diff options
256 files changed, 4669 insertions, 1365 deletions
@@ -1,6 +1,39 @@ #!/bin/bash set -xeuo pipefail +pip install requests + +query_github() { + repo=$1; shift + resource=$1; shift + python -c " +import sys +import requests +j = requests.get('https://api.github.com/repos/$repo/$resource').json() +for q in sys.argv[1:]: + if q.isdigit(): + q = int(q) + j = j[q] +print(j)" "$@" +} + +# Essentially use a similar procedure other openshift-ansible PR tests use to +# determine which image tag should be used. This allows us to avoid hardcoding a +# specific version which quickly becomes stale. + +if [ -n "${PAPR_BRANCH:-}" ]; then + target_branch=$PAPR_BRANCH +else + # check which branch we're targeting if we're a PR + target_branch=$(query_github $PAPR_REPO pulls/$PAPR_PULL_ID base ref) + [ -n "$target_branch" ] +fi + +# this is a bit wasteful, though there's no easy way to say "only clone up to +# the first tag in the branch" -- ideally, PAPR could help with caching here +git clone --branch $target_branch --single-branch https://github.com/openshift/origin +export OPENSHIFT_IMAGE_TAG=$(git -C origin describe --abbrev=0) + echo "Targeting OpenShift Origin $OPENSHIFT_IMAGE_TAG" pip install -r requirements.txt @@ -22,12 +55,15 @@ trap upload_journals ERR # https://github.com/openshift/openshift-ansible/issues/4478 is fixed. ansible-playbook -vvv -i .papr.inventory playbooks/byo/config.yml -e "openshift_image_tag=$OPENSHIFT_IMAGE_TAG" -# run a small subset of origin conformance tests to sanity -# check the cluster NB: we run it on the master since we may -# be in a different OSP network -ssh ocp-master docker run --rm --net=host --privileged \ - -v /etc/origin/master/admin.kubeconfig:/config \ - registry.fedoraproject.org/fedora:26 sh -c \ - '"dnf install -y origin-tests && \ - KUBECONFIG=/config /usr/libexec/origin/extended.test --ginkgo.v=1 \ - --ginkgo.noColor --ginkgo.focus=\"Services.*NodePort|EmptyDir\""' +### DISABLING TESTS FOR NOW, SEE: +### https://github.com/openshift/openshift-ansible/pull/6132 + +### # run a small subset of origin conformance tests to sanity +### # check the cluster NB: we run it on the master since we may +### # be in a different OSP network +### ssh ocp-master docker run --rm --net=host --privileged \ +### -v /etc/origin/master/admin.kubeconfig:/config \ +### registry.fedoraproject.org/fedora:27 sh -c \ +### '"dnf install -y origin-tests && \ +### KUBECONFIG=/config /usr/libexec/origin/extended.test --ginkgo.v=1 \ +### --ginkgo.noColor --ginkgo.focus=\"Services.*NodePort|EmptyDir\""' @@ -14,35 +14,28 @@ cluster: hosts: - name: ocp-master - distro: fedora/26/atomic + distro: fedora/27/atomic specs: ram: 4096 - name: ocp-node1 - distro: fedora/26/atomic + distro: fedora/27/atomic - name: ocp-node2 - distro: fedora/26/atomic + distro: fedora/27/atomic container: - image: registry.fedoraproject.org/fedora:26 + image: registry.fedoraproject.org/fedora:27 -# temp workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1483553 -#packages: -# - gcc -# - python-pip -# - python-devel -# - libffi-devel -# - openssl-devel -# - redhat-rpm-config +packages: + - gcc + - git + - python-pip + - python-devel + - libffi-devel + - openssl-devel + - redhat-rpm-config -context: 'fedora/26/atomic' - -env: - OPENSHIFT_IMAGE_TAG: v3.6.0 +context: 'fedora/27/atomic' tests: - # temp workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1483553 - - if (dnf distro-sync -y || :) |& grep -q -e BDB1539; then - rpm --rebuilddb; dnf distro-sync; - fi; dnf install -y gcc python-pip python-devel libffi-devel openssl-devel redhat-rpm-config - ./.papr.sh artifacts: @@ -214,7 +214,8 @@ ignore-mixin-members=yes # (useful for modules/projects where namespaces are manipulated during runtime # and thus existing member attributes cannot be deduced by static analysis. It # supports qualified module names, as well as Unix pattern matching. -ignored-modules= +# Ignoring ansible.constants to suppress `no-member` warnings +ignored-modules=ansible.constants # List of classes names for which member attributes should not be checked # (useful for classes with attributes dynamically set). This supports can work diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 6fab7527e..c1024572f 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.7.5-1 ./ +3.8.0-0.2.0 ./ diff --git a/.tito/releasers.conf b/.tito/releasers.conf index 17baaa1bd..bce5e5443 100644 --- a/.tito/releasers.conf +++ b/.tito/releasers.conf @@ -42,6 +42,10 @@ releaser = tito.release.DistGitReleaser branches = rhaos-3.7-rhel-7 srpm_disttag = .el7aos +[aos-3.8] +releaser = tito.release.DistGitReleaser +branches = rhaos-3.8-rhel-7 +srpm_disttag = .el7aos [copr-openshift-ansible] releaser = tito.release.CoprReleaser diff --git a/ansible.cfg b/ansible.cfg index 5a4c1cd80..9900d28f8 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -11,6 +11,9 @@ # Additional default options for OpenShift Ansible callback_plugins = callback_plugins/ +filter_plugins = filter_plugins/ +lookup_plugins = lookup_plugins/ +library = library/ forks = 20 host_key_checking = False retry_files_enabled = False @@ -23,15 +26,12 @@ fact_caching = jsonfile fact_caching_connection = $HOME/ansible/facts fact_caching_timeout = 600 callback_whitelist = profile_tasks +inventory_ignore_extensions = secrets.py, .pyc, .cfg, .crt +# work around privilege escalation timeouts in ansible: +timeout = 30 # Uncomment to use the provided BYO inventory -#hostfile = inventory/byo/hosts - -# Uncomment to use the provided GCE dynamic inventory script -#hostfile = inventory/gce/gce.py - -# Uncomment to use the provided AWS dynamic inventory script -#hostfile = inventory/aws/ec2.py +#inventory = inventory/byo/hosts.example [inventory] # fail more helpfully when the inventory file does not parse (Ansible 2.4+) diff --git a/callback_plugins/aa_version_requirement.py b/callback_plugins/aa_version_requirement.py index 9562adb28..110b3d673 100644 --- a/callback_plugins/aa_version_requirement.py +++ b/callback_plugins/aa_version_requirement.py @@ -29,7 +29,7 @@ else: # Set to minimum required Ansible version -REQUIRED_VERSION = '2.3.0.0' +REQUIRED_VERSION = '2.4.0.0' DESCRIPTION = "Supported versions: %s or newer" % REQUIRED_VERSION diff --git a/docs/proposals/crt_management_proposal.md b/docs/proposals/crt_management_proposal.md new file mode 100644 index 000000000..5fc1ad08d --- /dev/null +++ b/docs/proposals/crt_management_proposal.md @@ -0,0 +1,113 @@ +# Container Runtime Management + +## Description +origin and openshift-ansible support multiple container runtimes. This proposal +is related to refactoring how we handle those runtimes in openshift-ansible. + +### Problems addressed +We currently don't install docker during the install at a point early enough to +not fail health checks, and we don't have a good story around when/how to do it. +This is complicated by logic around containerized and non-containerized installs. + +A web of dependencies can cause changes to docker that are unintended and has +resulted in a series of work-around such as 'skip_docker' boolean. + +We don't handle docker storage because it's BYO. By moving docker to a prerequisite +play, we can tackle storage up front and never have to touch it again. + +container_runtime logic is currently spread across 3 roles: docker, openshift_docker, +and openshift_docker_facts. The name 'docker' does not accurately portray what +the role(s) do. + +## Rationale +* Refactor docker (and related meta/fact roles) into 'container_runtime' role. +* Strip all meta-depends on container runtime out of other roles and plays. +* Create a 'prerequisites.yml' entry point that will setup various items +such as container storage and container runtime before executing installation. +* All other roles and plays should merely consume container runtime, should not +configure, restart, or change the container runtime as much as feasible. + +## Design + +The container_runtime role should be comprised of 3 'pseudo-roles' which will be +consumed using include_role; each component area should be enabled/disabled with +a boolean value, defaulting to true. + +I call them 'pseudo-roles' because they are more or less independent functional +areas that may share some variables and act on closely related components. This +is an effort to reuse as much code as possible, limit role-bloat (we already have +an abundance of roles), and make things as modular as possible. + +```yaml +# prerequisites.yml +- include: std_include.yml +- include: container_runtime_setup.yml +... +# container_runtime_setup.yml +- hosts: "{{ openshift_runtime_manage_hosts | default('oo_nodes_to_config') }}" + tasks: + - include_role: + name: container_runtime + tasks_from: install.yml + when: openshift_container_runtime_install | default(True) | bool + - include_role: + name: container_runtime + tasks_from: storage.yml + when: openshift_container_runtime_storage | default(True) | bool + - include_role: + name: container_runtime + tasks_from: configure.yml + when: openshift_container_runtime_configure | default(True) | bool +``` + +Note the host group on the above play. No more guessing what hosts to run this +stuff against. If you want to use an atomic install, specify what hosts will need +us to setup container runtime (such as etcd hosts, loadbalancers, etc); + +We should direct users that are using atomic hosts to disable install in the docs, +let's not add a bunch of logic. + +Alternatively, we can create a new group. + +### Part 1, container runtime install +Install the container runtime components of the desired type. + +```yaml +# install.yml +- include: docker.yml + when: openshift_container_runtime_install_docker | bool + +- include: crio.yml + when: openshift_container_runtime_install_crio | bool + +... other container run times... +``` + +Alternatively to using booleans for each run time, we could use a variable like +"openshift_container_runtime_type". This would be my preference, as we could +use this information in later roles. + +### Part 2, configure/setup container runtime storage +Configure a supported storage solution for containers. + +Similar setup to the previous section. We might need to add some logic for the +different runtimes here, or we maybe create a matrix of possible options. + +### Part 3, configure container runtime. +Place config files, environment files, systemd units, etc. Start/restart +the container runtime as needed. + +Similar to Part 1 with how we should do things. + +## Checklist +* Strip docker from meta dependencies. +* Combine docker facts and meta roles into container_runtime role. +* Docs + +## User Story +As a user of openshift-ansible, I want to be able to manage my container runtime +and related components independent of openshift itself. + +## Acceptance Criteria +* Verify that each container runtime installs with this new method. +* Verify that openshift installs with this new method. diff --git a/filter_plugins/openshift_version.py b/filter_plugins/openshift_version.py index c515f1a71..7a70b158b 100644 --- a/filter_plugins/openshift_version.py +++ b/filter_plugins/openshift_version.py @@ -10,40 +10,6 @@ Custom version comparison filters for use in openshift-ansible from distutils.version import LooseVersion -def legacy_gte_function_builder(name, versions): - """ - Build and return a version comparison function. - - Ex: name = 'oo_version_gte_3_1_or_1_1' - versions = {'enterprise': '3.1', 'origin': '1.1'} - - returns oo_version_gte_3_1_or_1_1, a function which based on the - version and deployment type will return true if the provided - version is greater than or equal to the function's version - """ - enterprise_version = versions['enterprise'] - origin_version = versions['origin'] - - def _gte_function(version, deployment_type): - """ - Dynamic function created by gte_function_builder. - - Ex: version = '3.1' - deployment_type = 'openshift-enterprise' - returns True/False - """ - version_gte = False - if deployment_type == 'openshift-enterprise': - if str(version) >= LooseVersion(enterprise_version): - version_gte = True - else: - if str(version) >= LooseVersion(origin_version): - version_gte = True - return version_gte - _gte_function.__name__ = name - return _gte_function - - def gte_function_builder(name, gte_version): """ Build and return a version comparison function. @@ -96,30 +62,6 @@ class FilterModule(object): # Add the function to the mapping self._filters[func_name] = func - # Create filters with special versioning requirements. - # Treat all Origin 1.x as special case. - legacy_filters = [{'name': 'oo_version_gte_3_1_or_1_1', - 'versions': {'enterprise': '3.0.2.905', - 'origin': '1.1.0'}}, - {'name': 'oo_version_gte_3_1_1_or_1_1_1', - 'versions': {'enterprise': '3.1.1', - 'origin': '1.1.1'}}, - {'name': 'oo_version_gte_3_2_or_1_2', - 'versions': {'enterprise': '3.1.1.901', - 'origin': '1.2.0'}}, - {'name': 'oo_version_gte_3_3_or_1_3', - 'versions': {'enterprise': '3.3.0', - 'origin': '1.3.0'}}, - {'name': 'oo_version_gte_3_4_or_1_4', - 'versions': {'enterprise': '3.4.0', - 'origin': '1.4.0'}}, - {'name': 'oo_version_gte_3_5_or_1_5', - 'versions': {'enterprise': '3.5.0', - 'origin': '1.5.0'}}] - for legacy_filter in legacy_filters: - self._filters[legacy_filter['name']] = legacy_gte_function_builder(legacy_filter['name'], - legacy_filter['versions']) - def filters(self): """ Return the filters mapping. diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index 698b7450a..ccdec2da1 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -17,9 +17,9 @@ nfs # SSH user, this user should allow ssh based auth without requiring a # password. If using ssh key based auth, then the key should be managed by an # ssh agent. -ansible_ssh_user=root +ansible_user=root -# If ansible_ssh_user is not root, ansible_become must be set to true and the +# If ansible_user is not root, ansible_become must be set to true and the # user must be configured for passwordless sudo #ansible_become=yes @@ -401,9 +401,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # OpenShift Registry Console Options # Override the console image prefix: -# origin default is "cockpit/" and the image appended is "kubernetes" -# enterprise default is "registry.access.redhat.com/openshift3/" and the image appended is "registry-console" +# origin default is "cockpit/", enterprise default is "openshift3/" #openshift_cockpit_deployer_prefix=registry.example.com/myrepo/ +# origin default is "kubernetes", enterprise default is "registry-console" +#openshift_cockpit_deployer_basename=my-console # Override image version, defaults to latest for origin, vX.Y product version for enterprise #openshift_cockpit_deployer_version=1.4.1 @@ -1087,3 +1088,6 @@ ose3-lb-ansible.test.example.com containerized=false [nodes] ose3-master[1:3]-ansible.test.example.com ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}" + +[nfs] +ose3-nfs-ansible.test.example.com diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 8bd9cd0f3..98de1ae32 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -10,7 +10,7 @@ Name: openshift-ansible Version: 3.8.0 -Release: 0.0.0%{?dist} +Release: 0.2.0%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -285,6 +285,280 @@ Atomic OpenShift Utilities includes %changelog +* Thu Nov 16 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.2.0 +- Fix openstack init (rteague@redhat.com) +- Ensure node service is started. (kwoodson@redhat.com) +- Added aos-3.8 releaser for tito (smunilla@redhat.com) +- Playbook Consolidation - Initialization (rteague@redhat.com) +- Minor tweaks to ansible.cfg and example inventory (rteague@redhat.com) +- Removed old version code (mgugino@redhat.com) +- Fixing islnk. (kwoodson@redhat.com) +- Removing setting prefix and version facts in openshift_logging to let the + component roles set their defaults (ewolinet@redhat.com) +- Create prometheus configmaps before statefulset (zgalor@redhat.com) +- Bug 1510496 - logging: honor ES PVC size (jwozniak@redhat.com) +- Combine master upgrade play with role (mgugino@redhat.com) +- Fix stale data in openshift_facts for logging (mgugino@redhat.com) +- Start requiring Ansible 2.4 (rteague@redhat.com) +- Fixing origin default for es proxy (ewolinet@redhat.com) +- Addressing tox errors (ewolinet@redhat.com) +- Addressing comments (ewolinet@redhat.com) +- Initial Kuryr Ports Pool Support (ltomasbo@redhat.com) +- Remove an unused retry file (tomas@sedovic.cz) +- Namespace the docker volumes (tomas@sedovic.cz) +- Fix tox (tomas@sedovic.cz) +- Namespace the OpenStack vars (tomas@sedovic.cz) +- Use `null` instead of `False` where it makes sense (tomas@sedovic.cz) +- Simplify the template paths for the storage setup (tomas@sedovic.cz) +- Use the default `item` loop variable for checks (tomas@sedovic.cz) +- Move the selinux check up (tomas@sedovic.cz) +- Add the DNS updates and rename the openstack vars (tomas@sedovic.cz) +- Remove the subnet_update_dns_servers task list (tomas@sedovic.cz) +- Move the vars/main.yml to defaults (tomas@sedovic.cz) +- FIXUP ANSIBLE CFG (tomas@sedovic.cz) +- Remove the static_inventory and bastion samples (tomas@sedovic.cz) +- Use the existing ansible.cfg file (tomas@sedovic.cz) +- Remove the subscription-manager role (tomas@sedovic.cz) +- Add a stub of the dns record update code in (tomas@sedovic.cz) +- Use correct host group in provision.yml (tomas@sedovic.cz) +- Remove the post-install and scale-up playbooks (tomas@sedovic.cz) +- Remove the openstack custom-actions for now (tomas@sedovic.cz) +- Remove the extra roles (tomas@sedovic.cz) +- Add openshift_openstack role and move tasks there (tomas@sedovic.cz) +- Use the docker-storage-setup role (tomas@sedovic.cz) +- Update readme (tomas@sedovic.cz) +- Update lookup plugins path (tomas@sedovic.cz) +- .gitignore casl-infra (tomas@sedovic.cz) +- Move the OpenStack playbooks (tomas@sedovic.cz) +- Updating logging components image defaulting pattern to match + openshift_logging pattern (ewolinet@redhat.com) +- logging with static pvc: allow specifying the storage class name + (bart.vanbos@kbc.be) +- Add role to configure project request template (hansmi@vshn.ch) +- Remove bash highlight (tomas@sedovic.cz) +- Revert the console hostname change (tomas@sedovic.cz) +- Add Extra CAs (custom post-provision action) (#801) (tlacencin@gmail.com) +- Add Flannel support (#814) (bdobreli@redhat.com) +- Docker storage fix (#812) (cwilkers@redhat.com) +- [WIP] Merge server with nofloating server heat templates (#761) + (bdobreli@redhat.com) +- Support separate data network for Flannel SDN (#757) (bdobreli@redhat.com) +- Add Extra Docker Registry URLs (custom post-provision action) (#794) + (tlacencin@gmail.com) +- Make the private key examples consistent (tomas@sedovic.cz) +- Allow the specification of server group policies when provisioning openstack + (#747) (tzumainn@redhat.com) +- Attach additional RHN Pools (post-provision custom action) (#753) + (tlacencin@gmail.com) +- Streamline the OpenStack provider README (tomas@sedovic.cz) +- Adding support for cluster-autoscaler role (kwoodson@redhat.com) +- Fix for this issue https://bugzilla.redhat.com/show_bug.cgi?id=1495372 (#793) + (edu@redhat.com) +- Add CentOS support to the docker-storage-setup role (tomas@sedovic.cz) +- Replace the CASL references (#778) (tomas@sedovic.cz) +- Set public_v4 to private_v4 if it doesn't exist (tomas@sedovic.cz) +- Fix flake8 errors (tomas@sedovic.cz) +- Add dynamic inventory (tomas@sedovic.cz) +- Fixing various contrib changes causing CASL breakage (#771) + (oybed@users.noreply.github.com) +- Required variables to create dedicated lv (#766) (edu@redhat.com) +- Adding the option to use 'stack_state' to allow for easy de-provisioning + (#754) (oybed@users.noreply.github.com) +- Fix public master cluster DNS record when using bastion (#752) + (bdobreli@redhat.com) +- Upscaling OpenShift application nodes (#571) (tlacencin@gmail.com) +- load balancer formatting fix (#745) (tzumainn@redhat.com) +- Docker ansible host (#742) (tomas@sedovic.cz) +- Empty ssh (#729) (tomas@sedovic.cz) +- Remove the `rhsm_register` value from inventory (tomas@sedovic.cz) +- Make the `rhsm_register` value optional (tomas@sedovic.cz) +- Clear the previous inventory during provisioning (tomas@sedovic.cz) +- Fix the cinder_registry_volume conditional (tomas@sedovic.cz) +- Pre-create a Cinder registry volume (tomas@sedovic.cz) +- Add ability to support custom api and console ports (#712) + (etsauer@gmail.com) +- Support Cinder-backed Openshift registry (#707) (tomas@sedovic.cz) +- openstack: make server ports be trunk ports (#713) (celebdor@gmail.com) +- Point openshift_master_cluster_public_hostname at master or lb if defined + (#706) (tzumainn@redhat.com) +- Allow using a provider network (#701) (tomas@sedovic.cz) +- Document global DNS security options (#694) (bdobreli@redhat.com) +- Add custom post-provision playbook for adding yum repos (#697) + (tzumainn@redhat.com) +- Support external/pre-provisioned authoritative cluster DNS (#690) + (bdobreli@redhat.com) +- Added checks for configured images and flavors (#688) (tlacencin@gmail.com) +- Cast num_* as int for jinja templates (#685) (bdobreli@redhat.com) +- Do not repeat pre_tasks for post-provision playbook (#689) + (bdobreli@redhat.com) +- Fix node label customisation (#679) (tlacencin@gmail.com) +- Add documentation regarding running custom post-provision tasks (#678) + (tzumainn@redhat.com) +- Add docs and defaults for multi-master setup (bdobreli@redhat.com) +- Ignore *.cfg and *.crt in the openstack inventory (#672) (tomas@sedovic.cz) +- Update openshift_release in the sample inventory (#647) (tomas@sedovic.cz) +- Configure different Docker volume sizes for different roles (#644) + (tlacencin@gmail.com) +- Avoid server recreation in case of user_data modification. (#651) + (robipolli@gmail.com) +- Set custom hostnames for servers (#643) (tlacencin@gmail.com) +- Access UI via a bastion node (#596) (bdobreli@redhat.com) +- group_vars/all.yml, stack_params.yaml, README: specifying flavors enabled and + documented (#638) (tlacencin@gmail.com) +- Specify different image names for roles (#637) (tlacencin@gmail.com) +- Support multiple private networks for static inventory (#604) + (bdobreli@redhat.com) +- Allow using ephemeral volumes for docker storage (#615) (tomas@sedovic.cz) +- Remove clouds.yaml from sample-inventory (tomas@sedovic.cz) +- Moving common DNS roles out of the playbook area (#605) + (oybed@users.noreply.github.com) +- Note about jmespath requirement for control node (#599) (bdobreli@redhat.com) +- removed openstack (djurgens@redhat.com) +- Add wildcard pointer to Private DNS (djurgens@redhat.com) +- Options for bastion, SSH config, static inventory autogeneration + (bdobreli@redhat.com) +- Add bastion and ssh config for the static inventory role + (bdobreli@redhat.com) +- Set openshift_hostname explicitly for openstack (#579) (tomas@sedovic.cz) +- README: Added note about infra-ansible installation (#574) + (tlacencin@gmail.com) +- Static inventory autogeneration (#550) (bdobreli@redhat.com) +- Generate static inventory with shade inventory (#538) (bdobreli@redhat.com) +- Include masters into etcd group, when it is empty (#559) + (bdobreli@redhat.com) +- During provisioning, make unnecessary packages optional under a switch (#561) + (tlacencin@gmail.com) +- Set ansible_become for the OSEv3 group (tomas@sedovic.cz) +- README: fix (kpilatov@redhat.com) +- README: typo (kpilatov@redhat.com) +- dependencies: python-heatclient and python-openstackclient added to optional + dependencies (kpilatov@redhat.com) +- README: added prerequisity for a repository needed for python-openstackclient + installation (kpilatov@redhat.com) +- Add a role to generate a static inventory (#540) (bdobreli@redhat.com) +- Retry tasks in the subscription manager role (#552) (tlacencin@gmail.com) +- Set up NetworkManager automatically (#542) (tomas@sedovic.cz) +- Replace greaterthan and equalto in openstack-stack (tomas@sedovic.cz) +- Switch the sample inventory to CentOS (#541) (tomas@sedovic.cz) +- Add defaults values for some openstack vars (#539) (tomas@sedovic.cz) +- Install DNS roles from casl-infra with galaxy (#529) (bdobreli@redhat.com) +- Playbook prerequisites.yml checks that prerequisites are met before + provisioning (#518) (tlacencin@gmail.com) +- Persist DNS configuration for nodes for openstack provider + (bdobreli@redhat.com) +- Manage packages to install/update for openstack provider + (bdobreli@redhat.com) +- Fix yaml indentation (tomas@sedovic.cz) +- Use wait_for_connection for the Heat nodes (tomas@sedovic.cz) +- Put back node/flat secgrp for infra nodes on openstack (bdobreli@redhat.com) +- README.md: fixing typo (kpilatov@redhat.com) +- README.md: list jinja2 as a dependency (kpilatov@redhat.com) +- Modify sec groups for provisioned openstack servers (bdobreli@redhat.com) +- rename node_removal_policies, add some comments and defaults + (tzumainn@redhat.com) +- all.yml: removed whitespaces in front of variables (kpilatov@redhat.com) +- removed whitespace in front of commented variable (kpilatov@redhat.com) +- OSEv3.yml: trailing space... (kpilatov@redhat.com) +- OSEv3.yml: added option to ignore set hardware limits for RAM and DISK + (kpilatov@redhat.com) +- Fix flat sec group and infra/dns sec rules (bdobreli@redhat.com) +- Add node_removal_policies variable to allow for scaling down + (tzumainn@redhat.com) +- Use cached facts, do not become for localhost (#484) (bdobreli@redhat.com) +- Add profiling and skippy stdout (#470) (bdobreli@redhat.com) +- Fix flake8 errors with the openstack inventory (tomas@sedovic.cz) +- Fix yamllint errors (tomas@sedovic.cz) +- Update sample inventory with the latest changes (tomas@sedovic.cz) +- Gather facts for provision playbook (bdobreli@redhat.com) +- Drop atomic-openshift-utils, update docs for origin (bdobreli@redhat.com) +- Add ansible.cfg for openstack provider (bdobreli@redhat.com) +- Add a flat sec group for openstack provider (bdobreli@redhat.com) +- Always let the openshift nodes access the DNS (tomas@sedovic.cz) +- Fix privileges in the pre-install playbook (tomas@sedovic.cz) +- Add default values to provision-openstack.yml (tomas@sedovic.cz) +- Move pre_tasks from to the openstack provisioner (tomas@sedovic.cz) +- Add readme (tomas@sedovic.cz) +- Add license for openstack.py in inventory (tomas@sedovic.cz) +- Add a sample inventory for openstack provisioning (tomas@sedovic.cz) +- Symlink roles to provisioning/openstack/roles (tomas@sedovic.cz) +- Add a single provisioning playbook (tomas@sedovic.cz) +- Move the openstack provisioning playbooks (tomas@sedovic.cz) +- Update CASL to use nsupdate for DNS records (#48) + (oybed@users.noreply.github.com) +- Conditionally set the openshift_master_default_subdomain to avoid overriding + it unecessary (#47) (oybed@users.noreply.github.com) +- More ansible migration and deploy OCP from local workstation (#376) + (pschiffe@redhat.com) +- Removed hardcoded values from ansible roles (edu@redhat.com) +- First attempt at a simple multi-master support (#39) (etsauer@gmail.com) +- Stack refactor (#38) (etsauer@gmail.com) +- Ensure DNS configuration has wildcards set for infra nodes (#24) + (oybed@users.noreply.github.com) +- Fixing two significant bugs in the HEAT deployment (#13) (etsauer@gmail.com) +- update for yamllint errors (jdetiber@redhat.com) +- Making providers common (#126) (rcook@redhat.com) +- Openstack heat (#2) (etsauer@gmail.com) +- Fixing ansible impl to work with OSP9 and ansible 2.2 (bedin@redhat.com) +- Updated env_id to be a sub-domain + make the logic a bit more flexible + (bedin@redhat.com) +- Fixes Issue #163 if rhsm_password is not defined (vvaldez@redhat.com) +- Cleande up hostname role to make it more generic (bedin@redhat.com) +- Updated to run as root rather than cloud-user, for now... (bedin@redhat.com) +- Channging hard coded host groups to match openshift-ansible expected host + groups. Importing byo playbook now instead of nested ansible run. Need to + refactor how we generate hostnames to make it fit this. (esauer@redhat.com) +- Subscription manager role should accomodate orgs with spaces + (esauer@redhat.com) +- Reverting previous commit and making template adjustments (esauer@redhat.com) +- Changes to allow runs from inside a container. Also allows for running + upstream openshift-ansible installer (esauer@redhat.com) +- Changes by JayKayy for a full provision of OpenShift on OpenStack + (esauer@redhat.com) +- Fix typo in task name (vvaldez@redhat.com) +- Add org parameter to Satellite with user/pass (vvaldez@redhat.com) +- Remove vars_prompt, add info to README to re-enable and for ansible-vault + (vvaldez@redhat.com) +- Cosmetic changes to task names and move yum clean all to prereqs + (vvaldez@redhat.com) +- Refactor use of rhsm_password to prevent display to CLI (vvaldez@redhat.com) +- Fix bad syntax with extra 'and' in when using rhsm_pool (vvaldez@redhat.com) +- Refactor role to dynamically determine rhsm_method (vvaldez@redhat.com) +- Add subscription-manager support for Hosted or Satellite (vvaldez@redhat.com) +- New OSE3 docker host builder and OpenStack ansible provisioning support + (andy.block@gmail.com) + +* Wed Nov 15 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.1.0 +- Allow disabling authorization migration check (sdodson@redhat.com) +- Alternative method to create docker registry auth creds (mgugino@redhat.com) +- Nuke /var/lib/dockershim/sandbox/* while nodes are drained + (sdodson@redhat.com) +- crio: sync crio.conf (gscrivan@redhat.com) +- Updating provisioning order. (kwoodson@redhat.com) +- Regex anchors changed to match protocol start and ports. + (kwoodson@redhat.com) +- First pass at v3.8 support (sdodson@redhat.com) +- Run registry auth after docker restart (mgugino@redhat.com) +- Fix extension script for catalog (mgugino@redhat.com) +- Adding instance profile support for node groups. (kwoodson@redhat.com) +- Bumping openshift-ansible to 3.8 (smunilla@redhat.com) +- ansible.cfg: error when inventory does not parse (lmeyer@redhat.com) +- removing kind restrictions from oc_edit (kwoodson@redhat.com) +- Update Docs. Make Clearer where the actual docs are. (tbielawa@redhat.com) +- Remove upgrade playbooks for 3.3 through 3.5 (rteague@redhat.com) +- GlusterFS: Add gluster-s3 functionality (jarrpa@redhat.com) +- GlusterFS: Add glusterblock functionality (jarrpa@redhat.com) +- GlusterFS: Update heketi templates for latest version (jarrpa@redhat.com) +- GlusterFS: Specify resource requests (jarrpa@redhat.com) +- Remove remaining haproxy files with uninstallation + (nakayamakenjiro@gmail.com) +- Proposal: container_runtime role (mgugino@redhat.com) +- Fix contenerized documentation? (mickael.canevet@camptocamp.com) +- Cleans up additional artifacts in uninstall. Closes 3082 + (gregswift@gmail.com) +- Add execution times to checkpoint status (rteague@redhat.com) +- Make clearer *_nfs_directory and *_volume_name (lpsantil@gmail.com) +- Allow cluster IP for docker-registry service to be set (hansmi@vshn.ch) + * Thu Nov 09 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.5-1 - diff --git a/playbooks/aws/openshift-cluster/install.yml b/playbooks/aws/openshift-cluster/install.yml index 1e8118490..8756fb52a 100644 --- a/playbooks/aws/openshift-cluster/install.yml +++ b/playbooks/aws/openshift-cluster/install.yml @@ -15,11 +15,8 @@ name: openshift_aws tasks_from: master_facts.yml -- name: normalize groups - include: ../../byo/openshift-cluster/initialize_groups.yml - -- name: run the std_include - include: ../../common/openshift-cluster/std_include.yml +- name: run the init + include: ../../init/main.yml - name: perform the installer openshift-checks include: ../../common/openshift-checks/install.yml diff --git a/playbooks/byo/openshift-checks/adhoc.yml b/playbooks/byo/openshift-checks/adhoc.yml index 226bed732..4ee9e75f1 100644 --- a/playbooks/byo/openshift-checks/adhoc.yml +++ b/playbooks/byo/openshift-checks/adhoc.yml @@ -20,8 +20,6 @@ action: openshift_health_check when: openshift_checks is undefined or not openshift_checks -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-checks/adhoc.yml diff --git a/playbooks/byo/openshift-checks/health.yml b/playbooks/byo/openshift-checks/health.yml index 96a71e4dc..0034251e3 100644 --- a/playbooks/byo/openshift-checks/health.yml +++ b/playbooks/byo/openshift-checks/health.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-checks/health.yml diff --git a/playbooks/byo/openshift-checks/pre-install.yml b/playbooks/byo/openshift-checks/pre-install.yml index dd93df0bb..1d35f601b 100644 --- a/playbooks/byo/openshift-checks/pre-install.yml +++ b/playbooks/byo/openshift-checks/pre-install.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-checks/pre-install.yml diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index f2e52782b..57823847b 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -1,10 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/config.yml diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml index 9ce8f0d3c..b429e84e5 100644 --- a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml +++ b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml @@ -1,4 +1,4 @@ --- -- include: initialize_groups.yml +- include: ../../init/evaluate_groups.yml - include: ../../common/openshift-cluster/enable_dnsmasq.yml diff --git a/playbooks/byo/openshift-cluster/initialize_groups.yml b/playbooks/byo/openshift-cluster/initialize_groups.yml deleted file mode 100644 index 2a725510a..000000000 --- a/playbooks/byo/openshift-cluster/initialize_groups.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Create initial host groups for localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tags: - - always - tasks: - - include_vars: cluster_hosts.yml diff --git a/playbooks/byo/openshift-cluster/openshift-hosted.yml b/playbooks/byo/openshift-cluster/openshift-hosted.yml index edd4c8d7b..0855a2fb6 100644 --- a/playbooks/byo/openshift-cluster/openshift-hosted.yml +++ b/playbooks/byo/openshift-cluster/openshift-hosted.yml @@ -1,6 +1,4 @@ --- -- include: initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-cluster/openshift_hosted.yml diff --git a/playbooks/byo/openshift-cluster/openshift-logging.yml b/playbooks/byo/openshift-cluster/openshift-logging.yml index a523bb47f..74e186f33 100644 --- a/playbooks/byo/openshift-cluster/openshift-logging.yml +++ b/playbooks/byo/openshift-cluster/openshift-logging.yml @@ -4,12 +4,6 @@ # Hosted logging on. See inventory/byo/hosts.*.example for the # currently supported method. # -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/openshift_logging.yml diff --git a/playbooks/byo/openshift-cluster/openshift-metrics.yml b/playbooks/byo/openshift-cluster/openshift-metrics.yml index 1135c8c11..e4c9ba1f7 100644 --- a/playbooks/byo/openshift-cluster/openshift-metrics.yml +++ b/playbooks/byo/openshift-cluster/openshift-metrics.yml @@ -1,10 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/openshift_metrics.yml diff --git a/playbooks/byo/openshift-cluster/openshift-prometheus.yml b/playbooks/byo/openshift-cluster/openshift-prometheus.yml index 4d3f7f42c..634ee2a80 100644 --- a/playbooks/byo/openshift-cluster/openshift-prometheus.yml +++ b/playbooks/byo/openshift-cluster/openshift-prometheus.yml @@ -1,6 +1,4 @@ --- -- include: initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-cluster/openshift_prometheus.yml diff --git a/playbooks/byo/openshift-cluster/openshift-provisioners.yml b/playbooks/byo/openshift-cluster/openshift-provisioners.yml index 8e80f158b..0949d33c9 100644 --- a/playbooks/byo/openshift-cluster/openshift-provisioners.yml +++ b/playbooks/byo/openshift-cluster/openshift-provisioners.yml @@ -1,6 +1,4 @@ --- -- include: initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-cluster/openshift_provisioners.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-certificates.yml index f53d34145..6450a4d76 100644 --- a/playbooks/byo/openshift-cluster/redeploy-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-certificates.yml @@ -1,11 +1,5 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/check-expiry.yml vars: diff --git a/playbooks/byo/openshift-cluster/redeploy-etcd-ca.yml b/playbooks/byo/openshift-cluster/redeploy-etcd-ca.yml index 29f821eda..77dd121b3 100644 --- a/playbooks/byo/openshift-cluster/redeploy-etcd-ca.yml +++ b/playbooks/byo/openshift-cluster/redeploy-etcd-ca.yml @@ -1,10 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/etcd-ca.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml index f4f2ce00d..f3892f56f 100644 --- a/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml @@ -1,11 +1,5 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/check-expiry.yml vars: diff --git a/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml index 049bad8e7..6a4528b7f 100644 --- a/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml @@ -1,11 +1,5 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/masters-backup.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml index 345b0c689..891c0e58c 100644 --- a/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml @@ -1,11 +1,5 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/nodes-backup.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml b/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml index 6e11a111b..9cebeb1ee 100644 --- a/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml +++ b/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml @@ -1,10 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/openshift-ca.