diff options
35 files changed, 280 insertions, 97 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index d176e08c5..a8e890624 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.40-1 ./ +3.0.42-1 ./ diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index dcda14c63..3dc3f2fe9 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -697,6 +697,19 @@ class FilterModule(object): return matching_pods + @staticmethod + def oo_get_hosts_from_hostvars(hostvars, hosts): + """ Return a list of hosts from hostvars """ + retval = [] + for host in hosts: + try: + retval.append(hostvars[host]) + except errors.AnsibleError as _: + # host does not exist + pass + + return retval + def filters(self): """ returns a mapping of filters to methods """ return { @@ -724,4 +737,5 @@ class FilterModule(object): "oo_persistent_volume_claims": self.oo_persistent_volume_claims, "oo_31_rpm_rename_conversion": self.oo_31_rpm_rename_conversion, "oo_pods_match_component": self.oo_pods_match_component, + "oo_get_hosts_from_hostvars": self.oo_get_hosts_from_hostvars, } diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index a2e1708d4..8cd4caac4 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -58,12 +58,18 @@ deployment_type=atomic-enterprise # See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com +# Docker Configuration # Add additional, insecure, and blocked registries to global docker configuration # For enterprise deployment types we ensure that registry.access.redhat.com is # included if you do not include it #cli_docker_additional_registries=registry.example.com #cli_docker_insecure_registries=registry.example.com #cli_docker_blocked_registries=registry.hacker.com +# Items added, as is, to end of /etc/sysconfig/docker OPTIONS +#openshift_docker_options="-l warn --ipv6=false" +# Deprecated methods to set --log-driver and --log-opts flags, use openshift_docker_options instead +#cli_docker_log_driver=json +#cli_docker_log_options="tag=mailer" # Alternate image format string. If you're not modifying the format string and # only need to inject your own registry you may want to consider diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index de1d0f88b..fffdcaab4 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -59,12 +59,18 @@ deployment_type=origin # See: https://docs.openshift.org/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com +# Docker Configuration # Add additional, insecure, and blocked registries to global docker configuration # For enterprise deployment types we ensure that registry.access.redhat.com is # included if you do not include it #cli_docker_additional_registries=registry.example.com #cli_docker_insecure_registries=registry.example.com #cli_docker_blocked_registries=registry.hacker.com +# Items added, as is, to end of /etc/sysconfig/docker OPTIONS +#openshift_docker_options="-l warn --ipv6=false" +# Deprecated methods to set --log-driver and --log-opts flags, use openshift_docker_options instead +#cli_docker_log_driver=json +#cli_docker_log_options="tag=mailer" # Alternate image format string. If you're not modifying the format string and # only need to inject your own registry you may want to consider diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index c80be574f..233c1c8e2 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -58,12 +58,19 @@ deployment_type=openshift-enterprise # See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com +# Docker Configuration # Add additional, insecure, and blocked registries to global docker configuration # For enterprise deployment types we ensure that registry.access.redhat.com is # included if you do not include it #cli_docker_additional_registries=registry.example.com #cli_docker_insecure_registries=registry.example.com #cli_docker_blocked_registries=registry.hacker.com +# Items added, as is, to end of /etc/sysconfig/docker OPTIONS +#openshift_docker_options="-l warn --ipv6=false" +# Deprecated methods to set --log-driver and --log-opts flags, use openshift_docker_options instead +#cli_docker_log_driver=json +#cli_docker_log_options="tag=mailer" + # Alternate image format string. If you're not modifying the format string and # only need to inject your own registry you may want to consider diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 7c7fb399c..017515045 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.40 +Version: 3.0.42 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -50,8 +50,10 @@ cp -p bin/openshift_ansible.conf.example %{buildroot}/etc/openshift_ansible/open # Fix links rm -f %{buildroot}%{python_sitelib}/openshift_ansible/multi_inventory.py rm -f %{buildroot}%{python_sitelib}/openshift_ansible/aws +rm -f %{buildroot}%{python_sitelib}/openshift_ansible/gce ln -sf %{_datadir}/ansible/inventory/multi_inventory.py %{buildroot}%{python_sitelib}/openshift_ansible/multi_inventory.py ln -sf %{_datadir}/ansible/inventory/aws %{buildroot}%{python_sitelib}/openshift_ansible/aws +ln -sf %{_datadir}/ansible/inventory/gce %{buildroot}%{python_sitelib}/openshift_ansible/gce # openshift-ansible-docs install # -docs are currently just %doc, no install needed @@ -259,6 +261,45 @@ Atomic OpenShift Utilities includes %changelog +* Tue Feb 16 2016 Joel Diaz <jdiaz@redhat.com> 3.0.42-1 +- Add gce softlink for openshift-ansible-bin + +* Mon Feb 15 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.41-1 +- Bug 1308411 - Fail to install OSE 3.0 for no add-scc-to-user command + (bleanhar@redhat.com) +- Add openshift_docker_options to append arbitrary options to + /etc/sysconfig/docker OPTIONS (sdodson@redhat.com) +- oo_filter: added custom fitler to return hosts group info + (mwoodson@redhat.com) +- add gce softlink for openshift-ansible-bin RPM (jdiaz@redhat.com) +- a-o-i: Count nativeha hosts as "installed" for scaleup (smunilla@redhat.com) +- a-o-i: Add master_routingconfig_subdomain to PERSIST_SETTINGS + (smunilla@redhat.com) +- Bug 1308412 - Fail to install containerized HA master env on RHEL7 + (bleanhar@redhat.com) +- Bug 1308314 - Failed to continue installation when pressing CTRL-C + (bleanhar@redhat.com) +- Updating the 3.1.1 router to match the new liveness probe configuration + (bleanhar@redhat.com) +- Don't automatically give additional permissions to all OAuth users on upgrade + (jliggitt@redhat.com) +- Fix adhoc boostrap fedora playbook (jdetiber@redhat.com) +- Fix libvirt cluster creation (lhuard@amadeus.com) +- Add missing `type` node labels on OpenStack and libvirt (lhuard@amadeus.com) +- a-o-i: Prompts to allow minor upgrades (smunilla@redhat.com) +- conditionalize loopback config on v >= 3.2/1.2 (jdetiber@redhat.com) +- Fixes pv/pvc creation for latest builds (jdetiber@redhat.com) +- Bug 1302970 - update script does not patch router if name is different from + default (bleanhar@redhat.com) +- Fix loopback cluster name, context name, and user (jdetiber@redhat.com) +- Changes for new Nuage RPMS (vishal.patil@nuagenetworks.net) +- Make the GCE image_name and the machine_type configurable from the CLI + (lhuard@amadeus.com) +- Better structure the output of the list playbook (lhuard@amadeus.com) +- Fix issue when there are no infra nodes (lhuard@amadeus.com) +- Remove fluentd_master and fluentd_node roles. (abutcher@redhat.com) +- Remove etcd up checks from fluentd_master. (abutcher@redhat.com) + * Thu Feb 11 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.40-1 - Bug 1306665 - [metrics] update metrics-deployer template to use latest image versions (bleanhar@redhat.com) diff --git a/playbooks/adhoc/bootstrap-fedora.yml b/playbooks/adhoc/bootstrap-fedora.yml index 0df77e309..471c41f16 100644 --- a/playbooks/adhoc/bootstrap-fedora.yml +++ b/playbooks/adhoc/bootstrap-fedora.yml @@ -1,5 +1,4 @@ - hosts: OSEv3 - gather_facts: false tasks: - name: install python and deps for ansible modules raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python diff --git a/playbooks/aws/openshift-cluster/cluster_hosts.yml b/playbooks/aws/openshift-cluster/cluster_hosts.yml index 1023f3ec1..ca87bc655 100644 --- a/playbooks/aws/openshift-cluster/cluster_hosts.yml +++ b/playbooks/aws/openshift-cluster/cluster_hosts.yml @@ -12,6 +12,6 @@ g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_master'] | de g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_node'] | default([])) }}" -g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_infra']) | default([]) }}" +g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_infra'] | default([])) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute'] | default([])) }}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 3f5c37dde..0fb38f32e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -501,6 +501,7 @@ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings --exclude-groups=system:authenticated + --exclude-groups=system:authenticated:oauth --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm @@ -621,6 +622,16 @@ '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}' --api-version=v1 with_items: haproxy_routers + when: not openshift.common.version_gte_3_1_1_or_1_1_1 + + - name: Update router image to current version + when: all_routers.rc == 0 + command: > + {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p + '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' + --api-version=v1 + with_items: haproxy_routers + when: openshift.common.version_gte_3_1_1_or_1_1_1 - name: Check for default registry command: > diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml index d7a2ac405..196393b2a 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml @@ -37,7 +37,7 @@ when: all_routers.rc == 0 command: > {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p - '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}' + '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' --api-version=v1 with_items: haproxy_routers diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml index 81dbba1e3..dbf746f12 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml @@ -109,6 +109,7 @@ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings --exclude-groups=system:authenticated + --exclude-groups=system:authenticated:oauth --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml index 047431b63..fd82997b9 100644 --- a/playbooks/common/openshift-cluster/validate_hostnames.yml +++ b/playbooks/common/openshift-cluster/validate_hostnames.yml @@ -21,6 +21,6 @@ failed_when: false - name: Warn user about bad openshift_hostname values pause: - prompt: "The hostname \"{{ openshift.common.hostname }}\" for \"{{ ansible_nodename }}\" doesn't resolve to an ip address owned by this host. Please set openshift_hostname variable to a hostname that when resolved on the host in question resolves to an IP address matching an interface on this host. This host will fail liveness checks for pods utilizing hostPorts, press CTRL-C to continue." + prompt: "The hostname \"{{ openshift.common.hostname }}\" for \"{{ ansible_nodename }}\" doesn't resolve to an ip address owned by this host. Please set openshift_hostname variable to a hostname that when resolved on the host in question resolves to an IP address matching an interface on this host. This host will fail liveness checks for pods utilizing hostPorts, press ENTER to continue or CTRL-C to abort." seconds: "{{ 10 if openshift_override_hostname_check | default(false) | bool else omit }}" when: lookupip.stdout not in ansible_all_ipv4_addresses diff --git a/playbooks/gce/openshift-cluster/cluster_hosts.yml b/playbooks/gce/openshift-cluster/cluster_hosts.yml index 15690e3bf..5cc300bbf 100644 --- a/playbooks/gce/openshift-cluster/cluster_hosts.yml +++ b/playbooks/gce/openshift-cluster/cluster_hosts.yml @@ -12,6 +12,6 @@ g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-master'] | de g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-node'] | default([])) }}" -g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-infra']) | default([]) }}" +g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-infra'] | default([])) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute'] | default([])) }}" diff --git a/playbooks/gce/openshift-cluster/list.yml b/playbooks/gce/openshift-cluster/list.yml index f3004ede9..992033d16 100644 --- a/playbooks/gce/openshift-cluster/list.yml +++ b/playbooks/gce/openshift-cluster/list.yml @@ -18,9 +18,16 @@ ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" with_items: groups[scratch_group] | default([], true) | difference(['localhost']) | difference(groups.status_terminated | default([], true)) -- name: List instance(s) +- name: List Hosts hosts: oo_list_hosts + +- name: List Hosts + hosts: localhost + become: no + connection: local gather_facts: no + vars_files: + - vars.yml tasks: - debug: - msg: "public ip: {{ hostvars[inventory_hostname].gce_public_ip }} private ip:{{ hostvars[inventory_hostname].gce_private_ip }}" + msg: "{{ hostvars | oo_select_keys(groups[scratch_group] | default([])) | oo_pretty_print_cluster }}" diff --git a/playbooks/gce/openshift-cluster/vars.yml b/playbooks/gce/openshift-cluster/vars.yml index 1ae73fd68..d173213fc 100644 --- a/playbooks/gce/openshift-cluster/vars.yml +++ b/playbooks/gce/openshift-cluster/vars.yml @@ -2,15 +2,15 @@ debug_level: 2 deployment_rhel7_ent_base: - image: rhel-7 - machine_type: n1-standard-1 + image: "{{ lookup('oo_option', 'image_name') | default('rhel-7', True) }}" + machine_type: "{{ lookup('oo_option', 'machine_type') | default('n1-standard-1', True) }}" ssh_user: "{{ lookup('env', 'gce_ssh_user') | default(ansible_ssh_user, true) }}" sudo: yes deployment_vars: origin: - image: centos-7 - machine_type: n1-standard-1 + image: "{{ lookup('oo_option', 'image_name') | default('centos-7', True) }}" + machine_type: "{{ lookup('oo_option', 'machine_type') | default('n1-standard-1', True) }}" ssh_user: "{{ lookup('env', 'gce_ssh_user') | default(ansible_ssh_user, true) }}" sudo: yes online: diff --git a/playbooks/libvirt/openshift-cluster/cluster_hosts.yml b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml index 15690e3bf..5cc300bbf 100644 --- a/playbooks/libvirt/openshift-cluster/cluster_hosts.yml +++ b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml @@ -12,6 +12,6 @@ g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-master'] | de g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-node'] | default([])) }}" -g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-infra']) | default([]) }}" +g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-infra'] | default([])) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute'] | default([])) }}" diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml index ebe9f0ad9..b00352539 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml @@ -94,6 +94,16 @@ - set_fact: ips: "{{ scratch_ip.results | default([]) | oo_collect('stdout') }}" +- set_fact: + node_label: + type: "{{ g_sub_host_type }}" + when: instances | length > 0 and type == "node" + +- set_fact: + node_label: + type: "{{ type }}" + when: instances | length > 0 and type != "node" + - name: Add new instances add_host: hostname: '{{ item.0 }}' @@ -101,6 +111,7 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: "tag_environment-{{ cluster_env }}, tag_host-type-{{ type }}, tag_sub-host-type-{{ g_sub_host_type }}, tag_clusterid-{{ cluster_id }}" + openshift_node_labels: "{{ node_label }}" with_together: - instances - ips diff --git a/playbooks/libvirt/openshift-cluster/templates/user-data b/playbooks/libvirt/openshift-cluster/templates/user-data index e0c966e45..ead881f78 100644 --- a/playbooks/libvirt/openshift-cluster/templates/user-data +++ b/playbooks/libvirt/openshift-cluster/templates/user-data @@ -3,7 +3,6 @@ disable_root: true hostname: {{ item[0] }} fqdn: {{ item[0] }}.example.com -manage_etc_hosts: true users: - default diff --git a/playbooks/openstack/openshift-cluster/cluster_hosts.yml b/playbooks/openstack/openshift-cluster/cluster_hosts.yml index 1023f3ec1..ca87bc655 100644 --- a/playbooks/openstack/openshift-cluster/cluster_hosts.yml +++ b/playbooks/openstack/openshift-cluster/cluster_hosts.yml @@ -12,6 +12,6 @@ g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_master'] | de g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_node'] | default([])) }}" -g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_infra']) | default([]) }}" +g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_infra'] | default([])) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute'] | default([])) }}" diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index 2187cefed..e9b9cf540 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -75,6 +75,8 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_etcd, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "etcd" with_together: - parsed_outputs.etcd_names - parsed_outputs.etcd_ips @@ -87,6 +89,8 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_master, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "master" with_together: - parsed_outputs.master_names - parsed_outputs.master_ips @@ -99,6 +103,8 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_compute, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "compute" with_together: - parsed_outputs.node_names - parsed_outputs.node_ips @@ -111,6 +117,8 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_infra, tag_clusterid_{{ cluster_id }}' + openshift_node_labels: + type: "infra" with_together: - parsed_outputs.infra_names - parsed_outputs.infra_ips diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml index 635d8a419..5d133cf16 100644 --- a/roles/nuage_master/handlers/main.yaml +++ b/roles/nuage_master/handlers/main.yaml @@ -1,7 +1,7 @@ --- -- name: restart nuagekubemon +- name: restart nuage-openshift-monitor sudo: true - service: name=nuagekubemon state=restarted + service: name=nuage-openshift-monitor state=restarted - name: restart master service: name={{ openshift.common.service_type }}-master state=restarted diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index a7baadc76..20d105b9e 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -1,15 +1,15 @@ --- -- name: Create directory /usr/share/nuagekubemon +- name: Create directory /usr/share/nuage-openshift-monitor sudo: true - file: path=/usr/share/nuagekubemon state=directory + file: path=/usr/share/nuage-openshift-monitor state=directory - name: Create the log directory sudo: true - file: path={{ nuagekubemon_log_dir }} state=directory + file: path={{ nuage_openshift_monitor_log_dir }} state=directory -- name: Install Nuage Kubemon +- name: Install Nuage Openshift Monitor sudo: true - yum: name={{ nuage_kubemon_rpm }} state=present + yum: name={{ nuage_openshift_rpm }} state=present - name: Run the service account creation script sudo: true @@ -24,11 +24,11 @@ - nuage.key - nuage.kubeconfig -- name: Create nuagekubemon.yaml +- name: Create nuage-openshift-monitor.yaml sudo: true - template: src=nuagekubemon.j2 dest=/usr/share/nuagekubemon/nuagekubemon.yaml owner=root mode=0644 + template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644 notify: - restart master - restart master api - restart master controllers - - restart nuagekubemon + - restart nuage-openshift-monitor diff --git a/roles/nuage_master/templates/nuagekubemon.j2 b/roles/nuage_master/templates/nuage-openshift-monitor.j2 index fb586bcee..db8c3d85e 100644 --- a/roles/nuage_master/templates/nuagekubemon.j2 +++ b/roles/nuage_master/templates/nuage-openshift-monitor.j2 @@ -3,7 +3,7 @@ kubeConfig: {{ kube_config }} # name of the nuage service account, or another account with 'cluster-reader' # permissions # Openshift master config file -openshiftMasterConfig: {{ master_config_yaml }} +masterConfig: {{ master_config_yaml }} # URL of the VSD Architect vsdApiUrl: {{ vsd_api_url }} # API version to query against. Usually "v3_2" @@ -16,4 +16,4 @@ enterpriseName: {{ enterprise }} # Name of the domain in which pods will reside domainName: {{ domain }} # Location where logs should be saved -log_dir: {{ nuagekubemon_log_dir }} +log_dir: {{ nuage_openshift_monitor_log_dir }} diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml index db901fea6..c489feabe 100644 --- a/roles/nuage_master/vars/main.yaml +++ b/roles/nuage_master/vars/main.yaml @@ -1,7 +1,7 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" ca_cert: "{{ openshift_master_config_dir }}/ca.crt" admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig" -cert_output_dir: /usr/share/nuagekubemon -kube_config: /usr/share/nuagekubemon/nuage.kubeconfig -kubemon_yaml: /usr/share/nuagekubemon/nuagekubemon.yaml +cert_output_dir: /usr/share/nuage-openshift-monitor +kube_config: /usr/share/nuage-openshift-monitor/nuage.kubeconfig +kubemon_yaml: /usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml" diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml index e0117bf71..c1e49902d 100644 --- a/roles/nuage_node/tasks/main.yaml +++ b/roles/nuage_node/tasks/main.yaml @@ -22,16 +22,16 @@ - name: Copy the certificates and keys sudo: true - copy: src="/tmp/{{ item }}" dest="{{ vsp_k8s_dir }}/{{ item }}" + copy: src="/tmp/{{ item }}" dest="{{ vsp_openshift_dir }}/{{ item }}" with_items: - ca.crt - nuage.crt - nuage.key - nuage.kubeconfig -- name: Set the vsp-k8s.yaml +- name: Set the vsp-openshift.yaml sudo: true - template: src=vsp-k8s.j2 dest={{ vsp_k8s_yaml }} owner=root mode=0644 + template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644 notify: - restart vrs - restart node diff --git a/roles/nuage_node/templates/vsp-k8s.j2 b/roles/nuage_node/templates/vsp-openshift.j2 index 98d6c3a9c..98d6c3a9c 100644 --- a/roles/nuage_node/templates/vsp-k8s.j2 +++ b/roles/nuage_node/templates/vsp-openshift.j2 diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml index a6b7cf997..4975d17ed 100644 --- a/roles/nuage_node/vars/main.yaml +++ b/roles/nuage_node/vars/main.yaml @@ -1,9 +1,9 @@ --- vrs_config: /etc/default/openvswitch -vsp_k8s_dir: /usr/share/vsp-k8s -vsp_k8s_yaml: "{{ vsp_k8s_dir }}/vsp-k8s.yaml" -client_cert: "{{ vsp_k8s_dir }}/nuage.crt" -client_key: "{{ vsp_k8s_dir }}/nuage.key" -ca_cert: "{{ vsp_k8s_dir }}/ca.crt" +vsp_openshift_dir: /usr/share/vsp-openshift +vsp_openshift_yaml: "{{ vsp_openshift_dir }}/vsp-openshift.yaml" +client_cert: "{{ vsp_openshift_dir }}/nuage.crt" +client_key: "{{ vsp_openshift_dir }}/nuage.key" +ca_cert: "{{ vsp_openshift_dir }}/ca.crt" api_server: "{{ openshift_node_master_api_url }}" docker_bridge: "docker0" diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml index 5a285e773..a57cf815e 100644 --- a/roles/openshift_docker/tasks/main.yml +++ b/roles/openshift_docker/tasks/main.yml @@ -10,6 +10,7 @@ docker_additional_registries: "{{ docker_additional_registries }}" docker_insecure_registries: "{{ docker_insecure_registries }}" docker_blocked_registries: "{{ docker_blocked_registries }}" + docker_options: "{{ openshift_docker_options | default('',True) }}" - role: node local_facts: portal_net: "{{ openshift_master_portal_net | default(None) }}" @@ -44,10 +45,11 @@ lineinfile: dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' - line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ - {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \ - {% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }} {% endif %} \ - {% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '" + line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }}\ + {% if ansible_selinux and ansible_selinux.status == '''enabled''' %} --selinux-enabled{% endif %}\ + {% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }}{% endif %}\ + {% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\ + {% if openshift.common.docker_options is defined %} {{ openshift.common.docker_options }}{% endif %}'" when: docker_check.stat.isreg notify: - restart openshift_docker diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 20f6cc5c8..25b9534dd 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -508,10 +508,11 @@ def set_url_facts_if_unset(facts): ports[prefix])) - r_lhn = "{0}:{1}".format(api_hostname, ports['api']).replace('.', '-') + r_lhn = "{0}:{1}".format(hostname, ports['api']).replace('.', '-') + r_lhu = "system:openshift-master/{0}:{1}".format(api_hostname, ports['api']).replace('.', '-') facts['master'].setdefault('loopback_cluster_name', r_lhn) facts['master'].setdefault('loopback_context_name', "default/{0}/system:openshift-master".format(r_lhn)) - facts['master'].setdefault('loopback_user', "system:openshift-master/{0}".format(r_lhn)) + facts['master'].setdefault('loopback_user', r_lhu) prefix_hosts = [('console', api_hostname), ('public_console', api_public_hostname)] for prefix, host in prefix_hosts: @@ -719,9 +720,9 @@ def set_version_facts_if_unset(facts): version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('1.1.1') version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('1.1.2') else: - version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('3.1.0') + version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('3.0.2.905') version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('3.1.1') - version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('3.2.0') + version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('3.1.1.901') else: version_gte_3_1_or_1_1 = True version_gte_3_1_1_or_1_1_1 = True diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 3613808b6..23dfacf79 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -240,36 +240,8 @@ - restart master api - restart master controllers -- name: Test local loopback context - command: > - {{ openshift.common.client_binary }} config view - --config={{ openshift_master_loopback_config }} - changed_when: false - register: loopback_config - -- command: > - {{ openshift.common.client_binary }} config set-cluster - --certificate-authority={{ openshift_master_config_dir }}/ca.crt - --embed-certs=true --server={{ openshift.master.loopback_api_url }} - {{ openshift.master.loopback_cluster_name }} - --config={{ openshift_master_loopback_config }} - when: loopback_context_string not in loopback_config.stdout - register: set_loopback_cluster - -- command: > - {{ openshift.common.client_binary }} config set-context - --cluster={{ openshift.master.loopback_cluster_name }} - --namespace=default --user={{ openshift.master.loopback_user }} - {{ openshift.master.loopback_context_name }} - --config={{ openshift_master_loopback_config }} - when: set_loopback_cluster | changed - register: set_loopback_context - -- command: > - {{ openshift.common.client_binary }} config use-context {{ openshift.master.loopback_context_name }} - --config={{ openshift_master_loopback_config }} - when: set_loopback_context | changed - register: set_current_context +- include: set_loopback_context.yml + when: openshift.common.version_gte_3_2_or_1_2 - name: Start and enable master service: name={{ openshift.common.service_type }}-master enabled=yes state=started @@ -287,7 +259,7 @@ - name: Mask master service command: systemctl mask {{ openshift.common.service_type }}-master - when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and not openshift.common.is_atomic | bool + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and not openshift.common.is_containerized | bool - name: Start and enable master api service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started diff --git a/roles/openshift_master/tasks/set_loopback_context.yml b/roles/openshift_master/tasks/set_loopback_context.yml new file mode 100644 index 000000000..9c3fb31dc --- /dev/null +++ b/roles/openshift_master/tasks/set_loopback_context.yml @@ -0,0 +1,31 @@ +--- +- name: Test local loopback context + command: > + {{ openshift.common.client_binary }} config view + --config={{ openshift_master_loopback_config }} + changed_when: false + register: loopback_config + +- command: > + {{ openshift.common.client_binary }} config set-cluster + --certificate-authority={{ openshift_master_config_dir }}/ca.crt + --embed-certs=true --server={{ openshift.master.loopback_api_url }} + {{ openshift.master.loopback_cluster_name }} + --config={{ openshift_master_loopback_config }} + when: loopback_context_string not in loopback_config.stdout + register: set_loopback_cluster + +- command: > + {{ openshift.common.client_binary }} config set-context + --cluster={{ openshift.master.loopback_cluster_name }} + --namespace=default --user={{ openshift.master.loopback_user }} + {{ openshift.master.loopback_context_name }} + --config={{ openshift_master_loopback_config }} + when: set_loopback_cluster | changed + register: set_loopback_context + +- command: > + {{ openshift.common.client_binary }} config use-context {{ openshift.master.loopback_context_name }} + --config={{ openshift_master_loopback_config }} + when: set_loopback_context | changed + register: set_current_context diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index 5fe7d28f3..89d9e3aa7 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -27,7 +27,47 @@ command: > {{ openshift.common.admin_binary }} policy add-scc-to-user privileged system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }} - when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}" + when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}" with_nested: - openshift_serviceaccounts_names - scc_test.results + +#### +# +# Support for 3.0.z +# +#### + +- name: tmp dir for openshift + file: + path: /tmp/openshift + state: directory + owner: root + mode: 700 + when: not openshift.common.version_gte_3_1_or_1_1 + +- name: Create service account configs + template: + src: serviceaccount.j2 + dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml" + with_items: openshift_serviceaccounts_names + when: not openshift.common.version_gte_3_1_or_1_1 + +- name: Get current security context constraints + shell: > + {{ openshift.common.client_binary }} get scc privileged -o yaml + --output-version=v1 > /tmp/openshift/scc.yaml + changed_when: false + when: not openshift.common.version_gte_3_1_or_1_1 + +- name: Add security context constraint for {{ item }} + lineinfile: + dest: /tmp/openshift/scc.yaml + line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}" + insertafter: "^users:$" + with_items: openshift_serviceaccounts_names + when: not openshift.common.version_gte_3_1_or_1_1 + +- name: Apply new scc rules for service accounts + command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1" + when: not openshift.common.version_gte_3_1_or_1_1 diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py index 3046d4d58..9839bf447 100644 --- a/utils/src/ooinstall/cli_installer.py +++ b/utils/src/ooinstall/cli_installer.py @@ -526,10 +526,14 @@ Add new nodes here def get_installed_hosts(hosts, callback_facts): installed_hosts = [] for host in hosts: - if(host.connect_to in callback_facts.keys() - and 'common' in callback_facts[host.connect_to].keys() - and callback_facts[host.connect_to]['common'].get('version', '') - and callback_facts[host.connect_to]['common'].get('version', '') != 'None'): + if host.connect_to in callback_facts.keys() and ( + ('common' in callback_facts[host.connect_to].keys() and + callback_facts[host.connect_to]['common'].get('version', '') and + callback_facts[host.connect_to]['common'].get('version', '') != 'None') \ + or + ('master' in callback_facts[host.connect_to].keys() and + callback_facts[host.connect_to]['master'].get('cluster_method', '') == 'native') + ): installed_hosts.append(host) return installed_hosts @@ -722,14 +726,30 @@ def upgrade(ctx): click.echo("No hosts defined in: %s" % oo_cfg.config_path) sys.exit(1) - # Update config to reflect the version we're targetting, we'll write - # to disk once ansible completes successfully, not before. old_variant = oo_cfg.settings['variant'] old_version = oo_cfg.settings['variant_version'] - if oo_cfg.settings['variant'] == 'enterprise': - oo_cfg.settings['variant'] = 'openshift-enterprise' - version = find_variant(oo_cfg.settings['variant'])[1] - oo_cfg.settings['variant_version'] = version.name + + + message = """ + This tool will help you upgrade your existing OpenShift installation. +""" + click.echo(message) + click.echo("Version {} found. Do you want to update to the latest version of {} " \ + "or migrate to the next major release?".format(old_version, old_version)) + resp = click.prompt("(1) Update to latest {} (2) Migrate to next relese".format(old_version)) + + if resp == "2": + # TODO: Make this a lot more flexible + new_version = "3.1" + # Update config to reflect the version we're targetting, we'll write + # to disk once ansible completes successfully, not before. + if oo_cfg.settings['variant'] == 'enterprise': + oo_cfg.settings['variant'] = 'openshift-enterprise' + version = find_variant(oo_cfg.settings['variant'])[1] + oo_cfg.settings['variant_version'] = version.name + else: + new_version = old_version + click.echo("Openshift will be upgraded from %s %s to %s %s on the following hosts:\n" % ( old_variant, old_version, oo_cfg.settings['variant'], oo_cfg.settings['variant_version'])) @@ -743,7 +763,7 @@ def upgrade(ctx): click.echo("Upgrade cancelled.") sys.exit(0) - retcode = openshift_ansible.run_upgrade_playbook(verbose) + retcode = openshift_ansible.run_upgrade_playbook(old_version, new_version, verbose) if retcode > 0: click.echo("Errors encountered during upgrade, please check %s." % oo_cfg.settings['ansible_log_path']) diff --git a/utils/src/ooinstall/oo_config.py b/utils/src/ooinstall/oo_config.py index 33ab27567..4861b1b1b 100644 --- a/utils/src/ooinstall/oo_config.py +++ b/utils/src/ooinstall/oo_config.py @@ -10,6 +10,7 @@ PERSIST_SETTINGS = [ 'ansible_ssh_user', 'ansible_config', 'ansible_log_path', + 'master_routingconfig_subdomain', 'variant', 'variant_version', 'version', diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py index 042ce1023..ec49c9601 100644 --- a/utils/src/ooinstall/openshift_ansible.py +++ b/utils/src/ooinstall/openshift_ansible.py @@ -237,11 +237,17 @@ def run_uninstall_playbook(verbose=False): return run_ansible(playbook, inventory_file, facts_env, verbose) -def run_upgrade_playbook(verbose=False): +def run_upgrade_playbook(old_version, new_version, verbose=False): # TODO: do not hardcode the upgrade playbook, add ability to select the # right playbook depending on the type of upgrade. - playbook = os.path.join(CFG.settings['ansible_playbook_directory'], - 'playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml') + old_version = old_version.replace('.', '_') + new_version = old_version.replace('.', '_') + if old_version == new_version: + playbook = os.path.join(CFG.settings['ansible_playbook_directory'], + 'playbooks/byo/openshift-cluster/upgrades/v{}_minor/upgrade.yml'.format(new_version)) + else: + playbook = os.path.join(CFG.settings['ansible_playbook_directory'], + 'playbooks/byo/openshift-cluster/upgrades/v{}_to_v{}/upgrade.yml'.format(old_version, new_version)) # TODO: Upgrade inventory for upgrade? inventory_file = generate_inventory(CFG.hosts) facts_env = os.environ.copy() |