summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/cockpit-ui/tasks/main.yml5
-rw-r--r--roles/etcd/tasks/main.yml5
-rw-r--r--roles/etcd_client_certificates/tasks/main.yml3
-rw-r--r--roles/etcd_server_certificates/tasks/main.yml3
-rw-r--r--roles/openshift_cloud_provider/templates/openstack.conf.j25
-rw-r--r--roles/openshift_examples/tasks/main.yml4
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py12
-rw-r--r--roles/openshift_manage_node/tasks/main.yml10
-rw-r--r--roles/openshift_master/handlers/main.yml4
-rw-r--r--roles/openshift_master/tasks/main.yml3
-rw-r--r--roles/openshift_metrics/handlers/main.yml4
-rw-r--r--roles/openshift_named_certificates/tasks/main.yml6
-rw-r--r--roles/openshift_node/tasks/main.yml8
-rw-r--r--roles/openshift_node/tasks/systemd_units.yml8
-rw-r--r--roles/openshift_node/templates/node.yaml.v1.j22
-rw-r--r--roles/openshift_node_certificates/tasks/main.yml3
-rw-r--r--roles/openshift_repos/handlers/main.yml4
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml4
18 files changed, 70 insertions, 23 deletions
diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml
index 9fc15ee8b..953357392 100644
--- a/roles/cockpit-ui/tasks/main.yml
+++ b/roles/cockpit-ui/tasks/main.yml
@@ -50,13 +50,10 @@
register: registry_console_cockpit_kube_url
changed_when: false
-- set_fact:
- cockpit_image_prefix: "{{ '-p IMAGE_PREFIX=' ~ openshift_cockpit_deployer_prefix | default('') }}"
-
- name: Deploy registry-console
command: >
{{ openshift.common.client_binary }} new-app --template=registry-console
- {{ cockpit_image_prefix }}
+ {% if openshift_cockpit_deployer_prefix is defined %}-p IMAGE_PREFIX="{{ openshift_cockpit_deployer_prefix }}"{% endif %}
-p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}"
-p REGISTRY_HOST="{{ docker_registry_route.stdout }}"
-p COCKPIT_KUBE_URL="{{ registry_console_cockpit_kube_url.stdout }}"
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index ba4136327..2bc6a8678 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -34,16 +34,17 @@
command: systemctl show etcd.service
register: etcd_show
changed_when: false
+ failed_when: false
- name: Disable system etcd when containerized
- when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout
+ when: etcd_is_containerized | bool and etcd_show.rc == 0 and 'LoadState=not-found' not in etcd_show.stdout
service:
name: etcd
state: stopped
enabled: no
- name: Mask system etcd when containerized
- when: etcd_is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout
+ when: etcd_is_containerized | bool and etcd_show.rc == 0 and 'LoadState=not-found' not in etcd_show.stdout
command: systemctl mask etcd
- name: Reload systemd units
diff --git a/roles/etcd_client_certificates/tasks/main.yml b/roles/etcd_client_certificates/tasks/main.yml
index 275aa0a63..93f4fd53c 100644
--- a/roles/etcd_client_certificates/tasks/main.yml
+++ b/roles/etcd_client_certificates/tasks/main.yml
@@ -93,6 +93,9 @@
-C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} .
args:
creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
+ # Disables the following warning:
+ # Consider using unarchive module rather than running tar
+ warn: no
when: etcd_client_certs_missing | bool
delegate_to: "{{ etcd_ca_host }}"
diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd_server_certificates/tasks/main.yml
index 718515023..d66a0a7bf 100644
--- a/roles/etcd_server_certificates/tasks/main.yml
+++ b/roles/etcd_server_certificates/tasks/main.yml
@@ -114,6 +114,9 @@
-C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} .
args:
creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
+ # Disables the following warning:
+ # Consider using unarchive module rather than running tar
+ warn: no
when: etcd_server_certs_missing | bool
delegate_to: "{{ etcd_ca_host }}"
diff --git a/roles/openshift_cloud_provider/templates/openstack.conf.j2 b/roles/openshift_cloud_provider/templates/openstack.conf.j2
index ce452db24..313ee02b4 100644
--- a/roles/openshift_cloud_provider/templates/openstack.conf.j2
+++ b/roles/openshift_cloud_provider/templates/openstack.conf.j2
@@ -2,6 +2,11 @@
auth-url = {{ openshift_cloudprovider_openstack_auth_url }}
username = {{ openshift_cloudprovider_openstack_username }}
password = {{ openshift_cloudprovider_openstack_password }}
+{% if openshift_cloudprovider_openstack_domain_id is defined %}
+domain-id = {{ openshift_cloudprovider_openstack_domain_id }}
+{% elif openshift_cloudprovider_openstack_domain_name is defined %}
+domain-name = {{ openshift_cloudprovider_openstack_domain_name }}
+{% endif %}
{% if openshift_cloudprovider_openstack_tenant_id is defined %}
tenant-id = {{ openshift_cloudprovider_openstack_tenant_id }}
{% else %}
diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml
index 058ad8888..82536e8af 100644
--- a/roles/openshift_examples/tasks/main.yml
+++ b/roles/openshift_examples/tasks/main.yml
@@ -19,6 +19,10 @@
- name: Create tar of OpenShift examples
local_action: command tar -C "{{ role_path }}/files/examples/{{ content_version }}/" -cvf "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar" .
