summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/ansible_service_broker/tasks/install.yml9
-rw-r--r--roles/openshift_aws/tasks/provision_nodes.yml17
-rw-r--r--roles/openshift_logging/tasks/install_logging.yaml9
-rw-r--r--roles/openshift_master/tasks/upgrade/rpm_upgrade.yml1
-rw-r--r--roles/openshift_metrics/tasks/install_metrics.yaml9
-rw-r--r--roles/openshift_web_console/tasks/install.yml42
-rw-r--r--roles/openshift_web_console/tasks/update_console_config.yml (renamed from roles/openshift_web_console/tasks/update_asset_config.yml)29
-rw-r--r--roles/openshift_web_console/vars/main.yml1
8 files changed, 79 insertions, 38 deletions
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml
index ba2f7293b..1bc1b5e43 100644
--- a/roles/ansible_service_broker/tasks/install.yml
+++ b/roles/ansible_service_broker/tasks/install.yml
@@ -72,6 +72,15 @@
- apiGroups: ["image.openshift.io", ""]
resources: ["images"]
verbs: ["get", "list"]
+ - apiGroups: ["network.openshift.io"]
+ resources: ["clusternetworks", "netnamespaces"]
+ verbs: ["get"]
+ - apiGroups: ["network.openshift.io"]
+ resources: ["netnamespaces"]
+ verbs: ["update"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["networkpolicies"]
+ verbs: ["create", "delete"]
- name: Create asb-access cluster role
oc_clusterrole:
diff --git a/roles/openshift_aws/tasks/provision_nodes.yml b/roles/openshift_aws/tasks/provision_nodes.yml
index d82f18574..9105b5b4c 100644
--- a/roles/openshift_aws/tasks/provision_nodes.yml
+++ b/roles/openshift_aws/tasks/provision_nodes.yml
@@ -2,25 +2,12 @@
# Get bootstrap config token
# bootstrap should be created on first master
# need to fetch it and shove it into cloud data
-- name: fetch master instances
- ec2_instance_facts:
- region: "{{ openshift_aws_region }}"
- filters:
- "tag:clusterid": "{{ openshift_aws_clusterid }}"
- "tag:host-type": master
- instance-state-name: running
- register: instancesout
- retries: 20
- delay: 3
- until:
- - "'instances' in instancesout"
- - instancesout.instances|length > 0
+- include_tasks: setup_master_group.yml
- name: slurp down the bootstrap.kubeconfig
slurp:
src: /etc/origin/master/bootstrap.kubeconfig
- delegate_to: "{{ instancesout.instances[0].public_ip_address }}"
- remote_user: root
+ delegate_to: "{{ groups.masters.0 }}"
register: bootstrap
- name: set_fact for kubeconfig token
diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml
index ebd2d747b..ff62b6136 100644
--- a/roles/openshift_logging/tasks/install_logging.yaml
+++ b/roles/openshift_logging/tasks/install_logging.yaml
@@ -321,9 +321,14 @@
- name: Add Kibana route information to web console asset config
include_role:
name: openshift_web_console
- tasks_from: update_asset_config.yml
+ tasks_from: update_console_config.yml
vars:
- asset_config_edits:
+ console_config_edits:
+ - key: clusterInfo#loggingPublicURL
+ value: "https://{{ openshift_logging_kibana_hostname }}"
+ # Continue to set the old deprecated property until the
+ # origin-web-console image is updated for the new name.
+ # This will be removed in a future pull.
