diff options
28 files changed, 307 insertions, 204 deletions
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index 1e050f0f6..cddd5175c 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -410,6 +410,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure usage of openshift_clock role. #openshift_clock_enabled=true +# OpenShift Per-Service Environment Variables +# Environment variables are added to /etc/sysconfig files for +# each OpenShift service: node, master (api and controllers). +# API and controllers environment variables are merged in single +# master environments. +#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"} +#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} +#openshift_node_env_vars={"ENABLE_HTTP2": "true"} + # host group for masters [masters] aep3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 104c64c23..7c9c7152b 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -415,6 +415,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure usage of openshift_clock role. #openshift_clock_enabled=true +# OpenShift Per-Service Environment Variables +# Environment variables are added to /etc/sysconfig files for +# each OpenShift service: node, master (api and controllers). +# API and controllers environment variables are merged in single +# master environments. +#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"} +#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} +#openshift_node_env_vars={"ENABLE_HTTP2": "true"} + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index ebac28fc6..55f9fa66c 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -410,6 +410,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure usage of openshift_clock role. #openshift_clock_enabled=true +# OpenShift Per-Service Environment Variables +# Environment variables are added to /etc/sysconfig files for +# each OpenShift service: node, master (api and controllers). +# API and controllers environment variables are merged in single +# master environments. +#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"} +#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} +#openshift_node_env_vars={"ENABLE_HTTP2": "true"} + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 3d6de2d17..4edd44fe4 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -143,11 +143,13 @@ - registry\.qe\.openshift\.com/.* - registry\.access\..*redhat\.com/rhel7/etcd - docker.io/openshift + when: openshift_uninstall_images | default(True) | bool - shell: "docker rmi -f {{ item.stdout_lines | join(' ') }}" changed_when: False failed_when: False with_items: "{{ images_to_delete.results }}" + when: openshift_uninstall_images | default(True) | bool - name: Remove sdn drop files file: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml index 27b3ece96..f163cca86 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -212,6 +212,9 @@ msg: Upgrade packages not found when: openshift_image_tag is not defined and (g_aos_versions.avail_version | default(g_aos_versions.curr_version, true) | version_compare(target_version, '<')) +- name: Verify docker upgrade targets + hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config + tasks: - name: Determine available Docker script: ../files/rpm_versions.sh docker register: g_docker_version_result @@ -266,7 +269,7 @@ - name: Backup etcd hosts: etcd_hosts_to_backup vars: - embedded_etcd: "{{ openshift.master.embedded_etcd }}" + embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" timestamp: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" roles: - openshift_facts diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml index c93bf2a17..964257af5 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -4,7 +4,7 @@ ############################################################################### - name: Upgrade docker - hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config + hosts: oo_masters_to_config:oo_nodes_to_config roles: - openshift_facts tasks: @@ -20,6 +20,15 @@ openshift_image_tag: "v{{ g_new_version }}" openshift_version: "{{ g_new_version }}" +- name: Upgrade docker + hosts: oo_etcd_to_config + roles: + - openshift_facts + tasks: + # Upgrade docker when host is not atomic and host is not a non-containerized etcd node + - include: docker_upgrade.yml + when: not openshift.common.is_atomic | bool and not ('oo_etcd_to_config' in group_names and not openshift.common.is_containerized) + # The cli image is used by openshift_docker_facts to determine the currently installed # version. We need to explicitly pull the latest image to handle cases where # the locally cached 'latest' tag is older the g_new_version. diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 0ca148169..7a59f3ea3 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -46,7 +46,7 @@ openshift_hosted_metrics_duration: "{{ lookup('oo_option', 'openshift_hosted_metrics_duration') | default(7) }}" when: openshift_hosted_metrics_duration is not defined - set_fact: - openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default(10) }}" + openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default('10s', true) }}" when: openshift_hosted_metrics_resolution is not defined roles: - openshift_facts diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index f9d194909..24c18f2b8 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -41,7 +41,7 @@ wget https://raw.githubusercontent.com/jboss-fuse/application-templates/master/f wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/metrics-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-metrics/enterprise/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/enterprise/metrics-deployer.yaml -wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployment/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/logging-deployer.yaml +wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployer/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/logging-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/enterprise/deployment/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/enterprise/logging-deployer.yaml popd diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json index 0e618624b..9a935be5e 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json @@ -85,7 +85,7 @@ "containers": [ { "name": "mongodb", - "image": "mongodb", + "image": " ", "ports": [ { "containerPort": 27017, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json index 07290b1ea..4f73d00cc 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json @@ -102,7 +102,7 @@ "containers": [ { "name": "mongodb", - "image": "mongodb", + "image": " ", "ports": [ { "containerPort": 27017, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json index 1457d288c..5f133b946 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json @@ -85,7 +85,7 @@ "containers": [ { "name": "mysql", - "image": "mysql", + "image": " ", "ports": [ { "containerPort": 3306, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json index e39ee57c8..88d8c3940 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json @@ -3,7 +3,6 @@ "apiVersion": "v1", "metadata": { "name": "mysql-persistent", - "creationTimestamp": null, "annotations": { "description": "MySQL database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mysql-database", @@ -15,28 +14,18 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${DATABASE_SERVICE_NAME}", - "creationTimestamp": null + "name": "${DATABASE_SERVICE_NAME}" }, "spec": { "ports": [ { "name": "mysql", - "protocol": "TCP", - "port": 3306, - "targetPort": 3306, - "nodePort": 0 + "port": 3306 } ], "selector": { "name": "${DATABASE_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - }, - "status": { - "loadBalancer": {} + } } }, { @@ -60,8 +49,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "${DATABASE_SERVICE_NAME}", - "creationTimestamp": null + "name": "${DATABASE_SERVICE_NAME}" }, "spec": { "strategy": { @@ -79,8 +67,7 @@ "kind": "ImageStreamTag", "name": "mysql:latest", "namespace": "${NAMESPACE}" - }, - "lastTriggeredImage": "" + } } }, { @@ -93,7 +80,6 @@ }, "template": { "metadata": { - "creationTimestamp": null, "labels": { "name": "${DATABASE_SERVICE_NAME}" } @@ -102,11 +88,10 @@ "containers": [ { "name": "mysql", - "image": "mysql", + "image": " ", "ports": [ { - "containerPort": 3306, - "protocol": "TCP" + "containerPort": 3306 } ], "readinessProbe": { @@ -149,13 +134,7 @@ "mountPath": "/var/lib/mysql/data" } ], - "terminationMessagePath": "/dev/termination-log", - "imagePullPolicy": "IfNotPresent", - "capabilities": {}, - "securityContext": { - "capabilities": {}, - "privileged": false - } + "imagePullPolicy": "IfNotPresent" } ], "volumes": [ @@ -165,13 +144,10 @@ "claimName": "${DATABASE_SERVICE_NAME}" } } - ], - "restartPolicy": "Always", - "dnsPolicy": "ClusterFirst" + ] } } - }, - "status": {} + } } ], "parameters": [ @@ -179,7 +155,8 @@ "name": "MEMORY_LIMIT", "displayName": "Memory Limit", "description": "Maximum amount of memory the container can use.", - "value": "512Mi" + "value": "512Mi", + "required": true }, { "name": "NAMESPACE", diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json index 39a71f25c..e90244a6b 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json @@ -85,7 +85,7 @@ "containers": [ { "name": "postgresql", - "image": "postgresql", + "image": " ", "ports": [ { "containerPort": 5432, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json index 347e01de3..7b05076a5 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json @@ -102,7 +102,7 @@ "containers": [ { "name": "postgresql", - "image": "postgresql", + "image": " ", "ports": [ { "containerPort": 5432, diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml index 67e49f327..032f94a18 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml @@ -54,6 +54,8 @@ objects: value: ${IMAGE_VERSION} - name: MASTER_URL value: ${MASTER_URL} + - name: MODE + value: ${MODE} - name: REDEPLOY value: ${REDEPLOY} - name: USE_PERSISTENT_STORAGE @@ -66,6 +68,8 @@ objects: value: ${CASSANDRA_PV_SIZE} - name: METRIC_DURATION value: ${METRIC_DURATION} + - name: METRIC_RESOLUTION + value: ${METRIC_RESOLUTION} dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: metrics-deployer @@ -83,7 +87,7 @@ parameters: - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION - value: "3.2.0" + value: "3.2.1" - description: "Internal URL for the master, for authentication retrieval" name: MASTER_URL @@ -93,7 +97,11 @@ parameters: name: HAWKULAR_METRICS_HOSTNAME required: true - - description: "If set to true the deployer will try and delete all the existing components before trying to redeploy." + description: "Can be set to: 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process)" + name: MODE + value: "deploy" +- + description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" name: REDEPLOY value: "false" - @@ -112,3 +120,7 @@ parameters: description: "How many days metrics should be stored for." name: METRIC_DURATION value: "7" +- + description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds" + name: METRIC_RESOLUTION + value: "10s" diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml index fd5841db7..77ffee7f9 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml @@ -10,7 +10,8 @@ items: description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." tags: "infrastructure" objects: - - apiVersion: v1 + - + apiVersion: v1 kind: ServiceAccount name: logging-deployer metadata: @@ -19,8 +20,6 @@ items: logging-infra: deployer provider: openshift component: deployer - secrets: - - name: logging-deployer - apiVersion: v1 kind: ServiceAccount @@ -67,18 +66,39 @@ items: - watch - delete - update + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-edit-role + roleRef: + kind: ClusterRole + name: edit + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-dsadmin-role + roleRef: + kind: ClusterRole + name: daemonset-admin + subjects: + - kind: ServiceAccount + name: logging-deployer - apiVersion: "v1" kind: "Template" metadata: name: logging-deployer-template annotations: - description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account and 'logging-deployer' secret." + description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." tags: "infrastructure" labels: logging-infra: deployer provider: openshift - component: deployer objects: - apiVersion: v1 @@ -91,9 +111,6 @@ items: imagePullPolicy: Always name: deployer volumeMounts: - - name: secret - mountPath: /secret - readOnly: true - name: empty mountPath: /etc/deploy env: @@ -125,6 +142,8 @@ items: value: ${ES_PVC_SIZE} - name: ES_PVC_PREFIX value: ${ES_PVC_PREFIX} + - name: ES_PVC_DYNAMIC + value: ${ES_PVC_DYNAMIC} - name: ES_CLUSTER_SIZE value: ${ES_CLUSTER_SIZE} - name: ES_NODE_QUORUM @@ -141,6 +160,8 @@ items: value: ${ES_OPS_PVC_SIZE} - name: ES_OPS_PVC_PREFIX value: ${ES_OPS_PVC_PREFIX} + - name: ES_OPS_PVC_DYNAMIC + value: ${ES_OPS_PVC_DYNAMIC} - name: ES_OPS_CLUSTER_SIZE value: ${ES_OPS_CLUSTER_SIZE} - name: ES_OPS_NODE_QUORUM @@ -173,130 +194,133 @@ items: volumes: - name: empty emptyDir: {} - - name: secret - secret: - secretName: logging-deployer parameters: - - description: "If true, set up to use a second ES cluster for ops logs." + description: "The mode that the deployer runs in." + name: MODE + value: "install" + - + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" + - + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" + - + description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." + name: IMAGE_PULL_SECRET + - + description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" + name: INSECURE_REGISTRY + value: "false" + - + description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." name: ENABLE_OPS_CLUSTER value: "false" - - description: "External hostname where clients will reach kibana" + description: "(Deprecated) External hostname where clients will reach kibana" name: KIBANA_HOSTNAME - required: true + value: "kibana.example.com" - - description: "External hostname at which admins will visit the ops Kibana." + description: "(Deprecated) External hostname at which admins will visit the ops Kibana." name: KIBANA_OPS_HOSTNAME value: kibana-ops.example.com - - description: "External URL for the master, for OAuth purposes" + description: "(Deprecated) External URL for the master, for OAuth purposes" name: PUBLIC_MASTER_URL - required: true + value: "https://localhost:8443" - - description: "Internal URL for the master, for authentication retrieval" + description: "(Deprecated) Internal URL for the master, for authentication retrieval" name: MASTER_URL value: "https://kubernetes.default.svc.cluster.local" - - description: "How many instances of ElasticSearch to deploy." + description: "(Deprecated) How many instances of ElasticSearch to deploy." name: ES_CLUSTER_SIZE - required: true + value: "1" - - description: "Amount of RAM to reserve per ElasticSearch instance." + description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." name: ES_INSTANCE_RAM value: "8G" - - description: "Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." name: ES_PVC_SIZE - - description: "Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." name: ES_PVC_PREFIX value: "logging-es-" - - description: "Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' + name: ES_PVC_DYNAMIC + - + description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." name: ES_NODE_QUORUM - - description: "Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." name: ES_RECOVER_AFTER_NODES - - description: "Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." name: ES_RECOVER_EXPECTED_NODES - - description: "Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." name: ES_RECOVER_AFTER_TIME value: "5m" - - description: "How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." name: ES_OPS_CLUSTER_SIZE - - description: "Amount of RAM to reserve per ops ElasticSearch instance." + description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." name: ES_OPS_INSTANCE_RAM value: "8G" - - description: "Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." name: ES_OPS_PVC_SIZE - - description: "Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." name: ES_OPS_PVC_PREFIX value: "logging-es-ops-" - - description: "Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' + name: ES_OPS_PVC_DYNAMIC + - + description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." name: ES_OPS_NODE_QUORUM - - description: "Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." name: ES_OPS_RECOVER_AFTER_NODES - - description: "Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." name: ES_OPS_RECOVER_EXPECTED_NODES - - description: "Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." name: ES_OPS_RECOVER_AFTER_TIME value: "5m" - - description: "The nodeSelector used for the Fluentd DaemonSet." + description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." name: FLUENTD_NODESELECTOR value: "logging-infra-fluentd=true" - - description: "Node selector Elasticsearch cluster (label=value)." + description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." name: ES_NODESELECTOR value: "" - - description: "Node selector Elasticsearch operations cluster (label=value)." + description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." name: ES_OPS_NODESELECTOR value: "" - - description: "Node selector Kibana cluster (label=value)." + description: "(Deprecated) Node selector Kibana cluster (label=value)." name: KIBANA_NODESELECTOR value: "" - - description: "Node selector Kibana operations cluster (label=value)." + description: "(Deprecated) Node selector Kibana operations cluster (label=value)." name: KIBANA_OPS_NODESELECTOR value: "" - - description: "Node selector Curator (label=value)." + description: "(Deprecated) Node selector Curator (label=value)." name: CURATOR_NODESELECTOR value: "" - - description: "Node selector operations Curator (label=value)." + description: "(Deprecated) Node selector operations Curator (label=value)." name: CURATOR_OPS_NODESELECTOR value: "" - - - description: "The mode that the deployer runs in." - name: MODE - value: "install" - - - description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "docker.io/openshift/origin-" - - - description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' - name: IMAGE_VERSION - value: "latest" - - - description: 'Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry.' - name: IMAGE_PULL_SECRET - - - description: 'Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)' - name: INSECURE_REGISTRY - value: "false" diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml index 8fb594ce8..89639fd67 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml @@ -34,9 +34,11 @@ objects: metadata: generateName: metrics-deployer- spec: + securityContext: {} containers: - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} name: deployer + securityContext: {} volumeMounts: - name: secret mountPath: /secret @@ -48,6 +50,10 @@ objects: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name - name: IMAGE_PREFIX value: ${IMAGE_PREFIX} - name: IMAGE_VERSION diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json index f044152b3..dda16ecfa 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json @@ -437,7 +437,7 @@ }, { "name": "DJANGO_SECRET_KEY", - "displayName": "Djange Secret Key", + "displayName": "Django Secret Key", "description": "Set this to a long random string.", "generate": "expression", "from": "[\\w]{50}" diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json index 67fce4a46..d1ae6de90 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json @@ -12,35 +12,10 @@ }, "objects": [ { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "web", - "protocol": "TCP", - "port": 8080, - "targetPort": 8080, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - }, - { "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "jenkins", + "name": "${JENKINS_SERVICE_NAME}", "creationTimestamp": null }, "spec": { @@ -77,7 +52,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jenkins:latest", + "name": "${JENKINS_IMAGE_STREAM_TAG}", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -102,7 +77,7 @@ "containers": [ { "name": "jenkins", - "image": "JENKINS_IMAGE", + "image": " ", "readinessProbe": { "timeoutSeconds": 3, "initialDelaySeconds": 3, @@ -126,10 +101,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${JENKINS_SERVICE_NAME}-data", @@ -158,22 +133,35 @@ } } } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 8080, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "value": "openshift" - }, - { "name": "JENKINS_SERVICE_NAME", "displayName": "Jenkins Service Name", "description": "The name of the OpenShift Service exposed for the Jenkins container.", @@ -185,6 +173,24 @@ "description": "Password for the Jenkins 'admin' user.", "generate": "expression", "value": "password" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Jenkins ImageStream Namespace", + "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", + "value": "openshift" + }, + { + "name": "JENKINS_IMAGE_STREAM_TAG", + "displayName": "Jenkins ImageStreamTag", + "description": "Name of the ImageStreamTag to be used for the Jenkins image.", + "value": "jenkins:latest" } ], "labels": { diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json index ef04b4482..c7bc3f2fa 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json @@ -12,35 +12,10 @@ }, "objects": [ { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "web", - "protocol": "TCP", - "port": 8080, - "targetPort": 8080, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - }, - { "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "jenkins", + "name": "${JENKINS_SERVICE_NAME}", "creationTimestamp": null }, "spec": { @@ -82,7 +57,7 @@ }, "spec": { "strategy": { - "type": "Recreate" + "type": "Recreate" }, "triggers": [ { @@ -94,7 +69,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jenkins:latest", + "name": "${JENKINS_IMAGE_STREAM_TAG}", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -119,7 +94,7 @@ "containers": [ { "name": "jenkins", - "image": "JENKINS_IMAGE", + "image": " ", "readinessProbe": { "timeoutSeconds": 3, "initialDelaySeconds": 3, @@ -143,10 +118,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${JENKINS_SERVICE_NAME}-data", @@ -175,22 +150,35 @@ } } } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 8080, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "value": "openshift" - }, - { "name": "JENKINS_SERVICE_NAME", "displayName": "Jenkins Service Name", "description": "The name of the OpenShift Service exposed for the Jenkins container.", @@ -204,11 +192,29 @@ "value": "password" }, { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { "name": "VOLUME_CAPACITY", "displayName": "Volume Capacity", "description": "Volume space available for data, e.g. 512Mi, 2Gi.", "value": "1Gi", "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Jenkins ImageStream Namespace", + "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", + "value": "openshift" + }, + { + "name": "JENKINS_IMAGE_STREAM_TAG", + "displayName": "Jenkins ImageStreamTag", + "description": "Name of the ImageStreamTag to be used for the Jenkins image.", + "value": "jenkins:latest" } ], "labels": { diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 2f8af2454..a5ccfb152 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1749,7 +1749,7 @@ class OpenShiftFacts(object): metrics=dict( deploy=False, duration=7, - resolution=10, + resolution='10s', storage=dict( kind=None, volume=dict( diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 026787421..3d532db04 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -9,6 +9,12 @@ AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} +{% if 'api_env_vars' in openshift.master or 'controllers_env_vars' in openshift.master -%} +{% for key, value in openshift.master.api_env_vars.items() | default([]) | union(openshift.master.controllers_env_vars.items() | default([])) -%} +{{ key }}={{ value }} +{% endfor -%} +{% endif -%} + # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 02c22e374..ab560b1bd 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -9,6 +9,12 @@ AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} +{% if 'api_env_vars' in openshift.master -%} +{% for key, value in openshift.master.api_env_vars.items() -%} +{{ key }}={{ value }} +{% endfor -%} +{% endif -%} + # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 644640577..1a83b98e1 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -9,6 +9,12 @@ AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} +{% if 'controllers_env_vars' in openshift.master -%} +{% for key, value in openshift.master.controllers_env_vars.items() -%} +{{ key }}={{ value }} +{% endfor -%} +{% endif -%} + # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index d51c5a0a3..3377e29e6 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -78,3 +78,5 @@ image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}" dynamic_provisioning_enabled: "{{ openshift_master_dynamic_provisioning_enabled | default(None) }}" max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}" + api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}" + controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}" diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md index 2e903379a..f7ec86c55 100644 --- a/roles/openshift_metrics/README.md +++ b/roles/openshift_metrics/README.md @@ -21,7 +21,7 @@ From this role: | openshift_hosted_metrics_storage_volume_size | 10Gi | Metrics volume size | | openshift_hosted_metrics_storage_nfs_options | *(rw,root_squash) | NFS options for configured exports. | | openshift_hosted_metrics_duration | 7 | Metrics query duration | -| openshift_hosted_metrics_resolution | 10 | Metrics resolution | +| openshift_hosted_metrics_resolution | 10s | Metrics resolution | From openshift_common: diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 6aac0dc21..165010afb 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -26,6 +26,7 @@ proxy_mode: "{{ openshift_node_proxy_mode | default('iptables') }}" local_quota_per_fsgroup: "{{ openshift_node_local_quota_per_fsgroup | default(None) }}" dns_ip: "{{ openshift_dns_ip | default(none) | get_dns_ip(hostvars[inventory_hostname])}}" + env_vars: "{{ openshift_node_env_vars | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging. @@ -91,6 +92,16 @@ notify: - restart node +- name: Configure Node Environment Variables + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + create: true + with_dict: "{{ openshift.node.env_vars | default({}) }}" + notify: + - restart node + - name: Additional storage plugin configuration include: storage_plugins/main.yml diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml index 4cb24469d..7147b78f5 100644 --- a/roles/openshift_node_dnsmasq/tasks/main.yml +++ b/roles/openshift_node_dnsmasq/tasks/main.yml @@ -3,15 +3,16 @@ command: > systemctl show NetworkManager register: nm_show - + changed_when: false + - name: Set fact using_network_manager set_fact: network_manager_active: "{{ True if 'ActiveState=active' in nm_show.stdout else False }}" - + - name: Install dnsmasq action: "{{ ansible_pkg_mgr }} name=dnsmasq state=installed" when: not openshift.common.is_atomic | bool - + - name: Install dnsmasq configuration template: src: origin-dns.conf.j2 @@ -20,8 +21,7 @@ # Dynamic NetworkManager based dispatcher - include: ./network-manager.yml when: network_manager_active | bool - + # Relies on ansible in order to configure static config - include: ./no-network-manager.yml when: not network_manager_active | bool - |