summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/haproxy/defaults/main.yml7
-rw-r--r--roles/haproxy/meta/main.yml4
-rw-r--r--roles/haproxy/templates/haproxy.cfg.j29
-rw-r--r--roles/openshift_master/files/atomic-openshift-master-api9
-rw-r--r--roles/openshift_master/files/atomic-openshift-master-api.service21
-rw-r--r--roles/openshift_master/files/atomic-openshift-master-controllers9
-rw-r--r--roles/openshift_master/files/atomic-openshift-master-controllers.service22
-rw-r--r--roles/openshift_master/tasks/main.yml21
-rw-r--r--roles/openshift_master_ca/tasks/main.yml2
9 files changed, 84 insertions, 20 deletions
diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml
index 16e9af4d1..7ba5bd485 100644
--- a/roles/haproxy/defaults/main.yml
+++ b/roles/haproxy/defaults/main.yml
@@ -12,3 +12,10 @@ haproxy_backends:
- name: web01
address: 127.0.0.1:9000
opts: check
+
+os_firewall_use_firewalld: False
+os_firewall_allow:
+- service: haproxy stats
+ port: "9000/tcp"
+- service: haproxy balance
+ port: "8443/tcp"
diff --git a/roles/haproxy/meta/main.yml b/roles/haproxy/meta/main.yml
index e02d8f53c..0fad106a9 100644
--- a/roles/haproxy/meta/main.yml
+++ b/roles/haproxy/meta/main.yml
@@ -9,4 +9,6 @@ galaxy_info:
- name: EL
versions:
- 7
-dependencies: []
+dependencies:
+- { role: os_firewall }
+- { role: openshift_repos }
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index fddf0ede1..c932af72f 100644
--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -27,12 +27,17 @@ defaults
timeout http-request 10s
timeout queue 1m
timeout connect 10s
- timeout client 1m
- timeout server 1m
+ timeout client 300s
+ timeout server 300s
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
+listen stats :9000
+ mode http
+ stats enable
+ stats uri /
+
{% for frontend in haproxy_frontends %}
frontend {{ frontend.name }}
{% for bind in frontend.binds %}
diff --git a/roles/openshift_master/files/atomic-openshift-master-api b/roles/openshift_master/files/atomic-openshift-master-api
new file mode 100644
index 000000000..ea82468a0
--- /dev/null
+++ b/roles/openshift_master/files/atomic-openshift-master-api
@@ -0,0 +1,9 @@
+OPTIONS=
+CONFIG_FILE=/etc/origin/master/master-config.yaml
+
+# Proxy configuration
+# Origin uses standard HTTP_PROXY environment variables. Be sure to set
+# NO_PROXY for your master
+#NO_PROXY=master.example.com
+#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
+#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
diff --git a/roles/openshift_master/files/atomic-openshift-master-api.service b/roles/openshift_master/files/atomic-openshift-master-api.service
new file mode 100644
index 000000000..b24b9809e
--- /dev/null
+++ b/roles/openshift_master/files/atomic-openshift-master-api.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Atomic OpenShift Master API
+Documentation=https://github.com/openshift/origin
+After=network.target
+After=etcd.service
+Before=atomic-openshift-node.service
+Requires=network.target
+
+[Service]
+Type=notify
+EnvironmentFile=/etc/sysconfig/atomic-openshift-master-api
+Environment=GOTRACEBACK=crash
+ExecStart=/usr/bin/atomic-enterprise start master api --config=${CONFIG_FILE} $OPTIONS
+LimitNOFILE=131072
+LimitCORE=infinity
+WorkingDirectory=/var/lib/origin/
+SyslogIdentifier=atomic-openshift-master-api
+
+[Install]
+WantedBy=multi-user.target
+WantedBy=atomic-openshift-node.service
diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers b/roles/openshift_master/files/atomic-openshift-master-controllers
new file mode 100644
index 000000000..ea82468a0
--- /dev/null
+++ b/roles/openshift_master/files/atomic-openshift-master-controllers
@@ -0,0 +1,9 @@
+OPTIONS=
+CONFIG_FILE=/etc/origin/master/master-config.yaml
+
+# Proxy configuration
+# Origin uses standard HTTP_PROXY environment variables. Be sure to set
+# NO_PROXY for your master
+#NO_PROXY=master.example.com
+#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
+#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers.service b/roles/openshift_master/files/atomic-openshift-master-controllers.service
new file mode 100644
index 000000000..e84160e5a
--- /dev/null
+++ b/roles/openshift_master/files/atomic-openshift-master-controllers.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Atomic OpenShift Master Controllers
+Documentation=https://github.com/openshift/origin
+After=network.target
+After=atomic-openshift-master-api.service
+Before=atomic-openshift-node.service
+Requires=network.target
+
+[Service]
+Type=notify
+EnvironmentFile=/etc/sysconfig/atomic-openshift-master-controllers
+Environment=GOTRACEBACK=crash
+ExecStart=/usr/bin/atomic-enterprise start master controllers --config=${CONFIG_FILE} $OPTIONS
+LimitNOFILE=131072
+LimitCORE=infinity
+WorkingDirectory=/var/lib/origin/
+SyslogIdentifier=atomic-openshift-master-controllers
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+WantedBy=atomic-openshift-node.service
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index b23c19d37..00aaa2e57 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -204,27 +204,16 @@
when: not openshift_master_ha | bool
register: start_result
-# workaround for start bug when configuring ha
-- name: Start master for ha workaround
- service: name={{ openshift.common.service_type }}-master state=started
- when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master
-
-- name: pause for 30 seconds to let master finish starting up for ha workaround
- pause: seconds=30
- when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master
-
-- name: Stop master for ha workaround
- service: name={{ openshift.common.service_type }}-master state=stopped
- when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master
-# end workaround for start bug when configuring ha
-
-- fail:
-
- name: Start and enable master api
service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started
when: openshift_master_ha | bool
register: start_result
+# TODO: work to eliminate this workaround
+- name: pause a random interval to avoid startup errors for controller
+ pause: seconds={{ 60 | random(step=5) }}
+ when: openshift_master_ha | bool
+
- name: Start and enable master controller
service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started
when: openshift_master_ha | bool
diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml
index abb0f8252..0738048d3 100644
--- a/roles/openshift_master_ca/tasks/main.yml
+++ b/roles/openshift_master_ca/tasks/main.yml
@@ -14,7 +14,7 @@
- name: Create the master certificates if they do not already exist
command: >
{{ openshift.common.admin_binary }} create-master-certs
- --hostnames={{ openshift.common.all_hostnames | join(',') }}
+ --hostnames={{ master_hostnames | join(',') }}
--master={{ openshift.master.api_url }}
--public-master={{ openshift.master.public_api_url }}
--cert-dir={{ openshift_master_config_dir }} --overwrite=false