summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/docker/defaults/main.yml2
-rw-r--r--roles/docker/tasks/main.yml40
-rw-r--r--roles/openshift_ca/tasks/main.yml53
-rw-r--r--roles/openshift_cli/defaults/main.yml1
-rw-r--r--roles/openshift_cli/tasks/main.yml5
-rw-r--r--roles/openshift_cli/templates/openshift.j22
-rw-r--r--roles/openshift_common/defaults/main.yml1
-rw-r--r--roles/openshift_common/meta/main.yml1
-rw-r--r--roles/openshift_common/tasks/main.yml7
-rw-r--r--roles/openshift_docker/defaults/main.yml1
-rw-r--r--roles/openshift_docker/meta/main.yml2
-rw-r--r--roles/openshift_docker/tasks/main.yml40
-rw-r--r--roles/openshift_docker_facts/defaults/main.yml1
-rw-r--r--roles/openshift_docker_facts/tasks/main.yml22
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py84
-rw-r--r--roles/openshift_facts/tasks/main.yml5
-rw-r--r--roles/openshift_master/defaults/main.yml2
-rw-r--r--roles/openshift_master/tasks/main.yml4
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master.j22
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j22
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j22
-rw-r--r--roles/openshift_master_ca/tasks/main.yml3
-rw-r--r--roles/openshift_master_ca/vars/main.yml1
-rw-r--r--roles/openshift_node/defaults/main.yml15
-rw-r--r--roles/openshift_node/tasks/main.yml8
-rw-r--r--roles/openshift_node/tasks/systemd_units.yml2
-rw-r--r--roles/openshift_node/templates/openvswitch.sysconfig.j22
-rw-r--r--roles/openshift_version/defaults/main.yml2
-rw-r--r--roles/openshift_version/meta/main.yml18
-rw-r--r--roles/openshift_version/tasks/main.yml76
-rw-r--r--roles/openshift_version/tasks/set_version_containerized.yml39
-rw-r--r--roles/openshift_version/tasks/set_version_rpm.yml18
32 files changed, 344 insertions, 119 deletions
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index 1b26af0dd..da11ed0af 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -1,2 +1,2 @@
---
-docker_version: '' \ No newline at end of file
+docker_protect_installed_version: False
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 1f5f891c7..89a248d9e 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -2,10 +2,48 @@
- stat: path=/etc/sysconfig/docker-storage
register: docker_storage_check
+- name: Get current installed Docker version
+ command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker"
+ when: not openshift.common.is_atomic | bool
+ register: curr_docker_version
+ changed_when: false
+
+- name: Error out if Docker pre-installed but too old
+ fail:
+ msg: "Docker {{ curr_docker_version.stdout }} is installed, but >= 1.9.1 is required."
+ when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.9.1', '<') and not docker_version is defined and not docker_protect_installed_version | bool
+
+- name: Error out if requested Docker is too old
+ fail:
+ msg: "Docker {{ docker_version }} requested, but >= 1.9.1 is required."
+ when: docker_version is defined and docker_version | version_compare('1.9.1', '<')
+
+- name: Get latest available version of Docker
+ command: >
+ {{ repoquery_cmd }} --qf '%{version}' "docker"
+ register: avail_docker_version
+ failed_when: false
+ changed_when: false
+ when: docker_version is defined and not openshift.common.is_atomic | bool
+
+# If a docker_version was requested, sanity check that we can install or upgrade to it, and
+# no downgrade is required.
+- name: Fail if Docker version requested but downgrade is required
+ fail:
+ msg: "Docker {{ curr_docker_version.stdout }} is installed, but version {{ docker_version }} was requested."
+ when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and docker_version is defined and curr_docker_version.stdout | version_compare(docker_version, '>') and not docker_protect_installed_version | bool
+
+# This involves an extremely slow migration process, users should instead run the
+# Docker 1.10 upgrade playbook to accomplish this.