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml index 30feabab3..36b6250a7 100644 --- a/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml @@ -1,10 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/registry.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml index 2630fb234..181e03381 100644 --- a/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml @@ -1,10 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/router.yml diff --git a/playbooks/byo/openshift-cluster/service-catalog.yml b/playbooks/byo/openshift-cluster/service-catalog.yml index 40a7606e7..7be63b0a5 100644 --- a/playbooks/byo/openshift-cluster/service-catalog.yml +++ b/playbooks/byo/openshift-cluster/service-catalog.yml @@ -4,12 +4,6 @@ # Hosted logging on. See inventory/byo/hosts.*.example for the # currently supported method. # -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/service_catalog.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml index 7f31e26e1..c46b22331 100644 --- a/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml @@ -1,5 +1,5 @@ --- # Playbook to upgrade Docker to the max allowable version for an OpenShift cluster. -- include: ../../initialize_groups.yml +- include: ../../../../init/evaluate_groups.yml - include: ../../../../common/openshift-cluster/upgrades/docker/docker_upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml b/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml index 5bd5d64ab..a9be8dec4 100644 --- a/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml +++ b/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml @@ -1,6 +1,4 @@ --- -- include: ../initialize_groups.yml - -- include: ../../../common/openshift-cluster/evaluate_groups.yml +- include: ../../../init/evaluate_groups.yml - include: ../../../common/openshift-cluster/upgrades/etcd/main.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml index 40120b3e8..c880fe7f7 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -2,6 +2,4 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 408a4c631..aeec5f5cc 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -11,6 +11,4 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml index b5f42b804..4664a9a2b 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml @@ -4,6 +4,4 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml index e41c29682..cbb89bc4d 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -2,6 +2,4 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index 21e0fd815..1adfbdec0 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -11,6 +11,4 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml index 0e09d996e..b4da18281 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml @@ -4,6 +4,4 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml index 3d4e6a790..f7e5dd1d2 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml @@ -2,6 +2,4 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml index d83305119..cc04d81c1 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml @@ -11,6 +11,4 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml index a972bb7a6..37a9f69bb 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml @@ -4,6 +4,4 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-etcd/certificates.yml b/playbooks/byo/openshift-etcd/certificates.yml index e35cf243f..0e9d42cd6 100644 --- a/playbooks/byo/openshift-etcd/certificates.yml +++ b/playbooks/byo/openshift-etcd/certificates.yml @@ -1,7 +1,5 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-etcd/ca.yml diff --git a/playbooks/byo/openshift-etcd/config.yml b/playbooks/byo/openshift-etcd/config.yml index 1342bd60c..c6e0a9d90 100644 --- a/playbooks/byo/openshift-etcd/config.yml +++ b/playbooks/byo/openshift-etcd/config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-etcd/config.yml diff --git a/playbooks/byo/openshift-etcd/embedded2external.yml b/playbooks/byo/openshift-etcd/embedded2external.yml index 6690a7624..492f677b0 100644 --- a/playbooks/byo/openshift-etcd/embedded2external.yml +++ b/playbooks/byo/openshift-etcd/embedded2external.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-etcd/embedded2external.yml diff --git a/playbooks/byo/openshift-etcd/migrate.yml b/playbooks/byo/openshift-etcd/migrate.yml index 2dec2bef6..3020e7db4 100644 --- a/playbooks/byo/openshift-etcd/migrate.yml +++ b/playbooks/byo/openshift-etcd/migrate.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-etcd/migrate.yml diff --git a/playbooks/byo/openshift-etcd/restart.yml b/playbooks/byo/openshift-etcd/restart.yml index 034bba4b4..0889d91ba 100644 --- a/playbooks/byo/openshift-etcd/restart.yml +++ b/playbooks/byo/openshift-etcd/restart.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-etcd/restart.yml diff --git a/playbooks/byo/openshift-etcd/scaleup.yml b/playbooks/byo/openshift-etcd/scaleup.yml index a2a5856a9..e7d62e264 100644 --- a/playbooks/byo/openshift-etcd/scaleup.yml +++ b/playbooks/byo/openshift-etcd/scaleup.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-etcd/scaleup.yml diff --git a/playbooks/byo/openshift-glusterfs/config.yml b/playbooks/byo/openshift-glusterfs/config.yml index 3f11f3991..120476bb8 100644 --- a/playbooks/byo/openshift-glusterfs/config.yml +++ b/playbooks/byo/openshift-glusterfs/config.yml @@ -1,10 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-glusterfs/config.yml diff --git a/playbooks/byo/openshift-glusterfs/registry.yml b/playbooks/byo/openshift-glusterfs/registry.yml index 6ee6febdb..32734f863 100644 --- a/playbooks/byo/openshift-glusterfs/registry.yml +++ b/playbooks/byo/openshift-glusterfs/registry.yml @@ -1,10 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-glusterfs/registry.yml diff --git a/playbooks/byo/openshift-loadbalancer/config.yml b/playbooks/byo/openshift-loadbalancer/config.yml index 32c828f97..27925d2e9 100644 --- a/playbooks/byo/openshift-loadbalancer/config.yml +++ b/playbooks/byo/openshift-loadbalancer/config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-loadbalancer/config.yml diff --git a/playbooks/byo/openshift-management/add_container_provider.yml b/playbooks/byo/openshift-management/add_container_provider.yml index 3378b5abd..e2f558550 100644 --- a/playbooks/byo/openshift-management/add_container_provider.yml +++ b/playbooks/byo/openshift-management/add_container_provider.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/evaluate_groups.yml +- include: ../../init/evaluate_groups.yml - include: ../../common/openshift-management/add_container_provider.yml diff --git a/playbooks/byo/openshift-management/config.yml b/playbooks/byo/openshift-management/config.yml index 209c66502..e699fd014 100644 --- a/playbooks/byo/openshift-management/config.yml +++ b/playbooks/byo/openshift-management/config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-management/config.yml diff --git a/playbooks/byo/openshift-master/additional_config.yml b/playbooks/byo/openshift-master/additional_config.yml index b3d7b5731..1454190b2 100644 --- a/playbooks/byo/openshift-master/additional_config.yml +++ b/playbooks/byo/openshift-master/additional_config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-master/additional_config.yml diff --git a/playbooks/byo/openshift-master/certificates.yml b/playbooks/byo/openshift-master/certificates.yml index e147dcba1..344985244 100644 --- a/playbooks/byo/openshift-master/certificates.yml +++ b/playbooks/byo/openshift-master/certificates.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-master/certificates.yml diff --git a/playbooks/byo/openshift-master/config.yml b/playbooks/byo/openshift-master/config.yml index 98be0c448..913525e65 100644 --- a/playbooks/byo/openshift-master/config.yml +++ b/playbooks/byo/openshift-master/config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-master/config.yml diff --git a/playbooks/byo/openshift-master/restart.yml b/playbooks/byo/openshift-master/restart.yml index 8950efd00..d2031d928 100644 --- a/playbooks/byo/openshift-master/restart.yml +++ b/playbooks/byo/openshift-master/restart.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-master/restart.yml diff --git a/playbooks/byo/openshift-master/scaleup.yml b/playbooks/byo/openshift-master/scaleup.yml index a09edd55a..4fdec5e7d 100644 --- a/playbooks/byo/openshift-master/scaleup.yml +++ b/playbooks/byo/openshift-master/scaleup.yml @@ -1,5 +1,5 @@ --- -- include: ../openshift-cluster/initialize_groups.yml +- include: ../../init/evaluate_groups.yml - name: Ensure there are new_masters or new_nodes hosts: localhost @@ -13,8 +13,11 @@ add hosts to the new_masters and new_nodes host groups to add masters. when: - - (g_new_master_hosts | default([]) | length == 0) and (g_new_node_hosts | default([]) | length == 0) + - g_new_master_hosts | default([]) | length == 0 + - g_new_node_hosts | default([]) | length == 0 -- include: ../../common/openshift-cluster/std_include.yml +# Need a better way to do the above check for node without +# running evaluate_groups and init/main.yml +- include: ../../init/main.yml - include: ../../common/openshift-master/scaleup.yml diff --git a/playbooks/byo/openshift-nfs/config.yml b/playbooks/byo/openshift-nfs/config.yml index 93b24411e..a5e6fe784 100644 --- a/playbooks/byo/openshift-nfs/config.yml +++ b/playbooks/byo/openshift-nfs/config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-nfs/config.yml diff --git a/playbooks/byo/openshift-node/certificates.yml b/playbooks/byo/openshift-node/certificates.yml index 3d2de74a9..5342cf46b 100644 --- a/playbooks/byo/openshift-node/certificates.yml +++ b/playbooks/byo/openshift-node/certificates.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-node/certificates.yml diff --git a/playbooks/byo/openshift-node/config.yml b/playbooks/byo/openshift-node/config.yml index 839dc36ff..b157b13d6 100644 --- a/playbooks/byo/openshift-node/config.yml +++ b/playbooks/byo/openshift-node/config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-node/config.yml diff --git a/playbooks/byo/openshift-node/network_manager.yml b/playbooks/byo/openshift-node/network_manager.yml index b23692237..3d96cbdd5 100644 --- a/playbooks/byo/openshift-node/network_manager.yml +++ b/playbooks/byo/openshift-node/network_manager.yml @@ -1,4 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml +- include: ../../init/evaluate_groups.yml - include: ../../common/openshift-node/network_manager.yml diff --git a/playbooks/byo/openshift-node/restart.yml b/playbooks/byo/openshift-node/restart.yml index ccf9e82da..53a6b9ed4 100644 --- a/playbooks/byo/openshift-node/restart.yml +++ b/playbooks/byo/openshift-node/restart.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-node/restart.yml diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml index e0c36fb69..bf1bbcf46 100644 --- a/playbooks/byo/openshift-node/scaleup.yml +++ b/playbooks/byo/openshift-node/scaleup.yml @@ -1,5 +1,5 @@ --- -- include: ../openshift-cluster/initialize_groups.yml +- include: ../../init/evaluate_groups.yml - name: Ensure there are new_nodes hosts: localhost @@ -14,6 +14,8 @@ when: - g_new_node_hosts | default([]) | length == 0 -- include: ../../common/openshift-cluster/std_include.yml +# Need a better way to do the above check for node without +# running evaluate_groups and init/main.yml +- include: ../../init/main.yml - include: ../../common/openshift-node/config.yml diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml index a8c1c3a88..29e0ebe8d 100644 --- a/playbooks/byo/openshift_facts.yml +++ b/playbooks/byo/openshift_facts.yml @@ -1,19 +1,13 @@ --- -- include: openshift-cluster/initialize_groups.yml - tags: - - always - -- include: ../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../init/main.yml - name: Gather Cluster facts - # Temporarily reverting to OSEv3 until group standardization is complete - hosts: OSEv3 + hosts: oo_all_hosts roles: - openshift_facts tasks: - openshift_facts: openshift_env: "{{ hostvars[inventory_hostname] | oo_openshift_env }}" register: result - - debug: var=result + - debug: + var: result diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml index bc3109a31..261143080 100644 --- a/playbooks/byo/rhel_subscribe.yml +++ b/playbooks/byo/rhel_subscribe.yml @@ -1,11 +1,8 @@ --- -- include: openshift-cluster/initialize_groups.yml - tags: - - always +- include: ../init/evaluate_groups.yml - name: Subscribe hosts, update repos and update OS packages - # Temporarily reverting to OSEv3 until group standardization is complete - hosts: OSEv3 + hosts: oo_all_hosts roles: - role: rhel_subscribe when: diff --git a/playbooks/common/openshift-cluster/cockpit-ui.yml b/playbooks/common/openshift-cluster/cockpit-ui.yml index 5ddafdb07..359132dd0 100644 --- a/playbooks/common/openshift-cluster/cockpit-ui.yml +++ b/playbooks/common/openshift-cluster/cockpit-ui.yml @@ -3,4 +3,6 @@ hosts: oo_first_master roles: - role: cockpit-ui - when: ( openshift.common.version_gte_3_3_or_1_3 | bool ) and ( openshift_hosted_manage_registry | default(true) | bool ) and not (openshift.docker.hosted_registry_insecure | default(false) | bool) + when: + - openshift_hosted_manage_registry | default(true) | bool + - not openshift.docker.hosted_registry_insecure | default(false) | bool diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml index be14b06f0..f91361b67 100644 --- a/playbooks/common/openshift-cluster/enable_dnsmasq.yml +++ b/playbooks/common/openshift-cluster/enable_dnsmasq.yml @@ -1,13 +1,8 @@ --- -- include: evaluate_groups.yml - - name: Load openshift_facts hosts: oo_masters_to_config:oo_nodes_to_config roles: - openshift_facts - post_tasks: - - fail: msg="This playbook requires a master version of at least Origin 1.1 or OSE 3.1" - when: not openshift.common.version_gte_3_1_1_or_1_1_1 | bool - name: Reconfigure masters to listen on our new dns_port hosts: oo_masters_to_config diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml index e22c8cbdb..eb225dfb5 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml @@ -1,11 +1,4 @@ --- -- name: Verify OpenShift version is greater than or equal to 1.2 or 3.2 - hosts: oo_first_master - tasks: - - fail: - msg: "The current OpenShift version is less than 1.2/3.2 and does not support CA bundles." - when: not openshift.common.version_gte_3_2_or_1_2 | bool - - name: Check cert expirys hosts: oo_nodes_to_config:oo_masters_to_config:oo_etcd_to_config vars: diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml index afd5463b2..7e9363c5f 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml @@ -70,9 +70,7 @@ --hostnames="{{ docker_registry_service_ip.results.clusterip }},docker-registry.default.svc,docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}" --cert={{ openshift.common.config_base }}/master/registry.crt --key={{ openshift.common.config_base }}/master/registry.key - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_hosted_registry_cert_expire_days | default(730) }} - {% endif %} - name: Update registry certificates secret oc_secret: diff --git a/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml index 98953f72e..6d4ddf011 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml @@ -1,5 +1,5 @@ --- -- include: ../../evaluate_groups.yml +- include: ../../../../init/evaluate_groups.yml vars: # Do not allow adding hosts during upgrade. g_new_master_hosts: [] diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml index 6ad0b6b86..9981d905b 100644 --- a/playbooks/common/openshift-cluster/upgrades/init.yml +++ b/playbooks/common/openshift-cluster/upgrades/init.yml @@ -1,11 +1,11 @@ --- -- include: ../evaluate_groups.yml +- include: ../../../init/evaluate_groups.yml vars: # Do not allow adding hosts during upgrade. g_new_master_hosts: [] g_new_node_hosts: [] -- include: ../initialize_facts.yml +- include: ../../../init/facts.yml - name: Ensure firewall is not switched during upgrade hosts: oo_all_hosts diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index 122066955..c634e0ab8 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -85,6 +85,8 @@ roles: - openshift_manageiq + - role: openshift_project_request_template + when: openshift_project_request_template_manage # Create the new templates shipped in 3.2, existing templates are left # unmodified. This prevents the subsequent role definition for # openshift_examples from failing when trying to replace templates that do @@ -117,7 +119,6 @@ - name: grep pluginOrderOverride command: grep pluginOrderOverride {{ openshift.common.config_base }}/master/master-config.yaml register: grep_plugin_order_override - when: openshift.common.version_gte_3_3_or_1_3 | bool changed_when: false failed_when: false diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index 8783ade99..fa65567c2 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -63,13 +63,9 @@ vars: openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" serial: 1 - handlers: - - include: ../../../../roles/openshift_master/handlers/main.yml - static: yes - roles: - - openshift_facts - - lib_utils - post_tasks: + tasks: + - include_role: + name: openshift_facts # Run the pre-upgrade hook if defined: - debug: msg="Running master pre-upgrade hook {{ openshift_master_upgrade_pre_hook }}" @@ -78,55 +74,9 @@ - include: "{{ openshift_master_upgrade_pre_hook }}" when: openshift_master_upgrade_pre_hook is defined - - include: rpm_upgrade.yml component=master - when: not openshift.common.is_containerized | bool - - - include_vars: ../../../../roles/openshift_master_facts/vars/main.yml - - - include: upgrade_scheduler.yml - - - include: "{{ master_config_hook }}" - when: master_config_hook is defined - - - include_vars: ../../../../roles/openshift_master/vars/main.yml - - - name: Update journald config - include: ../../../../roles/openshift_master/tasks/journald.yml - - - name: Remove any legacy systemd units and update systemd units - include: ../../../../roles/openshift_master/tasks/systemd_units.yml - - - name: Check for ca-bundle.crt - stat: - path: "{{ openshift.common.config_base }}/master/ca-bundle.crt" - register: ca_bundle_stat - failed_when: false - - - name: Check for ca.crt - stat: - path: "{{ openshift.common.config_base }}/master/ca.crt" - register: ca_crt_stat - failed_when: false - - - name: Migrate ca.crt to ca-bundle.crt - command: mv ca.crt ca-bundle.crt - args: - chdir: "{{ openshift.common.config_base }}/master" - when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists - - - name: Link ca.crt to ca-bundle.crt - file: - src: "{{ openshift.common.config_base }}/master/ca-bundle.crt" - path: "{{ openshift.common.config_base }}/master/ca.crt" - state: link - when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists - - - name: Update oreg value - yedit: - src: "{{ openshift.common.config_base }}/master/master-config.yaml" - key: 'imageConfig.format' - value: "{{ oreg_url | default(oreg_url_master) }}" - when: oreg_url is defined or oreg_url_master is defined + - include_role: + name: openshift_master + tasks_from: upgrade.yml # Run the upgrade hook prior to restarting services/system if defined: - debug: msg="Running master upgrade hook {{ openshift_master_upgrade_hook }}" @@ -236,7 +186,6 @@ - reconcile_jenkins_role_binding_result.rc == 0 when: - openshift_version | version_compare('3.7','<') - - openshift_version | version_compare('3.4','>=') - when: openshift_upgrade_target | version_compare('3.7','<') block: @@ -368,13 +317,13 @@ delay: 60 roles: - - lib_openshift - openshift_facts - - docker - - openshift_node_dnsmasq - - openshift_node_upgrade - post_tasks: + - include_role: + name: openshift_node + tasks_from: upgrade.yml + vars: + openshift_node_upgrade_in_progress: True - name: Set node schedulability oc_adm_manage_node: node: "{{ openshift.node.nodename | lower }}" diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml index c93a5d89c..5dc8193a7 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml @@ -34,16 +34,18 @@ delay: 60 roles: - - lib_openshift - openshift_facts - - docker - - openshift_node_dnsmasq - - openshift_node_upgrade - - role: openshift_excluder - r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - post_tasks: + - include_role: + name: openshift_node + tasks_from: upgrade.yml + vars: + openshift_node_upgrade_in_progress: True + - include_role: + name: openshift_excluder + vars: + r_openshift_excluder_action: enable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - name: Set node schedulability oc_adm_manage_node: node: "{{ openshift.node.nodename | lower }}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml index dd109cfa9..ef52f214b 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -63,7 +63,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 8ab68002d..4c6646a38 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -67,7 +67,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml index ba6fcc3f8..f25cfe0d0 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml @@ -56,7 +56,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml index f4862e321..e3c012380 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -67,7 +67,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index b905d6d86..a88fa7b2e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -71,7 +71,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml index bc080f9a3..c0546bd2d 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml @@ -56,7 +56,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml index b3162bd5f..73df15d53 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml @@ -67,7 +67,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml index 3df5b17b5..48d55c16f 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml @@ -71,7 +71,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml index f3d192ba7..abd56e762 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml @@ -56,7 +56,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-master/additional_config.yml b/playbooks/common/openshift-master/additional_config.yml index 4fef5b923..32f638d42 100644 --- a/playbooks/common/openshift-master/additional_config.yml +++ b/playbooks/common/openshift-master/additional_config.yml @@ -21,6 +21,8 @@ roles: - role: openshift_master_cluster when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker" + - role: openshift_project_request_template + when: openshift_project_request_template_manage - role: openshift_examples when: openshift_install_examples | default(true, true) | bool registry_url: "{{ openshift.master.registry_url }}" diff --git a/playbooks/common/openshift-master/restart_services.yml b/playbooks/common/openshift-master/restart_services.yml index 4f8b758fd..4e1b3a3be 100644 --- a/playbooks/common/openshift-master/restart_services.yml +++ b/playbooks/common/openshift-master/restart_services.yml @@ -1,22 +1,4 @@ --- -- name: Restart master API - service: - name: "{{ openshift.common.service_type }}-master-api" - state: restarted - when: openshift_master_ha | bool -- name: Wait for master API to come back online - wait_for: - host: "{{ openshift.common.hostname }}" - state: started - delay: 10 - port: "{{ openshift.master.api_port }}" - timeout: 600 - when: openshift_master_ha | bool -- name: Restart master controllers - service: - name: "{{ openshift.common.service_type }}-master-controllers" - state: restarted - # Ignore errrors since it is possible that type != simple for - # pre-3.1.1 installations. - ignore_errors: true - when: openshift_master_ha | bool +- include_role: + name: openshift_master + tasks_from: restart.yml diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index 05b37d59f..4c415ebce 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -32,11 +32,7 @@ - name: verify api server command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: diff --git a/playbooks/common/openshift-master/tasks/wire_aggregator.yml b/playbooks/common/openshift-master/tasks/wire_aggregator.yml index 0d23e9d61..97acc5d5d 100644 --- a/playbooks/common/openshift-master/tasks/wire_aggregator.yml +++ b/playbooks/common/openshift-master/tasks/wire_aggregator.yml @@ -201,11 +201,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: diff --git a/playbooks/common/openshift-node/image_prep.yml b/playbooks/common/openshift-node/image_prep.yml index 30651a1df..3c042acdc 100644 --- a/playbooks/common/openshift-node/image_prep.yml +++ b/playbooks/common/openshift-node/image_prep.yml @@ -1,15 +1,12 @@ --- - name: normalize groups - include: ../../byo/openshift-cluster/initialize_groups.yml - -- name: evaluate the groups - include: ../openshift-cluster/evaluate_groups.yml + include: ../../init/evaluate_groups.yml - name: initialize the facts - include: ../openshift-cluster/initialize_facts.yml + include: ../../init/facts.yml - name: initialize the repositories - include: ../openshift-cluster/initialize_openshift_repos.yml + include: ../../init/repos.yml - name: run node config setup include: setup.yml diff --git a/playbooks/common/openshift-node/network_manager.yml b/playbooks/common/openshift-node/network_manager.yml index b3a7399dc..c2efb0483 100644 --- a/playbooks/common/openshift-node/network_manager.yml +++ b/playbooks/common/openshift-node/network_manager.yml @@ -1,5 +1,5 @@ --- -- include: ../openshift-cluster/evaluate_groups.yml +- include: ../../init/evaluate_groups.yml - name: Install and configure NetworkManager hosts: oo_all_hosts diff --git a/playbooks/gcp/openshift-cluster/provision.yml b/playbooks/gcp/openshift-cluster/provision.yml index a3d1d46a6..097717607 100644 --- a/playbooks/gcp/openshift-cluster/provision.yml +++ b/playbooks/gcp/openshift-cluster/provision.yml @@ -9,11 +9,8 @@ include_role: name: openshift_gcp -- name: normalize groups - include: ../../byo/openshift-cluster/initialize_groups.yml - -- name: run the std_include - include: ../../common/openshift-cluster/std_include.yml +- name: run the init + include: ../../init/main.yml - name: run the config include: ../../common/openshift-cluster/config.yml diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/init/evaluate_groups.yml index 78b552279..8787c87e1 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/init/evaluate_groups.yml @@ -5,6 +5,9 @@ become: no gather_facts: no tasks: + - name: Load group name mapping variables + include_vars: vars/cluster_hosts.yml + - name: Evaluate groups - g_etcd_hosts or g_new_etcd_hosts required fail: msg: This playbook requires g_etcd_hosts or g_new_etcd_hosts to be set diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/init/facts.yml index 91223d368..91223d368 100644 --- a/playbooks/common/openshift-cluster/initialize_facts.yml +++ b/playbooks/init/facts.yml diff --git a/playbooks/common/openshift-cluster/std_include.yml b/playbooks/init/main.yml index fe376fe31..87ffeafc7 100644 --- a/playbooks/common/openshift-cluster/std_include.yml +++ b/playbooks/init/main.yml @@ -14,28 +14,16 @@ start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" - include: evaluate_groups.yml - tags: - - always -- include: initialize_facts.yml - tags: - - always +- include: facts.yml - include: sanity_checks.yml - tags: - - always - include: validate_hostnames.yml - tags: - - node -- include: initialize_openshift_repos.yml - tags: - - always +- include: repos.yml -- include: initialize_openshift_version.yml - tags: - - always +- include: version.yml - name: Initialization Checkpoint End hosts: all diff --git a/playbooks/common/openshift-cluster/initialize_openshift_repos.yml b/playbooks/init/repos.yml index a7114fc80..a7114fc80 100644 --- a/playbooks/common/openshift-cluster/initialize_openshift_repos.yml +++ b/playbooks/init/repos.yml diff --git a/playbooks/init/roles b/playbooks/init/roles new file mode 120000 index 000000000..b741aa3db --- /dev/null +++ b/playbooks/init/roles @@ -0,0 +1 @@ +../../roles
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/sanity_checks.yml b/playbooks/init/sanity_checks.yml index 26716a92d..26716a92d 100644 --- a/playbooks/common/openshift-cluster/sanity_checks.yml +++ b/playbooks/init/sanity_checks.yml diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/init/validate_hostnames.yml index be2e6a15a..be2e6a15a 100644 --- a/playbooks/common/openshift-cluster/validate_hostnames.yml +++ b/playbooks/init/validate_hostnames.yml diff --git a/playbooks/byo/openshift-cluster/cluster_hosts.yml b/playbooks/init/vars/cluster_hosts.yml index e807ac004..e807ac004 100644 --- a/playbooks/byo/openshift-cluster/cluster_hosts.yml +++ b/playbooks/init/vars/cluster_hosts.yml diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/init/version.yml index 37a5284d5..37a5284d5 100644 --- a/playbooks/common/openshift-cluster/initialize_openshift_version.yml +++ b/playbooks/init/version.yml diff --git a/playbooks/openstack/README.md b/playbooks/openstack/README.md new file mode 100644 index 000000000..f3fe13530 --- /dev/null +++ b/playbooks/openstack/README.md @@ -0,0 +1,262 @@ +# OpenStack Provisioning + +This directory contains [Ansible][ansible] playbooks and roles to create +OpenStack resources (servers, networking, volumes, security groups, +etc.). The result is an environment ready for OpenShift installation +via [openshift-ansible]. + +We provide everything necessary to be able to install OpenShift on +OpenStack (including the DNS and load balancer servers when +necessary). In addition, we work on providing integration with the +OpenStack-native services (storage, lbaas, baremetal as a service, +dns, etc.). + + +## OpenStack Requirements + +Before you start the installation, you need to have an OpenStack +environment to connect to. You can use a public cloud or an OpenStack +within your organisation. It is also possible to +use [Devstack][devstack] or [TripleO][tripleo]. In the case of +TripleO, we will be running on top of the **overcloud**. + +The OpenStack release must be Newton (for Red Hat OpenStack this is +version 10) or newer. It must also satisfy these requirements: + +* Heat (Orchestration) must be available +* The deployment image (CentOS 7 or RHEL 7) must be loaded +* The deployment flavor must be available to your user + - `m1.medium` / 4GB RAM + 40GB disk should be enough for testing + - look at + the [Minimum Hardware Requirements page][hardware-requirements] + for production +* The keypair for SSH must be available in openstack +* `keystonerc` file that lets you talk to the openstack services + * NOTE: only Keystone V2 is currently supported + +Optional: +* External Neutron network with a floating IP address pool + + +## DNS Requirements + +OpenShift requires DNS to operate properly. OpenStack supports DNS-as-a-service +in the form of the Designate project, but the playbooks here don't support it +yet. Until we do, you will need to provide a DNS solution yourself (or in case +you are not running Designate when we do). + +If your server supports nsupdate, we will use it to add the necessary records. + +TODO(shadower): describe how to build a sample DNS server and how to configure +our playbooks for nsupdate. + + +## Installation + +There are four main parts to the installation: + +1. [Preparing Ansible and dependencies](#1-preparing-ansible-and-dependencies) +2. [Configuring the desired OpenStack environment and OpenShift cluster](#2-configuring-the-openstack-environment-and-openshift-cluster) +3. [Creating the OpenStack resources (VMs, networking, etc.)](#3-creating-the-openstack-resources-vms-networking-etc) +4. [Installing OpenShift](#4-installing-openshift) + +This guide is going to install [OpenShift Origin][origin] +with [CentOS 7][centos7] images with minimal customisation. + +We will create the VMs for running OpenShift, in a new Neutron +network, assign Floating IP addresses and configure DNS. + +The OpenShift cluster will have a single Master node that will run +`etcd`, a single Infra node and two App nodes. + +You can look at +the [Advanced Configuration page][advanced-configuration] for +additional options. + + + +### 1. Preparing Ansible and dependencies + +First, you need to select where to run [Ansible][ansible] from (the +*Ansible host*). This can be the computer you read this guide on or an +OpenStack VM you'll create specifically for this purpose. + +We will use +a +[Docker image that has all the dependencies installed][control-host-image] to +make things easier. If you don't want to use Docker, take a look at +the [Ansible host dependencies][ansible-dependencies] and make sure +they're installed. + +Your *Ansible host* needs to have the following: + +1. Docker +2. `keystonerc` file with your OpenStack credentials +3. SSH private key for logging in to your OpenShift nodes + +Assuming your private key is `~/.ssh/id_rsa` and `keystonerc` in your +current directory: + +```bash +$ sudo docker run -it -v ~/.ssh:/mnt/.ssh:Z \ + -v $PWD/keystonerc:/root/.config/openstack/keystonerc.sh:Z \ + redhatcop/control-host-openstack bash +``` + +This will create the container, add your SSH key and source your +`keystonerc`. It should be set up for the installation. + +You can verify that everything is in order: + + +```bash +$ less .ssh/id_rsa +$ ansible --version +$ openstack image list +``` + + +### 2. Configuring the OpenStack Environment and OpenShift Cluster + +The configuration is all done in an Ansible inventory directory. We +will clone the [openshift-ansible][openshift-ansible] repository and set +things up for a minimal installation. + + +``` +$ git clone https://github.com/openshift/openshift-ansible +$ cp -r openshift-ansible/playbooks/openstack/sample-inventory/ inventory +``` + +If you're testing multiple configurations, you can have multiple +inventories and switch between them. + +#### OpenStack Configuration + +The OpenStack configuration is in `inventory/group_vars/all.yml`. + +Open the file and plug in the image, flavor and network configuration +corresponding to your OpenStack installation. + +```bash +$ vi inventory/group_vars/all.yml +``` + +1. Set the `openshift_openstack_keypair_name` to your OpenStack keypair name. + - See `openstack keypair list` to find the keypairs registered with + OpenShift. + - This must correspond to your private SSH key in `~/.ssh/id_rsa` +2. Set the `openshift_openstack_external_network_name` to the floating IP + network of your openstack. + - See `openstack network list` for the list of networks. + - It's often called `public`, `external` or `ext-net`. +3. Set the `openshift_openstack_default_image_name` to the image you want your + OpenShift VMs to run. + - See `openstack image list` for the list of available images. +4. Set the `openshift_openstack_default_flavor` to the flavor you want your + OpenShift VMs to use. + - See `openstack flavor list` for the list of available flavors. +5. Set the `openshift_openstack_dns_nameservers` to the list of the IP addresses + of the DNS servers used for the **private** address resolution. + +**NOTE ON DNS**: at minimum, the OpenShift nodes need to be able to access each +other by their hostname. OpenStack doesn't provide this by default, so you +need to provide a DNS server. Put the address of that DNS server in +`openshift_openstack_dns_nameservers` variable. + + + + +#### OpenShift configuration + +The OpenShift configuration is in `inventory/group_vars/OSEv3.yml`. + +The default options will mostly work, but unless you used the large +flavors for a production-ready environment, openshift-ansible's +hardware check will fail. + +Let's disable those checks by putting this in +`inventory/group_vars/OSEv3.yml`: + +```yaml +openshift_disable_check: disk_availability,memory_availability +``` + +**NOTE**: The default authentication method will allow **any username +and password** in! If you're running this in a public place, you need +to set up access control. + +Feel free to look at +the [Sample OpenShift Inventory][sample-openshift-inventory] and +the [advanced configuration][advanced-configuration]. + + +### 3. Creating the OpenStack resources (VMs, networking, etc.) + +We provide an `ansible.cfg` file which has some useful defaults -- you should +copy it to the directory you're going to run `ansible-playbook` from. + +```bash +$ cp openshift-ansible/ansible.cfg ansible.cfg +``` + +Then run the provisioning playbook -- this will create the OpenStack +resources: + +```bash +$ ansible-playbook --user openshift -i inventory openshift-ansible/playbooks/openstack/openshift-cluster/provision.yaml +``` + +If you're using multiple inventories, make sure you pass the path to +the right one to `-i`. + +If your SSH private key is not in `~/.ssh/id_rsa` use the `--private-key` +option to specify the correct path. + + +### 4. Installing OpenShift + +Run the `byo/config.yml` playbook on top of the OpenStack nodes we have +prepared. + +```bash +$ ansible-playbook -i inventory openshift-ansible/playbooks/byo/config.yml +``` + + +### Next Steps + +And that's it! You should have a small but functional OpenShift +cluster now. + +Take a look at [how to access the cluster][accessing-openshift] +and [how to remove it][uninstall-openshift] as well as the more +advanced configuration: + +* [Accessing the OpenShift cluster][accessing-openshift] +* [Removing the OpenShift cluster][uninstall-openshift] +* Set Up Authentication (TODO) +* [Multiple Masters with a load balancer][loadbalancer] +* [External Dns][external-dns] +* Multiple Clusters (TODO) +* [Cinder Registry][cinder-registry] +* [Bastion Node][bastion] + + +[ansible]: https://www.ansible.com/ +[openshift-ansible]: https://github.com/openshift/openshift-ansible +[devstack]: https://docs.openstack.org/devstack/ +[tripleo]: http://tripleo.org/ +[ansible-dependencies]: ./advanced-configuration.md#dependencies-for-localhost-ansible-controladmin-node +[control-host-image]: https://hub.docker.com/r/redhatcop/control-host-openstack/ +[hardware-requirements]: https://docs.openshift.org/latest/install_config/install/prerequisites.html#hardware +[origin]: https://www.openshift.org/ +[centos7]: https://www.centos.org/ +[sample-openshift-inventory]: https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.example +[advanced-configuration]: ./advanced-configuration.md +[accessing-openshift]: ./advanced-configuration.md#accessing-the-openshift-cluster +[uninstall-openshift]: ./advanced-configuration.md#removing-the-openshift-cluster +[loadbalancer]: ./advanced-configuration.md#multi-master-configuration +[external-dns]: ./advanced-configuration.md#dns-configuration-variables +[cinder-registry]: ./advanced-configuration.md#creating-and-using-a-cinder-volume-for-the-openshift-registry +[bastion]: ./advanced-configuration.md#configure-static-inventory-and-access-via-a-bastion-node diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md new file mode 100644 index 000000000..90cc20b98 --- /dev/null +++ b/playbooks/openstack/advanced-configuration.md @@ -0,0 +1,772 @@ +## Dependencies for localhost (ansible control/admin node) + +* [Ansible 2.3](https://pypi.python.org/pypi/ansible) +* [Ansible-galaxy](https://pypi.python.org/pypi/ansible-galaxy-local-deps) +* [jinja2](http://jinja.pocoo.org/docs/2.9/) +* [shade](https://pypi.python.org/pypi/shade) +* python-jmespath / [jmespath](https://pypi.python.org/pypi/jmespath) +* python-dns / [dnspython](https://pypi.python.org/pypi/dnspython) +* Become (sudo) is not required. + +**NOTE**: You can use a Docker image with all dependencies set up. +Find more in the [Deployment section](#deployment). + +### Optional Dependencies for localhost +**Note**: When using rhel images, `rhel-7-server-openstack-10-rpms` repository is required in order to install these packages. + +* `python-openstackclient` +* `python-heatclient` + +## Dependencies for OpenStack hosted cluster nodes (servers) + +There are no additional dependencies for the cluster nodes. Required +configuration steps are done by Heat given a specific user data config +that normally should not be changed. + +## Required galaxy modules + +In order to pull in external dependencies for DNS configuration steps, +the following commads need to be executed: + + ansible-galaxy install \ + -r openshift-ansible-contrib/playbooks/provisioning/openstack/galaxy-requirements.yaml \ + -p openshift-ansible-contrib/roles + +Alternatively you can install directly from github: + + ansible-galaxy install git+https://github.com/redhat-cop/infra-ansible,master \ + -p openshift-ansible-contrib/roles + +Notes: +* This assumes we're in the directory that contains the clonned +openshift-ansible-contrib repo in its root path. +* When trying to install a different version, the previous one must be removed first +(`infra-ansible` directory from [roles](https://github.com/openshift/openshift-ansible-contrib/tree/master/roles)). +Otherwise, even if there are differences between the two versions, installation of the newer version is skipped. + + +## Accessing the OpenShift Cluster + +### Use the Cluster DNS + +In addition to the OpenShift nodes, we created a DNS server with all +the necessary entries. We will configure your *Ansible host* to use +this new DNS and talk to the deployed OpenShift. + +First, get the DNS IP address: + +```bash +$ openstack server show dns-0.openshift.example.com --format value --column addresses +openshift-ansible-openshift.example.com-net=192.168.99.11, 10.40.128.129 +``` + +Note the floating IP address (it's `10.40.128.129` in this case) -- if +you're not sure, try pinging them both -- it's the one that responds +to pings. + +Next, edit your `/etc/resolv.conf` as root and put `nameserver DNS_IP` as your +**first entry**. + +If your `/etc/resolv.conf` currently looks like this: + +``` +; generated by /usr/sbin/dhclient-script +search openstacklocal +nameserver 192.168.0.3 +nameserver 192.168.0.2 +``` + +Change it to this: + +``` +; generated by /usr/sbin/dhclient-script +search openstacklocal +nameserver 10.40.128.129 +nameserver 192.168.0.3 +nameserver 192.168.0.2 +``` + +### Get the `oc` Client + +**NOTE**: You can skip this section if you're using the Docker image +-- it already has the `oc` binary. + +You need to download the OpenShift command line client (called `oc`). +You can download and extract `openshift-origin-client-tools` from the +OpenShift release page: + +https://github.com/openshift/origin/releases/latest/ + +Or you can now copy it from the master node: + + $ ansible -i inventory masters[0] -m fetch -a "src=/bin/oc dest=oc" + +Either way, find the `oc` binary and put it in your `PATH`. + + +### Logging in Using the Command Line + + +``` +oc login --insecure-skip-tls-verify=true https://master-0.openshift.example.com:8443 -u user -p password +oc new-project test +oc new-app --template=cakephp-mysql-example +oc status -v +curl http://cakephp-mysql-example-test.apps.openshift.example.com +``` + +This will trigger an image build. You can run `oc logs -f +bc/cakephp-mysql-example` to follow its progress. + +Wait until the build has finished and both pods are deployed and running: + +``` +$ oc status -v +In project test on server https://master-0.openshift.example.com:8443 + +http://cakephp-mysql-example-test.apps.openshift.example.com (svc/cakephp-mysql-example) + dc/cakephp-mysql-example deploys istag/cakephp-mysql-example:latest <- + bc/cakephp-mysql-example source builds https://github.com/openshift/cakephp-ex.git on openshift/php:7.0 + deployment #1 deployed about a minute ago - 1 pod + +svc/mysql - 172.30.144.36:3306 + dc/mysql deploys openshift/mysql:5.7 + deployment #1 deployed 3 minutes ago - 1 pod + +Info: + * pod/cakephp-mysql-example-1-build has no liveness probe to verify pods are still running. + try: oc set probe pod/cakephp-mysql-example-1-build --liveness ... +View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'. + +``` + +You can now look at the deployed app using its route: + +``` +$ curl http://cakephp-mysql-example-test.apps.openshift.example.com +``` + +Its `title` should say: "Welcome to OpenShift". + + +### Accessing the UI + +You can also access the OpenShift cluster with a web browser by going to: + +https://master-0.openshift.example.com:8443 + +Note that for this to work, the OpenShift nodes must be accessible +from your computer and it's DNS configuration must use the cruster's +DNS. + + +## Removing the OpenShift Cluster + +Everything in the cluster is contained within a Heat stack. To +completely remove the cluster and all the related OpenStack resources, +run this command: + +```bash +openstack stack delete --wait --yes openshift.example.com +``` + + +## DNS configuration variables + +Pay special attention to the values in the first paragraph -- these +will depend on your OpenStack environment. + +Note that the provsisioning playbooks update the original Neutron subnet +created with the Heat stack to point to the configured DNS servers. +So the provisioned cluster nodes will start using those natively as +default nameservers. Technically, this allows to deploy OpenShift clusters +without dnsmasq proxies. + +The `openshift_openstack_clusterid` and `openshift_openstack_public_dns_domain` will form the cluster's DNS domain all +your servers will be under. With the default values, this will be +`openshift.example.com`. For workloads, the default subdomain is 'apps'. +That sudomain can be set as well by the `openshift_openstack_app_subdomain` variable in +the inventory. + +The `openstack_<role name>_hostname` is a set of variables used for customising +hostnames of servers with a given role. When such a variable stays commented, +default hostname (usually the role name) is used. + +The `openshift_openstack_dns_nameservers` is a list of DNS servers accessible from all +the created Nova servers. These will provide the internal name resolution for +your OpenShift nodes (as well as upstream name resolution for installing +packages, etc.). + +The `openshift_use_dnsmasq` controls either dnsmasq is deployed or not. +By default, dnsmasq is deployed and comes as the hosts' /etc/resolv.conf file +first nameserver entry that points to the local host instance of the dnsmasq +daemon that in turn proxies DNS requests to the authoritative DNS server. +When Network Manager is enabled for provisioned cluster nodes, which is +normally the case, you should not change the defaults and always deploy dnsmasq. + +`openshift_openstack_external_nsupdate_keys` describes an external authoritative DNS server(s) +processing dynamic records updates in the public and private cluster views: + + openshift_openstack_external_nsupdate_keys: + public: + key_secret: <some nsupdate key> + key_algorithm: 'hmac-md5' + key_name: 'update-key' + server: <public DNS server IP> + private: + key_secret: <some nsupdate key 2> + key_algorithm: 'hmac-sha256' + server: <public or private DNS server IP> + +Here, for the public view section, we specified another key algorithm and +optional `key_name`, which normally defaults to the cluster's DNS domain. +This just illustrates a compatibility mode with a DNS service deployed +by OpenShift on OSP10 reference architecture, and used in a mixed mode with +another external DNS server. + +Another example defines an external DNS server for the public view +additionally to the in-stack DNS server used for the private view only: + + openshift_openstack_external_nsupdate_keys: + public: + key_secret: <some nsupdate key> + key_algorithm: 'hmac-sha256' + server: <public DNS server IP> + +Here, updates matching the public view will be hitting the given public +server IP. While updates matching the private view will be sent to the +auto evaluated in-stack DNS server's **public** IP. + +Note, for the in-stack DNS server, private view updates may be sent only +via the public IP of the server. You can not send updates via the private +IP yet. This forces the in-stack private server to have a floating IP. +See also the [security notes](#security-notes) + +## Flannel networking + +In order to configure the +[flannel networking](https://docs.openshift.com/container-platform/3.6/install_config/configuring_sdn.html#using-flannel), +uncomment and adjust the appropriate `inventory/group_vars/OSEv3.yml` group vars. +Note that the `osm_cluster_network_cidr` must not overlap with the default +Docker bridge subnet of 172.17.0.0/16. Or you should change the docker0 default +CIDR range otherwise. For example, by adding `--bip=192.168.2.1/24` to +`DOCKER_NETWORK_OPTIONS` located in `/etc/sysconfig/docker-network`. + +Also note that the flannel network will be provisioned on a separate isolated Neutron +subnet defined from `osm_cluster_network_cidr` and having ports security disabled. +Use the `openstack_private_data_network_name` variable to define the network +name for the heat stack resource. + +After the cluster deployment done, you should run an additional post installation +step for flannel and docker iptables configuration: + + ansible-playbook openshift-ansible-contrib/playbooks/provisioning/openstack/post-install.yml + +## Other configuration variables + +`openshift_openstack_keypair_name` is a Nova keypair - you can see your +keypairs with `openstack keypair list`. It must correspond to the +private SSH key Ansible will use to log into the created VMs. This is +`~/.ssh/id_rsa` by default, but you can use a different key by passing +`--private-key` to `ansible-playbook`. + +`openshift_openstack_default_image_name` is the default name of the Glance image the +servers will use. You can see your images with `openstack image list`. +In order to set a different image for a role, uncomment the line with the +corresponding variable (e.g. `openshift_openstack_lb_image_name` for load balancer) and +set its value to another available image name. `openshift_openstack_default_image_name` +must stay defined as it is used as a default value for the rest of the roles. + +`openshift_openstack_default_flavor` is the default Nova flavor the servers will use. +You can see your flavors with `openstack flavor list`. +In order to set a different flavor for a role, uncomment the line with the +corresponding variable (e.g. `openshift_openstack_lb_flavor` for load balancer) and +set its value to another available flavor. `openshift_openstack_default_flavor` must +stay defined as it is used as a default value for the rest of the roles. + +`openshift_openstack_external_network_name` is the name of the Neutron network +providing external connectivity. It is often called `public`, +`external` or `ext-net`. You can see your networks with `openstack +network list`. + +`openshift_openstack_private_network_name` is the name of the private Neutron network +providing admin/control access for ansible. It can be merged with other +cluster networks, there are no special requirements for networking. + +The `openshift_openstack_num_masters`, `openshift_openstack_num_infra` and +`openshift_openstack_num_nodes` values specify the number of Master, Infra and +App nodes to create. + +The `openshift_openstack_cluster_node_labels` defines custom labels for your openshift +cluster node groups. It currently supports app and infra node groups. +The default value of this variable sets `region: primary` to app nodes and +`region: infra` to infra nodes. +An example of setting a customised label: +``` +openshift_openstack_cluster_node_labels: + app: + mylabel: myvalue +``` + +The `openshift_openstack_nodes_to_remove` allows you to specify the numerical indexes +of App nodes that should be removed; for example, ['0', '2'], + +The `docker_volume_size` is the default Docker volume size the servers will use. +In order to set a different volume size for a role, +uncomment the line with the corresponding variable (e. g. `docker_master_volume_size` +for master) and change its value. `docker_volume_size` must stay defined as it is +used as a default value for some of the servers (master, infra, app node). +The rest of the roles (etcd, load balancer, dns) have their defaults hard-coded. + +**Note**: If the `openshift_openstack_ephemeral_volumes` is set to `true`, the `*_volume_size` variables +will be ignored and the deployment will not create any cinder volumes. + +The `openshift_openstack_flat_secgrp`, controls Neutron security groups creation for Heat +stacks. Set it to true, if you experience issues with sec group rules +quotas. It trades security for number of rules, by sharing the same set +of firewall rules for master, node, etcd and infra nodes. + +The `openshift_openstack_required_packages` variable also provides a list of the additional +prerequisite packages to be installed before to deploy an OpenShift cluster. +Those are ignored though, if the `manage_packages: False`. + +The `openstack_inventory` controls either a static inventory will be created after the +cluster nodes provisioned on OpenStack cloud. Note, the fully dynamic inventory +is yet to be supported, so the static inventory will be created anyway. + +The `openstack_inventory_path` points the directory to host the generated static inventory. +It should point to the copied example inventory directory, otherwise ti creates +a new one for you. + +## Multi-master configuration + +Please refer to the official documentation for the +[multi-master setup](https://docs.openshift.com/container-platform/3.6/install_config/install/advanced_install.html#multiple-masters) +and define the corresponding [inventory +variables](https://docs.openshift.com/container-platform/3.6/install_config/install/advanced_install.html#configuring-cluster-variables) +in `inventory/group_vars/OSEv3.yml`. For example, given a load balancer node +under the ansible group named `ext_lb`: + + openshift_master_cluster_method: native + openshift_master_cluster_hostname: "{{ groups.ext_lb.0 }}" + openshift_master_cluster_public_hostname: "{{ groups.ext_lb.0 }}" + +## Provider Network + +Normally, the playbooks create a new Neutron network and subnet and attach +floating IP addresses to each node. If you have a provider network set up, this +is all unnecessary as you can just access servers that are placed in the +provider network directly. + +To use a provider network, set its name in `openshift_openstack_provider_network_name` in +`inventory/group_vars/all.yml`. + +If you set the provider network name, the `openshift_openstack_external_network_name` and +`openshift_openstack_private_network_name` fields will be ignored. + +**NOTE**: this will not update the nodes' DNS, so running openshift-ansible +right after provisioning will fail (unless you're using an external DNS server +your provider network knows about). You must make sure your nodes are able to +resolve each other by name. + +## Security notes + +Configure required `*_ingress_cidr` variables to restrict public access +to provisioned servers from your laptop (a /32 notation should be used) +or your trusted network. The most important is the `openshift_openstack_node_ingress_cidr` +that restricts public access to the deployed DNS server and cluster +nodes' ephemeral ports range. + +Note, the command ``curl https://api.ipify.org`` helps fiding an external +IP address of your box (the ansible admin node). + +There is also the `manage_packages` variable (defaults to True) you +may want to turn off in order to speed up the provisioning tasks. This may +be the case for development environments. When turned off, the servers will +be provisioned omitting the ``yum update`` command. This brings security +implications though, and is not recommended for production deployments. + +### DNS servers security options + +Aside from `openshift_openstack_node_ingress_cidr` restricting public access to in-stack DNS +servers, there are following (bind/named specific) DNS security +options available: + + named_public_recursion: 'no' + named_private_recursion: 'yes' + +External DNS servers, which is not included in the 'dns' hosts group, +are not managed. It is up to you to configure such ones. + +## Configure the OpenShift parameters + +Finally, you need to update the DNS entry in +`inventory/group_vars/OSEv3.yml` (look at +`openshift_master_default_subdomain`). + +In addition, this is the place where you can customise your OpenShift +installation for example by specifying the authentication. + +The full list of options is available in this sample inventory: + +https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.ose.example + +Note, that in order to deploy OpenShift origin, you should update the following +variables for the `inventory/group_vars/OSEv3.yml`, `all.yml`: + + deployment_type: origin + openshift_deployment_type: "{{ deployment_type }}" + + +## Setting a custom entrypoint + +In order to set a custom entrypoint, update `openshift_master_cluster_public_hostname` + + openshift_master_cluster_public_hostname: api.openshift.example.com + +Note than an empty hostname does not work, so if your domain is `openshift.example.com`, +you cannot set this value to simply `openshift.example.com`. + +## Creating and using a Cinder volume for the OpenShift registry + +You can optionally have the playbooks create a Cinder volume and set +it up as the OpenShift hosted registry. + +To do that you need specify the desired Cinder volume name and size in +Gigabytes in `inventory/group_vars/all.yml`: + + openshift_openstack_cinder_hosted_registry_name: cinder-registry + openshift_openstack_cinder_hosted_registry_size_gb: 10 + +With this, the playbooks will create the volume and set up its +filesystem. If there is an existing volume of the same name, we will +use it but keep the existing data on it. + +To use the volume for the registry, you must first configure it with +the OpenStack credentials by putting the following to `OSEv3.yml`: + + openshift_cloudprovider_openstack_username: "{{ lookup('env','OS_USERNAME') }}" + openshift_cloudprovider_openstack_password: "{{ lookup('env','OS_PASSWORD') }}" + openshift_cloudprovider_openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}" + openshift_cloudprovider_openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}" + +This will use the credentials from your shell environment. If you want +to enter them explicitly, you can. You can also use credentials +different from the provisioning ones (say for quota or access control +reasons). + +**NOTE**: If you're testing this on (DevStack)[devstack], you must +explicitly set your Keystone API version to v2 (e.g. +`OS_AUTH_URL=http://10.34.37.47/identity/v2.0`) instead of the default +value provided by `openrc`. You may also encounter the following issue +with Cinder: + +https://github.com/kubernetes/kubernetes/issues/50461 + +You can read the (OpenShift documentation on configuring +OpenStack)[openstack] for more information. + +[devstack]: https://docs.openstack.org/devstack/latest/ +[openstack]: https://docs.openshift.org/latest/install_config/configuring_openstack.html + + +Next, we need to instruct OpenShift to use the Cinder volume for it's +registry. Again in `OSEv3.yml`: + + #openshift_hosted_registry_storage_kind: openstack + #openshift_hosted_registry_storage_access_modes: ['ReadWriteOnce'] + #openshift_hosted_registry_storage_openstack_filesystem: xfs + +The filesystem value here will be used in the initial formatting of +the volume. + +If you're using the dynamic inventory, you must uncomment these two values as +well: + + #openshift_hosted_registry_storage_openstack_volumeID: "{{ lookup('os_cinder', openshift_openstack_cinder_hosted_registry_name).id }}" + #openshift_hosted_registry_storage_volume_size: "{{ openshift_openstack_cinder_hosted_registry_size_gb }}Gi" + +But note that they use the `os_cinder` lookup plugin we provide, so you must +tell Ansible where to find it either in `ansible.cfg` (the one we provide is +configured properly) or by exporting the +`ANSIBLE_LOOKUP_PLUGINS=openshift-ansible-contrib/lookup_plugins` environment +variable. + + + +## Use an existing Cinder volume for the OpenShift registry + +You can also use a pre-existing Cinder volume for the storage of your +OpenShift registry. + +To do that, you need to have a Cinder volume. You can create one by +running: + + openstack volume create --size <volume size in gb> <volume name> + +The volume needs to have a file system created before you put it to +use. + +As with the automatically-created volume, you have to set up the +OpenStack credentials in `inventory/group_vars/OSEv3.yml` as well as +registry values: + + #openshift_hosted_registry_storage_kind: openstack + #openshift_hosted_registry_storage_access_modes: ['ReadWriteOnce'] + #openshift_hosted_registry_storage_openstack_filesystem: xfs + #openshift_hosted_registry_storage_openstack_volumeID: e0ba2d73-d2f9-4514-a3b2-a0ced507fa05 + #openshift_hosted_registry_storage_volume_size: 10Gi + +Note the `openshift_hosted_registry_storage_openstack_volumeID` and +`openshift_hosted_registry_storage_volume_size` values: these need to +be added in addition to the previous variables. + +The **Cinder volume ID**, **filesystem** and **volume size** variables +must correspond to the values in your volume. The volume ID must be +the **UUID** of the Cinder volume, *not its name*. + +We can do formate the volume for you if you ask for it in +`inventory/group_vars/all.yml`: + + openshift_openstack_prepare_and_format_registry_volume: true + +**NOTE:** doing so **will destroy any data that's currently on the volume**! + +You can also run the registry setup playbook directly: + + ansible-playbook -i inventory playbooks/provisioning/openstack/prepare-and-format-cinder-volume.yaml + +(the provisioning phase must be completed, first) + + + +## Configure static inventory and access via a bastion node + +Example inventory variables: + + openshift_openstack_use_bastion: true + openshift_openstack_bastion_ingress_cidr: "{{openshift_openstack_subnet_prefix}}.0/24" + openstack_private_ssh_key: ~/.ssh/id_rsa + openstack_inventory: static + openstack_inventory_path: ../../../../inventory + openstack_ssh_config_path: /tmp/ssh.config.openshift.ansible.openshift.example.com + +The `openshift_openstack_subnet_prefix` is the openstack private network for your cluster. +And the `openshift_openstack_bastion_ingress_cidr` defines accepted range for SSH connections to nodes +additionally to the `openshift_openstack_ssh_ingress_cidr`` (see the security notes above). + +The SSH config will be stored on the ansible control node by the +gitven path. Ansible uses it automatically. To access the cluster nodes with +that ssh config, use the `-F` prefix, f.e.: + + ssh -F /tmp/ssh.config.openshift.ansible.openshift.example.com master-0.openshift.example.com echo OK + +Note, relative paths will not work for the `openstack_ssh_config_path`, but it +works for the `openstack_private_ssh_key` and `openstack_inventory_path`. In this +guide, the latter points to the current directory, where you run ansible commands +from. + +To verify nodes connectivity, use the command: + + ansible -v -i inventory/hosts -m ping all + +If something is broken, double-check the inventory variables, paths and the +generated `<openstack_inventory_path>/hosts` and `openstack_ssh_config_path` files. + +The `inventory: dynamic` can be used instead to access cluster nodes directly via +floating IPs. In this mode you can not use a bastion node and should specify +the dynamic inventory file in your ansible commands , like `-i openstack.py`. + +## Using Docker on the Ansible host + +If you don't want to worry about the dependencies, you can use the +[OpenStack Control Host image][control-host-image]. + +[control-host-image]: https://hub.docker.com/r/redhatcop/control-host-openstack/ + +It has all the dependencies installed, but you'll need to map your +code and credentials to it. Assuming your SSH keys live in `~/.ssh` +and everything else is in your current directory (i.e. `ansible.cfg`, +`keystonerc`, `inventory`, `openshift-ansible`, +`openshift-ansible-contrib`), this is how you run the deployment: + + sudo docker run -it -v ~/.ssh:/mnt/.ssh:Z \ + -v $PWD:/root/openshift:Z \ + -v $PWD/keystonerc:/root/.config/openstack/keystonerc.sh:Z \ + redhatcop/control-host-openstack bash + +(feel free to replace `$PWD` with an actual path to your inventory and +checkouts, but note that relative paths don't work) + +The first run may take a few minutes while the image is being +downloaded. After that, you'll be inside the container and you can run +the playbooks: + + cd openshift + ansible-playbook openshift-ansible-contrib/playbooks/provisioning/openstack/provision.yaml + + +### Run the playbook + +Assuming your OpenStack (Keystone) credentials are in the `keystonerc` +this is how you stat the provisioning process from your ansible control node: + + . keystonerc + ansible-playbook openshift-ansible-contrib/playbooks/provisioning/openstack/provision.yaml + +Note, here you start with an empty inventory. The static inventory will be populated +with data so you can omit providing additional arguments for future ansible commands. + +If bastion enabled, the generates SSH config must be applied for ansible. +Otherwise, it is auto included by the previous step. In order to execute it +as a separate playbook, use the following command: + + ansible-playbook openshift-ansible-contrib/playbooks/provisioning/openstack/post-provision-openstack.yml + +The first infra node then becomes a bastion node as well and proxies access +for future ansible commands. The post-provision step also configures Satellite, +if requested, and DNS server, and ensures other OpenShift requirements to be met. + + +## Running Custom Post-Provision Actions + +A custom playbook can be run like this: + +``` +ansible-playbook --private-key ~/.ssh/openshift -i inventory/ openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/custom-playbook.yml +``` + +If you'd like to limit the run to one particular host, you can do so as follows: + +``` +ansible-playbook --private-key ~/.ssh/openshift -i inventory/ openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/custom-playbook.yml -l app-node-0.openshift.example.com +``` + +You can also create your own custom playbook. Here are a few examples: + +### Adding additional YUM repositories + +``` +--- +- hosts: app + tasks: + + # enable EPL + - name: Add repository + yum_repository: + name: epel + description: EPEL YUM repo + baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/ +``` + +This example runs against app nodes. The list of options include: + + - cluster_hosts (all hosts: app, infra, masters, dns, lb) + - OSEv3 (app, infra, masters) + - app + - dns + - masters + - infra_hosts + +### Attaching additional RHN pools + +``` +--- +- hosts: cluster_hosts + tasks: + - name: Attach additional RHN pool + become: true + command: "/usr/bin/subscription-manager attach --pool=<pool ID>" + register: attach_rhn_pool_result + until: attach_rhn_pool_result.rc == 0 + retries: 10 + delay: 1 +``` + +This playbook runs against all cluster nodes. In order to help prevent slow connectivity +problems, the task is retried 10 times in case of initial failure. +Note that in order for this example to work in your deployment, your servers must use the RHEL image. + +### Adding extra Docker registry URLs + +This playbook is located in the [custom-actions](https://github.com/openshift/openshift-ansible-contrib/tree/master/playbooks/provisioning/openstack/custom-actions) directory. + +It adds URLs passed as arguments to the docker configuration program. +Going into more detail, the configuration program (which is in the YAML format) is loaded into an ansible variable +([lines 27-30](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml#L27-L30)) +and in its structure, `registries` and `insecure_registries` sections are expanded with the newly added items +([lines 56-76](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml#L56-L76)). +The new content is then saved into the original file +([lines 78-82](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml#L78-L82)) +and docker is restarted. + +Example usage: +``` +ansible-playbook -i <inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml --extra-vars '{"registries": "reg1", "insecure_registries": ["ins_reg1","ins_reg2"]}' +``` + +### Adding extra CAs to the trust chain + +This playbook is also located in the [custom-actions](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions) directory. +It copies passed CAs to the trust chain location and updates the trust chain on each selected host. + +Example usage: +``` +ansible-playbook -i <inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-cas.yml --extra-vars '{"ca_files": [<absolute path to ca1 file>, <absolute path to ca2 file>]}' +``` + +Please consider contributing your custom playbook back to openshift-ansible-contrib! + +A library of custom post-provision actions exists in `openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions`. Playbooks include: + +* [add-yum-repos.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-yum-repos.yml): adds a list of custom yum repositories to every node in the cluster +* [add-rhn-pools.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): attaches a list of additional RHN pools to every node in the cluster +* [add-docker-registry.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml): adds a list of docker registries to the docker configuration on every node in the cluster +* [add-cas.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): adds a list of CAs to the trust chain on every node in the cluster + + +## Install OpenShift + +Once it succeeds, you can install openshift by running: + + ansible-playbook openshift-ansible/playbooks/byo/config.yml + +## Access UI + +OpenShift UI may be accessed via the 1st master node FQDN, port 8443. + +When using a bastion, you may want to make an SSH tunnel from your control node +to access UI on the `https://localhost:8443`, with this inventory variable: + + openshift_openstack_ui_ssh_tunnel: True + +Note, this requires sudo rights on the ansible control node and an absolute path +for the `openstack_private_ssh_key`. You should also update the control node's +`/etc/hosts`: + + 127.0.0.1 master-0.openshift.example.com + +In order to access UI, the ssh-tunnel service will be created and started on the +control node. Make sure to remove these changes and the service manually, when not +needed anymore. + +## Scale Deployment up/down + +### Scaling up + +One can scale up the number of application nodes by executing the ansible playbook +`openshift-ansible-contrib/playbooks/provisioning/openstack/scale-up.yaml`. +This process can be done even if there is currently no deployment available. +The `increment_by` variable is used to specify by how much the deployment should +be scaled up (if none exists, it serves as a target number of application nodes). +The path to `openshift-ansible` directory can be customised by the `openshift_ansible_dir` +variable. Its value must be an absolute path to `openshift-ansible` and it cannot +contain the '/' symbol at the end. + +Usage: + +``` +ansible-playbook -i <path to inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/scale-up.yaml` [-e increment_by=<number>] [-e openshift_ansible_dir=<path to openshift-ansible>] +``` + +Note: This playbook works only without a bastion node (`openshift_openstack_use_bastion: False`). diff --git a/playbooks/openstack/openshift-cluster/install.yml b/playbooks/openstack/openshift-cluster/install.yml new file mode 100644 index 000000000..1c4f609e3 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/install.yml @@ -0,0 +1,15 @@ +--- +# NOTE(shadower): the AWS playbook builds an in-memory inventory of +# all the EC2 instances here. We don't need to as that's done by the +# dynamic inventory. + +# TODO(shadower): the AWS playbook sets the +# `openshift_master_cluster_hostname` and `osm_custom_cors_origins` +# values here. We do it in the OSEv3 group vars. Do we need to add +# some logic here? + +- name: run the initialization + include: ../../init/main.yml + +- name: run the config + include: ../../common/openshift-cluster/config.yml diff --git a/playbooks/openstack/openshift-cluster/prerequisites.yml b/playbooks/openstack/openshift-cluster/prerequisites.yml new file mode 100644 index 000000000..0356b37dd --- /dev/null +++ b/playbooks/openstack/openshift-cluster/prerequisites.yml @@ -0,0 +1,12 @@ +--- +- hosts: localhost + tasks: + - name: Check dependencies and OpenStack prerequisites + include_role: + name: openshift_openstack + tasks_from: check-prerequisites.yml + + - name: Check network configuration + include_role: + name: openshift_openstack + tasks_from: net_vars_check.yaml diff --git a/playbooks/openstack/openshift-cluster/provision.yml b/playbooks/openstack/openshift-cluster/provision.yml new file mode 100644 index 000000000..36d8c8215 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/provision.yml @@ -0,0 +1,59 @@ +--- +- name: Create the OpenStack resources for cluster installation + hosts: localhost + tasks: + - name: provision cluster + include_role: + name: openshift_openstack + tasks_from: provision.yml + + +# NOTE(shadower): Bring in the host groups: +- name: evaluate groups + include: ../../init/evaluate_groups.yml + + +- name: Wait for the nodes and gather their facts + hosts: oo_all_hosts + become: yes + # NOTE: The nodes may not be up yet, don't gather facts here. + # They'll be collected after `wait_for_connection`. + gather_facts: no + tasks: + - name: Wait for the the nodes to come up + wait_for_connection: + + - name: Gather facts for the new nodes + setup: + + +# NOTE(shadower): the (internal) DNS must be functional at this point!! +# That will have happened in provision.yml if nsupdate was configured. + +# TODO(shadower): consider splitting this up so people can stop here +# and configure their DNS if they have to. +- name: Populate the DNS entries + hosts: localhost + tasks: + - name: Populate DNS entries + include_role: + name: openshift_openstack + tasks_from: populate-dns.yml + when: + - openshift_openstack_external_nsupdate_keys is defined + - openshift_openstack_external_nsupdate_keys.private is defined or openshift_openstack_external_nsupdate_keys.public is defined + +- name: Prepare the Nodes in the cluster for installation + hosts: oo_all_hosts + become: yes + gather_facts: yes + tasks: + - name: Install dependencies + include_role: + name: openshift_openstack + tasks_from: node-packages.yml + + - name: Configure Node + include_role: + name: openshift_openstack + tasks_from: node-configuration.yml diff --git a/playbooks/openstack/openshift-cluster/provision_install.yml b/playbooks/openstack/openshift-cluster/provision_install.yml new file mode 100644 index 000000000..5d88c105f --- /dev/null +++ b/playbooks/openstack/openshift-cluster/provision_install.yml @@ -0,0 +1,9 @@ +--- +- name: Check the prerequisites for cluster provisioning in OpenStack + include: prerequisites.yml + +- name: Include the provision.yml playbook to create cluster + include: provision.yml + +- name: Include the install.yml playbook to install cluster + include: install.yml diff --git a/playbooks/openstack/openshift-cluster/roles b/playbooks/openstack/openshift-cluster/roles new file mode 120000 index 000000000..e2b799b9d --- /dev/null +++ b/playbooks/openstack/openshift-cluster/roles @@ -0,0 +1 @@ +../../../roles/
