diff options
47 files changed, 452 insertions, 77 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 4ec54c846..ead513c3d 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.35-1 ./ +3.0.36-1 ./ diff --git a/Dockerfile b/Dockerfile index ab16ca609..02ab51680 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ RUN yum -y install http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.no # Not sure if all of these packages are necessary # only git and ansible are known requirements -RUN yum install -y --enablerepo rhel-7-server-extras-rpms net-tools bind-utils git ansible +RUN yum install -y --enablerepo rhel-7-server-extras-rpms net-tools bind-utils git ansible pyOpenSSL ADD ./ /opt/openshift-ansible/ @@ -6,11 +6,11 @@ This repo contains Ansible code for OpenShift and Atomic Enterprise. - Install base dependencies: - Fedora: ``` - dnf install -y ansible rubygem-thor rubygem-parseconfig util-linux pyOpenSSL libffi-devel python-cryptography + dnf install -y ansible-1.9.4 rubygem-thor rubygem-parseconfig util-linux pyOpenSSL libffi-devel python-cryptography ``` - OSX: ``` - # Install ansible and python 2 + # Install ansible 1.9.4 and python 2 brew install ansible python # Required ruby gems gem install thor parseconfig diff --git a/README_AEP.md b/README_AEP.md index 7cdb1c5d5..739c4baeb 100644 --- a/README_AEP.md +++ b/README_AEP.md @@ -10,19 +10,17 @@ * [Overriding detected ip addresses and hostnames](#overriding-detected-ip-addresses-and-hostnames) ## Requirements -* ansible - * Tested using ansible 1.9.1 and 1.9.2 - * There is currently a known issue with ansible-1.9.0, you can downgrade to 1.8.4 on Fedora by installing one of the builds from Koji: http://koji.fedoraproject.org/koji/packageinfo?packageID=13842 +* ansible 1.9.4 * Available in Fedora channels * Available for EL with EPEL and Optional channel * One or more RHEL 7.1 VMs * Either ssh key based auth for the root user or ssh key based auth for a user with sudo access (no password) -* A checkout of atomic-enterprise-ansible from https://github.com/projectatomic/atomic-enterprise-ansible/ +* A checkout of openshift-ansible from https://github.com/openshift/openshift-ansible/ ```sh - git clone https://github.com/projectatomic/atomic-enterprise-ansible.git - cd atomic-enterprise-ansible + git clone https://github.com/openshift/openshift-ansible.git + cd openshift-ansible ``` ## Caveats diff --git a/README_OSE.md b/README_OSE.md index fdb6a75b8..f7615ae38 100644 --- a/README_OSE.md +++ b/README_OSE.md @@ -10,9 +10,7 @@ * [Overriding detected ip addresses and hostnames](#overriding-detected-ip-addresses-and-hostnames) ## Requirements -* ansible - * Tested using ansible-1.8.4-1.fc20.noarch, but should work with version 1.8+ - * There is currently a known issue with ansible-1.9.0, you can downgrade to 1.8.4 on Fedora by installing one of the builds from Koji: http://koji.fedoraproject.org/koji/packageinfo?packageID=13842 +* ansible 1.9.4 * Available in Fedora channels * Available for EL with EPEL and Optional channel * One or more RHEL 7.1 VMs diff --git a/README_origin.md b/README_origin.md index 0387e213f..761d1509f 100644 --- a/README_origin.md +++ b/README_origin.md @@ -10,9 +10,7 @@ * [Overriding detected ip addresses and hostnames](#overriding-detected-ip-addresses-and-hostnames) ## Requirements -* ansible - * Tested using ansible-1.8.4-1.fc20.noarch, but should work with version 1.8+ - * There is currently a known issue with ansible-1.9.0, you can downgrade to 1.8.4 on Fedora by installing one of the builds from Koji: http://koji.fedoraproject.org/koji/packageinfo?packageID=13842 +* ansible 1.9.4 * Available in Fedora channels * Available for EL with EPEL and Optional channel * One or more RHEL 7.1+, CentOS 7.1+, or Fedora 23+ VMs diff --git a/bin/cluster b/bin/cluster index c2765ff92..c3b101c98 100755 --- a/bin/cluster +++ b/bin/cluster @@ -68,7 +68,7 @@ class Cluster(object): self.action(args, inventory, cluster, playbook) - def addNodes(self, args): + def add_nodes(self, args): """ Add nodes to an existing cluster for given provider :param args: command line arguments provided by user @@ -76,7 +76,7 @@ class Cluster(object): cluster = {'cluster_id': args.cluster_id, 'deployment_type': self.get_deployment_type(args), } - playbook = "playbooks/{0}/openshift-cluster/addNodes.yml".format(args.provider) + playbook = "playbooks/{0}/openshift-cluster/add_nodes.yml".format(args.provider) inventory = self.setup_provider(args.provider) cluster['num_nodes'] = args.nodes @@ -321,13 +321,13 @@ if __name__ == '__main__': create_parser.set_defaults(func=cluster.create) - create_parser = action_parser.add_parser('addNodes', help='Add nodes to a cluster', + create_parser = action_parser.add_parser('add-nodes', help='Add nodes to a cluster', parents=[meta_parser]) create_parser.add_argument('-n', '--nodes', default=1, type=int, help='number of nodes to add to the cluster') create_parser.add_argument('-i', '--infra', default=1, type=int, help='number of infra nodes to add to the cluster') - create_parser.set_defaults(func=cluster.addNodes) + create_parser.set_defaults(func=cluster.add_nodes) config_parser = action_parser.add_parser('config', diff --git a/bin/openshift_ansible/awsutil.py b/bin/openshift_ansible/awsutil.py index e03c0ab15..3639ef733 100644 --- a/bin/openshift_ansible/awsutil.py +++ b/bin/openshift_ansible/awsutil.py @@ -89,7 +89,7 @@ class AwsUtil(object): def get_host_types(self): """Searches for host-type tags in the inventory and returns all host-types found.""" - pattern = re.compile(r'^oo_host-type_(.