diff options
77 files changed, 610 insertions, 1437 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 3c19ccf9c..608b430ce 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.7.0-0.144.0 ./ +3.7.0-0.147.0 ./ diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.example index 363cfd2a7..0b6050891 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.example @@ -27,7 +27,8 @@ ansible_ssh_user=root debug_level=2 # Specify the deployment type. Valid values are origin and openshift-enterprise. -openshift_deployment_type=openshift-enterprise +openshift_deployment_type=origin +#openshift_deployment_type=openshift-enterprise # Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we # rely on the version running on the first master. Works best for containerized installs where we can usually @@ -58,6 +59,8 @@ openshift_release=v3.7 #openshift_use_etcd_system_container=False # # In either case, system_images_registry must be specified to be able to find the system images +#system_images_registry="docker.io" +# when openshift_deployment_type=='openshift-enterprise' #system_images_registry="registry.access.redhat.com" # Manage openshift example imagestreams and templates during install and upgrade @@ -124,15 +127,15 @@ openshift_release=v3.7 # Default value: "--log-driver=journald" #openshift_docker_options="-l warn --ipv6=false" +# Specify exact version of Docker to configure or upgrade to. +# Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10. +# docker_version="1.12.1" + # Specify whether to run Docker daemon with SELinux enabled in containers. Default is True. # Uncomment below to disable; for example if your kernel does not support the # Docker overlay/overlay2 storage drivers with SELinux enabled. #openshift_docker_selinux_enabled=False -# Specify exact version of Docker to configure or upgrade to. -# Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10. -# docker_version="1.12.1" - # Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone. # docker_upgrade=False @@ -179,7 +182,7 @@ openshift_release=v3.7 #oreg_auth_credentials_replace: True # OpenShift repository configuration -#openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://example.com/puddle/build/AtomicOpenShift/3.1/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}] +#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}] #openshift_repos_enable_testing=false # htpasswd auth @@ -237,9 +240,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # CloudForms Management Engine (ManageIQ) App Install # # Enables installation of MIQ server. Recommended for dedicated -# clusters only. See roles/openshift_cfme/README.md for instructions +# clusters only. See roles/openshift_management/README.md for instructions # and requirements. -#openshift_cfme_install_app=False +#openshift_management_install_management=False # Cloud Provider Configuration # @@ -346,7 +349,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. -#osn_storage_plugin_deps=['ceph','glusterfs'] +#osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] # OpenShift Router Options # @@ -461,7 +464,6 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_registry_storage_volume_size=10Gi # # AWS S3 -# # S3 bucket must already exist. #openshift_hosted_registry_storage_kind=object #openshift_hosted_registry_storage_provider=s3 @@ -549,8 +551,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # `/hawkular/metrics` path will break installation of metrics. #openshift_metrics_hawkular_hostname=hawkular-metrics.example.com # Configure the prefix and version for the component images -#openshift_metrics_image_prefix=registry.example.com:8888/openshift3/ -#openshift_metrics_image_version=3.7.0 +#openshift_metrics_image_prefix=docker.io/openshift/origin- +#openshift_metrics_image_version=v3.7 +# when openshift_deployment_type=='openshift-enterprise' +#openshift_metrics_image_prefix=registry.access.redhat.com/openshift3/ +#openshift_metrics_image_version=v3.7 # # StorageClass # openshift_storageclass_name=gp2 @@ -604,7 +609,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # this value must be 1 #openshift_logging_es_cluster_size=1 # Configure the prefix and version for the component images -#openshift_logging_image_prefix=registry.example.com:8888/openshift3/ +#openshift_logging_image_prefix=docker.io/openshift/origin- +#openshift_logging_image_version=v3.7.0 +# when openshift_deployment_type=='openshift-enterprise' +#openshift_logging_image_prefix=registry.access.redhat.com/openshift3/ #openshift_logging_image_version=3.7.0 # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') @@ -662,8 +670,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_master_api_port=8443 #openshift_master_console_port=8443 -# set RPM version for debugging purposes -#openshift_pkg_version=-3.1.0.0 +# set exact RPM version (include - prefix) +#openshift_pkg_version=-3.6.0 +# you may also specify version and release, ie: +#openshift_pkg_version=-3.7.0-0.126.0.git.0.9351aae.el7 # Configure custom ca certificate #openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'} @@ -675,6 +685,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure custom named certificates (SNI certificates) # +# https://docs.openshift.org/latest/install_config/certificate_customization.html # https://docs.openshift.com/enterprise/latest/install_config/certificate_customization.html # # NOTE: openshift_master_named_certificates is cached on masters and is an @@ -739,6 +750,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # openshift_use_dnsmasq is deprecated. This must be true, or installs will fail # in versions >= 3.6 #openshift_use_dnsmasq=False + # Define an additional dnsmasq.conf file to deploy to /etc/dnsmasq.d/openshift-ansible.conf # This is useful for POC environments where DNS may not actually be available yet or to set # options like 'strict-order' to alter dnsmasq configuration. @@ -821,7 +833,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} #openshift_node_env_vars={"ENABLE_HTTP2": "true"} -# Enable API service auditing, available as of 3.2 +# Enable API service auditing #openshift_master_audit_config={"enabled": true} # # In case you want more advanced setup for the auditlog you can @@ -830,6 +842,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # exist #openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5} +# Enable origin repos that point at Centos PAAS SIG, defaults to true, only used +# by deployment_type=origin +#openshift_enable_origin_repo=false + # Validity of the auto-generated OpenShift certificates in days. # See also openshift_hosted_registry_cert_expire_days above. # @@ -878,9 +894,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # You may wish to disable these or make them non fatal # # openshift_upgrade_pre_storage_migration_enabled=true -# openshift_upgrade_pre_storage_migration_fatal==true +# openshift_upgrade_pre_storage_migration_fatal=true # openshift_upgrade_post_storage_migration_enabled=true -# openshift_upgrade_post_storage_migration_fatal==false +# openshift_upgrade_post_storage_migration_fatal=false # host group for masters [masters] @@ -904,31 +920,31 @@ ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'prima # CloudForms/ManageIQ (CFME/MIQ) Configuration # See the readme for full descriptions and getting started -# instructions: ../../roles/openshift_cfme/README.md or go directly to -# their definitions: ../../roles/openshift_cfme/defaults/main.yml -# ../../roles/openshift_cfme/vars/main.yml +# instructions: ../../roles/openshift_management/README.md or go directly to +# their definitions: ../../roles/openshift_management/defaults/main.yml +# ../../roles/openshift_management/vars/main.yml # # Namespace for the CFME project -#openshift_cfme_project: openshift-cfme +#openshift_management_project: openshift-management # Namespace/project description -#openshift_cfme_project_description: CloudForms Management Engine +#openshift_management_project_description: CloudForms Management Engine # Choose 'miq-template' for a podified database install # Choose 'miq-template-ext-db' for an external database install # # If you are using the miq-template-ext-db template then you must add # the required database parameters to the -# openshift_cfme_template_parameters variable. -#openshift_cfme_app_template: miq-template +# openshift_management_template_parameters variable. +#openshift_management_app_template: miq-template # Allowed options: nfs, nfs_external, preconfigured, cloudprovider. -#openshift_cfme_storage_class: nfs +#openshift_management_storage_class: nfs # [OPTIONAL] - If you are using an EXTERNAL NFS server, such as a # netapp appliance, then you must set the hostname here. Leave the # value as 'false' if you are not using external NFS. -#openshift_cfme_storage_nfs_external_hostname: false +#openshift_management_storage_nfs_external_hostname: false # [OPTIONAL] - If you are using external NFS then you must set the base # path to the exports location here. @@ -936,19 +952,19 @@ ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'prima # Additionally: EXTERNAL NFS REQUIRES that YOU CREATE the nfs exports # that will back the application PV and optionally the database # pv. Export path definitions, relative to -# {{ openshift_cfme_storage_nfs_base_dir }} +# {{ openshift_management_storage_nfs_base_dir }} # # LOCAL NFS NOTE: # # You may may also change this value if you want to change the default # path used for local NFS exports. -#openshift_cfme_storage_nfs_base_dir: /exports +#openshift_management_storage_nfs_base_dir: /exports # LOCAL NFS NOTE: # # You may override the automatically selected LOCAL NFS server by # setting this variable. Useful for testing specific task files. -#openshift_cfme_storage_nfs_local_hostname: false +#openshift_management_storage_nfs_local_hostname: false # A hash of parameters you want to override or set in the # miq-template.yaml or miq-template-ext-db.yaml templates. Set this in @@ -956,5 +972,5 @@ ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'prima # under the .parameters list in files/miq-template{-ext-db}.yaml # Example: # -# openshift_cfme_template_parameters={'APPLICATION_MEM_REQ': '512Mi'} -#openshift_cfme_template_parameters: {} +# openshift_management_template_parameters={'APPLICATION_MEM_REQ': '512Mi'} +#openshift_management_template_parameters: {} diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example deleted file mode 100644 index 97d1c3e80..000000000 --- a/inventory/byo/hosts.origin.example +++ /dev/null @@ -1,956 +0,0 @@ -# This is an example of a bring your own (byo) host inventory - -# Create an OSEv3 group that contains the masters and nodes groups -[OSEv3:children] -masters -nodes -etcd -lb -nfs - -# Set variables common for all OSEv3 hosts -[OSEv3:vars] -# Enable unsupported configurations, things that will yield a partially -# functioning cluster but would not be supported for production use -#openshift_enable_unsupported_configurations=false - -# SSH user, this user should allow ssh based auth without requiring a -# password. If using ssh key based auth, then the key should be managed by an -# ssh agent. -ansible_ssh_user=root - -# If ansible_ssh_user is not root, ansible_become must be set to true and the -# user must be configured for passwordless sudo -#ansible_become=yes - -# Debug level for all OpenShift components (Defaults to 2) -debug_level=2 - -# Specify the deployment type. Valid values are origin and openshift-enterprise. -openshift_deployment_type=origin - -# Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we -# rely on the version running on the first master. Works best for containerized installs where we can usually -# use this to lookup the latest exact version of the container images, which is the tag actually used to configure -# the cluster. For RPM installations we just verify the version detected in your configured repos matches this -# release. -openshift_release=v3.7 - -# Specify an exact container image tag to install or configure. -# WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed. -# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_image_tag=v3.7.0 - -# Specify an exact rpm version to install or configure. -# WARNING: This value will be used for all hosts in RPM based environments, even those that have another version installed. -# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_pkg_version=-3.7.0 - -# This enables all the system containers except for docker: -#openshift_use_system_containers=False -# -# But you can choose separately each component that must be a -# system container: -# -#openshift_use_openvswitch_system_container=False -#openshift_use_node_system_container=False -#openshift_use_master_system_container=False -#openshift_use_etcd_system_container=False -# -# In either case, system_images_registry must be specified to be able to find the system images -#system_images_registry="docker.io" - -# Install the openshift examples -#openshift_install_examples=true - -# Configure logoutURL in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#changing-the-logout-url -#openshift_master_logout_url=http://example.com - -# Configure extensionScripts in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets -#openshift_master_extension_scripts=['/path/to/script1.js','/path/to/script2.js'] - -# Configure extensionStylesheets in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets -#openshift_master_extension_stylesheets=['/path/to/stylesheet1.css','/path/to/stylesheet2.css'] - -# Configure extensions in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files -#openshift_master_extensions=[{'name': 'images', 'sourceDirectory': '/path/to/my_images'}] - -# Configure extensions in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files -#openshift_master_oauth_template=/path/to/login-template.html - -# Configure imagePolicyConfig in the master config -# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig -#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true} - -# Configure master API rate limits for external clients -#openshift_master_external_ratelimit_qps=200 -#openshift_master_external_ratelimit_burst=400 -# Configure master API rate limits for loopback clients -#openshift_master_loopback_ratelimit_qps=300 -#openshift_master_loopback_ratelimit_burst=600 - -# Docker Configuration -# Add additional, insecure, and blocked registries to global docker configuration -# For enterprise deployment types we ensure that registry.access.redhat.com is -# included if you do not include it -#openshift_docker_additional_registries=registry.example.com -#openshift_docker_insecure_registries=registry.example.com -#openshift_docker_blocked_registries=registry.hacker.com -# Disable pushing to dockerhub -#openshift_docker_disable_push_dockerhub=True -# Use Docker inside a System Container. Note that this is a tech preview and should -# not be used to upgrade! -# The following options for docker are ignored: -# - docker_version -# - docker_upgrade -# The following options must not be used -# - openshift_docker_options -#openshift_docker_use_system_container=False -# Instead of using docker, replacec it with cri-o -# NOTE: This uses openshift_docker_systemcontainer_image_registry_override as it's override -# just as container-engine does. -#openshift_use_crio=False -# Force the registry to use for the docker/crio system container. By default the registry -# will be built off of the deployment type and ansible_distribution. Only -# use this option if you are sure you know what you are doing! -#openshift_docker_systemcontainer_image_override="registry.example.com/container-engine:latest" -#openshift_crio_systemcontainer_image_override="registry.example.com/cri-o:latest" -# Items added, as is, to end of /etc/sysconfig/docker OPTIONS -# Default value: "--log-driver=journald" -#openshift_docker_options="-l warn --ipv6=false" - -# Specify exact version of Docker to configure or upgrade to. -# Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10. -# docker_version="1.12.1" - -# Specify whether to run Docker daemon with SELinux enabled in containers. Default is True. -# Uncomment below to disable; for example if your kernel does not support the -# Docker overlay/overlay2 storage drivers with SELinux enabled. -#openshift_docker_selinux_enabled=False - -# Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone. -# docker_upgrade=False - -# Specify exact version of etcd to configure or upgrade to. -# etcd_version="3.1.0" -# Enable etcd debug logging, defaults to false -# etcd_debug=true -# Set etcd log levels by package -# etcd_log_package_levels="etcdserver=WARNING,security=DEBUG" - -# Upgrade Hooks -# -# Hooks are available to run custom tasks at various points during a cluster -# upgrade. Each hook should point to a file with Ansible tasks defined. Suggest using -# absolute paths, if not the path will be treated as relative to the file where the -# hook is actually used. -# -# Tasks to run before each master is upgraded. -# openshift_master_upgrade_pre_hook=/usr/share/custom/pre_master.yml -# -# Tasks to run to upgrade the master. These tasks run after the main openshift-ansible -# upgrade steps, but before we restart system/services. -# openshift_master_upgrade_hook=/usr/share/custom/master.yml -# -# Tasks to run after each master is upgraded and system/services have been restarted. -# openshift_master_upgrade_post_hook=/usr/share/custom/post_master.yml - - -# Alternate image format string, useful if you've got your own registry mirror -# Configure this setting just on node or master -#oreg_url_master=example.com/openshift3/ose-${component}:${version} -#oreg_url_node=example.com/openshift3/ose-${component}:${version} -# For setting the configuration globally -#oreg_url=example.com/openshift3/ose-${component}:${version} -# If oreg_url points to a registry other than registry.access.redhat.com we can -# modify image streams to point at that registry by setting the following to true -#openshift_examples_modify_imagestreams=true - -# OpenShift repository configuration -#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}] -#openshift_repos_enable_testing=false - -# htpasswd auth -openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] -# Defining htpasswd users -#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'} -# or -#openshift_master_htpasswd_file=<path to local pre-generated htpasswd file> - -# Allow all auth -#openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] - -# LDAP auth -#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': 'my-ldap-ca.crt', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] -# -# Configure LDAP CA certificate -# Specify either the ASCII contents of the certificate or the path to -# the local file that will be copied to the remote host. CA -# certificate contents will be copied to master systems and saved -# within /etc/origin/master/ with a filename matching the "ca" key set -# within the LDAPPasswordIdentityProvider. -# -#openshift_master_ldap_ca=<ca text> -# or -#openshift_master_ldap_ca_file=<path to local ca file to use> - -# OpenID auth -#openshift_master_identity_providers=[{"name": "openid_auth", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "my_client_id", "client_secret": "my_client_secret", "claims": {"id": ["sub"], "preferredUsername": ["preferred_username"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://myidp.example.com/oauth2/authorize", "token": "https://myidp.example.com/oauth2/token"}, "ca": "my-openid-ca-bundle.crt"}] -# -# Configure OpenID CA certificate -# Specify either the ASCII contents of the certificate or the path to -# the local file that will be copied to the remote host. CA -# certificate contents will be copied to master systems and saved -# within /etc/origin/master/ with a filename matching the "ca" key set -# within the OpenIDIdentityProvider. -# -#openshift_master_openid_ca=<ca text> -# or -#openshift_master_openid_ca_file=<path to local ca file to use> - -# Request header auth -#openshift_master_identity_providers=[{"name": "my_request_header_provider", "challenge": "true", "login": "true", "kind": "RequestHeaderIdentityProvider", "challengeURL": "https://www.example.com/challenging-proxy/oauth/authorize?