diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/etcd/defaults/main.yaml | 1 | ||||
-rw-r--r-- | roles/etcd/files/etcdctl.sh | 11 | ||||
-rw-r--r-- | roles/etcd/meta/main.yml | 1 | ||||
-rw-r--r-- | roles/etcd/tasks/etcdctl.yml | 6 | ||||
-rw-r--r-- | roles/etcd/tasks/main.yml | 112 | ||||
-rw-r--r-- | roles/etcd/templates/etcd.docker.service | 4 | ||||
-rw-r--r-- | roles/etcd/templates/etcdctl.sh.j2 | 12 | ||||
-rw-r--r-- | roles/etcd_common/defaults/main.yml | 3 | ||||
-rw-r--r-- | roles/etcd_server_certificates/meta/main.yml | 2 | ||||
-rw-r--r-- | roles/lib_openshift/library/oc_adm_registry.py | 41 | ||||
-rw-r--r-- | roles/lib_openshift/src/class/oc_adm_registry.py | 41 | ||||
-rwxr-xr-x | roles/lib_openshift/src/test/unit/test_oc_adm_registry.py | 2 | ||||
-rw-r--r-- | roles/openshift_etcd_ca/tasks/main.yml | 1 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/start_cluster.yaml | 5 |
14 files changed, 130 insertions, 112 deletions
diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index 29153f4df..e45f53219 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -13,5 +13,4 @@ etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_ etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}" etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}" -etcd_data_dir: /var/lib/etcd/ etcd_systemd_dir: "/etc/systemd/system/{{ etcd_service }}.service.d" diff --git a/roles/etcd/files/etcdctl.sh b/roles/etcd/files/etcdctl.sh deleted file mode 100644 index 0e324a8a9..000000000 --- a/roles/etcd/files/etcdctl.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# Sets up handy aliases for etcd, need etcdctl2 and etcdctl3 because -# command flags are different between the two. Should work on stand -# alone etcd hosts and master + etcd hosts too because we use the peer keys. -etcdctl2() { - /usr/bin/etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt -C https://`hostname`:2379 ${@} -} - -etcdctl3() { - ETCDCTL_API=3 /usr/bin/etcdctl --cert /etc/etcd/peer.crt --key /etc/etcd/peer.key --cacert /etc/etcd/ca.crt --endpoints https://`hostname`:2379 ${@} -} diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml index e0c70a181..689c07a84 100644 --- a/roles/etcd/meta/main.yml +++ b/roles/etcd/meta/main.yml @@ -24,3 +24,4 @@ dependencies: - service: etcd peering port: "{{ etcd_peer_port }}/tcp" - role: etcd_server_certificates +- role: etcd_common diff --git a/roles/etcd/tasks/etcdctl.yml b/roles/etcd/tasks/etcdctl.yml index 649ad23c1..6cb456677 100644 --- a/roles/etcd/tasks/etcdctl.yml +++ b/roles/etcd/tasks/etcdctl.yml @@ -4,9 +4,9 @@ when: not openshift.common.is_atomic | bool - name: Configure etcd profile.d alises - copy: - src: etcdctl.sh - dest: /etc/profile.d/etcdctl.sh + template: + dest: "/etc/profile.d/etcdctl.sh" + src: etcdctl.sh.j2 mode: 0755 owner: root group: root diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index c09da3b61..8853740e5 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -10,51 +10,45 @@ package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present when: not etcd_is_containerized | bool -- name: Pull etcd container - command: docker pull {{ openshift.etcd.etcd_image }} - register: pull_result - changed_when: "'Downloaded newer image' in pull_result.stdout" +- block: + - name: Pull etcd container + command: docker pull {{ openshift.etcd.etcd_image }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" + + - name: Install etcd container service file + template: + dest: "/etc/systemd/system/etcd_container.service" + src: etcd.docker.service when: - etcd_is_containerized | bool - not openshift.common.is_etcd_system_container | bool -- name: Install etcd container service file - template: - dest: "/etc/systemd/system/etcd_container.service" - src: etcd.docker.service - when: - - etcd_is_containerized | bool - - not openshift.common.is_etcd_system_container | bool - - # Start secondary etcd instance for third party integrations # TODO: Determine an alternative to using thirdparty variable - -- name: Create configuration directory - file: - path: "{{ etcd_conf_dir }}" - state: directory - mode: 0700 - when: etcd_is_thirdparty | bool +- block: + - name: Create configuration directory + file: + path: "{{ etcd_conf_dir }}" + state: directory + mode: 0700 # TODO: retest with symlink to confirm it does or does not function -- name: Copy service file for etcd instance - copy: - src: /usr/lib/systemd/system/etcd.service - dest: "/etc/systemd/system/{{ etcd_service }}.service" - remote_src: True - when: etcd_is_thirdparty | bool - -- name: Create third party etcd service.d directory exists - file: - path: "{{ etcd_systemd_dir }}" - state: directory - when: etcd_is_thirdparty | bool - -- name: Configure third part etcd service unit file - template: - dest: "{{ etcd_systemd_dir }}/custom.conf" - src: custom.conf.j2 + - name: Copy service file for etcd instance + copy: + src: /usr/lib/systemd/system/etcd.service + dest: "/etc/systemd/system/{{ etcd_service }}.service" + remote_src: True + + - name: Create third party etcd service.d directory exists + file: + path: "{{ etcd_systemd_dir }}" + state: directory + + - name: Configure third part etcd service unit file + template: + dest: "{{ etcd_systemd_dir }}/custom.conf" + src: custom.conf.j2 when: etcd_is_thirdparty # TODO: this task may not be needed with Validate permissions @@ -80,28 +74,28 @@ command: systemctl daemon-reload when: etcd_is_thirdparty | bool -- name: Disable system etcd when containerized - systemd: - name: etcd - state: stopped - enabled: no - masked: yes - daemon_reload: yes - when: - - etcd_is_containerized | bool - - not openshift.common.is_etcd_system_container | bool - register: task_result - failed_when: "task_result|failed and 'could not' not in task_result.msg|lower" - -- name: Install etcd container service file - template: - dest: "/etc/systemd/system/etcd_container.service" - src: etcd.docker.service - when: etcd_is_containerized | bool and not openshift.common.is_etcd_system_container | bool - -- name: Install Etcd system container - include: system_container.yml - when: etcd_is_containerized | bool and openshift.common.is_etcd_system_container | bool +- block: + - name: Disable system etcd when containerized + systemd: + name: etcd + state: stopped + enabled: no + masked: yes + daemon_reload: yes + when: not openshift.common.is_etcd_system_container | bool + register: task_result + failed_when: "task_result|failed and 'could not' not in task_result.msg|lower" + + - name: Install etcd container service file + template: + dest: "/etc/systemd/system/etcd_container.service" + src: etcd.docker.service + when: not openshift.common.is_etcd_system_container | bool + + - name: Install Etcd system container + include: system_container.yml + when: openshift.common.is_etcd_system_container | bool + when: etcd_is_containerized | bool - name: Validate permissions on the config dir file: diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service index ae059b549..c8ceaa6ba 100644 --- a/roles/etcd/templates/etcd.docker.service +++ b/roles/etcd/templates/etcd.docker.service @@ -5,9 +5,9 @@ Requires=docker.service PartOf=docker.service [Service] -EnvironmentFile=/etc/etcd/etcd.conf +EnvironmentFile={{ etcd_conf_file }} ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }} -ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:ro --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} +ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v {{ etcd_data_dir }}:{{ etcd_data_dir }}:z -v {{ etcd_conf_dir }}:{{ etcd_conf_dir }}:ro --env-file={{ etcd_conf_file }} --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} ExecStop=/usr/bin/docker stop {{ etcd_service }} SyslogIdentifier=etcd_container Restart=always diff --git a/roles/etcd/templates/etcdctl.sh.j2 b/roles/etcd/templates/etcdctl.sh.j2 new file mode 100644 index 000000000..ac7d9c72f --- /dev/null +++ b/roles/etcd/templates/etcdctl.sh.j2 @@ -0,0 +1,12 @@ +#!