summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/ansible_service_broker/tasks/install.yml3
-rw-r--r--roles/ansible_service_broker/vars/default_images.yml1
-rw-r--r--roles/ansible_service_broker/vars/openshift-enterprise.yml1
-rw-r--r--roles/etcd_migrate/tasks/check.yml2
-rw-r--r--roles/etcd_migrate/tasks/check_cluster_health.yml2
-rw-r--r--roles/etcd_migrate/tasks/check_cluster_status.yml8
-rw-r--r--roles/etcd_migrate/tasks/migrate.yml17
-rw-r--r--roles/openshift_hosted/tasks/registry/registry.yml4
-rw-r--r--roles/openshift_hosted/tasks/router/router.yml6
-rw-r--r--roles/openshift_logging_mux/templates/mux.j22
-rw-r--r--roles/openshift_named_certificates/filter_plugins/openshift_named_certificates.py21
11 files changed, 45 insertions, 22 deletions
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml
index e383c94da..81c3f8e5b 100644
--- a/roles/ansible_service_broker/tasks/install.yml
+++ b/roles/ansible_service_broker/tasks/install.yml
@@ -14,6 +14,7 @@
ansible_service_broker_etcd_image_prefix: "{{ ansible_service_broker_etcd_image_prefix | default(__ansible_service_broker_etcd_image_prefix) }}"
ansible_service_broker_etcd_image_tag: "{{ ansible_service_broker_etcd_image_tag | default(__ansible_service_broker_etcd_image_tag) }}"
+ ansible_service_broker_etcd_image_etcd_path: "{{ ansible_service_broker_etcd_image_etcd_path | default(__ansible_service_broker_etcd_image_etcd_path) }}"
ansible_service_broker_registry_type: "{{ ansible_service_broker_registry_type | default(__ansible_service_broker_registry_type) }}"
ansible_service_broker_registry_url: "{{ ansible_service_broker_registry_url | default(__ansible_service_broker_registry_url) }}"
@@ -144,7 +145,7 @@
terminationMessagePath: /tmp/termination-log
workingDir: /etcd
args:
- - /usr/local/bin/etcd
+ - '{{ ansible_service_broker_etcd_image_etcd_path }}'
- --data-dir=/data
- "--listen-client-urls=http://0.0.0.0:2379"
- "--advertise-client-urls=http://0.0.0.0:2379"
diff --git a/roles/ansible_service_broker/vars/default_images.yml b/roles/ansible_service_broker/vars/default_images.yml
index b0b3835e3..15e448515 100644
--- a/roles/ansible_service_broker/vars/default_images.yml
+++ b/roles/ansible_service_broker/vars/default_images.yml
@@ -5,6 +5,7 @@ __ansible_service_broker_image_tag: latest
__ansible_service_broker_etcd_image_prefix: quay.io/coreos/
__ansible_service_broker_etcd_image_tag: latest
+__ansible_service_broker_etcd_image_etcd_path: /usr/local/bin/etcd
__ansible_service_broker_registry_type: dockerhub
__ansible_service_broker_registry_url: null
diff --git a/roles/ansible_service_broker/vars/openshift-enterprise.yml b/roles/ansible_service_broker/vars/openshift-enterprise.yml
index a6d999647..19b4a5147 100644
--- a/roles/ansible_service_broker/vars/openshift-enterprise.yml
+++ b/roles/ansible_service_broker/vars/openshift-enterprise.yml
@@ -5,6 +5,7 @@ __ansible_service_broker_image_tag: latest
__ansible_service_broker_etcd_image_prefix: rhel7/
__ansible_service_broker_etcd_image_tag: latest
+__ansible_service_broker_etcd_image_etcd_path: /bin/etcd
__ansible_service_broker_registry_type: rhcc
__ansible_service_broker_registry_url: "https://registry.access.redhat.com"
diff --git a/roles/etcd_migrate/tasks/check.yml b/roles/etcd_migrate/tasks/check.yml
index 2f07713bc..800073873 100644
--- a/roles/etcd_migrate/tasks/check.yml
+++ b/roles/etcd_migrate/tasks/check.yml
@@ -6,7 +6,7 @@
# Run the migration only if the data are v2
- name: Check if there are any v3 data
command: >
- etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints 'https://{{ etcd_peer }}:2379' get "" --from-key --keys-only -w json --limit 1
+ etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints 'https://{{ etcd_peer }}:{{ etcd_client_port }}' get "" --from-key --keys-only -w json --limit 1
environment:
ETCDCTL_API: 3
register: l_etcdctl_output
