diff options
16 files changed, 291 insertions, 74 deletions
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 892c015c5..14880e54a 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -106,11 +106,11 @@ openshift_release=v1.2 #oreg_url=example.com/openshift3/ose-${component}:${version} # Origin copr repo -#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, gpgkey: 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}] +#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}] # Origin Fedora copr repo # Use this if you are installing on Fedora -#openshift_additional_repos=[{'id': 'fedora-openshift-origin-copr', 'name': 'OpenShift Origin COPR for Fedora', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/fedora-$releasever-$basearch/', 'enabled': 1, 'gpgcheck': 1, gpgkey: 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/pubkey.gpg'}] +#openshift_additional_repos=[{'id': 'fedora-openshift-origin-copr', 'name': 'OpenShift Origin COPR for Fedora', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/fedora-$releasever-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/pubkey.gpg'}] # htpasswd auth openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] @@ -405,7 +405,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot # be used with 1.0 and 3.0. -# openshift_use_dnsmasq=False +#openshift_use_dnsmasq=False +# Define an additional dnsmasq.conf file to deploy to /etc/dnsmasq.d/openshift-ansible.conf +# This is useful for POC environments where DNS may not actually be available yet. +#openshift_node_dnsmasq_additional_config_file=/home/bob/ose-dnsmasq.conf # Global Proxy Configuration # These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 6e6af3ea7..f19a5e592 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -400,7 +400,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot # be used with 1.0 and 3.0. -# openshift_use_dnsmasq=False +#openshift_use_dnsmasq=False +# Define an additional dnsmasq.conf file to deploy to /etc/dnsmasq.d/openshift-ansible.conf +# This is useful for POC environments where DNS may not actually be available yet. +#openshift_node_dnsmasq_additional_config_file=/home/bob/ose-dnsmasq.conf # Global Proxy Configuration # These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml index b44102abc..4cade9c61 100644 --- a/playbooks/common/openshift-cluster/initialize_facts.yml +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -1,6 +1,7 @@ --- - name: Initialize host facts hosts: oo_all_hosts + any_errors_fatal: true roles: - openshift_facts tasks: diff --git a/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh b/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh index 9a5ee2276..6b155f7fa 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh @@ -1,22 +1,22 @@ #!/bin/bash # Stop any running containers -running_container_count=`docker ps -q | wc -l` -if test $running_container_count -gt 0 +running_container_ids=`docker ps -q` +if test -n "$running_container_ids" then - docker stop $(docker ps -q) + docker stop $running_container_ids fi # Delete all containers -container_count=`docker ps -a -q | wc -l` -if test $container_count -gt 0 +container_ids=`docker ps -a -q` +if test -n "$container_ids" then - docker rm -f -v $(docker ps -a -q) + docker rm -f -v $container_ids fi # Delete all images (forcefully) -image_count=`docker images -q | wc -l` -if test $image_count -gt 0 +image_ids=`docker images -q` +if test -n "$image_ids" then # Taken from: https://gist.github.com/brianclements/f72b2de8e307c7b56689#gistcomment-1443144 docker rmi $(docker images | grep "$2/\|/$2 \| $2 \|$2 \|$2-\|$2_" | awk '{print $1 ":" $2}') 2>/dev/null || echo "No images matching \"$2\" left to purge." diff --git a/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh index a2a9579b5..8d7543f3c 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh @@ -1,7 +1,11 @@ #!