diff options
91 files changed, 563 insertions, 208 deletions
diff --git a/.tito/releasers.conf b/.tito/releasers.conf index bce5e5443..1768c4581 100644 --- a/.tito/releasers.conf +++ b/.tito/releasers.conf @@ -47,6 +47,11 @@ releaser = tito.release.DistGitReleaser branches = rhaos-3.8-rhel-7 srpm_disttag = .el7aos +[aos-3.9] +releaser = tito.release.DistGitReleaser +branches = rhaos-3.9-rhel-7 +srpm_disttag = .el7aos + [copr-openshift-ansible] releaser = tito.release.CoprReleaser project_name = @OpenShiftOnlineOps/openshift-ansible diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 5ed55a817..0c2a2c7e8 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -126,10 +126,14 @@ - origin-sdn-ovs - tuned-profiles-openshift-node - tuned-profiles-origin-node + register: result + until: result | success - name: Remove flannel package package: name=flannel state=absent when: openshift_use_flannel | default(false) | bool + register: result + until: result | success when: not is_atomic | bool - shell: systemctl reset-failed @@ -382,6 +386,8 @@ - origin-master - pacemaker - pcs + register: result + until: result | success - shell: systemctl reset-failed changed_when: False @@ -497,6 +503,8 @@ with_items: - etcd - etcd3 + register: result + until: result | success - shell: systemctl reset-failed changed_when: False @@ -554,6 +562,8 @@ when: not is_atomic | bool and openshift_remove_all | default(True) | bool with_items: - haproxy + register: result + until: result | success - shell: systemctl reset-failed changed_when: False diff --git a/playbooks/aws/openshift-cluster/accept.yml b/playbooks/aws/openshift-cluster/accept.yml index c2c8bea50..cab2f1e40 100755 --- a/playbooks/aws/openshift-cluster/accept.yml +++ b/playbooks/aws/openshift-cluster/accept.yml @@ -14,7 +14,7 @@ msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}" - name: bring lib_openshift into scope - include_role: + import_role: name: lib_openshift - name: fetch masters diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_scale_groups.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_scale_groups.yml new file mode 100644 index 000000000..14b0f85d4 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_scale_groups.yml @@ -0,0 +1,7 @@ +--- +# +# Node Scale Group Upgrade Playbook +# +# Upgrades scale group nodes only. +# +- include: ../../../../common/openshift-cluster/upgrades/upgrade_scale_group.yml diff --git a/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml index 808cc562c..83be290e6 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml @@ -41,6 +41,8 @@ - name: Upgrade Docker package: name=docker{{ '-' + docker_version }} state=present + register: result + until: result | success - include: restart.yml when: not skip_docker_restart | default(False) | bool diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index 3aa9e0460..c458184c9 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -14,8 +14,9 @@ pre_tasks: - name: Load lib_openshift modules - include_role: + import_role: name: lib_openshift + - name: Collect all routers oc_obj: state: list diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index d08c6e940..d7a52707c 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -291,7 +291,7 @@ pre_tasks: - name: Load lib_openshift modules - include_role: + import_role: name: lib_openshift # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml index 5dc8193a7..75ffd3fe9 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml @@ -8,7 +8,7 @@ pre_tasks: - name: Load lib_openshift modules - include_role: + import_role: name: lib_openshift # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_scale_group.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_scale_group.yml new file mode 100644 index 000000000..d9ce3a7e3 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_scale_group.yml @@ -0,0 +1,59 @@ +--- +- name: create new scale group + hosts: localhost + tasks: + - name: build upgrade scale groups + include_role: + name: openshift_aws + tasks_from: upgrade_node_group.yml + + - fail: + msg: "Ensure that new scale groups were provisioned before proceeding to update." + when: + - "'oo_sg_new_nodes' not in groups or groups.oo_sg_new_nodes|length == 0" + +- name: initialize upgrade bits + include: init.yml + +- name: Drain and upgrade nodes + hosts: oo_sg_current_nodes + # This var must be set with -e on invocation, as it is not a per-host inventory var + # and is evaluated early. Values such as "20%" can also be used. + serial: "{{ openshift_upgrade_nodes_serial | default(1) }}" + max_fail_percentage: "{{ openshift_upgrade_nodes_max_fail_percentage | default(0) }}" + + pre_tasks: + - name: Load lib_openshift modules + include_role: + name: ../roles/lib_openshift + + # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node + # or docker actually needs an upgrade before proceeding. Perhaps best to save this until + # we merge upgrade functionality into the base roles and a normal config.yml playbook run. + - name: Mark node unschedulable + oc_adm_manage_node: + node: "{{ openshift.node.nodename | lower }}" + schedulable: False + delegate_to: "{{ groups.oo_first_master.0 }}" + retries: 10 + delay: 5 + register: node_unschedulable + until: node_unschedulable|succeeded + + - name: Drain Node for Kubelet upgrade + command: > + {{ hostvars[groups.oo_first_master.0].openshift.common.admin_binary }} drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets + delegate_to: "{{ groups.oo_first_master.0 }}" + register: l_upgrade_nodes_drain_result + until: not l_upgrade_nodes_drain_result | failed + retries: 60 + delay: 60 + +# Alright, let's clean up! +- name: clean up the old scale group + hosts: localhost + tasks: + - name: clean up scale group + include_role: + name: openshift_aws + tasks_from: remove_scale_group.yml diff --git a/playbooks/init/facts.yml b/playbooks/init/facts.yml index 05142f9b6..1166ac538 100644 --- a/playbooks/init/facts.yml +++ b/playbooks/init/facts.yml @@ -84,6 +84,8 @@ - "{{ 'python3-dbus' if ansible_distribution == 'Fedora' else 'dbus-python' }}" - "{{ 'python3-PyYAML' if ansible_distribution == 'Fedora' else 'PyYAML' }}" - yum-utils + register: result + until: result | success - name: Ensure various deps for running system containers are installed package: @@ -100,6 +102,8 @@ or (openshift_use_openvswitch_system_container | default(False)) | bool or (openshift_use_node_system_container | default(False)) | bool or (openshift_use_master_system_container | default(False)) | bool + register: result + until: result | success - name: Gather Cluster facts and set is_containerized if needed openshift_facts: diff --git a/playbooks/openshift-node/private/network_manager.yml b/playbooks/openshift-node/private/network_manager.yml index fffed4dfb..7211787be 100644 --- a/playbooks/openshift-node/private/network_manager.yml +++ b/playbooks/openshift-node/private/network_manager.yml @@ -9,6 +9,8 @@ package: name: 'NetworkManager' state: present + register: result + until: result | success - name: configure NetworkManager lineinfile: diff --git a/playbooks/openstack/README.md b/playbooks/openstack/README.md index f3fe13530..c762169eb 100644 --- a/playbooks/openstack/README.md +++ b/playbooks/openstack/README.md @@ -6,7 +6,7 @@ etc.). The result is an environment ready for OpenShift installation via [openshift-ansible]. We provide everything necessary to be able to install OpenShift on -OpenStack (including the DNS and load balancer servers when +OpenStack (including the load balancer servers when necessary). In addition, we work on providing integration with the OpenStack-native services (storage, lbaas, baremetal as a service, dns, etc.). @@ -38,18 +38,6 @@ Optional: * External Neutron network with a floating IP address pool -## DNS Requirements - -OpenShift requires DNS to operate properly. OpenStack supports DNS-as-a-service -in the form of the Designate project, but the playbooks here don't support it -yet. Until we do, you will need to provide a DNS solution yourself (or in case -you are not running Designate when we do). - -If your server supports nsupdate, we will use it to add the necessary records. - -TODO(shadower): describe how to build a sample DNS server and how to configure -our playbooks for nsupdate. - ## Installation @@ -57,14 +45,13 @@ There are four main parts to the installation: 1. [Preparing Ansible and dependencies](#1-preparing-ansible-and-dependencies) 2. [Configuring the desired OpenStack environment and OpenShift cluster](#2-configuring-the-openstack-environment-and-openshift-cluster) -3. [Creating the OpenStack resources (VMs, networking, etc.)](#3-creating-the-openstack-resources-vms-networking-etc) -4. [Installing