diff options
61 files changed, 507 insertions, 221 deletions
diff --git a/.gitignore b/.gitignore index 626065fe1..dcea26d60 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ multi_inventory.yaml .vagrant .tags* ansible.cfg +*.retry diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 402103b09..e7409bf22 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -732,21 +732,22 @@ class FilterModule(object): if 'hosted' in hostvars['openshift']: for component in hostvars['openshift']['hosted']: if 'storage' in hostvars['openshift']['hosted'][component]: - kind = hostvars['openshift']['hosted'][component]['storage']['kind'] - create_pv = hostvars['openshift']['hosted'][component]['storage']['create_pv'] + params = hostvars['openshift']['hosted'][component]['storage'] + kind = params['kind'] + create_pv = params['create_pv'] if kind != None and create_pv: if kind == 'nfs': - host = hostvars['openshift']['hosted'][component]['storage']['host'] + host = params['host'] if host == None: if len(groups['oo_nfs_to_config']) > 0: host = groups['oo_nfs_to_config'][0] else: raise errors.AnsibleFilterError("|failed no storage host detected") - directory = hostvars['openshift']['hosted'][component]['storage']['nfs']['directory'] - volume = hostvars['openshift']['hosted'][component]['storage']['volume']['name'] + directory = params['nfs']['directory'] + volume = params['volume']['name'] path = directory + '/' + volume - size = hostvars['openshift']['hosted'][component]['storage']['volume']['size'] - access_modes = hostvars['openshift']['hosted'][component]['storage']['access_modes'] + size = params['volume']['size'] + access_modes = params['access_modes'] persistent_volume = dict( name="{0}-volume".format(volume), capacity=size, @@ -756,6 +757,21 @@ class FilterModule(object): server=host, path=path))) persistent_volumes.append(persistent_volume) + elif kind == 'openstack': + volume = params['volume']['name'] + size = params['volume']['size'] + access_modes = params['access_modes'] + filesystem = params['openstack']['filesystem'] + volume_id = params['openstack']['volumeID'] + persistent_volume = dict( + name="{0}-volume".format(volume), + capacity=size, + access_modes=access_modes, + storage=dict( + cinder=dict( + fsType=filesystem, + volumeID=volume_id))) + persistent_volumes.append(persistent_volume) else: msg = "|failed invalid storage kind '{0}' for component '{1}'".format( kind, diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index c18a423bf..c31d39d59 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -187,6 +187,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default pod eviction timeout #openshift_master_pod_eviction_timeout=5m +# Override the default oauth tokenConfig settings: +# openshift_master_access_token_max_seconds=86400 +# openshift_master_auth_token_max_seconds=500 + +# Override master servingInfo.maxRequestsInFlight +#openshift_master_max_requests_inflight=500 + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] @@ -308,9 +315,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## ## Storage Kind ## Specifies which storage kind will be used for the registry. -## "nfs" is the only supported kind at this time. +## "nfs" and "openstack" are supported kinds at this time. ##openshift_hosted_registry_storage_kind=nfs ## +## Persistent Volume Access Mode +## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce' +##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## +## Registry Volume Name +## Specify the storage volume name. This directory will be created +## within openshift_hosted_registry_storage_nfs_directory if +## specifying an [nfs] group. Ex. /exports/registry +## This variable must be supplied if using a pre-existing nfs server. +##openshift_hosted_registry_storage_volume_name=registry +## +## NFS Specific Options +## ## Storage Host ## This variable can be used to identify a pre-existing storage host ## if a storage host group corresponding to the storage kind (such as @@ -326,18 +346,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## This variable must be supplied if using a pre-existing nfs server. ##openshift_hosted_registry_storage_nfs_directory=/exports ## -## Registry Volume Name -## Specify the storage volume name. This directory will be created -## within openshift_hosted_registry_storage_nfs_directory if -## specifying an [nfs] group. Ex. /exports/registry -## This variable must be supplied if using a pre-existing nfs server. -##openshift_hosted_registry_storage_volume_name=registry +## Openstack Specific Options ## -## Persistent Volume Access Mode -##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## Openstack Volume ID +## Specify the identifier of the volume to use for the registry. +## At this time, the volume has to be created manually by the administrator. +##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57 +## +## Openstack Volume Size +##openshift_hosted_registry_storage_volume_size=10Gi +## +## Openstack Volume Filesystem +## Specify the filesystem that will be used when formatting the volume +##openshift_hosted_registry_storage_openstack_filesystem=ext4 # Configure node kubelet arguments -#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} # Configure logrotate scripts # See: https://github.com/nickhammond/ansible-logrotate @@ -365,9 +389,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # # Most environments don't require a proxy between openshift masters, nodes, and # etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and +# If all of your hosts share a common domain you may wish to disable this and # specify that domain above. -#openshift_generate_no_proxy_hosts: True +#openshift_generate_no_proxy_hosts=True # # These options configure the BuildDefaults admission controller which injects # environment variables into Builds. These values will default to their diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 28298d940..3a7842a33 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -192,6 +192,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default pod eviction timeout #openshift_master_pod_eviction_timeout=5m +# Override the default oauth tokenConfig settings: +# openshift_master_access_token_max_seconds=86400 +# openshift_master_auth_token_max_seconds=500 + +# Override master servingInfo.maxRequestsInFlight +#openshift_master_max_requests_inflight=500 + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] @@ -313,9 +320,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## ## Storage Kind ## Specifies which storage kind will be used for the registry. -## nfs is the only supported kind at this time. +## "nfs" and "openstack" are supported kinds at this time. ##openshift_hosted_registry_storage_kind=nfs ## +## Persistent Volume Access Mode +## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce' +##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## +## Registry Volume Name +## Specify the storage volume name. This directory will be created +## within openshift_hosted_registry_storage_nfs_directory if +## specifying an [nfs] group. Ex. /exports/registry +## This variable must be supplied if using a pre-existing nfs server. +##openshift_hosted_registry_storage_volume_name=registry +## +## NFS Specific Options +## ## Storage Host ## This variable can be used to identify a pre-existing storage host ## if a storage host group corresponding to the storage kind (such as @@ -331,18 +351,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## This variable must be supplied if using a pre-existing nfs server. ##openshift_hosted_registry_storage_nfs_directory=/exports ## -## Registry Volume Name -## Specify the storage volume name. This directory will be created -## within openshift_hosted_registry_storage_nfs_directory if -## specifying an [nfs] group. Ex: /exports/registry -## This variable must be supplied if using a pre-existing nfs server. -##openshift_hosted_registry_storage_volume_name=registry +## Openstack Specific Options ## -## Persistent Volume Access Mode -##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## Openstack Volume ID +## Specify the identifier of the volume to use for the registry. +## At this time, the volume has to be created manually by the administrator. +##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57 +## +## Openstack Volume Size +##openshift_hosted_registry_storage_volume_size=10Gi +## +## Openstack Volume Filesystem +## Specify the filesystem that will be used when formatting the volume +##openshift_hosted_registry_storage_openstack_filesystem=ext4 # Configure node kubelet arguments -#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} # Configure logrotate scripts # See: https://github.com/nickhammond/ansible-logrotate @@ -370,9 +394,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # # Most environments don't require a proxy between openshift masters, nodes, and # etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and +# If all of your hosts share a common domain you may wish to disable this and # specify that domain above. -#openshift_generate_no_proxy_hosts: True +#openshift_generate_no_proxy_hosts=True # # These options configure the BuildDefaults admission controller which injects # environment variables into Builds. These values will default to their diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 38adfe572..cb46c352e 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -188,6 +188,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default pod eviction timeout #openshift_master_pod_eviction_timeout=5m +# Override the default oauth tokenConfig settings: +# openshift_master_access_token_max_seconds=86400 +# openshift_master_auth_token_max_seconds=500 + +# Override master servingInfo.maxRequestsInFlight +#openshift_master_max_requests_inflight=500 + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs'] @@ -309,9 +316,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## ## Storage Kind ## Specifies which storage kind will be used for the registry. -## "nfs" is the only supported kind at this time. +## "nfs" and "openstack" are supported kinds at this time. ##openshift_hosted_registry_storage_kind=nfs ## +## Persistent Volume Access Mode +## When using the 'openstack' storage kind, this has to be 'ReadWriteOnce' +##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## +## Registry Volume Name +## Specify the storage volume name. This directory will be created +## within openshift_hosted_registry_storage_nfs_directory if +## specifying an [nfs] group. Ex. /exports/registry +## This variable must be supplied if using a pre-existing nfs server. +##openshift_hosted_registry_storage_volume_name=registry +## +## NFS Specific Options +## ## Storage Host ## This variable can be used to identify a pre-existing storage host ## if a storage host group corresponding to the storage kind (such as @@ -327,18 +347,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', ## This variable must be supplied if using a pre-existing nfs server. ##openshift_hosted_registry_storage_nfs_directory=/exports ## -## Registry Volume Name -## Specify the storage volume name. This directory will be created -## within openshift_hosted_registry_storage_nfs_directory if -## specifying an [nfs] group Ex: /exports/registry -## This variable must be supplied if using a pre-existing nfs server. -##openshift_hosted_registry_storage_volume_name=registry +## Openstack Specific Options ## -## Persistent Volume Access Mode -##openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +## Openstack Volume ID +## Specify the identifier of the volume to use for the registry. +## At this time, the volume has to be created manually by the administrator. +##openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57 +## +## Openstack Volume Size +##openshift_hosted_registry_storage_volume_size=10Gi +## +## Openstack Volume Filesystem +## Specify the filesystem that will be used when formatting the volume +##openshift_hosted_registry_storage_openstack_filesystem=ext4 # Configure node kubelet arguments -#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} # Configure logrotate scripts # See: https://github.com/nickhammond/ansible-logrotate @@ -366,9 +390,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # # Most environments don't require a proxy between openshift masters, nodes, and # etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and +# If all of your hosts share a common domain you may wish to disable this and # specify that domain above. -#openshift_generate_no_proxy_hosts: True +#openshift_generate_no_proxy_hosts=True # # These options configure the BuildDefaults admission controller which injects # environment variables into Builds. These values will default to their diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml index 628a07752..59d275d52 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml @@ -1,13 +1,28 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 + fail: + msg: "Unsupported ansible version: {{ ansible_version }} found." + when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: "{{ g_all_hosts }}" + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../../../common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml - vars_files: - - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}" vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" + # Do not allow adding hosts during upgrade. g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" + g_new_node_hosts: [] openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 8fadd2ce7..239da4df0 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -1,13 +1,28 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 + fail: + msg: "Unsupported ansible version: {{ ansible_version }} found." + when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: "{{ g_all_hosts }}" + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml - vars_files: - - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}" vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" + # Do not allow adding hosts during upgrade. g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" + g_new_node_hosts: [] openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml index 42078584b..9363442aa 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml @@ -1,12 +1,29 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 + fail: + msg: "Unsupported ansible version: {{ ansible_version }} found." + when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: "{{ g_all_hosts }}" + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../../../common/openshift-cluster/evaluate_groups.yml vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" + # Do not allow adding hosts during upgrade. g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" + g_new_node_hosts: [] openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_deployment_type: "{{ deployment_type }}" - include: ../../../../common/openshift-cluster/upgrades/v3_1_minor/pre.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml index a929e4a6a..24617620b 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -1,14 +1,29 @@ --- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 + fail: + msg: "Unsupported ansible version: {{ ansible_version }} found." + when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts | default([]) + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - include: ../../../../common/openshift-cluster/evaluate_groups.yml vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" + # Do not allow adding hosts during upgrade. g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" - g_all_hosts: "{{ groups.masters | default([]) | union(groups.nodes | default([])) | union(groups.etcd | default([])) - | union(groups.lb | default([])) | union(groups.nfs | default([])) }}" + g_new_node_hosts: [] openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 99b36098a..903babc45 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,6 +1,8 @@ --- - include: evaluate_groups.yml +- include: initialize_facts.yml + - include: validate_hostnames.yml - name: Set oo_options diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml new file mode 100644 index 000000000..9a844e216 --- /dev/null +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -0,0 +1,7 @@ +--- +- name: Initialize host facts + hosts: OSEv3 + roles: + - openshift_facts + tasks: + - openshift_facts: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml index 51b108f6a..5b2bf9f93 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml @@ -36,7 +36,8 @@ - name: Ensure AOS 3.0.2 or Origin 1.0.6 hosts: oo_first_master tasks: - fail: This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later + - fail: + msg: "This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later" when: _new_version.stdout | version_compare('1.0.6','<') or ( _new_version.stdout | version_compare('3.0','>=' and _new_version.stdout | version_compare('3.0.2','<') ) - name: Update cluster policy diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 new file mode 120000 index 000000000..cf20e8959 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/atomic-openshift-master.j2
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker new file mode 120000 index 000000000..5a3dd12b3 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/docker
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster new file mode 120000 index 000000000..3ee319365 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/docker-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster new file mode 120000 index 000000000..f44f8eb4f --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/native-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml index 3fd97ac14..12e2edfb9 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml @@ -10,6 +10,7 @@ router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', 'v' + g_new_version ) }}" oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig" roles: + - openshift_manageiq # Create the new templates shipped in 3.2, existing templates are left # unmodified. This prevents the subsequent role definition for # openshift_examples from failing when trying to replace templates that do diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml index 02d9e3332..dd9843290 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -101,6 +101,7 @@ vars: target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + upgrading: True handlers: - include: ../../../../../roles/openshift_master/handlers/main.yml - include: ../../../../../roles/openshift_node/handlers/main.yml @@ -109,7 +110,7 @@ # are modified to use the correct image tag. However, this can trigger a # docker restart if new configuration is laid down which would immediately # pull the latest image and defeat the purpose of these tasks. - - openshift_cli + - { role: openshift_cli } pre_tasks: - name: Clean package cache command: "{{ ansible_pkg_mgr }} clean all" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml index 3d8e43f08..a2d88341a 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -131,6 +131,7 @@ origin_reconcile_bindings: "{{ deployment_type == 'origin' and g_new_version | version_compare('1.0.6', '>') }}" ent_reconcile_bindings: true openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + upgrading: True tasks: - name: Verifying the correct commandline tools are available shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}} diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml index 0f562e019..50e25984f 100644 --- a/playbooks/common/openshift-cluster/validate_hostnames.yml +++ b/playbooks/common/openshift-cluster/validate_hostnames.yml @@ -1,6 +1,4 @@ --- -- include: evaluate_groups.yml - - name: Gather and set facts for node hosts hosts: oo_nodes_to_config roles: diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index cba99a740..a41fca45a 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -140,15 +140,15 @@ register: g_external_etcd_flannel_cert_stat_result when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) - set_fact: - etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results + etcd_client_flannel_certs_missing: "{{ False in g_external_etcd_flannel_cert_stat_result.results | oo_collect(attribute='stat.exists') - | list | intersect([false])}}" + | list }}" etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" etcd_cert_prefix: node.etcd- etcd_hostname: "{{ openshift.common.hostname }}" etcd_ip: "{{ openshift.common.ip }}" - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config | length > 0 and (openshift.common.use_flannel | bool) - name: Configure flannel etcd certificates hosts: oo_first_etcd @@ -158,9 +158,8 @@ pre_tasks: - set_fact: etcd_needing_client_certs: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + | oo_select_keys(groups['oo_nodes_to_config']) + | oo_filter_list('etcd_client_flannel_certs_missing') | default([]) }}" roles: - role: openshift_etcd_certificates when: openshift_use_flannel | default(false) | bool @@ -171,8 +170,7 @@ -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} . args: creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" - with_items: "{{ etcd_needing_client_certs | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + with_items: etcd_needing_client_certs | default([]) - name: Retrieve the etcd cert tarballs fetch: src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" @@ -180,8 +178,7 @@ flat: yes fail_on_missing: yes validate_checksum: yes - with_items: "{{ etcd_needing_client_certs | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + with_items: etcd_needing_client_certs | default([]) - name: Copy the external etcd flannel certs to the nodes hosts: oo_nodes_to_config @@ -192,12 +189,12 @@ file: path: "{{ openshift.common.config_base }}/node" state: directory - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - name: Unarchive the tarball on the master unarchive: src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz" dest: "{{ etcd_cert_config_dir }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - file: path: "{{ etcd_cert_config_dir }}/{{ item }}" owner: root @@ -207,7 +204,7 @@ - node.etcd-client.crt - node.etcd-client.key - node.etcd-ca.crt - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - name: Additional node config diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml index b497a46c0..a9f130bb9 100644 --- a/roles/etcd_certificates/tasks/client.yml +++ b/roles/etcd_certificates/tasks/client.yml @@ -4,7 +4,7 @@ path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" state: directory mode: 0700 - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) - name: Create the client csr command: > @@ -19,7 +19,7 @@ ~ item.etcd_cert_prefix ~ 'client.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) - name: Sign and create the client crt command: > @@ -33,10 +33,10 @@ ~ item.etcd_cert_prefix ~ 'client.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) - file: src: "{{ etcd_ca_cert }}" dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" state: hard - with_items: "{{ etcd_needing_client_certs | default([]) }}" + with_items: etcd_needing_client_certs | default([]) diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml index 934b8b805..223917ccd 100644 --- a/roles/etcd_certificates/tasks/server.yml +++ b/roles/etcd_certificates/tasks/server.yml @@ -4,7 +4,7 @@ path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" state: directory mode: 0700 - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Create the server csr command: > @@ -19,7 +19,7 @@ ~ item.etcd_cert_prefix ~ 'server.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Sign and create the server crt command: > @@ -33,7 +33,7 @@ ~ item.etcd_cert_prefix ~ 'server.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Create the peer csr command: > @@ -48,7 +48,7 @@ ~ item.etcd_cert_prefix ~ 'peer.csr' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - name: Sign and create the peer crt command: > @@ -62,10 +62,10 @@ ~ item.etcd_cert_prefix ~ 'peer.crt' }}" environment: SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) - file: src: "{{ etcd_ca_cert }}" dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" state: hard - with_items: "{{ etcd_needing_server_certs | default([]) }}" + with_items: etcd_needing_server_certs | default([]) diff --git a/roles/openshift_cli/meta/main.yml b/roles/openshift_cli/meta/main.yml index 223cb768d..b97a1a277 100644 --- a/roles/openshift_cli/meta/main.yml +++ b/roles/openshift_cli/meta/main.yml @@ -12,6 +12,6 @@ galaxy_info: categories: - cloud dependencies: -- role: openshift_docker +- { role: openshift_docker, upgrading: "{{ upgrading | default(False) }}" } - role: openshift_common - role: openshift_cli_facts diff --git a/roles/openshift_common/meta/main.yml b/roles/openshift_common/meta/main.yml index 02150406d..f1cf3e161 100644 --- a/roles/openshift_common/meta/main.yml +++ b/roles/openshift_common/meta/main.yml @@ -12,6 +12,5 @@ galaxy_info: categories: - cloud dependencies: -- role: os_firewall - role: openshift_facts - role: openshift_repos diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml index 10f47f9b2..5d5174ec9 100644 --- a/roles/openshift_docker/tasks/main.yml +++ b/roles/openshift_docker/tasks/main.yml @@ -2,20 +2,37 @@ # It's important that we don't explicitly pull this image here. Otherwise we # could result in upgrading a preinstalled environment. We'll have to set # openshift_image_tag correctly for upgrades. + +- set_fact: + upgrading: False + when: upgrading is not defined + +- set_fact: + is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}" + # Does the host already have an image tag fact, used to determine if it's a new node + # in non-upgrade scenarios: + has_image_tag_fact: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag is defined }}" + - name: Set version when containerized command: > docker run --rm {{ openshift.common.cli_image }} version register: cli_image_version - when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is not defined + when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool) + +# Use the pre-existing image tag from system facts if present, and we're not upgrading. +# Ignores explicit openshift_image_tag if it's in the inventory, as this isn't an upgrade. +- set_fact: + l_image_tag: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag }}" + when: is_containerized | bool and not upgrading | bool and has_image_tag_fact | bool - set_fact: l_image_tag: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0] }}" - when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is not defined + when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool) - set_fact: l_image_tag: "{{ openshift_image_tag }}" - when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is defined + when: is_containerized | bool and openshift_image_tag is defined and (upgrading | bool or not has_image_tag_fact | bool) - name: Set post docker install facts openshift_facts: @@ -25,5 +42,5 @@ - role: docker local_facts: openshift_image_tag: "{{ l_image_tag | default(None) }}" - openshift_version: "{{ l_image_tag.split('-')[0] if l_image_tag is defined else '' | oo_image_tag_to_rpm_version }}" - when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool + openshift_version: "{{ l_image_tag.split('-')[0] | oo_image_tag_to_rpm_version if l_image_tag is defined else '' }}" + when: is_containerized | bool diff --git a/roles/openshift_examples/files/examples/latest b/roles/openshift_examples/files/examples/latest index 634650e09..f7e713306 120000 --- a/roles/openshift_examples/files/examples/latest +++ b/roles/openshift_examples/files/examples/latest @@ -1 +1 @@ -v1.1
\ No newline at end of file +v1.2
\ No newline at end of file diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json index 227c8d30e..0e618624b 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json @@ -54,7 +54,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "mongodb" ], @@ -96,7 +96,7 @@ "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p $MONGODB_ADMIN_PASSWORD -n 1 --noheaders"] + "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] } }, "livenessProbe": { @@ -125,10 +125,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json index 70c906f8e..07290b1ea 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json @@ -113,7 +113,7 @@ "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p $MONGODB_ADMIN_PASSWORD -n 1 --noheaders"] + "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] } }, "livenessProbe": { diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json index f4c118052..1457d288c 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json @@ -54,7 +54,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "mysql" ], diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json index c14f3c3df..39a71f25c 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json @@ -54,7 +54,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "postgresql" ], diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml index cc33f77d8..fd5841db7 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml @@ -105,6 +105,10 @@ items: value: ${IMAGE_PREFIX} - name: IMAGE_VERSION value: ${IMAGE_VERSION} + - name: IMAGE_PULL_SECRET + value: ${IMAGE_PULL_SECRET} + - name: INSECURE_REGISTRY + value: ${INSECURE_REGISTRY} - name: ENABLE_OPS_CLUSTER value: ${ENABLE_OPS_CLUSTER} - name: KIBANA_HOSTNAME @@ -174,14 +178,6 @@ items: secretName: logging-deployer parameters: - - description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "docker.io/openshift/origin-" - - - description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' - name: IMAGE_VERSION - value: "latest" - - description: "If true, set up to use a second ES cluster for ops logs." name: ENABLE_OPS_CLUSTER value: "false" @@ -288,3 +284,19 @@ items: description: "The mode that the deployer runs in." name: MODE value: "install" + - + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" + - + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" + - + description: 'Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry.' + name: IMAGE_PULL_SECRET + - + description: 'Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)' + name: INSECURE_REGISTRY + value: "false" + diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml index c620c46ec..8fb594ce8 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml @@ -91,7 +91,7 @@ parameters: - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION - value: "v0.1.0" + value: "latest" - description: "Internal URL for the master, for authentication retrieval" name: MASTER_URL diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json index 922e5bed8..370b8c764 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json @@ -166,7 +166,7 @@ "containers": [ { "name": "cakephp-mysql-example", - "image": "cakephp-mysql-example", + "image": " ", "ports": [ { "containerPort": 8080 @@ -276,7 +276,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "mysql" ], @@ -303,15 +303,27 @@ } }, "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], "containers": [ { "name": "mysql", - "image": "mysql", + "image": " ", "ports": [ { "containerPort": 3306 } ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/mysql/data" + } + ], "readinessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 5, diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json index 780faec55..dbf570f1f 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json @@ -155,7 +155,7 @@ "containers": [ { "name": "cakephp-example", - "image": "cakephp-example", + "image": " ", "ports": [ { "containerPort": 8080 diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json index c0fc02ae4..3b738480d 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json @@ -152,7 +152,7 @@ "containers": [ { "name": "dancer-mysql-example", - "image": "dancer-mysql-example", + "image": " ", "ports": [ { "containerPort": 8080 @@ -250,7 +250,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "mysql" ], @@ -277,15 +277,27 @@ } }, "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], "containers": [ { "name": "mysql", - "image": "mysql", + "image": " ", "ports": [ { "containerPort": 3306 } ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/mysql/data" + } + ], "readinessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 5, diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json index 1ea5a21a0..852f20102 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json @@ -155,7 +155,7 @@ "containers": [ { "name": "dancer-example", - "image": "dancer-example", + "image": " ", "ports": [ { "containerPort": 8080 diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json index 844201e7c..f044152b3 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json @@ -158,7 +158,7 @@ "containers": [ { "name": "django-psql-example", - "image": "django-psql-example", + "image": " ", "ports": [ { "containerPort": 8080 @@ -260,7 +260,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "postgresql" ], @@ -287,10 +287,16 @@ } }, "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], "containers": [ { "name": "postgresql", - "image": "postgresql", + "image": " ", "ports": [ { "containerPort": 5432 @@ -310,6 +316,12 @@ "value": "${DATABASE_NAME}" } ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/pgsql/data" + } + ], "readinessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 5, diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json index 38ef694f8..5740ee963 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json @@ -158,7 +158,7 @@ "containers": [ { "name": "django-example", - "image": "django-example", + "image": " ", "ports": [ { "containerPort": 8080 diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json index e464b5971..67fce4a46 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json @@ -5,7 +5,7 @@ "name": "jenkins-ephemeral", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "description": "Jenkins service, without persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } @@ -71,7 +71,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "jenkins" ], @@ -102,7 +102,7 @@ "containers": [ { "name": "jenkins", - "image": "${JENKINS_IMAGE}", + "image": "JENKINS_IMAGE", "readinessProbe": { "timeoutSeconds": 3, "initialDelaySeconds": 3, @@ -113,7 +113,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 30, + "initialDelaySeconds": 60, "httpGet": { "path": "/login", "port": 8080 @@ -182,7 +182,7 @@ { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", - "description": "Password for the Jenkins user.", + "description": "Password for the Jenkins 'admin' user.", "generate": "expression", "value": "password" } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json index 0d8dcffa1..ef04b4482 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json @@ -5,7 +5,7 @@ "name": "jenkins-persistent", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, with persistent storage. You must have persistent volumes available in your cluster to use this template.", + "description": "Jenkins service, with persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nYou must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } @@ -119,7 +119,7 @@ "containers": [ { "name": "jenkins", - "image": "${JENKINS_IMAGE}", + "image": "JENKINS_IMAGE", "readinessProbe": { "timeoutSeconds": 3, "initialDelaySeconds": 3, @@ -130,7 +130,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 30, + "initialDelaySeconds": 60, "httpGet": { "path": "/login", "port": 8080 @@ -199,7 +199,7 @@ { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", - "description": "Password for the Jenkins user.", + "description": "Password for the Jenkins 'admin' user.", "generate": "expression", "value": "password" }, diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json index 661bcbb69..4b64bd463 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json @@ -164,7 +164,7 @@ "containers": [ { "name": "nodejs-mongodb-example", - "image": "nodejs-mongodb-example", + "image": " ", "ports": [ { "containerPort": 8080 @@ -258,7 +258,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "mongodb" ], @@ -288,7 +288,7 @@ "containers": [ { "name": "mongodb", - "image": "mongodb", + "image": " ", "ports": [ { "containerPort": 27017 @@ -330,6 +330,20 @@ "limits": { "memory": "${MEMORY_MONGODB_LIMIT}" } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mongodb/data" + } + ] + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" } } ] diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json index 0518dfac7..0adb02a46 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json @@ -164,7 +164,7 @@ "containers": [ { "name": "nodejs-example", - "image": "nodejs-example", + "image": " ", "ports": [ { "containerPort": 8080 diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json index 6292cf3e7..82dd757ec 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json @@ -169,7 +169,7 @@ "containers": [ { "name": "rails-postgresql-example", - "image": "rails-postgresql-example", + "image": " ", "ports": [ { "containerPort": 8080 @@ -287,7 +287,7 @@ { "type": "ImageChange", "imageChangeParams": { - "automatic": false, + "automatic": true, "containerNames": [ "postgresql" ], @@ -314,10 +314,16 @@ } }, "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], "containers": [ { "name": "postgresql", - "image": "postgresql", + "image": " ", "ports": [ { "containerPort": 5432 @@ -337,6 +343,12 @@ "port": 5432 } }, + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/pgsql/data" + } + ], "env": [ { "name": "POSTGRESQL_USER", diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 213775a95..b13343776 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -19,8 +19,8 @@ EXAMPLES = ''' import ConfigParser import copy +import io import os -import StringIO import yaml from distutils.util import strtobool from distutils.version import LooseVersion @@ -689,7 +689,7 @@ def set_etcd_facts_if_unset(facts): If anything goes wrong parsing these, the fact will not be set. """ - if 'master' in facts and facts['master']['embedded_etcd']: + if 'master' in facts and safe_get_bool(facts['master']['embedded_etcd']): etcd_facts = facts['etcd'] if 'etcd' in facts else dict() if 'etcd_data_dir' not in etcd_facts: @@ -716,8 +716,8 @@ def set_etcd_facts_if_unset(facts): # Read ETCD_DATA_DIR