*)') + pattern = re.compile(r'^oo_hosttype_(.*)') host_types = [] inv = self.get_inventory() @@ -177,19 +177,20 @@ class AwsUtil(object): def gen_clusterid_tag(clu): """Generate the clusterid tag """ - return "tag_clusterid_%s" % clu + return "oo_clusterid_%s" % clu @staticmethod def gen_env_tag(env): """Generate the environment tag """ - return "tag_environment_%s" % env + return "oo_environment_%s" % env - def gen_host_type_tag(self, host_type): + def gen_host_type_tag(self, host_type, version): """Generate the host type tag """ - host_type = self.resolve_host_type(host_type) - return "tag_host-type_%s" % host_type + if version == '2': + host_type = self.resolve_host_type(host_type) + return "oo_hosttype_%s" % host_type # This function uses all of these params to perform a filters on our host inventory. # pylint: disable=too-many-arguments @@ -226,7 +227,7 @@ class AwsUtil(object): retval.intersection_update(env_hosts) if host_type: - retval.intersection_update(inv.get(self.gen_host_type_tag(host_type), [])) + retval.intersection_update(inv.get(self.gen_host_type_tag(host_type, version), [])) if version != 'all': retval.intersection_update(inv.get(AwsUtil.gen_version_tag(version), [])) diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 671c237b9..ae275b051 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -414,13 +414,19 @@ class FilterModule(object): in the following layout: "c_id": { - "master": [ - { "name": "c_id-master-12345", "public IP": "172.16.0.1", "private IP": "192.168.0.1", "subtype": "default" }] - "node": [ - { "name": "c_id-node-infra-23456", "public IP": "172.16.0.2", "private IP": "192.168.0.2", "subtype": "infra" }, - { "name": "c_id-node-compute-23456", "public IP": "172.16.0.3", "private IP": "192.168.0.3", "subtype": "compute" }, + "master": { + "default": [ + { "name": "c_id-master-12345", "public IP": "172.16.0.1", "private IP": "192.168.0.1" } + ] + "node": { + "infra": [ + { "name": "c_id-node-infra-23456", "public IP": "172.16.0.2", "private IP": "192.168.0.2" } + ], + "compute": [ + { "name": "c_id-node-compute-23456", "public IP": "172.16.0.3", "private IP": "192.168.0.3" }, ... - ]} + ] + } ''' def _get_tag_value(tags, key): @@ -430,33 +436,29 @@ class FilterModule(object): returns 'value2' ''' for tag in tags: - # Skip tag_env-host-type to avoid ambiguity with tag_env - # Removing env-host-type tag but leaving this here - if tag[:17] == 'tag_env-host-type': - continue if tag[:len(key)+4] == 'tag_' + key: return tag[len(key)+5:] raise KeyError(key) def _add_host(clusters, - env, + clusterid, host_type, sub_host_type, host): ''' Add a new host in the clusters data structure ''' - if env not in clusters: - clusters[env] = {} - if host_type not in clusters[env]: - clusters[env][host_type] = {} - if sub_host_type not in clusters[env][host_type]: - clusters[env][host_type][sub_host_type] = [] - clusters[env][host_type][sub_host_type].append(host) + if clusterid not in clusters: + clusters[clusterid] = {} + if host_type not in clusters[clusterid]: + clusters[clusterid][host_type] = {} + if sub_host_type not in clusters[clusterid][host_type]: + clusters[clusterid][host_type][sub_host_type] = [] + clusters[clusterid][host_type][sub_host_type].append(host) clusters = {} for host in data: try: _add_host(clusters=clusters, - env=_get_tag_value(host['group_names'], 'env'), + clusterid=_get_tag_value(host['group_names'], 'clusterid'), host_type=_get_tag_value(host['group_names'], 'host-type'), sub_host_type=_get_tag_value(host['group_names'], 'sub-host-type'), host={'name': host['inventory_hostname'], diff --git a/git/yaml_validation.py b/git/yaml_validation.py index 2b5c8ed49..69fd455a5 100755 --- a/git/yaml_validation.py +++ b/git/yaml_validation.py @@ -47,7 +47,12 @@ def main(): print "+++++++ Received: %s" % file_mod - if not file_mod.endswith('.yml') and not file_mod.endswith('.yaml') and not os.path.islink(file_mod): + # if the file extensions is not yml or yaml, move along. + if not file_mod.endswith('.yml') and not file_mod.endswith('.yaml'): + continue + + # We use symlinks in our repositories, ignore them. + if os.path.islink(file_mod): continue try: diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index 4e883a5c2..05aef586f 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -206,6 +206,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure node kubelet arguments #openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +# Configure logrotate scripts +# See: https://github.com/nickhammond/ansible-logrotate +#logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] + # host group for masters [masters] aep3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 632220fa9..7b240622d 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -216,6 +216,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure node kubelet arguments #openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +# Configure logrotate scripts +# See: https://github.com/nickhammond/ansible-logrotate +#logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index ab9a34db3..e44d1abc9 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -206,6 +206,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure node kubelet arguments #openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +# Configure logrotate scripts +# See: https://github.com/nickhammond/ansible-logrotate +#logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 4d00c655b..1a1445835 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.35 +Version: 3.0.36 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -259,6 +259,48 @@ Atomic OpenShift Utilities includes %changelog +* Mon Jan 25 2016 Kenny Woodson <kwoodson@redhat.com> 3.0.36-1 +- Fixing awsutil to support aliases and v3 (kwoodson@redhat.com) +- Fail when master restart playbook finds no active masters rather than any + failed masters. (abutcher@redhat.com) +- Skipping any symlinks for the yaml validation check (kwoodson@redhat.com) +- Added template for config loop. (twiest@redhat.com) +- Test validate_pcs_cluster input is basestring instead of str. + (abutcher@redhat.com) +- Fix error when oo_masters_to_config is empty (jdetiber@redhat.com) +- Update inventory examples for console customization (spinolacastro@gmail.com) +- Expose console config for customization (spinolacastro@gmail.com) +- oso_host_monitoring: added environment as a var to the host monitoring + systemd script (mwoodson@redhat.com) +- Check master certificates during upgrade. (abutcher@redhat.com) +- Use haproxy frontend port for os_firewall. (abutcher@redhat.com) +- Fix native master api sysconfig. (abutcher@redhat.com) +- Enable kubernetes master config of podEvictionTimeout from ansible + (jstuever@redhat.com) +- Fix wrapper pathing for non-root user install. (abutcher@redhat.com) +- Remove camel case for bin/cluster addNodes (jdetiber@redhat.com) +- Update cluster_hosts.yml for cloud providers (jdetiber@redhat.com) +- Removing ruby scripts and replacing with python. (kwoodson@redhat.com) +- Fixed a logic bug and yaml load (kwoodson@redhat.com) +- Fixing yaml validation in python. Inputs behave differently as does glob + (kwoodson@redhat.com) +- oso_monitoring: add the zabbix libs (mwoodson@redhat.com) +- Removing removing scripts and moving to python. (kwoodson@redhat.com) +- add ability to disable ztriggers and disable new container dns check + (jdiaz@redhat.com) +- Remove default disable of SDN for GCE (jdetiber@redhat.com) +- Fix hardcoded api_port in openshift_master_cluster (jdetiber@redhat.com) +- Use local address for loopback kubeconfig (jdetiber@redhat.com) +- consolidate steps and cleanup template dir (jdetiber@redhat.com) +- v3_0_to_v3_1_upgrade: Remove is_atomic check for upgrades + (smunilla@redhat.com) +- v3_0_to_v3_1_upgrade: Copy tasks rather than including from the playbook + (smunilla@redhat.com) +- v3_0_to_v3_1_upgrade: Install storage packages (smunilla@redhat.com) +- Controllers_port and firewall rules (spinolacastro@gmail.com) +- Fix bind address/port when isn't default (spinolacastro@gmail.com) +- Add ability to disable os_firewall (jdetiber@redhat.com) + * Mon Jan 18 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.35-1 - added the lib_timedate role (mwoodson@redhat.com) - added chrony (mwoodson@redhat.com) diff --git a/playbooks/aws/openshift-cluster/addNodes.yml b/playbooks/aws/openshift-cluster/add_nodes.yml index 3d88e6b23..3d88e6b23 100644 --- a/playbooks/aws/openshift-cluster/addNodes.yml +++ b/playbooks/aws/openshift-cluster/add_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/files/versions.sh b/playbooks/common/openshift-cluster/upgrades/files/versions.sh index b46407ed7..3a1a8ebb1 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/versions.sh @@ -1,8 +1,8 @@ #!