summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--inventory/hosts.example4
-rw-r--r--playbooks/aws/provisioning_vars.yml.example5
-rw-r--r--playbooks/container-runtime/private/build_container_groups.yml6
-rw-r--r--playbooks/container-runtime/private/config.yml9
-rw-r--r--playbooks/container-runtime/private/setup_storage.yml4
-rw-r--r--playbooks/init/facts.yml2
-rw-r--r--roles/container_runtime/tasks/common/post.yml2
-rw-r--r--roles/container_runtime/tasks/systemcontainer_crio.yml2
-rw-r--r--roles/container_runtime/tasks/systemcontainer_docker.yml6
-rw-r--r--roles/openshift_aws/tasks/provision_instance.yml2
-rw-r--r--roles/openshift_cli/defaults/main.yml2
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/main.yaml4
-rw-r--r--roles/openshift_node/defaults/main.yml2
-rw-r--r--roles/openshift_node/tasks/main.yml4
-rw-r--r--roles/openshift_node/tasks/openvswitch_system_container.yml4
-rw-r--r--roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml2
-rw-r--r--roles/openshift_node/templates/node.service.j22
-rw-r--r--roles/openshift_node/templates/node.yaml.v1.j22
-rw-r--r--roles/openshift_node/templates/openshift.docker.node.dep.service2
-rw-r--r--roles/openshift_version/tasks/set_version_containerized.yml8
-rw-r--r--test/tox-inventory.txt4
21 files changed, 53 insertions, 25 deletions
diff --git a/inventory/hosts.example b/inventory/hosts.example
index 8c2590078..05293269d 100644
--- a/inventory/hosts.example
+++ b/inventory/hosts.example
@@ -197,6 +197,10 @@ openshift_release=v3.7
#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}]
#openshift_repos_enable_testing=false
+# If the image for etcd needs to be pulled from anywhere else than registry.access.redhat.com, e.g. in
+# a disconnected and containerized installation, use osm_etcd_image to specify the image to use:
+#osm_etcd_image=rhel7/etcd
+
# htpasswd auth
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
# Defining htpasswd users
diff --git a/playbooks/aws/provisioning_vars.yml.example b/playbooks/aws/provisioning_vars.yml.example
index 2eb7d23d4..f6b1a6b5d 100644
--- a/playbooks/aws/provisioning_vars.yml.example
+++ b/playbooks/aws/provisioning_vars.yml.example
@@ -93,6 +93,11 @@ openshift_aws_ssh_key_name: # myuser_key
# --------- #
# Variables in this section apply to building a node AMI for use in your
# openshift cluster.
+# openshift-ansible will perform the container runtime storage setup when specified
+# The current storage setup with require a drive if using a separate storage device
+# for the container runtime.
+container_runtime_docker_storage_type: overlay2
+container_runtime_docker_storage_setup_device: /dev/xvdb
# must specify a base_ami when building an AMI
openshift_aws_base_ami: # ami-12345678
diff --git a/playbooks/container-runtime/private/build_container_groups.yml b/playbooks/container-runtime/private/build_container_groups.yml
new file mode 100644
index 000000000..7fd60743c
--- /dev/null
+++ b/playbooks/container-runtime/private/build_container_groups.yml
@@ -0,0 +1,6 @@
+---
+- name: create oo_hosts_containerized_managed_true host group
+ hosts: oo_all_hosts:!oo_nodes_to_config
+ tasks:
+ - group_by:
+ key: oo_hosts_containerized_managed_{{ (containerized | default(False)) | ternary('true','false') }}
diff --git a/playbooks/container-runtime/private/config.yml b/playbooks/container-runtime/private/config.yml
index dd13fa4a2..7a49adcf0 100644
--- a/playbooks/container-runtime/private/config.yml
+++ b/playbooks/container-runtime/private/config.yml
@@ -1,10 +1,7 @@
---
-- hosts: "{{ l_containerized_host_groups }}"
- vars:
- l_chg_temp: "{{ hostvars[groups['oo_first_master'][0]]['openshift_containerized_host_groups'] | default([]) }}"
- l_containerized_host_groups: "{{ (['oo_nodes_to_config'] | union(l_chg_temp)) | join(':') }}"
- # role: container_runtime is necessary here to bring role default variables
- # into the play scope.
