diff options
308 files changed, 1621 insertions, 2831 deletions
diff --git a/DEPLOYMENT_TYPES.md b/DEPLOYMENT_TYPES.md index e52e47202..3788e9bfb 100644 --- a/DEPLOYMENT_TYPES.md +++ b/DEPLOYMENT_TYPES.md @@ -10,7 +10,7 @@ The table below outlines the defaults per `openshift_deployment_type`: | openshift_deployment_type | origin | openshift-enterprise | |-----------------------------------------------------------------|------------------------------------------|----------------------------------------| -| **openshift.common.service_type** (also used for package names) | origin | atomic-openshift | +| **openshift_service_type** (also used for package names) | origin | atomic-openshift | | **openshift.common.config_base** | /etc/origin | /etc/origin | | **openshift_data_dir** | /var/lib/origin | /var/lib/origin | | **openshift.master.registry_url openshift.node.registry_url** | openshift/origin-${component}:${version} | openshift3/ose-${component}:${version} | diff --git a/docs/proposals/role_decomposition.md b/docs/proposals/role_decomposition.md index 6434e24e7..37d080d5c 100644 --- a/docs/proposals/role_decomposition.md +++ b/docs/proposals/role_decomposition.md @@ -262,7 +262,7 @@ dependencies: - name: "Create logging project" command: > - {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project {{openshift_logging_namespace}} + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig new-project {{openshift_logging_namespace}} when: not ansible_check_mode and "not found" in logging_project_result.stderr - name: Create logging cert directory diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index f9564499d..3eaf2aed5 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -375,6 +375,13 @@ def oo_split(string, separator=','): return string.split(separator) +def oo_list_to_dict(lst, separator='='): + """ This converts a list of ["k=v"] to a dictionary {k: v}. + """ + kvs = [i.split(separator) for i in lst] + return {k: v for k, v in kvs} + + def oo_haproxy_backend_masters(hosts, port): """ This takes an array of dicts and returns an array of dicts to be used as a backend for the haproxy role @@ -690,249 +697,6 @@ def to_padded_yaml(data, level=0, indent=2, **kw): raise errors.AnsibleFilterError('Failed to convert: %s' % my_e) -def oo_openshift_env(hostvars): - ''' Return facts which begin with "openshift_" and translate - legacy facts to their openshift_env counterparts. - - Ex: hostvars = {'openshift_fact': 42, - 'theyre_taking_the_hobbits_to': 'isengard'} - returns = {'openshift_fact': 42} - ''' - if not issubclass(type(hostvars), dict): - raise errors.AnsibleFilterError("|failed expects hostvars is a dict") - - facts = {} - regex = re.compile('^openshift_.*') - for key in hostvars: - if regex.match(key): - facts[key] = hostvars[key] - - return facts - - -# pylint: disable=too-many-branches, too-many-nested-blocks, too-many-statements, too-many-locals -def oo_component_persistent_volumes(hostvars, groups, component, subcomponent=None): - """ Generate list of persistent volumes based on oo_openshift_env - storage options set in host variables for a specific component. - """ - if not issubclass(type(hostvars), dict): - raise errors.AnsibleFilterError("|failed expects hostvars is a dict") - if not issubclass(type(groups), dict): - raise errors.AnsibleFilterError("|failed expects groups is a dict") - - persistent_volume = None - - if component in hostvars['openshift']: - if subcomponent is not None: - storage_component = hostvars['openshift'][component][subcomponent] - else: - storage_component = hostvars['openshift'][component] - - if 'storage' in storage_component: - params = storage_component['storage'] - kind = params['kind'] - if 'create_pv' in params: - create_pv = params['create_pv'] - if kind is not None and create_pv: - if kind == 'nfs': - host = params['host'] - if host is None: - if 'oo_nfs_to_config' in groups and len(groups['oo_nfs_to_config']) > 0: - host = groups['oo_nfs_to_config'][0] - else: - raise errors.AnsibleFilterError("|failed no storage host detected") - directory = params['nfs']['directory'] - volume = params['volume']['name'] - path = directory + '/' + volume - size = params['volume']['size'] - if 'labels' in params: - labels = params['labels'] - else: - labels = dict() - access_modes = params['access']['modes'] - persistent_volume = dict( - name="{0}-volume".format(volume), - capacity=size, - labels=labels, - access_modes=access_modes, - storage=dict( - nfs=dict( - server=host, - path=path))) - - elif kind == 'openstack': - volume = params['volume']['name'] - size = params['volume']['size'] - if 'labels' in params: - labels = params['labels'] - else: - labels = dict() - access_modes = params['access']['modes'] - filesystem = params['openstack']['filesystem'] - volume_id = params['openstack']['volumeID'] - persistent_volume = dict( - name="{0}-volume".format(volume), - capacity=size, - labels=labels, - access_modes=access_modes, - storage=dict( - cinder=dict( - fsType=filesystem, - volumeID=volume_id))) - - elif kind == 'glusterfs': - volume = params['volume']['name'] - size = params['volume']['size'] - if 'labels' in params: - labels = params['labels'] - else: - labels = dict() - access_modes = params['access']['modes'] - endpoints = params['glusterfs']['endpoints'] - path = params['glusterfs']['path'] - read_only = params['glusterfs']['readOnly'] - persistent_volume = dict( - name="{0}-volume".format(volume), - capacity=size, - labels=labels, - access_modes=access_modes, - storage=dict( - glusterfs=dict( - endpoints=endpoints, - path=path, - readOnly=read_only))) - - elif not (kind == 'object' or kind == 'dynamic'): - msg = "|failed invalid storage kind '{0}' for component '{1}'".format( - kind, - component) - raise errors.AnsibleFilterError(msg) - return persistent_volume - - -# pylint: disable=too-many-branches, too-many-nested-blocks, too-many-statements -def oo_persistent_volumes(hostvars, groups, persistent_volumes=None): - """ Generate list of persistent volumes based on oo_openshift_env - storage options set in host variables. - """ - if not issubclass(type(hostvars), dict): - raise errors.AnsibleFilterError("|failed expects hostvars is a dict") - if not issubclass(type(groups), dict): - raise errors.AnsibleFilterError("|failed expects groups is a dict") - if persistent_volumes is not None and not issubclass(type(persistent_volumes), list): - raise errors.AnsibleFilterError("|failed expects persistent_volumes is a list") - - if persistent_volumes is None: - persistent_volumes = [] - if 'hosted' in hostvars['openshift']: - for component in hostvars['openshift']['hosted']: - persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'hosted', component) - if persistent_volume is not None: - persistent_volumes.append(persistent_volume) - - if 'logging' in hostvars['openshift']: - persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'logging') - if persistent_volume is not None: - persistent_volumes.append(persistent_volume) - if 'loggingops' in hostvars['openshift']: - persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'loggingops') - if persistent_volume is not None: - persistent_volumes.append(persistent_volume) - if 'metrics' in hostvars['openshift']: - persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'metrics') - if persistent_volume is not None: - persistent_volumes.append(persistent_volume) - if 'prometheus' in hostvars['openshift']: - persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'prometheus') - if persistent_volume is not None: - persistent_volumes.append(persistent_volume) - if 'alertmanager' in hostvars['openshift']['prometheus']: - persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'prometheus', 'alertmanager') - if persistent_volume is not None: - persistent_volumes.append(persistent_volume) - if 'alertbuffer' in hostvars['openshift']['prometheus']: - persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'prometheus', 'alertbuffer') - if persistent_volume is not None: - persistent_volumes.append(persistent_volume) - return persistent_volumes - - -def oo_component_pv_claims(hostvars, component, subcomponent=None): - """ Generate list of persistent volume claims based on oo_openshift_env - storage options set in host variables for a speicific component. - """ - if not issubclass(type(hostvars), dict): - raise errors.AnsibleFilterError("|failed expects hostvars is a dict") - - if component in hostvars['openshift']: - if subcomponent is not None: - storage_component = hostvars['openshift'][component][subcomponent] - else: - storage_component = hostvars['openshift'][component] - - if 'storage' in storage_component: - params = storage_component['storage'] - kind = params['kind'] - if 'create_pv' in params: - if 'create_pvc' in params: - create_pv = params['create_pv'] - create_pvc = params['create_pvc'] - if kind not in [None, 'object'] and create_pv and create_pvc: - volume = params['volume']['name'] - size = params['volume']['size'] - access_modes = params['access']['modes'] - persistent_volume_claim = dict( - name="{0}-claim".format(volume), - capacity=size, - access_modes=access_modes) - return persistent_volume_claim - return None - - -def oo_persistent_volume_claims(hostvars, persistent_volume_claims=None): - """ Generate list of persistent volume claims based on oo_openshift_env - storage options set in host variables. - """ - if not issubclass(type(hostvars), dict): - raise errors.AnsibleFilterError("|failed expects hostvars is a dict") - if persistent_volume_claims is not None and not issubclass(type(persistent_volume_claims), list): - raise errors.AnsibleFilterError("|failed expects persistent_volume_claims is a list") - - if persistent_volume_claims is None: - persistent_volume_claims = [] - if 'hosted' in hostvars['openshift']: - for component in hostvars['openshift']['hosted']: - persistent_volume_claim = oo_component_pv_claims(hostvars, 'hosted', component) - if persistent_volume_claim is not None: - persistent_volume_claims.append(persistent_volume_claim) - - if 'logging' in hostvars['openshift']: - persistent_volume_claim = oo_component_pv_claims(hostvars, 'logging') - if persistent_volume_claim is not None: - persistent_volume_claims.append(persistent_volume_claim) - if 'loggingops' in hostvars['openshift']: - persistent_volume_claim = oo_component_pv_claims(hostvars, 'loggingops') - if persistent_volume_claim is not None: - persistent_volume_claims.append(persistent_volume_claim) - if 'metrics' in hostvars['openshift']: - persistent_volume_claim = oo_component_pv_claims(hostvars, 'metrics') - if persistent_volume_claim is not None: - persistent_volume_claims.append(persistent_volume_claim) - if 'prometheus' in hostvars['openshift']: - persistent_volume_claim = oo_component_pv_claims(hostvars, 'prometheus') - if persistent_volume_claim is not None: - persistent_volume_claims.append(persistent_volume_claim) - if 'alertmanager' in hostvars['openshift']['prometheus']: - persistent_volume_claim = oo_component_pv_claims(hostvars, 'prometheus', 'alertmanager') - if persistent_volume_claim is not None: - persistent_volume_claims.append(persistent_volume_claim) - if 'alertbuffer' in hostvars['openshift']['prometheus']: - persistent_volume_claim = oo_component_pv_claims(hostvars, 'prometheus', 'alertbuffer') - if persistent_volume_claim is not None: - persistent_volume_claims.append(persistent_volume_claim) - return persistent_volume_claims - - def oo_31_rpm_rename_conversion(rpms, openshift_version=None): """ Filters a list of 3.0 rpms and return the corresponding 3.1 rpms names with proper version (if provided) @@ -1212,6 +976,7 @@ class FilterModule(object): "oo_combine_dict": oo_combine_dict, "oo_dict_to_list_of_dict": oo_dict_to_list_of_dict, "oo_split": oo_split, + "oo_list_to_dict": oo_list_to_dict, "oo_filter_list": oo_filter_list, "oo_parse_heat_stack_outputs": oo_parse_heat_stack_outputs, "oo_parse_named_certificates": oo_parse_named_certificates, @@ -1219,9 +984,6 @@ class FilterModule(object): "oo_pretty_print_cluster": oo_pretty_print_cluster, "oo_generate_secret": oo_generate_secret, "oo_nodes_with_label": oo_nodes_with_label, - "oo_openshift_env": oo_openshift_env, - "oo_persistent_volumes": oo_persistent_volumes, - "oo_persistent_volume_claims": oo_persistent_volume_claims, "oo_31_rpm_rename_conversion": oo_31_rpm_rename_conversion, "oo_pods_match_component": oo_pods_match_component, "oo_get_hosts_from_hostvars": oo_get_hosts_from_hostvars, diff --git a/images/installer/root/usr/local/bin/run b/images/installer/root/usr/local/bin/run index cd38a6ff0..67cf7dfde 100755 --- a/images/installer/root/usr/local/bin/run +++ b/images/installer/root/usr/local/bin/run @@ -18,7 +18,7 @@ INVENTORY="$(mktemp)" if [[ -v INVENTORY_FILE ]]; then # Make a copy so that ALLOW_ANSIBLE_CONNECTION_LOCAL below # does not attempt to modify the original - cp -a ${INVENTORY_FILE} ${INVENTORY} + cp ${INVENTORY_FILE} ${INVENTORY} elif [[ -v INVENTORY_DIR ]]; then INVENTORY="$(mktemp -d)" cp -R ${INVENTORY_DIR}/* ${INVENTORY} diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index 3a9944ba4..e3b56d7a1 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -298,24 +298,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Set cockpit plugins #osm_cockpit_plugins=['cockpit-kubernetes'] -# Native high availability cluster method with optional load balancer. +# Native high availability (default cluster method) # If no lb group is defined, the installer assumes that a load balancer has # been preconfigured. For installation the value of # openshift_master_cluster_hostname must resolve to the load balancer # or to one or all of the masters defined in the inventory if no load # balancer is present. -#openshift_master_cluster_method=native -#openshift_master_cluster_hostname=openshift-ansible.test.example.com -#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com - -# Pacemaker high availability cluster method. -# Pacemaker HA environment must be able to self provision the -# configured VIP. For installation openshift_master_cluster_hostname -# must resolve to the configured VIP. -#openshift_master_cluster_method=pacemaker -#openshift_master_cluster_password=openshift_cluster -#openshift_master_cluster_vip=192.168.133.25 -#openshift_master_cluster_public_vip=192.168.133.25 #openshift_master_cluster_hostname=openshift-ansible.test.example.com #openshift_master_cluster_public_hostname=openshift-ansible.test.example.com diff --git a/playbooks/adhoc/openshift_hosted_logging_efk.yaml b/playbooks/adhoc/openshift_hosted_logging_efk.yaml index 44a2ef534..69b2541bb 100644 --- a/playbooks/adhoc/openshift_hosted_logging_efk.yaml +++ b/playbooks/adhoc/openshift_hosted_logging_efk.yaml @@ -8,7 +8,7 @@ hosts: masters:!masters[0] pre_tasks: - set_fact: - openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}" + openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ openshift_master_default_subdomain }}" tasks: - include_role: name: openshift_logging diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 0c2a2c7e8..ed7a7bd1a 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -62,7 +62,6 @@ - origin-master - origin-master-api - origin-master-controllers - - pcsd failed_when: false - hosts: etcd @@ -384,8 +383,6 @@ - origin-excluder - origin-docker-excluder - origin-master - - pacemaker - - pcs register: result until: result | success @@ -456,8 +453,6 @@ - /etc/sysconfig/origin-master-api - /etc/sysconfig/origin-master-controllers - /usr/share/openshift/examples - - /var/lib/pacemaker - - /var/lib/pcsd - /usr/lib/systemd/system/atomic-openshift-master-api.service - /usr/lib/systemd/system/atomic-openshift-master-controllers.service - /usr/lib/systemd/system/origin-master-api.service diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml index 5815c4975..5bf4f652a 100644 --- a/playbooks/aws/openshift-cluster/build_ami.yml +++ b/playbooks/aws/openshift-cluster/build_ami.yml @@ -17,7 +17,7 @@ - name: openshift_aws_region msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}" -- include: provision_instance.yml +- import_playbook: provision_instance.yml vars: openshift_aws_node_group_type: compute @@ -33,8 +33,8 @@ # This is the part that installs all of the software and configs for the instance # to become a node. -- include: ../../openshift-node/private/image_prep.yml +- import_playbook: ../../openshift-node/private/image_prep.yml -- include: seal_ami.yml +- import_playbook: seal_ami.yml vars: openshift_aws_ami_name: "openshift-gi-{{ lookup('pipe', 'date +%Y%m%d%H%M')}}" diff --git a/playbooks/aws/openshift-cluster/hosted.yml b/playbooks/aws/openshift-cluster/hosted.yml index da7ec9d21..9d9ed29de 100644 --- a/playbooks/aws/openshift-cluster/hosted.yml +++ b/playbooks/aws/openshift-cluster/hosted.yml @@ -1,19 +1,19 @@ --- -- include: ../../openshift-hosted/private/config.yml +- import_playbook: ../../openshift-hosted/private/config.yml -- include: ../../openshift-metrics/private/config.yml +- import_playbook: ../../openshift-metrics/private/config.yml when: openshift_metrics_install_metrics | default(false) | bool -- include: ../../common/openshift-cluster/openshift_logging.yml +- import_playbook: ../../openshift-logging/private/config.yml when: openshift_logging_install_logging | default(false) | bool -- include: ../../openshift-prometheus/private/config.yml +- import_playbook: ../../openshift-prometheus/private/config.yml when: openshift_hosted_prometheus_deploy | default(false) | bool -- include: ../../openshift-service-catalog/private/config.yml +- import_playbook: ../../openshift-service-catalog/private/config.yml when: openshift_enable_service_catalog | default(false) | bool -- include: ../../openshift-management/private/config.yml +- import_playbook: ../../openshift-management/private/config.yml when: openshift_management_install_management | default(false) | bool - name: Print deprecated variable warning message if necessary diff --git a/playbooks/aws/openshift-cluster/install.yml b/playbooks/aws/openshift-cluster/install.yml index f8206529a..b03fb0b7f 100644 --- a/playbooks/aws/openshift-cluster/install.yml +++ b/playbooks/aws/openshift-cluster/install.yml @@ -16,31 +16,31 @@ tasks_from: master_facts.yml - name: run the init - include: ../../init/main.yml + import_playbook: ../../init/main.yml - name: perform the installer openshift-checks - include: ../../openshift-checks/private/install.yml + import_playbook: ../../openshift-checks/private/install.yml - name: etcd install - include: ../../openshift-etcd/private/config.yml + import_playbook: ../../openshift-etcd/private/config.yml - name: include nfs - include: ../../openshift-nfs/private/config.yml + import_playbook: ../../openshift-nfs/private/config.yml when: groups.oo_nfs_to_config | default([]) | count > 0 - name: include loadbalancer - include: ../../openshift-loadbalancer/private/config.yml + import_playbook: ../../openshift-loadbalancer/private/config.yml when: groups.oo_lb_to_config | default([]) | count > 0 - name: include openshift-master config - include: ../../openshift-master/private/config.yml + import_playbook: ../../openshift-master/private/config.yml - name: include master additional config - include: ../../openshift-master/private/additional_config.yml + import_playbook: ../../openshift-master/private/additional_config.yml - name: include master additional config - include: ../../openshift-node/private/config.yml + import_playbook: ../../openshift-node/private/config.yml - name: include openshift-glusterfs - include: ../../openshift-glusterfs/private/config.yml + import_playbook: ../../openshift-glusterfs/private/config.yml when: groups.oo_glusterfs_to_config | default([]) | count > 0 diff --git a/playbooks/aws/openshift-cluster/prerequisites.yml b/playbooks/aws/openshift-cluster/prerequisites.yml index f5eb01b14..0afcce331 100644 --- a/playbooks/aws/openshift-cluster/prerequisites.yml +++ b/playbooks/aws/openshift-cluster/prerequisites.yml @@ -1,6 +1,6 @@ --- -- include: provision_vpc.yml +- import_playbook: provision_vpc.yml -- include: provision_ssh_keypair.yml +- import_playbook: provision_ssh_keypair.yml -- include: provision_sec_group.yml +- import_playbook: provision_sec_group.yml diff --git a/playbooks/aws/openshift-cluster/provision_install.yml b/playbooks/aws/openshift-cluster/provision_install.yml index 78dd6a49b..f98f5be9a 100644 --- a/playbooks/aws/openshift-cluster/provision_install.yml +++ b/playbooks/aws/openshift-cluster/provision_install.yml @@ -4,16 +4,16 @@ # this playbook is run with the following parameters: # ansible-playbook -i openshift-ansible-inventory provision_install.yml - name: Include the provision.yml playbook to create cluster - include: provision.yml + import_playbook: provision.yml - name: Include the install.yml playbook to install cluster on masters - include: install.yml + import_playbook: install.yml - name: provision the infra/compute playbook to install node resources - include: provision_nodes.yml + import_playbook: provision_nodes.yml - name: Include the accept.yml playbook to accept nodes into the cluster - include: accept.yml + import_playbook: accept.yml - name: Include the hosted.yml playbook to finish the hosted configuration - include: hosted.yml + import_playbook: hosted.yml diff --git a/playbooks/byo/config.yml b/playbooks/byo/config.yml index 7d03914a2..4b74e5bce 100644 --- a/playbooks/byo/config.yml +++ b/playbooks/byo/config.yml @@ -1,2 +1,3 @@ --- -- include: openshift-cluster/config.yml +# TODO (rteague): Temporarily leaving this playbook to allow CI tests to operate until CI jobs are updated. +- import_playbook: ../deploy_cluster.yml diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml deleted file mode 100644 index 57823847b..000000000 --- a/playbooks/byo/openshift-cluster/config.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../init/main.yml - -- include: ../../common/openshift-cluster/config.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml index c46b22331..76308465c 100644 --- a/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml @@ -1,5 +1,5 @@ --- # Playbook to upgrade Docker to the max allowable version for an OpenShift cluster. -- include: ../../../../init/evaluate_groups.yml +- import_playbook: ../../../../init/evaluate_groups.yml -- include: ../../../../common/openshift-cluster/upgrades/docker/docker_upgrade.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/docker/docker_upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml b/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml deleted file mode 100644 index a9be8dec4..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- include: ../../../init/evaluate_groups.yml - -- include: ../../../common/openshift-cluster/upgrades/etcd/main.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml index c880fe7f7..0effc68bf 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -2,4 +2,4 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index aeec5f5cc..ebced5413 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -11,4 +11,4 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml index 4664a9a2b..f2e97fc01 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml @@ -4,4 +4,4 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml index cbb89bc4d..f6fedfdff 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -2,4 +2,4 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index 1adfbdec0..b8b5f5762 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -11,4 +11,4 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml index b4da18281..c63f11b30 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml @@ -4,4 +4,4 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_scale_groups.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_scale_groups.yml index 14b0f85d4..23a3fcbb5 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_scale_groups.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_scale_groups.yml @@ -4,4 +4,4 @@ # # Upgrades scale group nodes only. # -- include: ../../../../common/openshift-cluster/upgrades/upgrade_scale_group.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/upgrade_scale_group.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml index f7e5dd1d2..c4094aa7e 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml @@ -2,4 +2,4 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml index cc04d81c1..5a3aa6288 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml @@ -11,4 +11,4 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml index 37a9f69bb..74981cc31 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml @@ -4,4 +4,4 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade.yml index e8f9d94e2..a2a9d59f2 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade.yml @@ -2,4 +2,4 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../../../../common/openshift-cluster/upgrades/v3_9/upgrade.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_9/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml index acb4195e3..869e185af 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml @@ -11,4 +11,4 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../../../../common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml index df19097e1..a5867434b 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml @@ -4,4 +4,4 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../../../../common/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-node/network_manager.yml b/playbooks/byo/openshift-node/network_manager.yml deleted file mode 100644 index ca09fb65c..000000000 --- a/playbooks/byo/openshift-node/network_manager.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# TODO (rteague): Temporarily leaving this playbook to allow CI tests to operate until CI jobs are updated. -- include: ../../openshift-node/network_manager.yml diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml index 29e0ebe8d..85a65b7e1 100644 --- a/playbooks/byo/openshift_facts.yml +++ b/playbooks/byo/openshift_facts.yml @@ -1,13 +1,12 @@ --- -- include: ../init/main.yml +- import_playbook: ../init/main.yml - name: Gather Cluster facts hosts: oo_all_hosts roles: - openshift_facts tasks: - - openshift_facts: - openshift_env: "{{ hostvars[inventory_hostname] | oo_openshift_env }}" + - openshift_facts: {} register: result - debug: var: result diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml index 261143080..5a877809a 100644 --- a/playbooks/byo/rhel_subscribe.yml +++ b/playbooks/byo/rhel_subscribe.yml @@ -1,5 +1,5 @@ --- -- include: ../init/evaluate_groups.yml +- import_playbook: ../init/evaluate_groups.yml - name: Subscribe hosts, update repos and update OS packages hosts: oo_all_hosts diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml deleted file mode 100644 index 2eeb81b86..000000000 --- a/playbooks/common/openshift-cluster/config.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- include: ../../openshift-checks/private/install.yml - -- include: ../../openshift-etcd/private/config.yml - -- include: ../../openshift-nfs/private/config.yml - when: groups.oo_nfs_to_config | default([]) | count > 0 - -- include: ../../openshift-loadbalancer/private/config.yml - when: groups.oo_lb_to_config | default([]) | count > 0 - -- include: ../../openshift-master/private/config.yml - -- include: ../../openshift-master/private/additional_config.yml - -- include: ../../openshift-node/private/config.yml - -- include: ../../openshift-glusterfs/private/config.yml - when: groups.oo_glusterfs_to_config | default([]) | count > 0 - -- include: ../../openshift-hosted/private/config.yml - -- include: ../../openshift-metrics/private/config.yml - when: openshift_metrics_install_metrics | default(false) | bool - -- include: openshift_logging.yml - when: openshift_logging_install_logging | default(false) | bool - -- include: ../../openshift-prometheus/private/config.yml - when: openshift_hosted_prometheus_deploy | default(false) | bool - -- include: ../../openshift-service-catalog/private/config.yml - when: openshift_enable_service_catalog | default(true) | bool - -- include: ../../openshift-management/private/config.yml - when: openshift_management_install_management | default(false) | bool - -- name: Print deprecated variable warning message if necessary - hosts: oo_first_master - gather_facts: no - tasks: - - debug: msg="{{__deprecation_message}}" - when: - - __deprecation_message | default ('') | length > 0 diff --git a/playbooks/common/openshift-cluster/upgrades/disable_master_excluders.yml b/playbooks/common/openshift-cluster/upgrades/disable_master_excluders.yml index 800621857..33ed6a283 100644 --- a/playbooks/common/openshift-cluster/upgrades/disable_master_excluders.yml +++ b/playbooks/common/openshift-cluster/upgrades/disable_master_excluders.yml @@ -5,7 +5,6 @@ roles: - role: openshift_excluder r_openshift_excluder_action: disable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" r_openshift_excluder_verify_upgrade: true r_openshift_excluder_upgrade_target: "{{ openshift_upgrade_target }}" r_openshift_excluder_package_state: latest diff --git a/playbooks/common/openshift-cluster/upgrades/disable_node_excluders.yml b/playbooks/common/openshift-cluster/upgrades/disable_node_excluders.yml index a66301c0d..ab3171c9a 100644 --- a/playbooks/common/openshift-cluster/upgrades/disable_node_excluders.yml +++ b/playbooks/common/openshift-cluster/upgrades/disable_node_excluders.yml @@ -5,7 +5,6 @@ roles: - role: openshift_excluder r_openshift_excluder_action: disable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" r_openshift_excluder_verify_upgrade: true r_openshift_excluder_upgrade_target: "{{ openshift_upgrade_target }}" r_openshift_excluder_package_state: latest diff --git a/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml index 6d4ddf011..5c6def484 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml @@ -1,11 +1,11 @@ --- -- include: ../../../../init/evaluate_groups.yml +- import_playbook: ../../../../init/evaluate_groups.yml vars: # Do not allow adding hosts during upgrade. g_new_master_hosts: [] g_new_node_hosts: [] -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml - name: Check for appropriate Docker versions hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config @@ -19,7 +19,7 @@ msg: Cannot upgrade Docker on Atomic operating systems. when: openshift.common.is_atomic | bool - - include: upgrade_check.yml + - include_tasks: upgrade_check.yml when: docker_upgrade is not defined or docker_upgrade | bool @@ -51,7 +51,7 @@ - name: Drain Node for Kubelet upgrade command: > - {{ openshift.common.admin_binary }} drain {{ openshift.node.nodename }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets + {{ openshift.common.client_binary }} adm drain {{ openshift.node.nodename }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets delegate_to: "{{ groups.oo_first_master.0 }}" when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_upgrade register: l_docker_upgrade_drain_result @@ -59,7 +59,7 @@ retries: 60 delay: 60 - - include: tasks/upgrade.yml + - include_tasks: tasks/upgrade.yml when: l_docker_upgrade is defined and l_docker_upgrade | bool - name: Set node schedulability diff --git a/playbooks/common/openshift-cluster/upgrades/docker/tasks/restart.yml b/playbooks/common/openshift-cluster/upgrades/docker/tasks/restart.yml index 3b779becb..dbc4f39c7 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/tasks/restart.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/tasks/restart.yml @@ -11,9 +11,9 @@ with_items: - etcd_container - openvswitch - - "{{ openshift.common.service_type }}-master-api" - - "{{ openshift.common.service_type }}-master-controllers" - - "{{ openshift.common.service_type }}-node" + - "{{ openshift_service_type }}-master-api" + - "{{ openshift_service_type }}-master-controllers" + - "{{ openshift_service_type }}-node" failed_when: false when: openshift.common.is_containerized | bool diff --git a/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml index 83be290e6..4856a4b51 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml @@ -4,9 +4,9 @@ - name: Stop containerized services service: name={{ item }} state=stopped with_items: - - "{{ openshift.common.service_type }}-master-api" - - "{{ openshift.common.service_type }}-master-controllers" - - "{{ openshift.common.service_type }}-node" + - "{{ openshift_service_type }}-master-api" + - "{{ openshift_service_type }}-master-controllers" + - "{{ openshift_service_type }}-node" - etcd_container - openvswitch failed_when: false @@ -44,5 +44,5 @@ register: result until: result | success -- include: restart.yml +- include_tasks: restart.yml when: not skip_docker_restart | default(False) | bool diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/filter_plugins b/playbooks/common/openshift-cluster/upgrades/etcd/filter_plugins deleted file mode 120000 index 27ddaa18b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/etcd/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/lookup_plugins b/playbooks/common/openshift-cluster/upgrades/etcd/lookup_plugins deleted file mode 120000 index cf407f69b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/etcd/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/roles b/playbooks/common/openshift-cluster/upgrades/etcd/roles deleted file mode 120000 index 6bc1a7aef..000000000 --- a/playbooks/common/openshift-cluster/upgrades/etcd/roles +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml index 9981d905b..5454a6680 100644 --- a/playbooks/common/openshift-cluster/upgrades/init.yml +++ b/playbooks/common/openshift-cluster/upgrades/init.yml @@ -1,11 +1,11 @@ --- -- include: ../../../init/evaluate_groups.yml +- import_playbook: ../../../init/evaluate_groups.yml vars: # Do not allow adding hosts during upgrade. g_new_master_hosts: [] g_new_node_hosts: [] -- include: ../../../init/facts.yml +- import_playbook: ../../../init/facts.yml - name: Ensure firewall is not switched during upgrade hosts: oo_all_hosts diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index c458184c9..344ddea3c 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -114,7 +114,6 @@ roles: - role: openshift_excluder r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" post_tasks: # Check if any masters are using pluginOrderOverride and warn if so, only for 1.3/3.3 and beyond: - name: grep pluginOrderOverride diff --git a/playbooks/common/openshift-cluster/upgrades/pre/tasks/verify_docker_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/tasks/verify_docker_upgrade_targets.yml index 6d8503879..18a08eb99 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/tasks/verify_docker_upgrade_targets.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/tasks/verify_docker_upgrade_targets.yml @@ -1,7 +1,7 @@ --- # Only check if docker upgrade is required if docker_upgrade is not # already set to False. -- include: ../../docker/upgrade_check.yml +- include_tasks: ../../docker/upgrade_check.yml when: - docker_upgrade is not defined or (docker_upgrade | bool) - not (openshift.common.is_atomic | bool) diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml index 6a5bc24f7..bef95546d 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml @@ -13,21 +13,21 @@ block: - set_fact: master_services: - - "{{ openshift.common.service_type }}-master" + - "{{ openshift_service_type }}-master" # In case of the non-ha to ha upgrade. - - name: Check if the {{ openshift.common.service_type }}-master-api.service exists + - name: Check if the {{ openshift_service_type }}-master-api.service exists command: > - systemctl list-units {{ openshift.common.service_type }}-master-api.service --no-legend + systemctl list-units {{ openshift_service_type }}-master-api.service --no-legend register: master_api_service_status - set_fact: master_services: - - "{{ openshift.common.service_type }}-master-api" - - "{{ openshift.common.service_type }}-master-controllers" + - "{{ openshift_service_type }}-master-api" + - "{{ openshift_service_type }}-master-controllers" when: - master_api_service_status.stdout_lines | length > 0 - - (openshift.common.service_type + '-master-api.service') in master_api_service_status.stdout_lines[0] + - (openshift_service_type + '-master-api.service') in master_api_service_status.stdout_lines[0] - name: Ensure Master is running service: diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml index 84b740227..96f970506 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml @@ -21,7 +21,7 @@ block: - name: Check latest available OpenShift RPM version repoquery: - name: "{{ openshift.common.service_type }}" + name: "{{ openshift_service_type }}" ignore_excluders: true register: repoquery_out diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index 503d75ba0..37fc8a0f6 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -16,8 +16,8 @@ local_facts: embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" -- name: Upgrade and backup etcd - include: ./etcd/main.yml +- name: Backup and upgrade etcd + import_playbook: ../../../openshift-etcd/private/upgrade_main.yml # Create service signer cert when missing. Service signer certificate # is added to master config in the master_config_upgrade hook. @@ -30,7 +30,7 @@ register: service_signer_cert_stat changed_when: false -- include: create_service_signer_cert.yml +- import_playbook: create_service_signer_cert.yml # oc adm migrate storage should be run prior to etcd v3 upgrade # See: https://github.com/openshift/origin/pull/14625#issuecomment-308467060 @@ -71,7 +71,7 @@ - debug: msg="Running master pre-upgrade hook {{ openshift_master_upgrade_pre_hook }}" when: openshift_master_upgrade_pre_hook is defined - - include: "{{ openshift_master_upgrade_pre_hook }}" + - include_tasks: "{{ openshift_master_upgrade_pre_hook }}" when: openshift_master_upgrade_pre_hook is defined - include_role: @@ -82,20 +82,20 @@ - debug: msg="Running master upgrade hook {{ openshift_master_upgrade_hook }}" when: openshift_master_upgrade_hook is defined - - include: "{{ openshift_master_upgrade_hook }}" + - include_tasks: "{{ openshift_master_upgrade_hook }}" when: openshift_master_upgrade_hook is defined - - include: ../../../openshift-master/private/tasks/restart_hosts.yml + - include_tasks: ../../../openshift-master/private/tasks/restart_hosts.yml when: openshift.common.rolling_restart_mode == 'system' - - include: ../../../openshift-master/private/tasks/restart_services.yml + - include_tasks: ../../../openshift-master/private/tasks/restart_services.yml when: openshift.common.rolling_restart_mode == 'services' # Run the post-upgrade hook if defined: - debug: msg="Running master post-upgrade hook {{ openshift_master_upgrade_post_hook }}" when: openshift_master_upgrade_post_hook is defined - - include: "{{ openshift_master_upgrade_post_hook }}" + - include_tasks: "{{ openshift_master_upgrade_post_hook }}" when: openshift_master_upgrade_post_hook is defined - name: Post master upgrade - Upgrade clusterpolicies storage @@ -275,7 +275,7 @@ roles: - openshift_facts tasks: - - include: docker/tasks/upgrade.yml + - include_tasks: docker/tasks/upgrade.yml when: l_docker_upgrade is defined and l_docker_upgrade | bool and not openshift.common.is_atomic | bool - name: Drain and upgrade master nodes @@ -305,7 +305,7 @@ - name: Drain Node for Kubelet upgrade command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.admin_binary }} drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets + {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets delegate_to: "{{ groups.oo_first_master.0 }}" register: l_upgrade_control_plane_drain_result until: not l_upgrade_control_plane_drain_result | failed diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml index 75ffd3fe9..f7a85545b 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml @@ -26,7 +26,7 @@ - name: Drain Node for Kubelet upgrade command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.admin_binary }} drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets + {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets delegate_to: "{{ groups.oo_first_master.0 }}" register: l_upgrade_nodes_drain_result until: not l_upgrade_nodes_drain_result | failed @@ -45,7 +45,6 @@ name: openshift_excluder vars: r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - name: Set node schedulability oc_adm_manage_node: node: "{{ openshift.node.nodename | lower }}" diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_scale_group.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_scale_group.yml index d9ce3a7e3..47410dff3 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_scale_group.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_scale_group.yml @@ -13,7 +13,7 @@ - "'oo_sg_new_nodes' not in groups or groups.oo_sg_new_nodes|length == 0" - name: initialize upgrade bits - include: init.yml + import_playbook: init.yml - name: Drain and upgrade nodes hosts: oo_sg_current_nodes @@ -42,7 +42,7 @@ - name: Drain Node for Kubelet upgrade command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.admin_binary }} drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets + {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets delegate_to: "{{ groups.oo_first_master.0 }}" register: l_upgrade_nodes_drain_result until: not l_upgrade_nodes_drain_result | failed diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml index 5f9c56867..9f9399ff9 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -2,7 +2,7 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -17,7 +17,7 @@ # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade @@ -43,27 +43,27 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade -- include: ../disable_master_excluders.yml +- import_playbook: ../disable_master_excluders.yml tags: - pre_upgrade -- include: ../disable_node_excluders.yml +- import_playbook: ../disable_node_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -73,29 +73,29 @@ openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False -- include: ../../../../openshift-master/private/validate_restart.yml +- import_playbook: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_masters_to_config:oo_nodes_to_upgrade tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: validator.yml +- import_playbook: validator.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -107,12 +107,12 @@ - name: Cleanup unused Docker images hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_control_plane.yml +- import_playbook: ../upgrade_control_plane.yml vars: master_config_hook: "v3_6/master_config_upgrade.yml" -- include: ../upgrade_nodes.yml +- import_playbook: ../upgrade_nodes.yml -- include: ../post_control_plane.yml +- import_playbook: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 1aac3d014..7374160d6 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -11,7 +11,7 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -25,7 +25,7 @@ openshift_upgrade_min: "{{ '1.5' if deployment_type == 'origin' else '3.5' }}" # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade @@ -51,23 +51,23 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade -- include: ../disable_master_excluders.yml +- import_playbook: ../disable_master_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -77,29 +77,29 @@ openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False -- include: ../../../../openshift-master/private/validate_restart.yml +- import_playbook: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_masters_to_config tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: validator.yml +- import_playbook: validator.