diff options
Diffstat (limited to 'roles')
11 files changed, 45 insertions, 22 deletions
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index e383c94da..81c3f8e5b 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -14,6 +14,7 @@ ansible_service_broker_etcd_image_prefix: "{{ ansible_service_broker_etcd_image_prefix | default(__ansible_service_broker_etcd_image_prefix) }}" ansible_service_broker_etcd_image_tag: "{{ ansible_service_broker_etcd_image_tag | default(__ansible_service_broker_etcd_image_tag) }}" + ansible_service_broker_etcd_image_etcd_path: "{{ ansible_service_broker_etcd_image_etcd_path | default(__ansible_service_broker_etcd_image_etcd_path) }}" ansible_service_broker_registry_type: "{{ ansible_service_broker_registry_type | default(__ansible_service_broker_registry_type) }}" ansible_service_broker_registry_url: "{{ ansible_service_broker_registry_url | default(__ansible_service_broker_registry_url) }}" @@ -144,7 +145,7 @@ terminationMessagePath: /tmp/termination-log workingDir: /etcd args: - - /usr/local/bin/etcd + - '{{ ansible_service_broker_etcd_image_etcd_path }}' - --data-dir=/data - "--listen-client-urls=http://0.0.0.0:2379" - "--advertise-client-urls=http://0.0.0.0:2379" diff --git a/roles/ansible_service_broker/vars/default_images.yml b/roles/ansible_service_broker/vars/default_images.yml index b0b3835e3..15e448515 100644 --- a/roles/ansible_service_broker/vars/default_images.yml +++ b/roles/ansible_service_broker/vars/default_images.yml @@ -5,6 +5,7 @@ __ansible_service_broker_image_tag: latest __ansible_service_broker_etcd_image_prefix: quay.io/coreos/ __ansible_service_broker_etcd_image_tag: latest +__ansible_service_broker_etcd_image_etcd_path: /usr/local/bin/etcd __ansible_service_broker_registry_type: dockerhub __ansible_service_broker_registry_url: null diff --git a/roles/ansible_service_broker/vars/openshift-enterprise.yml b/roles/ansible_service_broker/vars/openshift-enterprise.yml index a6d999647..19b4a5147 100644 --- a/roles/ansible_service_broker/vars/openshift-enterprise.yml +++ b/roles/ansible_service_broker/vars/openshift-enterprise.yml @@ -5,6 +5,7 @@ __ansible_service_broker_image_tag: latest __ansible_service_broker_etcd_image_prefix: rhel7/ __ansible_service_broker_etcd_image_tag: latest +__ansible_service_broker_etcd_image_etcd_path: /bin/etcd __ansible_service_broker_registry_type: rhcc __ansible_service_broker_registry_url: "https://registry.access.redhat.com" diff --git a/roles/etcd_migrate/tasks/check.yml b/roles/etcd_migrate/tasks/check.yml index 2f07713bc..800073873 100644 --- a/roles/etcd_migrate/tasks/check.yml +++ b/roles/etcd_migrate/tasks/check.yml @@ -6,7 +6,7 @@ # Run the migration only if the data are v2 - name: Check if there are any v3 data command: > - etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints 'https://{{ etcd_peer }}:2379' get "" --from-key --keys-only -w json --limit 1 + etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints 'https://{{ etcd_peer }}:{{ etcd_client_port }}' get "" --from-key --keys-only -w json --limit 1 environment: ETCDCTL_API: 3 register: l_etcdctl_output diff --git a/roles/etcd_migrate/tasks/check_cluster_health.yml b/roles/etcd_migrate/tasks/check_cluster_health.yml index 1abd6a32f..201d83f99 100644 --- a/roles/etcd_migrate/tasks/check_cluster_health.yml +++ b/roles/etcd_migrate/tasks/check_cluster_health.yml @@ -1,7 +1,7 @@ --- - name: Check cluster health command: > - etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt --endpoint https://{{ etcd_peer }}:2379 cluster-health + etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} --endpoint https://{{ etcd_peer }}:{{ etcd_client_port }} cluster-health