+ args:
+ # Disables the following warning:
+ # Consider using unarchive module rather than running tar
+ warn: no
become: False
register: copy_examples_tar
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 621306e67..d36926e08 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -149,6 +149,7 @@ def hostname_valid(hostname):
if (not hostname or
hostname.startswith('localhost') or
hostname.endswith('localdomain') or
+ hostname.endswith('novalocal') or
len(hostname.split('.')) < 2):
return False
@@ -918,6 +919,14 @@ def set_sdn_facts_if_unset(facts, system_facts):
return facts
+def set_nodename(facts):
+ if 'node' in facts and 'common' in facts:
+ if 'cloudprovider' in facts and facts['cloudprovider']['kind'] == 'openstack':
+ facts['node']['nodename'] = facts['provider']['metadata']['hostname'].replace('.novalocal', '')
+ else:
+ facts['node']['nodename'] = facts['common']['hostname'].lower()
+ return facts
+
def migrate_oauth_template_facts(facts):
"""
Migrate an old oauth template fact to a newer format if it's present.
@@ -1220,7 +1229,7 @@ def apply_provider_facts(facts, provider_facts):
facts['common'][h_var] = choose_hostname(
[provider_facts['network'].get(h_var)],
- facts['common'][ip_var]
+ facts['common'][h_var]
)
facts['provider'] = provider_facts
@@ -1701,6 +1710,7 @@ class OpenShiftFacts(object):
facts = set_proxy_facts(facts)
if not safe_get_bool(facts['common']['is_containerized']):
facts = set_installed_variant_rpm_facts(facts)
+ facts = set_nodename(facts)
return dict(openshift=facts)
def get_defaults(self, roles, deployment_type, deployment_subtype):
diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml
index f45ade751..d1cc5b274 100644
--- a/roles/openshift_manage_node/tasks/main.yml
+++ b/roles/openshift_manage_node/tasks/main.yml
@@ -14,7 +14,7 @@
- name: Wait for Node Registration
command: >
- {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.common.hostname | lower }}
+ {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.node.nodename }}
--config={{ openshift_manage_node_kubeconfig }}
-n default
register: omd_get_node
@@ -26,19 +26,19 @@
- name: Set node schedulability
command: >
- {{ openshift.common.admin_binary }} manage-node {{ hostvars[item].openshift.common.hostname | lower }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }}
+ {{ openshift.common.admin_binary }} manage-node {{ hostvars[item].openshift.node.nodename }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }}
--config={{ openshift_manage_node_kubeconfig }}
-n default
with_items: "{{ openshift_nodes }}"
- when: hostvars[item].openshift.common.hostname is defined
+ when: hostvars[item].openshift.node.nodename is defined
- name: Label nodes
command: >
- {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.common.hostname | lower }} {{ hostvars[item].openshift.node.labels | oo_combine_dict }}
+ {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.node.nodename }} {{ hostvars[item].openshift.node.labels | oo_combine_dict }}
--config={{ openshift_manage_node_kubeconfig }}
-n default
with_items: "{{ openshift_nodes }}"
- when: hostvars[item].openshift.common.hostname is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {}
+ when: hostvars[item].openshift.node.nodename is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {}
- name: Delete temp directory
file:
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml
index edb7369de..913f3b0ae 100644
--- a/roles/openshift_master/handlers/main.yml
+++ b/roles/openshift_master/handlers/main.yml
@@ -24,6 +24,10 @@
--cacert {{ openshift.common.config_base }}/master/ca.crt
{% endif %}
{{ openshift.master.api_url }}/healthz/ready
+ args:
+ # Disables the following warning:
+ # Consider using get_url or uri module rather than running curl
+ warn: no
register: api_available_output
until: api_available_output.stdout == 'ok'
retries: 120
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index d8a4aa9bb..ce2f96723 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -178,13 +178,14 @@
command: systemctl show {{ openshift.common.service_type }}-master.service
register: master_svc_show
changed_when: false
+ failed_when: false
- name: Stop and disable non-HA master when running HA
service:
name: "{{ openshift.common.service_type }}-master"
enabled: no
state: stopped
- when: openshift_master_ha | bool and 'LoadState=not-found' not in master_svc_show.stdout
+ when: openshift_master_ha | bool and master_svc_show.rc == 0 and 'LoadState=not-found' not in master_svc_show.stdout
- set_fact:
master_service_status_changed: "{{ start_result | changed }}"
diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml
index edb7369de..913f3b0ae 100644
--- a/roles/openshift_metrics/handlers/main.yml
+++ b/roles/openshift_metrics/handlers/main.yml
@@ -24,6 +24,10 @@
--cacert {{ openshift.common.config_base }}/master/ca.crt
{% endif %}
{{ openshift.master.api_url }}/healthz/ready
