summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--filter_plugins/oo_filters.py30
-rw-r--r--inventory/byo/hosts.aep.example48
-rw-r--r--inventory/byo/hosts.origin.example48
-rw-r--r--inventory/byo/hosts.ose.example48
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml29
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml29
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml27
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml29
-rw-r--r--playbooks/common/openshift-cluster/config.yml2
-rw-r--r--playbooks/common/openshift-cluster/initialize_facts.yml7
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml3
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j21
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster1
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml1
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml3
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml1
-rw-r--r--playbooks/common/openshift-cluster/validate_hostnames.yml2
-rw-r--r--playbooks/common/openshift-node/config.yml23
-rw-r--r--roles/etcd_certificates/tasks/client.yml8
-rw-r--r--roles/etcd_certificates/tasks/server.yml12
-rw-r--r--roles/openshift_cli/meta/main.yml2
-rw-r--r--roles/openshift_common/meta/main.yml1
-rw-r--r--roles/openshift_docker/tasks/main.yml27
l---------roles/openshift_examples/files/examples/latest2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json12
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml28
-rw-r--r--roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json18
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json18
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json18
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json10
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json8
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json20
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json18
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py31
-rw-r--r--roles/openshift_facts/tasks/main.yml4
-rw-r--r--roles/openshift_manageiq/tasks/main.yaml10
-rw-r--r--roles/openshift_manageiq/vars/main.yml3
-rw-r--r--roles/openshift_master/defaults/main.yml36
-rw-r--r--roles/openshift_master/meta/main.yml22
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master.j26
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j22
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j26
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j26
-rw-r--r--roles/openshift_master_facts/tasks/main.yml1
-rw-r--r--roles/openshift_node/handlers/main.yml7
-rw-r--r--roles/openshift_node/meta/main.yml1
-rw-r--r--roles/openshift_node/tasks/main.yml11
-rw-r--r--roles/openshift_node/tasks/systemd_units.yml2
-rwxr-xr-xroles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh17
-rw-r--r--utils/src/ooinstall/openshift_ansible.py10
61 files changed, 507 insertions, 221 deletions
diff --git a/.gitignore b/.gitignore
index 626065fe1..dcea26d60 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,4 @@ multi_inventory.yaml
.vagrant
.tags*
ansible.cfg
+*.retry
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index 402103b09..e7409bf22 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -732,21 +732,22 @@ class FilterModule(object):
if 'hosted' in hostvars['openshift']:
for component in hostvars['openshift']['hosted']:
if 'storage' in hostvars['openshift']['hosted'][component]:
- kind = hostvars['openshift']['hosted'][component]['storage']['kind']
- create_pv = hostvars['openshift']['hosted'][component]['storage']['create_pv']
+ params = hostvars['openshift']['hosted'][component]['storage']
+ kind = params['kind']
+ create_pv = params['create_pv']
if kind != None and create_pv:
if kind == 'nfs':
- host = hostvars['openshift']['hosted'][component]['storage']['host']
+ host = params['host']
if host == None:
if len(groups['oo_nfs_to_config']) > 0:
host = groups['oo_nfs_to_config'][0]
else:
raise errors.AnsibleFilterError("|failed no storage host detected")
- directory = hostvars['openshift']['hosted'][component]['storage']['nfs']['directory']
- volume = hostvars['openshift']['hosted'][component]['storage']['volume']['name']
+ directory = params['nfs']['directory']
+ volume = params['volume']['name']
path = directory + '/' + volume
- size = hostvars['openshift']['hosted'][component]['storage']['volume']['size']
- access_modes = hostvars['openshift']['hosted'][component]['storage']['access_modes']
+ size = params['volume']['size']
+ access_modes = params['access_modes']
persistent_volume = dict(
name="{0}-volume".format(volume),
capacity=size,
@@ -756,6 +757,21 @@ class FilterModule(object):
server=host,
path=path)))
persistent_volumes.append(persistent_volume)
+ elif kind == 'openstack':
+ volume = params['volume']['name']
+ size = params['volume']['size']
+ access_modes = params['access_modes']
+ filesystem = params['openstack']['filesystem']
+ volume_id = params['openstack']['volumeID']
+ persistent_volume = dict(
+ name="{0}-volume".format(volume),
+ capacity=size,
+ access_modes=access_modes,
+ storage=dict(
+ cinder=dict(
+ fsType=filesystem,
+ volumeID=volume_id)))
+ persistent_volumes.append(persistent_volume)
else:
msg = "|failed invalid storage kind '{0}' for component '{1}'".format(
kind,
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example
index c18a423bf..c31d39d59 100644
--- a/inventory/byo/hosts.aep.example
+++ b/inventory/byo/hosts.aep.example
@@ -187,6 +187,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Override the default pod eviction timeout
#openshift_master_pod_eviction_timeout=5m
+# Override the default oauth tokenConfig settings:
+# openshift_master_access_token_max_seconds=86400
+# openshift_master_auth_token_max_seconds=500
+
+# Override master servingInfo.maxRequestsInFlight
+#openshift_master_max_requests_inflight=500
+
# default storage plugin dependencies to install, by default the ceph and
# glusterfs plugin dependencies will be installed, if available.
#osn_storage_plugin_deps=['ceph','glusterfs','iscsi']
@@ -308,9 +315,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
##
## Storage Kind
## Specifies which storage kind will be used for the registry.
-## "nfs" is the only supported kind at this time.
+## "nfs" and "openstack" are supported kinds at this time.
##openshift_hosted_registry_storage_kind=nfs
##
+## Persistent Volume Access Mode
+## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce'
+##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+##
+## Registry Volume Name
+## Specify the storage volume name. This directory will be created
+## within openshift_hosted_registry_storage_nfs_directory if
+## specifying an [nfs] group. Ex. /exports/registry
+## This variable must be supplied if using a pre-existing nfs server.
+##openshift_hosted_registry_storage_volume_name=registry
+##
+## NFS Specific Options
+##
## Storage Host
## This variable can be used to identify a pre-existing storage host
## if a storage host group corresponding to the storage kind (such as
@@ -326,18 +346,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
## This variable must be supplied if using a pre-existing nfs server.
##openshift_hosted_registry_storage_nfs_directory=/exports
##
-## Registry Volume Name
-## Specify the storage volume name. This directory will be created
-## within openshift_hosted_registry_storage_nfs_directory if
-## specifying an [nfs] group. Ex. /exports/registry
-## This variable must be supplied if using a pre-existing nfs server.
-##openshift_hosted_registry_storage_volume_name=registry
+## Openstack Specific Options
##
-## Persistent Volume Access Mode
-##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+## Openstack Volume ID
+## Specify the identifier of the volume to use for the registry.
+## At this time, the volume has to be created manually by the administrator.
