summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/etcd_certificates/tasks/client.yml8
-rw-r--r--roles/etcd_certificates/tasks/main.yml4
-rw-r--r--roles/etcd_certificates/tasks/server.yml12
-rw-r--r--roles/openshift_docker/tasks/main.yml2
-rw-r--r--roles/openshift_manage_node/tasks/main.yml2
-rw-r--r--roles/openshift_master/tasks/main.yml18
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml8
-rw-r--r--roles/openshift_node_certificates/tasks/main.yml6
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml12
-rw-r--r--roles/os_firewall/defaults/main.yml2
-rw-r--r--roles/os_firewall/tasks/firewall/firewalld.yml12
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml6
12 files changed, 44 insertions, 48 deletions
diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml
index 7bf95809f..b497a46c0 100644
--- a/roles/etcd_certificates/tasks/client.yml
+++ b/roles/etcd_certificates/tasks/client.yml
@@ -4,7 +4,7 @@
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
- with_items: etcd_needing_client_certs
+ with_items: "{{ etcd_needing_client_certs | default([]) }}"
- name: Create the client csr
command: >
@@ -19,7 +19,7 @@
~ item.etcd_cert_prefix ~ 'client.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_client_certs
+ with_items: "{{ etcd_needing_client_certs | default([]) }}"
- name: Sign and create the client crt
command: >
@@ -33,10 +33,10 @@
~ item.etcd_cert_prefix ~ 'client.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_client_certs
+ with_items: "{{ etcd_needing_client_certs | default([]) }}"
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
- with_items: etcd_needing_client_certs
+ with_items: "{{ etcd_needing_client_certs | default([]) }}"
diff --git a/roles/etcd_certificates/tasks/main.yml b/roles/etcd_certificates/tasks/main.yml
index 3bb715943..17092ca58 100644
--- a/roles/etcd_certificates/tasks/main.yml
+++ b/roles/etcd_certificates/tasks/main.yml
@@ -1,6 +1,6 @@
---
- include: client.yml
- when: etcd_needing_client_certs is defined and etcd_needing_client_certs
+ when: etcd_needing_client_certs | default([]) | length > 0
- include: server.yml
- when: etcd_needing_server_certs is defined and etcd_needing_server_certs
+ when: etcd_needing_server_certs | default([]) | length > 0
diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml
index 2589c5192..934b8b805 100644
--- a/roles/etcd_certificates/tasks/server.yml
+++ b/roles/etcd_certificates/tasks/server.yml
@@ -4,7 +4,7 @@
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
- with_items: etcd_needing_server_certs
+ with_items: "{{ etcd_needing_server_certs | default([]) }}"
- name: Create the server csr
command: >
@@ -19,7 +19,7 @@
~ item.etcd_cert_prefix ~ 'server.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_server_certs
+ with_items: "{{ etcd_needing_server_certs | default([]) }}"
- name: Sign and create the server crt
command: >
@@ -33,7 +33,7 @@
~ item.etcd_cert_prefix ~ 'server.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_server_certs
+ with_items: "{{ etcd_needing_server_certs | default([]) }}"
- name: Create the peer csr
command: >
@@ -48,7 +48,7 @@
~ item.etcd_cert_prefix ~ 'peer.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_server_certs
+ with_items: "{{ etcd_needing_server_certs | default([]) }}"
- name: Sign and create the peer crt
command: >
@@ -62,10 +62,10 @@
~ item.etcd_cert_prefix ~ 'peer.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_server_certs
+ with_items: "{{ etcd_needing_server_certs | default([]) }}"
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
- with_items: etcd_needing_server_certs
+ with_items: "{{ etcd_needing_server_certs | default([]) }}"
diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml
index 873229b34..10f47f9b2 100644
--- a/roles/openshift_docker/tasks/main.yml
+++ b/roles/openshift_docker/tasks/main.yml
@@ -24,6 +24,6 @@
with_items:
- role: docker
local_facts:
- openshift_image_tag: "{{ l_image_tag }}"
+ openshift_image_tag: "{{ l_image_tag | default(None) }}"
openshift_version: "{{ l_image_tag.split('-')[0] if l_image_tag is defined else '' | oo_image_tag_to_rpm_version }}"
when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool
diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml
index cee1f1738..291cdbbb5 100644
--- a/roles/openshift_manage_node/tasks/main.yml
+++ b/roles/openshift_manage_node/tasks/main.yml
@@ -6,7 +6,7 @@
retries: 50
delay: 5
changed_when: false
- with_items: openshift_nodes
+ with_items: "{{ openshift_nodes }}"
- name: Set node schedulability
command: >
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index fee6d3924..fe0784ea2 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -78,14 +78,14 @@
action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present"
when: (item.kind == 'HTPasswdPasswordIdentityProvider') and
not openshift.common.is_atomic | bool
- with_items: openshift.master.identity_providers
+ with_items: "{{ openshift.master.identity_providers }}"
- name: Ensure htpasswd directory exists
file:
path: "{{ item.filename | dirname }}"
state: directory
when: item.kind == 'HTPasswdPasswordIdentityProvider'
- with_items: openshift.master.identity_providers
+ with_items: "{{ openshift.master.identity_providers }}"
- name: Create the htpasswd file if needed
template:
@@ -94,7 +94,7 @@
mode: 0600
backup: yes
when: item.kind == 'HTPasswdPasswordIdentityProvider'
- with_items: openshift.master.identity_providers
+ with_items: "{{ openshift.master.identity_providers }}"
- name: Create the ldap ca file if needed
copy:
@@ -103,7 +103,7 @@
mode: 0600
backup: yes
when: openshift.master.ldap_ca is defined and item.kind == 'LDAPPasswordIdentityProvider'
- with_items: openshift.master.identity_providers
+ with_items: "{{ openshift.master.identity_providers }}"
- name: Create the openid ca file if needed
copy:
@@ -112,7 +112,7 @@
mode: 0600
backup: yes
when: openshift.master.openid_ca is defined and item.kind == 'OpenIDIdentityProvider' and item.ca | default('') != ''
- with_items: openshift.master.identity_providers
+ with_items: "{{ openshift.master.identity_providers }}"
- name: Create the request header ca file if needed
copy:
@@ -121,7 +121,7 @@
mode: 0600
backup: yes
when: openshift.master.request_header_ca is defined and item.kind == 'RequestHeaderIdentityProvider' and item.clientCA | default('') != ''
- with_items: openshift.master.identity_providers
+ with_items: "{{ openshift.master.identity_providers }}"
- name: Install the systemd units
include: systemd_units.yml
@@ -239,7 +239,7 @@
mode: 0700
owner: "{{ item }}"
group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}"
- with_items: client_users
+ with_items: "{{ client_users }}"
# TODO: Update this file if the contents of the source file are not present in
# the dest file, will need to make sure to ignore things that could be added
@@ -247,7 +247,7 @@
command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config
args:
creates: ~{{ item }}/.kube/config
- with_items: client_users
+ with_items: "{{ client_users }}"
- name: Update the permissions on the admin client config(s)
file:
@@ -256,4 +256,4 @@
mode: 0700
owner: "{{ item }}"
group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}"
- with_items: client_users
+ with_items: "{{ client_users }}"
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 9017b7d2b..394f9d381 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -4,14 +4,14 @@
path: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}"
state: directory
mode: 0700
- with_items: masters_needing_certs
+ with_items: "{{ masters_needing_certs | default([]) }}"
- file:
src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
state: hard
with_nested:
- - masters_needing_certs
+ - "{{ masters_needing_certs | default([]) }}"
-
- ca.crt
- ca.key
@@ -26,7 +26,7 @@
--cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
--overwrite=false
when: item.master_certs_missing | bool
- with_items: masters_needing_certs
+ with_items: "{{ masters_needing_certs | default([]) }}"
- file:
src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
@@ -34,5 +34,5 @@
state: hard
force: true
with_nested:
- - masters_needing_certs
+ - "{{ masters_needing_certs | default([]) }}"
- "{{ hostvars[inventory_hostname] | certificates_to_synchronize }}"
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
index c9a7a40c8..216c11093 100644