/bin/bash - -installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | sort -r | tr '\n' ' ') -available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ') +if [ `which dnf 2> /dev/null` ]; then + installed=$(dnf repoquery --installed --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null) + installed=$(dnf repoquery --available --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null) +else + installed=$(repoquery --plugins --pkgnarrow=installed --qf '%{version}-%{release}' "${@}" 2> /dev/null) + available=$(repoquery --plugins --pkgnarrow=available --qf '%{version}-%{release}' "${@}" 2> /dev/null) +fi echo "---" echo "curr_version: ${installed}" diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 6cb3a954f..a95de8cf3 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -1,6 +1,7 @@ --- - name: Set etcd facts needed for generating certs hosts: oo_etcd_to_config + any_errors_fatal: true roles: - openshift_facts tasks: diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml index 606cdb9b9..f81f99e2b 100644 --- a/roles/docker/vars/main.yml +++ b/roles/docker/vars/main.yml @@ -1,3 +1,2 @@ --- -repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" udevw_udevd_dir: /etc/systemd/system/systemd-udevd.service.d diff --git a/roles/openshift_docker_facts/vars/main.yml b/roles/openshift_docker_facts/vars/main.yml index f7ad1b329..55c04b0c1 100644 --- a/roles/openshift_docker_facts/vars/main.yml +++ b/roles/openshift_docker_facts/vars/main.yml @@ -1,2 +1,2 @@ --- -repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" +repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" diff --git a/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json index 719aee772..d971e5e7a 100644 --- a/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json @@ -7,8 +7,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "ruby", - "creationTimestamp": null + "name": "ruby" }, "spec": { "tags": [ @@ -23,7 +22,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "2.2" + "name": "2.3" } }, { @@ -55,6 +54,21 @@ "kind": "DockerImage", "name": "centos/ruby-22-centos7:latest" } + }, + { + "name": "2.3", + "annotations": { + "description": "Build and run Ruby 2.3 applications", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.3,ruby", + "version": "2.3", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/ruby-23-centos7:latest" + } } ] } @@ -63,8 +77,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "nodejs", - "creationTimestamp": null + "name": "nodejs" }, "spec": { "tags": [ @@ -104,8 +117,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "perl", - "creationTimestamp": null + "name": "perl" }, "spec": { "tags": [ @@ -161,8 +173,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "php", - "creationTimestamp": null + "name": "php" }, "spec": { "tags": [ @@ -217,8 +228,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "python", - "creationTimestamp": null + "name": "python" }, "spec": { "tags": [ @@ -233,7 +243,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "3.4" + "name": "3.5" } }, { @@ -280,6 +290,21 @@ "kind": "DockerImage", "name": "centos/python-34-centos7:latest" } + }, + { + "name": "3.5", + "annotations": { + "description": "Build and run Python 3.5 applications", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:3.5,python", + "version": "3.5", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/python-35-centos7:latest" + } } ] } @@ -288,8 +313,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "wildfly", - "creationTimestamp": null + "name": "wildfly" }, "spec": { "tags": [ @@ -359,8 +383,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "mysql", - "creationTimestamp": null + "name": "mysql" }, "spec": { "tags": [ @@ -409,8 +432,43 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "postgresql", - "creationTimestamp": null + "name": "mariadb" + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "description": "Provides a MariaDB database", + "iconClass": "icon-mariadb", + "tags": "mariadb" + }, + "from": { + "kind": "ImageStreamTag", + "name": "10.1" + } + }, + { + "name": "10.1", + "annotations": { + "description": "Provides a MariaDB v10.1 database", + "iconClass": "icon-mariadb", + "tags": "mariadb", + "version": "10.1" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mariadb-101-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "postgresql" }, "spec": { "tags": [ @@ -423,7 +481,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "9.4" + "name": "9.5" } }, { @@ -451,6 +509,19 @@ "kind": "DockerImage", "name": "centos/postgresql-94-centos7:latest" } + }, + { + "name": "9.5", + "annotations": { + "description": "Provides a PostgreSQL v9.5 database", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.5" + }, + "from": { + "kind": "DockerImage", + "name": "centos/postgresql-95-centos7:latest" + } } ] } @@ -459,8 +530,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "mongodb", - "creationTimestamp": null + "name": "mongodb" }, "spec": { "tags": [ @@ -473,7 +543,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "2.6" + "name": "3.2" } }, { @@ -501,6 +571,19 @@ "kind": "DockerImage", "name": "centos/mongodb-26-centos7:latest" } + }, + { + "name": "3.2", + "annotations": { + "description": "Provides a MongoDB v3.2 database", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mongodb-32-centos7:latest" + } } ] } @@ -509,8 +592,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "jenkins", - "creationTimestamp": null + "name": "jenkins" }, "spec": { "tags": [ diff --git a/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-rhel7.json index 00635ec78..56c63263b 100644 --- a/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-rhel7.json +++ b/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-rhel7.json @@ -7,8 +7,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "ruby", - "creationTimestamp": null + "name": "ruby" }, "spec": { "tags": [ @@ -18,12 +17,12 @@ "description": "Build and run Ruby applications", "iconClass": "icon-ruby", "tags": "builder,ruby", - "supports": "ruby,ruby", + "supports": "ruby", "sampleRepo": "https://github.com/openshift/ruby-ex.git" }, "from": { "kind": "ImageStreamTag", - "name": "2.2" + "name": "2.3" } }, { @@ -55,6 +54,21 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/ruby-22-rhel7:latest" } + }, + { + "name": "2.3", + "annotations": { + "description": "Build and run Ruby 2.3 applications", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.3,ruby", + "version": "2.3", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/ruby-23-rhel7:latest" + } } ] } @@ -63,8 +77,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "nodejs", - "creationTimestamp": null + "name": "nodejs" }, "spec": { "tags": [ @@ -79,7 +92,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "0.10" + "name": "4" } }, { @@ -96,6 +109,21 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/openshift3/nodejs-010-rhel7:latest" } + }, + { + "name": "4", + "annotations": { + "description": "Build and run NodeJS 4.x applications", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs:4,nodejs", + "version": "4", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/nodejs-4-rhel7:latest" + } } ] } @@ -104,8 +132,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "perl", - "creationTimestamp": null + "name": "perl" }, "spec": { "tags": [ @@ -161,8 +188,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "php", - "creationTimestamp": null + "name": "php" }, "spec": { "tags": [ @@ -217,8 +243,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "python", - "creationTimestamp": null + "name": "python" }, "spec": { "tags": [ @@ -233,7 +258,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "3.4" + "name": "3.5" } }, { @@ -280,6 +305,21 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/python-34-rhel7:latest" } + }, + { + "name": "3.5", + "annotations": { + "description": "Build and run Python 3.5 applications", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:3.5,python", + "version": "3.5", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/python-35-rhel7:latest" + } } ] } @@ -288,8 +328,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "mysql", - "creationTimestamp": null + "name": "mysql" }, "spec": { "tags": [ @@ -338,8 +377,43 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "postgresql", - "creationTimestamp": null + "name": "mariadb" + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "description": "Provides a MariaDB database", + "iconClass": "icon-mariadb", + "tags": "mariadb" + }, + "from": { + "kind": "ImageStreamTag", + "name": "10.1" + } + }, + { + "name": "10.1", + "annotations": { + "description": "Provides a MariaDB v10.1 database", + "iconClass": "icon-mariadb", + "tags": "mariadb", + "version": "10.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mariadb-101-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "postgresql" }, "spec": { "tags": [ @@ -352,7 +426,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "9.4" + "name": "9.5" } }, { @@ -380,6 +454,19 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/postgresql-94-rhel7:latest" } + }, + { + "name": "9.5", + "annotations": { + "description": "Provides a PostgreSQL v9.5 database", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/postgresql-95-rhel7:latest" + } } ] } @@ -388,8 +475,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "mongodb", - "creationTimestamp": null + "name": "mongodb" }, "spec": { "tags": [ @@ -402,7 +488,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "2.6" + "name": "3.2" } }, { @@ -430,6 +516,19 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/mongodb-26-rhel7:latest" } + }, + { + "name": "3.2", + "annotations": { + "description": "Provides a MongoDB v3.2 database", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mongodb-32-rhel7:latest" + } } ] } @@ -438,8 +537,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "jenkins", - "creationTimestamp": null + "name": "jenkins" }, "spec": { "tags": [ diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 14a613786..8380714d4 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -9,3 +9,10 @@ state: yes persistent: yes when: ansible_selinux and ansible_selinux.status == "enabled" + +- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) + seboolean: + name: virt_sandbox_use_nfs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index 51a43d113..5a187710b 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -47,11 +47,14 @@ EOF # zero out our upstream servers list and feed it into dnsmasq echo -n > /etc/dnsmasq.d/origin-upstream-dns.conf for ns in ${IP4_NAMESERVERS}; do - echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf + if [[ ! -z $ns ]]; then + echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf + fi done systemctl restart dnsmasq - sed -i 's/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf + sed -i '0,/^nameserver/ s/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf + if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> /etc/resolv.conf fi diff --git a/roles/openshift_node_dnsmasq/handlers/main.yml b/roles/openshift_node_dnsmasq/handlers/main.yml index 7e9e4d299..7d43b6106 100644 --- a/roles/openshift_node_dnsmasq/handlers/main.yml +++ b/roles/openshift_node_dnsmasq/handlers/main.yml @@ -1,5 +1,10 @@ --- - name: restart NetworkManager - service: + service: name: NetworkManager state: restarted + +- name: restart dnsmasq + service: + name: dnsmasq + state: restarted diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml index 7147b78f5..bd9a0ffb6 100644 --- a/roles/openshift_node_dnsmasq/tasks/main.yml +++ b/roles/openshift_node_dnsmasq/tasks/main.yml @@ -17,6 +17,17 @@ template: src: origin-dns.conf.j2 dest: /etc/dnsmasq.d/origin-dns.conf + notify: restart dnsmasq + +- name: Deploy additional dnsmasq.conf + template: + src: "{{ openshift_node_dnsmasq_additional_config_file }}" + dest: /etc/dnsmasq.d/openshift-ansible.conf + owner: root + group: root + mode: 0644 + when: openshift_node_dnsmasq_additional_config_file is defined + notify: restart dnsmasq # Dynamic NetworkManager based dispatcher - include: ./network-manager.yml diff --git a/roles/os_firewall/library/os_firewall_manage_iptables.py b/roles/os_firewall/library/os_firewall_manage_iptables.py index 1cb539a8c..190016c14 100755 --- a/roles/os_firewall/library/os_firewall_manage_iptables.py +++ b/roles/os_firewall/library/os_firewall_manage_iptables.py @@ -37,14 +37,14 @@ class IpTablesSaveError(IpTablesError): class IpTablesCreateChainError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateChainError, self).__init__(msg, cmd, exit_code, output) self.chain = chain class IpTablesCreateJumpRuleError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateJumpRuleError, self).__init__(msg, cmd, exit_code, output) self.chain = chain @@ -152,11 +152,11 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes continue last_rule_target = rule[1] - # Naively assume that if the last row is a REJECT rule, then - # we can add insert our rule right before it, otherwise we + # Naively assume that if the last row is a REJECT or DROP rule, + # then we can insert our rule right before it, otherwise we # assume that we can just append the rule. if (last_rule_num and last_rule_target - and last_rule_target == 'REJECT'): + and last_rule_target in ['REJECT', 'DROP']): # insert rule cmd = self.cmd + ['-I', self.jump_rule_chain, str(last_rule_num)] diff --git a/roles/rhel_subscribe/tasks/enterprise.yml b/roles/rhel_subscribe/tasks/enterprise.yml index c4aa7db6a..8d11276d0 100644 --- a/roles/rhel_subscribe/tasks/enterprise.yml +++ b/roles/rhel_subscribe/tasks/enterprise.yml @@ -7,7 +7,7 @@ when: deployment_type == 'enterprise' - set_fact: - default_ose_version: '3.1' + default_ose_version: '3.2' when: deployment_type in ['atomic-enterprise', 'openshift-enterprise'] - set_fact: |