\ No newline at end of file diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml new file mode 100644 index 000000000..1e55adb9e --- /dev/null +++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml @@ -0,0 +1,59 @@ +--- +openshift_deployment_type: origin +#openshift_deployment_type: openshift-enterprise +#openshift_release: v3.5 +openshift_master_default_subdomain: "apps.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" + +openshift_master_cluster_method: native +openshift_master_cluster_hostname: "console.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" +openshift_master_cluster_public_hostname: "{{ openshift_master_cluster_hostname }}" + +osm_default_node_selector: 'region=primary' + +openshift_hosted_router_wait: True +openshift_hosted_registry_wait: True + +## Openstack credentials +#openshift_cloudprovider_kind=openstack +#openshift_cloudprovider_openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}" +#openshift_cloudprovider_openstack_username: "{{ lookup('env','OS_USERNAME') }}" +#openshift_cloudprovider_openstack_password: "{{ lookup('env','OS_PASSWORD') }}" +#openshift_cloudprovider_openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}" +#openshift_cloudprovider_openstack_region="{{ lookup('env', 'OS_REGION_NAME') }}" + + +## Use Cinder volume for Openshift registry: +#openshift_hosted_registry_storage_kind: openstack +#openshift_hosted_registry_storage_access_modes: ['ReadWriteOnce'] +#openshift_hosted_registry_storage_openstack_filesystem: xfs + +## NOTE(shadower): This won't work until the openshift-ansible issue #5657 is fixed: +## https://github.com/openshift/openshift-ansible/issues/5657 +## If you're using the `openshift_openstack_cinder_hosted_registry_name` option from +## `all.yml`, uncomment these lines: +#openshift_hosted_registry_storage_openstack_volumeID: "{{ lookup('os_cinder', openshift_openstack_cinder_hosted_registry_name).id }}" +#openshift_hosted_registry_storage_volume_size: "{{ openshift_openstack_cinder_hosted_registry_size_gb }}Gi" + +## If you're using a Cinder volume you've set up yourself, uncomment these lines: +#openshift_hosted_registry_storage_openstack_volumeID: e0ba2d73-d2f9-4514-a3b2-a0ced507fa05 +#openshift_hosted_registry_storage_volume_size: 10Gi + + +# NOTE(shadower): the hostname check seems to always fail because the +# host's floating IP address doesn't match the address received from +# inside the host. +openshift_override_hostname_check: true + +# For POCs or demo environments that are using smaller instances than +# the official recommended values for RAM and DISK, uncomment the line below. +#openshift_disable_check: disk_availability,memory_availability + +# NOTE(shadower): Always switch to root on the OSEv3 nodes. +# openshift-ansible requires an explicit `become`. +ansible_become: true + +# # Flannel networking +#osm_cluster_network_cidr: 10.128.0.0/14 +#openshift_use_openshift_sdn: false +#openshift_use_flannel: true +#flannel_interface: eth1 diff --git a/playbooks/openstack/sample-inventory/group_vars/all.yml b/playbooks/openstack/sample-inventory/group_vars/all.yml new file mode 100644 index 000000000..921edb867 --- /dev/null +++ b/playbooks/openstack/sample-inventory/group_vars/all.yml @@ -0,0 +1,147 @@ +--- +openshift_openstack_clusterid: "openshift" +openshift_openstack_public_dns_domain: "example.com" +openshift_openstack_dns_nameservers: [] + +# # Used Hostnames +# # - set custom hostnames for roles by uncommenting corresponding lines +#openshift_openstack_master_hostname: "master" +#openshift_openstack_infra_hostname: "infra-node" +#openshift_openstack_node_hostname: "app-node" +#openshift_openstack_lb_hostname: "lb" +#openshift_openstack_etcd_hostname: "etcd" +#openshift_openstack_dns_hostname: "dns" + +openshift_openstack_keypair_name: "openshift" +openshift_openstack_external_network_name: "public" +#openshift_openstack_private_network_name: "openshift-ansible-{{ openshift_openstack_stack_name }}-net" +# # A dedicated Neutron network name for containers data network +# # Configures the data network to be separated from openshift_openstack_private_network_name +# # NOTE: this is only supported with Flannel SDN yet +#openstack_private_data_network_name: "openshift-ansible-{{ openshift_openstack_stack_name }}-data-net" + +## If you want to use a provider network, set its name here. +## NOTE: the `openshift_openstack_external_network_name` and +## `openshift_openstack_private_network_name` options will be ignored when using a +## provider network. +#openshift_openstack_provider_network_name: "provider" + +# # Used Images +# # - set specific images for roles by uncommenting corresponding lines +# # - note: do not remove openshift_openstack_default_image_name definition +#openshift_openstack_master_image_name: "centos7" +#openshift_openstack_infra_image_name: "centos7" +#openshift_openstack_node_image_name: "centos7" +#openshift_openstack_lb_image_name: "centos7" +#openshift_openstack_etcd_image_name: "centos7" +#openshift_openstack_dns_image_name: "centos7" +openshift_openstack_default_image_name: "centos7" + +openshift_openstack_num_masters: 1 +openshift_openstack_num_infra: 1 +openshift_openstack_num_nodes: 2 + +# # Used Flavors +# # - set specific flavors for roles by uncommenting corresponding lines +# # - note: do note remove openshift_openstack_default_flavor definition +#openshift_openstack_master_flavor: "m1.medium" +#openshift_openstack_infra_flavor: "m1.medium" +#openshift_openstack_node_flavor: "m1.medium" +#openshift_openstack_lb_flavor: "m1.medium" +#openshift_openstack_etcd_flavor: "m1.medium" +#openshift_openstack_dns_flavor: "m1.medium" +openshift_openstack_default_flavor: "m1.medium" + +# # Numerical index of nodes to remove +# openshift_openstack_nodes_to_remove: [] + +# # Docker volume size +# # - set specific volume size for roles by uncommenting corresponding lines +# # - note: do not remove docker_default_volume_size definition +#openshift_openstack_docker_master_volume_size: "15" +#openshift_openstack_docker_infra_volume_size: "15" +#openshift_openstack_docker_node_volume_size: "15" +#openshift_openstack_docker_etcd_volume_size: "2" +#openshift_openstack_docker_dns_volume_size: "1" +#openshift_openstack_docker_lb_volume_size: "5" +openshift_openstack_docker_volume_size: "15" + +## Specify server group policies for master and infra nodes. Nova must be configured to +## enable these policies. 'anti-affinity' will ensure that each VM is launched on a +## different physical host. +#openshift_openstack_master_server_group_policies: [anti-affinity] +#openshift_openstack_infra_server_group_policies: [anti-affinity] + +## Create a Cinder volume and use it for the OpenShift registry. +## NOTE: the openstack credentials and hosted registry options must be set in OSEv3.yml! +#openshift_openstack_cinder_hosted_registry_name: cinder-registry +#openshift_openstack_cinder_hosted_registry_size_gb: 10 + +## Set up a filesystem on the cinder volume specified in `OSEv3.yaml`. +## You need to specify the file system and volume ID in OSEv3 via +## `openshift_hosted_registry_storage_openstack_filesystem` and +## `openshift_hosted_registry_storage_openstack_volumeID`. +## WARNING: This will delete any data on the volume! +#openshift_openstack_prepare_and_format_registry_volume: False + +openshift_openstack_subnet_prefix: "192.168.99" + +## Red Hat subscription defaults to false which means we will not attempt to +## subscribe the nodes +#rhsm_register: False + +# # Using Red Hat Satellite: +#rhsm_register: True +#rhsm_satellite: 'sat-6.example.com' +#rhsm_org: 'OPENSHIFT_ORG' +#rhsm_activationkey: '<activation-key>' + +# # Or using RHN username, password and optionally pool: +#rhsm_register: True +#rhsm_username: '<username>' +#rhsm_password: '<password>' +#rhsm_pool: '<pool id>' + +#rhsm_repos: +# - "rhel-7-server-rpms" +# - "rhel-7-server-ose-3.5-rpms" +# - "rhel-7-server-extras-rpms" +# - "rhel-7-fast-datapath-rpms" + + +# # Roll-your-own DNS +#openshift_openstack_num_dns: 0 +#openshift_openstack_external_nsupdate_keys: +# public: +# key_secret: 'SKqKNdpfk7llKxZ57bbxUnUDobaaJp9t8CjXLJPl+fRI5mPcSBuxTAyvJPa6Y9R7vUg9DwCy/6WTpgLNqnV4Hg==' +# key_algorithm: 'hmac-md5' +# server: '192.168.1.1' +# private: +# key_secret: 'kVE2bVTgZjrdJipxPhID8BEZmbHD8cExlVPR+zbFpW6la8kL5wpXiwOh8q5AAosXQI5t95UXwq3Inx8QT58duw==' +# key_algorithm: 'hmac-md5' +# server: '192.168.1.2' + +# # Customize DNS server security options +#named_public_recursion: 'no' +#named_private_recursion: 'yes' + + +# NOTE(shadower): Do not change this value. The Ansible user is currently +# hardcoded to `openshift`. +ansible_user: openshift + +# # Use a single security group for a cluster (default: false) +#openshift_openstack_flat_secgrp: false + +# If you want to use the VM storage instead of Cinder volumes, set this to `true`. +# NOTE: this is for testing only! Your data will be gone once the VM disappears! +# openshift_openstack_ephemeral_volumes: false + +# # OpenShift node labels +# # - in order to customise node labels for app and/or infra group, set the +# # openshift_openstack_cluster_node_labels variable +#openshift_openstack_cluster_node_labels: +# app: +# region: primary +# infra: +# region: infra diff --git a/playbooks/openstack/sample-inventory/inventory.py b/playbooks/openstack/sample-inventory/inventory.py new file mode 100755 index 000000000..47c56d94d --- /dev/null +++ b/playbooks/openstack/sample-inventory/inventory.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python +""" +This is an Ansible dynamic inventory for OpenStack. + +It requires your OpenStack credentials to be set in clouds.yaml or your shell +environment. + +""" + +from __future__ import print_function + +import json + +import shade + + +def build_inventory(): + '''Build the dynamic inventory.''' + cloud = shade.openstack_cloud() + + inventory = {} + + # TODO(shadower): filter the servers based on the `OPENSHIFT_CLUSTER` + # environment variable. + cluster_hosts = [ + server for server in cloud.list_servers() + if 'metadata' in server and 'clusterid' in server.metadata] + + masters = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'master'] + + etcd = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'etcd'] + if not etcd: + etcd = masters + + infra_hosts = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'node' and + server.metadata['sub-host-type'] == 'infra'] + + app = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'node' and + server.metadata['sub-host-type'] == 'app'] + + nodes = list(set(masters + infra_hosts + app)) + + dns = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'dns'] + + load_balancers = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'lb'] + + osev3 = list(set(nodes + etcd + load_balancers)) + + inventory['cluster_hosts'] = {'hosts': [s.name for s in cluster_hosts]} + inventory['OSEv3'] = {'hosts': osev3} + inventory['masters'] = {'hosts': masters} + inventory['etcd'] = {'hosts': etcd} + inventory['nodes'] = {'hosts': nodes} + inventory['infra_hosts'] = {'hosts': infra_hosts} + inventory['app'] = {'hosts': app} + inventory['dns'] = {'hosts': dns} + inventory['lb'] = {'hosts': load_balancers} + + for server in cluster_hosts: + if 'group' in server.metadata: + group = server.metadata.group + if group not in inventory: + inventory[group] = {'hosts': []} + inventory[group]['hosts'].append(server.name) + + inventory['_meta'] = {'hostvars': {}} + + for server in cluster_hosts: + ssh_ip_address = server.public_v4 or server.private_v4 + hostvars = { + 'ansible_host': ssh_ip_address + } + + public_v4 = server.public_v4 or server.private_v4 + if public_v4: + hostvars['public_v4'] = public_v4 + # TODO(shadower): what about multiple networks? + if server.private_v4: + hostvars['private_v4'] = server.private_v4 + + node_labels = server.metadata.get('node_labels') + if node_labels: + hostvars['openshift_node_labels'] = node_labels + + inventory['_meta']['hostvars'][server.name] = hostvars + return inventory + + +if __name__ == '__main__': + print(json.dumps(build_inventory(), indent=4, sort_keys=True)) diff --git a/requirements.txt b/requirements.txt index bf95b4ff9..be1bde18e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,10 +1,11 @@ # Versions are pinned to prevent pypi releases arbitrarily breaking # tests with new APIs/semantics. We want to update versions deliberately. -ansible==2.3.1.0 +ansible==2.4.0.0 boto==2.34.0 click==6.7 pyOpenSSL==16.2.0 # We need to disable ruamel.yaml for now because of test failures #ruamel.yaml six==1.10.0 +shade==1.24.0 passlib==1.6.5 diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml index 09f4259a2..f60912033 100644 --- a/roles/cockpit-ui/tasks/main.yml +++ b/roles/cockpit-ui/tasks/main.yml @@ -41,6 +41,7 @@ command: > {{ openshift.common.client_binary }} new-app --template=registry-console {% if openshift_cockpit_deployer_prefix is defined %}-p IMAGE_PREFIX="{{ openshift_cockpit_deployer_prefix }}"{% endif %} + {% if openshift_cockpit_deployer_basename is defined %}-p IMAGE_BASENAME="{{ openshift_cockpit_deployer_basename }}"{% endif %} {% if openshift_cockpit_deployer_version is defined %}-p IMAGE_VERSION="{{ openshift_cockpit_deployer_version }}"{% endif %} -p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}" -p REGISTRY_HOST="{{ docker_registry_route.results[0].spec.host }}" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 3c814d8d8..69ee62790 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -53,7 +53,7 @@ - when: - l_use_crio - - dockerstat.stat.islink is defined and not (dockerstat.stat.islink | bool) + - dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool) block: - name: stop the current running docker systemd: diff --git a/roles/installer_checkpoint/README.md b/roles/installer_checkpoint/README.md index 18d182ec9..f8588c4bf 100644 --- a/roles/installer_checkpoint/README.md +++ b/roles/installer_checkpoint/README.md @@ -16,7 +16,7 @@ displaying and logging of the installer status at the end of a playbook run. To ensure the callback plugin is loaded, regardless of ansible.cfg file configuration, the plugin has been placed inside the installer_checkpoint role -which must be called early in playbook execution. The `std_include.yml` playbook +which must be called early in playbook execution. The `init/main.yml` playbook is run first for all entry point playbooks, therefore, the initialization of the checkpoint plugin has been placed at the beginning of that file. @@ -89,7 +89,7 @@ phase/component and then a final play for setting `installer_hase_initialize` to "Complete". ```yaml -# common/openshift-cluster/std_include.yml +# init/main.yml --- - name: Initialization Checkpoint Start hosts: all @@ -124,7 +124,7 @@ phase/component and then a final play for setting `installer_hase_initialize` to Each phase or component of the installer will follow a similar pattern, with the exception that the `installer_checkpoint` role does not need to be called since -it was already loaded by the play in `std_include.yml`. It is important to +it was already loaded by the play in `init/main.yml`. It is important to place the 'In Progress' and 'Complete' plays as the first and last plays of the phase or component. diff --git a/roles/kuryr/README.md b/roles/kuryr/README.md index 7b618f902..269788a11 100644 --- a/roles/kuryr/README.md +++ b/roles/kuryr/README.md @@ -31,6 +31,11 @@ pods. This allows to have interconnectivity between pods and OpenStack VMs. * ``kuryr_openstack_pod_service_id=service_subnet_uuid`` * ``kuryr_openstack_pod_project_id=pod_project_uuid`` * ``kuryr_openstack_worker_nodes_subnet_id=worker_nodes_subnet_uuid`` +* ``kuryr_openstack_enable_pools=True`` +* ``kuryr_openstack_pool_max=0`` +* ``kuryr_openstack_pool_min=1`` +* ``kuryr_openstack_pool_batch=5`` +* ``kuryr_openstack_pool_update_frequency=20`` ## Kuryr resources diff --git a/roles/kuryr/templates/configmap.yaml.j2 b/roles/kuryr/templates/configmap.yaml.j2 index e874d6c25..6bf6c1db2 100644 --- a/roles/kuryr/templates/configmap.yaml.j2 +++ b/roles/kuryr/templates/configmap.yaml.j2 @@ -161,6 +161,14 @@ data: # The driver that provides VIFs for Kubernetes Pods. (string value) pod_vif_driver = nested-vlan + # The driver that manages VIFs pools for Kubernetes Pods (string value) + vif_pool_driver = {{ kuryr_openstack_enable_pools | default(False) | ternary('nested', 'noop') }} + + [vif_pool] + ports_pool_max = {{ kuryr_openstack_pool_max | default(0) }} + ports_pool_min = {{ kuryr_openstack_pool_min | default(1) }} + ports_pool_batch = {{ kuryr_openstack_pool_batch | default(5) }} + ports_pool_update_frequency = {{ kuryr_openstack_pool_update_frequency | default(20) }} [neutron] # Configuration options for OpenStack Neutron diff --git a/roles/lib_openshift/library/oc_adm_policy_user.py b/roles/lib_openshift/library/oc_adm_policy_user.py index 1ceaf5d0d..92515889b 100644 --- a/roles/lib_openshift/library/oc_adm_policy_user.py +++ b/roles/lib_openshift/library/oc_adm_policy_user.py @@ -71,6 +71,12 @@ options: required: false default: None aliases: [] + role_namespace: + description: + - The namespace where to find the role + required: false + default: None + aliases: [] debug: description: - Turn on debug output. @@ -122,6 +128,14 @@ EXAMPLES = ''' resource_kind: cluster-role resource_name: system:build-strategy-docker state: present + +- name: oc adm policy add-role-to-user system:build-strategy-docker ausername --role-namespace foo + oc_adm_policy_user: + user: ausername + resource_kind: cluster-role + resource_name: system:build-strategy-docker + state: present + role_namespace: foo ''' # -*- -*- -*- End included fragment: doc/policy_user -*- -*- -*- @@ -2065,6 +2079,9 @@ class PolicyUser(OpenShiftCLI): self.config.config_options['name']['value'], self.config.config_options['user']['value']] + if self.config.config_options['role_namespace']['value'] is not None: + cmd.extend(['--role-namespace', self.config.config_options['role_namespace']['value']]) + return self.openshift_cmd(cmd, oadm=True) @staticmethod @@ -2085,6 +2102,7 @@ class PolicyUser(OpenShiftCLI): 'user': {'value': params['user'], 'include': False}, 'resource_kind': {'value': params['resource_kind'], 'include': False}, 'name': {'value': params['resource_name'], 'include': False}, + 'role_namespace': {'value': params['role_namespace'], 'include': False}, }) policyuser = PolicyUser(nconfig, params['debug']) @@ -2149,6 +2167,7 @@ def main(): debug=dict(default=False, type='bool'), resource_name=dict(required=True, type='str'), namespace=dict(default='default', type='str'), + role_namespace=dict(default=None, type='str'), kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), user=dict(required=True, type='str'), diff --git a/roles/lib_openshift/src/ansible/oc_adm_policy_user.py b/roles/lib_openshift/src/ansible/oc_adm_policy_user.py index a22496866..642001021 100644 --- a/roles/lib_openshift/src/ansible/oc_adm_policy_user.py +++ b/roles/lib_openshift/src/ansible/oc_adm_policy_user.py @@ -14,6 +14,7 @@ def main(): debug=dict(default=False, type='bool'), resource_name=dict(required=True, type='str'), namespace=dict(default='default', type='str'), + role_namespace=dict(default=None, type='str'), kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), user=dict(required=True, type='str'), diff --git a/roles/lib_openshift/src/class/oc_adm_policy_user.py b/roles/lib_openshift/src/class/oc_adm_policy_user.py index 6fc8145c8..481564c2d 100644 --- a/roles/lib_openshift/src/class/oc_adm_policy_user.py +++ b/roles/lib_openshift/src/class/oc_adm_policy_user.py @@ -148,6 +148,9 @@ class PolicyUser(OpenShiftCLI): self.config.config_options['name']['value'], self.config.config_options['user']['value']] + if self.config.config_options['role_namespace']['value'] is not None: + cmd.extend(['--role-namespace', self.config.config_options['role_namespace']['value']]) + return self.openshift_cmd(cmd, oadm=True) @staticmethod @@ -168,6 +171,7 @@ class PolicyUser(OpenShiftCLI): 'user': {'value': params['user'], 'include': False}, 'resource_kind': {'value': params['resource_kind'], 'include': False}, 'name': {'value': params['resource_name'], 'include': False}, + 'role_namespace': {'value': params['role_namespace'], 'include': False}, }) policyuser = PolicyUser(nconfig, params['debug']) diff --git a/roles/lib_openshift/src/doc/policy_user b/roles/lib_openshift/src/doc/policy_user index 351c9af65..a98652571 100644 --- a/roles/lib_openshift/src/doc/policy_user +++ b/roles/lib_openshift/src/doc/policy_user @@ -20,6 +20,12 @@ options: required: false default: None aliases: [] + role_namespace: + description: + - The namespace where to find the role + required: false + default: None + aliases: [] debug: description: - Turn on debug output. @@ -71,4 +77,12 @@ EXAMPLES = ''' resource_kind: cluster-role resource_name: system:build-strategy-docker state: present + +- name: oc adm policy add-role-to-user system:build-strategy-docker ausername --role-namespace foo + oc_adm_policy_user: + user: ausername + resource_kind: cluster-role + resource_name: system:build-strategy-docker + state: present + role_namespace: foo ''' diff --git a/roles/openshift_aws/templates/user_data.j2 b/roles/openshift_aws/templates/user_data.j2 index a8c7f9a95..fe0fe83d4 100644 --- a/roles/openshift_aws/templates/user_data.j2 +++ b/roles/openshift_aws/templates/user_data.j2 @@ -20,6 +20,7 @@ runcmd: - [ ansible-playbook, /root/openshift_bootstrap/bootstrap.yml] {% endif %} {% if launch_config_item.key != 'master' %} +- [ systemctl, restart, NetworkManager] - [ systemctl, enable, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node] - [ systemctl, start, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node] {% endif %} diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 587526d07..31f0f8e7a 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -97,10 +97,8 @@ --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_ca_config_dir }} - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_master_cert_expire_days }} --signer-expire-days={{ openshift_ca_cert_expire_days }} - {% endif %} --overwrite=false when: master_ca_missing | bool or openshift_certificates_redeploy | default(false) | bool delegate_to: "{{ openshift_ca_host }}" @@ -169,9 +167,7 @@ --signer-serial={{ openshift_ca_serial }} --user=system:openshift-master --basename=openshift-master - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_master_cert_expire_days }} - {% endif %} - name: Copy generated loopback master client config to master config dir copy: src: "{{ openshift_ca_loopback_tmpdir.stdout }}/{{ item }}" diff --git a/roles/openshift_cloud_provider/tasks/openstack.yml b/roles/openshift_cloud_provider/tasks/openstack.yml index 5788e6d74..324630491 100644 --- a/roles/openshift_cloud_provider/tasks/openstack.yml +++ b/roles/openshift_cloud_provider/tasks/openstack.yml @@ -1,8 +1,4 @@ --- -- fail: - msg: "The Openstack integration requires OpenShift Enterprise 3.2 or Origin 1.2." - when: not openshift.common.version_gte_3_2_or_1_2 | bool - - name: Create cloud config template: dest: "{{ openshift.common.config_base }}/cloudprovider/openstack.conf" diff --git a/roles/openshift_cluster_autoscaler/README.md b/roles/openshift_cluster_autoscaler/README.md new file mode 100644 index 000000000..d775a8a71 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/README.md @@ -0,0 +1,58 @@ +Openshift cluster autoscaler +================================ + +Install the cluster autoscaler + +Requirements +------------ + +* One or more Master servers +* A cloud provider that supports the cluster-autoscaler + +Role Variables +-------------- +Check defaults/main.yml + +Dependencies +------------ + + +Example Playbook +---------------- + +#!/usr/bin/ansible-playbook +``` +--- +- hosts: masters + gather_facts: no + remote_user: root + tasks: + - name: include role autoscaler + include_role: + name: openshift_cluster_autoscaler + vars: + openshift_clusterid: opstest + openshift_cluster_autoscaler_aws_key: <aws_key> + openshift_cluster_autoscaler_aws_secret_key: <aws_secret_key> +``` + + +Notes +----- + +This is currently experimental software. This role allows users to install the cluster-autoscaler and the necessary authorization pieces that allow the autoscaler to function. + + +This feature requires cloud provider credentials or a serviceaccount that has access to scale up/down nodes within the scaling groups. + +https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Openshift diff --git a/roles/openshift_cluster_autoscaler/defaults/main.yml b/roles/openshift_cluster_autoscaler/defaults/main.yml new file mode 100644 index 000000000..707e3c79b --- /dev/null +++ b/roles/openshift_cluster_autoscaler/defaults/main.yml @@ -0,0 +1,40 @@ +--- +openshift_cluster_autoscaler_name: cluster-autoscaler +openshift_cluster_autoscaler_version: 4 + +openshift_cluster_autoscaler_template_location: /tmp +openshift_cluster_autoscaler_template_name: "{{ openshift_cluster_autoscaler_name }}" + +openshift_cluster_autoscaler_node_selector: + type: infra + +openshift_cluster_autoscaler_state: present +openshift_cluster_autoscaler_namespace: openshift-infra +openshift_cluster_autoscaler_delete_config: True +openshift_cluster_autoscaler_skip_nodes_local_storage: False +openshift_cluster_autoscaler_serviceaccount: cluster-autoscaler +openshift_cluster_autoscaler_region: us-east-1 + +openshift_cluster_autoscaler_image: docker.io/openshift/kubernetes-autoscaler:v0.6.1 + +openshift_cluster_autoscaler_cloud_provider: aws + +# AWS specific variables here +openshift_cluster_autoscaler_aws_creds_name: aws-creds +openshift_cluster_autoscaler_aws_secret_name: autoscaler-credentials +openshift_cluster_autoscaler_aws_creds_path: "/var/run/secrets/{{ openshift_cluster_autoscaler_aws_creds_name }}/creds" +openshift_cluster_autoscaler_aws_env_vars: +- name: AWS_REGION + value: "{{ openshift_cluster_autoscaler_region }}" +- name: AWS_SHARED_CREDENTIALS_FILE + value: "{{ openshift_cluster_autoscaler_aws_creds_path }}" + +## End AWS vars ## + +openshift_cluster_autoscaler_env_vars: [] + + +openshift_cluster_autoscaler_node_groups: +- min: 3 + max: 10 + name: "{{ openshift_cluster_autoscaler_node_group_name | default(openshift_clusterid ~ ' openshift compute') }}" diff --git a/roles/openshift_cluster_autoscaler/files/clusterrole.yml b/roles/openshift_cluster_autoscaler/files/clusterrole.yml new file mode 100644 index 000000000..a4691888a --- /dev/null +++ b/roles/openshift_cluster_autoscaler/files/clusterrole.yml @@ -0,0 +1,41 @@ +--- +apiVersion: v1 +kind: ClusterRole +metadata: + name: system:cluster-autoscaler +rules: +- apiGroups: + - "" + resources: + - nodes + - persistentvolumeclaims + - persistentvolumes + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch + attributeRestrictions: null +- apiGroups: + - extensions + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - get + - list + - watch + attributeRestrictions: null +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + attributeRestrictions: null diff --git a/roles/openshift_cluster_autoscaler/files/role.yml b/roles/openshift_cluster_autoscaler/files/role.yml new file mode 100644 index 000000000..c2abb5435 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/files/role.yml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: Role +metadata: + name: cluster-autoscaler +rules: +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - cluster-autoscaler + - cluster-autoscaler-status + verbs: + - create + - get + - patch + - update + attributeRestrictions: null +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + attributeRestrictions: null +- apiGroups: + - "" + resources: + - events + verbs: + - create + attributeRestrictions: null diff --git a/roles/openshift_cluster_autoscaler/meta/main.yml b/roles/openshift_cluster_autoscaler/meta/main.yml new file mode 100644 index 000000000..d2bbd2576 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: +- lib_openshift diff --git a/roles/openshift_cluster_autoscaler/tasks/aws.yml b/roles/openshift_cluster_autoscaler/tasks/aws.yml new file mode 100644 index 000000000..f08e97ebc --- /dev/null +++ b/roles/openshift_cluster_autoscaler/tasks/aws.yml @@ -0,0 +1,17 @@ +--- +- when: openshift_cluster_autoscaler_cloud_provider == 'aws' + block: + - name: laydown the aws-credentials + template: + src: aws-creds.j2 + dest: "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_aws_creds_name }}" + when: openshift_cluster_autoscaler_state == 'present' + + - name: create the aws creds secret + oc_secret: + state: "{{ openshift_cluster_autoscaler_state }}" + name: "{{ openshift_cluster_autoscaler_aws_secret_name }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + files: + - name: creds + path: "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_aws_creds_name }}" diff --git a/roles/openshift_cluster_autoscaler/tasks/main.yml b/roles/openshift_cluster_autoscaler/tasks/main.yml new file mode 100644 index 000000000..173dcf044 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/tasks/main.yml @@ -0,0 +1,72 @@ +--- +- name: create the cluster-autoscaler serviceaccount + oc_serviceaccount: + name: "{{ openshift_cluster_autoscaler_serviceaccount }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + state: "{{ openshift_cluster_autoscaler_state }}" + +- name: copy the cluster-autoscaler files + copy: + src: "{{ item }}" + dest: "{{ openshift_cluster_autoscaler_template_location }}/{{ item }}" + with_items: + - clusterrole.yml + - role.yml + when: openshift_cluster_autoscaler_state == 'present' + +- name: "Ensure the cluster-autoscaler roles are {{ openshift_cluster_autoscaler_state }}" + oc_obj: + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + state: "{{ openshift_cluster_autoscaler_state }}" + kind: "{{ item.type }}" + name: "{{ item.name }}" + delete_after: "{{ openshift_cluster_autoscaler_delete_config }}" + files: + - "{{ openshift_cluster_autoscaler_template_location }}/{{ item.fname }}" + with_items: + - fname: clusterrole.yml + type: clusterrole + name: "system:{{ openshift_cluster_autoscaler_name }}" + - fname: role.yml + type: role + name: "{{ openshift_cluster_autoscaler_name }}" + +- include: aws.yml + when: openshift_cluster_autoscaler_cloud_provider == 'aws' + +- name: create the policies + oc_adm_policy_user: + state: "{{ openshift_cluster_autoscaler_state }}" + user: "system:serviceaccount:openshift-infra:{{ openshift_cluster_autoscaler_serviceaccount }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + resource_kind: "{{ item.name }}" + resource_name: cluster-autoscaler + role_namespace: "{{ item.role_namespace | default(omit) }}" + with_items: + - name: cluster-role + - name: role + role_namespace: "{{ openshift_cluster_autoscaler_namespace }}" + +- name: "grant cluster-reader to {{ openshift_cluster_autoscaler_serviceaccount }}" + oc_adm_policy_user: + state: "{{ openshift_cluster_autoscaler_state }}" + user: "system:serviceaccount:{{ openshift_cluster_autoscaler_namespace }}:{{ openshift_cluster_autoscaler_serviceaccount }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + resource_name: cluster-reader + resource_kind: cluster-role + +- name: laydown the deployment file for cluster-autoscaler + template: + src: cluster-autoscaler.j2 + dest: "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_template_name }}" + when: openshift_cluster_autoscaler_state == 'present' + +- name: "Ensure the cluster-autoscaler is {{ openshift_cluster_autoscaler_state }}" + oc_obj: + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + state: "{{ openshift_cluster_autoscaler_state }}" + kind: deployment + name: "{{ openshift_cluster_autoscaler_name }}" + delete_after: "{{ openshift_cluster_autoscaler_delete_config }}" + files: + - "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_template_name }}" diff --git a/roles/openshift_cluster_autoscaler/templates/aws-creds.j2 b/roles/openshift_cluster_autoscaler/templates/aws-creds.j2 new file mode 100644 index 000000000..28399e652 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/templates/aws-creds.j2 @@ -0,0 +1,3 @@ +[default] +aws_access_key_id = {{ openshift_cluster_autoscaler_aws_key }} +aws_secret_access_key = {{ openshift_cluster_autoscaler_aws_secret_key }} diff --git a/roles/openshift_cluster_autoscaler/templates/cluster-autoscaler.j2 b/roles/openshift_cluster_autoscaler/templates/cluster-autoscaler.j2 new file mode 100644 index 000000000..f76bce37b --- /dev/null +++ b/roles/openshift_cluster_autoscaler/templates/cluster-autoscaler.j2 @@ -0,0 +1,58 @@ +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ openshift_cluster_autoscaler_name }} + name: {{ openshift_cluster_autoscaler_name }} + namespace: {{ openshift_cluster_autoscaler_namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ openshift_cluster_autoscaler_name }} + role: infra + template: + metadata: + labels: + app: {{ openshift_cluster_autoscaler_name }} + role: infra + spec: + containers: + - args: + - --alsologtostderr + - --v={{ openshift_cluster_autoscaler_version }} + - --skip-nodes-with-local-storage={{ openshift_cluster_autoscaler_skip_nodes_local_storage }} + - --leader-elect-resource-lock=configmaps + - --namespace={{ openshift_cluster_autoscaler_namespace }} +{% if openshift_cluster_autoscaler_scale_down_delay is defined %} + - --scale-down-delay={{ openshift_cluster_autoscaler_scale_down_delay }} +{% endif %} + - --cloud-provider={{ openshift_cluster_autoscaler_cloud_provider }} +{% for group in openshift_cluster_autoscaler_node_groups %} + - --nodes={{ group.min }}:{{ group.max }}:{{ group.name }} +{% endfor %} +{% if openshift_cluster_autoscaler_cloud_provider == 'aws' %} + env: {{ openshift_cluster_autoscaler_aws_env_vars | union(openshift_cluster_autoscaler_env_vars) | to_json }} +{% else %} + env: {{ openshift_cluster_autoscaler_env_vars }} +{% endif %} + image: {{ openshift_cluster_autoscaler_image }} + name: autoscaler +{% if openshift_cluster_autoscaler_cloud_provider == 'aws' %} + volumeMounts: + - mountPath: {{ openshift_cluster_autoscaler_aws_creds_path | dirname }} + name: {{ openshift_cluster_autoscaler_aws_creds_name }} + readOnly: true +{% endif %} + nodeSelector: {{ openshift_cluster_autoscaler_node_selector | to_json }} + dnsPolicy: ClusterFirst + serviceAccountName: {{ openshift_cluster_autoscaler_serviceaccount }} + terminationGracePeriodSeconds: 30 +{% if openshift_cluster_autoscaler_cloud_provider == 'aws' %} + volumes: + - name: {{ openshift_cluster_autoscaler_aws_creds_name }} + secret: + defaultMode: 420 + secretName: {{ openshift_cluster_autoscaler_aws_secret_name }} +{% endif %} diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 699dc300f..99ebb7e36 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -490,7 +490,7 @@ def set_selectors(facts): facts['hosted']['metrics'] = {} if 'selector' not in facts['hosted']['metrics'] or facts['hosted']['metrics']['selector'] in [None, 'None']: facts['hosted']['metrics']['selector'] = None - if 'logging' not in facts: + if 'logging' not in facts or not isinstance(facts['logging'], dict): facts['logging'] = {} if 'selector' not in facts['logging'] or facts['logging']['selector'] in [None, 'None']: facts['logging']['selector'] = None @@ -806,7 +806,7 @@ def set_deployment_facts_if_unset(facts): # pylint: disable=too-many-statements def set_version_facts_if_unset(facts): """ Set version facts. This currently includes common.version and - common.version_gte_3_1_or_1_1. + common.version_gte_3_x Args: facts (dict): existing facts @@ -814,49 +814,19 @@ def set_version_facts_if_unset(facts): dict: the facts dict updated with version facts. """ if 'common' in facts: - deployment_type = facts['common']['deployment_type'] openshift_version = get_openshift_version(facts) if openshift_version and openshift_version != "latest": version = LooseVersion(openshift_version) facts['common']['version'] = openshift_version facts['common']['short_version'] = '.'