diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/docker/vars/main.yml | 1 | ||||
| -rw-r--r-- | roles/openshift_docker_facts/vars/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_examples/tasks/main.yml | 43 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/storage_plugins/nfs.yml | 7 | ||||
| -rwxr-xr-x | roles/os_firewall/library/os_firewall_manage_iptables.py | 10 |
5 files changed, 16 insertions, 47 deletions
diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml index 606cdb9b9..f81f99e2b 100644 --- a/roles/docker/vars/main.yml +++ b/roles/docker/vars/main.yml @@ -1,3 +1,2 @@ --- -repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" udevw_udevd_dir: /etc/systemd/system/systemd-udevd.service.d diff --git a/roles/openshift_docker_facts/vars/main.yml b/roles/openshift_docker_facts/vars/main.yml index f7ad1b329..55c04b0c1 100644 --- a/roles/openshift_docker_facts/vars/main.yml +++ b/roles/openshift_docker_facts/vars/main.yml @@ -1,2 +1,2 @@ --- -repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" +repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index e9966d735..fb10188f2 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -1,46 +1,9 @@ --- -###################################################################### -# Copying Examples -# -# We used to use the copy module to transfer the openshift examples to -# the remote. Then it started taking more than a minute to transfer -# the files. As noted in the module: -# -# "The 'copy' module recursively copy facility does not scale to -# lots (>hundreds) of files." -# -# The `synchronize` module is suggested as an alternative, we can't -# use it either due to changes introduced in Ansible 2.x. -- name: Create local temp dir for OpenShift examples copy - local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX - become: False - register: copy_examples_mktemp - run_once: True - -- name: Create tar of OpenShift examples - local_action: command tar -C "{{ role_path }}/files/examples/{{ content_version }}/" -cvf "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar" . - become: False - register: copy_examples_tar - -- name: Create the remote OpenShift examples directory - file: - dest: "{{ examples_base }}" - state: directory - mode: 0755 - -- name: Unarchive the OpenShift examples on the remote - unarchive: - src: "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar" +- name: Copy openshift examples + copy: + src: "examples/{{ content_version }}/" dest: "{{ examples_base }}/" -- name: Cleanup the OpenShift Examples temp dir - become: False - local_action: file dest="{{ copy_examples_mktemp.stdout }}" state=absent - -# Done copying examples -###################################################################### -# Begin image streams - - name: Modify registry paths if registry_url is not registry.access.redhat.com shell: > find {{ examples_base }} -type f | xargs -n 1 sed -i 's|registry.access.redhat.com|{{ registry_host | quote }}|g' diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 14a613786..8380714d4 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -9,3 +9,10 @@ state: yes persistent: yes when: ansible_selinux and ansible_selinux.status == "enabled" + +- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) + seboolean: + name: virt_sandbox_use_nfs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" diff --git a/roles/os_firewall/library/os_firewall_manage_iptables.py b/roles/os_firewall/library/os_firewall_manage_iptables.py index 1cb539a8c..190016c14 100755 --- a/roles/os_firewall/library/os_firewall_manage_iptables.py +++ b/roles/os_firewall/library/os_firewall_manage_iptables.py @@ -37,14 +37,14 @@ class IpTablesSaveError(IpTablesError): class IpTablesCreateChainError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateChainError, self).__init__(msg, cmd, exit_code, output) self.chain = chain class IpTablesCreateJumpRuleError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateJumpRuleError, self).__init__(msg, cmd, exit_code, output) self.chain = chain @@ -152,11 +152,11 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes continue last_rule_target = rule[1] - # Naively assume that if the last row is a REJECT rule, then - # we can add insert our rule right before it, otherwise we + # Naively assume that if the last row is a REJECT or DROP rule, + # then we can insert our rule right before it, otherwise we # assume that we can just append the rule. if (last_rule_num and last_rule_target - and last_rule_target == 'REJECT'): + and last_rule_target in ['REJECT', 'DROP']): # insert rule cmd = self.cmd + ['-I', self.jump_rule_chain, str(last_rule_num)] |