/bin/bash -yum_installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | tr '\n' ' ') +yum_installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | sort -r | tr '\n' ' ') -yum_available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | tr '\n' ' ') +yum_available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ') echo "---" echo "curr_version: ${yum_installed}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 2a4eecad9..8ec379109 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -422,6 +422,24 @@ - name: Ensure node service enabled service: name="{{ openshift.common.service_type }}-node" state=started enabled=yes + - name: Install Ceph storage plugin dependencies + action: "{{ ansible_pkg_mgr }} name=ceph-common state=present" + + - name: Install GlusterFS storage plugin dependencies + action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present" + + - name: Set sebooleans to allow gluster storage plugin access from containers + seboolean: + name: "{{ item }}" + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" + with_items: + - virt_use_fusefs + - virt_sandbox_use_fusefs + register: sebool_result + failed_when: "'state' not in sebool_result and 'msg' in sebool_result and 'SELinux boolean {{ item }} does not exist' not in sebool_result.msg" + - set_fact: node_update_complete: True diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 9a5ae0e6b..d23a54511 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -89,7 +89,6 @@ roles: - etcd - role: nickhammond.logrotate - when: not openshift.common.is_containerized | bool - name: Delete temporary directory on localhost hosts: localhost diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 9f8443599..a0d21451f 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -86,6 +86,7 @@ etcd_generated_certs_dir: /etc/etcd/generated_certs etcd_needing_client_certs: "{{ hostvars | oo_select_keys(groups['oo_masters_to_config']) + | default([]) | oo_filter_list(filter_attr='etcd_client_certs_missing') }}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" roles: @@ -337,9 +338,10 @@ roles: - openshift_master - role: nickhammond.logrotate - when: not openshift.common.is_containerized | bool - role: fluentd_master when: openshift.common.use_fluentd | bool + - role: nuage_master + when: openshift.common.use_nuage | bool post_tasks: - name: Create group for deployment type group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }} diff --git a/playbooks/common/openshift-master/restart.yml b/playbooks/common/openshift-master/restart.yml index 052892863..02449e40d 100644 --- a/playbooks/common/openshift-master/restart.yml +++ b/playbooks/common/openshift-master/restart.yml @@ -77,13 +77,6 @@ when: openshift.master.cluster_method | default(None) == 'pacemaker' failed_when: false changed_when: false - # Any master which did not report 'active' or 'inactive' is likely - # unhealthy. Other possible states are 'unknown' or 'failed'. - - fail: - msg: > - Got invalid service state from {{ openshift.common.service_type }}-master - on {{ inventory_hostname }}. Please verify pacemaker cluster. - when: openshift.master.cluster_method | default(None) == 'pacemaker' and active_check_output.stdout not in ['active', 'inactive'] - set_fact: is_active: "{{ active_check_output.stdout == 'active' }}" when: openshift.master.cluster_method | default(None) == 'pacemaker' @@ -92,6 +85,13 @@ hosts: localhost become: no tasks: + - fail: + msg: > + Did not receive active status from any masters. Please verify pacemaker cluster. + when: "{{ hostvars[groups.oo_first_master.0].openshift.master.cluster_method | default(None) == 'pacemaker' and 'True' not in (hostvars + | oo_select_keys(groups['oo_masters_to_config']) + | oo_collect('is_active') + | list) }}" - name: Evaluate oo_active_masters add_host: name: "{{ item }}" diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 1d31657ed..dc3c25107 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -211,8 +211,9 @@ roles: - role: flannel when: openshift.common.use_flannel | bool + - role: nuage_node + when: openshift.common.use_nuage | bool - role: nickhammond.logrotate - when: not openshift.common.is_containerized | bool - role: fluentd_node when: openshift.common.use_fluentd | bool tasks: diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml index 6e9f3a8bd..e83f72a3d 100644 --- a/roles/cockpit/tasks/main.yml +++ b/roles/cockpit/tasks/main.yml @@ -6,7 +6,7 @@ - cockpit-shell - cockpit-bridge - "{{ cockpit_plugins }}" - when: not openshift.common.is_containerized | bool + when: not openshift.common.is_atomic | bool - name: Enable cockpit-ws service: diff --git a/roles/etcd_ca/tasks/main.yml b/roles/etcd_ca/tasks/main.yml index d32f5e48c..cf7bc00a3 100644 --- a/roles/etcd_ca/tasks/main.yml +++ b/roles/etcd_ca/tasks/main.yml @@ -1,4 +1,8 @@ --- +- name: Install openssl + action: "{{ ansible_pkg_mgr }} name=openssl state=present" + when: not openshift.common.is_atomic | bool + - file: path: "{{ item }}" state: directory diff --git a/roles/fluentd_master/tasks/main.yml b/roles/fluentd_master/tasks/main.yml index 1c87d562a..32f972f0a 100644 --- a/roles/fluentd_master/tasks/main.yml +++ b/roles/fluentd_master/tasks/main.yml @@ -1,12 +1,12 @@ --- - fail: msg: "fluentd master is not yet supported on atomic hosts" - when: openshift.common.is_containerized | bool + when: openshift.common.is_atomic | bool # TODO: Update fluentd install and configuration when packaging is complete - name: download and install td-agent action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present" - when: not openshift.common.is_containerized | bool + when: not openshift.common.is_atomic | bool - name: Verify fluentd plugin installed command: '/opt/td-agent/embedded/bin/gem query -i fluent-plugin-kubernetes' diff --git a/roles/fluentd_node/tasks/main.yml b/roles/fluentd_node/tasks/main.yml index 8d34c0b19..9fd908687 100644 --- a/roles/fluentd_node/tasks/main.yml +++ b/roles/fluentd_node/tasks/main.yml @@ -1,12 +1,12 @@ --- - fail: msg: "fluentd node is not yet supported on atomic hosts" - when: openshift.common.is_containerized | bool + when: openshift.common.is_atomic | bool # TODO: Update fluentd install and configuration when packaging is complete - name: download and install td-agent action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present" - when: not openshift.common.is_containerized | bool + when: not openshift.common.is_atomic | bool - name: Verify fluentd plugin installed command: '/opt/td-agent/embedded/bin/gem query -i fluent-plugin-kubernetes' @@ -55,4 +55,3 @@ name: 'td-agent' state: started enabled: yes - diff --git a/roles/lib_zabbix/library/zbx_host.py b/roles/lib_zabbix/library/zbx_host.py index e26c9caf3..560749f07 100644 --- a/roles/lib_zabbix/library/zbx_host.py +++ b/roles/lib_zabbix/library/zbx_host.py @@ -63,6 +63,19 @@ def get_template_ids(zapi, template_names): template_ids.append({'templateid': content['result'][0]['templateid']}) return template_ids +def interfaces_equal(zbx_interfaces, user_interfaces): + ''' + compare interfaces from zabbix and interfaces from user + ''' + + for u_int in user_interfaces: + for z_int in zbx_interfaces: + for u_key, u_val in u_int.items(): + if str(z_int[u_key]) != str(u_val): + return False + + return True + def main(): ''' Ansible module for zabbix host @@ -120,8 +133,9 @@ def main(): 'dns': '', # dns for host 'port': '10050', # port for interface? 10050 }] + hostgroup_names = list(set(module.params['hostgroup_names'])) params = {'host': hname, - 'groups': get_group_ids(zapi, module.params['hostgroup_names']), + 'groups': get_group_ids(zapi, hostgroup_names), 'templates': get_template_ids(zapi, module.params['template_names']), 'interfaces': ifs, } @@ -140,6 +154,11 @@ def main(): if zab_results['parentTemplates'] != value: differences[key] = value + + elif key == "interfaces": + if not interfaces_equal(zab_results[key], value): + differences[key] = value + elif zab_results[key] != value and zab_results[key] != str(value): differences[key] = value diff --git a/roles/nickhammond.logrotate/tasks/main.yml b/roles/nickhammond.logrotate/tasks/main.yml index 0a0cf1fae..e2c51a903 100644 --- a/roles/nickhammond.logrotate/tasks/main.yml +++ b/roles/nickhammond.logrotate/tasks/main.yml @@ -1,6 +1,7 @@ --- - name: nickhammond.logrotate | Install logrotate action: "{{ ansible_pkg_mgr }} name=logrotate state=present" + when: not openshift.common.is_atomic | bool - name: nickhammond.logrotate | Setup logrotate.d scripts template: diff --git a/roles/nuage_master/README.md b/roles/nuage_master/README.md new file mode 100644 index 000000000..de101dd19 --- /dev/null +++ b/roles/nuage_master/README.md @@ -0,0 +1,8 @@ +Nuage Master +============ +Setup Nuage Kubernetes Monitor on the Master node + + +Requirements +------------ +This role assumes it has been deployed on RHEL/Fedora diff --git a/roles/nuage_master/files/serviceaccount.sh b/roles/nuage_master/files/serviceaccount.sh new file mode 100644 index 000000000..f6fdb8a8d --- /dev/null +++ b/roles/nuage_master/files/serviceaccount.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# Parse CLI options +for i in "$@"; do + case $i in + --master-cert-dir=*) + MASTER_DIR="${i#*=}" + CA_CERT=${MASTER_DIR}/ca.crt + CA_KEY=${MASTER_DIR}/ca.key + CA_SERIAL=${MASTER_DIR}/ca.serial.txt + ADMIN_FILE=${MASTER_DIR}/admin.kubeconfig + ;; + --server=*) + SERVER="${i#*=}" + ;; + --output-cert-dir=*) + OUTDIR="${i#*=}" + CONFIG_FILE=${OUTDIR}/nuage.kubeconfig + ;; + esac +done + +# If any are missing, print the usage and exit +if [ -z $SERVER ] || [ -z $OUTDIR ] || [ -z $MASTER_DIR ]; then + echo "Invalid syntax: $@" + echo "Usage:" + echo " $0 --server=<address>:<port> --output-cert-dir=/path/to/output/dir/ --master-cert-dir=/path/to/master/" + echo "--master-cert-dir: Directory where the master's configuration is held" + echo "--server: Address of Kubernetes API server (default port is 8443)" + echo "--output-cert-dir: Directory to put artifacts in" + echo "" + echo "All options are required" + exit 1 +fi + +# Login as admin so that we can create the service account +oc login -u system:admin --config=$ADMIN_FILE || exit 1 +oc project default --config=$ADMIN_FILE + +ACCOUNT_CONFIG=' +{ + "apiVersion": "v1", + "kind": "ServiceAccount", + "metadata": { + "name": "nuage" + } +} +' + +# Create