${query}", "loginURL": "https://www.example.com/login-proxy/oauth/authorize?${query}", "clientCA": "my-request-header-ca.crt", "clientCommonNames": ["my-auth-proxy"], "headers": ["X-Remote-User", "SSO-User"], "emailHeaders": ["X-Remote-User-Email"], "nameHeaders": ["X-Remote-User-Display-Name"], "preferredUsernameHeaders": ["X-Remote-User-Login"]}] -# -# Configure request header CA certificate -# Specify either the ASCII contents of the certificate or the path to -# the local file that will be copied to the remote host. CA -# certificate contents will be copied to master systems and saved -# within /etc/origin/master/ with a filename matching the "clientCA" -# key set within the RequestHeaderIdentityProvider. -# -#openshift_master_request_header_ca=<ca text> -# or -#openshift_master_request_header_ca_file=<path to local ca file to use> - -# CloudForms Management Engine (ManageIQ) App Install -# -# Enables installation of MIQ server. Recommended for dedicated -# clusters only. See roles/openshift_cfme/README.md for instructions -# and requirements. -#openshift_cfme_install_app=False - -# Cloud Provider Configuration -# -# Note: You may make use of environment variables rather than store -# sensitive configuration within the ansible inventory. -# For example: -#openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}" -#openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}" -# -# AWS -#openshift_cloudprovider_kind=aws -# Note: IAM profiles may be used instead of storing API credentials on disk. -#openshift_cloudprovider_aws_access_key=aws_access_key_id -#openshift_cloudprovider_aws_secret_key=aws_secret_access_key -# -# Openstack -#openshift_cloudprovider_kind=openstack -#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/ -#openshift_cloudprovider_openstack_username=username -#openshift_cloudprovider_openstack_password=password -#openshift_cloudprovider_openstack_domain_id=domain_id -#openshift_cloudprovider_openstack_domain_name=domain_name -#openshift_cloudprovider_openstack_tenant_id=tenant_id -#openshift_cloudprovider_openstack_tenant_name=tenant_name -#openshift_cloudprovider_openstack_region=region -#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id -# -# GCE -#openshift_cloudprovider_kind=gce - -# Project Configuration -#osm_project_request_message='' -#osm_project_request_template='' -#osm_mcs_allocator_range='s0:/2' -#osm_mcs_labels_per_project=5 -#osm_uid_allocator_range='1000000000-1999999999/10000' - -# Configure additional projects -#openshift_additional_projects={'my-project': {'default_node_selector': 'label=value'}} - -# Enable cockpit -#osm_use_cockpit=true -# -# Set cockpit plugins -#osm_cockpit_plugins=['cockpit-kubernetes'] - -# Native high availability cluster method with optional load balancer. -# If no lb group is defined, the installer assumes that a load balancer has -# been preconfigured. For installation the value of -# openshift_master_cluster_hostname must resolve to the load balancer -# or to one or all of the masters defined in the inventory if no load -# balancer is present. -#openshift_master_cluster_method=native -#openshift_master_cluster_hostname=openshift-ansible.test.example.com -#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com - -# Pacemaker high availability cluster method. -# Pacemaker HA environment must be able to self provision the -# configured VIP. For installation openshift_master_cluster_hostname -# must resolve to the configured VIP. -#openshift_master_cluster_method=pacemaker -#openshift_master_cluster_password=openshift_cluster -#openshift_master_cluster_vip=192.168.133.25 -#openshift_master_cluster_public_vip=192.168.133.25 -#openshift_master_cluster_hostname=openshift-ansible.test.example.com -#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com - -# Override the default controller lease ttl -#osm_controller_lease_ttl=30 - -# Configure controller arguments -#osm_controller_args={'resource-quota-sync-period': ['10s']} - -# Configure api server arguments -#osm_api_server_args={'max-requests-inflight': ['400']} - -# default subdomain to use for exposed routes -#openshift_master_default_subdomain=apps.test.example.com - -# additional cors origins -#osm_custom_cors_origins=['foo.example.com', 'bar.example.com'] - -# default project node selector -#osm_default_node_selector='region=primary' - -# Override the default pod eviction timeout -#openshift_master_pod_eviction_timeout=5m - -# Override the default oauth tokenConfig settings: -# openshift_master_access_token_max_seconds=86400 -# openshift_master_auth_token_max_seconds=500 - -# Override master servingInfo.maxRequestsInFlight -#openshift_master_max_requests_inflight=500 - -# Override master and node servingInfo.minTLSVersion and .cipherSuites -# valid TLS versions are VersionTLS10, VersionTLS11, VersionTLS12 -# example cipher suites override, valid cipher suites are https://golang.org/pkg/crypto/tls/#pkg-constants -#openshift_master_min_tls_version=VersionTLS12 -#openshift_master_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...'] -# -#openshift_node_min_tls_version=VersionTLS12 -#openshift_node_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...'] - -# default storage plugin dependencies to install, by default the ceph and -# glusterfs plugin dependencies will be installed, if available. -#osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] - -# OpenShift Router Options -# -# An OpenShift router will be created during install if there are -# nodes present with labels matching the default router selector, -# "region=infra". Set openshift_node_labels per node as needed in -# order to label nodes. -# -# Example: -# [nodes] -# node.example.com openshift_node_labels="{'region': 'infra'}" -# -# Router selector (optional) -# Router will only be created if nodes matching this label are present. -# Default value: 'region=infra' -#openshift_hosted_router_selector='region=infra' -# -# Router replicas (optional) -# Unless specified, openshift-ansible will calculate the replica count -# based on the number of nodes matching the openshift router selector. -#openshift_hosted_router_replicas=2 -# -# Router force subdomain (optional) -# A router path format to force on all routes used by this router -# (will ignore the route host value) -#openshift_hosted_router_force_subdomain='${name}-${namespace}.apps.example.com' -# -# Router certificate (optional) -# Provide local certificate paths which will be configured as the -# router's default certificate. -#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} -# -# Manage the OpenShift Router -#openshift_hosted_manage_router=true -# -# Router sharding support has been added and can be achieved by supplying the correct -# data to the inventory. The variable to house the data is openshift_hosted_routers -# and is in the form of a list. If no data is passed then a default router will be -# created. There are multiple combinations of router sharding. The one described -# below supports routers on separate nodes. -# -#openshift_hosted_routers=[{'name': 'router1', 'certificate': {'certfile': '/path/to/certificate/abc.crt', 'keyfile': '/path/to/certificate/abc.key', 'cafile': '/path/to/certificate/ca.crt'}, 'replicas': 1, 'serviceaccount': 'router', 'namespace': 'default', 'stats_port': 1936, 'edits': [], 'images': 'openshift3/ose-${component}:${version}', 'selector': 'type=router1', 'ports': ['80:80', '443:443']}, {'name': 'router2', 'certificate': {'certfile': '/path/to/certificate/xyz.crt', 'keyfile': '/path/to/certificate/xyz.key', 'cafile': '/path/to/certificate/ca.crt'}, 'replicas': 1, 'serviceaccount': 'router', 'namespace': 'default', 'stats_port': 1936, 'edits': [{'action': 'append', 'key': 'spec.template.spec.containers[0].env', 'value': {'name': 'ROUTE_LABELS', 'value': 'route=external'}}], 'images': 'openshift3/ose-${component}:${version}', 'selector': 'type=router2', 'ports': ['80:80', '443:443']}] - -# OpenShift Registry Console Options -# Override the console image prefix for enterprise deployments, not used in origin -# default is "registry.access.redhat.com/openshift3/" and the image appended is "registry-console" -#openshift_cockpit_deployer_prefix=registry.example.com/myrepo/ -# Override image version, defaults to latest for origin, matches the product version for enterprise -#openshift_cockpit_deployer_version=1.4.1 - -# Openshift Registry Options -# -# An OpenShift registry will be created during install if there are -# nodes present with labels matching the default registry selector, -# "region=infra". Set openshift_node_labels per node as needed in -# order to label nodes. -# -# Example: -# [nodes] -# node.example.com openshift_node_labels="{'region': 'infra'}" -# -# Registry selector (optional) -# Registry will only be created if nodes matching this label are present. -# Default value: 'region=infra' -#openshift_hosted_registry_selector='region=infra' -# -# Registry replicas (optional) -# Unless specified, openshift-ansible will calculate the replica count -# based on the number of nodes matching the openshift registry selector. -#openshift_hosted_registry_replicas=2 -# -# Validity of the auto-generated certificate in days (optional) -#openshift_hosted_registry_cert_expire_days=730 -# -# Manage the OpenShift Registry -#openshift_hosted_manage_registry=true - -# Registry Storage Options -# -# NFS Host Group -# An NFS volume will be created with path "nfs_directory/volume_name" -# on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/registry" -#openshift_hosted_registry_storage_kind=nfs -#openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] -# nfs_directory must conform to DNS-1123 subdomain must consist of lower case -# alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character -#openshift_hosted_registry_storage_nfs_directory=/exports -#openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)' -#openshift_hosted_registry_storage_volume_name=registry -#openshift_hosted_registry_storage_volume_size=10Gi -# -# External NFS Host -# NFS volume must already exist with path "nfs_directory/_volume_name" on -# the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/registry" -#openshift_hosted_registry_storage_kind=nfs -#openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] -#openshift_hosted_registry_storage_host=nfs.example.com -# nfs_directory must conform to DNS-1123 subdomain must consist of lower case -# alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character -#openshift_hosted_registry_storage_nfs_directory=/exports -#openshift_hosted_registry_storage_volume_name=registry -#openshift_hosted_registry_storage_volume_size=10Gi -# -# Openstack -# Volume must already exist. -#openshift_hosted_registry_storage_kind=openstack -#openshift_hosted_registry_storage_access_modes=['ReadWriteOnce'] -#openshift_hosted_registry_storage_openstack_filesystem=ext4 -#openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57 -#openshift_hosted_registry_storage_volume_size=10Gi -# -# AWS S3 -# S3 bucket must already exist. -#openshift_hosted_registry_storage_kind=object -#openshift_hosted_registry_storage_provider=s3 -#openshift_hosted_registry_storage_s3_encrypt=false -#openshift_hosted_registry_storage_s3_kmskeyid=aws_kms_key_id -#openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id -#openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key -#openshift_hosted_registry_storage_s3_bucket=bucket_name -#openshift_hosted_registry_storage_s3_region=bucket_region -#openshift_hosted_registry_storage_s3_chunksize=26214400 -#openshift_hosted_registry_storage_s3_rootdirectory=/registry -#openshift_hosted_registry_pullthrough=true -#openshift_hosted_registry_acceptschema2=true -#openshift_hosted_registry_enforcequota=true -# -# Any S3 service (Minio, ExoScale, ...): Basically the same as above -# but with regionendpoint configured -# S3 bucket must already exist. -#openshift_hosted_registry_storage_kind=object -#openshift_hosted_registry_storage_provider=s3 -#openshift_hosted_registry_storage_s3_accesskey=access_key_id -#openshift_hosted_registry_storage_s3_secretkey=secret_access_key -#openshift_hosted_registry_storage_s3_regionendpoint=https://myendpoint.example.com/ -#openshift_hosted_registry_storage_s3_bucket=bucket_name -#openshift_hosted_registry_storage_s3_region=bucket_region -#openshift_hosted_registry_storage_s3_chunksize=26214400 -#openshift_hosted_registry_storage_s3_rootdirectory=/registry -#openshift_hosted_registry_pullthrough=true -#openshift_hosted_registry_acceptschema2=true -#openshift_hosted_registry_enforcequota=true -# -# Additional CloudFront Options. When using CloudFront all three -# of the followingg variables must be defined. -#openshift_hosted_registry_storage_s3_cloudfront_baseurl=https://myendpoint.cloudfront.net/ -#openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile=/full/path/to/secret.pem -#openshift_hosted_registry_storage_s3_cloudfront_keypairid=yourpairid - -# Metrics deployment -# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html -# -# By default metrics are not automatically deployed, set this to enable them -#openshift_metrics_install_metrics=true -# -# Storage Options -# If openshift_metrics_storage_kind is unset then metrics will be stored -# in an EmptyDir volume and will be deleted when the cassandra pod terminates. -# Storage options A & B currently support only one cassandra pod which is -# generally enough for up to 1000 pods. Additional volumes can be created -# manually after the fact and metrics scaled per the docs. -# -# Option A - NFS Host Group -# An NFS volume will be created with path "nfs_directory/volume_name" -# on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/metrics" -#openshift_metrics_storage_kind=nfs -#openshift_metrics_storage_access_modes=['ReadWriteOnce'] -#openshift_metrics_storage_nfs_directory=/exports -#openshift_metrics_storage_nfs_options='*(rw,root_squash)' -#openshift_metrics_storage_volume_name=metrics -#openshift_metrics_storage_volume_size=10Gi -#openshift_metrics_storage_labels={'storage': 'metrics'} -# -# Option B - External NFS Host -# NFS volume must already exist with path "nfs_directory/_volume_name" on -# the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/metrics" -#openshift_metrics_storage_kind=nfs -#openshift_metrics_storage_access_modes=['ReadWriteOnce'] -#openshift_metrics_storage_host=nfs.example.com -#openshift_metrics_storage_nfs_directory=/exports -#openshift_metrics_storage_volume_name=metrics -#openshift_metrics_storage_volume_size=10Gi -#openshift_metrics_storage_labels={'storage': 'metrics'} -# -# Option C - Dynamic -- If openshift supports dynamic volume provisioning for -# your cloud platform use this. -#openshift_metrics_storage_kind=dynamic -# -# Other Metrics Options -- Common items you may wish to reconfigure, for the complete -# list of options please see roles/openshift_metrics/README.md -# -# Override metricsPublicURL in the master config for cluster metrics -# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics -# Currently, you may only alter the hostname portion of the url, alterting the -# `/hawkular/metrics` path will break installation of metrics. -#openshift_metrics_hawkular_hostname=hawkular-metrics.example.com -# Configure the prefix and version for the component images -#openshift_metrics_image_prefix=docker.io/openshift/origin- -#openshift_metrics_image_version=v3.7.0 -# -# StorageClass -# openshift_storageclass_name=gp2 -# openshift_storageclass_parameters={'type': 'gp2', 'encrypted': 'false'} -# - -# Logging deployment -# -# Currently logging deployment is disabled by default, enable it by setting this -#openshift_logging_install_logging=true -# -# Logging storage config -# Option A - NFS Host Group -# An NFS volume will be created with path "nfs_directory/volume_name" -# on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/logging" -#openshift_logging_storage_kind=nfs -#openshift_logging_storage_access_modes=['ReadWriteOnce'] -#openshift_logging_storage_nfs_directory=/exports -#openshift_logging_storage_nfs_options='*(rw,root_squash)' -#openshift_logging_storage_volume_name=logging -#openshift_logging_storage_volume_size=10Gi -#openshift_logging_storage_labels={'storage': 'logging'} -# -# Option B - External NFS Host -# NFS volume must already exist with path "nfs_directory/_volume_name" on -# the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/logging" -#openshift_logging_storage_kind=nfs -#openshift_logging_storage_access_modes=['ReadWriteOnce'] -#openshift_logging_storage_host=nfs.example.com -#openshift_logging_storage_nfs_directory=/exports -#openshift_logging_storage_volume_name=logging -#openshift_logging_storage_volume_size=10Gi -#openshift_logging_storage_labels={'storage': 'logging'} -# -# Option C - Dynamic -- If openshift supports dynamic volume provisioning for -# your cloud platform use this. -#openshift_logging_storage_kind=dynamic -# -# Option D - none -- Logging will use emptydir volumes which are destroyed when -# pods are deleted -# -# Other Logging Options -- Common items you may wish to reconfigure, for the complete -# list of options please see roles/openshift_logging/README.md -# -# Configure loggingPublicURL in the master config for aggregate logging, defaults -# to kibana.