OpenShift](#4-installing-openshift) +3. [Creating the OpenStack Resources and Installing OpenShift](#3-creating-the-openstack-resources-and-installing-openshift) This guide is going to install [OpenShift Origin][origin] with [CentOS 7][centos7] images with minimal customisation. -We will create the VMs for running OpenShift, in a new Neutron -network, assign Floating IP addresses and configure DNS. +We will create the VMs for running OpenShift, in a new Neutron network and +assign Floating IP addresses. The OpenShift cluster will have a single Master node that will run `etcd`, a single Infra node and two App nodes. @@ -156,14 +143,6 @@ $ vi inventory/group_vars/all.yml 4. Set the `openshift_openstack_default_flavor` to the flavor you want your OpenShift VMs to use. - See `openstack flavor list` for the list of available flavors. -5. Set the `openshift_openstack_dns_nameservers` to the list of the IP addresses - of the DNS servers used for the **private** address resolution. - -**NOTE ON DNS**: at minimum, the OpenShift nodes need to be able to access each -other by their hostname. OpenStack doesn't provide this by default, so you -need to provide a DNS server. Put the address of that DNS server in -`openshift_openstack_dns_nameservers` variable. - @@ -191,7 +170,7 @@ the [Sample OpenShift Inventory][sample-openshift-inventory] and the [advanced configuration][advanced-configuration]. -### 3. Creating the OpenStack resources (VMs, networking, etc.) +### 3. Creating the OpenStack Resources and Installing OpenShift We provide an `ansible.cfg` file which has some useful defaults -- you should copy it to the directory you're going to run `ansible-playbook` from. @@ -200,11 +179,11 @@ copy it to the directory you're going to run `ansible-playbook` from. $ cp openshift-ansible/ansible.cfg ansible.cfg ``` -Then run the provisioning playbook -- this will create the OpenStack +Then run the provision + install playbook -- this will create the OpenStack resources: ```bash -$ ansible-playbook --user openshift -i inventory openshift-ansible/playbooks/openstack/openshift-cluster/provision.yaml +$ ansible-playbook --user openshift -i inventory openshift-ansible/playbooks/openstack/openshift-cluster/provision_install.yaml ``` If you're using multiple inventories, make sure you pass the path to @@ -214,15 +193,6 @@ If your SSH private key is not in `~/.ssh/id_rsa` use the `--private-key` option to specify the correct path. -### 4. Installing OpenShift - -Run the `byo/config.yml` playbook on top of the OpenStack nodes we have -prepared. - -```bash -$ ansible-playbook -i inventory openshift-ansible/playbooks/byo/config.yml -``` - ### Next Steps diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index 90cc20b98..c0bdf5020 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -47,44 +47,42 @@ Otherwise, even if there are differences between the two versions, installation ## Accessing the OpenShift Cluster -### Use the Cluster DNS +### Configure DNS -In addition to the OpenShift nodes, we created a DNS server with all -the necessary entries. We will configure your *Ansible host* to use -this new DNS and talk to the deployed OpenShift. +OpenShift requires two DNS records to function fully. The first one points to +the master/load balancer and provides the UI/API access. The other one is a +wildcard domain that resolves app route requests to the infra node. -First, get the DNS IP address: +If you followed the default installation from the README section, there is no +DNS configured. You should add two entries to the `/etc/hosts` file on the +Ansible host (where you to do a quick validation. A real deployment will +however require a DNS server with the following entries set. -```bash -$ openstack server show dns-0.openshift.example.com --format value --column addresses -openshift-ansible-openshift.example.com-net=192.168.99.11, 10.40.128.129 -``` - -Note the floating IP address (it's `10.40.128.129` in this case) -- if -you're not sure, try pinging them both -- it's the one that responds -to pings. +First, run the `openstack server list` command and note the floating IP +addresses of the *master* and *infra* nodes (we will use `10.40.128.130` for +master and `10.40.128.134` for infra here). -Next, edit your `/etc/resolv.conf` as root and put `nameserver DNS_IP` as your -**first entry**. - -If your `/etc/resolv.conf` currently looks like this: +Then add the following entries to your `/etc/hosts`: ``` -; generated by /usr/sbin/dhclient-script -search openstacklocal -nameserver 192.168.0.3 -nameserver 192.168.0.2 +10.40.128.130 console.openshift.example.com +10.40.128.134 cakephp-mysql-example-test.apps.openshift.example.com ``` -Change it to this: +This points the cluster domain (as defined in the +`openshift_master_cluster_public_hostname` Ansible variable in `OSEv3`) to the +master node and any routes for deployed apps to the infra node. + +If you deploy another app, it will end up with a different URL (e.g. +myapp-test.apps.openshift.example.com) and you will need to add that too. This +is why a real deployment should always run a DNS where the second entry will be +a wildcard `*.apps.openshift.example.com). + +This will be sufficient to validate the cluster here. + +Take a look at the [External DNS](#dns-configuration-variables) section for +configuring a DNS service. -``` -; generated by /usr/sbin/dhclient-script -search openstacklocal -nameserver 10.40.128.129 -nameserver 192.168.0.3 -nameserver 192.168.0.2 -``` ### Get the `oc` Client diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml index 1e55adb9e..90608bbc0 100644 --- a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml +++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml @@ -5,8 +5,7 @@ openshift_deployment_type: origin openshift_master_default_subdomain: "apps.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" openshift_master_cluster_method: native -openshift_master_cluster_hostname: "console.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" -openshift_master_cluster_public_hostname: "{{ openshift_master_cluster_hostname }}" +openshift_master_cluster_public_hostname: "console.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" osm_default_node_selector: 'region=primary' diff --git a/playbooks/openstack/sample-inventory/group_vars/all.yml b/playbooks/openstack/sample-inventory/group_vars/all.yml index 921edb867..ae1528123 100644 --- a/playbooks/openstack/sample-inventory/group_vars/all.yml +++ b/playbooks/openstack/sample-inventory/group_vars/all.yml @@ -10,7 +10,6 @@ openshift_openstack_dns_nameservers: [] #openshift_openstack_node_hostname: "app-node" #openshift_openstack_lb_hostname: "lb" #openshift_openstack_etcd_hostname: "etcd" -#openshift_openstack_dns_hostname: "dns" openshift_openstack_keypair_name: "openshift" openshift_openstack_external_network_name: "public" @@ -34,7 +33,6 @@ openshift_openstack_external_network_name: "public" #openshift_openstack_node_image_name: "centos7" #openshift_openstack_lb_image_name: "centos7" #openshift_openstack_etcd_image_name: "centos7" -#openshift_openstack_dns_image_name: "centos7" openshift_openstack_default_image_name: "centos7" openshift_openstack_num_masters: 1 @@ -49,7 +47,6 @@ openshift_openstack_num_nodes: 2 #openshift_openstack_node_flavor: "m1.medium" #openshift_openstack_lb_flavor: "m1.medium" #openshift_openstack_etcd_flavor: "m1.medium" -#openshift_openstack_dns_flavor: "m1.medium" openshift_openstack_default_flavor: "m1.medium" # # Numerical index of nodes to remove @@ -62,7 +59,6 @@ openshift_openstack_default_flavor: "m1.medium" #openshift_openstack_docker_infra_volume_size: "15" #openshift_openstack_docker_node_volume_size: "15" #openshift_openstack_docker_etcd_volume_size: "2" -#openshift_openstack_docker_dns_volume_size: "1" #openshift_openstack_docker_lb_volume_size: "5" openshift_openstack_docker_volume_size: "15" @@ -110,7 +106,6 @@ openshift_openstack_subnet_prefix: "192.168.99" # # Roll-your-own DNS -#openshift_openstack_num_dns: 0 #openshift_openstack_external_nsupdate_keys: # public: # key_secret: 'SKqKNdpfk7llKxZ57bbxUnUDobaaJp9t8CjXLJPl+fRI5mPcSBuxTAyvJPa6Y9R7vUg9DwCy/6WTpgLNqnV4Hg==' @@ -121,10 +116,6 @@ openshift_openstack_subnet_prefix: "192.168.99" # key_algorithm: 'hmac-md5' # server: '192.168.1.2' -# # Customize DNS server security options -#named_public_recursion: 'no' -#named_private_recursion: 'yes' - # NOTE(shadower): Do not change this value. The Ansible user is currently # hardcoded to `openshift`. diff --git a/playbooks/openstack/sample-inventory/inventory.py b/playbooks/openstack/sample-inventory/inventory.py