleup.yml +++ b/playbooks/openshift-node/scaleup.yml @@ -1,5 +1,5 @@ --- -- include: ../../init/evaluate_groups.yml +- import_playbook: ../init/evaluate_groups.yml - name: Ensure there are new_nodes hosts: localhost @@ -16,6 +16,6 @@ # Need a better way to do the above check for node without # running evaluate_groups and init/main.yml -- include: ../../init/main.yml +- import_playbook: ../init/main.yml -- include: ../../common/openshift-node/config.yml +- import_playbook: private/config.yml diff --git a/playbooks/openshift-prometheus/config.yml b/playbooks/openshift-prometheus/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-prometheus/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-cluster/openshift_prometheus.yml b/playbooks/openshift-prometheus/private/config.yml index 7aa9a16e6..d13261a7a 100644 --- a/playbooks/common/openshift-cluster/openshift_prometheus.yml +++ b/playbooks/openshift-prometheus/private/config.yml @@ -11,7 +11,7 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- name: Create Hosted Resources - openshift_prometheus +- name: OpenShift Prometheus hosts: oo_first_master roles: - role: openshift_prometheus diff --git a/playbooks/common/openshift-management/roles b/playbooks/openshift-prometheus/private/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/common/openshift-management/roles +++ b/playbooks/openshift-prometheus/private/roles diff --git a/playbooks/openshift-provisioners/config.yml b/playbooks/openshift-provisioners/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-provisioners/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-cluster/openshift_provisioners.yml b/playbooks/openshift-provisioners/private/config.yml index b1ca6f606..b1ca6f606 100644 --- a/playbooks/common/openshift-cluster/openshift_provisioners.yml +++ b/playbooks/openshift-provisioners/private/config.yml diff --git a/playbooks/openshift-provisioners/private/roles b/playbooks/openshift-provisioners/private/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/openshift-provisioners/private/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/openshift-service-catalog/config.yml b/playbooks/openshift-service-catalog/config.yml new file mode 100644 index 000000000..8ee57ce8d --- /dev/null +++ b/playbooks/openshift-service-catalog/config.yml @@ -0,0 +1,4 @@ +--- +- include: ../init/main.yml + +- include: private/config.yml diff --git a/playbooks/common/openshift-cluster/service_catalog.yml b/playbooks/openshift-service-catalog/private/config.yml index 7bb8511f6..7bb8511f6 100644 --- a/playbooks/common/openshift-cluster/service_catalog.yml +++ b/playbooks/openshift-service-catalog/private/config.yml diff --git a/playbooks/openshift-service-catalog/private/roles b/playbooks/openshift-service-catalog/private/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/openshift-service-catalog/private/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/prerequisites.yml b/playbooks/prerequisites.yml new file mode 100644 index 000000000..582dfe794 --- /dev/null +++ b/playbooks/prerequisites.yml @@ -0,0 +1,7 @@ +--- +- name: Place holder for prerequisites + hosts: localhost + gather_facts: false + tasks: + - name: Debug placeholder + debug: msg="Prerequisites ran." diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml index 066ee3f3b..34754502a 100644 --- a/roles/cockpit/tasks/main.yml +++ b/roles/cockpit/tasks/main.yml @@ -1,7 +1,6 @@ --- - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install cockpit-ws package: name={{ item }} state=present diff --git a/roles/contiv/tasks/main.yml b/roles/contiv/tasks/main.yml index 40a0f9e61..cb9196a71 100644 --- a/roles/contiv/tasks/main.yml +++ b/roles/contiv/tasks/main.yml @@ -5,10 +5,10 @@ recurse: yes state: directory -- include: download_bins.yml +- include_tasks: download_bins.yml -- include: netmaster.yml +- include_tasks: netmaster.yml when: contiv_role == "netmaster" -- include: netplugin.yml +- include_tasks: netplugin.yml when: contiv_role == "netplugin" diff --git a/roles/contiv/tasks/netmaster.yml b/roles/contiv/tasks/netmaster.yml index cc52d3a43..6f15af8c2 100644 --- a/roles/contiv/tasks/netmaster.yml +++ b/roles/contiv/tasks/netmaster.yml @@ -1,8 +1,8 @@ --- -- include: netmaster_firewalld.yml +- include_tasks: netmaster_firewalld.yml when: has_firewalld -- include: netmaster_iptables.yml +- include_tasks: netmaster_iptables.yml when: not has_firewalld and has_iptables - name: Netmaster | Check is /etc/hosts file exists @@ -70,8 +70,8 @@ state: started register: netmaster_started -- include: aci.yml +- include_tasks: aci.yml when: contiv_fabric_mode == "aci" -- include: default_network.yml +- include_tasks: default_network.yml when: contiv_default_network == true diff --git a/roles/contiv/tasks/netplugin.yml b/roles/contiv/tasks/netplugin.yml index e861a2591..0b2f91bab 100644 --- a/roles/contiv/tasks/netplugin.yml +++ b/roles/contiv/tasks/netplugin.yml @@ -1,8 +1,8 @@ --- -- include: netplugin_firewalld.yml +- include_tasks: netplugin_firewalld.yml when: has_firewalld -- include: netplugin_iptables.yml +- include_tasks: netplugin_iptables.yml when: has_iptables - name: Netplugin | Ensure localhost entry correct in /etc/hosts @@ -19,7 +19,7 @@ line: '::1 ' state: absent -- include: ovs.yml +- include_tasks: ovs.yml when: netplugin_driver == "ovs" - name: Netplugin | Create Netplugin bin symlink diff --git a/roles/contiv/tasks/ovs.yml b/roles/contiv/tasks/ovs.yml index 0c1b994c7..5c92e90e9 100644 --- a/roles/contiv/tasks/ovs.yml +++ b/roles/contiv/tasks/ovs.yml @@ -1,5 +1,5 @@ --- -- include: packageManagerInstall.yml +- include_tasks: packageManagerInstall.yml when: source_type == "packageManager" tags: - binary-update diff --git a/roles/contiv/tasks/packageManagerInstall.yml b/roles/contiv/tasks/packageManagerInstall.yml index e0d48e643..d5726476c 100644 --- a/roles/contiv/tasks/packageManagerInstall.yml +++ b/roles/contiv/tasks/packageManagerInstall.yml @@ -3,7 +3,7 @@ set_fact: did_install: false -- include: pkgMgrInstallers/centos-install.yml +- include_tasks: pkgMgrInstallers/centos-install.yml when: (ansible_os_family == "RedHat") and not is_atomic diff --git a/roles/contiv_facts/tasks/main.yml b/roles/contiv_facts/tasks/main.yml index 7a4972fca..3267a4ab0 100644 --- a/roles/contiv_facts/tasks/main.yml +++ b/roles/contiv_facts/tasks/main.yml @@ -81,8 +81,8 @@ has_iptables: false # collect information about what packages are installed -- include: rpm.yml +- include_tasks: rpm.yml when: has_rpm -- include: fedora-install.yml +- include_tasks: fedora-install.yml when: not is_atomic and ansible_distribution == "Fedora" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 69ee62790..b02a74711 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -2,7 +2,7 @@ # These tasks dispatch to the proper set of docker tasks based on the # inventory:openshift_docker_use_system_container variable -- include: udev_workaround.yml +- include_tasks: udev_workaround.yml when: docker_udev_workaround | default(False) | bool - set_fact: @@ -20,7 +20,7 @@ - not l_use_crio_only - name: Use Package Docker if Requested - include: package_docker.yml + include_tasks: package_docker.yml when: - not l_use_system_container - not l_use_crio_only @@ -35,13 +35,13 @@ changed_when: false - name: Use System Container Docker if Requested - include: systemcontainer_docker.yml + include_tasks: systemcontainer_docker.yml when: - l_use_system_container - not l_use_crio_only - name: Add CRI-O usage Requested - include: systemcontainer_crio.yml + include_tasks: systemcontainer_crio.yml when: - l_use_crio - openshift_docker_is_node_or_master | bool @@ -60,10 +60,11 @@ state: stopped name: "{{ openshift.docker.service_name }}" - - name: "Ensure {{ docker_alt_storage_path }} exists" - file: - path: "{{ docker_alt_storage_path }}" - state: directory + - name: copy "{{ docker_default_storage_path }}" to "{{ docker_alt_storage_path }}" + command: "cp -r {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" + register: results + failed_when: + - results.rc != 0 - name: "Set the selinux context on {{ docker_alt_storage_path }}" command: "semanage fcontext -a -e {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index 8121163a6..5437275a2 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -1,6 +1,6 @@ --- - name: Get current installed Docker version - command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" + command: "{{ repoquery_installed }} --qf '%{version}' docker" when: not openshift.common.is_atomic | bool register: curr_docker_version retries: 4 @@ -33,9 +33,10 @@ # Make sure Docker is installed, but does not update a running version. # Docker upgrades are handled by a separate playbook. +# Note: The curr_docker_version.stdout check can be removed when https://github.com/ansible/ansible/issues/33187 gets fixed. - name: Install Docker package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present - when: not openshift.common.is_atomic | bool + when: not openshift.common.is_atomic | bool and not curr_docker_version | skipped and not curr_docker_version.stdout != '' - block: # Extend the default Docker service unit file when using iptables-services @@ -157,4 +158,4 @@ - meta: flush_handlers # This needs to run after docker is restarted to account for proxy settings. -- include: registry_auth.yml +- include_tasks: registry_auth.yml diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index e87f6fd02..17800d4e5 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -156,7 +156,7 @@ state: directory - name: setup firewall for CRI-O - include: crio_firewall.yml + include_tasks: crio_firewall.yml static: yes - name: Configure the CNI network @@ -176,6 +176,6 @@ # If we are using crio only, docker.service might not be available for # 'docker login' -- include: registry_auth.yml +- include_tasks: registry_auth.yml vars: openshift_docker_alternative_creds: "{{ l_use_crio_only }}" diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml index 84220fa66..f69acb9a5 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -177,6 +177,6 @@ # Since docker is running as a system container, docker login will fail to create # credentials. Use alternate method if requiring authenticated registries. -- include: registry_auth.yml +- include_tasks: registry_auth.yml vars: openshift_docker_alternative_creds: True diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index 4b734d4ed..a069e4d87 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -2,10 +2,18 @@ r_etcd_common_backup_tag: '' r_etcd_common_backup_sufix_name: '' +l_is_etcd_system_container: "{{ (openshift_use_etcd_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" + # runc, docker, host -r_etcd_common_etcd_runtime: "docker" +r_etcd_common_etcd_runtime: "{{ 'runc' if l_is_etcd_system_container else 'docker' if l_is_containerized else 'host' }}" r_etcd_common_embedded_etcd: false +osm_etcd_image: 'registry.access.redhat.com/rhel7/etcd' +etcd_image_dict: + origin: "registry.fedoraproject.org/f26/etcd" + openshift-enterprise: "{{ osm_etcd_image }}" +etcd_image: "{{ etcd_image_dict[openshift_deployment_type | default('origin')] }}" + # etcd run on a host => use etcdctl command directly # etcd run as a docker container => use docker exec # etcd run as a runc container => use runc exec diff --git a/roles/etcd/tasks/backup.archive.yml b/roles/etcd/tasks/backup.archive.yml index 6daa6dc51..a29a90ea3 100644 --- a/roles/etcd/tasks/backup.archive.yml +++ b/roles/etcd/tasks/backup.archive.yml @@ -1,3 +1,3 @@ --- -- include: backup/vars.yml -- include: backup/archive.yml +- include_tasks: backup/vars.yml +- include_tasks: backup/archive.yml diff --git a/roles/etcd/tasks/backup.copy.yml b/roles/etcd/tasks/backup.copy.yml index cc540cbca..6e8502e3b 100644 --- a/roles/etcd/tasks/backup.copy.yml +++ b/roles/etcd/tasks/backup.copy.yml @@ -1,3 +1,3 @@ --- -- include: backup/vars.yml -- include: backup/copy.yml +- include_tasks: backup/vars.yml +- include_tasks: backup/copy.yml diff --git a/roles/etcd/tasks/backup.fetch.yml b/roles/etcd/tasks/backup.fetch.yml index 26ec15043..d33878804 100644 --- a/roles/etcd/tasks/backup.fetch.yml +++ b/roles/etcd/tasks/backup.fetch.yml @@ -1,3 +1,3 @@ --- -- include: backup/vars.yml -- include: backup/fetch.yml +- include_tasks: backup/vars.yml +- include_tasks: backup/fetch.yml diff --git a/roles/etcd/tasks/backup.force_new_cluster.yml b/roles/etcd/tasks/backup.force_new_cluster.yml index d2e866416..7dd0899ee 100644 --- a/roles/etcd/tasks/backup.force_new_cluster.yml +++ b/roles/etcd/tasks/backup.force_new_cluster.yml @@ -1,5 +1,5 @@ --- -- include: backup/vars.yml +- include_tasks: backup/vars.yml - name: Move content of etcd backup under the etcd data directory command: > @@ -9,4 +9,4 @@ command: > chown -R etcd:etcd "{{ etcd_data_dir }}" -- include: auxiliary/force_new_cluster.yml +- include_tasks: auxiliary/force_new_cluster.yml diff --git a/roles/etcd/tasks/backup.unarchive.yml b/roles/etcd/tasks/backup.unarchive.yml index 77a637360..f92e87c3d 100644 --- a/roles/etcd/tasks/backup.unarchive.yml +++ b/roles/etcd/tasks/backup.unarchive.yml @@ -1,3 +1,3 @@ --- -- include: backup/vars.yml -- include: backup/unarchive.yml +- include_tasks: backup/vars.yml +- include_tasks: backup/unarchive.yml diff --git a/roles/etcd/tasks/backup.yml b/roles/etcd/tasks/backup.yml index c0538e596..60bb82100 100644 --- a/roles/etcd/tasks/backup.yml +++ b/roles/etcd/tasks/backup.yml @@ -1,2 +1,2 @@ --- -- include: backup/backup.yml +- include_tasks: backup/backup.yml diff --git a/roles/etcd/tasks/backup/backup.yml b/roles/etcd/tasks/backup/backup.yml index ca0d29155..afb84eb58 100644 --- a/roles/etcd/tasks/backup/backup.yml +++ b/roles/etcd/tasks/backup/backup.yml @@ -1,5 +1,5 @@ --- -- include: vars.yml +- include_tasks: vars.yml # TODO: replace shell module with command and update later checks - name: Check available disk space for etcd backup diff --git a/roles/etcd/tasks/backup_ca_certificates.yml b/roles/etcd/tasks/backup_ca_certificates.yml index a41b032f3..c87359900 100644 --- a/roles/etcd/tasks/backup_ca_certificates.yml +++ b/roles/etcd/tasks/backup_ca_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/backup_ca_certificates.yml +- include_tasks: certificates/backup_ca_certificates.yml diff --git a/roles/etcd/tasks/backup_generated_certificates.yml b/roles/etcd/tasks/backup_generated_certificates.yml index 8cf2a10cc..fa73ea590 100644 --- a/roles/etcd/tasks/backup_generated_certificates.yml +++ b/roles/etcd/tasks/backup_generated_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/backup_generated_certificates.yml +- include_tasks: certificates/backup_generated_certificates.yml diff --git a/roles/etcd/tasks/backup_master_etcd_certificates.yml b/roles/etcd/tasks/backup_master_etcd_certificates.yml index 129e1831c..5526825fa 100644 --- a/roles/etcd/tasks/backup_master_etcd_certificates.yml +++ b/roles/etcd/tasks/backup_master_etcd_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/backup_master_etcd_certificates.yml +- include_tasks: certificates/backup_master_etcd_certificates.yml diff --git a/roles/etcd/tasks/backup_server_certificates.yml b/roles/etcd/tasks/backup_server_certificates.yml index 267ffeb4d..5f3052be1 100644 --- a/roles/etcd/tasks/backup_server_certificates.yml +++ b/roles/etcd/tasks/backup_server_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/backup_server_certificates.yml +- include_tasks: certificates/backup_server_certificates.yml diff --git a/roles/etcd/tasks/ca.yml b/roles/etcd/tasks/ca.yml index cca1e9ad7..dd4b59e24 100644 --- a/roles/etcd/tasks/ca.yml +++ b/roles/etcd/tasks/ca.yml @@ -1,2 +1,2 @@ --- -- include: certificates/deploy_ca.yml +- include_tasks: certificates/deploy_ca.yml diff --git a/roles/etcd/tasks/check_cluster_health.yml b/roles/etcd/tasks/check_cluster_health.yml index 75c110972..3410528eb 100644 --- a/roles/etcd/tasks/check_cluster_health.yml +++ b/roles/etcd/tasks/check_cluster_health.yml @@ -1,2 +1,2 @@ --- -- include: migration/check_cluster_health.yml +- include_tasks: migration/check_cluster_health.yml diff --git a/roles/etcd/tasks/clean_data.yml b/roles/etcd/tasks/clean_data.yml index d131ffd21..12538c2d0 100644 --- a/roles/etcd/tasks/clean_data.yml +++ b/roles/etcd/tasks/clean_data.yml @@ -1,2 +1,2 @@ --- -- include: auxiliary/clean_data.yml +- include_tasks: auxiliary/clean_data.yml diff --git a/roles/etcd/tasks/client_certificates.yml b/roles/etcd/tasks/client_certificates.yml index 2f4108a0d..f3201816d 100644 --- a/roles/etcd/tasks/client_certificates.yml +++ b/roles/etcd/tasks/client_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/fetch_client_certificates_from_ca.yml +- include_tasks: certificates/fetch_client_certificates_from_ca.yml diff --git a/roles/etcd/tasks/disable_etcd.yml b/roles/etcd/tasks/disable_etcd.yml index 9202e6e48..55fb7f6ea 100644 --- a/roles/etcd/tasks/disable_etcd.yml +++ b/roles/etcd/tasks/disable_etcd.yml @@ -1,2 +1,2 @@ --- -- include: auxiliary/disable_etcd.yml +- include_tasks: auxiliary/disable_etcd.yml diff --git a/roles/etcd/tasks/distribute_ca b/roles/etcd/tasks/distribute_ca deleted file mode 100644 index 040c5f7af..000000000 --- a/roles/etcd/tasks/distribute_ca +++ /dev/null @@ -1,2 +0,0 @@ ---- -- include: certificates/distribute_ca.yml diff --git a/roles/etcd/tasks/distribute_ca.yml b/roles/etcd/tasks/distribute_ca.yml new file mode 100644 index 000000000..7d2607844 --- /dev/null +++ b/roles/etcd/tasks/distribute_ca.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: certificates/distribute_ca.yml diff --git a/roles/etcd/tasks/drop_etcdctl.yml b/roles/etcd/tasks/drop_etcdctl.yml index 4c1f609f7..3258ab1a8 100644 --- a/roles/etcd/tasks/drop_etcdctl.yml +++ b/roles/etcd/tasks/drop_etcdctl.yml @@ -1,2 +1,2 @@ --- -- include: auxiliary/drop_etcdctl.yml +- include_tasks: auxiliary/drop_etcdctl.yml diff --git a/roles/etcd/tasks/fetch_backup.yml b/roles/etcd/tasks/fetch_backup.yml index 513eed17a..a28db3d66 100644 --- a/roles/etcd/tasks/fetch_backup.yml +++ b/roles/etcd/tasks/fetch_backup.yml @@ -1,8 +1,8 @@ --- -- include: backup/vars.yml +- include_tasks: backup/vars.yml -- include: backup/archive.yml +- include_tasks: backup/archive.yml -- include: backup/sync_backup.yml +- include_tasks: backup/sync_backup.yml -- include: backup/ +- include_tasks: backup/ diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 3e69af314..5ee9335f5 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -7,20 +7,19 @@ etcd_ip: "{{ etcd_ip }}" - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install etcd package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present when: not etcd_is_containerized | bool -- include: drop_etcdctl.yml +- include_tasks: drop_etcdctl.yml when: - openshift_etcd_etcdctl_profile | default(true) | bool - block: - name: Pull etcd container - command: docker pull {{ openshift.etcd.etcd_image }} + command: docker pull {{ etcd_image }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" @@ -30,7 +29,7 @@ src: etcd.docker.service when: - etcd_is_containerized | bool - - not openshift.common.is_etcd_system_container | bool + - not l_is_etcd_system_container | bool # Start secondary etcd instance for third party integrations # TODO: Determine an alternative to using thirdparty variable @@ -90,7 +89,7 @@ enabled: no masked: yes daemon_reload: yes - when: not openshift.common.is_etcd_system_container | bool + when: not l_is_etcd_system_container | bool register: task_result failed_when: task_result|failed and 'could not' not in task_result.msg|lower @@ -98,11 +97,11 @@ template: dest: "/etc/systemd/system/etcd_container.service" src: etcd.docker.service - when: not openshift.common.is_etcd_system_container | bool + when: not l_is_etcd_system_container | bool - name: Install Etcd system container - include: system_container.yml - when: openshift.common.is_etcd_system_container | bool + include_tasks: system_container.yml + when: l_is_etcd_system_container | bool when: etcd_is_containerized | bool - name: Validate permissions on the config dir diff --git a/roles/etcd/tasks/migrate.add_ttls.yml b/roles/etcd/tasks/migrate.add_ttls.yml index bc27e4ea1..1dd3c9269 100644 --- a/roles/etcd/tasks/migrate.add_ttls.yml +++ b/roles/etcd/tasks/migrate.add_ttls.yml @@ -1,2 +1,2 @@ --- -- include: migration/add_ttls.yml +- include_tasks: migration/add_ttls.yml diff --git a/roles/etcd/tasks/migrate.configure_master.yml b/roles/etcd/tasks/migrate.configure_master.yml index 3ada6e362..5be9cebd7 100644 --- a/roles/etcd/tasks/migrate.configure_master.yml +++ b/roles/etcd/tasks/migrate.configure_master.yml @@ -1,2 +1,2 @@ --- -- include: migration/configure_master.yml +- include_tasks: migration/configure_master.yml diff --git a/roles/etcd/tasks/migrate.pre_check.yml b/roles/etcd/tasks/migrate.pre_check.yml index 124d21561..4cb67d322 100644 --- a/roles/etcd/tasks/migrate.pre_check.yml +++ b/roles/etcd/tasks/migrate.pre_check.yml @@ -1,2 +1,2 @@ --- -- include: migration/check.yml +- include_tasks: migration/check.yml diff --git a/roles/etcd/tasks/migrate.yml b/roles/etcd/tasks/migrate.yml index 5d5385873..1a75f63f1 100644 --- a/roles/etcd/tasks/migrate.yml +++ b/roles/etcd/tasks/migrate.yml @@ -1,2 +1,2 @@ --- -- include: migration/migrate.yml +- include_tasks: migration/migrate.yml diff --git a/roles/etcd/tasks/migration/check.yml b/roles/etcd/tasks/migration/check.yml index 5c45e5ae1..8ef81da28 100644 --- a/roles/etcd/tasks/migration/check.yml +++ b/roles/etcd/tasks/migration/check.yml @@ -1,7 +1,7 @@ --- # Check the cluster is healthy -- include: check_cluster_health.yml +- include_tasks: check_cluster_health.yml # Check if there is at least one v2 snapshot - name: Check if there is at least one v2 snapshot @@ -39,7 +39,7 @@ # - with_items not supported over block # Check the cluster status for the first time -- include: check_cluster_status.yml +- include_tasks: check_cluster_status.yml # Check the cluster status for the second time - block: @@ -50,7 +50,7 @@ seconds: 5 when: not l_etcd_cluster_status_ok | bool - - include: check_cluster_status.yml + - include_tasks: check_cluster_status.yml when: not l_etcd_cluster_status_ok | bool @@ -63,5 +63,5 @@ seconds: 5 when: not l_etcd_cluster_status_ok | bool - - include: check_cluster_status.yml + - include_tasks: check_cluster_status.yml when: not l_etcd_cluster_status_ok | bool diff --git a/roles/etcd/tasks/remove_ca_certificates.yml b/roles/etcd/tasks/remove_ca_certificates.yml index 36df1a1cc..c1ea4e6c9 100644 --- a/roles/etcd/tasks/remove_ca_certificates.yml +++ b/roles/etcd/tasks/remove_ca_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/remove_ca_certificates.yml +- include_tasks: certificates/remove_ca_certificates.yml diff --git a/roles/etcd/tasks/remove_generated_certificates.yml b/roles/etcd/tasks/remove_generated_certificates.yml index b10a4b32d..8cdeea187 100644 --- a/roles/etcd/tasks/remove_generated_certificates.yml +++ b/roles/etcd/tasks/remove_generated_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/remove_generated_certificates.yml +- include_tasks: certificates/remove_generated_certificates.yml diff --git a/roles/etcd/tasks/restart.yml b/roles/etcd/tasks/restart.yml new file mode 100644 index 000000000..d4a016eec --- /dev/null +++ b/roles/etcd/tasks/restart.yml @@ -0,0 +1,21 @@ +--- + +- name: restart etcd + service: + name: "{{ etcd_service }}" + state: restarted + when: + - not g_etcd_certificates_expired | default(false) | bool + +- name: stop etcd + service: + name: "{{ etcd_service }}" + state: stopped + when: + - g_etcd_certificates_expired | default(false) | bool +- name: start etcd + service: + name: "{{ etcd_service }}" + state: started + when: + - g_etcd_certificates_expired | default(false) | bool diff --git a/roles/etcd/tasks/retrieve_ca_certificates.yml b/roles/etcd/tasks/retrieve_ca_certificates.yml index bd6c4ec85..2184e669c 100644 --- a/roles/etcd/tasks/retrieve_ca_certificates.yml +++ b/roles/etcd/tasks/retrieve_ca_certificates.yml @@ -1,2 +1,2 @@ --- -- include: certificates/retrieve_ca_certificates.yml +- include_tasks: certificates/retrieve_ca_certificates.yml diff --git a/roles/etcd/tasks/server_certificates.yml b/roles/etcd/tasks/server_certificates.yml index ae26079f9..75c35d59e 100644 --- a/roles/etcd/tasks/server_certificates.yml +++ b/roles/etcd/tasks/server_certificates.yml @@ -1,6 +1,6 @@ --- -- include: ca.yml +- include_tasks: ca.yml when: - etcd_ca_setup | default(True) | bool -- include: certificates/fetch_server_certificates_from_ca.yml +- include_tasks: certificates/fetch_server_certificates_from_ca.yml diff --git a/roles/etcd/tasks/system_container.yml b/roles/etcd/tasks/system_container.yml index f71d9b551..82ac4fc84 100644 --- a/roles/etcd/tasks/system_container.yml +++ b/roles/etcd/tasks/system_container.yml @@ -5,7 +5,7 @@ tasks_from: proxy - name: Pull etcd system container - command: atomic pull --storage=ostree {{ openshift.etcd.etcd_image }} + command: atomic pull --storage=ostree {{ etcd_image }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" @@ -57,7 +57,7 @@ - name: Install or Update Etcd system container package oc_atomic_container: name: etcd - image: "{{ openshift.etcd.etcd_image }}" + image: "{{ etcd_image }}" state: latest values: - ETCD_DATA_DIR=/var/lib/etcd diff --git a/roles/etcd/tasks/upgrade_image.yml b/roles/etcd/tasks/upgrade_image.yml index 9e69027eb..35385cb9a 100644 --- a/roles/etcd/tasks/upgrade_image.yml +++ b/roles/etcd/tasks/upgrade_image.yml @@ -1,2 +1,2 @@ --- -- include: upgrade/upgrade_image.yml +- include_tasks: upgrade/upgrade_image.yml diff --git a/roles/etcd/tasks/upgrade_rpm.yml b/roles/etcd/tasks/upgrade_rpm.yml index 29603d2b6..fbd3cd919 100644 --- a/roles/etcd/tasks/upgrade_rpm.yml +++ b/roles/etcd/tasks/upgrade_rpm.yml @@ -1,2 +1,2 @@ --- -- include: upgrade/upgrade_rpm.yml +- include_tasks: upgrade/upgrade_rpm.yml diff --git a/roles/etcd/tasks/version_detect.yml b/roles/etcd/tasks/version_detect.yml new file mode 100644 index 000000000..fe1e418d8 --- /dev/null +++ b/roles/etcd/tasks/version_detect.yml @@ -0,0 +1,55 @@ +--- +- block: + - name: Record RPM based etcd version + command: rpm -qa --qf '%{version}' etcd\* + args: + warn: no + register: etcd_rpm_version + failed_when: false + # AUDIT:changed_when: `false` because we are only inspecting + # state, not manipulating anything + changed_when: false + - debug: + msg: "Etcd rpm version {{ etcd_rpm_version.stdout }} detected" + when: + - not openshift.common.is_containerized | bool + +- block: + - name: Record containerized etcd version (docker) + command: docker exec etcd_container rpm -qa --qf '%{version}' etcd\* + register: etcd_container_version_docker + failed_when: false + # AUDIT:changed_when: `false` because we are only inspecting + # state, not manipulating anything + changed_when: false + when: + - not l_is_etcd_system_container | bool + + # Given a register variables is set even if the whwen condition + # is false, we need to set etcd_container_version separately + - set_fact: + etcd_container_version: "{{ etcd_container_version_docker.stdout }}" + when: + - not l_is_etcd_system_container | bool + + - name: Record containerized etcd version (runc) + command: runc exec etcd rpm -qa --qf '%{version}' etcd\* + register: etcd_container_version_runc + failed_when: false + # AUDIT:changed_when: `false` because we are only inspecting + # state, not manipulating anything + changed_when: false + when: + - l_is_etcd_system_container | bool + + # Given a register variables is set even if the whwen condition + # is false, we need to set etcd_container_version separately + - set_fact: + etcd_container_version: "{{ etcd_container_version_runc.stdout }}" + when: + - l_is_etcd_system_container | bool + + - debug: + msg: "Etcd containerized version {{ etcd_container_version }} detected" + when: + - openshift.common.is_containerized | bool diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service index adeca7a91..99ae37319 100644 --- a/roles/etcd/templates/etcd.docker.service +++ b/roles/etcd/templates/etcd.docker.service @@ -7,7 +7,7 @@ PartOf={{ openshift.docker.service_name }}.service [Service] EnvironmentFile={{ etcd_conf_file }} ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }} -ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v {{ etcd_data_dir }}:{{ etcd_data_dir }}:z -v {{ etcd_conf_dir }}:{{ etcd_conf_dir }}:ro --env-file={{ etcd_conf_file }} --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} +ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v {{ etcd_data_dir }}:{{ etcd_data_dir }}:z -v {{ etcd_conf_dir }}:{{ etcd_conf_dir }}:ro --env-file={{ etcd_conf_file }} --net=host --entrypoint=/usr/bin/etcd {{ etcd_image }} ExecStop=/usr/bin/docker stop {{ etcd_service }} SyslogIdentifier=etcd_container Restart=always diff --git a/roles/installer_checkpoint/README.md b/roles/installer_checkpoint/README.md index f8588c4bf..68c0357b6 100644 --- a/roles/installer_checkpoint/README.md +++ b/roles/installer_checkpoint/README.md @@ -64,11 +64,11 @@ phase are stored