/bin/bash +# Sets up handy aliases for etcd, need etcdctl2 and etcdctl3 because +# command flags are different between the two. Should work on stand +# alone etcd hosts and master + etcd hosts too because we use the peer keys. +etcdctl2() { + /usr/bin/etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} -C https://`hostname`:2379 ${@} + +} + +etcdctl3() { + ETCDCTL_API=3 /usr/bin/etcdctl --cert {{ etcd_peer_cert_file }} --key {{ etcd_peer_key_file }} --cacert {{ etcd_peer_ca_file }} --endpoints https://`hostname`:2379 ${@} +} diff --git a/roles/etcd_common/defaults/main.yml b/roles/etcd_common/defaults/main.yml index c5efb0a0c..d12e6a07f 100644 --- a/roles/etcd_common/defaults/main.yml +++ b/roles/etcd_common/defaults/main.yml @@ -35,3 +35,6 @@ etcd_ip: "{{ ansible_default_ipv4.address }}" etcd_is_atomic: False etcd_is_containerized: False etcd_is_thirdparty: False + +# etcd dir vars +etcd_data_dir: /var/lib/etcd/ diff --git a/roles/etcd_server_certificates/meta/main.yml b/roles/etcd_server_certificates/meta/main.yml index 98c913dba..b453f2bd8 100644 --- a/roles/etcd_server_certificates/meta/main.yml +++ b/roles/etcd_server_certificates/meta/main.yml @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- role: openshift_etcd_ca +- role: etcd_ca diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index 0604f48bb..3722f38b3 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -2538,25 +2538,34 @@ class Registry(OpenShiftCLI): def run_ansible(params, check_mode): '''run idempotent ansible code''' + registry_options = {'images': {'value': params['images'], 'include': True}, + 'latest_images': {'value': params['latest_images'], 'include': True}, + 'labels': {'value': params['labels'], 'include': True}, + 'ports': {'value': ','.join(params['ports']), 'include': True}, + 'replicas': {'value': params['replicas'], 'include': True}, + 'selector': {'value': params['selector'], 'include': True}, + 'service_account': {'value': params['service_account'], 'include': True}, + 'mount_host': {'value': params['mount_host'], 'include': True}, + 'env_vars': {'value': params['env_vars'], 'include': False}, + 'volume_mounts': {'value': params['volume_mounts'], 'include': False}, + 'edits': {'value': params['edits'], 'include': False}, + 'tls_key': {'value': params['tls_key'], 'include': True}, + 'tls_certificate': {'value': params['tls_certificate'], 'include': True}, + } + + # Do not always pass the daemonset and enforce-quota parameters because they are not understood + # by old versions of oc. + # Default value is false. So, it's safe to not pass an explicit false value to oc versions which + # understand these parameters. + if params['daemonset']: + registry_options['daemonset'] = {'value': params['daemonset'], 'include': True} + if params['enforce_quota']: + registry_options['enforce_quota'] = {'value': params['enforce_quota'], 'include': True} + rconfig = RegistryConfig(params['name'], params['namespace'], params['kubeconfig'], - {'images': {'value': params['images'], 'include': True}, - 'latest_images': {'value': params['latest_images'], 'include': True}, - 'labels': {'value': params['labels'], 'include': True}, - 'ports': {'value': ','.join(params['ports']), 'include': True}, - 'replicas': {'value': params['replicas'], 'include': True}, - 'selector': {'value': params['selector'], 'include': True}, - 'service_account': {'value': params['service_account'], 'include': True}, - 'mount_host': {'value': params['mount_host'], 'include': True}, - 'env_vars': {'value': params['env_vars'], 'include': False}, - 'volume_mounts': {'value': params['volume_mounts'], 'include': False}, - 'edits': {'value': params['edits'], 'include': False}, - 'enforce_quota': {'value': params['enforce_quota'], 'include': True}, - 'daemonset': {'value': params['daemonset'], 'include': True}, - 'tls_key': {'value': params['tls_key'], 'include': True}, - 'tls_certificate': {'value': params['tls_certificate'], 'include': True}, - }) + registry_options) ocregistry = Registry(rconfig, params['debug']) diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py index 720b44cdc..3c130fe28 100644 --- a/roles/lib_openshift/src/class/oc_adm_registry.py +++ b/roles/lib_openshift/src/class/oc_adm_registry.py @@ -331,25 +331,34 @@ class Registry(OpenShiftCLI): def run_ansible(params, check_mode): '''run idempotent ansible code''' + registry_options = {'images': {'value': params['images'], 'include': True}, + 'latest_images': {'value': params['latest_images'], 'include': True}, + 'labels': {'value': params['labels'], 'include': True}, + 'ports': {'value': ','.join(params['ports']), 'include': True}, + 'replicas': {'value': params['replicas'], 'include': True}, + 'selector': {'value': params['selector'], 'include': True}, + 'service_account': {'value': params['service_account'], 'include': True}, + 'mount_host': {'value': params['mount_host'], 'include': True}, + 'env_vars': {'value': params['env_vars'], 'include': False}, + 'volume_mounts': {'value': params['volume_mounts'], 'include': False}, + 'edits': {'value': params['edits'], 'include': False}, + 'tls_key': {'value': params['tls_key'], 'include': True}, + 'tls_certificate': {'value': params['tls_certificate'], 'include': True}, + } + + # Do not always pass the daemonset and enforce-quota parameters because they are not understood + # by old versions of oc. + # Default value is false. So, it's safe to not pass an explicit false value to oc versions which + # understand these parameters. + if params['daemonset']: + registry_options['daemonset'] = {'value': params['daemonset'], 'include': True} + if params['enforce_quota']: + registry_options['enforce_quota'] = {'value': params['enforce_quota'], 'include': True} + rconfig = RegistryConfig(params['name'], params['namespace'], params['kubeconfig'], - {'images': {'value': params['images'], 'include': True}, - 'latest_images': {'value': params['latest_images'], 'include': True}, - 'labels': {'value': params['labels'], 'include': True}, - 'ports': {'value': ','.join(params['ports']), 'include': True}, - 'replicas': {'value': params['replicas'], 'include': True}, - 'selector': {'value': params['selector'], 'include': True}, - 'service_account': {'value': params['service_account'], 'include': True}, - 'mount_host': {'value': params['mount_host'], 'include': True}, - 'env_vars': {'value': params['env_vars'], 'include': False}, - 'volume_mounts': {'value': params['volume_mounts'], 'include': False}, - 'edits': {'value': params['edits'], 'include': False}, - 'enforce_quota': {'value': params['enforce_quota'], 'include': True}, - 'daemonset': {'value': params['daemonset'], 'include': True}, - 'tls_key': {'value': params['tls_key'], 'include': True}, - 'tls_certificate': {'value': params['tls_certificate'], 'include': True}, - }) + registry_options) ocregistry = Registry(rconfig, params['debug']) diff --git a/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py b/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py index 30e13ce4b..97cf86170 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py +++ b/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py @@ -254,7 +254,7 @@ class RegistryTest(unittest.TestCase): mock_cmd.assert_has_calls([ mock.call(['oc', 'get', 'dc', 'docker-registry', '-o', 'json', '-n', 'default'], None), mock.call(['oc', 'get', 'svc', 'docker-registry', '-o', 'json', '-n', 'default'], None), - mock.call(['oc', 'adm', 'registry', '--daemonset=False', '--enforce-quota=False', + mock.call(['oc', 'adm', 'registry', '--ports=5000', '--replicas=1', '--selector=type=infra', '--service-account=registry', '--dry-run=True', '-o', 'json', '-n', 'default'], None), mock.call(['oc', 'create', '-f', mock.ANY, '-n', 'default'], None), diff --git a/roles/openshift_etcd_ca/tasks/main.yml b/roles/openshift_etcd_ca/tasks/main.yml deleted file mode 100644 index ed97d539c..000000000 --- a/roles/openshift_etcd_ca/tasks/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/openshift_logging/tasks/start_cluster.yaml b/roles/openshift_logging/tasks/start_cluster.yaml index 1042b3daa..ef9a42a9e 100644 --- a/roles/openshift_logging/tasks/start_cluster.yaml +++ b/roles/openshift_logging/tasks/start_cluster.yaml @@ -39,7 +39,10 @@ with_items: "{{ mux_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" loop_control: loop_var: object - when: openshift_logging_use_mux + when: + - mux_dc.results is defined + - mux_dc.results.results is defined + - openshift_logging_use_mux - name: Retrieve elasticsearch oc_obj: |