index 47c56d94d..ad3fd936b 100755 --- a/playbooks/openstack/sample-inventory/inventory.py +++ b/playbooks/openstack/sample-inventory/inventory.py @@ -79,10 +79,19 @@ def build_inventory(): public_v4 = server.public_v4 or server.private_v4 if public_v4: - hostvars['public_v4'] = public_v4 + hostvars['public_v4'] = server.public_v4 + hostvars['openshift_public_ip'] = server.public_v4 # TODO(shadower): what about multiple networks? if server.private_v4: hostvars['private_v4'] = server.private_v4 + # NOTE(shadower): Yes, we set both hostname and IP to the private + # IP address for each node. OpenStack doesn't resolve nodes by + # name at all, so using a hostname here would require an internal + # DNS which would complicate the setup and potentially introduce + # performance issues. + hostvars['openshift_ip'] = server.private_v4 + hostvars['openshift_hostname'] = server.private_v4 + hostvars['openshift_public_hostname'] = server.name node_labels = server.metadata.get('node_labels') if node_labels: diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index c90bbbe9b..4ca47d074 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -147,64 +147,41 @@ - set_fact: service_ca_crt: "{{ asb_client_secret.results.results.0.data['service-ca.crt'] }}" -# Using oc_obj because oc_service doesn't seem to allow annotations -# TODO: Extend oc_service to allow annotations - name: create ansible-service-broker service - oc_obj: + oc_service: name: asb namespace: openshift-ansible-service-broker - state: present - kind: Service - content: - path: /tmp/asbsvcout - data: - apiVersion: v1 - kind: Service - metadata: - name: asb - namespace: openshift-ansible-service-broker - labels: - app: openshift-ansible-service-broker - service: asb - annotations: - service.alpha.openshift.io/serving-cert-secret-name: asb-tls - spec: - ports: - - name: port-1338 - port: 1338 - targetPort: 1338 - protocol: TCP - selector: - app: openshift-ansible-service-broker - service: asb + labels: + app: openshift-ansible-service-broker + service: asb + annotations: + service.alpha.openshift.io/serving-cert-secret-name: asb-tls + ports: + - name: port-1338 + port: 1338 + targetPort: 1338 + protocol: TCP + selector: + app: openshift-ansible-service-broker + service: asb - name: create asb-etcd service - oc_obj: + oc_service: name: asb-etcd namespace: openshift-ansible-service-broker - state: present - kind: Service - content: - path: /tmp/asbetcdsvcout - data: - apiVersion: v1 - kind: Service - metadata: - name: asb-etcd - labels: - app: etcd - service: asb-etcd - annotations: - service.alpha.openshift.io/serving-cert-secret-name: etcd-tls - spec: - ports: - - name: port-2379 - port: 2379 - targetPort: 2379 - protocol: TCP - selector: - app: etcd - service: asb-etcd + labels: + app: etcd + service: asb-etcd + annotations: + service.alpha.openshift.io/serving-cert-secret-name: etcd-tls + ports: + - name: port-2379 + port: 2379 + targetPort: 2379 + protocol: TCP + selector: + app: etcd + service: asb-etcd - name: create route for ansible-service-broker service oc_route: @@ -219,28 +196,25 @@ tls_termination: Reencrypt - name: create persistent volume claim for etcd - oc_obj: + oc_pvc: name: etcd namespace: openshift-ansible-service-broker - state: present - kind: PersistentVolumeClaim - content: - path: /tmp/pvcout - data: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: etcd - namespace: openshift-ansible-service-broker - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi + access_modes: + - ReadWriteOnce + volume_capacity: 1G + +- name: Search for existing Ansible Service Broker deployment config + oc_obj: + name: asb + namespace: openshift-ansible-service-broker + kind: DeploymentConfig + state: list + register: asb_dc - name: Create Ansible Service Broker deployment config + when: asb_dc.results.results.0 | length == 0 oc_obj: + force: yes name: asb namespace: openshift-ansible-service-broker state: present @@ -315,9 +289,18 @@ secret: secretName: broker-etcd-auth-secret +- name: Search for existing Ansible Service Broker etcd deployment config + oc_obj: + name: asb-etcd + namespace: openshift-ansible-service-broker + kind: DeploymentConfig + state: list + register: asb_etcd_dc + - name: Create asb-etcd deployment config + when: asb_etcd_dc.results.results.0 | length == 0 oc_obj: - name: etcd + name: asb-etcd namespace: openshift-ansible-service-broker state: present kind: DeploymentConfig @@ -354,7 +337,7 @@ - "{{ ansible_service_broker_etcd_image_etcd_path }}" - "--data-dir=/data" - "--listen-client-urls=https://0.0.0.0:2379" - - "--advertise-client-urls=https://0.0.0.0:2379" + - "--advertise-client-urls=https://asb-etcd.openshift-ansible-service-broker.svc:2379" - "--client-cert-auth" - "--trusted-ca-file=/var/run/etcd-auth-secret/ca.crt" - "--cert-file=/etc/tls/private/tls.crt" diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml index 34754502a..f63b3e49b 100644 --- a/roles/cockpit/tasks/main.yml +++ b/roles/cockpit/tasks/main.yml @@ -11,6 +11,8 @@ - cockpit-docker - "{{ cockpit_plugins }}" when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Enable cockpit-ws systemd: diff --git a/roles/contiv/tasks/download_bins.yml b/roles/contiv/tasks/download_bins.yml index 319fce46c..741c1d1da 100644 --- a/roles/contiv/tasks/download_bins.yml +++ b/roles/contiv/tasks/download_bins.yml @@ -8,6 +8,8 @@ yum: name: bzip2 state: installed + register: result + until: result | success - name: Download Bins | Download Contiv tar file get_url: diff --git a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml index 91e6aadf3..62b4716a3 100644 --- a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml +++ b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml @@ -3,6 +3,8 @@ yum: pkg=net-tools state=latest + register: result + until: result | success - name: PkgMgr RHEL/CentOS | Get openstack ocata rpm get_url: @@ -20,6 +22,8 @@ yum: name=/tmp/rdo-release-ocata-2.noarch.rpm state=present tags: - ovs_install + register: result + until: result | success - name: PkgMgr RHEL/CentOS | Install ovs yum: @@ -31,3 +35,5 @@ no_proxy: "{{ no_proxy|default('') }}" tags: - ovs_install + register: result + until: result | success diff --git a/roles/contiv_facts/tasks/fedora-install.yml b/roles/contiv_facts/tasks/fedora-install.yml index db56a18c0..a57f6eb19 100644 --- a/roles/contiv_facts/tasks/fedora-install.yml +++ b/roles/contiv_facts/tasks/fedora-install.yml @@ -3,6 +3,8 @@ yum: name: dnf state: installed + register: result + until: result | success - name: Update repo cache command: dnf update -y diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index 5437275a2..044b04478 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -37,6 +37,8 @@ - name: Install Docker package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present when: not openshift.common.is_atomic | bool and not curr_docker_version | skipped and not curr_docker_version.stdout != '' + register: result + until: result | success - block: # Extend the default Docker service unit file when using iptables-services diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 17800d4e5..3439aa353 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -29,6 +29,8 @@ name: container-selinux state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check we are not using node as a Docker container with CRI-O fail: msg='Cannot use CRI-O with node configured as a Docker container' @@ -42,6 +44,8 @@ name: atomic state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # At the time of writing the atomic command requires runc for it's own use. This # task is here in the even that the atomic package ever removes the dependency. @@ -50,6 +54,8 @@ name: runc state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check that overlay is in the kernel diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml index f69acb9a5..881d83f50 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -34,6 +34,8 @@ name: container-selinux state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Used to pull and install the system container - name: Ensure atomic is installed @@ -41,6 +43,8 @@ name: atomic state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # At the time of writing the atomic command requires runc for it's own use. This # task is here in the even that the atomic package ever removes the dependency. @@ -49,11 +53,15 @@ name: runc state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Make sure Docker is installed so we are able to use the client - name: Install Docker so we can use the client package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Make sure docker is disabled. Errors