{{ openshift_master_default_subdomain }} -#openshift_logging_kibana_hostname=logging.apps.example.com -# Configure the number of elastic search nodes, unless you're using dynamic provisioning -# this value must be 1 -#openshift_logging_es_cluster_size=1 -# Configure the prefix and version for the component images -#openshift_logging_image_prefix=docker.io/openshift/origin- -#openshift_logging_image_version=v3.7.0 - -# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') -# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' - -# Disable the OpenShift SDN plugin -# openshift_use_openshift_sdn=False - -# Configure SDN cluster network and kubernetes service CIDR blocks. These -# network blocks should be private and should not conflict with network blocks -# in your infrastructure that pods may require access to. Can not be changed -# after deployment. -# -# WARNING : Do not pick subnets that overlap with the default Docker bridge subnet of -# 172.17.0.0/16. Your installation will fail and/or your configuration change will -# cause the Pod SDN or Cluster SDN to fail. -# -# WORKAROUND : If you must use an overlapping subnet, you can configure a non conflicting -# docker0 CIDR range by adding '--bip=192.168.2.1/24' to DOCKER_NETWORK_OPTIONS -# environment variable located in /etc/sysconfig/docker-network. -# When upgrading or scaling up the following must match whats in your master config! -# Inventory: master yaml field -# osm_cluster_network_cidr: clusterNetworkCIDR -# openshift_portal_net: serviceNetworkCIDR -# When installing osm_cluster_network_cidr and openshift_portal_net must be set. -# Sane examples are provided below. -#osm_cluster_network_cidr=10.128.0.0/14 -#openshift_portal_net=172.30.0.0/16 - -# ExternalIPNetworkCIDRs controls what values are acceptable for the -# service external IP field. If empty, no externalIP may be set. It -# may contain a list of CIDRs which are checked for access. If a CIDR -# is prefixed with !, IPs in that CIDR will be rejected. Rejections -# will be applied first, then the IP checked against one of the -# allowed CIDRs. You should ensure this range does not overlap with -# your nodes, pods, or service CIDRs for security reasons. -#openshift_master_external_ip_network_cidrs=['0.0.0.0/0'] - -# IngressIPNetworkCIDR controls the range to assign ingress IPs from for -# services of type LoadBalancer on bare metal. If empty, ingress IPs will not -# be assigned. It may contain a single CIDR that will be allocated from. For -# security reasons, you should ensure that this range does not overlap with -# the CIDRs reserved for external IPs, nodes, pods, or services. -#openshift_master_ingress_ip_network_cidr=172.46.0.0/16 - -# Configure number of bits to allocate to each host's subnet e.g. 9 -# would mean a /23 network on the host. -# When upgrading or scaling up the following must match whats in your master config! -# Inventory: master yaml field -# osm_host_subnet_length: hostSubnetLength -# When installing osm_host_subnet_length must be set. A sane example is provided below. -#osm_host_subnet_length=9 - -# Configure master API and console ports. -#openshift_master_api_port=8443 -#openshift_master_console_port=8443 - -# set RPM version for debugging purposes -#openshift_pkg_version=-1.1 - -# Configure custom ca certificate -#openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'} -# -# NOTE: CA certificate will not be replaced with existing clusters. -# This option may only be specified when creating a new cluster or -# when redeploying cluster certificates with the redeploy-certificates -# playbook. - -# Configure custom named certificates (SNI certificates) -# -# https://docs.openshift.org/latest/install_config/certificate_customization.html -# -# NOTE: openshift_master_named_certificates is cached on masters and is an -# additive fact, meaning that each run with a different set of certificates -# will add the newly provided certificates to the cached set of certificates. -# -# An optional CA may be specified for each named certificate. CAs will -# be added to the OpenShift CA bundle which allows for the named -# certificate to be served for internal cluster communication. -# -# If you would like openshift_master_named_certificates to be overwritten with -# the provided value, specify openshift_master_overwrite_named_certificates. -#openshift_master_overwrite_named_certificates=true -# -# Provide local certificate paths which will be deployed to masters -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "cafile": "/path/to/custom-ca1.crt"}] -# -# Detected names may be overridden by specifying the "names" key -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"], "cafile": "/path/to/custom-ca1.crt"}] - -# Session options -#openshift_master_session_name=ssn -#openshift_master_session_max_seconds=3600 - -# An authentication and encryption secret will be generated if secrets -# are not provided. If provided, openshift_master_session_auth_secrets -# and openshift_master_encryption_secrets must be equal length. -# -# Signing secrets, used to authenticate sessions using -# HMAC. Recommended to use secrets with 32 or 64 bytes. -#openshift_master_session_auth_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO'] -# -# Encrypting secrets, used to encrypt sessions. Must be 16, 24, or 32 -# characters long, to select AES-128, AES-192, or AES-256. -#openshift_master_session_encryption_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO'] - -# configure how often node iptables rules are refreshed -#openshift_node_iptables_sync_period=5s - -# Configure nodeIP in the node config -# This is needed in cases where node traffic is desired to go over an -# interface other than the default network interface. -#openshift_set_node_ip=True - -# Configure dnsIP in the node config -#openshift_dns_ip=172.30.0.1 - -# Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['80']} - -# Configure logrotate scripts -# See: https://github.com/nickhammond/ansible-logrotate -#logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] - -# openshift-ansible will wait indefinitely for your input when it detects that the -# value of openshift_hostname resolves to an IP address not bound to any local -# interfaces. This mis-configuration is problematic for any pod leveraging host -# networking and liveness or readiness probes. -# Setting this variable to true will override that check. -#openshift_override_hostname_check=true - -# openshift_use_dnsmasq is deprecated. This must be true, or installs will fail -# in versions >= 3.6 -#openshift_use_dnsmasq=False - -# Define an additional dnsmasq.conf file to deploy to /etc/dnsmasq.d/openshift-ansible.conf -# This is useful for POC environments where DNS may not actually be available yet or to set -# options like 'strict-order' to alter dnsmasq configuration. -#openshift_node_dnsmasq_additional_config_file=/home/bob/ose-dnsmasq.conf - -# Global Proxy Configuration -# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment -# variables for docker and master services. -# -# Hosts in the openshift_no_proxy list will NOT use any globally -# configured HTTP(S)_PROXYs. openshift_no_proxy accepts domains -# (.example.com), and hosts (example.com), and IP addresses. -#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT -#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT -#openshift_no_proxy='.hosts.example.com,some-host.com' -# -# Most environments don't require a proxy between openshift masters, nodes, and -# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and -# specify that domain above instead. -# -# For example, having hosts with FQDNs: m1.ex.com, n1.ex.com, and -# n2.ex.com, one would simply add '.ex.com' to the openshift_no_proxy -# variable (above) and set this value to False -#openshift_generate_no_proxy_hosts=True -# -# These options configure the BuildDefaults admission controller which injects -# configuration into Builds. Proxy related values will default to the global proxy -# config values. You only need to set these if they differ from the global proxy settings. -# See BuildDefaults documentation at -# https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html -#openshift_builddefaults_http_proxy=http://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_https_proxy=https://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_no_proxy=mycorp.com -#openshift_builddefaults_git_http_proxy=http://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_git_https_proxy=https://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_git_no_proxy=mycorp.com -#openshift_builddefaults_image_labels=[{'name':'imagelabelname1','value':'imagelabelvalue1'}] -#openshift_builddefaults_nodeselectors={'nodelabel1':'nodelabelvalue1'} -#openshift_builddefaults_annotations={'annotationkey1':'annotationvalue1'} -#openshift_builddefaults_resources_requests_cpu=100m -#openshift_builddefaults_resources_requests_memory=256Mi -#openshift_builddefaults_resources_limits_cpu=1000m -#openshift_builddefaults_resources_limits_memory=512Mi - -# Or you may optionally define your own build defaults configuration serialized as json -#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","gitNoProxy":"ose3-master.example.com","kind":"BuildDefaultsConfig"}}}' - -# These options configure the BuildOverrides admission controller which injects -# configuration into Builds. -# See BuildOverrides documentation at -# https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html -#openshift_buildoverrides_force_pull=true -#openshift_buildoverrides_image_labels=[{'name':'imagelabelname1','value':'imagelabelvalue1'}] -#openshift_buildoverrides_nodeselectors={'nodelabel1':'nodelabelvalue1'} -#openshift_buildoverrides_annotations={'annotationkey1':'annotationvalue1'} - -# Or you may optionally define your own build overrides configuration serialized as json -#openshift_buildoverrides_json='{"BuildOverrides":{"configuration":{"apiVersion":"v1","kind":"BuildDefaultsConfig","forcePull":"true"}}}' - -# Enable template service broker by specifying one of more namespaces whose -# templates will be served by the broker -#openshift_template_service_broker_namespaces=['openshift'] - -# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default -#openshift_master_dynamic_provisioning_enabled=False - -# Admission plugin config -#openshift_master_admission_plugin_config={"ProjectRequestLimit":{"configuration":{"apiVersion":"v1","kind":"ProjectRequestLimitConfig","limits":[{"selector":{"admin":"true"}},{"maxProjects":"1"}]}},"PodNodeConstraints":{"configuration":{"apiVersion":"v1","kind":"PodNodeConstraintsConfig"}}} - -# Configure usage of openshift_clock role. -#openshift_clock_enabled=true - -# OpenShift Per-Service Environment Variables -# Environment variables are added to /etc/sysconfig files for -# each OpenShift service: node, master (api and controllers). -# API and controllers environment variables are merged in single -# master environments. -#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"} -#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} -#openshift_node_env_vars={"ENABLE_HTTP2": "true"} - -# Enable API service auditing, available as of 1.3 -#openshift_master_audit_config={"enabled": true} -# -# In case you want more advanced setup for the auditlog you can -# use this line. -# The directory in "auditFilePath" will be created if it's not -# exist -#openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5} - -# Enable origin repos that point at Centos PAAS SIG, defaults to true, only used -# by deployment_type=origin -#openshift_enable_origin_repo=false - -# Validity of the auto-generated OpenShift certificates in days. -# See also openshift_hosted_registry_cert_expire_days above. -# -#openshift_ca_cert_expire_days=1825 -#openshift_node_cert_expire_days=730 -#openshift_master_cert_expire_days=730 - -# Validity of the auto-generated external etcd certificates in days. -# Controls validity for etcd CA, peer, server and client certificates. -# -#etcd_ca_default_days=1825 -# -# ServiceAccountConfig:LimitSecretRefences rejects pods that reference secrets their service accounts do not reference -# openshift_master_saconfig_limitsecretreferences=false - -# Upgrade Control -# -# By default nodes are upgraded in a serial manner one at a time and all failures -# are fatal, one set of variables for normal nodes, one set of variables for -# nodes that are part of control plane as the number of hosts may be different -# in those two groups. -#openshift_upgrade_nodes_serial=1 -#openshift_upgrade_nodes_max_fail_percentage=0 -#openshift_upgrade_control_plane_nodes_serial=1 -#openshift_upgrade_control_plane_nodes_max_fail_percentage=0 -# -# You can specify the number of nodes to upgrade at once. We do not currently -# attempt to verify that you have capacity to drain this many nodes at once -# so please be careful when specifying these values. You should also verify that -# the expected number of nodes are all schedulable and ready before starting an -# upgrade. If it's not possible to drain the requested nodes the upgrade will -# stall indefinitely until the drain is successful. -# -# If you're upgrading more than one node at a time you can specify the maximum -# percentage of failure within the batch before the upgrade is aborted. Any -# nodes that do fail are ignored for the rest of the playbook run and you should -# take care to investigate the failure and return the node to service so that -# your cluster. -# -# The percentage must exceed the value, this would fail on two failures -# openshift_upgrade_nodes_serial=4 openshift_upgrade_nodes_max_fail_percentage=49 -# where as this would not -# openshift_upgrade_nodes_serial=4 openshift_upgrade_nodes_max_fail_percentage=50 -# -# Multiple data migrations take place and if they fail they will fail the upgrade -# You may wish to disable these or make them non fatal -# -# openshift_upgrade_pre_storage_migration_enabled=true -# openshift_upgrade_pre_storage_migration_fatal==true -# openshift_upgrade_post_storage_migration_enabled=true -# openshift_upgrade_post_storage_migration_fatal==false - -# host group for masters -[masters] -ose3-master[1:3]-ansible.test.example.com - -[etcd] -ose3-etcd[1:3]-ansible.test.example.com - -# NOTE: Containerized load balancer hosts are not yet supported, if using a global -# containerized=true host variable we must set to false. -[lb] -ose3-lb-ansible.test.example.com containerized=false - -# NOTE: Currently we require that masters be part of the SDN which requires that they also be nodes -# However, in order to ensure that your masters are not burdened with running pods you should -# make them unschedulable by adding openshift_schedulable=False any node that's also a master. -[nodes] -ose3-master[1:3]-ansible.test.example.com -ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}" -# CloudForms/ManageIQ (CFME/MIQ) Configuration - -# See the readme for full descriptions and getting started -# instructions: ../../roles/openshift_cfme/README.md or go directly to -# their definitions: ../../roles/openshift_cfme/defaults/main.yml -# ../../roles/openshift_cfme/vars/main.yml -# -# Namespace for the CFME project -#openshift_cfme_project: openshift-cfme - -# Namespace/project description -#openshift_cfme_project_description: CloudForms Management Engine - -# Choose 'miq-template' for a podified database install -# Choose 'miq-template-ext-db' for an external database install -# -# If you are using the miq-template-ext-db template then you must add -# the required database parameters to the -# openshift_cfme_template_parameters variable. -#openshift_cfme_app_template: miq-template - -# Allowed options: nfs, nfs_external, preconfigured, cloudprovider. -#openshift_cfme_storage_class: nfs - -# [OPTIONAL] - If you are using an EXTERNAL NFS server, such as a -# netapp appliance, then you must set the hostname here. Leave the -# value as 'false' if you are not using external NFS. -#openshift_cfme_storage_nfs_external_hostname: false - -# [OPTIONAL] - If you are using external NFS then you must set the base -# path to the exports location here. -# -# Additionally: EXTERNAL NFS REQUIRES that YOU CREATE the nfs exports -# that will back the application PV and optionally the database -# pv. Export path definitions, relative to -# {{ openshift_cfme_storage_nfs_base_dir }} -# -# LOCAL NFS NOTE: -# -# You may may also change this value if you want to change the default -# path used for local NFS exports. -#openshift_cfme_storage_nfs_base_dir: /exports - -# LOCAL NFS NOTE: -# -# You may override the automatically selected LOCAL NFS server by -# setting this variable. Useful for testing specific task files. -#openshift_cfme_storage_nfs_local_hostname: false - -# A hash of parameters you want to override or set in the -# miq-template.yaml or miq-template-ext-db.yaml templates. Set this in -# your inventory file as a simple hash. Acceptable values are defined -# under the .parameters list in files/miq-template{-ext-db}.yaml -# Example: -# -# openshift_cfme_template_parameters={'APPLICATION_MEM_REQ': '512Mi'} -#openshift_cfme_template_parameters: {} diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 1528f3fc8..2ae7d48a3 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -10,7 +10,7 @@ Name: openshift-ansible Version: 3.7.0 -Release: 0.144.0%{?dist} +Release: 0.147.0%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -276,6 +276,31 @@ Atomic OpenShift Utilities includes %changelog +* Tue Oct 10 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.147.0 +- Add PartOf to docker systemd service unit. (mgugino@redhat.com) +- crio: use systemd manager (gscrivan@redhat.com) +- Ensure servingInfo.clientCA is set as ca.crt rather than ca-bundle.crt. + (abutcher@redhat.com) +- crio, docker: use openshift_release when openshift_image_tag is not used + (gscrivan@redhat.com) +- crio: fix typo (gscrivan@redhat.com) +- Update registry_config.j2 (jialiu@redhat.com) +- Update registry_config.j2 (jialiu@redhat.com) + +* Mon Oct 09 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.146.0 +- docker_image_availability: credentials to skopeo (mgugino@redhat.com) +- Rename openshift_cfme role to openshift_management (tbielawa@redhat.com) + +* Mon Oct 09 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.145.0 +- add missing restart node handler to flannel (jchaloup@redhat.com) +- Switch to configmap leader election on 3.7 upgrade (mkhan@redhat.com) +- crio.conf.j2: sync from upstream (gscrivan@redhat.com) +- cri-o: use overlay instead of overlay2 (gscrivan@redhat.com) +- Ensure docker is restarted when iptables is restarted (mgugino@redhat.com) +- Stop including origin and ose hosts example file (sdodson@redhat.com) +- node: make node service PartOf=openvswitch.service when openshift-sdn is used + (dcbw@redhat.com) + * Fri Oct 06 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.144.0 - fix typo for default in etcd (mgugino@redhat.com) - Bumping version of service catalog image for 3.7 (ewolinet@redhat.com) diff --git a/playbooks/byo/openshift-cfme/config.yml b/playbooks/byo/openshift-management/config.yml index 0e8e7a94d..33a555cc1 100644 --- a/playbooks/byo/openshift-cfme/config.yml +++ b/playbooks/byo/openshift-management/config.yml @@ -5,4 +5,4 @@ - include: ../../common/openshift-cluster/evaluate_groups.yml -- include: ../../common/openshift-cfme/config.yml +- include: ../../common/openshift-management/config.yml diff --git a/playbooks/byo/openshift-cfme/uninstall.yml b/playbooks/byo/openshift-management/uninstall.yml index c8ed16859..ebd6fb261 100644 --- a/playbooks/byo/openshift-cfme/uninstall.yml +++ b/playbooks/byo/openshift-management/uninstall.yml @@ -3,4 +3,4 @@ # tags: # - always -- include: ../../common/openshift-cfme/uninstall.yml +- include: ../../common/openshift-management/uninstall.yml diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index a31d6e2dc..dbe09dce2 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -55,8 +55,8 @@ - include: service_catalog.yml when: openshift_enable_service_catalog | default(false) | bool -- include: openshift_cfme.yml - when: openshift_cfme_install_cfme | default(false) | bool +- include: openshift_management.yml + when: openshift_management_install_management | default(false) | bool - name: Print deprecated variable warning message if necessary hosts: oo_first_master diff --git a/playbooks/common/openshift-cluster/openshift_cfme.yml b/playbooks/common/openshift-cluster/openshift_cfme.yml deleted file mode 100644 index 29966d99e..000000000 --- a/playbooks/common/openshift-cluster/openshift_cfme.