summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Vagrantfile4
-rw-r--r--inventory/byo/hosts.aep.example6
-rw-r--r--inventory/byo/hosts.origin.example6
-rw-r--r--inventory/byo/hosts.ose.example6
-rw-r--r--playbooks/aws/openshift-cluster/terminate.yml2
-rw-r--r--playbooks/byo/rhel_subscribe.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml2
-rw-r--r--playbooks/common/openshift-master/config.yml6
-rw-r--r--playbooks/gce/openshift-cluster/terminate.yml2
-rw-r--r--playbooks/libvirt/openshift-cluster/terminate.yml2
-rw-r--r--playbooks/openstack/openshift-cluster/terminate.yml2
-rw-r--r--roles/openshift_common/tasks/main.yml4
-rw-r--r--roles/openshift_examples/defaults/main.yml2
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py26
-rw-r--r--roles/openshift_manageiq/tasks/main.yaml12
-rw-r--r--roles/openshift_master/tasks/main.yml4
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j24
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j22
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml2
-rw-r--r--roles/openshift_node/tasks/main.yml2
-rw-r--r--roles/openshift_router/tasks/main.yml1
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml32
-rw-r--r--roles/os_zabbix/vars/template_openshift_master.yml43
23 files changed, 109 insertions, 65 deletions
diff --git a/Vagrantfile b/Vagrantfile
index 362e1ff48..a38378289 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -30,7 +30,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
libvirt.memory = 1024
libvirt.driver = 'kvm'
case deployment_type
- when "enterprise"
+ when "openshift-enterprise"
+ override.vm.box = "rhel-7"
+ when "atomic-enterprise"
override.vm.box = "rhel-7"
when "origin"
override.vm.box = "centos/7"
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example
index 7f4a1a9d2..915a82579 100644
--- a/inventory/byo/hosts.aep.example
+++ b/inventory/byo/hosts.aep.example
@@ -98,8 +98,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Set cockpit plugins
#osm_cockpit_plugins=['cockpit-kubernetes']
-# Native high availbility cluster method with optional load balancer.
-# If no lb group is defined installer assumes that a load balancer has
+# Native high availability cluster method with optional load balancer.
+# If no lb group is defined, the installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
@@ -247,7 +247,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# openshift-ansible will wait indefinitely for your input when it detects that the
# value of openshift_hostname resolves to an IP address not bound to any local
# interfaces. This mis-configuration is problematic for any pod leveraging host
-# networking and liveness or readiness probes.
+# networking and liveness or readiness probes.
# Setting this variable to true will override that check.
#openshift_override_hostname_check=true
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index aae987796..4fe514d97 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -103,8 +103,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Set cockpit plugins
#osm_cockpit_plugins=['cockpit-kubernetes']
-# Native high availbility cluster method with optional load balancer.
-# If no lb group is defined installer assumes that a load balancer has
+# Native high availability cluster method with optional load balancer.
+# If no lb group is defined, the installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
@@ -252,7 +252,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# openshift-ansible will wait indefinitely for your input when it detects that the
# value of openshift_hostname resolves to an IP address not bound to any local
# interfaces. This mis-configuration is problematic for any pod leveraging host
-# networking and liveness or readiness probes.
+# networking and liveness or readiness probes.
# Setting this variable to true will override that check.
#openshift_override_hostname_check=true
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index f017f9a6e..26caba36a 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -98,8 +98,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Set cockpit plugins
#osm_cockpit_plugins=['cockpit-kubernetes']
-# Native high availbility cluster method with optional load balancer.
-# If no lb group is defined installer assumes that a load balancer has
+# Native high availability cluster method with optional load balancer.
+# If no lb group is defined, the installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
@@ -247,7 +247,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# openshift-ansible will wait indefinitely for your input when it detects that the
# value of openshift_hostname resolves to an IP address not bound to any local
# interfaces. This mis-configuration is problematic for any pod leveraging host
-# networking and liveness or readiness probes.
+# networking and liveness or readiness probes.