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -111,10 +111,10 @@ - name: Cleanup unused Docker images hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_control_plane.yml +- import_playbook: ../upgrade_control_plane.yml vars: master_config_hook: "v3_6/master_config_upgrade.yml" -- include: ../post_control_plane.yml +- import_playbook: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml index 306b76422..de9bf098e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml @@ -4,7 +4,7 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -18,7 +18,7 @@ openshift_upgrade_min: "{{ '1.5' if deployment_type == 'origin' else '3.5' }}" # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade @@ -44,19 +44,19 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../disable_node_excluders.yml +- import_playbook: ../disable_node_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -74,25 +74,25 @@ - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." when: openshift.common.version != openshift_version -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_nodes_to_upgrade tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_nodes_to_upgrade tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -104,6 +104,6 @@ - name: Cleanup unused Docker images hosts: oo_nodes_to_upgrade tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_nodes.yml +- import_playbook: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml index 6d4949542..0c1a99272 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -2,7 +2,7 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -17,11 +17,11 @@ # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade -- include: ../pre/verify_etcd3_backend.yml +- import_playbook: ../pre/verify_etcd3_backend.yml tags: - pre_upgrade @@ -47,27 +47,27 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade -- include: ../disable_master_excluders.yml +- import_playbook: ../disable_master_excluders.yml tags: - pre_upgrade -- include: ../disable_node_excluders.yml +- import_playbook: ../disable_node_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -77,29 +77,29 @@ openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False -- include: ../../../../openshift-master/private/validate_restart.yml +- import_playbook: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_masters_to_config:oo_nodes_to_upgrade tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: validator.yml +- import_playbook: validator.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -111,9 +111,9 @@ - name: Cleanup unused Docker images hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_control_plane.yml +- import_playbook: ../upgrade_control_plane.yml vars: master_config_hook: "v3_7/master_config_upgrade.yml" @@ -122,15 +122,15 @@ hosts: oo_masters_to_config gather_facts: no tasks: - - name: Stop {{ openshift.common.service_type }}-master-controllers + - name: Stop {{ openshift_service_type }}-master-controllers systemd: - name: "{{ openshift.common.service_type }}-master-controllers" + name: "{{ openshift_service_type }}-master-controllers" state: stopped - - name: Start {{ openshift.common.service_type }}-master-controllers + - name: Start {{ openshift_service_type }}-master-controllers systemd: - name: "{{ openshift.common.service_type }}-master-controllers" + name: "{{ openshift_service_type }}-master-controllers" state: started -- include: ../upgrade_nodes.yml +- import_playbook: ../upgrade_nodes.yml -- include: ../post_control_plane.yml +- import_playbook: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index 0a592896b..9dcad352c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -11,7 +11,7 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -25,11 +25,11 @@ openshift_upgrade_min: '3.6' # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade -- include: ../pre/verify_etcd3_backend.yml +- import_playbook: ../pre/verify_etcd3_backend.yml tags: - pre_upgrade @@ -55,23 +55,23 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade -- include: ../disable_master_excluders.yml +- import_playbook: ../disable_master_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -81,29 +81,29 @@ openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False -- include: ../../../../openshift-master/private/validate_restart.yml +- import_playbook: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_masters_to_config tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: validator.yml +- import_playbook: validator.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -115,9 +115,9 @@ - name: Cleanup unused Docker images hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_control_plane.yml +- import_playbook: ../upgrade_control_plane.yml vars: master_config_hook: "v3_7/master_config_upgrade.yml" @@ -126,13 +126,13 @@ hosts: oo_masters_to_config gather_facts: no tasks: - - name: Stop {{ openshift.common.service_type }}-master-controllers + - name: Stop {{ openshift_service_type }}-master-controllers systemd: - name: "{{ openshift.common.service_type }}-master-controllers" + name: "{{ openshift_service_type }}-master-controllers" state: stopped - - name: Start {{ openshift.common.service_type }}-master-controllers + - name: Start {{ openshift_service_type }}-master-controllers systemd: - name: "{{ openshift.common.service_type }}-master-controllers" + name: "{{ openshift_service_type }}-master-controllers" state: started -- include: ../post_control_plane.yml +- import_playbook: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml index b381d606a..27a7f67ea 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml @@ -4,7 +4,7 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -18,7 +18,7 @@ openshift_upgrade_min: '3.6' # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade @@ -44,19 +44,19 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../disable_node_excluders.yml +- import_playbook: ../disable_node_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -74,25 +74,25 @@ - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." when: openshift.common.version != openshift_version -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_nodes_to_upgrade tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_nodes_to_upgrade tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -104,6 +104,6 @@ - name: Cleanup unused Docker images hosts: oo_nodes_to_upgrade tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_nodes.yml +- import_playbook: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml index e7d7756d1..ead2efbd0 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml @@ -2,7 +2,7 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -17,11 +17,11 @@ # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade -- include: ../pre/verify_etcd3_backend.yml +- import_playbook: ../pre/verify_etcd3_backend.yml tags: - pre_upgrade @@ -47,27 +47,27 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade -- include: ../disable_master_excluders.yml +- import_playbook: ../disable_master_excluders.yml tags: - pre_upgrade -- include: ../disable_node_excluders.yml +- import_playbook: ../disable_node_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -77,29 +77,29 @@ openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False -- include: ../../../../openshift-master/private/validate_restart.yml +- import_playbook: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_masters_to_config:oo_nodes_to_upgrade tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: validator.yml +- import_playbook: validator.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -111,9 +111,9 @@ - name: Cleanup unused Docker images hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_control_plane.yml +- import_playbook: ../upgrade_control_plane.yml vars: master_config_hook: "v3_7/master_config_upgrade.yml" @@ -122,15 +122,15 @@ hosts: oo_masters_to_config gather_facts: no tasks: - - name: Stop {{ openshift.common.service_type }}-master-controllers + - name: Stop {{ openshift_service_type }}-master-controllers systemd: - name: "{{ openshift.common.service_type }}-master-controllers" + name: "{{ openshift_service_type }}-master-controllers" state: stopped - - name: Start {{ openshift.common.service_type }}-master-controllers + - name: Start {{ openshift_service_type }}-master-controllers systemd: - name: "{{ openshift.common.service_type }}-master-controllers" + name: "{{ openshift_service_type }}-master-controllers" state: started -- include: ../upgrade_nodes.yml +- import_playbook: ../upgrade_nodes.yml -- include: ../post_control_plane.yml +- import_playbook: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml index be362e3ff..ae37b1359 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml @@ -11,7 +11,7 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -25,11 +25,11 @@ openshift_upgrade_min: '3.7' # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade -- include: ../pre/verify_etcd3_backend.yml +- import_playbook: ../pre/verify_etcd3_backend.yml tags: - pre_upgrade @@ -55,23 +55,23 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade -- include: ../disable_master_excluders.yml +- import_playbook: ../disable_master_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -81,29 +81,29 @@ openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False -- include: ../../../../openshift-master/private/validate_restart.yml +- import_playbook: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_masters_to_config tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: validator.yml +- import_playbook: validator.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -115,9 +115,9 @@ - name: Cleanup unused Docker images hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_control_plane.yml +- import_playbook: ../upgrade_control_plane.yml vars: master_config_hook: "v3_7/master_config_upgrade.yml" @@ -126,13 +126,13 @@ hosts: oo_masters_to_config gather_facts: no tasks: - - name: Stop {{ openshift.common.service_type }}-master-controllers + - name: Stop {{ openshift_service_type }}-master-controllers systemd: - name: "{{ openshift.common.service_type }}-master-controllers" + name: "{{ openshift_service_type }}-master-controllers" state: stopped - - name: Start {{ openshift.common.service_type }}-master-controllers + - name: Start {{ openshift_service_type }}-master-controllers systemd: - name: "{{ openshift.common.service_type }}-master-controllers" + name: "{{ openshift_service_type }}-master-controllers" state: started -- include: ../post_control_plane.yml +- import_playbook: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml index 6e68116b0..dd716b241 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml @@ -4,7 +4,7 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -18,7 +18,7 @@ openshift_upgrade_min: '3.7' # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade @@ -44,19 +44,19 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../disable_node_excluders.yml +- import_playbook: ../disable_node_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -74,25 +74,25 @@ - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." when: openshift.common.version != openshift_version -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_nodes_to_upgrade tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_nodes_to_upgrade tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -104,6 +104,6 @@ - name: Cleanup unused Docker images hosts: oo_nodes_to_upgrade tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_nodes.yml +- import_playbook: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml index 94c16cae0..eb688f189 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml @@ -2,7 +2,7 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -17,11 +17,11 @@ # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade -- include: ../pre/verify_etcd3_backend.yml +- import_playbook: ../pre/verify_etcd3_backend.yml tags: - pre_upgrade @@ -47,27 +47,27 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade -- include: ../disable_master_excluders.yml +- import_playbook: ../disable_master_excluders.yml tags: - pre_upgrade -- include: ../disable_node_excluders.yml +- import_playbook: ../disable_node_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -83,29 +83,29 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../../openshift-master/private/validate_restart.yml +- import_playbook: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_masters_to_config:oo_nodes_to_upgrade tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - import_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: validator.yml +- import_playbook: validator.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -117,9 +117,9 @@ - name: Cleanup unused Docker images hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_control_plane.yml +- import_playbook: ../upgrade_control_plane.yml vars: master_config_hook: "v3_7/master_config_upgrade.yml" @@ -137,6 +137,6 @@ name: "{{ openshift.common.service_type }}-master-controllers" state: started -- include: ../upgrade_nodes.yml +- import_playbook: ../upgrade_nodes.yml -- include: ../post_control_plane.yml +- import_playbook: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml index 2045f6379..983bb4a63 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml @@ -11,7 +11,7 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -25,11 +25,11 @@ openshift_upgrade_min: '3.7' # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade -- include: ../pre/verify_etcd3_backend.yml +- import_playbook: ../pre/verify_etcd3_backend.yml tags: - pre_upgrade @@ -55,23 +55,23 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade -- include: ../disable_master_excluders.yml +- import_playbook: ../disable_master_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -87,29 +87,29 @@ # docker is configured and running. skip_docker_role: True -- include: ../../../../openshift-master/private/validate_restart.yml +- import_playbook: ../../../../openshift-master/private/validate_restart.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_masters_to_config tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: validator.yml +- import_playbook: validator.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -121,9 +121,9 @@ - name: Cleanup unused Docker images hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_control_plane.yml +- import_playbook: ../upgrade_control_plane.yml vars: master_config_hook: "v3_7/master_config_upgrade.yml" @@ -141,4 +141,4 @@ name: "{{ openshift.common.service_type }}-master-controllers" state: started -- include: ../post_control_plane.yml +- import_playbook: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml index 6134f8653..d95cfa4e1 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml @@ -4,7 +4,7 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../init.yml +- import_playbook: ../init.yml tags: - pre_upgrade @@ -18,7 +18,7 @@ openshift_upgrade_min: '3.7' # Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml +- import_playbook: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade @@ -44,19 +44,19 @@ - openshift_http_proxy is defined or openshift_https_proxy is defined - openshift_generate_no_proxy_hosts | default(True) | bool -- include: ../pre/verify_inventory_vars.yml +- import_playbook: ../pre/verify_inventory_vars.yml tags: - pre_upgrade -- include: ../pre/verify_health_checks.yml +- import_playbook: ../pre/verify_health_checks.yml tags: - pre_upgrade -- include: ../disable_node_excluders.yml +- import_playbook: ../disable_node_excluders.yml tags: - pre_upgrade -- include: ../../../../init/version.yml +- import_playbook: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -80,25 +80,25 @@ - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." when: openshift.common.version != openshift_version -- include: ../pre/verify_control_plane_running.yml +- import_playbook: ../pre/verify_control_plane_running.yml tags: - pre_upgrade - name: Verify upgrade targets hosts: oo_nodes_to_upgrade tasks: - - include: ../pre/verify_upgrade_targets.yml + - include_tasks: ../pre/verify_upgrade_targets.yml tags: - pre_upgrade - name: Verify docker upgrade targets hosts: oo_nodes_to_upgrade tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml + - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml tags: - pre_upgrade -- include: ../pre/gate_checks.yml +- import_playbook: ../pre/gate_checks.yml tags: - pre_upgrade @@ -110,6 +110,6 @@ - name: Cleanup unused Docker images hosts: oo_nodes_to_upgrade tasks: - - include: ../cleanup_unused_images.yml + - include_tasks: ../cleanup_unused_images.yml -- include: ../upgrade_nodes.yml +- import_playbook: ../upgrade_nodes.yml diff --git a/playbooks/container-runtime/config.yml b/playbooks/container-runtime/config.yml new file mode 100644 index 000000000..f15aa771f --- /dev/null +++ b/playbooks/container-runtime/config.yml @@ -0,0 +1,6 @@ +--- +- import_playbook: ../init/main.yml + vars: + skip_verison: True + +- import_playbook: private/config.yml diff --git a/playbooks/container-runtime/private/config.yml b/playbooks/container-runtime/private/config.yml new file mode 100644 index 000000000..67445edeb --- /dev/null +++ b/playbooks/container-runtime/private/config.yml @@ -0,0 +1,28 @@ +--- +- hosts: "{{ l_containerized_host_groups }}" + vars: + l_chg_temp: "{{ openshift_containerized_host_groups | default([]) }}" + l_containerized_host_groups: "{{ (['oo_nodes_to_config'] | union(l_chg_temp)) | join(':') }}" + # role: container_runtime is necessary here to bring role default variables + # into the play scope. + roles: + - role: container_runtime + tasks: + - include_role: + name: container_runtime + tasks_from: package_docker.yml + when: + - not openshift_docker_use_system_container | bool + - not openshift_use_crio_only | bool + - include_role: + name: container_runtime + tasks_from: systemcontainer_docker.yml + when: + - openshift_docker_use_system_container | bool + - not openshift_use_crio_only | bool + - include_role: + name: container_runtime + tasks_from: systemcontainer_crio.yml + when: + - openshift_use_crio | bool + - openshift_docker_is_node_or_master | bool diff --git a/playbooks/container-runtime/private/roles b/playbooks/container-runtime/private/roles new file mode 120000 index 000000000..148b13206 --- /dev/null +++ b/playbooks/container-runtime/private/roles @@ -0,0 +1 @@ +../../roles/
\ No newline at end of file diff --git a/playbooks/deploy_cluster.yml b/playbooks/deploy_cluster.yml new file mode 100644 index 000000000..0e6bde09a --- /dev/null +++ b/playbooks/deploy_cluster.yml @@ -0,0 +1,46 @@ +--- +- import_playbook: init/main.yml + +- import_playbook: openshift-checks/private/install.yml + +- import_playbook: openshift-etcd/private/config.yml + +- import_playbook: openshift-nfs/private/config.yml + when: groups.oo_nfs_to_config | default([]) | count > 0 + +- import_playbook: openshift-loadbalancer/private/config.yml + when: groups.oo_lb_to_config | default([]) | count > 0 + +- import_playbook: openshift-master/private/config.yml + +- import_playbook: openshift-master/private/additional_config.yml + +- import_playbook: openshift-node/private/config.yml + +- import_playbook: openshift-glusterfs/private/config.yml + when: groups.oo_glusterfs_to_config | default([]) | count > 0 + +- import_playbook: openshift-hosted/private/config.yml + +- import_playbook: openshift-metrics/private/config.yml + when: openshift_metrics_install_metrics | default(false) | bool + +- import_playbook: openshift-logging/private/config.yml + when: openshift_logging_install_logging | default(false) | bool + +- import_playbook: openshift-prometheus/private/config.yml + when: openshift_hosted_prometheus_deploy | default(false) | bool + +- import_playbook: openshift-service-catalog/private/config.yml + when: openshift_enable_service_catalog | default(true) | bool + +- import_playbook: openshift-management/private/config.yml + when: openshift_management_install_management | default(false) | bool + +- name: Print deprecated variable warning message if necessary + hosts: oo_first_master + gather_facts: no + tasks: + - debug: msg="{{__deprecation_message}}" + when: + - __deprecation_message | default ('') | length > 0 diff --git a/playbooks/gcp/openshift-cluster/provision.yml b/playbooks/gcp/provision.yml index 097717607..6016e6a78 100644 --- a/playbooks/gcp/openshift-cluster/provision.yml +++ b/playbooks/gcp/provision.yml @@ -9,8 +9,5 @@ include_role: name: openshift_gcp -- name: run the init - include: ../../init/main.yml - -- name: run the config - include: ../../common/openshift-cluster/config.yml +- name: run the cluster deploy + import_playbook: ../deploy_cluster.yml diff --git a/playbooks/init/main.yml b/playbooks/init/main.yml index 5a7483b72..b2b972a7d 100644 --- a/playbooks/init/main.yml +++ b/playbooks/init/main.yml @@ -18,8 +18,10 @@ - import_playbook: facts.yml - import_playbook: sanity_checks.yml + when: not (skip_sanity_checks | default(False)) - import_playbook: validate_hostnames.yml + when: not (skip_validate_hostnames | default(False)) - import_playbook: repos.yml diff --git a/playbooks/openshift-etcd/private/ca.yml b/playbooks/openshift-etcd/private/ca.yml index c9f186e72..f3bb3c2d1 100644 --- a/playbooks/openshift-etcd/private/ca.yml +++ b/playbooks/openshift-etcd/private/ca.yml @@ -7,7 +7,7 @@ tasks: - include_role: name: etcd - tasks_from: ca + tasks_from: ca.yml vars: etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" diff --git a/playbooks/openshift-etcd/private/certificates-backup.yml b/playbooks/openshift-etcd/private/certificates-backup.yml index d738c8207..ce21a1f96 100644 --- a/playbooks/openshift-etcd/private/certificates-backup.yml +++ b/playbooks/openshift-etcd/private/certificates-backup.yml @@ -5,10 +5,10 @@ tasks: - include_role: name: etcd - tasks_from: backup_generated_certificates + tasks_from: backup_generated_certificates.yml - include_role: name: etcd - tasks_from: remove_generated_certificates + tasks_from: remove_generated_certificates.yml - name: Backup deployed etcd certificates hosts: oo_etcd_to_config @@ -16,4 +16,4 @@ tasks: - include_role: name: etcd - tasks_from: backup_server_certificates + tasks_from: backup_server_certificates.yml diff --git a/playbooks/openshift-etcd/private/config.yml b/playbooks/openshift-etcd/private/config.yml index 3d6c79834..35407969e 100644 --- a/playbooks/openshift-etcd/private/config.yml +++ b/playbooks/openshift-etcd/private/config.yml @@ -19,7 +19,6 @@ hosts: oo_etcd_to_config any_errors_fatal: true roles: - - role: os_firewall - role: openshift_clock - role: openshift_etcd etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" diff --git a/playbooks/openshift-etcd/private/embedded2external.yml b/playbooks/openshift-etcd/private/embedded2external.yml index 514319b88..be177b714 100644 --- a/playbooks/openshift-etcd/private/embedded2external.yml +++ b/playbooks/openshift-etcd/private/embedded2external.yml @@ -20,9 +20,9 @@ - name: Check the master API is ready include_role: name: openshift_master - tasks_from: check_master_api_is_ready + tasks_from: check_master_api_is_ready.yml - set_fact: - master_service: "{{ openshift.common.service_type + '-master' }}" + master_service: "{{ openshift_service_type + '-master' }}" embedded_etcd_backup_suffix: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" - debug: msg: "master service name: {{ master_service }}" @@ -34,7 +34,7 @@ # Can't use with_items with include_role: https://github.com/ansible/ansible/issues/21285 - include_role: name: etcd - tasks_from: backup + tasks_from: backup.yml vars: r_etcd_common_backup_tag: pre-migrate r_etcd_common_embedded_etcd: "{{ true }}" @@ -42,7 +42,7 @@ - include_role: name: etcd - tasks_from: backup.archive + tasks_from: backup.archive.yml vars: r_etcd_common_backup_tag: pre-migrate r_etcd_common_embedded_etcd: "{{ true }}" @@ -58,7 +58,7 @@ tasks: - include_role: name: etcd - tasks_from: backup_master_etcd_certificates + tasks_from: backup_master_etcd_certificates.yml - name: Redeploy master etcd certificates import_playbook: master_etcd_certificates.yml @@ -75,10 +75,10 @@ pre_tasks: - include_role: name: etcd - tasks_from: disable_etcd + tasks_from: disable_etcd.yml - include_role: name: etcd - tasks_from: clean_data + tasks_from: clean_data.yml # 6. copy the embedded etcd backup to the external host # TODO(jchaloup): if the etcd and first master are on the same host, just copy the directory @@ -93,7 +93,7 @@ - include_role: name: etcd - tasks_from: backup.fetch + tasks_from: backup.fetch.yml vars: etcd_backup_sync_directory: "{{ g_etcd_client_mktemp.stdout }}" r_etcd_common_backup_tag: pre-migrate @@ -103,7 +103,7 @@ - include_role: name: etcd - tasks_from: backup.copy + tasks_from: backup.copy.yml vars: etcd_backup_sync_directory: "{{ g_etcd_client_mktemp.stdout }}" r_etcd_common_backup_tag: pre-migrate @@ -124,14 +124,14 @@ tasks: - include_role: name: etcd - tasks_from: backup.unarchive + tasks_from: backup.unarchive.yml vars: r_etcd_common_backup_tag: pre-migrate r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" - include_role: name: etcd - tasks_from: backup.force_new_cluster + tasks_from: backup.force_new_cluster.yml vars: r_etcd_common_backup_tag: pre-migrate r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" @@ -145,7 +145,7 @@ tasks: - include_role: name: openshift_master - tasks_from: configure_external_etcd + tasks_from: configure_external_etcd.yml vars: etcd_peer_url_scheme: "https" etcd_ip: "{{ hostvars[groups.oo_etcd_to_config.0].openshift.common.ip }}" diff --git a/playbooks/openshift-etcd/private/migrate.yml b/playbooks/openshift-etcd/private/migrate.yml index 4269918c2..9ddb4afe2 100644 --- a/playbooks/openshift-etcd/private/migrate.yml +++ b/playbooks/openshift-etcd/private/migrate.yml @@ -17,7 +17,7 @@ tasks: - include_role: name: etcd - tasks_from: migrate.pre_check + tasks_from: migrate.pre_check.yml vars: r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" etcd_peer: "{{ ansible_default_ipv4.address }}" @@ -28,8 +28,8 @@ tasks: - set_fact: master_services: - - "{{ openshift.common.service_type + '-master-controllers' }}" - - "{{ openshift.common.service_type + '-master-api' }}" + - "{{ openshift_service_type + '-master-controllers' }}" + - "{{ openshift_service_type + '-master-api' }}" - debug: msg: "master service name: {{ master_services }}" - name: Stop masters @@ -46,7 +46,7 @@ post_tasks: - include_role: name: etcd - tasks_from: backup + tasks_from: backup.yml vars: r_etcd_common_backup_tag: pre-migration r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" @@ -74,7 +74,7 @@ pre_tasks: - include_role: name: etcd - tasks_from: disable_etcd + tasks_from: disable_etcd.yml - name: Migrate data on first etcd hosts: oo_etcd_to_migrate[0] @@ -82,7 +82,7 @@ tasks: - include_role: name: etcd - tasks_from: migrate + tasks_from: migrate.yml vars: r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" etcd_peer: "{{ openshift.common.ip }}" @@ -95,7 +95,7 @@ tasks: - include_role: name: etcd - tasks_from: clean_data + tasks_from: clean_data.yml vars: r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" etcd_peer: "{{ openshift.common.ip }}" @@ -132,7 +132,7 @@ tasks: - include_role: name: etcd - tasks_from: migrate.add_ttls + tasks_from: migrate.add_ttls.yml vars: etcd_peer: "{{ hostvars[groups.oo_etcd_to_migrate.0].openshift.common.ip }}" etcd_url_scheme: "https" @@ -144,7 +144,7 @@ tasks: - include_role: name: etcd - tasks_from: migrate.configure_master + tasks_from: migrate.configure_master.yml when: etcd_migration_failed | length == 0 - debug: msg: "Skipping master re-configuration since migration failed." diff --git a/playbooks/openshift-etcd/private/redeploy-ca.yml b/playbooks/openshift-etcd/private/redeploy-ca.yml index cc5d57031..158bcb849 100644 --- a/playbooks/openshift-etcd/private/redeploy-ca.yml +++ b/playbooks/openshift-etcd/private/redeploy-ca.yml @@ -16,12 +16,12 @@ tasks: - include_role: name: etcd - tasks_from: backup_ca_certificates + tasks_from: backup_ca_certificates.yml - include_role: name: etcd - tasks_from: remove_ca_certificates + tasks_from: remove_ca_certificates.yml -- include: ca.yml +- import_playbook: ca.yml - name: Create temp directory for syncing certs hosts: localhost @@ -44,7 +44,7 @@ etcd_sync_cert_dir: "{{ hostvars['localhost'].g_etcd_mktemp.stdout }}" etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" -- include: restart.yml +- import_playbook: restart.yml # Do not restart etcd when etcd certificates were previously expired. when: ('expired' not in (hostvars | oo_select_keys(groups['etcd']) @@ -56,7 +56,7 @@ tasks: - include_role: name: etcd - tasks_from: retrieve_ca_certificates + tasks_from: retrieve_ca_certificates.yml vars: etcd_sync_cert_dir: "{{ hostvars['localhost'].g_etcd_mktemp.stdout }}" @@ -82,7 +82,7 @@ state: absent changed_when: false -- include: ../../openshift-master/private/restart.yml +- import_playbook: ../../openshift-master/private/restart.yml # Do not restart masters when master or etcd certificates were previously expired. when: # masters diff --git a/playbooks/openshift-etcd/private/redeploy-certificates.yml b/playbooks/openshift-etcd/private/redeploy-certificates.yml index cc1e6adf5..1c8eb27ac 100644 --- a/playbooks/openshift-etcd/private/redeploy-certificates.yml +++ b/playbooks/openshift-etcd/private/redeploy-certificates.yml @@ -11,8 +11,8 @@ # certificates were previously expired. - role: openshift_certificate_expiry -- include: certificates-backup.yml +- import_playbook: certificates-backup.yml -- include: certificates.yml +- import_playbook: certificates.yml vars: etcd_certificates_redeploy: true diff --git a/playbooks/openshift-etcd/private/scaleup.yml b/playbooks/openshift-etcd/private/scaleup.yml index fac8e3f02..3ef043ec8 100644 --- a/playbooks/openshift-etcd/private/scaleup.yml +++ b/playbooks/openshift-etcd/private/scaleup.yml @@ -32,7 +32,7 @@ until: etcd_add_check.rc == 0 - include_role: name: etcd - tasks_from: server_certificates + tasks_from: server_certificates.yml vars: etcd_peers: "{{ groups.oo_new_etcd_to_config | default([], true) }}" etcd_certificates_etcd_hosts: "{{ groups.oo_new_etcd_to_config | default([], true) }}" @@ -78,4 +78,4 @@ post_tasks: - include_role: name: openshift_master - tasks_from: update_etcd_client_urls + tasks_from: update_etcd_client_urls.yml diff --git a/playbooks/openshift-etcd/private/server_certificates.yml b/playbooks/openshift-etcd/private/server_certificates.yml index 14c74baf3..695b53990 100644 --- a/playbooks/openshift-etcd/private/server_certificates.yml +++ b/playbooks/openshift-etcd/private/server_certificates.yml @@ -7,7 +7,7 @@ post_tasks: - include_role: name: etcd - tasks_from: server_certificates + tasks_from: server_certificates.yml vars: etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml b/playbooks/openshift-etcd/private/upgrade_backup.yml index 531175c85..22ed7e610 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml +++ b/playbooks/openshift-etcd/private/upgrade_backup.yml @@ -6,7 +6,7 @@ post_tasks: - include_role: name: etcd - tasks_from: backup + tasks_from: backup.yml vars: r_etcd_common_backup_tag: "{{ etcd_backup_tag }}" r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_image_members.yml b/playbooks/openshift-etcd/private/upgrade_image_members.yml index 6fca42bd0..c133c0201 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_image_members.yml +++ b/playbooks/openshift-etcd/private/upgrade_image_members.yml @@ -8,7 +8,7 @@ tasks: - include_role: name: etcd - tasks_from: upgrade_image + tasks_from: upgrade_image.yml vars: r_etcd_upgrade_version: "{{ etcd_upgrade_version }}" etcd_peer: "{{ openshift.common.hostname }}" diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/main.yml b/playbooks/openshift-etcd/private/upgrade_main.yml index 5b8ba3bb2..e373a4a4c 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/main.yml +++ b/playbooks/openshift-etcd/private/upgrade_main.yml @@ -6,7 +6,7 @@ # available in the repos. So for Fedora we'll simply skip this, sorry. - name: Backup etcd before upgrading anything - include: backup.yml + import_playbook: upgrade_backup.yml vars: etcd_backup_tag: "pre-upgrade-" when: openshift_etcd_backup | default(true) | bool @@ -16,14 +16,14 @@ tasks: - include_role: name: etcd - tasks_from: drop_etcdctl + tasks_from: drop_etcdctl.yml - name: Perform etcd upgrade - include: ./upgrade.yml + import_playbook: upgrade_step.yml when: openshift_etcd_upgrade | default(true) | bool - name: Backup etcd - include: backup.yml + import_playbook: upgrade_backup.yml vars: etcd_backup_tag: "post-3.0-" when: openshift_etcd_backup | default(true) | bool diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_rpm_members.yml b/playbooks/openshift-etcd/private/upgrade_rpm_members.yml index 51e8786b3..902c39d9c 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade_rpm_members.yml +++ b/playbooks/openshift-etcd/private/upgrade_rpm_members.yml @@ -8,7 +8,7 @@ tasks: - include_role: name: etcd - tasks_from: upgrade_rpm + tasks_from: upgrade_rpm.yml vars: r_etcd_upgrade_version: "{{ etcd_upgrade_version }}" etcd_peer: "{{ openshift.common.hostname }}" diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml b/playbooks/openshift-etcd/private/upgrade_step.yml index c5ff4133c..60127fc68 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml +++ b/playbooks/openshift-etcd/private/upgrade_step.yml @@ -6,47 +6,47 @@ name: etcd tasks_from: version_detect.yml -- include: upgrade_rpm_members.yml +- import_playbook: upgrade_rpm_members.yml vars: etcd_upgrade_version: '2.1' -- include: upgrade_rpm_members.yml +- import_playbook: upgrade_rpm_members.yml vars: etcd_upgrade_version: '2.2' -- include: upgrade_image_members.yml +- import_playbook: upgrade_image_members.yml vars: etcd_upgrade_version: '2.2.5' -- include: upgrade_rpm_members.yml +- import_playbook: upgrade_rpm_members.yml vars: etcd_upgrade_version: '2.3' -- include: upgrade_image_members.yml +- import_playbook: upgrade_image_members.yml vars: etcd_upgrade_version: '2.3.7' -- include: upgrade_rpm_members.yml +- import_playbook: upgrade_rpm_members.yml vars: etcd_upgrade_version: '3.0' -- include: upgrade_image_members.yml +- import_playbook: upgrade_image_members.yml vars: etcd_upgrade_version: '3.0.15' -- include: upgrade_rpm_members.yml +- import_playbook: upgrade_rpm_members.yml vars: etcd_upgrade_version: '3.1' -- include: upgrade_image_members.yml +- import_playbook: upgrade_image_members.yml vars: etcd_upgrade_version: '3.1.3' -- include: upgrade_rpm_members.yml +- import_playbook: upgrade_rpm_members.yml vars: etcd_upgrade_version: '3.2' -- include: upgrade_image_members.yml +- import_playbook: upgrade_image_members.yml vars: etcd_upgrade_version: '3.2.7' @@ -56,7 +56,7 @@ tasks: - include_role: name: etcd - tasks_from: upgrade_image + tasks_from: upgrade_image.yml vars: etcd_peer: "{{ openshift.common.hostname }}" when: diff --git a/playbooks/openshift-etcd/redeploy-ca.yml b/playbooks/openshift-etcd/redeploy-ca.yml index b1d23675d..769d694ba 100644 --- a/playbooks/openshift-etcd/redeploy-ca.yml +++ b/playbooks/openshift-etcd/redeploy-ca.yml @@ -1,4 +1,4 @@ --- -- include: ../init/main.yml +- import_playbook: ../init/main.yml -- include: private/redeploy-ca.yml +- import_playbook: private/redeploy-ca.yml diff --git a/playbooks/openshift-etcd/redeploy-certificates.yml b/playbooks/openshift-etcd/redeploy-certificates.yml index 1bd302c03..753878d70 100644 --- a/playbooks/openshift-etcd/redeploy-certificates.yml +++ b/playbooks/openshift-etcd/redeploy-certificates.yml @@ -1,10 +1,10 @@ --- -- include: ../init/main.yml +- import_playbook: ../init/main.yml -- include: private/redeploy-certificates.yml +- import_playbook: private/redeploy-certificates.yml -- include: private/restart.yml +- import_playbook: private/restart.yml vars: g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}" -- include: ../openshift-master/private/restart.yml +- import_playbook: ../openshift-master/private/restart.yml diff --git a/playbooks/openshift-etcd/upgrade.yml b/playbooks/openshift-etcd/upgrade.yml new file mode 100644 index 000000000..ccc797527 --- /dev/null +++ b/playbooks/openshift-etcd/upgrade.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/evaluate_groups.yml + +- import_playbook: private/upgrade_main.yml diff --git a/playbooks/openshift-glusterfs/private/registry.yml b/playbooks/openshift-glusterfs/private/registry.yml index 75c1f0300..917b729f9 100644 --- a/playbooks/openshift-glusterfs/private/registry.yml +++ b/playbooks/openshift-glusterfs/private/registry.yml @@ -1,40 +1,11 @@ --- - import_playbook: config.yml -- name: Initialize GlusterFS registry PV and PVC vars - hosts: oo_first_master - tags: hosted - tasks: - - set_fact: - glusterfs_pv: [] - glusterfs_pvc: [] - - - set_fact: - glusterfs_pv: - - name: "{{ openshift.hosted.registry.storage.volume.name }}-glusterfs-volume" - capacity: "{{ openshift.hosted.registry.storage.volume.size }}" - access_modes: "{{ openshift.hosted.registry.storage.access.modes }}" - storage: - glusterfs: - endpoints: "{{ openshift.hosted.registry.storage.glusterfs.endpoints }}" - path: "{{ openshift.hosted.registry.storage.glusterfs.path }}" - readOnly: "{{ openshift.hosted.registry.storage.glusterfs.readOnly }}" - glusterfs_pvc: - - name: "{{ openshift.hosted.registry.storage.volume.name }}-glusterfs-claim" - capacity: "{{ openshift.hosted.registry.storage.volume.size }}" - access_modes: "{{ openshift.hosted.registry.storage.access.modes }}" - when: openshift.hosted.registry.storage.glusterfs.swap - - name: Create persistent volumes hosts: oo_first_master - tags: - - hosted - vars: - persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups, glusterfs_pv) }}" - persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims(glusterfs_pvc) }}" roles: - role: openshift_persistent_volumes - when: persistent_volumes | union(glusterfs_pv) | length > 0 or persistent_volume_claims | union(glusterfs_pvc) | length > 0 + when: openshift_hosted_registry_storage_glusterfs_swap | default(False) - name: Create Hosted Resources hosts: oo_first_master diff --git a/playbooks/openshift-hosted/private/create_persistent_volumes.yml b/playbooks/openshift-hosted/private/create_persistent_volumes.yml index 8a60a30b8..41ae2eb69 100644 --- a/playbooks/openshift-hosted/private/create_persistent_volumes.yml +++ b/playbooks/openshift-hosted/private/create_persistent_volumes.yml @@ -1,9 +1,5 @@ --- - name: Create Hosted Resources - persistent volumes hosts: oo_first_master - vars: - persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" - persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" roles: - role: openshift_persistent_volumes - when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0 diff --git a/playbooks/openshift-hosted/redeploy-registry-certificates.yml b/playbooks/openshift-hosted/redeploy-registry-certificates.yml index 65fb0abda..518a1d624 100644 --- a/playbooks/openshift-hosted/redeploy-registry-certificates.yml +++ b/playbooks/openshift-hosted/redeploy-registry-certificates.yml @@ -1,4 +1,4 @@ --- -- include: ../init/main.yml +- import_playbook: ../init/main.yml -- include: private/redeploy-registry-certificates.yml +- import_playbook: private/redeploy-registry-certificates.yml diff --git a/playbooks/openshift-hosted/redeploy-router-certificates.yml b/playbooks/openshift-hosted/redeploy-router-certificates.yml index 8dc052751..a74dd8c79 100644 --- a/playbooks/openshift-hosted/redeploy-router-certificates.yml +++ b/playbooks/openshift-hosted/redeploy-router-certificates.yml @@ -1,4 +1,4 @@ --- -- include: ../init/main.yml +- import_playbook: ../init/main.yml -- include: private/redeploy-router-certificates.yml +- import_playbook: private/redeploy-router-certificates.yml diff --git a/playbooks/openshift-loadbalancer/private/config.yml b/playbooks/openshift-loadbalancer/private/config.yml index 78fe663db..2636d857e 100644 --- a/playbooks/openshift-loadbalancer/private/config.yml +++ b/playbooks/openshift-loadbalancer/private/config.yml @@ -11,13 +11,6 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" -- name: Configure firewall load balancers - hosts: oo_lb_to_config:!oo_masters_to_config:!oo_nodes_to_config - vars: - openshift_image_tag: "{{ hostvars[groups.oo_first_master.0].openshift_image_tag }}" - roles: - - role: os_firewall - - name: Configure load balancers hosts: oo_lb_to_config vars: diff --git a/playbooks/byo/openshift-cluster/openshift-logging.yml b/playbooks/openshift-logging/config.yml index 74e186f33..d71b4f1c5 100644 --- a/playbooks/byo/openshift-cluster/openshift-logging.yml +++ b/playbooks/openshift-logging/config.yml @@ -4,6 +4,6 @@ # Hosted logging on. See inventory/byo/hosts.*.example for the # currently supported method. # -- include: ../../init/main.yml +- import_playbook: ../init/main.yml -- include: ../../common/openshift-cluster/openshift_logging.yml +- import_playbook: private/config.yml diff --git a/playbooks/common/openshift-cluster/openshift_logging.yml b/playbooks/openshift-logging/private/config.yml index bc59bd95a..bc59bd95a 100644 --- a/playbooks/common/openshift-cluster/openshift_logging.yml +++ b/playbooks/openshift-logging/private/config.yml diff --git a/playbooks/openshift-logging/private/filter_plugins b/playbooks/openshift-logging/private/filter_plugins new file mode 120000 index 000000000..99a95e4ca --- /dev/null +++ b/playbooks/openshift-logging/private/filter_plugins @@ -0,0 +1 @@ +../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/openshift-logging/private/library b/playbooks/openshift-logging/private/library new file mode 120000 index 000000000..ba40d2f56 --- /dev/null +++ b/playbooks/openshift-logging/private/library @@ -0,0 +1 @@ +../../../library