+##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57
+##
+## Openstack Volume Size
+##openshift_hosted_registry_storage_volume_size=10Gi
+##
+## Openstack Volume Filesystem
+## Specify the filesystem that will be used when formatting the volume
+##openshift_hosted_registry_storage_openstack_filesystem=ext4
# Configure node kubelet arguments
-#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
+#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
# Configure logrotate scripts
# See: https://github.com/nickhammond/ansible-logrotate
@@ -365,9 +389,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#
# Most environments don't require a proxy between openshift masters, nodes, and
# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list.
-# If all of your hosts share a common domain you may wish to disable this and
+# If all of your hosts share a common domain you may wish to disable this and
# specify that domain above.
-#openshift_generate_no_proxy_hosts: True
+#openshift_generate_no_proxy_hosts=True
#
# These options configure the BuildDefaults admission controller which injects
# environment variables into Builds. These values will default to their
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index 28298d940..3a7842a33 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -192,6 +192,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Override the default pod eviction timeout
#openshift_master_pod_eviction_timeout=5m
+# Override the default oauth tokenConfig settings:
+# openshift_master_access_token_max_seconds=86400
+# openshift_master_auth_token_max_seconds=500
+
+# Override master servingInfo.maxRequestsInFlight
+#openshift_master_max_requests_inflight=500
+
# default storage plugin dependencies to install, by default the ceph and
# glusterfs plugin dependencies will be installed, if available.
#osn_storage_plugin_deps=['ceph','glusterfs','iscsi']
@@ -313,9 +320,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
##
## Storage Kind
## Specifies which storage kind will be used for the registry.
-## nfs is the only supported kind at this time.
+## "nfs" and "openstack" are supported kinds at this time.
##openshift_hosted_registry_storage_kind=nfs
##
+## Persistent Volume Access Mode
+## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce'
+##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+##
+## Registry Volume Name
+## Specify the storage volume name. This directory will be created
+## within openshift_hosted_registry_storage_nfs_directory if
+## specifying an [nfs] group. Ex. /exports/registry
+## This variable must be supplied if using a pre-existing nfs server.
+##openshift_hosted_registry_storage_volume_name=registry
+##
+## NFS Specific Options
+##
## Storage Host
## This variable can be used to identify a pre-existing storage host
## if a storage host group corresponding to the storage kind (such as
@@ -331,18 +351,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
## This variable must be supplied if using a pre-existing nfs server.
##openshift_hosted_registry_storage_nfs_directory=/exports
##
-## Registry Volume Name
-## Specify the storage volume name. This directory will be created
-## within openshift_hosted_registry_storage_nfs_directory if
-## specifying an [nfs] group. Ex: /exports/registry
-## This variable must be supplied if using a pre-existing nfs server.
-##openshift_hosted_registry_storage_volume_name=registry
+## Openstack Specific Options
##
-## Persistent Volume Access Mode
-##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+## Openstack Volume ID
+## Specify the identifier of the volume to use for the registry.
+## At this time, the volume has to be created manually by the administrator.
+##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57
+##
+## Openstack Volume Size
+##openshift_hosted_registry_storage_volume_size=10Gi
+##
+## Openstack Volume Filesystem
+## Specify the filesystem that will be used when formatting the volume
+##openshift_hosted_registry_storage_openstack_filesystem=ext4
# Configure node kubelet arguments
-#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
+#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
# Configure logrotate scripts
# See: https://github.com/nickhammond/ansible-logrotate
@@ -370,9 +394,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#
# Most environments don't require a proxy between openshift masters, nodes, and
# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list.
-# If all of your hosts share a common domain you may wish to disable this and
+# If all of your hosts share a common domain you may wish to disable this and
# specify that domain above.
-#openshift_generate_no_proxy_hosts: True
+#openshift_generate_no_proxy_hosts=True
#
# These options configure the BuildDefaults admission controller which injects
# environment variables into Builds. These values will default to their
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index 38adfe572..cb46c352e 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -188,6 +188,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Override the default pod eviction timeout
#openshift_master_pod_eviction_timeout=5m
+# Override the default oauth tokenConfig settings:
+# openshift_master_access_token_max_seconds=86400
+# openshift_master_auth_token_max_seconds=500
+
+# Override master servingInfo.maxRequestsInFlight
+#openshift_master_max_requests_inflight=500
+
# default storage plugin dependencies to install, by default the ceph and
# glusterfs plugin dependencies will be installed, if available.
#osn_storage_plugin_deps=['ceph','glusterfs']
@@ -309,9 +316,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
##
## Storage Kind
## Specifies which storage kind will be used for the registry.
-## "nfs" is the only supported kind at this time.
+## "nfs" and "openstack" are supported kinds at this time.
##openshift_hosted_registry_storage_kind=nfs
##
+## Persistent Volume Access Mode
+## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce'
+##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+##
+## Registry Volume Name
+## Specify the storage volume name. This directory will be created
+## within openshift_hosted_registry_storage_nfs_directory if
+## specifying an [nfs] group. Ex. /exports/registry
+## This variable must be supplied if using a pre-existing nfs server.
+##openshift_hosted_registry_storage_volume_name=registry
+##
+## NFS Specific Options
+##
## Storage Host
## This variable can be used to identify a pre-existing storage host
## if a storage host group corresponding to the storage kind (such as
@@ -327,18 +347,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
## This variable must be supplied if using a pre-existing nfs server.
##openshift_hosted_registry_storage_nfs_directory=/exports
##
-## Registry Volume Name
-## Specify the storage volume name. This directory will be created
-## within openshift_hosted_registry_storage_nfs_directory if
-## specifying an [nfs] group Ex: /exports/registry
-## This variable must be supplied if using a pre-existing nfs server.
-##openshift_hosted_registry_storage_volume_name=registry
+## Openstack Specific Options
##
-## Persistent Volume Access Mode
-##openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
+## Openstack Volume ID
+## Specify the identifier of the volume to use for the registry.
+## At this time, the volume has to be created manually by the administrator.
+##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57
+##
+## Openstack Volume Size
+##openshift_hosted_registry_storage_volume_size=10Gi
+##
+## Openstack Volume Filesystem
+## Specify the filesystem that will be used when formatting the volume
+##openshift_hosted_registry_storage_openstack_filesystem=ext4
# Configure node kubelet arguments
-#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
+#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
# Configure logrotate scripts
# See: https://github.com/nickhammond/ansible-logrotate
@@ -366,9 +390,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#
# Most environments don't require a proxy between openshift masters, nodes, and
# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list.