+- name: Error out if attempting to upgrade Docker across the 1.10 boundary
+ fail:
+ msg: "Cannot upgrade Docker to >= 1.10, please use the Docker upgrade playbook for this."
+ when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.10', '<') and docker_version is defined and docker_version | version_compare('1.10', '>=') and not docker_protect_installed_version | bool
+
# Make sure Docker is installed, but does not update a running version.
# Docker upgrades are handled by a separate playbook.
- name: Install Docker
- action: "{{ ansible_pkg_mgr }} name=docker state=present"
+ action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version if docker_version is defined and not docker_protect_installed_version | bool else '' }} state=present"
when: not openshift.common.is_atomic | bool
- name: Start the Docker service
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
new file mode 100644
index 000000000..4d9768ce7
--- /dev/null
+++ b/roles/openshift_ca/tasks/main.yml
@@ -0,0 +1,53 @@
+---
+- fail:
+ msg: "openshift_ca_host variable must be defined for this role"
+ when: openshift_ca_host is not defined
+
+- name: Install the base package for admin tooling
+ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+ when: not openshift.common.is_containerized | bool
+ register: install_result
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Reload generated facts
+ openshift_facts:
+ when: install_result | changed
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Create openshift_ca_config_dir if it does not exist
+ file:
+ path: "{{ openshift_ca_config_dir }}"
+ state: directory
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Determine if CA must be created
+ stat:
+ path: "{{ openshift_ca_config_dir }}/{{ item }}"
+ register: g_master_ca_stat_result
+ with_items:
+ - ca.crt
+ - ca.key
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- set_fact:
+ master_ca_missing: "{{ False in (g_master_ca_stat_result.results
+ | oo_collect(attribute='stat.exists')
+ | list) }}"
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Create the master certificates if they do not already exist
+ command: >
+ {{ openshift.common.admin_binary }} create-master-certs
+ --hostnames={{ openshift_master_hostnames | join(',') }}
+ --master={{ openshift.master.api_url }}
+ --public-master={{ openshift.master.public_api_url }}
+ --cert-dir={{ openshift_ca_config_dir }}
+ --overwrite=false
+ when: hostvars[openshift_ca_host].master_ca_missing | bool
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
diff --git a/roles/openshift_cli/defaults/main.yml b/roles/openshift_cli/defaults/main.yml
index 7baa87ab8..ed97d539c 100644
--- a/roles/openshift_cli/defaults/main.yml
+++ b/roles/openshift_cli/defaults/main.yml
@@ -1,2 +1 @@
---
-openshift_version: "{{ openshift_image_tag | default(openshift.docker.openshift_image_tag | default('')) }}"
diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml
index 1cb1e03b9..4d6219b94 100644
--- a/roles/openshift_cli/tasks/main.yml
+++ b/roles/openshift_cli/tasks/main.yml
@@ -5,7 +5,7 @@
- name: Pull CLI Image
command: >
- docker pull {{ openshift.common.cli_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
+ docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }}
when: openshift.common.is_containerized | bool
- name: Create /usr/local/bin/openshift cli wrapper
@@ -26,6 +26,9 @@
- /usr/local/bin/kubectl
when: openshift.common.is_containerized | bool
+- name: Reload facts to pick up installed OpenShift version
+ openshift_facts:
+
- name: Install bash completion for oc tools
action: "{{ ansible_pkg_mgr }} name=bash-completion state=present"
when: not openshift.common.is_containerized | bool
diff --git a/roles/openshift_cli/templates/openshift.j2 b/roles/openshift_cli/templates/openshift.j2