from /etc/etcd/etcd.conf: try: # Add a fake section for parsing: - ini_str = '[root]\n' + open('/etc/etcd/etcd.conf', 'r').read() - ini_fp = StringIO.StringIO(ini_str) + ini_str = unicode('[root]\n' + open('/etc/etcd/etcd.conf', 'r').read(), 'utf-8') + ini_fp = io.StringIO(ini_str) config = ConfigParser.RawConfigParser() config.readfp(ini_fp) etcd_data_dir = config.get('root', 'ETCD_DATA_DIR') @@ -1374,18 +1374,19 @@ def set_proxy_facts(facts): if 'common' in facts: common = facts['common'] if 'http_proxy' in common or 'https_proxy' in common: + if 'no_proxy' in common and \ + isinstance(common['no_proxy'], basestring): + common['no_proxy'] = common['no_proxy'].split(",") + elif 'no_proxy' not in common: + common['no_proxy'] = [] if 'generate_no_proxy_hosts' in common and \ - common['generate_no_proxy_hosts']: - if 'no_proxy' in common and \ - isinstance(common['no_proxy'], basestring): - common['no_proxy'] = common['no_proxy'].split(",") - else: - common['no_proxy'] = [] + safe_get_bool(common['generate_no_proxy_hosts']): if 'no_proxy_internal_hostnames' in common: common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(',')) common['no_proxy'].append('.' + common['dns_domain']) - common['no_proxy'].append(common['hostname']) - common['no_proxy'] = sort_unique(common['no_proxy']) + # We always add ourselves no matter what + common['no_proxy'].append(common['hostname']) + common['no_proxy'] = sort_unique(common['no_proxy']) facts['common'] = common if 'builddefaults' in facts: @@ -1701,7 +1702,8 @@ class OpenShiftFacts(object): oauth_grant_method='auto', scheduler_predicates=scheduler_predicates, scheduler_priorities=scheduler_priorities, - dynamic_provisioning_enabled=True) + dynamic_provisioning_enabled=True, + max_requests_inflight=500) if 'node' in roles: defaults['node'] = dict(labels={}, annotations={}, @@ -1735,6 +1737,9 @@ class OpenShiftFacts(object): nfs=dict( directory='/exports', options='*(rw,root_squash)'), + openstack=dict( + filesystem='ext4', + volumeID='123'), host=None, access_modes=['ReadWriteMany'], create_pv=True diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index ff726ae24..ce410d1d5 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -1,8 +1,8 @@ --- -- name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 +- name: Verify Ansible version is greater than or equal to 1.9.4 fail: msg: "Unsupported ansible version: {{ ansible_version }} found" - when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + when: not ansible_version.full | version_compare('1.9.4', 'ge') - name: Detecting Operating System stat: diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index 2a651df65..de0a7000e 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -59,6 +59,16 @@ failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0" changed_when: osmiq_perm_task.rc == 0 +- name: Configure 3_2 role/user permissions + command: > + {{ openshift.common.admin_binary }} {{item}} + --config={{manage_iq_tmp_conf}} + with_items: "{{manage_iq_openshift_3_2_tasks}}" + register: osmiq_perm_3_2_task + failed_when: osmiq_perm_3_2_task.rc != 0 + changed_when: osmiq_perm_3_2_task.rc == 0 + when: openshift.common.version_gte_3_2_or_1_2 | bool + - name: Clean temporary configuration file command: > rm -f {{manage_iq_tmp_conf}} diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml index 69ee2cb4c..b2aed79c7 100644 --- a/roles/openshift_manageiq/vars/main.yml +++ b/roles/openshift_manageiq/vars/main.yml @@ -30,3 +30,6 @@ manage_iq_tasks: - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin - policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin - policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin + +manage_iq_openshift_3_2_tasks: + - policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 16df984f9..dbd62c80f 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -1,40 +1,4 @@ --- openshift_node_ips: [] - # TODO: update setting these values based on the facts -os_firewall_allow: -- service: etcd embedded - port: 4001/tcp -- service: api server https - port: "{{ openshift.master.api_port }}/tcp" -- service: api controllers https - port: "{{ openshift.master.controllers_port }}/tcp" -- service: skydns tcp - port: "{{ openshift.master.dns_port }}/tcp" -- service: skydns udp - port: "{{ openshift.master.dns_port }}/udp" -# On HA masters version_gte facts are not properly set so open port 53 -# whenever we're not certain of the need -- service: legacy skydns tcp - port: "53/tcp" - when: "{{ 'version' not in openshift.common or openshift.common.version == None }}" -- service: legacy skydns udp - port: "53/udp" - when: "{{ 'version' not in openshift.common or openshift.common.version == None }}" -- service: Fluentd td-agent tcp - port: 24224/tcp -- service: Fluentd td-agent udp - port: 24224/udp -- service: pcsd - port: 2224/tcp -- service: Corosync UDP - port: 5404/udp -- service: Corosync UDP - port: 5405/udp -os_firewall_deny: -- service: api server http - port: 8080/tcp -- service: former etcd peer port - port: 7001/tcp - openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}" diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index e882e0b8b..d8834d27f 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -18,3 +18,25 @@ dependencies: - role: openshift_builddefaults - role: openshift_master_facts - role: openshift_hosted_facts +- role: os_firewall + os_firewall_allow: + - service: etcd embedded + port: 4001/tcp + - service: api server https + port: "{{ openshift.master.api_port }}/tcp" + - service: api controllers https + port: "{{ openshift.master.controllers_port }}/tcp" + - service: skydns tcp + port: "{{ openshift.master.dns_port }}/tcp" + - service: skydns udp + port: "{{ openshift.master.dns_port }}/udp" + - service: Fluentd td-agent tcp + port: 24224/tcp + - service: Fluentd td-agent udp + port: 24224/udp + - service: pcsd + port: 2224/tcp + - service: Corosync UDP + port: 5404/udp + - service: Corosync UDP + port: 5405/udp diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 4cf632841..026787421 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} -HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +HTTP_PROXY={{ openshift.common.http_proxy | default('') }} {% endif %} {% if 'https_proxy' in openshift.common %} -HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +HTTPS_PROXY={{ openshift.common.https_proxy | default('')}} {% endif %} {% if 'no_proxy' in openshift.common %} -NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }} {% endif %} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 48bb8a13f..17a10ae71 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -196,7 +196,7 @@ servingInfo: certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key - maxRequestsInFlight: 500 + maxRequestsInFlight: {{ openshift.master.max_requests_inflight }} requestTimeoutSeconds: 3600 {% if openshift.master.named_certificates %} namedCertificates: diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 01a8428a0..02c22e374 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} -HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +HTTP_PROXY={{ openshift.common.http_proxy | default('') }} {% endif %} {% if 'https_proxy' in openshift.common %} -HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +HTTPS_PROXY={{ openshift.common.https_proxy | default('')}} {% endif %} {% if 'no_proxy' in openshift.common %} -NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }} {% endif %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 89ccb1eed..644640577 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} -HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +HTTP_PROXY={{ openshift.common.http_proxy | default('') }} {% endif %} {% if 'https_proxy' in openshift.common %} -HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +HTTPS_PROXY={{ openshift.common.https_proxy | default('')}} {% endif %} {% if 'no_proxy' in openshift.common %} -NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }} {% endif %} diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 0cbbaffc2..896dd5e35 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -76,3 +76,4 @@ oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}" image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}" dynamic_provisioning_enabled: "{{ openshift_master_dynamic_provisioning_enabled | default(None) }}" + max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}" diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 1a1dc8ede..df3f6ee65 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,8 +1,9 @@ --- +- name: restart openvswitch + service: name=openvswitch state=restarted + when: not (ovs_service_status_changed | default(false) | bool) + - name: restart node service: name={{ openshift.common.service_type }}-node state=restarted when: not (node_service_status_changed | default(false) | bool) -- name: restart openvswitch - service: name=openvswitch state=restarted - when: not (ovs_service_status_changed | default(false) | bool) diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index ca0c332ea..db1776632 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -17,4 +17,5 @@ dependencies: - role: openshift_common - role: openshift_node_dnsmasq when: openshift.common.use_dnsmasq +- role: os_firewall diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 06fde88af..be70a170d 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -112,6 +112,17 @@ - name: Start and enable node service: name={{ openshift.common.service_type }}-node enabled=yes state=started register: node_start_result + ignore_errors: yes + +- name: Check logs on failure + command: journalctl -xe + register: node_failure + when: node_start_result | failed + +- name: Dump failure information + debug: var=node_failure + when: node_start_result | failed + - set_fact: node_service_status_changed: "{{ node_start_result | changed }}" diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index be4b4ed61..f3262803a 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -14,6 +14,8 @@ dest: /etc/sysconfig/openvswitch when: openshift.common.is_containerized | bool register: install_ovs_sysconfig + notify: + - restart openvswitch - name: Install OpenvSwitch docker service file template: diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index 691fa32f3..09bae1777 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -8,10 +8,12 @@ # a pod would fail. # # To use this, -# Drop this script in /etc/NetworkManager/dispatcher.d/ -# systemctl restart NetworkManager -# Configure node-config.yaml to set dnsIP: to the ip address of this -# node +# - If this host is also a master, reconfigure master dnsConfig to listen on +# 8053 to avoid conflicts on port 53 and open port 8053 in the firewall +# - Drop this script in /etc/NetworkManager/dispatcher.d/ +# - systemctl restart NetworkManager +# - Configure node-config.yaml to set dnsIP: to the ip address of this +# node # # Test it: # host kubernetes.default.svc.cluster.local @@ -31,7 +33,8 @@ if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }') def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}') def_route_ip=$(/sbin/ip route get to ${def_route} | awk '{print $5}') - if [[ ${DEVICE_IFACE} == ${def_route_int} ]]; then + if [[ ${DEVICE_IFACE} == ${def_route_int} && \ + -n "${IP4_NAMESERVERS}" ]]; then if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then cat << EOF > /etc/dnsmasq.d/origin-dns.conf strict-order @@ -42,8 +45,8 @@ server=/30.172.in-addr.arpa/172.30.0.1 EOF fi # zero out our upstream servers list and feed it into dnsmasq - echo '' > /etc/dnsmasq.d/origin-upstream-dns.conf - for ns in ${DHCP4_DOMAIN_NAME_SERVERS}; do + echo -n > /etc/dnsmasq.d/origin-upstream-dns.conf + for ns in ${IP4_NAMESERVERS}; do echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf done systemctl restart dnsmasq diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py index 5ace63918..97aee0b53 100644 --- a/utils/src/ooinstall/openshift_ansible.py +++ b/utils/src/ooinstall/openshift_ansible.py @@ -135,6 +135,16 @@ def write_inventory_vars(base_inventory, multiple_masters, proxy): #base_inventory.write('openshift_image_tag=v{}\n'.format(CFG.settings.get('variant_version'))) base_inventory.write('openshift_image_tag=v{}\n'.format('3.1.1.6')) + if CFG.settings.get('openshift_http_proxy', ''): + base_inventory.write("openshift_http_proxy={}\n".format( + CFG.settings['openshift_http_proxy'])) + if CFG.settings.get('openshift_https_proxy', ''): + base_inventory.write("openshift_https_proxy={}\n".format( + CFG.settings['openshift_https_proxy'])) + if CFG.settings.get('openshift_no_proxy', ''): + base_inventory.write("openshift_no_proxy={}\n".format( + CFG.settings['openshift_no_proxy'])) + def write_host(host, inventory, schedulable=None): global CFG |