summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/calico/defaults/main.yaml4
-rw-r--r--roles/calico/tasks/main.yml6
-rw-r--r--roles/docker/tasks/systemcontainer_docker.yml27
-rw-r--r--roles/lib_openshift/library/oc_adm_ca_server_cert.py8
-rw-r--r--roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py4
-rw-r--r--roles/lib_openshift/src/class/oc_adm_ca_server_cert.py4
-rw-r--r--roles/openshift_logging/library/openshift_logging_facts.py2
-rw-r--r--roles/openshift_master/files/atomic-openshift-master.service (renamed from roles/openshift_master/templates/atomic-openshift-master.service)0
-rw-r--r--roles/openshift_master/files/origin-master.service (renamed from roles/openshift_master/templates/origin-master.service)0
l---------roles/openshift_master/tasks/files1
-rw-r--r--roles/openshift_master/tasks/systemd_units.yml2
-rw-r--r--roles/openshift_node/tasks/systemd_units.yml2
-rw-r--r--roles/openshift_node/templates/atomic-openshift-node.service.j2 (renamed from roles/openshift_node/templates/atomic-openshift-node.service)0
-rw-r--r--roles/openshift_node/templates/origin-node.service.j2 (renamed from roles/openshift_node/templates/origin-node.service)0
-rw-r--r--roles/openshift_repos/tasks/main.yaml8
-rw-r--r--roles/openshift_version/tasks/main.yml11
16 files changed, 63 insertions, 16 deletions
diff --git a/roles/calico/defaults/main.yaml b/roles/calico/defaults/main.yaml
index a81fc3af7..a16a7da71 100644
--- a/roles/calico/defaults/main.yaml
+++ b/roles/calico/defaults/main.yaml
@@ -4,7 +4,11 @@ etcd_endpoints: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_url
cni_conf_dir: "/etc/cni/net.d/"
cni_bin_dir: "/opt/cni/bin/"
+cni_url: "https://github.com/containernetworking/cni/releases/download/v0.4.0/cni-amd64-v0.4.0.tgz"
calico_etcd_ca_cert_file: "/etc/origin/calico/calico.etcd-ca.crt"
calico_etcd_cert_file: "/etc/origin/calico/calico.etcd-client.crt"
calico_etcd_key_file: "/etc/origin/calico/calico.etcd-client.key"
+
+calico_url_cni: "https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico"
+calico_url_ipam: "https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico-ipam"
diff --git a/roles/calico/tasks/main.yml b/roles/calico/tasks/main.yml
index 287fed321..abdbcf8d6 100644
--- a/roles/calico/tasks/main.yml
+++ b/roles/calico/tasks/main.yml
@@ -46,14 +46,14 @@
- name: Download Calico CNI Plugin
become: yes
get_url:
- url: https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico
+ url: "{{ calico_url_cni }}"
dest: "{{ cni_bin_dir }}"
mode: a+x
- name: Download Calico IPAM Plugin
become: yes
get_url:
- url: https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico-ipam
+ url: "{{ calico_url_ipam }}"
dest: "{{ cni_bin_dir }}"
mode: a+x
@@ -61,7 +61,7 @@
become: yes
unarchive:
remote_src: True
- src: https://github.com/containernetworking/cni/releases/download/v0.4.0/cni-amd64-v0.4.0.tgz
+ src: "{{ cni_url }}"
dest: "{{ cni_bin_dir }}"
- name: Assure Calico conf dir exists
diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml
index c85801546..3af3e00b2 100644
--- a/roles/docker/tasks/systemcontainer_docker.yml
+++ b/roles/docker/tasks/systemcontainer_docker.yml
@@ -41,25 +41,38 @@
daemon_reload: yes
ignore_errors: True
-# Set http_proxy and https_proxy in /etc/atomic.conf
+# Set http_proxy, https_proxy, and no_proxy in /etc/atomic.conf
+# regexp: the line starts with or without #, followed by the string
+# http_proxy, then either : or =
- block:
- name: Add http_proxy to /etc/atomic.conf
lineinfile:
- path: /etc/atomic.conf
- line: "http_proxy={{ openshift.common.http_proxy | default('') }}"
+ dest: /etc/atomic.conf
+ regexp: "^#?http_proxy[:=]{1}"
+ line: "http_proxy: {{ openshift.common.http_proxy | default('') }}"
when:
- openshift.common.http_proxy is defined
- openshift.common.http_proxy != ''
- name: Add https_proxy to /etc/atomic.conf
lineinfile:
- path: /etc/atomic.conf
- line: "https_proxy={{ openshift.common.https_proxy | default('') }}"
+ dest: /etc/atomic.conf
+ regexp: "^#?https_proxy[:=]{1}"
+ line: "https_proxy: {{ openshift.common.https_proxy | default('') }}"
when:
- openshift.common.https_proxy is defined
- openshift.common.https_proxy != ''