.join([str(x) for x in version.version[0:2]]) - if deployment_type == 'origin': - version_gte_3_1_or_1_1 = version >= LooseVersion('1.1.0') - version_gte_3_1_1_or_1_1_1 = version >= LooseVersion('1.1.1') - version_gte_3_2_or_1_2 = version >= LooseVersion('1.2.0') - version_gte_3_3_or_1_3 = version >= LooseVersion('1.3.0') - version_gte_3_4_or_1_4 = version >= LooseVersion('1.4') - version_gte_3_5_or_1_5 = version >= LooseVersion('1.5') - version_gte_3_6 = version >= LooseVersion('3.6') - version_gte_3_7 = version >= LooseVersion('3.7') - version_gte_3_8 = version >= LooseVersion('3.8') - else: - version_gte_3_1_or_1_1 = version >= LooseVersion('3.0.2.905') - version_gte_3_1_1_or_1_1_1 = version >= LooseVersion('3.1.1') - version_gte_3_2_or_1_2 = version >= LooseVersion('3.1.1.901') - version_gte_3_3_or_1_3 = version >= LooseVersion('3.3.0') - version_gte_3_4_or_1_4 = version >= LooseVersion('3.4') - version_gte_3_5_or_1_5 = version >= LooseVersion('3.5') - version_gte_3_6 = version >= LooseVersion('3.6') - version_gte_3_7 = version >= LooseVersion('3.7') - version_gte_3_8 = version >= LooseVersion('3.8') + version_gte_3_6 = version >= LooseVersion('3.6') + version_gte_3_7 = version >= LooseVersion('3.7') + version_gte_3_8 = version >= LooseVersion('3.8') else: # 'Latest' version is set to True, 'Next' versions set to False - version_gte_3_1_or_1_1 = True - version_gte_3_1_1_or_1_1_1 = True - version_gte_3_2_or_1_2 = True - version_gte_3_3_or_1_3 = True - version_gte_3_4_or_1_4 = True - version_gte_3_5_or_1_5 = True version_gte_3_6 = True version_gte_3_7 = True version_gte_3_8 = False - facts['common']['version_gte_3_1_or_1_1'] = version_gte_3_1_or_1_1 - facts['common']['version_gte_3_1_1_or_1_1_1'] = version_gte_3_1_1_or_1_1_1 - facts['common']['version_gte_3_2_or_1_2'] = version_gte_3_2_or_1_2 - facts['common']['version_gte_3_3_or_1_3'] = version_gte_3_3_or_1_3 - facts['common']['version_gte_3_4_or_1_4'] = version_gte_3_4_or_1_4 - facts['common']['version_gte_3_5_or_1_5'] = version_gte_3_5_or_1_5 facts['common']['version_gte_3_6'] = version_gte_3_6 facts['common']['version_gte_3_7'] = version_gte_3_7 facts['common']['version_gte_3_8'] = version_gte_3_8 @@ -867,18 +837,8 @@ def set_version_facts_if_unset(facts): examples_content_version = 'v3.7' elif version_gte_3_6: examples_content_version = 'v3.6' - elif version_gte_3_5_or_1_5: - examples_content_version = 'v1.5' - elif version_gte_3_4_or_1_4: - examples_content_version = 'v1.4' - elif version_gte_3_3_or_1_3: - examples_content_version = 'v1.3' - elif version_gte_3_2_or_1_2: - examples_content_version = 'v1.2' - elif version_gte_3_1_or_1_1: - examples_content_version = 'v1.1' else: - examples_content_version = 'v1.0' + examples_content_version = 'v1.5' facts['common']['examples_content_version'] = examples_content_version diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py index 587c6f85c..4f91f6bb3 100644 --- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py +++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py @@ -12,15 +12,15 @@ DEPLOYMENT_IMAGE_INFO = { "origin": { "namespace": "openshift", "name": "origin", - "registry_console_template": "${prefix}kubernetes:${version}", "registry_console_prefix": "cockpit/", + "registry_console_basename": "kubernetes", "registry_console_default_version": "latest", }, "openshift-enterprise": { "namespace": "openshift3", "name": "ose", - "registry_console_template": "${prefix}registry-console:${version}", - "registry_console_prefix": "registry.access.redhat.com/openshift3/", + "registry_console_prefix": "openshift3/", + "registry_console_basename": "registry-console", "registry_console_default_version": "${short_version}", }, } @@ -156,7 +156,8 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): if 'oo_nodes_to_config' in host_groups: for suffix in NODE_IMAGE_SUFFIXES: required.add(image_url.replace("${component}", suffix).replace("${version}", image_tag)) - required.add(self._registry_console_image(image_tag, image_info)) + if self.get_var("osm_use_cockpit", default=True, convert=bool): + required.add(self._registry_console_image(image_tag, image_info)) # images for containerized components if self.get_var("openshift", "common", "is_containerized"): @@ -180,6 +181,10 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): "openshift_cockpit_deployer_prefix", default=image_info["registry_console_prefix"], ) + basename = self.get_var( + "openshift_cockpit_deployer_basename", + default=image_info["registry_console_basename"], + ) # enterprise template just uses v3.6, v3.7, etc match = re.match(r'v\d+\.\d+', image_tag) @@ -187,8 +192,7 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): version = image_info["registry_console_default_version"].replace("${short_version}", short_version) version = self.get_var("openshift_cockpit_deployer_version", default=version) - template = image_info["registry_console_template"] - return template.replace('${prefix}', prefix).replace('${version}', version) + return prefix + basename + ':' + version def local_images(self, images): """Filter a list of images and return those available locally.""" diff --git a/roles/openshift_health_checker/test/docker_image_availability_test.py b/roles/openshift_health_checker/test/docker_image_availability_test.py index 484aa72e0..ec46c3b4b 100644 --- a/roles/openshift_health_checker/test/docker_image_availability_test.py +++ b/roles/openshift_health_checker/test/docker_image_availability_test.py @@ -217,7 +217,7 @@ def test_registry_availability(image, registries, connection_test_failed, skopeo 'foo.io/openshift3/ose-docker-registry:f13ac45', 'foo.io/openshift3/ose-haproxy-router:f13ac45', # registry-console is not constructed/versioned the same as the others. - 'registry.access.redhat.com/openshift3/registry-console:vtest', + 'openshift3/registry-console:vtest', # containerized images aren't built from oreg_url 'openshift3/node:vtest', 'openshift3/openvswitch:vtest', @@ -261,7 +261,7 @@ def test_required_images(deployment_type, is_containerized, groups, oreg_url, ex openshift_deployment_type="openshift-enterprise", openshift_image_tag="vtest", ), - "registry.access.redhat.com/openshift3/registry-console:vtest", + "openshift3/registry-console:vtest", ), ( dict( openshift_deployment_type="openshift-enterprise", diff --git a/roles/openshift_hosted/tasks/secure.yml b/roles/openshift_hosted/tasks/secure.yml index 0da8ac8a7..174bc39a4 100644 --- a/roles/openshift_hosted/tasks/secure.yml +++ b/roles/openshift_hosted/tasks/secure.yml @@ -42,7 +42,7 @@ - "{{ openshift_hosted_registry_routehost }}" cert: "{{ docker_registry_cert_path }}" key: "{{ docker_registry_key_path }}" - expire_days: "{{ openshift_hosted_registry_cert_expire_days if openshift_version | oo_version_gte_3_5_or_1_5(openshift_deployment_type) | bool else omit }}" + expire_days: "{{ openshift_hosted_registry_cert_expire_days }}" register: registry_self_cert when: docker_registry_self_signed diff --git a/roles/openshift_hosted_metrics/handlers/main.yml b/roles/openshift_hosted_metrics/handlers/main.yml index 88b893448..074b72942 100644 --- a/roles/openshift_hosted_metrics/handlers/main.yml +++ b/roles/openshift_hosted_metrics/handlers/main.yml @@ -18,11 +18,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: diff --git a/roles/openshift_hosted_templates/files/v3.6/enterprise/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.6/enterprise/registry-console.yaml index f821efd6b..cc3159a32 100644 --- a/roles/openshift_hosted_templates/files/v3.6/enterprise/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.6/enterprise/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -102,7 +102,10 @@ objects: parameters: - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"' name: IMAGE_PREFIX - value: "registry.access.redhat.com/openshift3/" + value: "openshift3/" + - description: 'Specify component name for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", use base name "registry-console"' + name: IMAGE_BASENAME + value: "registry-console" - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:v3.6", set version "v3.6"' name: IMAGE_VERSION value: "v3.6" diff --git a/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml index a78146ca4..a75340eb7 100644 --- a/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -103,6 +103,9 @@ parameters: - description: 'Specify "registry/namespace" prefix for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", set prefix "registry.example.com/cockpit/"' name: IMAGE_PREFIX value: "cockpit/" + - description: 'Specify component name for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", use base name "kubernetes"' + name: IMAGE_BASENAME + value: "kubernetes" - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' name: IMAGE_VERSION value: latest diff --git a/roles/openshift_hosted_templates/files/v3.7/enterprise/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.7/enterprise/registry-console.yaml index 019d836fe..9f2e6125d 100644 --- a/roles/openshift_hosted_templates/files/v3.7/enterprise/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.7/enterprise/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -102,7 +102,10 @@ objects: parameters: - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"' name: IMAGE_PREFIX - value: "registry.access.redhat.com/openshift3/" + value: "openshift3/" + - description: 'Specify component name for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", use base name "registry-console"' + name: IMAGE_BASENAME + value: "registry-console" - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:v3.7", set version "v3.7"' name: IMAGE_VERSION value: "v3.7" diff --git a/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml index a78146ca4..a75340eb7 100644 --- a/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -103,6 +103,9 @@ parameters: - description: 'Specify "registry/namespace" prefix for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", set prefix "registry.example.com/cockpit/"' name: IMAGE_PREFIX value: "cockpit/" + - description: 'Specify component name for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", use base name "kubernetes"' + name: IMAGE_BASENAME + value: "kubernetes" - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' name: IMAGE_VERSION value: latest diff --git a/roles/openshift_hosted_templates/files/v3.8/enterprise/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.8/enterprise/registry-console.yaml index 5acbb02b3..f04ce06d3 100644 --- a/roles/openshift_hosted_templates/files/v3.8/enterprise/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.8/enterprise/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -102,7 +102,10 @@ objects: parameters: - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"' name: IMAGE_PREFIX - value: "registry.access.redhat.com/openshift3/" + value: "openshift3/" + - description: 'Specify component name for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", use base name "registry-console"' + name: IMAGE_BASENAME + value: "registry-console" - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:v3.8", set version "v3.8"' name: IMAGE_VERSION value: "v3.8" diff --git a/roles/openshift_hosted_templates/files/v3.8/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.8/origin/registry-console.yaml index a78146ca4..a75340eb7 100644 --- a/roles/openshift_hosted_templates/files/v3.8/origin/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.8/origin/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -103,6 +103,9 @@ parameters: - description: 'Specify "registry/namespace" prefix for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", set prefix "registry.example.com/cockpit/"' name: IMAGE_PREFIX value: "cockpit/" + - description: 'Specify component name for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", use base name "kubernetes"' + name: IMAGE_BASENAME + value: "kubernetes" - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' name: IMAGE_VERSION value: latest diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index 6c5bb8693..27cfc17d6 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -84,6 +84,7 @@ When `openshift_logging_install_logging` is set to `False` the `openshift_loggin - `openshift_logging_es_memory_limit`: The amount of RAM that should be assigned to ES. Defaults to '8Gi'. - `openshift_logging_es_log_appenders`: The list of rootLogger appenders for ES logs which can be: 'file', 'console'. Defaults to 'file'. - `openshift_logging_es_pv_selector`: A key/value map added to a PVC in order to select specific PVs. Defaults to 'None'. +- `openshift_logging_es_pvc_storage_class_name`: The name of the storage class to use for a static PVC. Defaults to ''. - `openshift_logging_es_pvc_dynamic`: Whether or not to add the dynamic PVC annotation for any generated PVCs. Defaults to 'False'. - `openshift_logging_es_pvc_size`: The requested size for the ES PVCs, when not provided the role will not generate any PVCs. Defaults to '""'. - `openshift_logging_es_pvc_prefix`: The prefix for the generated PVCs. Defaults to 'logging-es'. diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 626732d16..497c6e0c5 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -99,7 +99,7 @@ openshift_logging_es_log_appenders: ['file'] openshift_logging_es_memory_limit: "8Gi" openshift_logging_es_pv_selector: "{{ openshift_logging_storage_labels | default('') }}" openshift_logging_es_pvc_dynamic: "{{ openshift_logging_elasticsearch_pvc_dynamic | default(False) }}" -openshift_logging_es_pvc_size: "{{ openshift_logging_elasticsearch_pvc_size | default('') }}" +openshift_logging_es_pvc_size: '' openshift_logging_es_pvc_prefix: "{{ openshift_logging_elasticsearch_pvc_prefix | default('logging-es') }}" openshift_logging_es_recover_after_time: 5m openshift_logging_es_storage_group: "65534" diff --git a/roles/openshift_logging/handlers/main.yml b/roles/openshift_logging/handlers/main.yml index 88b893448..074b72942 100644 --- a/roles/openshift_logging/handlers/main.yml +++ b/roles/openshift_logging/handlers/main.yml @@ -18,11 +18,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index cec295d65..2fefdc894 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -79,10 +79,12 @@ openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}" openshift_logging_elasticsearch_deployment_name: "{{ outer_item.0.name }}" openshift_logging_elasticsearch_pvc_name: "{{ outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim.claimName if outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim is defined else openshift_logging_es_pvc_prefix ~ '-' ~ outer_item.2 if outer_item.1 is none else outer_item.1 }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_cluster_size | int }}" openshift_logging_elasticsearch_storage_type: "{{ elasticsearch_storage_type }}" openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" + openshift_logging_elasticsearch_pvc_storage_class_name: "{{ openshift_logging_es_pvc_storage_class_name }}" openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_nodeselector if outer_item.0.nodeSelector | default(None) is none else outer_item.0.nodeSelector }}" openshift_logging_elasticsearch_storage_group: "{{ [openshift_logging_es_storage_group] if outer_item.0.storageGroups | default([]) | length == 0 else outer_item.0.storageGroups }}" _es_containers: "{{ outer_item.0.containers}}" @@ -104,10 +106,12 @@ generated_certs_dir: "{{openshift.common.config_base}}/logging" openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}" openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix }}-{{ outer_item | int + openshift_logging_facts.elasticsearch.deploymentconfigs | count - 1 }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_cluster_size | int }}" openshift_logging_elasticsearch_storage_type: "{{ elasticsearch_storage_type }}" openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" + openshift_logging_elasticsearch_pvc_storage_class_name: "{{ openshift_logging_es_pvc_storage_class_name }}" with_sequence: count={{ openshift_logging_es_cluster_size | int - openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | count }} loop_control: @@ -144,6 +148,7 @@ openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic }}" openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" + openshift_logging_elasticsearch_pvc_storage_class_name: "{{ openshift_logging_es_ops_pvc_storage_class_name }}" openshift_logging_elasticsearch_memory_limit: "{{ openshift_logging_es_ops_memory_limit }}" openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_ops_cpu_limit }}" openshift_logging_elasticsearch_cpu_request: "{{ openshift_logging_es_ops_cpu_request }}" @@ -185,6 +190,7 @@ openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic }}" openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" + openshift_logging_elasticsearch_pvc_storage_class_name: "{{ openshift_logging_es_ops_pvc_storage_class_name }}" openshift_logging_elasticsearch_memory_limit: "{{ openshift_logging_es_ops_memory_limit }}" openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_ops_cpu_limit }}" openshift_logging_elasticsearch_cpu_request: "{{ openshift_logging_es_ops_cpu_request }}" diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml index 15f6a23e6..7f8e88036 100644 --- a/roles/openshift_logging/tasks/main.yaml +++ b/roles/openshift_logging/tasks/main.yaml @@ -3,17 +3,6 @@ msg: Only one Fluentd nodeselector key pair should be provided when: openshift_logging_fluentd_nodeselector.keys() | count > 1 -- name: Set default image variables based on deployment_type - include_vars: "{{ item }}" - with_first_found: - - "{{ openshift_deployment_type | default(deployment_type) }}.yml" - - "default_images.yml" - -- name: Set logging image facts - set_fact: - openshift_logging_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" - openshift_logging_image_version: "{{ openshift_logging_image_version | default(__openshift_logging_image_version) }}" - - name: Create temp directory for doing work in command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX register: mktemp diff --git a/roles/openshift_logging/vars/default_images.yml b/roles/openshift_logging/vars/default_images.yml deleted file mode 100644 index 1a77808f6..000000000 --- a/roles/openshift_logging/vars/default_images.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -__openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}" -__openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}" diff --git a/roles/openshift_logging/vars/openshift-enterprise.yml b/roles/openshift_logging/vars/openshift-enterprise.yml deleted file mode 100644 index f60fa8d7d..000000000 --- a/roles/openshift_logging/vars/openshift-enterprise.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -__openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('registry.access.redhat.com/openshift3/') }}" -__openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default ('v3.7') }}" diff --git a/roles/openshift_logging_curator/defaults/main.yml b/roles/openshift_logging_curator/defaults/main.yml index 9cae9f936..a0d221c32 100644 --- a/roles/openshift_logging_curator/defaults/main.yml +++ b/roles/openshift_logging_curator/defaults/main.yml @@ -1,7 +1,5 @@ --- ### General logging settings -openshift_logging_curator_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_curator_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_curator_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" openshift_logging_curator_master_url: "https://kubernetes.default.svc.cluster.local" diff --git a/roles/openshift_logging_curator/tasks/determine_version.yaml b/roles/openshift_logging_curator/tasks/determine_version.yaml index 94f8b4a97..2013f4e38 100644 --- a/roles/openshift_logging_curator/tasks/determine_version.yaml +++ b/roles/openshift_logging_curator/tasks/determine_version.yaml @@ -1,16 +1,16 @@ --- # debating making this a module instead? - fail: - msg: Missing version to install provided by 'openshift_logging_image_version' - when: not openshift_logging_image_version or openshift_logging_image_version == '' + msg: Missing version to install provided by 'openshift_logging_curator_image_version' + when: not openshift_logging_curator_image_version or openshift_logging_curator_image_version == '' - set_fact: curator_version: "{{ __latest_curator_version }}" - when: openshift_logging_image_version == 'latest' + when: openshift_logging_curator_image_version == 'latest' # should we just assume that we will have the correct major version? -- set_fact: curator_version="{{ openshift_logging_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" - when: openshift_logging_image_version != 'latest' +- set_fact: curator_version="{{ openshift_logging_curator_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" + when: openshift_logging_curator_image_version != 'latest' - fail: msg: Invalid version specified for Curator diff --git a/roles/openshift_logging_curator/tasks/main.yaml b/roles/openshift_logging_curator/tasks/main.yaml index fcaf18ed4..7ddf57450 100644 --- a/roles/openshift_logging_curator/tasks/main.yaml +++ b/roles/openshift_logging_curator/tasks/main.yaml @@ -1,4 +1,17 @@ --- +- name: Set default image variables based on deployment_type + include_vars: "{{ var_file_name }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + loop_control: + loop_var: var_file_name + +- name: Set curator image facts + set_fact: + openshift_logging_curator_image_prefix: "{{ openshift_logging_curator_image_prefix | default(__openshift_logging_curator_image_prefix) }}" + openshift_logging_curator_image_version: "{{ openshift_logging_curator_image_version | default(__openshift_logging_curator_image_version) }}" + - include: determine_version.yaml # allow passing in a tempdir @@ -35,7 +48,7 @@ name: "aggregated-logging-curator" namespace: "{{ openshift_logging_namespace }}" when: - - openshift_logging_image_pull_secret == '' + - openshift_logging_image_pull_secret == '' # configmap - copy: @@ -65,12 +78,12 @@ name: "logging-curator" namespace: "{{ openshift_logging_namespace }}" files: - - name: ca - path: "{{ generated_certs_dir }}/ca.crt" - - name: key - path: "{{ generated_certs_dir }}/system.logging.curator.key" - - name: cert - path: "{{ generated_certs_dir }}/system.logging.curator.crt" + - name: ca + path: "{{ generated_certs_dir }}/ca.crt" + - name: key + path: "{{ generated_certs_dir }}/system.logging.curator.key" + - name: cert + path: "{{ generated_certs_dir }}/system.logging.curator.crt" - set_fact: curator_name: "{{ 'logging-curator' ~ ( (openshift_logging_curator_ops_deployment | default(false) | bool) | ternary('-ops', '') ) }}" @@ -104,7 +117,7 @@ namespace: "{{ openshift_logging_namespace }}" kind: dc files: - - "{{ tempdir }}/templates/curator-dc.yaml" + - "{{ tempdir }}/templates/curator-dc.yaml" delete_after: true - name: Delete temp directory diff --git a/roles/openshift_logging_curator/vars/default_images.yml b/roles/openshift_logging_curator/vars/default_images.yml new file mode 100644 index 000000000..208b41afa --- /dev/null +++ b/roles/openshift_logging_curator/vars/default_images.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_curator_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_curator_image_version: "{{ openshift_logging_image_version | default('latest') }}" diff --git a/roles/openshift_logging_curator/vars/openshift-enterprise.yml b/roles/openshift_logging_curator/vars/openshift-enterprise.yml new file mode 100644 index 000000000..79cf131fd --- /dev/null +++ b/roles/openshift_logging_curator/vars/openshift-enterprise.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_curator_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_curator_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_logging_elasticsearch/defaults/main.yml b/roles/openshift_logging_elasticsearch/defaults/main.yml index 9fc6fd1d8..0ea913224 100644 --- a/roles/openshift_logging_elasticsearch/defaults/main.yml +++ b/roles/openshift_logging_elasticsearch/defaults/main.yml @@ -1,7 +1,5 @@ --- ### Common settings -openshift_logging_elasticsearch_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_elasticsearch_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_elasticsearch_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" openshift_logging_elasticsearch_namespace: logging @@ -33,6 +31,7 @@ openshift_logging_elasticsearch_pvc_name: "" openshift_logging_elasticsearch_pvc_size: "" openshift_logging_elasticsearch_pvc_dynamic: false openshift_logging_elasticsearch_pvc_pv_selector: {} +openshift_logging_elasticsearch_pvc_storage_class_name: "" openshift_logging_elasticsearch_pvc_access_modes: ['ReadWriteOnce'] openshift_logging_elasticsearch_storage_group: ['65534'] diff --git a/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml b/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml index 1a952b5cf..c53a06019 100644 --- a/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml @@ -1,18 +1,16 @@ --- # debating making this a module instead? - fail: - msg: Missing version to install provided by 'openshift_logging_image_version' - when: not openshift_logging_image_version or openshift_logging_image_version == '' + msg: Missing version to install provided by 'openshift_logging_elasticsearch_image_version' + when: not openshift_logging_elasticsearch_image_version or openshift_logging_elasticsearch_image_version == '' - set_fact: es_version: "{{ __latest_es_version }}" - when: openshift_logging_image_version == 'latest' - -- debug: var=openshift_logging_image_version + when: openshift_logging_elasticsearch_image_version == 'latest' # should we just assume that we will have the correct major version? -- set_fact: es_version="{{ openshift_logging_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" - when: openshift_logging_image_version != 'latest' +- set_fact: es_version="{{ openshift_logging_elasticsearch_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" + when: openshift_logging_elasticsearch_image_version != 'latest' - fail: msg: Invalid version specified for Elasticsearch diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index e7ef443bd..770892d52 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -15,18 +15,22 @@ elasticsearch_name: "{{ 'logging-elasticsearch' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '')) }}" es_component: "{{ 'es' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '') ) }}" -- include: determine_version.yaml - - name: Set default image variables based on deployment_type - include_vars: "{{ item }}" + include_vars: "{{ var_file_name }}" with_first_found: - "{{ openshift_deployment_type | default(deployment_type) }}.yml" - "default_images.yml" + loop_control: + loop_var: var_file_name -- name: Set elasticsearch_prefix image facts +- name: Set elasticsearch image facts set_fact: openshift_logging_elasticsearch_proxy_image_prefix: "{{ openshift_logging_elasticsearch_proxy_image_prefix | default(__openshift_logging_elasticsearch_proxy_image_prefix) }}" openshift_logging_elasticsearch_proxy_image_version: "{{ openshift_logging_elasticsearch_proxy_image_version | default(__openshift_logging_elasticsearch_proxy_image_version) }}" + openshift_logging_elasticsearch_image_prefix: "{{ openshift_logging_elasticsearch_image_prefix | default(__openshift_logging_elasticsearch_image_prefix) }}" + openshift_logging_elasticsearch_image_version: "{{ openshift_logging_elasticsearch_image_version | default(__openshift_logging_elasticsearch_image_version) }}" + +- include: determine_version.yaml # allow passing in a tempdir - name: Create temp directory for doing work in @@ -266,7 +270,7 @@ port: 443 targetPort: 4443 selector: - component: "{{ es_component }}-prometheus" + component: "{{ es_component }}" provider: openshift - oc_edit: diff --git a/roles/openshift_logging_elasticsearch/vars/default_images.yml b/roles/openshift_logging_elasticsearch/vars/default_images.yml index b7d105caf..cef49dd92 100644 --- a/roles/openshift_logging_elasticsearch/vars/default_images.yml +++ b/roles/openshift_logging_elasticsearch/vars/default_images.yml @@ -1,3 +1,5 @@ --- -__openshift_logging_elasticsearch_proxy_image_prefix: "docker.io/openshift/" -__openshift_logging_elasticsearch_proxy_image_version: "v1.0.0" +__openshift_logging_elasticsearch_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_elasticsearch_image_version: "{{ openshift_logging_image_version | default('latest') }}" +__openshift_logging_elasticsearch_proxy_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/') }}" +__openshift_logging_elasticsearch_proxy_image_version: "{{ openshift_logging_image_version | default('v1.0.0') }}" diff --git a/roles/openshift_logging_elasticsearch/vars/openshift-enterprise.yml b/roles/openshift_logging_elasticsearch/vars/openshift-enterprise.yml index 2fd960bb5..07d92896f 100644 --- a/roles/openshift_logging_elasticsearch/vars/openshift-enterprise.yml +++ b/roles/openshift_logging_elasticsearch/vars/openshift-enterprise.yml @@ -1,3 +1,5 @@ --- +__openshift_logging_elasticsearch_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_elasticsearch_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" __openshift_logging_elasticsearch_proxy_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" -__openshift_logging_elasticsearch_proxy_image_version: "v3.7" +__openshift_logging_elasticsearch_proxy_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_logging_eventrouter/defaults/main.yaml b/roles/openshift_logging_eventrouter/defaults/main.yaml index 4c0350c98..62542f496 100644 --- a/roles/openshift_logging_eventrouter/defaults/main.yaml +++ b/roles/openshift_logging_eventrouter/defaults/main.yaml @@ -1,6 +1,4 @@ --- -openshift_logging_eventrouter_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_eventrouter_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_eventrouter_replicas: 1 openshift_logging_eventrouter_sink: stdout openshift_logging_eventrouter_nodeselector: "" diff --git a/roles/openshift_logging_eventrouter/tasks/main.yaml b/roles/openshift_logging_eventrouter/tasks/main.yaml index 58e5a559f..b1f93eeb9 100644 --- a/roles/openshift_logging_eventrouter/tasks/main.yaml +++ b/roles/openshift_logging_eventrouter/tasks/main.yaml @@ -1,4 +1,17 @@ --- +- name: Set default image variables based on deployment_type + include_vars: "{{ var_file_name }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + loop_control: + loop_var: var_file_name + +- name: Set eventrouter image facts + set_fact: + openshift_logging_eventrouter_image_prefix: "{{ openshift_logging_eventrouter_image_prefix | default(__openshift_logging_eventrouter_image_prefix) }}" + openshift_logging_eventrouter_image_version: "{{ openshift_logging_eventrouter_image_version | default(__openshift_logging_eventrouter_image_version) }}" + - include: "{{ role_path }}/tasks/install_eventrouter.yaml" when: openshift_logging_install_eventrouter | default(false) | bool diff --git a/roles/openshift_logging_eventrouter/vars/default_images.yml b/roles/openshift_logging_eventrouter/vars/default_images.yml new file mode 100644 index 000000000..dbfe2d697 --- /dev/null +++ b/roles/openshift_logging_eventrouter/vars/default_images.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_eventrouter_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_eventrouter_image_version: "{{ openshift_logging_image_version | default('latest') }}" diff --git a/roles/openshift_logging_eventrouter/vars/openshift-enterprise.yml b/roles/openshift_logging_eventrouter/vars/openshift-enterprise.yml new file mode 100644 index 000000000..bb7dc6455 --- /dev/null +++ b/roles/openshift_logging_eventrouter/vars/openshift-enterprise.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_eventrouter_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_eventrouter_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_logging_fluentd/defaults/main.yml b/roles/openshift_logging_fluentd/defaults/main.yml index 861935c99..9b58e4456 100644 --- a/roles/openshift_logging_fluentd/defaults/main.yml +++ b/roles/openshift_logging_fluentd/defaults/main.yml @@ -1,7 +1,5 @@ --- ### General logging settings -openshift_logging_fluentd_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_fluentd_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_fluentd_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" openshift_logging_fluentd_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" openshift_logging_fluentd_namespace: logging diff --git a/roles/openshift_logging_fluentd/tasks/determine_version.yaml b/roles/openshift_logging_fluentd/tasks/determine_version.yaml index a1ba71b1b..6848eb512 100644 --- a/roles/openshift_logging_fluentd/tasks/determine_version.yaml +++ b/roles/openshift_logging_fluentd/tasks/determine_version.yaml @@ -1,16 +1,16 @@ --- # debating making this a module instead? - fail: - msg: Missing version to install provided by 'openshift_logging_image_version' - when: not openshift_logging_image_version or openshift_logging_image_version == '' + msg: Missing version to install provided by 'openshift_logging_fluentd_image_version' + when: not openshift_logging_fluentd_image_version or openshift_logging_fluentd_image_version == '' - set_fact: fluentd_version: "{{ __latest_fluentd_version }}" - when: openshift_logging_image_version == 'latest' + when: openshift_logging_fluentd_image_version == 'latest' # should we just assume that we will have the correct major version? -- set_fact: fluentd_version="{{ openshift_logging_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" - when: openshift_logging_image_version != 'latest' +- set_fact: fluentd_version="{{ openshift_logging_fluentd_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" + when: openshift_logging_fluentd_image_version != 'latest' - fail: msg: Invalid version specified for Fluentd diff --git a/roles/openshift_logging_fluentd/tasks/main.yaml b/roles/openshift_logging_fluentd/tasks/main.yaml index 2f89c3f9f..f8683ab75 100644 --- a/roles/openshift_logging_fluentd/tasks/main.yaml +++ b/roles/openshift_logging_fluentd/tasks/main.yaml @@ -34,6 +34,19 @@ msg: WARNING Use of openshift_logging_mux_client_mode=minimal is not recommended due to current scaling issues when: openshift_logging_mux_client_mode is defined and openshift_logging_mux_client_mode == 'minimal' +- name: Set default image variables based on deployment_type + include_vars: "{{ var_file_name }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + loop_control: + loop_var: var_file_name + +- name: Set fluentd image facts + set_fact: + openshift_logging_fluentd_image_prefix: "{{ openshift_logging_fluentd_image_prefix | default(__openshift_logging_fluentd_image_prefix) }}" + openshift_logging_fluentd_image_version: "{{ openshift_logging_fluentd_image_version | default(__openshift_logging_fluentd_image_version) }}" + - include: determine_version.yaml # allow passing in a tempdir @@ -69,7 +82,7 @@ name: "aggregated-logging-fluentd" namespace: "{{ openshift_logging_fluentd_namespace }}" when: - - openshift_logging_image_pull_secret == '' + - openshift_logging_image_pull_secret == '' # set service account scc - name: Set privileged permissions for Fluentd @@ -146,12 +159,12 @@ name: logging-fluentd namespace: "{{ openshift_logging_fluentd_namespace }}" files: - - name: ca - path: "{{ generated_certs_dir }}/ca.crt" - - name: key - path: "{{ generated_certs_dir }}/system.logging.fluentd.key" - - name: cert - path: "{{ generated_certs_dir }}/system.logging.fluentd.crt" + - name: ca + path: "{{ generated_certs_dir }}/ca.crt" + - name: key + path: "{{ generated_certs_dir }}/system.logging.fluentd.key" + - name: cert + path: "{{ generated_certs_dir }}/system.logging.fluentd.crt" # create Fluentd daemonset # this should change based on the type of fluentd deployment to be done... @@ -187,7 +200,7 @@ namespace: "{{ openshift_logging_fluentd_namespace }}" kind: daemonset files: - - "{{ tempdir }}/templates/logging-fluentd.yaml" + - "{{ tempdir }}/templates/logging-fluentd.yaml" delete_after: true # Scale up Fluentd diff --git a/roles/openshift_logging_fluentd/vars/default_images.yml b/roles/openshift_logging_fluentd/vars/default_images.yml new file mode 100644 index 000000000..6d127b730 --- /dev/null +++ b/roles/openshift_logging_fluentd/vars/default_images.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_fluentd_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_fluentd_image_version: "{{ openshift_logging_image_version | default('latest') }}" diff --git a/roles/openshift_logging_fluentd/vars/openshift-enterprise.yml b/roles/openshift_logging_fluentd/vars/openshift-enterprise.yml new file mode 100644 index 000000000..d0c74f1fb --- /dev/null +++ b/roles/openshift_logging_fluentd/vars/openshift-enterprise.