index 8a3f3a257..7786acead 100644
--- a/roles/openshift_cli/templates/openshift.j2
+++ b/roles/openshift_cli/templates/openshift.j2
@@ -5,7 +5,7 @@ fi
cmd=`basename $0`
user=`id -u`
group=`id -g`
-image_tag="{{ openshift_version }}"
+image_tag="{{ openshift_image_tag }}"
>&2 echo """
================================================================================
diff --git a/roles/openshift_common/defaults/main.yml b/roles/openshift_common/defaults/main.yml
index e46af70c7..267c03605 100644
--- a/roles/openshift_common/defaults/main.yml
+++ b/roles/openshift_common/defaults/main.yml
@@ -1,4 +1,3 @@
---
openshift_cluster_id: 'default'
openshift_debug_level: 2
-openshift_version: "{{ openshift_pkg_version | default('') }}"
diff --git a/roles/openshift_common/meta/main.yml b/roles/openshift_common/meta/main.yml
index f1cf3e161..cd8c75ec5 100644
--- a/roles/openshift_common/meta/main.yml
+++ b/roles/openshift_common/meta/main.yml
@@ -14,3 +14,4 @@ galaxy_info:
dependencies:
- role: openshift_facts
- role: openshift_repos
+- role: openshift_version
diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml
index 4ec255dbc..ece335fbf 100644
--- a/roles/openshift_common/tasks/main.yml
+++ b/roles/openshift_common/tasks/main.yml
@@ -29,12 +29,8 @@
data_dir: "{{ openshift_data_dir | default(None) }}"
use_dnsmasq: "{{ openshift_use_dnsmasq | default(None) }}"
-# Using oo_image_tag_to_rpm_version here is a workaround for how
-# openshift_version is set. That value is computed based on either RPM
-# versions or image tags. openshift_common's usage requires that it be a RPM
-# version and openshift_cli expects it to be an image tag.
- name: Install the base package for versioning
- action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
when: not openshift.common.is_containerized | bool
- name: Set version facts
@@ -49,3 +45,4 @@
command: >
hostnamectl set-hostname {{ openshift.common.hostname }}
when: openshift_set_hostname | default(set_hostname_default) | bool
+
diff --git a/roles/openshift_docker/defaults/main.yml b/roles/openshift_docker/defaults/main.yml
index aebef75d6..ed97d539c 100644
--- a/roles/openshift_docker/defaults/main.yml
+++ b/roles/openshift_docker/defaults/main.yml
@@ -1,2 +1 @@
---
-upgrading: False
diff --git a/roles/openshift_docker/meta/main.yml b/roles/openshift_docker/meta/main.yml
index d98f953ea..10131f717 100644
--- a/roles/openshift_docker/meta/main.yml
+++ b/roles/openshift_docker/meta/main.yml
@@ -12,6 +12,6 @@ galaxy_info:
categories:
- cloud
dependencies:
-- role: openshift_repos
+- role: openshift_version
- role: openshift_docker_facts
- role: docker
diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml
index 9c5887f76..ed97d539c 100644
--- a/roles/openshift_docker/tasks/main.yml
+++ b/roles/openshift_docker/tasks/main.yml
@@ -1,41 +1 @@
---
-# It's important that we don't explicitly pull this image here. Otherwise we
-# could result in upgrading a preinstalled environment. We'll have to set
-# openshift_image_tag correctly for upgrades.
-- set_fact:
- is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}"
- # Does the host already have an image tag fact, used to determine if it's a new node
- # in non-upgrade scenarios:
- has_image_tag_fact: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag is defined }}"
-
-- name: Set version when containerized
- command: >
- docker run --rm {{ openshift.common.cli_image }} version
- register: cli_image_version
- when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool)
-
-# Use the pre-existing image tag from system facts if present, and we're not upgrading.
-# Ignores explicit openshift_image_tag if it's in the inventory, as this isn't an upgrade.