are ignored. - name: Disable Docker diff --git a/roles/etcd/tasks/auxiliary/drop_etcdctl.yml b/roles/etcd/tasks/auxiliary/drop_etcdctl.yml index 11bd2310e..603f2531f 100644 --- a/roles/etcd/tasks/auxiliary/drop_etcdctl.yml +++ b/roles/etcd/tasks/auxiliary/drop_etcdctl.yml @@ -2,6 +2,8 @@ - name: Install etcd for etcdctl package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Configure etcd profile.d aliases template: diff --git a/roles/etcd/tasks/backup/backup.yml b/roles/etcd/tasks/backup/backup.yml index afb84eb58..9da023dbd 100644 --- a/roles/etcd/tasks/backup/backup.yml +++ b/roles/etcd/tasks/backup/backup.yml @@ -43,6 +43,8 @@ when: - r_etcd_common_embedded_etcd | bool - not l_ostree_booted.stat.exists | bool + register: result + until: result | success - name: Check selinux label of '{{ etcd_data_dir }}' command: > diff --git a/roles/etcd/tasks/certificates/deploy_ca.yml b/roles/etcd/tasks/certificates/deploy_ca.yml index 3d32290a2..bd4dafafd 100644 --- a/roles/etcd/tasks/certificates/deploy_ca.yml +++ b/roles/etcd/tasks/certificates/deploy_ca.yml @@ -6,6 +6,8 @@ when: not etcd_is_atomic | bool delegate_to: "{{ etcd_ca_host }}" run_once: true + register: result + until: result | success - file: path: "{{ item }}" diff --git a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml index 00b8f4a0b..f4726940a 100644 --- a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml +++ b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml @@ -4,6 +4,8 @@ name: "etcd{{ '-' + etcd_version if etcd_version is defined else '' }}" state: present when: not etcd_is_containerized | bool + register: result + until: result | success - name: Check status of etcd certificates stat: diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 5ee9335f5..b2100801f 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -12,6 +12,8 @@ - name: Install etcd package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present when: not etcd_is_containerized | bool + register: result + until: result | success - include_tasks: drop_etcdctl.yml when: diff --git a/roles/etcd/tasks/upgrade/upgrade_image.yml b/roles/etcd/tasks/upgrade/upgrade_image.yml index 24071f9ad..6e712ba74 100644 --- a/roles/etcd/tasks/upgrade/upgrade_image.yml +++ b/roles/etcd/tasks/upgrade/upgrade_image.yml @@ -44,6 +44,8 @@ name: etcd state: latest when: not l_ostree_booted.stat.exists | bool + register: result + until: result | success - name: Verify cluster is healthy command: "{{ etcdctlv2 }} cluster-health" diff --git a/roles/etcd/tasks/upgrade/upgrade_rpm.yml b/roles/etcd/tasks/upgrade/upgrade_rpm.yml index 505e28afb..e98def46e 100644 --- a/roles/etcd/tasks/upgrade/upgrade_rpm.yml +++ b/roles/etcd/tasks/upgrade/upgrade_rpm.yml @@ -18,6 +18,8 @@ package: name: "{{ l_etcd_target_package }}" state: latest + register: result + until: result | success - lineinfile: destfile: "{{ etcd_conf_file }}" diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index 3a8945a82..befe1b2e6 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -3,6 +3,8 @@ become: yes package: name=flannel state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Set flannel etcd options become: yes diff --git a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py index 57444a2a5..3cb1fa8d0 100644 --- a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py +++ b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py @@ -74,7 +74,7 @@ class CallbackModule(CallbackBase): }, 'installer_phase_glusterfs': { 'title': 'GlusterFS Install', - 'playbook': 'playbooks/byo/openshift-glusterfs/config.yml' + 'playbook': 'playbooks/openshift-glusterfs/config.yml' }, 'installer_phase_hosted': { 'title': 'Hosted Install', diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index 0771aa5a5..fe565987c 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -1993,6 +1993,7 @@ class ServiceConfig(object): sname, namespace, ports, + annotations=None, selector=None, labels=None, cluster_ip=None, @@ -2004,6 +2005,7 @@ class ServiceConfig(object): self.name = sname self.namespace = namespace self.ports = ports + self.annotations = annotations self.selector = selector self.labels = labels self.cluster_ip = cluster_ip @@ -2026,6 +2028,9 @@ class ServiceConfig(object): self.data['metadata']['labels'] = {} for lab, lab_value in self.labels.items(): self.data['metadata']['labels'][lab] = lab_value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations + self.data['spec'] = {} if self.ports: diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py index 5969da7ca..44de29592 100644 --- a/roles/lib_openshift/library/oc_adm_router.py +++ b/roles/lib_openshift/library/oc_adm_router.py @@ -1559,6 +1559,7 @@ class ServiceConfig(object): sname, namespace, ports, + annotations=None, selector=None, labels=None, cluster_ip=None, @@ -1570,6 +1571,7 @@ class ServiceConfig(object): self.name = sname self.namespace = namespace self.ports = ports + self.annotations = annotations self.selector = selector self.labels = labels self.cluster_ip = cluster_ip @@ -1592,6 +1594,9 @@ class ServiceConfig(object): self.data['metadata']['labels'] = {} for lab, lab_value in self.labels.items(): self.data['metadata']['labels'][lab] = lab_value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations + self.data['spec'] = {} if self.ports: diff --git a/roles/lib_openshift/library/oc_service.py b/roles/lib_openshift/library/oc_service.py index 3e8aea4f1..c541e1bbd 100644 --- a/roles/lib_openshift/library/oc_service.py +++ b/roles/lib_openshift/library/oc_service.py @@ -90,6 +90,12 @@ options: required: false default: default aliases: [] + annotations: + description: + - Annotations to apply to the object + required: false + default: None + aliases: [] selector: description: - The selector to apply when filtering for services. @@ -1471,6 +1477,7 @@ class ServiceConfig(object): sname, namespace, ports, + annotations=None, selector=None, labels=None, cluster_ip=None, @@ -1482,6 +1489,7 @@ class ServiceConfig(object): self.name = sname self.namespace = namespace self.ports = ports + self.annotations = annotations self.selector = selector self.labels = labels self.cluster_ip = cluster_ip @@ -1504,6 +1512,9 @@ class ServiceConfig(object): self.data['metadata']['labels'] = {} for lab, lab_value in self.labels.items(): self.data['metadata']['labels'][lab] = lab_value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations + self.data['spec'] = {} if self.ports: @@ -1662,6 +1673,7 @@ class OCService(OpenShiftCLI): sname, namespace, labels, + annotations, selector, cluster_ip, portal_ip, @@ -1674,7 +1686,7 @@ class OCService(OpenShiftCLI): ''' Constructor for OCVolume ''' super(OCService, self).__init__(namespace, kubeconfig, verbose) self.namespace = namespace - self.config = ServiceConfig(sname, namespace, ports, selector, labels, + self.config = ServiceConfig(sname, namespace, ports, annotations, selector, labels, cluster_ip, portal_ip, session_affinity, service_type, external_ips) self.user_svc = Service(content=self.config.data) @@ -1739,6 +1751,7 @@ class OCService(OpenShiftCLI): oc_svc = OCService(params['name'], params['namespace'], params['labels'], + params['annotations'], params['selector'], params['clusterip'], params['portalip'], @@ -1840,6 +1853,7 @@ def main(): debug=dict(default=False, type='bool'), namespace=dict(default='default', type='str'), name=dict(default=None, type='str'), + annotations=dict(default=None, type='dict'), labels=dict(default=None, type='dict'), selector=dict(default=None, type='dict'), clusterip=dict(default=None, type='str'), diff --git a/roles/lib_openshift/src/ansible/oc_service.py b/roles/lib_openshift/src/ansible/oc_service.py index b90c08255..0c55391e3 100644 --- a/roles/lib_openshift/src/ansible/oc_service.py +++ b/roles/lib_openshift/src/ansible/oc_service.py @@ -14,6 +14,7 @@ def main(): debug=dict(default=False, type='bool'), namespace=dict(default='default', type='str'), name=dict(default=None, type='str'), + annotations=dict(default=None, type='dict'), labels=dict(default=None, type='dict'), selector=dict(default=None, type='dict'), clusterip=dict(default=None, type='str'), diff --git a/roles/lib_openshift/src/class/oc_service.py b/roles/lib_openshift/src/class/oc_service.py index 7268a0c88..e41237b7e 100644 --- a/roles/lib_openshift/src/class/oc_service.py +++ b/roles/lib_openshift/src/class/oc_service.py @@ -13,6 +13,7 @@ class OCService(OpenShiftCLI): sname, namespace, labels, + annotations, selector, cluster_ip, portal_ip, @@ -25,7 +26,7 @@ class OCService(OpenShiftCLI): ''' Constructor for OCVolume ''' super(OCService, self).