in the `phase_attributes` variable. }, 'installer_phase_etcd': { 'title': 'etcd Install', - 'playbook': 'playbooks/byo/openshift-etcd/config.yml' + 'playbook': 'playbooks/openshift-etcd/config.yml' }, 'installer_phase_nfs': { 'title': 'NFS Install', - 'playbook': 'playbooks/byo/openshift-nfs/config.yml' + 'playbook': 'playbooks/openshift-nfs/config.yml' }, #... } @@ -160,7 +160,7 @@ Health Check : Complete (0:01:10) etcd Install : Complete (0:02:58) Master Install : Complete (0:09:20) Master Additional Install : In Progress (0:20:04) - This phase can be restarted by running: playbooks/byo/openshift-master/additional_config.yml + This phase can be restarted by running: playbooks/openshift-master/additional_config.yml ``` [set_stats]: http://docs.ansible.com/ansible/latest/set_stats_module.html diff --git a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py index 556e9127f..57444a2a5 100644 --- a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py +++ b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py @@ -46,31 +46,31 @@ class CallbackModule(CallbackBase): }, 'installer_phase_health': { 'title': 'Health Check', - 'playbook': 'playbooks/byo/openshift-checks/pre-install.yml' + 'playbook': 'playbooks/openshift-checks/pre-install.yml' }, 'installer_phase_etcd': { 'title': 'etcd Install', - 'playbook': 'playbooks/byo/openshift-etcd/config.yml' + 'playbook': 'playbooks/openshift-etcd/config.yml' }, 'installer_phase_nfs': { 'title': 'NFS Install', - 'playbook': 'playbooks/byo/openshift-nfs/config.yml' + 'playbook': 'playbooks/openshift-nfs/config.yml' }, 'installer_phase_loadbalancer': { 'title': 'Load balancer Install', - 'playbook': 'playbooks/byo/openshift-loadbalancer/config.yml' + 'playbook': 'playbooks/openshift-loadbalancer/config.yml' }, 'installer_phase_master': { 'title': 'Master Install', - 'playbook': 'playbooks/byo/openshift-master/config.yml' + 'playbook': 'playbooks/openshift-master/config.yml' }, 'installer_phase_master_additional': { 'title': 'Master Additional Install', - 'playbook': 'playbooks/byo/openshift-master/additional_config.yml' + 'playbook': 'playbooks/openshift-master/additional_config.yml' }, 'installer_phase_node': { 'title': 'Node Install', - 'playbook': 'playbooks/byo/openshift-node/config.yml' + 'playbook': 'playbooks/openshift-node/config.yml' }, 'installer_phase_glusterfs': { 'title': 'GlusterFS Install', @@ -78,11 +78,11 @@ class CallbackModule(CallbackBase): }, 'installer_phase_hosted': { 'title': 'Hosted Install', - 'playbook': 'playbooks/byo/openshift-cluster/openshift-hosted.yml' + 'playbook': 'playbooks/openshift-hosted/config.yml' }, 'installer_phase_metrics': { 'title': 'Metrics Install', - 'playbook': 'playbooks/byo/openshift-cluster/openshift-metrics.yml' + 'playbook': 'playbooks/openshift-metrics/config.yml' }, 'installer_phase_logging': { 'title': 'Logging Install', @@ -90,15 +90,15 @@ class CallbackModule(CallbackBase): }, 'installer_phase_prometheus': { 'title': 'Prometheus Install', - 'playbook': 'playbooks/byo/openshift-cluster/openshift-prometheus.yml' + 'playbook': 'playbooks/openshift-prometheus/config.yml' }, 'installer_phase_servicecatalog': { 'title': 'Service Catalog Install', - 'playbook': 'playbooks/byo/openshift-cluster/service-catalog.yml' + 'playbook': 'playbooks/openshift-service-catalog/config.yml' }, 'installer_phase_management': { 'title': 'Management Install', - 'playbook': 'playbooks/byo/openshift-management/config.yml' + 'playbook': 'playbooks/openshift-management/config.yml' }, } diff --git a/roles/kuryr/tasks/master.yaml b/roles/kuryr/tasks/master.yaml index 55ab16f74..1cc6d2375 100644 --- a/roles/kuryr/tasks/master.yaml +++ b/roles/kuryr/tasks/master.yaml @@ -1,6 +1,6 @@ --- -- name: Perform OpenShit ServiceAccount config - include: serviceaccount.yaml +- name: Perform OpenShift ServiceAccount config + include_tasks: serviceaccount.yaml - name: Create kuryr manifests tempdir command: mktemp -d diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index f3c487132..c264427de 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -1,7 +1,6 @@ --- - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Set the Nuage certificate directory fact for Atomic hosts set_fact: @@ -62,7 +61,7 @@ become: yes file: path={{ nuage_mon_rest_server_logdir }} state=directory -- include: serviceaccount.yml +- include_tasks: serviceaccount.yml - name: Download the certs and keys become: yes @@ -82,7 +81,7 @@ - nuage.key - nuage.kubeconfig -- include: certificates.yml +- include_tasks: certificates.yml - name: Install Nuage VSD user certificate become: yes diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml index 9db9dbb6a..c6b7a9b10 100644 --- a/roles/nuage_node/tasks/main.yaml +++ b/roles/nuage_node/tasks/main.yaml @@ -31,7 +31,7 @@ - nuage.key - nuage.kubeconfig -- include: certificates.yml +- include_tasks: certificates.yml - name: Add additional Docker mounts for Nuage for atomic hosts become: yes @@ -44,8 +44,7 @@ - restart node ignore_errors: true -- include: iptables.yml +- include_tasks: iptables.yml - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml diff --git a/roles/openshift_certificate_expiry/README.md b/roles/openshift_certificate_expiry/README.md index f19a421cb..48338ca1b 100644 --- a/roles/openshift_certificate_expiry/README.md +++ b/roles/openshift_certificate_expiry/README.md @@ -54,7 +54,7 @@ included in this role, or you can [read on below for more examples](#more-exampl to help you craft you own. ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/easy-mode.yaml ``` Using the `easy-mode.yaml` playbook will produce: @@ -65,7 +65,7 @@ Using the `easy-mode.yaml` playbook will produce: > **Note:** If you are running from an RPM install use -> `/usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml` +> `/usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml` > instead ## Run from a container @@ -80,7 +80,7 @@ There are several [examples](../../examples/README.md) in the `examples` directo ## More Example Playbooks > **Note:** These Playbooks are available to run directly out of the -> [/playbooks/byo/openshift-checks/certificate_expiry/](../../playbooks/byo/openshift-checks/certificate_expiry/) directory. +> [/playbooks/openshift-checks/certificate_expiry/](../../playbooks/openshift-checks/certificate_expiry/) directory. ### Default behavior @@ -99,14 +99,14 @@ This playbook just invokes the certificate expiration check role with default op **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/default.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/default.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/default.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/default.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/default.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/default.yaml) ### Easy mode @@ -130,14 +130,14 @@ certificates (healthy or not) are included in the results: **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/easy-mode.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/easy-mode.yaml) ### Easy mode and upload reports to masters @@ -193,14 +193,14 @@ options via environment variables: **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml) ### Generate HTML and JSON artifacts in their default paths @@ -219,14 +219,14 @@ $ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/by **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml) ### Generate HTML and JSON reports in a custom path @@ -250,14 +250,14 @@ This example customizes the report generation path to point to a specific path ( **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml) ### Long warning window @@ -278,14 +278,14 @@ the module out): **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml) ### Long warning window and JSON report @@ -307,14 +307,14 @@ the module out) and save the results as a JSON file: **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml) diff --git a/roles/openshift_cli/defaults/main.yml b/roles/openshift_cli/defaults/main.yml index ed97d539c..82da0639e 100644 --- a/roles/openshift_cli/defaults/main.yml +++ b/roles/openshift_cli/defaults/main.yml @@ -1 +1,6 @@ --- +system_images_registry_dict: + openshift-enterprise: "registry.access.redhat.com" + origin: "docker.io" + +system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}" diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 14d8a3325..06dc5d14b 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -28,13 +28,13 @@ - block: - name: Pull CLI Image command: > - atomic pull --storage ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.common.cli_image }}:{{ openshift_image_tag }} + atomic pull --storage ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.common.cli_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Copy client binaries/symlinks out of CLI image for use on the host openshift_container_binary_sync: - image: "{{ '' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.common.cli_image }}" + image: "{{ '' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.common.cli_image }}" tag: "{{ openshift_image_tag }}" backend: "atomic" when: diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml index ab3055c8b..dff492a69 100644 --- a/roles/openshift_cloud_provider/tasks/main.yml +++ b/roles/openshift_cloud_provider/tasks/main.yml @@ -11,11 +11,11 @@ state: directory when: has_cloudprovider | bool -- include: openstack.yml +- include_tasks: openstack.yml when: cloudprovider_is_openstack | bool -- include: aws.yml +- include_tasks: aws.yml when: cloudprovider_is_aws | bool -- include: gce.yml +- include_tasks: gce.yml when: cloudprovider_is_gce | bool diff --git a/roles/openshift_etcd_facts/tasks/main.yml b/roles/openshift_etcd_facts/tasks/main.yml index 22fb39006..ed97d539c 100644 --- a/roles/openshift_etcd_facts/tasks/main.yml +++ b/roles/openshift_etcd_facts/tasks/main.yml @@ -1,5 +1 @@ --- -- openshift_facts: - role: etcd - local_facts: - etcd_image: "{{ osm_etcd_image | default(None) }}" diff --git a/roles/openshift_excluder/tasks/disable.yml b/roles/openshift_excluder/tasks/disable.yml index 5add25b45..21801b994 100644 --- a/roles/openshift_excluder/tasks/disable.yml +++ b/roles/openshift_excluder/tasks/disable.yml @@ -2,11 +2,11 @@ - when: r_openshift_excluder_verify_upgrade block: - name: Include verify_upgrade.yml when upgrading - include: verify_upgrade.yml + include_tasks: verify_upgrade.yml # unexclude the current openshift/origin-excluder if it is installed so it can be updated - name: Disable excluders before the upgrade to remove older excluding expressions - include: unexclude.yml + include_tasks: unexclude.yml vars: # before the docker excluder can be updated, it needs to be disabled # to remove older excluded packages that are no longer excluded @@ -15,12 +15,12 @@ # Install any excluder that is enabled - name: Include install.yml - include: install.yml + include_tasks: install.yml # And finally adjust an excluder in order to update host components correctly. First # exclude then unexclude - name: Include exclude.yml - include: exclude.yml + include_tasks: exclude.yml vars: # Enable the docker excluder only if it is overridden # BZ #1430612: docker excluders should be enabled even during installation and upgrade @@ -30,7 +30,7 @@ # All excluders that are to be disabled are disabled - name: Include unexclude.yml - include: unexclude.yml + include_tasks: unexclude.yml vars: # If the docker override is not set, default to the generic behaviour # BZ #1430612: docker excluders should be enabled even during installation and upgrade diff --git a/roles/openshift_excluder/tasks/enable.yml b/roles/openshift_excluder/tasks/enable.yml index fce44cfb5..7c3742a06 100644 --- a/roles/openshift_excluder/tasks/enable.yml +++ b/roles/openshift_excluder/tasks/enable.yml @@ -1,6 +1,6 @@ --- - name: Install excluders - include: install.yml + include_tasks: install.yml - name: Enable excluders - include: exclude.yml + include_tasks: exclude.yml diff --git a/roles/openshift_excluder/tasks/main.yml b/roles/openshift_excluder/tasks/main.yml index db20b4012..93d6ef149 100644 --- a/roles/openshift_excluder/tasks/main.yml +++ b/roles/openshift_excluder/tasks/main.yml @@ -32,7 +32,7 @@ - r_openshift_excluder_upgrade_target is not defined - name: Include main action task file - include: "{{ r_openshift_excluder_action }}.yml" + include_tasks: "{{ r_openshift_excluder_action }}.yml" when: - not ostree_booted.stat.exists | bool diff --git a/roles/openshift_excluder/tasks/verify_upgrade.yml b/roles/openshift_excluder/tasks/verify_upgrade.yml index 42026664a..b55a9af23 100644 --- a/roles/openshift_excluder/tasks/verify_upgrade.yml +++ b/roles/openshift_excluder/tasks/verify_upgrade.yml @@ -1,12 +1,12 @@ --- - name: Verify Docker Excluder version - include: verify_excluder.yml + include_tasks: verify_excluder.yml vars: excluder: "{{ r_openshift_excluder_service_type }}-docker-excluder" when: r_openshift_excluder_enable_docker_excluder | bool - name: Verify OpenShift Excluder version - include: verify_excluder.yml + include_tasks: verify_excluder.yml vars: excluder: "{{ r_openshift_excluder_service_type }}-excluder" when: r_openshift_excluder_enable_openshift_excluder | bool diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 99ebb7e36..f94e0e097 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1563,7 +1563,8 @@ def set_builddefaults_facts(facts): # Scaffold out the full expected datastructure facts['master']['admission_plugin_config'] = {'BuildDefaults': {'configuration': {'env': {}}}} facts['master']['admission_plugin_config'].update(builddefaults['config']) - delete_empty_keys(facts['master']['admission_plugin_config']['BuildDefaults']['configuration']['env']) + if 'env' in facts['master']['admission_plugin_config']['BuildDefaults']['configuration']: + delete_empty_keys(facts['master']['admission_plugin_config']['BuildDefaults']['configuration']['env']) return facts @@ -1630,7 +1631,6 @@ def set_container_facts_if_unset(facts): cli_image = master_image node_image = 'openshift3/node' ovs_image = 'openshift3/openvswitch' - etcd_image = 'registry.access.redhat.com/rhel7/etcd' pod_image = 'openshift3/ose-pod' router_image = 'openshift3/ose-haproxy-router' registry_image = 'openshift3/ose-docker-registry' @@ -1640,7 +1640,6 @@ def set_container_facts_if_unset(facts): cli_image = master_image node_image = 'openshift/node' ovs_image = 'openshift/openvswitch' - etcd_image = 'registry.access.redhat.com/rhel7/etcd' pod_image = 