- key: loggingPublicURL
value: "https://{{ openshift_logging_kibana_hostname }}"
when: openshift_web_console_install | default(true) | bool
diff --git a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
index 7870f43e2..96079884e 100644
--- a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
+++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
@@ -17,6 +17,5 @@
- "{{ openshift_service_type }}-node{{ openshift_pkg_version | default('') }}"
- "{{ openshift_service_type }}-sdn-ovs{{ openshift_pkg_version | default('') }}"
- "{{ openshift_service_type }}-clients{{ openshift_pkg_version | default('') }}"
- - "tuned-profiles-{{ openshift_service_type }}-node{{ openshift_pkg_version | default('') }}"
register: result
until: result is succeeded
diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml
index 0866fe0d2..4a63d081e 100644
--- a/roles/openshift_metrics/tasks/install_metrics.yaml
+++ b/roles/openshift_metrics/tasks/install_metrics.yaml
@@ -74,9 +74,14 @@
- name: Add metrics route information to web console asset config
include_role:
name: openshift_web_console
- tasks_from: update_asset_config.yml
+ tasks_from: update_console_config.yml
vars:
- asset_config_edits:
+ console_config_edits:
+ - key: clusterInfo#metricsPublicURL
+ value: "https://{{ openshift_metrics_hawkular_hostname}}/hawkular/metrics"
+ # Continue to set the old deprecated property until the
+ # origin-web-console image is updated for the new name.
+ # This will be removed in a future pull.
- key: metricsPublicURL
value: "https://{{ openshift_metrics_hawkular_hostname}}/hawkular/metrics"
when: openshift_web_console_install | default(true) | bool
diff --git a/roles/openshift_web_console/tasks/install.yml b/roles/openshift_web_console/tasks/install.yml
index 12916961b..50e72657f 100644
--- a/roles/openshift_web_console/tasks/install.yml
+++ b/roles/openshift_web_console/tasks/install.yml
@@ -21,36 +21,68 @@
node_selector:
- ""
-- name: Make temp directory for asset config files
+- name: Make temp directory for the web console config files
command: mktemp -d /tmp/console-ansible-XXXXXX
register: mktemp
changed_when: False
-- name: Copy asset config template to temp directory
+- name: Copy the web console config template to temp directory
copy:
src: "{{ __console_files_location }}/{{ item }}"
dest: "{{ mktemp.stdout }}/{{ item }}"
with_items:
- "{{ __console_template_file }}"
+ - "{{ __console_rbac_file }}"
- "{{ __console_config_file }}"
-- name: Update asset config properties
+- name: Update the web console config properties
yedit:
src: "{{ mktemp.stdout }}/{{ __console_config_file }}"
edits:
- - key: logoutURL
+ - key: clusterInfo#consolePublicURL
+ # Must have a trailing slash
+ value: "{{ openshift.master.public_console_url }}/"
+ - key: clusterInfo#masterPublicURL
+ value: "{{ openshift.master.public_api_url }}"
+ - key: clusterInfo#logoutPublicURL
value: "{{ openshift.master.logout_url | default('') }}"
+ - key: features#inactivityTimeoutMinutes
+ value: "{{ openshift_web_console_inactivity_timeout_minutes | default(0) }}"
+
+ # TODO: The new extensions properties cannot be set until
+ # origin-web-console-server has been updated with the API changes since
+ # `extensions` in the old asset config was an array.
+
+ # - key: extensions#scriptURLs
+ # value: "{{ openshift_web_console_extension_script_urls | default([]) }}"
+ # - key: extensions#stylesheetURLs
+ # value: "{{ openshift_web_console_extension_stylesheet_urls | default([]) }}"
+ # - key: extensions#properties
+ # value: "{{ openshift_web_console_extension_properties | default({}) }}"
+
+ # DEPRECATED PROPERTIES
+ # These properties have been renamed and will be removed from the install
+ # in a future pull. Keep both the old and new properties for now so that
+ # the install is not broken while the origin-web-console image is updated.