__init__(namespace, kubeconfig, verbose) self.namespace = namespace - self.config = ServiceConfig(sname, namespace, ports, selector, labels, + self.config = ServiceConfig(sname, namespace, ports, annotations, selector, labels, cluster_ip, portal_ip, session_affinity, service_type, external_ips) self.user_svc = Service(content=self.config.data) @@ -90,6 +91,7 @@ class OCService(OpenShiftCLI): oc_svc = OCService(params['name'], params['namespace'], params['labels'], + params['annotations'], params['selector'], params['clusterip'], params['portalip'], diff --git a/roles/lib_openshift/src/doc/service b/roles/lib_openshift/src/doc/service index ba9aa0b38..b596dff85 100644 --- a/roles/lib_openshift/src/doc/service +++ b/roles/lib_openshift/src/doc/service @@ -39,6 +39,12 @@ options: required: false default: default aliases: [] + annotations: + description: + - Annotations to apply to the object + required: false + default: None + aliases: [] selector: description: - The selector to apply when filtering for services. diff --git a/roles/lib_openshift/src/lib/service.py b/roles/lib_openshift/src/lib/service.py index 0e8cc3aa5..84620c518 100644 --- a/roles/lib_openshift/src/lib/service.py +++ b/roles/lib_openshift/src/lib/service.py @@ -10,6 +10,7 @@ class ServiceConfig(object): sname, namespace, ports, + annotations=None, selector=None, labels=None, cluster_ip=None, @@ -21,6 +22,7 @@ class ServiceConfig(object): self.name = sname self.namespace = namespace self.ports = ports + self.annotations = annotations self.selector = selector self.labels = labels self.cluster_ip = cluster_ip @@ -43,6 +45,9 @@ class ServiceConfig(object): self.data['metadata']['labels'] = {} for lab, lab_value in self.labels.items(): self.data['metadata']['labels'][lab] = lab_value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations + self.data['spec'] = {} if self.ports: diff --git a/roles/lib_openshift/src/test/unit/test_oc_service.py b/roles/lib_openshift/src/test/unit/test_oc_service.py index 9c21a262f..2a7b3c7dc 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_service.py +++ b/roles/lib_openshift/src/test/unit/test_oc_service.py @@ -34,6 +34,7 @@ class OCServiceTest(unittest.TestCase): 'ports': None, 'state': 'list', 'labels': None, + 'annotations': None, 'clusterip': None, 'portalip': None, 'selector': None, @@ -120,6 +121,7 @@ class OCServiceTest(unittest.TestCase): 'targetPOrt': 9000}, 'state': 'present', 'labels': None, + 'annotations': None, 'clusterip': None, 'portalip': None, 'selector': {'router': 'router'}, @@ -318,6 +320,7 @@ class OCServiceTest(unittest.TestCase): 'targetPOrt': 9000}, 'state': 'present', 'labels': {'component': 'some_component', 'infra': 'true'}, + 'annotations': None, 'clusterip': None, 'portalip': None, 'selector': {'router': 'router'}, @@ -407,6 +410,7 @@ class OCServiceTest(unittest.TestCase): 'targetPOrt': 9000}, 'state': 'present', 'labels': {'component': 'some_component', 'infra': 'true'}, + 'annotations': None, 'clusterip': None, 'portalip': None, 'selector': {'router': 'router'}, diff --git a/roles/nickhammond.logrotate/tasks/main.yml b/roles/nickhammond.logrotate/tasks/main.yml index 657cb10ec..32d3acb86 100644 --- a/roles/nickhammond.logrotate/tasks/main.yml +++ b/roles/nickhammond.logrotate/tasks/main.yml @@ -2,6 +2,8 @@ - name: nickhammond.logrotate | Install logrotate package: name=logrotate state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: nickhammond.logrotate | Setup logrotate.d scripts template: diff --git a/roles/nuage_ca/tasks/main.yaml b/roles/nuage_ca/tasks/main.yaml index 8d73e6840..46929fa1f 100644 --- a/roles/nuage_ca/tasks/main.yaml +++ b/roles/nuage_ca/tasks/main.yaml @@ -2,6 +2,8 @@ - name: Install openssl package: name=openssl state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Create CA directory file: path="{{ nuage_ca_dir }}" state=directory diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml index c9a429675..42ef22846 100644 --- a/roles/openshift_aws/defaults/main.yml +++ b/roles/openshift_aws/defaults/main.yml @@ -6,6 +6,9 @@ openshift_aws_create_security_groups: True openshift_aws_create_launch_config: True openshift_aws_create_scale_group: True +openshift_aws_current_version: '' +openshift_aws_new_version: '' + openshift_aws_wait_for_ssh: True openshift_aws_clusterid: default @@ -39,6 +42,7 @@ openshift_aws_ami_tags: bootstrap: "true" openshift-created: "true" clusterid: "{{ openshift_aws_clusterid }}" + parent: "{{ openshift_aws_base_ami | default('unknown') }}" openshift_aws_s3_mode: create openshift_aws_s3_bucket_name: "{{ openshift_aws_clusterid }}-docker-registry" @@ -114,7 +118,6 @@ openshift_aws_node_group_config_tags: "{{ openshift_aws_clusterid | build_instan openshift_aws_node_group_termination_policy: Default openshift_aws_node_group_replace_instances: [] openshift_aws_node_group_replace_all_instances: False -openshift_aws_node_group_config_extra_labels: {} openshift_aws_ami_map: master: "{{ openshift_aws_ami }}" @@ -135,8 +138,8 @@ openshift_aws_master_group_config: tags: host-type: master sub-host-type: default - labels: - type: master + runtime: docker + version: "{{ openshift_aws_new_version }}" wait_for_instances: True termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" @@ -159,8 +162,8 @@ openshift_aws_node_group_config: tags: host-type: node sub-host-type: compute - labels: - type: compute + runtime: docker + version: "{{ openshift_aws_new_version }}" termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" iam_role: "{{ openshift_aws_iam_role_name }}" @@ -179,8 +182,8 @@ openshift_aws_node_group_config: tags: host-type: node sub-host-type: infra - labels: - type: infra + runtime: docker + version: "{{ openshift_aws_new_version }}" termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" iam_role: "{{ openshift_aws_iam_role_name }}" @@ -262,7 +265,7 @@ openshift_aws_node_security_groups: openshift_aws_vpc_tags: Name: "{{ openshift_aws_vpc_name }}" -openshift_aws_subnet_name: us-east-1c +openshift_aws_subnet_az: us-east-1c openshift_aws_vpc: name: "{{ openshift_aws_vpc_name }}" @@ -280,6 +283,10 @@ openshift_aws_node_run_bootstrap_startup: True openshift_aws_node_user_data: '' openshift_aws_node_config_namespace: openshift-node +openshift_aws_node_groups: nodes + +openshift_aws_masters_groups: masters,etcd,nodes + # If creating extra node groups, you'll need to define all of the following # The format is the same as openshift_aws_node_group_config, but the top-level diff --git a/roles/openshift_aws/filter_plugins/openshift_aws_filters.py b/roles/openshift_aws/filter_plugins/openshift_aws_filters.py index a9893c0a7..e707abd3f 100644 --- a/roles/openshift_aws/filter_plugins/openshift_aws_filters.py +++ b/roles/openshift_aws/filter_plugins/openshift_aws_filters.py @@ -9,6 +9,18 @@ class FilterModule(object): ''' Custom ansible filters for use by openshift_aws role''' @staticmethod + def scale_groups_match_capacity(scale_group_info): + ''' This function will verify that the scale group instance count matches + the scale group desired capacity + + ''' + for scale_group in scale_group_info: + if scale_group['desired_capacity'] != len(scale_group['instances']): + return False + + return True + + @staticmethod def build_instance_tags(clusterid): ''' This function will return a dictionary of the instance tags. @@ -25,4 +37,5 @@ class FilterModule(object): def filters(self): ''' returns a mapping of filters to methods ''' - return {'build_instance_tags': self.build_instance_tags} + return {'build_instance_tags': self.build_instance_tags, + 'scale_groups_match_capacity': self.scale_groups_match_capacity} diff --git a/roles/openshift_aws/meta/main.yml b/roles/openshift_aws/meta/main.yml index 875efcb8f..fa0a24a33 100644 --- a/roles/openshift_aws/meta/main.yml +++ b/roles/openshift_aws/meta/main.yml @@ -1,3 +1,4 @@ --- dependencies: - lib_utils +- lib_openshift diff --git a/roles/openshift_aws/tasks/accept_nodes.yml b/roles/openshift_aws/tasks/accept_nodes.yml new file mode 100644 index 000000000..ae320962f --- /dev/null +++ b/roles/openshift_aws/tasks/accept_nodes.yml @@ -0,0 +1,34 @@ +--- +- name: fetch masters + ec2_remote_facts: + region: "{{ openshift_aws_region | default('us-east-1') }}" + filters: + "{{ {'tag:kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid, + 'tag:host-type': 'master', 'instance-state-name': 'running'} }}" + register: mastersout + retries: 20 + delay: 3 + until: "'instances' in mastersout and mastersout.instances|length > 0" + +- name: fetch new node instances + ec2_remote_facts: + region: "{{ openshift_aws_region }}" + filters: + "{{ {'tag:kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid, + 'tag:host-type': 'node', + 