diff options
Diffstat (limited to 'roles')
32 files changed, 344 insertions, 119 deletions
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 1b26af0dd..da11ed0af 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -1,2 +1,2 @@ --- -docker_version: ''
\ No newline at end of file +docker_protect_installed_version: False diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 1f5f891c7..89a248d9e 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -2,10 +2,48 @@ - stat: path=/etc/sysconfig/docker-storage register: docker_storage_check +- name: Get current installed Docker version + command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" + when: not openshift.common.is_atomic | bool + register: curr_docker_version + changed_when: false + +- name: Error out if Docker pre-installed but too old + fail: + msg: "Docker {{ curr_docker_version.stdout }} is installed, but >= 1.9.1 is required." + when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.9.1', '<') and not docker_version is defined and not docker_protect_installed_version | bool + +- name: Error out if requested Docker is too old + fail: + msg: "Docker {{ docker_version }} requested, but >= 1.9.1 is required." + when: docker_version is defined and docker_version | version_compare('1.9.1', '<') + +- name: Get latest available version of Docker + command: > + {{ repoquery_cmd }} --qf '%{version}' "docker" + register: avail_docker_version + failed_when: false + changed_when: false + when: docker_version is defined and not openshift.common.is_atomic | bool + +# If a docker_version was requested, sanity check that we can install or upgrade to it, and +# no downgrade is required. +- name: Fail if Docker version requested but downgrade is required + fail: + msg: "Docker {{ curr_docker_version.stdout }} is installed, but version {{ docker_version }} was requested." + when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and docker_version is defined and curr_docker_version.stdout | version_compare(docker_version, '>') and not docker_protect_installed_version | bool + +# This involves an extremely slow migration process, users should instead run the +# Docker 1.10 upgrade playbook to accomplish this. +- name: Error out if attempting to upgrade Docker across the 1.10 boundary + fail: + msg: "Cannot upgrade Docker to >= 1.10, please use the Docker upgrade playbook for this." + when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.10', '<') and docker_version is defined and docker_version | version_compare('1.10', '>=') and not docker_protect_installed_version | bool + # Make sure Docker is installed, but does not update a running version. # Docker upgrades are handled by a separate playbook. - name: Install Docker - action: "{{ ansible_pkg_mgr }} name=docker state=present" + action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version if docker_version is defined and not docker_protect_installed_version | bool else '' }} state=present" when: not openshift.common.is_atomic | bool - name: Start the Docker service diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml new file mode 100644 index 000000000..4d9768ce7 --- /dev/null +++ b/roles/openshift_ca/tasks/main.yml @@ -0,0 +1,53 @@ +--- +- fail: + msg: "openshift_ca_host variable must be defined for this role" + when: openshift_ca_host is not defined + +- name: Install the base package for admin tooling + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" + when: not openshift.common.is_containerized | bool + register: install_result + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Reload generated facts + openshift_facts: + when: install_result | changed + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Create openshift_ca_config_dir if it does not exist + file: + path: "{{ openshift_ca_config_dir }}" + state: directory + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Determine if CA must be created + stat: + path: "{{ openshift_ca_config_dir }}/{{ item }}" + register: g_master_ca_stat_result + with_items: + - ca.crt + - ca.key + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- set_fact: + master_ca_missing: "{{ False in (g_master_ca_stat_result.results + | oo_collect(attribute='stat.exists') + | list) }}" + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Create the master certificates if they do not already exist + command: > + {{ openshift.common.admin_binary }} create-master-certs + --hostnames={{ openshift_master_hostnames | join(',') }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.public_api_url }} + --cert-dir={{ openshift_ca_config_dir }} + --overwrite=false + when: hostvars[openshift_ca_host].master_ca_missing | bool + delegate_to: "{{ openshift_ca_host }}" + run_once: true diff --git a/roles/openshift_cli/defaults/main.yml b/roles/openshift_cli/defaults/main.yml index 7baa87ab8..ed97d539c 100644 --- a/roles/openshift_cli/defaults/main.yml +++ b/roles/openshift_cli/defaults/main.yml @@ -1,2 +1 @@ --- -openshift_version: "{{ openshift_image_tag | default(openshift.docker.openshift_image_tag | default('')) }}" diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 1cb1e03b9..4d6219b94 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -5,7 +5,7 @@ - name: Pull CLI Image command: > - docker pull {{ openshift.common.cli_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} + docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} when: openshift.common.is_containerized | bool - name: Create /usr/local/bin/openshift cli wrapper @@ -26,6 +26,9 @@ - /usr/local/bin/kubectl when: openshift.common.is_containerized | bool +- name: Reload facts to pick up installed OpenShift version + openshift_facts: + - name: Install bash completion for oc tools action: "{{ ansible_pkg_mgr }} name=bash-completion state=present" when: not openshift.common.is_containerized | bool diff --git a/roles/openshift_cli/templates/openshift.j2 b/roles/openshift_cli/templates/openshift.j2 index 8a3f3a257..7786acead 100644 --- a/roles/openshift_cli/templates/openshift.j2 +++ b/roles/openshift_cli/templates/openshift.j2 @@ -5,7 +5,7 @@ fi cmd=`basename $0` user=`id -u` group=`id -g` -image_tag="{{ openshift_version }}" +image_tag="{{ openshift_image_tag }}" >&2 echo """ ================================================================================ diff --git a/roles/openshift_common/defaults/main.yml b/roles/openshift_common/defaults/main.yml index e46af70c7..267c03605 100644 --- a/roles/openshift_common/defaults/main.yml +++ b/roles/openshift_common/defaults/main.yml @@ -1,4 +1,3 @@ --- openshift_cluster_id: 'default' openshift_debug_level: 2 -openshift_version: "{{ openshift_pkg_version | default('') }}" diff --git a/roles/openshift_common/meta/main.yml b/roles/openshift_common/meta/main.yml index f1cf3e161..cd8c75ec5 100644 --- a/roles/openshift_common/meta/main.yml +++ b/roles/openshift_common/meta/main.yml @@ -14,3 +14,4 @@ galaxy_info: dependencies: - role: openshift_facts - role: openshift_repos +- role: openshift_version diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index 4ec255dbc..ece335fbf 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -29,12 +29,8 @@ data_dir: "{{ openshift_data_dir | default(None) }}" use_dnsmasq: "{{ openshift_use_dnsmasq | default(None) }}" -# Using oo_image_tag_to_rpm_version here is a workaround for how -# openshift_version is set. That value is computed based on either RPM -# versions or image tags. openshift_common's usage requires that it be a RPM -# version and openshift_cli expects it to be an image tag. - name: Install the base package for versioning - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: not openshift.common.is_containerized | bool - name: Set version facts @@ -49,3 +45,4 @@ command: > hostnamectl set-hostname {{ openshift.common.hostname }} when: openshift_set_hostname | default(set_hostname_default) | bool + diff --git a/roles/openshift_docker/defaults/main.yml b/roles/openshift_docker/defaults/main.yml index aebef75d6..ed97d539c 100644 --- a/roles/openshift_docker/defaults/main.yml +++ b/roles/openshift_docker/defaults/main.yml @@ -1,2 +1 @@ --- -upgrading: False diff --git a/roles/openshift_docker/meta/main.yml b/roles/openshift_docker/meta/main.yml index d98f953ea..10131f717 100644 --- a/roles/openshift_docker/meta/main.yml +++ b/roles/openshift_docker/meta/main.yml @@ -12,6 +12,6 @@ galaxy_info: categories: - cloud dependencies: -- role: openshift_repos +- role: openshift_version - role: openshift_docker_facts - role: docker diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml index 9c5887f76..ed97d539c 100644 --- a/roles/openshift_docker/tasks/main.yml +++ b/roles/openshift_docker/tasks/main.yml @@ -1,41 +1 @@ --- -# It's important that we don't explicitly pull this image here. Otherwise we -# could result in upgrading a preinstalled environment. We'll have to set -# openshift_image_tag correctly for upgrades. -- set_fact: - is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}" - # Does the host already have an image tag fact, used to determine if it's a new node - # in non-upgrade scenarios: - has_image_tag_fact: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag is defined }}" - -- name: Set version when containerized - command: > - docker run --rm {{ openshift.common.cli_image }} version - register: cli_image_version - when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool) - -# Use the pre-existing image tag from system facts if present, and we're not upgrading. -# Ignores explicit openshift_image_tag if it's in the inventory, as this isn't an upgrade. -- set_fact: - l_image_tag: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag }}" - when: is_containerized | bool and not upgrading | bool and has_image_tag_fact | bool - -- set_fact: - l_image_tag: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-') if openshift.common.deployment_type == 'origin' else - cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0] }}" - when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool) - -- set_fact: - l_image_tag: "{{ openshift_image_tag }}" - when: is_containerized | bool and openshift_image_tag is defined and (upgrading | bool or not has_image_tag_fact | bool) - -- name: Set post docker install facts - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: docker - local_facts: - openshift_image_tag: "{{ l_image_tag | default(None) }}" - openshift_version: "{{ l_image_tag.split('-')[0] | oo_image_tag_to_rpm_version if l_image_tag is defined else '' }}" - when: is_containerized | bool diff --git a/roles/openshift_docker_facts/defaults/main.yml b/roles/openshift_docker_facts/defaults/main.yml index 7baa87ab8..ed97d539c 100644 --- a/roles/openshift_docker_facts/defaults/main.yml +++ b/roles/openshift_docker_facts/defaults/main.yml @@ -1,2 +1 @@ --- -openshift_version: "{{ openshift_image_tag | default(openshift.docker.openshift_image_tag | default('')) }}" diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index cdea90413..eb8b5e99b 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -34,26 +34,8 @@ - set_fact: docker_options: "--insecure-registry={{ openshift.docker.hosted_registry_network }} {{ openshift.docker.options | default ('') }}" when: openshift.docker.hosted_registry_insecure | default(False) | bool and openshift.docker.hosted_registry_network is defined + register: hosted_registry_options - set_fact: docker_options: "{{ openshift.docker.options | default(omit) }}" - when: not openshift.docker.hosted_registry_insecure | default(False) | bool - -# Avoid docker 1.9 when installing origin < 1.2 or OSE < 3.2 on RHEL/Centos and -# See: https://bugzilla.redhat.com/show_bug.cgi?id=1304038 -- name: Gather common package version - command: > - {{ repoquery_cmd }} --qf '%{version}' "{{ openshift.common.service_type}}" - register: common_version - failed_when: false - changed_when: false - when: not openshift.common.is_containerized | bool - -- set_fact: - l_common_version: "{{ openshift_version | default('0.0', True) | oo_image_tag_to_rpm_version }}" - when: openshift.common.is_containerized | bool - -- set_fact: - l_common_version: "{{ common_version.stdout | default('0.0', True) }}" - when: not openshift.common.is_containerized | bool - + when: hosted_registry_options | skipped diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 211c290d2..54bdbc775 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -7,16 +7,6 @@ """Ansible module for retrieving and setting openshift related facts""" -DOCUMENTATION = ''' ---- -module: openshift_facts -short_description: Cluster Facts -author: Jason DeTiberus -requirements: [ ] -''' -EXAMPLES = ''' -''' - import ConfigParser import copy import io @@ -30,6 +20,17 @@ from dbus import SystemBus, Interface from dbus.exceptions import DBusException +DOCUMENTATION = ''' +--- +module: openshift_facts +short_description: Cluster Facts +author: Jason DeTiberus +requirements: [ ] +''' +EXAMPLES = ''' +''' + + def migrate_docker_facts(facts): """ Apply migrations for docker facts """ params = { @@ -505,10 +506,8 @@ def set_dnsmasq_facts_if_unset(facts): """ if 'common' in facts: - if 'use_dnsmasq' not in facts['common'] and safe_get_bool(facts['common']['version_gte_3_2_or_1_2']): - facts['common']['use_dnsmasq'] = True - else: - facts['common']['use_dnsmasq'] = False + facts['common']['use_dnsmasq'] = bool('use_dnsmasq' not in facts['common'] and + safe_get_bool(facts['common']['version_gte_3_2_or_1_2'])) if 'master' in facts and 'dns_port' not in facts['master']: if safe_get_bool(facts['common']['use_dnsmasq']): facts['master']['dns_port'] = 8053 @@ -832,7 +831,7 @@ def set_version_facts_if_unset(facts): if 'common' in facts: deployment_type = facts['common']['deployment_type'] version = get_openshift_version(facts) - if version is not None: + if version: facts['common']['version'] = version if deployment_type == 'origin': version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('1.1.0') @@ -1126,7 +1125,9 @@ def get_docker_version_info(): return result def get_openshift_version(facts): - """ Get current version of openshift on the host + """ Get current version of openshift on the host. + + Checks a variety of ways ranging from fastest to slowest. Args: facts (dict): existing facts @@ -1146,18 +1147,40 @@ def get_openshift_version(facts): if os.path.isfile('/usr/bin/openshift'): _, output, _ = module.run_command(['/usr/bin/openshift', 'version']) version = parse_openshift_version(output) - - # openshift_facts runs before openshift_docker_facts. However, it will be - # called again and set properly throughout the playbook run. This could be - # refactored to simply set the openshift.common.version in the - # openshift_docker_facts role but it would take reworking some assumptions - # on how get_openshift_version is called. - if 'is_containerized' in facts['common'] and safe_get_bool(facts['common']['is_containerized']): - if 'docker' in facts and 'openshift_version' in facts['docker']: - version = facts['docker']['openshift_version'] + elif 