+- import_playbook: build_container_groups.yml
+
+- hosts: oo_nodes_to_config:oo_hosts_containerized_managed_true
roles:
- role: container_runtime
tasks:
diff --git a/playbooks/container-runtime/private/setup_storage.yml b/playbooks/container-runtime/private/setup_storage.yml
index 357f67f0c..a6d396270 100644
--- a/playbooks/container-runtime/private/setup_storage.yml
+++ b/playbooks/container-runtime/private/setup_storage.yml
@@ -1,5 +1,7 @@
---
-- hosts: "{{ l_containerized_host_groups }}"
+- import_playbook: build_container_groups.yml
+
+- hosts: oo_nodes_to_config:oo_hosts_containerized_managed_true
vars:
l_chg_temp: "{{ hostvars[groups['oo_first_master'][0]]['openshift_containerized_host_groups'] | default([]) }}"
l_containerized_host_groups: "{{ (['oo_nodes_to_config'] | union(l_chg_temp)) | join(':') }}"
diff --git a/playbooks/init/facts.yml b/playbooks/init/facts.yml
index 6759240c9..094db845d 100644
--- a/playbooks/init/facts.yml
+++ b/playbooks/init/facts.yml
@@ -100,3 +100,5 @@
# We need to setup openshift_client_binary here for special uses of delegate_to in
# later roles and plays.
first_master_client_binary: "{{ openshift_client_binary }}"
+ #Some roles may require this to be set for first master
+ openshift_client_binary: "{{ openshift_client_binary }}"
diff --git a/roles/container_runtime/tasks/common/post.yml b/roles/container_runtime/tasks/common/post.yml
index b90190ebf..23fd8528a 100644
--- a/roles/container_runtime/tasks/common/post.yml
+++ b/roles/container_runtime/tasks/common/post.yml
@@ -22,5 +22,5 @@
- include_tasks: setup_docker_symlink.yml
when:
- - openshift_use_crio
+ - openshift_use_crio | bool
- dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool)
diff --git a/roles/container_runtime/tasks/systemcontainer_crio.yml b/roles/container_runtime/tasks/systemcontainer_crio.yml
index eedb18604..d588f2618 100644
--- a/roles/container_runtime/tasks/systemcontainer_crio.yml
+++ b/roles/container_runtime/tasks/systemcontainer_crio.yml
@@ -104,4 +104,4 @@
# 'docker login'
- include_tasks: common/post.yml
vars:
- openshift_docker_alternative_creds: "{{ openshift_use_crio_only }}"
+ openshift_docker_alternative_creds: "{{ openshift_use_crio_only | bool }}"
diff --git a/roles/container_runtime/tasks/systemcontainer_docker.yml b/roles/container_runtime/tasks/systemcontainer_docker.yml
index dc0452553..5f715cd21 100644
--- a/roles/container_runtime/tasks/systemcontainer_docker.yml
+++ b/roles/container_runtime/tasks/systemcontainer_docker.yml
@@ -42,6 +42,12 @@
- debug:
var: l_docker_image
+# Do the authentication before pulling the container engine system container
+# as the pull might be from an authenticated registry.
+- include_tasks: registry_auth.yml
+ vars:
+ openshift_docker_alternative_creds: True
+
# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
- name: Pre-pull Container Engine System Container image
command: "atomic pull --storage ostree {{ l_docker_image }}"
diff --git a/roles/openshift_aws/tasks/provision_instance.yml b/roles/openshift_aws/tasks/provision_instance.yml
index 7eadd1522..786db1570 100644
--- a/roles/openshift_aws/tasks/provision_instance.yml
+++ b/roles/openshift_aws/tasks/provision_instance.yml
@@ -42,5 +42,5 @@
- name: add host to nodes
add_host:
- groups: nodes
+ groups: nodes,g_new_node_hosts
name: "{{ instancesout.instances[0].public_dns_name }}"
diff --git a/roles/openshift_cli/defaults/main.yml b/roles/openshift_cli/defaults/main.yml
index 631a0455e..9faec639f 100644
--- a/roles/openshift_cli/defaults/main.yml
+++ b/roles/openshift_cli/defaults/main.yml
@@ -8,4 +8,4 @@ system_images_registry: "{{ system_images_registry_dict[openshift_deployment_typ
openshift_use_crio_only: False
l_is_system_container_image: "{{ openshift_use_master_system_container | default(openshift_use_system_containers | default(False)) | bool }}"
-l_use_cli_atomic_image: "{{ openshift_use_crio_only or l_is_system_container_image }}"
+l_use_cli_atomic_image: "{{ (openshift_use_crio_only | bool) or (l_is_system_container_image | bool) }}"
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml
index 9bd37f33c..bf3b743af 100644
--- a/roles/openshift_logging_elasticsearch/tasks/main.yaml
+++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml
@@ -181,7 +181,9 @@
changed_when: no
# create diff between current configmap files and our current files
-- import_role:
+# NOTE: include_role must be used instead of import_role because
+# this task file is looped over from another role.