-# If all of your hosts share a common domain you may wish to disable this and
+# If all of your hosts share a common domain you may wish to disable this and
# specify that domain above.
-#openshift_generate_no_proxy_hosts: True
+#openshift_generate_no_proxy_hosts=True
#
# These options configure the BuildDefaults admission controller which injects
# environment variables into Builds. These values will default to their
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
index 628a07752..59d275d52 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
@@ -1,13 +1,28 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0
+ fail:
+ msg: "Unsupported ansible version: {{ ansible_version }} found."
+ when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge')
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: "{{ g_all_hosts }}"
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../../../common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
- vars_files:
- - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}"
vars:
- g_etcd_hosts: "{{ groups.etcd | default([]) }}"
- g_master_hosts: "{{ groups.masters | default([]) }}"
+ # Do not allow adding hosts during upgrade.
g_new_master_hosts: []
- g_nfs_hosts: "{{ groups.nfs | default([]) }}"
- g_node_hosts: "{{ groups.nodes | default([]) }}"
- g_lb_hosts: "{{ groups.lb | default([]) }}"
+ g_new_node_hosts: []
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_deployment_type: "{{ deployment_type }}"
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
index 8fadd2ce7..239da4df0 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
@@ -1,13 +1,28 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0
+ fail:
+ msg: "Unsupported ansible version: {{ ansible_version }} found."
+ when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge')
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: "{{ g_all_hosts }}"
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
- vars_files:
- - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}"
vars:
- g_etcd_hosts: "{{ groups.etcd | default([]) }}"
- g_master_hosts: "{{ groups.masters | default([]) }}"
+ # Do not allow adding hosts during upgrade.
g_new_master_hosts: []
- g_nfs_hosts: "{{ groups.nfs | default([]) }}"
- g_node_hosts: "{{ groups.nodes | default([]) }}"
- g_lb_hosts: "{{ groups.lb | default([]) }}"
+ g_new_node_hosts: []
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_deployment_type: "{{ deployment_type }}"
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
index 42078584b..9363442aa 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
@@ -1,12 +1,29 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0
+ fail:
+ msg: "Unsupported ansible version: {{ ansible_version }} found."
+ when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge')
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: "{{ g_all_hosts }}"
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../../../common/openshift-cluster/evaluate_groups.yml
vars:
- g_etcd_hosts: "{{ groups.etcd | default([]) }}"
- g_master_hosts: "{{ groups.masters | default([]) }}"
+ # Do not allow adding hosts during upgrade.
g_new_master_hosts: []
- g_nfs_hosts: "{{ groups.nfs | default([]) }}"
- g_node_hosts: "{{ groups.nodes | default([]) }}"
- g_lb_hosts: "{{ groups.lb | default([]) }}"
+ g_new_node_hosts: []
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_deployment_type: "{{ deployment_type }}"
- include: ../../../../common/openshift-cluster/upgrades/v3_1_minor/pre.yml
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
index a929e4a6a..24617620b 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
@@ -1,14 +1,29 @@
---
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0
+ fail:
+ msg: "Unsupported ansible version: {{ ansible_version }} found."
+ when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge')
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: g_all_hosts | default([])
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+
- include: ../../../../common/openshift-cluster/evaluate_groups.yml
vars:
- g_etcd_hosts: "{{ groups.etcd | default([]) }}"
- g_master_hosts: "{{ groups.masters | default([]) }}"
+ # Do not allow adding hosts during upgrade.
g_new_master_hosts: []
- g_nfs_hosts: "{{ groups.nfs | default([]) }}"
- g_node_hosts: "{{ groups.nodes | default([]) }}"
- g_lb_hosts: "{{ groups.lb | default([]) }}"
- g_all_hosts: "{{ groups.masters | default([]) | union(groups.nodes | default([])) | union(groups.etcd | default([]))
- | union(groups.lb | default([])) | union(groups.nfs | default([])) }}"
+ g_new_node_hosts: []
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_deployment_type: "{{ deployment_type }}"
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 99b36098a..903babc45 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -1,6 +1,8 @@
---
- include: evaluate_groups.yml
+- include: initialize_facts.yml
+
- include: validate_hostnames.yml
- name: Set oo_options
diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml
new file mode 100644
index 000000000..9a844e216
--- /dev/null
+++ b/playbooks/common/openshift-cluster/initialize_facts.yml
@@ -0,0 +1,7 @@
+---
+- name: Initialize host facts
+ hosts: OSEv3
+ roles:
+ - openshift_facts
+ tasks:
+ - openshift_facts:
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
index 51b108f6a..5b2bf9f93 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml
@@ -36,7 +36,8 @@
- name: Ensure AOS 3.0.2 or Origin 1.0.6
hosts: oo_first_master
tasks:
- fail: This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later
+ - fail:
+ msg: "This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later"
when: _new_version.stdout | version_compare('1.0.6','<') or ( _new_version.stdout | version_compare('3.0','>=' and _new_version.stdout | version_compare('3.0.2','<') )
- name: Update cluster policy
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2
new file mode 120000
index 000000000..cf20e8959
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2
@@ -0,0 +1 @@
+../../../../../roles/openshift_master/templates/atomic-openshift-master.j2 \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker
new file mode 120000
index 000000000..5a3dd12b3
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker
@@ -0,0 +1 @@
+../../../../../roles/openshift_master/templates/docker \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster
new file mode 120000
index 000000000..3ee319365
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster
@@ -0,0 +1 @@
+../../../../../roles/openshift_master/templates/docker-cluster \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster
new file mode 120000
index 000000000..f44f8eb4f
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster
@@ -0,0 +1 @@
+../../../../../roles/openshift_master/templates/native-cluster \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml
index 3fd97ac14..12e2edfb9 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml
@@ -10,6 +10,7 @@
router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', 'v' + g_new_version ) }}"
oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig"
roles:
+ - openshift_manageiq
# Create the new templates shipped in 3.2, existing templates are left
# unmodified. This prevents the subsequent role definition for
# openshift_examples from failing when trying to replace templates that do
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml
index 02d9e3332..dd9843290 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml
@@ -101,6 +101,7 @@
vars:
target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}"
openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
+ upgrading: True
handlers:
- include: ../../../../../roles/openshift_master/handlers/main.yml
- include: ../../../../../roles/openshift_node/handlers/main.yml
@@ -109,7 +110,7 @@
# are modified to use the correct image tag. However, this can trigger a
# docker restart if new configuration is laid down which would immediately
# pull the latest image and defeat the purpose of these tasks.
- - openshift_cli
+ - { role: openshift_cli }
pre_tasks:
- name: Clean package cache
command: "{{ ansible_pkg_mgr }} clean all"
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
index 3d8e43f08..a2d88341a 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
@@ -131,6 +131,7 @@
origin_reconcile_bindings: "{{ deployment_type == 'origin' and g_new_version | version_compare('1.0.6', '>') }}"
ent_reconcile_bindings: true
openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
+ upgrading: True
tasks:
- name: Verifying the correct commandline tools are available
shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}}
diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml
index 0f562e019..50e25984f 100644
--- a/playbooks/common/openshift-cluster/validate_hostnames.yml
+++ b/playbooks/common/openshift-cluster/validate_hostnames.yml
@@ -1,6 +1,4 @@
---
-- include: evaluate_groups.yml
-
- name: Gather and set facts for node hosts
hosts: oo_nodes_to_config
roles:
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index cba99a740..a41fca45a 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -140,15 +140,15 @@
register: g_external_etcd_flannel_cert_stat_result
when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
- set_fact:
- etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results
+ etcd_client_flannel_certs_missing: "{{ False in g_external_etcd_flannel_cert_stat_result.results
| oo_collect(attribute='stat.exists')
- | list | intersect([false])}}"
+ | list }}"
etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }}
etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
etcd_cert_prefix: node.etcd-
etcd_hostname: "{{ openshift.common.hostname }}"
etcd_ip: "{{ openshift.common.ip }}"
- when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
+ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config | length > 0 and (openshift.common.use_flannel | bool)
- name: Configure flannel etcd certificates
hosts: oo_first_etcd
@@ -158,9 +158,8 @@
pre_tasks:
- set_fact:
etcd_needing_client_certs: "{{ hostvars
- | oo_select_keys(groups['oo_nodes_to_config'])
- | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ | oo_select_keys(groups['oo_nodes_to_config'])
+ | oo_filter_list('etcd_client_flannel_certs_missing') | default([]) }}"
roles:
- role: openshift_etcd_certificates
when: openshift_use_flannel | default(false) | bool
@@ -171,8 +170,7 @@
-C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
args:
creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ with_items: etcd_needing_client_certs | default([])
- name: Retrieve the etcd cert tarballs
fetch:
src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
@@ -180,8 +178,7 @@
flat: yes
fail_on_missing: yes
validate_checksum: yes
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ with_items: etcd_needing_client_certs | default([])
- name: Copy the external etcd flannel certs to the nodes
hosts: oo_nodes_to_config
@@ -192,12 +189,12 @@
file:
path: "{{ openshift.common.config_base }}/node"
state: directory
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ when: etcd_client_flannel_certs_missing | default(false) | bool
- name: Unarchive the tarball on the master
unarchive:
src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
dest: "{{ etcd_cert_config_dir }}"
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ when: etcd_client_flannel_certs_missing | default(false) | bool
- file:
path: "{{ etcd_cert_config_dir }}/{{ item }}"
owner: root
@@ -207,7 +204,7 @@
- node.etcd-client.crt
- node.etcd-client.key
- node.etcd-ca.crt
- when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
+ when: etcd_client_flannel_certs_missing | default(false) | bool
- name: Additional node config
diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml
index b497a46c0..a9f130bb9 100644
--- a/roles/etcd_certificates/tasks/client.yml
+++ b/roles/etcd_certificates/tasks/client.yml
@@ -4,7 +4,7 @@
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
- name: Create the client csr
command: >
@@ -19,7 +19,7 @@
~ item.etcd_cert_prefix ~ 'client.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
- name: Sign and create the client crt
command: >
@@ -33,10 +33,10 @@
~ item.etcd_cert_prefix ~ 'client.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
+ with_items: etcd_needing_client_certs | default([])
diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml
index 934b8b805..223917ccd 100644
--- a/roles/etcd_certificates/tasks/server.yml
+++ b/roles/etcd_certificates/tasks/server.yml
@@ -4,7 +4,7 @@
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Create the server csr
command: >
@@ -19,7 +19,7 @@
~ item.etcd_cert_prefix ~ 'server.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Sign and create the server crt
command: >
@@ -33,7 +33,7 @@
~ item.etcd_cert_prefix ~ 'server.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Create the peer csr
command: >
@@ -48,7 +48,7 @@
~ item.etcd_cert_prefix ~ 'peer.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- name: Sign and create the peer crt
command: >
@@ -62,10 +62,10 @@
~ item.etcd_cert_prefix ~ 'peer.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
+ with_items: etcd_needing_server_certs | default([])
diff --git a/roles/openshift_cli/meta/main.yml b/roles/openshift_cli/meta/main.yml
index 223cb768d..b97a1a277 100644
--- a/roles/openshift_cli/meta/main.yml
+++ b/roles/openshift_cli/meta/main.yml
@@ -12,6 +12,6 @@ galaxy_info:
categories:
- cloud
dependencies:
-- role: openshift_docker
+- { role: openshift_docker, upgrading: "{{ upgrading | default(False) }}" }
- role: openshift_common
- role: openshift_cli_facts
diff --git a/roles/openshift_common/meta/main.yml b/roles/openshift_common/meta/main.yml
index 02150406d..f1cf3e161 100644
--- a/roles/openshift_common/meta/main.yml
+++ b/roles/openshift_common/meta/main.yml
@@ -12,6 +12,5 @@ galaxy_info:
categories:
- cloud
dependencies:
-- role: os_firewall
- role: openshift_facts
- role: openshift_repos
diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml
index 10f47f9b2..5d5174ec9 100644
--- a/roles/openshift_docker/tasks/main.yml
+++ b/roles/openshift_docker/tasks/main.yml
@@ -2,20 +2,37 @@
# It's important that we don't explicitly pull this image here. Otherwise we
# could result in upgrading a preinstalled environment. We'll have to set
# openshift_image_tag correctly for upgrades.
+
+- set_fact:
+ upgrading: False
+ when: upgrading is not defined
+
+- set_fact:
+ is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}"
+ # Does the host already have an image tag fact, used to determine if it's a new node
+ # in non-upgrade scenarios:
+ has_image_tag_fact: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag is defined }}"
+
- name: Set version when containerized
command: >
docker run --rm {{ openshift.common.cli_image }} version
register: cli_image_version
- when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is not defined
+ when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool)
+
+# Use the pre-existing image tag from system facts if present, and we're not upgrading.
+# Ignores explicit openshift_image_tag if it's in the inventory, as this isn't an upgrade.
