summaryrefslogtreecommitdiffstats
path: root/playbooks
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks')
-rw-r--r--playbooks/common/openshift-cluster/openshift_hosted.yml84
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade.yml14
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml4
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml2
-rw-r--r--playbooks/common/openshift-node/config.yml1
5 files changed, 99 insertions, 6 deletions
diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml
index f65b7a2cd..4aca4daf4 100644
--- a/playbooks/common/openshift-cluster/openshift_hosted.yml
+++ b/playbooks/common/openshift-cluster/openshift_hosted.yml
@@ -45,4 +45,86 @@
- role: openshift_metrics
when: openshift.hosted.metrics.deploy | bool
- role: cockpit-ui
- when: ( openshift.common.deployment_subtype == 'registry' )
+ when: openshift.common.deployment_subtype == 'registry'
+
+- name: Configure CA certificate for secure registry
+ hosts: oo_nodes_to_config
+ tags:
+ - hosted
+ tasks:
+ - name: Create temp directory for kubeconfig
+ command: mktemp -d /tmp/openshift-ansible-XXXXXX
+ register: mktemp
+ when: openshift.common.deployment_subtype == 'registry'
+ changed_when: false
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ run_once: true
+ - set_fact:
+ openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+ when: openshift.common.deployment_subtype == 'registry'
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ run_once: true
+ - name: Copy the admin client config(s)
+ command: >
+ cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
+ when: openshift.common.deployment_subtype == 'registry'
+ changed_when: false
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ run_once: true
+ - name: Retrieve docker-registry route
+ command: >
+ {{ openshift.common.client_binary }} get route docker-registry
+ --template='{{ '{{' }} .spec.host {{ '}}' }}'
+ --config={{ openshift_hosted_kubeconfig }}
+ -n default
+ register: docker_registry_route
+ when: openshift.common.deployment_subtype == 'registry'
+ changed_when: false
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ run_once: true
+ - name: Retrieve registry service IP
+ command: >
+ {{ openshift.common.client_binary }} get service docker-registry
+ --template='{{ '{{' }} .spec.clusterIP {{ '}}' }}'
+ --config={{ openshift_hosted_kubeconfig }}
+ -n default
+ register: docker_registry_service_ip
+ when: openshift.common.deployment_subtype == 'registry'
+ changed_when: false
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ run_once: true
+ - name: Create registry CA directories
+ file:
+ path: "/etc/docker/certs.d/{{ item }}"
+ state: directory
+ with_items:
+ - "{{ docker_registry_service_ip.stdout }}:5000"
+ - "{{ docker_registry_route.stdout }}"
+ - "docker-registry.default.svc.cluster.local:5000"
+ when: openshift.common.deployment_subtype == 'registry'
+ - name: Copy CA to registry CA directories
+ copy:
+ src: "{{ openshift.common.config_base }}/node/ca.crt"
+ dest: "/etc/docker/certs.d/{{ item }}"
+ remote_src: yes
+ force: yes
+ with_items:
+ - "{{ docker_registry_service_ip.stdout }}:5000"
+ - "{{ docker_registry_route.stdout }}"
+ - "docker-registry.default.svc.cluster.local:5000"
+ when: openshift.common.deployment_subtype == 'registry'
+ notify:
+ - Restart docker
+ - name: Delete temp directory
+ file:
+ name: "{{ mktemp.stdout }}"
+ state: absent
+ when: openshift.common.deployment_subtype == 'registry'
+ changed_when: False
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ run_once: true
+ handlers:
+ - name: Restart docker
+ service:
+ name: docker
+ state: restarted
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/upgrade.yml
index be4e02c4a..cb5103e3a 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade.yml
@@ -173,6 +173,18 @@
# TODO: To better handle re-trying failed upgrades, it would be nice to check if the node
# or docker actually needs an upgrade before proceeding. Perhaps best to save this until
# we merge upgrade functionality into the base roles and a normal config.yml playbook run.
+ - name: Determine if node is currently scheduleable
+ command: >
+ {{ openshift.common.client_binary }} get node {{ openshift.common.hostname | lower }} -o json
+ register: node_output
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ changed_when: false
+ when: inventory_hostname in groups.oo_nodes_to_config
+
+ - set_fact:
+ was_schedulable: "{{ 'unschedulable' not in (node_output.stdout | from_json).spec }}"
+ when: inventory_hostname in groups.oo_nodes_to_config
+
- name: Mark unschedulable if host is a node
command: >
{{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=false
@@ -203,7 +215,7 @@
command: >
{{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=true
delegate_to: "{{ groups.oo_first_master.0 }}"
- when: inventory_hostname in groups.oo_nodes_to_config and openshift.node.schedulable | bool
+ when: inventory_hostname in groups.oo_nodes_to_config and was_schedulable | bool
##############################################################################
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml
index 638ef23a8..641e7cafc 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml
@@ -16,7 +16,7 @@
- modify_yaml:
dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
- yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.ops'
+ yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.qps'
yaml_value: 200
- modify_yaml:
@@ -36,5 +36,5 @@
- modify_yaml:
dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
- yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.ops'
+ yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.qps'
yaml_value: 300
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml
index 1297938bc..8f64636ae 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml
@@ -16,6 +16,6 @@
- modify_yaml:
dest: "{{ openshift.common.config_base}}/node/node-config.yaml"
- yaml_key: 'masterClientConnectionOverrides.ops'
+ yaml_key: 'masterClientConnectionOverrides.qps'
yaml_value: 20
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index e7c7ffb38..94c30e268 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -159,7 +159,6 @@
openshift_nodes: "{{ hostvars
| oo_select_keys(groups['oo_nodes_to_config'])
| oo_collect('openshift.common.hostname') }}"
- openshift_node_vars: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']) }}"
pre_tasks:
# Necessary because when you're on a node that's also a master the master will be
# restarted after the node restarts docker and it will take up to 60 seconds for
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 08:23:36 +0000