+- include_role:
name: openshift_logging
tasks_from: patch_configmap_files.yaml
vars:
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index 27fe2f5c0..c1fab4382 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -169,7 +169,7 @@ oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker"
oreg_auth_credentials_replace: False
l_bind_docker_reg_auth: False
openshift_use_crio: False
-openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False)) }}"
+openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False) | bool) }}"
openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 103572291..754ecacaf 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -4,7 +4,7 @@
when:
- (not ansible_selinux or ansible_selinux.status != 'enabled')
- openshift_deployment_type == 'openshift-enterprise'
- - not openshift_use_crio
+ - not openshift_use_crio | bool
- include_tasks: dnsmasq_install.yml
- include_tasks: dnsmasq.yml
@@ -50,7 +50,7 @@
name: cri-o
enabled: yes
state: restarted
- when: openshift_use_crio
+ when: openshift_use_crio | bool
register: task_result
failed_when:
- task_result is failed
diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml
index 30ef9ef44..d7dce6969 100644
--- a/roles/openshift_node/tasks/openvswitch_system_container.yml
+++ b/roles/openshift_node/tasks/openvswitch_system_container.yml
@@ -1,11 +1,11 @@
---
- set_fact:
l_service_name: "cri-o"
- when: openshift_use_crio
+ when: openshift_use_crio | bool
- set_fact:
l_service_name: "{{ openshift_docker_service_name }}"
- when: not openshift_use_crio
+ when: not openshift_use_crio | bool
- name: Pre-pull OpenVSwitch system container image
command: >
diff --git a/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml b/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml
index 0a14e5174..e5477f389 100644
--- a/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml
+++ b/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml
@@ -10,6 +10,6 @@
docker pull {{ osn_ovs_image }}:{{ openshift_image_tag }}
register: pull_result
changed_when: "'Downloaded newer image' in pull_result.stdout"
- when: openshift_use_openshift_sdn | bool
+ when: openshift_node_use_openshift_sdn | bool
- include_tasks: ../container_images.yml
diff --git a/roles/openshift_node/templates/node.service.j2 b/roles/openshift_node/templates/node.service.j2
index da751bd65..777f4a449 100644
--- a/roles/openshift_node/templates/node.service.j2
+++ b/roles/openshift_node/templates/node.service.j2
@@ -8,7 +8,7 @@ Wants={{ openshift_docker_service_name }}.service
Documentation=https://github.com/openshift/origin
Requires=dnsmasq.service
After=dnsmasq.service
-{% if openshift_use_crio %}Wants=cri-o.service{% endif %}
+{% if openshift_use_crio | bool %}Wants=cri-o.service{% endif %}
[Service]
Type=notify
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index f091263f5..5f2a94ea2 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -14,7 +14,7 @@ imageConfig:
latest: {{ openshift_node_image_config_latest }}
kind: NodeConfig
kubeletArguments: {{ l2_openshift_node_kubelet_args | default(None) | lib_utils_to_padded_yaml(level=1) }}
-{% if openshift_use_crio %}
+{% if openshift_use_crio | bool %}
container-runtime:
- remote
container-runtime-endpoint:
diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service
index 873744f34..9fe779057 100644
--- a/roles/openshift_node/templates/openshift.docker.node.dep.service
+++ b/roles/openshift_node/templates/openshift.docker.node.dep.service
@@ -3,7 +3,7 @@ Requires={{ openshift_docker_service_name }}.service
After={{ openshift_docker_service_name }}.service
PartOf={{ openshift_service_type }}-node.service
Before={{ openshift_service_type }}-node.service
-{% if openshift_use_crio %}Wants=cri-o.service{% endif %}
+{% if openshift_use_crio | bool %}Wants=cri-o.service{% endif %}
[Service]
ExecStart=/bin/bash -c 'if [[ -f /usr/bin/docker-current ]]; \
diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml
index e02a75eab..a808f050e 100644
--- a/roles/openshift_version/tasks/set_version_containerized.yml
+++ b/roles/openshift_version/tasks/set_version_containerized.yml
@@ -21,7 +21,7 @@
register: cli_image_version
when:
- openshift_version is not defined
- - not openshift_use_crio_only
+ - not openshift_use_crio_only | bool
# Origin latest = pre-release version (i.e. v1.3.0-alpha.1-321-gb095e3a)
- set_fact:
@@ -30,7 +30,7 @@
- openshift_version is not defined
- openshift.common.deployment_type == 'origin'
- cli_image_version.stdout_lines[0].split('-') | length > 1
- - not openshift_use_crio_only
+ - not openshift_use_crio_only | bool
- set_fact:
openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}"
@@ -45,14 +45,14 @@
when:
- openshift_version is defined
- openshift_version.split('.') | length == 2
- - not openshift_use_crio_only
+ - not openshift_use_crio_only | bool
- set_fact:
openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}"
when:
- openshift_version is defined
- openshift_version.split('.') | length == 2
- - not openshift_use_crio_only
+ - not openshift_use_crio_only | bool
# TODO: figure out a way to check for the openshift_version when using CRI-O.
# We should do that using the images in the ostree storage so we don't have
diff --git a/test/tox-inventory.txt b/test/tox-inventory.txt
index 6e57d224b..ed9e946ab 100644
--- a/test/tox-inventory.txt
+++ b/test/tox-inventory.txt
@@ -13,6 +13,7 @@ oo_first_etcd
oo_etcd_hosts_to_backup
oo_etcd_hosts_to_upgrade
oo_etcd_to_migrate
+oo_hosts_containerized_managed_true
oo_masters
oo_masters_to_config
oo_first_master
@@ -103,3 +104,6 @@ localhost
[glusterfs_registry]
localhost
+
+[oo_hosts_containerized_managed_true]
+localhost