--- a/roles/openshift_node_certificates/tasks/main.yml
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -1,5 +1,5 @@
---
-- name: Create openshift_generated_configs_dir if it doesn't exist
+- name: Create openshift_generated_configs_dir if it doesn\'t exist
file:
path: "{{ openshift_generated_configs_dir }}"
state: directory
@@ -19,7 +19,7 @@
--user=system:node:{{ item.openshift.common.hostname }}
args:
creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
- with_items: nodes_needing_certs
+ with_items: "{{ nodes_needing_certs | default([]) }}"
- name: Generate the node server certificate
command: >
@@ -33,4 +33,4 @@
--signer-serial={{ openshift_master_ca_serial }}
args:
creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt"
- with_items: nodes_needing_certs
+ with_items: "{{ nodes_needing_certs | default([]) }}"
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
index 5dd28d52a..bafda9695 100644
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ b/roles/openshift_serviceaccounts/tasks/main.yml
@@ -1,7 +1,7 @@
- name: test if service accounts exists
command: >
{{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }}
- with_items: openshift_serviceaccounts_names
+ with_items: "{{ openshift_serviceaccounts_names }}"
failed_when: false
changed_when: false
register: account_test
@@ -13,8 +13,8 @@
-n {{ openshift_serviceaccounts_namespace }} create -f -
when: item.1.rc != 0
with_together:
- - openshift_serviceaccounts_names
- - account_test.results
+ - "{{ openshift_serviceaccounts_names }}"
+ - "{{ account_test.results }}"
- name: test if scc needs to be updated
command: >
@@ -22,7 +22,7 @@
changed_when: false
failed_when: false
register: scc_test
- with_items: openshift_serviceaccounts_sccs
+ with_items: "{{ openshift_serviceaccounts_sccs }}"
- name: Grant the user access to the privileged scc
command: >
@@ -30,8 +30,8 @@
privileged system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}
when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
with_nested:
- - openshift_serviceaccounts_names
- - scc_test.results
+ - "{{ openshift_serviceaccounts_names }}"
+ - "{{ scc_test.results }}"
- include: legacy_add_scc_to_user.yml
when: not openshift.common.version_gte_3_1_or_1_1
diff --git a/roles/os_firewall/defaults/main.yml b/roles/os_firewall/defaults/main.yml
index e3176e611..20413d563 100644
--- a/roles/os_firewall/defaults/main.yml
+++ b/roles/os_firewall/defaults/main.yml
@@ -1,3 +1,5 @@
---
os_firewall_enabled: True
os_firewall_use_firewalld: True
+os_firewall_allow: []
+os_firewall_deny: []
diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml
index ac4600f83..241fa8823 100644
--- a/roles/os_firewall/tasks/firewall/firewalld.yml
+++ b/roles/os_firewall/tasks/firewall/firewalld.yml
@@ -52,29 +52,25 @@
port: "{{ item.port }}"
permanent: false
state: enabled
- with_items: os_firewall_allow
- when: os_firewall_allow is defined
+ with_items: "{{ os_firewall_allow }}"
- name: Persist firewalld allow rules
firewalld:
port: "{{ item.port }}"
permanent: true
state: enabled
- with_items: os_firewall_allow
- when: os_firewall_allow is defined
+ with_items: "{{ os_firewall_allow }}"
- name: Remove firewalld allow rules
firewalld:
port: "{{ item.port }}"
permanent: false
state: disabled
- with_items: os_firewall_deny
- when: os_firewall_deny is defined
+ with_items: "{{ os_firewall_deny }}"
- name: Persist removal of firewalld allow rules
firewalld:
port: "{{ item.port }}"
permanent: true
state: disabled
- with_items: os_firewall_deny
- when: os_firewall_deny is defined
+ with_items: "{{ os_firewall_deny }}"
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 3b584f8eb..070fe6a3a 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -49,8 +49,7 @@
action: add
protocol: "{{ item.port.split('/')[1] }}"
port: "{{ item.port.split('/')[0] }}"
- with_items: os_firewall_allow
- when: os_firewall_allow is defined
+ with_items: "{{ os_firewall_allow }}"
- name: Remove iptables rules
os_firewall_manage_iptables:
@@ -58,5 +57,4 @@
action: remove
protocol: "{{ item.port.split('/')[1] }}"
port: "{{ item.port.split('/')[0] }}"
- with_items: os_firewall_deny
- when: os_firewall_deny is defined
+ with_items: "{{ os_firewall_deny }}"