+ - name: Add no_proxy to /etc/atomic.conf
+ lineinfile:
+ dest: /etc/atomic.conf
+ regexp: "^#?no_proxy[:=]{1}"
+ line: "no_proxy: {{ openshift.common.no_proxy | default('') }}"
+ when:
+ - openshift.common.no_proxy is defined
+ - openshift.common.no_proxy != ''
+
- block:
- name: Set to default prepend
@@ -88,9 +101,13 @@
set_fact:
l_docker_image: "{{ l_docker_image_prepend }}/{{ openshift.docker.service_name }}:latest"
+# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
- name: Pre-pull Container Enginer System Container image
command: "atomic pull --storage ostree {{ l_docker_image }}"
changed_when: false
+ environment:
+ NO_PROXY: "{{ openshift.common.no_proxy | default('') }}"
+
- name: Ensure container-engine.service.d directory exists
file:
diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
index 03d3e17c4..a6273cfe4 100644
--- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
@@ -1534,6 +1534,10 @@ class CAServerCert(OpenShiftCLI):
def run_ansible(params, check_mode):
'''run the idempotent ansible code'''
+ # Filter non-strings from hostnames list s.t. the omit filter
+ # may be used to conditionally add a hostname.
+ params['hostnames'] = [host for host in params['hostnames'] if isinstance(host, string_types)]
+
config = CAServerCertConfig(params['kubeconfig'],
params['debug'],
{'cert': {'value': params['cert'], 'include': True},
@@ -1583,6 +1587,10 @@ class CAServerCert(OpenShiftCLI):
# -*- -*- -*- Begin included fragment: ansible/oc_adm_ca_server_cert.py -*- -*- -*-
+
+# pylint: disable=wrong-import-position
+from ansible.module_utils.six import string_types
+
def main():
'''
ansible oc adm module for ca create-server-cert
diff --git a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py
index 10f1c9b4b..fc394cb43 100644
--- a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py
@@ -1,6 +1,10 @@
# pylint: skip-file
# flake8: noqa
+
+# pylint: disable=wrong-import-position
+from ansible.module_utils.six import string_types
+
def main():
'''
ansible oc adm module for ca create-server-cert
diff --git a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
index cf99a6584..37a64e4ef 100644
--- a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
@@ -96,6 +96,10 @@ class CAServerCert(OpenShiftCLI):
def run_ansible(params, check_mode):
'''run the idempotent ansible code'''
+ # Filter non-strings from hostnames list s.t. the omit filter
+ # may be used to conditionally add a hostname.
+ params['hostnames'] = [host for host in params['hostnames'] if isinstance(host, string_types)]
+
config = CAServerCertConfig(params['kubeconfig'],
params['debug'],
{'cert': {'value': params['cert'], 'include': True},
diff --git a/roles/openshift_logging/library/openshift_logging_facts.py b/roles/openshift_logging/library/openshift_logging_facts.py
index 64bc33435..a55e72725 100644
--- a/roles/openshift_logging/library/openshift_logging_facts.py
+++ b/roles/openshift_logging/library/openshift_logging_facts.py
@@ -37,7 +37,7 @@ LOGGING_INFRA_KEY = "logging-infra"
# selectors for filtering resources
DS_FLUENTD_SELECTOR = LOGGING_INFRA_KEY + "=" + "fluentd"
LOGGING_SELECTOR = LOGGING_INFRA_KEY + "=" + "support"
-ROUTE_SELECTOR = "component=support, logging-infra=support, provider=openshift"
+ROUTE_SELECTOR = "component=support,logging-infra=support,provider=openshift"
COMPONENTS = ["kibana", "curator", "elasticsearch", "fluentd", "kibana_ops", "curator_ops", "elasticsearch_ops"]
diff --git a/roles/openshift_master/templates/atomic-openshift-master.service b/roles/openshift_master/files/atomic-openshift-master.service
index 02af4dd16..02af4dd16 100644
--- a/roles/openshift_master/templates/atomic-openshift-master.service
+++ b/roles/openshift_master/files/atomic-openshift-master.service
diff --git a/roles/openshift_master/templates/origin-master.service b/roles/openshift_master/files/origin-master.service
index cf79dda02..cf79dda02 100644
--- a/roles/openshift_master/templates/origin-master.service
+++ b/roles/openshift_master/files/origin-master.service
diff --git a/roles/openshift_master/tasks/files b/roles/openshift_master/tasks/files
new file mode 120000
index 000000000..feb122881