'common' in facts and 'is_containerized' in facts['common']: + version = get_container_openshift_version(facts) + + # Handle containerized masters that have not yet been configured as a node. + # This can be very slow and may get re-run multiple times, so we only use this + # if other methods failed to find a version. + if not version and os.path.isfile('/usr/local/bin/openshift'): + _, output, _ = module.run_command(['/usr/local/bin/openshift', 'version']) + version = parse_openshift_version(output) return version + +def get_container_openshift_version(facts): + """ + If containerized, see if we can determine the installed version via the + systemd environment files. + """ + for filename in ['/etc/sysconfig/%s-master', '/etc/sysconfig/%s-node']: + env_path = filename % facts['common']['service_type'] + if not os.path.exists(env_path): + continue + + with open(env_path) as env_file: + for line in env_file: + if line.startswith("IMAGE_VERSION="): + tag = line[len("IMAGE_VERSION="):].strip() + # Remove leading "v" and any trailing release info, we just want + # a version number here: + version = tag[1:].split("-")[0] + return version + return None + + def parse_openshift_version(output): """ Apply provider facts to supplied facts dict @@ -1167,7 +1190,11 @@ def parse_openshift_version(output): string: the version number """ versions = dict(e.split(' v') for e in output.splitlines() if ' v' in e) - return versions.get('openshift', '') + ver = versions.get('openshift', '') + # Remove trailing build number and commit hash from older versions, we need to return a straight + # w.x.y.z version here for use as openshift_version throughout the playbooks/roles. (i.e. 3.1.1.6-64-g80b61da) + ver = ver.split('-')[0] + return ver def apply_provider_facts(facts, provider_facts): @@ -1747,10 +1774,7 @@ class OpenShiftFacts(object): if 'clock' in roles: exit_code, _, _ = module.run_command(['rpm', '-q', 'chrony']) - if exit_code == 0: - chrony_installed = True - else: - chrony_installed = False + chrony_installed = bool(exit_code == 0) defaults['clock'] = dict( enabled=True, chrony_installed=chrony_installed) diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index ca1a9b1e4..c3723672d 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -41,3 +41,8 @@ no_proxy: "{{ openshift_no_proxy | default(None) }}" generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}" + +- name: Set repoquery command + set_fact: + repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" + diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index dbd62c80f..14a1daf6c 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -1,4 +1,4 @@ --- openshift_node_ips: [] # TODO: update setting these values based on the facts -openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}" +#openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 28faee155..7a80ed8e3 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -24,12 +24,12 @@ when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and openshift.common.is_containerized | bool - name: Install Master package - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: not openshift.common.is_containerized | bool - name: Pull master image command: > - docker pull {{ openshift.master.master_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} + docker pull {{ openshift.master.master_image }}:{{ openshift_image_tag }} when: openshift.common.is_containerized | bool - name: Create openshift.common.data_dir diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 3d532db04..75d44d308 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -1,7 +1,7 @@ OPTIONS=--loglevel={{ openshift.master.debug_level }} CONFIG_FILE={{ openshift_master_config_file }} {% if openshift.common.is_containerized | bool %} -IMAGE_VERSION={{ openshift_version }} +IMAGE_VERSION={{ openshift_image_tag }} {% endif %} {% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index ab560b1bd..41308bd81 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -1,7 +1,7 @@ OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }} CONFIG_FILE={{ openshift_master_config_file }} {% if openshift.common.is_containerized | bool %} -IMAGE_VERSION={{ openshift_version }} +IMAGE_VERSION={{ openshift_image_tag }} {% endif %} {% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 1a83b98e1..37a5d75f2 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -1,7 +1,7 @@ OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }} CONFIG_FILE={{ openshift_master_config_file }} {% if openshift.common.is_containerized | bool %} -IMAGE_VERSION={{ openshift_version }} +IMAGE_VERSION={{ openshift_image_tag }} {% endif %} {% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 4b7ef1d84..ae99467f0 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -1,6 +1,7 @@ --- + - name: Install the base package for admin tooling - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version }} state=present" + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: not openshift.common.is_containerized | bool register: install_result diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml index b35339b18..1f6af808c 100644 --- a/roles/openshift_master_ca/vars/main.yml +++ b/roles/openshift_master_ca/vars/main.yml @@ -3,4 +3,3 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" -openshift_version: "{{ openshift_pkg_version | default('') }}" diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index efff5d6cd..fffbf2994 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,2 +1,15 @@ --- -openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}" +os_firewall_allow: +- service: Kubernetes kubelet + port: 10250/tcp +- service: http + port: 80/tcp +- service: https + port: 443/tcp +- service: Openshift kubelet ReadOnlyPort + port: 10255/tcp +- service: Openshift kubelet ReadOnlyPort udp + port: 10255/udp +- service: OpenShift OVS sdn + port: 4789/udp + when: openshift.node.use_openshift_sdn | bool diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 165010afb..97a21544d 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -31,21 +31,21 @@ # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging. - name: Install Node package - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: not openshift.common.is_containerized | bool - name: Install sdn-ovs package - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool - name: Pull node image command: > - docker pull {{ openshift.node.node_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} + docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }} when: openshift.common.is_containerized | bool - name: Pull OpenVSwitch image command: > - docker pull {{ openshift.node.ovs_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} + docker pull {{ openshift.node.ovs_image }}:{{ openshift_image_tag }} when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool - name: Install the systemd units diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index e2a268260..39e5386d4 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -44,6 +44,6 @@ - regex: '^CONFIG_FILE=' line: "CONFIG_FILE={{ openshift_node_config_file }}" - regex: '^IMAGE_VERSION=' - line: "IMAGE_VERSION={{ openshift_version }}" + line: "IMAGE_VERSION={{ openshift_image_tag }}" notify: - restart node diff --git a/roles/openshift_node/templates/openvswitch.sysconfig.j2 b/roles/openshift_node/templates/openvswitch.sysconfig.j2 index 1f8c20e07..da7c3742a 100644 --- a/roles/openshift_node/templates/openvswitch.sysconfig.j2 +++ b/roles/openshift_node/templates/openvswitch.sysconfig.j2 @@ -1 +1 @@ -IMAGE_VERSION={{ openshift_version }} +IMAGE_VERSION={{ openshift_image_tag }} diff --git a/roles/openshift_version/defaults/main.yml b/roles/openshift_version/defaults/main.yml new file mode 100644 index 000000000..01a1a7472 --- /dev/null +++ b/roles/openshift_version/defaults/main.yml @@ -0,0 +1,2 @@ +--- +openshift_protect_installed_version: True diff --git a/roles/openshift_version/meta/main.yml b/roles/openshift_version/meta/main.yml new file mode 100644 index 000000000..70974da17 --- /dev/null +++ b/roles/openshift_version/meta/main.yml @@ -0,0 +1,18 @@ +--- +galaxy_info: + author: Devan Goodwin + description: Determines the version of OpenShift to install or upgrade to + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_repos +- role: openshift_docker_facts +- role: docker + when: openshift.common.is_containerized | default(False) | bool diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml new file mode 100644 index 000000000..2d96d2765 --- /dev/null +++ b/roles/openshift_version/tasks/main.yml @@ -0,0 +1,76 @@ +--- +# Determine the openshift_version to configure if none has been specified or set previously. + +- set_fact: + is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}" + +# Block attempts to install origin without specifying some kind of version information. +# This is because the latest tags for origin are usually alpha builds, which should not +# be used by default. Users must indicate what they want. +- fail: + msg: "Must specify openshift_release or openshift_image_tag in inventory to install origin. (suggestion: add openshift_release=\"1.2\" to inventory)" + when: is_containerized | bool and openshift.common.deployment_type == 'origin' and openshift_release is not defined and openshift_image_tag is not defined + +# Normalize some values that we need in a certain format that might be confusing: +- set_fact: + openshift_release: "{{ openshift_release[1:] }}" + when: openshift_release is defined and openshift_release[0] == 'v' + +- set_fact: + openshift_image_tag: "{{ 'v' + openshift_image_tag }}" + when: openshift_image_tag is defined and openshift_image_tag[0] != 'v' + +- set_fact: + openshift_pkg_version: "{{ '-' + openshift_pkg_version }}" + when: openshift_pkg_version is defined and openshift_pkg_version[0] != '-' + +# Make sure we copy this to a fact if given a var: +- set_fact: + openshift_version: "{{ openshift_version }}" + when: openshift_version is defined + +# Protect the installed version by default unless explicitly told not to, or given an +# openshift_version already. +- name: Use openshift.common.version fact as version to configure if already installed + set_fact: + openshift_version: "{{ openshift.common.version }}" + when: openshift.common.version is defined and openshift_version is not defined and openshift_protect_installed_version | bool + +- name: Set openshift_version for rpm installation + include: set_version_rpm.yml + when: not is_containerized | bool + +- name: Set openshift_version for containerized installation + include: set_version_containerized.yml + when: is_containerized | bool + +# At this point we know openshift_version is set appropriately. Now we set +# openshift_image_tag and openshift_pkg_version, so all roles can always assume +# each of this variables *will* be set correctly and can use them per their +# intended purpose. + +- set_fact: + openshift_image_tag: v{{ openshift_version }} + when: openshift_image_tag is not defined + +- set_fact: + openshift_pkg_version: -{{ openshift_version }} + when: openshift_pkg_version is not defined + +- fail: + msg: openshift_version role was unable to set openshift_version + when: openshift_version is not defined + +- fail: + msg: openshift_version role was unable to set openshift_image_tag + when: openshift_image_tag is not defined + +- fail: + msg: openshift_version role was unable to set openshift_pkg_version + when: openshift_pkg_version is not defined + +# We can't map an openshift_release to full rpm version like we can with containers, make sure +# the rpm version we looked up matches the release requested and error out if not. +- fail: + msg: "Detected openshift version {{ openshift_version }} does not match requested openshift_release {{ openshift_release }}. You may need to adjust your yum repositories or specify an exact openshift_pkg_version." + when: not is_containerized | bool and openshift_release is defined and not openshift_version.startswith(openshift_release) | bool diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml new file mode 100644 index 000000000..8e2702391 --- /dev/null +++ b/roles/openshift_version/tasks/set_version_containerized.yml @@ -0,0 +1,39 @@ +--- +- name: Set containerized version to configure if openshift_image_tag specified + set_fact: + # Expects a leading "v" in inventory, strip it off here: + openshift_version: "{{ openshift_image_tag[1:].split('-')[0] }}" + when: openshift_image_tag is defined and openshift_version is not defined + +- name: Set containerized version to configure if openshift_release specified + set_fact: + openshift_version: "{{ openshift_release }}" + when: openshift_release is defined and openshift_version is not defined + +- name: Lookup latest containerized version if no version specified + command: > + docker run --rm {{ openshift.common.cli_image }}:latest version + register: cli_image_version + when: openshift_version is not defined + +# Origin latest = pre-release version (i.e. v1.3.0-alpha.1-321-gb095e3a) +- set_fact: + openshift_version: "{{ (cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-'))[1:] }}" + when: openshift_version is not defined and openshift.common.deployment_type == 'origin' and cli_image_version.stdout_lines[0].split('-') | length > 1 + +- set_fact: + openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" + when: openshift_version is not defined + +# If we got an openshift_version like "3.2", lookup the latest 3.2 container version +# and use that value instead. +- name: Set precise containerized version to configure if openshift_release specified + command: > + docker run --rm {{ openshift.common.cli_image }}:v{{ openshift_version }} version + register: cli_image_version + when: openshift_version is defined and openshift_version.split('.') | length == 2 + +- set_fact: + openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" + when: openshift_version is defined and openshift_version.split('.') | length == 2 + diff --git a/roles/openshift_version/tasks/set_version_rpm.yml b/roles/openshift_version/tasks/set_version_rpm.yml new file mode 100644 index 000000000..7fa74e24f --- /dev/null +++ b/roles/openshift_version/tasks/set_version_rpm.yml @@ -0,0 +1,18 @@ +--- +- name: Set rpm version to configure if openshift_pkg_version specified + set_fact: + # Expects a leading "-" in inventory, strip it off here, and remove trailing release, + openshift_version: "{{ openshift_pkg_version[1:].split('-')[0] }}" + when: openshift_pkg_version is defined and openshift_version is not defined + +- name: Gather common package version + command: > + {{ repoquery_cmd }} --qf '%{version}' "{{ openshift.common.service_type}}" + register: common_version + failed_when: false + changed_when: false + when: openshift_version is not defined + +- set_fact: + openshift_version: "{{ common_version.stdout | default('0.0', True) }}" + when: openshift_version is not defined |