'instance-state-name': 'running'} }}" + register: instancesout + retries: 20 + delay: 3 + until: "'instances' in instancesout and instancesout.instances|length > 0" + +- debug: + msg: "{{ instancesout.instances|map(attribute='private_dns_name') | list }}" + +- name: approve nodes + oc_adm_csr: + #approve_all: True + nodes: "{{ instancesout.instances|map(attribute='private_dns_name') | list }}" + timeout: 60 + register: nodeout + delegate_to: "{{ mastersout.instances[0].public_ip_address }}" diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml index a543222d5..5d371ec7a 100644 --- a/roles/openshift_aws/tasks/elb.yml +++ b/roles/openshift_aws/tasks/elb.yml @@ -17,6 +17,7 @@ listeners: "{{ item.value }}" scheme: "{{ openshift_aws_elb_scheme }}" tags: "{{ openshift_aws_elb_tags }}" + wait: True register: new_elb with_dict: "{{ l_elb_dict_item.value }}" diff --git a/roles/openshift_aws/tasks/launch_config_create.yml b/roles/openshift_aws/tasks/launch_config_create.yml index a688496d2..f7f0f0953 100644 --- a/roles/openshift_aws/tasks/launch_config_create.yml +++ b/roles/openshift_aws/tasks/launch_config_create.yml @@ -10,7 +10,7 @@ # Create the scale group config - name: Create the node scale group launch config ec2_lc: - name: "{{ openshift_aws_launch_config_basename }}-{{ launch_config_item.key }}-{{ l_epoch_time }}" + name: "{{ openshift_aws_launch_config_basename }}-{{ launch_config_item.key }}{{'-' ~ openshift_aws_new_version if openshift_aws_new_version != '' else '' }}" region: "{{ openshift_aws_region }}" image_id: "{{ l_aws_ami_map[launch_config_item.key] | default(openshift_aws_ami) }}" instance_type: "{{ launch_config_item.value.instance_type }}" diff --git a/roles/openshift_aws/tasks/provision_nodes.yml b/roles/openshift_aws/tasks/provision_nodes.yml index 1b40f24d3..3e84666a2 100644 --- a/roles/openshift_aws/tasks/provision_nodes.yml +++ b/roles/openshift_aws/tasks/provision_nodes.yml @@ -12,7 +12,9 @@ register: instancesout retries: 20 delay: 3 - until: instancesout.instances|length > 0 + until: + - "'instances' in instancesout" + - instancesout.instances|length > 0 - name: slurp down the bootstrap.kubeconfig slurp: @@ -42,29 +44,7 @@ l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups_extra }}" l_aws_ami_map: "{{ openshift_aws_ami_map_extra }}" - +# instances aren't scaling fast enough here, we need to wait for them - when: openshift_aws_wait_for_ssh | bool - block: - - name: pause and allow for instances to scale before we query them - pause: - seconds: 10 - - - name: fetch newly created instances - ec2_remote_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:clusterid": "{{ openshift_aws_clusterid }}" - "tag:host-type": node - instance-state-name: running - register: instancesout - retries: 20 - delay: 3 - until: instancesout.instances|length > 0 - - - name: wait for ssh to become available - wait_for: - port: 22 - host: "{{ item.public_ip_address }}" - timeout: 300 - search_regex: OpenSSH - with_items: "{{ instancesout.instances }}" + name: wait for our new nodes to come up + include: wait_for_groups.yml diff --git a/roles/openshift_aws/tasks/remove_scale_group.yml b/roles/openshift_aws/tasks/remove_scale_group.yml new file mode 100644 index 000000000..55d1af2b5 --- /dev/null +++ b/roles/openshift_aws/tasks/remove_scale_group.yml @@ -0,0 +1,27 @@ +--- +- name: fetch the scale groups + ec2_asg_facts: + region: "{{ openshift_aws_region }}" + tags: + "{{ {'kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid, + 'version': openshift_aws_current_version} }}" + register: qasg + +- name: remove non-master scale groups + ec2_asg: + region: "{{ openshift_aws_region }}" + state: absent + name: "{{ item.auto_scaling_group_name }}" + when: "'master' not in item.auto_scaling_group_name" + register: asg_results + with_items: "{{ qasg.results }}" + async: 600 + poll: 0 + +- name: join the asynch scale group removals + async_status: + jid: "{{ item.ansible_job_id }}" + register: jobs_results + with_items: "{{ asg_results.results }}" + until: jobs_results.finished + retries: 200 diff --git a/roles/openshift_aws/tasks/scale_group.yml b/roles/openshift_aws/tasks/scale_group.yml index 097859af2..30df7545d 100644 --- a/roles/openshift_aws/tasks/scale_group.yml +++ b/roles/openshift_aws/tasks/scale_group.yml @@ -1,16 +1,8 @@ --- -- name: fetch the subnet to use in scale group - ec2_vpc_subnet_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:Name": "{{ openshift_aws_subnet_name }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - register: subnetout - - name: Create the scale group ec2_asg: name: "{{ openshift_aws_scale_group_basename }} {{ item.key }}" - launch_config_name: "{{ openshift_aws_launch_config_basename }}-{{ item.key }}-{{ l_epoch_time }}" + launch_config_name: "{{ openshift_aws_launch_config_basename }}-{{ item.key }}{{ '-' ~ openshift_aws_new_version if openshift_aws_new_version != '' else '' }}" health_check_period: "{{ item.value.health_check.period }}" health_check_type: "{{ item.value.health_check.type }}" min_size: "{{ item.value.min_size }}" diff --git a/roles/openshift_aws/tasks/setup_master_group.yml b/roles/openshift_aws/tasks/setup_master_group.yml index 166f3b938..05b68f460 100644 --- a/roles/openshift_aws/tasks/setup_master_group.yml +++ b/roles/openshift_aws/tasks/setup_master_group.yml @@ -21,7 +21,7 @@ - name: add new master to masters group add_host: - groups: "masters,etcd,nodes" + groups: "{{ openshift_aws_masters_groups }}" name: "{{ item.public_dns_name }}" hostname: "{{ openshift_aws_clusterid }}-master-{{ item.id[:-5] }}" with_items: "{{ instancesout.instances }}" diff --git a/roles/openshift_aws/tasks/setup_scale_group_facts.yml b/roles/openshift_aws/tasks/setup_scale_group_facts.yml new file mode 100644 index 000000000..d65fdc2de --- /dev/null +++ b/roles/openshift_aws/tasks/setup_scale_group_facts.yml @@ -0,0 +1,37 @@ +--- +- name: group scale group nodes + ec2_remote_facts: + region: "{{ openshift_aws_region }}" + filters: + "{{ {'tag:kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid }}}" + register: qinstances + +- name: Build new node group + add_host: + groups: oo_sg_new_nodes + ansible_ssh_host: "{{ item.public_dns_name }}" + name: "{{ item.public_dns_name }}" + hostname: "{{ item.public_dns_name }}" + when: + - (item.tags.version | default(False)) == openshift_aws_new_version + - "'node' in item.tags['host-type']" + with_items: "{{ qinstances.instances }}" + +- name: Build current node group + add_host: + groups: oo_sg_current_nodes + ansible_ssh_host: "{{ item.public_dns_name }}" + name: "{{ item.public_dns_name }}" + hostname: "{{ item.public_dns_name }}" + when: + - (item.tags.version | default('')) == openshift_aws_current_version + - "'node' in item.tags['host-type']" + with_items: "{{ qinstances.instances }}" + +- name: place all nodes into nodes group + add_host: + groups: nodes + ansible_ssh_host: "{{ item.public_dns_name }}" + name: "{{ item.public_dns_name }}" + hostname: "{{ item.public_dns_name }}" + with_items: "{{ qinstances.instances }}" diff --git a/roles/openshift_aws/tasks/upgrade_node_group.yml b/roles/openshift_aws/tasks/upgrade_node_group.yml new file mode 100644 index 000000000..d7851d887 --- /dev/null +++ b/roles/openshift_aws/tasks/upgrade_node_group.yml @@ -0,0 +1,16 @@ +--- +- fail: + msg: 'Please ensure the current_version and new_version variables are not the same.' + when: + - openshift_aws_current_version == openshift_aws_new_version + +- include: provision_nodes.yml + +- include: accept_nodes.yml + +- include: setup_scale_group_facts.yml + +- include: setup_master_group.yml + vars: + # we do not set etcd here as its limited to 1 or 3 + openshift_aws_masters_groups: masters,nodes diff --git a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml index aaf9b300f..1b754f863 100644 --- a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml +++ b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml @@ -6,13 +6,16 @@ 'tag:Name': "{{ openshift_aws_vpc_name }}" register: vpcout -- name: debug +- name: debug vcpout debug: var=vpcout - name: fetch the default subnet id ec2_vpc_subnet_facts: region: "{{ openshift_aws_region }}" filters: - "tag:Name": "{{ openshift_aws_subnet_name }}" + "availability_zone": "{{ openshift_aws_subnet_az }}" vpc-id: "{{ vpcout.vpcs[0].id }}" register: subnetout + +- name: debug subnetout + debug: var=subnetout diff --git a/roles/openshift_aws/tasks/wait_for_groups.yml b/roles/openshift_aws/tasks/wait_for_groups.yml new file mode 100644 index 000000000..9f1a68a2a --- /dev/null +++ b/roles/openshift_aws/tasks/wait_for_groups.yml @@ -0,0 +1,31 @@ +--- +# The idea here is to wait