diff options
Diffstat (limited to 'roles')
75 files changed, 424 insertions, 126 deletions
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index c90bbbe9b..4ca47d074 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -147,64 +147,41 @@ - set_fact: service_ca_crt: "{{ asb_client_secret.results.results.0.data['service-ca.crt'] }}" -# Using oc_obj because oc_service doesn't seem to allow annotations -# TODO: Extend oc_service to allow annotations - name: create ansible-service-broker service - oc_obj: + oc_service: name: asb namespace: openshift-ansible-service-broker - state: present - kind: Service - content: - path: /tmp/asbsvcout - data: - apiVersion: v1 - kind: Service - metadata: - name: asb - namespace: openshift-ansible-service-broker - labels: - app: openshift-ansible-service-broker - service: asb - annotations: - service.alpha.openshift.io/serving-cert-secret-name: asb-tls - spec: - ports: - - name: port-1338 - port: 1338 - targetPort: 1338 - protocol: TCP - selector: - app: openshift-ansible-service-broker - service: asb + labels: + app: openshift-ansible-service-broker + service: asb + annotations: + service.alpha.openshift.io/serving-cert-secret-name: asb-tls + ports: + - name: port-1338 + port: 1338 + targetPort: 1338 + protocol: TCP + selector: + app: openshift-ansible-service-broker + service: asb - name: create asb-etcd service - oc_obj: + oc_service: name: asb-etcd namespace: openshift-ansible-service-broker - state: present - kind: Service - content: - path: /tmp/asbetcdsvcout - data: - apiVersion: v1 - kind: Service - metadata: - name: asb-etcd - labels: - app: etcd - service: asb-etcd - annotations: - service.alpha.openshift.io/serving-cert-secret-name: etcd-tls - spec: - ports: - - name: port-2379 - port: 2379 - targetPort: 2379 - protocol: TCP - selector: - app: etcd - service: asb-etcd + labels: + app: etcd + service: asb-etcd + annotations: + service.alpha.openshift.io/serving-cert-secret-name: etcd-tls + ports: + - name: port-2379 + port: 2379 + targetPort: 2379 + protocol: TCP + selector: + app: etcd + service: asb-etcd - name: create route for ansible-service-broker service oc_route: @@ -219,28 +196,25 @@ tls_termination: Reencrypt - name: create persistent volume claim for etcd - oc_obj: + oc_pvc: name: etcd namespace: openshift-ansible-service-broker - state: present - kind: PersistentVolumeClaim - content: - path: /tmp/pvcout - data: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: etcd - namespace: openshift-ansible-service-broker - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi + access_modes: + - ReadWriteOnce + volume_capacity: 1G + +- name: Search for existing Ansible Service Broker deployment config + oc_obj: + name: asb + namespace: openshift-ansible-service-broker + kind: DeploymentConfig + state: list + register: asb_dc - name: Create Ansible Service Broker deployment config + when: asb_dc.results.results.0 | length == 0 oc_obj: + force: yes name: asb namespace: openshift-ansible-service-broker state: present @@ -315,9 +289,18 @@ secret: secretName: broker-etcd-auth-secret +- name: Search for existing Ansible Service Broker etcd deployment config + oc_obj: + name: asb-etcd + namespace: openshift-ansible-service-broker + kind: DeploymentConfig + state: list + register: asb_etcd_dc + - name: Create asb-etcd deployment config + when: asb_etcd_dc.results.results.0 | length == 0 oc_obj: - name: etcd + name: asb-etcd namespace: openshift-ansible-service-broker state: present kind: DeploymentConfig @@ -354,7 +337,7 @@ - "{{ ansible_service_broker_etcd_image_etcd_path }}" - "--data-dir=/data" - "--listen-client-urls=https://0.0.0.0:2379" - - "--advertise-client-urls=https://0.0.0.0:2379" + - "--advertise-client-urls=https://asb-etcd.openshift-ansible-service-broker.svc:2379" - "--client-cert-auth" - "--trusted-ca-file=/var/run/etcd-auth-secret/ca.crt" - "--cert-file=/etc/tls/private/tls.crt" diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml index 34754502a..f63b3e49b 100644 --- a/roles/cockpit/tasks/main.yml +++ b/roles/cockpit/tasks/main.yml @@ -11,6 +11,8 @@ - cockpit-docker - "{{ cockpit_plugins }}" when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Enable cockpit-ws systemd: diff --git a/roles/contiv/tasks/download_bins.yml b/roles/contiv/tasks/download_bins.yml index 319fce46c..741c1d1da 100644 --- a/roles/contiv/tasks/download_bins.yml +++ b/roles/contiv/tasks/download_bins.yml @@ -8,6 +8,8 @@ yum: name: bzip2 state: installed + register: result + until: result | success - name: Download Bins | Download Contiv tar file get_url: diff --git a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml index 91e6aadf3..62b4716a3 100644 --- a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml +++ b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml @@ -3,6 +3,8 @@ yum: pkg=net-tools state=latest + register: result + until: result | success - name: PkgMgr RHEL/CentOS | Get openstack ocata rpm get_url: @@ -20,6 +22,8 @@ yum: name=/tmp/rdo-release-ocata-2.noarch.rpm state=present tags: - ovs_install + register: result + until: result | success - name: PkgMgr RHEL/CentOS | Install ovs yum: @@ -31,3 +35,5 @@ no_proxy: "{{ no_proxy|default('') }}" tags: - ovs_install + register: result + until: result | success diff --git a/roles/contiv_facts/tasks/fedora-install.yml b/roles/contiv_facts/tasks/fedora-install.yml index db56a18c0..a57f6eb19 100644 --- a/roles/contiv_facts/tasks/fedora-install.yml +++ b/roles/contiv_facts/tasks/fedora-install.yml @@ -3,6 +3,8 @@ yum: name: dnf state: installed + register: result + until: result | success - name: Update repo cache command: dnf update -y diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index 5437275a2..044b04478 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -37,6 +37,8 @@ - name: Install Docker package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present when: not openshift.common.is_atomic | bool and not curr_docker_version | skipped and not curr_docker_version.stdout != '' + register: result + until: result | success - block: # Extend the default Docker service unit file when using iptables-services diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 17800d4e5..3439aa353 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -29,6 +29,8 @@ name: container-selinux state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check we are not using node as a Docker container with CRI-O fail: msg='Cannot use CRI-O with node configured as a Docker container' @@ -42,6 +44,8 @@ name: atomic state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # At the time of writing the atomic command requires runc for it's own use. This # task is here in the even that the atomic package ever removes the dependency. @@ -50,6 +54,8 @@ name: runc state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check that overlay is in the kernel diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml index f69acb9a5..881d83f50 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -34,6 +34,8 @@ name: container-selinux state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Used to pull and install the system container - name: Ensure atomic is installed @@ -41,6 +43,8 @@ name: atomic state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # At the time of writing the atomic command requires runc for it's own use. This # task is here in the even that the atomic package ever removes the dependency. @@ -49,11 +53,15 @@ name: runc state: present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Make sure Docker is installed so we are able to use the client - name: Install Docker so we can use the client package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success # Make sure docker is disabled. Errors are ignored. - name: Disable Docker diff --git a/roles/etcd/tasks/auxiliary/drop_etcdctl.yml b/roles/etcd/tasks/auxiliary/drop_etcdctl.yml index 11bd2310e..603f2531f 100644 --- a/roles/etcd/tasks/auxiliary/drop_etcdctl.yml +++ b/roles/etcd/tasks/auxiliary/drop_etcdctl.yml @@ -2,6 +2,8 @@ - name: Install etcd for etcdctl package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Configure etcd profile.d aliases template: diff --git a/roles/etcd/tasks/backup/backup.yml b/roles/etcd/tasks/backup/backup.yml index afb84eb58..9da023dbd 100644 --- a/roles/etcd/tasks/backup/backup.yml +++ b/roles/etcd/tasks/backup/backup.yml @@ -43,6 +43,8 @@ when: - r_etcd_common_embedded_etcd | bool - not l_ostree_booted.stat.exists | bool + register: result + until: result | success - name: Check selinux label of '{{ etcd_data_dir }}' command: > diff --git a/roles/etcd/tasks/certificates/deploy_ca.yml b/roles/etcd/tasks/certificates/deploy_ca.yml index 3d32290a2..bd4dafafd 100644 --- a/roles/etcd/tasks/certificates/deploy_ca.yml +++ b/roles/etcd/tasks/certificates/deploy_ca.yml @@ -6,6 +6,8 @@ when: not etcd_is_atomic | bool delegate_to: "{{ etcd_ca_host }}" run_once: true + register: result + until: result | success - file: path: "{{ item }}" diff --git a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml index 00b8f4a0b..f4726940a 100644 --- a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml +++ b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml @@ -4,6 +4,8 @@ name: "etcd{{ '-' + etcd_version if etcd_version is defined else '' }}" state: present when: not etcd_is_containerized | bool + register: result + until: result | success - name: Check status of etcd certificates stat: diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 5ee9335f5..b2100801f 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -12,6 +12,8 @@ - name: Install etcd package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present when: not etcd_is_containerized | bool + register: result + until: result | success - include_tasks: drop_etcdctl.yml when: diff --git a/roles/etcd/tasks/upgrade/upgrade_image.yml b/roles/etcd/tasks/upgrade/upgrade_image.yml index 24071f9ad..6e712ba74 100644 --- a/roles/etcd/tasks/upgrade/upgrade_image.yml +++ b/roles/etcd/tasks/upgrade/upgrade_image.yml @@ -44,6 +44,8 @@ name: etcd state: latest when: not l_ostree_booted.stat.exists | bool + register: result + until: result | success - name: Verify cluster is healthy command: "{{ etcdctlv2 }} cluster-health" diff --git a/roles/etcd/tasks/upgrade/upgrade_rpm.yml