+- set_fact:
+ l_image_tag: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag }}"
+ when: is_containerized | bool and not upgrading | bool and has_image_tag_fact | bool
- set_fact:
l_image_tag: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-') if openshift.common.deployment_type == 'origin' else
cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0] }}"
- when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is not defined
+ when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool)
- set_fact:
l_image_tag: "{{ openshift_image_tag }}"
- when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is defined
+ when: is_containerized | bool and openshift_image_tag is defined and (upgrading | bool or not has_image_tag_fact | bool)
- name: Set post docker install facts
openshift_facts:
@@ -25,5 +42,5 @@
- role: docker
local_facts:
openshift_image_tag: "{{ l_image_tag | default(None) }}"
- openshift_version: "{{ l_image_tag.split('-')[0] if l_image_tag is defined else '' | oo_image_tag_to_rpm_version }}"
- when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool
+ openshift_version: "{{ l_image_tag.split('-')[0] | oo_image_tag_to_rpm_version if l_image_tag is defined else '' }}"
+ when: is_containerized | bool
diff --git a/roles/openshift_examples/files/examples/latest b/roles/openshift_examples/files/examples/latest
index 634650e09..f7e713306 120000
--- a/roles/openshift_examples/files/examples/latest
+++ b/roles/openshift_examples/files/examples/latest
@@ -1 +1 @@
-v1.1 \ No newline at end of file
+v1.2 \ No newline at end of file
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json
index 227c8d30e..0e618624b 100644
--- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json
@@ -54,7 +54,7 @@
{
"type": "ImageChange",
"imageChangeParams": {
- "automatic": false,
+ "automatic": true,
"containerNames": [
"mongodb"
],
@@ -96,7 +96,7 @@
"timeoutSeconds": 1,
"initialDelaySeconds": 3,
"exec": {
- "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p $MONGODB_ADMIN_PASSWORD -n 1 --noheaders"]
+ "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""]
}
},
"livenessProbe": {
@@ -125,10 +125,10 @@
}
],
"resources": {
- "limits": {
- "memory": "${MEMORY_LIMIT}"
- }
- },
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
+ },
"volumeMounts": [
{
"name": "${DATABASE_SERVICE_NAME}-data",
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json
index 70c906f8e..07290b1ea 100644
--- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json
@@ -113,7 +113,7 @@
"timeoutSeconds": 1,
"initialDelaySeconds": 3,
"exec": {
- "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p $MONGODB_ADMIN_PASSWORD -n 1 --noheaders"]
+ "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""]
}
},
"livenessProbe": {
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json
index f4c118052..1457d288c 100644
--- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json
@@ -54,7 +54,7 @@
{
"type": "ImageChange",
"imageChangeParams": {
- "automatic": false,
+ "automatic": true,
"containerNames": [
"mysql"
],
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json
index c14f3c3df..39a71f25c 100644
--- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json
@@ -54,7 +54,7 @@
{
"type": "ImageChange",
"imageChangeParams": {
- "automatic": false,
+ "automatic": true,
"containerNames": [
"postgresql"
],
diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml
index cc33f77d8..fd5841db7 100644
--- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml
+++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml
@@ -105,6 +105,10 @@ items:
value: ${IMAGE_PREFIX}
- name: IMAGE_VERSION
value: ${IMAGE_VERSION}
+ - name: IMAGE_PULL_SECRET
+ value: ${IMAGE_PULL_SECRET}
+ - name: INSECURE_REGISTRY
+ value: ${INSECURE_REGISTRY}
- name: ENABLE_OPS_CLUSTER
value: ${ENABLE_OPS_CLUSTER}
- name: KIBANA_HOSTNAME
@@ -174,14 +178,6 @@ items:
secretName: logging-deployer
parameters:
-
- description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"'
- name: IMAGE_PREFIX
- value: "docker.io/openshift/origin-"
- -
- description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"'
- name: IMAGE_VERSION
- value: "latest"
- -
description: "If true, set up to use a second ES cluster for ops logs."
name: ENABLE_OPS_CLUSTER
value: "false"
@@ -288,3 +284,19 @@ items:
description: "The mode that the deployer runs in."
name: MODE
value: "install"
+ -
+ description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"'
+ name: IMAGE_PREFIX
+ value: "docker.io/openshift/origin-"
+ -
+ description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"'
+ name: IMAGE_VERSION
+ value: "latest"
+ -
+ description: 'Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry.'
+ name: IMAGE_PULL_SECRET
+ -
+ description: 'Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)'
+ name: INSECURE_REGISTRY
+ value: "false"
+
diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml
index c620c46ec..8fb594ce8 100644
--- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml
+++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml
@@ -91,7 +91,7 @@ parameters:
-
description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"'
name: IMAGE_VERSION
- value: "v0.1.0"
+ value: "latest"
-
description: "Internal URL for the master, for authentication retrieval"
name: MASTER_URL
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json
index 922e5bed8..370b8c764 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json
@@ -166,7 +166,7 @@
"containers": [
{
"name": "cakephp-mysql-example",
- "image": "cakephp-mysql-example",
+ "image": " ",
"ports": [
{
"containerPort": 8080
@@ -276,7 +276,7 @@
{
"type": "ImageChange",
"imageChangeParams": {
- "automatic": false,
+ "automatic": true,
"containerNames": [
"mysql"
],
@@ -303,15 +303,27 @@
}
},
"spec": {
+ "volumes": [
+ {
+ "name": "data",
+ "emptyDir": {}
+ }
+ ],
"containers": [
{
"name": "mysql",
- "image": "mysql",
+ "image": " ",
"ports": [
{
"containerPort": 3306
}
],
+ "volumeMounts": [
+ {
+ "name": "data",
+ "mountPath": "/var/lib/mysql/data"
+ }
+ ],
"readinessProbe": {
"timeoutSeconds": 1,
"initialDelaySeconds": 5,
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json
index 780faec55..dbf570f1f 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json
@@ -155,7 +155,7 @@
"containers": [
{
"name": "cakephp-example",
- "image": "cakephp-example",
+ "image": " ",
"ports": [
{
"containerPort": 8080
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json
index c0fc02ae4..3b738480d 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json
@@ -152,7 +152,7 @@
"containers": [
{
"name": "dancer-mysql-example",
- "image": "dancer-mysql-example",
+ "image": " ",
"ports": [
{
"containerPort": 8080
@@ -250,7 +250,7 @@
{