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: CFME Install Checkpoint Start - hosts: localhost - connection: local - gather_facts: false - tasks: - - name: Set CFME install 'In Progress' - set_stats: - data: - installer_phase_cfme: "In Progress" - aggregate: false - -- name: CFME - include: ../openshift-cfme/config.yml - -- name: CFME Install Checkpoint End - hosts: localhost - connection: local - gather_facts: false - tasks: - - name: Set CFME install 'Complete' - set_stats: - data: - installer_phase_CFME: "Complete" - aggregate: false diff --git a/playbooks/common/openshift-cluster/openshift_management.yml b/playbooks/common/openshift-cluster/openshift_management.yml new file mode 100644 index 000000000..6e582920b --- /dev/null +++ b/playbooks/common/openshift-cluster/openshift_management.yml @@ -0,0 +1,25 @@ +--- +- name: Management Install Checkpoint Start + hosts: localhost + connection: local + gather_facts: false + tasks: + - name: Set Management install 'In Progress' + set_stats: + data: + installer_phase_Management: "In Progress" + aggregate: false + +- name: Management + include: ../openshift-management/config.yml + +- name: Management Install Checkpoint End + hosts: localhost + connection: local + gather_facts: false + tasks: + - name: Set Management install 'Complete' + set_stats: + data: + installer_phase_Management: "Complete" + aggregate: false diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml index e4193a00e..2068ed199 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml @@ -44,8 +44,8 @@ - modify_yaml: dest: "{{ openshift.common.config_base }}/master/master-config.yaml" yaml_key: servingInfo.clientCA - yaml_value: ca-bundle.crt - when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca-bundle.crt' + yaml_value: ca.crt + when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca.crt' - modify_yaml: dest: "{{ openshift.common.config_base }}/master/master-config.yaml" yaml_key: etcdClientInfo.ca diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml index ed89dbe8d..df59a8782 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml @@ -14,3 +14,8 @@ dest: "{{ openshift.common.config_base}}/master/master-config.yaml" yaml_key: 'kubernetesMasterConfig.admissionConfig' yaml_value: + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.election.lockName' + yaml_value: 'openshift-master-controllers' diff --git a/playbooks/common/openshift-loadbalancer/config.yml b/playbooks/common/openshift-loadbalancer/config.yml index ecbb092bc..9e148e636 100644 --- a/playbooks/common/openshift-loadbalancer/config.yml +++ b/playbooks/common/openshift-loadbalancer/config.yml @@ -27,6 +27,7 @@ roles: - role: os_firewall - role: openshift_loadbalancer + - role: tuned - name: Load Balancer Install Checkpoint End hosts: localhost diff --git a/playbooks/common/openshift-cfme/config.yml b/playbooks/common/openshift-management/config.yml index 08df4a57e..0aaafe440 100644 --- a/playbooks/common/openshift-cfme/config.yml +++ b/playbooks/common/openshift-management/config.yml @@ -4,12 +4,12 @@ pre_tasks: - name: Create a temporary place to evaluate the PV templates command: mktemp -d /tmp/openshift-ansible-XXXXXXX - register: r_openshift_cfme_mktemp + register: r_openshift_management_mktemp changed_when: false tasks: - name: Run the CFME Setup Role include_role: - name: openshift_cfme + name: openshift_management vars: - template_dir: "{{ hostvars[groups.masters.0].r_openshift_cfme_mktemp.stdout }}" + template_dir: "{{ hostvars[groups.masters.0].r_openshift_management_mktemp.stdout }}" diff --git a/playbooks/common/openshift-cfme/filter_plugins b/playbooks/common/openshift-management/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/common/openshift-cfme/filter_plugins +++ b/playbooks/common/openshift-management/filter_plugins diff --git a/playbooks/common/openshift-cfme/library b/playbooks/common/openshift-management/library index ba40d2f56..ba40d2f56 120000 --- a/playbooks/common/openshift-cfme/library +++ b/playbooks/common/openshift-management/library diff --git a/playbooks/common/openshift-cfme/roles b/playbooks/common/openshift-management/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/common/openshift-cfme/roles +++ b/playbooks/common/openshift-management/roles diff --git a/playbooks/common/openshift-cfme/uninstall.yml b/playbooks/common/openshift-management/uninstall.yml index 78b8e7668..698d93405 100644 --- a/playbooks/common/openshift-cfme/uninstall.yml +++ b/playbooks/common/openshift-management/uninstall.yml @@ -4,5 +4,5 @@ tasks: - name: Run the CFME Uninstall Role Tasks include_role: - name: openshift_cfme + name: openshift_management tasks_from: uninstall diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index bc1fee982..04e2bdbbf 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -198,6 +198,7 @@ openshift_master_default_registry_value: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value }}" openshift_master_default_registry_value_api: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value_api }}" openshift_master_default_registry_value_controllers: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value_controllers }}" + - role: tuned - role: nuage_ca when: openshift_use_nuage | default(false) | bool - role: nuage_common diff --git a/playbooks/common/openshift-node/configure_nodes.yml b/playbooks/common/openshift-node/configure_nodes.yml index c96e4921c..17259422d 100644 --- a/playbooks/common/openshift-node/configure_nodes.yml +++ b/playbooks/common/openshift-node/configure_nodes.yml @@ -13,4 +13,5 @@ roles: - role: os_firewall - role: openshift_node + - role: tuned - role: nickhammond.logrotate diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 591367467..866ed0452 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -4,6 +4,7 @@ systemd: name: "{{ openshift.docker.service_name }}" state: restarted + daemon_reload: yes register: r_docker_restart_docker_result until: not r_docker_restart_docker_result | failed retries: 3 diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index dae17c3ce..f73f90686 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -10,14 +10,6 @@ l_use_crio: "{{ openshift_use_crio | default(False) }}" l_use_crio_only: "{{ openshift_use_crio_only | default(False) }}" -- when: - - openshift_deployment_type == 'openshift-enterprise' - assert: - that: - - "openshift_image_tag is defined" - msg: > - openshift_image_tag is a required inventory variable when installing openshift-enterprise - - name: Use Package Docker if Requested include: package_docker.yml when: diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index eab5c3bb1..dbe0b0d28 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -48,7 +48,9 @@ template: dest: "{{ docker_systemd_dir }}/custom.conf" src: custom.conf.j2 - when: not os_firewall_use_firewalld | default(False) | bool + notify: + - restart docker + when: not (os_firewall_use_firewalld | default(False)) | bool - name: Add enterprise registry, if necessary set_fact: diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 386369d26..fdc6cd24a 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -14,6 +14,22 @@ l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}" when: l2_docker_additional_registries +- set_fact: + l_openshift_image_tag: "{{ openshift_image_tag | string }}" + when: openshift_image_tag is defined + +- set_fact: + l_openshift_image_tag: "latest" + when: + - openshift_image_tag is not defined + - openshift_release == "latest" + +- set_fact: + l_openshift_image_tag: "{{ openshift_release | string }}" + when: + - openshift_image_tag is not defined + - openshift_release != "latest" + - name: Ensure container-selinux is installed package: name: container-selinux @@ -106,10 +122,9 @@ - name: Set CRI-O image tag set_fact: - l_crio_image_tag: "{{ openshift_image_tag }}" + l_crio_image_tag: "{{ l_openshift_image_tag }}" when: - openshift_deployment_type == 'openshift-enterprise' - - openshift_image_tag is defined - name: Use RHEL based image when distribution is Red Hat set_fact: @@ -147,7 +162,7 @@ image: "{{ l_crio_image }}" state: latest -- name: Remove CRI-o default configuration files +- name: Remove CRI-O default configuration files file: path: "{{ item }}" state: absent diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml index 5b1605b58..15c6a55db 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -1,5 +1,21 @@ --- +- set_fact: + l_openshift_image_tag: "{{ openshift_image_tag | string }}" + when: openshift_image_tag is defined + +- set_fact: + l_openshift_image_tag: "latest" + when: + - openshift_image_tag is not defined + - openshift_release == "latest" + +- set_fact: + l_openshift_image_tag: "{{ openshift_release | string }}" + when: + - openshift_image_tag is not defined + - openshift_release != "latest" + # If docker_options are provided we should fail. We should not install docker and ignore # the users configuration. NOTE: docker_options == inventory:openshift_docker_options - name: Fail quickly if openshift_docker_options are set @@ -94,10 +110,9 @@ - name: Set container engine image tag set_fact: - l_docker_image_tag: "{{ openshift_image_tag }}" + l_docker_image_tag: "{{ l_openshift_image_tag }}" when: - openshift_deployment_type == 'openshift-enterprise' - - openshift_image_tag is defined - name: Use Red Hat Registry for image when distribution is Red Hat set_fact: diff --git a/roles/docker/templates/crio.conf.j2 b/roles/docker/templates/crio.conf.j2 index b4ee84fd0..b715c2ffa 100644 --- a/roles/docker/templates/crio.conf.j2 +++ b/roles/docker/templates/crio.conf.j2 @@ -13,12 +13,12 @@ runroot = "/var/run/containers/storage" # storage_driver select which storage driver is used to manage storage # of images and containers. -storage_driver = "overlay2" +storage_driver = "overlay" # storage_option is used to pass an option to the storage driver. storage_option = [ {% if ansible_distribution in ['RedHat', 'CentOS'] %} - "overlay2.override_kernel_check=1" + "overlay.override_kernel_check=1" {% endif %} ] @@ -35,6 +35,10 @@ stream_address = "" # stream_port is the port on which the stream server will listen stream_port = "10010" +# file_locking is whether file-based locking will be used instead of +# in-memory locking +file_locking = true + # The "crio.runtime" table contains settings pertaining to the OCI # runtime used and options for how to set up and manage the OCI runtime. [crio.runtime] @@ -67,6 +71,9 @@ runtime_untrusted_workload = "" # container runtime for all containers. default_workload_trust = "trusted" +# no_pivot instructs the runtime to not use pivot_root, but instead use MS_MOVE +no_pivot = false + # conmon is the path to conmon binary, used for managing the runtime. conmon = "/usr/libexec/crio/conmon" @@ -93,6 +100,16 @@ apparmor_profile = "crio-default" # for the runtime. cgroup_manager = "systemd" +# hooks_dir_path is the oci hooks directory for automatically executed hooks +hooks_dir_path = "/usr/share/containers/oci/hooks.d" + +# pids_limit is the number of processes allowed in a container +pids_limit = 1024 + +# log_size_max is the max limit for the container log size in bytes. +# Negative values indicate that no limit is imposed. +log_size_max = -1 + # The "crio.image" table contains settings pertaining to the # management of OCI images. [crio.image] @@ -115,6 +132,10 @@ pause_command = "/pause" # unspecified so that the default system-wide policy will be used. signature_policy = "" +# image_volumes controls how image volumes are handled. +# The valid values are mkdir and ignore. +image_volumes = "mkdir" + # insecure_registries is used to skip TLS verification when pulling images. insecure_registries = [ {{ l_insecure_crio_registries|default("") }} @@ -125,6 +146,7 @@ insecure_registries = [ registries = [ {{ l_additional_crio_registries|default("") }} ] + # The "crio.network" table contains settings pertaining to the # management of CNI plugins. [crio.network] diff --git a/roles/docker/templates/custom.conf.j2 b/roles/docker/templates/custom.conf.j2 index 9b47cb6ab..713412473 100644 --- a/roles/docker/templates/custom.conf.j2 +++ b/roles/docker/templates/custom.conf.j2 @@ -3,3 +3,9 @@ [Unit] Wants=iptables.service After=iptables.service + +# The following line is a work-around to ensure docker is restarted whenever +# iptables is restarted. This ensures the proper iptables rules will be in +# place for docker. +# Note: This will also cause docker to be stopped if iptables is stopped. +PartOf=iptables.service diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml index 02f5a5f64..889069485 100644 --- a/roles/flannel/handlers/main.yml +++ b/roles/flannel/handlers/main.yml @@ -12,3 +12,12 @@ until: not l_docker_restart_docker_in_flannel_result | failed retries: 3 delay: 30 + +- name: restart node + systemd: + name: "{{ openshift.common.service_type }}-node" + state: restarted + register: l_restart_node_result + until: not l_restart_node_result | failed + retries: 3 + delay: 30 diff --git a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py index 033240e62..ac369b882 100644 --- a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py +++ b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py @@ -81,6 +81,7 @@ class CallbackModule(CallbackBase): 'installer_phase_metrics', 'installer_phase_logging', 'installer_phase_servicecatalog', + 'installer_phase_management', ] # Define the attributes of the installer phases @@ -133,6 +134,10 @@ class CallbackModule(CallbackBase): 'title': 'Service Catalog Install', 'playbook': 'playbooks/byo/openshift-cluster/service-catalog.yml' }, + 'installer_phase_management': { + 'title': 'Management Install', + 'playbook': 'playbooks/common/openshift-cluster/openshift_management.yml' + }, } # Find the longest phase title diff --git a/roles/openshift_cfme/tasks/storage/create_nfs_pvs.yml b/roles/openshift_cfme/tasks/storage/create_nfs_pvs.yml deleted file mode 100644 index d5252464e..000000000 --- a/roles/openshift_cfme/tasks/storage/create_nfs_pvs.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -# Create the required PVs for the App and the DB -- name: Note the App PV Size from Template Parameters - set_fact: - openshift_cfme_app_pv_size: "{{ openshift_cfme_template_parameters.APPLICATION_VOLUME_CAPACITY }}" - when: - - openshift_cfme_template_parameters.APPLICATION_VOLUME_CAPACITY is defined - -- name: Note the App PV Size from defaults - set_fact: - openshift_cfme_app_pv_size: "{{ __openshift_cfme_app_pv_size }}" - when: - - openshift_cfme_template_parameters.APPLICATION_VOLUME_CAPACITY is not defined - -- when: openshift_cfme_app_template in ['miq-template', 'cfme-template'] - block: - - name: Note the DB PV Size from Template Parameters - set_fact: - openshift_cfme_db_pv_size: "{{ openshift_cfme_template_parameters.DATABASE_VOLUME_CAPACITY }}" - when: - - openshift_cfme_template_parameters.DATABASE_VOLUME_CAPACITY is defined - - - name: Note the DB PV Size from defaults - set_fact: - openshift_cfme_db_pv_size: "{{ __openshift_cfme_db_pv_size }}" - when: - - openshift_cfme_template_parameters.DATABASE_VOLUME_CAPACITY is not defined - -- name: Check if the CFME App PV has been created - oc_obj: - namespace: "{{ openshift_cfme_project }}" - state: list - kind: pv - name: "{{ openshift_cfme_flavor_short }}-app" - register: miq_app_pv_check - -- name: Check if the CFME DB PV has been created - oc_obj: - namespace: "{{ openshift_cfme_project }}" - state: list - kind: pv - name: "{{ openshift_cfme_flavor_short }}-db" - register: miq_db_pv_check - when: - - openshift_cfme_app_template in ['miq-template', 'cfme-template'] - -- name: Ensure the CFME App PV is created - oc_process: - namespace: "{{ openshift_cfme_project }}" - template_name: "{{ openshift_cfme_flavor }}-app-pv" - create: True - params: - PV_SIZE: "{{ openshift_cfme_app_pv_size }}" - BASE_PATH: "{{ openshift_cfme_storage_nfs_base_dir }}" - NFS_HOST: "{{ openshift_cfme_nfs_server }}" - when: miq_app_pv_check.results.results == [{}] - -- name: Ensure the CFME DB PV is created - oc_process: - namespace: "{{ openshift_cfme_project }}" - template_name: "{{ openshift_cfme_flavor }}-db-pv" - create: True - params: - PV_SIZE: "{{ openshift_cfme_db_pv_size }}" - BASE_PATH: "{{ openshift_cfme_storage_nfs_base_dir }}" - NFS_HOST: "{{ openshift_cfme_nfs_server }}" - when: - - openshift_cfme_app_template in ['miq-template', 'cfme-template'] - - miq_db_pv_check.results.results == [{}] diff --git a/roles/openshift_cfme/tasks/storage/nfs.yml b/roles/openshift_cfme/tasks/storage/nfs.yml deleted file mode 100644 index c17544480..000000000 --- a/roles/openshift_cfme/tasks/storage/nfs.