+ args:
+ # Disables the following warning:
+ # Consider using get_url or uri module rather than running curl
+ warn: no
register: api_available_output
until: api_available_output.stdout == 'ok'
retries: 120
diff --git a/roles/openshift_named_certificates/tasks/main.yml b/roles/openshift_named_certificates/tasks/main.yml
index 7f20cf401..1bcf9ef67 100644
--- a/roles/openshift_named_certificates/tasks/main.yml
+++ b/roles/openshift_named_certificates/tasks/main.yml
@@ -28,19 +28,19 @@
- name: Land named certificates
copy:
src: "{{ item.certfile }}"
- dest: "{{ named_certs_dir }}"
+ dest: "{{ named_certs_dir }}/{{ item.certfile | basename }}"
with_items: "{{ named_certificates }}"
- name: Land named certificate keys
copy:
src: "{{ item.keyfile }}"
- dest: "{{ named_certs_dir }}"
+ dest: "{{ named_certs_dir }}/{{ item.keyfile | basename }}"
mode: 0600
with_items: "{{ named_certificates }}"
- name: Land named CA certificates
copy:
src: "{{ item }}"
- dest: "{{ named_certs_dir }}"
+ dest: "{{ named_certs_dir }}/{{ item | basename }}"
mode: 0600
with_items: "{{ named_certificates | oo_collect('cafile') }}"
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 995169dd6..be07bd2d3 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -93,9 +93,9 @@
create: true
with_items:
- regex: '^AWS_ACCESS_KEY_ID='
- line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }}"
+ line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key | default('') }}"
- regex: '^AWS_SECRET_ACCESS_KEY='
- line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }}"
+ line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key | default('') }}"
when: "openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined"
notify:
- restart node
@@ -134,6 +134,10 @@
command: >
curl --silent --cacert {{ openshift.common.config_base }}/node/ca.crt
{{ openshift_node_master_api_url }}/healthz/ready
+ args:
+ # Disables the following warning:
+ # Consider using get_url or uri module rather than running curl
+ warn: no
register: api_available_output
until: api_available_output.stdout == 'ok'
retries: 120
diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml
index 98ef1ffd4..a2192a4d0 100644
--- a/roles/openshift_node/tasks/systemd_units.yml
+++ b/roles/openshift_node/tasks/systemd_units.yml
@@ -56,12 +56,12 @@
create: true
with_items:
- regex: '^HTTP_PROXY='
- line: "HTTP_PROXY={{ openshift.common.http_proxy }}"
+ line: "HTTP_PROXY={{ openshift.common.http_proxy | default('') }}"
- regex: '^HTTPS_PROXY='
- line: "HTTPS_PROXY={{ openshift.common.https_proxy }}"
+ line: "HTTPS_PROXY={{ openshift.common.https_proxy | default('') }}"
- regex: '^NO_PROXY='
- line: "NO_PROXY={{ openshift.common.no_proxy | join(',') }},{{ openshift.common.portal_net }},{{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }}"
- when: "{{ openshift.common.http_proxy is defined and openshift.common.http_proxy != '' }}"
+ line: "NO_PROXY={{ openshift.common.no_proxy | default([]) | join(',') }},{{ openshift.common.portal_net }},{{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }}"
+ when: ('http_proxy' in openshift.common and openshift.common.http_proxy != '')
notify:
- restart node
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index 68d153052..9bcaf4d84 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -33,7 +33,7 @@ networkConfig:
{% if openshift.node.set_node_ip | bool %}
nodeIP: {{ openshift.common.ip }}
{% endif %}
-nodeName: {{ openshift.common.hostname | lower }}
+nodeName: {{ openshift.node.nodename }}
podManifestConfig:
servingInfo:
bindAddress: 0.0.0.0:10250
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
index fef7caab8..a729b4d6c 100644
--- a/roles/openshift_node_certificates/tasks/main.yml
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -91,6 +91,9 @@
-C {{ openshift_node_generated_config_dir }} .
args:
creates: "{{ openshift_node_generated_config_dir }}.tgz"
+ # Disables the following warning:
+ # Consider using unarchive module rather than running tar
+ warn: no
when: node_certs_missing | bool
delegate_to: "{{ openshift_ca_host }}"
diff --git a/roles/openshift_repos/handlers/main.yml b/roles/openshift_repos/handlers/main.yml
index 198fc7d6e..cdb0d8a48 100644
--- a/roles/openshift_repos/handlers/main.yml
+++ b/roles/openshift_repos/handlers/main.yml
@@ -1,3 +1,7 @@
---
- name: refresh cache
command: "{{ ansible_pkg_mgr }} clean all"
+ args:
+ # Disables the following warning:
+ # Consider using yum module rather than running yum
+ warn: no
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 774916798..470d4f4f9 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -1,6 +1,10 @@
---
- name: Check if firewalld is installed
command: rpm -q firewalld
+ args:
+ # Disables the following warning:
+ # Consider using yum, dnf or zypper module rather than running rpm
+ warn: no
register: pkg_check
failed_when: pkg_check.rc > 1
changed_when: no