# Setting this variable to true will override that check.
#openshift_override_hostname_check=true
diff --git a/playbooks/aws/openshift-cluster/terminate.yml b/playbooks/aws/openshift-cluster/terminate.yml
index c20f370bf..6dd5d8b62 100644
--- a/playbooks/aws/openshift-cluster/terminate.yml
+++ b/playbooks/aws/openshift-cluster/terminate.yml
@@ -18,7 +18,7 @@
hosts: oo_hosts_to_terminate
roles:
- role: rhel_unsubscribe
- when: deployment_type == "enterprise" and
+ when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml
index f564905ea..990ddd2f2 100644
--- a/playbooks/byo/rhel_subscribe.yml
+++ b/playbooks/byo/rhel_subscribe.yml
@@ -4,7 +4,7 @@
openshift_deployment_type: "{{ deployment_type }}"
roles:
- role: rhel_subscribe
- when: deployment_type == "enterprise" and
+ when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
index 55c36810f..342a12810 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
@@ -258,7 +258,7 @@
openshift_master_certs_no_etcd:
- admin.crt
- master.kubelet-client.crt
- - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
+ - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}"
- master.server.crt
- openshift-master.crt
- openshift-registry.crt
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 3d646be64..7844ec1f4 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -18,6 +18,10 @@
- .config_managed
- set_fact:
+ openshift_master_pod_eviction_timeout: "{{ lookup('oo_option', 'openshift_master_pod_eviction_timeout') | default(none, true) }}"
+ when: openshift_master_pod_eviction_timeout is not defined
+
+ - set_fact:
openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}"
openshift_master_etcd_hosts: "{{ hostvars
| oo_select_keys(groups['oo_etcd_to_config']
@@ -146,7 +150,7 @@
openshift_master_certs_no_etcd:
- admin.crt
- master.kubelet-client.crt
- - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
+ - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}"
- master.server.crt
- openshift-master.crt
- openshift-registry.crt
diff --git a/playbooks/gce/openshift-cluster/terminate.yml b/playbooks/gce/openshift-cluster/terminate.yml
index 94b4ab14b..d835c53ba 100644
--- a/playbooks/gce/openshift-cluster/terminate.yml
+++ b/playbooks/gce/openshift-cluster/terminate.yml
@@ -20,7 +20,7 @@
- vars.yml
roles:
- role: rhel_unsubscribe
- when: deployment_type == "enterprise" and
+ when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
diff --git a/playbooks/libvirt/openshift-cluster/terminate.yml b/playbooks/libvirt/openshift-cluster/terminate.yml
index 8d845c8f2..f4749c28d 100644
--- a/playbooks/libvirt/openshift-cluster/terminate.yml
+++ b/playbooks/libvirt/openshift-cluster/terminate.yml
@@ -23,7 +23,7 @@
- vars.yml
roles:
- role: rhel_unsubscribe
- when: deployment_type == "enterprise" and
+ when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml
index 7a86b78c5..a1fb41b53 100644
--- a/playbooks/openstack/openshift-cluster/terminate.yml
+++ b/playbooks/openstack/openshift-cluster/terminate.yml
@@ -19,7 +19,7 @@
- vars.yml
roles:
- role: rhel_unsubscribe
- when: deployment_type == "enterprise" and
+ when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml
index 98b0b11ea..06e2c0878 100644
--- a/roles/openshift_common/tasks/main.yml
+++ b/roles/openshift_common/tasks/main.yml
@@ -8,7 +8,7 @@
when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_nuage | default(false) | bool
- fail:
- msg: Nuage sdn can not be used with flannel
+ msg: Nuage sdn can not be used with flannel
when: openshift_use_flannel | default(false) | bool and openshift_use_nuage | default(false) | bool
- fail:
@@ -49,7 +49,7 @@
# For enterprise versions < 3.1 and origin versions < 1.1 we want to set the
# hostname by default.
- set_fact:
- set_hostname_default: "{{ not openshift.common.version_greater_than_3_1_or_1_1 }}"
+ set_hostname_default: "{{ not openshift.common.version_gte_3_1_or_1_1 }}"
- name: Set hostname
command: >
diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml
index 6b9964aec..5e955590e 100644
--- a/roles/openshift_examples/defaults/main.yml
+++ b/roles/openshift_examples/defaults/main.yml
@@ -6,7 +6,7 @@ openshift_examples_load_db_templates: true
openshift_examples_load_xpaas: "{{ openshift_deployment_type != 'origin' }}"
openshift_examples_load_quickstarts: true
-content_version: "{{ 'v1.1' if openshift.common.version_greater_than_3_1_or_1_1 else 'v1.0' }}"
+content_version: "{{ 'v1.1' if openshift.common.version_gte_3_1_or_1_1 else 'v1.0' }}"
examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized else '/usr/share/openshift' }}/examples"
image_streams_base: "{{ examples_base }}/image-streams"
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index d11af307b..e88022464 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -720,7 +720,7 @@ def set_deployment_facts_if_unset(facts):
def set_version_facts_if_unset(facts):
""" Set version facts. This currently includes common.version and
- common.version_greater_than_3_1_or_1_1.
+ common.version_gte_3_1_or_1_1.
Args:
facts (dict): existing facts
@@ -732,16 +732,20 @@ def set_version_facts_if_unset(facts):
facts['common']['version'] = version = get_openshift_version()
if version is not None:
if deployment_type == 'origin':
- version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('1.0.6')
- version_gt_3_1_1_or_1_1_1 = LooseVersion(version) > LooseVersion('1.1.1')
+ version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('1.1.0')
+ version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('1.1.1')
+ version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('1.1.2')
else:
- version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('3.0.2.900')
- version_gt_3_1_1_or_1_1_1 = LooseVersion(version) > LooseVersion('3.1.1')
+ version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('3.1.0')
+ version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('3.1.1')
+ version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('3.2.0')
else:
- version_gt_3_1_or_1_1 = True
- version_gt_3_1_1_or_1_1_1 = True
- facts['common']['version_greater_than_3_1_or_1_1'] = version_gt_3_1_or_1_1
- facts['common']['version_greater_than_3_1_1_or_1_1_1'] = version_gt_3_1_1_or_1_1_1
+ version_gte_3_1_or_1_1 = True
+ version_gte_3_1_1_or_1_1_1 = True
+ version_gte_3_2_or_1_2 = True
+ facts['common']['version_gte_3_1_or_1_1'] = version_gte_3_1_or_1_1
+ facts['common']['version_gte_3_1_1_or_1_1_1'] = version_gte_3_1_1_or_1_1_1
+ facts['common']['version_gte_3_2_or_1_2'] = version_gte_3_2_or_1_2
return facts
@@ -756,12 +760,12 @@ def set_manageiq_facts_if_unset(facts):
OpenShiftFactsInternalError:
"""
if 'common' not in facts:
- if 'version_greater_than_3_1_or_1_1' not in facts['common']:
+ if 'version_gte_3_1_or_1_1' not in facts['common']:
raise OpenShiftFactsInternalError(
"Invalid invocation: The required facts are not set"
)
if 'use_manageiq' not in facts['common']:
- facts['common']['use_manageiq'] = facts['common']['version_greater_than_3_1_or_1_1']
+ facts['common']['use_manageiq'] = facts['common']['version_gte_3_1_or_1_1']
return facts
diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
index 0357fc85a..d2ff1b4b7 100644
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -1,7 +1,7 @@
---
- fail:
msg: "The openshift_manageiq role requires OpenShift Enterprise 3.1 or Origin 1.1."