-- set_fact:
- l_image_tag: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag }}"
- when: is_containerized | bool and not upgrading | bool and has_image_tag_fact | bool
-
-- set_fact:
- l_image_tag: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-') if openshift.common.deployment_type == 'origin' else
- cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0] }}"
- when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool)
-
-- set_fact:
- l_image_tag: "{{ openshift_image_tag }}"
- when: is_containerized | bool and openshift_image_tag is defined and (upgrading | bool or not has_image_tag_fact | bool)
-
-- name: Set post docker install facts
- openshift_facts:
- role: "{{ item.role }}"
- local_facts: "{{ item.local_facts }}"
- with_items:
- - role: docker
- local_facts:
- openshift_image_tag: "{{ l_image_tag | default(None) }}"
- openshift_version: "{{ l_image_tag.split('-')[0] | oo_image_tag_to_rpm_version if l_image_tag is defined else '' }}"
- when: is_containerized | bool
diff --git a/roles/openshift_docker_facts/defaults/main.yml b/roles/openshift_docker_facts/defaults/main.yml
index 7baa87ab8..ed97d539c 100644
--- a/roles/openshift_docker_facts/defaults/main.yml
+++ b/roles/openshift_docker_facts/defaults/main.yml
@@ -1,2 +1 @@
---
-openshift_version: "{{ openshift_image_tag | default(openshift.docker.openshift_image_tag | default('')) }}"
diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml
index cdea90413..eb8b5e99b 100644
--- a/roles/openshift_docker_facts/tasks/main.yml
+++ b/roles/openshift_docker_facts/tasks/main.yml
@@ -34,26 +34,8 @@
- set_fact:
docker_options: "--insecure-registry={{ openshift.docker.hosted_registry_network }} {{ openshift.docker.options | default ('') }}"
when: openshift.docker.hosted_registry_insecure | default(False) | bool and openshift.docker.hosted_registry_network is defined
+ register: hosted_registry_options
- set_fact:
docker_options: "{{ openshift.docker.options | default(omit) }}"
- when: not openshift.docker.hosted_registry_insecure | default(False) | bool
-
-# Avoid docker 1.9 when installing origin < 1.2 or OSE < 3.2 on RHEL/Centos and
-# See: https://bugzilla.redhat.com/show_bug.cgi?id=1304038
-- name: Gather common package version
- command: >
- {{ repoquery_cmd }} --qf '%{version}' "{{ openshift.common.service_type}}"
- register: common_version
- failed_when: false
- changed_when: false
- when: not openshift.common.is_containerized | bool
-
-- set_fact:
- l_common_version: "{{ openshift_version | default('0.0', True) | oo_image_tag_to_rpm_version }}"
- when: openshift.common.is_containerized | bool
-
-- set_fact:
- l_common_version: "{{ common_version.stdout | default('0.0', True) }}"
- when: not openshift.common.is_containerized | bool
-
+ when: hosted_registry_options | skipped
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 211c290d2..54bdbc775 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -7,16 +7,6 @@
"""Ansible module for retrieving and setting openshift related facts"""
-DOCUMENTATION = '''
----
-module: openshift_facts
-short_description: Cluster Facts
-author: Jason DeTiberus
-requirements: [ ]
-'''
-EXAMPLES = '''
-'''
-
import ConfigParser
import copy
import io
@@ -30,6 +20,17 @@ from dbus import SystemBus, Interface
from dbus.exceptions import DBusException
+DOCUMENTATION = '''
+---
+module: openshift_facts
+short_description: Cluster Facts
+author: Jason DeTiberus
+requirements: [ ]
+'''
+EXAMPLES = '''
+'''
+
+
def migrate_docker_facts(facts):
""" Apply migrations for docker facts """
params = {
@@ -505,10 +506,8 @@ def set_dnsmasq_facts_if_unset(facts):
"""
if 'common' in facts:
- if 'use_dnsmasq' not in facts['common'] and safe_get_bool(facts['common']['version_gte_3_2_or_1_2']):
- facts['common']['use_dnsmasq'] = True
- else:
- facts['common']['use_dnsmasq'] = False
+ facts['common']['use_dnsmasq'] = bool('use_dnsmasq' not in facts['common'] and
+ safe_get_bool(facts['common']['version_gte_3_2_or_1_2']))
if 'master' in facts and 'dns_port' not in facts['master']:
if safe_get_bool(facts['common']['use_dnsmasq']):
facts['master']['dns_port'] = 8053
@@ -832,7 +831,7 @@ def set_version_facts_if_unset(facts):
if 'common' in facts:
deployment_type = facts['common']['deployment_type']
version = get_openshift_version(facts)
- if version is not None:
+ if version:
facts['common']['version'] = version
if deployment_type == 'origin':
version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('1.1.0')
@@ -1126,7 +1125,9 @@ def get_docker_version_info():
return result
def get_openshift_version(facts):
- """ Get current version of openshift on the host
+ """ Get current version of openshift on the host.