"type": "ImageChange",
"imageChangeParams": {
- "automatic": false,
+ "automatic": true,
"containerNames": [
"mysql"
],
@@ -277,15 +277,27 @@
}
},
"spec": {
+ "volumes": [
+ {
+ "name": "data",
+ "emptyDir": {}
+ }
+ ],
"containers": [
{
"name": "mysql",
- "image": "mysql",
+ "image": " ",
"ports": [
{
"containerPort": 3306
}
],
+ "volumeMounts": [
+ {
+ "name": "data",
+ "mountPath": "/var/lib/mysql/data"
+ }
+ ],
"readinessProbe": {
"timeoutSeconds": 1,
"initialDelaySeconds": 5,
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json
index 1ea5a21a0..852f20102 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json
@@ -155,7 +155,7 @@
"containers": [
{
"name": "dancer-example",
- "image": "dancer-example",
+ "image": " ",
"ports": [
{
"containerPort": 8080
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json
index 844201e7c..f044152b3 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json
@@ -158,7 +158,7 @@
"containers": [
{
"name": "django-psql-example",
- "image": "django-psql-example",
+ "image": " ",
"ports": [
{
"containerPort": 8080
@@ -260,7 +260,7 @@
{
"type": "ImageChange",
"imageChangeParams": {
- "automatic": false,
+ "automatic": true,
"containerNames": [
"postgresql"
],
@@ -287,10 +287,16 @@
}
},
"spec": {
+ "volumes": [
+ {
+ "name": "data",
+ "emptyDir": {}
+ }
+ ],
"containers": [
{
"name": "postgresql",
- "image": "postgresql",
+ "image": " ",
"ports": [
{
"containerPort": 5432
@@ -310,6 +316,12 @@
"value": "${DATABASE_NAME}"
}
],
+ "volumeMounts": [
+ {
+ "name": "data",
+ "mountPath": "/var/lib/pgsql/data"
+ }
+ ],
"readinessProbe": {
"timeoutSeconds": 1,
"initialDelaySeconds": 5,
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json
index 38ef694f8..5740ee963 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json
@@ -158,7 +158,7 @@
"containers": [
{
"name": "django-example",
- "image": "django-example",
+ "image": " ",
"ports": [
{
"containerPort": 8080
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json
index e464b5971..67fce4a46 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json
@@ -5,7 +5,7 @@
"name": "jenkins-ephemeral",
"creationTimestamp": null,
"annotations": {
- "description": "Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing",
+ "description": "Jenkins service, without persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing",
"iconClass": "icon-jenkins",
"tags": "instant-app,jenkins"
}
@@ -71,7 +71,7 @@
{
"type": "ImageChange",
"imageChangeParams": {
- "automatic": false,
+ "automatic": true,
"containerNames": [
"jenkins"
],
@@ -102,7 +102,7 @@
"containers": [
{
"name": "jenkins",
- "image": "${JENKINS_IMAGE}",
+ "image": "JENKINS_IMAGE",
"readinessProbe": {
"timeoutSeconds": 3,
"initialDelaySeconds": 3,
@@ -113,7 +113,7 @@
},
"livenessProbe": {
"timeoutSeconds": 3,
- "initialDelaySeconds": 30,
+ "initialDelaySeconds": 60,
"httpGet": {
"path": "/login",
"port": 8080
@@ -182,7 +182,7 @@
{
"name": "JENKINS_PASSWORD",
"displayName": "Jenkins Password",
- "description": "Password for the Jenkins user.",
+ "description": "Password for the Jenkins 'admin' user.",
"generate": "expression",
"value": "password"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json
index 0d8dcffa1..ef04b4482 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json
@@ -5,7 +5,7 @@
"name": "jenkins-persistent",
"creationTimestamp": null,
"annotations": {
- "description": "Jenkins service, with persistent storage. You must have persistent volumes available in your cluster to use this template.",
+ "description": "Jenkins service, with persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nYou must have persistent volumes available in your cluster to use this template.",
"iconClass": "icon-jenkins",
"tags": "instant-app,jenkins"
}
@@ -119,7 +119,7 @@
"containers": [
{
"name": "jenkins",
- "image": "${JENKINS_IMAGE}",
+ "image": "JENKINS_IMAGE",
"readinessProbe": {
"timeoutSeconds": 3,
"initialDelaySeconds": 3,
@@ -130,7 +130,7 @@
},
"livenessProbe": {
"timeoutSeconds": 3,
- "initialDelaySeconds": 30,
+ "initialDelaySeconds": 60,
"httpGet": {
"path": "/login",
"port": 8080
@@ -199,7 +199,7 @@
{
"name": "JENKINS_PASSWORD",
"displayName": "Jenkins Password",
- "description": "Password for the Jenkins user.",
+ "description": "Password for the Jenkins 'admin' user.",
"generate": "expression",
"value": "password"
},
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json
index 661bcbb69..4b64bd463 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json
@@ -164,7 +164,7 @@
"containers": [
{
"name": "nodejs-mongodb-example",
- "image": "nodejs-mongodb-example",
+ "image": " ",
"ports": [
{
"containerPort": 8080
@@ -258,7 +258,7 @@
{
"type": "ImageChange",
"imageChangeParams": {
- "automatic": false,
+ "automatic": true,
"containerNames": [
"mongodb"
],
@@ -288,7 +288,7 @@
"containers": [
{
"name": "mongodb",
- "image": "mongodb",
+ "image": " ",
"ports": [
{
"containerPort": 27017
@@ -330,6 +330,20 @@
"limits": {
"memory": "${MEMORY_MONGODB_LIMIT}"
}
+ },
+ "volumeMounts": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "mountPath": "/var/lib/mongodb/data"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "emptyDir": {
+ "medium": ""
}
}
]
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json
index 0518dfac7..0adb02a46 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json
@@ -164,7 +164,7 @@
"containers": [
{
"name": "nodejs-example",
- "image": "nodejs-example",
+ "image": " ",
"ports": [
{
"containerPort": 8080
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json
index 6292cf3e7..82dd757ec 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json
@@ -169,7 +169,7 @@
"containers": [
{
"name": "rails-postgresql-example",
- "image": "rails-postgresql-example",
+ "image": " ",
"ports": [
{
"containerPort": 8080
@@ -287,7 +287,7 @@
{
"type": "ImageChange",
"imageChangeParams": {
- "automatic": false,
+ "automatic": true,
"containerNames": [
"postgresql"
],
@@ -314,10 +314,16 @@
}
},
"spec": {
+ "volumes": [
+ {
+ "name": "data",
+ "emptyDir": {}
+ }
+ ],
"containers": [
{
"name": "postgresql",
- "image": "postgresql",
+ "image": " ",
"ports": [
{
"containerPort": 5432
@@ -337,6 +343,12 @@
"port": 5432
}
},
+ "volumeMounts": [
+ {
+ "name": "data",
+ "mountPath": "/var/lib/pgsql/data"
+ }
+ ],
"env": [
{
"name": "POSTGRESQL_USER",
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 213775a95..b13343776 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -19,8 +19,8 @@ EXAMPLES = '''
import ConfigParser
import copy
+import io
import os
-import StringIO
import yaml
from distutils.util import strtobool
from distutils.version import LooseVersion
@@ -689,7 +689,7 @@ def set_etcd_facts_if_unset(facts):
If anything goes wrong parsing these, the fact will not be set.