- key: publicURL
# Must have a trailing slash
value: "{{ openshift.master.public_console_url }}/"
+ - key: logoutURL
+ value: "{{ openshift.master.logout_url | default('') }}"
- key: masterPublicURL
value: "{{ openshift.master.public_api_url }}"
+ separator: '#'
+ state: present
- slurp:
src: "{{ mktemp.stdout }}/{{ __console_config_file }}"
register: config
-- name: Apply template file
+- name: Reconcile with the web console RBAC file
+ shell: >
+ {{ openshift_client_binary }} process -f "{{ mktemp.stdout }}/{{ __console_rbac_file }}" | {{ openshift_client_binary }} auth reconcile -f -
+
+- name: Apply the web console template file
shell: >
{{ openshift_client_binary }} process -f "{{ mktemp.stdout }}/{{ __console_template_file }}"
--param API_SERVER_CONFIG="{{ config['content'] | b64decode }}"
diff --git a/roles/openshift_web_console/tasks/update_asset_config.yml b/roles/openshift_web_console/tasks/update_console_config.yml
index 0992b32e1..e347c0193 100644
--- a/roles/openshift_web_console/tasks/update_asset_config.yml
+++ b/roles/openshift_web_console/tasks/update_console_config.yml
@@ -1,9 +1,9 @@
---
# This task updates asset config values in the webconsole-config config map in
# the openshift-web-console namespace. The values to set are pased in the
-# variable `asset_config_edits`, which is an array of objects with `key` and
+# variable `console_config_edits`, which is an array of objects with `key` and
# `value` properties in the same format as `yedit` module `edits`. Only
-# properties passed are updated.
+# properties passed are updated. The separator for nested properties is `#`.
#
# Note that this triggers a redeployment on the console and a brief downtime
# since it uses a `Recreate` strategy.
@@ -12,10 +12,10 @@
#
# - include_role:
# name: openshift_web_console
-# tasks_from: update_asset_config.yml
+# tasks_from: update_console_config.yml
# vars:
-# asset_config_edits:
-# - key: loggingPublicURL
+# console_config_edits:
+# - key: clusterInfo#loggingPublicURL
# value: "https://{{ openshift_logging_kibana_hostname }}"
# when: openshift_web_console_install | default(true) | bool
@@ -28,18 +28,20 @@
- name: Make temp directory
command: mktemp -d /tmp/console-ansible-XXXXXX
- register: mktemp
+ register: mktemp_console
changed_when: False
-- name: Copy asset config to temp file
+- name: Copy web console config to temp file
copy:
content: "{{webconsole_config.results.results[0].data['webconsole-config.yaml']}}"
- dest: "{{ mktemp.stdout }}/webconsole-config.yaml"
+ dest: "{{ mktemp_console.stdout }}/webconsole-config.yaml"
-- name: Change asset config properties
+- name: Change web console config properties
yedit:
- src: "{{ mktemp.stdout }}/webconsole-config.yaml"
- edits: "{{asset_config_edits}}"
+ src: "{{ mktemp_console.stdout }}/webconsole-config.yaml"
+ edits: "{{console_config_edits}}"
+ separator: '#'
+ state: present
- name: Update web console config map
oc_configmap:
@@ -47,14 +49,15 @@
name: webconsole-config
state: present
from_file:
- webconsole-config.yaml: "{{ mktemp.stdout }}/webconsole-config.yaml"
+ webconsole-config.yaml: "{{ mktemp_console.stdout }}/webconsole-config.yaml"
- name: Remove temp directory
file:
state: absent
- name: "{{ mktemp.stdout }}"
+ name: "{{ mktemp_console.stdout }}"
changed_when: False
+# TODO: Only rollout if config has changed.
# There's currently no command to trigger a rollout for a k8s deployment
# without changing the pod spec. Add an annotation to force a rollout after
# the config map has been edited.
diff --git a/roles/openshift_web_console/vars/main.yml b/roles/openshift_web_console/vars/main.yml
index 80bc56a17..e91048e38 100644
--- a/roles/openshift_web_console/vars/main.yml
+++ b/roles/openshift_web_console/vars/main.yml
@@ -2,4 +2,5 @@
__console_files_location: "../../../files/origin-components/"
__console_template_file: "console-template.yaml"
+__console_rbac_file: "console-rbac-template.yaml"
__console_config_file: "console-config.yaml"