+
+ Checks a variety of ways ranging from fastest to slowest.
Args:
facts (dict): existing facts
@@ -1146,18 +1147,40 @@ def get_openshift_version(facts):
if os.path.isfile('/usr/bin/openshift'):
_, output, _ = module.run_command(['/usr/bin/openshift', 'version'])
version = parse_openshift_version(output)
-
- # openshift_facts runs before openshift_docker_facts. However, it will be
- # called again and set properly throughout the playbook run. This could be
- # refactored to simply set the openshift.common.version in the
- # openshift_docker_facts role but it would take reworking some assumptions
- # on how get_openshift_version is called.
- if 'is_containerized' in facts['common'] and safe_get_bool(facts['common']['is_containerized']):
- if 'docker' in facts and 'openshift_version' in facts['docker']:
- version = facts['docker']['openshift_version']
+ elif 'common' in facts and 'is_containerized' in facts['common']:
+ version = get_container_openshift_version(facts)
+
+ # Handle containerized masters that have not yet been configured as a node.
+ # This can be very slow and may get re-run multiple times, so we only use this
+ # if other methods failed to find a version.
+ if not version and os.path.isfile('/usr/local/bin/openshift'):
+ _, output, _ = module.run_command(['/usr/local/bin/openshift', 'version'])
+ version = parse_openshift_version(output)
return version
+
+def get_container_openshift_version(facts):
+ """
+ If containerized, see if we can determine the installed version via the
+ systemd environment files.
+ """
+ for filename in ['/etc/sysconfig/%s-master', '/etc/sysconfig/%s-node']:
+ env_path = filename % facts['common']['service_type']
+ if not os.path.exists(env_path):
+ continue
+
+ with open(env_path) as env_file:
+ for line in env_file:
+ if line.startswith("IMAGE_VERSION="):
+ tag = line[len("IMAGE_VERSION="):].strip()
+ # Remove leading "v" and any trailing release info, we just want
+ # a version number here:
+ version = tag[1:].split("-")[0]
+ return version
+ return None
+
+
def parse_openshift_version(output):
""" Apply provider facts to supplied facts dict
@@ -1167,7 +1190,11 @@ def parse_openshift_version(output):
string: the version number
"""
versions = dict(e.split(' v') for e in output.splitlines() if ' v' in e)
- return versions.get('openshift', '')
+ ver = versions.get('openshift', '')
+ # Remove trailing build number and commit hash from older versions, we need to return a straight
+ # w.x.y.z version here for use as openshift_version throughout the playbooks/roles. (i.e. 3.1.1.6-64-g80b61da)
+ ver = ver.split('-')[0]
+ return ver
def apply_provider_facts(facts, provider_facts):
@@ -1747,10 +1774,7 @@ class OpenShiftFacts(object):
if 'clock' in roles:
exit_code, _, _ = module.run_command(['rpm', '-q', 'chrony'])
- if exit_code == 0:
- chrony_installed = True
- else:
- chrony_installed = False
+ chrony_installed = bool(exit_code == 0)
defaults['clock'] = dict(
enabled=True,
chrony_installed=chrony_installed)
diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml
index ca1a9b1e4..c3723672d 100644
--- a/roles/openshift_facts/tasks/main.yml
+++ b/roles/openshift_facts/tasks/main.yml
@@ -41,3 +41,8 @@
no_proxy: "{{ openshift_no_proxy | default(None) }}"
generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}"
no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}"
+
+- name: Set repoquery command
+ set_fact:
+ repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}"
+
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index dbd62c80f..14a1daf6c 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -1,4 +1,4 @@
