diff options
-rwxr-xr-x | bin/cluster | 11 | ||||
-rw-r--r-- | playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml | 6 | ||||
-rw-r--r-- | playbooks/common/openshift-cluster/redeploy-certificates.yml | 8 | ||||
-rw-r--r-- | playbooks/common/openshift-cluster/upgrades/upgrade.yml | 8 | ||||
-rw-r--r-- | playbooks/gce/openshift-cluster/tasks/launch_instances.yml | 2 | ||||
-rw-r--r-- | playbooks/openstack/openshift-cluster/dns.yml | 2 | ||||
-rw-r--r-- | playbooks/openstack/openshift-cluster/files/heat_stack.yaml | 87 | ||||
-rw-r--r-- | playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml | 29 | ||||
-rw-r--r-- | playbooks/openstack/openshift-cluster/files/user-data | 13 | ||||
-rw-r--r-- | roles/etcd/tasks/main.yml | 5 | ||||
-rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 12 | ||||
-rw-r--r-- | roles/openshift_manage_node/tasks/main.yml | 10 | ||||
-rw-r--r-- | roles/openshift_master/tasks/main.yml | 3 | ||||
-rw-r--r-- | roles/openshift_node/templates/node.yaml.v1.j2 | 2 |
14 files changed, 124 insertions, 74 deletions
diff --git a/bin/cluster b/bin/cluster index 080bf244a..92174954f 100755 --- a/bin/cluster +++ b/bin/cluster @@ -68,6 +68,15 @@ class Cluster(object): cluster['num_etcd'] = args.etcd cluster['cluster_env'] = args.env + if args.cloudprovider and args.provider == 'openstack': + cluster['openshift_cloudprovider_kind'] = 'openstack' + cluster['openshift_cloudprovider_openstack_auth_url'] = os.getenv('OS_AUTH_URL') + cluster['openshift_cloudprovider_openstack_username'] = os.getenv('OS_USERNAME') + cluster['openshift_cloudprovider_openstack_password'] = os.getenv('OS_PASSWORD') + cluster['openshift_cloudprovider_openstack_tenant_id'] = os.getenv('OS_PROJECT_ID',os.getenv('OS_TENANT_ID')) + cluster['openshift_cloudprovider_openstack_tenant_name'] = os.getenv('OS_PROJECT_NAME',os.getenv('OS_TENANT_NAME')) + cluster['openshift_cloudprovider_openstack_region'] = os.getenv('OS_REGION_NAME') + self.action(args, inventory, cluster, playbook) def add_nodes(self, args): @@ -332,6 +341,8 @@ This wrapper is overriding the following ansible variables: create_parser = action_parser.add_parser('create', help='Create a cluster', parents=[meta_parser]) + create_parser.add_argument('-c', '--cloudprovider', action='store_true', + help='Enable the cloudprovider') create_parser.add_argument('-m', '--masters', default=1, type=int, help='number of masters to create in cluster') create_parser.add_argument('-n', '--nodes', default=2, type=int, diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml index 3a285ab9f..1fa32570c 100644 --- a/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml @@ -25,13 +25,13 @@ tasks: - name: Prepare for Node evacuation command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=false + {{ openshift.common.admin_binary }} manage-node {{ openshift.node.nodename }} --schedulable=false delegate_to: "{{ groups.oo_first_master.0 }}" when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_config - name: Evacuate Node for Kubelet upgrade command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --evacuate --force + {{ openshift.common.admin_binary }} manage-node {{ openshift.node.nodename }} --evacuate --force delegate_to: "{{ groups.oo_first_master.0 }}" when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_config @@ -40,7 +40,7 @@ - name: Set node schedulability command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=true + {{ openshift.common.admin_binary }} manage-node {{ openshift.node.nodename }} --schedulable=true delegate_to: "{{ groups.oo_first_master.0 }}" when: openshift.node.schedulable | bool when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_config and openshift.node.schedulable | bool diff --git a/playbooks/common/openshift-cluster/redeploy-certificates.yml b/playbooks/common/openshift-cluster/redeploy-certificates.yml index 5b72c3450..4996c56a7 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates.yml @@ -212,7 +212,7 @@ - name: Determine if node is currently scheduleable command: > {{ openshift.common.client_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig - get node {{ openshift.common.hostname | lower }} -o