--- /dev/null
+++ b/roles/openshift_master/tasks/files
@@ -0,0 +1 @@
+../files \ No newline at end of file
diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml
index cfa860edf..dfc255b3d 100644
--- a/roles/openshift_master/tasks/systemd_units.yml
+++ b/roles/openshift_master/tasks/systemd_units.yml
@@ -33,7 +33,7 @@
register: create_master_unit_file
- name: Install Master service file
- template:
+ copy:
dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service"
src: "{{ openshift.common.service_type }}-master.service"
register: create_master_unit_file
diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml
index a0fbf7dfc..f58c803c4 100644
--- a/roles/openshift_node/tasks/systemd_units.yml
+++ b/roles/openshift_node/tasks/systemd_units.yml
@@ -28,7 +28,7 @@
- name: Install Node service file
template:
dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service"
- src: "{{ openshift.common.service_type }}-node.service"
+ src: "{{ openshift.common.service_type }}-node.service.j2"
register: install_node_result
when: not openshift.common.is_containerized | bool
diff --git a/roles/openshift_node/templates/atomic-openshift-node.service b/roles/openshift_node/templates/atomic-openshift-node.service.j2
index 80232094a..80232094a 100644
--- a/roles/openshift_node/templates/atomic-openshift-node.service
+++ b/roles/openshift_node/templates/atomic-openshift-node.service.j2
diff --git a/roles/openshift_node/templates/origin-node.service b/roles/openshift_node/templates/origin-node.service.j2
index 8047301e6..8047301e6 100644
--- a/roles/openshift_node/templates/origin-node.service
+++ b/roles/openshift_node/templates/origin-node.service.j2
diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml
index 9a9436fcb..023b1a9b7 100644
--- a/roles/openshift_repos/tasks/main.yaml
+++ b/roles/openshift_repos/tasks/main.yaml
@@ -24,15 +24,19 @@
- openshift_additional_repos | length == 0
notify: refresh cache
+ # Note: OpenShift repositories under CentOS may be shipped through the
+ # "centos-release-openshift-origin" package which configures the repository.
+ # This task matches the file names provided by the package so that they are
+ # not installed twice in different files and remains idempotent.
- name: Configure origin gpg keys if needed
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- src: origin/gpg_keys/openshift-ansible-CentOS-SIG-PaaS
- dest: /etc/pki/rpm-gpg/
+ dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
- src: origin/repos/openshift-ansible-centos-paas-sig.repo
- dest: /etc/yum.repos.d/
+ dest: /etc/yum.repos.d/CentOS-OpenShift-Origin.repo
notify: refresh cache
when:
- ansible_os_family == "RedHat"
diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml
index 2e9b4cad3..f2f4d16f0 100644
--- a/roles/openshift_version/tasks/main.yml
+++ b/roles/openshift_version/tasks/main.yml
@@ -3,6 +3,7 @@
- set_fact:
is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}"
+ is_atomic: "{{ openshift.common.is_atomic | default(False) | bool }}"
# Block attempts to install origin without specifying some kind of version information.
# This is because the latest tags for origin are usually alpha builds, which should not
@@ -86,9 +87,11 @@
include: set_version_rpm.yml
when: not is_containerized | bool
+- name: Set openshift_version for containerized installation
+ include: set_version_containerized.yml
+ when: is_containerized | bool
+
- block:
- - name: Set openshift_version for containerized installation
- include: set_version_containerized.yml
- name: Get available {{ openshift.common.service_type}} version
repoquery:
name: "{{ openshift.common.service_type}}"
@@ -104,7 +107,9 @@
msg: "OCP rpm version {{ openshift_rpm_version }} is different from OCP image version {{ openshift_version }}"
# Both versions have the same string representation
when: openshift_rpm_version != openshift_version
- when: is_containerized | bool
+ when:
+ - is_containerized | bool
+ - not is_atomic | bool
# Warn if the user has provided an openshift_image_tag but is not doing a containerized install
# NOTE: This will need to be modified/removed for future container + rpm installations work.