---
openshift_node_ips: []
# TODO: update setting these values based on the facts
-openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
+#openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 28faee155..7a80ed8e3 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -24,12 +24,12 @@
when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and openshift.common.is_containerized | bool
- name: Install Master package
- action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
when: not openshift.common.is_containerized | bool
- name: Pull master image
command: >
- docker pull {{ openshift.master.master_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
+ docker pull {{ openshift.master.master_image }}:{{ openshift_image_tag }}
when: openshift.common.is_containerized | bool
- name: Create openshift.common.data_dir
diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2
index 3d532db04..75d44d308 100644
--- a/roles/openshift_master/templates/atomic-openshift-master.j2
+++ b/roles/openshift_master/templates/atomic-openshift-master.j2
@@ -1,7 +1,7 @@
OPTIONS=--loglevel={{ openshift.master.debug_level }}
CONFIG_FILE={{ openshift_master_config_file }}
{% if openshift.common.is_containerized | bool %}
-IMAGE_VERSION={{ openshift_version }}
+IMAGE_VERSION={{ openshift_image_tag }}
{% endif %}
{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
index ab560b1bd..41308bd81 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
@@ -1,7 +1,7 @@
OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }}
CONFIG_FILE={{ openshift_master_config_file }}
{% if openshift.common.is_containerized | bool %}
-IMAGE_VERSION={{ openshift_version }}
+IMAGE_VERSION={{ openshift_image_tag }}
{% endif %}
{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
index 1a83b98e1..37a5d75f2 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
@@ -1,7 +1,7 @@
OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }}
CONFIG_FILE={{ openshift_master_config_file }}
{% if openshift.common.is_containerized | bool %}
-IMAGE_VERSION={{ openshift_version }}
+IMAGE_VERSION={{ openshift_image_tag }}
{% endif %}
{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml
index 4b7ef1d84..ae99467f0 100644
--- a/roles/openshift_master_ca/tasks/main.yml
+++ b/roles/openshift_master_ca/tasks/main.yml
@@ -1,6 +1,7 @@
---
+
- name: Install the base package for admin tooling
- action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version }} state=present"
+ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
when: not openshift.common.is_containerized | bool
register: install_result
diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml
index b35339b18..1f6af808c 100644
--- a/roles/openshift_master_ca/vars/main.yml
+++ b/roles/openshift_master_ca/vars/main.yml
@@ -3,4 +3,3 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
-openshift_version: "{{ openshift_pkg_version | default('') }}"
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index efff5d6cd..fffbf2994 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -1,2 +1,15 @@
---
-openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
+os_firewall_allow:
+- service: Kubernetes kubelet
+ port: 10250/tcp
+- service: http
+ port: 80/tcp
+- service: https
+ port: 443/tcp
+- service: Openshift kubelet ReadOnlyPort
+ port: 10255/tcp
+- service: Openshift kubelet ReadOnlyPort udp
+ port: 10255/udp
+- service: OpenShift OVS sdn
+ port: 4789/udp
+ when: openshift.node.use_openshift_sdn | bool
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 165010afb..97a21544d 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -31,21 +31,21 @@
