diff options
Diffstat (limited to 'roles')
6 files changed, 46 insertions, 14 deletions
diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index c3723672d..2aca35ce1 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -1,8 +1,8 @@ --- -- name: Verify Ansible version is greater than or equal to 1.9.4 +- name: Verify Ansible version is greater than or equal to 2.1.0.0 fail: - msg: "Unsupported ansible version: {{ ansible_version }} found" - when: not ansible_version.full | version_compare('1.9.4', 'ge') + msg: "Unsupported ansible version: {{ ansible_version.full }} found" + when: not ansible_version.full | version_compare('2.1.0.0', 'ge') - name: Detecting Operating System stat: diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml index 9db67ecc6..7b1b3f6ff 100644 --- a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml +++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml @@ -24,10 +24,10 @@ failed_when: false - set_fact: - registry_config: "{{ lookup('template', '../templates/registry_config.j2') | b64encode }}" + registry_config: "{{ lookup('template', 'registry_config.j2') | b64encode }}" - set_fact: - registry_config_secret: "{{ lookup('template', '../templates/registry_config_secret.j2') | from_yaml }}" + registry_config_secret: "{{ lookup('template', 'registry_config_secret.j2') | from_yaml }}" - set_fact: same_storage_provider: "{{ (secrets.stdout|from_json)['metadata']['annotations']['provider'] | default(none) == openshift.hosted.registry.storage.provider }}" @@ -111,4 +111,4 @@ --config={{ openshift_hosted_kubeconfig }} --namespace={{ openshift.hosted.registry.namespace | default('default') }} deploy dc/docker-registry --latest - when: secrets.rc == 0 and update_config_secret.rc == 0 and same_storage_provider | bool + when: secrets.rc == 0 and not update_config_secret | skipped and update_config_secret.rc == 0 and same_storage_provider | bool diff --git a/roles/openshift_hosted/tasks/registry/storage/registry_config.j2 b/roles/openshift_hosted/tasks/registry/storage/registry_config.j2 new file mode 120000 index 000000000..f3e82ad4f --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/storage/registry_config.j2 @@ -0,0 +1 @@ +../../../templates/registry_config.j2
\ No newline at end of file diff --git a/roles/openshift_hosted/tasks/registry/storage/registry_config_secret.j2 b/roles/openshift_hosted/tasks/registry/storage/registry_config_secret.j2 new file mode 120000 index 000000000..b9e82c1ea --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/storage/registry_config_secret.j2 @@ -0,0 +1 @@ +../../../templates/registry_config_secret.j2
\ No newline at end of file diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index 8fc8497fa..4fd9cd10b 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -3,14 +3,30 @@ action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present" when: not openshift.common.is_atomic | bool -- name: Set sebooleans to allow gluster storage plugin access from containers +- name: Check for existence of virt_use_fusefs seboolean + command: getsebool virt_use_fusefs + register: virt_use_fusefs_output + when: ansible_selinux and ansible_selinux.status == "enabled" + failed_when: false + changed_when: false + +- name: Set seboolean to allow gluster storage plugin access from containers seboolean: - name: "{{ item }}" + name: virt_use_fusefs state: yes persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_fusefs_output.rc == 0 + +- name: Check for existence of virt_sandbox_use_fusefs seboolean + command: getsebool virt_sandbox_use_fusefs + register: virt_sandbox_use_fusefs_output when: ansible_selinux and ansible_selinux.status == "enabled" - with_items: - - virt_use_fusefs - - virt_sandbox_use_fusefs - register: sebool_result - failed_when: "'state' not in sebool_result and 'msg' in sebool_result and 'SELinux boolean {{ item }} does not exist' not in sebool_result.msg" + failed_when: false + changed_when: false + +- name: Set seboolean to allow gluster storage plugin access from containers(sandbox) + seboolean: + name: virt_sandbox_use_fusefs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_fusefs_output.rc == 0 diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 8380714d4..e384c1bd7 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -3,16 +3,30 @@ action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" when: not openshift.common.is_atomic | bool +- name: Check for existence of virt_use_nfs seboolean + command: getsebool virt_use_nfs + register: virt_use_nfs_output + when: ansible_selinux and ansible_selinux.status == "enabled" + failed_when: false + changed_when: false + - name: Set seboolean to allow nfs storage plugin access from containers seboolean: name: virt_use_nfs state: yes persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_nfs_output.rc == 0 + +- name: Check for existence of virt_sandbox_use_nfs seboolean + command: getsebool virt_sandbox_use_nfs + register: virt_sandbox_use_nfs_output when: ansible_selinux and ansible_selinux.status == "enabled" + failed_when: false + changed_when: false - name: Set seboolean to allow nfs storage plugin access from containers(sandbox) seboolean: name: virt_sandbox_use_nfs state: yes persistent: yes - when: ansible_selinux and ansible_selinux.status == "enabled" + when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0 |