'openshift/origin-pod' router_image = 'openshift/origin-haproxy-router' registry_image = 'openshift/origin-docker-registry' @@ -1667,8 +1666,6 @@ def set_container_facts_if_unset(facts): facts['common']['registry_image'] = registry_image if 'deployer_image' not in facts['common']: facts['common']['deployer_image'] = deployer_image - if 'etcd' in facts and 'etcd_image' not in facts['etcd']: - facts['etcd']['etcd_image'] = etcd_image if 'master' in facts and 'master_image' not in facts['master']: facts['master']['master_image'] = master_image facts['master']['master_system_image'] = master_image diff --git a/roles/openshift_hosted/tasks/storage/glusterfs.yml b/roles/openshift_hosted/tasks/storage/glusterfs.yml index c2954fde1..9b998142a 100644 --- a/roles/openshift_hosted/tasks/storage/glusterfs.yml +++ b/roles/openshift_hosted/tasks/storage/glusterfs.yml @@ -79,14 +79,7 @@ - REGISTRY_STORAGE_MAINTENANCE_READONLY_ENABLED: 'true' when: openshift.hosted.registry.storage.glusterfs.swap -- name: Unmount registry volume +- name: Unmount registry volume and clean up mount point/fstab mount: - state: unmounted - name: "{{ mktemp.stdout }}" - -- name: Delete temp mount directory - file: - dest: "{{ mktemp.stdout }}" state: absent - changed_when: False - check_mode: no + name: "{{ mktemp.stdout }}" diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml index 69b061fc5..c87a327a4 100644 --- a/roles/openshift_loadbalancer/tasks/main.yml +++ b/roles/openshift_loadbalancer/tasks/main.yml @@ -1,7 +1,6 @@ --- - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install haproxy package: name=haproxy state=present diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index 2bd02af60..770892d52 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -270,7 +270,7 @@ port: 443 targetPort: 4443 selector: - component: "{{ es_component }}-prometheus" + component: "{{ es_component }}" provider: openshift - oc_edit: diff --git a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 index 5a4f7f762..8529b61d5 100644 --- a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 +++ b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 @@ -42,7 +42,7 @@ objects: component: eventrouter logging-infra: eventrouter provider: openshift - replicas: ${REPLICAS} + replicas: "${{ '{{' }}REPLICAS{{ '}}' }}" template: metadata: labels: diff --git a/roles/openshift_logging_fluentd/files/secure-forward.conf b/roles/openshift_logging_fluentd/files/secure-forward.conf index f4483df79..87410c1c5 100644 --- a/roles/openshift_logging_fluentd/files/secure-forward.conf +++ b/roles/openshift_logging_fluentd/files/secure-forward.conf @@ -1,3 +1,4 @@ +# <store> # @type secure_forward # self_hostname ${HOSTNAME} @@ -22,3 +23,4 @@ # specify hostlabel for FQDN verification if ipaddress is used for host # hostlabel server.fqdn.example.com # </server> +# </store> diff --git a/roles/openshift_logging_mux/files/secure-forward.conf b/roles/openshift_logging_mux/files/secure-forward.conf index f4483df79..87410c1c5 100644 --- a/roles/openshift_logging_mux/files/secure-forward.conf +++ b/roles/openshift_logging_mux/files/secure-forward.conf @@ -1,3 +1,4 @@ +# <store> # @type secure_forward # self_hostname ${HOSTNAME} @@ -22,3 +23,4 @@ # specify hostlabel for FQDN verification if ipaddress is used for host # hostlabel server.fqdn.example.com # </server> +# </store> diff --git a/roles/openshift_logging_mux/templates/mux.j2 b/roles/openshift_logging_mux/templates/mux.j2 index cfb13d59b..79e449b73 100644 --- a/roles/openshift_logging_mux/templates/mux.j2 +++ b/roles/openshift_logging_mux/templates/mux.j2 @@ -59,7 +59,7 @@ spec: {% endif %} {% endif %} ports: - - containerPort: "{{ openshift_logging_mux_port }}" + - containerPort: {{ openshift_logging_mux_port }} name: mux-forward volumeMounts: - name: config diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 3fb94fff8..99bc12514 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -7,6 +7,12 @@ openshift_master_debug_level: "{{ debug_level | default(2) }}" r_openshift_master_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_openshift_master_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" +system_images_registry_dict: + openshift-enterprise: "registry.access.redhat.com" + origin: "docker.io" + +system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}" + openshift_node_ips: [] r_openshift_master_clean_install: false r_openshift_master_etcd3_storage: false diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index b6d3539b1..e2f92d597 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -31,8 +31,7 @@ - openshift.common.is_containerized | bool - name: Open up firewall ports - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install Master package package: @@ -172,13 +171,13 @@ no_proxy_etcd_host_ips: "{{ openshift_no_proxy_etcd_host_ips }}" - name: Update journald config - include: journald.yml + include_tasks: journald.yml - name: Install the systemd units - include: systemd_units.yml + include_tasks: systemd_units.yml - name: Install Master system container - include: system_container.yml + include_tasks: system_container.yml when: - openshift.common.is_containerized | bool - openshift.common.is_master_system_container | bool @@ -212,10 +211,10 @@ - restart master api - restart master controllers -- include: bootstrap_settings.yml +- include_tasks: bootstrap_settings.yml when: openshift_master_bootstrap_enabled | default(False) -- include: set_loopback_context.yml +- include_tasks: set_loopback_context.yml - name: Start and enable master api on first master systemd: @@ -273,7 +272,7 @@ # A separate wait is required here for native HA since notifies will # be resolved after all tasks in the role. -- include: check_master_api_is_ready.yml +- include_tasks: check_master_api_is_ready.yml when: - openshift.master.cluster_method == 'native' - master_api_service_status_changed | bool @@ -323,5 +322,5 @@ - l_install_result | changed - name: node bootstrap settings - include: bootstrap.yml + include_tasks: bootstrap.yml when: openshift_master_bootstrap_enabled | default(False) diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml index 843352532..23386f11b 100644 --- a/roles/openshift_master/tasks/system_container.yml +++ b/roles/openshift_master/tasks/system_container.yml @@ -6,7 +6,7 @@ - name: Pre-pull master system container image command: > - atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }} + atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }} register: l_pull_result changed_when: "'Pulling layer' in l_pull_result.stdout" @@ -18,7 +18,7 @@ - name: Install or Update HA api master system container oc_atomic_container: name: "{{ openshift.common.service_type }}-master-api" - image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}" state: latest values: - COMMAND=api @@ -26,7 +26,7 @@ - name: Install or Update HA controller master system container oc_atomic_container: name: "{{ openshift.common.service_type }}-master-controllers" - image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}" state: latest values: - COMMAND=controllers diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index b0fa72f19..582185198 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -9,7 +9,7 @@ when: - openshift.common.is_containerized | bool -- include: registry_auth.yml +- include_tasks: registry_auth.yml - name: Disable the legacy master service if it exists systemd: diff --git a/roles/openshift_master/tasks/upgrade.yml b/roles/openshift_master/tasks/upgrade.yml index 92371921d..f84cf2f6e 100644 --- a/roles/openshift_master/tasks/upgrade.yml +++ b/roles/openshift_master/tasks/upgrade.yml @@ -1,16 +1,16 @@ --- -- include: upgrade/rpm_upgrade.yml +- include_tasks: upgrade/rpm_upgrade.yml when: not openshift.common.is_containerized | bool -- include: upgrade/upgrade_scheduler.yml +- include_tasks: upgrade/upgrade_scheduler.yml # master_config_hook is passed in from upgrade play. -- include: "upgrade/{{ master_config_hook }}" +- include_tasks: "upgrade/{{ master_config_hook }}" when: master_config_hook is defined -- include: journald.yml +- include_tasks: journald.yml -- include: systemd_units.yml +- include_tasks: systemd_units.yml - name: Check for ca-bundle.crt stat: diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml index 40705d357..41bfc72cb 100644 --- a/roles/openshift_master_cluster/tasks/main.yml +++ b/roles/openshift_master_cluster/tasks/main.yml @@ -10,5 +10,5 @@ failed_when: false when: openshift.master.cluster_method == "pacemaker" -- include: configure.yml +- include_tasks: configure.yml when: "pcs_status | failed and 'Error: cluster is not currently running on this node' in pcs_status.stderr" diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml index 3dc15d58b..bb842d710 100644 --- a/roles/openshift_metrics/tasks/generate_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_certificates.yaml @@ -8,4 +8,4 @@ --serial='{{ mktemp.stdout }}/ca.serial.txt' --name="metrics-signer@{{lookup('pipe','date +%s')}}" -- include: generate_hawkular_certificates.yaml +- include_tasks: generate_hawkular_certificates.yaml diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index 31129a6ac..0fd19c9f8 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -1,13 +1,13 @@ --- - name: generate hawkular-metrics certificates - include: setup_certificate.yaml + include_tasks: setup_certificate.yaml vars: component: hawkular-metrics hostnames: "hawkular-metrics,hawkular-metrics.{{ openshift_metrics_project }}.svc.cluster.local,{{ openshift_metrics_hawkular_hostname }}" changed_when: no - name: generate hawkular-cassandra certificates - include: setup_certificate.yaml + include_tasks: setup_certificate.yaml vars: component: hawkular-cassandra hostnames: hawkular-cassandra diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml index 0eb852d91..a33b28ba7 100644 --- a/roles/openshift_metrics/tasks/install_heapster.yaml +++ b/roles/openshift_metrics/tasks/install_heapster.yaml @@ -66,4 +66,4 @@ namespace: "{{ openshift_metrics_project }}" changed_when: no -- include: generate_heapster_secrets.yaml +- include_tasks: generate_heapster_secrets.yaml diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml index fdf4ae57f..49d1d8cf1 100644 --- a/roles/openshift_metrics/tasks/install_metrics.yaml +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -1,8 +1,8 @@ --- -- include: pre_install.yaml +- include_tasks: pre_install.yaml - name: Install Metrics - include: "{{ role_path }}/tasks/install_{{ include_file }}.yaml" + include_tasks: "install_{{ include_file }}.yaml" with_items: - support - heapster @@ -13,11 +13,11 @@ when: not openshift_metrics_heapster_standalone | bool - name: Install Heapster Standalone - include: install_heapster.yaml + include_tasks: install_heapster.yaml when: openshift_metrics_heapster_standalone | bool - name: Install Hawkular OpenShift Agent (HOSA) - include: install_hosa.yaml + include_tasks: install_hosa.yaml when: openshift_metrics_install_hawkular_agent | default(false) | bool - find: @@ -34,7 +34,7 @@ changed_when: no - name: Create objects - include: oc_apply.yaml + include_tasks: oc_apply.yaml vars: kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" namespace: "{{ openshift_metrics_project }}" @@ -58,7 +58,7 @@ changed_when: no - name: Create Hawkular Agent objects - include: oc_apply.yaml + include_tasks: oc_apply.yaml vars: kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" namespace: "{{ openshift_metrics_hawkular_agent_namespace }}" @@ -67,7 +67,7 @@ with_items: "{{ hawkular_agent_object_defs.results }}" when: openshift_metrics_install_hawkular_agent | bool -- include: update_master_config.yaml +- include_tasks: update_master_config.yaml - command: > {{openshift.common.client_binary}} @@ -80,11 +80,11 @@ changed_when: no - name: Scaling down cluster to recognize changes - include: stop_metrics.yaml + include_tasks: stop_metrics.yaml when: existing_metrics_rc.stdout_lines | length > 0 - name: Scaling up cluster - include: start_metrics.yaml + include_tasks: start_metrics.yaml tags: openshift_metrics_start_cluster when: - openshift_metrics_start_cluster | default(true) | bool diff --git a/roles/openshift_metrics/tasks/install_support.yaml b/roles/openshift_metrics/tasks/install_support.yaml index 584e3be05..c3727d530 100644 --- a/roles/openshift_metrics/tasks/install_support.yaml +++ b/roles/openshift_metrics/tasks/install_support.yaml @@ -19,7 +19,7 @@ - fail: msg="'keytool' is unavailable. Please install java-1.8.0-openjdk-headless on the control node" when: keytool_check.rc == 1 -- include: generate_certificates.yaml -- include: generate_serviceaccounts.yaml -- include: generate_services.yaml -- include: generate_rolebindings.yaml +- include_tasks: generate_certificates.yaml +- include_tasks: generate_serviceaccounts.yaml +- include_tasks: generate_services.yaml +- include_tasks: generate_rolebindings.yaml diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 10509fc1e..9dfe360bb 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -43,15 +43,15 @@ check_mode: no tags: metrics_init -- include: install_metrics.yaml +- include_tasks: install_metrics.yaml when: - openshift_metrics_install_metrics | bool -- include: uninstall_metrics.yaml +- include_tasks: uninstall_metrics.yaml when: - not openshift_metrics_install_metrics | bool -- include: uninstall_hosa.yaml +- include_tasks: uninstall_hosa.yaml when: not openshift_metrics_install_hawkular_agent | bool - name: Delete temp directory diff --git a/roles/openshift_metrics/tasks/uninstall_metrics.yaml b/roles/openshift_metrics/tasks/uninstall_metrics.yaml index 403b1252c..1265c7bfd 100644 --- a/roles/openshift_metrics/tasks/uninstall_metrics.yaml +++ b/roles/openshift_metrics/tasks/uninstall_metrics.yaml @@ -1,6 +1,6 @@ --- - name: stop metrics - include: stop_metrics.yaml + include_tasks: stop_metrics.yaml - name: remove metrics components command: > diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 89d154ad7..62208c155 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -4,9 +4,18 @@ openshift_node_debug_level: "{{ debug_level | default(2) }}" r_openshift_node_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" +l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" + openshift_deployment_type: "{{ openshift_deployment_type | default('origin') }}" openshift_service_type: "{{ 'origin' if openshift_deployment_type == 'origin' else 'atomic-openshift' }}" +system_images_registry_dict: + openshift-enterprise: "registry.access.redhat.com" + origin: "docker.io" + +system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}" +l_is_openvswitch_system_container: "{{ (openshift_use_openvswitch_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" + openshift_image_tag: '' default_r_openshift_node_image_prep_packages: diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml index b8be50f6c..ac43ef039 100644 --- a/roles/openshift_node/tasks/bootstrap.yml +++ b/roles/openshift_node/tasks/bootstrap.yml @@ -32,8 +32,7 @@ regexp: "^CONFIG_FILE=.