diff --git a/roles/etcd_migrate/tasks/check_cluster_health.yml b/roles/etcd_migrate/tasks/check_cluster_health.yml
index 1abd6a32f..201d83f99 100644
--- a/roles/etcd_migrate/tasks/check_cluster_health.yml
+++ b/roles/etcd_migrate/tasks/check_cluster_health.yml
@@ -1,7 +1,7 @@
---
- name: Check cluster health
command: >
- etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt --endpoint https://{{ etcd_peer }}:2379 cluster-health
+ etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} --endpoint https://{{ etcd_peer }}:{{ etcd_client_port }} cluster-health
register: etcd_cluster_health
changed_when: false
failed_when: false
diff --git a/roles/etcd_migrate/tasks/check_cluster_status.yml b/roles/etcd_migrate/tasks/check_cluster_status.yml
index 90fe385c1..b69fb5a52 100644
--- a/roles/etcd_migrate/tasks/check_cluster_status.yml
+++ b/roles/etcd_migrate/tasks/check_cluster_status.yml
@@ -2,7 +2,7 @@
# etcd_ip originates from etcd_common role
- name: Check cluster status
command: >
- etcdctl --cert /etc/etcd/peer.crt --key /etc/etcd/peer.key --cacert /etc/etcd/ca.crt --endpoints 'https://{{ etcd_peer }}:2379' -w json endpoint status
+ etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints 'https://{{ etcd_peer }}:{{ etcd_client_port }}' -w json endpoint status
environment:
ETCDCTL_API: 3
register: l_etcd_cluster_status
@@ -15,7 +15,7 @@
# http://docs.ansible.com/ansible/playbooks_filters.html#extracting-values-from-containers
- name: Group all raftIndices into a list
set_fact:
- etcd_members_raft_indices: "{{ groups['oo_etcd_to_config'] | map('extract', hostvars, 'etcd_member_raft_index') | list | unique }}"
+ etcd_members_raft_indices: "{{ groups['oo_etcd_to_migrate'] | map('extract', hostvars, 'etcd_member_raft_index') | list | unique }}"
- name: Check the minimum and the maximum of raftIndices is at most 1
set_fact:
@@ -24,9 +24,9 @@
- debug:
msg: "Raft indices difference: {{ etcd_members_raft_indices_diff }}"
- when: inventory_hostname in groups.oo_etcd_to_config[0]
+ when: inventory_hostname in groups.oo_etcd_to_migrate[0]
# The cluster raft status is ok if the difference of the max and min raft index is at most 1
- name: capture the status
set_fact:
- l_etcd_cluster_status_ok: "{{ hostvars[groups.oo_etcd_to_config[0]]['etcd_members_raft_indices_diff'] | int < 2 }}"
+ l_etcd_cluster_status_ok: "{{ hostvars[groups.oo_etcd_to_migrate[0]]['etcd_members_raft_indices_diff'] | int < 2 }}"
diff --git a/roles/etcd_migrate/tasks/migrate.yml b/roles/etcd_migrate/tasks/migrate.yml
index cb479b0cc..27eb945aa 100644
--- a/roles/etcd_migrate/tasks/migrate.yml
+++ b/roles/etcd_migrate/tasks/migrate.yml
@@ -20,10 +20,12 @@
- name: Check the etcd v2 data are correctly migrated
fail:
msg: "Failed to migrate a member"
- when: "'finished transforming keys' not in l_etcdctl_migrate.stdout"
+ when: "'finished transforming keys' not in l_etcdctl_migrate.stdout and 'no v2 keys to migrate' not in l_etcdctl_migrate.stdout"
+
+- name: Migration message
+ debug:
+ msg: "Etcd migration finished with: {{ l_etcdctl_migrate.stdout }}"
-# TODO(jchaloup): start the etcd on a different port so noone can access it
-# Once the validation is done
- name: Enable etcd member
service:
name: "{{ l_etcd_service }}"
@@ -35,7 +37,7 @@
--cert {{ etcd_peer_cert_file }} \
--key {{ etcd_peer_key_file }} \
--cacert {{ etcd_peer_ca_file }} \
- --etcd-address 'https://{{ etcd_peer }}:2379' \
+ --etcd-address 'https://{{ etcd_peer }}:{{ etcd_client_port }}' \
--ttl-keys-prefix {{ item }} \
--lease-duration 1h
environment:
@@ -43,11 +45,8 @@
with_items:
- "/kubernetes.io/events"
- "/kubernetes.io/masterleases"
+ delegate_to: "{{ groups.oo_first_master[0] }}"
+ run_once: true
- set_fact:
r_etcd_migrate_success: true
-
-- name: Enable etcd member
- service:
- name: "{{ l_etcd_service }}"
- state: started
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index d895e9a68..2eeb2e7ce 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -135,7 +135,7 @@