# We have to add tuned-profiles in the same transaction otherwise we run into depsolving
# problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging.
- name: Install Node package
- action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
when: not openshift.common.is_containerized | bool
- name: Install sdn-ovs package
- action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool
- name: Pull node image
command: >
- docker pull {{ openshift.node.node_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
+ docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }}
when: openshift.common.is_containerized | bool
- name: Pull OpenVSwitch image
command: >
- docker pull {{ openshift.node.ovs_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
+ docker pull {{ openshift.node.ovs_image }}:{{ openshift_image_tag }}
when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool
- name: Install the systemd units
diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml
index e2a268260..39e5386d4 100644
--- a/roles/openshift_node/tasks/systemd_units.yml
+++ b/roles/openshift_node/tasks/systemd_units.yml
@@ -44,6 +44,6 @@
- regex: '^CONFIG_FILE='
line: "CONFIG_FILE={{ openshift_node_config_file }}"
- regex: '^IMAGE_VERSION='
- line: "IMAGE_VERSION={{ openshift_version }}"
+ line: "IMAGE_VERSION={{ openshift_image_tag }}"
notify:
- restart node
diff --git a/roles/openshift_node/templates/openvswitch.sysconfig.j2 b/roles/openshift_node/templates/openvswitch.sysconfig.j2
index 1f8c20e07..da7c3742a 100644
--- a/roles/openshift_node/templates/openvswitch.sysconfig.j2
+++ b/roles/openshift_node/templates/openvswitch.sysconfig.j2
@@ -1 +1 @@
-IMAGE_VERSION={{ openshift_version }}
+IMAGE_VERSION={{ openshift_image_tag }}
diff --git a/roles/openshift_version/defaults/main.yml b/roles/openshift_version/defaults/main.yml
new file mode 100644
index 000000000..01a1a7472
--- /dev/null
+++ b/roles/openshift_version/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+openshift_protect_installed_version: True
diff --git a/roles/openshift_version/meta/main.yml b/roles/openshift_version/meta/main.yml
new file mode 100644
index 000000000..70974da17
--- /dev/null
+++ b/roles/openshift_version/meta/main.yml
@@ -0,0 +1,18 @@
+---
+galaxy_info:
+ author: Devan Goodwin
+ description: Determines the version of OpenShift to install or upgrade to
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.9
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- role: openshift_repos
+- role: openshift_docker_facts
+- role: docker
+ when: openshift.common.is_containerized | default(False) | bool
diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml
new file mode 100644
index 000000000..2d96d2765
--- /dev/null
+++ b/roles/openshift_version/tasks/main.yml
@@ -0,0 +1,76 @@
+---
+# Determine the openshift_version to configure if none has been specified or set previously.
+
+- set_fact:
+ is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}"
+
+# Block attempts to install origin without specifying some kind of version information.
+# This is because the latest tags for origin are usually alpha builds, which should not
+# be used by default. Users must indicate what they want.
+- fail:
+ msg: "Must specify openshift_release or openshift_image_tag in inventory to install origin. (suggestion: add openshift_release=\"1.2\" to inventory)"
+ when: is_containerized | bool and openshift.common.deployment_type == 'origin' and openshift_release is not defined and openshift_image_tag is not defined
+
+# Normalize some values that we need in a certain format that might be confusing:
+- set_fact:
+ openshift_release: "{{ openshift_release[1:] }}"
+ when: openshift_release is defined and openshift_release[0] == 'v'
+
+- set_fact:
+ openshift_image_tag: "{{ 'v' + openshift_image_tag }}"
+ when: openshift_image_tag is defined and openshift_image_tag[0] != 'v'
+
+- set_fact:
+ openshift_pkg_version: "{{ '-' + openshift_pkg_version }}"
+ when: openshift_pkg_version is defined and openshift_pkg_version[0] != '-'
+
+# Make sure we copy this to a fact if given a var:
+- set_fact:
+ openshift_version: "{{ openshift_version }}"
+ when: openshift_version is defined
+
+# Protect the installed version by default unless explicitly told not to, or given an
+# openshift_version already.
+- name: Use openshift.common.version fact as version to configure if already installed
+ set_fact:
+ openshift_version: "{{ openshift.common.version }}"
+ when: openshift.common.version is defined and openshift_version is not defined and openshift_protect_installed_version | bool
+
+- name: Set openshift_version for rpm installation
+ include: set_version_rpm.yml
+ when: not is_containerized | bool
+
+- name: Set openshift_version for containerized installation
+ include: set_version_containerized.yml
+ when: is_containerized | bool
+
+# At this point we know openshift_version is set appropriately. Now we set
+# openshift_image_tag and openshift_pkg_version, so all roles can always assume
+# each of this variables *will* be set correctly and can use them per their
+# intended purpose.