*" - name: include aws sysconfig credentials - include: aws.yml - static: yes + import_tasks: aws.yml when: not (openshift_node_use_instance_profiles | default(False)) #- name: update the ExecStart to have bootstrap diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml index 2fea33454..741a2234f 100644 --- a/roles/openshift_node/tasks/config.yml +++ b/roles/openshift_node/tasks/config.yml @@ -1,6 +1,6 @@ --- - name: Install the systemd units - include: systemd_units.yml + include_tasks: systemd_units.yml - name: Start and enable openvswitch service systemd: @@ -47,8 +47,7 @@ - restart node - name: include aws provider credentials - include: aws.yml - static: yes + import_tasks: aws.yml when: not (openshift_node_use_instance_profiles | default(False)) # Necessary because when you're on a node that's also a master the master will be diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml index 6b7e40491..9a91e2fb6 100644 --- a/roles/openshift_node/tasks/install.yml +++ b/roles/openshift_node/tasks/install.yml @@ -20,7 +20,7 @@ - when: - openshift.common.is_containerized | bool - - not openshift.common.is_node_system_container | bool + - not l_is_node_system_container | bool block: - name: Pre-pull node image when containerized command: > diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index eae9ca7bc..8e9d1d1b5 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -7,8 +7,7 @@ - not openshift_use_crio | default(false) - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml #### Disable SWAP ##### # https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory @@ -41,7 +40,7 @@ #### End Disable Swap Block #### - name: include node installer - include: install.yml + include_tasks: install.yml - name: Restart cri-o systemd: @@ -66,34 +65,34 @@ sysctl_file: "/etc/sysctl.d/99-openshift.conf" reload: yes -- include: registry_auth.yml +- include_tasks: registry_auth.yml - name: include standard node config - include: config.yml + include_tasks: config.yml #### Storage class plugins here #### - name: NFS storage plugin configuration - include: storage_plugins/nfs.yml + include_tasks: storage_plugins/nfs.yml tags: - nfs - name: GlusterFS storage plugin configuration - include: storage_plugins/glusterfs.yml + include_tasks: storage_plugins/glusterfs.yml when: "'glusterfs' in openshift.node.storage_plugin_deps" - name: Ceph storage plugin configuration - include: storage_plugins/ceph.yml + include_tasks: storage_plugins/ceph.yml when: "'ceph' in openshift.node.storage_plugin_deps" - name: iSCSI storage plugin configuration - include: storage_plugins/iscsi.yml + include_tasks: storage_plugins/iscsi.yml when: "'iscsi' in openshift.node.storage_plugin_deps" ##### END Storage ##### -- include: config/workaround-bz1331590-ovs-oom-fix.yml +- include_tasks: config/workaround-bz1331590-ovs-oom-fix.yml when: openshift_node_use_openshift_sdn | default(true) | bool - name: include bootstrap node config - include: bootstrap.yml + include_tasks: bootstrap.yml when: openshift_node_bootstrap diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml index 164a79b39..73dc9e130 100644 --- a/roles/openshift_node/tasks/node_system_container.yml +++ b/roles/openshift_node/tasks/node_system_container.yml @@ -6,14 +6,14 @@ - name: Pre-pull node system container image command: > - atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }} + atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Install or Update node system container oc_atomic_container: name: "{{ openshift.common.service_type }}-node" - image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}" values: - "DNS_DOMAIN={{ openshift.common.dns_domain }}" - "DOCKER_SERVICE={{ openshift.docker.service_name }}.service" diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml index 0f73ce454..8c3548475 100644 --- a/roles/openshift_node/tasks/openvswitch_system_container.yml +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -17,14 +17,14 @@ - name: Pre-pull OpenVSwitch system container image command: > - atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} + atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Install or Update OpenVSwitch system container oc_atomic_container: name: openvswitch - image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }}" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }}" state: latest values: - "DOCKER_SERVICE={{ l_service_name }}" diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 9c182ade6..397e1ba18 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -3,7 +3,7 @@ template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" src: "{{ openshift.common.is_containerized | bool | ternary('openshift.docker.node.service', 'node.service.j2') }}" - when: not openshift.common.is_node_system_container | bool + when: not l_is_node_system_container | bool notify: - reload systemd units - restart node @@ -11,21 +11,21 @@ - when: openshift.common.is_containerized | bool block: - name: include node deps docker service file - include: config/install-node-deps-docker-service-file.yml + include_tasks: config/install-node-deps-docker-service-file.yml - name: include ovs service environment file - include: config/install-ovs-service-env-file.yml + include_tasks: config/install-ovs-service-env-file.yml - name: Install Node system container - include: node_system_container.yml + include_tasks: node_system_container.yml when: - - openshift.common.is_node_system_container | bool + - l_is_node_system_container | bool - name: Install OpenvSwitch system containers - include: openvswitch_system_container.yml + include_tasks: openvswitch_system_container.yml when: - openshift_node_use_openshift_sdn | bool - - openshift.common.is_openvswitch_system_container | bool + - l_is_openvswitch_system_container | bool - block: - name: Pre-pull openvswitch image @@ -34,11 +34,11 @@ register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" - - include: config/install-ovs-docker-service-file.yml + - include_tasks: config/install-ovs-docker-service-file.yml when: - openshift.common.is_containerized | bool - openshift_node_use_openshift_sdn | bool - - not openshift.common.is_openvswitch_system_container | bool + - not l_is_openvswitch_system_container | bool -- include: config/configure-node-settings.yml -- include: config/configure-proxy-settings.yml +- include_tasks: config/configure-node-settings.yml +- include_tasks: config/configure-proxy-settings.yml diff --git a/roles/openshift_node/tasks/upgrade.yml b/roles/openshift_node/tasks/upgrade.yml index 2bca1e974..fb21b39a1 100644 --- a/roles/openshift_node/tasks/upgrade.yml +++ b/roles/openshift_node/tasks/upgrade.yml @@ -10,7 +10,7 @@ # tasks file for openshift_node_upgrade -- include: registry_auth.yml +- include_tasks: registry_auth.yml - name: Stop node and openvswitch services service: @@ -48,7 +48,7 @@ - openshift.common.is_containerized | bool - openshift_use_openshift_sdn | bool -- include: docker/upgrade.yml +- include_tasks: docker/upgrade.yml vars: # We will restart Docker ourselves after everything is ready: skip_docker_restart: True @@ -56,10 +56,10 @@ - l_docker_upgrade is defined - l_docker_upgrade | bool -- include: "{{ node_config_hook }}" +- include_tasks: "{{ node_config_hook }}" when: node_config_hook is defined -- include: upgrade/rpm_upgrade.yml +- include_tasks: upgrade/rpm_upgrade.yml vars: component: "node" openshift_version: "{{ openshift_pkg_version | default('') }}" @@ -70,7 +70,7 @@ path: "/etc/systemd/system/docker.service.d/docker-sdn-ovs.conf" state: absent -- include: upgrade/containerized_node_upgrade.yml +- include_tasks: upgrade/containerized_node_upgrade.yml when: openshift.common.is_containerized | bool - name: Ensure containerized services stopped before Docker restart @@ -165,7 +165,7 @@ value: "/etc/origin/node/resolv.conf" # Restart all services -- include: upgrade/restart.yml +- include_tasks: upgrade/restart.yml - name: Wait for node to be ready oc_obj: diff --git a/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml b/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml index 96b94d8b6..245de60a7 100644 --- a/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml @@ -6,7 +6,7 @@ skip_node_svc_handlers: True - name: Update systemd units - include: ../systemd_units.yml + include_tasks: ../systemd_units.yml # This is a no-op because of skip_node_svc_handlers, but lets us trigger it before end of # play when the node has already been marked schedulable again. (this would look strange diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml index 9bbaafc29..a33b78780 100644 --- a/roles/openshift_node_dnsmasq/tasks/main.yml +++ b/roles/openshift_node_dnsmasq/tasks/main.yml @@ -59,9 +59,9 @@ state: started # Dynamic NetworkManager based dispatcher -- include: ./network-manager.yml +- include_tasks: ./network-manager.yml when: network_manager_active | bool # Relies on ansible in order to configure static config -- include: ./no-network-manager.yml +- include_tasks: ./no-network-manager.yml when: not network_manager_active | bool diff --git a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml index 8a7da66c2..dede2fb8f 100644 --- a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml +++ b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml @@ -8,4 +8,4 @@ state: present notify: restart NetworkManager -- include: ./network-manager.yml +- include_tasks: network-manager.yml diff --git a/roles/openshift_node_group/defaults/main.yml b/roles/openshift_node_group/defaults/main.yml index d398a7fdc..7c81409a5 100644 --- a/roles/openshift_node_group/defaults/main.yml +++ b/roles/openshift_node_group/defaults/main.yml @@ -23,4 +23,4 @@ openshift_node_group_network_plugin_default: "{{ os_sdn_network_plugin_name | de openshift_node_group_network_plugin: "{{ openshift_node_group_network_plugin_default }}" openshift_node_group_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" openshift_node_group_node_data_dir: "{{ openshift_node_group_node_data_dir_default }}" -openshift_node_group_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) }}" +openshift_node_group_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) | int }}" diff --git a/roles/openshift_node_group/tasks/main.yml b/roles/openshift_node_group/tasks/main.yml index c7c15683d..43ecf1b8b 100644 --- a/roles/openshift_node_group/tasks/main.yml +++ b/roles/openshift_node_group/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Build node config maps - include: create_config.yml + include_tasks: create_config.yml vars: openshift_node_group_name: "{{ node_group.name }}" openshift_node_group_edits: "{{ node_group.edits | default([]) }}" diff --git a/roles/openshift_node_group/templates/node-config.yaml.j2 b/roles/openshift_node_group/templates/node-config.yaml.j2 index 5e22dc6d2..3fd16247c 100644 --- a/roles/openshift_node_group/templates/node-config.yaml.j2 +++ b/roles/openshift_node_group/templates/node-config.yaml.j2 @@ -33,7 +33,7 @@ masterClientConnectionOverrides: qps: 20 masterKubeConfig: node.kubeconfig networkConfig: - mtu: "{{ openshift_node_group_network_mtu }}" + mtu: {{ openshift_node_group_network_mtu }} networkPluginName: {{ openshift_node_group_network_plugin }} nodeIP: "" podManifestConfig: null diff --git a/roles/openshift_prometheus/README.md b/roles/openshift_prometheus/README.md index 92f74928c..5bf6e7d77 100644 --- a/roles/openshift_prometheus/README.md +++ b/roles/openshift_prometheus/README.md @@ -23,6 +23,13 @@ For default values, see [`defaults/main.yaml`](defaults/main.yaml). - `openshift_prometheus_<COMPONENT>_image_version`: specify image version for the component +- `openshift_prometheus_args`: Modify or add arguments for prometheus application + +e.g +``` +openshift_prometheus_args=['--storage.tsdb.retention=6h', '--storage.tsdb.min-block-duration=5s', '--storage.tsdb.max-block-duration=6m'] +``` + ## PVC related variables Each prometheus component (prometheus, alertmanager, alertbuffer) can set pv claim by setting corresponding role variable: ``` diff --git a/roles/openshift_prometheus/defaults/main.yaml b/roles/openshift_prometheus/defaults/main.yaml index 4e2cea0b9..1b4a12cac 100644 --- a/roles/openshift_prometheus/defaults/main.yaml +++ b/roles/openshift_prometheus/defaults/main.yaml @@ -9,6 +9,9 @@ openshift_prometheus_node_selector: {"region":"infra"} # additional prometheus rules file openshift_prometheus_additional_rules_file: null +#prometheus application arguments +openshift_prometheus_args: ['--storage.tsdb.retention=6h', '--storage.tsdb.min-block-duration=2m'] + # storage # One of ['emptydir', 'pvc'] openshift_prometheus_storage_type: "emptydir" diff --git a/roles/openshift_prometheus/tasks/install_prometheus.yaml b/roles/openshift_prometheus/tasks/install_prometheus.yaml index 21da4bc9d..50736a9ee 100644 --- a/roles/openshift_prometheus/tasks/install_prometheus.yaml +++ b/roles/openshift_prometheus/tasks/install_prometheus.yaml @@ -3,7 +3,7 @@ # namespace - name: Add prometheus project oc_project: - state: "{{ state }}" + state: present name: "{{ openshift_prometheus_namespace }}" node_selector: "{{ openshift_prometheus_node_selector | oo_selector_to_string_list() }}" description: Prometheus @@ -11,7 +11,7 @@ # secrets - name: Set alert and prometheus secrets oc_secret: - state: "{{ state }}" + state: present name: "{{ item }}-proxy" namespace: "{{ openshift_prometheus_namespace }}" contents: @@ -24,7 +24,7 @@ # serviceaccount - name: create prometheus serviceaccount oc_serviceaccount: - state: "{{ state }}" + state: present name: prometheus namespace: "{{ openshift_prometheus_namespace }}" # TODO add annotations when supproted @@ -48,7 +48,7 @@ # create clusterrolebinding for prometheus serviceaccount - name: Set cluster-reader permissions for prometheus oc_adm_policy_user: - state: "{{ state }}" + state: present namespace: "{{ openshift_prometheus_namespace }}" resource_kind: cluster-role resource_name: cluster-reader @@ -58,7 +58,7 @@ # TODO join into 1 task with loop - name: Create