- name: Determine the latest version of the OpenShift registry deployment
command: |
- oc get deploymentconfig {{ openshift_hosted_registry_name }} \
+ {{ openshift.common.client_binary }} get deploymentconfig {{ openshift_hosted_registry_name }} \
--namespace {{ openshift_hosted_registry_namespace }} \
--config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-o jsonpath='{ .status.latestVersion }'
@@ -143,7 +143,7 @@
- name: Sanity-check that the OpenShift registry rolled out correctly
command: |
- oc get replicationcontroller {{ openshift_hosted_registry_name }}-{{ openshift_hosted_registry_latest_version.stdout }} \
+ {{ openshift.common.client_binary }} get replicationcontroller {{ openshift_hosted_registry_name }}-{{ openshift_hosted_registry_latest_version.stdout }} \
--namespace {{ openshift_hosted_registry_namespace }} \
--config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }'
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml
index 160ae2f5e..c60b67862 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router/router.yml
@@ -92,7 +92,7 @@
- name: Ensure OpenShift router correctly rolls out (best-effort today)
command: |
- oc rollout status deploymentconfig {{ item.name }} \
+ {{ openshift.common.client_binary }} rollout status deploymentconfig {{ item.name }} \
--namespace {{ item.namespace | default('default') }} \
--config {{ openshift.common.config_base }}/master/admin.kubeconfig
async: 600
@@ -102,7 +102,7 @@
- name: Determine the latest version of the OpenShift router deployment
command: |
- oc get deploymentconfig {{ item.name }} \
+ {{ openshift.common.client_binary }} get deploymentconfig {{ item.name }} \
--namespace {{ item.namespace }} \
--config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-o jsonpath='{ .status.latestVersion }'
@@ -111,7 +111,7 @@
- name: Poll for OpenShift router deployment success
command: |
- oc get replicationcontroller {{ item.0.name }}-{{ item.1.stdout }} \
+ {{ openshift.common.client_binary }} get replicationcontroller {{ item.0.name }}-{{ item.1.stdout }} \
--namespace {{ item.0.namespace }} \
--config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }'
diff --git a/roles/openshift_logging_mux/templates/mux.j2 b/roles/openshift_logging_mux/templates/mux.j2
index 1f991d434..c3f9b3433 100644
--- a/roles/openshift_logging_mux/templates/mux.j2
+++ b/roles/openshift_logging_mux/templates/mux.j2
@@ -102,7 +102,7 @@ spec:
- name: USE_MUX
value: "true"
- name: MUX_ALLOW_EXTERNAL
- value: "{{ openshift_logging_mux_allow_external | default('false') }}"
+ value: "{{ openshift_logging_mux_allow_external | default('false') | lower }}"
- name: "BUFFER_QUEUE_LIMIT"
value: "{{ openshift_logging_mux_buffer_queue_limit }}"
- name: "BUFFER_SIZE_LIMIT"
diff --git a/roles/openshift_named_certificates/filter_plugins/openshift_named_certificates.py b/roles/openshift_named_certificates/filter_plugins/openshift_named_certificates.py
new file mode 100644
index 000000000..6ed6d404c
--- /dev/null
+++ b/roles/openshift_named_certificates/filter_plugins/openshift_named_certificates.py
@@ -0,0 +1,21 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+'''
+Custom filters for use with openshift named certificates
+'''
+
+
+class FilterModule(object):
+ ''' Custom ansible filters for use with openshift named certificates'''
+
+ @staticmethod
+ def oo_named_certificates_list(named_certificates):
+ ''' Returns named certificates list with correct fields for the master
+ config file.'''
+ return [{'certFile': named_certificate['certfile'],
+ 'keyFile': named_certificate['keyfile'],
+ 'names': named_certificate['names']} for named_certificate in named_certificates]
+
+ def filters(self):
+ ''' returns a mapping of filters to methods '''
+ return {"oo_named_certificates_list": self.oo_named_certificates_list}