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_fluentd_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_fluentd_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_logging_kibana/defaults/main.yml b/roles/openshift_logging_kibana/defaults/main.yml index 1366e96cd..6cdf7c8f3 100644 --- a/roles/openshift_logging_kibana/defaults/main.yml +++ b/roles/openshift_logging_kibana/defaults/main.yml @@ -2,8 +2,6 @@ ### Common settings openshift_logging_kibana_master_url: "https://kubernetes.default.svc.cluster.local" openshift_logging_kibana_master_public_url: "https://kubernetes.default.svc.cluster.local" -openshift_logging_kibana_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_kibana_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_kibana_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" openshift_logging_kibana_namespace: logging @@ -25,8 +23,6 @@ openshift_logging_kibana_edge_term_policy: Redirect openshift_logging_kibana_ops_deployment: false # Proxy settings -openshift_logging_kibana_proxy_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_kibana_proxy_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_kibana_proxy_debug: false openshift_logging_kibana_proxy_cpu_limit: null openshift_logging_kibana_proxy_cpu_request: 100m diff --git a/roles/openshift_logging_kibana/tasks/determine_version.yaml b/roles/openshift_logging_kibana/tasks/determine_version.yaml index 53e15af5f..63e5a89f1 100644 --- a/roles/openshift_logging_kibana/tasks/determine_version.yaml +++ b/roles/openshift_logging_kibana/tasks/determine_version.yaml @@ -1,16 +1,16 @@ --- # debating making this a module instead? - fail: - msg: Missing version to install provided by 'openshift_logging_image_version' - when: not openshift_logging_image_version or openshift_logging_image_version == '' + msg: Missing version to install provided by 'openshift_logging_kibana_image_version' + when: not openshift_logging_kibana_image_version or openshift_logging_kibana_image_version == '' - set_fact: kibana_version: "{{ __latest_kibana_version }}" - when: openshift_logging_image_version == 'latest' + when: openshift_logging_kibana_image_version == 'latest' # should we just assume that we will have the correct major version? -- set_fact: kibana_version="{{ openshift_logging_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" - when: openshift_logging_image_version != 'latest' +- set_fact: kibana_version="{{ openshift_logging_kibana_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" + when: openshift_logging_kibana_image_version != 'latest' - fail: msg: Invalid version specified for Kibana diff --git a/roles/openshift_logging_kibana/tasks/main.yaml b/roles/openshift_logging_kibana/tasks/main.yaml index 8ef8ede9a..9d99114c5 100644 --- a/roles/openshift_logging_kibana/tasks/main.yaml +++ b/roles/openshift_logging_kibana/tasks/main.yaml @@ -1,5 +1,19 @@ --- # fail is we don't have an endpoint for ES to connect to? +- name: Set default image variables based on deployment_type + include_vars: "{{ var_file_name }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + loop_control: + loop_var: var_file_name + +- name: Set kibana image facts + set_fact: + openshift_logging_kibana_image_prefix: "{{ openshift_logging_kibana_image_prefix | default(__openshift_logging_kibana_image_prefix) }}" + openshift_logging_kibana_image_version: "{{ openshift_logging_kibana_image_version | default(__openshift_logging_kibana_image_version) }}" + openshift_logging_kibana_proxy_image_prefix: "{{ openshift_logging_kibana_proxy_image_prefix | default(__openshift_logging_kibana_proxy_image_prefix) }}" + openshift_logging_kibana_proxy_image_version: "{{ openshift_logging_kibana_proxy_image_version | default(__openshift_logging_kibana_proxy_image_version) }}" - include: determine_version.yaml @@ -37,7 +51,7 @@ name: "aggregated-logging-kibana" namespace: "{{ openshift_logging_namespace }}" when: - - openshift_logging_image_pull_secret == '' + - openshift_logging_image_pull_secret == '' - set_fact: kibana_name: "{{ 'logging-kibana' ~ ( (openshift_logging_kibana_ops_deployment | default(false) | bool) | ternary('-ops', '')) }}" @@ -58,7 +72,7 @@ content: "{{ 200 | oo_random_word }}" dest: "{{ generated_certs_dir }}/session_secret" when: - - not session_secret_file.stat.exists + - not session_secret_file.stat.exists # gen oauth_secret if necessary - name: Generate oauth secret @@ -66,19 +80,19 @@ content: "{{ 64 | oo_random_word }}" dest: "{{ generated_certs_dir }}/oauth_secret" when: - - not oauth_secret_file.stat.exists + - not oauth_secret_file.stat.exists - name: Retrieving the cert to use when generating secrets for the logging components slurp: src: "{{ generated_certs_dir }}/{{ item.file }}" register: key_pairs with_items: - - { name: "ca_file", file: "ca.crt" } - - { name: "kibana_internal_key", file: "kibana-internal.key"} - - { name: "kibana_internal_cert", file: "kibana-internal.crt"} - - { name: "server_tls", file: "server-tls.json"} - - { name: "session_secret", file: "session_secret" } - - { name: "oauth_secret", file: "oauth_secret" } + - { name: "ca_file", file: "ca.crt" } + - { name: "kibana_internal_key", file: "kibana-internal.key"} + - { name: "kibana_internal_cert", file: "kibana-internal.crt"} + - { name: "server_tls", file: "server-tls.json"} + - { name: "session_secret", file: "session_secret" } + - { name: "oauth_secret", file: "oauth_secret" } # services - name: Set {{ kibana_name }} service @@ -92,8 +106,8 @@ labels: logging-infra: 'support' ports: - - port: 443 - targetPort: "oaproxy" + - port: 443 + targetPort: "oaproxy" # create routes # TODO: set up these certs differently? @@ -144,7 +158,7 @@ namespace: "{{ openshift_logging_namespace }}" kind: route files: - - "{{ tempdir }}/templates/kibana-route.yaml" + - "{{ tempdir }}/templates/kibana-route.yaml" # preserve list of current hostnames - name: Get current oauthclient hostnames @@ -173,7 +187,7 @@ namespace: "{{ openshift_logging_namespace }}" kind: oauthclient files: - - "{{ tempdir }}/templates/oauth-client.yml" + - "{{ tempdir }}/templates/oauth-client.yml" delete_after: true # create Kibana secret @@ -183,12 +197,12 @@ name: "logging-kibana" namespace: "{{ openshift_logging_namespace }}" files: - - name: ca - path: "{{ generated_certs_dir }}/ca.crt" - - name: key - path: "{{ generated_certs_dir }}/system.logging.kibana.key" - - name: cert - path: "{{ generated_certs_dir }}/system.logging.kibana.crt" + - name: ca + path: "{{ generated_certs_dir }}/ca.crt" + - name: key + path: "{{ generated_certs_dir }}/system.logging.kibana.key" + - name: cert + path: "{{ generated_certs_dir }}/system.logging.kibana.crt" # create Kibana-proxy secret - name: Set Kibana Proxy secret @@ -205,16 +219,16 @@ #- name: server-tls.json # path: "{{ generated_certs_dir }}/server-tls.json" contents: - - path: oauth-secret - data: "{{ key_pairs | entry_from_named_pair('oauth_secret') | b64decode }}" - - path: session-secret - data: "{{ key_pairs | entry_from_named_pair('session_secret') | b64decode }}" - - path: server-key - data: "{{ key_pairs | entry_from_named_pair('kibana_internal_key') | b64decode }}" - - path: server-cert - data: "{{ key_pairs | entry_from_named_pair('kibana_internal_cert') | b64decode }}" - - path: server-tls.json - data: "{{ key_pairs | entry_from_named_pair('server_tls') | b64decode }}" + - path: oauth-secret + data: "{{ key_pairs | entry_from_named_pair('oauth_secret') | b64decode }}" + - path: session-secret + data: "{{ key_pairs | entry_from_named_pair('session_secret') | b64decode }}" + - path: server-key + data: "{{ key_pairs | entry_from_named_pair('kibana_internal_key') | b64decode }}" + - path: server-cert + data: "{{ key_pairs | entry_from_named_pair('kibana_internal_cert') | b64decode }}" + - path: server-tls.json + data: "{{ key_pairs | entry_from_named_pair('server_tls') | b64decode }}" # create Kibana DC - name: Generate Kibana DC template @@ -245,7 +259,7 @@ namespace: "{{ openshift_logging_namespace }}" kind: dc files: - - "{{ tempdir }}/templates/kibana-dc.yaml" + - "{{ tempdir }}/templates/kibana-dc.yaml" delete_after: true # update master configs? diff --git a/roles/openshift_logging_kibana/vars/default_images.yml b/roles/openshift_logging_kibana/vars/default_images.yml new file mode 100644 index 000000000..db0f9b622 --- /dev/null +++ b/roles/openshift_logging_kibana/vars/default_images.yml @@ -0,0 +1,5 @@ +--- +__openshift_logging_kibana_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_kibana_image_version: "{{ openshift_logging_image_version | default('latest') }}" +__openshift_logging_kibana_proxy_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_kibana_proxy_image_version: "{{ openshift_logging_image_version | default('latest') }}" diff --git a/roles/openshift_logging_kibana/vars/openshift-enterprise.yml b/roles/openshift_logging_kibana/vars/openshift-enterprise.yml new file mode 100644 index 000000000..0be2e7252 --- /dev/null +++ b/roles/openshift_logging_kibana/vars/openshift-enterprise.yml @@ -0,0 +1,5 @@ +--- +__openshift_logging_kibana_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_kibana_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" +__openshift_logging_kibana_proxy_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_kibana_proxy_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_logging_mux/defaults/main.yml b/roles/openshift_logging_mux/defaults/main.yml index 9de686576..cd15da939 100644 --- a/roles/openshift_logging_mux/defaults/main.yml +++ b/roles/openshift_logging_mux/defaults/main.yml @@ -1,7 +1,5 @@ --- ### General logging settings -openshift_logging_mux_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_mux_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_mux_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" openshift_logging_mux_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" openshift_logging_mux_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true))) }}" diff --git a/roles/openshift_logging_mux/tasks/determine_version.yaml b/roles/openshift_logging_mux/tasks/determine_version.yaml index 229bcf3d5..769475dd5 100644 --- a/roles/openshift_logging_mux/tasks/determine_version.yaml +++ b/roles/openshift_logging_mux/tasks/determine_version.yaml @@ -1,16 +1,16 @@ --- # debating making this a module instead? - fail: - msg: Missing version to install provided by 'openshift_logging_image_version' - when: not openshift_logging_image_version or openshift_logging_image_version == '' + msg: Missing version to install provided by 'openshift_logging_mux_image_version' + when: not openshift_logging_mux_image_version or openshift_logging_mux_image_version == '' - set_fact: mux_version: "{{ __latest_mux_version }}" - when: openshift_logging_image_version == 'latest' + when: openshift_logging_mux_image_version == 'latest' # should we just assume that we will have the correct major version? -- set_fact: mux_version="{{ openshift_logging_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" - when: openshift_logging_image_version != 'latest' +- set_fact: mux_version="{{ openshift_logging_mux_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" + when: openshift_logging_mux_image_version != 'latest' - fail: msg: Invalid version specified for mux diff --git a/roles/openshift_logging_mux/tasks/main.yaml b/roles/openshift_logging_mux/tasks/main.yaml index 5b257139e..242d92188 100644 --- a/roles/openshift_logging_mux/tasks/main.yaml +++ b/roles/openshift_logging_mux/tasks/main.yaml @@ -7,6 +7,19 @@ msg: Operations logs destination is required when: not openshift_logging_mux_ops_host or openshift_logging_mux_ops_host == '' +- name: Set default image variables based on deployment_type + include_vars: "{{ var_file_name }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + loop_control: + loop_var: var_file_name + +- name: Set mux image facts + set_fact: + openshift_logging_mux_image_prefix: "{{ openshift_logging_mux_image_prefix | default(__openshift_logging_mux_image_prefix) }}" + openshift_logging_mux_image_version: "{{ openshift_logging_mux_image_version | default(__openshift_logging_mux_image_version) }}" + - include: determine_version.yaml # allow passing in a tempdir @@ -42,7 +55,7 @@ name: "aggregated-logging-mux" namespace: "{{ openshift_logging_mux_namespace }}" when: - - openshift_logging_image_pull_secret == '' + - openshift_logging_image_pull_secret == '' # set service account scc - name: Set privileged permissions for Mux @@ -112,14 +125,14 @@ name: logging-mux namespace: "{{ openshift_logging_mux_namespace }}" files: - - name: ca - path: "{{ generated_certs_dir }}/ca.crt" - - name: key - path: "{{ generated_certs_dir }}/system.logging.mux.key" - - name: cert - path: "{{ generated_certs_dir }}/system.logging.mux.crt" - - name: shared_key - path: "{{ generated_certs_dir }}/mux_shared_key" + - name: ca + path: "{{ generated_certs_dir }}/ca.crt" + - name: key + path: "{{ generated_certs_dir }}/system.logging.mux.key" + - name: cert + path: "{{ generated_certs_dir }}/system.logging.mux.crt" + - name: shared_key + path: "{{ generated_certs_dir }}/mux_shared_key" # services - name: Set logging-mux service for external communication @@ -133,11 +146,11 @@ labels: logging-infra: 'support' ports: - - name: mux-forward - port: "{{ openshift_logging_mux_port }}" - targetPort: "mux-forward" + - name: mux-forward + port: "{{ openshift_logging_mux_port }}" + targetPort: "mux-forward" external_ips: - - "{{ ansible_eth0.ipv4.address }}" + - "{{ ansible_eth0.ipv4.address }}" when: openshift_logging_mux_allow_external | bool - name: Set logging-mux service for internal communication @@ -151,9 +164,9 @@ labels: logging-infra: 'support' ports: - - name: mux-forward - port: "{{ openshift_logging_mux_port }}" - targetPort: "mux-forward" + - name: mux-forward + port: "{{ openshift_logging_mux_port }}" + targetPort: "mux-forward" when: not openshift_logging_mux_allow_external | bool # create Mux DC @@ -188,7 +201,7 @@ selector: "{{ openshift_logging_mux_file_buffer_pvc_pv_selector }}" storage_class_name: "{{ openshift_logging_mux_file_buffer_pvc_storage_class_name | default('', true) }}" when: - - openshift_logging_mux_file_buffer_storage_type == "pvc" + - openshift_logging_mux_file_buffer_storage_type == "pvc" - name: Set logging-mux DC oc_obj: @@ -197,7 +210,7 @@ namespace: "{{ openshift_logging_mux_namespace }}" kind: dc files: - - "{{ tempdir }}/templates/logging-mux-dc.yaml" + - "{{ tempdir }}/templates/logging-mux-dc.yaml" delete_after: true - name: Add mux namespaces diff --git a/roles/openshift_logging_mux/vars/default_images.yml b/roles/openshift_logging_mux/vars/default_images.yml new file mode 100644 index 000000000..bd5dc4504 --- /dev/null +++ b/roles/openshift_logging_mux/vars/default_images.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_mux_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_mux_image_version: "{{ openshift_logging_image_version | default('latest') }}" diff --git a/roles/openshift_logging_mux/vars/openshift-enterprise.yml b/roles/openshift_logging_mux/vars/openshift-enterprise.yml new file mode 100644 index 000000000..1e7eb9d8d --- /dev/null +++ b/roles/openshift_logging_mux/vars/openshift-enterprise.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_mux_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_mux_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index f67aee88b..fbbac1176 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -7,11 +7,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift_node_master_api_url }}/healthz/ready args: # Disables the following warning: diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 97a8735ee..3fb94fff8 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -67,3 +67,6 @@ openshift_master_bootstrap_enabled: False openshift_master_csr_sa: node-bootstrapper openshift_master_csr_namespace: openshift-infra + +openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml" +openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json" diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index f88c4a7dc..359536202 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -25,11 +25,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index c7c02d49b..b6d3539b1 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -18,12 +18,6 @@ - openshift.master.ha | bool - (openshift.master.cluster_method is not defined) or (openshift.master.cluster_method is defined and openshift.master.cluster_method not in ["native", "pacemaker"]) - fail: - msg: "'native' high availability is not supported for the requested OpenShift version" - when: - - openshift.master.ha | bool - - openshift.master.cluster_method == "native" - - not openshift.common.version_gte_3_1_or_1_1 | bool -- fail: msg: "openshift_master_cluster_password must be set for multi-master installations" when: - openshift.master.ha | bool @@ -222,8 +216,6 @@ when: openshift_master_bootstrap_enabled | default(False) - include: set_loopback_context.yml - when: - - openshift.common.version_gte_3_2_or_1_2 - name: Start and enable master api on first master systemd: diff --git a/roles/openshift_master/tasks/restart.yml b/roles/openshift_master/tasks/restart.yml new file mode 100644 index 000000000..4f8b758fd --- /dev/null +++ b/roles/openshift_master/tasks/restart.yml @@ -0,0 +1,22 @@ +--- +- name: Restart master API + service: + name: "{{ openshift.common.service_type }}-master-api" + state: restarted + when: openshift_master_ha | bool +- name: Wait for master API to come back online + wait_for: + host: "{{ openshift.common.hostname }}" + state: started + delay: 10 + port: "{{ openshift.master.api_port }}" + timeout: 600 + when: openshift_master_ha | bool +- name: Restart master controllers + service: + name: "{{ openshift.common.service_type }}-master-controllers" + state: restarted + # Ignore errrors since it is possible that type != simple for + # pre-3.1.1 installations. + ignore_errors: true + when: openshift_master_ha | bool diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index 8420dfb8c..b0fa72f19 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -2,9 +2,6 @@ # systemd_units.yml is included both in the openshift_master role and in the upgrade # playbooks. -- include: upgrade_facts.yml - when: openshift_master_defaults_in_use is not defined - - name: Set HA Service Info for containerized installs set_fact: containerized_svc_dir: "/etc/systemd/system" diff --git a/roles/openshift_master/tasks/upgrade.yml b/roles/openshift_master/tasks/upgrade.yml new file mode 100644 index 000000000..92371921d --- /dev/null +++ b/roles/openshift_master/tasks/upgrade.yml @@ -0,0 +1,45 @@ +--- +- include: upgrade/rpm_upgrade.yml + when: not openshift.common.is_containerized | bool + +- include: upgrade/upgrade_scheduler.yml + +# master_config_hook is passed in from upgrade play. +- include: "upgrade/{{ master_config_hook }}" + when: master_config_hook is defined + +- include: journald.yml + +- include: systemd_units.yml + +- name: Check for ca-bundle.crt + stat: + path: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + register: ca_bundle_stat + failed_when: false + +- name: Check for ca.crt + stat: + path: "{{ openshift.common.config_base }}/master/ca.crt" + register: ca_crt_stat + failed_when: false + +- name: Migrate ca.crt to ca-bundle.crt + command: mv ca.crt ca-bundle.crt + args: + chdir: "{{ openshift.common.config_base }}/master" + when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists + +- name: Link ca.crt to ca-bundle.crt + file: + src: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + path: "{{ openshift.common.config_base }}/master/ca.crt" + state: link + when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists + +- name: Update oreg value + yedit: + src: "{{ openshift.common.config_base }}/master/master-config.yaml" + key: 'imageConfig.format' + value: "{{ oreg_url | default(oreg_url_master) }}" + when: oreg_url is defined or oreg_url_master is defined diff --git a/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml index 8cc46ab68..f914a9978 100644 --- a/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml +++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml @@ -18,21 +18,3 @@ - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}" - "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}" - "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" - - PyYAML - when: - - component == "master" - - not openshift.common.is_atomic | bool - -- name: Upgrade node packages - package: name={{ node_pkgs | join(',') }} state=present - vars: - node_pkgs: - - "{{ openshift.common.service_type }}{{ openshift_pkg_version }}" - - "{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" - - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}" - - "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}" - - "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" - - PyYAML - when: - - component == "node" - - not openshift.common.is_atomic | bool diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_scheduler.yml b/roles/openshift_master/tasks/upgrade/upgrade_scheduler.yml index 8558bf3e9..8558bf3e9 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_scheduler.yml +++ b/roles/openshift_master/tasks/upgrade/upgrade_scheduler.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml b/roles/openshift_master/tasks/upgrade/v3_6/master_config_upgrade.yml index db0c8f886..db0c8f886 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml +++ b/roles/openshift_master/tasks/upgrade/v3_6/master_config_upgrade.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml b/roles/openshift_master/tasks/upgrade/v3_7/master_config_upgrade.yml index 1d4d1919c..1d4d1919c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml +++ b/roles/openshift_master/tasks/upgrade/v3_7/master_config_upgrade.yml diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 5bc135601..629fe3286 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -3,9 +3,6 @@ admissionConfig: pluginConfig:{{ openshift.master.admission_plugin_config | to_padded_yaml(level=2) }} {% endif %} apiLevels: -{% if not openshift.common.version_gte_3_1_or_1_1 | bool %} -- v1beta3 -{% endif %} - v1 apiVersion: v1 assetConfig: @@ -44,10 +41,9 @@ assetConfig: - {{ cipher_suite }} {% endfor %} {% endif %} -{% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %} +{% if openshift.master.audit_config | default(none) is not none %} auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }} {% endif %} -{% if openshift.common.version_gte_3_3_or_1_3 | bool %} controllerConfig: election: lockName: openshift-master-controllers @@ -55,7 +51,6 @@ controllerConfig: signer: certFile: service-signer.crt keyFile: service-signer.key -{% endif %} controllers: '*' corsAllowedOrigins: # anchor with start (\A) and end (\z) of the string, make the check case insensitive ((?i)) and escape hostname @@ -74,11 +69,7 @@ dnsConfig: bindNetwork: tcp4 {% endif %} etcdClientInfo: -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} ca: {{ "ca-bundle.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} -{% else %} - ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} -{% endif %} certFile: master.etcd-client.crt keyFile: master.etcd-client.key urls: @@ -92,20 +83,12 @@ etcdConfig: peerServingInfo: bindAddress: {{ openshift.master.bind_addr }}:7001 certFile: etcd.server.crt -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} clientCA: ca-bundle.crt -{% else %} - clientCA: ca.crt -{% endif %} keyFile: etcd.server.key servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.etcd_port }} certFile: etcd.server.crt -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} clientCA: ca-bundle.crt -{% else %} - clientCA: ca.crt -{% endif %} keyFile: etcd.server.key storageDirectory: {{ r_openshift_master_data_dir }}/openshift.local.etcd {% endif %} @@ -123,21 +106,12 @@ imagePolicyConfig:{{ openshift.master.image_policy_config | to_padded_yaml(level kind: MasterConfig kubeletClientInfo: {# TODO: allow user specified kubelet port #} -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} ca: ca-bundle.crt -{% else %} - ca: ca.crt -{% endif %} certFile: master.kubelet-client.crt keyFile: master.kubelet-client.key port: 10250 {% if openshift.master.embedded_kube | bool %} kubernetesMasterConfig: -{% if not openshift.common.version_gte_3_1_or_1_1 | bool %} - apiLevels: - - v1beta3 - - v1 -{% endif %} apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }} {% if r_openshift_master_etcd3_storage or ( r_openshift_master_clean_install and openshift.common.version_gte_3_6 ) %} storage-backend: @@ -160,21 +134,17 @@ kubernetesMasterConfig: {% endif %} masterClients: {# TODO: allow user to set externalKubernetesKubeConfig #} -{% if openshift.common.version_gte_3_3_or_1_3 | bool %} externalKubernetesClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json contentType: application/vnd.kubernetes.protobuf burst: {{ openshift_master_external_ratelimit_burst | default(400) }} qps: {{ openshift_master_external_ratelimit_qps | default(200) }} -{% endif %} externalKubernetesKubeConfig: "" -{% if openshift.common.version_gte_3_3_or_1_3 | bool %} openshiftLoopbackClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json contentType: application/vnd.kubernetes.protobuf burst: {{ openshift_master_loopback_ratelimit_burst | default(600) }} qps: {{ openshift_master_loopback_ratelimit_qps | default(300) }} -{% endif %} openshiftLoopbackKubeConfig: openshift-master.kubeconfig masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: @@ -208,11 +178,7 @@ oauthConfig: {% for line in translated_identity_providers.splitlines() %} {{ line }} {% endfor %} -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} masterCA: ca-bundle.crt -{% else %} - masterCA: ca.crt -{% endif %} masterPublicURL: {{ openshift.master.public_api_url }} masterURL: {{ openshift.master.api_url }} sessionConfig: @@ -245,11 +211,7 @@ serviceAccountConfig: - default - builder - deployer -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} masterCA: ca-bundle.crt -{% else %} - masterCA: ca.crt -{% endif %} privateKeyFile: serviceaccounts.private.key publicKeyFiles: - serviceaccounts.public.key diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 index e284413f7..fae021845 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 @@ -7,11 +7,7 @@ Wants={{ openshift.common.service_type }}-master-api.service Requires=network-online.target [Service] -{% if openshift.common.version_gte_3_1_1_or_1_1_1 | bool %} Type=notify -{% else %} -Type=simple -{% endif %} EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers Environment=GOTRACEBACK=crash ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index d9ffb1b6f..ec1fbb1ee 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -3,7 +3,7 @@ openshift_master_certs_no_etcd: - admin.crt - master.kubelet-client.crt - - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}" + - master.proxy-client.crt - master.server.crt - openshift-master.crt - openshift-registry.crt @@ -57,9 +57,7 @@ --hostnames={{ hostvars[item].openshift.common.all_hostnames | join(',') }} --cert={{ openshift_generated_configs_dir }}/master-{{ hostvars[item].openshift.common.hostname }}/master.server.crt --key={{ openshift_generated_configs_dir }}/master-{{ hostvars[item].openshift.common.hostname }}/master.server.key - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_master_cert_expire_days }} - {% endif %} --signer-cert={{ openshift_ca_cert }} --signer-key={{ openshift_ca_key }} --signer-serial={{ openshift_ca_serial }} @@ -87,9 +85,7 @@ --signer-serial={{ openshift_ca_serial }} --user=system:openshift-master --basename=openshift-master - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_master_cert_expire_days }} - {% endif %} args: creates: "{{ openshift_generated_configs_dir }}/master-{{ hostvars[item].openshift.common.hostname }}/openshift-master.kubeconfig" with_items: "{{ hostvars diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml index 0543872c9..40705d357 100644 --- a/roles/openshift_master_cluster/tasks/main.yml +++ b/roles/openshift_master_cluster/tasks/main.yml @@ -3,10 +3,6 @@ msg: "Not possible on atomic hosts for now" when: openshift.common.is_containerized | bool -- fail: - msg: "Pacemaker HA is unsupported on OpenShift Enterprise 3.2 and Origin 1.2" - when: openshift.master.cluster_method == "pacemaker" and openshift.common.version_gte_3_2_or_1_2 | bool - - name: Test if cluster is already configured command: pcs status register: pcs_status diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py index 97a5179e0..c827f2d26 100644 --- a/roles/openshift_master_facts/filter_plugins/openshift_master.py +++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py @@ -518,29 +518,16 @@ class FilterModule(object): 'admin.key', 'admin.kubeconfig', 'master.kubelet-client.crt', - 'master.kubelet-client.key'] + 'master.kubelet-client.key', + 'master.proxy-client.crt', + 'master.proxy-client.key', + 'service-signer.crt', + 'service-signer.key'] if bool(include_ca): certs += ['ca.crt', 'ca.key', 'ca-bundle.crt', 'client-ca-bundle.crt'] if bool(include_keys): certs += ['serviceaccounts.private.key', 'serviceaccounts.public.key'] - if bool(hostvars['openshift']['common']['version_gte_3_1_or_1_1']): - certs += ['master.proxy-client.crt', - 'master.proxy-client.key'] - if not bool(hostvars['openshift']['common']['version_gte_3_2_or_1_2']): - certs += ['openshift-master.crt', - 'openshift-master.key', - 'openshift-master.kubeconfig'] - if bool(hostvars['openshift']['common']['version_gte_3_3_or_1_3']): - certs += ['service-signer.crt', - 'service-signer.key'] - if not bool(hostvars['openshift']['common']['version_gte_3_5_or_1_5']): - certs += ['openshift-registry.crt', - 'openshift-registry.key', - 'openshift-registry.kubeconfig', - 'openshift-router.crt', - 'openshift-router.key', - 'openshift-router.kubeconfig'] return certs @staticmethod diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml index 88b893448..074b72942 100644 --- a/roles/openshift_metrics/handlers/main.yml +++ b/roles/openshift_metrics/handlers/main.yml @@ -18,11 +18,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: diff --git a/roles/openshift_node/files/bootstrap.yml b/roles/openshift_node/files/bootstrap.yml index ea280640f..a5545c81b 100644 --- a/roles/openshift_node/files/bootstrap.yml +++ b/roles/openshift_node/files/bootstrap.yml @@ -61,3 +61,11 @@ with_items: - line: "BOOTSTRAP_CONFIG_NAME=node-config-{{ openshift_group_type }}" regexp: "^BOOTSTRAP_CONFIG_NAME=.*" + + - name: "Start the {{ openshift_service_type }}-node service" + systemd: + daemon_reload: yes + state: restarted + enabled: True + name: "{{ openshift_service_type }}-node" + no_block: true diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 5bc7b9869..c32aa1600 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -13,9 +13,15 @@ galaxy_info: - cloud dependencies: - role: openshift_node_facts + when: not (openshift_node_upgrade_in_progress | default(False)) - role: lib_openshift - role: lib_os_firewall + when: not (openshift_node_upgrade_in_progress | default(False)) - role: openshift_clock + when: not (openshift_node_upgrade_in_progress | default(False)) - role: openshift_docker - role: openshift_cloud_provider + when: not (openshift_node_upgrade_in_progress | default(False)) - role: openshift_node_dnsmasq +- role: lib_utils + when: openshift_node_upgrade_in_progress | default(False) diff --git a/roles/openshift_node_upgrade/tasks/config/install-node-docker-service-file.yml b/roles/openshift_node/tasks/config/install-node-docker-service-file.yml index f92ff79b5..f92ff79b5 100644 --- a/roles/openshift_node_upgrade/tasks/config/install-node-docker-service-file.yml +++ b/roles/openshift_node/tasks/config/install-node-docker-service-file.yml diff --git a/roles/openshift_node_upgrade/tasks/docker/upgrade.yml b/roles/openshift_node/tasks/docker/upgrade.yml index ebe87d6fd..ebe87d6fd 100644 --- a/roles/openshift_node_upgrade/tasks/docker/upgrade.yml +++ b/roles/openshift_node/tasks/docker/upgrade.yml diff --git a/roles/openshift_node_upgrade/tasks/main.yml b/roles/openshift_node/tasks/upgrade.yml index c1c9e0062..2bca1e974 100644 --- a/roles/openshift_node_upgrade/tasks/main.yml +++ b/roles/openshift_node/tasks/upgrade.yml @@ -59,7 +59,7 @@ - include: "{{ node_config_hook }}" when: node_config_hook is defined -- include: rpm_upgrade.yml +- include: upgrade/rpm_upgrade.yml vars: component: "node" openshift_version: "{{ openshift_pkg_version | default('') }}" @@ -69,10 +69,8 @@ file: path: "/etc/systemd/system/docker.service.d/docker-sdn-ovs.conf" state: absent - when: (deployment_type == 'openshift-enterprise' and openshift_release | version_compare('3.4', '>=')) - or (deployment_type == 'origin' and openshift_release | version_compare('1.4', '>=')) -- include: containerized_node_upgrade.yml +- include: upgrade/containerized_node_upgrade.yml when: openshift.common.is_containerized | bool - name: Ensure containerized services stopped before Docker restart @@ -167,7 +165,7 @@ value: "/etc/origin/node/resolv.conf" # Restart all services -- include: restart.yml +- include: upgrade/restart.yml - name: Wait for node to be ready oc_obj: diff --git a/roles/openshift_node_upgrade/tasks/containerized_node_upgrade.yml b/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml index 07b0ac715..96b94d8b6 100644 --- a/roles/openshift_node_upgrade/tasks/containerized_node_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml @@ -6,7 +6,7 @@ skip_node_svc_handlers: True - name: Update systemd units - include: systemd_units.yml + include: ../systemd_units.yml # This is a no-op because of skip_node_svc_handlers, but lets us trigger it before end of # play when the node has already been marked schedulable again. (this would look strange diff --git a/roles/openshift_node_upgrade/tasks/restart.yml b/roles/openshift_node/tasks/upgrade/restart.yml index a4fa51172..a4fa51172 100644 --- a/roles/openshift_node_upgrade/tasks/restart.yml +++ b/roles/openshift_node/tasks/upgrade/restart.yml diff --git a/roles/openshift_node_upgrade/tasks/rpm_upgrade.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml index a998acf21..a998acf21 100644 --- a/roles/openshift_node_upgrade/tasks/rpm_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 718d35dca..d452cc45c 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -29,13 +29,11 @@ kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yam runtime-request-timeout: - 10m {% endif %} -{% if openshift.common.version_gte_3_3_or_1_3 | bool %} masterClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json contentType: application/vnd.kubernetes.protobuf burst: 200 qps: 100 -{% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig {% if openshift_node_use_openshift_sdn | bool %} networkPluginName: {{ openshift_node_sdn_network_plugin_name }} diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 1a775178d..97f1fbbdd 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -66,9 +66,7 @@ --signer-key={{ openshift_ca_key }} --signer-serial={{ openshift_ca_serial }} --user=system:node:{{ hostvars[item].openshift.common.hostname }} - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_node_cert_expire_days }} - {% endif %} args: creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}" with_items: "{{ hostvars @@ -82,9 +80,7 @@ {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-server-cert --cert={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.crt --key={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.key - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_node_cert_expire_days }} - {% endif %} --overwrite=true --hostnames={{ hostvars[item].openshift.common.hostname }},{{ hostvars[item].openshift.common.public_hostname }},{{ hostvars[item].openshift.common.ip }},{{ hostvars[item].openshift.common.public_ip }} --signer-cert={{ openshift_ca_cert }} diff --git a/roles/openshift_node_group/defaults/main.yml b/roles/openshift_node_group/defaults/main.yml index d398a7fdc..7c81409a5 100644 --- a/roles/openshift_node_group/defaults/main.yml +++ b/roles/openshift_node_group/defaults/main.yml @@ -23,4 +23,4 @@ openshift_node_group_network_plugin_default: "{{ os_sdn_network_plugin_name | de openshift_node_group_network_plugin: "{{ openshift_node_group_network_plugin_default }}" openshift_node_group_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" openshift_node_group_node_data_dir: "{{ openshift_node_group_node_data_dir_default }}" -openshift_node_group_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) }}" +openshift_node_group_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) | int }}" diff --git a/roles/openshift_node_group/templates/node-config.yaml.j2 b/roles/openshift_node_group/templates/node-config.yaml.j2 index 5e22dc6d2..3fd16247c 100644 --- a/roles/openshift_node_group/templates/node-config.yaml.j2 +++ b/roles/openshift_node_group/templates/node-config.yaml.j2 @@ -33,7 +33,7 @@ masterClientConnectionOverrides: qps: 20 masterKubeConfig: node.kubeconfig networkConfig: - mtu: "{{ openshift_node_group_network_mtu }}" + mtu: {{ openshift_node_group_network_mtu }} networkPluginName: {{ openshift_node_group_network_plugin }} nodeIP: "" podManifestConfig: null diff --git a/roles/openshift_node_upgrade/README.md b/roles/openshift_node_upgrade/README.md deleted file mode 100644 index 73b98ad90..000000000 --- a/roles/openshift_node_upgrade/README.md +++ /dev/null @@ -1,111 +0,0 @@ -OpenShift Node upgrade -========= - -Role responsible for a single node upgrade. -It is expected a node is functioning and a part of an OpenShift cluster. - -Requirements ------------- - -TODO - -Role Variables --------------- -From this role: - -| Name | Default value | | -|--------------------------------|-----------------------|--------------------------------------------------------| -| deployment_type | | Inventory var | -| docker_upgrade_nuke_images | | Optional inventory var | -| docker_version | | Optional inventory var | -| l_docker_upgrade | | | -| node_config_hook | | | -| openshift.docker.gte_1_10 | | | -| openshift_image_tag | | Set by openshift_version role | -| openshift_pkg_version | | Set by openshift_version role | -| openshift_release | | Set by openshift_version role | -| skip_docker_restart | | | -| openshift_cloudprovider_kind | | | - -From openshift.common: - -| Name | Default Value | | -|------------------------------------|---------------------|---------------------| -| openshift.common.config_base |---------------------|---------------------| -| openshift.common.hostname |---------------------|---------------------| -| openshift.common.http_proxy |---------------------|---------------------| -| openshift.common.is_atomic |---------------------|---------------------| -| openshift.common.is_containerized |---------------------|---------------------| -| openshift.common.portal_net |---------------------|---------------------| -| openshift.common.service_type |---------------------|---------------------| - -From openshift.master: - -| Name | Default Value | | -|------------------------------------|---------------------|---------------------| -| openshift.master.api_port |---------------------|---------------------| - -From openshift.node: - -| Name | Default Value | | -|------------------------------------|---------------------|---------------------| -| openshift.node.node_image |---------------------|---------------------| -| openshift.node.ovs_image |---------------------|---------------------| - - -Dependencies ------------- - - -TODO - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - -``` ---- -- name: Upgrade nodes - hosts: oo_nodes_to_upgrade - serial: 1 - any_errors_fatal: true - - pre_tasks: - - name: Mark unschedulable - command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=false - delegate_to: "{{ groups.oo_first_master.0 }}" - - - name: Drain Node for Kubelet upgrade - command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.admin_binary }} drain {{ openshift.node.nodename | lower }} --force --delete-local-data --ignore-daemonsets - delegate_to: "{{ groups.oo_first_master.0 }}" - register: l_docker_upgrade_drain_result - until: not l_docker_upgrade_drain_result | failed - retries: 60 - delay: 60 - - - roles: - - openshift_facts - - docker - - openshift_node_dnsmasq - - openshift_node_upgrade - - post_tasks: - - name: Set node schedulability - command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=true - delegate_to: "{{ groups.oo_first_master.0 }}" -``` - -License -------- - -Apache License, Version 2.0 - -Author Information ------------------- - -TODO diff --git a/roles/openshift_node_upgrade/defaults/main.yml b/roles/openshift_node_upgrade/defaults/main.yml deleted file mode 100644 index 1da434e6f..000000000 --- a/roles/openshift_node_upgrade/defaults/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -openshift_node_debug_level: "{{ debug_level | default(2) }}" - -openshift_use_openshift_sdn: True -os_sdn_network_plugin_name: "redhat/openshift-ovs-subnet" - -openshift_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" -openshift_node_data_dir: "{{ openshift_node_data_dir_default }}" - -# oreg_url is defined by user input -oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" -oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker" -oreg_auth_credentials_replace: False -l_bind_docker_reg_auth: False -openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False)) or (openshift_use_crio_only | default(False)) }}" diff --git a/roles/openshift_node_upgrade/files/nuke_images.sh b/roles/openshift_node_upgrade/files/nuke_images.sh deleted file mode 100644 index 8635eab0d..000000000 --- a/roles/openshift_node_upgrade/files/nuke_images.