\ No newline at end of file diff --git a/playbooks/openshift-logging/private/lookup_plugins b/playbooks/openshift-logging/private/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/openshift-logging/private/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/openshift-logging/private/roles b/playbooks/openshift-logging/private/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/openshift-logging/private/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/openshift-master/private/additional_config.yml b/playbooks/openshift-master/private/additional_config.yml index b7cfbe4e4..a90cd6b22 100644 --- a/playbooks/openshift-master/private/additional_config.yml +++ b/playbooks/openshift-master/private/additional_config.yml @@ -19,8 +19,6 @@ openshift_master_ha: "{{ groups.oo_masters | length > 1 }}" omc_cluster_hosts: "{{ groups.oo_masters | join(' ')}}" roles: - - role: openshift_master_cluster - when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker" - role: openshift_project_request_template when: openshift_project_request_template_manage - role: openshift_examples diff --git a/playbooks/openshift-master/private/config.yml b/playbooks/openshift-master/private/config.yml index afb8d6bd1..9f6d5afcc 100644 --- a/playbooks/openshift-master/private/config.yml +++ b/playbooks/openshift-master/private/config.yml @@ -19,7 +19,6 @@ roles: - role: openshift_excluder r_openshift_excluder_action: disable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - name: Gather and set facts for master hosts hosts: oo_masters_to_config @@ -180,7 +179,6 @@ | oo_collect('openshift.common.ip') | default([]) | join(',') }}" roles: - - role: os_firewall - role: openshift_master_facts - role: openshift_hosted_facts - role: openshift_clock @@ -228,6 +226,8 @@ - name: Configure API Aggregation on masters hosts: oo_masters serial: 1 + roles: + - role: openshift_facts tasks: - include_tasks: tasks/wire_aggregator.yml @@ -237,7 +237,6 @@ roles: - role: openshift_excluder r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - name: Master Install Checkpoint End hosts: all diff --git a/playbooks/openshift-master/private/redeploy-certificates.yml b/playbooks/openshift-master/private/redeploy-certificates.yml index 3bd38a61d..c0f75ae80 100644 --- a/playbooks/openshift-master/private/redeploy-certificates.yml +++ b/playbooks/openshift-master/private/redeploy-certificates.yml @@ -1,6 +1,6 @@ --- -- include: certificates-backup.yml +- import_playbook: certificates-backup.yml -- include: certificates.yml +- import_playbook: certificates.yml vars: openshift_certificates_redeploy: true diff --git a/playbooks/openshift-master/private/redeploy-openshift-ca.yml b/playbooks/openshift-master/private/redeploy-openshift-ca.yml index 59657574a..2a190935e 100644 --- a/playbooks/openshift-master/private/redeploy-openshift-ca.yml +++ b/playbooks/openshift-master/private/redeploy-openshift-ca.yml @@ -207,7 +207,7 @@ group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" with_items: "{{ client_users }}" -- include: restart.yml +- import_playbook: restart.yml # Do not restart masters when master or etcd certificates were previously expired. when: # masters @@ -272,7 +272,7 @@ state: absent changed_when: false -- include: ../../openshift-node/private/restart.yml +- import_playbook: ../../openshift-node/private/restart.yml # Do not restart nodes when node, master or etcd certificates were previously expired. when: # nodes diff --git a/playbooks/openshift-master/private/scaleup.yml b/playbooks/openshift-master/private/scaleup.yml index 8229eccfa..007b23ea3 100644 --- a/playbooks/openshift-master/private/scaleup.yml +++ b/playbooks/openshift-master/private/scaleup.yml @@ -20,11 +20,11 @@ - restart master controllers handlers: - name: restart master api - service: name={{ openshift.common.service_type }}-master-controllers state=restarted + service: name={{ openshift_service_type }}-master-controllers state=restarted notify: verify api server # We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + command: "systemctl restart {{ openshift_service_type }}-master-controllers" retries: 3 delay: 5 register: result diff --git a/playbooks/openshift-master/private/tasks/wire_aggregator.yml b/playbooks/openshift-master/private/tasks/wire_aggregator.yml index 97acc5d5d..4f55d5c82 100644 --- a/playbooks/openshift-master/private/tasks/wire_aggregator.yml +++ b/playbooks/openshift-master/private/tasks/wire_aggregator.yml @@ -180,21 +180,19 @@ #restart master serially here - name: restart master api - systemd: name={{ openshift.common.service_type }}-master-api state=restarted + systemd: name={{ openshift_service_type }}-master-api state=restarted when: - yedit_output.changed - - openshift.master.cluster_method == 'native' # We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + command: "systemctl restart {{ openshift_service_type }}-master-controllers" retries: 3 delay: 5 register: result until: result.rc == 0 when: - yedit_output.changed - - openshift.master.cluster_method == 'native' - name: Verify API Server # Using curl here since the uri module requires python-httplib2 and diff --git a/playbooks/openshift-master/private/validate_restart.yml b/playbooks/openshift-master/private/validate_restart.yml index 5dbb21502..1077d0b9c 100644 --- a/playbooks/openshift-master/private/validate_restart.yml +++ b/playbooks/openshift-master/private/validate_restart.yml @@ -14,9 +14,6 @@ - role: common local_facts: rolling_restart_mode: "{{ openshift_rolling_restart_mode | default('services') }}" - - role: master - local_facts: - cluster_method: "{{ openshift_master_cluster_method | default(None) }}" # Creating a temp file on localhost, we then check each system that will # be rebooted to see if that file exists, if so we know we're running diff --git a/playbooks/openshift-master/redeploy-certificates.yml b/playbooks/openshift-master/redeploy-certificates.yml index df727247b..8b7272485 100644 --- a/playbooks/openshift-master/redeploy-certificates.yml +++ b/playbooks/openshift-master/redeploy-certificates.yml @@ -1,6 +1,6 @@ --- -- include: ../init/main.yml +- import_playbook: ../init/main.yml -- include: private/redeploy-certificates.yml +- import_playbook: private/redeploy-certificates.yml -- include: private/restart.yml +- import_playbook: private/restart.yml diff --git a/playbooks/openshift-master/redeploy-openshift-ca.yml b/playbooks/openshift-master/redeploy-openshift-ca.yml index 3ae74c7a0..27f4e6b7d 100644 --- a/playbooks/openshift-master/redeploy-openshift-ca.yml +++ b/playbooks/openshift-master/redeploy-openshift-ca.yml @@ -1,4 +1,4 @@ --- -- include: ../init/main.yml +- import_playbook: ../init/main.yml -- include: private/redeploy-openshift-ca.yml +- import_playbook: private/redeploy-openshift-ca.yml diff --git a/playbooks/openshift-nfs/private/config.yml b/playbooks/openshift-nfs/private/config.yml index 6ea77e00b..3625efcc6 100644 --- a/playbooks/openshift-nfs/private/config.yml +++ b/playbooks/openshift-nfs/private/config.yml @@ -14,7 +14,6 @@ - name: Configure nfs hosts: oo_nfs_to_config roles: - - role: os_firewall - role: openshift_storage_nfs - name: NFS Install Checkpoint End diff --git a/playbooks/openshift-node/private/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml index dc5d7a57e..32b288c8b 100644 --- a/playbooks/openshift-node/private/configure_nodes.yml +++ b/playbooks/openshift-node/private/configure_nodes.yml @@ -10,7 +10,6 @@ | oo_collect('openshift.common.hostname') | default([]) | join (',') }}" roles: - - role: os_firewall - role: openshift_clock - role: openshift_node - role: tuned diff --git a/playbooks/openshift-node/private/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml index 5afa83be7..ef07669cb 100644 --- a/playbooks/openshift-node/private/containerized_nodes.yml +++ b/playbooks/openshift-node/private/containerized_nodes.yml @@ -12,7 +12,6 @@ }}" roles: - - role: os_firewall - role: openshift_clock - role: openshift_node openshift_ca_host: "{{ groups.oo_first_master.0 }}" diff --git a/playbooks/openshift-node/private/enable_excluders.yml b/playbooks/openshift-node/private/enable_excluders.yml index 5288b14f9..30713e694 100644 --- a/playbooks/openshift-node/private/enable_excluders.yml +++ b/playbooks/openshift-node/private/enable_excluders.yml @@ -5,4 +5,3 @@ roles: - role: openshift_excluder r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" diff --git a/playbooks/openshift-node/private/image_prep.yml b/playbooks/openshift-node/private/image_prep.yml index b7ac27bda..6b517197d 100644 --- a/playbooks/openshift-node/private/image_prep.yml +++ b/playbooks/openshift-node/private/image_prep.yml @@ -1,12 +1,10 @@ --- - name: normalize groups - import_playbook: ../../init/evaluate_groups.yml - -- name: initialize the facts - import_playbook: ../../init/facts.yml - -- name: initialize the repositories - import_playbook: ../../init/repos.yml + import_playbook: ../../prerequisites.yml + vars: + skip_version: True + skip_sanity_checks: True + skip_validate_hostnames: True - name: run node config setup import_playbook: setup.yml diff --git a/playbooks/openshift-node/private/network_manager.yml b/playbooks/openshift-node/private/network_manager.yml index 7211787be..39640345f 100644 --- a/playbooks/openshift-node/private/network_manager.yml +++ b/playbooks/openshift-node/private/network_manager.yml @@ -1,6 +1,4 @@ --- -- import_playbook: ../../init/evaluate_groups.yml - - name: Install and configure NetworkManager hosts: oo_all_hosts become: yes diff --git a/playbooks/openshift-node/private/redeploy-certificates.yml b/playbooks/openshift-node/private/redeploy-certificates.yml index 3bd38a61d..c0f75ae80 100644 --- a/playbooks/openshift-node/private/redeploy-certificates.yml +++ b/playbooks/openshift-node/private/redeploy-certificates.yml @@ -1,6 +1,6 @@ --- -- include: certificates-backup.yml +- import_playbook: certificates-backup.yml -- include: certificates.yml +- import_playbook: certificates.yml vars: openshift_certificates_redeploy: true diff --git a/playbooks/openshift-node/private/restart.yml b/playbooks/openshift-node/private/restart.yml index 41eb00f99..0786bd7d3 100644 --- a/playbooks/openshift-node/private/restart.yml +++ b/playbooks/openshift-node/private/restart.yml @@ -23,9 +23,9 @@ with_items: - etcd_container - openvswitch - - "{{ openshift.common.service_type }}-master-api" - - "{{ openshift.common.service_type }}-master-controllers" - - "{{ openshift.common.service_type }}-node" + - "{{ openshift_service_type }}-master-api" + - "{{ openshift_service_type }}-master-controllers" + - "{{ openshift_service_type }}-node" failed_when: false when: openshift.common.is_containerized | bool @@ -40,7 +40,7 @@ - name: restart node service: - name: "{{ openshift.common.service_type }}-node" + name: "{{ openshift_service_type }}-node" state: restarted - name: Wait for node to be ready diff --git a/playbooks/openshift-node/private/setup.yml b/playbooks/openshift-node/private/setup.yml index 794c03a67..541913aef 100644 --- a/playbooks/openshift-node/private/setup.yml +++ b/playbooks/openshift-node/private/setup.yml @@ -5,7 +5,6 @@ roles: - role: openshift_excluder r_openshift_excluder_action: disable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - name: Evaluate node groups hosts: localhost diff --git a/playbooks/openshift-node/redeploy-certificates.yml b/playbooks/openshift-node/redeploy-certificates.yml index df727247b..8b7272485 100644 --- a/playbooks/openshift-node/redeploy-certificates.yml +++ b/playbooks/openshift-node/redeploy-certificates.yml @@ -1,6 +1,6 @@ --- -- include: ../init/main.yml +- import_playbook: ../init/main.yml -- include: private/redeploy-certificates.yml +- import_playbook: private/redeploy-certificates.yml -- include: private/restart.yml +- import_playbook: private/restart.yml diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index cb8af4a9e..db2a13d38 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -23,35 +23,14 @@ There are no additional dependencies for the cluster nodes. Required configuration steps are done by Heat given a specific user data config that normally should not be changed. -## Required galaxy modules - -In order to pull in external dependencies for DNS configuration steps, -the following commads need to be executed: - - ansible-galaxy install \ - -r openshift-ansible-contrib/playbooks/provisioning/openstack/galaxy-requirements.yaml \ - -p openshift-ansible-contrib/roles - -Alternatively you can install directly from github: - - ansible-galaxy install git+https://github.com/redhat-cop/infra-ansible,master \ - -p openshift-ansible-contrib/roles - -Notes: -* This assumes we're in the directory that contains the clonned -openshift-ansible-contrib repo in its root path. -* When trying to install a different version, the previous one must be removed first -(`infra-ansible` directory from [roles](https://github.com/openshift/openshift-ansible-contrib/tree/master/roles)). -Otherwise, even if there are differences between the two versions, installation of the newer version is skipped. - - ## Accessing the OpenShift Cluster ### Configure DNS -OpenShift requires two DNS records to function fully. The first one points to +OpenShift requires a two public DNS records to function fully. The first one points to the master/load balancer and provides the UI/API access. The other one is a -wildcard domain that resolves app route requests to the infra node. +wildcard domain that resolves app route requests to the infra node. A private DNS +server and records are not required and not managed here. If you followed the default installation from the README section, there is no DNS configured. You should add two entries to the `/etc/hosts` file on the @@ -187,8 +166,8 @@ That sudomain can be set as well by the `openshift_openstack_app_subdomain` vari the inventory. The `openstack_<role name>_hostname` is a set of variables used for customising -hostnames of servers with a given role. When such a variable stays commented, -default hostname (usually the role name) is used. +public names of Nova servers provisioned with a given role. When such a variable stays commented, +default value (usually the role name) is used. The `openshift_openstack_dns_nameservers` is a list of DNS servers accessible from all the created Nova servers. These will provide the internal name resolution for @@ -203,7 +182,7 @@ When Network Manager is enabled for provisioned cluster nodes, which is normally the case, you should not change the defaults and always deploy dnsmasq. `openshift_openstack_external_nsupdate_keys` describes an external authoritative DNS server(s) -processing dynamic records updates in the public and private cluster views: +processing dynamic records updates in the public only cluster view: openshift_openstack_external_nsupdate_keys: public: @@ -211,10 +190,6 @@ processing dynamic records updates in the public and private cluster views: key_algorithm: 'hmac-md5' key_name: 'update-key' server: <public DNS server IP> - private: - key_secret: <some nsupdate key 2> - key_algorithm: 'hmac-sha256' - server: <public or private DNS server IP> Here, for the public view section, we specified another key algorithm and optional `key_name`, which normally defaults to the cluster's DNS domain. @@ -222,24 +197,6 @@ This just illustrates a compatibility mode with a DNS service deployed by OpenShift on OSP10 reference architecture, and used in a mixed mode with another external DNS server. -Another example defines an external DNS server for the public view -additionally to the in-stack DNS server used for the private view only: - - openshift_openstack_external_nsupdate_keys: - public: - key_secret: <some nsupdate key> - key_algorithm: 'hmac-sha256' - server: <public DNS server IP> - -Here, updates matching the public view will be hitting the given public -server IP. While updates matching the private view will be sent to the -auto evaluated in-stack DNS server's **public** IP. - -Note, for the in-stack DNS server, private view updates may be sent only -via the public IP of the server. You can not send updates via the private -IP yet. This forces the in-stack private server to have a floating IP. -See also the [security notes](#security-notes) - ## Flannel networking In order to configure the @@ -337,7 +294,6 @@ variables](https://docs.openshift.com/container-platform/3.6/install_config/inst in `inventory/group_vars/OSEv3.yml`. For example, given a load balancer node under the ansible group named `ext_lb`: - openshift_master_cluster_method: native openshift_master_cluster_hostname: "{{ groups.ext_lb.0 }}" openshift_master_cluster_public_hostname: "{{ groups.ext_lb.0 }}" @@ -376,18 +332,6 @@ be the case for development environments. When turned off, the servers will be provisioned omitting the ``yum update`` command. This brings security implications though, and is not recommended for production deployments. -### DNS servers security options - -Aside from `openshift_openstack_node_ingress_cidr` restricting public access to in-stack DNS -servers, there are following (bind/named specific) DNS security -options available: - - named_public_recursion: 'no' - named_private_recursion: 'yes' - -External DNS servers, which is not included in the 'dns' hosts group, -are not managed. It is up to you to configure such ones. - ## Configure the OpenShift parameters Finally, you need to update the DNS entry in diff --git a/playbooks/openstack/openshift-cluster/install.yml b/playbooks/openstack/openshift-cluster/install.yml index 1c4f609e3..3211f619a 100644 --- a/playbooks/openstack/openshift-cluster/install.yml +++ b/playbooks/openstack/openshift-cluster/install.yml @@ -8,8 +8,5 @@ # values here. We do it in the OSEv3 group vars. Do we need to add # some logic here? -- name: run the initialization - include: ../../init/main.yml - -- name: run the config - include: ../../common/openshift-cluster/config.yml +- name: run the cluster deploy + import_playbook: ../../deploy_cluster.yml diff --git a/playbooks/openstack/openshift-cluster/provision.yml b/playbooks/openstack/openshift-cluster/provision.yml index 36d8c8215..583e72b51 100644 --- a/playbooks/openstack/openshift-cluster/provision.yml +++ b/playbooks/openstack/openshift-cluster/provision.yml @@ -10,7 +10,7 @@ # NOTE(shadower): Bring in the host groups: - name: evaluate groups - include: ../../init/evaluate_groups.yml + import_playbook: ../../init/evaluate_groups.yml - name: Wait for the nodes and gather their facts @@ -26,9 +26,9 @@ - name: Gather facts for the new nodes setup: +- name: set common facts + import_playbook: ../../init/facts.yml -# NOTE(shadower): the (internal) DNS must be functional at this point!! -# That will have happened in provision.yml if nsupdate was configured. # TODO(shadower): consider splitting this up so people can stop here # and configure their DNS if they have to. @@ -47,6 +47,13 @@ hosts: oo_all_hosts become: yes gather_facts: yes + roles: + - role: rhel_subscribe + when: + - ansible_distribution == "RedHat" + - rhsub_user | default(False) + - rhsub_pass | default(False) + tasks: - name: Install dependencies include_role: diff --git a/playbooks/openstack/openshift-cluster/provision_install.yml b/playbooks/openstack/openshift-cluster/provision_install.yml index 5d88c105f..fc2854605 100644 --- a/playbooks/openstack/openshift-cluster/provision_install.yml +++ b/playbooks/openstack/openshift-cluster/provision_install.yml @@ -1,9 +1,9 @@ --- - name: Check the prerequisites for cluster provisioning in OpenStack - include: prerequisites.yml + import_playbook: prerequisites.yml - name: Include the provision.yml playbook to create cluster - include: provision.yml + import_playbook: provision.yml - name: Include the install.yml playbook to install cluster - include: install.yml + import_playbook: install.yml diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml index 68d898d9a..933117127 100644 --- a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml +++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml @@ -6,7 +6,6 @@ openshift_deployment_type: origin #openshift_release: v3.5 openshift_master_default_subdomain: "apps.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" -openshift_master_cluster_method: native openshift_master_cluster_public_hostname: "console.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" osm_default_node_selector: 'region=primary' diff --git a/playbooks/openstack/sample-inventory/group_vars/all.yml b/playbooks/openstack/sample-inventory/group_vars/all.yml index ae1528123..c7afe9a24 100644 --- a/playbooks/openstack/sample-inventory/group_vars/all.yml +++ b/playbooks/openstack/sample-inventory/group_vars/all.yml @@ -82,27 +82,10 @@ openshift_openstack_docker_volume_size: "15" openshift_openstack_subnet_prefix: "192.168.99" -## Red Hat subscription defaults to false which means we will not attempt to -## subscribe the nodes -#rhsm_register: False - -# # Using Red Hat Satellite: -#rhsm_register: True -#rhsm_satellite: 'sat-6.example.com' -#rhsm_org: 'OPENSHIFT_ORG' -#rhsm_activationkey: '<activation-key>' - -# # Or using RHN username, password and optionally pool: -#rhsm_register: True -#rhsm_username: '<username>' -#rhsm_password: '<password>' -#rhsm_pool: '<pool id>' - -#rhsm_repos: -# - "rhel-7-server-rpms" -# - "rhel-7-server-ose-3.5-rpms" -# - "rhel-7-server-extras-rpms" -# - "rhel-7-fast-datapath-rpms" +## Red Hat subscription: +#rhsub_user: '<username>' +#rhsub_pass: '<password>' +#rhsub_pool: '<pool name>' # # Roll-your-own DNS diff --git a/playbooks/prerequisites.yml b/playbooks/prerequisites.yml index 7dd59c5d8..7b7868cfe 100644 --- a/playbooks/prerequisites.yml +++ b/playbooks/prerequisites.yml @@ -1,12 +1,12 @@ --- -- include: init/main.yml +- import_playbook: init/main.yml vars: skip_verison: True -- hosts: "{{ l_containerized_host_groups }}" - vars: - l_chg_temp: "{{ openshift_containerized_host_groups | default([]) }}" - l_containerized_host_groups: "{{ (['oo_nodes_to_config'] | union(l_chg_temp)) | join(':') }}" - tasks: - - include_role: - name: container_runtime +# This is required for container runtime for crio, only needs to run once. +- name: Configure os_firewall + hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_nfs_to_config:oo_nodes_to_config + roles: + - role: os_firewall + +- import_playbook: container-runtime/private/config.yml diff --git a/playbooks/redeploy-certificates.yml b/playbooks/redeploy-certificates.yml index 45135c10e..b5fcb951d 100644 --- a/playbooks/redeploy-certificates.yml +++ b/playbooks/redeploy-certificates.yml @@ -1,26 +1,26 @@ --- -- include: init/main.yml +- import_playbook: init/main.yml -- include: openshift-etcd/private/redeploy-certificates.yml +- import_playbook: openshift-etcd/private/redeploy-certificates.yml -- include: openshift-master/private/redeploy-certificates.yml +- import_playbook: openshift-master/private/redeploy-certificates.yml -- include: openshift-node/private/redeploy-certificates.yml +- import_playbook: openshift-node/private/redeploy-certificates.yml -- include: openshift-etcd/private/restart.yml +- import_playbook: openshift-etcd/private/restart.yml vars: g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}" -- include: openshift-master/private/restart.yml +- import_playbook: openshift-master/private/restart.yml -- include: openshift-node/private/restart.yml +- import_playbook: openshift-node/private/restart.yml -- include: openshift-hosted/private/redeploy-router-certificates.yml +- import_playbook: openshift-hosted/private/redeploy-router-certificates.yml when: openshift_hosted_manage_router | default(true) | bool -- include: openshift-hosted/private/redeploy-registry-certificates.yml +- import_playbook: openshift-hosted/private/redeploy-registry-certificates.yml when: openshift_hosted_manage_registry | default(true) | bool -- include: openshift-master/private/revert-client-ca.yml +- import_playbook: openshift-master/private/revert-client-ca.yml -- include: openshift-master/private/restart.yml +- import_playbook: openshift-master/private/restart.yml diff --git a/roles/container_runtime/README.md b/roles/container_runtime/README.md index e363c1714..51f469aaf 100644 --- a/roles/container_runtime/README.md +++ b/roles/container_runtime/README.md @@ -1,18 +1,23 @@ -Docker +Container Runtime ========= Ensures docker package or system container is installed, and optionally raises timeout for systemd-udevd.service to 5 minutes. container-daemon.json items may be found at https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file -Requirements ------------- +This role is designed to be used with include_role and tasks_from. -Ansible 2.2 +Entry points +------------ +* package_docker.yml - install and setup docker container runtime. +* systemcontainer_docker.yml - utilize docker + systemcontainer +* systemcontainer_crio.yml - utilize crio + systemcontainer +* registry_auth.yml - place docker login credentials. -Mandator Role Variables --------------- +Requirements +------------ +Ansible 2.4 Dependencies @@ -24,9 +29,9 @@ Example Playbook ---------------- - hosts: servers - roles: - - role: container_runtime - docker_udev_workaround: "true" + tasks: + - include_role: container_runtime + tasks_from: package_docker.yml License ------- @@ -36,4 +41,4 @@ ASL 2.0 Author Information ------------------ -OpenShift operations, Red Hat, Inc +Red Hat, Inc diff --git a/roles/container_runtime/defaults/main.yml b/roles/container_runtime/defaults/main.yml index 62b3e141a..d7eb8663f 100644 --- a/roles/container_runtime/defaults/main.yml +++ b/roles/container_runtime/defaults/main.yml @@ -59,6 +59,7 @@ docker_default_storage_path: /var/lib/docker # Set local versions of facts that must be in json format for container-daemon.json # NOTE: When jinja2.9+ is used the container-daemon.json file can move to using tojson l_docker_log_options: "{{ l2_docker_log_options | to_json }}" +l_docker_log_options_dict: "{{ l2_docker_log_options | oo_list_to_dict | to_json }}" l_docker_additional_registries: "{{ l2_docker_additional_registries | to_json }}" l_docker_blocked_registries: "{{ l2_docker_blocked_registries | to_json }}" l_docker_insecure_registries: "{{ l2_docker_insecure_registries | to_json }}" @@ -71,10 +72,62 @@ docker_no_proxy: "{{ openshift.common.no_proxy | default('') }}" openshift_use_crio: False openshift_use_crio_only: False +l_openshift_image_tag_default: "{{ openshift_release | default('latest') }}" +l_openshift_image_tag: "{{ openshift_image_tag | default(l_openshift_image_tag_default) | string}}" +# --------------------- # +# systemcontainers_crio # +# --------------------- # l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}" l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}" l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}" -l_openshift_image_tag_default: "{{ openshift_release }}" -l_openshift_image_tag: "{{ openshift_image_tag | default(l_openshift_image_tag_default) | string}}" + +openshift_crio_image_tag_default: "latest" + +l_crt_crio_image_tag_dict: + openshift-enterprise: "{{ l_openshift_image_tag }}" + origin: "{{ openshift_crio_image_tag | default(openshift_crio_image_tag_default) }}" + +l_crt_crio_image_prepend_dict: + openshift-enterprise: "registry.access.redhat.com/openshift3" + origin: "docker.io/gscrivano" + +l_crt_crio_image_dict: + Fedora: + crio_image_name: "cri-o-fedora" + crio_image_tag: "latest" + CentOS: + crio_image_name: "cri-o-centos" + crio_image_tag: "latest" + RedHat: + crio_image_name: "cri-o" + crio_image_tag: "{{ openshift_crio_image_tag | default(l_crt_crio_image_tag_dict[openshift_deployment_type]) }}" + +l_crio_image_prepend: "{{ l_crt_crio_image_prepend_dict[openshift_deployment_type] }}" +l_crio_image_name: "{{ l_crt_crio_image_dict[ansible_distribution]['crio_image_name'] }}" +l_crio_image_tag: "{{ l_crt_crio_image_dict[ansible_distribution] }}" + +l_crio_image_default: "{{ l_crio_image_prepend }}/{{ l_crio_image_name }}:{{ l_crio_image_tag }}" +l_crio_image: "{{ openshift_crio_systemcontainer_image_override | default(l_crio_image_default) }}" + +# ----------------------- # +# systemcontainers_docker # +# ----------------------- # +l_crt_docker_image_prepend_dict: + Fedora: "registry.fedoraproject.org/f25" + Centos: "docker.io/gscrivano" + RedHat: "registry.access.redhat.com/openshift3" + +openshift_docker_image_tag_default: "latest" +l_crt_docker_image_tag_dict: + openshift-enterprise: "{{ l_openshift_image_tag }}" + origin: "{{ openshift_docker_image_tag | default(openshift_docker_image_tag_default) }}" + +l_docker_image_prepend: "{{ l_crt_docker_image_prepend_dict[ansible_distribution] }}" +l_docker_image_tag: "{{ l_crt_docker_image_tag_dict[openshift_deployment_type] }}" + +l_docker_image_default: "{{ l_docker_image_prepend }}/{{ openshift_docker_service_name }}:{{ l_docker_image_tag }}" +l_docker_image: "{{ openshift_docker_systemcontainer_image_override | default(l_docker_image_default) }}" + +l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" diff --git a/roles/openshift_atomic/tasks/proxy.yml b/roles/container_runtime/tasks/common/atomic_proxy.yml index dde099984..dde099984 100644 --- a/roles/openshift_atomic/tasks/proxy.yml +++ b/roles/container_runtime/tasks/common/atomic_proxy.yml diff --git a/roles/container_runtime/tasks/common/post.yml b/roles/container_runtime/tasks/common/post.yml new file mode 100644 index 000000000..d790eb2c0 --- /dev/null +++ b/roles/container_runtime/tasks/common/post.yml @@ -0,0 +1,26 @@ +--- +- name: Ensure /var/lib/containers exists + file: + path: /var/lib/containers + state: directory + +- name: Fix SELinux Permissions on /var/lib/containers + command: "restorecon -R /var/lib/containers/" + changed_when: false + +- meta: flush_handlers + +# This needs to run after docker is restarted to account for proxy settings. +# registry_auth is called directly with include_role in some places, so we +# have to put it in the root of the tasks/ directory. +- include_tasks: ../registry_auth.yml + +- name: stat the docker data dir + stat: + path: "{{ docker_default_storage_path }}" + register: dockerstat + +- include_tasks: setup_docker_symlink.yml + when: + - openshift_use_crio + - dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool) diff --git a/roles/container_runtime/tasks/common/pre.yml b/roles/container_runtime/tasks/common/pre.yml new file mode 100644 index 000000000..990fe66da --- /dev/null +++ b/roles/container_runtime/tasks/common/pre.yml @@ -0,0 +1,12 @@ +--- +- include_tasks: udev_workaround.yml + when: docker_udev_workaround | default(False) | bool + +- name: Add enterprise registry, if necessary + set_fact: + l2_docker_additional_registries: "{{ l2_docker_additional_registries + [openshift_docker_ent_reg] }}" + when: + - openshift.common.deployment_type == 'openshift-enterprise' + - openshift_docker_ent_reg != '' + - openshift_docker_ent_reg not in l2_docker_additional_registries + - not openshift_use_crio_only | bool diff --git a/roles/container_runtime/tasks/common/setup_docker_symlink.yml b/roles/container_runtime/tasks/common/setup_docker_symlink.yml new file mode 100644 index 000000000..d7aeb192e --- /dev/null +++ b/roles/container_runtime/tasks/common/setup_docker_symlink.yml @@ -0,0 +1,38 @@ +--- +- block: + - name: stop the current running docker + systemd: + state: stopped + name: "{{ openshift_docker_service_name }}" + + - name: copy "{{ docker_default_storage_path }}" to "{{ docker_alt_storage_path }}" + command: "cp -r {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" + register: results + failed_when: + - results.rc != 0 + + - name: "Set the selinux context on {{ docker_alt_storage_path }}" + command: "semanage fcontext -a -e {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" + register: results + failed_when: + - results.rc == 1 + - "'already exists' not in results.stderr" + + - name: "restorecon the {{ docker_alt_storage_path }}" + command: "restorecon -r {{ docker_alt_storage_path }}" + + - name: Remove the old docker location + file: + state: absent + path: "{{ docker_default_storage_path }}" + + - name: Setup the link + file: + state: link + src: "{{ docker_alt_storage_path }}" + path: "{{ docker_default_storage_path }}" + + - name: start docker + systemd: + state: started + name: "{{ openshift_docker_service_name }}" diff --git a/roles/container_runtime/tasks/common/syscontainer_packages.yml b/roles/container_runtime/tasks/common/syscontainer_packages.yml new file mode 100644 index 000000000..715ed492d --- /dev/null +++ b/roles/container_runtime/tasks/common/syscontainer_packages.yml @@ -0,0 +1,28 @@ +--- + +- name: Ensure container-selinux is installed + package: + name: container-selinux + state: present + when: not openshift.common.is_atomic | bool + register: result + until: result | success + +# Used to pull and install the system container +- name: Ensure atomic is installed + package: + name: atomic + state: present + when: not openshift.common.is_atomic | bool + register: result + until: result | success + +# At the time of writing the atomic command requires runc for it's own use. This +# task is here in the even that the atomic package ever removes the dependency. +- name: Ensure runc is installed + package: + name: runc + state: present + when: not openshift.common.is_atomic | bool + register: result + until: result | success diff --git a/roles/container_runtime/tasks/udev_workaround.yml b/roles/container_runtime/tasks/common/udev_workaround.yml index 257c3123d..257c3123d 100644 --- a/roles/container_runtime/tasks/udev_workaround.yml +++ b/roles/container_runtime/tasks/common/udev_workaround.yml diff --git a/roles/container_runtime/tasks/docker_sanity.yml b/roles/container_runtime/tasks/docker_sanity.yml new file mode 100644 index 000000000..e62cf5505 --- /dev/null +++ b/roles/container_runtime/tasks/docker_sanity.yml @@ -0,0 +1,27 @@ +--- +# Sanity checks to ensure the role will complete and provide helpful error +# messages for common problems. + +- name: Error out if Docker pre-installed but too old + fail: + msg: "Docker {{ curr_docker_version.stdout }} is installed, but >= 1.9.1 is required." + when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.9.1', '<') and not docker_version is defined + +- name: Error out if requested Docker is too old + fail: + msg: "Docker {{ docker_version }} requested, but >= 1.9.1 is required." + when: docker_version is defined and docker_version | version_compare('1.9.1', '<') + +# If a docker_version was requested, sanity check that we can install or upgrade to it, and +# no downgrade is required. +- name: Fail if Docker version requested but downgrade is required + fail: + msg: "Docker {{ curr_docker_version.stdout }} is installed, but version {{ docker_version }} was requested." + when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and docker_version is defined and curr_docker_version.stdout | version_compare(docker_version, '>') + +# This involves an extremely slow migration process, users should instead run the +# Docker 1.10 upgrade playbook to accomplish this. +- name: Error out if attempting to upgrade Docker across the 1.10 boundary + fail: + msg: "Cannot upgrade Docker to >= 1.10, please upgrade or remove Docker manually, or use the Docker upgrade playbook if OpenShift is already installed." + when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.10', '<') and docker_version is defined and docker_version | version_compare('1.10', '>=') diff --git a/roles/container_runtime/tasks/main.yml b/roles/container_runtime/tasks/main.yml index 6d68082b1..96d8606c6 100644 --- a/roles/container_runtime/tasks/main.yml +++ b/roles/container_runtime/tasks/main.yml @@ -1,85 +1,2 @@ --- -- include_tasks: udev_workaround.yml - when: docker_udev_workaround | default(False) | bool - -- name: Add enterprise registry, if necessary - set_fact: - l2_docker_additional_registries: "{{ l2_docker_additional_registries + [openshift_docker_ent_reg] }}" - when: - - openshift.common.deployment_type == 'openshift-enterprise' - - openshift_docker_ent_reg != '' - - openshift_docker_ent_reg not in l2_docker_additional_registries - - not openshift_use_crio_only | bool - -- name: Use Package Docker if Requested - include_tasks: package_docker.yml - when: - - not openshift_docker_use_system_container - - not openshift_use_crio_only - -- name: Ensure /var/lib/containers exists - file: - path: /var/lib/containers - state: directory - -- name: Fix SELinux Permissions on /var/lib/containers - command: "restorecon -R /var/lib/containers/" - changed_when: false - -- name: Use System Container Docker if Requested - include_tasks: systemcontainer_docker.yml - when: - - openshift_docker_use_system_container - - not openshift_use_crio_only - -- name: Add CRI-O usage Requested - include_tasks: systemcontainer_crio.yml - when: - - openshift_use_crio - - openshift_docker_is_node_or_master | bool - -- name: stat the docker data dir - stat: - path: "{{ docker_default_storage_path }}" - register: dockerstat - -- when: - - openshift_use_crio - - dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool) - block: - - name: stop the current running docker - systemd: - state: stopped - name: "{{ openshift_docker_service_name }}" - - - name: copy "{{ docker_default_storage_path }}" to "{{ docker_alt_storage_path }}" - command: "cp -r {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" - register: results - failed_when: - - results.rc != 0 - - - name: "Set the selinux context on {{ docker_alt_storage_path }}" - command: "semanage fcontext -a -e {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" - register: results - failed_when: - - results.rc == 1 - - "'already exists' not in results.stderr" - - - name: "restorecon the {{ docker_alt_storage_path }}" - command: "restorecon -r {{ docker_alt_storage_path }}" - - - name: Remove the old docker location - file: - state: absent - path: "{{ docker_default_storage_path }}" - - - name: Setup the link - file: - state: link - src: "{{ docker_alt_storage_path }}" - path: "{{ docker_default_storage_path }}" - - - name: start docker - systemd: - state: started - name: "{{ openshift_docker_service_name }}" +# This role is meant to be used with include_role and tasks_from. diff --git a/roles/container_runtime/tasks/package_docker.yml b/roles/container_runtime/tasks/package_docker.yml index 40ab75a25..89899c9cf 100644 --- a/roles/container_runtime/tasks/package_docker.yml +++ b/roles/container_runtime/tasks/package_docker.yml @@ -1,4 +1,6 @@ --- +- include_tasks: common/pre.yml + - name: Get current installed Docker version command: "{{ repoquery_installed }} --qf '%{version}' docker" when: not openshift.common.is_atomic | bool @@ -7,35 +9,16 @@ until: curr_docker_version | succeeded changed_when: false -- name: Error out if Docker pre-installed but too old - fail: - msg: "Docker {{ curr_docker_version.stdout }} is installed, but >= 1.9.1 is required." - when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.9.1', '<') and not docker_version is defined - -- name: Error out if requested Docker is too old - fail: - msg: "Docker {{ docker_version }} requested, but >= 1.9.1 is required." - when: docker_version is defined and docker_version | version_compare('1.9.1', '<') - -# If a docker_version was requested, sanity check that we can install or upgrade to it, and -# no downgrade is required. -- name: Fail if Docker version requested but downgrade is required - fail: - msg: "Docker {{ curr_docker_version.stdout }} is installed, but version {{ docker_version }} was requested." - when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and docker_version is defined and curr_docker_version.stdout | version_compare(docker_version, '>') - -# This involves an extremely slow migration process, users should instead run the -# Docker 1.10 upgrade playbook to accomplish this. -- name: Error out if attempting to upgrade Docker across the 1.10 boundary - fail: - msg: "Cannot upgrade Docker to >= 1.10, please upgrade or remove Docker manually, or use the Docker upgrade playbook if OpenShift is already installed." - when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.10', '<') and docker_version is defined and docker_version | version_compare('1.10', '>=') +# Some basic checks to ensure the role will complete +- include_tasks: docker_sanity.yml # Make sure Docker is installed, but does not update a running version. # Docker upgrades are handled by a separate playbook. # Note: The curr_docker_version.stdout check can be removed when https://github.com/ansible/ansible/issues/33187 gets fixed. - name: Install Docker - package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present + package: + name: "docker{{ '-' + docker_version if docker_version is defined else '' }}" + state: present when: not openshift.common.is_atomic | bool and not curr_docker_version | skipped and not curr_docker_version.stdout != '' register: result until: result | success @@ -161,7 +144,4 @@ - set_fact: docker_service_status_changed: "{{ (r_docker_package_docker_start_result | changed) and (r_docker_already_running_result.stdout != 'ActiveState=active' ) }}" -- meta: flush_handlers - -# This needs to run after docker is restarted to account for proxy settings. -- include_tasks: registry_auth.yml +- include_tasks: common/post.yml diff --git a/roles/container_runtime/tasks/systemcontainer_crio.yml b/roles/container_runtime/tasks/systemcontainer_crio.yml index 8dcfe60ef..61f122f3c 100644 --- a/roles/container_runtime/tasks/systemcontainer_crio.yml +++ b/roles/container_runtime/tasks/systemcontainer_crio.yml @@ -1,39 +1,14 @@ --- # TODO: Much of this file is shared with container engine tasks - -- name: Ensure container-selinux is installed - package: - name: container-selinux - state: present - when: not openshift.common.is_atomic | bool - register: result - until: result | success - - name: Check we are not using node as a Docker container with CRI-O fail: msg='Cannot use CRI-O with node configured as a Docker container' when: - openshift.common.is_containerized | bool - - not openshift.common.is_node_system_container | bool - -# Used to pull and install the system container -- name: Ensure atomic is installed - package: - name: atomic - state: present - when: not openshift.common.is_atomic | bool - register: result - until: result | success - -# At the time of writing the atomic command requires runc for it's own use. This -# task is here in the even that the atomic package ever removes the dependency. -- name: Ensure runc is installed - package: - name: runc - state: present - when: not openshift.common.is_atomic | bool - register: result - until: result | success + - not l_is_node_system_container | bool + +- include_tasks: common/pre.yml +- include_tasks: common/syscontainer_packages.yml - name: Check that overlay is in the kernel shell: lsmod | grep overlay @@ -60,50 +35,11 @@ state: restarted - name: Ensure proxies are in the atomic.conf - include_role: - name: openshift_atomic - tasks_from: proxy - -- block: - - - name: Set CRI-O image defaults - set_fact: - l_crio_image_prepend: "docker.io/gscrivano" - l_crio_image_name: "cri-o-fedora" - l_crio_image_tag: "latest" - - - name: Use Centos based image when distribution is CentOS - set_fact: - l_crio_image_name: "cri-o-centos" - when: ansible_distribution == "CentOS" - - - name: Set CRI-O image tag - set_fact: - l_crio_image_tag: "{{ l_openshift_image_tag }}" - when: - - openshift_deployment_type == 'openshift-enterprise' - - - name: Use RHEL based image when distribution is Red Hat - set_fact: - l_crio_image_prepend: "registry.access.redhat.com/openshift3" - l_crio_image_name: "cri-o" - when: ansible_distribution == "RedHat" - - - name: Set the full image name - set_fact: - l_crio_image: "{{ l_crio_image_prepend }}/{{ l_crio_image_name }}:{{ l_crio_image_tag }}" - - # For https://github.com/openshift/aos-cd-jobs/pull/624#pullrequestreview-61816548 - - name: Use a specific image if requested - set_fact: - l_crio_image: "{{ openshift_crio_systemcontainer_image_override }}" - when: - - openshift_crio_systemcontainer_image_override is defined - - openshift_crio_systemcontainer_image_override != "" - - # Be nice and let the user see the variable result - - debug: - var: l_crio_image + include_tasks: common/atomic_proxy.yml + +# Be nice and let the user see the variable result +- debug: + var: l_crio_image # NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released - name: Pre-pull CRI-O System Container image @@ -112,7 +48,6 @@ environment: NO_PROXY: "{{ openshift.common.no_proxy | default('') }}" - - name: Install CRI-O System Container oc_atomic_container: name: "cri-o" @@ -139,8 +74,7 @@ state: directory - name: setup firewall for CRI-O - include_tasks: crio_firewall.yml - static: yes + import_tasks: crio_firewall.yml - name: Configure the CNI network template: @@ -155,10 +89,8 @@ daemon_reload: yes register: start_result -- meta: flush_handlers - # If we are using crio only, docker.service might not be available for # 'docker login' -- include_tasks: registry_auth.yml +- include_tasks: common/post.yml vars: openshift_docker_alternative_creds: "{{ openshift_use_crio_only }}" diff --git a/roles/container_runtime/tasks/systemcontainer_docker.yml b/roles/container_runtime/tasks/systemcontainer_docker.yml index 84217e50c..10570fe34 100644 --- a/roles/container_runtime/tasks/systemcontainer_docker.yml +++ b/roles/container_runtime/tasks/systemcontainer_docker.yml @@ -11,32 +11,9 @@ traditional docker package install. Otherwise, comment out openshift_docker_options in your inventory file. -- name: Ensure container-selinux is installed - package: - name: container-selinux - state: present - when: not openshift.common.is_atomic | bool - register: result - until: result | success - -# Used to pull and install the system container -- name: Ensure atomic is installed - package: - name: atomic - state: present - when: not openshift.common.is_atomic | bool - register: result - until: result | success +- include_tasks: common/pre.yml -# At the time of writing the atomic command requires runc for it's own use. This -# task is here in the even that the atomic package ever removes the dependency. -- name: Ensure runc is installed - package: - name: runc - state: present - when: not openshift.common.is_atomic | bool - register: result - until: result | success +- include_tasks: common/syscontainer_packages.yml # Make sure Docker is installed so we are able to use the client - name: Install Docker so we can use the client @@ -59,48 +36,11 @@ delay: 30 - name: Ensure proxies are in the atomic.conf - include_role: - name: openshift_atomic - tasks_from: proxy - -- block: - - - name: Set to default prepend - set_fact: - l_docker_image_prepend: "gscrivano" - l_docker_image_tag: "latest" - - - name: Set container engine image tag - set_fact: - l_docker_image_tag: "{{ l_openshift_image_tag }}" - when: - - openshift_deployment_type == 'openshift-enterprise' - - - name: Use Red Hat Registry for image when distribution is Red Hat - set_fact: - l_docker_image_prepend: "registry.access.redhat.com/openshift3" - when: ansible_distribution == 'RedHat' - - - name: Use Fedora Registry for image when distribution is Fedora - set_fact: - l_docker_image_prepend: "registry.fedoraproject.org/f25" - when: ansible_distribution == 'Fedora' - - - name: Set the full image name - set_fact: - l_docker_image: "{{ l_docker_image_prepend }}/{{ openshift_docker_service_name }}:{{ l_docker_image_tag }}" - - # For https://github.com/openshift/openshift-ansible/pull/5354#issuecomment-328552959 - - name: Use a specific image if requested - set_fact: - l_docker_image: "{{ openshift_docker_systemcontainer_image_override }}" - when: - - openshift_docker_systemcontainer_image_override is defined - - openshift_docker_systemcontainer_image_override != "" - - # Be nice and let the user see the variable result - - debug: - var: l_docker_image + include_tasks: common/atomic_proxy.yml + +# Be nice and let the user see the variable result +- debug: + var: l_docker_image # NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released - name: Pre-pull Container Engine System Container image @@ -154,10 +94,8 @@ - set_fact: docker_service_status_changed: "{{ r_docker_systemcontainer_docker_start_result | changed }}" -- meta: flush_handlers - # Since docker is running as a system container, docker login will fail to create # credentials. Use alternate method if requiring authenticated registries. -- include_tasks: registry_auth.yml +- include_tasks: common/post.yml vars: openshift_docker_alternative_creds: True diff --git a/roles/container_runtime/templates/daemon.json b/roles/container_runtime/templates/daemon.json index 383963bd3..1a72d812a 100644 --- a/roles/container_runtime/templates/daemon.json +++ b/roles/container_runtime/templates/daemon.json @@ -5,10 +5,10 @@ "disable-legacy-registry": false, "exec-opts": ["native.cgroupdriver=systemd"], "insecure-registries": {{ l_docker_insecure_registries }}, -{% if openshift_docker_log_driver is defined %} +{% if openshift_docker_log_driver %} "log-driver": "{{ openshift_docker_log_driver }}", {%- endif %} - "log-opts": {{ l_docker_log_options }}, + "log-opts": {{ l_docker_log_options_dict }}, "runtimes": { "oci": { "path": "/usr/libexec/docker/docker-runc-current" diff --git a/roles/etcd/tasks/migration/add_ttls.yml b/roles/etcd/tasks/migration/add_ttls.yml index 4bdc6bcc3..a4b0ff31d 100644 --- a/roles/etcd/tasks/migration/add_ttls.yml +++ b/roles/etcd/tasks/migration/add_ttls.yml @@ -11,7 +11,7 @@ - name: Re-introduce leases (as a replacement for key TTLs) command: > - oadm migrate etcd-ttl \ + {{ openshift.common.client_binary }} adm migrate etcd-ttl \ --cert {{ r_etcd_common_master_peer_cert_file }} \ --key {{ r_etcd_common_master_peer_key_file }} \ --cacert {{ r_etcd_common_master_peer_ca_file }} \ diff --git a/roles/etcd/tasks/system_container.yml b/roles/etcd/tasks/system_container.yml index 82ac4fc84..ca8b6a707 100644 --- a/roles/etcd/tasks/system_container.yml +++ b/roles/etcd/tasks/system_container.yml @@ -1,9 +1,4 @@ --- -- name: Ensure proxies are in the atomic.conf - include_role: - name: openshift_atomic - tasks_from: proxy - - name: Pull etcd system container command: atomic pull --storage=ostree {{ etcd_image }} register: pull_result diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml index 80e4d391d..705d39f9a 100644 --- a/roles/flannel/handlers/main.yml +++ b/roles/flannel/handlers/main.yml @@ -15,7 +15,7 @@ - name: restart node systemd: - name: "{{ openshift.common.service_type }}-node" + name: "{{ openshift_service_type }}-node" state: restarted register: l_restart_node_result until: not l_restart_node_result | failed diff --git a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py index 3cb1fa8d0..83ca83350 100644 --- a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py +++ b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py @@ -86,7 +86,7 @@ class CallbackModule(CallbackBase): }, 'installer_phase_logging': { 'title': 'Logging Install', - 'playbook': 'playbooks/byo/openshift-cluster/openshift-logging.yml' + 'playbook': 'playbooks/openshift-logging/config.yml' }, 'installer_phase_prometheus': { 'title': 'Prometheus Install', diff --git a/roles/kuryr/tasks/node.yaml b/roles/kuryr/tasks/node.yaml index ffe814713..08f2d5adc 100644 --- a/roles/kuryr/tasks/node.yaml +++ b/roles/kuryr/tasks/node.yaml @@ -36,7 +36,7 @@ - name: Configure OpenShift node with disabled service proxy lineinfile: - dest: "/etc/sysconfig/{{ openshift.common.service_type }}-node" + dest: "/etc/sysconfig/{{ openshift_service_type }}-node" regexp: '^OPTIONS="?(.*?)"?$' backrefs: yes backup: yes @@ -44,5 +44,5 @@ - name: force node restart to disable the proxy service: - name: "{{ openshift.common.service_type }}-node" + name: "{{ openshift_service_type }}-node" state: restarted diff --git a/roles/kuryr/templates/configmap.yaml.j2 b/roles/kuryr/templates/configmap.yaml.j2 index 6bf6c1db2..96c215f00 100644 --- a/roles/kuryr/templates/configmap.yaml.j2 +++ b/roles/kuryr/templates/configmap.yaml.j2 @@ -229,6 +229,7 @@ data: # TODO (apuimedo): Remove the duplicated line just after this one once the # RDO packaging contains the upstream patch worker_nodes_subnet = {{ kuryr_openstack_worker_nodes_subnet_id }} + external_svc_subnet = {{ kuryr_openstack_external_svc_subnet_id }} [pod_vif_nested] worker_nodes_subnet = {{ kuryr_openstack_worker_nodes_subnet_id }} diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml index 410b739e9..7b55dda56 100644 --- a/roles/nuage_master/handlers/main.yaml +++ b/roles/nuage_master/handlers/main.yaml @@ -1,21 +1,19 @@ --- - name: restart master api - systemd: name={{ openshift.common.service_type }}-master-api state=restarted + systemd: name={{ openshift_service_type }}-master-api state=restarted when: > (openshift_master_ha | bool) and - (not master_api_service_status_changed | default(false)) and - openshift.master.cluster_method == 'native' + (not master_api_service_status_changed | default(false)) # TODO: need to fix up ignore_errors here # We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + command: "systemctl restart {{ openshift_service_type }}-master-controllers" retries: 3 delay: 5 register: result until: result.rc == 0 when: > (openshift_master_ha | bool) and - (not master_controllers_service_status_changed | default(false)) and - openshift.master.cluster_method == 'native' + (not master_controllers_service_status_changed | default(false)) ignore_errors: yes diff --git a/roles/nuage_node/handlers/main.yaml b/roles/nuage_node/handlers/main.yaml index e68ae74bd..ede6f2125 100644 --- a/roles/nuage_node/handlers/main.yaml +++ b/roles/nuage_node/handlers/main.yaml @@ -1,7 +1,7 @@ --- - name: restart node become: yes - systemd: name={{ openshift.common.service_type }}-node daemon-reload=yes state=restarted + systemd: name={{ openshift_service_type }}-node daemon-reload=yes state=restarted - name: save iptable rules become: yes diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml index fdf01b7c2..88d62de49 100644 --- a/roles/nuage_node/vars/main.yaml +++ b/roles/nuage_node/vars/main.yaml @@ -23,5 +23,5 @@ cni_conf_dir: "/etc/cni/net.d/" cni_bin_dir: "/opt/cni/bin/" nuage_plugin_crt_dir: /usr/share/vsp-openshift -openshift_atomic_node_config_file: /etc/sysconfig/{{ openshift.common.service_type }}-node +openshift_atomic_node_config_file: /etc/sysconfig/{{ openshift_service_type }}-node nuage_atomic_docker_additional_mounts: "NUAGE_ADDTL_BIND_MOUNTS=-v /var/usr/share/vsp-openshift:/var/usr/share/vsp-openshift -v /etc/default:/etc/default -v /var/run:/var/run -v /opt/cni/bin:/opt/cni/bin -v /etc/cni/net.d:/etc/cni/net.d" diff --git a/roles/openshift_atomic/README.md b/roles/openshift_atomic/README.md deleted file mode 100644 index 8c10c9991..000000000 --- a/roles/openshift_atomic/README.md +++ /dev/null @@ -1,28 +0,0 @@ -OpenShift Atomic -================ - -This role houses atomic specific tasks. - -Requirements ------------- - -Role Variables --------------- - -Dependencies ------------- - -Example Playbook ----------------- - -``` -- name: Ensure atomic proxies are defined - hosts: localhost - roles: - - role: openshift_atomic -``` - -License -------- - -Apache License Version 2.0 diff --git a/roles/openshift_atomic/meta/main.yml b/roles/openshift_atomic/meta/main.yml deleted file mode 100644 index ea129f514..000000000 --- a/roles/openshift_atomic/meta/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -galaxy_info: - author: OpenShift - description: Atomic related tasks - company: Red Hat, Inc - license: ASL 2.0 - min_ansible_version: 2.2 - platforms: - - name: EL - versions: - - 7 -dependencies: -- role: lib_openshift diff --git a/roles/openshift_aws/tasks/build_node_group.yml b/roles/openshift_aws/tasks/build_node_group.yml index 7e8e9b679..2c1e88cfb 100644 --- a/roles/openshift_aws/tasks/build_node_group.yml +++ b/roles/openshift_aws/tasks/build_node_group.yml @@ -28,10 +28,10 @@ l_epoch_time: "{{ ansible_date_time.epoch }}" - when: openshift_aws_create_iam_role - include: iam_role.yml + include_tasks: iam_role.yml - when: openshift_aws_create_launch_config - include: launch_config.yml + include_tasks: launch_config.yml - when: openshift_aws_create_scale_group - include: scale_group.yml + include_tasks: scale_group.yml diff --git a/roles/openshift_aws/tasks/launch_config.yml b/roles/openshift_aws/tasks/launch_config.yml index 0dbeba5a0..fed80b7eb 100644 --- a/roles/openshift_aws/tasks/launch_config.yml +++ b/roles/openshift_aws/tasks/launch_config.yml @@ -9,7 +9,7 @@ when: - openshift_deployment_type is undefined -- include: launch_config_create.yml +- include_tasks: launch_config_create.yml with_dict: "{{ l_nodes_to_build }}" loop_control: loop_var: launch_config_item diff --git a/roles/openshift_aws/tasks/provision.yml b/roles/openshift_aws/tasks/provision.yml index 91538ed5c..06f649343 100644 --- a/roles/openshift_aws/tasks/provision.yml +++ b/roles/openshift_aws/tasks/provision.yml @@ -1,16 +1,16 @@ --- - when: openshift_aws_create_iam_cert | bool name: create the iam_cert for elb certificate - include: iam_cert.yml + include_tasks: iam_cert.yml - when: openshift_aws_create_s3 | bool name: create s3 bucket for registry - include: s3.yml + include_tasks: s3.yml -- include: vpc_and_subnet_id.yml +- include_tasks: vpc_and_subnet_id.yml - name: create elbs - include: elb.yml + include_tasks: elb.yml with_dict: "{{ openshift_aws_elb_dict }}" vars: l_elb_security_groups: "{{ openshift_aws_elb_security_groups }}" @@ -19,7 +19,7 @@ loop_var: l_elb_dict_item - name: include scale group creation for master - include: build_node_group.yml + include_tasks: build_node_group.yml vars: l_nodes_to_build: "{{ openshift_aws_master_group_config }}" l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" diff --git a/roles/openshift_aws/tasks/provision_instance.yml b/roles/openshift_aws/tasks/provision_instance.yml index 3349acb7a..8cc75cd0c 100644 --- a/roles/openshift_aws/tasks/provision_instance.yml +++ b/roles/openshift_aws/tasks/provision_instance.yml @@ -3,7 +3,7 @@ set_fact: openshift_node_bootstrap: True -- include: vpc_and_subnet_id.yml +- include_tasks: vpc_and_subnet_id.yml - name: create instance for ami creation ec2: diff --git a/roles/openshift_aws/tasks/provision_nodes.yml b/roles/openshift_aws/tasks/provision_nodes.yml index 3e84666a2..041ed0791 100644 --- a/roles/openshift_aws/tasks/provision_nodes.yml +++ b/roles/openshift_aws/tasks/provision_nodes.yml @@ -27,17 +27,17 @@ set_fact: openshift_aws_launch_config_bootstrap_token: "{{ bootstrap['content'] | b64decode }}" -- include: vpc_and_subnet_id.yml +- include_tasks: vpc_and_subnet_id.yml - name: include build compute and infra node groups - include: build_node_group.yml + include_tasks: build_node_group.yml vars: l_nodes_to_build: "{{ openshift_aws_node_group_config }}" l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" l_aws_ami_map: "{{ openshift_aws_ami_map }}" - name: include build node group for extra nodes - include: build_node_group.yml + include_tasks: build_node_group.yml when: openshift_aws_node_group_config_extra is defined vars: l_nodes_to_build: "{{ openshift_aws_node_group_config_extra | default({}) }}" @@ -47,4 +47,4 @@ # instances aren't scaling fast enough here, we need to wait for them - when: openshift_aws_wait_for_ssh | bool name: wait for our new nodes to come up - include: wait_for_groups.yml + include_tasks: wait_for_groups.yml diff --git a/roles/openshift_aws/tasks/seal_ami.yml b/roles/openshift_aws/tasks/seal_ami.yml index 0cb749dcc..7a3d0fb68 100644 --- a/roles/openshift_aws/tasks/seal_ami.yml +++ b/roles/openshift_aws/tasks/seal_ami.yml @@ -31,7 +31,7 @@ source-ami: "{{ amioutput.image_id }}" - name: copy the ami for encrypted disks - include: ami_copy.yml + include_tasks: ami_copy.yml vars: openshift_aws_ami_copy_name: "{{ openshift_aws_ami_name }}-encrypted" openshift_aws_ami_copy_src_ami: "{{ amioutput.image_id }}" diff --git a/roles/openshift_aws/tasks/security_group.yml b/roles/openshift_aws/tasks/security_group.yml index 5cc7ae537..43834079e 100644 --- a/roles/openshift_aws/tasks/security_group.yml +++ b/roles/openshift_aws/tasks/security_group.yml @@ -6,11 +6,11 @@ "tag:Name": "{{ openshift_aws_clusterid }}" register: vpcout -- include: security_group_create.yml +- include_tasks: security_group_create.yml vars: l_security_groups: "{{ openshift_aws_node_security_groups }}" -- include: security_group_create.yml +- include_tasks: security_group_create.yml when: openshift_aws_node_security_groups_extra is defined vars: l_security_groups: "{{ openshift_aws_node_security_groups_extra | default({}) }}" diff --git a/roles/openshift_aws/tasks/upgrade_node_group.yml b/roles/openshift_aws/tasks/upgrade_node_group.yml index d7851d887..c3f86f523 100644 --- a/roles/openshift_aws/tasks/upgrade_node_group.yml +++ b/roles/openshift_aws/tasks/upgrade_node_group.yml @@ -4,13 +4,13 @@ when: - openshift_aws_current_version == openshift_aws_new_version -- include: provision_nodes.yml +- include_tasks: provision_nodes.yml -- include: accept_nodes.yml +- include_tasks: accept_nodes.yml -- include: setup_scale_group_facts.yml +- include_tasks: setup_scale_group_facts.yml -- include: setup_master_group.yml +- include_tasks: setup_master_group.yml vars: # we do not set etcd here as its limited to 1 or 3 openshift_aws_masters_groups: masters,nodes diff --git a/roles/openshift_builddefaults/tasks/main.yml b/roles/openshift_builddefaults/tasks/main.yml index e0b51eee0..612b6522d 100644 --- a/roles/openshift_builddefaults/tasks/main.yml +++ b/roles/openshift_builddefaults/tasks/main.yml @@ -4,11 +4,6 @@ role: builddefaults # TODO: add ability to define builddefaults env vars sort of like this # may need to move the config generation to a filter however. - # openshift_env: "{{ hostvars - # | oo_merge_hostvars(vars, inventory_hostname) - # | oo_openshift_env }}" - # openshift_env_structures: - # - 'openshift.builddefaults.env.*' local_facts: http_proxy: "{{ openshift_builddefaults_http_proxy | default(None) }}" https_proxy: "{{ openshift_builddefaults_https_proxy | default(None) }}" diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 05e0a1352..eb00f13db 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -9,7 +9,7 @@ - name: Install the base package for admin tooling package: - name: "{{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift_service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" state: present when: not openshift.common.is_containerized | bool register: install_result diff --git a/roles/openshift_cli/library/openshift_container_binary_sync.py b/roles/openshift_cli/library/openshift_container_binary_sync.py index 08045794a..440b8ec28 100644 --- a/roles/openshift_cli/library/openshift_container_binary_sync.py +++ b/roles/openshift_cli/library/openshift_container_binary_sync.py @@ -27,7 +27,7 @@ class BinarySyncError(Exception): # pylint: disable=too-few-public-methods,too-many-instance-attributes class BinarySyncer(object): """ - Syncs the openshift, oc, oadm, and kubectl binaries/symlinks out of + Syncs the openshift, oc, and kubectl binaries/symlinks out of a container onto the host system. """ @@ -108,7 +108,10 @@ class BinarySyncer(object): # Ensure correct symlinks created: self._sync_symlink('kubectl', 'openshift') - self._sync_symlink('oadm', 'openshift') + + # Remove old oadm binary + if os.path.exists(os.path.join(self.bin_dir, 'oadm')): + os.remove(os.path.join(self.bin_dir, 'oadm')) def _sync_symlink(self, binary_name, link_to): """ Ensure the given binary name exists and links to the expected binary. """ diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 140c6ea26..a90143aa3 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install clients - package: name={{ openshift.common.service_type }}-clients state=present + package: name={{ openshift_service_type }}-clients state=present when: not openshift.common.is_containerized | bool register: result until: result | success diff --git a/roles/openshift_cluster_autoscaler/tasks/main.yml b/roles/openshift_cluster_autoscaler/tasks/main.yml index 173dcf044..ca7dfb885 100644 --- a/roles/openshift_cluster_autoscaler/tasks/main.yml +++ b/roles/openshift_cluster_autoscaler/tasks/main.yml @@ -31,7 +31,7 @@ type: role name: "{{ openshift_cluster_autoscaler_name }}" -- include: aws.yml +- include_tasks: aws.yml when: openshift_cluster_autoscaler_cloud_provider == 'aws' - name: create the policies diff --git a/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 b/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 index 53e8b448b..3d51abc52 100644 --- a/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 +++ b/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 @@ -5,7 +5,7 @@ items: kind: ServiceAccount metadata: name: dockergc - # You must grant privileged via: oadm policy add-scc-to-user -z dockergc privileged + # You must grant privileged via: oc adm policy add-scc-to-user -z dockergc privileged # in order for the dockergc to access the docker socket and root directory - apiVersion: extensions/v1beta1 kind: DaemonSet diff --git a/roles/openshift_excluder/README.md b/roles/openshift_excluder/README.md index 80cb88d45..7b43d5adf 100644 --- a/roles/openshift_excluder/README.md +++ b/roles/openshift_excluder/README.md @@ -28,7 +28,7 @@ Role Variables | r_openshift_excluder_verify_upgrade | false | true, false | When upgrading, this variable should be set to true when calling the role | | r_openshift_excluder_package_state | present | present, latest | Use 'latest' to upgrade openshift_excluder package | | r_openshift_excluder_docker_package_state | present | present, latest | Use 'latest' to upgrade docker_excluder package | -| r_openshift_excluder_service_type | None | | (Required) Defined as openshift.common.service_type e.g. atomic-openshift | +| r_openshift_excluder_service_type | None | | (Required) Defined as openshift_service_type e.g. atomic-openshift | | r_openshift_excluder_upgrade_target | None | | Required when r_openshift_excluder_verify_upgrade is true, defined as openshift_upgrade_target by Upgrade playbooks e.g. '3.6'| Dependencies @@ -46,15 +46,12 @@ Example Playbook # Disable all excluders - role: openshift_excluder r_openshift_excluder_action: disable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" # Enable all excluders - role: openshift_excluder r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" # Disable all excluders and verify appropriate excluder packages are available for upgrade - role: openshift_excluder r_openshift_excluder_action: disable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" r_openshift_excluder_verify_upgrade: true r_openshift_excluder_upgrade_target: "{{ openshift_upgrade_target }}" r_openshift_excluder_package_state: latest diff --git a/roles/openshift_excluder/defaults/main.yml b/roles/openshift_excluder/defaults/main.yml index d4f151142..3a910e490 100644 --- a/roles/openshift_excluder/defaults/main.yml +++ b/roles/openshift_excluder/defaults/main.yml @@ -2,7 +2,7 @@ # keep the 'current' package or update to 'latest' if available? r_openshift_excluder_package_state: present r_openshift_excluder_docker_package_state: present - +r_openshift_excluder_service_type: "{{ openshift_service_type }}" # Legacy variables are included for backwards compatibility with v3.5 # Inventory variables Legacy # openshift_enable_excluders enable_excluders diff --git a/roles/openshift_excluder/meta/main.yml b/roles/openshift_excluder/meta/main.yml index 871081c19..a9653edda 100644 --- a/roles/openshift_excluder/meta/main.yml +++ b/roles/openshift_excluder/meta/main.yml @@ -12,4 +12,5 @@ galaxy_info: categories: - cloud dependencies: +- role: openshift_facts - role: lib_utils diff --git a/roles/openshift_excluder/tasks/main.yml b/roles/openshift_excluder/tasks/main.yml index 93d6ef149..f0e87ba25 100644 --- a/roles/openshift_excluder/tasks/main.yml +++ b/roles/openshift_excluder/tasks/main.yml @@ -19,11 +19,6 @@ msg: "openshift_excluder role can only be called with 'enable' or 'disable'" when: r_openshift_excluder_action not in ['enable', 'disable'] - - name: Fail if r_openshift_excluder_service_type is not defined - fail: - msg: "r_openshift_excluder_service_type must be specified for this role" - when: r_openshift_excluder_service_type is not defined - - name: Fail if r_openshift_excluder_upgrade_target is not defined fail: msg: "r_openshift_excluder_upgrade_target must be provided when using this role for upgrades" diff --git a/roles/openshift_facts/defaults/main.yml b/roles/openshift_facts/defaults/main.yml index 7064d727a..53a3bc87e 100644 --- a/roles/openshift_facts/defaults/main.yml +++ b/roles/openshift_facts/defaults/main.yml @@ -3,4 +3,104 @@ openshift_cli_image_dict: origin: 'openshift/origin' openshift-enterprise: 'openshift3/ose' +openshift_hosted_images_dict: + origin: 'openshift/origin-${component}:${version}' + openshift-enterprise: 'openshift3/ose-${component}:${version}' + openshift_cli_image: "{{ osm_image | default(openshift_cli_image_dict[openshift_deployment_type]) }}" + +# osm_default_subdomain is an old migrated fact, can probably be removed. +osm_default_subdomain: "router.default.svc.cluster.local" +openshift_master_default_subdomain: "{{ osm_default_subdomain }}" + +openshift_hosted_etcd_storage_nfs_directory: '/exports' +openshift_hosted_etcd_storage_nfs_options: '*(rw,root_squash)' +openshift_hosted_etcd_storage_volume_name: 'etcd' +openshift_hosted_etcd_storage_volume_size: '1Gi' +openshift_hosted_etcd_storage_create_pv: True +openshift_hosted_etcd_storage_create_pvc: False +openshift_hosted_etcd_storage_access_modes: + - 'ReadWriteOnce' + +openshift_hosted_registry_namespace: 'default' +openshift_hosted_registry_storage_volume_name: 'registry' +openshift_hosted_registry_storage_volume_size: '5Gi' +openshift_hosted_registry_storage_create_pv: True +openshift_hosted_registry_storage_create_pvc: True +openshift_hosted_registry_storage_nfs_directory: '/exports' +openshift_hosted_registry_storage_nfs_options: '*(rw,root_squash)' +openshift_hosted_registry_storage_glusterfs_endpoints: 'glusterfs-registry-endpoints' +openshift_hosted_registry_storage_glusterfs_path: glusterfs-registry-volume +openshift_hosted_registry_storage_glusterfs_readOnly: False +openshift_hosted_registry_storage_glusterfs_swap: False +openshift_hosted_registry_storage_glusterfs_swapcopy: True +openshift_hosted_registry_storage_glusterfs_ips: [] +openshift_hosted_registry_storage_access_modes: + - 'ReadWriteMany' + +openshift_logging_storage_nfs_directory: '/exports' +openshift_logging_storage_nfs_options: '*(rw,root_squash)' +openshift_logging_storage_volume_name: 'logging-es' +openshift_logging_storage_create_pv: True +openshift_logging_storage_create_pvc: False +openshift_logging_storage_access_modes: + - ['ReadWriteOnce'] + +openshift_loggingops_storage_volume_name: 'logging-es-ops' +openshift_loggingops_storage_volume_size: '10Gi' +openshift_loggingops_storage_create_pv: True +openshift_loggingops_storage_create_pvc: False +openshift_loggingops_storage_nfs_directory: '/exports' +openshift_loggingops_storage_nfs_options: '*(rw,root_squash)' +openshift_loggingops_storage_access_modes: + - 'ReadWriteOnce' + +openshift_metrics_deploy: False +openshift_metrics_duration: 7 +openshift_metrics_resolution: '10s' +openshift_metrics_storage_volume_name: 'metrics' +openshift_metrics_storage_volume_size: '10Gi' +openshift_metrics_storage_create_pv: True +openshift_metrics_storage_create_pvc: False +openshift_metrics_storage_nfs_directory: '/exports' +openshift_metrics_storage_nfs_options: '*(rw,root_squash)' +openshift_metrics_storage_access_modes: + - 'ReadWriteOnce' + +openshift_prometheus_storage_volume_name: 'prometheus' +openshift_prometheus_storage_volume_size: '10Gi' +openshift_prometheus_storage_nfs_directory: '/exports' +openshift_prometheus_storage_nfs_options: '*(rw,root_squash)' +openshift_prometheus_storage_access_modes: + - 'ReadWriteOnce' +openshift_prometheus_storage_create_pv: True +openshift_prometheus_storage_create_pvc: False + +openshift_prometheus_alertmanager_storage_volume_name: 'prometheus-alertmanager' +openshift_prometheus_alertmanager_storage_volume_size: '10Gi' +openshift_prometheus_alertmanager_storage_nfs_directory: '/exports' +openshift_prometheus_alertmanager_storage_nfs_options: '*(rw,root_squash)' +openshift_prometheus_alertmanager_storage_access_modes: + - 'ReadWriteOnce' +openshift_prometheus_alertmanager_storage_create_pv: True +openshift_prometheus_alertmanager_storage_create_pvc: False + +openshift_prometheus_alertbuffer_storage_volume_name: 'prometheus-alertbuffer' +openshift_prometheus_alertbuffer_storage_volume_size: '10Gi' +openshift_prometheus_alertbuffer_storage_nfs_directory: '/exports' +openshift_prometheus_alertbuffer_storage_nfs_options: '*(rw,root_squash)' +openshift_prometheus_alertbuffer_storage_access_modes: + - 'ReadWriteOnce' +openshift_prometheus_alertbuffer_storage_create_pv: True +openshift_prometheus_alertbuffer_storage_create_pvc: False + + +openshift_router_selector: "region=infra" +openshift_hosted_router_selector: "{{ openshift_router_selector }}" +openshift_hosted_registry_selector: "{{ openshift_router_selector }}" + +openshift_service_type_dict: + origin: origin + openshift-enterprise: atomic-openshift + +openshift_service_type: "{{ openshift_service_type_dict[openshift_deployment_type] }}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 508228b2e..520c00340 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -11,14 +11,13 @@ import copy import errno import json import re -import io import os import yaml import struct import socket from distutils.util import strtobool from distutils.version import LooseVersion -from ansible.module_utils.six import string_types, text_type +from ansible.module_utils.six import string_types from ansible.module_utils.six.moves import configparser # ignore pylint errors related to the module_utils import @@ -86,24 +85,6 @@ def migrate_node_facts(facts): return facts -def migrate_hosted_facts(facts): - """ Apply migrations for master facts """ - if 'master' in facts: - if 'router_selector' in facts['master']: - if 'hosted' not in facts: - facts['hosted'] = {} - if 'router' not in facts['hosted']: - facts['hosted']['router'] = {} - facts['hosted']['router']['selector'] = facts['master'].pop('router_selector') - if 'registry_selector' in facts['master']: - if 'hosted' not in facts: - facts['hosted'] = {} - if 'registry' not in facts['hosted']: - facts['hosted']['registry'] = {} - facts['hosted']['registry']['selector'] = facts['master'].pop('registry_selector') - return facts - - def migrate_admission_plugin_facts(facts): """ Apply migrations for admission plugin facts """ if 'master' in facts: @@ -113,8 +94,7 @@ def migrate_admission_plugin_facts(facts): # Merge existing kube_admission_plugin_config with admission_plugin_config. facts['master']['admission_plugin_config'] = merge_facts(facts['master']['admission_plugin_config'], facts['master']['kube_admission_plugin_config'], - additive_facts_to_overwrite=[], - protected_facts_to_overwrite=[]) + additive_facts_to_overwrite=[]) # Remove kube_admission_plugin_config fact facts['master'].pop('kube_admission_plugin_config', None) return facts @@ -125,7 +105,6 @@ def migrate_local_facts(facts): migrated_facts = copy.deepcopy(facts) migrated_facts = migrate_common_facts(migrated_facts) migrated_facts = migrate_node_facts(migrated_facts) - migrated_facts = migrate_hosted_facts(migrated_facts) migrated_facts = migrate_admission_plugin_facts(migrated_facts) return migrated_facts @@ -412,58 +391,6 @@ def normalize_provider_facts(provider, metadata): return facts -# pylint: disable=too-many-branches -def set_selectors(facts): - """ Set selectors facts if not already present in facts dict - Args: - facts (dict): existing facts - Returns: - dict: the facts dict updated with the generated selectors - facts if they were not already present - - """ - selector = "region=infra" - - if 'hosted' not in facts: - facts['hosted'] = {} - if 'router' not in facts['hosted']: - facts['hosted']['router'] = {} - if 'selector' not in facts['hosted']['router'] or facts['hosted']['router']['selector'] in [None, 'None']: - facts['hosted']['router']['selector'] = selector - if 'registry' not in facts['hosted']: - facts['hosted']['registry'] = {} - if 'selector' not in facts['hosted']['registry'] or facts['hosted']['registry']['selector'] in [None, 'None']: - facts['hosted']['registry']['selector'] = selector - if 'metrics' not in facts['hosted']: - facts['hosted']['metrics'] = {} - if 'selector' not in facts['hosted']['metrics'] or facts['hosted']['metrics']['selector'] in [None, 'None']: - facts['hosted']['metrics']['selector'] = None - if 'logging' not in facts or not isinstance(facts['logging'], dict): - facts['logging'] = {} - if 'selector' not in facts['logging'] or facts['logging']['selector'] in [None, 'None']: - facts['logging']['selector'] = None - if 'etcd' not in facts['hosted']: - facts['hosted']['etcd'] = {} - if 'selector' not in facts['hosted']['etcd'] or facts['hosted']['etcd']['selector'] in [None, 'None']: - facts['hosted']['etcd']['selector'] = None - if 'prometheus' not in facts: - facts['prometheus'] = {} - if 'selector' not in facts['prometheus'] or facts['prometheus']['selector'] in [None, 'None']: - facts['prometheus']['selector'] = None - if 'alertmanager' not in facts['prometheus']: - facts['prometheus']['alertmanager'] = {} - # pylint: disable=line-too-long - if 'selector' not in facts['prometheus']['alertmanager'] or facts['prometheus']['alertmanager']['selector'] in [None, 'None']: - facts['prometheus']['alertmanager']['selector'] = None - if 'alertbuffer' not in facts['prometheus']: - facts['prometheus']['alertbuffer'] = {} - # pylint: disable=line-too-long - if 'selector' not in facts['prometheus']['alertbuffer'] or facts['prometheus']['alertbuffer']['selector'] in [None, 'None']: - facts['prometheus']['alertbuffer']['selector'] = None - - return facts - - def set_identity_providers_if_unset(facts): """ Set identity_providers fact if not already present in facts dict @@ -608,63 +535,9 @@ def set_aggregate_facts(facts): return facts -def set_etcd_facts_if_unset(facts): - """ - If using embedded etcd, loads the data directory from master-config.yaml. - - If using standalone etcd, loads ETCD_DATA_DIR from etcd.conf. - - If anything goes wrong parsing these, the fact will not be set. - """ - if 'master' in facts and safe_get_bool(facts['master']['embedded_etcd']): - etcd_facts = facts['etcd'] if 'etcd' in facts else dict() - - if 'etcd_data_dir' not in etcd_facts: - try: - # Parse master config to find actual etcd data dir: - master_cfg_path = os.path.join(facts['common']['config_base'], - 'master/master-config.yaml') - master_cfg_f = open(master_cfg_path, 'r') - config = yaml.safe_load(master_cfg_f.read()) - master_cfg_f.close() - - etcd_facts['etcd_data_dir'] = \ - config['etcdConfig']['storageDirectory'] - - facts['etcd'] = etcd_facts - - # We don't want exceptions bubbling up here: - # pylint: disable=broad-except - except Exception: - pass - else: - etcd_facts = facts['etcd'] if 'etcd' in facts else dict() - - # Read ETCD_DATA_DIR from /etc/etcd/etcd.conf: - try: - # Add a fake section for parsing: - ini_str = text_type('[root]\n' + open('/etc/etcd/etcd.conf', 'r').read(), 'utf-8') - ini_fp = io.StringIO(ini_str) - config = configparser.RawConfigParser() - config.readfp(ini_fp) - etcd_data_dir = config.get('root', 'ETCD_DATA_DIR') - if etcd_data_dir.startswith('"') and etcd_data_dir.endswith('"'): - etcd_data_dir = etcd_data_dir[1:-1] - - etcd_facts['etcd_data_dir'] = etcd_data_dir - facts['etcd'] = etcd_facts - - # We don't want exceptions bubbling up here: - # pylint: disable=broad-except - except Exception: - pass - - return facts - - def set_deployment_facts_if_unset(facts): """ Set Facts that vary based on deployment_type. This currently - includes common.service_type, master.registry_url, node.registry_url, + includes master.registry_url, node.registry_url, node.storage_plugin_deps Args: @@ -676,14 +549,6 @@ def set_deployment_facts_if_unset(facts): # disabled to avoid breaking up facts related to deployment type into # multiple methods for now. # pylint: disable=too-many-statements, too-many-branches - if 'common' in facts: - deployment_type = facts['common']['deployment_type'] - if 'service_type' not in facts['common']: - service_type = 'atomic-openshift' - if deployment_type == 'origin': - service_type = 'origin' - facts['common']['service_type'] = service_type - for role in ('master', 'node'): if role in facts: deployment_type = facts['common']['deployment_type'] @@ -980,7 +845,7 @@ values provided as a list. Hence the gratuitous use of ['foo'] below. # If we've added items to the kubelet_args dict then we need # to merge the new items back into the main facts object. if kubelet_args != {}: - facts = merge_facts({'node': {'kubelet_args': kubelet_args}}, facts, [], []) + facts = merge_facts({'node': {'kubelet_args': kubelet_args}}, facts, []) return facts @@ -1002,7 +867,7 @@ def build_controller_args(facts): controller_args['cloud-provider'] = ['gce'] controller_args['cloud-config'] = [cloud_cfg_path + '/gce.conf'] if controller_args != {}: - facts = merge_facts({'master': {'controller_args': controller_args}}, facts, [], []) + facts = merge_facts({'master': {'controller_args': controller_args}}, facts, []) return facts @@ -1024,7 +889,7 @@ def build_api_server_args(facts): api_server_args['cloud-provider'] = ['gce'] api_server_args['cloud-config'] = [cloud_cfg_path + '/gce.conf'] if api_server_args != {}: - facts = merge_facts({'master': {'api_server_args': api_server_args}}, facts, [], []) + facts = merge_facts({'master': {'api_server_args': api_server_args}}, facts, []) return facts @@ -1147,8 +1012,13 @@ def get_container_openshift_version(facts): If containerized, see if we can determine the installed version via the systemd environment files. """ + deployment_type = facts['common']['deployment_type'] + service_type_dict = {'origin': 'origin', + 'openshift-enterprise': 'atomic-openshift'} + service_type = service_type_dict[deployment_type] + for filename in ['/etc/sysconfig/%s-master-controllers', '/etc/sysconfig/%s-node']: - env_path = filename % facts['common']['service_type'] + env_path = filename % service_type if not os.path.exists(env_path): continue @@ -1211,7 +1081,7 @@ def apply_provider_facts(facts, provider_facts): # Disabling pylint too many branches. This function needs refactored # but is a very core part of openshift_facts. # pylint: disable=too-many-branches, too-many-nested-blocks -def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overwrite): +def merge_facts(orig, new, additive_facts_to_overwrite): """ Recursively merge facts dicts Args: @@ -1219,14 +1089,11 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw new (dict): facts to update additive_facts_to_overwrite (list): additive facts to overwrite in jinja '.' notation ex: ['master.named_certificates'] - protected_facts_to_overwrite (list): protected facts to overwrite in jinja - '.' notation ex: ['master.master_count'] Returns: dict: the merged facts """ additive_facts = ['named_certificates'] - protected_facts = ['ha'] # Facts we do not ever want to merge. These originate in inventory variables # and contain JSON dicts. We don't ever want to trigger a merge @@ -1258,14 +1125,7 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw if '.' in item and item.startswith(key + '.'): relevant_additive_facts.append(item) - # Collect the subset of protected facts to overwrite - # if key matches. These will be passed to the - # subsequent merge_facts call. - relevant_protected_facts = [] - for item in protected_facts_to_overwrite: - if '.' in item and item.startswith(key + '.'): - relevant_protected_facts.append(item) - facts[key] = merge_facts(value, new[key], relevant_additive_facts, relevant_protected_facts) + facts[key] = merge_facts(value, new[key], relevant_additive_facts) # Key matches an additive fact and we are not overwriting # it so we will append the new value to the existing value. elif key in additive_facts and key not in [x.split('.')[-1] for x in additive_facts_to_overwrite]: @@ -1275,18 +1135,6 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw if item not in new_fact: new_fact.append(item) facts[key] = new_fact - # Key matches a protected fact and we are not overwriting - # it so we will determine if it is okay to change this - # fact. - elif key in protected_facts and key not in [x.split('.')