json + get node {{ openshift.node.nodename }} -o json register: node_output when: openshift_certificates_redeploy_ca | default(false) | bool delegate_to: "{{ groups.oo_first_master.0 }}" @@ -225,7 +225,7 @@ - name: Prepare for node evacuation command: > {{ openshift.common.admin_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig - manage-node {{ openshift.common.hostname | lower }} + manage-node {{ openshift.node.nodename }} --schedulable=false delegate_to: "{{ groups.oo_first_master.0 }}" when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool @@ -233,7 +233,7 @@ - name: Evacuate node command: > {{ openshift.common.admin_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig - manage-node {{ openshift.common.hostname | lower }} + manage-node {{ openshift.node.nodename }} --evacuate --force delegate_to: "{{ groups.oo_first_master.0 }}" when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool @@ -241,7 +241,7 @@ - name: Set node schedulability command: > {{ openshift.common.admin_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig - manage-node {{ openshift.common.hostname | lower }} --schedulable=true + manage-node {{ openshift.node.nodename }} --schedulable=true delegate_to: "{{ groups.oo_first_master.0 }}" when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/upgrade.yml index ba4fc63be..8a2784fb4 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade.yml @@ -197,7 +197,7 @@ # we merge upgrade functionality into the base roles and a normal config.yml playbook run. - name: Determine if node is currently scheduleable command: > - {{ openshift.common.client_binary }} get node {{ openshift.common.hostname | lower }} -o json + {{ openshift.common.client_binary }} get node {{ openshift.node.nodename }} -o json register: node_output delegate_to: "{{ groups.oo_first_master.0 }}" changed_when: false @@ -209,13 +209,13 @@ - name: Mark unschedulable if host is a node command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=false + {{ openshift.common.admin_binary }} manage-node {{ openshift.node.nodename }} --schedulable=false delegate_to: "{{ groups.oo_first_master.0 }}" when: inventory_hostname in groups.oo_nodes_to_config - name: Evacuate Node for Kubelet upgrade command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --evacuate --force + {{ openshift.common.admin_binary }} manage-node {{ openshift.node.nodename }} --evacuate --force delegate_to: "{{ groups.oo_first_master.0 }}" when: inventory_hostname in groups.oo_nodes_to_config @@ -237,7 +237,7 @@ - name: Set node schedulability command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=true + {{ openshift.common.admin_binary }} manage-node {{ openshift.node.nodename }} --schedulable=true delegate_to: "{{ groups.oo_first_master.0 }}" when: inventory_hostname in groups.oo_nodes_to_config and was_schedulable | bool diff --git a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml index c5c479052..60cf21a5b 100644 --- a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml @@ -1,7 +1,7 @@ --- - name: Launch instance(s) gce: - instance_names: "{{ instances }}" + instance_names: "{{ instances|join(',') }}" machine_type: "{{ gce_machine_type | default(deployment_vars[deployment_type].machine_type, true) }}" image: "{{ gce_machine_image | default(deployment_vars[deployment_type].image, true) }}" service_account_email: "{{ lookup('env', 'gce_service_account_email_address') }}" diff --git a/playbooks/openstack/openshift-cluster/dns.yml b/playbooks/openstack/openshift-cluster/dns.yml index 285f8fa78..3ea0929bf 100644 --- a/playbooks/openstack/openshift-cluster/dns.yml +++ b/playbooks/openstack/openshift-cluster/dns.yml @@ -48,5 +48,5 @@ - { role: dns, dns_forwarders: "{{ openstack_network_dns }}", - dns_zones: [ novalocal, openstacklocal ], + dns_zones: [ example.com ], dns_all_hosts: "{{ g_all_hosts }}" } diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml index 458cf5ac7..461980ddd 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml @@ -637,41 +637,54 @@ resources: port_id: { get_resource: dns-port } dns-config: - type: OS::Heat::MultipartMime + type: OS::Heat::CloudConfig properties: - parts: - - config: - str_replace: - template: | - #cloud-config - disable_root: true - - system_info: - default_user: - name: openshift - sudo: ["ALL=(ALL) NOPASSWD: ALL"] - - write_files: - - path: /etc/sudoers.d/00-openshift-no-requiretty - permissions: 440 - content: | - Defaults:openshift !requiretty - - path: /etc/sysconfig/network-scripts/ifcfg-eth0 - content: | - DEVICE="eth0" - BOOTPROTO="dhcp" - DNS1="$dns1" - DNS2="$dns2" - PEERDNS="no" - ONBOOT="yes" - runcmd: - - [ "/usr/bin/systemctl", "restart", "network" ] - params: - $dns1: - get_param: - - dns_nameservers - - 0 - $dns2: - get_param: - - dns_nameservers - - 1 + cloud_config: + disable_root: true + + hostname: + str_replace: + template: cluster_id-dns + params: + cluster_id: { get_param: cluster_id } + fqdn: + str_replace: + template: cluster_id-dns.example.com + params: + cluster_id: { get_param: cluster_id } + + system_info: + default_user: + name: openshift + sudo: ["ALL=(ALL) NOPASSWD: ALL"] + + write_files: + - path: /etc/sudoers.d/00-openshift-no-requiretty + permissions: 440 + # content: Defaults:openshift !requiretty + # Encoded in base64 to be sure that we do not forget the trailing newline or + # sudo will not be able to parse that file + encoding: b64 + content: RGVmYXVsdHM6b3BlbnNoaWZ0ICFyZXF1aXJldHR5Cg== + - path: /etc/sysconfig/network-scripts/ifcfg-eth0 + content: + str_replace: + template: | + DEVICE="eth0" + BOOTPROTO="dhcp" + DNS1="$dns1" + DNS2="$dns2" + PEERDNS="no" + ONBOOT="yes" + params: + $dns1: + get_param: + - dns_nameservers + - 0 + $dns2: + get_param: + - dns_nameservers + - 1 + + runcmd: + - [ "/usr/bin/systemctl", "restart", "network" ] diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml index f83f2c984..ab6676afb 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml @@ -107,7 +107,7 @@ resources: flavor: { get_param: flavor } networks: - port: { get_resource: port } - user_data: { get_file: user-data } + user_data: { get_resource: config } user_data_format: RAW metadata: environment: { get_param: cluster_env } @@ -128,3 +128,30 @@ resources: properties: floating_network: { get_param: floating_network } port_id: { get_resource: port } + + config: + type: OS::Heat::CloudConfig + properties: + cloud_config: + disable_root: true + + hostname: { get_param: name } + fqdn: + str_replace: + template: name.example.com + params: + name: { get_param: name } + + system_info: + default_user: + name: openshift + sudo: ["ALL=(ALL) NOPASSWD: ALL"] + + write_files: + - path: /etc/sudoers.d/00-openshift-no-requiretty + permissions: 440 + # content: Defaults:openshift !requiretty + # Encoded in base64 to be sure that we do not forget the trailing newline or + # sudo will not be able to parse that file + encoding: b64 + content: RGVmYXVsdHM6b3BlbnNoaWZ0ICFyZXF1aXJldHR5Cg== diff --git a/playbooks/openstack/openshift-cluster/files/user-data b/playbooks/openstack/openshift-cluster/files/user-data deleted file mode 100644 index eb65f7cec..000000000 --- a/playbooks/openstack/openshift-cluster/files/user-data +++ /dev/null @@ -1,13 +0,0 @@ -#cloud-config -disable_root: true - -system_info: - default_user: - name: openshift - sudo: ["ALL=(ALL) NOPASSWD: ALL"] - -write_files: - - path: /etc/sudoers.d/00-openshift-no-requiretty - permissions: 440 - content: | - Defaults:openshift !requiretty diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index ba4136327..2bc6a8678 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -34,16 +34,17 @@ command: systemctl show etcd.service register: etcd_show changed_when: false + failed_when: false - name: Disable system etcd when containerized - when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout + when: etcd_is_containerized | bool and etcd_show.rc == 0 and 'LoadState=not-found' not in etcd_show.stdout service: name: etcd state: stopped enabled: no - name: Mask system etcd when containerized - when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout + when: etcd_is_containerized | bool and etcd_show.rc == 0 and 'LoadState=not-found' not in etcd_show.stdout command: systemctl mask etcd - name: Reload systemd units diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index b2d007ec9..e94cb0952 