"""
- if 'master' in facts and facts['master']['embedded_etcd']:
+ if 'master' in facts and safe_get_bool(facts['master']['embedded_etcd']):
etcd_facts = facts['etcd'] if 'etcd' in facts else dict()
if 'etcd_data_dir' not in etcd_facts:
@@ -716,8 +716,8 @@ def set_etcd_facts_if_unset(facts):
# Read ETCD_DATA_DIR from /etc/etcd/etcd.conf:
try:
# Add a fake section for parsing:
- ini_str = '[root]\n' + open('/etc/etcd/etcd.conf', 'r').read()
- ini_fp = StringIO.StringIO(ini_str)
+ ini_str = unicode('[root]\n' + open('/etc/etcd/etcd.conf', 'r').read(), 'utf-8')
+ ini_fp = io.StringIO(ini_str)
config = ConfigParser.RawConfigParser()
config.readfp(ini_fp)
etcd_data_dir = config.get('root', 'ETCD_DATA_DIR')
@@ -1374,18 +1374,19 @@ def set_proxy_facts(facts):
if 'common' in facts:
common = facts['common']
if 'http_proxy' in common or 'https_proxy' in common:
+ if 'no_proxy' in common and \
+ isinstance(common['no_proxy'], basestring):
+ common['no_proxy'] = common['no_proxy'].split(",")
+ elif 'no_proxy' not in common:
+ common['no_proxy'] = []
if 'generate_no_proxy_hosts' in common and \
- common['generate_no_proxy_hosts']:
- if 'no_proxy' in common and \
- isinstance(common['no_proxy'], basestring):
- common['no_proxy'] = common['no_proxy'].split(",")
- else:
- common['no_proxy'] = []
+ safe_get_bool(common['generate_no_proxy_hosts']):
if 'no_proxy_internal_hostnames' in common:
common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(','))
common['no_proxy'].append('.' + common['dns_domain'])
- common['no_proxy'].append(common['hostname'])
- common['no_proxy'] = sort_unique(common['no_proxy'])
+ # We always add ourselves no matter what
+ common['no_proxy'].append(common['hostname'])
+ common['no_proxy'] = sort_unique(common['no_proxy'])
facts['common'] = common
if 'builddefaults' in facts:
@@ -1701,7 +1702,8 @@ class OpenShiftFacts(object):
oauth_grant_method='auto',
scheduler_predicates=scheduler_predicates,
scheduler_priorities=scheduler_priorities,
- dynamic_provisioning_enabled=True)
+ dynamic_provisioning_enabled=True,
+ max_requests_inflight=500)
if 'node' in roles:
defaults['node'] = dict(labels={}, annotations={},
@@ -1735,6 +1737,9 @@ class OpenShiftFacts(object):
nfs=dict(
directory='/exports',
options='*(rw,root_squash)'),
+ openstack=dict(
+ filesystem='ext4',
+ volumeID='123'),
host=None,
access_modes=['ReadWriteMany'],
create_pv=True
diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml
index ff726ae24..ce410d1d5 100644
--- a/roles/openshift_facts/tasks/main.yml
+++ b/roles/openshift_facts/tasks/main.yml
@@ -1,8 +1,8 @@
---
-- name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0
+- name: Verify Ansible version is greater than or equal to 1.9.4
fail:
msg: "Unsupported ansible version: {{ ansible_version }} found"
- when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge')
+ when: not ansible_version.full | version_compare('1.9.4', 'ge')
- name: Detecting Operating System
stat:
diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
index 2a651df65..de0a7000e 100644
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -59,6 +59,16 @@
failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0"
changed_when: osmiq_perm_task.rc == 0
+- name: Configure 3_2 role/user permissions
+ command: >
+ {{ openshift.common.admin_binary }} {{item}}
+ --config={{manage_iq_tmp_conf}}
+ with_items: "{{manage_iq_openshift_3_2_tasks}}"
+ register: osmiq_perm_3_2_task
+ failed_when: osmiq_perm_3_2_task.rc != 0
+ changed_when: osmiq_perm_3_2_task.rc == 0
+ when: openshift.common.version_gte_3_2_or_1_2 | bool
+
- name: Clean temporary configuration file
command: >
rm -f {{manage_iq_tmp_conf}}
diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml
index 69ee2cb4c..b2aed79c7 100644
--- a/roles/openshift_manageiq/vars/main.yml
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -30,3 +30,6 @@ manage_iq_tasks:
- policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin
- policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin
- policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin
+
+manage_iq_openshift_3_2_tasks:
+ - policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index 16df984f9..dbd62c80f 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -1,40 +1,4 @@
---
openshift_node_ips: []
-
# TODO: update setting these values based on the facts
-os_firewall_allow:
-- service: etcd embedded
- port: 4001/tcp
-- service: api server https
- port: "{{ openshift.master.api_port }}/tcp"
-- service: api controllers https
- port: "{{ openshift.master.controllers_port }}/tcp"
-- service: skydns tcp
- port: "{{ openshift.master.dns_port }}/tcp"
-- service: skydns udp
- port: "{{ openshift.master.dns_port }}/udp"
-# On HA masters version_gte facts are not properly set so open port 53
-# whenever we're not certain of the need
-- service: legacy skydns tcp
- port: "53/tcp"
- when: "{{ 'version' not in openshift.common or openshift.common.version == None }}"
-- service: legacy skydns udp
- port: "53/udp"
- when: "{{ 'version' not in openshift.common or openshift.common.version == None }}"
-- service: Fluentd td-agent tcp
- port: 24224/tcp
-- service: Fluentd td-agent udp
- port: 24224/udp
-- service: pcsd
- port: 2224/tcp
-- service: Corosync UDP
- port: 5404/udp
-- service: Corosync UDP
- port: 5405/udp
-os_firewall_deny:
-- service: api server http
- port: 8080/tcp
-- service: former etcd peer port
- port: 7001/tcp
-
openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml
index e882e0b8b..d8834d27f 100644
--- a/roles/openshift_master/meta/main.yml
+++ b/roles/openshift_master/meta/main.yml
@@ -18,3 +18,25 @@ dependencies:
- role: openshift_builddefaults
- role: openshift_master_facts
- role: openshift_hosted_facts
+- role: os_firewall
+ os_firewall_allow:
+ - service: etcd embedded
+ port: 4001/tcp
+ - service: api server https
+ port: "{{ openshift.master.api_port }}/tcp"
+ - service: api controllers https
+ port: "{{ openshift.master.controllers_port }}/tcp"
+ - service: skydns tcp
+ port: "{{ openshift.master.dns_port }}/tcp"
+ - service: skydns udp
+ port: "{{ openshift.master.dns_port }}/udp"
+ - service: Fluentd td-agent tcp
+ port: 24224/tcp
+ - service: Fluentd td-agent udp
+ port: 24224/udp
+ - service: pcsd
+ port: 2224/tcp
+ - service: Corosync UDP
+ port: 5404/udp
+ - service: Corosync UDP
+ port: 5405/udp
diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2
index 4cf632841..026787421 100644
--- a/roles/openshift_master/templates/atomic-openshift-master.j2
+++ b/roles/openshift_master/templates/atomic-openshift-master.j2
@@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
# Proxy configuration
# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
{% if 'http_proxy' in openshift.common %}
-HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+HTTP_PROXY={{ openshift.common.http_proxy | default('') }}
{% endif %}
{% if 'https_proxy' in openshift.common %}
-HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+HTTPS_PROXY={{ openshift.common.https_proxy | default('')}}
{% endif %}