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# Stop any running containers -running_container_ids=`docker ps -q` -if test -n "$running_container_ids" -then - docker stop $running_container_ids -fi - -# Delete all containers -container_ids=`docker ps -a -q` -if test -n "$container_ids" -then - docker rm -f -v $container_ids -fi - -# Delete all images (forcefully) -image_ids=`docker images -aq` -if test -n "$image_ids" -then - # Some layers are deleted recursively and are no longer present - # when docker goes to remove them: - docker rmi -f `docker images -aq` || true -fi - diff --git a/roles/openshift_node_upgrade/handlers/main.yml b/roles/openshift_node_upgrade/handlers/main.yml deleted file mode 100644 index 90d80855e..000000000 --- a/roles/openshift_node_upgrade/handlers/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: restart openvswitch - systemd: - name: openvswitch - state: restarted - when: - - not skip_node_svc_handlers | default(False) | bool - - not (ovs_service_status_changed | default(false) | bool) - - openshift_use_openshift_sdn | bool - register: l_openshift_node_upgrade_stop_openvswitch_result - until: not l_openshift_node_upgrade_stop_openvswitch_result | failed - retries: 3 - delay: 30 - notify: - - restart openvswitch pause - -- name: restart openvswitch pause - pause: seconds=15 - when: (not skip_node_svc_handlers | default(False) | bool) and openshift.common.is_containerized | bool - -- name: restart node - systemd: - name: "{{ openshift.common.service_type }}-node" - state: restarted - register: l_openshift_node_upgrade_restart_node_result - until: not l_openshift_node_upgrade_restart_node_result | failed - retries: 3 - delay: 30 - when: - - (not skip_node_svc_handlers | default(False) | bool) - - not (node_service_status_changed | default(false) | bool) - -# TODO(jchaloup): once it is verified the systemd module works as expected -# switch to it: http://docs.ansible.com/ansible/latest/systemd_module.html -- name: reload systemd units - command: systemctl daemon-reload diff --git a/roles/openshift_node_upgrade/meta/main.yml b/roles/openshift_node_upgrade/meta/main.yml deleted file mode 100644 index a810b01dc..000000000 --- a/roles/openshift_node_upgrade/meta/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -galaxy_info: - author: your name - description: OpenShift Node upgrade - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 2.1 - platforms: - - name: EL - versions: - - 7 -dependencies: -- role: lib_utils diff --git a/roles/openshift_node_upgrade/tasks/config/configure-node-settings.yml b/roles/openshift_node_upgrade/tasks/config/configure-node-settings.yml deleted file mode 100644 index 527580481..000000000 --- a/roles/openshift_node_upgrade/tasks/config/configure-node-settings.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Configure Node settings - lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node - regexp: "{{ item.regex }}" - line: "{{ item.line }}" - create: true - with_items: - - regex: '^OPTIONS=' - line: "OPTIONS=--loglevel={{ openshift_node_debug_level }}" - - regex: '^CONFIG_FILE=' - line: "CONFIG_FILE={{ openshift.common.config_base }}/node/node-config.yaml" - - regex: '^IMAGE_VERSION=' - line: "IMAGE_VERSION={{ openshift_image_tag }}" - notify: - - restart node diff --git a/roles/openshift_node_upgrade/tasks/config/configure-proxy-settings.yml b/roles/openshift_node_upgrade/tasks/config/configure-proxy-settings.yml deleted file mode 100644 index d60794305..000000000 --- a/roles/openshift_node_upgrade/tasks/config/configure-proxy-settings.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Configure Proxy Settings - lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node - regexp: "{{ item.regex }}" - line: "{{ item.line }}" - create: true - with_items: - - regex: '^HTTP_PROXY=' - line: "HTTP_PROXY={{ openshift.common.http_proxy | default('') }}" - - regex: '^HTTPS_PROXY=' - line: "HTTPS_PROXY={{ openshift.common.https_proxy | default('') }}" - - regex: '^NO_PROXY=' - line: "NO_PROXY={{ openshift.common.no_proxy | default([]) }},{{ openshift.common.portal_net }},{{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }}" - when: ('http_proxy' in openshift.common and openshift.common.http_proxy != '') - notify: - - restart node diff --git a/roles/openshift_node_upgrade/tasks/config/install-node-deps-docker-service-file.yml b/roles/openshift_node_upgrade/tasks/config/install-node-deps-docker-service-file.yml deleted file mode 100644 index ee91a88ab..000000000 --- a/roles/openshift_node_upgrade/tasks/config/install-node-deps-docker-service-file.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Install Node dependencies docker service file - template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node-dep.service" - src: openshift.docker.node.dep.service - notify: - - reload systemd units - - restart node diff --git a/roles/openshift_node_upgrade/tasks/config/install-ovs-docker-service-file.yml b/roles/openshift_node_upgrade/tasks/config/install-ovs-docker-service-file.yml deleted file mode 100644 index c2c5ea1d4..000000000 --- a/roles/openshift_node_upgrade/tasks/config/install-ovs-docker-service-file.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Install OpenvSwitch docker service file - template: - dest: "/etc/systemd/system/openvswitch.service" - src: openvswitch.docker.service - notify: - - reload systemd units - - restart openvswitch diff --git a/roles/openshift_node_upgrade/tasks/config/install-ovs-service-env-file.yml b/roles/openshift_node_upgrade/tasks/config/install-ovs-service-env-file.yml deleted file mode 100644 index 1d75a3355..000000000 --- a/roles/openshift_node_upgrade/tasks/config/install-ovs-service-env-file.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Create the openvswitch service env file - template: - src: openvswitch.sysconfig.j2 - dest: /etc/sysconfig/openvswitch - notify: - - reload systemd units - - restart openvswitch diff --git a/roles/openshift_node_upgrade/tasks/config/workaround-bz1331590-ovs-oom-fix.yml b/roles/openshift_node_upgrade/tasks/config/workaround-bz1331590-ovs-oom-fix.yml deleted file mode 100644 index 5df1abc79..000000000 --- a/roles/openshift_node_upgrade/tasks/config/workaround-bz1331590-ovs-oom-fix.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# May be a temporary workaround. -# https://bugzilla.redhat.com/show_bug.cgi?id=1331590 -- name: Create OpenvSwitch service.d directory - file: path=/etc/systemd/system/openvswitch.service.d/ state=directory - -- name: Install OpenvSwitch service OOM fix - template: - dest: "/etc/systemd/system/openvswitch.service.d/01-avoid-oom.conf" - src: openvswitch-avoid-oom.conf - notify: - - reload systemd units - - restart openvswitch diff --git a/roles/openshift_node_upgrade/tasks/registry_auth.yml b/roles/openshift_node_upgrade/tasks/registry_auth.yml deleted file mode 100644 index f5428867a..000000000 --- a/roles/openshift_node_upgrade/tasks/registry_auth.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- name: Check for credentials file for registry auth - stat: - path: "{{ oreg_auth_credentials_path }}" - when: oreg_auth_user is defined - register: node_oreg_auth_credentials_stat - -- name: Create credentials for registry auth - command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" - when: - - not (openshift_docker_alternative_creds | default(False)) - - oreg_auth_user is defined - - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool - register: node_oreg_auth_credentials_create - retries: 3 - delay: 5 - until: node_oreg_auth_credentials_create.rc == 0 - notify: - - restart node - -# docker_creds is a custom module from lib_utils -# 'docker login' requires a docker.service running on the local host, this is an -# alternative implementation for non-docker hosts. This implementation does not -# check the registry to determine whether or not the credentials will work. -- name: Create credentials for registry auth (alternative) - docker_creds: - path: "{{ oreg_auth_credentials_path }}" - registry: "{{ oreg_host }}" - username: "{{ oreg_auth_user }}" - password: "{{ oreg_auth_password }}" - when: - - openshift_docker_alternative_creds | bool - - oreg_auth_user is defined - - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool - register: node_oreg_auth_credentials_create - notify: - - restart node - -# Container images may need the registry credentials -- name: Setup ro mount of /root/.docker for containerized hosts - set_fact: - l_bind_docker_reg_auth: True - when: - - openshift.common.is_containerized | bool - - oreg_auth_user is defined - - (node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace or node_oreg_auth_credentials_create.changed) | bool diff --git a/roles/openshift_node_upgrade/tasks/systemd_units.yml b/roles/openshift_node_upgrade/tasks/systemd_units.yml deleted file mode 100644 index 226f5290c..000000000 --- a/roles/openshift_node_upgrade/tasks/systemd_units.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# input variables -# - openshift.node.node_image -# - openshift_image_tag -# - openshift.common.is_containerized -# - openshift.node.ovs_image -# - openshift_use_openshift_sdn -# - openshift.common.service_type -# - openshift_node_debug_level -# - openshift.common.config_base -# - openshift.common.http_proxy -# - openshift.common.portal_net -# - openshift.common -# - openshift.common.http_proxy -# notify: -# - restart openvswitch -# - restart node - -# This file is included both in the openshift_master role and in the upgrade -# playbooks. -- include: config/install-node-deps-docker-service-file.yml - when: openshift.common.is_containerized | bool - -- include: config/install-node-docker-service-file.yml - when: openshift.common.is_containerized | bool - -- include: config/install-ovs-service-env-file.yml - when: openshift.common.is_containerized | bool - -- include: config/workaround-bz1331590-ovs-oom-fix.yml - when: openshift_use_openshift_sdn | bool - -- include: config/install-ovs-docker-service-file.yml - when: openshift.common.is_containerized | bool and openshift_use_openshift_sdn | bool - -- include: config/configure-node-settings.yml -- include: config/configure-proxy-settings.yml diff --git a/roles/openshift_node_upgrade/templates/node.service.j2 b/roles/openshift_node_upgrade/templates/node.service.j2 deleted file mode 100644 index e12a52c15..000000000 --- a/roles/openshift_node_upgrade/templates/node.service.j2 +++ /dev/null @@ -1,31 +0,0 @@ -[Unit] -Description=OpenShift Node -After={{ openshift.docker.service_name }}.service -Wants=openvswitch.service -After=ovsdb-server.service -After=ovs-vswitchd.service -Wants={{ openshift.docker.service_name }}.service -Documentation=https://github.com/openshift/origin -Requires=dnsmasq.service -After=dnsmasq.service - -[Service] -Type=notify -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node -Environment=GOTRACEBACK=crash -ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/ -ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1 -ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf -ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string: -ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS -LimitNOFILE=65536 -LimitCORE=infinity -WorkingDirectory=/var/lib/origin/ -SyslogIdentifier={{ openshift.common.service_type }}-node -Restart=always -RestartSec=5s -TimeoutStartSec=300 -OOMScoreAdjust=-999 - -[Install] -WantedBy=multi-user.target diff --git a/roles/openshift_node_upgrade/templates/openshift.docker.node.dep.service b/roles/openshift_node_upgrade/templates/openshift.docker.node.dep.service deleted file mode 100644 index aae35719c..000000000 --- a/roles/openshift_node_upgrade/templates/openshift.docker.node.dep.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Requires={{ openshift.docker.service_name }}.service -After={{ openshift.docker.service_name }}.service -PartOf={{ openshift.common.service_type }}-node.service -Before={{ openshift.common.service_type }}-node.service - - -[Service] -ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro --volume=/etc/containers/registries:/etc/containers/registries:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" -ExecStop= -SyslogIdentifier={{ openshift.common.service_type }}-node-dep diff --git a/roles/openshift_node_upgrade/templates/openshift.docker.node.service b/roles/openshift_node_upgrade/templates/openshift.docker.node.service deleted file mode 100644 index 07d1ebc3c..000000000 --- a/roles/openshift_node_upgrade/templates/openshift.docker.node.service +++ /dev/null @@ -1,50 +0,0 @@ -[Unit] -After={{ openshift.common.service_type }}-master.service -After={{ openshift.docker.service_name }}.service -After=openvswitch.service -PartOf={{ openshift.docker.service_name }}.service -Requires={{ openshift.docker.service_name }}.service -{% if openshift_use_openshift_sdn %} -Wants=openvswitch.service -PartOf=openvswitch.service -After=ovsdb-server.service -After=ovs-vswitchd.service -{% endif %} -Wants={{ openshift.common.service_type }}-master.service -Requires={{ openshift.common.service_type }}-node-dep.service -After={{ openshift.common.service_type }}-node-dep.service -Requires=dnsmasq.service -After=dnsmasq.service - -[Service] -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep -ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node -ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/ -ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1 -ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node \ - --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node \ - -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} \ - -e HOST=/rootfs -e HOST_ETC=/host-etc \ - -v {{ openshift_node_data_dir }}:{{ openshift_node_data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} \ - -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node \ - {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} \ - -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro \ - -v /run:/run -v /sys:/sys:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw \ - -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker \ - -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch \ - -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni \ - -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log \ - -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS -v /etc/pki:/etc/pki:ro \ - {% if l_bind_docker_reg_auth %} -v {{ oreg_auth_credentials_path }}:/root/.docker:ro{% endif %}\ - {{ openshift.node.node_image }}:${IMAGE_VERSION} -ExecStartPost=/usr/bin/sleep 10 -ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node -ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf -ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string: -SyslogIdentifier={{ openshift.common.service_type }}-node -Restart=always -RestartSec=5s - -[Install] -WantedBy={{ openshift.docker.service_name }}.service diff --git a/roles/openshift_node_upgrade/templates/openvswitch-avoid-oom.conf b/roles/openshift_node_upgrade/templates/openvswitch-avoid-oom.conf deleted file mode 100644 index 3229bc56b..000000000 --- a/roles/openshift_node_upgrade/templates/openvswitch-avoid-oom.conf +++ /dev/null @@ -1,3 +0,0 @@ -# Avoid the OOM killer for openvswitch and it's children: -[Service] -OOMScoreAdjust=-1000 diff --git a/roles/openshift_node_upgrade/templates/openvswitch.docker.service b/roles/openshift_node_upgrade/templates/openvswitch.docker.service deleted file mode 100644 index 34aaaabd6..000000000 --- a/roles/openshift_node_upgrade/templates/openvswitch.docker.service +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -After={{ openshift.docker.service_name }}.service -Requires={{ openshift.docker.service_name }}.service -PartOf={{ openshift.docker.service_name }}.service - -[Service] -EnvironmentFile=/etc/sysconfig/openvswitch -ExecStartPre=-/usr/bin/docker rm -f openvswitch -ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ openshift.node.ovs_image }}:${IMAGE_VERSION} -ExecStartPost=/usr/bin/sleep 5 -ExecStop=/usr/bin/docker stop openvswitch -SyslogIdentifier=openvswitch -Restart=always -RestartSec=5s - -[Install] -WantedBy={{ openshift.docker.service_name }}.service diff --git a/roles/openshift_node_upgrade/templates/openvswitch.sysconfig.j2 b/roles/openshift_node_upgrade/templates/openvswitch.sysconfig.j2 deleted file mode 100644 index da7c3742a..000000000 --- a/roles/openshift_node_upgrade/templates/openvswitch.sysconfig.j2 +++ /dev/null @@ -1 +0,0 @@ -IMAGE_VERSION={{ openshift_image_tag }} diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml new file mode 100644 index 000000000..5f182e0d6 --- /dev/null +++ b/roles/openshift_openstack/defaults/main.yml @@ -0,0 +1,96 @@ +--- +openshift_openstack_stack_state: 'present' + +openshift_openstack_ssh_ingress_cidr: 0.0.0.0/0 +openshift_openstack_node_ingress_cidr: 0.0.0.0/0 +openshift_openstack_lb_ingress_cidr: 0.0.0.0/0 +openshift_openstack_bastion_ingress_cidr: 0.0.0.0/0 +openshift_openstack_num_etcd: 0 +openshift_openstack_num_masters: 1 +openshift_openstack_num_nodes: 1 +openshift_openstack_num_dns: 0 +openshift_openstack_num_infra: 1 +openshift_openstack_dns_nameservers: [] +openshift_openstack_nodes_to_remove: [] + + +openshift_openstack_cluster_node_labels: + app: + region: primary + infra: + region: infra + +openshift_openstack_install_debug_packages: false +openshift_openstack_required_packages: + - docker + - NetworkManager + - wget + - git + - net-tools + - bind-utils + - bridge-utils +openshift_openstack_debug_packages: + - bash-completion + - vim-enhanced + +# container-storage-setup +openshift_openstack_container_storage_setup: + docker_dev: "/dev/sdb" + docker_vg: "docker-vol" + docker_data_size: "95%VG" + docker_dm_basesize: "3G" + container_root_lv_name: "dockerlv" + container_root_lv_mount_path: "/var/lib/docker" + + +# populate-dns +openshift_openstack_dns_records_add: [] +openshift_openstack_external_nsupdate_keys: {} + +openshift_openstack_full_dns_domain: "{{ (openshift_openstack_clusterid|trim == '') | ternary(openshift_openstack_public_dns_domain, openshift_openstack_clusterid + '.' + openshift_openstack_public_dns_domain) }}" +openshift_openstack_app_subdomain: "apps" + + +# heat vars +openshift_openstack_clusterid: openshift +openshift_openstack_stack_name: "{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" +openshift_openstack_subnet_prefix: "192.168.99" +openshift_openstack_master_hostname: master +openshift_openstack_infra_hostname: infra-node +openshift_openstack_node_hostname: app-node +openshift_openstack_lb_hostname: lb +openshift_openstack_etcd_hostname: etcd +openshift_openstack_dns_hostname: dns +openshift_openstack_keypair_name: openshift +openshift_openstack_lb_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_etcd_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_master_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_node_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_infra_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_dns_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_master_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_infra_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_node_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_lb_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_etcd_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_dns_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_provider_network_name: null +openshift_openstack_external_network_name: null +openshift_openstack_private_network: >- + {% if openshift_openstack_provider_network_name | default(None) -%} + {{ openshift_openstack_provider_network_name }} + {%- else -%} + {{ openshift_openstack_private_network_name | default ('openshift-ansible-' + openshift_openstack_stack_name + '-net') }} + {%- endif -%} +openshift_openstack_master_server_group_policies: [] +openshift_openstack_infra_server_group_policies: [] +openshift_openstack_docker_volume_size: 15 +openshift_openstack_master_volume_size: "{{ openshift_openstack_docker_volume_size }}" +openshift_openstack_infra_volume_size: "{{ openshift_openstack_docker_volume_size }}" +openshift_openstack_node_volume_size: "{{ openshift_openstack_docker_volume_size }}" +openshift_openstack_etcd_volume_size: 2 +openshift_openstack_dns_volume_size: 1 +openshift_openstack_lb_volume_size: 5 +openshift_openstack_use_bastion: false +openshift_openstack_ui_ssh_tunnel: false +openshift_openstack_ephemeral_volumes: false diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml new file mode 100644 index 000000000..57c7238d1 --- /dev/null +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -0,0 +1,105 @@ +--- +# Check ansible +- name: Check Ansible version + assert: + that: > + (ansible_version.major == 2 and ansible_version.minor >= 3) or + (ansible_version.major > 2) + msg: "Ansible version must be at least 2.3" + +# Check shade +- name: Try to import python module shade + command: python -c "import shade" + ignore_errors: yes + register: shade_result +- name: Check if shade is installed + assert: + that: 'shade_result.rc == 0' + msg: "Python module shade is not installed" + +# Check jmespath +- name: Try to import python module shade + command: python -c "import jmespath" + ignore_errors: yes + register: jmespath_result +- name: Check if jmespath is installed + assert: + that: 'jmespath_result.rc == 0' + msg: "Python module jmespath is not installed" + +# Check python-dns +- name: Try to import python DNS module + command: python -c "import dns" + ignore_errors: yes + register: pythondns_result +- name: Check if python-dns is installed + assert: + that: 'pythondns_result.rc == 0' + msg: "Python module python-dns is not installed" + +# Check jinja2 +- name: Try to import jinja2 module + command: python -c "import jinja2" + ignore_errors: yes + register: jinja_result +- name: Check if jinja2 is installed + assert: + that: 'jinja_result.rc == 0' + msg: "Python module jinja2 is not installed" + +# Check Glance image +- name: Try to get image facts + os_image_facts: + image: "{{ openshift_openstack_default_image_name }}" + register: image_result +- name: Check that image is available + assert: + that: "image_result.ansible_facts.openstack_image" + msg: "Image {{ openshift_openstack_default_image_name }} is not available" + +# Check network name +- name: Try to get network facts + os_networks_facts: + name: "{{ openshift_openstack_external_network_name }}" + register: network_result + when: not openshift_openstack_provider_network_name|default(None) +- name: Check that network is available + assert: + that: "network_result.ansible_facts.openstack_networks" + msg: "Network {{ openshift_openstack_external_network_name }} is not available" + when: not openshift_openstack_provider_network_name|default(None) + +# Check keypair +# TODO kpilatov: there is no Ansible module for getting OS keypairs +# (os_keypair is not suitable for this) +# this method does not force python-openstackclient dependency +- name: Try to show keypair + command: > + python -c 'import shade; cloud = shade.openstack_cloud(); + exit(cloud.get_keypair("{{ openshift_openstack_keypair_name }}") is None)' + ignore_errors: yes + register: key_result +- name: Check that keypair is available + assert: + that: 'key_result.rc == 0' + msg: "Keypair {{ openshift_openstack_keypair_name }} is not available" + +# Check that custom images are available +- include: custom_image_check.yaml + with_items: + - "{{ openshift_openstack_master_image }}" + - "{{ openshift_openstack_infra_image }}" + - "{{ openshift_openstack_node_image }}" + - "{{ openshift_openstack_lb_image }}" + - "{{ openshift_openstack_etcd_image }}" + - "{{ openshift_openstack_dns_image }}" + +# Check that custom flavors are available +- include: custom_flavor_check.yaml + with_items: + - "{{ openshift_openstack_master_flavor }}" + - "{{ openshift_openstack_infra_flavor }}" + - "{{ openshift_openstack_node_flavor }}" + - "{{ openshift_openstack_lb_flavor }}" + - "{{ openshift_openstack_etcd_flavor }}" + - "{{ openshift_openstack_dns_flavor }}" diff --git a/roles/openshift_openstack/tasks/cleanup.yml b/roles/openshift_openstack/tasks/cleanup.yml new file mode 100644 index 000000000..258334a6b --- /dev/null +++ b/roles/openshift_openstack/tasks/cleanup.yml @@ -0,0 +1,6 @@ +--- + +- name: cleanup temp files + file: + path: "{{ stack_template_pre.path }}" + state: absent diff --git a/roles/openshift_openstack/tasks/container-storage-setup.yml b/roles/openshift_openstack/tasks/container-storage-setup.yml new file mode 100644 index 000000000..82307b208 --- /dev/null +++ b/roles/openshift_openstack/tasks/container-storage-setup.yml @@ -0,0 +1,37 @@ +--- +- block: + - name: create the docker-storage config file + template: + src: docker-storage-setup-overlayfs.j2 + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + when: + - ansible_distribution_version | version_compare('7.4', '>=') + - ansible_distribution == "RedHat" + +- block: + - name: create the docker-storage-setup config file + template: + src: docker-storage-setup-dm.j2 + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + when: + - ansible_distribution_version | version_compare('7.4', '<') + - ansible_distribution == "RedHat" + +- block: + - name: create the docker-storage-setup config file for CentOS + template: + src: docker-storage-setup-dm.j2 + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + + # TODO(shadower): Find out which CentOS version supports overlayfs2 + when: + - ansible_distribution == "CentOS" diff --git a/roles/openshift_openstack/tasks/custom_flavor_check.yaml b/roles/openshift_openstack/tasks/custom_flavor_check.yaml new file mode 100644 index 000000000..5fb7a76ff --- /dev/null +++ b/roles/openshift_openstack/tasks/custom_flavor_check.yaml @@ -0,0 +1,10 @@ +--- +- name: Try to get flavor facts + os_flavor_facts: + name: "{{ item }}" + register: flavor_result + +- name: Check that custom flavor is available + assert: + that: "flavor_result.ansible_facts.openstack_flavors" + msg: "Flavor {{ item }} is not available." diff --git a/roles/openshift_openstack/tasks/custom_image_check.yaml b/roles/openshift_openstack/tasks/custom_image_check.yaml new file mode 100644 index 000000000..4ae163406 --- /dev/null +++ b/roles/openshift_openstack/tasks/custom_image_check.yaml @@ -0,0 +1,10 @@ +--- +- name: Try to get image facts + os_image_facts: + image: "{{ item }}" + register: image_result + +- name: Check that custom image is available + assert: + that: "image_result.ansible_facts.openstack_image" + msg: "Image {{ item }} is not available." diff --git a/roles/openshift_openstack/tasks/generate-templates.yml b/roles/openshift_openstack/tasks/generate-templates.yml new file mode 100644 index 000000000..3a8b588e9 --- /dev/null +++ b/roles/openshift_openstack/tasks/generate-templates.yml @@ -0,0 +1,29 @@ +--- +- name: create HOT stack template prefix + register: stack_template_pre + tempfile: + state: directory + prefix: openshift-ansible + +- name: set template paths + set_fact: + stack_template_path: "{{ stack_template_pre.path }}/stack.yaml" + user_data_template_path: "{{ stack_template_pre.path }}/user-data" + +- name: Print out the Heat template directory + debug: var=stack_template_pre + +- name: generate HOT stack template from jinja2 template + template: + src: heat_stack.yaml.j2 + dest: "{{ stack_template_path }}" + +- name: generate HOT server template from jinja2 template + template: + src: heat_stack_server.yaml.j2 + dest: "{{ stack_template_pre.path }}/server.yaml" + +- name: generate user_data from jinja2 template + template: + src: user_data.j2 + dest: "{{ user_data_template_path }}" diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml new file mode 100644 index 000000000..e1a18425f --- /dev/null +++ b/roles/openshift_openstack/tasks/hostname.yml @@ -0,0 +1,26 @@ +--- +- name: Setting Hostname Fact + set_fact: + new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" + +- name: Setting FQDN Fact + set_fact: + new_fqdn: "{{ new_hostname }}.{{ openshift_openstack_full_dns_domain }}" + +- name: Setting hostname and DNS domain + hostname: name="{{ new_fqdn }}" + +- name: Check for cloud.cfg + stat: path=/etc/cloud/cloud.cfg + register: cloud_cfg + +- name: Prevent cloud-init updates of hostname/fqdn (if applicable) + lineinfile: + dest: /etc/cloud/cloud.cfg + state: present + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^ - set_hostname', line: '# - set_hostname' } + - { regexp: '^ - update_hostname', line: '# - update_hostname' } + when: cloud_cfg.stat.exists == True diff --git a/roles/openshift_openstack/tasks/net_vars_check.yaml b/roles/openshift_openstack/tasks/net_vars_check.yaml new file mode 100644 index 000000000..18b9b21b9 --- /dev/null +++ b/roles/openshift_openstack/tasks/net_vars_check.yaml @@ -0,0 +1,14 @@ +--- +- name: Check the provider network configuration + fail: + msg: "Flannel SDN requires a dedicated containers data network and can not work over a provider network" + when: + - openshift_openstack_provider_network_name is defined + - openstack_private_data_network_name is defined + +- name: Check the flannel network configuration + fail: + msg: "A dedicated containers data network is only supported with Flannel SDN" + when: + - openstack_private_data_network_name is defined + - not openshift_use_flannel|default(False)|bool diff --git a/roles/openshift_openstack/tasks/node-configuration.yml b/roles/openshift_openstack/tasks/node-configuration.yml new file mode 100644 index 000000000..89e58d830 --- /dev/null +++ b/roles/openshift_openstack/tasks/node-configuration.yml @@ -0,0 +1,11 @@ +--- +- name: "Verify SELinux is enforcing" + fail: + msg: "SELinux is required for OpenShift and has been detected as '{{ ansible_selinux.config_mode }}'" + when: ansible_selinux.config_mode != "enforcing" + +- include: hostname.yml + +- include: container-storage-setup.yml + +- include: node-network.yml diff --git a/roles/openshift_openstack/tasks/node-network.yml b/roles/openshift_openstack/tasks/node-network.yml new file mode 100644 index 000000000..f494e5158 --- /dev/null +++ b/roles/openshift_openstack/tasks/node-network.yml @@ -0,0 +1,19 @@ +--- +- name: configure NetworkManager + lineinfile: + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4['interface'] }}" + regexp: '^{{ item }}=' + line: '{{ item }}=yes' + state: present + create: yes + with_items: + - 'USE_PEERDNS' + - 'NM_CONTROLLED' + +- name: enable and start NetworkManager + service: + name: NetworkManager + state: restarted + enabled: yes + +# TODO(shadower): add the flannel interface tasks from post-provision-openstack.yml diff --git a/roles/openshift_openstack/tasks/node-packages.yml b/roles/openshift_openstack/tasks/node-packages.yml new file mode 100644 index 000000000..7864f5269 --- /dev/null +++ b/roles/openshift_openstack/tasks/node-packages.yml @@ -0,0 +1,15 @@ +--- +# TODO: subscribe to RHEL and install docker and other packages here + +- name: Install required packages + yum: + name: "{{ item }}" + state: latest + with_items: "{{ openshift_openstack_required_packages }}" + +- name: Install debug packages (optional) + yum: + name: "{{ item }}" + state: latest + with_items: "{{ openshift_openstack_debug_packages }}" + when: openshift_openstack_install_debug_packages|bool diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml new file mode 100644 index 000000000..c03aceb94 --- /dev/null +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -0,0 +1,128 @@ +--- +- name: "Generate list of private A records" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" + with_items: "{{ groups['cluster_hosts'] }}" + +- name: "Add wildcard records to the private A records for infrahosts" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_openstack_app_subdomain, 'ip': hostvars[item]['private_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + +- name: "Add public master cluster hostname records to the private A records (single master)" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openshift_openstack_num_masters == 1 + +- name: "Add public master cluster hostname records to the private A records (multi-master)" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openshift_openstack_num_masters > 1 + +- name: "Set the private DNS server to use the external value (if provided)" + set_fact: + nsupdate_server_private: "{{ openshift_openstack_external_nsupdate_keys['private']['server'] }}" + nsupdate_key_secret_private: "{{ openshift_openstack_external_nsupdate_keys['private']['key_secret'] }}" + nsupdate_key_algorithm_private: "{{ openshift_openstack_external_nsupdate_keys['private']['key_algorithm'] }}" + nsupdate_private_key_name: "{{ openshift_openstack_external_nsupdate_keys['private']['key_name']|default('private-' + openshift_openstack_full_dns_domain) }}" + when: + - openshift_openstack_external_nsupdate_keys is defined + - openshift_openstack_external_nsupdate_keys['private'] is defined + + +- name: "Generate the private Add section for DNS" + set_fact: + private_named_records: + - view: "private" + zone: "{{ openshift_openstack_full_dns_domain }}" + server: "{{ nsupdate_server_private }}" + key_name: "{{ nsupdate_private_key_name|default('private-' + openshift_openstack_full_dns_domain) }}" + key_secret: "{{ nsupdate_key_secret_private }}" + key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" + entries: "{{ private_records }}" + +- name: "Generate list of public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['cluster_hosts'] }}" + when: hostvars[item]['public_v4'] is defined + +- name: "Add wildcard records to the public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_openstack_app_subdomain, 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + when: hostvars[item]['public_v4'] is defined + +- name: "Add public master cluster hostname records to the public A records (single master)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openshift_openstack_num_masters == 1 + - not openshift_openstack_use_bastion|bool + +- name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openshift_openstack_num_masters == 1 + - openshift_openstack_use_bastion|bool + +- name: "Add public master cluster hostname records to the public A records (multi-master)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openshift_openstack_num_masters > 1 + +- name: "Set the public DNS server details to use the external value (if provided)" + set_fact: + nsupdate_server_public: "{{ openshift_openstack_external_nsupdate_keys['public']['server'] }}" + nsupdate_key_secret_public: "{{ openshift_openstack_external_nsupdate_keys['public']['key_secret'] }}" + nsupdate_key_algorithm_public: "{{ openshift_openstack_external_nsupdate_keys['public']['key_algorithm'] }}" + nsupdate_public_key_name: "{{ openshift_openstack_external_nsupdate_keys['public']['key_name']|default('public-' + openshift_openstack_full_dns_domain) }}" + when: + - openshift_openstack_external_nsupdate_keys is defined + - openshift_openstack_external_nsupdate_keys['public'] is defined + +- name: "Generate the public Add section for DNS" + set_fact: + public_named_records: + - view: "public" + zone: "{{ openshift_openstack_full_dns_domain }}" + server: "{{ nsupdate_server_public }}" + key_name: "{{ nsupdate_public_key_name|default('public-' + openshift_openstack_full_dns_domain) }}" + key_secret: "{{ nsupdate_key_secret_public }}" + key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" + entries: "{{ public_records }}" + + +- name: "Generate the final openshift_openstack_dns_records_add" + set_fact: + openshift_openstack_dns_records_add: "{{ private_named_records + public_named_records }}" + + +- name: "Add DNS A records" + nsupdate: + key_name: "{{ item.0.key_name }}" + key_secret: "{{ item.0.key_secret }}" + key_algorithm: "{{ item.0.key_algorithm }}" + server: "{{ item.0.server }}" + zone: "{{ item.0.zone }}" + record: "{{ item.1.hostname }}" + value: "{{ item.1.ip }}" + type: "{{ item.1.type }}" + # TODO(shadower): add a cleanup playbook that removes these records, too! + state: present + with_subelements: + - "{{ openshift_openstack_dns_records_add | default({}) }}" + - entries + register: nsupdate_add_result + until: nsupdate_add_result|succeeded + retries: 10 + delay: 1 diff --git a/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml b/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml new file mode 100644 index 000000000..fc51f6dc2 --- /dev/null +++ b/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml @@ -0,0 +1,59 @@ +--- +- name: Attach the volume to the VM + os_server_volume: + state: present + server: "{{ groups['masters'][0] }}" + volume: "{{ cinder_volume }}" + register: volume_attachment + +- set_fact: + attached_device: >- + {{ volume_attachment['attachments']|json_query("[?volume_id=='" + cinder_volume + "'].device | [0]") }} + +- delegate_to: "{{ groups['masters'][0] }}" + block: + - name: Wait for the device to appear + wait_for: path={{ attached_device }} + + - name: Create a temp directory for mounting the volume + tempfile: + prefix: cinder-volume + state: directory + register: cinder_mount_dir + + - name: Format the device + filesystem: + fstype: "{{ cinder_fs }}" + dev: "{{ attached_device }}" + + - name: Mount the device + mount: + name: "{{ cinder_mount_dir.path }}" + src: "{{ attached_device }}" + state: mounted + fstype: "{{ cinder_fs }}" + + - name: Change mode on the filesystem + file: + path: "{{ cinder_mount_dir.path }}" + state: directory + recurse: true + mode: 0777 + + - name: Unmount the device + mount: + name: "{{ cinder_mount_dir.path }}" + src: "{{ attached_device }}" + state: absent + fstype: "{{ cinder_fs }}" + + - name: Delete the temp directory + file: + name: "{{ cinder_mount_dir.path }}" + state: absent + +- name: Detach the volume from the VM + os_server_volume: + state: absent + server: "{{ groups['masters'][0] }}" + volume: "{{ cinder_volume }}" diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml new file mode 100644 index 000000000..dccbe334c --- /dev/null +++ b/roles/openshift_openstack/tasks/provision.yml @@ -0,0 +1,25 @@ +--- +- name: Generate the templates + include: generate-templates.yml + when: + - openshift_openstack_stack_state == 'present' + +- name: Handle the Stack (create/delete) + ignore_errors: False + register: stack_create + os_stack: + name: "{{ openshift_openstack_stack_name }}" + state: "{{ openshift_openstack_stack_state }}" + template: "{{ stack_template_path | default(omit) }}" + wait: yes + +- name: Add the new nodes to the inventory + meta: refresh_inventory + +- name: CleanUp + include: cleanup.yml + when: + - openshift_openstack_stack_state == 'present' + +# TODO(shadower): create the registry and PV Cinder volumes if specified +# and include the `prepare-and-format-cinder-volume` tasks to set it up diff --git a/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 b/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 new file mode 100644 index 000000000..32c6b5838 --- /dev/null +++ b/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 @@ -0,0 +1,4 @@ +DEVS="{{ openshift_openstack_container_storage_setup.docker_dev }}" +VG="{{ openshift_openstack_container_storage_setup.docker_vg }}" +DATA_SIZE="{{ openshift_openstack_container_storage_setup.docker_data_size }}" +EXTRA_DOCKER_STORAGE_OPTIONS="--storage-opt dm.basesize={{ openshift_openstack_container_storage_setup.docker_dm_basesize }}" diff --git a/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 b/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 new file mode 100644 index 000000000..1bf366bdc --- /dev/null +++ b/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 @@ -0,0 +1,7 @@ +DEVS="{{ openshift_openstack_container_storage_setup.docker_dev }}" +VG="{{ openshift_openstack_container_storage_setup.docker_vg }}" +DATA_SIZE="{{ openshift_openstack_container_storage_setup.docker_data_size }}" +STORAGE_DRIVER=overlay2 +CONTAINER_ROOT_LV_NAME="{{ openshift_openstack_container_storage_setup.container_root_lv_name }}" +CONTAINER_ROOT_LV_MOUNT_PATH="{{ openshift_openstack_container_storage_setup.container_root_lv_mount_path }}" +CONTAINER_ROOT_LV_SIZE=100%FREE diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2 new file mode 100644 index 000000000..bfa65b460 --- /dev/null +++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2 @@ -0,0 +1,888 @@ +heat_template_version: 2016-10-14 + +description: OpenShift cluster + +parameters: + +outputs: + + etcd_names: + description: Name of the etcds + value: { get_attr: [ etcd, name ] } + + etcd_ips: + description: IPs of the etcds + value: { get_attr: [ etcd, private_ip ] } + + etcd_floating_ips: + description: Floating IPs of the etcds + value: { get_attr: [ etcd, floating_ip ] } + + master_names: + description: Name of the masters + value: { get_attr: [ masters, name ] } + + master_ips: + description: IPs of the masters + value: { get_attr: [ masters, private_ip ] } + + master_floating_ips: + description: Floating IPs of the masters + value: { get_attr: [ masters, floating_ip ] } + + node_names: + description: Name of the nodes + value: { get_attr: [ compute_nodes, name ] } + + node_ips: + description: IPs of the nodes + value: { get_attr: [ compute_nodes, private_ip ] } + + node_floating_ips: + description: Floating IPs of the nodes + value: { get_attr: [ compute_nodes, floating_ip ] } + + infra_names: + description: Name of the nodes + value: { get_attr: [ infra_nodes, name ] } + + infra_ips: + description: IPs of the nodes + value: { get_attr: [ infra_nodes, private_ip ] } + + infra_floating_ips: + description: Floating IPs of the nodes + value: { get_attr: [ infra_nodes, floating_ip ] } + +{% if openshift_openstack_num_dns|int > 0 %} + dns_name: + description: Name of the DNS + value: + get_attr: + - dns + - name + + dns_floating_ips: + description: Floating IPs of the DNS + value: { get_attr: [ dns, floating_ip ] } + + dns_private_ips: + description: Private IPs of the DNS + value: { get_attr: [ dns, private_ip ] } +{% endif %} + +conditions: + no_floating: {% if openshift_openstack_provider_network_name or openshift_openstack_use_bastion|bool %}true{% else %}false{% endif %} + +resources: + +{% if not openshift_openstack_provider_network_name %} + net: + type: OS::Neutron::Net + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} + + subnet: + type: OS::Neutron::Subnet + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-subnet + params: + cluster_id: {{ openshift_openstack_stack_name }} + network: { get_resource: net } + cidr: + str_replace: + template: subnet_24_prefix.0/24 + params: + subnet_24_prefix: {{ openshift_openstack_subnet_prefix }} + allocation_pools: + - start: + str_replace: + template: subnet_24_prefix.3 + params: + subnet_24_prefix: {{ openshift_openstack_subnet_prefix }} + end: + str_replace: + template: subnet_24_prefix.254 + params: + subnet_24_prefix: {{ openshift_openstack_subnet_prefix }} + dns_nameservers: +{% for nameserver in openshift_openstack_dns_nameservers %} + - {{ nameserver }} +{% endfor %} + +{% if openshift_use_flannel|default(False)|bool %} + data_net: + type: OS::Neutron::Net + properties: + name: openshift-ansible-{{ openshift_openstack_stack_name }}-data-net + port_security_enabled: false + + data_subnet: + type: OS::Neutron::Subnet + properties: + name: openshift-ansible-{{ openshift_openstack_stack_name }}-data-subnet + network: { get_resource: data_net } + cidr: {{ osm_cluster_network_cidr|default('10.128.0.0/14') }} + gateway_ip: null +{% endif %} + + router: + type: OS::Neutron::Router + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-router + params: + cluster_id: {{ openshift_openstack_stack_name }} + external_gateway_info: + network: {{ openshift_openstack_external_network_name }} + + interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: subnet } + +{% endif %} + +# keypair: +# type: OS::Nova::KeyPair +# properties: +# name: +# str_replace: +# template: openshift-ansible-cluster_id-keypair +# params: +# cluster_id: {{ openshift_openstack_stack_name }} +# public_key: {{ openshift_openstack_keypair_name }} + + common-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-common-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Basic ssh/icmp security group for cluster_id OpenShift cluster + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} +{% if openshift_openstack_use_bastion|bool %} + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: {{ openshift_openstack_bastion_ingress_cidr }} +{% endif %} + - direction: ingress + protocol: icmp + remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} + +{% if openshift_openstack_flat_secgrp|default(False)|bool %} + flat-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-flat-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift cluster + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 4001 + port_range_max: 4001 + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port|default(8443) }} + port_range_max: {{ openshift_master_api_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_console_port|default(8443) }} + port_range_max: {{ openshift_master_console_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: udp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: tcp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: udp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: tcp + port_range_min: 2224 + port_range_max: 2224 + - direction: ingress + protocol: udp + port_range_min: 5404 + port_range_max: 5405 + - direction: ingress + protocol: tcp + port_range_min: 9090 + port_range_max: 9090 + - direction: ingress + protocol: tcp + port_range_min: 2379 + port_range_max: 2380 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 10250 + port_range_max: 10250 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 10250 + port_range_max: 10250 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 4789 + port_range_max: 4789 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" +{% else %} + master-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-master-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift cluster master + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 4001 + port_range_max: 4001 + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port|default(8443) }} + port_range_max: {{ openshift_master_api_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_console_port|default(8443) }} + port_range_max: {{ openshift_master_console_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: udp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: tcp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: udp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: tcp + port_range_min: 2224 + port_range_max: 2224 + - direction: ingress + protocol: udp + port_range_min: 5404 + port_range_max: 5405 + - direction: ingress + protocol: tcp + port_range_min: 9090 + port_range_max: 9090 +{% if openshift_use_flannel|default(False)|bool %} + - direction: ingress + protocol: tcp + port_range_min: 2379 + port_range_max: 2379 +{% endif %} + + etcd-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-etcd-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id etcd cluster + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 2379 + port_range_max: 2379 + remote_mode: remote_group_id + remote_group_id: { get_resource: master-secgrp } + - direction: ingress + protocol: tcp + port_range_min: 2380 + port_range_max: 2380 + remote_mode: remote_group_id + + node-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-node-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift cluster nodes + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 10250 + port_range_max: 10250 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 4789 + port_range_max: 4789 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" +{% endif %} + + infra-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-infra-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift infrastructure cluster nodes + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 80 + port_range_max: 80 + - direction: ingress + protocol: tcp + port_range_min: 443 + port_range_max: 443 + +{% if openshift_openstack_num_dns|int > 0 %} + dns-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-dns-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id cluster DNS + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" + - direction: ingress + protocol: tcp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} + - direction: ingress + protocol: tcp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" +{% endif %} + +{% if openshift_openstack_num_masters|int > 1 or openshift_openstack_ui_ssh_tunnel|bool %} + lb-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: openshift-ansible-{{ openshift_openstack_stack_name }}-lb-secgrp + description: Security group for {{ openshift_openstack_stack_name }} cluster Load Balancer + rules: + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port | default(8443) }} + port_range_max: {{ openshift_master_api_port | default(8443) }} + remote_ip_prefix: {{ openshift_openstack_lb_ingress_cidr | default(openshift_openstack_bastion_ingress_cidr) }} +{% if openshift_openstack_ui_ssh_tunnel|bool %} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port | default(8443) }} + port_range_max: {{ openshift_master_api_port | default(8443) }} + remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} +{% endif %} +{% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_console_port | default(8443) }} + port_range_max: {{ openshift_master_console_port | default(8443) }} + remote_ip_prefix: {{ openshift_openstack_lb_ingress_cidr | default(openshift_openstack_bastion_ingress_cidr) }} +{% endif %} +{% endif %} + + etcd: + type: OS::Heat::ResourceGroup + properties: + count: {{ openshift_openstack_num_etcd }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_etcd_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: etcds + cluster_id: {{ openshift_openstack_stack_name }} + type: etcd + image: {{ openshift_openstack_etcd_image }} + flavor: {{ openshift_openstack_etcd_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% endif %} + secgrp: + - { get_resource: {% if openshift_openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} } + - { get_resource: common-secgrp } + floating_network: + if: + - no_floating + - null + - {{ openshift_openstack_external_network_name }} +{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} + attach_float_net: false +{% endif %} + volume_size: {{ openshift_openstack_etcd_volume_size }} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} + +{% if openshift_openstack_master_server_group_policies|length > 0 %} + master_server_group: + type: OS::Nova::ServerGroup + properties: + name: master_server_group + policies: {{ openshift_openstack_master_server_group_policies }} +{% endif %} +{% if openshift_openstack_infra_server_group_policies|length > 0 %} + infra_server_group: + type: OS::Nova::ServerGroup + properties: + name: infra_server_group + policies: {{ openshift_openstack_infra_server_group_policies }} +{% endif %} +{% if openshift_openstack_num_masters|int > 1 %} + loadbalancer: + type: OS::Heat::ResourceGroup + properties: + count: 1 + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_lb_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: lb + cluster_id: {{ openshift_openstack_stack_name }} + type: lb + image: {{ openshift_openstack_lb_image }} + flavor: {{ openshift_openstack_lb_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% endif %} + secgrp: + - { get_resource: lb-secgrp } + - { get_resource: common-secgrp } +{% if not openshift_openstack_provider_network_name %} + floating_network: {{ openshift_openstack_external_network_name }} +{% endif %} + volume_size: {{ openshift_openstack_lb_volume_size }} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} +{% endif %} + + masters: + type: OS::Heat::ResourceGroup + properties: + count: {{ openshift_openstack_num_masters }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_master_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: masters + cluster_id: {{ openshift_openstack_stack_name }} + type: master + image: {{ openshift_openstack_master_image }} + flavor: {{ openshift_openstack_master_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: true + data_net: { get_resource: data_net } + data_subnet: { get_resource: data_subnet } +{% endif %} +{% endif %} + secgrp: +{% if openshift_openstack_flat_secgrp|default(False)|bool %} + - { get_resource: flat-secgrp } +{% else %} + - { get_resource: master-secgrp } + - { get_resource: node-secgrp } +{% if openshift_openstack_num_etcd|int == 0 %} + - { get_resource: etcd-secgrp } +{% endif %} +{% endif %} + - { get_resource: common-secgrp } + floating_network: + if: + - no_floating + - null + - {{ openshift_openstack_external_network_name }} +{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} + attach_float_net: false +{% endif %} + volume_size: {{ openshift_openstack_master_volume_size }} +{% if openshift_openstack_master_server_group_policies|length > 0 %} + scheduler_hints: + group: { get_resource: master_server_group } +{% endif %} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} + + compute_nodes: + type: OS::Heat::ResourceGroup + properties: + count: {{ openshift_openstack_num_nodes }} + removal_policies: + - resource_list: {{ openshift_openstack_nodes_to_remove }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: sub_type_k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + sub_type_k8s_type: {{ openshift_openstack_node_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: nodes + cluster_id: {{ openshift_openstack_stack_name }} + type: node + subtype: app + node_labels: +{% for k, v in openshift_openstack_cluster_node_labels.app.iteritems() %} + {{ k|e }}: {{ v|e }} +{% endfor %} + image: {{ openshift_openstack_node_image }} + flavor: {{ openshift_openstack_node_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: true + data_net: { get_resource: data_net } + data_subnet: { get_resource: data_subnet } +{% endif %} +{% endif %} + secgrp: + - { get_resource: {% if openshift_openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}node-secgrp{% endif %} } + - { get_resource: common-secgrp } + floating_network: + if: + - no_floating + - null + - {{ openshift_openstack_external_network_name }} +{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} + attach_float_net: false +{% endif %} + volume_size: {{ openshift_openstack_node_volume_size }} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} + + infra_nodes: + type: OS::Heat::ResourceGroup + properties: + count: {{ openshift_openstack_num_infra }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: sub_type_k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + sub_type_k8s_type: {{ openshift_openstack_infra_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: infra + cluster_id: {{ openshift_openstack_stack_name }} + type: node + subtype: infra + node_labels: +{% for k, v in openshift_openstack_cluster_node_labels.infra.iteritems() %} + {{ k|e }}: {{ v|e }} +{% endfor %} + image: {{ openshift_openstack_infra_image }} + flavor: {{ openshift_openstack_infra_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: true + data_net: { get_resource: data_net } + data_subnet: { get_resource: data_subnet } +{% endif %} +{% endif %} + secgrp: +# TODO(bogdando) filter only required node rules into infra-secgrp +{% if openshift_openstack_flat_secgrp|default(False)|bool %} + - { get_resource: flat-secgrp } +{% else %} + - { get_resource: node-secgrp } +{% endif %} +{% if openshift_openstack_ui_ssh_tunnel|bool and openshift_openstack_num_masters|int < 2 %} + - { get_resource: lb-secgrp } +{% endif %} + - { get_resource: infra-secgrp } + - { get_resource: common-secgrp } +{% if not openshift_openstack_provider_network_name %} + floating_network: {{ openshift_openstack_external_network_name }} +{% endif %} + volume_size: {{ openshift_openstack_infra_volume_size }} +{% if openshift_openstack_infra_server_group_policies|length > 0 %} + scheduler_hints: + group: { get_resource: infra_server_group } +{% endif %} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} + +{% if openshift_openstack_num_dns|int > 0 %} + dns: + type: OS::Heat::ResourceGroup + properties: + count: {{ openshift_openstack_num_dns }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_dns_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: dns + cluster_id: {{ openshift_openstack_stack_name }} + type: dns + image: {{ openshift_openstack_dns_image }} + flavor: {{ openshift_openstack_dns_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% endif %} + secgrp: + - { get_resource: dns-secgrp } + - { get_resource: common-secgrp } +{% if not openshift_openstack_provider_network_name %} + floating_network: {{ openshift_openstack_external_network_name }} +{% endif %} + volume_size: {{ openshift_openstack_dns_volume_size }} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} +{% endif %} diff --git a/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 new file mode 100644 index 000000000..a829da34f --- /dev/null +++ b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 @@ -0,0 +1,270 @@ +heat_template_version: 2016-10-14 + +description: OpenShift cluster server + +parameters: + + name: + type: string + label: Name + description: Name + + group: + type: string + label: Host Group + description: The Primary Ansible Host Group + default: host + + cluster_env: + type: string + label: Cluster environment + description: Environment of the cluster + + cluster_id: + type: string + label: Cluster ID + description: Identifier of the cluster + + type: + type: string + label: Type + description: Type master or node + + subtype: + type: string + label: Sub-type + description: Sub-type compute or infra for nodes, default otherwise + default: default + + key_name: + type: string + label: Key name + description: Key name of keypair + + image: + type: string + label: Image + description: Name of the image + + flavor: + type: string + label: Flavor + description: Name of the flavor + + net: + type: string + label: Net ID + description: Net resource + + net_name: + type: string + label: Net name + description: Net name + +{% if not openshift_openstack_provider_network_name %} + subnet: + type: string + label: Subnet ID + description: Subnet resource +{% endif %} + +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: + type: boolean + default: false + label: Attach-data-net + description: A switch for data port connection + + data_net: + type: string + default: '' + label: Net ID + description: Net resource + +{% if not openshift_openstack_provider_network_name %} + data_subnet: + type: string + default: '' + label: Subnet ID + description: Subnet resource +{% endif %} +{% endif %} + + secgrp: + type: comma_delimited_list + label: Security groups + description: Security group resources + + attach_float_net: + type: boolean + default: true + + label: Attach-float-net + description: A switch for floating network port connection + +{% if not openshift_openstack_provider_network_name %} + floating_network: + type: string + default: '' + label: Floating network + description: Network to allocate floating IP from +{% endif %} + + availability_zone: + type: string + description: The Availability Zone to launch the instance. + default: nova + + volume_size: + type: number + description: Size of the volume to be created. + default: 1 + constraints: + - range: { min: 1, max: 1024 } + description: must be between 1 and 1024 Gb. + + node_labels: + type: json + description: OpenShift Node Labels + default: {"region": "default" } + + scheduler_hints: + type: json + description: Server scheduler hints. + default: {} + +outputs: + + name: + description: Name of the server + value: { get_attr: [ server, name ] } + + private_ip: + description: Private IP of the server + value: + get_attr: + - server + - addresses + - { get_param: net_name } + - 0 + - addr + + floating_ip: + description: Floating IP of the server + value: + get_attr: + - server + - addresses + - { get_param: net_name } +{% if openshift_openstack_provider_network_name %} + - 0 +{% else %} + - 1 +{% endif %} + - addr + +conditions: + no_floating: {not: { get_param: attach_float_net} } +{% if openshift_use_flannel|default(False)|bool %} + no_data_subnet: {not: { get_param: attach_data_net} } +{% endif %} + +resources: + + server: + type: OS::Nova::Server + properties: + name: { get_param: name } + key_name: { get_param: key_name } + image: { get_param: image } + flavor: { get_param: flavor } + networks: +{% if openshift_use_flannel|default(False)|bool %} + if: + - no_data_subnet +{% if use_trunk_ports|default(false)|bool %} + - - port: { get_attr: [trunk-port, port_id] } +{% else %} + - - port: { get_resource: port } +{% endif %} +{% if use_trunk_ports|default(false)|bool %} + - - port: { get_attr: [trunk-port, port_id] } +{% else %} + - - port: { get_resource: port } + - port: { get_resource: data_port } +{% endif %} + +{% else %} +{% if use_trunk_ports|default(false)|bool %} + - port: { get_attr: [trunk-port, port_id] } +{% else %} + - port: { get_resource: port } +{% endif %} +{% endif %} + user_data: + get_file: user-data + user_data_format: RAW + user_data_update_policy: IGNORE + metadata: + group: { get_param: group } + environment: { get_param: cluster_env } + clusterid: { get_param: cluster_id } + host-type: { get_param: type } + sub-host-type: { get_param: subtype } + node_labels: { get_param: node_labels } + scheduler_hints: { get_param: scheduler_hints } + +{% if use_trunk_ports|default(false)|bool %} + trunk-port: + type: OS::Neutron::Trunk + properties: + name: { get_param: name } + port: { get_resource: port } +{% endif %} + + port: + type: OS::Neutron::Port + properties: + network: { get_param: net } +{% if not openshift_openstack_provider_network_name %} + fixed_ips: + - subnet: { get_param: subnet } +{% endif %} + security_groups: { get_param: secgrp } + +{% if openshift_use_flannel|default(False)|bool %} + data_port: + type: OS::Neutron::Port + condition: { not: no_data_subnet } + properties: + network: { get_param: data_net } + port_security_enabled: false +{% if not openshift_openstack_provider_network_name %} + fixed_ips: + - subnet: { get_param: data_subnet } +{% endif %} +{% endif %} + +{% if not openshift_openstack_provider_network_name %} + floating-ip: + condition: { not: no_floating } + type: OS::Neutron::FloatingIP + properties: + floating_network: { get_param: floating_network } + port_id: { get_resource: port } +{% endif %} + +{% if not openshift_openstack_ephemeral_volumes|default(false)|bool %} + cinder_volume: + type: OS::Cinder::Volume + properties: + size: { get_param: volume_size } + availability_zone: { get_param: availability_zone } + + volume_attachment: + type: OS::Cinder::VolumeAttachment + properties: + volume_id: { get_resource: cinder_volume } + instance_uuid: { get_resource: server } + mountpoint: /dev/sdb +{% endif %} diff --git a/roles/openshift_openstack/templates/user_data.j2 b/roles/openshift_openstack/templates/user_data.j2 new file mode 100644 index 000000000..eb65f7cec --- /dev/null +++ b/roles/openshift_openstack/templates/user_data.j2 @@ -0,0 +1,13 @@ +#cloud-config +disable_root: true + +system_info: + default_user: + name: openshift + sudo: ["ALL=(ALL) NOPASSWD: ALL"] + +write_files: + - path: /etc/sudoers.d/00-openshift-no-requiretty + permissions: 440 + content: | + Defaults:openshift !requiretty diff --git a/roles/openshift_project_request_template/README.md b/roles/openshift_project_request_template/README.md new file mode 100644 index 000000000..81c3aca5c --- /dev/null +++ b/roles/openshift_project_request_template/README.md @@ -0,0 +1,33 @@ +OpenShift Project Request Template +================================== + +Configure template used when creating new projects. If enabled only the template is managed. It must still be enabled in the OpenShift master configuration. The base template is created using `oc adm create-bootstrap-project-template` and can be modified by setting `openshift_project_request_template_edits`. + + +Requirements +------------ + + +Role Variables +-------------- + +From this role: + +| Name | Default value | Description | +|----------------------------------------------|-----------------|------------------------------------------------| +| openshift_project_request_template_manage | false | Whether to manage the project request template | +| openshift_project_request_template_namespace | default | Namespace for template | +| openshift_project_request_template_name | project-request | Template name | +| openshift_project_request_template_edits | [] | Changes for template | + + +Dependencies +------------ + +* lib_utils + + +License +------- + +Apache License Version 2.0 diff --git a/roles/openshift_project_request_template/defaults/main.yml b/roles/openshift_project_request_template/defaults/main.yml new file mode 100644 index 000000000..2dab6f99e --- /dev/null +++ b/roles/openshift_project_request_template/defaults/main.yml @@ -0,0 +1,5 @@ +--- +openshift_project_request_template_manage: false +openshift_project_request_template_namespace: default +openshift_project_request_template_name: project-request +openshift_project_request_template_edits: [] diff --git a/roles/openshift_project_request_template/meta/main.yml b/roles/openshift_project_request_template/meta/main.yml new file mode 100644 index 000000000..3bc6dfb45 --- /dev/null +++ b/roles/openshift_project_request_template/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Michael Hanselmann + description: Configure project request template + company: VSHN AG + license: Apache License, Version 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: lib_utils diff --git a/roles/openshift_project_request_template/tasks/main.yml b/roles/openshift_project_request_template/tasks/main.yml new file mode 100644 index 000000000..c31ee5795 --- /dev/null +++ b/roles/openshift_project_request_template/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Create temp file for template + command: mktemp /tmp/openshift-ansible-XXXXXX.yaml + register: mktemp + changed_when: False + +- name: Generate default project template + command: | + {{ openshift.common.client_binary | quote }} \ + --config {{ openshift.common.config_base | quote }}/master/admin.kubeconfig \ + --output yaml \ + adm create-bootstrap-project-template \ + --name {{ openshift_project_request_template_name | quote }} + register: default_project_template + +- name: Write default project template to file + copy: + mode=0600 + content="{{ default_project_template.stdout }}" + dest="{{ mktemp.stdout }}" + +- name: Apply template modifications + yedit: + state: present + src: "{{ mktemp.stdout }}" + edits: "{{ openshift_project_request_template_edits }}" + when: "openshift_project_request_template_edits | length > 0" + +- name: Create or update project request template + command: | + {{ openshift.common.client_binary }} \ + --config {{ openshift.common.config_base }}/master/admin.kubeconfig \ + --namespace {{ openshift_project_request_template_namespace | quote }} \ + apply --filename {{ mktemp.stdout }} + +- name: Delete temp file + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_prometheus/tasks/install_prometheus.yaml b/roles/openshift_prometheus/tasks/install_prometheus.yaml index 00c3c1987..21da4bc9d 100644 --- a/roles/openshift_prometheus/tasks/install_prometheus.yaml +++ b/roles/openshift_prometheus/tasks/install_prometheus.yaml @@ -148,25 +148,6 @@ selector: "{{ openshift_prometheus_alertbuffer_pvc_pv_selector }}" when: openshift_prometheus_alertbuffer_storage_type == 'pvc' -# create prometheus stateful set -- name: Set prometheus template - template: - src: prometheus.j2 - dest: "{{ tempdir }}/templates/prometheus.yaml" - vars: - namespace: "{{ openshift_prometheus_namespace }}" -# prom_replicas: "{{ openshift_prometheus_replicas }}" - -- name: Set prometheus stateful set - oc_obj: - state: "{{ state }}" - name: "prometheus" - namespace: "{{ openshift_prometheus_namespace }}" - kind: statefulset - files: - - "{{ tempdir }}/templates/prometheus.yaml" - delete_after: true - # prometheus configmap # Copy the additional rules file if it is defined - name: Copy additional rules file to host @@ -236,3 +217,22 @@ namespace: "{{ openshift_prometheus_namespace }}" from_file: alertmanager.yml: "{{ tempdir }}/alertmanager.yml" + +# create prometheus stateful set +- name: Set prometheus template + template: + src: prometheus.j2 + dest: "{{ tempdir }}/templates/prometheus.yaml" + vars: + namespace: "{{ openshift_prometheus_namespace }}" +# prom_replicas: "{{ openshift_prometheus_replicas }}" + +- name: Set prometheus stateful set + oc_obj: + state: "{{ state }}" + name: "prometheus" + namespace: "{{ openshift_prometheus_namespace }}" + kind: statefulset + files: + - "{{ tempdir }}/templates/prometheus.yaml" + delete_after: true @@ -83,10 +83,14 @@ def find_entrypoint_playbooks(): if not isinstance(task, dict): # Skip yaml files which are not a dictionary of tasks continue - if 'include' in task: + if 'include' in task or 'import_playbook' in task: # Add the playbook and capture included playbooks playbooks.add(yaml_file) - included_file_name = task['include'].split()[0] + if 'include' in task: + directive = task['include'] + else: + directive = task['import_playbook'] + included_file_name = directive.split()[0] included_file = os.path.normpath( os.path.join(os.path.dirname(yaml_file), included_file_name)) @@ -318,7 +322,7 @@ class OpenShiftAnsibleSyntaxCheck(Command): has_errors = False print('Ansible Deprecation Checks') - exclude_dirs = ['adhoc', 'files', 'meta', 'test', 'tests', 'vars', 'defaults', '.tox'] + exclude_dirs = ['adhoc', 'files', 'meta', 'vars', 'defaults', '.tox'] for yaml_file in find_files( os.getcwd(), exclude_dirs, None, r'\.ya?ml$'): with open(yaml_file, 'r') as contents: @@ -336,7 +340,6 @@ class OpenShiftAnsibleSyntaxCheck(Command): if not has_errors: print('...PASSED') - print('Ansible Playbook Entry Point Syntax Checks') for playbook in find_entrypoint_playbooks(): print('-' * 60) @@ -350,8 +353,21 @@ class OpenShiftAnsibleSyntaxCheck(Command): # --syntax-check each entry point playbook else: try: + # Create a host group list to avoid WARNING on unmatched host patterns + host_group_list = [ + 'etcd,masters,nodes,OSEv3', + 'oo_all_hosts', + 'oo_etcd_to_config,oo_new_etcd_to_config,oo_first_etcd,oo_etcd_hosts_to_backup,' + 'oo_etcd_hosts_to_upgrade,oo_etcd_to_migrate', + 'oo_masters,oo_masters_to_config,oo_first_master,oo_containerized_master_nodes', + 'oo_nodes_to_config,oo_nodes_to_upgrade', + 'oo_nodes_use_kuryr,oo_nodes_use_flannel', + 'oo_nodes_use_calico,oo_nodes_use_nuage,oo_nodes_use_contiv', + 'oo_lb_to_config', + 'oo_nfs_to_config', + 'glusterfs,glusterfs_registry,'] subprocess.check_output( - ['ansible-playbook', '-i localhost,', + ['ansible-playbook', '-i ' + ','.join(host_group_list), '--syntax-check', playbook] ) except subprocess.CalledProcessError as cpe: diff --git a/test/integration/openshift_health_checker/setup_container.yml b/test/integration/openshift_health_checker/setup_container.yml index 413754fcd..e3459b376 100644 --- a/test/integration/openshift_health_checker/setup_container.yml +++ b/test/integration/openshift_health_checker/setup_container.yml @@ -51,8 +51,7 @@ - include: preflight/playbooks/tasks/enable_repo.yml vars: { repo_name: "ose-3.2" } -- include: ../../../playbooks/byo/openshift-cluster/initialize_groups.yml -- include: ../../../playbooks/common/openshift-cluster/std_include.yml +- include: ../../../playbooks/init/main.yml - hosts: all tasks: diff --git a/test/openshift_version_tests.py b/test/openshift_version_tests.py index 6095beb95..36b8263bb 100644 --- a/test/openshift_version_tests.py +++ b/test/openshift_version_tests.py @@ -15,50 +15,6 @@ class OpenShiftVersionTests(unittest.TestCase): openshift_version_filters = openshift_version.FilterModule() - # Static tests for legacy filters. - legacy_gte_tests = [{'name': 'oo_version_gte_3_1_or_1_1', - 'positive_openshift-enterprise_version': '3.2.0', - 'negative_openshift-enterprise_version': '3.0.0', - 'positive_origin_version': '1.2.0', - 'negative_origin_version': '1.0.0'}, - {'name': 'oo_version_gte_3_1_1_or_1_1_1', - 'positive_openshift-enterprise_version': '3.2.0', - 'negative_openshift-enterprise_version': '3.1.0', - 'positive_origin_version': '1.2.0', - 'negative_origin_version': '1.1.0'}, - {'name': 'oo_version_gte_3_2_or_1_2', - 'positive_openshift-enterprise_version': '3.3.0', - 'negative_openshift-enterprise_version': '3.1.0', - 'positive_origin_version': '1.3.0', - 'negative_origin_version': '1.1.0'}, - {'name': 'oo_version_gte_3_3_or_1_3', - 'positive_openshift-enterprise_version': '3.4.0', - 'negative_openshift-enterprise_version': '3.2.0', - 'positive_origin_version': '1.4.0', - 'negative_origin_version': '1.2.0'}, - {'name': 'oo_version_gte_3_4_or_1_4', - 'positive_openshift-enterprise_version': '3.5.0', - 'negative_openshift-enterprise_version': '3.3.0', - 'positive_origin_version': '1.5.0', - 'negative_origin_version': '1.3.0'}, - {'name': 'oo_version_gte_3_5_or_1_5', - 'positive_openshift-enterprise_version': '3.6.0', - 'negative_openshift-enterprise_version': '3.4.0', - 'positive_origin_version': '3.6.0', - 'negative_origin_version': '1.4.0'}] - - def test_legacy_gte_filters(self): - for test in self.legacy_gte_tests: - for deployment_type in ['openshift-enterprise', 'origin']: - # Test negative case per deployment_type - self.assertFalse( - self.openshift_version_filters._filters[test['name']]( - test["negative_{}_version".format(deployment_type)], deployment_type)) - # Test positive case per deployment_type - self.assertTrue( - self.openshift_version_filters._filters[test['name']]( - test["positive_{}_version".format(deployment_type)], deployment_type)) - def test_gte_filters(self): for major, minor_start, minor_end in self.openshift_version_filters.versions: for minor in range(minor_start, minor_end): |