summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_health_checker/library/rpm_version.py14
-rw-r--r--roles/openshift_health_checker/openshift_checks/ovs_version.py4
-rw-r--r--roles/openshift_health_checker/test/ovs_version_test.py4
-rw-r--r--roles/openshift_health_checker/test/rpm_version_test.py6
-rw-r--r--roles/openshift_logging_elasticsearch/defaults/main.yml3
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/main.yaml7
-rw-r--r--roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j22
-rw-r--r--roles/openshift_logging_elasticsearch/vars/main.yml2
-rw-r--r--roles/os_firewall/meta/main.yml16
-rw-r--r--roles/os_firewall/tasks/firewalld.yml (renamed from roles/os_firewall/tasks/firewall/firewalld.yml)8
-rw-r--r--roles/os_firewall/tasks/iptables.yml (renamed from roles/os_firewall/tasks/firewall/iptables.yml)9
-rw-r--r--roles/os_firewall/tasks/main.yml25
12 files changed, 60 insertions, 40 deletions
diff --git a/roles/openshift_health_checker/library/rpm_version.py b/roles/openshift_health_checker/library/rpm_version.py
index 8ea223055..c24fbba3b 100644
--- a/roles/openshift_health_checker/library/rpm_version.py
+++ b/roles/openshift_health_checker/library/rpm_version.py
@@ -4,6 +4,7 @@ Ansible module for rpm-based systems determining existing package version inform
"""
from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.six import string_types
IMPORT_EXCEPTION = None
try:
@@ -82,11 +83,16 @@ def _check_pkg_versions(found_pkgs_dict, expected_pkgs_dict):
continue
found_versions = [_parse_version(version) for version in found_pkgs_dict[pkg_name]]
- expected_version = _parse_version(pkg["version"])
- if expected_version not in found_versions:
+
+ if isinstance(pkg["version"], string_types):
+ expected_versions = [_parse_version(pkg["version"])]
+ else:
+ expected_versions = [_parse_version(version) for version in pkg["version"]]
+
+ if not set(expected_versions) & set(found_versions):
invalid_pkg_versions[pkg_name] = {
"found_versions": found_versions,
- "required_version": expected_version,
+ "required_versions": expected_versions,
}
if not_found_pkgs:
@@ -106,7 +112,7 @@ def _check_pkg_versions(found_pkgs_dict, expected_pkgs_dict):
"The following packages were found to be installed with an incorrect version: {}".format('\n'.join([
" \n{}\n Required version: {}\n Found versions: {}".format(
pkg_name,
- pkg["required_version"],
+ ', '.join(pkg["required_versions"]),
', '.join([version for version in pkg["found_versions"]]))
for pkg_name, pkg in invalid_pkg_versions.items()
]))
diff --git a/roles/openshift_health_checker/openshift_checks/ovs_version.py b/roles/openshift_health_checker/openshift_checks/ovs_version.py
index d5e55bc25..363c12def 100644
--- a/roles/openshift_health_checker/openshift_checks/ovs_version.py
+++ b/roles/openshift_health_checker/openshift_checks/ovs_version.py
@@ -16,8 +16,8 @@ class OvsVersion(NotContainerizedMixin, OpenShiftCheck):
tags = ["health"]
openshift_to_ovs_version = {
- "3.6": "2.6",
- "3.5": "2.6",
+ "3.6": ["2.6", "2.7"],
+ "3.5": ["2.6", "2.7"],
"3.4": "2.4",
}
diff --git a/roles/openshift_health_checker/test/ovs_version_test.py b/roles/openshift_health_checker/test/ovs_version_test.py
index b6acef5a6..e1bf29d2a 100644
--- a/roles/openshift_health_checker/test/ovs_version_test.py
+++ b/roles/openshift_health_checker/test/ovs_version_test.py
@@ -38,8 +38,8 @@ def test_invalid_openshift_release_format():
@pytest.mark.parametrize('openshift_release,expected_ovs_version', [
- ("3.5", "2.6"),
- ("3.6", "2.6"),
+ ("3.5", ["2.6", "2.7"]),
+ ("3.6", ["2.6", "2.7"]),
("3.4", "2.4"),
("3.3", "2.4"),
("1.0", "2.4"),
diff --git a/roles/openshift_health_checker/test/rpm_version_test.py b/roles/openshift_health_checker/test/rpm_version_test.py
index 2f09ef965..2c1bcf876 100644
--- a/roles/openshift_health_checker/test/rpm_version_test.py
+++ b/roles/openshift_health_checker/test/rpm_version_test.py