the account with the included info +echo $ACCOUNT_CONFIG|oc create --config=$ADMIN_FILE -f - + +# Add the cluser-reader role, which allows this service account read access to +# everything in the cluster except secrets +oadm policy add-cluster-role-to-user cluster-reader system:serviceaccounts:default:nuage --config=$ADMIN_FILE + +# Generate certificates and a kubeconfig for the service account +oadm create-api-client-config --certificate-authority=${CA_CERT} --client-dir=${OUTDIR} --signer-cert=${CA_CERT} --signer-key=${CA_KEY} --signer-serial=${CA_SERIAL} --user=system:serviceaccounts:default:nuage --master=${SERVER} --public-master=${SERVER} --basename='nuage' + +# Verify the finalized kubeconfig +if ! [ $(oc whoami --config=$CONFIG_FILE) == 'system:serviceaccounts:default:nuage' ]; then + echo "Service account creation failed!" + exit 1 +fi diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml new file mode 100644 index 000000000..635d8a419 --- /dev/null +++ b/roles/nuage_master/handlers/main.yaml @@ -0,0 +1,18 @@ +--- +- name: restart nuagekubemon + sudo: true + service: name=nuagekubemon state=restarted + +- name: restart master + service: name={{ openshift.common.service_type }}-master state=restarted + when: (not openshift_master_ha | bool) and (not master_service_status_changed | default(false)) + +- name: restart master api + service: name={{ openshift.common.service_type }}-master-api state=restarted + when: (openshift_master_ha | bool) and (not master_api_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' + +# TODO: need to fix up ignore_errors here +- name: restart master controllers + service: name={{ openshift.common.service_type }}-master-controllers state=restarted + when: (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' + ignore_errors: yes diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml new file mode 100644 index 000000000..a7baadc76 --- /dev/null +++ b/roles/nuage_master/tasks/main.yaml @@ -0,0 +1,34 @@ +--- +- name: Create directory /usr/share/nuagekubemon + sudo: true + file: path=/usr/share/nuagekubemon state=directory + +- name: Create the log directory + sudo: true + file: path={{ nuagekubemon_log_dir }} state=directory + +- name: Install Nuage Kubemon + sudo: true + yum: name={{ nuage_kubemon_rpm }} state=present + +- name: Run the service account creation script + sudo: true + script: serviceaccount.sh --server={{ openshift.master.api_url }} --output-cert-dir={{ cert_output_dir }} --master-cert-dir={{ openshift_master_config_dir }} + +- name: Download the certs and keys + sudo: true + fetch: src={{ cert_output_dir }}/{{ item }} dest=/tmp/{{ item }} flat=yes + with_items: + - ca.crt + - nuage.crt + - nuage.key + - nuage.kubeconfig + +- name: Create nuagekubemon.yaml + sudo: true + template: src=nuagekubemon.j2 dest=/usr/share/nuagekubemon/nuagekubemon.yaml owner=root mode=0644 + notify: + - restart master + - restart master api + - restart master controllers + - restart nuagekubemon diff --git a/roles/nuage_master/templates/nuagekubemon.j2 b/roles/nuage_master/templates/nuagekubemon.j2 new file mode 100644 index 000000000..fb586bcee --- /dev/null +++ b/roles/nuage_master/templates/nuagekubemon.j2 @@ -0,0 +1,19 @@ +# .kubeconfig that includes the nuage service account +kubeConfig: {{ kube_config }} +# name of the nuage service account, or another account with 'cluster-reader' +# permissions +# Openshift master config file +openshiftMasterConfig: {{ master_config_yaml }} +# URL of the VSD Architect +vsdApiUrl: {{ vsd_api_url }} +# API version to query against. Usually "v3_2" +vspVersion: {{ vsp_version }} +# File containing a VSP license to install. Only necessary if no license has +# been installed on the VSD Architect before, only valid for standalone vsd install +# licenseFile: "/path/to/base_vsp_license.txt" +# Name of the enterprise in which pods will reside +enterpriseName: {{ enterprise }} +# Name of the domain in which pods will reside +domainName: {{ domain }} +# Location where logs should be saved +log_dir: {{ nuagekubemon_log_dir }} diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml new file mode 100644 index 000000000..db901fea6 --- /dev/null +++ b/roles/nuage_master/vars/main.yaml @@ -0,0 +1,7 @@ +openshift_master_config_dir: "{{ openshift.common.config_base }}/master" +ca_cert: "{{ openshift_master_config_dir }}/ca.crt" +admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig" +cert_output_dir: /usr/share/nuagekubemon +kube_config: /usr/share/nuagekubemon/nuage.kubeconfig +kubemon_yaml: /usr/share/nuagekubemon/nuagekubemon.yaml +master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml" diff --git a/roles/nuage_node/README.md b/roles/nuage_node/README.md new file mode 100644 index 000000000..02a3cbc77 --- /dev/null +++ b/roles/nuage_node/README.md @@ -0,0 +1,9 @@ +Nuage Node +========== + +Setup Nuage VRS (Virtual Routing Switching) on the Openshift Node + +Requirements +------------ + +This role assumes it has been deployed on RHEL/Fedora diff --git a/roles/nuage_node/handlers/main.yaml b/roles/nuage_node/handlers/main.yaml new file mode 100644 index 000000000..d82d4b67b --- /dev/null +++ b/roles/nuage_node/handlers/main.yaml @@ -0,0 +1,4 @@ +--- +- name: restart vrs + sudo: true + service: name=openvswitch state=restarted diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml new file mode 100644 index 000000000..e0117bf71 --- /dev/null +++ b/roles/nuage_node/tasks/main.yaml @@ -0,0 +1,37 @@ +--- +- name: Install Nuage VRS + sudo: true + yum: name={{ vrs_rpm }} state=present + +- name: Set the uplink interface + sudo: true + lineinfile: dest={{ vrs_config }} regexp=^NETWORK_UPLINK_INTF line='NETWORK_UPLINK_INTF={{ uplink_interface }}' + +- name: Set the Active Controller + sudo: true + lineinfile: dest={{ vrs_config }} regexp=^ACTIVE_CONTROLLER line='ACTIVE_CONTROLLER={{ vsc_active_ip }}' + +- name: Set the Standby Controller + sudo: true + lineinfile: dest={{ vrs_config }} regexp=^STANDBY_CONTROLLER line='STANDBY_CONTROLLER={{ vsc_standby_ip }}' + when: vsc_standby_ip is defined + +- name: Install plugin rpm + sudo: true + yum: name={{ plugin_rpm }} state=present + +- name: Copy the certificates and keys + sudo: true + copy: src="/tmp/{{ item }}" dest="{{ vsp_k8s_dir }}/{{ item }}" + with_items: + - ca.crt + - nuage.crt + - nuage.key + - nuage.kubeconfig + +- name: Set the vsp-k8s.yaml + sudo: true + template: src=vsp-k8s.j2 dest={{ vsp_k8s_yaml }} owner=root mode=0644 + notify: + - restart vrs + - restart node diff --git a/roles/nuage_node/templates/vsp-k8s.j2 b/roles/nuage_node/templates/vsp-k8s.j2 new file mode 100644 index 000000000..98d6c3a9c --- /dev/null +++ b/roles/nuage_node/templates/vsp-k8s.j2 @@ -0,0 +1,14 @@ +clientCert: {{ client_cert }} +# The key to the certificate in clientCert above +clientKey: {{ client_key }} +# The certificate authority's certificate for the local kubelet. Usually the +# same as the CA cert used to create the client Cert/Key pair. +CACert: {{ ca_cert }} +# Name of the enterprise in which pods will reside +enterpriseName: {{ enterprise }} +# Name of the domain in which pods will reside +domainName: {{ domain }} +# IP address and port number of master API server +masterApiServer: {{ api_server }} +# Bridge name for the docker bridge +dockerBridgeName: {{ docker_bridge }} diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml new file mode 100644 index 000000000..a6b7cf997 --- /dev/null +++ b/roles/nuage_node/vars/main.yaml @@ -0,0 +1,9 @@ +--- +vrs_config: /etc/default/openvswitch +vsp_k8s_dir: /usr/share/vsp-k8s +vsp_k8s_yaml: "{{ vsp_k8s_dir }}/vsp-k8s.yaml" +client_cert: "{{ vsp_k8s_dir }}/nuage.crt" +client_key: "{{ vsp_k8s_dir }}/nuage.key" +ca_cert: "{{ vsp_k8s_dir }}/ca.crt" +api_server: "{{ openshift_node_master_api_url }}" +docker_bridge: "docker0" diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 2b53c9b8e..a6b6b1925 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -6,7 +6,7 @@ cli_image: "{{ osm_image | default(None) }}" - name: Install clients - yum: pkg={{ openshift.common.service_type }}-clients state=installed + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-clients state=present" when: not openshift.common.is_containerized | bool - name: Pull CLI Image diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index 3a2ccb59a..ff8c3b50f 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -4,6 +4,14 @@ when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_flannel | default(false) | bool - fail: + msg: Nuage sdn can not be used with openshift sdn + when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_nuage | default(false) | bool + +- fail: + msg: Nuage sdn can not be used with flannel + when: openshift_use_flannel | default(false) | bool and openshift_use_nuage | default(false) | bool + +- fail: msg: openshift_hostname must be 64 characters or less when: openshift_hostname is defined and openshift_hostname | length > 64 @@ -23,7 +31,9 @@ deployment_type: "{{ openshift_deployment_type }}" use_fluentd: "{{ openshift_use_fluentd | default(None) }}" use_flannel: "{{ openshift_use_flannel | default(None) }}" + use_nuage: "{{ openshift_use_nuage | default(None) }}" use_manageiq: "{{ openshift_use_manageiq | default(None) }}" + data_dir: "{{ openshift_data_dir | default(None) }}" - name: Install the base package for versioning action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version | default('') }} state=present" diff --git a/roles/openshift_common/vars/main.yml b/roles/openshift_common/vars/main.yml index 50816d319..b163f8aae 100644 --- a/roles/openshift_common/vars/main.yml +++ b/roles/openshift_common/vars/main.yml @@ -5,3 +5,4 @@ # chains with the public zone (or the zone associated with the correct # interfaces) os_firewall_use_firewalld: False +openshift_version: "{{ openshift_pkg_version | default('') }}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index af819e218..40e54d706 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -338,6 +338,23 @@ def set_flannel_facts_if_unset(facts): facts['common']['use_flannel'] = use_flannel return facts +def set_nuage_facts_if_unset(facts): + """ Set nuage facts if not already present in facts dict + dict: the facts dict updated with the nuage facts if + missing + Args: + facts (dict): existing facts + Returns: + dict: the facts dict updated with the nuage + facts if they were not already present + + """ + if 'common' in facts: + if 'use_nuage' not in facts['common']: + use_nuage = False + facts['common']['use_nuage'] = use_nuage + return facts + def set_node_schedulability(facts): """ Set schedulable facts if not already present in facts dict Args: @@ -1128,6 +1145,7 @@ class OpenShiftFacts(object): facts = set_project_cfg_facts_if_unset(facts) facts = set_fluentd_facts_if_unset(facts) facts = set_flannel_facts_if_unset(facts) + facts = set_nuage_facts_if_unset(facts) facts = set_node_schedulability(facts) facts = set_master_selectors(facts) facts = set_metrics_facts_if_unset(facts) diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index e40a1b329..0dbac1b54 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -1,11 +1,9 @@ --- -- name: Verify Ansible version is greater than 1.8.0 and not 1.9.0 and not 1.9.0.1 - assert: - that: - - ansible_version | version_compare('1.8.0', 'ge') - - ansible_version | version_compare('1.9.0', 'ne') - - ansible_version | version_compare('1.9.0.1', 'ne') - +- name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 + fail: + msg: "Unsupported ansible version: {{ ansible_version }} found" + when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + - name: Detecting Operating System shell: ls /run/ostree-booted ignore_errors: yes diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 9a7ae96f0..1eeab46fe 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -117,7 +117,7 @@ masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }} hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }} -{% if openshift.common.use_openshift_sdn %} +{% if openshift.common.use_openshift_sdn or openshift.common.use_nuage %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index cbe811f83..44065f4bd 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -20,7 +20,7 @@ networkPluginName: {{ openshift.common.sdn_network_plugin_name }} # deprecates networkPluginName above. The two should match. networkConfig: mtu: {{ openshift.node.sdn_mtu }} -{% if openshift.common.use_openshift_sdn %} +{% if openshift.common.use_openshift_sdn or openshift.common.use_nuage %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} {% if openshift.node.set_node_ip | bool %} diff --git a/roles/os_zabbix/vars/template_openshift_master.yml b/roles/os_zabbix/vars/template_openshift_master.yml index a0ba8d104..12ea36c8b 100644 --- a/roles/os_zabbix/vars/template_openshift_master.yml +++ b/roles/os_zabbix/vars/template_openshift_master.yml @@ -98,6 +98,18 @@ g_template_openshift_master: applications: - Openshift Master + - key: openshift.master.skydns.port.open + description: State of the SkyDNS port open and listening + type: int + applications: + - Openshift Master + + - key: openshift.master.skydns.query + description: SkyDNS can be queried or not + type: int + applications: + - Openshift Master + - key: openshift.master.etcd.create.success description: Show number of successful create actions type: int @@ -305,6 +317,20 @@ g_template_openshift_master: - 'Openshift Master process not running on {HOST.NAME}' priority: high + - name: 'SkyDNS port not listening on {HOST.NAME}' + expression: '{Template Openshift Master:openshift.master.skydns.port.open.max(#3)}<1' + url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_master.asciidoc' + dependencies: + - 'Openshift Master process not running on {HOST.NAME}' + priority: high + + - name: 'SkyDNS query failed on {HOST.NAME}' + expression: '{Template Openshift Master:openshift.master.skydns.query.max(#3)}<1' + url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_master.asciidoc' + dependencies: + - 'Openshift Master API health check is failing on {HOST.NAME}' + priority: high + zgraphs: - name: Openshift Master API Server Latency Pods LIST Quantiles width: 900 diff --git a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 index 31f7d4caa..ac950b4e5 100644 --- a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 +++ b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 @@ -50,6 +50,7 @@ ExecStart=/usr/bin/docker run --name {{ osohm_host_monitoring }} -e OSO_ENVIRONMENT={{ oo_environment }} \ -e OSO_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_host-type'] }} \ -e OSO_SUB_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] }} \ + -e OSO_MASTER_HA={{ osohm_master_ha }} \ -v /etc/localtime:/etc/localtime \ -v /sys:/sys:ro \ -v /sys/fs/selinux \ |