prometheus service oc_service: - state: "{{ state }}" + state: present name: "{{ item.name }}" namespace: "{{ openshift_prometheus_namespace }}" selector: @@ -76,7 +76,7 @@ - name: Create alerts service oc_service: - state: "{{ state }}" + state: present name: "{{ item.name }}" namespace: "{{ openshift_prometheus_namespace }}" selector: @@ -111,7 +111,7 @@ # create prometheus and alerts routes - name: create prometheus and alerts routes oc_route: - state: "{{ state }}" + state: present name: "{{ item.name }}" namespace: "{{ openshift_prometheus_namespace }}" service_name: "{{ item.name }}" @@ -185,7 +185,7 @@ # In prometheus configmap create "additional.rules" section if file exists - name: Set prometheus configmap oc_configmap: - state: "{{ state }}" + state: present name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" from_file: @@ -196,7 +196,7 @@ - name: Set prometheus configmap oc_configmap: - state: "{{ state }}" + state: present name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" from_file: @@ -212,7 +212,7 @@ - name: Set alertmanager configmap oc_configmap: - state: "{{ state }}" + state: present name: "prometheus-alerts" namespace: "{{ openshift_prometheus_namespace }}" from_file: @@ -229,7 +229,7 @@ - name: Set prometheus stateful set oc_obj: - state: "{{ state }}" + state: present name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" kind: statefulset diff --git a/roles/openshift_prometheus/tasks/main.yaml b/roles/openshift_prometheus/tasks/main.yaml index 5cc9a67eb..38798e1f5 100644 --- a/roles/openshift_prometheus/tasks/main.yaml +++ b/roles/openshift_prometheus/tasks/main.yaml @@ -20,9 +20,11 @@ mode: 0755 changed_when: False -- include: install_prometheus.yaml - vars: - state: "{{ openshift_prometheus_state }}" +- include_tasks: install_prometheus.yaml + when: openshift_prometheus_state == 'present' + +- include_tasks: uninstall_prometheus.yaml + when: openshift_prometheus_state == 'absent' - name: Delete temp directory file: diff --git a/roles/openshift_prometheus/tasks/uninstall_prometheus.yaml b/roles/openshift_prometheus/tasks/uninstall_prometheus.yaml new file mode 100644 index 000000000..d746402db --- /dev/null +++ b/roles/openshift_prometheus/tasks/uninstall_prometheus.yaml @@ -0,0 +1,7 @@ +--- + +# remove namespace - This will delete all the objects inside the namespace +- name: Remove prometheus project + oc_project: + state: absent + name: "{{ openshift_prometheus_namespace }}" diff --git a/roles/openshift_prometheus/templates/prometheus.j2 b/roles/openshift_prometheus/templates/prometheus.j2 index 456db3a57..e73a94eee 100644 --- a/roles/openshift_prometheus/templates/prometheus.j2 +++ b/roles/openshift_prometheus/templates/prometheus.j2 @@ -75,8 +75,9 @@ spec: - name: prometheus args: - - --storage.tsdb.retention=6h - - --storage.tsdb.min-block-duration=2m +{% for arg in openshift_prometheus_args %} + - {{ arg }} +{% endfor %} - --config.file=/etc/prometheus/prometheus.yml - --web.listen-address=localhost:9090 image: "{{ l_openshift_prometheus_image_prefix }}prometheus:{{ l_openshift_prometheus_image_version }}" diff --git a/roles/openshift_provisioners/tasks/install_provisioners.yaml b/roles/openshift_provisioners/tasks/install_provisioners.yaml index 324fdcc82..2d1217c74 100644 --- a/roles/openshift_provisioners/tasks/install_provisioners.yaml +++ b/roles/openshift_provisioners/tasks/install_provisioners.yaml @@ -16,10 +16,10 @@ when: (openshift_provisioners_efs | bool) and openshift_provisioners_efs_aws_secret_access_key is not defined - name: Install support - include: install_support.yaml + include_tasks: install_support.yaml - name: Install EFS - include: install_efs.yaml + include_tasks: install_efs.yaml when: openshift_provisioners_efs | bool - find: paths={{ mktemp.stdout }}/templates patterns=*.yaml @@ -32,7 +32,7 @@ changed_when: no - name: Create objects - include: oc_apply.yaml + include_tasks: oc_apply.yaml vars: - kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" - namespace: "{{ openshift_provisioners_project }}" @@ -51,5 +51,5 @@ when: ansible_check_mode - name: Scaling up cluster - include: start_cluster.yaml + include_tasks: start_cluster.yaml when: start_cluster | default(true) | bool diff --git a/roles/openshift_provisioners/tasks/install_support.yaml b/roles/openshift_provisioners/tasks/install_support.yaml index d6db81ab9..93c4c394d 100644 --- a/roles/openshift_provisioners/tasks/install_support.yaml +++ b/roles/openshift_provisioners/tasks/install_support.yaml @@ -10,8 +10,8 @@ changed_when: False check_mode: no -- include: generate_secrets.yaml +- include_tasks: generate_secrets.yaml -- include: generate_clusterrolebindings.yaml +- include_tasks: generate_clusterrolebindings.yaml -- include: generate_serviceaccounts.yaml +- include_tasks: generate_serviceaccounts.yaml diff --git a/roles/openshift_provisioners/tasks/main.yaml b/roles/openshift_provisioners/tasks/main.yaml index a50c78c97..4ba26b2b8 100644 --- a/roles/openshift_provisioners/tasks/main.yaml +++ b/roles/openshift_provisioners/tasks/main.yaml @@ -12,10 +12,10 @@ check_mode: no tags: provisioners_init -- include: "{{ role_path }}/tasks/install_provisioners.yaml" +- include_tasks: install_provisioners.yaml when: openshift_provisioners_install_provisioners | default(false) | bool -- include: "{{ role_path }}/tasks/uninstall_provisioners.yaml" +- include_tasks: uninstall_provisioners.yaml when: not openshift_provisioners_install_provisioners | default(false) | bool - name: Delete temp directory diff --git a/roles/openshift_provisioners/tasks/uninstall_provisioners.yaml b/roles/openshift_provisioners/tasks/uninstall_provisioners.yaml index 0be4bc7d2..602dee773 100644 --- a/roles/openshift_provisioners/tasks/uninstall_provisioners.yaml +++ b/roles/openshift_provisioners/tasks/uninstall_provisioners.yaml @@ -1,6 +1,6 @@ --- - name: stop provisioners - include: stop_cluster.yaml + include_tasks: stop_cluster.yaml # delete the deployment objects that we had created - name: delete provisioner api objects diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 95ba9fe4c..552a22a0f 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -35,7 +35,7 @@ - when: r_openshift_repos_has_run is not defined block: - - include: centos_repos.yml + - include_tasks: centos_repos.yml when: - ansible_os_family == "RedHat" - ansible_distribution != "Fedora" diff --git a/roles/openshift_sanitize_inventory/tasks/deprecations.yml b/roles/openshift_sanitize_inventory/tasks/deprecations.yml index 94d3acffc..795b8ee60 100644 --- a/roles/openshift_sanitize_inventory/tasks/deprecations.yml +++ b/roles/openshift_sanitize_inventory/tasks/deprecations.yml @@ -16,6 +16,6 @@ # for with_fileglob Ansible resolves the path relative to the roles/<rolename>/files directory - name: Assign deprecated variables to correct counterparts - include: "{{ item }}" + include_tasks: "{{ item }}" with_fileglob: - "../tasks/__deprecations_*.yml" diff --git a/roles/openshift_sanitize_inventory/tasks/main.yml b/roles/openshift_sanitize_inventory/tasks/main.yml index 70b236033..77428272c 100644 --- a/roles/openshift_sanitize_inventory/tasks/main.yml +++ b/roles/openshift_sanitize_inventory/tasks/main.yml @@ -1,7 +1,7 @@ --- # We should print out deprecations prior to any failures so that if a play does fail for other reasons # the user would also be aware of any deprecated variables they should note to adjust -- include: deprecations.yml +- include_tasks: deprecations.yml - name: Abort when conflicting deployment type variables are set when: @@ -53,7 +53,7 @@ openshift_release is "{{ openshift_release }}" which is not a valid version string. Please set it to a version string like "3.4". -- include: unsupported.yml +- include_tasks: unsupported.yml when: - not openshift_enable_unsupported_configurations | default(false) | bool diff --git a/roles/openshift_storage_glusterfs/README.md b/roles/openshift_storage_glusterfs/README.md index 03c157313..54adcf78d 100644 --- a/roles/openshift_storage_glusterfs/README.md +++ b/roles/openshift_storage_glusterfs/README.md @@ -87,7 +87,9 @@ GlusterFS cluster into a new or existing OpenShift cluster: | openshift_storage_glusterfs_block_deploy | True | Deploy glusterblock provisioner service | openshift_storage_glusterfs_block_image | 'gluster/glusterblock-provisioner'| Container image to use for glusterblock-provisioner pod, enterprise default is 'rhgs3/rhgs-gluster-block-prov-rhel7' | openshift_storage_glusterfs_block_version | 'latest' | Container image version to use for glusterblock-provisioner pod -| openshift_storage_glusterfs_block_max_host_vol | 15 | Max number of GlusterFS volumes to host glusterblock volumes +| openshift_storage_glusterfs_block_host_vol_create| True | Automatically create GlusterFS volumes to host glusterblock volumes. **NOTE:** If this is False, block-hosting volumes will need to be manually created before glusterblock volumes can be provisioned +| openshift_storage_glusterfs_block_host_vol_size | 100 | Size, in GB, of GlusterFS volumes that will be automatically create to host glusterblock volumes if not enough space is available for a glusterblock volume create request. **NOTE:** This value is effectively an upper limit on the size of glusterblock volumes unless you manually create larger GlusterFS block-hosting volumes +| openshift_storage_glusterfs_block_host_vol_max | 15 | Max number of GlusterFS volumes to host glusterblock volumes | openshift_storage_glusterfs_s3_deploy | True | Deploy gluster-s3 service | openshift_storage_glusterfs_s3_image | 'gluster/gluster-object'| Container image to use for gluster-s3 pod, enterprise default is 'rhgs3/rhgs-gluster-s3-server-rhel7' | openshift_storage_glusterfs_s3_version | 'latest' | Container image version to use for gluster=s3 pod diff --git a/roles/openshift_storage_glusterfs/defaults/main.yml b/roles/openshift_storage_glusterfs/defaults/main.yml index c3db36d37..814d6ff28 100644 --- a/roles/openshift_storage_glusterfs/defaults/main.yml +++ b/roles/openshift_storage_glusterfs/defaults/main.yml @@ -10,7 +10,9 @@ openshift_storage_glusterfs_version: 'latest' openshift_storage_glusterfs_block_deploy: True openshift_storage_glusterfs_block_image: "{{ 'rhgs3/rhgs-gluster-block-prov-rhel7' | quote if deployment_type == 'openshift-enterprise' else 'gluster/glusterblock-provisioner' | quote }}" openshift_storage_glusterfs_block_version: 'latest' -openshift_storage_glusterfs_block_max_host_vol: 15 +openshift_storage_glusterfs_block_host_vol_create: True +openshift_storage_glusterfs_block_host_vol_size: 100 +openshift_storage_glusterfs_block_host_vol_max: 15 openshift_storage_glusterfs_s3_deploy: True openshift_storage_glusterfs_s3_image: "{{ 'rhgs3/rhgs-gluster-s3-server-rhel7' | quote if deployment_type == 'openshift-enterprise' else 'gluster/gluster-object' | quote }}" openshift_storage_glusterfs_s3_version: 'latest' @@ -54,7 +56,9 @@ openshift_storage_glusterfs_registry_version: "{{ openshift_storage_glusterfs_ve openshift_storage_glusterfs_registry_block_deploy: "{{ openshift_storage_glusterfs_block_deploy }}" openshift_storage_glusterfs_registry_block_image: "{{ openshift_storage_glusterfs_block_image }}" openshift_storage_glusterfs_registry_block_version: "{{ openshift_storage_glusterfs_block_version }}" -openshift_storage_glusterfs_registry_block_max_host_vol: "{{ openshift_storage_glusterfs_block_max_host_vol }}" +openshift_storage_glusterfs_registry_block_host_vol_create: "{{ openshift_storage_glusterfs_block_host_vol_create }}" +openshift_storage_glusterfs_registry_block_host_vol_size: "{{ openshift_storage_glusterfs_block_host_vol_size }}" +openshift_storage_glusterfs_registry_block_host_vol_max: "{{ openshift_storage_glusterfs_block_host_vol_max }}" openshift_storage_glusterfs_registry_s3_deploy: "{{ openshift_storage_glusterfs_s3_deploy }}" openshift_storage_glusterfs_registry_s3_image: "{{ openshift_storage_glusterfs_s3_image }}" openshift_storage_glusterfs_registry_s3_version: "{{ openshift_storage_glusterfs_s3_version }}" diff --git a/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml b/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml index 2cc69644c..9c1409dee 100644 --- a/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml +++ b/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml @@ -2,7 +2,7 @@ kind: Template apiVersion: v1 metadata: - name: glusterblock + name: glusterblock-provisioner labels: glusterfs: block-template glusterblock: template diff --git a/roles/openshift_storage_glusterfs/files/v3.8/deploy-heketi-template.yml b/roles/openshift_storage_glusterfs/files/v3.8/deploy-heketi-template.yml new file mode 100644 index 000000000..34af652c2 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/deploy-heketi-template.yml @@ -0,0 +1,133 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: deploy-heketi + labels: + glusterfs: heketi-template + deploy-heketi: support + annotations: + description: Bootstrap Heketi installation + tags: glusterfs,heketi,installation +objects: +- kind: Service + apiVersion: v1 + metadata: + name: deploy-heketi-${CLUSTER_NAME} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-service + deploy-heketi: support + annotations: + description: Exposes Heketi service + spec: + ports: + - name: deploy-heketi-${CLUSTER_NAME} + port: 8080 + targetPort: 8080 + selector: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod +- kind: Route + apiVersion: v1 + metadata: + name: ${HEKETI_ROUTE} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-route + deploy-heketi: support + spec: + to: + kind: Service + name: deploy-heketi-${CLUSTER_NAME} +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: deploy-heketi-${CLUSTER_NAME} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-dc + deploy-heketi: support + annotations: + description: Defines how to deploy Heketi + spec: + replicas: 1 + selector: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod + triggers: + - type: ConfigChange + strategy: + type: Recreate + template: + metadata: + name: deploy-heketi + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod + deploy-heketi: support + spec: + serviceAccountName: heketi-${CLUSTER_NAME}-service-account + containers: + - name: heketi + image: ${IMAGE_NAME}:${IMAGE_VERSION} + env: + - name: HEKETI_USER_KEY + value: ${HEKETI_USER_KEY} + - name: HEKETI_ADMIN_KEY + value: ${HEKETI_ADMIN_KEY} + - name: HEKETI_EXECUTOR + value: ${HEKETI_EXECUTOR} + - name: HEKETI_FSTAB + value: ${HEKETI_FSTAB} + - name: HEKETI_SNAPSHOT_LIMIT + value: '14' + - name: HEKETI_KUBE_GLUSTER_DAEMONSET + value: '1' + ports: + - containerPort: 8080 + volumeMounts: + - name: db + mountPath: /var/lib/heketi + - name: config + mountPath: /etc/heketi + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 3 + httpGet: + path: /hello + port: 8080 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 30 + httpGet: + path: /hello + port: 8080 + volumes: + - name: db + - name: config + secret: + secretName: heketi-${CLUSTER_NAME}-config-secret +parameters: +- name: HEKETI_USER_KEY + displayName: Heketi User Secret + description: Set secret for those creating volumes as type _user_ +- name: HEKETI_ADMIN_KEY + displayName: Heketi Administrator Secret + description: Set secret for administration of the Heketi service as user _admin_ +- name: HEKETI_EXECUTOR + displayName: heketi executor type + description: Set the executor type, kubernetes or ssh + value: kubernetes +- name: HEKETI_FSTAB + displayName: heketi fstab path + description: Set the fstab path, file that is populated with bricks that heketi creates + value: /var/lib/heketi/fstab +- name: HEKETI_ROUTE + displayName: heketi route name + description: Set the hostname for the route URL + value: "heketi-glusterfs" +- name: IMAGE_NAME + displayName: heketi container image name + required: True +- name: IMAGE_VERSION + displayName: heketi container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify this heketi service, useful for running multiple heketi instances + value: glusterfs diff --git a/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-pvcs-template.yml b/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-pvcs-template.yml new file mode 100644 index 000000000..064b51473 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-pvcs-template.yml @@ -0,0 +1,67 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: gluster-s3-pvcs + labels: + glusterfs: s3-pvcs-template + gluster-s3: pvcs-template + annotations: + description: Gluster S3 service template + tags: glusterfs,heketi,gluster-s3 +objects: +- kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: "${PVC}" + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-storage + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-pvc + annotations: + volume.beta.kubernetes.io/storage-class: "glusterfs-${CLUSTER_NAME}" + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: "${PVC_SIZE}" +- kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: "${META_PVC}" + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-storage + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-meta-pvc + annotations: + volume.beta.kubernetes.io/storage-class: "glusterfs-${CLUSTER_NAME}" + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: "${META_PVC_SIZE}" +parameters: +- name: S3_ACCOUNT + displayName: S3 Account Name + description: S3 storage account which will provide storage on GlusterFS volumes + required: true +- name: PVC + displayName: Primary GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage + required: true +- name: PVC_SIZE + displayName: Primary GlusterFS-backed PVC capacity + description: Capacity for GlusterFS-backed PVC for object storage + value: 2Gi +- name: META_PVC + displayName: Metadata GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage metadata + required: true +- name: META_PVC_SIZE + displayName: Metadata GlusterFS-backed PVC capacity + description: Capacity for GlusterFS-backed PVC for object storage metadata + value: 1Gi +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage diff --git a/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-template.yml b/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-template.yml new file mode 100644 index 000000000..896a1b226 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/gluster-s3-template.yml @@ -0,0 +1,140 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: gluster-s3 + labels: + glusterfs: s3-template + gluster-s3: template + annotations: + description: Gluster S3 service template + tags: glusterfs,heketi,gluster-s3 +objects: +- kind: Service + apiVersion: v1 + metadata: + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-service + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-service + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-service + spec: + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 + selector: + glusterfs: s3-pod + type: ClusterIP + sessionAffinity: None + status: + loadBalancer: {} +- kind: Route + apiVersion: v1 + metadata: + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-route + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-route + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-route + spec: + to: + kind: Service + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-service +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-dc + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-dc + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-dc + annotations: + openshift.io/scc: privileged + description: Defines how to deploy gluster s3 object storage + spec: + replicas: 1 + selector: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-pod + template: + metadata: + name: gluster-${CLUSTER_NAME}-${S3_ACCOUNT}-s3 + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-pod + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-pod + spec: + containers: + - name: gluster-s3 + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + ports: + - name: gluster + containerPort: 8080 + protocol: TCP + env: + - name: S3_ACCOUNT + value: "${S3_ACCOUNT}" + - name: S3_USER + value: "${S3_USER}" + - name: S3_PASSWORD + value: "${S3_PASSWORD}" + resources: {} + volumeMounts: + - name: gluster-vol1 + mountPath: "/mnt/gluster-object/${S3_ACCOUNT}" + - name: gluster-vol2 + mountPath: "/mnt/gluster-object/gsmetadata" + - name: glusterfs-cgroup + readOnly: true + mountPath: "/sys/fs/cgroup" + terminationMessagePath: "/dev/termination-log" + securityContext: + privileged: true + volumes: + - name: glusterfs-cgroup + hostPath: + path: "/sys/fs/cgroup" + - name: gluster-vol1 + persistentVolumeClaim: + claimName: ${PVC} + - name: gluster-vol2 + persistentVolumeClaim: + claimName: ${META_PVC} + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + serviceAccountName: default + serviceAccount: default + securityContext: {} +parameters: +- name: IMAGE_NAME + displayName: glusterblock provisioner container image name + required: True +- name: IMAGE_VERSION + displayName: glusterblock provisioner container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage +- name: S3_ACCOUNT + displayName: S3 Account Name + description: S3 storage account which will provide storage on GlusterFS volumes + required: true +- name: S3_USER + displayName: S3 User + description: S3 user who can access the S3 storage account + required: true +- name: S3_PASSWORD + displayName: S3 User Password + description: Password for the S3 user + required: true +- name: PVC + displayName: Primary GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage + value: gluster-s3-claim +- name: META_PVC + displayName: Metadata GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage metadata + value: gluster-s3-meta-claim +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage diff --git a/roles/openshift_storage_glusterfs/files/v3.8/glusterblock-provisioner.yml b/roles/openshift_storage_glusterfs/files/v3.8/glusterblock-provisioner.yml new file mode 100644 index 000000000..9c1409dee --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/glusterblock-provisioner.yml @@ -0,0 +1,105 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: glusterblock-provisioner + labels: + glusterfs: block-template + glusterblock: template + annotations: + description: glusterblock provisioner template + tags: glusterfs +objects: +- kind: ClusterRole + apiVersion: v1 + metadata: + name: glusterblock-provisioner-runner + labels: + glusterfs: block-provisioner-runner-clusterrole + glusterblock: provisioner-runner-clusterrole + rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "delete"] + - apiGroups: [""] + resources: ["routes"] + verbs: ["get", "list"] +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: glusterblock-${CLUSTER_NAME}-provisioner + labels: + glusterfs: block-${CLUSTER_NAME}-provisioner-sa + glusterblock: ${CLUSTER_NAME}-provisioner-sa +- apiVersion: v1 + kind: ClusterRoleBinding + metadata: + name: glusterblock-${CLUSTER_NAME}-provisioner + roleRef: + name: glusterblock-provisioner-runner + subjects: + - kind: ServiceAccount + name: glusterblock-${CLUSTER_NAME}-provisioner + namespace: ${NAMESPACE} +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: glusterblock-${CLUSTER_NAME}-provisioner-dc + labels: + glusterfs: block-${CLUSTER_NAME}-provisioner-dc + glusterblock: ${CLUSTER_NAME}-provisioner-dc + annotations: + description: Defines how to deploy the glusterblock provisioner pod. + spec: + replicas: 1 + selector: + glusterfs: block-${CLUSTER_NAME}-provisioner-pod + triggers: + - type: ConfigChange + strategy: + type: Recreate + template: + metadata: + name: glusterblock-provisioner + labels: + glusterfs: block-${CLUSTER_NAME}-provisioner-pod + spec: + serviceAccountName: glusterblock-${CLUSTER_NAME}-provisioner + containers: + - name: glusterblock-provisioner + image: ${IMAGE_NAME}:${IMAGE_VERSION} + image: gluster/glusterblock-provisioner:latest + imagePullPolicy: IfNotPresent + env: + - name: PROVISIONER_NAME + value: gluster.org/glusterblock +parameters: +- name: IMAGE_NAME + displayName: glusterblock provisioner container image name + required: True +- name: IMAGE_VERSION + displayName: glusterblock provisioner container image version + required: True +- name: NAMESPACE + displayName: glusterblock provisioner namespace + description: The namespace in which these resources are being created + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage diff --git a/roles/openshift_storage_glusterfs/files/v3.8/glusterfs-template.yml b/roles/openshift_storage_glusterfs/files/v3.8/glusterfs-template.yml new file mode 100644 index 000000000..09850a2c2 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/glusterfs-template.yml @@ -0,0 +1,154 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: glusterfs + labels: + glusterfs: template + annotations: + description: GlusterFS DaemonSet template + tags: glusterfs +objects: +- kind: DaemonSet + apiVersion: extensions/v1beta1 + metadata: + name: glusterfs-${CLUSTER_NAME} + labels: + glusterfs: ${CLUSTER_NAME}-daemonset + annotations: + description: GlusterFS DaemonSet + tags: glusterfs + spec: + selector: + matchLabels: + glusterfs: ${CLUSTER_NAME}-pod + template: + metadata: + name: glusterfs-${CLUSTER_NAME} + labels: + glusterfs: ${CLUSTER_NAME}-pod + glusterfs-node: pod + spec: + nodeSelector: "${{NODE_LABELS}}" + hostNetwork: true + containers: + - name: glusterfs + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + env: + - name: GB_GLFS_LRU_COUNT + value: "${GB_GLFS_LRU_COUNT}" + - name: TCMU_LOGDIR + value: "${TCMU_LOGDIR}" + resources: + requests: + memory: 100Mi + cpu: 100m + volumeMounts: + - name: glusterfs-heketi + mountPath: "/var/lib/heketi" + - name: glusterfs-run + mountPath: "/run" + - name: glusterfs-lvm + mountPath: "/run/lvm" + - name: glusterfs-etc + mountPath: "/etc/glusterfs" + - name: glusterfs-logs + mountPath: "/var/log/glusterfs" + - name: glusterfs-config + mountPath: "/var/lib/glusterd" + - name: glusterfs-dev + mountPath: "/dev" + - name: glusterfs-misc + mountPath: "/var/lib/misc/glusterfsd" + - name: glusterfs-cgroup + mountPath: "/sys/fs/cgroup" + readOnly: true + - name: glusterfs-ssl + mountPath: "/etc/ssl" + readOnly: true + securityContext: + capabilities: {} + privileged: true + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 40 + exec: + command: + - "/bin/bash" + - "-c" + - systemctl status glusterd.service + periodSeconds: 25 + successThreshold: 1 + failureThreshold: 15 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 40 + exec: + command: + - "/bin/bash" + - "-c" + - systemctl status glusterd.service + periodSeconds: 25 + successThreshold: 1 + failureThreshold: 15 + terminationMessagePath: "/dev/termination-log" + volumes: + - name: glusterfs-heketi + hostPath: + path: "/var/lib/heketi" + - name: glusterfs-run + emptyDir: {} + - name: glusterfs-lvm + hostPath: + path: "/run/lvm" + - name: glusterfs-etc + hostPath: + path: "/etc/glusterfs" + - name: glusterfs-logs + hostPath: + path: "/var/log/glusterfs" + - name: glusterfs-config + hostPath: + path: "/var/lib/glusterd" + - name: glusterfs-dev + hostPath: + path: "/dev" + - name: glusterfs-misc + hostPath: + path: "/var/lib/misc/glusterfsd" + - name: glusterfs-cgroup + hostPath: + path: "/sys/fs/cgroup" + - name: glusterfs-ssl + hostPath: + path: "/etc/ssl" + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} +parameters: +- name: NODE_LABELS + displayName: Daemonset Node Labels + description: Labels which define the daemonset node selector. Must contain at least one label of the format \'glusterfs=<CLUSTER_NAME>-host\' + value: '{ "glusterfs": "storage-host" }' +- name: IMAGE_NAME + displayName: GlusterFS container image name + required: True +- name: IMAGE_VERSION + displayName: GlusterFS container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage +- name: GB_GLFS_LRU_COUNT + displayName: Maximum number of block hosting volumes + description: This value is to set maximum number of block hosting volumes. + value: "15" + required: true +- name: TCMU_LOGDIR + displayName: Tcmu runner log directory + description: This value is to set tcmu runner log directory + value: "/var/log/glusterfs/gluster-block" + required: true diff --git a/roles/openshift_storage_glusterfs/files/v3.8/heketi-template.yml b/roles/openshift_storage_glusterfs/files/v3.8/heketi-template.yml new file mode 100644 index 000000000..28cdb2982 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.8/heketi-template.yml @@ -0,0 +1,136 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: heketi + labels: + glusterfs: heketi-template + annotations: + description: Heketi service deployment template + tags: glusterfs,heketi +objects: +- kind: Service + apiVersion: v1 + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-service + heketi: ${CLUSTER_NAME}-service + annotations: + description: Exposes Heketi service + spec: + ports: + - name: heketi + port: 8080 + targetPort: 8080 + selector: + glusterfs: heketi-${CLUSTER_NAME}-pod +- kind: Route + apiVersion: v1 + metadata: + name: ${HEKETI_ROUTE} + labels: + glusterfs: heketi-${CLUSTER_NAME}-route + heketi: ${CLUSTER_NAME}-route + spec: + to: + kind: Service + name: heketi-${CLUSTER_NAME} +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-dc + heketi: ${CLUSTER_NAME}-dc + annotations: + description: Defines how to deploy Heketi + spec: + replicas: 1 + selector: + glusterfs: heketi-${CLUSTER_NAME}-pod + triggers: + - type: ConfigChange + strategy: + type: Recreate + template: + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-pod + heketi: ${CLUSTER_NAME}-pod + spec: + serviceAccountName: heketi-${CLUSTER_NAME}-service-account + containers: + - name: heketi + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + env: + - name: HEKETI_USER_KEY + value: ${HEKETI_USER_KEY} + - name: HEKETI_ADMIN_KEY + value: ${HEKETI_ADMIN_KEY} + - name: HEKETI_EXECUTOR + value: ${HEKETI_EXECUTOR} + - name: HEKETI_FSTAB + value: ${HEKETI_FSTAB} + - name: HEKETI_SNAPSHOT_LIMIT + value: '14' + - name: HEKETI_KUBE_GLUSTER_DAEMONSET + value: '1' + ports: + - containerPort: 8080 + volumeMounts: + - name: db + mountPath: /var/lib/heketi + - name: config + mountPath: /etc/heketi + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 3 + httpGet: + path: /hello + port: 8080 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 30 + httpGet: + path: /hello + port: 8080 + volumes: + - name: db + glusterfs: + endpoints: heketi-db-${CLUSTER_NAME}-endpoints + path: heketidbstorage + - name: config + secret: + secretName: heketi-${CLUSTER_NAME}-config-secret +parameters: +- name: HEKETI_USER_KEY + displayName: Heketi User Secret + description: Set secret for those creating volumes as type _user_ +- name: HEKETI_ADMIN_KEY + displayName: Heketi Administrator Secret + description: Set secret for administration of the Heketi service as user _admin_ +- name: HEKETI_EXECUTOR + displayName: heketi executor type + description: Set the executor type, kubernetes or ssh + value: kubernetes +- name: HEKETI_FSTAB + displayName: heketi fstab path + description: Set the fstab path, file that is populated with bricks that heketi creates + value: /var/lib/heketi/fstab +- name: HEKETI_ROUTE + displayName: heketi route name + description: Set the hostname for the route URL + value: "heketi-glusterfs" +- name: IMAGE_NAME + displayName: heketi container image name + required: True +- name: IMAGE_VERSION + displayName: heketi container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify this heketi service, useful for running multiple heketi instances + value: glusterfs diff --git a/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml index bba1de654..d6be8c726 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml @@ -29,21 +29,21 @@ src: "{{ openshift.common.examples_content_version }}/{{ item }}" dest: "{{ mktemp.stdout }}/{{ item }}" with_items: - - "glusterblock-template.yml" + - "glusterblock-provisioner.yml" - name: Create glusterblock provisioner template oc_obj: namespace: "{{ glusterfs_namespace }}" kind: template - name: "glusterblock" + name: "glusterblock-provisioner" state: present files: - - "{{ mktemp.stdout }}/glusterblock-template.yml" + - "{{ mktemp.stdout }}/glusterblock-provisioner.yml" - name: Deploy glusterblock provisioner oc_process: namespace: "{{ glusterfs_namespace }}" - template_name: "glusterblock" + template_name: "glusterblock-provisioner" create: True params: IMAGE_NAME: "{{ glusterfs_block_image }}" diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml index e2d740f35..1ede0ae94 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml @@ -12,7 +12,9 @@ glusterfs_block_deploy: "{{ openshift_storage_glusterfs_block_deploy | bool }}" glusterfs_block_image: "{{ openshift_storage_glusterfs_block_image }}" glusterfs_block_version: "{{ openshift_storage_glusterfs_block_version }}" - glusterfs_block_max_host_vol: "{{ openshift_storage_glusterfs_block_max_host_vol }}" + glusterfs_block_host_vol_create: "{{ openshift_storage_glusterfs_block_host_vol_create }}" + glusterfs_block_host_vol_size: "{{ openshift_storage_glusterfs_block_host_vol_size }}" + glusterfs_block_host_vol_max: "{{ openshift_storage_glusterfs_block_host_vol_max }}" glusterfs_s3_deploy: "{{ openshift_storage_glusterfs_s3_deploy | bool }}" glusterfs_s3_image: "{{ openshift_storage_glusterfs_s3_image }}" glusterfs_s3_version: "{{ openshift_storage_glusterfs_s3_version }}" diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml index f98d4c62f..ef37762f9 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml @@ -87,7 +87,7 @@ IMAGE_VERSION: "{{ glusterfs_version }}" NODE_LABELS: "{{ glusterfs_nodeselector }}" CLUSTER_NAME: "{{ glusterfs_name }}" - GB_GLFS_LRU_COUNT: "{{ glusterfs_block_max_host_vol }}" + GB_GLFS_LRU_COUNT: "{{ glusterfs_block_host_vol_max }}" - name: Wait for GlusterFS pods oc_obj: diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml index baac52179..1fa42efa7 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml @@ -12,7 +12,9 @@ glusterfs_block_deploy: "{{ openshift_storage_glusterfs_registry_block_deploy | bool }}" glusterfs_block_image: "{{ openshift_storage_glusterfs_registry_block_image }}" glusterfs_block_version: "{{ openshift_storage_glusterfs_registry_block_version }}" - glusterfs_block_max_host_vol: "{{ openshift_storage_glusterfs_registry_block_max_host_vol }}" + glusterfs_block_host_vol_create: "{{ openshift_storage_glusterfs_registry_block_host_vol_create }}" + glusterfs_block_host_vol_size: "{{ openshift_storage_glusterfs_registry_block_host_vol_size }}" + glusterfs_block_host_vol_max: "{{ openshift_storage_glusterfs_registry_block_host_vol_max }}" glusterfs_s3_deploy: "{{ openshift_storage_glusterfs_registry_s3_deploy | bool }}" glusterfs_s3_image: "{{ openshift_storage_glusterfs_registry_s3_image }}" glusterfs_s3_version: "{{ openshift_storage_glusterfs_registry_s3_version }}" diff --git a/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 b/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 index 579b11bb7..565e9be98 100644 --- a/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 +++ b/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 @@ -31,6 +31,12 @@ "port" : "{{ glusterfs_heketi_ssh_port }}", "user" : "{{ glusterfs_heketi_ssh_user }}", "sudo" : {{ glusterfs_heketi_ssh_sudo | lower }} - } + }, + + "_auto_create_block_hosting_volume": "Creates Block Hosting volumes automatically if not found or exsisting volume exhausted", + "auto_create_block_hosting_volume": {{ glusterfs_block_host_vol_create | lower }}, + + "_block_hosting_volume_size": "New block hosting volume will be created in size mentioned, This is considered only if auto-create is enabled.", + "block_hosting_volume_size": {{ glusterfs_block_host_vol_size }} } } diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-endpoints.yml.j2 new file mode 100644 index 000000000..11c9195bb --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: glusterfs-{{ glusterfs_name }}-endpoints +subsets: +- addresses: +{% for node in glusterfs_nodes %} + - ip: {{ hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip) }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-service.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-service.yml.j2 new file mode 100644 index 000000000..3f869d2b7 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-registry-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: glusterfs-{{ glusterfs_name }}-endpoints +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-storageclass.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-storageclass.yml.j2 new file mode 100644 index 000000000..095fb780f --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/glusterfs-storageclass.yml.j2 @@ -0,0 +1,13 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: glusterfs-{{ glusterfs_name }} +provisioner: kubernetes.io/glusterfs +parameters: + resturl: "http://{% if glusterfs_heketi_is_native %}{{ glusterfs_heketi_route }}{% else %}{{ glusterfs_heketi_url }}:{{ glusterfs_heketi_port }}{% endif %}" + restuser: "admin" +{% if glusterfs_heketi_admin_key is defined %} + secretNamespace: "{{ glusterfs_namespace }}" + secretName: "heketi-{{ glusterfs_name }}-admin-secret" +{%- endif -%} diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/heketi-endpoints.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/heketi-endpoints.yml.j2 new file mode 100644 index 000000000..99cbdf748 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/heketi-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: heketi-db-{{ glusterfs_name }}-endpoints +subsets: +- addresses: +{% for node in glusterfs_nodes %} + - ip: {{ hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip) }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/heketi-service.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/heketi-service.yml.j2 new file mode 100644 index 000000000..dcb896441 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/heketi-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: heketi-db-{{ glusterfs_name }}-endpoints +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/heketi.json.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/heketi.json.j2 new file mode 100644 index 000000000..565e9be98 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/heketi.json.j2 @@ -0,0 +1,42 @@ +{ + "_port_comment": "Heketi Server Port Number", + "port" : "8080", + + "_use_auth": "Enable JWT authorization. Please enable for deployment", + "use_auth" : false, + + "_jwt" : "Private keys for access", + "jwt" : { + "_admin" : "Admin has access to all APIs", + "admin" : { + "key" : "My Secret" + }, + "_user" : "User only has access to /volumes endpoint", + "user" : { + "key" : "My Secret" + } + }, + + "_glusterfs_comment": "GlusterFS Configuration", + "glusterfs" : { + + "_executor_comment": "Execute plugin. Possible choices: mock, kubernetes, ssh", + "executor" : "{{ glusterfs_heketi_executor }}", + + "_db_comment": "Database file name", + "db" : "/var/lib/heketi/heketi.db", + + "sshexec" : { + "keyfile" : "/etc/heketi/private_key", + "port" : "{{ glusterfs_heketi_ssh_port }}", + "user" : "{{ glusterfs_heketi_ssh_user }}", + "sudo" : {{ glusterfs_heketi_ssh_sudo | lower }} + }, + + "_auto_create_block_hosting_volume": "Creates Block Hosting volumes automatically if not found or exsisting volume exhausted", + "auto_create_block_hosting_volume": {{ glusterfs_block_host_vol_create | lower }}, + + "_block_hosting_volume_size": "New block hosting volume will be created in size mentioned, This is considered only if auto-create is enabled.", + "block_hosting_volume_size": {{ glusterfs_block_host_vol_size }} + } +} diff --git a/roles/openshift_storage_glusterfs/templates/v3.8/topology.json.j2 b/roles/openshift_storage_glusterfs/templates/v3.8/topology.json.j2 new file mode 100644 index 000000000..d6c28f6dd --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v3.8/topology.json.j2 @@ -0,0 +1,49 @@ +{ + "clusters": [ +{%- set clusters = {} -%} +{%- for node in glusterfs_nodes -%} + {%- set cluster = hostvars[node].glusterfs_cluster if 'glusterfs_cluster' in node else '1' -%} + {%- if cluster in clusters -%} + {%- set _dummy = clusters[cluster].append(node) -%} + {%- else -%} + {%- set _dummy = clusters.update({cluster: [ node, ]}) -%} + {%- endif -%} +{%- endfor -%} +{%- for cluster in clusters -%} + { + "nodes": [ +{%- for node in clusters[cluster] -%} + { + "node": { + "hostnames": { + "manage": [ +{%- if 'glusterfs_hostname' in hostvars[node] -%} + "{{ hostvars[node].glusterfs_hostname }}" +{%- elif 'openshift' in hostvars[node] -%} + "{{ hostvars[node].openshift.node.nodename }}" +{%- else -%} + "{{ node }}" +{%- endif -%} + ], + "storage": [ +{%- if 'glusterfs_ip' in hostvars[node] -%} + "{{ hostvars[node].glusterfs_ip }}" +{%- else -%} + "{{ hostvars[node].openshift.common.ip }}" +{%- endif -%} + ] + }, + "zone": {{ hostvars[node].glusterfs_zone | default(1) }} + }, + "devices": [ +{%- for device in hostvars[node].glusterfs_devices -%} + "{{ device }}"{% if not loop.last %},{% endif %} +{%- endfor -%} + ] + }{% if not loop.last %},{% endif %} +{%- endfor -%} + ] + }{% if not loop.last %},{% endif %} +{%- endfor -%} + ] +} diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index c4e023c1e..24264fa43 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -1,7 +1,6 @@ --- - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install nfs-utils package: name=nfs-utils state=present diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index 1c8b9046c..4f9158ade 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -93,11 +93,11 @@ - inventory_hostname in groups['oo_masters_to_config'] or inventory_hostname in groups['oo_nodes_to_config'] block: - name: Set openshift_version for rpm installation - include: set_version_rpm.yml + include_tasks: set_version_rpm.yml when: not is_containerized | bool - name: Set openshift_version for containerized installation - include: set_version_containerized.yml + include_tasks: set_version_containerized.yml when: is_containerized | bool - block: diff --git a/roles/os_firewall/tasks/main.yml b/roles/os_firewall/tasks/main.yml index c477d386c..99084cd3f 100644 --- a/roles/os_firewall/tasks/main.yml +++ b/roles/os_firewall/tasks/main.yml @@ -8,12 +8,12 @@ set_fact: r_os_firewall_is_atomic: "{{ r_os_firewall_ostree_booted.stat.exists }}" -- include: firewalld.yml +- include_tasks: firewalld.yml when: - os_firewall_enabled | bool - os_firewall_use_firewalld | bool -- include: iptables.yml +- include_tasks: iptables.yml when: - os_firewall_enabled | bool - not os_firewall_use_firewalld | bool @@ -12,11 +12,11 @@ skip_install=True deps = -rrequirements.txt -rtest-requirements.txt + unit: -eutils py35-flake8: flake8-bugbear==17.3.0 integration: docker-py==1.10.6 commands = - unit: pip install -e utils unit: pytest {posargs} flake8: flake8 {posargs} pylint: python setup.py lint diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py index ca5e7dc1a..1e2af2c61 100644 --- a/utils/src/ooinstall/openshift_ansible.py +++ b/utils/src/ooinstall/openshift_ansible.py @@ -281,7 +281,7 @@ def run_main_playbook(inventory_file, hosts, hosts_to_run_on, verbose=False): global CFG if len(hosts_to_run_on) != len(hosts): main_playbook_path = os.path.join(CFG.ansible_playbook_directory, - 'playbooks/byo/openshift-node/scaleup.yml') + 'playbooks/openshift-node/scaleup.yml') else: main_playbook_path = os.path.join(CFG.ansible_playbook_directory, 'playbooks/byo/openshift-cluster/config.yml') |