@@ -49,7 +49,7 @@ def test_check_pkg_found(pkgs, expect_not_found):
},
{
"eggs": {
- "required_version": "3.2",
+ "required_versions": ["3.2"],
"found_versions": ["3.3"],
}
}, # not the right version
@@ -61,11 +61,11 @@ def test_check_pkg_found(pkgs, expect_not_found):
},
{
"eggs": {
- "required_version": "3.2",
+ "required_versions": ["3.2"],
"found_versions": ["3.3", "1.2"],
},
"spam": {
- "required_version": "3.2",
+ "required_versions": ["3.2"],
"found_versions": ["3.1", "3.3"],
}
}, # not the right version
diff --git a/roles/openshift_logging_elasticsearch/defaults/main.yml b/roles/openshift_logging_elasticsearch/defaults/main.yml
index c0b5d394e..0690bf114 100644
--- a/roles/openshift_logging_elasticsearch/defaults/main.yml
+++ b/roles/openshift_logging_elasticsearch/defaults/main.yml
@@ -37,6 +37,9 @@ openshift_logging_elasticsearch_storage_group: '65534'
openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default('logging-es') }}"
+# config the es plugin to write kibana index based on the index mode
+openshift_logging_elasticsearch_kibana_index_mode: 'unique'
+
# this is used to determine if this is an operations deployment or a non-ops deployment
# simply used for naming purposes
openshift_logging_elasticsearch_ops_deployment: false
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml
index aae23668a..5593fac3a 100644
--- a/roles/openshift_logging_elasticsearch/tasks/main.yaml
+++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml
@@ -102,6 +102,11 @@
delete_after: true
# configmap
+- assert:
+ that:
+ - openshift_logging_elasticsearch_kibana_index_mode in __kibana_index_modes
+ msg: "The openshift_logging_elasticsearch_kibana_index_mode '{{ openshift_logging_elasticsearch_kibana_index_mode }}' only supports one of: {{ __kibana_index_modes | join(', ') }}"
+
- template:
src: elasticsearch-logging.yml.j2
dest: "{{ tempdir }}/elasticsearch-logging.yml"
@@ -115,6 +120,8 @@
allow_cluster_reader: "{{ openshift_logging_elasticsearch_ops_allow_cluster_reader | lower | default('false') }}"
es_number_of_shards: "{{ openshift_logging_es_number_of_shards | default(1) }}"
es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas | default(0) }}"
+ es_kibana_index_mode: "{{ openshift_logging_elasticsearch_kibana_index_mode | default('unique') }}"
+
when: es_config_contents is undefined
changed_when: no
diff --git a/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 b/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2
index 141967c33..0c06a7677 100644
--- a/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2
+++ b/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2
@@ -53,6 +53,8 @@ openshift.searchguard:
openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default (false)}}
+openshift.kibana.index.mode: {{es_kibana_index_mode | default('unique')}}
+
path:
data: /elasticsearch/persistent/${CLUSTER_NAME}/data
logs: /elasticsearch/${CLUSTER_NAME}/logs
diff --git a/roles/openshift_logging_elasticsearch/vars/main.yml b/roles/openshift_logging_elasticsearch/vars/main.yml
index 7a1f5048b..5b4b226e8 100644
--- a/roles/openshift_logging_elasticsearch/vars/main.yml
+++ b/roles/openshift_logging_elasticsearch/vars/main.yml
@@ -3,6 +3,8 @@ __latest_es_version: "3_5"
__allowed_es_versions: ["3_5", "3_6"]
__allowed_es_types: ["data-master", "data-client", "master", "client"]
+__kibana_index_modes: ["unique", "shared_ops"]
+
# TODO: integrate these
openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
es_node_quorum: "{{ openshift_logging_elasticsearch_replica_count | int/2 + 1 }}"
diff --git a/roles/os_firewall/meta/main.yml b/roles/os_firewall/meta/main.yml
deleted file mode 100644
index dca5fc5ff..000000000
--- a/roles/os_firewall/meta/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-galaxy_info:
- author: Jason DeTiberus
- description: os_firewall
- company: Red Hat, Inc.