- when: not openshift.common.version_greater_than_3_1_or_1_1 | bool
+ when: not openshift.common.version_gte_3_1_or_1_1 | bool
- name: Copy Configuration to temporary conf
command: >
@@ -9,7 +9,7 @@
changed_when: false
- name: Add Managment Infrastructure project
- command: >
+ command: >
{{ openshift.common.admin_binary }} new-project
management-infra
--description="Management Infrastructure"
@@ -20,9 +20,9 @@
- name: Create Service Account
shell: >
- echo {{ manageiq_service_account | to_json | quote }} |
- {{ openshift.common.client_binary }} create
- -n management-infra
+ echo {{ manageiq_service_account | to_json | quote }} |
+ {{ openshift.common.client_binary }} create
+ -n management-infra
--config={{manage_iq_tmp_conf}}
-f -
register: osmiq_create_service_account
@@ -32,7 +32,7 @@
- name: Create Cluster Role
shell: >
echo {{ manageiq_cluster_role | to_json | quote }} |
- {{ openshift.common.client_binary }} create
+ {{ openshift.common.client_binary }} create
--config={{manage_iq_tmp_conf}}
-f -
register: osmiq_create_cluster_role
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 83f6f7542..3613808b6 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -15,7 +15,7 @@
when: openshift_master_ha | bool and ((openshift_master_cluster_method is not defined) or (openshift_master_cluster_method is defined and openshift_master_cluster_method not in ["native", "pacemaker"]))
- fail:
msg: "'native' high availability is not supported for the requested OpenShift version"
- when: openshift_master_ha | bool and openshift_master_cluster_method == "native" and not openshift.common.version_greater_than_3_1_or_1_1 | bool
+ when: openshift_master_ha | bool and openshift_master_cluster_method == "native" and not openshift.common.version_gte_3_1_or_1_1 | bool
- fail:
msg: "openshift_master_cluster_password must be set for multi-master installations"
when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password)
@@ -287,7 +287,7 @@
- name: Mask master service
command: systemctl mask {{ openshift.common.service_type }}-master
- when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and not openshift.common.is_atomic | bool
- name: Start and enable master api
service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 1eeab46fe..813a58d60 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -1,5 +1,5 @@
apiLevels:
-{% if not openshift.common.version_greater_than_3_1_or_1_1 | bool %}
+{% if not openshift.common.version_gte_3_1_or_1_1 | bool %}
- v1beta3
{% endif %}
- v1
@@ -91,7 +91,7 @@ kubeletClientInfo:
port: 10250
{% if openshift.master.embedded_kube | bool %}
kubernetesMasterConfig:
-{% if not openshift.common.version_greater_than_3_1_or_1_1 | bool %}
+{% if not openshift.common.version_gte_3_1_or_1_1 | bool %}
apiLevels:
- v1beta3
- v1
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2
index e6e97b24f..b393bb9ff 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2
@@ -7,7 +7,7 @@ Before={{ openshift.common.service_type }}-node.service
Requires=network.target
[Service]
-{% if openshift.common.version_greater_than_3_1_1_or_1_1_1 | bool %}
+{% if openshift.common.version_gte_3_1_1_or_1_1_1 | bool %}
Type=notify
{% else %}
Type=simple
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 36d953111..7c58e943a 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -39,7 +39,7 @@
state: hard
with_nested:
- masters_needing_certs
- - "{{ master_certificates | union(master_31_certificates) if openshift.common.version_greater_than_3_1_or_1_1 | bool else master_certificates }}"
+ - "{{ master_certificates | union(master_31_certificates) if openshift.common.version_gte_3_1_or_1_1 | bool else master_certificates }}"
- name: Create the master certificates if they do not already exist
command: >
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 9035248f9..1df81ca00 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -17,7 +17,7 @@
# TODO: Replace this with a lookup or filter plugin.
dns_ip: "{{ openshift_dns_ip
| default(openshift_master_cluster_vip
- | default(None if openshift.common.version_greater_than_3_1_or_1_1 | bool else openshift_node_first_master_ip | default(None, true), true), true) }}"
+ | default(None if openshift.common.version_gte_3_1_or_1_1 | bool else openshift_node_first_master_ip | default(None, true), true), true) }}"
- role: node
local_facts:
annotations: "{{ openshift_node_annotations | default(none) }}"
diff --git a/roles/openshift_router/tasks/main.yml b/roles/openshift_router/tasks/main.yml
index 355cbf84b..40365d04d 100644
--- a/roles/openshift_router/tasks/main.yml
+++ b/roles/openshift_router/tasks/main.yml
@@ -3,6 +3,7 @@
command: >
{{ openshift.common.admin_binary }} router
--create --replicas={{ openshift.master.infra_nodes | length }}
+ --namespace=default