register: etcd_cluster_health changed_when: false failed_when: false diff --git a/roles/etcd_migrate/tasks/check_cluster_status.yml b/roles/etcd_migrate/tasks/check_cluster_status.yml index 90fe385c1..b69fb5a52 100644 --- a/roles/etcd_migrate/tasks/check_cluster_status.yml +++ b/roles/etcd_migrate/tasks/check_cluster_status.yml @@ -2,7 +2,7 @@ # etcd_ip originates from etcd_common role - name: Check cluster status command: > - etcdctl --cert /etc/etcd/peer.crt --key /etc/etcd/peer.key --cacert /etc/etcd/ca.crt --endpoints 'https://{{ etcd_peer }}:2379' -w json endpoint status + etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints 'https://{{ etcd_peer }}:{{ etcd_client_port }}' -w json endpoint status environment: ETCDCTL_API: 3 register: l_etcd_cluster_status @@ -15,7 +15,7 @@ # http://docs.ansible.com/ansible/playbooks_filters.html#extracting-values-from-containers - name: Group all raftIndices into a list set_fact: - etcd_members_raft_indices: "{{ groups['oo_etcd_to_config'] | map('extract', hostvars, 'etcd_member_raft_index') | list | unique }}" + etcd_members_raft_indices: "{{ groups['oo_etcd_to_migrate'] | map('extract', hostvars, 'etcd_member_raft_index') | list | unique }}" - name: Check the minimum and the maximum of raftIndices is at most 1 set_fact: @@ -24,9 +24,9 @@ - debug: msg: "Raft indices difference: {{ etcd_members_raft_indices_diff }}" - when: inventory_hostname in groups.oo_etcd_to_config[0] + when: inventory_hostname in groups.oo_etcd_to_migrate[0] # The cluster raft status is ok if the difference of the max and min raft index is at most 1 - name: capture the status set_fact: - l_etcd_cluster_status_ok: "{{ hostvars[groups.oo_etcd_to_config[0]]['etcd_members_raft_indices_diff'] | int < 2 }}" + l_etcd_cluster_status_ok: "{{ hostvars[groups.oo_etcd_to_migrate[0]]['etcd_members_raft_indices_diff'] | int < 2 }}" diff --git a/roles/etcd_migrate/tasks/migrate.yml b/roles/etcd_migrate/tasks/migrate.yml index cb479b0cc..27eb945aa 100644 --- a/roles/etcd_migrate/tasks/migrate.yml +++ b/roles/etcd_migrate/tasks/migrate.yml @@ -20,10 +20,12 @@ - name: Check the etcd v2 data are correctly migrated fail: msg: "Failed to migrate a member" - when: "'finished transforming keys' not in l_etcdctl_migrate.stdout" + when: "'finished transforming keys' not in l_etcdctl_migrate.stdout and 'no v2 keys to migrate' not in l_etcdctl_migrate.stdout" + +- name: Migration message + debug: + msg: "Etcd migration finished with: {{ l_etcdctl_migrate.stdout }}" -# TODO(jchaloup): start the etcd on a different port so noone can access it -# Once the validation is done - name: Enable etcd member service: name: "{{ l_etcd_service }}" @@ -35,7 +37,7 @@ --cert {{ etcd_peer_cert_file }} \ --key {{ etcd_peer_key_file }} \ --cacert {{ etcd_peer_ca_file }} \ - --etcd-address 'https://{{ etcd_peer }}:2379' \ + --etcd-address 'https://{{ etcd_peer }}:{{ etcd_client_port }}' \ --ttl-keys-prefix {{ item }} \ --lease-duration 1h environment: @@ -43,11 +45,8 @@ with_items: - "/kubernetes.io/events" - "/kubernetes.io/masterleases" + delegate_to: "{{ groups.oo_first_master[0] }}" + run_once: true - set_fact: r_etcd_migrate_success: true - -- name: Enable etcd member - service: - name: "{{ l_etcd_service }}" - state: started diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index d895e9a68..2eeb2e7ce 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -135,7 +135,7 @@ - name: Determine the latest version of the OpenShift registry deployment command: | - oc get deploymentconfig {{ openshift_hosted_registry_name }} \ + {{ openshift.common.client_binary }} get deploymentconfig {{ openshift_hosted_registry_name }} \ --namespace {{ openshift_hosted_registry_namespace }} \ --config {{ openshift.common.config_base }}/master/admin.kubeconfig \ -o jsonpath='{ .status.latestVersion }' @@ -143,7 +143,7 @@ - name: Sanity-check that the OpenShift registry rolled out correctly command: | - oc get replicationcontroller {{ openshift_hosted_registry_name }}-{{ openshift_hosted_registry_latest_version.stdout }} \ + {{ openshift.common.client_binary }} get replicationcontroller {{ openshift_hosted_registry_name }}-{{ openshift_hosted_registry_latest_version.stdout }} \ --namespace {{ openshift_hosted_registry_namespace }} \ --config {{ openshift.common.config_base }}/master/admin.kubeconfig \ -o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }' diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index 160ae2f5e..c60b67862 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -92,7 +92,7 @@ - name: Ensure OpenShift router correctly rolls out (best-effort today) command: | - oc rollout status deploymentconfig {{ item.name }} \ + {{ openshift.common.client_binary }} rollout status deploymentconfig {{ item.name }} \ --namespace {{ item.namespace | default('default') }} \ --config {{ openshift.common.config_base }}/master/admin.kubeconfig async: 600 @@ -102,7 +102,7 @@ - name: Determine the latest version of the OpenShift router deployment command: | - oc get deploymentconfig {{ item.name }} \ + {{ openshift.common.client_binary }} get deploymentconfig {{ item.name }} \ --namespace {{ item.namespace }} \ --config {{ openshift.common.config_base }}/master/admin.kubeconfig \ -o jsonpath='{ .status.latestVersion }' @@ -111,7 +111,7 @@ - name: Poll for OpenShift router deployment success command: | - oc get replicationcontroller {{ item.0.name }}-{{ item.1.stdout }} \ + {{ openshift.common.client_binary }} get replicationcontroller {{ item.0.name }}-{{ item.1.stdout }} \ --namespace {{ item.0.namespace }} \ --config {{ openshift.common.config_base }}/master/admin.kubeconfig \ -o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }' diff --git a/roles/openshift_logging_mux/templates/mux.j2 b/roles/openshift_logging_mux/templates/mux.j2 index 1f991d434..c3f9b3433 100644 --- a/roles/openshift_logging_mux/templates/mux.j2 +++ b/roles/openshift_logging_mux/templates/mux.j2 @@ -102,7 +102,7 @@ spec: - name: USE_MUX value: "true" - name: MUX_ALLOW_EXTERNAL - value: "{{ openshift_logging_mux_allow_external | default('false') }}" + value: "{{ openshift_logging_mux_allow_external | default('false') | lower }}" - name: "BUFFER_QUEUE_LIMIT" value: "{{ openshift_logging_mux_buffer_queue_limit }}" - name: "BUFFER_SIZE_LIMIT" diff --git a/roles/openshift_named_certificates/filter_plugins/openshift_named_certificates.py b/roles/openshift_named_certificates/filter_plugins/openshift_named_certificates.py new file mode 100644 index 000000000..6ed6d404c --- /dev/null +++ b/roles/openshift_named_certificates/filter_plugins/openshift_named_certificates.py @@ -0,0 +1,21 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +''' +Custom filters for use with openshift named certificates +''' + + +class FilterModule(object): + ''' Custom ansible filters for use with openshift named certificates''' + + @staticmethod + def oo_named_certificates_list(named_certificates): + ''' Returns named certificates list with correct fields for the master + config file.''' + return [{'certFile': named_certificate['certfile'], + 'keyFile': named_certificate['keyfile'], + 'names': named_certificate['names']} for named_certificate in named_certificates] + + def filters(self): + ''' returns a mapping of filters to methods ''' + return {"oo_named_certificates_list": self.oo_named_certificates_list} |