until all scale groups are at +# their desired capacity before continuing. +- name: fetch the scale groups + ec2_asg_facts: + region: "{{ openshift_aws_region }}" + tags: + "{{ {'kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid} }}" + register: qasg + until: qasg.results | scale_groups_match_capacity | bool + delay: 10 + retries: 60 + +- name: fetch newly created instances + ec2_remote_facts: + region: "{{ openshift_aws_region }}" + filters: + "{{ {'tag:kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid, + 'tag:version': openshift_aws_new_version} }}" + register: instancesout + until: instancesout.instances|length > 0 + delay: 5 + retries: 60 + +- name: wait for ssh to become available + wait_for: + port: 22 + host: "{{ item.public_ip_address }}" + timeout: 300 + search_regex: OpenSSH + with_items: "{{ instancesout.instances }}" diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 31f0f8e7a..05e0a1352 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -13,6 +13,7 @@ state: present when: not openshift.common.is_containerized | bool register: install_result + until: install_result | success delegate_to: "{{ openshift_ca_host }}" run_once: true diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 6aa15d568..7b046b2c4 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -8,6 +8,8 @@ - name: Install clients package: name={{ openshift.common.service_type }}-clients state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - block: - name: Pull CLI Image @@ -47,3 +49,5 @@ - name: Install bash completion for oc tools package: name=bash-completion state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success diff --git a/roles/openshift_clock/tasks/main.yaml b/roles/openshift_clock/tasks/main.yaml index f8b02524a..82c73b583 100644 --- a/roles/openshift_clock/tasks/main.yaml +++ b/roles/openshift_clock/tasks/main.yaml @@ -9,6 +9,8 @@ when: - openshift_clock_enabled | bool - chrony_installed.rc != 0 + register: result + until: result | success - name: Start and enable ntpd/chronyd command: timedatectl set-ntp true diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml index 7a5bebf6f..3ac55894f 100644 --- a/roles/openshift_excluder/tasks/install.yml +++ b/roles/openshift_excluder/tasks/install.yml @@ -13,6 +13,8 @@ when: - r_openshift_excluder_enable_docker_excluder | bool - ansible_pkg_mgr == "yum" + register: result + until: result | success # For DNF we do not need the "*" and if we add it, it causes an error because @@ -26,6 +28,8 @@ when: - r_openshift_excluder_enable_docker_excluder | bool - ansible_pkg_mgr == "dnf" + register: result + until: result | success - name: Install openshift excluder - yum package: @@ -34,6 +38,8 @@ when: - r_openshift_excluder_enable_openshift_excluder | bool - ansible_pkg_mgr == "yum" + register: result + until: result | success # For DNF we do not need the "*" and if we add it, it causes an error because # it's not a valid pkg_spec @@ -46,6 +52,8 @@ when: - r_openshift_excluder_enable_openshift_excluder | bool - ansible_pkg_mgr == "dnf" + register: result + until: result | success - set_fact: r_openshift_excluder_install_ran: True diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml index 4cb5418c6..b7acb0c5a 100644 --- a/roles/openshift_expand_partition/tasks/main.yml +++ b/roles/openshift_expand_partition/tasks/main.yml @@ -2,6 +2,8 @@ - name: Ensure growpart is installed package: name=cloud-utils-growpart state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Determine if growpart is installed command: "rpm -q cloud-utils-growpart" diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml index c87a327a4..79c5793d9 100644 --- a/roles/openshift_loadbalancer/tasks/main.yml +++ b/roles/openshift_loadbalancer/tasks/main.yml @@ -5,6 +5,8 @@ - name: Install haproxy package: name=haproxy state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Pull haproxy image command: > diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml index 6e3204589..d6ac88dcc 100644 --- a/roles/openshift_logging/tasks/generate_jks.yaml +++ b/roles/openshift_logging/tasks/generate_jks.yaml @@ -24,21 +24,25 @@ local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r" when: elasticsearch_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/logging-es.jks" state=touch mode="u=rw,g=r,o=r" when: logging_es_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/system.admin.jks" state=touch mode="u=rw,g=r,o=r" when: system_admin_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/truststore.jks" state=touch mode="u=rw,g=r,o=r" when: truststore_jks.stat.exists changed_when: False + become: no - name: pulling down signing items from host fetch: @@ -57,10 +61,12 @@ vars: - top_dir: "{{local_tmp.stdout}}" when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists + become: no - name: Run JKS generation script local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}} check_mode: no + become: no when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists - name: Pushing locally generated JKS certs to remote host... diff --git a/roles/openshift_management/tasks/add_container_provider.yml b/roles/openshift_management/tasks/add_container_provider.yml index 50a5252cc..24b2ce6ac 100644 --- a/roles/openshift_management/tasks/add_container_provider.yml +++ b/roles/openshift_management/tasks/add_container_provider.yml @@ -1,8 +1,4 @@ --- -- name: Ensure lib_openshift modules are available - include_role: - role: lib_openshift - - name: Ensure OpenShift facts module is available include_role: role: openshift_facts diff --git a/roles/openshift_master/tasks/bootstrap_settings.yml b/roles/openshift_master/tasks/bootstrap_settings.yml index cbd7f587b..10e0828eb 100644 --- a/roles/openshift_master/tasks/bootstrap_settings.yml +++ b/roles/openshift_master/tasks/bootstrap_settings.yml @@ -11,4 +11,5 @@ - /etc/origin/master/ca.key notify: - restart master controllers + - restart master api when: openshift_master_bootstrap_enabled | default(False) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index d570a1c7f..e52cd6231 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -39,6 +39,8 @@ state: present when: - not openshift.common.is_containerized | bool + register: result + until: result | success - name: Create r_openshift_master_data_dir file: @@ -88,6 +90,8 @@ - item.kind == 'HTPasswdPasswordIdentityProvider' - not openshift.common.is_atomic | bool with_items: "{{ openshift.master.identity_providers }}" + register: result + until: result | success - name: Ensure htpasswd directory exists file: @@ -306,6 +310,7 @@ - openshift.master.cluster_method == 'pacemaker' - not openshift.common.is_containerized | bool register: l_install_result + until: l_install_result | success - name: Start and enable cluster service systemd: diff --git a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml index f914a9978..caab3045a 100644 --- a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml +++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml @@ -18,3 +18,5 @@ - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}" - "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}" - "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" + register: result + until: result | success diff --git a/roles/openshift_nfs/tasks/setup.yml b/roles/openshift_nfs/tasks/setup.yml index 3070de495..edb854467 100644 --- a/roles/openshift_nfs/tasks/setup.yml +++ b/roles/openshift_nfs/tasks/setup.yml @@ -5,6 +5,8 @@ - name: Install nfs-utils package: name=nfs-utils state=present + register: result + until: result | success - name: Configure NFS lineinfile: diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml index ac43ef039..a042bc01b 100644 --- a/roles/openshift_node/tasks/bootstrap.yml +++ b/roles/openshift_node/tasks/bootstrap.yml @@ -4,6 +4,8 @@ name: "{{ item }}" state: present with_items: "{{ r_openshift_node_image_prep_packages }}" + register: result + until: result | success - name: create the directory for node file: diff --git a/roles/openshift_node/tasks/dnsmasq.yml b/roles/openshift_node/tasks/dnsmasq.yml index 22bdce6c6..f210a3a21 100644 --- a/roles/openshift_node/tasks/dnsmasq.yml +++ b/roles/openshift_node/tasks/dnsmasq.yml @@ -13,6 +13,8 @@ - name: Install dnsmasq package: name=dnsmasq state=installed when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: ensure origin/node directory exists file: diff --git a/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml index dede2fb8f..541c8115a 100644 --- a/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml +++ b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml @@ -7,5 +7,7 @@ name: NetworkManager state: present