diff options
Diffstat (limited to 'roles')
16 files changed, 63 insertions, 16 deletions
diff --git a/roles/calico/defaults/main.yaml b/roles/calico/defaults/main.yaml index a81fc3af7..a16a7da71 100644 --- a/roles/calico/defaults/main.yaml +++ b/roles/calico/defaults/main.yaml @@ -4,7 +4,11 @@ etcd_endpoints: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_url cni_conf_dir: "/etc/cni/net.d/" cni_bin_dir: "/opt/cni/bin/" +cni_url: "https://github.com/containernetworking/cni/releases/download/v0.4.0/cni-amd64-v0.4.0.tgz" calico_etcd_ca_cert_file: "/etc/origin/calico/calico.etcd-ca.crt" calico_etcd_cert_file: "/etc/origin/calico/calico.etcd-client.crt" calico_etcd_key_file: "/etc/origin/calico/calico.etcd-client.key" + +calico_url_cni: "https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico" +calico_url_ipam: "https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico-ipam" diff --git a/roles/calico/tasks/main.yml b/roles/calico/tasks/main.yml index 287fed321..abdbcf8d6 100644 --- a/roles/calico/tasks/main.yml +++ b/roles/calico/tasks/main.yml @@ -46,14 +46,14 @@ - name: Download Calico CNI Plugin become: yes get_url: - url: https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico + url: "{{ calico_url_cni }}" dest: "{{ cni_bin_dir }}" mode: a+x - name: Download Calico IPAM Plugin become: yes get_url: - url: https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico-ipam + url: "{{ calico_url_ipam }}" dest: "{{ cni_bin_dir }}" mode: a+x @@ -61,7 +61,7 @@ become: yes unarchive: remote_src: True - src: https://github.com/containernetworking/cni/releases/download/v0.4.0/cni-amd64-v0.4.0.tgz + src: "{{ cni_url }}" dest: "{{ cni_bin_dir }}" - name: Assure Calico conf dir exists diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml index c85801546..3af3e00b2 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -41,25 +41,38 @@ daemon_reload: yes ignore_errors: True -# Set http_proxy and https_proxy in /etc/atomic.conf +# Set http_proxy, https_proxy, and no_proxy in /etc/atomic.conf +# regexp: the line starts with or without #, followed by the string +# http_proxy, then either : or = - block: - name: Add http_proxy to /etc/atomic.conf lineinfile: - path: /etc/atomic.conf - line: "http_proxy={{ openshift.common.http_proxy | default('') }}" + dest: /etc/atomic.conf + regexp: "^#?http_proxy[:=]{1}" + line: "http_proxy: {{ openshift.common.http_proxy | default('') }}" when: - openshift.common.http_proxy is defined - openshift.common.http_proxy != '' - name: Add https_proxy to /etc/atomic.conf lineinfile: - path: /etc/atomic.conf - line: "https_proxy={{ openshift.common.https_proxy | default('') }}" + dest: /etc/atomic.conf + regexp: "^#?https_proxy[:=]{1}" + line: "https_proxy: {{ openshift.common.https_proxy | default('') }}" when: - openshift.common.https_proxy is defined - openshift.common.https_proxy != '' + - name: Add no_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?no_proxy[:=]{1}" + line: "no_proxy: {{ openshift.common.no_proxy | default('') }}" + when: + - openshift.common.no_proxy is defined + - openshift.common.no_proxy != '' + - block: - name: Set to default prepend @@ -88,9 +101,13 @@ set_fact: l_docker_image: "{{ l_docker_image_prepend }}/{{ openshift.docker.service_name }}:latest" +# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released - name: Pre-pull Container Enginer System Container image command: "atomic pull --storage ostree {{ l_docker_image }}" changed_when: false + environment: + NO_PROXY: "{{ openshift.common.no_proxy | default('') }}" + - name: Ensure container-engine.service.d directory exists file: diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py index 03d3e17c4..a6273cfe4 100644 --- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py @@ -1534,6 +1534,10 @@ class CAServerCert(OpenShiftCLI): def run_ansible(params, check_mode): '''run the idempotent ansible code''' + # Filter non-strings from hostnames list s.t. the omit filter + # may be used to conditionally add a hostname. + params['hostnames'] = [host for host in params['hostnames'] if isinstance(host, string_types)] + config = CAServerCertConfig(params['kubeconfig'], params['debug'], {'cert': {'value': params['cert'], 'include': True}, @@ -1583,6 +1587,10 @@ class CAServerCert(OpenShiftCLI): # -*- -*- -*- Begin included fragment: ansible/oc_adm_ca_server_cert.py -*- -*- -*- + +# pylint: disable=wrong-import-position +from ansible.module_utils.six import string_types + def main(): ''' ansible oc adm module for ca create-server-cert diff --git a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py index 10f1c9b4b..fc394cb43 100644 --- a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py @@ -1,6 +1,10 @@ # pylint: skip-file # flake8: noqa + +# pylint: disable=wrong-import-position +from ansible.module_utils.six import string_types + def main(): ''' ansible oc adm module for ca create-server-cert diff --git a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py index cf99a6584..37a64e4ef 100644 --- a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py @@ -96,6 +96,10 @@ class CAServerCert(OpenShiftCLI): def run_ansible(params, check_mode): '''run the idempotent ansible code''' + # Filter non-strings from hostnames list s.t. the omit filter + # may be used to conditionally add a hostname. + params['hostnames'] = [host for host in params['hostnames'] if isinstance(host, string_types)] + config = CAServerCertConfig(params['kubeconfig'], params['debug'], {'cert': {'value': params['cert'], 'include': True}, diff --git a/roles/openshift_logging/library/openshift_logging_facts.py b/roles/openshift_logging/library/openshift_logging_facts.py index 64bc33435..a55e72725 100644 --- a/roles/openshift_logging/library/openshift_logging_facts.py +++ b/roles/openshift_logging/library/openshift_logging_facts.py @@ -37,7 +37,7 @@ LOGGING_INFRA_KEY = "logging-infra" # selectors for filtering resources DS_FLUENTD_SELECTOR = LOGGING_INFRA_KEY + "=" + "fluentd" LOGGING_SELECTOR = LOGGING_INFRA_KEY + "=" + "support" -ROUTE_SELECTOR = "component=support, logging-infra=support, provider=openshift" +ROUTE_SELECTOR = "component=support,logging-infra=support,provider=openshift" COMPONENTS = ["kibana", "curator", "elasticsearch", "fluentd", "kibana_ops", "curator_ops", "elasticsearch_ops"] diff --git a/roles/openshift_master/templates/atomic-openshift-master.service b/roles/openshift_master/files/atomic-openshift-master.service index 02af4dd16..02af4dd16 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.service +++ b/roles/openshift_master/files/atomic-openshift-master.service diff --git a/roles/openshift_master/templates/origin-master.service b/roles/openshift_master/files/origin-master.service index cf79dda02..cf79dda02 100644 --- a/roles/openshift_master/templates/origin-master.service +++ b/roles/openshift_master/files/origin-master.service diff --git a/roles/openshift_master/tasks/files b/roles/openshift_master/tasks/files new file mode 120000 index 000000000..feb122881 --- /dev/null +++ b/roles/openshift_master/tasks/files @@ -0,0 +1 @@ +../files
\ No newline at end of file diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index cfa860edf..dfc255b3d 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -33,7 +33,7 @@ register: create_master_unit_file - name: Install Master service file - template: + copy: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" src: "{{ openshift.common.service_type }}-master.service" register: create_master_unit_file diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index a0fbf7dfc..f58c803c4 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -28,7 +28,7 @@ - name: Install Node service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" - src: "{{ openshift.common.service_type }}-node.service" + src: "{{ openshift.common.service_type }}-node.service.j2" register: install_node_result when: not openshift.common.is_containerized | bool diff --git a/roles/openshift_node/templates/atomic-openshift-node.service b/roles/openshift_node/templates/atomic-openshift-node.service.j2 index 80232094a..80232094a 100644 --- a/roles/openshift_node/templates/atomic-openshift-node.service +++ b/roles/openshift_node/templates/atomic-openshift-node.service.j2 diff --git a/roles/openshift_node/templates/origin-node.service b/roles/openshift_node/templates/origin-node.service.j2 index 8047301e6..8047301e6 100644 --- a/roles/openshift_node/templates/origin-node.service +++ b/roles/openshift_node/templates/origin-node.service.j2 diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 9a9436fcb..023b1a9b7 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -24,15 +24,19 @@ - openshift_additional_repos | length == 0 notify: refresh cache + # Note: OpenShift repositories under CentOS may be shipped through the + # "centos-release-openshift-origin" package which configures the repository. + # This task matches the file names provided by the package so that they are + # not installed twice in different files and remains idempotent. - name: Configure origin gpg keys if needed copy: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - src: origin/gpg_keys/openshift-ansible-CentOS-SIG-PaaS - dest: /etc/pki/rpm-gpg/ + dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS - src: origin/repos/openshift-ansible-centos-paas-sig.repo - dest: /etc/yum.repos.d/ + dest: /etc/yum.repos.d/CentOS-OpenShift-Origin.repo notify: refresh cache when: - ansible_os_family == "RedHat" diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index 2e9b4cad3..f2f4d16f0 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -3,6 +3,7 @@ - set_fact: is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}" + is_atomic: "{{ openshift.common.is_atomic | default(False) | bool }}" # Block attempts to install origin without specifying some kind of version information. # This is because the latest tags for origin are usually alpha builds, which should not @@ -86,9 +87,11 @@ include: set_version_rpm.yml when: not is_containerized | bool +- name: Set openshift_version for containerized installation + include: set_version_containerized.yml + when: is_containerized | bool + - block: - - name: Set openshift_version for containerized installation - include: set_version_containerized.yml - name: Get available {{ openshift.common.service_type}} version repoquery: name: "{{ openshift.common.service_type}}" @@ -104,7 +107,9 @@ msg: "OCP rpm version {{ openshift_rpm_version }} is different from OCP image version {{ openshift_version }}" # Both versions have the same string representation when: openshift_rpm_version != openshift_version - when: is_containerized | bool + when: + - is_containerized | bool + - not is_atomic | bool # Warn if the user has provided an openshift_image_tag but is not doing a containerized install # NOTE: This will need to be modified/removed for future container + rpm installations work. |