[-1] for x in protected_facts_to_overwrite]: - # ha (bool) can not change unless it has been passed - # as a protected fact to overwrite. - if key == 'ha': - if safe_get_bool(value) != safe_get_bool(new[key]): - # pylint: disable=line-too-long - module.fail_json(msg='openshift_facts received a different value for openshift.master.ha') # noqa: F405 - else: - facts[key] = value # No other condition has been met. Overwrite the old fact # with the new value. else: @@ -1559,7 +1407,6 @@ def set_container_facts_if_unset(facts): facts['node']['ovs_system_image'] = ovs_image if safe_get_bool(facts['common']['is_containerized']): - facts['common']['admin_binary'] = '/usr/local/bin/oadm' facts['common']['client_binary'] = '/usr/local/bin/oc' return facts @@ -1620,8 +1467,6 @@ class OpenShiftFacts(object): local_facts (dict): local facts to set additive_facts_to_overwrite (list): additive facts to overwrite in jinja '.' notation ex: ['master.named_certificates'] - protected_facts_to_overwrite (list): protected facts to overwrite in jinja - '.' notation ex: ['master.master_count'] Raises: OpenShiftFactsUnsupportedRoleError: @@ -1631,21 +1476,13 @@ class OpenShiftFacts(object): 'cloudprovider', 'common', 'etcd', - 'hosted', 'master', - 'node', - 'logging', - 'loggingops', - 'metrics', - 'prometheus'] + 'node'] # Disabling too-many-arguments, this should be cleaned up as a TODO item. # pylint: disable=too-many-arguments,no-value-for-parameter def __init__(self, role, filename, local_facts, - additive_facts_to_overwrite=None, - openshift_env=None, - openshift_env_structures=None, - protected_facts_to_overwrite=None): + additive_facts_to_overwrite=None): self.changed = False self.filename = filename if role not in self.known_roles: @@ -1667,34 +1504,23 @@ class OpenShiftFacts(object): self.system_facts = get_all_facts(module)['ansible_facts'] # noqa: F405 self.facts = self.generate_facts(local_facts, - additive_facts_to_overwrite, - openshift_env, - openshift_env_structures, - protected_facts_to_overwrite) + additive_facts_to_overwrite) def generate_facts(self, local_facts, - additive_facts_to_overwrite, - openshift_env, - openshift_env_structures, - protected_facts_to_overwrite): + additive_facts_to_overwrite): """ Generate facts Args: local_facts (dict): local_facts for overriding generated defaults additive_facts_to_overwrite (list): additive facts to overwrite in jinja '.' notation ex: ['master.named_certificates'] - openshift_env (dict): openshift_env facts for overriding generated defaults - protected_facts_to_overwrite (list): protected facts to overwrite in jinja - '.' notation ex: ['master.master_count'] Returns: dict: The generated facts """ + local_facts = self.init_local_facts(local_facts, - additive_facts_to_overwrite, - openshift_env, - openshift_env_structures, - protected_facts_to_overwrite) + additive_facts_to_overwrite) roles = local_facts.keys() if 'common' in local_facts and 'deployment_type' in local_facts['common']: @@ -1712,12 +1538,10 @@ class OpenShiftFacts(object): facts = apply_provider_facts(defaults, provider_facts) facts = merge_facts(facts, local_facts, - additive_facts_to_overwrite, - protected_facts_to_overwrite) + additive_facts_to_overwrite) facts = migrate_oauth_template_facts(facts) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) - facts = set_selectors(facts) facts = set_identity_providers_if_unset(facts) facts = set_deployment_facts_if_unset(facts) facts = set_sdn_facts_if_unset(facts, self.system_facts) @@ -1727,7 +1551,6 @@ class OpenShiftFacts(object): facts = build_api_server_args(facts) facts = set_version_facts_if_unset(facts) facts = set_aggregate_facts(facts) - facts = set_etcd_facts_if_unset(facts) facts = set_proxy_facts(facts) facts = set_builddefaults_facts(facts) facts = set_buildoverrides_facts(facts) @@ -1760,7 +1583,7 @@ class OpenShiftFacts(object): hostname=hostname, public_hostname=hostname, portal_net='172.30.0.0/16', - client_binary='oc', admin_binary='oadm', + client_binary='oc', dns_domain='cluster.local', config_base='/etc/origin') @@ -1793,178 +1616,6 @@ class OpenShiftFacts(object): if 'cloudprovider' in roles: defaults['cloudprovider'] = dict(kind=None) - if 'hosted' in roles or self.role == 'hosted': - defaults['hosted'] = dict( - etcd=dict( - storage=dict( - kind=None, - volume=dict( - name='etcd', - size='1Gi' - ), - nfs=dict( - directory='/exports', - options='*(rw,root_squash)' - ), - host=None, - access=dict( - modes=['ReadWriteOnce'] - ), - create_pv=True, - create_pvc=False - ) - ), - registry=dict( - storage=dict( - kind=None, - volume=dict( - name='registry', - size='5Gi' - ), - nfs=dict( - directory='/exports', - options='*(rw,root_squash)'), - glusterfs=dict( - endpoints='glusterfs-registry-endpoints', - path='glusterfs-registry-volume', - ips=[], - readOnly=False, - swap=False, - swapcopy=True), - host=None, - access=dict( - modes=['ReadWriteMany'] - ), - create_pv=True, - create_pvc=True - ) - ), - router=dict() - ) - - defaults['logging'] = dict( - storage=dict( - kind=None, - volume=dict( - name='logging-es', - size='10Gi' - ), - nfs=dict( - directory='/exports', - options='*(rw,root_squash)' - ), - host=None, - access=dict( - modes=['ReadWriteOnce'] - ), - create_pv=True, - create_pvc=False - ) - ) - - defaults['loggingops'] = dict( - storage=dict( - kind=None, - volume=dict( - name='logging-es-ops', - size='10Gi' - ), - nfs=dict( - directory='/exports', - options='*(rw,root_squash)' - ), - host=None, - access=dict( - modes=['ReadWriteOnce'] - ), - create_pv=True, - create_pvc=False - ) - ) - - defaults['metrics'] = dict( - deploy=False, - duration=7, - resolution='10s', - storage=dict( - kind=None, - volume=dict( - name='metrics', - size='10Gi' - ), - nfs=dict( - directory='/exports', - options='*(rw,root_squash)' - ), - host=None, - access=dict( - modes=['ReadWriteOnce'] - ), - create_pv=True, - create_pvc=False - ) - ) - - defaults['prometheus'] = dict( - storage=dict( - kind=None, - volume=dict( - name='prometheus', - size='10Gi' - ), - nfs=dict( - directory='/exports', - options='*(rw,root_squash)' - ), - host=None, - access=dict( - modes=['ReadWriteOnce'] - ), - create_pv=True, - create_pvc=False - ) - ) - - defaults['prometheus']['alertmanager'] = dict( - storage=dict( - kind=None, - volume=dict( - name='prometheus-alertmanager', - size='10Gi' - ), - nfs=dict( - directory='/exports', - options='*(rw,root_squash)' - ), - host=None, - access=dict( - modes=['ReadWriteOnce'] - ), - create_pv=True, - create_pvc=False - ) - ) - - defaults['prometheus']['alertbuffer'] = dict( - storage=dict( - kind=None, - volume=dict( - name='prometheus-alertbuffer', - size='10Gi' - ), - nfs=dict( - directory='/exports', - options='*(rw,root_squash)' - ), - host=None, - access=dict( - modes=['ReadWriteOnce'] - ), - create_pv=True, - create_pvc=False - ) - ) - return defaults def guess_host_provider(self): @@ -2037,65 +1688,17 @@ class OpenShiftFacts(object): ) return provider_facts - @staticmethod - def split_openshift_env_fact_keys(openshift_env_fact, openshift_env_structures): - """ Split openshift_env facts based on openshift_env structures. - - Args: - openshift_env_fact (string): the openshift_env fact to split - ex: 'openshift_cloudprovider_openstack_auth_url' - openshift_env_structures (list): a list of structures to determine fact keys - ex: ['openshift.cloudprovider.openstack.*'] - Returns: - list: a list of keys that represent the fact - ex: ['openshift', 'cloudprovider', 'openstack', 'auth_url'] - """ - # By default, we'll split an openshift_env fact by underscores. - fact_keys = openshift_env_fact.split('_') - - # Determine if any of the provided variable structures match the fact. - matching_structure = None - if openshift_env_structures is not None: - for structure in openshift_env_structures: - if re.match(structure, openshift_env_fact): - matching_structure = structure - # Fact didn't match any variable structures so return the default fact keys. - if matching_structure is None: - return fact_keys - - final_keys = [] - structure_keys = matching_structure.split('.') - for structure_key in structure_keys: - # Matched current key. Add to final keys. - if structure_key == fact_keys[structure_keys.index(structure_key)]: - final_keys.append(structure_key) - # Wildcard means we will be taking everything from here to the end of the fact. - elif structure_key == '*': - final_keys.append('_'.join(fact_keys[structure_keys.index(structure_key):])) - # Shouldn't have gotten here, return the fact keys. - else: - return fact_keys - return final_keys - # Disabling too-many-branches and too-many-locals. # This should be cleaned up as a TODO item. # pylint: disable=too-many-branches, too-many-locals def init_local_facts(self, facts=None, - additive_facts_to_overwrite=None, - openshift_env=None, - openshift_env_structures=None, - protected_facts_to_overwrite=None): + additive_facts_to_overwrite=None): """ Initialize the local facts Args: facts (dict): local facts to set additive_facts_to_overwrite (list): additive facts to overwrite in jinja '.' notation ex: ['master.named_certificates'] - openshift_env (dict): openshift env facts to set - protected_facts_to_overwrite (list): protected facts to overwrite in jinja - '.' notation ex: ['master.master_count'] - - Returns: dict: The result of merging the provided facts with existing local facts @@ -2107,45 +1710,13 @@ class OpenShiftFacts(object): if facts is not None: facts_to_set[self.role] = facts - if openshift_env != {} and openshift_env is not None: - for fact, value in iteritems(openshift_env): - oo_env_facts = dict() - current_level = oo_env_facts - keys = self.split_openshift_env_fact_keys(fact, openshift_env_structures)[1:] - - if len(keys) > 0 and keys[0] != self.role: - continue - - # Build a dictionary from the split fact keys. - # After this loop oo_env_facts is the resultant dictionary. - # For example: - # fact = "openshift_metrics_install_metrics" - # value = 'true' - # keys = ['metrics', 'install', 'metrics'] - # result = {'metrics': {'install': {'metrics': 'true'}}} - for i, _ in enumerate(keys): - # This is the last key. Set the value. - if i == (len(keys) - 1): - current_level[keys[i]] = value - # This is a key other than the last key. Set as - # dictionary and continue. - else: - current_level[keys[i]] = dict() - current_level = current_level[keys[i]] - - facts_to_set = merge_facts(orig=facts_to_set, - new=oo_env_facts, - additive_facts_to_overwrite=[], - protected_facts_to_overwrite=[]) - local_facts = get_local_facts_from_file(self.filename) migrated_facts = migrate_local_facts(local_facts) new_local_facts = merge_facts(migrated_facts, facts_to_set, - additive_facts_to_overwrite, - protected_facts_to_overwrite) + additive_facts_to_overwrite) new_local_facts = self.remove_empty_facts(new_local_facts) @@ -2253,9 +1824,6 @@ def main(): choices=OpenShiftFacts.known_roles), local_facts=dict(default=None, type='dict', required=False), additive_facts_to_overwrite=dict(default=[], type='list', required=False), - openshift_env=dict(default={}, type='dict', required=False), - openshift_env_structures=dict(default=[], type='list', required=False), - protected_facts_to_overwrite=dict(default=[], type='list', required=False) ), supports_check_mode=True, add_file_common_args=True, @@ -2271,19 +1839,13 @@ def main(): role = module.params['role'] # noqa: F405 local_facts = module.params['local_facts'] # noqa: F405 additive_facts_to_overwrite = module.params['additive_facts_to_overwrite'] # noqa: F405 - openshift_env = module.params['openshift_env'] # noqa: F405 - openshift_env_structures = module.params['openshift_env_structures'] # noqa: F405 - protected_facts_to_overwrite = module.params['protected_facts_to_overwrite'] # noqa: F405 fact_file = '/etc/ansible/facts.d/openshift.fact' openshift_facts = OpenShiftFacts(role, fact_file, local_facts, - additive_facts_to_overwrite, - openshift_env, - openshift_env_structures, - protected_facts_to_overwrite) + additive_facts_to_overwrite) file_params = module.params.copy() # noqa: F405 file_params['path'] = fact_file diff --git a/roles/openshift_health_checker/defaults/main.yml b/roles/openshift_health_checker/defaults/main.yml new file mode 100644 index 000000000..f25a0dc79 --- /dev/null +++ b/roles/openshift_health_checker/defaults/main.yml @@ -0,0 +1,6 @@ +--- +openshift_service_type_dict: + origin: origin + openshift-enterprise: atomic-openshift + +openshift_service_type: "{{ openshift_service_type_dict[openshift_deployment_type] }}" diff --git a/roles/openshift_health_checker/openshift_checks/package_availability.py b/roles/openshift_health_checker/openshift_checks/package_availability.py index 090e438ff..980e23f27 100644 --- a/roles/openshift_health_checker/openshift_checks/package_availability.py +++ b/roles/openshift_health_checker/openshift_checks/package_availability.py @@ -15,7 +15,9 @@ class PackageAvailability(NotContainerizedMixin, OpenShiftCheck): return super(PackageAvailability, self).is_active() and self.get_var("ansible_pkg_mgr") == "yum" def run(self): - rpm_prefix = self.get_var("openshift", "common", "service_type") + rpm_prefix = self.get_var("openshift_service_type") + if self._templar is not None: + rpm_prefix = self._templar.template(rpm_prefix) group_names = self.get_var("group_names", default=[]) packages = set() diff --git a/roles/openshift_health_checker/openshift_checks/package_version.py b/roles/openshift_health_checker/openshift_checks/package_version.py index 13a91dadf..f3a628e28 100644 --- a/roles/openshift_health_checker/openshift_checks/package_version.py +++ b/roles/openshift_health_checker/openshift_checks/package_version.py @@ -41,7 +41,9 @@ class PackageVersion(NotContainerizedMixin, OpenShiftCheck): return super(PackageVersion, self).is_active() and master_or_node def run(self): - rpm_prefix = self.get_var("openshift", "common", "service_type") + rpm_prefix = self.get_var("openshift_service_type") + if self._templar is not None: + rpm_prefix = self._templar.template(rpm_prefix) openshift_release = self.get_var("openshift_release", default='') deployment_type = self.get_var("openshift_deployment_type") check_multi_minor_release = deployment_type in ['openshift-enterprise'] diff --git a/roles/openshift_health_checker/test/docker_image_availability_test.py b/roles/openshift_health_checker/test/docker_image_availability_test.py index ec46c3b4b..fc333dfd4 100644 --- a/roles/openshift_health_checker/test/docker_image_availability_test.py +++ b/roles/openshift_health_checker/test/docker_image_availability_test.py @@ -8,12 +8,12 @@ def task_vars(): return dict( openshift=dict( common=dict( - service_type='origin', is_containerized=False, is_atomic=False, ), docker=dict(), ), + openshift_service_type='origin', openshift_deployment_type='origin', openshift_image_tag='', group_names=['oo_nodes_to_config', 'oo_masters_to_config'], diff --git a/roles/openshift_health_checker/test/etcd_traffic_test.py b/roles/openshift_health_checker/test/etcd_traffic_test.py index dd6f4ad81..a29dc166b 100644 --- a/roles/openshift_health_checker/test/etcd_traffic_test.py +++ b/roles/openshift_health_checker/test/etcd_traffic_test.py @@ -37,8 +37,9 @@ def test_log_matches_high_traffic_msg(group_names, matched, failed, extra_words) task_vars = dict( group_names=group_names, openshift=dict( - common=dict(service_type="origin", is_containerized=False), - ) + common=dict(is_containerized=False), + ), + openshift_service_type="origin" ) result = EtcdTraffic(execute_module, task_vars).run() diff --git a/roles/openshift_health_checker/test/ovs_version_test.py b/roles/openshift_health_checker/test/ovs_version_test.py index 6f0457549..dd98ff4d8 100644 --- a/roles/openshift_health_checker/test/ovs_version_test.py +++ b/roles/openshift_health_checker/test/ovs_version_test.py @@ -10,10 +10,11 @@ def test_openshift_version_not_supported(): openshift_release = '111.7.0' task_vars = dict( - openshift=dict(common=dict(service_type='origin')), + openshift=dict(common=dict()), openshift_release=openshift_release, openshift_image_tag='v' + openshift_release, openshift_deployment_type='origin', + openshift_service_type='origin' ) with pytest.raises(OpenShiftCheckException) as excinfo: @@ -27,9 +28,10 @@ def test_invalid_openshift_release_format(): return {} task_vars = dict( - openshift=dict(common=dict(service_type='origin')), + openshift=dict(common=dict()), openshift_image_tag='v0', openshift_deployment_type='origin', + openshift_service_type='origin' ) with pytest.raises(OpenShiftCheckException) as excinfo: @@ -47,9 +49,10 @@ def test_invalid_openshift_release_format(): ]) def test_ovs_package_version(openshift_release, expected_ovs_version): task_vars = dict( - openshift=dict(common=dict(service_type='origin')), + openshift=dict(common=dict()), openshift_release=openshift_release, openshift_image_tag='v' + openshift_release, + openshift_service_type='origin' ) return_value = {} # note: check.execute_module modifies return hash contents diff --git a/roles/openshift_health_checker/test/package_availability_test.py b/roles/openshift_health_checker/test/package_availability_test.py index 9815acb38..a1e6e0879 100644 --- a/roles/openshift_health_checker/test/package_availability_test.py +++ b/roles/openshift_health_checker/test/package_availability_test.py @@ -19,13 +19,13 @@ def test_is_active(pkg_mgr, is_containerized, is_active): @pytest.mark.parametrize('task_vars,must_have_packages,must_not_have_packages', [ ( - dict(openshift=dict(common=dict(service_type='openshift'))), + dict(openshift_service_type='origin'), set(), set(['openshift-master', 'openshift-node']), ), ( dict( - openshift=dict(common=dict(service_type='origin')), + openshift_service_type='origin', group_names=['oo_masters_to_config'], ), set(['origin-master']), @@ -33,7 +33,7 @@ def test_is_active(pkg_mgr, is_containerized, is_active): ), ( dict( - openshift=dict(common=dict(service_type='atomic-openshift')), + openshift_service_type='atomic-openshift', group_names=['oo_nodes_to_config'], ), set(['atomic-openshift-node']), @@ -41,7 +41,7 @@ def test_is_active(pkg_mgr, is_containerized, is_active): ), ( dict( - openshift=dict(common=dict(service_type='atomic-openshift')), + openshift_service_type='atomic-openshift', group_names=['oo_masters_to_config', 'oo_nodes_to_config'], ), set(['atomic-openshift-master', 'atomic-openshift-node']), diff --git a/roles/openshift_health_checker/test/package_version_test.py b/roles/openshift_health_checker/test/package_version_test.py index 3cf4ce033..ea8e02b97 100644 --- a/roles/openshift_health_checker/test/package_version_test.py +++ b/roles/openshift_health_checker/test/package_version_test.py @@ -4,9 +4,12 @@ from openshift_checks.package_version import PackageVersion, OpenShiftCheckExcep def task_vars_for(openshift_release, deployment_type): + service_type_dict = {'origin': 'origin', + 'openshift-enterprise': 'atomic-openshift'} + service_type = service_type_dict[deployment_type] return dict( ansible_pkg_mgr='yum', - openshift=dict(common=dict(service_type=deployment_type)), + openshift_service_type=service_type, openshift_release=openshift_release, openshift_image_tag='v' + openshift_release, openshift_deployment_type=deployment_type, @@ -29,7 +32,7 @@ def test_openshift_version_not_supported(): def test_invalid_openshift_release_format(): task_vars = dict( ansible_pkg_mgr='yum', - openshift=dict(common=dict(service_type='origin')), + openshift_service_type='origin', openshift_image_tag='v0', openshift_deployment_type='origin', ) diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index e70c0c420..b6501d288 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -27,6 +27,9 @@ openshift_cluster_domain: 'cluster.local' r_openshift_hosted_router_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_openshift_hosted_router_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" +openshift_hosted_router_selector: "{{ openshift_router_selector | default(openshift_hosted_infra_selector) }}" +openshift_hosted_router_namespace: 'default' + openshift_hosted_router_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}" openshift_hosted_router_edits: @@ -40,13 +43,14 @@ openshift_hosted_router_edits: value: 21600 action: put +openshift_hosted_router_registryurl: "{{ openshift_hosted_images_dict[openshift_deployment_type] }}" openshift_hosted_routers: - name: router replicas: "{{ replicas | default(1) }}" namespace: default serviceaccount: router selector: "{{ openshift_hosted_router_selector | default(None) }}" - images: "{{ openshift_hosted_router_image | default(None) }}" + images: "{{ openshift_hosted_router_registryurl }}" edits: "{{ openshift_hosted_router_edits }}" stats_port: 1936 ports: @@ -64,6 +68,11 @@ r_openshift_hosted_router_os_firewall_allow: [] # Registry # ############ +openshift_hosted_registry_selector: "{{ openshift_registry_selector | default(openshift_hosted_infra_selector) }}" +penshift_hosted_registry_registryurl: "{{ openshift_hosted_images_dict[openshift_deployment_type] }}" +openshift_hosted_registry_routecertificates: {} +openshift_hosted_registry_routetermination: "passthrough" + r_openshift_hosted_registry_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" diff --git a/roles/openshift_hosted/filter_plugins/openshift_hosted_filters.py b/roles/openshift_hosted/filter_plugins/openshift_hosted_filters.py index 7f41529ac..003ce5f9e 100644 --- a/roles/openshift_hosted/filter_plugins/openshift_hosted_filters.py +++ b/roles/openshift_hosted/filter_plugins/openshift_hosted_filters.py @@ -12,7 +12,7 @@ class FilterModule(object): def get_router_replicas(replicas=None, router_nodes=None): ''' This function will return the number of replicas based on the results from the defined - openshift.hosted.router.replicas OR + openshift_hosted_router_replicas OR the query from oc_obj on openshift nodes with a selector OR default to 1 diff --git a/roles/openshift_hosted/tasks/registry.yml b/roles/openshift_hosted/tasks/registry.yml index e2e06594b..de302c740 100644 --- a/roles/openshift_hosted/tasks/registry.yml +++ b/roles/openshift_hosted/tasks/registry.yml @@ -6,20 +6,20 @@ check_mode: no - name: setup firewall - include: firewall.yml + import_tasks: firewall.yml vars: l_openshift_hosted_firewall_enabled: "{{ r_openshift_hosted_registry_firewall_enabled }}" l_openshift_hosted_use_firewalld: "{{ r_openshift_hosted_registry_use_firewalld }}" l_openshift_hosted_fw_allow: "{{ r_openshift_hosted_registry_os_firewall_allow }}" l_openshift_hosted_fw_deny: "{{ r_openshift_hosted_registry_os_firewall_deny }}" -- when: openshift.hosted.registry.replicas | default(none) is none +- when: openshift_hosted_registry_replicas | default(none) is none block: - name: Retrieve list of openshift nodes matching registry selector oc_obj: state: list kind: node - selector: "{{ openshift.hosted.registry.selector | default(omit) }}" + selector: "{{ openshift_hosted_registry_selector }}" register: registry_nodes - name: set_fact l_node_count to number of nodes matching registry selector @@ -39,16 +39,13 @@ # just 1: - name: set_fact l_default_replicas when l_node_count > 0 set_fact: - l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}" + l_default_replicas: "{{ l_node_count if openshift_hosted_registry_storage_kind | default(none) is not none else 1 }}" when: l_node_count | int > 0 - name: set openshift_hosted facts set_fact: - openshift_hosted_registry_replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}" - openshift_hosted_registry_namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" - openshift_hosted_registry_selector: "{{ openshift.hosted.registry.selector }}" - openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}" - openshift_hosted_registry_storage_glusterfs_ips: "{%- set gluster_ips = [] %}{% if groups.glusterfs_registry is defined %}{% for node in groups.glusterfs_registry %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% elif groups.glusterfs is defined %}{% for node in groups.glusterfs %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% else %}{{ openshift.hosted.registry.storage.glusterfs.ips }}{% endif %}" + # This determines the gluster_ips to use for the registry by looping over the glusterfs_registry group + openshift_hosted_registry_storage_glusterfs_ips: "{%- set gluster_ips = [] %}{% if groups.glusterfs_registry is defined %}{% for node in groups.glusterfs_registry %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% elif groups.glusterfs is defined %}{% for node in groups.glusterfs %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% else %}{{ openshift_hosted_registry_storage_glusterfs_ips }}{% endif %}" - name: Update registry environment variables when pushing via dns set_fact: @@ -97,16 +94,14 @@ service_type: ClusterIP clusterip: '{{ openshift_hosted_registry_clusterip | default(omit) }}' -- include: secure.yml - static: no +- include_tasks: secure.yml run_once: true when: - not (openshift_docker_hosted_registry_insecure | default(False)) | bool -- include: storage/object_storage.yml - static: no +- include_tasks: storage/object_storage.yml when: - - openshift.hosted.registry.storage.kind | default(none) == 'object' + - openshift_hosted_registry_storage_kind | default(none) == 'object' - name: Update openshift_hosted facts for persistent volumes set_fact: @@ -115,23 +110,23 @@ pvc_volume_mounts: - name: registry-storage type: persistentVolumeClaim - claim_name: "{{ openshift.hosted.registry.storage.volume.name }}-claim" + claim_name: "{{ openshift_hosted_registry_storage_volume_name }}-claim" when: - - openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack', 'glusterfs'] + - openshift_hosted_registry_storage_kind | default(none) in ['nfs', 'openstack', 'glusterfs'] -- include: storage/glusterfs_endpoints.yml +- include_tasks: storage/glusterfs_endpoints.yml when: - openshift_hosted_registry_storage_glusterfs_ips|length > 0 - - openshift.hosted.registry.storage.kind | default(none) in ['glusterfs'] + - openshift_hosted_registry_storage_kind | default(none) in ['glusterfs'] - name: Create OpenShift registry oc_adm_registry: name: "{{ openshift_hosted_registry_name }}" namespace: "{{ openshift_hosted_registry_namespace }}" selector: "{{ openshift_hosted_registry_selector }}" - replicas: "{{ openshift_hosted_registry_replicas }}" + replicas: "{{ openshift_hosted_registry_replicas | default(l_default_replicas) }}" service_account: "{{ openshift_hosted_registry_serviceaccount }}" - images: "{{ openshift_hosted_registry_images }}" + images: "{{ penshift_hosted_registry_registryurl }}" env_vars: "{{ openshift_hosted_registry_env_vars }}" volume_mounts: "{{ openshift_hosted_registry_volumes }}" edits: "{{ openshift_hosted_registry_edits }}" @@ -144,14 +139,14 @@ namespace: "{{ openshift_hosted_registry_namespace }}" - name: Wait for pod (Registry) - include: wait_for_pod.yml + include_tasks: wait_for_pod.yml vars: l_openshift_hosted_wait_for_pod: "{{ openshift_hosted_registry_wait }}" l_openshift_hosted_wfp_items: "{{ r_openshift_hosted_registry_list }}" -- include: storage/glusterfs.yml +- include_tasks: storage/glusterfs.yml when: - - openshift.hosted.registry.storage.kind | default(none) == 'glusterfs' or openshift.hosted.registry.storage.glusterfs.swap + - openshift_hosted_registry_storage_kind | default(none) == 'glusterfs' or openshift_hosted_registry_storage_glusterfs_swap - name: Delete temp directory file: diff --git a/roles/openshift_hosted/tasks/router.yml b/roles/openshift_hosted/tasks/router.yml index dd7053656..4e9219477 100644 --- a/roles/openshift_hosted/tasks/router.yml +++ b/roles/openshift_hosted/tasks/router.yml @@ -1,6 +1,6 @@ --- - name: setup firewall - include: firewall.yml + import_tasks: firewall.yml vars: l_openshift_hosted_firewall_enabled: "{{ r_openshift_hosted_router_firewall_enabled }}" l_openshift_hosted_use_firewalld: "{{ r_openshift_hosted_router_use_firewalld }}" @@ -11,16 +11,14 @@ oc_obj: state: list kind: node - namespace: "{{ openshift.hosted.router.namespace | default('default') }}" - selector: "{{ openshift.hosted.router.selector | default(omit) }}" + namespace: "{{ openshift_hosted_router_namespace }}" + selector: "{{ openshift_hosted_router_selector }}" register: router_nodes - when: openshift.hosted.router.replicas | default(none) is none + when: openshift_hosted_router_replicas | default(none) is none - name: set_fact replicas set_fact: - replicas: "{{ openshift.hosted.router.replicas|default(None) | get_router_replicas(router_nodes) }}" - openshift_hosted_router_selector: "{{ openshift.hosted.router.selector | default(None) }}" - openshift_hosted_router_image: "{{ openshift.hosted.router.registryurl }}" + replicas: "{{ openshift_hosted_router_replicas | default(None) | get_router_replicas(router_nodes) }}" - name: Get the certificate contents for router copy: @@ -42,8 +40,8 @@ signer_key: "{{ openshift_master_config_dir }}/ca.key" signer_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" hostnames: - - "{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" - - "*.{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" + - "{{ openshift_master_default_subdomain }}" + - "*.{{ openshift_master_default_subdomain }}" cert: "{{ openshift_master_config_dir ~ '/openshift-router.crt' }}" key: "{{ openshift_master_config_dir ~ '/openshift-router.key' }}" with_items: "{{ openshift_hosted_routers }}" @@ -102,7 +100,7 @@ with_items: "{{ openshift_hosted_routers }}" - name: Wait for pod (Routers) - include: wait_for_pod.yml + include_tasks: wait_for_pod.yml vars: l_openshift_hosted_wait_for_pod: "{{ openshift_hosted_router_wait }}" l_openshift_hosted_wfp_items: "{{ openshift_hosted_routers }}" diff --git a/roles/openshift_hosted/tasks/secure.yml b/roles/openshift_hosted/tasks/secure.yml index 174bc39a4..378ae32dc 100644 --- a/roles/openshift_hosted/tasks/secure.yml +++ b/roles/openshift_hosted/tasks/secure.yml @@ -1,18 +1,10 @@ --- -- name: Configure facts for docker-registry - set_fact: - openshift_hosted_registry_routecertificates: "{{ ('routecertificates' in openshift.hosted.registry.keys()) | ternary(openshift_hosted_registry_routecertificates, {}) }}" - openshift_hosted_registry_routehost: "{{ ('routehost' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routehost, False) }}" - openshift_hosted_registry_routetermination: "{{ ('routetermination' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routetermination, 'passthrough') }}" - - name: Include reencrypt route configuration - include: secure/reencrypt.yml - static: no + include_tasks: secure/reencrypt.yml when: openshift_hosted_registry_routetermination == 'reencrypt' - name: Include passthrough route configuration - include: secure/passthrough.yml - static: no + include_tasks: secure/passthrough.yml when: openshift_hosted_registry_routetermination == 'passthrough' - name: Fetch the docker-registry route @@ -39,7 +31,7 @@ - "{{ docker_registry_route.results[0].spec.host }}" - "{{ openshift_hosted_registry_name }}.default.svc" - "{{ openshift_hosted_registry_name }}.default.svc.{{ openshift_cluster_domain }}" - - "{{ openshift_hosted_registry_routehost }}" + - "{{ openshift_hosted_registry_routehost | default(omit) }}" cert: "{{ docker_registry_cert_path }}" key: "{{ docker_registry_key_path }}" expire_days: "{{ openshift_hosted_registry_cert_expire_days }}" diff --git a/roles/openshift_hosted/tasks/storage/glusterfs.yml b/roles/openshift_hosted/tasks/storage/glusterfs.yml index 7cae67baa..18b2edcc6 100644 --- a/roles/openshift_hosted/tasks/storage/glusterfs.yml +++ b/roles/openshift_hosted/tasks/storage/glusterfs.yml @@ -17,7 +17,7 @@ until: - "registry_pods.results.results[0]['items'] | count > 0" # There must be as many matching pods with 'Ready' status True as there are expected replicas - - "registry_pods.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == openshift_hosted_registry_replicas | int" + - "registry_pods.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == openshift_hosted_registry_replicas | default(l_default_replicas) | int" delay: 10 retries: "{{ (600 / 10) | int }}" @@ -35,7 +35,7 @@ mount: state: mounted fstype: glusterfs - src: "{% if 'glusterfs_registry' in groups %}{% set node = groups.glusterfs_registry[0] %}{% elif 'glusterfs' in groups %}{% set node = groups.glusterfs[0] %}{% endif %}{% if openshift_hosted_registry_storage_glusterfs_ips is defined and openshift_hosted_registry_storage_glusterfs_ips|length > 0 %}{{ openshift_hosted_registry_storage_glusterfs_ips[0] }}{% elif 'glusterfs_hostname' in hostvars[node] %}{{ hostvars[node].glusterfs_hostname }}{% elif 'openshift' in hostvars[node] %}{{ hostvars[node].openshift.node.nodename }}{% else %}{{ node }}{% endif %}:/{{ openshift.hosted.registry.storage.glusterfs.path }}" + src: "{% if 'glusterfs_registry' in groups %}{% set node = groups.glusterfs_registry[0] %}{% elif 'glusterfs' in groups %}{% set node = groups.glusterfs[0] %}{% endif %}{% if openshift_hosted_registry_storage_glusterfs_ips is defined and openshift_hosted_registry_storage_glusterfs_ips|length > 0 %}{{ openshift_hosted_registry_storage_glusterfs_ips[0] }}{% elif 'glusterfs_hostname' in hostvars[node] %}{{ hostvars[node].glusterfs_hostname }}{% elif 'openshift' in hostvars[node] %}{{ hostvars[node].openshift.node.nodename }}{% else %}{{ node }}{% endif %}:/{{ openshift_hosted_registry_storage_glusterfs_path }}" name: "{{ mktemp.stdout }}" - name: Set registry volume permissions @@ -60,7 +60,7 @@ - name: Copy current registry contents to new GlusterFS volume command: "oc rsync {{ registry_pod_name }}:/registry/ {{ mktemp.stdout }}/" - when: openshift.hosted.registry.storage.glusterfs.swapcopy + when: openshift_hosted_registry_storage_glusterfs_swapcopy - name: Swap new GlusterFS registry volume oc_volume: @@ -68,7 +68,7 @@ name: "{{ openshift_hosted_registry_name }}" vol_name: registry-storage mount_type: pvc - claim_name: "{{ openshift.hosted.registry.storage.volume.name }}-glusterfs-claim" + claim_name: "{{ openshift_hosted_registry_storage_volume_name }}-glusterfs-claim" - name: Deactivate registry maintenance mode oc_env: @@ -77,7 +77,7 @@ state: absent env_vars: - REGISTRY_STORAGE_MAINTENANCE_READONLY_ENABLED: 'true' - when: openshift.hosted.registry.storage.glusterfs.swap + when: openshift_hosted_registry_storage_glusterfs_swap - name: Unmount registry volume and clean up mount point/fstab mount: diff --git a/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml b/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml index 0f4381748..bd7181c17 100644 --- a/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml +++ b/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml @@ -10,7 +10,7 @@ dest: "{{ mktempHosted.stdout }}/glusterfs-registry-service.yml" - name: Create GlusterFS registry service and endpoint - command: "{{ openshift.common.client_binary }} apply -f {{ item }} -n {{ openshift.hosted.registry.namespace | default('default') }}" + command: "{{ openshift.common.client_binary }} apply -f {{ item }} -n {{ openshift_hosted_registry_namespace | default('default') }}" with_items: - "{{ mktempHosted.stdout }}/glusterfs-registry-service.yml" - "{{ mktempHosted.stdout }}/glusterfs-registry-endpoints.yml" diff --git a/roles/openshift_hosted/tasks/storage/object_storage.yml b/roles/openshift_hosted/tasks/storage/object_storage.yml index 8553a8098..a8c26fb51 100644 --- a/roles/openshift_hosted/tasks/storage/object_storage.yml +++ b/roles/openshift_hosted/tasks/storage/object_storage.yml @@ -1,6 +1,6 @@ --- -- include: s3.yml - when: openshift.hosted.registry.storage.provider == 's3' +- include_tasks: s3.yml + when: openshift_hosted_registry_storage_provider == 's3' - name: Ensure the registry secret exists oc_secret: diff --git a/roles/openshift_hosted/tasks/storage/s3.yml b/roles/openshift_hosted/tasks/storage/s3.yml index 8e905d905..4c100ee4e 100644 --- a/roles/openshift_hosted/tasks/storage/s3.yml +++ b/roles/openshift_hosted/tasks/storage/s3.yml @@ -2,8 +2,8 @@ - name: Assert that S3 variables are provided for registry_config template assert: that: - - openshift.hosted.registry.storage.s3.bucket | default(none) is not none - - openshift.hosted.registry.storage.s3.bucket | default(none) is not none + - openshift_hosted_registry_storage_s3_bucket | default(none) is not none + - openshift_hosted_registry_storage_s3_region | default(none) is not none msg: | When using S3 storage, the following variables are required: openshift_hosted_registry_storage_s3_bucket diff --git a/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2 index 607d25533..3c874d910 100644 --- a/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2 +++ b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2 @@ -2,7 +2,7 @@ apiVersion: v1 kind: Endpoints metadata: - name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} + name: {{ openshift_hosted_registry_storage_glusterfs_endpoints }} subsets: - addresses: {% for ip in openshift_hosted_registry_storage_glusterfs_ips %} diff --git a/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2 b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2 index 452c7c3e1..f18c94a4f 100644 --- a/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2 +++ b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2 @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} + name: {{ openshift_hosted_registry_storage_glusterfs_endpoints }} spec: ports: - port: 1 diff --git a/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2 index 607d25533..3c874d910 100644 --- a/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2 +++ b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2 @@ -2,7 +2,7 @@ apiVersion: v1 kind: Endpoints metadata: - name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} + name: {{ openshift_hosted_registry_storage_glusterfs_endpoints }} subsets: - addresses: {% for ip in openshift_hosted_registry_storage_glusterfs_ips %} diff --git a/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2 b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2 index 452c7c3e1..f18c94a4f 100644 --- a/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2 +++ b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2 @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} + name: {{ openshift_hosted_registry_storage_glusterfs_endpoints }} spec: ports: - port: 1 diff --git a/roles/openshift_hosted/templates/v3.8/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_hosted/templates/v3.8/glusterfs-registry-endpoints.yml.j2 new file mode 100644 index 000000000..3c874d910 --- /dev/null +++ b/roles/openshift_hosted/templates/v3.8/glusterfs-registry-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ openshift_hosted_registry_storage_glusterfs_endpoints }} +subsets: +- addresses: +{% for ip in openshift_hosted_registry_storage_glusterfs_ips %} + - ip: {{ ip }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_hosted/templates/v3.8/glusterfs-registry-service.yml.j2 b/roles/openshift_hosted/templates/v3.8/glusterfs-registry-service.yml.j2 new file mode 100644 index 000000000..f18c94a4f --- /dev/null +++ b/roles/openshift_hosted/templates/v3.8/glusterfs-registry-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ openshift_hosted_registry_storage_glusterfs_endpoints }} +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_hosted/templates/v3.9/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_hosted/templates/v3.9/glusterfs-registry-endpoints.yml.j2 new file mode 100644 index 000000000..3c874d910 --- /dev/null +++ b/roles/openshift_hosted/templates/v3.9/glusterfs-registry-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ openshift_hosted_registry_storage_glusterfs_endpoints }} +subsets: +- addresses: +{% for ip in openshift_hosted_registry_storage_glusterfs_ips %} + - ip: {{ ip }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_hosted/templates/v3.9/glusterfs-registry-service.yml.j2 b/roles/openshift_hosted/templates/v3.9/glusterfs-registry-service.yml.j2 new file mode 100644 index 000000000..f18c94a4f --- /dev/null +++ b/roles/openshift_hosted/templates/v3.9/glusterfs-registry-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ openshift_hosted_registry_storage_glusterfs_endpoints }} +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_hosted_facts/tasks/main.yml b/roles/openshift_hosted_facts/tasks/main.yml index 8fc70cecb..ed97d539c 100644 --- a/roles/openshift_hosted_facts/tasks/main.yml +++ b/roles/openshift_hosted_facts/tasks/main.yml @@ -1,19 +1 @@ --- -# openshift_*_selector variables have been deprecated in favor of -# openshift_hosted_*_selector variables. -- set_fact: - openshift_hosted_router_selector: "{{ openshift_router_selector | default(openshift_hosted_infra_selector) }}" - when: openshift_hosted_router_selector is not defined and openshift_hosted_infra_selector is defined -- set_fact: - openshift_hosted_registry_selector: "{{ openshift_registry_selector | default(openshift_hosted_infra_selector) }}" - when: openshift_hosted_registry_selector is not defined and openshift_hosted_infra_selector is defined - -- name: Set hosted facts - openshift_facts: - role: "{{ item }}" - openshift_env: "{{ hostvars - | oo_merge_hostvars(vars, inventory_hostname) - | oo_openshift_env }}" - openshift_env_structures: - - 'openshift.hosted.router.*' - with_items: [hosted, logging, loggingops, metrics, prometheus] diff --git a/roles/openshift_hosted_metrics/README.md b/roles/openshift_hosted_metrics/README.md deleted file mode 100644 index c2af3c494..000000000 --- a/roles/openshift_hosted_metrics/README.md +++ /dev/null @@ -1,54 +0,0 @@ -OpenShift Metrics with Hawkular -==================== - -OpenShift Metrics Installation - -Requirements ------------- - -* Ansible 2.2 -* It requires subdomain fqdn to be set. -* If persistence is enabled, then it also requires NFS. - -Role Variables --------------- - -From this role: - -| Name | Default value | | -|-------------------------------------------------|-----------------------|-------------------------------------------------------------| -| openshift_hosted_metrics_deploy | `False` | If metrics should be deployed | -| openshift_hosted_metrics_public_url | null | Hawkular metrics public url | -| openshift_hosted_metrics_storage_nfs_directory | `/exports` | Root export directory. | -| openshift_hosted_metrics_storage_volume_name | `metrics` | Metrics volume within openshift_hosted_metrics_volume_dir | -| openshift_hosted_metrics_storage_volume_size | `10Gi` | Metrics volume size | -| openshift_hosted_metrics_storage_nfs_options | `*(rw,root_squash)` | NFS options for configured exports. | -| openshift_hosted_metrics_duration | `7` | Metrics query duration | -| openshift_hosted_metrics_resolution | `10s` | Metrics resolution | - - -Dependencies ------------- -openshift_facts -openshift_examples -openshift_master_facts - -Example Playbook ----------------- - -``` -- name: Configure openshift-metrics - hosts: oo_first_master - roles: - - role: openshift_hosted_metrics -``` - -License -------- - -Apache License, Version 2.0 - -Author Information ------------------- - -Jose David MartÃn (j.david.nieto@gmail.com) diff --git a/roles/openshift_hosted_metrics/defaults/main.yml b/roles/openshift_hosted_metrics/defaults/main.yml deleted file mode 100644 index a01f24df8..000000000 --- a/roles/openshift_hosted_metrics/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -hosted_base: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/hosted" diff --git a/roles/openshift_hosted_metrics/handlers/main.yml b/roles/openshift_hosted_metrics/handlers/main.yml deleted file mode 100644 index 074b72942..000000000 --- a/roles/openshift_hosted_metrics/handlers/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: restart master api - systemd: name={{ openshift.common.service_type }}-master-api state=restarted - when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - notify: Verify API Server - -# We retry the controllers because the API may not be 100% initialized yet. -- name: restart master controllers - command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" - retries: 3 - delay: 5 - register: result - until: result.rc == 0 - when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - -- name: Verify API Server - # Using curl here since the uri module requires python-httplib2 and - # wait_for port doesn't provide health information. - command: > - curl --silent --tlsv1.2 - --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {{ openshift.master.api_url }}/healthz/ready - args: - # Disables the following warning: - # Consider using get_url or uri module rather than running curl - warn: no - register: api_available_output - until: api_available_output.stdout == 'ok' - retries: 120 - delay: 1 - changed_when: false diff --git a/roles/openshift_hosted_metrics/meta/main.yaml b/roles/openshift_hosted_metrics/meta/main.yaml deleted file mode 100644 index debca3ca6..000000000 --- a/roles/openshift_hosted_metrics/meta/main.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -galaxy_info: - author: David MartÃn - description: - company: - license: Apache License, Version 2.0 - min_ansible_version: 2.2 - platforms: - - name: EL - versions: - - 7 - categories: - - cloud - - system -dependencies: -- { role: openshift_examples } -- { role: openshift_facts } -- { role: openshift_master_facts } diff --git a/roles/openshift_hosted_metrics/tasks/install.yml b/roles/openshift_hosted_metrics/tasks/install.yml deleted file mode 100644 index 15dd1bd54..000000000 --- a/roles/openshift_hosted_metrics/tasks/install.yml +++ /dev/null @@ -1,132 +0,0 @@ ---- - -- name: Test if metrics-deployer service account exists - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_metrics_kubeconfig }} - --namespace=openshift-infra - get serviceaccount metrics-deployer -o json - register: serviceaccount - changed_when: false - failed_when: false - -- name: Create metrics-deployer Service Account - shell: > - echo {{ metrics_deployer_sa | to_json | quote }} | - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_metrics_kubeconfig }} - --namespace openshift-infra - create -f - - when: serviceaccount.rc == 1 - -- name: Test edit permissions - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_metrics_kubeconfig }} - --namespace openshift-infra - get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}' - register: edit_rolebindings - changed_when: false - -- name: Add edit permission to the openshift-infra project to metrics-deployer SA - command: > - {{ openshift.common.client_binary }} adm - --config={{ openshift_hosted_metrics_kubeconfig }} - --namespace openshift-infra - policy add-role-to-user edit - system:serviceaccount:openshift-infra:metrics-deployer - when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout" - -- name: Test hawkular view permissions - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_metrics_kubeconfig }} - --namespace openshift-infra - get rolebindings -o jsonpath='{.items[?