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -# Tasks to statically provision NFS volumes -# Include if not using dynamic volume provisioning - -- name: Ensure we save the local NFS server if one is provided - set_fact: - openshift_cfme_nfs_server: "{{ openshift_cfme_storage_nfs_local_hostname }}" - when: - - openshift_cfme_storage_nfs_local_hostname is defined - - openshift_cfme_storage_nfs_local_hostname != False - - openshift_cfme_storage_class == "nfs" - -- name: Ensure we save the local NFS server - set_fact: - openshift_cfme_nfs_server: "{{ groups['oo_nfs_to_config'].0 }}" - when: - - openshift_cfme_nfs_server is not defined - - openshift_cfme_storage_class == "nfs" - -- name: Ensure we save the external NFS server - set_fact: - openshift_cfme_nfs_server: "{{ openshift_cfme_storage_nfs_external_hostname }}" - when: - - openshift_cfme_storage_class == "nfs_external" - -- name: Failed NFS server detection - assert: - that: - - openshift_cfme_nfs_server is defined - msg: | - "Unable to detect an NFS server. The 'nfs_external' - openshift_cfme_storage_class option requires that you set - openshift_cfme_storage_nfs_external_hostname. NFS hosts detected - for local nfs services: {{ groups['oo_nfs_to_config'] | join(', ') }}" - -- name: Setting up NFS storage - block: - - name: Include the NFS Setup role tasks - include_role: - role: openshift_nfs - tasks_from: setup - vars: - l_nfs_base_dir: "{{ openshift_cfme_storage_nfs_base_dir }}" - - - name: Create the App export - include_role: - role: openshift_nfs - tasks_from: create_export - vars: - l_nfs_base_dir: "{{ openshift_cfme_storage_nfs_base_dir }}" - l_nfs_export_config: "{{ openshift_cfme_flavor_short }}" - l_nfs_export_name: "{{ openshift_cfme_flavor_short }}-app" - l_nfs_options: "*(rw,no_root_squash,no_wdelay)" - - - name: Create the DB export - include_role: - role: openshift_nfs - tasks_from: create_export - vars: - l_nfs_base_dir: "{{ openshift_cfme_storage_nfs_base_dir }}" - l_nfs_export_config: "{{ openshift_cfme_flavor_short }}" - l_nfs_export_name: "{{ openshift_cfme_flavor_short }}-db" - l_nfs_options: "*(rw,no_root_squash,no_wdelay)" - when: - - openshift_cfme_app_template in ['miq-template', 'cfme-template'] - - delegate_to: "{{ openshift_cfme_nfs_server }}" diff --git a/roles/openshift_cfme/templates/openshift_cfme-miq-template-ext-db.exports.j2 b/roles/openshift_cfme/templates/openshift_cfme-miq-template-ext-db.exports.j2 deleted file mode 100644 index f43a93ba0..000000000 --- a/roles/openshift_cfme/templates/openshift_cfme-miq-template-ext-db.exports.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ openshift_cfme_storage_nfs_base_dir }}/{{ openshift_cfme_flavor_short }}-app *(rw,no_root_squash,no_wdelay) diff --git a/roles/openshift_cfme/templates/openshift_cfme-miq-template.exports.j2 b/roles/openshift_cfme/templates/openshift_cfme-miq-template.exports.j2 deleted file mode 100644 index 4a4d85a23..000000000 --- a/roles/openshift_cfme/templates/openshift_cfme-miq-template.exports.j2 +++ /dev/null @@ -1,2 +0,0 @@ -{{ openshift_cfme_storage_nfs_base_dir }}/{{ openshift_cfme_flavor_short }}-app *(rw,no_root_squash,no_wdelay) -{{ openshift_cfme_storage_nfs_base_dir }}/{{ openshift_cfme_flavor_short }}-db *(rw,no_root_squash,no_wdelay) diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py index 63ccadcd1..7c8ac78fe 100644 --- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py +++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py @@ -1,5 +1,6 @@ """Check that required Docker images are available.""" +from pipes import quote from ansible.module_utils import six from openshift_checks import OpenShiftCheck from openshift_checks.mixins import DockerHostMixin @@ -33,10 +34,39 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): # we use python-docker-py to check local docker for images, and skopeo # to look for images available remotely without waiting to pull them. dependencies = ["python-docker-py", "skopeo"] - skopeo_img_check_command = "timeout 10 skopeo inspect --tls-verify=false docker://{registry}/{image}" + # command for checking if remote registries have an image, without docker pull + skopeo_command = "timeout 10 skopeo inspect --tls-verify={tls} {creds} docker://{registry}/{image}" + skopeo_example_command = "skopeo inspect [--tls-verify=false] [--creds=<user>:<pass>] docker://<registry>/<image>" def __init__(self, *args, **kwargs): super(DockerImageAvailability, self).__init__(*args, **kwargs) + + self.registries = dict( + # set of registries that need to be checked insecurely (note: not accounting for CIDR entries) + insecure=set(self.ensure_list("openshift_docker_insecure_registries")), + # set of registries that should never be queried even if given in the image + blocked=set(self.ensure_list("openshift_docker_blocked_registries")), + ) + + # ordered list of registries (according to inventory vars) that docker will try for unscoped images + regs = self.ensure_list("openshift_docker_additional_registries") + # currently one of these registries is added whether the user wants it or not. + deployment_type = self.get_var("openshift_deployment_type") + if deployment_type == "origin" and "docker.io" not in regs: + regs.append("docker.io") + elif deployment_type == 'openshift-enterprise' and "registry.access.redhat.com" not in regs: + regs.append("registry.access.redhat.com") + self.registries["configured"] = regs + + # for the oreg_url registry there may be credentials specified + components = self.get_var("oreg_url", default="").split('/') + self.registries["oreg"] = "" if len(components) < 3 else components[0] + self.skopeo_command_creds = "" + oreg_auth_user = self.get_var('oreg_auth_user', default='') + oreg_auth_password = self.get_var('oreg_auth_password', default='') + if oreg_auth_user != '' and oreg_auth_password != '': + self.skopeo_command_creds = "--creds={}:{}".format(quote(oreg_auth_user), quote(oreg_auth_password)) + # record whether we could reach a registry or not (and remember results) self.reachable_registries = {} @@ -62,26 +92,25 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): if not missing_images: return {} - registries = self.known_docker_registries() - if not registries: - return {"failed": True, "msg": "Unable to retrieve any docker registries."} - - available_images = self.available_images(missing_images, registries) + available_images = self.available_images(missing_images) unavailable_images = set(missing_images) - set(available_images) if unavailable_images: - registries = [ - reg if self.reachable_registries.get(reg, True) else reg + " (unreachable)" - for reg in registries - ] + unreachable = [reg for reg, reachable in self.reachable_registries.items() if not reachable] + unreachable_msg = "Failed connecting to: {}\n".format(", ".join(unreachable)) + blocked_msg = "Blocked registries: {}\n".format(", ".join(self.registries["blocked"])) msg = ( - "One or more required Docker images are not available:\n {}\n" - "Configured registries: {}\n" - "Checked by: {}" + "One or more required container images are not available:\n {missing}\n" + "Checked with: {cmd}\n" + "Default registries searched: {registries}\n" + "{blocked}" + "{unreachable}" ).format( - ",\n ".join(sorted(unavailable_images)), - ", ".join(registries), - self.skopeo_img_check_command + missing=",\n ".join(sorted(unavailable_images)), + cmd=self.skopeo_example_command, + registries=", ".join(self.registries["configured"]), + blocked=blocked_msg if self.registries["blocked"] else "", + unreachable=unreachable_msg if unreachable else "", ) return dict(failed=True, msg=msg) @@ -138,11 +167,10 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): def local_images(self, images): """Filter a list of images and return those available locally.""" - registries = self.known_docker_registries() found_images = [] for image in images: # docker could have the image name as-is or prefixed with any registry - imglist = [image] + [reg + "/" + image for reg in registries] + imglist = [image] + [reg + "/" + image for reg in self.registries["configured"]] if self.is_image_local(imglist): found_images.append(image) return found_images @@ -152,37 +180,27 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): result = self.execute_module("docker_image_facts", {"name": image}) return bool(result.get("images")) and not result.get("failed") - def known_docker_registries(self): - """Build a list of docker registries available according to inventory vars.""" - regs = self.get_var("openshift_docker_additional_registries", default=[]) + def ensure_list(self, registry_param): + """Return the task var as a list.""" # https://bugzilla.redhat.com/show_bug.cgi?id=1497274 - # if the result was a string type, place it into a list. We must do this + # If the result was a string type, place it into a list. We must do this # as using list() on a string will split the string into its characters. - if isinstance(regs, six.string_types): - regs = [regs] - else: - # Otherwise cast to a list as was done previously - regs = list(regs) + # Otherwise cast to a list as was done previously. + registry = self.get_var(registry_param, default=[]) + if not isinstance(registry, six.string_types): + return list(registry) + return self.normalize(registry) - deployment_type = self.get_var("openshift_deployment_type") - if deployment_type == "origin" and "docker.io" not in regs: - regs.append("docker.io") - elif deployment_type == 'openshift-enterprise' and "registry.access.redhat.com" not in regs: - regs.append("registry.access.redhat.com") - - return regs - - def available_images(self, images, default_registries): + def available_images(self, images): """Search remotely for images. Returns: list of images found.""" return [ image for image in images - if self.is_available_skopeo_image(image, default_registries) + if self.is_available_skopeo_image(image) ] - def is_available_skopeo_image(self, image, default_registries): + def is_available_skopeo_image(self, image): """Use Skopeo to determine if required image exists in known registry(s).""" - registries = default_registries - + registries = self.registries["configured"] # If image already includes a registry, only use that. # NOTE: This logic would incorrectly identify images that do not use a namespace, e.g. # registry.access.redhat.com/rhel7 as if the registry were a namespace. @@ -193,13 +211,18 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): registries = [registry] for registry in registries: + if registry in self.registries["blocked"]: + continue # blocked will never be consulted if registry not in self.reachable_registries: self.reachable_registries[registry] = self.connect_to_registry(registry) if not self.reachable_registries[registry]: - continue + continue # do not keep trying unreachable registries + + args = dict(registry=registry, image=image) + args["tls"] = "false" if registry in self.registries["insecure"] else "true" + args["creds"] = self.skopeo_command_creds if registry == self.registries["oreg"] else "" - args = {"_raw_params": self.skopeo_img_check_command.format(registry=registry, image=image)} - result = self.execute_module_with_retries("command", args) + result = self.execute_module_with_retries("command", {"_raw_params": self.skopeo_command.format(**args)}) if result.get("rc", 0) == 0 and not result.get("failed"): return True if result.get("rc") == 124: # RC 124 == timed out; mark unreachable diff --git a/roles/openshift_health_checker/test/action_plugin_test.py b/roles/openshift_health_checker/test/action_plugin_test.py index f14887303..40ad27d5d 100644 --- a/roles/openshift_health_checker/test/action_plugin_test.py +++ b/roles/openshift_health_checker/test/action_plugin_test.py @@ -94,6 +94,7 @@ def skipped(result): {}, ]) def test_action_plugin_missing_openshift_facts(plugin, task_vars, monkeypatch): + monkeypatch.setattr(plugin, 'load_known_checks', lambda *_: {}) monkeypatch.setattr('openshift_health_check.resolve_checks', lambda *args: ['fake_check']) result = plugin.run(tmp=None, task_vars=task_vars) diff --git a/roles/openshift_health_checker/test/docker_image_availability_test.py b/roles/openshift_health_checker/test/docker_image_availability_test.py index 43dcf0c9a..dec99e5db 100644 --- a/roles/openshift_health_checker/test/docker_image_availability_test.py +++ b/roles/openshift_health_checker/test/docker_image_availability_test.py @@ -98,40 +98,7 @@ def test_all_images_unavailable(task_vars): actual = check.run() assert actual['failed'] - assert "required Docker images are not available" in actual['msg'] - - -def test_no_known_registries(): - def execute_module(module_name=None, *_): - if module_name == "command": - return { - 'failed': True, - } - - return { - 'changed': False, - } - - def mock_known_docker_registries(): - return [] - - dia = DockerImageAvailability(execute_module, task_vars=dict( - openshift=dict( - common=dict( - service_type='origin', - is_containerized=False, - is_atomic=False, - ) - ), - openshift_docker_additional_registries=["docker.io"], - openshift_deployment_type="openshift-enterprise", - openshift_image_tag='latest', - group_names=['oo_nodes_to_config', 'oo_masters_to_config'], - )) - dia.known_docker_registries = mock_known_docker_registries - actual = dia.run() - assert actual['failed'] - assert "Unable to retrieve any docker registries." in actual['msg'] + assert "required container images are not available" in actual['msg'] @pytest.mark.parametrize("message,extra_words", [ @@ -172,13 +139,13 @@ def test_skopeo_update_failure(task_vars, message, extra_words): "spam/eggs:v1", ["test.reg"], True, True, False, - {"test.reg": False}, + {"test.reg": False, "docker.io": False}, ), ( "spam/eggs:v1", ["test.reg"], False, True, False, - {"test.reg": True}, + {"test.reg": True, "docker.io": True}, ), ( "eggs.reg/spam/eggs:v1", ["test.reg"], @@ -195,17 +162,19 @@ def test_registry_availability(image, registries, connection_test_failed, skopeo elif module_name == "command": return dict(msg="msg", failed=skopeo_failed) - check = DockerImageAvailability(execute_module, task_vars()) + tv = task_vars() + tv.update({"openshift_docker_additional_registries": registries}) + check = DockerImageAvailability(execute_module, tv) check._module_retry_interval = 0 - available = check.is_available_skopeo_image(image, registries) + available = check.is_available_skopeo_image(image) assert available == expect_success assert expect_registries_reached == check.reachable_registries @pytest.mark.parametrize("deployment_type, is_containerized, groups, oreg_url, expected", [ ( # standard set of stuff required on nodes - "origin", False, ['oo_nodes_to_config'], None, + "origin", False, ['oo_nodes_to_config'], "", set([ 'openshift/origin-pod:vtest', 'openshift/origin-deployer:vtest', @@ -225,7 +194,7 @@ def test_registry_availability(image, registries, connection_test_failed, skopeo ]) ), ( - "origin", True, ['oo_nodes_to_config', 'oo_masters_to_config', 'oo_etcd_to_config'], None, + "origin", True, ['oo_nodes_to_config', 'oo_masters_to_config', 'oo_etcd_to_config'], "", set([ # images running on top of openshift 'openshift/origin-pod:vtest', diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2 index eae8b328e..222b63b8a 100644 --- a/roles/openshift_hosted/templates/registry_config.j2 +++ b/roles/openshift_hosted/templates/registry_config.j2 @@ -53,7 +53,7 @@ storage: {% if openshift_hosted_registry_storage_swift_domain is defined %} domain: {{ openshift_hosted_registry_storage_swift_domain }} {% endif -%} -{% if openshift_hosted_registry_storage_swift_domainid %} +{% if openshift_hosted_registry_storage_swift_domainid is defined %} domainid: {{ openshift_hosted_registry_storage_swift_domainid }} {% endif -%} {% elif openshift_hosted_registry_storage_provider | default('') == 'gcs' %} @@ -63,7 +63,7 @@ storage: keyfile: /etc/registry/gcs.json {% endif -%} {% if openshift_hosted_registry_storage_gcs_rootdirectory is defined %} - rootdirectory: {{ openshift_hosted_registry_storage_gcs_rootdirectory }} + rootdirectory: {{ openshift_hosted_registry_storage_gcs_rootdirectory | default('/registry') }} {% endif -%} {% endif -%} auth: diff --git a/roles/openshift_logging_fluentd/templates/fluentd.j2 b/roles/openshift_logging_fluentd/templates/fluentd.j2 index b5f27b60d..f286b0656 100644 --- a/roles/openshift_logging_fluentd/templates/fluentd.j2 +++ b/roles/openshift_logging_fluentd/templates/fluentd.j2 @@ -66,7 +66,9 @@ spec: readOnly: true - name: filebufferstorage mountPath: /var/lib/fluentd -{% if openshift_logging_mux_client_mode is defined %} +{% if openshift_logging_mux_client_mode is defined and + ((openshift_logging_mux_allow_external is defined and openshift_logging_mux_allow_external | bool) or + (openshift_logging_use_mux is defined and openshift_logging_use_mux | bool)) %} - name: muxcerts mountPath: /etc/fluent/muxkeys readOnly: true @@ -114,7 +116,9 @@ spec: resource: limits.memory - name: "FILE_BUFFER_LIMIT" value: "{{ openshift_logging_fluentd_file_buffer_limit | default('1Gi') }}" -{% if openshift_logging_mux_client_mode is defined %} +{% if openshift_logging_mux_client_mode is defined and + ((openshift_logging_mux_allow_external is defined and openshift_logging_mux_allow_external | bool) or + (openshift_logging_use_mux is defined and openshift_logging_use_mux | bool)) %} - name: "MUX_CLIENT_MODE" value: "{{ openshift_logging_mux_client_mode }}" {% endif %} @@ -196,7 +200,9 @@ spec: - name: dockerdaemoncfg hostPath: path: /etc/docker -{% if openshift_logging_mux_client_mode is defined %} +{% if openshift_logging_mux_client_mode is defined and + ((openshift_logging_mux_allow_external is defined and openshift_logging_mux_allow_external | bool) or + (openshift_logging_use_mux is defined and openshift_logging_use_mux | bool)) %} - name: muxcerts secret: secretName: logging-mux diff --git a/roles/openshift_cfme/README.md b/roles/openshift_management/README.md index 26618ffb8..3a71d9211 100644 --- a/roles/openshift_cfme/README.md +++ b/roles/openshift_management/README.md @@ -38,6 +38,7 @@ deployment type (`openshift_deployment_type`): * [Cloud Provider](#cloud-provider) * [Preconfigured (Expert Configuration Only)](#preconfigured-expert-configuration-only) * [Customization](#customization) + * [Uninstall](#uninstall) * [Additional Information](#additional-information) # Introduction @@ -141,18 +142,18 @@ installer. | Variable | Required | Default | Description | |------------------------------------------------|:--------:|:------------------------------:|-------------------------------------| -| `openshift_cfme_project` | **No** | `openshift-cfme` | Namespace for the installation. | -| `openshift_cfme_project_description` | **No** | *CloudForms Management Engine* | Namespace/project description. | -| `openshift_cfme_install_cfme` | **No** | `false` | Boolean, set to `true` to install the application | +| `openshift_management_project` | **No** | `openshift-management` | Namespace for the installation. | +| `openshift_management_project_description` | **No** | *CloudForms Management Engine* | Namespace/project description. | +| `openshift_management_install_management` | **No** | `false` | Boolean, set to `true` to install the application | | **PRODUCT CHOICE** | | | | | -| `openshift_cfme_app_template` | **No** | `miq-template` | The project flavor to install. Choices: <ul><li>`miq-template`: ManageIQ using a podified database</li> <li> `miq-template-ext-db`: ManageIQ using an external database</li> <li>`cfme-template`: CloudForms using a podified database<sup>[1]</sup></li> <li> `cfme-template-ext-db`: CloudForms using an external database.<sup>[1]</sup></li></ul> | +| `openshift_management_app_template` | **No** | `miq-template` | The project flavor to install. Choices: <ul><li>`miq-template`: ManageIQ using a podified database</li> <li> `miq-template-ext-db`: ManageIQ using an external database</li> <li>`cfme-template`: CloudForms using a podified database<sup>[1]</sup></li> <li> `cfme-template-ext-db`: CloudForms using an external database.