notify: restart NetworkManager + register: result + until: result | success - include_tasks: network-manager.yml diff --git a/roles/openshift_node/tasks/docker/upgrade.yml b/roles/openshift_node/tasks/docker/upgrade.yml index ebe87d6fd..d743d2188 100644 --- a/roles/openshift_node/tasks/docker/upgrade.yml +++ b/roles/openshift_node/tasks/docker/upgrade.yml @@ -36,5 +36,7 @@ - name: Upgrade Docker package: name=docker{{ '-' + docker_version }} state=present + register: result + until: result | success # starting docker happens back in ../main.yml where it calls ../restart.yml diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml index 9a91e2fb6..1ed4a05c1 100644 --- a/roles/openshift_node/tasks/install.yml +++ b/roles/openshift_node/tasks/install.yml @@ -5,6 +5,8 @@ package: name: "{{ openshift.common.service_type }}-node{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" state: present + register: result + until: result | success - name: Install sdn-ovs package package: @@ -12,11 +14,15 @@ state: present when: - openshift_node_use_openshift_sdn | bool + register: result + until: result | success - name: Install conntrack-tools package package: name: "conntrack-tools" state: present + register: result + until: result | success - when: - openshift.common.is_containerized | bool diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml index 037efe81a..72a3b837f 100644 --- a/roles/openshift_node/tasks/storage_plugins/ceph.yml +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -2,3 +2,5 @@ - name: Install Ceph storage plugin dependencies package: name=ceph-common state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index 1b8a7ad50..08ea71a0c 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -2,6 +2,8 @@ - name: Install GlusterFS storage plugin dependencies package: name=glusterfs-fuse state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check for existence of fusefs sebooleans command: getsebool {{ item }} diff --git a/roles/openshift_node/tasks/storage_plugins/iscsi.yml b/roles/openshift_node/tasks/storage_plugins/iscsi.yml index 1c5478c55..ece68dc71 100644 --- a/roles/openshift_node/tasks/storage_plugins/iscsi.yml +++ b/roles/openshift_node/tasks/storage_plugins/iscsi.yml @@ -2,3 +2,5 @@ - name: Install iSCSI storage plugin dependencies package: name=iscsi-initiator-utils state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 7e1035893..5eacf42e8 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -2,6 +2,8 @@ - name: Install NFS storage plugin dependencies package: name=nfs-utils state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check for existence of nfs sebooleans command: getsebool {{ item }} diff --git a/roles/openshift_node/tasks/upgrade.yml b/roles/openshift_node/tasks/upgrade.yml index ff3478800..561b56918 100644 --- a/roles/openshift_node/tasks/upgrade.yml +++ b/roles/openshift_node/tasks/upgrade.yml @@ -107,6 +107,8 @@ name: openvswitch state: latest when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Update oreg value yedit: diff --git a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml index a998acf21..fcbe1a598 100644 --- a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml @@ -8,10 +8,14 @@ # We verified latest rpm available is suitable, so just yum update. - name: Upgrade packages package: "name={{ openshift.common.service_type }}-{{ component }}{{ openshift_pkg_version }} state=present" + register: result + until: result | success - name: Ensure python-yaml present for config upgrade package: name=PyYAML state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Install Node service file template: diff --git a/roles/openshift_node_group/tasks/create_config.yml b/roles/openshift_node_group/tasks/create_config.yml index 02ec30a62..8b3218e7b 100644 --- a/roles/openshift_node_group/tasks/create_config.yml +++ b/roles/openshift_node_group/tasks/create_config.yml @@ -9,6 +9,7 @@ - name: debug node config debug: var=configout + run_once: true - when: - configout.results.results.0 == {} or (configout.results.results.0 != {} and openshift_node_group_edits|length > 0) @@ -24,6 +25,7 @@ dest: "{{ mktempout.stdout }}/node-config.yaml" when: - configout.results.results.0 == {} + run_once: true - name: lay down the config from the existing configmap copy: @@ -31,6 +33,7 @@ dest: "{{ mktempout.stdout }}/node-config.yaml" when: - configout.results.results.0 != {} + run_once: true - name: "specialize the generated configs for {{ openshift_node_group_name }}" yedit: @@ -42,6 +45,7 @@ run_once: true - debug: var=yeditout + run_once: true - name: create node-config.yaml configmap oc_configmap: diff --git a/roles/openshift_openstack/tasks/node-packages.yml b/roles/openshift_openstack/tasks/node-packages.yml index 7864f5269..e41104af1 100644 --- a/roles/openshift_openstack/tasks/node-packages.yml +++ b/roles/openshift_openstack/tasks/node-packages.yml @@ -6,6 +6,8 @@ name: "{{ item }}" state: latest with_items: "{{ openshift_openstack_required_packages }}" + register: result + until: result | success - name: Install debug packages (optional) yum: @@ -13,3 +15,5 @@ state: latest with_items: "{{ openshift_openstack_debug_packages }}" when: openshift_openstack_install_debug_packages|bool + register: result + until: result | success diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 552a22a0f..5e7bde1e1 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -9,6 +9,8 @@ # TODO: This needs to be removed and placed into a role - name: Ensure libselinux-python is installed package: name=libselinux-python state=present + register: result + until: result | success - name: Remove openshift_additional.repo file file: diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index 2a678af57..4b33e91b4 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -4,6 +4,8 @@ when: - not openshift.common.is_atomic | bool - not glusterfs_heketi_is_native | bool + register: result + until: result | success - name: Verify heketi-cli is installed shell: "command -v {{ glusterfs_heketi_cli }} >/dev/null 2>&1 || { echo >&2 'ERROR: Make sure heketi-cli is available, then re-run the installer'; exit 1; }" diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml index b8fd7979f..71c1311cd 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml @@ -44,6 +44,6 @@ glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_heketi_ssh_sudo | bool }}" glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_heketi_ssh_keyfile }}" glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_heketi_fstab }}" - glusterfs_nodes: "{{ groups.glusterfs | default([]]) }}" + glusterfs_nodes: "{{ groups.glusterfs | default([]) }}" - include: glusterfs_common.yml diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index 24264fa43..c25cad74c 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -4,6 +4,8 @@ - name: Install nfs-utils package: name=nfs-utils state=present + register: result + until: result | success - name: Configure NFS lineinfile: diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml index 03f4fcec0..bee786a90 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml @@ -2,6 +2,8 @@ - name: Install NFS server package: name=nfs-utils state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Start rpcbind systemd: diff --git a/roles/os_firewall/tasks/firewalld.yml b/roles/os_firewall/tasks/firewalld.yml index 54430f402..1e27ebaf9 100644 --- a/roles/os_firewall/tasks/firewalld.yml +++ b/roles/os_firewall/tasks/firewalld.yml @@ -8,6 +8,8 @@ package: name: firewalld state: present + register: result + until: result | success - name: Ensure iptables services are not enabled systemd: diff --git a/roles/os_firewall/tasks/iptables.yml b/roles/os_firewall/tasks/iptables.yml index 2d74f2e48..a7c13e487 100644 --- a/roles/os_firewall/tasks/iptables.yml +++ b/roles/os_firewall/tasks/iptables.yml @@ -22,6 +22,8 @@ - iptables - iptables-services when: not r_os_firewall_is_atomic | bool + register: result + until: result | success - name: Start and enable iptables service systemd: diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml index 6b5fd0106..60d665587 100644 --- a/roles/os_update_latest/tasks/main.yml +++ b/roles/os_update_latest/tasks/main.yml @@ -1,3 +1,5 @@ --- - name: Update all packages package: name=* state=latest + register: result + until: result | success diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml index b06f51908..9ca49b569 100644 --- a/roles/rhel_subscribe/tasks/main.yml +++ b/roles/rhel_subscribe/tasks/main.yml @@ -36,6 +36,8 @@ yum: name: subscription-manager state: present + register: result + until: result | success - name: RedHat subscriptions redhat_subscription: |