+
+- set_fact:
+ openshift_image_tag: v{{ openshift_version }}
+ when: openshift_image_tag is not defined
+
+- set_fact:
+ openshift_pkg_version: -{{ openshift_version }}
+ when: openshift_pkg_version is not defined
+
+- fail:
+ msg: openshift_version role was unable to set openshift_version
+ when: openshift_version is not defined
+
+- fail:
+ msg: openshift_version role was unable to set openshift_image_tag
+ when: openshift_image_tag is not defined
+
+- fail:
+ msg: openshift_version role was unable to set openshift_pkg_version
+ when: openshift_pkg_version is not defined
+
+# We can't map an openshift_release to full rpm version like we can with containers, make sure
+# the rpm version we looked up matches the release requested and error out if not.
+- fail:
+ msg: "Detected openshift version {{ openshift_version }} does not match requested openshift_release {{ openshift_release }}. You may need to adjust your yum repositories or specify an exact openshift_pkg_version."
+ when: not is_containerized | bool and openshift_release is defined and not openshift_version.startswith(openshift_release) | bool
diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml
new file mode 100644
index 000000000..8e2702391
--- /dev/null
+++ b/roles/openshift_version/tasks/set_version_containerized.yml
@@ -0,0 +1,39 @@
+---
+- name: Set containerized version to configure if openshift_image_tag specified
+ set_fact:
+ # Expects a leading "v" in inventory, strip it off here:
+ openshift_version: "{{ openshift_image_tag[1:].split('-')[0] }}"
+ when: openshift_image_tag is defined and openshift_version is not defined
+
+- name: Set containerized version to configure if openshift_release specified
+ set_fact:
+ openshift_version: "{{ openshift_release }}"
+ when: openshift_release is defined and openshift_version is not defined
+
+- name: Lookup latest containerized version if no version specified
+ command: >
+ docker run --rm {{ openshift.common.cli_image }}:latest version
+ register: cli_image_version
+ when: openshift_version is not defined
+
+# Origin latest = pre-release version (i.e. v1.3.0-alpha.1-321-gb095e3a)
+- set_fact:
+ openshift_version: "{{ (cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-'))[1:] }}"
+ when: openshift_version is not defined and openshift.common.deployment_type == 'origin' and cli_image_version.stdout_lines[0].split('-') | length > 1
+
+- set_fact:
+ openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}"
+ when: openshift_version is not defined
+
+# If we got an openshift_version like "3.2", lookup the latest 3.2 container version
+# and use that value instead.
+- name: Set precise containerized version to configure if openshift_release specified
+ command: >
+ docker run --rm {{ openshift.common.cli_image }}:v{{ openshift_version }} version
+ register: cli_image_version
+ when: openshift_version is defined and openshift_version.split('.') | length == 2
+
+- set_fact:
+ openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}"
+ when: openshift_version is defined and openshift_version.split('.') | length == 2
+
diff --git a/roles/openshift_version/tasks/set_version_rpm.yml b/roles/openshift_version/tasks/set_version_rpm.yml
new file mode 100644
index 000000000..7fa74e24f
--- /dev/null
+++ b/roles/openshift_version/tasks/set_version_rpm.yml
@@ -0,0 +1,18 @@
+---
+- name: Set rpm version to configure if openshift_pkg_version specified
+ set_fact:
+ # Expects a leading "-" in inventory, strip it off here, and remove trailing release,
+ openshift_version: "{{ openshift_pkg_version[1:].split('-')[0] }}"
+ when: openshift_pkg_version is defined and openshift_version is not defined
+
+- name: Gather common package version
+ command: >
+ {{ repoquery_cmd }} --qf '%{version}' "{{ openshift.common.service_type}}"
+ register: common_version
+ failed_when: false
+ changed_when: false
+ when: openshift_version is not defined
+
+- set_fact:
+ openshift_version: "{{ common_version.stdout | default('0.0', True) }}"
+ when: openshift_version is not defined