- license: Apache License, Version 2.0
- min_ansible_version: 2.2
- platforms:
- - name: EL
- versions:
- - 7
- categories:
- - system
-allow_duplicates: yes
-dependencies:
- - role: openshift_facts
diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewalld.yml
index 2cc7af478..54430f402 100644
--- a/roles/os_firewall/tasks/firewall/firewalld.yml
+++ b/roles/os_firewall/tasks/firewalld.yml
@@ -1,4 +1,9 @@
---
+- name: Fail - Firewalld is not supported on Atomic Host
+ fail:
+ msg: "Firewalld is not supported on Atomic Host"
+ when: r_os_firewall_is_atomic | bool
+
- name: Install firewalld packages
package:
name: firewalld
@@ -31,7 +36,8 @@
register: result
- name: need to pause here, otherwise the firewalld service starting can sometimes cause ssh to fail
- pause: seconds=10
+ pause:
+ seconds: 10
when: result | changed
- name: Restart polkitd
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/iptables.yml
index 7e1fa2c02..0af5abf38 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/iptables.yml
@@ -15,11 +15,13 @@
when: task_result | changed
- name: Install iptables packages
- package: name={{ item }} state=present
+ package:
+ name: "{{ item }}"
+ state: present
with_items:
- iptables
- iptables-services
- when: not openshift.common.is_atomic | bool
+ when: not r_os_firewall_is_atomic | bool
- name: Start and enable iptables service
systemd:
@@ -34,5 +36,6 @@
with_items: "{{ ansible_play_hosts }}"
- name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail
- pause: seconds=10
+ pause:
+ seconds: 10
when: result | changed
diff --git a/roles/os_firewall/tasks/main.yml b/roles/os_firewall/tasks/main.yml
index 20efe5b0d..c477d386c 100644
--- a/roles/os_firewall/tasks/main.yml
+++ b/roles/os_firewall/tasks/main.yml
@@ -1,12 +1,19 @@
---
-- name: Assert - Do not use firewalld on Atomic Host
- assert:
- that: not os_firewall_use_firewalld | bool
- msg: "Firewalld is not supported on Atomic Host"
- when: openshift.common.is_atomic | bool
+- name: Detecting Atomic Host Operating System
+ stat:
+ path: /run/ostree-booted
+ register: r_os_firewall_ostree_booted
-- include: firewall/firewalld.yml
- when: os_firewall_enabled | bool and os_firewall_use_firewalld | bool
+- name: Set fact r_os_firewall_is_atomic
+ set_fact:
+ r_os_firewall_is_atomic: "{{ r_os_firewall_ostree_booted.stat.exists }}"
-- include: firewall/iptables.yml
- when: os_firewall_enabled | bool and not os_firewall_use_firewalld | bool
+- include: firewalld.yml
+ when:
+ - os_firewall_enabled | bool
+ - os_firewall_use_firewalld | bool
+
+- include: iptables.yml
+ when:
+ - os_firewall_enabled | bool
+ - not os_firewall_use_firewalld | bool
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 08:35:47 +0000