--service-account=router {{ ortr_selector }}
--credentials={{ openshift_master_config_dir }}/openshift-router.kubeconfig {{ ortr_images }}
register: ortr_results
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 5cf4bf7af..3b584f8eb 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -1,12 +1,4 @@
---
-- name: Install iptables packages
- action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
- with_items:
- - iptables
- - iptables-services
- register: install_result
- when: not openshift.common.is_atomic | bool
-
- name: Check if firewalld is installed
command: rpm -q firewalld
register: pkg_check
@@ -20,6 +12,22 @@
enabled: no
when: pkg_check.rc == 0
+# TODO: submit PR upstream to add mask/unmask to service module
+- name: Mask firewalld service
+ command: systemctl mask firewalld
+ register: result
+ changed_when: "'firewalld' in result.stdout"
+ when: pkg_check.rc == 0
+ ignore_errors: yes
+
+- name: Install iptables packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items:
+ - iptables
+ - iptables-services
+ register: install_result
+ when: not openshift.common.is_atomic | bool
+
- name: Reload systemd units
command: systemctl daemon-reload
when: install_result | changed
@@ -35,14 +43,6 @@
pause: seconds=10
when: result | changed
-# TODO: submit PR upstream to add mask/unmask to service module
-- name: Mask firewalld service
- command: systemctl mask firewalld
- register: result
- changed_when: "'firewalld' in result.stdout"
- when: pkg_check.rc == 0
- ignore_errors: yes
-
- name: Add iptables allow rules
os_firewall_manage_iptables:
name: "{{ item.service }}"
diff --git a/roles/os_zabbix/vars/template_openshift_master.yml b/roles/os_zabbix/vars/template_openshift_master.yml
index ccbf6a6ec..bcf75e457 100644
--- a/roles/os_zabbix/vars/template_openshift_master.yml
+++ b/roles/os_zabbix/vars/template_openshift_master.yml
@@ -7,8 +7,8 @@ g_template_openshift_master:
- Openshift Master
key: openshift.master.app.create
- - key: openshift.master.registry.healthz
- description: "Shows the health status of the cluster's docker registry"
+ - key: openshift.master.registry.healthy_pct
+ description: "Shows the percentage of healthy registries in the cluster"
type: int
applications:
- Openshift Master
@@ -201,6 +201,18 @@ g_template_openshift_master:
applications:
- Openshift Master Metrics
+ - key: openshift.master.nodesnotready.count
+ description: "This check shows how many nodes in a cluster are in NotReady state."
+ type: int
+ applications:
+ - Openshift Master
+
+ - key: openshift.master.nodesnotschedulable.count
+ description: "This check shows how many nodes in a cluster are not schedulable."
+ type: int
+ applications:
+ - Openshift Master
+
- key: openshift.master.apiserver.latency.summary.pods.quantile.list.5
description: "Value from https://master/metrics. This is the time, in miliseconds, that 50% of the pod operations have taken to completed."
type: int
@@ -333,9 +345,16 @@ g_template_openshift_master:
- 'Openshift Master process not running on {HOST.NAME}'
priority: avg
- - name: 'Docker Registry check failed on {HOST.NAME}'
- expression: '{Template Openshift Master:openshift.master.registry.healthz.max(#2)}<1'
- url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_master.asciidoc'
+ - name: 'One or more Docker Registries is unhealthy according to {HOST.NAME}'
+ expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<100 and {Template Openshift Master:openshift.master.registry.healthy_pct.max(#2)}>50'
+ url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc'
+ dependencies:
+ - 'Openshift Master process not running on {HOST.NAME}'
+ priority: avg
+
+ - name: 'Multiple Docker Registries are unhealthy according to {HOST.NAME}'
+ expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<51'
+ url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc'
dependencies:
- 'Openshift Master process not running on {HOST.NAME}'
priority: high
@@ -354,6 +373,20 @@ g_template_openshift_master:
- 'Openshift Master API health check is failing on {HOST.NAME}'
priority: high
+ - name: 'Hosts not ready according to {HOST.NAME}'
+ expression: '{Template Openshift Master:openshift.master.nodesnotready.count.last(#2)>0'
+ url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_node.asciidoc'
+ dependencies:
+ - 'Openshift Master procecss not running on {HOST.NAME}'
+ priority: high
+
+ - name: 'Hosts not schedulable according to {HOST.NAME}'
+ expression: '{Template Openshift Master:openshift.master.nodesnotschedulable.count.last(#2)>0'
+ url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_node.asciidoc'
+ dependencies:
+ - 'Openshift Master procecss not running on {HOST.NAME}'
+ priority: info
+
zgraphs:
- name: Openshift Master API Server Latency Pods LIST Quantiles
width: 900