diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/ansible_service_broker/tasks/install.yml | 9 | ||||
-rw-r--r-- | roles/openshift_aws/tasks/provision_nodes.yml | 17 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/install_logging.yaml | 9 | ||||
-rw-r--r-- | roles/openshift_master/tasks/upgrade/rpm_upgrade.yml | 1 | ||||
-rw-r--r-- | roles/openshift_metrics/tasks/install_metrics.yaml | 9 | ||||
-rw-r--r-- | roles/openshift_web_console/tasks/install.yml | 42 | ||||
-rw-r--r-- | roles/openshift_web_console/tasks/update_console_config.yml (renamed from roles/openshift_web_console/tasks/update_asset_config.yml) | 29 | ||||
-rw-r--r-- | roles/openshift_web_console/vars/main.yml | 1 |
8 files changed, 79 insertions, 38 deletions
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index ba2f7293b..1bc1b5e43 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -72,6 +72,15 @@ - apiGroups: ["image.openshift.io", ""] resources: ["images"] verbs: ["get", "list"] + - apiGroups: ["network.openshift.io"] + resources: ["clusternetworks", "netnamespaces"] + verbs: ["get"] + - apiGroups: ["network.openshift.io"] + resources: ["netnamespaces"] + verbs: ["update"] + - apiGroups: ["networking.k8s.io"] + resources: ["networkpolicies"] + verbs: ["create", "delete"] - name: Create asb-access cluster role oc_clusterrole: diff --git a/roles/openshift_aws/tasks/provision_nodes.yml b/roles/openshift_aws/tasks/provision_nodes.yml index d82f18574..9105b5b4c 100644 --- a/roles/openshift_aws/tasks/provision_nodes.yml +++ b/roles/openshift_aws/tasks/provision_nodes.yml @@ -2,25 +2,12 @@ # Get bootstrap config token # bootstrap should be created on first master # need to fetch it and shove it into cloud data -- name: fetch master instances - ec2_instance_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:clusterid": "{{ openshift_aws_clusterid }}" - "tag:host-type": master - instance-state-name: running - register: instancesout - retries: 20 - delay: 3 - until: - - "'instances' in instancesout" - - instancesout.instances|length > 0 +- include_tasks: setup_master_group.yml - name: slurp down the bootstrap.kubeconfig slurp: src: /etc/origin/master/bootstrap.kubeconfig - delegate_to: "{{ instancesout.instances[0].public_ip_address }}" - remote_user: root + delegate_to: "{{ groups.masters.0 }}" register: bootstrap - name: set_fact for kubeconfig token diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index ebd2d747b..ff62b6136 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -321,9 +321,14 @@ - name: Add Kibana route information to web console asset config include_role: name: openshift_web_console - tasks_from: update_asset_config.yml + tasks_from: update_console_config.yml vars: - asset_config_edits: + console_config_edits: + - key: clusterInfo#loggingPublicURL + value: "https://{{ openshift_logging_kibana_hostname }}" + # Continue to set the old deprecated property until the + # origin-web-console image is updated for the new name. + # This will be removed in a future pull. - key: loggingPublicURL value: "https://{{ openshift_logging_kibana_hostname }}" when: openshift_web_console_install | default(true) | bool diff --git a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml index 7870f43e2..96079884e 100644 --- a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml +++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml @@ -17,6 +17,5 @@ - "{{ openshift_service_type }}-node{{ openshift_pkg_version | default('') }}" - "{{ openshift_service_type }}-sdn-ovs{{ openshift_pkg_version | default('') }}" - "{{ openshift_service_type }}-clients{{ openshift_pkg_version | default('') }}" - - "tuned-profiles-{{ openshift_service_type }}-node{{ openshift_pkg_version | default('') }}" register: result until: result is succeeded diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml index 0866fe0d2..4a63d081e 100644 --- a/roles/openshift_metrics/tasks/install_metrics.yaml +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -74,9 +74,14 @@ - name: Add metrics route information to web console asset config include_role: name: openshift_web_console - tasks_from: update_asset_config.yml + tasks_from: update_console_config.yml vars: - asset_config_edits: + console_config_edits: + - key: clusterInfo#metricsPublicURL + value: "https://{{ openshift_metrics_hawkular_hostname}}/hawkular/metrics" + # Continue to set the old deprecated property until the + # origin-web-console image is updated for the new name. + # This will be removed in a future pull. - key: metricsPublicURL value: "https://{{ openshift_metrics_hawkular_hostname}}/hawkular/metrics" when: openshift_web_console_install | default(true) | bool diff --git a/roles/openshift_web_console/tasks/install.yml b/roles/openshift_web_console/tasks/install.yml index 12916961b..50e72657f 100644 --- a/roles/openshift_web_console/tasks/install.yml +++ b/roles/openshift_web_console/tasks/install.yml @@ -21,36 +21,68 @@ node_selector: - "" -- name: Make temp directory for asset config files +- name: Make temp directory for the web console config files command: mktemp -d /tmp/console-ansible-XXXXXX register: mktemp changed_when: False -- name: Copy asset config template to temp directory +- name: Copy the web console config template to temp directory copy: src: "{{ __console_files_location }}/{{ item }}" dest: "{{ mktemp.stdout }}/{{ item }}" with_items: - "{{ __console_template_file }}" + - "{{ __console_rbac_file }}" - "{{ __console_config_file }}" -- name: Update asset config properties +- name: Update the web console config properties yedit: src: "{{ mktemp.stdout }}/{{ __console_config_file }}" edits: - - key: logoutURL + - key: clusterInfo#consolePublicURL + # Must have a trailing slash + value: "{{ openshift.master.public_console_url }}/" + - key: clusterInfo#masterPublicURL + value: "{{ openshift.master.public_api_url }}" + - key: clusterInfo#logoutPublicURL value: "{{ openshift.master.logout_url | default('') }}" + - key: features#inactivityTimeoutMinutes + value: "{{ openshift_web_console_inactivity_timeout_minutes | default(0) }}" + + # TODO: The new extensions properties cannot be set until + # origin-web-console-server has been updated with the API changes since + # `extensions` in the old asset config was an array. + + # - key: extensions#scriptURLs + # value: "{{ openshift_web_console_extension_script_urls | default([]) }}" + # - key: extensions#stylesheetURLs + # value: "{{ openshift_web_console_extension_stylesheet_urls | default([]) }}" + # - key: extensions#properties + # value: "{{ openshift_web_console_extension_properties | default({}) }}" + + # DEPRECATED PROPERTIES + # These properties have been renamed and will be removed from the install + # in a future pull. Keep both the old and new properties for now so that + # the install is not broken while the origin-web-console image is updated. - key: publicURL # Must have a trailing slash value: "{{ openshift.master.public_console_url }}/" + - key: logoutURL + value: "{{ openshift.master.logout_url | default('') }}" - key: masterPublicURL value: "{{ openshift.master.public_api_url }}" + separator: '#' + state: present - slurp: src: "{{ mktemp.stdout }}/{{ __console_config_file }}" register: config -- name: Apply template file +- name: Reconcile with the web console RBAC file + shell: > + {{ openshift_client_binary }} process -f "{{ mktemp.stdout }}/{{ __console_rbac_file }}" | {{ openshift_client_binary }} auth reconcile -f - + +- name: Apply the web console template file shell: > {{ openshift_client_binary }} process -f "{{ mktemp.stdout }}/{{ __console_template_file }}" --param API_SERVER_CONFIG="{{ config['content'] | b64decode }}" diff --git a/roles/openshift_web_console/tasks/update_asset_config.yml b/roles/openshift_web_console/tasks/update_console_config.yml index 0992b32e1..e347c0193 100644 --- a/roles/openshift_web_console/tasks/update_asset_config.yml +++ b/roles/openshift_web_console/tasks/update_console_config.yml @@ -1,9 +1,9 @@ --- # This task updates asset config values in the webconsole-config config map in # the openshift-web-console namespace. The values to set are pased in the -# variable `asset_config_edits`, which is an array of objects with `key` and +# variable `console_config_edits`, which is an array of objects with `key` and # `value` properties in the same format as `yedit` module `edits`. Only -# properties passed are updated. +# properties passed are updated. The separator for nested properties is `#`. # # Note that this triggers a redeployment on the console and a brief downtime # since it uses a `Recreate` strategy. @@ -12,10 +12,10 @@ # # - include_role: # name: openshift_web_console -# tasks_from: update_asset_config.yml +# tasks_from: update_console_config.yml # vars: -# asset_config_edits: -# - key: loggingPublicURL +# console_config_edits: +# - key: clusterInfo#loggingPublicURL # value: "https://{{ openshift_logging_kibana_hostname }}" # when: openshift_web_console_install | default(true) | bool @@ -28,18 +28,20 @@ - name: Make temp directory command: mktemp -d /tmp/console-ansible-XXXXXX - register: mktemp + register: mktemp_console changed_when: False -- name: Copy asset config to temp file +- name: Copy web console config to temp file copy: content: "{{webconsole_config.results.results[0].data['webconsole-config.yaml']}}" - dest: "{{ mktemp.stdout }}/webconsole-config.yaml" + dest: "{{ mktemp_console.stdout }}/webconsole-config.yaml" -- name: Change asset config properties +- name: Change web console config properties yedit: - src: "{{ mktemp.stdout }}/webconsole-config.yaml" - edits: "{{asset_config_edits}}" + src: "{{ mktemp_console.stdout }}/webconsole-config.yaml" + edits: "{{console_config_edits}}" + separator: '#' + state: present - name: Update web console config map oc_configmap: @@ -47,14 +49,15 @@ name: webconsole-config state: present from_file: - webconsole-config.yaml: "{{ mktemp.stdout }}/webconsole-config.yaml" + webconsole-config.yaml: "{{ mktemp_console.stdout }}/webconsole-config.yaml" - name: Remove temp directory file: state: absent - name: "{{ mktemp.stdout }}" + name: "{{ mktemp_console.stdout }}" changed_when: False +# TODO: Only rollout if config has changed. # There's currently no command to trigger a rollout for a k8s deployment # without changing the pod spec. Add an annotation to force a rollout after # the config map has been edited. diff --git a/roles/openshift_web_console/vars/main.yml b/roles/openshift_web_console/vars/main.yml index 80bc56a17..e91048e38 100644 --- a/roles/openshift_web_console/vars/main.yml +++ b/roles/openshift_web_console/vars/main.yml @@ -2,4 +2,5 @@ __console_files_location: "../../../files/origin-components/" __console_template_file: "console-template.yaml" +__console_rbac_file: "console-rbac-template.yaml" __console_config_file: "console-config.yaml" |