<sup>[1]</sup></li></ul> | | **STORAGE CLASSES** | | | | | -| `openshift_cfme_storage_class` | **No** | `nfs` | Storage type to use, choices: <ul><li>`nfs` - Best used for proof-of-concept installs. Will setup NFS on a cluster host (defaults to your first master in the inventory file) to back the required PVCs. The application requires a PVC and the database (which may be hosted externally) may require a second. PVC minimum required sizes are 5GiB for the MIQ application, and 15GiB for the PostgreSQL database (20GiB minimum available space on a volume/partition if used specifically for NFS purposes)</li> <li>`nfs_external` - You are using an external NFS server, such as a netapp appliance. See the [Configuration - Storage Classes](#storage-classes) section below for required information.</li> <li>`preconfigured` - This CFME role will do NOTHING to modify storage settings. This option assumes expert knowledge and that you have done everything required ahead of time.</li> <li>`cloudprovider` - You are using an OCP cloudprovider integration for your storage class. For this to work you must have already configured the required inventory parameters for your cloud provider. Ensure `openshift_cloudprovider_kind` is defined (aws or gce) and that the applicable cloudprovider parameters are provided. | -| `openshift_cfme_storage_nfs_external_hostname` | **No** | `false` | If you are using an *external NFS server*, such as a netapp appliance, then you must set the hostname here. Leave the value as `false` if you are not using external NFS. <br /> *Additionally*: **External NFS REQUIRES** that you create the NFS exports that will back the application PV and optionally the database PV. -| `openshift_cfme_storage_nfs_base_dir` | **No** | `/exports/` | If you are using **External NFS** then you may set the base path to the exports location here. <br />**Local NFS Note**: You *may* also change this value if you want to change the default path used for local NFS exports. | -| `openshift_cfme_storage_nfs_local_hostname` | **No** | `false` | If you do not have an `[nfs]` group in your inventory, or want to simply manually define the local NFS host in your cluster, set this parameter to the hostname of the preferred NFS server. The server must be a part of your OCP/Origin cluster. | +| `openshift_management_storage_class` | **No** | `nfs` | Storage type to use, choices: <ul><li>`nfs` - Best used for proof-of-concept installs. Will setup NFS on a cluster host (defaults to your first master in the inventory file) to back the required PVCs. The application requires a PVC and the database (which may be hosted externally) may require a second. PVC minimum required sizes are 5GiB for the MIQ application, and 15GiB for the PostgreSQL database (20GiB minimum available space on a volume/partition if used specifically for NFS purposes)</li> <li>`nfs_external` - You are using an external NFS server, such as a netapp appliance. See the [Configuration - Storage Classes](#storage-classes) section below for required information.</li> <li>`preconfigured` - This CFME role will do NOTHING to modify storage settings. This option assumes expert knowledge and that you have done everything required ahead of time.</li> <li>`cloudprovider` - You are using an OCP cloudprovider integration for your storage class. For this to work you must have already configured the required inventory parameters for your cloud provider. Ensure `openshift_cloudprovider_kind` is defined (aws or gce) and that the applicable cloudprovider parameters are provided. | +| `openshift_management_storage_nfs_external_hostname` | **No** | `false` | If you are using an *external NFS server*, such as a netapp appliance, then you must set the hostname here. Leave the value as `false` if you are not using external NFS. <br /> *Additionally*: **External NFS REQUIRES** that you create the NFS exports that will back the application PV and optionally the database PV. +| `openshift_management_storage_nfs_base_dir` | **No** | `/exports/` | If you are using **External NFS** then you may set the base path to the exports location here. <br />**Local NFS Note**: You *may* also change this value if you want to change the default path used for local NFS exports. | +| `openshift_management_storage_nfs_local_hostname` | **No** | `false` | If you do not have an `[nfs]` group in your inventory, or want to simply manually define the local NFS host in your cluster, set this parameter to the hostname of the preferred NFS server. The server must be a part of your OCP/Origin cluster. | | **CUSTOMIZATION OPTIONS** | | | | | -| `openshift_cfme_template_parameters` | **No** | `{}` | A dictionary of any parameters you want to override in the application/pv templates. +| `openshift_management_template_parameters` | **No** | `{}` | A dictionary of any parameters you want to override in the application/pv templates. * <sup>[1]</sup> The `cfme-template`s will be available and automatically detected once CFME 4.6 is released @@ -164,7 +165,7 @@ Below are some inventory snippets that can help you get started right away. If you want to install CFME/MIQ at the same time you install your -OCP/Origin cluster, ensure that `openshift_cfme_install_cfme` is set +OCP/Origin cluster, ensure that `openshift_management_install_management` is set to `true` in your inventory. Call the standard `playbooks/byo/config.yml` playbook to begin the cluster and CFME/MIQ installation. @@ -173,7 +174,7 @@ If you are installing CFME/MIQ on an *already provisioned cluster* then you can call the CFME/MIQ playbook directly: ``` -$ ansible-playbook -v -i <YOUR_INVENTORY> playbooks/byo/openshift-cfme/config.yml +$ ansible-playbook -v -i <YOUR_INVENTORY> playbooks/byo/openshift-management/config.yml ``` *Note: Use `miq-template` in the following examples for ManageIQ installs* @@ -187,7 +188,7 @@ created as pods in the container platform. ```ini [OSEv3:vars] -openshift_cfme_app_template=cfme-template +openshift_management_app_template=cfme-template ``` ## External NFS Storage @@ -196,37 +197,37 @@ This is as the previous example, except that instead of using local NFS services in the cluster it will use an external NFS server (such as a storage appliance). Note the two new parameters: -* `openshift_cfme_storage_class` - set to `nfs_external` -* `openshift_cfme_storage_nfs_external_hostname` - set to the hostname +* `openshift_management_storage_class` - set to `nfs_external` +* `openshift_management_storage_nfs_external_hostname` - set to the hostname of the NFS server ```ini [OSEv3:vars] -openshift_cfme_app_template=cfme-template -openshift_cfme_storage_class=nfs_external -openshift_cfme_storage_nfs_external_hostname=nfs.example.com +openshift_management_app_template=cfme-template +openshift_management_storage_class=nfs_external +openshift_management_storage_nfs_external_hostname=nfs.example.com ``` If the external NFS host exports directories under a different parent directory, such as `/exports/hosted/prod` then we would add an -additional parameter, `openshift_cfme_storage_nfs_base_dir`: +additional parameter, `openshift_management_storage_nfs_base_dir`: ```ini # ... -openshift_cfme_storage_nfs_base_dir=/exports/hosted/prod +openshift_management_storage_nfs_base_dir=/exports/hosted/prod ``` ## Override PV sizes This example will override the PV sizes. Note that we set the PV sizes -in the template parameters, `openshift_cfme_template_parameters`. This +in the template parameters, `openshift_management_template_parameters`. This ensures that the application/db will be able to make claims on created PVs without clobbering each other. ```ini [OSEv3:vars] -openshift_cfme_app_template=cfme-template -openshift_cfme_template_parameters={'APPLICATION_VOLUME_CAPACITY': '10Gi', 'DATABASE_VOLUME_CAPACITY': '25Gi'} +openshift_management_app_template=cfme-template +openshift_management_template_parameters={'APPLICATION_VOLUME_CAPACITY': '10Gi', 'DATABASE_VOLUME_CAPACITY': '25Gi'} ``` ## Override Memory Requirements @@ -238,8 +239,8 @@ performance or a complete failure to initialize the application. ```ini [OSEv3:vars] -openshift_cfme_app_template=cfme-template -openshift_cfme_template_parameters={'APPLICATION_MEM_REQ': '3000Mi', 'POSTGRESQL_MEM_REQ': '1Gi', 'ANSIBLE_MEM_REQ': '512Mi'} +openshift_management_app_template=cfme-template +openshift_management_template_parameters={'APPLICATION_MEM_REQ': '3000Mi', 'POSTGRESQL_MEM_REQ': '1Gi', 'ANSIBLE_MEM_REQ': '512Mi'} ``` Here we have instructed the installer to process the application @@ -253,18 +254,18 @@ displayed in the previous example. ## External PostgreSQL Database To use an external database you must change the -`openshift_cfme_app_template` parameter value to `miq-template-ext-db` +`openshift_management_app_template` parameter value to `miq-template-ext-db` or `cfme-template-ext-db`. Additionally, database connection information **must** be supplied in -the `openshift_cfme_template_parameters` customization parameter. See +the `openshift_management_template_parameters` customization parameter. See [Customization - Database - External](#external) for more information. ```ini [OSEv3:vars] -openshift_cfme_app_template=cfme-template-ext-db -openshift_cfme_template_parameters={'DATABASE_USER': 'root', 'DATABASE_PASSWORD': 'r1ck&M0r7y', 'DATABASE_IP': '10.10.10.10', 'DATABASE_PORT': '5432', 'DATABASE_NAME': 'cfme'} +openshift_management_app_template=cfme-template-ext-db +openshift_management_template_parameters={'DATABASE_USER': 'root', 'DATABASE_PASSWORD': 'r1ck&M0r7y', 'DATABASE_IP': '10.10.10.10', 'DATABASE_PORT': '5432', 'DATABASE_NAME': 'cfme'} ``` # Limitations @@ -294,7 +295,7 @@ it. There are two major decisions to make: Any `POSTGRES_*` or `DATABASE_*` template parameters in [miq-template.yaml](files/templates/manageiq/miq-template.yaml) or [cfme-template.yaml](files/templates/cloudforms/cfme-template.yaml) -may be customized through the `openshift_cfme_template_parameters` +may be customized through the `openshift_management_template_parameters` hash. ### External @@ -303,12 +304,12 @@ Any `POSTGRES_*` or `DATABASE_*` template parameters in [miq-template-ext-db.yaml](files/templates/manageiq/miq-template-ext-db.yaml) or [cfme-template-ext-db.yaml](files/templates/cloudforms/cfme-template-ext-db.yaml) -may be customized through the `openshift_cfme_template_parameters` +may be customized through the `openshift_management_template_parameters` hash. External PostgreSQL databases require you to provide database connection parameters. You must set the required connection keys in -the `openshift_cfme_template_parameters` parameter in your +the `openshift_management_template_parameters` parameter in your inventory. The following keys are required: * `DATABASE_USER` @@ -321,31 +322,31 @@ Your inventory would contain a line similar to this: ```ini [OSEv3:vars] -openshift_cfme_app_template=cfme-template-ext-db -openshift_cfme_template_parameters={'DATABASE_USER': 'root', 'DATABASE_PASSWORD': 'r1ck&M0r7y', 'DATABASE_IP': '10.10.10.10', 'DATABASE_PORT': '5432', 'DATABASE_NAME': 'cfme'} +openshift_management_app_template=cfme-template-ext-db +openshift_management_template_parameters={'DATABASE_USER': 'root', 'DATABASE_PASSWORD': 'r1ck&M0r7y', 'DATABASE_IP': '10.10.10.10', 'DATABASE_PORT': '5432', 'DATABASE_NAME': 'cfme'} ``` -**Note** the new value for the `openshift_cfme_app_template` +**Note** the new value for the `openshift_management_app_template` parameter, `cfme-template-ext-db` (ManageIQ installations would use `miq-template-ext-db` instead). At run time you may run into errors similar to this: ``` -TASK [openshift_cfme : Ensure the CFME App is created] *********************************** -task path: /home/tbielawa/rhat/os/openshift-ansible/roles/openshift_cfme/tasks/main.yml:74 +TASK [openshift_management : Ensure the CFME App is created] *********************************** +task path: /home/tbielawa/rhat/os/openshift-ansible/roles/openshift_management/tasks/main.yml:74 Tuesday 03 October 2017 15:30:44 -0400 (0:00:00.056) 0:00:12.278 ******* -{"cmd": "/usr/bin/oc create -f /tmp/postgresql-ZPEWQS -n openshift-cfme", "kind": "Endpoints", "results": {}, "returncode": 1, "stderr": "Error from server (BadRequest): error when creating \"/tmp/postgresql-ZPEWQS\": Endpoints in version \"v1\" cannot be handled as a Endpoints: [pos 218]: json: decNum: got first char 'f'\n", "stdout": ""} +{"cmd": "/usr/bin/oc create -f /tmp/postgresql-ZPEWQS -n openshift-management", "kind": "Endpoints", "results": {}, "returncode": 1, "stderr": "Error from server (BadRequest): error when creating \"/tmp/postgresql-ZPEWQS\": Endpoints in version \"v1\" cannot be handled as a Endpoints: [pos 218]: json: decNum: got first char 'f'\n", "stdout": ""} ``` Or like this: ``` -TASK [openshift_cfme : Ensure the CFME App is created] *********************************** -task path: /home/tbielawa/rhat/os/openshift-ansible/roles/openshift_cfme/tasks/main.yml:74 +TASK [openshift_management : Ensure the CFME App is created] *********************************** +task path: /home/tbielawa/rhat/os/openshift-ansible/roles/openshift_management/tasks/main.yml:74 Tuesday 03 October 2017 16:05:36 -0400 (0:00:00.052) 0:00:18.948 ******* fatal: [m01.example.com]: FAILED! => {"changed": true, "failed": true, "msg": -{"cmd": "/usr/bin/oc create -f /tmp/postgresql-igS5sx -n openshift-cfme", "kind": "Endpoints", "results": {}, "returncode": 1, "stderr": "The Endpoints \"postgresql\" is invalid: subsets[0].addresses[0].ip: Invalid value: \"doo\": must be a valid IP address, (e.g. 10.9.8.7)\n", "stdout": ""}, +{"cmd": "/usr/bin/oc create -f /tmp/postgresql-igS5sx -n openshift-management", "kind": "Endpoints", "results": {}, "returncode": 1, "stderr": "The Endpoints \"postgresql\" is invalid: subsets[0].addresses[0].ip: Invalid value: \"doo\": must be a valid IP address, (e.g. 10.9.8.7)\n", "stdout": ""}, ``` While intimidating at first, there are useful bits of information in @@ -380,8 +381,8 @@ choice. Customization is provided through the following role variables: -* `openshift_cfme_storage_nfs_base_dir` -* `openshift_cfme_storage_nfs_local_hostname` +* `openshift_management_storage_nfs_base_dir` +* `openshift_management_storage_nfs_local_hostname` ### NFS External @@ -393,19 +394,19 @@ for the required PVs. For external NFS you must have: Configuration is provided through the following role variables: -* `openshift_cfme_storage_nfs_external_hostname` -* `openshift_cfme_storage_nfs_base_dir` +* `openshift_management_storage_nfs_external_hostname` +* `openshift_management_storage_nfs_base_dir` -The `openshift_cfme_storage_nfs_external_hostname` parameter must be +The `openshift_management_storage_nfs_external_hostname` parameter must be set to the hostname or IP of your external NFS server. If `/exports` is not the parent directory to your exports then you must set the base directory via the -`openshift_cfme_storage_nfs_base_dir` parameter. +`openshift_management_storage_nfs_base_dir` parameter. For example, if your server export is `/exports/hosted/prod/cfme-app` then you must set -`openshift_cfme_storage_nfs_base_dir=/exports/hosted/prod`. +`openshift_management_storage_nfs_base_dir=/exports/hosted/prod`. ### Cloud Provider @@ -434,12 +435,12 @@ storage class. # Customization Application and database parameters may be customized by means of the -`openshift_cfme_template_parameters` inventory parameter. +`openshift_management_template_parameters` inventory parameter. **For example**, if you wanted to reduce the memory requirement of the PostgreSQL pod then you could configure the parameter like this: -`openshift_cfme_template_parameters={'POSTGRESQL_MEM_REQ': '1Gi'}` +`openshift_management_template_parameters={'POSTGRESQL_MEM_REQ': '1Gi'}` When the CFME template is processed `1Gi` will be used for the value of the `POSTGRESQL_MEM_REQ` template parameter. @@ -447,12 +448,19 @@ of the `POSTGRESQL_MEM_REQ` template parameter. Any parameter in the `parameters` section of the [miq-template.yaml](files/templates/manageiq/miq-template.yaml) or [miq-template-ext-db.yaml](files/templates/manageiq/miq-template-ext-db.yaml) -may be overridden through the `openshift_cfme_template_parameters` +may be overridden through the `openshift_management_template_parameters` hash. This applies to **CloudForms** installations as well: [cfme-template.yaml](files/templates/cloudforms/cfme-template.yaml), [cfme-template-ext-db.yaml](files/templates/cloudforms/cfme-template-ext-db.yaml). +# Uninstall + +This role includes a playbook to uninstall and erase the CFME/MIQ +installation: + +* `playbooks/byo/openshift-management/uninstall.yml` + # Additional Information The upstream project, diff --git a/roles/openshift_cfme/defaults/main.yml b/roles/openshift_management/defaults/main.yml index 8ba672262..ebb56313f 100644 --- a/roles/openshift_cfme/defaults/main.yml +++ b/roles/openshift_management/defaults/main.yml @@ -1,8 +1,8 @@ --- # Namespace for the CFME project -openshift_cfme_project: openshift-cfme +openshift_management_project: openshift-management # Namespace/project description -openshift_cfme_project_description: CloudForms Management Engine +openshift_management_project_description: CloudForms Management Engine ###################################################################### # BASE TEMPLATE AND DATABASE OPTIONS @@ -13,17 +13,17 @@ openshift_cfme_project_description: CloudForms Management Engine # # Choose 'miq-template' for a podified database install # Choose 'miq-template-ext-db' for an external database install -openshift_cfme_app_template: miq-template +openshift_management_app_template: miq-template # If you are using the miq-template-ext-db template then you must add # the required database parameters to the -# openshift_cfme_template_parameters variable. +# openshift_management_template_parameters variable. ###################################################################### # STORAGE OPTIONS ###################################################################### # DEFAULT - 'nfs' # Allowed options: nfs, nfs_external, preconfigured, cloudprovider. -openshift_cfme_storage_class: nfs +openshift_management_storage_class: nfs # * nfs - Best used for proof-of-concept installs. Will setup NFS on a # cluster host (defaults to your first master in the inventory file) # to back the required PVCs. The application requires a PVC and the @@ -55,26 +55,26 @@ openshift_cfme_storage_class: nfs # [OPTIONAL] - If you are using an EXTERNAL NFS server, such as a # netapp appliance, then you must set the hostname here. Leave the # value as 'false' if you are not using external NFS. -openshift_cfme_storage_nfs_external_hostname: false +openshift_management_storage_nfs_external_hostname: false # [OPTIONAL] - If you are using external NFS then you must set the base # path to the exports location here. # # Additionally: EXTERNAL NFS REQUIRES that YOU CREATE the nfs exports # that will back the application PV and optionally the database # pv. Export path definitions, relative to -# {{ openshift_cfme_storage_nfs_base_dir }} +# {{ openshift_management_storage_nfs_base_dir }} # # LOCAL NFS NOTE: # # You may may also change this value if you want to change the default # path used for local NFS exports. -openshift_cfme_storage_nfs_base_dir: /exports +openshift_management_storage_nfs_base_dir: /exports # # LOCAL NFS NOTE: # # You may override the automatically selected LOCAL NFS server by # setting this variable. Useful for testing specific task files. -openshift_cfme_storage_nfs_local_hostname: false +openshift_management_storage_nfs_local_hostname: false ###################################################################### # SCAFFOLDING - These are parameters we pre-seed that a user may or @@ -86,5 +86,5 @@ openshift_cfme_storage_nfs_local_hostname: false # under the .parameters list in files/miq-template{-ext-db}.yaml # Example: # -# openshift_cfme_template_parameters={'APPLICATION_MEM_REQ': '512Mi'} -openshift_cfme_template_parameters: {} +# openshift_management_template_parameters={'APPLICATION_MEM_REQ': '512Mi'} +openshift_management_template_parameters: {} diff --git a/roles/openshift_cfme/files/templates/cloudforms/cfme-backup-job.