(@.metadata.name == "view")].userNames}' - register: view_rolebindings - changed_when: false - -- name: Add view permissions to hawkular SA - command: > - {{ openshift.common.client_binary }} adm - --config={{ openshift_hosted_metrics_kubeconfig }} - --namespace openshift-infra - policy add-role-to-user view - system:serviceaccount:openshift-infra:hawkular - when: "'system:serviceaccount:openshift-infra:hawkular' not in view_rolebindings" - -- name: Test cluster-reader permissions - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_metrics_kubeconfig }} - --namespace openshift-infra - get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}' - register: cluster_reader_clusterrolebindings - changed_when: false - -- name: Add cluster-reader permission to the openshift-infra project to heapster SA - command: > - {{ openshift.common.client_binary }} adm - --config={{ openshift_hosted_metrics_kubeconfig }} - --namespace openshift-infra - policy add-cluster-role-to-user cluster-reader - system:serviceaccount:openshift-infra:heapster - when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout" - -- name: Create metrics-deployer secret - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_metrics_kubeconfig }} - --namespace openshift-infra - secrets new metrics-deployer nothing=/dev/null - register: metrics_deployer_secret - changed_when: metrics_deployer_secret.rc == 0 - failed_when: metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr - -# TODO: extend this to allow user passed in certs or generating cert with -# OpenShift CA -- name: Build metrics deployer command - set_fact: - deployer_cmd: "{{ openshift.common.client_binary }} process -f \ - {{ hosted_base }}/metrics-deployer.yaml -v \ - HAWKULAR_METRICS_HOSTNAME={{ g_metrics_hostname }} \ - -v USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }} \ - -v DYNAMICALLY_PROVISION_STORAGE={{metrics_dynamic_vol | string | lower }} \ - -v METRIC_DURATION={{ openshift.hosted.metrics.duration }} \ - -v METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} - {{ image_prefix }} \ - {{ image_version }} \ - -v MODE={{ deployment_mode }} \ - | {{ openshift.common.client_binary }} --namespace openshift-infra \ - --config={{ openshift_hosted_metrics_kubeconfig }} \ - create -o name -f -" - -- name: Deploy Metrics - shell: "{{ deployer_cmd }}" - register: deploy_metrics - failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0" - changed_when: deploy_metrics.rc == 0 - -- set_fact: - deployer_pod: "{{ deploy_metrics.stdout[1:2] }}" - -# TODO: re-enable this once the metrics deployer validation issue is fixed -# when using dynamically provisioned volumes -- name: "Wait for image pull and deployer pod" - shell: > - {{ openshift.common.client_binary }} - --namespace openshift-infra - --config={{ openshift_hosted_metrics_kubeconfig }} - get {{ deploy_metrics.stdout }} - register: deploy_result - until: "{{ 'Completed' in deploy_result.stdout }}" - failed_when: False - retries: 60 - delay: 10 - -- name: Configure master for metrics - modify_yaml: - dest: "{{ openshift.common.config_base }}/master/master-config.yaml" - yaml_key: assetConfig.metricsPublicURL - yaml_value: "{{ openshift_hosted_metrics_deploy_url }}" - notify: restart master diff --git a/roles/openshift_hosted_metrics/tasks/main.yaml b/roles/openshift_hosted_metrics/tasks/main.yaml deleted file mode 100644 index 5ce8aa92b..000000000 --- a/roles/openshift_hosted_metrics/tasks/main.yaml +++ /dev/null @@ -1,75 +0,0 @@ ---- -- name: Create temp directory for kubeconfig - command: mktemp -d /tmp/openshift-ansible-XXXXXX - register: mktemp - changed_when: False - -- name: Record kubeconfig tmp dir - set_fact: - openshift_hosted_metrics_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" - -- name: Copy the admin client config(s) - command: > - cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_metrics_kubeconfig }} - changed_when: False - -- name: Set hosted metrics facts - openshift_facts: - role: hosted - openshift_env: "{{ hostvars - | oo_merge_hostvars(vars, inventory_hostname) - | oo_openshift_env }}" - openshift_env_structures: - - 'openshift.hosted.metrics.*' - -- set_fact: - metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}" - metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}" - metrics_template_dir: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" - image_prefix: "{{ '-v IMAGE_PREFIX=' ~ openshift.hosted.metrics.deployer.prefix if 'prefix' in openshift.hosted.metrics.deployer else '' }}" - image_version: "{{ '-v IMAGE_VERSION=' ~ openshift.hosted.metrics.deployer.version if 'version' in openshift.hosted.metrics.deployer else '' }}" - - -- name: Check for existing metrics pods - shell: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_metrics_kubeconfig }} - --namespace openshift-infra - get pods -l {{ item }} | grep -q Running - register: metrics_pods_status - with_items: - - metrics-infra=hawkular-metrics - - metrics-infra=heapster - - metrics-infra=hawkular-cassandra - failed_when: false - changed_when: false - -- name: Check for previous deployer - shell: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_metrics_kubeconfig }} - --namespace openshift-infra - get pods -l metrics-infra=deployer --sort-by='{.metadata.creationTimestamp}' | tail -1 | grep metrics-deployer- - register: metrics_deployer_status - failed_when: false - changed_when: false - -- name: Record current deployment status - set_fact: - greenfield: "{{ not metrics_deployer_status.rc == 0 }}" - failed_error: "{{ True if 'Error' in metrics_deployer_status.stdout else False }}" - metrics_running: "{{ metrics_pods_status.results | oo_collect(attribute='rc') == [0,0,0] }}" - -- name: Set deployment mode - set_fact: - deployment_mode: "{{ 'refresh' if (failed_error | bool or metrics_upgrade | bool) else 'deploy' }}" - -# TODO: handle non greenfield deployments in the future -- include: install.yml - when: greenfield - -- name: Delete temp directory - file: - name: "{{ mktemp.stdout }}" - state: absent - changed_when: False diff --git a/roles/openshift_hosted_metrics/vars/main.yaml b/roles/openshift_hosted_metrics/vars/main.yaml deleted file mode 100644 index 6c207d6ac..000000000 --- a/roles/openshift_hosted_metrics/vars/main.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -hawkular_permission_oc_commands: - - policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer -n openshift-infra - - policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:heapster - -metrics_deployer_sa: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: metrics-deployer - secrets: - - name: metrics-deployer - - -hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig - -hawkular_persistence: "{% if openshift.hosted.metrics.storage.kind != None %}true{% else %}false{% endif %}" - -hawkular_type: "{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" - -metrics_upgrade: openshift.hosted.metrics.upgrade | default(False) diff --git a/roles/openshift_loadbalancer/templates/haproxy.docker.service.j2 b/roles/openshift_loadbalancer/templates/haproxy.docker.service.j2 index 57121447d..0343a7eb0 100644 --- a/roles/openshift_loadbalancer/templates/haproxy.docker.service.j2 +++ b/roles/openshift_loadbalancer/templates/haproxy.docker.service.j2 @@ -5,7 +5,7 @@ PartOf={{ openshift_docker_service_name }}.service [Service] ExecStartPre=-/usr/bin/docker rm -f openshift_loadbalancer -ExecStart=/usr/bin/docker run --rm --name openshift_loadbalancer -p {{ openshift_master_api_port | default(8443) }}:{{ openshift_master_api_port | default(8443) }} -v /etc/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg:ro --entrypoint=haproxy {{ openshift.common.router_image }}:{{ openshift_image_tag }} -f /etc/haproxy/haproxy.cfg +ExecStart=/usr/bin/docker run --rm --name openshift_loadbalancer {% for frontend in openshift_loadbalancer_frontends %} {% for bind in frontend.binds %} -p {{ bind |regex_replace('^[^:]*:(\d+).*$', '\\1') }}:{{ bind |regex_replace('^[^:]*:(\d+).*$', '\\1') }} {% endfor %} {% endfor %} -v /etc/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg:ro --entrypoint=haproxy {{ openshift.common.router_image }}:{{ openshift_image_tag }} -f /etc/haproxy/haproxy.cfg ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop openshift_loadbalancer LimitNOFILE={{ openshift_loadbalancer_limit_nofile | default(100000) }} diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 497c6e0c5..2f1aa061f 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -28,7 +28,7 @@ openshift_logging_curator_ops_memory_limit: 256Mi openshift_logging_curator_ops_cpu_request: 100m openshift_logging_curator_ops_nodeselector: {} -openshift_logging_kibana_hostname: "{{ 'kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" +openshift_logging_kibana_hostname: "{{ 'kibana.' ~ openshift_master_default_subdomain }}" openshift_logging_kibana_cpu_limit: null openshift_logging_kibana_memory_limit: 736Mi openshift_logging_kibana_cpu_request: 100m @@ -54,7 +54,7 @@ openshift_logging_kibana_key: "" #for the public facing kibana certs openshift_logging_kibana_ca: "" -openshift_logging_kibana_ops_hostname: "{{ 'kibana-ops.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" +openshift_logging_kibana_ops_hostname: "{{ 'kibana-ops.' ~ openshift_master_default_subdomain }}" openshift_logging_kibana_ops_cpu_limit: null openshift_logging_kibana_ops_memory_limit: 736Mi openshift_logging_kibana_ops_cpu_request: 100m @@ -109,7 +109,7 @@ openshift_logging_es_config: {} # for exposing es to external (outside of the cluster) clients openshift_logging_es_allow_external: False -openshift_logging_es_hostname: "{{ 'es.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" +openshift_logging_es_hostname: "{{ 'es.' ~ openshift_master_default_subdomain }}" #The absolute path on the control node to the cert file to use #for the public facing es certs @@ -145,7 +145,7 @@ openshift_logging_es_ops_nodeselector: {} # for exposing es-ops to external (outside of the cluster) clients openshift_logging_es_ops_allow_external: False -openshift_logging_es_ops_hostname: "{{ 'es-ops.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" +openshift_logging_es_ops_hostname: "{{ 'es-ops.' ~ openshift_master_default_subdomain }}" #The absolute path on the control node to the cert file to use #for the public facing es-ops certs @@ -165,7 +165,7 @@ openshift_logging_storage_access_modes: ['ReadWriteOnce'] # mux - secure_forward listener service openshift_logging_mux_allow_external: False openshift_logging_use_mux: "{{ openshift_logging_mux_allow_external | default(False) }}" -openshift_logging_mux_hostname: "{{ 'mux.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" +openshift_logging_mux_hostname: "{{ 'mux.' ~ openshift_master_default_subdomain}}" openshift_logging_mux_port: 24284 openshift_logging_mux_cpu_limit: null openshift_logging_mux_memory_limit: 512Mi diff --git a/roles/openshift_logging/handlers/main.yml b/roles/openshift_logging/handlers/main.yml index 074b72942..1f4b5a116 100644 --- a/roles/openshift_logging/handlers/main.yml +++ b/roles/openshift_logging/handlers/main.yml @@ -1,17 +1,17 @@ --- - name: restart master api - systemd: name={{ openshift.common.service_type }}-master-api state=restarted - when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + systemd: name={{ openshift_service_type }}-master-api state=restarted + when: (not (master_api_service_status_changed | default(false) | bool)) notify: Verify API Server # We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + command: "systemctl restart {{ openshift_service_type }}-master-controllers" retries: 3 delay: 5 register: result until: result.rc == 0 - when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + when: (not (master_controllers_service_status_changed | default(false) | bool)) - name: Verify API Server # Using curl here since the uri module requires python-httplib2 and diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml index f526fd734..082c0128f 100644 --- a/roles/openshift_logging/tasks/generate_certs.yaml +++ b/roles/openshift_logging/tasks/generate_certs.yaml @@ -36,7 +36,7 @@ - top_dir: '{{generated_certs_dir}}' when: not signing_conf_file.stat.exists -- include: procure_server_certs.yaml +- include_tasks: procure_server_certs.yaml loop_control: loop_var: cert_info with_items: @@ -45,7 +45,7 @@ - procure_component: kibana-internal hostnames: "kibana, kibana-ops, {{openshift_logging_kibana_hostname}}, {{openshift_logging_kibana_ops_hostname}}" -- include: procure_server_certs.yaml +- include_tasks: procure_server_certs.yaml loop_control: loop_var: cert_info with_items: @@ -53,14 +53,14 @@ hostnames: "logging-mux, {{openshift_logging_mux_hostname}}" when: openshift_logging_use_mux | bool -- include: procure_shared_key.yaml +- include_tasks: procure_shared_key.yaml loop_control: loop_var: shared_key_info with_items: - procure_component: mux when: openshift_logging_use_mux | bool -- include: procure_server_certs.yaml +- include_tasks: procure_server_certs.yaml loop_control: loop_var: cert_info with_items: @@ -68,7 +68,7 @@ hostnames: "es, {{openshift_logging_es_hostname}}" when: openshift_logging_es_allow_external | bool -- include: procure_server_certs.yaml +- include_tasks: procure_server_certs.yaml loop_control: loop_var: cert_info with_items: @@ -109,7 +109,7 @@ - not ca_cert_srl_file.stat.exists - name: Generate PEM certs - include: generate_pems.yaml component={{node_name}} + include_tasks: generate_pems.yaml component={{node_name}} with_items: - system.logging.fluentd - system.logging.kibana @@ -119,7 +119,7 @@ loop_var: node_name - name: Generate PEM cert for mux - include: generate_pems.yaml component={{node_name}} + include_tasks: generate_pems.yaml component={{node_name}} with_items: - system.logging.mux loop_control: @@ -127,7 +127,7 @@ when: openshift_logging_use_mux | bool - name: Generate PEM cert for Elasticsearch external route - include: generate_pems.yaml component={{node_name}} + include_tasks: generate_pems.yaml component={{node_name}} with_items: - system.logging.es loop_control: @@ -135,7 +135,7 @@ when: openshift_logging_es_allow_external | bool - name: Creating necessary JKS certs - include: generate_jks.yaml + include_tasks: generate_jks.yaml # TODO: make idempotent - name: Generate proxy session diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 2fefdc894..bb8ebec6b 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -52,7 +52,7 @@ changed_when: False check_mode: no -- include: generate_certs.yaml +- include_tasks: generate_certs.yaml vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" @@ -250,7 +250,7 @@ when: - openshift_logging_use_ops | bool -- include: annotate_ops_projects.yaml +- include_tasks: annotate_ops_projects.yaml ## Curator - include_role: @@ -311,4 +311,4 @@ openshift_logging_install_eventrouter | default(false) | bool -- include: update_master_config.yaml +- include_tasks: update_master_config.yaml diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml index 7f8e88036..91db457d1 100644 --- a/roles/openshift_logging/tasks/main.yaml +++ b/roles/openshift_logging/tasks/main.yaml @@ -19,11 +19,11 @@ check_mode: no become: no -- include: install_logging.yaml +- include_tasks: install_logging.yaml when: - openshift_logging_install_logging | default(false) | bool -- include: delete_logging.yaml +- include_tasks: delete_logging.yaml when: - not openshift_logging_install_logging | default(false) | bool diff --git a/roles/openshift_logging_curator/meta/main.yaml b/roles/openshift_logging_curator/meta/main.yaml index 6752fb7f9..d4635aab0 100644 --- a/roles/openshift_logging_curator/meta/main.yaml +++ b/roles/openshift_logging_curator/meta/main.yaml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: lib_openshift +- role: openshift_facts diff --git a/roles/openshift_logging_curator/tasks/main.yaml b/roles/openshift_logging_curator/tasks/main.yaml index 7ddf57450..e7ef5ff22 100644 --- a/roles/openshift_logging_curator/tasks/main.yaml +++ b/roles/openshift_logging_curator/tasks/main.yaml @@ -12,7 +12,7 @@ openshift_logging_curator_image_prefix: "{{ openshift_logging_curator_image_prefix | default(__openshift_logging_curator_image_prefix) }}" openshift_logging_curator_image_version: "{{ openshift_logging_curator_image_version | default(__openshift_logging_curator_image_version) }}" -- include: determine_version.yaml +- include_tasks: determine_version.yaml # allow passing in a tempdir - name: Create temp directory for doing work in diff --git a/roles/openshift_logging_elasticsearch/meta/main.yaml b/roles/openshift_logging_elasticsearch/meta/main.yaml index 097270772..6a9a6539c 100644 --- a/roles/openshift_logging_elasticsearch/meta/main.yaml +++ b/roles/openshift_logging_elasticsearch/meta/main.yaml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: lib_openshift +- role: openshift_facts diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index 770892d52..8f2050043 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -30,7 +30,7 @@ openshift_logging_elasticsearch_image_prefix: "{{ openshift_logging_elasticsearch_image_prefix | default(__openshift_logging_elasticsearch_image_prefix) }}" openshift_logging_elasticsearch_image_version: "{{ openshift_logging_elasticsearch_image_version | default(__openshift_logging_elasticsearch_image_version) }}" -- include: determine_version.yaml +- include_tasks: determine_version.yaml # allow passing in a tempdir - name: Create temp directory for doing work in diff --git a/roles/openshift_logging_eventrouter/tasks/main.yaml b/roles/openshift_logging_eventrouter/tasks/main.yaml index b1f93eeb9..96b181d61 100644 --- a/roles/openshift_logging_eventrouter/tasks/main.yaml +++ b/roles/openshift_logging_eventrouter/tasks/main.yaml @@ -12,8 +12,8 @@ openshift_logging_eventrouter_image_prefix: "{{ openshift_logging_eventrouter_image_prefix | default(__openshift_logging_eventrouter_image_prefix) }}" openshift_logging_eventrouter_image_version: "{{ openshift_logging_eventrouter_image_version | default(__openshift_logging_eventrouter_image_version) }}" -- include: "{{ role_path }}/tasks/install_eventrouter.yaml" +- include_tasks: install_eventrouter.yaml when: openshift_logging_install_eventrouter | default(false) | bool -- include: "{{ role_path }}/tasks/delete_eventrouter.yaml" +- include_tasks: delete_eventrouter.yaml when: not openshift_logging_install_eventrouter | default(false) | bool diff --git a/roles/openshift_logging_fluentd/meta/main.yaml b/roles/openshift_logging_fluentd/meta/main.yaml index 2003aacb2..89c98204f 100644 --- a/roles/openshift_logging_fluentd/meta/main.yaml +++ b/roles/openshift_logging_fluentd/meta/main.yaml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: lib_openshift +- role: openshift_facts diff --git a/roles/openshift_logging_fluentd/tasks/main.yaml b/roles/openshift_logging_fluentd/tasks/main.yaml index f8683ab75..87eedfb4b 100644 --- a/roles/openshift_logging_fluentd/tasks/main.yaml +++ b/roles/openshift_logging_fluentd/tasks/main.yaml @@ -47,7 +47,7 @@ openshift_logging_fluentd_image_prefix: "{{ openshift_logging_fluentd_image_prefix | default(__openshift_logging_fluentd_image_prefix) }}" openshift_logging_fluentd_image_version: "{{ openshift_logging_fluentd_image_version | default(__openshift_logging_fluentd_image_version) }}" -- include: determine_version.yaml +- include_tasks: determine_version.yaml # allow passing in a tempdir - name: Create temp directory for doing work in @@ -216,7 +216,7 @@ openshift_logging_fluentd_hosts: "{{ fluentd_hosts.results.results[0]['items'] | map(attribute='metadata.name') | list }}" when: "'--all' in openshift_logging_fluentd_hosts" -- include: label_and_wait.yaml +- include_tasks: label_and_wait.yaml vars: node: "{{ fluentd_host }}" with_items: "{{ openshift_logging_fluentd_hosts }}" diff --git a/roles/openshift_logging_kibana/defaults/main.yml b/roles/openshift_logging_kibana/defaults/main.yml index 6cdf7c8f3..899193838 100644 --- a/roles/openshift_logging_kibana/defaults/main.yml +++ b/roles/openshift_logging_kibana/defaults/main.yml @@ -10,7 +10,7 @@ openshift_logging_kibana_cpu_limit: null openshift_logging_kibana_cpu_request: 100m openshift_logging_kibana_memory_limit: 736Mi -openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}" +openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ openshift_master_default_subdomain) }}" openshift_logging_kibana_es_host: "logging-es" openshift_logging_kibana_es_port: 9200 diff --git a/roles/openshift_logging_kibana/meta/main.yaml b/roles/openshift_logging_kibana/meta/main.yaml index 89e08abc0..d97586a37 100644 --- a/roles/openshift_logging_kibana/meta/main.yaml +++ b/roles/openshift_logging_kibana/meta/main.yaml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: lib_openshift +- role: openshift_facts diff --git a/roles/openshift_logging_kibana/tasks/main.yaml b/roles/openshift_logging_kibana/tasks/main.yaml index 9d99114c5..77bf8042a 100644 --- a/roles/openshift_logging_kibana/tasks/main.yaml +++ b/roles/openshift_logging_kibana/tasks/main.yaml @@ -15,7 +15,7 @@ openshift_logging_kibana_proxy_image_prefix: "{{ openshift_logging_kibana_proxy_image_prefix | default(__openshift_logging_kibana_proxy_image_prefix) }}" openshift_logging_kibana_proxy_image_version: "{{ openshift_logging_kibana_proxy_image_version | default(__openshift_logging_kibana_proxy_image_version) }}" -- include: determine_version.yaml +- include_tasks: determine_version.yaml # allow passing in a tempdir - name: Create temp directory for doing work in diff --git a/roles/openshift_logging_mux/defaults/main.yml b/roles/openshift_logging_mux/defaults/main.yml index cd15da939..1e6c501bf 100644 --- a/roles/openshift_logging_mux/defaults/main.yml +++ b/roles/openshift_logging_mux/defaults/main.yml @@ -28,7 +28,7 @@ openshift_logging_mux_journal_read_from_head: "{{ openshift_hosted_logging_journ openshift_logging_mux_allow_external: False openshift_logging_use_mux: "{{ openshift_logging_mux_allow_external | default(False) }}" -openshift_logging_mux_hostname: "{{ 'mux.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" +openshift_logging_mux_hostname: "{{ 'mux.' ~ openshift_master_default_subdomain }}" openshift_logging_mux_port: 24284 # the namespace to use for undefined projects should come first, followed by any # additional namespaces to create by default - users will typically not need to set this diff --git a/roles/openshift_logging_mux/meta/main.yaml b/roles/openshift_logging_mux/meta/main.yaml index f40beb79d..f271d8d7d 100644 --- a/roles/openshift_logging_mux/meta/main.yaml +++ b/roles/openshift_logging_mux/meta/main.yaml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: lib_openshift +- role: openshift_facts diff --git a/roles/openshift_logging_mux/tasks/main.yaml b/roles/openshift_logging_mux/tasks/main.yaml index 242d92188..68948bce2 100644 --- a/roles/openshift_logging_mux/tasks/main.yaml +++ b/roles/openshift_logging_mux/tasks/main.yaml @@ -20,7 +20,7 @@ openshift_logging_mux_image_prefix: "{{ openshift_logging_mux_image_prefix | default(__openshift_logging_mux_image_prefix) }}" openshift_logging_mux_image_version: "{{ openshift_logging_mux_image_version | default(__openshift_logging_mux_image_version) }}" -- include: determine_version.yaml +- include_tasks: determine_version.yaml # allow passing in a tempdir - name: Create temp directory for doing work in diff --git a/roles/openshift_management/tasks/main.yml b/roles/openshift_management/tasks/main.yml index 3bade9e8c..f212dba7c 100644 --- a/roles/openshift_management/tasks/main.yml +++ b/roles/openshift_management/tasks/main.yml @@ -3,7 +3,7 @@ # Users, projects, and privileges - name: Run pre-install Management validation checks - include: validate.yml + include_tasks: validate.yml # This creates a service account allowing Container Provider # integration (managing OCP/Origin via MIQ/Management) @@ -18,18 +18,18 @@ display_name: "{{ openshift_management_project_description }}" - name: Create and Authorize Management Accounts - include: accounts.yml + include_tasks: accounts.yml ###################################################################### # STORAGE - Initialize basic storage class - name: Determine the correct NFS host if required - include: storage/nfs_server.yml + include_tasks: storage/nfs_server.yml when: openshift_management_storage_class in ['nfs', 'nfs_external'] #--------------------------------------------------------------------- # * nfs - set up NFS shares on the first master for a proof of concept - name: Create required NFS exports for Management app storage - include: storage/nfs.yml + include_tasks: storage/nfs.yml when: openshift_management_storage_class == 'nfs' #--------------------------------------------------------------------- @@ -56,14 +56,14 @@ ###################################################################### # APPLICATION TEMPLATE - name: Install the Management app and PV templates - include: template.yml + include_tasks: template.yml ###################################################################### # APP & DB Storage # For local/external NFS backed installations - name: "Create the required App and DB PVs using {{ openshift_management_storage_class }}" - include: storage/create_nfs_pvs.yml + include_tasks: storage/create_nfs_pvs.yml when: - openshift_management_storage_class in ['nfs', 'nfs_external'] diff --git a/roles/openshift_management/tasks/storage/storage.yml b/roles/openshift_management/tasks/storage/storage.yml index d8bf7aa3e..a3675b29b 100644 --- a/roles/openshift_management/tasks/storage/storage.yml +++ b/roles/openshift_management/tasks/storage/storage.yml @@ -1,3 +1,3 @@ --- -- include: nfs.yml +- include_tasks: nfs.yml when: not (openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce')) diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index 359536202..557bfe022 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -1,24 +1,22 @@ --- - name: restart master api systemd: - name: "{{ openshift.common.service_type }}-master-api" + name: "{{ openshift_service_type }}-master-api" state: restarted when: - not (master_api_service_status_changed | default(false) | bool) - - openshift.master.cluster_method == 'native' notify: - Verify API Server # We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + command: "systemctl restart {{ openshift_service_type }}-master-controllers" retries: 3 delay: 5 register: result until: result.rc == 0 when: - not (master_controllers_service_status_changed | default(false) | bool) - - openshift.master.cluster_method == 'native' - name: Verify API Server # Using curl here since the uri module requires python-httplib2 and diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index a1cda2ad4..bf0cbbf18 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -15,3 +15,4 @@ dependencies: - role: lib_openshift - role: lib_utils - role: lib_os_firewall +- role: openshift_facts diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index e52cd6231..9be5508aa 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -11,31 +11,12 @@ - openshift_master_oauth_grant_method is defined - openshift_master_oauth_grant_method not in openshift_master_valid_grant_methods -# HA Variable Validation -- fail: - msg: "openshift_master_cluster_method must be set to either 'native' or 'pacemaker' for multi-master installations" - when: - - openshift.master.ha | bool - - (openshift.master.cluster_method is not defined) or (openshift.master.cluster_method is defined and openshift.master.cluster_method not in ["native", "pacemaker"]) -- fail: - msg: "openshift_master_cluster_password must be set for multi-master installations" - when: - - openshift.master.ha | bool - - openshift.master.cluster_method == "pacemaker" - - openshift_master_cluster_password is not defined or not openshift_master_cluster_password -- fail: - msg: "Pacemaker based HA is not supported at this time when used with containerized installs" - when: - - openshift.master.ha | bool - - openshift.master.cluster_method == "pacemaker" - - openshift.common.is_containerized | bool - - name: Open up firewall ports import_tasks: firewall.yml - name: Install Master package package: - name: "{{ openshift.common.service_type }}-master{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift_service_type }}-master{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" state: present when: - not openshift.common.is_containerized | bool @@ -160,7 +141,7 @@ # The template file will stomp any other settings made. - block: - name: check whether our docker-registry setting exists in the env file - command: "awk '/^OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000/' /etc/sysconfig/{{ openshift.common.service_type }}-master" + command: "awk '/^OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000/' /etc/sysconfig/{{ openshift_service_type }}-master" failed_when: false changed_when: false register: l_already_set @@ -222,11 +203,10 @@ - name: Start and enable master api on first master systemd: - name: "{{ openshift.common.service_type }}-master-api" + name: "{{ openshift_service_type }}-master-api" enabled: yes state: started when: - - openshift.master.cluster_method == 'native' - inventory_hostname == openshift_master_hosts[0] register: l_start_result until: not l_start_result | failed @@ -234,29 +214,26 @@ delay: 60 - name: Dump logs from master-api if it failed - command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-master-api + command: journalctl --no-pager -n 100 -u {{ openshift_service_type }}-master-api when: - l_start_result | failed - set_fact: master_api_service_status_changed: "{{ l_start_result | changed }}" when: - - openshift.master.cluster_method == 'native' - inventory_hostname == openshift_master_hosts[0] - pause: seconds: 15 when: - openshift.master.ha | bool - - openshift.master.cluster_method == 'native' - name: Start and enable master api all masters systemd: - name: "{{ openshift.common.service_type }}-master-api" + name: "{{ openshift_service_type }}-master-api" enabled: yes state: started when: - - openshift.master.cluster_method == 'native' - inventory_hostname != openshift_master_hosts[0] register: l_start_result until: not l_start_result | failed @@ -264,67 +241,39 @@ delay: 60 - name: Dump logs from master-api if it failed - command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-master-api + command: journalctl --no-pager -n 100 -u {{ openshift_service_type }}-master-api when: - l_start_result | failed - set_fact: master_api_service_status_changed: "{{ l_start_result | changed }}" when: - - openshift.master.cluster_method == 'native' - inventory_hostname != openshift_master_hosts[0] # A separate wait is required here for native HA since notifies will # be resolved after all tasks in the role. - include_tasks: check_master_api_is_ready.yml when: - - openshift.master.cluster_method == 'native' - master_api_service_status_changed | bool - name: Start and enable master controller service systemd: - name: "{{ openshift.common.service_type }}-master-controllers" + name: "{{ openshift_service_type }}-master-controllers" enabled: yes state: started - when: - - openshift.master.cluster_method == 'native' register: l_start_result until: not l_start_result | failed retries: 1 delay: 60 - name: Dump logs from master-controllers if it failed - command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-master-controllers + command: journalctl --no-pager -n 100 -u {{ openshift_service_type }}-master-controllers when: - l_start_result | failed - name: Set fact master_controllers_service_status_changed set_fact: master_controllers_service_status_changed: "{{ l_start_result | changed }}" - when: - - openshift.master.cluster_method == 'native' - -- name: Install cluster packages - package: name=pcs state=present - when: - - openshift.master.cluster_method == 'pacemaker' - - not openshift.common.is_containerized | bool - register: l_install_result - until: l_install_result | success - -- name: Start and enable cluster service - systemd: - name: pcsd - enabled: yes - state: started - when: - - openshift.master.cluster_method == 'pacemaker' - - not openshift.common.is_containerized | bool - -- name: Set the cluster user password - shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster - when: - - l_install_result | changed - name: node bootstrap settings include_tasks: bootstrap.yml diff --git a/roles/openshift_master/tasks/registry_auth.yml b/roles/openshift_master/tasks/registry_auth.yml index c95f562d0..8b342a5b4 100644 --- a/roles/openshift_master/tasks/registry_auth.yml +++ b/roles/openshift_master/tasks/registry_auth.yml @@ -32,8 +32,8 @@ when: - openshift_docker_alternative_creds | default(False) | bool - oreg_auth_user is defined - - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool - register: master_oreg_auth_credentials_create + - (not master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + register: master_oreg_auth_credentials_create_alt notify: - restart master api - restart master controllers @@ -45,4 +45,8 @@ when: - openshift.common.is_containerized | bool - oreg_auth_user is defined - - (master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace or master_oreg_auth_credentials_create.changed) | bool + - > + (master_oreg_auth_credentials_stat.stat.exists + or oreg_auth_credentials_replace + or master_oreg_auth_credentials_create.changed + or master_oreg_auth_credentials_create_alt.changed) | bool diff --git a/roles/openshift_master/tasks/restart.yml b/roles/openshift_master/tasks/restart.yml index 4f8b758fd..715347101 100644 --- a/roles/openshift_master/tasks/restart.yml +++ b/roles/openshift_master/tasks/restart.yml @@ -1,7 +1,7 @@ --- - name: Restart master API service: - name: "{{ openshift.common.service_type }}-master-api" + name: "{{ openshift_service_type }}-master-api" state: restarted when: openshift_master_ha | bool - name: Wait for master API to come back online @@ -14,7 +14,7 @@ when: openshift_master_ha | bool - name: Restart master controllers service: - name: "{{ openshift.common.service_type }}-master-controllers" + name: "{{ openshift_service_type }}-master-controllers" state: restarted # Ignore errrors since it is possible that type != simple for # pre-3.1.1 installations. diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml index 23386f11b..f6c5ce0dd 100644 --- a/roles/openshift_master/tasks/system_container.yml +++ b/roles/openshift_master/tasks/system_container.yml @@ -1,8 +1,4 @@ --- -- name: Ensure proxies are in the atomic.conf - include_role: - name: openshift_atomic - tasks_from: proxy - name: Pre-pull master system container image command: > @@ -12,12 +8,12 @@ - name: Check Master system container package command: > - atomic containers list --no-trunc -a -f container={{ openshift.common.service_type }}-master + atomic containers list --no-trunc -a -f container={{ openshift_service_type }}-master # HA - name: Install or Update HA api master system container oc_atomic_container: - name: "{{ openshift.common.service_type }}-master-api" + name: "{{ openshift_service_type }}-master-api" image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}" state: latest values: @@ -25,7 +21,7 @@ - name: Install or Update HA controller master system container oc_atomic_container: - name: "{{ openshift.common.service_type }}-master-controllers" + name: "{{ openshift_service_type }}-master-controllers" image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}" state: latest values: diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index 9d11ed574..76b6f46aa 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -13,7 +13,7 @@ - name: Disable the legacy master service if it exists systemd: - name: "{{ openshift.common.service_type }}-master" + name: "{{ openshift_service_type }}-master" state: stopped enabled: no masked: yes @@ -21,11 +21,10 @@ - name: Remove the legacy master service if it exists file: - path: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master.service" + path: "{{ containerized_svc_dir }}/{{ openshift_service_type }}-master.service" state: absent ignore_errors: true when: - - openshift.master.cluster_method == "native" - not l_is_master_system_container | bool # This is the image used for both HA and non-HA clusters: @@ -41,9 +40,8 @@ - name: Create the ha systemd unit files template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-{{ item }}.service.j2" - dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master-{{ item }}.service" + dest: "{{ containerized_svc_dir }}/{{ openshift_service_type }}-master-{{ item }}.service" when: - - openshift.master.cluster_method == "native" - not l_is_master_system_container | bool with_items: - api @@ -57,106 +55,89 @@ - name: enable master services systemd: - name: "{{ openshift.common.service_type }}-master-{{ item }}" + name: "{{ openshift_service_type }}-master-{{ item }}" enabled: yes with_items: - api - controllers when: - - openshift.master.cluster_method == "native" - not l_is_master_system_container | bool - name: Preserve Master API Proxy Config options - command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api + command: grep PROXY /etc/sysconfig/{{ openshift_service_type }}-master-api register: l_master_api_proxy - when: - - openshift.master.cluster_method == "native" failed_when: false changed_when: false - name: Preserve Master API AWS options - command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-api + command: grep AWS_ /etc/sysconfig/{{ openshift_service_type }}-master-api register: master_api_aws - when: - - openshift.master.cluster_method == "native" failed_when: false changed_when: false - name: Create the master api service env file template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2" - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api + dest: /etc/sysconfig/{{ openshift_service_type }}-master-api backup: true - when: - - openshift.master.cluster_method == "native" notify: - restart master api - name: Restore Master API Proxy Config Options when: - - openshift.master.cluster_method == "native" - l_master_api_proxy.rc == 0 - "'http_proxy' not in openshift.common" - "'https_proxy' not in openshift.common" lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api + dest: /etc/sysconfig/{{ openshift_service_type }}-master-api line: "{{ item }}" with_items: "{{ l_master_api_proxy.stdout_lines | default([]) }}" - name: Restore Master API AWS Options when: - - openshift.master.cluster_method == "native" - master_api_aws.rc == 0 - not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api + dest: /etc/sysconfig/{{ openshift_service_type }}-master-api line: "{{ item }}" with_items: "{{ master_api_aws.stdout_lines | default([]) }}" no_log: True - name: Preserve Master Controllers Proxy Config options - command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + command: grep PROXY /etc/sysconfig/{{ openshift_service_type }}-master-controllers register: master_controllers_proxy - when: - - openshift.master.cluster_method == "native" failed_when: false changed_when: false - name: Preserve Master Controllers AWS options - command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + command: grep AWS_ /etc/sysconfig/{{ openshift_service_type }}-master-controllers register: master_controllers_aws - when: - - openshift.master.cluster_method == "native" failed_when: false changed_when: false - name: Create the master controllers service env file template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2" - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + dest: /etc/sysconfig/{{ openshift_service_type }}-master-controllers backup: true - when: - - openshift.master.cluster_method == "native" notify: - restart master controllers - name: Restore Master Controllers Proxy Config Options lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + dest: /etc/sysconfig/{{ openshift_service_type }}-master-controllers line: "{{ item }}" with_items: "{{ master_controllers_proxy.stdout_lines | default([]) }}" when: - - openshift.master.cluster_method == "native" - master_controllers_proxy.rc == 0 - "'http_proxy' not in openshift.common" - "'https_proxy' not in openshift.common" - name: Restore Master Controllers AWS Options lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + dest: /etc/sysconfig/{{ openshift_service_type }}-master-controllers line: "{{ item }}" with_items: "{{ master_controllers_aws.stdout_lines | default([]) }}" when: - - openshift.master.cluster_method == "native" - master_controllers_aws.rc == 0 - not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) diff --git a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml index caab3045a..f50b91ff5 100644 --- a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml +++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml @@ -12,11 +12,11 @@ package: name={{ master_pkgs | join(',') }} state=present vars: master_pkgs: - - "{{ openshift.common.service_type }}{{ openshift_pkg_version }}" - - "{{ openshift.common.service_type }}-master{{ openshift_pkg_version }}" - - "{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" - - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}" - - "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}" - - "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" + - "{{ openshift_service_type }}{{ openshift_pkg_version }}" + - "{{ openshift_service_type }}-master{{ openshift_pkg_version }}" + - "{{ openshift_service_type }}-node{{ openshift_pkg_version }}" + - "{{ openshift_service_type }}-sdn-ovs{{ openshift_pkg_version }}" + - "{{ openshift_service_type }}-clients{{ openshift_pkg_version }}" + - "tuned-profiles-{{ openshift_service_type }}-node{{ openshift_pkg_version }}" register: result until: result | success diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 index cec3d3fb1..5e46d9121 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 @@ -3,18 +3,18 @@ Description=Atomic OpenShift Master API Documentation=https://github.com/openshift/origin After=etcd_container.service Wants=etcd_container.service -Before={{ openshift.common.service_type }}-node.service +Before={{ openshift_service_type }}-node.service After={{ openshift_docker_service_name }}.service PartOf={{ openshift_docker_service_name }}.service Requires={{ openshift_docker_service_name }}.service [Service] -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api +EnvironmentFile=/etc/sysconfig/{{ openshift_service_type }}-master-api Environment=GOTRACEBACK=crash -ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api +ExecStartPre=-/usr/bin/docker rm -f {{ openshift_service_type}}-master-api ExecStart=/usr/bin/docker run --rm --privileged --net=host \ - --name {{ openshift.common.service_type }}-master-api \ - --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api \ + --name {{ openshift_service_type }}-master-api \ + --env-file=/etc/sysconfig/{{ openshift_service_type }}-master-api \ -v {{ r_openshift_master_data_dir }}:{{ r_openshift_master_data_dir }} \ -v /var/log:/var/log -v /var/run/docker.sock:/var/run/docker.sock \ -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} \ @@ -24,14 +24,14 @@ ExecStart=/usr/bin/docker run --rm --privileged --net=host \ {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api \ --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 -ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api +ExecStop=/usr/bin/docker stop {{ openshift_service_type }}-master-api LimitNOFILE=131072 LimitCORE=infinity WorkingDirectory={{ r_openshift_master_data_dir }} -SyslogIdentifier={{ openshift.common.service_type }}-master-api +SyslogIdentifier={{ openshift_service_type }}-master-api Restart=always RestartSec=5s [Install] WantedBy={{ openshift_docker_service_name }}.service -WantedBy={{ openshift.common.service_type }}-node.service +WantedBy={{ openshift_service_type }}-node.service diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 index a0248151d..899575f1a 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 @@ -1,19 +1,19 @@ [Unit] Description=Atomic OpenShift Master Controllers Documentation=https://github.com/openshift/origin -Wants={{ openshift.common.service_type }}-master-api.service -After={{ openshift.common.service_type }}-master-api.service +Wants={{ openshift_service_type }}-master-api.service +After={{ openshift_service_type }}-master-api.service After={{ openshift_docker_service_name }}.service Requires={{ openshift_docker_service_name }}.service PartOf={{ openshift_docker_service_name }}.service [Service] -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers +EnvironmentFile=/etc/sysconfig/{{ openshift_service_type }}-master-controllers Environment=GOTRACEBACK=crash -ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers +ExecStartPre=-/usr/bin/docker rm -f {{ openshift_service_type}}-master-controllers ExecStart=/usr/bin/docker run --rm --privileged --net=host \ - --name {{ openshift.common.service_type }}-master-controllers \ - --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers \ + --name {{ openshift_service_type }}-master-controllers \ + --env-file=/etc/sysconfig/{{ openshift_service_type }}-master-controllers \ -v {{ r_openshift_master_data_dir }}:{{ r_openshift_master_data_dir }} \ -v /var/run/docker.sock:/var/run/docker.sock \ -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} \ @@ -23,11 +23,11 @@ ExecStart=/usr/bin/docker run --rm --privileged --net=host \ {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers \ --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 -ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers +ExecStop=/usr/bin/docker stop {{ openshift_service_type }}-master-controllers LimitNOFILE=131072 LimitCORE=infinity WorkingDirectory={{ r_openshift_master_data_dir }} -SyslogIdentifier={{ openshift.common.service_type }}-master-controllers +SyslogIdentifier={{ openshift_service_type }}-master-controllers Restart=always RestartSec=5s diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index a0f00e545..92668b227 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -120,7 +120,7 @@ kubernetesMasterConfig: - application/vnd.kubernetes.protobuf {% endif %} controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }} - masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }} + masterCount: {{ openshift.master.master_count }} masterIP: {{ openshift.common.ip }} podEvictionTimeout: {{ openshift.master.pod_eviction_timeout | default("") }} proxyClientInfo: @@ -204,7 +204,7 @@ projectConfig: mcsLabelsPerProject: {{ osm_mcs_labels_per_project }} uidAllocatorRange: "{{ osm_uid_allocator_range }}" routingConfig: - subdomain: "{{ openshift_master_default_subdomain | default("") }}" + subdomain: "{{ openshift_master_default_subdomain }}" serviceAccountConfig: limitSecretReferences: {{ openshift_master_saconfig_limitsecretreferences | default(false) }} managedNames: diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 index 02bfd6f62..ed8a47df8 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 @@ -3,12 +3,12 @@ Description=Atomic OpenShift Master API Documentation=https://github.com/openshift/origin After=network-online.target After=etcd.service -Before={{ openshift.common.service_type }}-node.service +Before={{ openshift_service_type }}-node.service Requires=network-online.target [Service] Type=notify -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api +EnvironmentFile=/etc/sysconfig/{{ openshift_service_type }}-master-api Environment=GOTRACEBACK=crash ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS LimitNOFILE=131072 @@ -20,4 +20,4 @@ RestartSec=5s [Install] WantedBy=multi-user.target -WantedBy={{ openshift.common.service_type }}-node.service +WantedBy={{ openshift_service_type }}-node.service diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 index fae021845..b36963f73 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 @@ -2,19 +2,19 @@ Description=Atomic OpenShift Master Controllers Documentation=https://github.com/openshift/origin After=network-online.target -After={{ openshift.common.service_type }}-master-api.service -Wants={{ openshift.common.service_type }}-master-api.service +After={{ openshift_service_type }}-master-api.service +Wants={{ openshift_service_type }}-master-api.service Requires=network-online.target [Service] Type=notify -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers +EnvironmentFile=/etc/sysconfig/{{ openshift_service_type }}-master-controllers Environment=GOTRACEBACK=crash ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS LimitNOFILE=131072 LimitCORE=infinity WorkingDirectory={{ r_openshift_master_data_dir }} -SyslogIdentifier={{ openshift.common.service_type }}-master-controllers +SyslogIdentifier={{ openshift_service_type }}-master-controllers Restart=always RestartSec=5s diff --git a/roles/openshift_master_cluster/README.md b/roles/openshift_master_cluster/README.md deleted file mode 100644 index 58dd19ac3..000000000 --- a/roles/openshift_master_cluster/README.md +++ /dev/null @@ -1,34 +0,0 @@ -OpenShift Master Cluster -======================== - -TODO - -Requirements ------------- - -* Ansible 2.2 - -Role Variables --------------- - -TODO - -Dependencies ------------- - -TODO - -Example Playbook ----------------- - -TODO - -License -------- - -Apache License Version 2.0 - -Author Information ------------------- - -Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_master_cluster/meta/main.yml b/roles/openshift_master_cluster/meta/main.yml deleted file mode 100644 index c452b165e..000000000 --- a/roles/openshift_master_cluster/meta/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -galaxy_info: - author: Jason DeTiberus - description: - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 2.2 - platforms: - - name: EL - versions: - - 7 - categories: - - cloud - - system -dependencies: [] diff --git a/roles/openshift_master_cluster/tasks/configure.yml b/roles/openshift_master_cluster/tasks/configure.yml deleted file mode 100644 index 1b94598dd..000000000 --- a/roles/openshift_master_cluster/tasks/configure.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- fail: - msg: This role requires that openshift_master_cluster_vip is set - when: openshift_master_cluster_vip is not defined or not openshift_master_cluster_vip -- fail: - msg: This role requires that openshift_master_cluster_public_vip is set - when: openshift_master_cluster_public_vip is not defined or not openshift_master_cluster_public_vip - -- name: Authenticate to the cluster - command: pcs cluster auth -u hacluster -p {{ openshift_master_cluster_password }} {{ omc_cluster_hosts }} - -- name: Create the cluster - command: pcs cluster setup --name openshift_master {{ omc_cluster_hosts }} - -- name: Start the cluster - command: pcs cluster start --all - -- name: Enable the cluster on all nodes - command: pcs cluster enable --all - -- name: Set default resource stickiness - command: pcs resource defaults resource-stickiness=100 - -- name: Add the cluster VIP resource - command: pcs resource create virtual-ip IPaddr2 ip={{ openshift_master_cluster_vip }} --group {{ openshift.common.service_type }}-master - -- name: Add the cluster public VIP resource - command: pcs resource create virtual-ip IPaddr2 ip={{ openshift_master_cluster_public_vip }} --group {{ openshift.common.service_type }}-master - when: openshift_master_cluster_public_vip != openshift_master_cluster_vip - -- name: Add the cluster master service resource - command: pcs resource create master systemd:{{ openshift.common.service_type }}-master op start timeout=90s stop timeout=90s --group {{ openshift.common.service_type }}-master - -- name: Disable stonith - command: pcs property set stonith-enabled=false - -- name: Wait for the clustered master service to be available - wait_for: - host: "{{ openshift_master_cluster_vip }}" - port: "{{ openshift.master.api_port }}" - state: started - timeout: 180 - delay: 90 diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml deleted file mode 100644 index 41bfc72cb..000000000 --- a/roles/openshift_master_cluster/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- fail: - msg: "Not possible on atomic hosts for now" - when: openshift.common.is_containerized | bool - -- name: Test if cluster is already configured - command: pcs status - register: pcs_status - changed_when: false - failed_when: false - when: openshift.master.cluster_method == "pacemaker" - -- include_tasks: configure.yml - when: "pcs_status | failed and 'Error: cluster is not currently running on this node' in pcs_status.stderr" diff --git a/roles/openshift_master_facts/defaults/main.yml b/roles/openshift_master_facts/defaults/main.yml index d0dcdae4b..a89f48afa 100644 --- a/roles/openshift_master_facts/defaults/main.yml +++ b/roles/openshift_master_facts/defaults/main.yml @@ -1,5 +1,4 @@ --- -openshift_master_default_subdomain: "router.default.svc.cluster.local" openshift_master_admission_plugin_config: openshift.io/ImagePolicy: configuration: diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py index c827f2d26..ff15f693b 100644 --- a/roles/openshift_master_facts/filter_plugins/openshift_master.py +++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py @@ -485,31 +485,6 @@ class FilterModule(object): Dumper=AnsibleDumper)) @staticmethod - def validate_pcs_cluster(data, masters=None): - ''' Validates output from "pcs status", ensuring that each master - provided is online. - Ex: data = ('...', - 'PCSD Status:', - 'master1.example.com: Online', - 'master2.example.com: Online', - 'master3.example.com: Online', - '...') - masters = ['master1.example.com', - 'master2.example.com', - 'master3.example.com'] - returns True - ''' - if not issubclass(type(data), string_types): - raise errors.AnsibleFilterError("|failed expects data is a string or unicode") - if not issubclass(type(masters), list): - raise errors.AnsibleFilterError("|failed expects masters is a list") - valid = True - for master in masters: - if "{0}: Online".format(master) not in data: - valid = False - return valid - - @staticmethod def certificates_to_synchronize(hostvars, include_keys=True, include_ca=True): ''' Return certificates to synchronize based on facts. ''' if not issubclass(type(hostvars), dict): @@ -553,6 +528,5 @@ class FilterModule(object): def filters(self): ''' returns a mapping of filters to methods ''' return {"translate_idps": self.translate_idps, - "validate_pcs_cluster": self.validate_pcs_cluster, "certificates_to_synchronize": self.certificates_to_synchronize, "oo_htpasswd_users_from_file": self.oo_htpasswd_users_from_file} diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 20cc5358e..0cb87dcaa 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -1,14 +1,8 @@ --- -# Ensure the default sub-domain is set: -- name: Migrate legacy osm_default_subdomain fact - set_fact: - openshift_master_default_subdomain: "{{ osm_default_subdomain | default(None) }}" - when: openshift_master_default_subdomain is not defined - - name: Verify required variables are set fail: msg: openshift_master_default_subdomain must be set to deploy metrics - when: openshift_hosted_metrics_deploy | default(false) | bool and openshift_master_default_subdomain | default("") == "" + when: openshift_hosted_metrics_deploy | default(false) | bool and openshift_master_default_subdomain == "" # NOTE: These metrics variables are unfortunately needed by both the master and the metrics roles # to properly configure the master-config.yaml file. @@ -20,7 +14,7 @@ - name: Set g_metrics_hostname set_fact: g_metrics_hostname: "{{ openshift_hosted_metrics_public_url - | default('hawkular-metrics.' ~ (openshift_master_default_subdomain)) + | default('hawkular-metrics.' ~ openshift_master_default_subdomain) | oo_hostname_from_url }}" - set_fact: @@ -31,7 +25,6 @@ openshift_facts: role: master local_facts: - cluster_method: "{{ openshift_master_cluster_method | default('native') }}" cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" api_port: "{{ openshift_master_api_port | default(None) }}" diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml index 074b72942..1f4b5a116 100644 --- a/roles/openshift_metrics/handlers/main.yml +++ b/roles/openshift_metrics/handlers/main.yml @@ -1,17 +1,17 @@ --- - name: restart master api - systemd: name={{ openshift.common.service_type }}-master-api state=restarted - when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + systemd: name={{ openshift_service_type }}-master-api state=restarted + when: (not (master_api_service_status_changed | default(false) | bool)) notify: Verify API Server # We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + command: "systemctl restart {{ openshift_service_type }}-master-controllers" retries: 3 delay: 5 register: result until: result.rc == 0 - when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + when: (not (master_controllers_service_status_changed | default(false) | bool)) - name: Verify API Server # Using curl here since the uri module requires python-httplib2 and diff --git a/roles/openshift_nfs/tasks/setup.yml b/roles/openshift_nfs/tasks/setup.yml index edb854467..1aa7e7079 100644 --- a/roles/openshift_nfs/tasks/setup.yml +++ b/roles/openshift_nfs/tasks/setup.yml @@ -1,7 +1,6 @@ --- - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml - name: Install nfs-utils package: name=nfs-utils state=present diff --git a/roles/openshift_node/README.md b/roles/openshift_node/README.md index 67f697924..87ceb8103 100644 --- a/roles/openshift_node/README.md +++ b/roles/openshift_node/README.md @@ -33,9 +33,9 @@ Notes Currently we support re-labeling nodes but we don't re-schedule running pods nor remove existing labels. That means you will have to trigger the re-schedulling manually. To re-schedule your pods, just follow the steps below: ``` -oadm manage-node --schedulable=false ${NODE} -oadm manage-node --drain ${NODE} -oadm manage-node --schedulable=true ${NODE} +oc adm manage-node --schedulable=false ${NODE} +oc adm manage-node --drain ${NODE} +oc adm manage-node --schedulable=true ${NODE} ```` > If you are using version less than 1.5/3.5 you must replace `--drain` with `--evacuate`. diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index f3867fe4a..fff927944 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -14,7 +14,11 @@ r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) } l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" openshift_deployment_type: "{{ openshift_deployment_type | default('origin') }}" -openshift_service_type: "{{ 'origin' if openshift_deployment_type == 'origin' else 'atomic-openshift' }}" +openshift_service_type_dict: + origin: origin + openshift-enterprise: atomic-openshift + +openshift_service_type: "{{ openshift_service_type_dict[openshift_deployment_type] }}" system_images_registry_dict: openshift-enterprise: "registry.access.redhat.com" diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 229c6bbed..170a3dc6e 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -34,7 +34,7 @@ - name: restart node systemd: - name: "{{ openshift.common.service_type }}-node" + name: "{{ openshift_service_type }}-node" state: restarted register: l_openshift_node_restart_node_result until: not l_openshift_node_restart_node_result | failed diff --git a/roles/openshift_node/tasks/aws.yml b/roles/openshift_node/tasks/aws.yml index 38c2b794d..a7f1fc116 100644 --- a/roles/openshift_node/tasks/aws.yml +++ b/roles/openshift_node/tasks/aws.yml @@ -1,7 +1,7 @@ --- - name: Configure AWS Cloud Provider Settings lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + dest: /etc/sysconfig/{{ openshift_service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" create: true diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml index 741a2234f..e5c80bd09 100644 --- a/roles/openshift_node/tasks/config.yml +++ b/roles/openshift_node/tasks/config.yml @@ -38,7 +38,7 @@ - name: Configure Node Environment Variables lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + dest: /etc/sysconfig/{{ openshift_service_type }}-node regexp: "^{{ item.key }}=" line: "{{ item.key }}={{ item.value }}" create: true @@ -76,7 +76,7 @@ - name: Start and enable node dep systemd: daemon_reload: yes - name: "{{ openshift.common.service_type }}-node-dep" + name: "{{ openshift_service_type }}-node-dep" enabled: yes state: started @@ -84,7 +84,7 @@ block: - name: Start and enable node systemd: - name: "{{ openshift.common.service_type }}-node" + name: "{{ openshift_service_type }}-node" enabled: yes state: started daemon_reload: yes @@ -95,7 +95,7 @@ ignore_errors: true - name: Dump logs from node service if it failed - command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-node + command: journalctl --no-pager -n 100 -u {{ openshift_service_type }}-node when: node_start_result | failed - name: Abort if node failed to start diff --git a/roles/openshift_node/tasks/config/configure-node-settings.yml b/roles/openshift_node/tasks/config/configure-node-settings.yml index 527580481..ebc1426d3 100644 --- a/roles/openshift_node/tasks/config/configure-node-settings.yml +++ b/roles/openshift_node/tasks/config/configure-node-settings.yml @@ -1,7 +1,7 @@ --- - name: Configure Node settings lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + dest: /etc/sysconfig/{{ openshift_service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" create: true diff --git a/roles/openshift_node/tasks/config/configure-proxy-settings.yml b/roles/openshift_node/tasks/config/configure-proxy-settings.yml index d60794305..7ddd319d2 100644 --- a/roles/openshift_node/tasks/config/configure-proxy-settings.yml +++ b/roles/openshift_node/tasks/config/configure-proxy-settings.yml @@ -1,7 +1,7 @@ --- - name: Configure Proxy Settings lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + dest: /etc/sysconfig/{{ openshift_service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" create: true diff --git a/roles/openshift_node/tasks/config/install-node-deps-docker-service-file.yml b/roles/openshift_node/tasks/config/install-node-deps-docker-service-file.yml index ee91a88ab..9f1145d12 100644 --- a/roles/openshift_node/tasks/config/install-node-deps-docker-service-file.yml +++ b/roles/openshift_node/tasks/config/install-node-deps-docker-service-file.yml @@ -1,7 +1,7 @@ --- - name: Install Node dependencies docker service file template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node-dep.service" + dest: "/etc/systemd/system/{{ openshift_service_type }}-node-dep.service" src: openshift.docker.node.dep.service notify: - reload systemd units diff --git a/roles/openshift_node/tasks/config/install-node-docker-service-file.yml b/roles/openshift_node/tasks/config/install-node-docker-service-file.yml index f92ff79b5..649fc5f6b 100644 --- a/roles/openshift_node/tasks/config/install-node-docker-service-file.yml +++ b/roles/openshift_node/tasks/config/install-node-docker-service-file.yml @@ -1,7 +1,7 @@ --- - name: Install Node docker service file template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" + dest: "/etc/systemd/system/{{ openshift_service_type }}-node.service" src: openshift.docker.node.service notify: - reload systemd units diff --git a/roles/openshift_node/tasks/docker/upgrade.yml b/roles/openshift_node/tasks/docker/upgrade.yml index d743d2188..c13a6cf6c 100644 --- a/roles/openshift_node/tasks/docker/upgrade.yml +++ b/roles/openshift_node/tasks/docker/upgrade.yml @@ -1,6 +1,6 @@ --- # input variables: -# - openshift.common.service_type +# - openshift_service_type # - openshift.common.is_containerized # - docker_upgrade_nuke_images # - docker_version diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml index 1ed4a05c1..f93aed246 100644 --- a/roles/openshift_node/tasks/install.yml +++ b/roles/openshift_node/tasks/install.yml @@ -3,14 +3,14 @@ block: - name: Install Node package package: - name: "{{ openshift.common.service_type }}-node{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift_service_type }}-node{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" state: present register: result until: result | success - name: Install sdn-ovs package package: - name: "{{ openshift.common.service_type }}-sdn-ovs{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift_service_type }}-sdn-ovs{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" state: present when: - openshift_node_use_openshift_sdn | bool diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e60d96760..32c5f495f 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -6,7 +6,7 @@ - deployment_type == 'openshift-enterprise' - not openshift_use_crio -- include: dnsmasq.yml +- include_tasks: dnsmasq.yml - name: setup firewall import_tasks: firewall.yml @@ -50,6 +50,8 @@ enabled: yes state: restarted when: openshift_use_crio + register: task_result + failed_when: task_result|failed and 'could not find the requested service' not in task_result.msg|lower - name: restart NetworkManager to ensure resolv.conf is present systemd: diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml index eb8d9a6a5..98978ec6f 100644 --- a/roles/openshift_node/tasks/node_system_container.yml +++ b/roles/openshift_node/tasks/node_system_container.yml @@ -1,8 +1,4 @@ --- -- name: Ensure proxies are in the atomic.conf - include_role: - name: openshift_atomic - tasks_from: proxy - name: Pre-pull node system container image command: > @@ -12,10 +8,10 @@ - name: Install or Update node system container oc_atomic_container: - name: "{{ openshift.common.service_type }}-node" + name: "{{ openshift_service_type }}-node" image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}" values: - "DNS_DOMAIN={{ openshift.common.dns_domain }}" - "DOCKER_SERVICE={{ openshift_docker_service_name }}.service" - - "MASTER_SERVICE={{ openshift.common.service_type }}.service" + - "MASTER_SERVICE={{ openshift_service_type }}.service" state: latest diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml index d33e172c1..b61bc84c1 100644 --- a/roles/openshift_node/tasks/openvswitch_system_container.yml +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -7,11 +7,6 @@ l_service_name: "{{ openshift_docker_service_name }}" when: not openshift_use_crio -- name: Ensure proxies are in the atomic.conf - include_role: - name: openshift_atomic - tasks_from: proxy - - name: Pre-pull OpenVSwitch system container image command: > atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} diff --git a/roles/openshift_node/tasks/registry_auth.yml b/roles/openshift_node/tasks/registry_auth.yml index f5428867a..ab43ec049 100644 --- a/roles/openshift_node/tasks/registry_auth.yml +++ b/roles/openshift_node/tasks/registry_auth.yml @@ -32,7 +32,7 @@ - openshift_docker_alternative_creds | bool - oreg_auth_user is defined - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool - register: node_oreg_auth_credentials_create + register: node_oreg_auth_credentials_create_alt notify: - restart node @@ -43,4 +43,8 @@ when: - openshift.common.is_containerized | bool - oreg_auth_user is defined - - (node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace or node_oreg_auth_credentials_create.changed) | bool + - > + (node_oreg_auth_credentials_stat.stat.exists + or oreg_auth_credentials_replace + or node_oreg_auth_credentials_create.changed + or node_oreg_auth_credentials_create_alt.changed) | bool diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 397e1ba18..c532147b1 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -1,7 +1,7 @@ --- - name: Install Node service file template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" + dest: "/etc/systemd/system/{{ openshift_service_type }}-node.service" src: "{{ openshift.common.is_containerized | bool | ternary('openshift.docker.node.service', 'node.service.j2') }}" when: not l_is_node_system_container | bool notify: diff --git a/roles/openshift_node/tasks/upgrade.yml b/roles/openshift_node/tasks/upgrade.yml index 561b56918..9f333645a 100644 --- a/roles/openshift_node/tasks/upgrade.yml +++ b/roles/openshift_node/tasks/upgrade.yml @@ -17,7 +17,7 @@ name: "{{ item }}" state: stopped with_items: - - "{{ openshift.common.service_type }}-node" + - "{{ openshift_service_type }}-node" - openvswitch failed_when: false @@ -26,8 +26,8 @@ name: "{{ item }}" state: stopped with_items: - - "{{ openshift.common.service_type }}-master-controllers" - - "{{ openshift.common.service_type }}-master-api" + - "{{ openshift_service_type }}-master-controllers" + - "{{ openshift_service_type }}-master-api" - etcd_container failed_when: false when: openshift.common.is_containerized | bool @@ -80,9 +80,9 @@ with_items: - etcd_container - openvswitch - - "{{ openshift.common.service_type }}-master-api" - - "{{ openshift.common.service_type }}-master-controllers" - - "{{ openshift.common.service_type }}-node" + - "{{ openshift_service_type }}-master-api" + - "{{ openshift_service_type }}-master-controllers" + - "{{ openshift_service_type }}-node" failed_when: false when: openshift.common.is_containerized | bool @@ -91,7 +91,7 @@ name: "{{ item }}" state: stopped with_items: - - "{{ openshift.common.service_type }}-node" + - "{{ openshift_service_type }}-node" - openvswitch failed_when: false when: not openshift.common.is_containerized | bool diff --git a/roles/openshift_node/tasks/upgrade/restart.yml b/roles/openshift_node/tasks/upgrade/restart.yml index 3f1abceab..65c301783 100644 --- a/roles/openshift_node/tasks/upgrade/restart.yml +++ b/roles/openshift_node/tasks/upgrade/restart.yml @@ -1,6 +1,6 @@ --- # input variables: -# - openshift.common.service_type +# - openshift_service_type # - openshift.common.is_containerized # - openshift.common.hostname # - openshift.master.api_port @@ -27,9 +27,9 @@ with_items: - etcd_container - openvswitch - - "{{ openshift.common.service_type }}-master-api" - - "{{ openshift.common.service_type }}-master-controllers" - - "{{ openshift.common.service_type }}-node" + - "{{ openshift_service_type }}-master-api" + - "{{ openshift_service_type }}-master-controllers" + - "{{ openshift_service_type }}-node" failed_when: false - name: Wait for master API to come back online diff --git a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml index fcbe1a598..120b93bc3 100644 --- a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml @@ -1,13 +1,13 @@ --- # input variables: -# - openshift.common.service_type +# - openshift_service_type # - component # - openshift_pkg_version # - openshift.common.is_atomic # We verified latest rpm available is suitable, so just yum update. - name: Upgrade packages - package: "name={{ openshift.common.service_type }}-{{ component }}{{ openshift_pkg_version }} state=present" + package: "name={{ openshift_service_type }}-{{ component }}{{ openshift_pkg_version }} state=present" register: result until: result | success @@ -19,7 +19,7 @@ - name: Install Node service file template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" + dest: "/etc/systemd/system/{{ openshift_service_type }}-node.service" src: "node.service.j2" register: l_node_unit diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service index 5964ac095..8b43beb07 100644 --- a/roles/openshift_node/templates/openshift.docker.node.dep.service +++ b/roles/openshift_node/templates/openshift.docker.node.dep.service @@ -1,11 +1,11 @@ [Unit] Requires={{ openshift_docker_service_name }}.service After={{ openshift_docker_service_name }}.service -PartOf={{ openshift.common.service_type }}-node.service -Before={{ openshift.common.service_type }}-node.service +PartOf={{ openshift_service_type }}-node.service +Before={{ openshift_service_type }}-node.service {% if openshift_use_crio %}Wants=cri-o.service{% endif %} [Service] -ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro --volume=/etc/containers/registries:/etc/containers/registries:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" +ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro --volume=/etc/containers/registries:/etc/containers/registries:ro\" > /etc/sysconfig/{{ openshift_service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift_service_type }}-node-dep; fi" ExecStop= -SyslogIdentifier={{ openshift.common.service_type }}-node-dep +SyslogIdentifier={{ openshift_service_type }}-node-dep diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index 3b33ca542..b174c7023 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -1,5 +1,5 @@ [Unit] -After={{ openshift.common.service_type }}-master.service +After={{ openshift_service_type }}-master.service After={{ openshift_docker_service_name }}.service After=openvswitch.service PartOf={{ openshift_docker_service_name }}.service @@ -10,20 +10,20 @@ PartOf=openvswitch.service After=ovsdb-server.service After=ovs-vswitchd.service {% endif %} -Wants={{ openshift.common.service_type }}-master.service -Requires={{ openshift.common.service_type }}-node-dep.service -After={{ openshift.common.service_type }}-node-dep.service +Wants={{ openshift_service_type }}-master.service +Requires={{ openshift_service_type }}-node-dep.service +After={{ openshift_service_type }}-node-dep.service Requires=dnsmasq.service After=dnsmasq.service [Service] -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep -ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node +EnvironmentFile=/etc/sysconfig/{{ openshift_service_type }}-node +EnvironmentFile=/etc/sysconfig/{{ openshift_service_type }}-node-dep +ExecStartPre=-/usr/bin/docker rm -f {{ openshift_service_type }}-node ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/ ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1 -ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node \ - --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node \ +ExecStart=/usr/bin/docker run --name {{ openshift_service_type }}-node \ + --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift_service_type }}-node \ -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} \ -e HOST=/rootfs -e HOST_ETC=/host-etc \ -v {{ openshift_node_data_dir }}:{{ openshift_node_data_dir }}:rslave \ @@ -40,10 +40,10 @@ ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node \ {% if l_bind_docker_reg_auth %} -v {{ oreg_auth_credentials_path }}:/root/.docker:ro{% endif %}\ {{ openshift.node.node_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 10 -ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node +ExecStop=/usr/bin/docker stop {{ openshift_service_type }}-node ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string: -SyslogIdentifier={{ openshift.common.service_type }}-node +SyslogIdentifier={{ openshift_service_type }}-node Restart=always RestartSec=5s diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml index e72e7a9df..929b76f54 100644 --- a/roles/openshift_openstack/defaults/main.yml +++ b/roles/openshift_openstack/defaults/main.yml @@ -7,7 +7,6 @@ openshift_openstack_lb_ingress_cidr: 0.0.0.0/0 openshift_openstack_num_etcd: 0 openshift_openstack_num_masters: 1 openshift_openstack_num_nodes: 1 -openshift_openstack_num_dns: 0 openshift_openstack_num_infra: 1 openshift_openstack_dns_nameservers: [] openshift_openstack_nodes_to_remove: [] @@ -44,7 +43,6 @@ openshift_openstack_container_storage_setup: # populate-dns openshift_openstack_dns_records_add: [] -openshift_openstack_external_nsupdate_keys: {} openshift_openstack_full_dns_domain: "{{ (openshift_openstack_clusterid|trim == '') | ternary(openshift_openstack_public_dns_domain, openshift_openstack_clusterid + '.' + openshift_openstack_public_dns_domain) }}" openshift_openstack_app_subdomain: "apps" @@ -59,20 +57,17 @@ openshift_openstack_infra_hostname: infra-node openshift_openstack_node_hostname: app-node openshift_openstack_lb_hostname: lb openshift_openstack_etcd_hostname: etcd -openshift_openstack_dns_hostname: dns openshift_openstack_keypair_name: openshift openshift_openstack_lb_flavor: "{{ openshift_openstack_default_flavor }}" openshift_openstack_etcd_flavor: "{{ openshift_openstack_default_flavor }}" openshift_openstack_master_flavor: "{{ openshift_openstack_default_flavor }}" openshift_openstack_node_flavor: "{{ openshift_openstack_default_flavor }}" openshift_openstack_infra_flavor: "{{ openshift_openstack_default_flavor }}" -openshift_openstack_dns_flavor: "{{ openshift_openstack_default_flavor }}" openshift_openstack_master_image: "{{ openshift_openstack_default_image_name }}" openshift_openstack_infra_image: "{{ openshift_openstack_default_image_name }}" openshift_openstack_node_image: "{{ openshift_openstack_default_image_name }}" openshift_openstack_lb_image: "{{ openshift_openstack_default_image_name }}" openshift_openstack_etcd_image: "{{ openshift_openstack_default_image_name }}" -openshift_openstack_dns_image: "{{ openshift_openstack_default_image_name }}" openshift_openstack_provider_network_name: null openshift_openstack_external_network_name: null openshift_openstack_private_network: >- @@ -88,6 +83,5 @@ openshift_openstack_master_volume_size: "{{ openshift_openstack_docker_volume_si openshift_openstack_infra_volume_size: "{{ openshift_openstack_docker_volume_size }}" openshift_openstack_node_volume_size: "{{ openshift_openstack_docker_volume_size }}" openshift_openstack_etcd_volume_size: 2 -openshift_openstack_dns_volume_size: 1 openshift_openstack_lb_volume_size: 5 openshift_openstack_ephemeral_volumes: false diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml index 57c7238d1..30996cc47 100644 --- a/roles/openshift_openstack/tasks/check-prerequisites.yml +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -32,10 +32,12 @@ command: python -c "import dns" ignore_errors: yes register: pythondns_result + when: openshift_openstack_external_nsupdate_keys is defined - name: Check if python-dns is installed assert: that: 'pythondns_result.rc == 0' msg: "Python module python-dns is not installed" + when: openshift_openstack_external_nsupdate_keys is defined # Check jinja2 - name: Try to import jinja2 module @@ -85,21 +87,19 @@ msg: "Keypair {{ openshift_openstack_keypair_name }} is not available" # Check that custom images are available -- include: custom_image_check.yaml +- include_tasks: custom_image_check.yaml with_items: - "{{ openshift_openstack_master_image }}" - "{{ openshift_openstack_infra_image }}" - "{{ openshift_openstack_node_image }}" - "{{ openshift_openstack_lb_image }}" - "{{ openshift_openstack_etcd_image }}" - - "{{ openshift_openstack_dns_image }}" # Check that custom flavors are available -- include: custom_flavor_check.yaml +- include_tasks: custom_flavor_check.yaml with_items: - "{{ openshift_openstack_master_flavor }}" - "{{ openshift_openstack_infra_flavor }}" - "{{ openshift_openstack_node_flavor }}" - "{{ openshift_openstack_lb_flavor }}" - "{{ openshift_openstack_etcd_flavor }}" - - "{{ openshift_openstack_dns_flavor }}" diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml deleted file mode 100644 index e1a18425f..000000000 --- a/roles/openshift_openstack/tasks/hostname.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Setting Hostname Fact - set_fact: - new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" - -- name: Setting FQDN Fact - set_fact: - new_fqdn: "{{ new_hostname }}.{{ openshift_openstack_full_dns_domain }}" - -- name: Setting hostname and DNS domain - hostname: name="{{ new_fqdn }}" - -- name: Check for cloud.cfg - stat: path=/etc/cloud/cloud.cfg - register: cloud_cfg - -- name: Prevent cloud-init updates of hostname/fqdn (if applicable) - lineinfile: - dest: /etc/cloud/cloud.cfg - state: present - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^ - set_hostname', line: '# - set_hostname' } - - { regexp: '^ - update_hostname', line: '# - update_hostname' } - when: cloud_cfg.stat.exists == True diff --git a/roles/openshift_openstack/tasks/node-configuration.yml b/roles/openshift_openstack/tasks/node-configuration.yml index 89e58d830..59df2e396 100644 --- a/roles/openshift_openstack/tasks/node-configuration.yml +++ b/roles/openshift_openstack/tasks/node-configuration.yml @@ -4,8 +4,6 @@ msg: "SELinux is required for OpenShift and has been detected as '{{ ansible_selinux.config_mode }}'" when: ansible_selinux.config_mode != "enforcing" -- include: hostname.yml +- include_tasks: container-storage-setup.yml -- include: container-storage-setup.yml - -- include: node-network.yml +- include_tasks: node-network.yml diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml index b5c4da532..eae4967f7 100644 --- a/roles/openshift_openstack/tasks/populate-dns.yml +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -30,7 +30,6 @@ nsupdate_key_algorithm_private: "{{ openshift_openstack_external_nsupdate_keys['private']['key_algorithm'] }}" nsupdate_private_key_name: "{{ openshift_openstack_external_nsupdate_keys['private']['key_name']|default('private-' + openshift_openstack_full_dns_domain) }}" when: - - openshift_openstack_external_nsupdate_keys is defined - openshift_openstack_external_nsupdate_keys['private'] is defined @@ -44,6 +43,8 @@ key_secret: "{{ nsupdate_key_secret_private }}" key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" entries: "{{ private_records }}" + when: + - openshift_openstack_external_nsupdate_keys['private'] is defined - name: "Generate list of public A records" set_fact: @@ -78,7 +79,6 @@ nsupdate_key_algorithm_public: "{{ openshift_openstack_external_nsupdate_keys['public']['key_algorithm'] }}" nsupdate_public_key_name: "{{ openshift_openstack_external_nsupdate_keys['public']['key_name']|default('public-' + openshift_openstack_full_dns_domain) }}" when: - - openshift_openstack_external_nsupdate_keys is defined - openshift_openstack_external_nsupdate_keys['public'] is defined - name: "Generate the public Add section for DNS" @@ -91,11 +91,13 @@ key_secret: "{{ nsupdate_key_secret_public }}" key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" entries: "{{ public_records }}" + when: + - openshift_openstack_external_nsupdate_keys['public'] is defined - name: "Generate the final openshift_openstack_dns_records_add" set_fact: - openshift_openstack_dns_records_add: "{{ private_named_records + public_named_records }}" + openshift_openstack_dns_records_add: "{{ private_named_records|default([]) + public_named_records|default([]) }}" - name: "Add DNS A records" @@ -111,7 +113,7 @@ # TODO(shadower): add a cleanup playbook that removes these records, too! state: present with_subelements: - - "{{ openshift_openstack_dns_records_add | default({}) }}" + - "{{ openshift_openstack_dns_records_add | default([]) }}" - entries register: nsupdate_add_result until: nsupdate_add_result|succeeded diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml index dccbe334c..b774bd620 100644 --- a/roles/openshift_openstack/tasks/provision.yml +++ b/roles/openshift_openstack/tasks/provision.yml @@ -1,6 +1,6 @@ --- - name: Generate the templates - include: generate-templates.yml + include_tasks: generate-templates.yml when: - openshift_openstack_stack_state == 'present' @@ -17,7 +17,7 @@ meta: refresh_inventory - name: CleanUp - include: cleanup.yml + include_tasks: cleanup.yml when: - openshift_openstack_stack_state == 'present' diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2 index ec488941e..8d13eb81e 100644 --- a/roles/openshift_openstack/templates/heat_stack.yaml.j2 +++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2 @@ -54,23 +54,6 @@ outputs: description: Floating IPs of the nodes value: { get_attr: [ infra_nodes, floating_ip ] } -{% if openshift_openstack_num_dns|int > 0 %} - dns_name: - description: Name of the DNS - value: - get_attr: - - dns - - name - - dns_floating_ips: - description: Floating IPs of the DNS - value: { get_attr: [ dns, floating_ip ] } - - dns_private_ips: - description: Private IPs of the DNS - value: { get_attr: [ dns, private_ip ] } -{% endif %} - conditions: no_floating: {% if openshift_openstack_provider_network_name %}true{% else %}false{% endif %} @@ -436,43 +419,6 @@ resources: port_range_min: 443 port_range_max: 443 -{% if openshift_openstack_num_dns|int > 0 %} - dns-secgrp: - type: OS::Neutron::SecurityGroup - properties: - name: - str_replace: - template: openshift-ansible-cluster_id-dns-secgrp - params: - cluster_id: {{ openshift_openstack_stack_name }} - description: - str_replace: - template: Security group for cluster_id cluster DNS - params: - cluster_id: {{ openshift_openstack_stack_name }} - rules: - - direction: ingress - protocol: udp - port_range_min: 53 - port_range_max: 53 - remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} - - direction: ingress - protocol: udp - port_range_min: 53 - port_range_max: 53 - remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" - - direction: ingress - protocol: tcp - port_range_min: 53 - port_range_max: 53 - remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} - - direction: ingress - protocol: tcp - port_range_min: 53 - port_range_max: 53 - remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" -{% endif %} - {% if openshift_openstack_num_masters|int > 1 %} lb-secgrp: type: OS::Neutron::SecurityGroup @@ -818,54 +764,3 @@ resources: depends_on: - interface {% endif %} - -{% if openshift_openstack_num_dns|int > 0 %} - dns: - type: OS::Heat::ResourceGroup - properties: - count: {{ openshift_openstack_num_dns }} - resource_def: - type: server.yaml - properties: - name: - str_replace: - template: k8s_type-%index%.cluster_id - params: - cluster_id: {{ openshift_openstack_stack_name }} - k8s_type: {{ openshift_openstack_dns_hostname }} - cluster_env: {{ openshift_openstack_public_dns_domain }} - cluster_id: {{ openshift_openstack_stack_name }} - group: - str_replace: - template: k8s_type.cluster_id - params: - k8s_type: dns - cluster_id: {{ openshift_openstack_stack_name }} - type: dns - image: {{ openshift_openstack_dns_image }} - flavor: {{ openshift_openstack_dns_flavor }} - key_name: {{ openshift_openstack_keypair_name }} -{% if openshift_openstack_provider_network_name %} - net: {{ openshift_openstack_provider_network_name }} - net_name: {{ openshift_openstack_provider_network_name }} -{% else %} - net: { get_resource: net } - subnet: { get_resource: subnet } - net_name: - str_replace: - template: openshift-ansible-cluster_id-net - params: - cluster_id: {{ openshift_openstack_stack_name }} -{% endif %} - secgrp: - - { get_resource: dns-secgrp } - - { get_resource: common-secgrp } -{% if not openshift_openstack_provider_network_name %} - floating_network: {{ openshift_openstack_external_network_name }} -{% endif %} - volume_size: {{ openshift_openstack_dns_volume_size }} -{% if not openshift_openstack_provider_network_name %} - depends_on: - - interface -{% endif %} -{% endif %} diff --git a/roles/openshift_persistent_volumes/action_plugins/generate_pv_pvcs_list.py b/roles/openshift_persistent_volumes/action_plugins/generate_pv_pvcs_list.py new file mode 100644 index 000000000..eb13a58ba --- /dev/null +++ b/roles/openshift_persistent_volumes/action_plugins/generate_pv_pvcs_list.py @@ -0,0 +1,157 @@ +""" +Ansible action plugin to generate pv and pvc dictionaries lists +""" + +from ansible.plugins.action import ActionBase +from ansible import errors + + +class ActionModule(ActionBase): + """Action plugin to execute health checks.""" + + def get_templated(self, var_to_template): + """Return a properly templated ansible variable""" + return self._templar.template(self.task_vars.get(var_to_template)) + + def build_common(self, varname=None): + """Retrieve common variables for each pv and pvc type""" + volume = self.get_templated(str(varname) + '_volume_name') + size = self.get_templated(str(varname) + '_volume_size') + labels = self.task_vars.get(str(varname) + '_labels') + if labels: + labels = self._templar.template(labels) + else: + labels = dict() + access_modes = self.get_templated(str(varname) + '_access_modes') + return (volume, size, labels, access_modes) + + def build_pv_nfs(self, varname=None): + """Build pv dictionary for nfs storage type""" + host = self.task_vars.get(str(varname) + '_host') + if host: + self._templar.template(host) + elif host is None: + groups = self.task_vars.get('groups') + default_group_name = self.get_templated('openshift_persistent_volumes_default_nfs_group') + if groups and default_group_name and default_group_name in groups and len(groups[default_group_name]) > 0: + host = groups['oo_nfs_to_config'][0] + else: + raise errors.AnsibleModuleError("|failed no storage host detected") + volume, size, labels, access_modes = self.build_common(varname=varname) + directory = self.get_templated(str(varname) + '_nfs_directory') + path = directory + '/' + volume + return dict( + name="{0}-volume".format(volume), + capacity=size, + labels=labels, + access_modes=access_modes, + storage=dict( + nfs=dict( + server=host, + path=path))) + + def build_pv_openstack(self, varname=None): + """Build pv dictionary for openstack storage type""" + volume, size, labels, access_modes = self.build_common(varname=varname) + filesystem = self.get_templated(str(varname) + '_openstack_filesystem') + volume_id = self.get_templated(str(varname) + '_openstack_volumeID') + return dict( + name="{0}-volume".format(volume), + capacity=size, + labels=labels, + access_modes=access_modes, + storage=dict( + cinder=dict( + fsType=filesystem, + volumeID=volume_id))) + + def build_pv_glusterfs(self, varname=None): + """Build pv dictionary for glusterfs storage type""" + volume, size, labels, access_modes = self.build_common(varname=varname) + endpoints = self.get_templated(str(varname) + '_glusterfs_endpoints') + path = self.get_templated(str(varname) + '_glusterfs_path') + read_only = self.get_templated(str(varname) + '_glusterfs_readOnly') + return dict( + name="{0}-volume".format(volume), + capacity=size, + labels=labels, + access_modes=access_modes, + storage=dict( + glusterfs=dict( + endpoints=endpoints, + path=path, + readOnly=read_only))) + + def build_pv_dict(self, varname=None): + """Check for the existence of PV variables""" + kind = self.task_vars.get(str(varname) + '_kind') + if kind: + kind = self._templar.template(kind) + create_pv = self.task_vars.get(str(varname) + '_create_pv') + if create_pv and self._templar.template(create_pv): + if kind == 'nfs': + return self.build_pv_nfs(varname=varname) + + elif kind == 'openstack': + return self.build_pv_openstack(varname=varname) + + elif kind == 'glusterfs': + return self.build_pv_glusterfs(varname=varname) + + elif not (kind == 'object' or kind == 'dynamic'): + msg = "|failed invalid storage kind '{0}' for component '{1}'".format( + kind, + varname) + raise errors.AnsibleModuleError(msg) + return None + + def build_pvc_dict(self, varname=None): + """Check for the existence of PVC variables""" + kind = self.task_vars.get(str(varname) + '_kind') + if kind: + kind = self._templar.template(kind) + create_pv = self.task_vars.get(str(varname) + '_create_pv') + if create_pv: + create_pv = self._templar.template(create_pv) + create_pvc = self.task_vars.get(str(varname) + '_create_pvc') + if create_pvc: + create_pvc = self._templar.template(create_pvc) + if kind != 'object' and create_pv and create_pvc: + volume, size, _, access_modes = self.build_common(varname=varname) + return dict( + name="{0}-claim".format(volume), + capacity=size, + access_modes=access_modes) + return None + + def run(self, tmp=None, task_vars=None): + """Run generate_pv_pvcs_list action plugin""" + result = super(ActionModule, self).run(tmp, task_vars) + # Ignore settting self.task_vars outside of init. + # pylint: disable=W0201 + self.task_vars = task_vars or {} + + result["changed"] = False + result["failed"] = False + result["msg"] = "persistent_volumes list and persistent_volume_claims list created" + vars_to_check = ['openshift_hosted_registry_storage', + 'openshift_hosted_router_storage', + 'openshift_hosted_etcd_storage', + 'openshift_logging_storage', + 'openshift_loggingops_storage', + 'openshift_metrics_storage', + 'openshift_prometheus_storage', + 'openshift_prometheus_alertmanager_storage', + 'openshift_prometheus_alertbuffer_storage'] + persistent_volumes = [] + persistent_volume_claims = [] + for varname in vars_to_check: + pv_dict = self.build_pv_dict(varname) + if pv_dict: + persistent_volumes.append(pv_dict) + pvc_dict = self.build_pvc_dict(varname) + if pvc_dict: + persistent_volume_claims.append(pvc_dict) + result["persistent_volumes"] = persistent_volumes + result["persistent_volume_claims"] = persistent_volume_claims + return result diff --git a/roles/openshift_persistent_volumes/defaults/main.yml b/roles/openshift_persistent_volumes/defaults/main.yml new file mode 100644 index 000000000..b16e164e6 --- /dev/null +++ b/roles/openshift_persistent_volumes/defaults/main.yml @@ -0,0 +1,9 @@ +--- + +openshift_persistent_volumes_default_nfs_group: 'oo_nfs_to_config' + +openshift_persistent_volume_extras: [] +openshift_persistent_volume_claims_extras: [] + +glusterfs_pv: [] +glusterfs_pvc: [] diff --git a/roles/openshift_persistent_volumes/meta/main.yml b/roles/openshift_persistent_volumes/meta/main.yml index 19e9a56b7..48b0699ab 100644 --- a/roles/openshift_persistent_volumes/meta/main.yml +++ b/roles/openshift_persistent_volumes/meta/main.yml @@ -9,4 +9,5 @@ galaxy_info: - name: EL versions: - 7 -dependencies: {} +dependencies: +- role: openshift_facts diff --git a/roles/openshift_persistent_volumes/tasks/main.yml b/roles/openshift_persistent_volumes/tasks/main.yml index e431e978c..0b4dd7d1f 100644 --- a/roles/openshift_persistent_volumes/tasks/main.yml +++ b/roles/openshift_persistent_volumes/tasks/main.yml @@ -9,39 +9,36 @@ cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig changed_when: False -- name: Deploy PersistentVolume definitions - template: - dest: "{{ mktemp.stdout }}/persistent-volumes.yml" - src: persistent-volume.yml.j2 - when: persistent_volumes | length > 0 - changed_when: False +- set_fact: + glusterfs_pv: + - name: "{{ openshift_hosted_registry_storage_volume_name }}-glusterfs-volume" + capacity: "{{ openshift_hosted_registry_storage_volume_size }}" + access_modes: "{{ openshift_hosted_registry_storage_access_modes }}" + storage: + glusterfs: + endpoints: "{{ openshift_hosted_registry_storage_glusterfs_endpoints }}" + path: "{{ openshift_hosted_registry_storage_glusterfs_path }}" + readOnly: "{{ openshift_hosted_registry_storage_glusterfs_readOnly }}" + glusterfs_pvc: + - name: "{{ openshift_hosted_registry_storage_volume_name }}-glusterfs-claim" + capacity: "{{ openshift_hosted_registry_storage_volume_size }}" + access_modes: "{{ openshift_hosted_registry_storage_access_modes }}" + when: openshift_hosted_registry_storage_glusterfs_swap | default(False) -- name: Create PersistentVolumes - command: > - {{ openshift.common.client_binary }} create - -f {{ mktemp.stdout }}/persistent-volumes.yml - --config={{ mktemp.stdout }}/admin.kubeconfig - register: pv_create_output - when: persistent_volumes | length > 0 - failed_when: ('already exists' not in pv_create_output.stderr) and ('created' not in pv_create_output.stdout) - changed_when: ('created' in pv_create_output.stdout) +- name: create standard pv and pvc lists + # generate_pv_pvcs_list is a custom action module defined in ../action_plugins + generate_pv_pvcs_list: {} + register: l_pv_pvcs_list -- name: Deploy PersistentVolumeClaim definitions - template: - dest: "{{ mktemp.stdout }}/persistent-volume-claims.yml" - src: persistent-volume-claim.yml.j2 - when: persistent_volume_claims | length > 0 - changed_when: False +- include_tasks: pv.yml + vars: + l_extra_persistent_volumes: "{{ openshift_persistent_volume_extras | union(glusterfs_pv) }}" + persistent_volumes: "{{ l_pv_pvcs_list.persistent_volumes | union(l_extra_persistent_volumes) }}" -- name: Create PersistentVolumeClaims - command: > - {{ openshift.common.client_binary }} create - -f {{ mktemp.stdout }}/persistent-volume-claims.yml - --config={{ mktemp.stdout }}/admin.kubeconfig - register: pvc_create_output - when: persistent_volume_claims | length > 0 - failed_when: ('already exists' not in pvc_create_output.stderr) and ('created' not in pvc_create_output.stdout) - changed_when: ('created' in pvc_create_output.stdout) +- include_tasks: pvc.yml + vars: + l_extra_persistent_volume_claims: "{{ openshift_persistent_volume_claims_extras | union(glusterfs_pvc) }}" + persistent_volume_claims: "{{ l_pv_pvcs_list.persistent_volume_claims | union(l_extra_persistent_volume_claims) }}" - name: Delete temp directory file: diff --git a/roles/openshift_persistent_volumes/tasks/pv.yml b/roles/openshift_persistent_volumes/tasks/pv.yml new file mode 100644 index 000000000..346605ff7 --- /dev/null +++ b/roles/openshift_persistent_volumes/tasks/pv.yml @@ -0,0 +1,17 @@ +--- +- name: Deploy PersistentVolume definitions + template: + dest: "{{ mktemp.stdout }}/persistent-volumes.yml" + src: persistent-volume.yml.j2 + when: persistent_volumes | length > 0 + changed_when: False + +- name: Create PersistentVolumes + command: > + {{ openshift.common.client_binary }} create + -f {{ mktemp.stdout }}/persistent-volumes.yml + --config={{ mktemp.stdout }}/admin.kubeconfig + register: pv_create_output + when: persistent_volumes | length > 0 + failed_when: ('already exists' not in pv_create_output.stderr) and ('created' not in pv_create_output.stdout) + changed_when: ('created' in pv_create_output.stdout) diff --git a/roles/openshift_persistent_volumes/tasks/pvc.yml b/roles/openshift_persistent_volumes/tasks/pvc.yml new file mode 100644 index 000000000..e44f9b18f --- /dev/null +++ b/roles/openshift_persistent_volumes/tasks/pvc.yml @@ -0,0 +1,17 @@ +--- +- name: Deploy PersistentVolumeClaim definitions + template: + dest: "{{ mktemp.stdout }}/persistent-volume-claims.yml" + src: persistent-volume-claim.yml.j2 + when: persistent_volume_claims | length > 0 + changed_when: False + +- name: Create PersistentVolumeClaims + command: > + {{ openshift.common.client_binary }} create + -f {{ mktemp.stdout }}/persistent-volume-claims.yml + --config={{ mktemp.stdout }}/admin.kubeconfig + register: pvc_create_output + when: persistent_volume_claims | length > 0 + failed_when: ('already exists' not in pvc_create_output.stderr) and ('created' not in pvc_create_output.stdout) + changed_when: ('created' in pvc_create_output.stdout) diff --git a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 index ee9dac7cb..9ec14208b 100644 --- a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 +++ b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 @@ -17,5 +17,5 @@ items: capacity: storage: "{{ volume.capacity }}" accessModes: {{ volume.access_modes | to_padded_yaml(2, 2) }} - {{ volume.storage.keys()[0] }}: {{ volume.storage[volume.storage.keys()[0]] | to_padded_yaml(3, 2) }} + {{ (volume.storage.keys() | list)[0] }}: {{ volume.storage[(volume.storage.keys() | list)[0]] | to_padded_yaml(3, 2) }} {% endfor %} diff --git a/roles/openshift_provisioners/tasks/install_efs.yaml b/roles/openshift_provisioners/tasks/install_efs.yaml index 6e8792446..e543d753c 100644 --- a/roles/openshift_provisioners/tasks/install_efs.yaml +++ b/roles/openshift_provisioners/tasks/install_efs.yaml @@ -66,7 +66,7 @@ - name: "Set anyuid permissions for efs" command: > - {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy + {{ openshift.common.client_binary}} adm --config={{ mktemp.stdout }}/admin.kubeconfig policy add-scc-to-user anyuid system:serviceaccount:{{openshift_provisioners_project}}:provisioners-efs register: efs_output failed_when: efs_output.rc == 1 and 'exists' not in efs_output.stderr diff --git a/roles/openshift_storage_glusterfs/defaults/main.yml b/roles/openshift_storage_glusterfs/defaults/main.yml index 814d6ff28..b7b3c0db2 100644 --- a/roles/openshift_storage_glusterfs/defaults/main.yml +++ b/roles/openshift_storage_glusterfs/defaults/main.yml @@ -45,7 +45,7 @@ openshift_storage_glusterfs_heketi_fstab: "{{ '/var/lib/heketi/fstab' | quote if openshift_storage_glusterfs_namespace: "{{ 'glusterfs' | quote if openshift_storage_glusterfs_is_native or openshift_storage_glusterfs_heketi_is_native else 'default' | quote }}" openshift_storage_glusterfs_registry_timeout: "{{ openshift_storage_glusterfs_timeout }}" -openshift_storage_glusterfs_registry_namespace: "{{ openshift.hosted.registry.namespace | default(openshift_storage_glusterfs_namespace) }}" +openshift_storage_glusterfs_registry_namespace: "{{ openshift_hosted_registry_namespace | default(openshift_storage_glusterfs_namespace) }}" openshift_storage_glusterfs_registry_is_native: "{{ openshift_storage_glusterfs_is_native }}" openshift_storage_glusterfs_registry_name: 'registry' openshift_storage_glusterfs_registry_nodeselector: "glusterfs={{ openshift_storage_glusterfs_registry_name }}-host" diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index 4b33e91b4..315bc5614 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -82,7 +82,7 @@ retries: "{{ (glusterfs_timeout | int / 10) | int }}" when: glusterfs_heketi_wipe -- include: glusterfs_deploy.yml +- include_tasks: glusterfs_deploy.yml when: glusterfs_is_native - name: Create heketi service account @@ -212,7 +212,7 @@ when: - glusterfs_heketi_is_native -- include: heketi_deploy_part1.yml +- include_tasks: heketi_deploy_part1.yml when: - glusterfs_heketi_is_native - glusterfs_heketi_deploy_is_missing @@ -256,7 +256,7 @@ when: - glusterfs_heketi_topology_load -- include: heketi_deploy_part2.yml +- include_tasks: heketi_deploy_part2.yml when: - glusterfs_heketi_is_native - glusterfs_heketi_is_missing @@ -312,8 +312,8 @@ when: - glusterfs_storageclass or glusterfs_s3_deploy -- include: glusterblock_deploy.yml +- include_tasks: glusterblock_deploy.yml when: glusterfs_block_deploy -- include: gluster_s3_deploy.yml +- include_tasks: gluster_s3_deploy.yml when: glusterfs_s3_deploy diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml index 71c1311cd..73b9791eb 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml @@ -46,4 +46,4 @@ glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_heketi_fstab }}" glusterfs_nodes: "{{ groups.glusterfs | default([]) }}" -- include: glusterfs_common.yml +- include_tasks: glusterfs_common.yml diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml index d3cba61cf..7466702b8 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml @@ -46,7 +46,7 @@ glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_registry_heketi_fstab }}" glusterfs_nodes: "{% if groups.glusterfs_registry is defined %}{% set nodes = groups.glusterfs_registry %}{% elif 'groups.glusterfs' is defined %}{% set nodes = groups.glusterfs %}{% else %}{% set nodes = '[]' %}{% endif %}{{ nodes }}" -- include: glusterfs_common.yml +- include_tasks: glusterfs_common.yml when: - glusterfs_nodes | default([]) | count > 0 - "'glusterfs' not in groups or glusterfs_nodes != groups.glusterfs" @@ -56,5 +56,5 @@ register: registry_volume - name: Create GlusterFS registry volume - command: "{{ glusterfs_heketi_client }} volume create --size={{ openshift.hosted.registry.storage.volume.size | replace('Gi','') }} --name={{ openshift.hosted.registry.storage.glusterfs.path }}" - when: "openshift.hosted.registry.storage.glusterfs.path not in registry_volume.stdout" + command: "{{ glusterfs_heketi_client }} volume create --size={{ openshift_hosted_registry_storage_volume_size | replace('Gi','') }} --name={{ openshift_hosted_registry_storage_glusterfs_path }}" + when: "openshift_hosted_registry_storage_glusterfs_path not in registry_volume.stdout" diff --git a/roles/openshift_storage_glusterfs/tasks/main.yml b/roles/openshift_storage_glusterfs/tasks/main.yml index d2d8c6c10..b48bfc88e 100644 --- a/roles/openshift_storage_glusterfs/tasks/main.yml +++ b/roles/openshift_storage_glusterfs/tasks/main.yml @@ -5,13 +5,15 @@ changed_when: False check_mode: no -- include: glusterfs_config.yml +- include_tasks: glusterfs_config.yml when: - groups.glusterfs | default([]) | count > 0 -- include: glusterfs_registry.yml - when: - - "groups.glusterfs_registry | default([]) | count > 0 or openshift.hosted.registry.storage.kind == 'glusterfs' or openshift.hosted.registry.storage.glusterfs.swap" +- include_tasks: glusterfs_registry.yml + when: > + groups.glusterfs_registry | default([]) | count > 0 + or (openshift_hosted_registry_storage_kind | default(none) == 'glusterfs') + or (openshift_hosted_registry_storage_glusterfs_swap | default(False)) - name: Delete temp directory file: diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index c25cad74c..55e4024ec 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -20,25 +20,25 @@ - name: Ensure exports directory exists file: - path: "{{ openshift.hosted.registry.storage.nfs.directory }}" + path: "{{ openshift_hosted_registry_storage_nfs_directory }}" state: directory - name: Ensure export directories exist file: - path: "{{ item.storage.nfs.directory }}/{{ item.storage.volume.name }}" + path: "{{ item }}" state: directory mode: 0777 owner: nfsnobody group: nfsnobody with_items: - - "{{ openshift.hosted.registry }}" - - "{{ openshift.metrics }}" - - "{{ openshift.logging }}" - - "{{ openshift.loggingops }}" - - "{{ openshift.hosted.etcd }}" - - "{{ openshift.prometheus }}" - - "{{ openshift.prometheus.alertmanager }}" - - "{{ openshift.prometheus.alertbuffer }}" + - "{{ openshift_hosted_registry_storage_nfs_directory }}/{{ openshift_hosted_registry_storage_volume_name }}" + - "{{ openshift_metrics_storage_nfs_directory }}/{{ openshift_metrics_storage_volume_name }}" + - "{{ openshift_logging_storage_nfs_directory }}/{{ openshift_logging_storage_volume_name }}" + - "{{ openshift_loggingops_storage_nfs_directory }}/{{ openshift_loggingops_storage_volume_name }}" + - "{{ openshift_hosted_etcd_storage_nfs_directory }}/{{ openshift_hosted_etcd_storage_volume_name }}" + - "{{ openshift_prometheus_storage_nfs_directory }}/{{ openshift_prometheus_storage_volume_name }}" + - "{{ openshift_prometheus_alertmanager_storage_nfs_directory }}/{{ openshift_prometheus_alertmanager_storage_volume_name }}" + - "{{ openshift_prometheus_alertbuffer_storage_nfs_directory }}/{{ openshift_prometheus_alertbuffer_storage_volume_name }}" - name: Configure exports template: diff --git a/roles/openshift_storage_nfs/templates/exports.j2 b/roles/openshift_storage_nfs/templates/exports.j2 index c2a741035..2ec8db019 100644 --- a/roles/openshift_storage_nfs/templates/exports.j2 +++ b/roles/openshift_storage_nfs/templates/exports.j2 @@ -1,8 +1,8 @@ -{{ openshift.hosted.registry.storage.nfs.directory }}/{{ openshift.hosted.registry.storage.volume.name }} {{ openshift.hosted.registry.storage.nfs.options }} -{{ openshift.metrics.storage.nfs.directory }}/{{ openshift.metrics.storage.volume.name }} {{ openshift.metrics.storage.nfs.options }} -{{ openshift.logging.storage.nfs.directory }}/{{ openshift.logging.storage.volume.name }} {{ openshift.logging.storage.nfs.options }} -{{ openshift.loggingops.storage.nfs.directory }}/{{ openshift.loggingops.storage.volume.name }} {{ openshift.loggingops.storage.nfs.options }} -{{ openshift.hosted.etcd.storage.nfs.directory }}/{{ openshift.hosted.etcd.storage.volume.name }} {{ openshift.hosted.etcd.storage.nfs.options }} -{{ openshift.prometheus.storage.nfs.directory }}/{{ openshift.prometheus.storage.volume.name }} {{ openshift.prometheus.storage.nfs.options }} -{{ openshift.prometheus.alertmanager.storage.nfs.directory }}/{{ openshift.prometheus.alertmanager.storage.volume.name }} {{ openshift.prometheus.alertmanager.storage.nfs.options }} -{{ openshift.prometheus.alertbuffer.storage.nfs.directory }}/{{ openshift.prometheus.alertbuffer.storage.volume.name }} {{ openshift.prometheus.alertbuffer.storage.nfs.options }} +{{ openshift_hosted_registry_storage_nfs_directory }}/{{ openshift_hosted_registry_storage_volume_name }} {{ openshift_hosted_registry_storage_nfs_options }} +{{ openshift_metrics_storage_nfs_directory }}/{{ openshift_metrics_storage_volume_name }} {{ openshift_metrics_storage_nfs_options }} +{{ openshift_logging_storage_nfs_directory }}/{{ openshift_logging_storage_volume_name }} {{ openshift_logging_storage_nfs_options }} +{{ openshift_loggingops_storage_nfs_directory }}/{{ openshift_loggingops_storage_volume_name }} {{ openshift_loggingops_storage_nfs_options }} +{{ openshift_hosted_etcd_storage_nfs_directory }}/{{ openshift_hosted_etcd_storage_volume_name }} {{ openshift_hosted_etcd_storage_nfs_options }} +{{ openshift_prometheus_storage_nfs_directory }}/{{ openshift_prometheus_storage_volume_name }} {{ openshift_prometheus_storage_nfs_options }} +{{ openshift_prometheus_alertmanager_storage_nfs_directory }}/{{ openshift_prometheus_alertmanager_storage_volume_name }} {{ openshift_prometheus_alertmanager_storage_nfs_options }} +{{ openshift_prometheus_alertbuffer_storage_nfs_directory }}/{{ openshift_prometheus_alertbuffer_storage_volume_name }} {{ openshift_prometheus_alertbuffer_storage_nfs_options }} diff --git a/roles/openshift_storage_nfs_lvm/tasks/main.yml b/roles/openshift_storage_nfs_lvm/tasks/main.yml index 49dd657b5..c8e7b6d7c 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/main.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/main.yml @@ -20,7 +20,7 @@ file: path={{osnl_mount_dir}}/{{ item }} owner=nfsnobody group=nfsnobody mode=0700 with_sequence: start={{osnl_volume_num_start}} count={{osnl_number_of_volumes}} format={{osnl_volume_prefix}}{{osnl_volume_size}}g%04d -- include: nfs.yml +- include_tasks: nfs.yml - name: Create volume json file template: src=../templates/nfs.json.j2 dest=/root/persistent-volume.{{ item }}.json diff --git a/roles/openshift_version/defaults/main.yml b/roles/openshift_version/defaults/main.yml index 01a1a7472..354699637 100644 --- a/roles/openshift_version/defaults/main.yml +++ b/roles/openshift_version/defaults/main.yml @@ -1,2 +1,10 @@ --- openshift_protect_installed_version: True + +openshift_service_type_dict: + origin: origin + openshift-enterprise: atomic-openshift + +openshift_service_type: "{{ openshift_service_type_dict[openshift_deployment_type] }}" + +openshift_use_crio_only: False diff --git a/roles/openshift_version/meta/main.yml b/roles/openshift_version/meta/main.yml index 5d7683120..2d317700a 100644 --- a/roles/openshift_version/meta/main.yml +++ b/roles/openshift_version/meta/main.yml @@ -13,3 +13,5 @@ galaxy_info: - cloud dependencies: - role: lib_utils +- role: container_runtime +- role: openshift_facts diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index 4f9158ade..ae0f68a5b 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -101,13 +101,13 @@ when: is_containerized | bool - block: - - name: Get available {{ openshift.common.service_type}} version + - name: Get available {{ openshift_service_type}} version repoquery: - name: "{{ openshift.common.service_type}}" + name: "{{ openshift_service_type}}" ignore_excluders: true register: rpm_results - fail: - msg: "Package {{ openshift.common.service_type}} not found" + msg: "Package {{ openshift_service_type}} not found" when: not rpm_results.results.package_found - set_fact: openshift_rpm_version: "{{ rpm_results.results.versions.available_versions.0 | default('0.0', True) }}" @@ -196,7 +196,7 @@ - openshift_version.startswith(openshift_release) | bool msg: |- You requested openshift_release {{ openshift_release }}, which is not matched by - the latest OpenShift RPM we detected as {{ openshift.common.service_type }}-{{ openshift_version }} + the latest OpenShift RPM we detected as {{ openshift_service_type }}-{{ openshift_version }} on host {{ inventory_hostname }}. We will only install the latest RPMs, so please ensure you are getting the release you expect. You may need to adjust your Ansible inventory, modify the repositories diff --git a/roles/openshift_version/tasks/set_version_rpm.yml b/roles/openshift_version/tasks/set_version_rpm.yml index c40777bf1..c7ca5ceae 100644 --- a/roles/openshift_version/tasks/set_version_rpm.yml +++ b/roles/openshift_version/tasks/set_version_rpm.yml @@ -8,14 +8,14 @@ - openshift_version is not defined - block: - - name: Get available {{ openshift.common.service_type}} version + - name: Get available {{ openshift_service_type}} version repoquery: - name: "{{ openshift.common.service_type}}" + name: "{{ openshift_service_type}}" ignore_excluders: true register: rpm_results - fail: - msg: "Package {{ openshift.common.service_type}} not found" + msg: "Package {{ openshift_service_type}} not found" when: not rpm_results.results.package_found - set_fact: diff --git a/roles/rhel_subscribe/README.md b/roles/rhel_subscribe/README.md new file mode 100644 index 000000000..15eaf4f30 --- /dev/null +++ b/roles/rhel_subscribe/README.md @@ -0,0 +1,29 @@ +RHEL Subscribe +============== + +Subscribes the RHEL servers and add the OpenShift enterprise repos. + +Role variables +-------------- + +### `rhsub_user` + +Username for the subscription-manager. + +### `rhsub_pass` + +Password for the subscription-manager. + +### `rhsub_pool` + +Name of the pool to attach (optional). + +### `rhsub_server` + +Custom hostname for the Satellite server (optional). + +### `openshift_release` + +Version for the OpenShift Enterprise repositories. + +Example: `3.6` diff --git a/roles/rhel_subscribe/defaults/main.yml b/roles/rhel_subscribe/defaults/main.yml new file mode 100644 index 000000000..80b2ab919 --- /dev/null +++ b/roles/rhel_subscribe/defaults/main.yml @@ -0,0 +1,2 @@ +--- +rhsub_pool: 'Red Hat OpenShift Container Platform, Premium*' diff --git a/roles/rhel_subscribe/tasks/enterprise.yml b/roles/rhel_subscribe/tasks/enterprise.yml index fa74c9953..8acdfb969 100644 --- a/roles/rhel_subscribe/tasks/enterprise.yml +++ b/roles/rhel_subscribe/tasks/enterprise.yml @@ -1,25 +1,18 @@ --- -- name: Disable all repositories - command: subscription-manager repos --disable="*" - -- set_fact: - default_ose_version: '3.6' - when: deployment_type == 'openshift-enterprise' - - set_fact: - ose_version: "{{ lookup('env', 'ose_version') | default(default_ose_version, True) }}" - -- fail: - msg: "{{ ose_version }} is not a valid version for {{ deployment_type }} deployment type" + openshift_release: "{{ openshift_release[1:] }}" when: - - deployment_type == 'openshift-enterprise' - - ose_version not in ['3.1', '3.2', '3.3', '3.4', '3.5', '3.6'] ) + - openshift_release is defined + - openshift_release[0] == 'v' + +- name: Disable all repositories + command: subscription-manager repos --disable="*" - name: Enable RHEL repositories command: subscription-manager repos \ --enable="rhel-7-server-rpms" \ --enable="rhel-7-server-extras-rpms" \ - --enable="rhel-7-server-ose-{{ ose_version }}-rpms" \ + --enable="rhel-7-server-ose-{{ (openshift_release | default('')).split('.')[0:2] | join('.') }}-rpms" \ --enable="rhel-7-fast-datapath-rpms" register: subscribe_repos until: subscribe_repos | succeeded diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml index 9ca49b569..3466b7e44 100644 --- a/roles/rhel_subscribe/tasks/main.yml +++ b/roles/rhel_subscribe/tasks/main.yml @@ -3,23 +3,17 @@ # to make it able to attach to a pool # to make it able to enable repositories -- set_fact: - rhel_subscription_pool: "{{ lookup('env', 'rhel_subscription_pool') | default(rhsub_pool | default('Red Hat OpenShift Container Platform, Premium*')) }}" - rhel_subscription_user: "{{ lookup('env', 'rhel_subscription_user') | default(rhsub_user | default(omit, True)) }}" - rhel_subscription_pass: "{{ lookup('env', 'rhel_subscription_pass') | default(rhsub_pass | default(omit, True)) }}" - rhel_subscription_server: "{{ lookup('env', 'rhel_subscription_server') | default(rhsub_server | default(omit, True)) }}" - - fail: msg: "This role is only supported for Red Hat hosts" when: ansible_distribution != 'RedHat' - fail: - msg: Either rhsub_user or the rhel_subscription_user env variable are required for this role. - when: rhel_subscription_user is not defined + msg: The rhsub_user variable is required for this role. + when: rhsub_user is not defined or not rhsub_user - fail: - msg: Either rhsub_pass or the rhel_subscription_pass env variable are required for this role. - when: rhel_subscription_pass is not defined + msg: The rhsub_pass variable is required for this role. + when: rhsub_pass is not defined or not rhsub_pass - name: Detecting Atomic Host Operating System stat: @@ -27,10 +21,10 @@ register: ostree_booted - name: Satellite preparation - command: "rpm -Uvh http://{{ rhel_subscription_server }}/pub/katello-ca-consumer-latest.noarch.rpm" + command: "rpm -Uvh http://{{ rhsub_server }}/pub/katello-ca-consumer-latest.noarch.rpm" args: creates: /etc/rhsm/ca/katello-server-ca.pem - when: rhel_subscription_server is defined and rhel_subscription_server + when: rhsub_server is defined and rhsub_server - name: Install Red Hat Subscription manager yum: @@ -41,26 +35,26 @@ - name: RedHat subscriptions redhat_subscription: - username: "{{ rhel_subscription_user }}" - password: "{{ rhel_subscription_pass }}" + username: "{{ rhsub_user }}" + password: "{{ rhsub_pass }}" register: rh_subscription until: rh_subscription | succeeded - name: Retrieve the OpenShift Pool ID - command: subscription-manager list --available --matches="{{ rhel_subscription_pool }}" --pool-only + command: subscription-manager list --available --matches="{{ rhsub_pool }}" --pool-only register: openshift_pool_id until: openshift_pool_id | succeeded changed_when: False - name: Determine if OpenShift Pool Already Attached - command: subscription-manager list --consumed --matches="{{ rhel_subscription_pool }}" --pool-only + command: subscription-manager list --consumed --matches="{{ rhsub_pool }}" --pool-only register: openshift_pool_attached until: openshift_pool_attached | succeeded changed_when: False when: openshift_pool_id.stdout == '' - fail: - msg: "Unable to find pool matching {{ rhel_subscription_pool }} in available or consumed pools" + msg: "Unable to find pool matching {{ rhsub_pool }} in available or consumed pools" when: openshift_pool_id.stdout == '' and openshift_pool_attached is defined and openshift_pool_attached.stdout == '' - name: Attach to OpenShift Pool @@ -69,7 +63,6 @@ until: subscribe_pool | succeeded when: openshift_pool_id.stdout != '' -- include: enterprise.yml +- include_tasks: enterprise.yml when: - - deployment_type == 'openshift-enterprise' - not ostree_booted.stat.exists | bool @@ -334,9 +334,9 @@ class OpenShiftAnsibleSyntaxCheck(Command): result = self.deprecate_jinja2_in_when(yaml_contents, yaml_file) has_errors = result or has_errors - # TODO (rteague): This test will be enabled once we move to Ansible 2.4 - # result = self.deprecate_include(yaml_contents, yaml_file) - # has_errors = result or has_errors + # Check for usage of include: directive + result = self.deprecate_include(yaml_contents, yaml_file) + has_errors = result or has_errors if not has_errors: print('...PASSED') diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_availability_missing_required.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_availability_missing_required.yml index 9875de9aa..006a71bd9 100644 --- a/test/integration/openshift_health_checker/preflight/playbooks/package_availability_missing_required.yml +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_availability_missing_required.yml @@ -1,6 +1,6 @@ --- # NOTE: this test is probably superfluous since openshift_version already does it -- include: ../../setup_container.yml +- import_playbook: ../../setup_container.yml vars: image: preflight-aos-package-checks l_host_vars: @@ -15,7 +15,7 @@ - block: # put the repo back to disabled - - include: tasks/enable_repo.yml + - include_tasks: tasks/enable_repo.yml vars: { repo_name: "ose-3.2", repo_enabled: 0 } - action: openshift_health_check @@ -23,4 +23,4 @@ checks: [ 'package_availability' ] always: # destroy the container whether check passed or not - - include: ../../teardown_container.yml + - include_tasks: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_availability_succeeds.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_availability_succeeds.yml index 16ff41673..b4f18e3b5 100644 --- a/test/integration/openshift_health_checker/preflight/playbooks/package_availability_succeeds.yml +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_availability_succeeds.yml @@ -1,5 +1,5 @@ --- -- include: ../../setup_container.yml +- import_playbook: ../../setup_container.yml vars: image: preflight-aos-package-checks l_host_vars: @@ -17,4 +17,4 @@ checks: [ 'package_availability' ] always: # destroy the container whether check passed or not - - include: ../../teardown_container.yml + - include_tasks: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_update_dep_missing.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_update_dep_missing.yml index 9f3aad7bd..7998023ae 100644 --- a/test/integration/openshift_health_checker/preflight/playbooks/package_update_dep_missing.yml +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_update_dep_missing.yml @@ -1,5 +1,5 @@ --- -- include: ../../setup_container.yml +- import_playbook: ../../setup_container.yml vars: image: preflight-aos-package-checks l_host_vars: @@ -14,7 +14,7 @@ post_tasks: - block: - - include: tasks/enable_repo.yml + - include_tasks: tasks/enable_repo.yml vars: { repo_name: "break-yum" } - action: openshift_health_check @@ -22,4 +22,4 @@ checks: [ 'package_update' ] always: # destroy the container whether check passed or not - - include: ../../teardown_container.yml + - include_tasks: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_broken.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_broken.yml index 84e9360f5..3b8b15ff3 100644 --- a/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_broken.yml +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_broken.yml @@ -1,5 +1,5 @@ --- -- include: ../../setup_container.yml +- import_playbook: ../../setup_container.yml vars: image: preflight-aos-package-checks l_host_vars: @@ -14,7 +14,7 @@ post_tasks: - block: - - include: tasks/enable_repo.yml + - include_tasks: tasks/enable_repo.yml vars: { repo_name: "break-yum" } - name: Break the break-yum repo @@ -29,4 +29,4 @@ checks: [ 'package_update' ] always: # destroy the container whether check passed or not - - include: ../../teardown_container.yml + - include_tasks: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_disabled.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_disabled.yml index f4c1bedfa..269c0250b 100644 --- a/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_disabled.yml +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_disabled.yml @@ -1,5 +1,5 @@ --- -- include: ../../setup_container.yml +- import_playbook: ../../setup_container.yml vars: image: preflight-aos-package-checks l_host_vars: @@ -19,4 +19,4 @@ checks: [ 'package_update' ] always: # destroy the container whether check passed or not - - include: ../../teardown_container.yml + - include_tasks: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_unreachable.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_unreachable.yml index 409057792..92408a669 100644 --- a/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_unreachable.yml +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_update_repo_unreachable.yml @@ -1,5 +1,5 @@ --- -- include: ../../setup_container.yml +- import_playbook: ../../setup_container.yml vars: image: preflight-aos-package-checks l_host_vars: @@ -14,7 +14,7 @@ post_tasks: - block: - - include: tasks/enable_repo.yml + - include_tasks: tasks/enable_repo.yml vars: { repo_name: "break-yum" } - name: Remove the local repo entirely @@ -25,4 +25,4 @@ checks: [ 'package_update' ] always: # destroy the container whether check passed or not - - include: ../../teardown_container.yml + - include_tasks: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_version_matches.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_version_matches.yml index d88f82a4a..4e2b8a50c 100644 --- a/test/integration/openshift_health_checker/preflight/playbooks/package_version_matches.yml +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_version_matches.yml @@ -1,5 +1,5 @@ --- -- include: ../../setup_container.yml +- import_playbook: ../../setup_container.yml vars: image: preflight-aos-package-checks l_host_vars: @@ -15,7 +15,7 @@ - block: # disable extras so we control docker version - - include: tasks/enable_repo.yml + - include_tasks: tasks/enable_repo.yml vars: { repo_file: "CentOS-Base", repo_name: "extras", repo_enabled: 0 } - action: openshift_health_check @@ -23,4 +23,4 @@ checks: [ 'package_version' ] always: # destroy the container whether check passed or not - - include: ../../teardown_container.yml + - include_tasks: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_version_mismatches.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_version_mismatches.yml index 401ad1e21..e1f8d74e6 100644 --- a/test/integration/openshift_health_checker/preflight/playbooks/package_version_mismatches.yml +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_version_mismatches.yml @@ -1,6 +1,6 @@ --- # NOTE: this test is probably superfluous since openshift_version already does it -- include: ../../setup_container.yml +- import_playbook: ../../setup_container.yml vars: image: preflight-aos-package-checks l_host_vars: @@ -16,14 +16,14 @@ - block: # put the repo back to disabled - - include: tasks/enable_repo.yml + - include_tasks: tasks/enable_repo.yml vars: { repo_name: "ose-3.2", repo_enabled: 0 } # test with wrong repo enabled - - include: tasks/enable_repo.yml + - include_tasks: tasks/enable_repo.yml vars: { repo_name: "ose-3.3" } - action: openshift_health_check args: checks: [ 'package_version' ] always: # destroy the container whether check passed or not - - include: ../../teardown_container.yml + - include_tasks: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_version_multiple.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_version_multiple.yml index 88613802b..600bbe9c3 100644 --- a/test/integration/openshift_health_checker/preflight/playbooks/package_version_multiple.yml +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_version_multiple.yml @@ -1,5 +1,5 @@ --- -- include: ../../setup_container.yml +- import_playbook: ../../setup_container.yml vars: image: preflight-aos-package-checks l_host_vars: @@ -14,11 +14,11 @@ - block: # enable repo with extra minor version available - - include: tasks/enable_repo.yml + - include_tasks: tasks/enable_repo.yml vars: { repo_name: "ose-3.3" } # disable extras so we control docker version - - include: tasks/enable_repo.yml + - include_tasks: tasks/enable_repo.yml vars: { repo_file: "CentOS-Base", repo_name: "extras", repo_enabled: 0 } - action: openshift_health_check @@ -26,4 +26,4 @@ checks: [ 'package_version' ] always: # destroy the container whether check passed or not - - include: ../../teardown_container.yml + - include_tasks: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/preflight/playbooks/package_version_origin.yml b/test/integration/openshift_health_checker/preflight/playbooks/package_version_origin.yml index da3f6b844..079ca4253 100644 --- a/test/integration/openshift_health_checker/preflight/playbooks/package_version_origin.yml +++ b/test/integration/openshift_health_checker/preflight/playbooks/package_version_origin.yml @@ -1,5 +1,5 @@ --- -- include: ../../setup_container.yml +- import_playbook: ../../setup_container.yml vars: image: preflight-aos-package-checks l_host_vars: @@ -17,4 +17,4 @@ checks: [ 'package_version' ] always: # destroy the container whether check passed or not - - include: ../../teardown_container.yml + - include_tasks: ../../teardown_container.yml diff --git a/test/integration/openshift_health_checker/setup_container.yml b/test/integration/openshift_health_checker/setup_container.yml index e3459b376..0f0f8d366 100644 --- a/test/integration/openshift_health_checker/setup_container.yml +++ b/test/integration/openshift_health_checker/setup_container.yml @@ -46,16 +46,15 @@ - hosts: all tasks: - # run before openshift_version to prevent it breaking - - include: preflight/playbooks/tasks/enable_repo.yml + - include_tasks: preflight/playbooks/tasks/enable_repo.yml vars: { repo_name: "ose-3.2" } -- include: ../../../playbooks/init/main.yml +- import_playbook: ../../../playbooks/init/main.yml - hosts: all tasks: # put it back like it was for the tests - - include: preflight/playbooks/tasks/enable_repo.yml + - include_tasks: preflight/playbooks/tasks/enable_repo.yml vars: { repo_name: "ose-3.2", enabled: False } diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py index 1e2af2c61..dda8eb4c6 100644 --- a/utils/src/ooinstall/openshift_ansible.py +++ b/utils/src/ooinstall/openshift_ansible.py @@ -125,7 +125,6 @@ def write_inventory_vars(base_inventory, lb): base_inventory.write('openshift_override_hostname_check=true\n') if lb is not None: - base_inventory.write('openshift_master_cluster_method=native\n') base_inventory.write("openshift_master_cluster_hostname={}\n".format(lb.hostname)) base_inventory.write( "openshift_master_cluster_public_hostname={}\n".format(lb.public_hostname)) @@ -266,7 +265,6 @@ def default_facts(hosts, verbose=False): facts_env = os.environ.copy() facts_env["OO_INSTALL_CALLBACK_FACTS_YAML"] = CFG.settings['ansible_callback_facts_yaml'] facts_env["ANSIBLE_CALLBACK_PLUGINS"] = CFG.settings['ansible_plugins_directory'] - facts_env["OPENSHIFT_MASTER_CLUSTER_METHOD"] = 'native' if 'ansible_log_path' in CFG.settings: facts_env["ANSIBLE_LOG_PATH"] = CFG.settings['ansible_log_path'] if 'ansible_config' in CFG.settings: |