summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--inventory/byo/hosts.example6
-rw-r--r--playbooks/adhoc/upgrades/upgrade.yml15
-rw-r--r--playbooks/common/openshift-master/config.yml9
-rw-r--r--roles/cockpit/defaults/main.yml5
-rw-r--r--roles/cockpit/meta/main.yml15
-rw-r--r--roles/cockpit/tasks/main.yml16
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j24
-rw-r--r--roles/openshift_node/defaults/main.yml3
8 files changed, 70 insertions, 3 deletions
diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example
index df1bae49f..f554cc660 100644
--- a/inventory/byo/hosts.example
+++ b/inventory/byo/hosts.example
@@ -44,6 +44,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Configure Fluentd
#use_fluentd=true
+# Enable cockpit
+#osm_use_cockpit=true
+#
+# Set cockpit plugins
+#osm_cockpit_plugins=['cockpit-kubernetes']
+
# master cluster ha variables using pacemaker or RHEL HA
#openshift_master_cluster_password=openshift_cluster
#openshift_master_cluster_vip=192.168.133.25
diff --git a/playbooks/adhoc/upgrades/upgrade.yml b/playbooks/adhoc/upgrades/upgrade.yml
index e666f0472..b43ab7607 100644
--- a/playbooks/adhoc/upgrades/upgrade.yml
+++ b/playbooks/adhoc/upgrades/upgrade.yml
@@ -40,7 +40,7 @@
hosts: oo_first_master
tasks:
fail: This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later
- when: _new_version.stdout < 1.0.6 or (_new_version.stdout >= 3.0 and _new_version.stdout < 3.0.2)
+ when: _new_version.stdout | version_compare('1.0.6','<') or ( _new_version.stdout | version_compare('3.0','>=' and _new_version.stdout | version_compare('3.0.2','<') )
- name: Update cluster policy
hosts: oo_first_master
@@ -50,6 +50,19 @@
{{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
policy reconcile-cluster-roles --confirm
+- name: Update cluster policy bindings
+ hosts: oo_first_master
+ tasks:
+ - name: oadm policy reconcile-cluster-role-bindings --confirm
+ command: >
+ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
+ policy reconcile-cluster-role-bindings
+ --exclude-groups=system:authenticated
+ --exclude-groups=system:unauthenticated
+ --exclude-users=system:anonymous
+ --additive-only=true --confirm
+ when: ( _new_version.stdout | version_compare('1.0.6', '>') and _new_version.stdout | version_compare('3.0','<') ) or _new_version.stdout | version_compare('3.0.2','>')
+
- name: Upgrade default router
hosts: oo_first_master
vars:
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 64cf7a65b..14ec82e85 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -221,6 +221,15 @@
- role: openshift_cluster_metrics
when: openshift.common.use_cluster_metrics | bool
+- name: Enable cockpit
+ hosts: oo_first_master
+ vars:
+ cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}"
+ roles:
+ - role: cockpit
+ when: ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and
+ (osm_use_cockpit | bool or osm_use_cockpit is undefined )
+
# Additional instance config for online deployments
- name: Additional instance config
hosts: oo_masters_deployment_type_online
diff --git a/roles/cockpit/defaults/main.yml b/roles/cockpit/defaults/main.yml
new file mode 100644
index 000000000..ffd55f1dd
--- /dev/null
+++ b/roles/cockpit/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+os_firewall_use_firewalld: false
+os_firewall_allow:
+- service: cockpit-ws
+ port: 9090/tcp
diff --git a/roles/cockpit/meta/main.yml b/roles/cockpit/meta/main.yml
new file mode 100644
index 000000000..1e3948b19
--- /dev/null
+++ b/roles/cockpit/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: Scott Dodson
+ description: Deploy and Enable cockpit-ws plus optional plugins
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.7
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+ - { role: os_firewall }
diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml
new file mode 100644
index 000000000..875cbad21
--- /dev/null
+++ b/roles/cockpit/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: Install cockpit-ws
+ yum:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - cockpit-ws
+ - cockpit-shell
+ - cockpit-bridge
+ - "{{ cockpit_plugins }}"
+
+- name: Enable cockpit-ws
+ service:
+ name: cockpit.socket
+ enabled: true
+ state: started
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index cc1dee13d..6e45eaad7 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -87,9 +87,9 @@ masterPublicURL: {{ openshift.master.public_api_url }}
networkConfig:
clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }}
hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }}
- {% if openshift.common.use_openshift_sdn %}
+{% if openshift.common.use_openshift_sdn %}
networkPluginName: {{ openshift.common.sdn_network_plugin_name }}
- {% endif %}
+{% endif %}
# serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet
serviceNetworkCIDR: {{ openshift.master.portal_net }}
{% include 'v1_partials/oauthConfig.j2' %}
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index c4abf9d7c..fffbf2994 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -10,3 +10,6 @@ os_firewall_allow:
port: 10255/tcp
- service: Openshift kubelet ReadOnlyPort udp
port: 10255/udp
+- service: OpenShift OVS sdn
+ port: 4789/udp
+ when: openshift.node.use_openshift_sdn | bool