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -149,6 +149,7 @@ def hostname_valid(hostname): if (not hostname or hostname.startswith('localhost') or hostname.endswith('localdomain') or + hostname.endswith('novalocal') or len(hostname.split('.')) < 2): return False @@ -918,6 +919,14 @@ def set_sdn_facts_if_unset(facts, system_facts): return facts +def set_nodename(facts): + if 'node' in facts and 'common' in facts: + if 'cloudprovider' in facts and facts['cloudprovider']['kind'] == 'openstack': + facts['node']['nodename'] = facts['provider']['metadata']['hostname'].replace('.novalocal', '') + else: + facts['node']['nodename'] = facts['common']['hostname'].lower() + return facts + def migrate_oauth_template_facts(facts): """ Migrate an old oauth template fact to a newer format if it's present. @@ -1220,7 +1229,7 @@ def apply_provider_facts(facts, provider_facts): facts['common'][h_var] = choose_hostname( [provider_facts['network'].get(h_var)], - facts['common'][ip_var] + facts['common'][h_var] ) facts['provider'] = provider_facts @@ -1701,6 +1710,7 @@ class OpenShiftFacts(object): facts = set_proxy_facts(facts) if not safe_get_bool(facts['common']['is_containerized']): facts = set_installed_variant_rpm_facts(facts) + facts = set_nodename(facts) return dict(openshift=facts) def get_defaults(self, roles, deployment_type, deployment_subtype): diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index f45ade751..d1cc5b274 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -14,7 +14,7 @@ - name: Wait for Node Registration command: > - {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.common.hostname | lower }} + {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.node.nodename }} --config={{ openshift_manage_node_kubeconfig }} -n default register: omd_get_node @@ -26,19 +26,19 @@ - name: Set node schedulability command: > - {{ openshift.common.admin_binary }} manage-node {{ hostvars[item].openshift.common.hostname | lower }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }} + {{ openshift.common.admin_binary }} manage-node {{ hostvars[item].openshift.node.nodename }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }} --config={{ openshift_manage_node_kubeconfig }} -n default with_items: "{{ openshift_nodes }}" - when: hostvars[item].openshift.common.hostname is defined + when: hostvars[item].openshift.node.nodename is defined - name: Label nodes command: > - {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.common.hostname | lower }} {{ hostvars[item].openshift.node.labels | oo_combine_dict }} + {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.node.nodename }} {{ hostvars[item].openshift.node.labels | oo_combine_dict }} --config={{ openshift_manage_node_kubeconfig }} -n default with_items: "{{ openshift_nodes }}" - when: hostvars[item].openshift.common.hostname is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {} + when: hostvars[item].openshift.node.nodename is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {} - name: Delete temp directory file: diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index d8a4aa9bb..ce2f96723 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -178,13 +178,14 @@ command: systemctl show {{ openshift.common.service_type }}-master.service register: master_svc_show changed_when: false + failed_when: false - name: Stop and disable non-HA master when running HA service: name: "{{ openshift.common.service_type }}-master" enabled: no state: stopped - when: openshift_master_ha | bool and 'LoadState=not-found' not in master_svc_show.stdout + when: openshift_master_ha | bool and master_svc_show.rc == 0 and 'LoadState=not-found' not in master_svc_show.stdout - set_fact: master_service_status_changed: "{{ start_result | changed }}" diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 68d153052..9bcaf4d84 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -33,7 +33,7 @@ networkConfig: {% if openshift.node.set_node_ip | bool %} nodeIP: {{ openshift.common.ip }} {% endif %} -nodeName: {{ openshift.common.hostname | lower }} +nodeName: {{ openshift.node.nodename }} podManifestConfig: servingInfo: bindAddress: 0.0.0.0:10250 |