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-backup-job.yaml index c3bc1d20c..c3bc1d20c 100644 --- a/roles/openshift_cfme/files/templates/cloudforms/cfme-backup-job.yaml +++ b/roles/openshift_management/files/templates/cloudforms/cfme-backup-job.yaml diff --git a/roles/openshift_cfme/files/templates/cloudforms/cfme-backup-pvc.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-backup-pvc.yaml index 92598ce82..92598ce82 100644 --- a/roles/openshift_cfme/files/templates/cloudforms/cfme-backup-pvc.yaml +++ b/roles/openshift_management/files/templates/cloudforms/cfme-backup-pvc.yaml diff --git a/roles/openshift_cfme/files/templates/cloudforms/cfme-pv-backup-example.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-pv-backup-example.yaml index 4fe349897..4fe349897 100644 --- a/roles/openshift_cfme/files/templates/cloudforms/cfme-pv-backup-example.yaml +++ b/roles/openshift_management/files/templates/cloudforms/cfme-pv-backup-example.yaml diff --git a/roles/openshift_cfme/files/templates/cloudforms/cfme-pv-db-example.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-pv-db-example.yaml index 0cdd821b5..0cdd821b5 100644 --- a/roles/openshift_cfme/files/templates/cloudforms/cfme-pv-db-example.yaml +++ b/roles/openshift_management/files/templates/cloudforms/cfme-pv-db-example.yaml diff --git a/roles/openshift_cfme/files/templates/cloudforms/cfme-pv-server-example.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-pv-server-example.yaml index 527090ae8..527090ae8 100644 --- a/roles/openshift_cfme/files/templates/cloudforms/cfme-pv-server-example.yaml +++ b/roles/openshift_management/files/templates/cloudforms/cfme-pv-server-example.yaml diff --git a/roles/openshift_cfme/files/templates/cloudforms/cfme-restore-job.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-restore-job.yaml index 8b23f8a33..8b23f8a33 100644 --- a/roles/openshift_cfme/files/templates/cloudforms/cfme-restore-job.yaml +++ b/roles/openshift_management/files/templates/cloudforms/cfme-restore-job.yaml diff --git a/roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-scc-sysadmin.yaml index d2ece9298..d2ece9298 100644 --- a/roles/openshift_cfme/files/templates/cloudforms/cfme-scc-sysadmin.yaml +++ b/roles/openshift_management/files/templates/cloudforms/cfme-scc-sysadmin.yaml diff --git a/roles/openshift_cfme/files/templates/cloudforms/cfme-template-ext-db.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-template-ext-db.yaml index 4a04f3372..4a04f3372 100644 --- a/roles/openshift_cfme/files/templates/cloudforms/cfme-template-ext-db.yaml +++ b/roles/openshift_management/files/templates/cloudforms/cfme-template-ext-db.yaml diff --git a/roles/openshift_cfme/files/templates/cloudforms/cfme-template.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-template.yaml index d7c9f5af7..d7c9f5af7 100644 --- a/roles/openshift_cfme/files/templates/cloudforms/cfme-template.yaml +++ b/roles/openshift_management/files/templates/cloudforms/cfme-template.yaml diff --git a/roles/openshift_cfme/files/templates/manageiq/miq-backup-job.yaml b/roles/openshift_management/files/templates/manageiq/miq-backup-job.yaml index 044cb73a5..044cb73a5 100644 --- a/roles/openshift_cfme/files/templates/manageiq/miq-backup-job.yaml +++ b/roles/openshift_management/files/templates/manageiq/miq-backup-job.yaml diff --git a/roles/openshift_cfme/files/templates/manageiq/miq-backup-pvc.yaml b/roles/openshift_management/files/templates/manageiq/miq-backup-pvc.yaml index 25696ef23..25696ef23 100644 --- a/roles/openshift_cfme/files/templates/manageiq/miq-backup-pvc.yaml +++ b/roles/openshift_management/files/templates/manageiq/miq-backup-pvc.yaml diff --git a/roles/openshift_cfme/files/templates/manageiq/miq-pv-backup-example.yaml b/roles/openshift_management/files/templates/manageiq/miq-pv-backup-example.yaml index a5cf54d4e..a5cf54d4e 100644 --- a/roles/openshift_cfme/files/templates/manageiq/miq-pv-backup-example.yaml +++ b/roles/openshift_management/files/templates/manageiq/miq-pv-backup-example.yaml diff --git a/roles/openshift_cfme/files/templates/manageiq/miq-pv-db-example.yaml b/roles/openshift_management/files/templates/manageiq/miq-pv-db-example.yaml index a803bebe2..a803bebe2 100644 --- a/roles/openshift_cfme/files/templates/manageiq/miq-pv-db-example.yaml +++ b/roles/openshift_management/files/templates/manageiq/miq-pv-db-example.yaml diff --git a/roles/openshift_cfme/files/templates/manageiq/miq-pv-server-example.yaml b/roles/openshift_management/files/templates/manageiq/miq-pv-server-example.yaml index 1288544d1..1288544d1 100644 --- a/roles/openshift_cfme/files/templates/manageiq/miq-pv-server-example.yaml +++ b/roles/openshift_management/files/templates/manageiq/miq-pv-server-example.yaml diff --git a/roles/openshift_cfme/files/templates/manageiq/miq-restore-job.yaml b/roles/openshift_management/files/templates/manageiq/miq-restore-job.yaml index eea284dd4..eea284dd4 100644 --- a/roles/openshift_cfme/files/templates/manageiq/miq-restore-job.yaml +++ b/roles/openshift_management/files/templates/manageiq/miq-restore-job.yaml diff --git a/roles/openshift_cfme/files/templates/manageiq/miq-template-ext-db.yaml b/roles/openshift_management/files/templates/manageiq/miq-template-ext-db.yaml index 82cd5d49e..82cd5d49e 100644 --- a/roles/openshift_cfme/files/templates/manageiq/miq-template-ext-db.yaml +++ b/roles/openshift_management/files/templates/manageiq/miq-template-ext-db.yaml diff --git a/roles/openshift_cfme/files/templates/manageiq/miq-template.yaml b/roles/openshift_management/files/templates/manageiq/miq-template.yaml index 3f5a12205..3f5a12205 100644 --- a/roles/openshift_cfme/files/templates/manageiq/miq-template.yaml +++ b/roles/openshift_management/files/templates/manageiq/miq-template.yaml diff --git a/roles/openshift_cfme/handlers/main.yml b/roles/openshift_management/handlers/main.yml index e69de29bb..e69de29bb 100644 --- a/roles/openshift_cfme/handlers/main.yml +++ b/roles/openshift_management/handlers/main.yml diff --git a/roles/openshift_cfme/meta/main.yml b/roles/openshift_management/meta/main.yml index 07ad51126..07ad51126 100644 --- a/roles/openshift_cfme/meta/main.yml +++ b/roles/openshift_management/meta/main.yml diff --git a/roles/openshift_cfme/tasks/accounts.yml b/roles/openshift_management/tasks/accounts.yml index 64976cd0e..e45ea8d43 100644 --- a/roles/openshift_cfme/tasks/accounts.yml +++ b/roles/openshift_management/tasks/accounts.yml @@ -3,16 +3,16 @@ # and ensuring correct access is provided as required. - name: Ensure the CFME system accounts exist oc_serviceaccount: - namespace: "{{ openshift_cfme_project }}" + namespace: "{{ openshift_management_project }}" state: present - name: "{{ openshift_cfme_flavor_short }}{{ item.name }}" + name: "{{ openshift_management_flavor_short }}{{ item.name }}" with_items: - "{{ __openshift_system_account_sccs }}" - name: Ensure the CFME system accounts have all the required SCCs oc_adm_policy_user: - namespace: "{{ openshift_cfme_project }}" - user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ openshift_cfme_flavor_short }}{{ item.name }}" + namespace: "{{ openshift_management_project }}" + user: "system:serviceaccount:{{ openshift_management_project }}:{{ openshift_management_flavor_short }}{{ item.name }}" resource_kind: scc resource_name: "{{ item.resource_name }}" with_items: @@ -20,9 +20,9 @@ - name: Ensure the CFME system accounts have the required roles oc_adm_policy_user: - namespace: "{{ openshift_cfme_project }}" - user: "system:serviceaccount:{{ openshift_cfme_project }}:{{ openshift_cfme_flavor_short }}{{ item.name }}" + namespace: "{{ openshift_management_project }}" + user: "system:serviceaccount:{{ openshift_management_project }}:{{ openshift_management_flavor_short }}{{ item.name }}" resource_kind: role resource_name: "{{ item.resource_name }}" with_items: - - "{{ __openshift_cfme_system_account_roles }}" + - "{{ __openshift_management_system_account_roles }}" diff --git a/roles/openshift_cfme/tasks/main.yml b/roles/openshift_management/tasks/main.yml index 78a6710b3..86c4d0010 100644 --- a/roles/openshift_cfme/tasks/main.yml +++ b/roles/openshift_management/tasks/main.yml @@ -5,11 +5,11 @@ - name: Run pre-install CFME validation checks include: validate.yml -- name: "Ensure the CFME '{{ openshift_cfme_project }}' namespace exists" +- name: "Ensure the CFME '{{ openshift_management_project }}' namespace exists" oc_project: state: present - name: "{{ openshift_cfme_project }}" - display_name: "{{ openshift_cfme_project_description }}" + name: "{{ openshift_management_project }}" + display_name: "{{ openshift_management_project_description }}" - name: Create and Authorize CFME Accounts include: accounts.yml @@ -20,28 +20,28 @@ # * nfs - set up NFS shares on the first master for a proof of concept - name: Create required NFS exports for CFME app storage include: storage/nfs.yml - when: openshift_cfme_storage_class == 'nfs' + when: openshift_management_storage_class == 'nfs' #--------------------------------------------------------------------- # * external - NFS again, but pointing to a pre-configured NFS server - name: Note Storage Type - External NFS debug: - msg: "Setting up external NFS storage, openshift_cfme_storage_class is {{ openshift_cfme_storage_class }}" - when: openshift_cfme_storage_class == 'nfs_external' + msg: "Setting up external NFS storage, openshift_management_storage_class is {{ openshift_management_storage_class }}" + when: openshift_management_storage_class == 'nfs_external' #--------------------------------------------------------------------- # * cloudprovider - use an existing cloudprovider based storage - name: Note Storage Type - Cloud Provider debug: - msg: Validating cloud provider storage type, openshift_cfme_storage_class is 'cloudprovider' - when: openshift_cfme_storage_class == 'cloudprovider' + msg: Validating cloud provider storage type, openshift_management_storage_class is 'cloudprovider' + when: openshift_management_storage_class == 'cloudprovider' #--------------------------------------------------------------------- # * preconfigured - don't do anything, assume it's all there ready to go - name: Note Storage Type - Preconfigured debug: - msg: Skipping storage configuration, openshift_cfme_storage_class is 'preconfigured' - when: openshift_cfme_storage_class == 'preconfigured' + msg: Skipping storage configuration, openshift_management_storage_class is 'preconfigured' + when: openshift_management_storage_class == 'preconfigured' ###################################################################### # APPLICATION TEMPLATE @@ -52,28 +52,28 @@ # APP & DB Storage # For local/external NFS backed installations -- name: "Create the required App and DB PVs using {{ openshift_cfme_storage_class }}" +- name: "Create the required App and DB PVs using {{ openshift_management_storage_class }}" include: storage/create_nfs_pvs.yml when: - - openshift_cfme_storage_class in ['nfs', 'nfs_external'] + - openshift_management_storage_class in ['nfs', 'nfs_external'] ###################################################################### # CREATE APP - name: Note the correct ext-db template name set_fact: - openshift_cfme_template_name: "{{ openshift_cfme_flavor }}-ext-db" + openshift_management_template_name: "{{ openshift_management_flavor }}-ext-db" when: - - openshift_cfme_app_template in ['miq-template-ext-db', 'cfme-template-ext-db'] + - openshift_management_app_template in ['miq-template-ext-db', 'cfme-template-ext-db'] - name: Note the correct podified db template name set_fact: - openshift_cfme_template_name: "{{ openshift_cfme_flavor }}" + openshift_management_template_name: "{{ openshift_management_flavor }}" when: - - openshift_cfme_app_template in ['miq-template', 'cfme-template'] + - openshift_management_app_template in ['miq-template', 'cfme-template'] - name: Ensure the CFME App is created oc_process: - namespace: "{{ openshift_cfme_project }}" - template_name: "{{ openshift_cfme_template_name }}" + namespace: "{{ openshift_management_project }}" + template_name: "{{ openshift_management_template_name }}" create: True - params: "{{ openshift_cfme_template_parameters }}" + params: "{{ openshift_management_template_parameters }}" diff --git a/roles/openshift_management/tasks/storage/create_nfs_pvs.yml b/roles/openshift_management/tasks/storage/create_nfs_pvs.yml new file mode 100644 index 000000000..31c845725 --- /dev/null +++ b/roles/openshift_management/tasks/storage/create_nfs_pvs.yml @@ -0,0 +1,69 @@ +--- +# Create the required PVs for the App and the DB +- name: Note the App PV Size from Template Parameters + set_fact: + openshift_management_app_pv_size: "{{ openshift_management_template_parameters.APPLICATION_VOLUME_CAPACITY }}" + when: + - openshift_management_template_parameters.APPLICATION_VOLUME_CAPACITY is defined + +- name: Note the App PV Size from defaults + set_fact: + openshift_management_app_pv_size: "{{ __openshift_management_app_pv_size }}" + when: + - openshift_management_template_parameters.APPLICATION_VOLUME_CAPACITY is not defined + +- when: openshift_management_app_template in ['miq-template', 'cfme-template'] + block: + - name: Note the DB PV Size from Template Parameters + set_fact: + openshift_management_db_pv_size: "{{ openshift_management_template_parameters.DATABASE_VOLUME_CAPACITY }}" + when: + - openshift_management_template_parameters.DATABASE_VOLUME_CAPACITY is defined + + - name: Note the DB PV Size from defaults + set_fact: + openshift_management_db_pv_size: "{{ __openshift_management_db_pv_size }}" + when: + - openshift_management_template_parameters.DATABASE_VOLUME_CAPACITY is not defined + +- name: Check if the CFME App PV has been created + oc_obj: + namespace: "{{ openshift_management_project }}" + state: list + kind: pv + name: "{{ openshift_management_flavor_short }}-app" + register: miq_app_pv_check + +- name: Check if the CFME DB PV has been created + oc_obj: + namespace: "{{ openshift_management_project }}" + state: list + kind: pv + name: "{{ openshift_management_flavor_short }}-db" + register: miq_db_pv_check + when: + - openshift_management_app_template in ['miq-template', 'cfme-template'] + +- name: Ensure the CFME App PV is created + oc_process: + namespace: "{{ openshift_management_project }}" + template_name: "{{ openshift_management_flavor }}-app-pv" + create: True + params: + PV_SIZE: "{{ openshift_management_app_pv_size }}" + BASE_PATH: "{{ openshift_management_storage_nfs_base_dir }}" + NFS_HOST: "{{ openshift_management_nfs_server }}" + when: miq_app_pv_check.results.results == [{}] + +- name: Ensure the CFME DB PV is created + oc_process: + namespace: "{{ openshift_management_project }}" + template_name: "{{ openshift_management_flavor }}-db-pv" + create: True + params: + PV_SIZE: "{{ openshift_management_db_pv_size }}" + BASE_PATH: "{{ openshift_management_storage_nfs_base_dir }}" + NFS_HOST: "{{ openshift_management_nfs_server }}" + when: + - openshift_management_app_template in ['miq-template', 'cfme-template'] + - miq_db_pv_check.results.results == [{}] diff --git a/roles/openshift_management/tasks/storage/nfs.yml b/roles/openshift_management/tasks/storage/nfs.yml new file mode 100644 index 000000000..696808328 --- /dev/null +++ b/roles/openshift_management/tasks/storage/nfs.yml @@ -0,0 +1,67 @@ +--- +# Tasks to statically provision NFS volumes +# Include if not using dynamic volume provisioning + +- name: Ensure we save the local NFS server if one is provided + set_fact: + openshift_management_nfs_server: "{{ openshift_management_storage_nfs_local_hostname }}" + when: + - openshift_management_storage_nfs_local_hostname is defined + - openshift_management_storage_nfs_local_hostname != False + - openshift_management_storage_class == "nfs" + +- name: Ensure we save the local NFS server + set_fact: + openshift_management_nfs_server: "{{ groups['oo_nfs_to_config'].0 }}" + when: + - openshift_management_nfs_server is not defined + - openshift_management_storage_class == "nfs" + +- name: Ensure we save the external NFS server + set_fact: + openshift_management_nfs_server: "{{ openshift_management_storage_nfs_external_hostname }}" + when: + - openshift_management_storage_class == "nfs_external" + +- name: Failed NFS server detection + assert: + that: + - openshift_management_nfs_server is defined + msg: | + "Unable to detect an NFS server. The 'nfs_external' + openshift_management_storage_class option requires that you set + openshift_management_storage_nfs_external_hostname. NFS hosts detected + for local nfs services: {{ groups['oo_nfs_to_config'] | join(', ') }}" + +- name: Setting up NFS storage + block: + - name: Include the NFS Setup role tasks + include_role: + role: openshift_nfs + tasks_from: setup + vars: + l_nfs_base_dir: "{{ openshift_management_storage_nfs_base_dir }}" + + - name: Create the App export + include_role: + role: openshift_nfs + tasks_from: create_export + vars: + l_nfs_base_dir: "{{ openshift_management_storage_nfs_base_dir }}" + l_nfs_export_config: "{{ openshift_management_flavor_short }}" + l_nfs_export_name: "{{ openshift_management_flavor_short }}-app" + l_nfs_options: "*(rw,no_root_squash,no_wdelay)" + + - name: Create the DB export + include_role: + role: openshift_nfs + tasks_from: create_export + vars: + l_nfs_base_dir: "{{ openshift_management_storage_nfs_base_dir }}" + l_nfs_export_config: "{{ openshift_management_flavor_short }}" + l_nfs_export_name: "{{ openshift_management_flavor_short }}-db" + l_nfs_options: "*(rw,no_root_squash,no_wdelay)" + when: + - openshift_management_app_template in ['miq-template', 'cfme-template'] + + delegate_to: "{{ openshift_management_nfs_server }}" diff --git a/roles/openshift_cfme/tasks/storage/storage.yml b/roles/openshift_management/tasks/storage/storage.yml index d8bf7aa3e..d8bf7aa3e 100644 --- a/roles/openshift_cfme/tasks/storage/storage.yml +++ b/roles/openshift_management/tasks/storage/storage.yml diff --git a/roles/openshift_cfme/tasks/template.yml b/roles/openshift_management/tasks/template.yml index 2061e2bd7..299158ac4 100644 --- a/roles/openshift_cfme/tasks/template.yml +++ b/roles/openshift_management/tasks/template.yml @@ -13,59 +13,59 @@ ###################################################################### # STANDARD PODIFIED DATABASE TEMPLATE -- when: openshift_cfme_app_template in ['miq-template', 'cfme-template'] +- when: openshift_management_app_template in ['miq-template', 'cfme-template'] block: - name: Check if the CFME Server template has been created already oc_obj: - namespace: "{{ openshift_cfme_project }}" + namespace: "{{ openshift_management_project }}" state: list kind: template - name: "{{ openshift_cfme_flavor }}" + name: "{{ openshift_management_flavor }}" register: miq_server_check - when: miq_server_check.results.results == [{}] block: - name: Copy over CFME Server template copy: - src: "templates/{{ openshift_cfme_flavor }}/{{ openshift_cfme_flavor_short }}-template.yaml" + src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-template.yaml" dest: "{{ template_dir }}/" - name: Ensure CFME Server Template is created oc_obj: - namespace: "{{ openshift_cfme_project }}" - name: "{{ openshift_cfme_flavor }}" + namespace: "{{ openshift_management_project }}" + name: "{{ openshift_management_flavor }}" state: present kind: template files: - - "{{ template_dir }}/{{ openshift_cfme_flavor_short }}-template.yaml" + - "{{ template_dir }}/{{ openshift_management_flavor_short }}-template.yaml" ###################################################################### # EXTERNAL DATABASE TEMPLATE -- when: openshift_cfme_app_template in ['miq-template-ext-db', 'cfme-template'] +- when: openshift_management_app_template in ['miq-template-ext-db', 'cfme-template'] block: - name: Check if the CFME Ext-DB Server template has been created already oc_obj: - namespace: "{{ openshift_cfme_project }}" + namespace: "{{ openshift_management_project }}" state: list kind: template - name: "{{ openshift_cfme_flavor }}-ext-db" + name: "{{ openshift_management_flavor }}-ext-db" register: miq_ext_db_server_check - when: miq_ext_db_server_check.results.results == [{}] block: - name: Copy over CFME Ext-DB Server template copy: - src: "templates/{{ openshift_cfme_flavor }}/{{openshift_cfme_flavor_short}}-template-ext-db.yaml" + src: "templates/{{ openshift_management_flavor }}/{{openshift_management_flavor_short}}-template-ext-db.yaml" dest: "{{ template_dir }}/" - name: Ensure CFME Ext-DB Server Template is created oc_obj: - namespace: "{{ openshift_cfme_project }}" - name: "{{ openshift_cfme_flavor }}-ext-db" + namespace: "{{ openshift_management_project }}" + name: "{{ openshift_management_flavor }}-ext-db" state: present kind: template files: - - "{{ template_dir }}/{{ openshift_cfme_flavor_short }}-template-ext-db.yaml" + - "{{ template_dir }}/{{ openshift_management_flavor_short }}-template-ext-db.yaml" # End app template creation. ###################################################################### @@ -76,53 +76,53 @@ # Required for the application server - name: Check if the CFME App PV template has been created already oc_obj: - namespace: "{{ openshift_cfme_project }}" + namespace: "{{ openshift_management_project }}" state: list kind: template - name: "{{ openshift_cfme_flavor }}-app-pv" + name: "{{ openshift_management_flavor }}-app-pv" register: miq_app_pv_check - when: miq_app_pv_check.results.results == [{}] block: - name: Copy over CFME App PV template copy: - src: "templates/{{ openshift_cfme_flavor }}/{{ openshift_cfme_flavor_short }}-pv-server-example.yaml" + src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-pv-server-example.yaml" dest: "{{ template_dir }}/" - name: Ensure CFME App PV Template is created oc_obj: - namespace: "{{ openshift_cfme_project }}" - name: "{{ openshift_cfme_flavor }}-app-pv" + namespace: "{{ openshift_management_project }}" + name: "{{ openshift_management_flavor }}-app-pv" state: present kind: template files: - - "{{ template_dir }}/{{ openshift_cfme_flavor_short }}-pv-server-example.yaml" + - "{{ template_dir }}/{{ openshift_management_flavor_short }}-pv-server-example.yaml" #--------------------------------------------------------------------- # Required for database if the installation is fully podified -- when: openshift_cfme_app_template in ['miq-template', 'cfme-template'] +- when: openshift_management_app_template in ['miq-template', 'cfme-template'] block: - name: Check if the CFME DB PV template has been created already oc_obj: - namespace: "{{ openshift_cfme_project }}" + namespace: "{{ openshift_management_project }}" state: list kind: template - name: "{{ openshift_cfme_flavor }}-db-pv" + name: "{{ openshift_management_flavor }}-db-pv" register: miq_db_pv_check - when: miq_db_pv_check.results.results == [{}] block: - name: Copy over CFME DB PV template copy: - src: "templates/{{ openshift_cfme_flavor }}/{{ openshift_cfme_flavor_short }}-pv-db-example.yaml" + src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-pv-db-example.yaml" dest: "{{ template_dir }}/" - name: Ensure CFME DB PV Template is created oc_obj: - namespace: "{{ openshift_cfme_project }}" - name: "{{ openshift_cfme_flavor }}-db-pv" + namespace: "{{ openshift_management_project }}" + name: "{{ openshift_management_flavor }}-db-pv" state: present kind: template files: - - "{{ template_dir }}/{{ openshift_cfme_flavor_short }}-pv-db-example.yaml" + - "{{ template_dir }}/{{ openshift_management_flavor_short }}-pv-db-example.yaml" diff --git a/roles/openshift_cfme/tasks/uninstall.yml b/roles/openshift_management/tasks/uninstall.yml index 068d065c2..09fbc609f 100644 --- a/roles/openshift_cfme/tasks/uninstall.yml +++ b/roles/openshift_management/tasks/uninstall.yml @@ -1,6 +1,6 @@ --- - name: Start removing all the objects - command: "oc delete -n {{ openshift_cfme_project }} {{ item }} --all" + command: "oc delete -n {{ openshift_management_project }} {{ item }} --all" with_items: - rc - dc @@ -12,10 +12,10 @@ - routes - name: Remove the project - command: "oc delete -n {{ openshift_cfme_project }} project {{ openshift_cfme_project }}" + command: "oc delete -n {{ openshift_management_project }} project {{ openshift_management_project }}" - name: Verify project has been destroyed - command: "oc get project {{ openshift_cfme_project }}" + command: "oc get project {{ openshift_management_project }}" ignore_errors: True register: project_terminated until: project_terminated.stderr.find("NotFound") != -1 diff --git a/roles/openshift_cfme/tasks/validate.yml b/roles/openshift_management/tasks/validate.yml index 1ba813a43..8b20bdc5e 100644 --- a/roles/openshift_cfme/tasks/validate.yml +++ b/roles/openshift_management/tasks/validate.yml @@ -1,49 +1,49 @@ --- -# Validate configuration parameters passed to the openshift_cfme role +# Validate configuration parameters passed to the openshift_management role ###################################################################### # CORE PARAMETERS -- name: Ensure openshift_cfme_app_template is valid +- name: Ensure openshift_management_app_template is valid assert: that: - - openshift_cfme_app_template in __openshift_cfme_app_templates + - openshift_management_app_template in __openshift_management_app_templates msg: | - "openshift_cfme_app_template must be one of {{ - __openshift_cfme_app_templates | join(', ') }}" + "openshift_management_app_template must be one of {{ + __openshift_management_app_templates | join(', ') }}" -- name: Ensure openshift_cfme_storage_class is a valid type +- name: Ensure openshift_management_storage_class is a valid type assert: that: - - openshift_cfme_storage_class in __openshift_cfme_storage_classes + - openshift_management_storage_class in __openshift_management_storage_classes msg: | - "openshift_cfme_storage_class must be one of {{ - __openshift_cfme_storage_classes | join(', ') }}" + "openshift_management_storage_class must be one of {{ + __openshift_management_storage_classes | join(', ') }}" ###################################################################### # STORAGE PARAMS - NFS - name: Ensure external NFS storage has a valid NFS server hostname defined assert: that: - - openshift_cfme_storage_nfs_external_hostname | default(False) + - openshift_management_storage_nfs_external_hostname | default(False) msg: | The selected storage class 'nfs_external' requires a valid - hostname for the openshift_cfme_storage_nfs_hostname parameter + hostname for the openshift_management_storage_nfs_hostname parameter when: - - openshift_cfme_storage_class == 'nfs_external' + - openshift_management_storage_class == 'nfs_external' - name: Ensure local NFS storage has a valid NFS server to use fail: msg: | No NFS hosts detected or defined but storage class is set to 'nfs'. Add hosts to your [nfs] group or define one manually with - the 'openshift_cfme_storage_nfs_local_hostname' parameter + the 'openshift_management_storage_nfs_local_hostname' parameter when: - - openshift_cfme_storage_class == 'nfs' + - openshift_management_storage_class == 'nfs' # You haven't created any NFS groups - (groups.nfs is defined and groups.nfs | length == 0) or (groups.nfs is not defined) # You did not manually specify a host to use - - (openshift_cfme_storage_nfs_local_hostname is not defined) or (openshift_cfme_storage_nfs_local_hostname == false) + - (openshift_management_storage_nfs_local_hostname is not defined) or (openshift_management_storage_nfs_local_hostname == false) ###################################################################### # STORAGE PARAMS -CLOUD PROVIDER @@ -52,13 +52,13 @@ that: - openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce' msg: | - openshift_cfme_storage_class is 'cloudprovider' but you have an + openshift_management_storage_class is 'cloudprovider' but you have an invalid kind defined, '{{ openshift_cloudprovider_kind }}'. See 'openshift_cloudprovider_kind' in the example inventories for the required parameters for your selected cloud provider. Working providers: 'aws' and 'gce'. when: - - openshift_cfme_storage_class == 'cloudprovider' + - openshift_management_storage_class == 'cloudprovider' - openshift_cloudprovider_kind is defined - name: Validate 'cloudprovider' Storage Class has required parameters defined @@ -66,25 +66,25 @@ that: - openshift_cloudprovider_kind is defined msg: | - openshift_cfme_storage_class is 'cloudprovider' but you do not + openshift_management_storage_class is 'cloudprovider' but you do not have 'openshift_cloudprovider_kind' defined, this is required. Search the example inventories for 'openshift_cloudprovider_kind'. The required parameters for your selected cloud provider must be defined in your inventory as well. Working providers: 'aws' and 'gce'. when: - - openshift_cfme_storage_class == 'cloudprovider' + - openshift_management_storage_class == 'cloudprovider' ###################################################################### # DATABASE CONNECTION VALIDATION - name: Validate all required database parameters were provided for ext-db template assert: that: - - item in openshift_cfme_template_parameters + - item in openshift_management_template_parameters msg: | "You are using external database services but a required database parameter {{ item }} was not found in - 'openshift_cfme_template_parameters'" - with_items: "{{ __openshift_cfme_required_db_conn_params }}" + 'openshift_management_template_parameters'" + with_items: "{{ __openshift_management_required_db_conn_params }}" when: - - openshift_cfme_app_template in ['miq-template-ext-db', 'cfme-template-ext-db'] + - openshift_management_app_template in ['miq-template-ext-db', 'cfme-template-ext-db'] diff --git a/roles/openshift_cfme/vars/main.yml b/roles/openshift_management/vars/main.yml index 9764f464c..da3ad0af7 100644 --- a/roles/openshift_cfme/vars/main.yml +++ b/roles/openshift_management/vars/main.yml @@ -2,7 +2,7 @@ # Misc enumerated values #--------------------------------------------------------------------- # Allowed choices for the storage class parameter -__openshift_cfme_storage_classes: +__openshift_management_storage_classes: - nfs - nfs_external - preconfigured @@ -11,19 +11,19 @@ __openshift_cfme_storage_classes: #--------------------------------------------------------------------- # DEFAULT PV SIZES # How large to make the MIQ application PV -__openshift_cfme_app_pv_size: 5Gi +__openshift_management_app_pv_size: 5Gi # How large to make the MIQ PostgreSQL PV -__openshift_cfme_db_pv_size: 15Gi +__openshift_management_db_pv_size: 15Gi # Name of the application templates with object/parameter definitions -__openshift_cfme_app_templates: +__openshift_management_app_templates: - miq-template-ext-db - miq-template - cfme-template-ext-db - cfme-template # PostgreSQL database connection parameters -__openshift_cfme_db_parameters: +__openshift_management_db_parameters: - DATABASE_USER - DATABASE_PASSWORD - DATABASE_IP @@ -31,13 +31,13 @@ __openshift_cfme_db_parameters: - DATABASE_NAME # # Commented out until we can support both CFME and MIQ -# # openshift_cfme_flavor: "{{ 'cloudforms' if openshift_deployment_type == 'openshift-enterprise' else 'manageiq' }}" -#openshift_cfme_flavor: cloudforms -openshift_cfme_flavor: manageiq +# # openshift_management_flavor: "{{ 'cloudforms' if openshift_deployment_type == 'openshift-enterprise' else 'manageiq' }}" +#openshift_management_flavor: cloudforms +openshift_management_flavor: manageiq # TODO: Make this conditional as well based on the prior variable -# # openshift_cfme_flavor_short: "{{ 'cfme' if openshift_deployment_type == 'openshift-enterprise' else 'miq' }}" -# openshift_cfme_flavor_short: cfme -openshift_cfme_flavor_short: miq +# # openshift_management_flavor_short: "{{ 'cfme' if openshift_deployment_type == 'openshift-enterprise' else 'miq' }}" +# openshift_management_flavor_short: cfme +openshift_management_flavor_short: miq ###################################################################### # ACCOUNTING @@ -54,7 +54,7 @@ __openshift_system_account_sccs: resource_name: anyuid # Service Account Roles -__openshift_cfme_system_account_roles: +__openshift_management_system_account_roles: - name: -orchestrator resource_name: view - name: -orchestrator @@ -68,7 +68,7 @@ __openshift_cfme_system_account_roles: # the final connection structure. # # TODO: Update user provided configs with this if they are missing fields -__openshift_cfme_required_db_conn_params: +__openshift_management_required_db_conn_params: - DATABASE_USER - DATABASE_PASSWORD - DATABASE_IP diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index d045b402b..9b3fbcf49 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -251,11 +251,7 @@ servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} bindNetwork: tcp4 certFile: master.server.crt -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} - clientCA: ca-bundle.crt -{% else %} clientCA: ca.crt -{% endif %} keyFile: master.server.key maxRequestsInFlight: {{ openshift.master.max_requests_inflight }} requestTimeoutSeconds: 3600 diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml index e3898b520..e5fcaf9af 100644 --- a/roles/openshift_node/tasks/config.yml +++ b/roles/openshift_node/tasks/config.yml @@ -111,9 +111,5 @@ msg: Node failed to start please inspect the logs and try again when: node_start_result | failed -- name: Setup tuned - include: tuned.yml - static: yes - - set_fact: node_service_status_changed: "{{ node_start_result | changed }}" diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index df02bcf0e..230f0a28c 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -112,10 +112,10 @@ EOF fi sed -e '/^nameserver.*$/d' /etc/resolv.conf >> ${NEW_RESOLV_CONF} echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF} - if ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then - sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF} - elif ! grep -qw search ${NEW_RESOLV_CONF}; then + if ! grep -qw search ${NEW_RESOLV_CONF}; then echo 'search cluster.local' >> ${NEW_RESOLV_CONF} + elif ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then + sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF} fi cp -Z ${NEW_RESOLV_CONF} /etc/resolv.conf fi diff --git a/roles/tuned/defaults/main.yml b/roles/tuned/defaults/main.yml new file mode 100644 index 000000000..418a4b521 --- /dev/null +++ b/roles/tuned/defaults/main.yml @@ -0,0 +1,3 @@ +--- +tuned_etc_directory: '/etc/tuned' +tuned_templates_source: '../templates' diff --git a/roles/tuned/meta/main.yml b/roles/tuned/meta/main.yml new file mode 100644 index 000000000..833d94c13 --- /dev/null +++ b/roles/tuned/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Jiri Mencak + description: Restart the tuned daemon if present and make it use the recommended profile + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.3 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud diff --git a/roles/openshift_node/tasks/tuned.yml b/roles/tuned/tasks/main.yml index 425bf6a26..e95d274d5 100644 --- a/roles/openshift_node/tasks/tuned.yml +++ b/roles/tuned/tasks/main.yml @@ -12,8 +12,6 @@ - name: Set tuned OpenShift variables set_fact: openshift_tuned_guest_profile: "{{ 'atomic-guest' if openshift.common.is_atomic else 'virtual-guest' }}" - tuned_etc_directory: '/etc/tuned' - tuned_templates_source: '../templates/tuned' - name: Ensure directory structure exists file: diff --git a/roles/openshift_node/templates/tuned/openshift-control-plane/tuned.conf b/roles/tuned/templates/openshift-control-plane/tuned.conf index f22f21065..f22f21065 100644 --- a/roles/openshift_node/templates/tuned/openshift-control-plane/tuned.conf +++ b/roles/tuned/templates/openshift-control-plane/tuned.conf diff --git a/roles/openshift_node/templates/tuned/openshift-node/tuned.conf b/roles/tuned/templates/openshift-node/tuned.conf index 78c7d19c9..78c7d19c9 100644 --- a/roles/openshift_node/templates/tuned/openshift-node/tuned.conf +++ b/roles/tuned/templates/openshift-node/tuned.conf diff --git a/roles/openshift_node/templates/tuned/openshift/tuned.conf b/roles/tuned/templates/openshift/tuned.conf index 68ac5dadb..68ac5dadb 100644 --- a/roles/openshift_node/templates/tuned/openshift/tuned.conf +++ b/roles/tuned/templates/openshift/tuned.conf diff --git a/roles/openshift_node/templates/tuned/recommend.conf b/roles/tuned/templates/recommend.conf index 5fa765798..086e5673d 100644 --- a/roles/openshift_node/templates/tuned/recommend.conf +++ b/roles/tuned/templates/recommend.conf @@ -1,8 +1,11 @@ -[openshift-node] -/etc/origin/node/node-config.yaml=.*region=primary - [openshift-control-plane,master] /etc/origin/master/master-config.yaml=.* [openshift-control-plane,node] /etc/origin/node/node-config.yaml=.*region=infra + +[openshift-control-plane,lb] +/etc/haproxy/haproxy.cfg=.* + +[openshift-node] +/etc/origin/node/node-config.yaml=.* |