{% if 'no_proxy' in openshift.common %}
-NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}
{% endif %}
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 48bb8a13f..17a10ae71 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -196,7 +196,7 @@ servingInfo:
certFile: master.server.crt
clientCA: ca.crt
keyFile: master.server.key
- maxRequestsInFlight: 500
+ maxRequestsInFlight: {{ openshift.master.max_requests_inflight }}
requestTimeoutSeconds: 3600
{% if openshift.master.named_certificates %}
namedCertificates:
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
index 01a8428a0..02c22e374 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
@@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
# Proxy configuration
# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
{% if 'http_proxy' in openshift.common %}
-HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+HTTP_PROXY={{ openshift.common.http_proxy | default('') }}
{% endif %}
{% if 'https_proxy' in openshift.common %}
-HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+HTTPS_PROXY={{ openshift.common.https_proxy | default('')}}
{% endif %}
{% if 'no_proxy' in openshift.common %}
-NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}
{% endif %}
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
index 89ccb1eed..644640577 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
@@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
# Proxy configuration
# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
{% if 'http_proxy' in openshift.common %}
-HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+HTTP_PROXY={{ openshift.common.http_proxy | default('') }}
{% endif %}
{% if 'https_proxy' in openshift.common %}
-HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+HTTPS_PROXY={{ openshift.common.https_proxy | default('')}}
{% endif %}
{% if 'no_proxy' in openshift.common %}
-NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}
{% endif %}
diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml
index 0cbbaffc2..896dd5e35 100644
--- a/roles/openshift_master_facts/tasks/main.yml
+++ b/roles/openshift_master_facts/tasks/main.yml
@@ -76,3 +76,4 @@
oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}"
image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}"
dynamic_provisioning_enabled: "{{ openshift_master_dynamic_provisioning_enabled | default(None) }}"
+ max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}"
diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml
index 1a1dc8ede..df3f6ee65 100644
--- a/roles/openshift_node/handlers/main.yml
+++ b/roles/openshift_node/handlers/main.yml
@@ -1,8 +1,9 @@
---
+- name: restart openvswitch
+ service: name=openvswitch state=restarted
+ when: not (ovs_service_status_changed | default(false) | bool)
+
- name: restart node
service: name={{ openshift.common.service_type }}-node state=restarted
when: not (node_service_status_changed | default(false) | bool)
-- name: restart openvswitch
- service: name=openvswitch state=restarted
- when: not (ovs_service_status_changed | default(false) | bool)
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index ca0c332ea..db1776632 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -17,4 +17,5 @@ dependencies:
- role: openshift_common
- role: openshift_node_dnsmasq
when: openshift.common.use_dnsmasq
+- role: os_firewall
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 06fde88af..be70a170d 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -112,6 +112,17 @@
- name: Start and enable node
service: name={{ openshift.common.service_type }}-node enabled=yes state=started
register: node_start_result
+ ignore_errors: yes
+
+- name: Check logs on failure
+ command: journalctl -xe
+ register: node_failure
+ when: node_start_result | failed
+
+- name: Dump failure information
+ debug: var=node_failure
+ when: node_start_result | failed
+
- set_fact:
node_service_status_changed: "{{ node_start_result | changed }}"
diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml
index be4b4ed61..f3262803a 100644
--- a/roles/openshift_node/tasks/systemd_units.yml
+++ b/roles/openshift_node/tasks/systemd_units.yml
@@ -14,6 +14,8 @@
dest: /etc/sysconfig/openvswitch
when: openshift.common.is_containerized | bool
register: install_ovs_sysconfig
+ notify:
+ - restart openvswitch
- name: Install OpenvSwitch docker service file
template:
diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
index 691fa32f3..09bae1777 100755
--- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
+++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
@@ -8,10 +8,12 @@
# a pod would fail.
#
# To use this,
-# Drop this script in /etc/NetworkManager/dispatcher.d/
-# systemctl restart NetworkManager
-# Configure node-config.yaml to set dnsIP: to the ip address of this
-# node
+# - If this host is also a master, reconfigure master dnsConfig to listen on
+# 8053 to avoid conflicts on port 53 and open port 8053 in the firewall
+# - Drop this script in /etc/NetworkManager/dispatcher.d/
+# - systemctl restart NetworkManager
+# - Configure node-config.yaml to set dnsIP: to the ip address of this
+# node
#
# Test it:
# host kubernetes.default.svc.cluster.local
@@ -31,7 +33,8 @@ if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then
def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }')
def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}')
def_route_ip=$(/sbin/ip route get to ${def_route} | awk '{print $5}')
- if [[ ${DEVICE_IFACE} == ${def_route_int} ]]; then
+ if [[ ${DEVICE_IFACE} == ${def_route_int} && \
+ -n "${IP4_NAMESERVERS}" ]]; then
if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then
cat << EOF > /etc/dnsmasq.d/origin-dns.conf
strict-order
@@ -42,8 +45,8 @@ server=/30.172.in-addr.arpa/172.30.0.1
EOF
fi
# zero out our upstream servers list and feed it into dnsmasq
- echo '' > /etc/dnsmasq.d/origin-upstream-dns.conf
- for ns in ${DHCP4_DOMAIN_NAME_SERVERS}; do
+ echo -n > /etc/dnsmasq.d/origin-upstream-dns.conf
+ for ns in ${IP4_NAMESERVERS}; do
echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf
done
systemctl restart dnsmasq
diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py
index 5ace63918..97aee0b53 100644
--- a/utils/src/ooinstall/openshift_ansible.py
+++ b/utils/src/ooinstall/openshift_ansible.py
@@ -135,6 +135,16 @@ def write_inventory_vars(base_inventory, multiple_masters, proxy):
#base_inventory.write('openshift_image_tag=v{}\n'.format(CFG.settings.get('variant_version')))
base_inventory.write('openshift_image_tag=v{}\n'.format('3.1.1.6'))
+ if CFG.settings.get('openshift_http_proxy', ''):
+ base_inventory.write("openshift_http_proxy={}\n".format(
+ CFG.settings['openshift_http_proxy']))
+ if CFG.settings.get('openshift_https_proxy', ''):
+ base_inventory.write("openshift_https_proxy={}\n".format(
+ CFG.settings['openshift_https_proxy']))
+ if CFG.settings.get('openshift_no_proxy', ''):
+ base_inventory.write("openshift_no_proxy={}\n".format(
+ CFG.settings['openshift_no_proxy']))
+
def write_host(host, inventory, schedulable=None):
global CFG