b/roles/etcd/tasks/upgrade/upgrade_rpm.yml index 505e28afb..e98def46e 100644 --- a/roles/etcd/tasks/upgrade/upgrade_rpm.yml +++ b/roles/etcd/tasks/upgrade/upgrade_rpm.yml @@ -18,6 +18,8 @@ package: name: "{{ l_etcd_target_package }}" state: latest + register: result + until: result | success - lineinfile: destfile: "{{ etcd_conf_file }}" diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index 3a8945a82..befe1b2e6 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -3,6 +3,8 @@ become: yes package: name=flannel state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Set flannel etcd options become: yes diff --git a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py index 57444a2a5..3cb1fa8d0 100644 --- a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py +++ b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py @@ -74,7 +74,7 @@ class CallbackModule(CallbackBase): }, 'installer_phase_glusterfs': { 'title': 'GlusterFS Install', - 'playbook': 'playbooks/byo/openshift-glusterfs/config.yml' + 'playbook': 'playbooks/openshift-glusterfs/config.yml' }, 'installer_phase_hosted': { 'title': 'Hosted Install', diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index 0771aa5a5..fe565987c 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -1993,6 +1993,7 @@ class ServiceConfig(object): sname, namespace, ports, + annotations=None, selector=None, labels=None, cluster_ip=None, @@ -2004,6 +2005,7 @@ class ServiceConfig(object): self.name = sname self.namespace = namespace self.ports = ports + self.annotations = annotations self.selector = selector self.labels = labels self.cluster_ip = cluster_ip @@ -2026,6 +2028,9 @@ class ServiceConfig(object): self.data['metadata']['labels'] = {} for lab, lab_value in self.labels.items(): self.data['metadata']['labels'][lab] = lab_value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations + self.data['spec'] = {} if self.ports: diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py index 5969da7ca..44de29592 100644 --- a/roles/lib_openshift/library/oc_adm_router.py +++ b/roles/lib_openshift/library/oc_adm_router.py @@ -1559,6 +1559,7 @@ class ServiceConfig(object): sname, namespace, ports, + annotations=None, selector=None, labels=None, cluster_ip=None, @@ -1570,6 +1571,7 @@ class ServiceConfig(object): self.name = sname self.namespace = namespace self.ports = ports + self.annotations = annotations self.selector = selector self.labels = labels self.cluster_ip = cluster_ip @@ -1592,6 +1594,9 @@ class ServiceConfig(object): self.data['metadata']['labels'] = {} for lab, lab_value in self.labels.items(): self.data['metadata']['labels'][lab] = lab_value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations + self.data['spec'] = {} if self.ports: diff --git a/roles/lib_openshift/library/oc_service.py b/roles/lib_openshift/library/oc_service.py index 3e8aea4f1..c541e1bbd 100644 --- a/roles/lib_openshift/library/oc_service.py +++ b/roles/lib_openshift/library/oc_service.py @@ -90,6 +90,12 @@ options: required: false default: default aliases: [] + annotations: + description: + - Annotations to apply to the object + required: false + default: None + aliases: [] selector: description: - The selector to apply when filtering for services. @@ -1471,6 +1477,7 @@ class ServiceConfig(object): sname, namespace, ports, + annotations=None, selector=None, labels=None, cluster_ip=None, @@ -1482,6 +1489,7 @@ class ServiceConfig(object): self.name = sname self.namespace = namespace self.ports = ports + self.annotations = annotations self.selector = selector self.labels = labels self.cluster_ip = cluster_ip @@ -1504,6 +1512,9 @@ class ServiceConfig(object): self.data['metadata']['labels'] = {} for lab, lab_value in self.labels.items(): self.data['metadata']['labels'][lab] = lab_value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations + self.data['spec'] = {} if self.ports: @@ -1662,6 +1673,7 @@ class OCService(OpenShiftCLI): sname, namespace, labels, + annotations, selector, cluster_ip, portal_ip, @@ -1674,7 +1686,7 @@ class OCService(OpenShiftCLI): ''' Constructor for OCVolume ''' super(OCService, self).__init__(namespace, kubeconfig, verbose) self.namespace = namespace - self.config = ServiceConfig(sname, namespace, ports, selector, labels, + self.config = ServiceConfig(sname, namespace, ports, annotations, selector, labels, cluster_ip, portal_ip, session_affinity, service_type, external_ips) self.user_svc = Service(content=self.config.data) @@ -1739,6 +1751,7 @@ class OCService(OpenShiftCLI): oc_svc = OCService(params['name'], params['namespace'], params['labels'], + params['annotations'], params['selector'], params['clusterip'], params['portalip'], @@ -1840,6 +1853,7 @@ def main(): debug=dict(default=False, type='bool'), namespace=dict(default='default', type='str'), name=dict(default=None, type='str'), + annotations=dict(default=None, type='dict'), labels=dict(default=None, type='dict'), selector=dict(default=None, type='dict'), clusterip=dict(default=None, type='str'), diff --git a/roles/lib_openshift/src/ansible/oc_service.py b/roles/lib_openshift/src/ansible/oc_service.py index b90c08255..0c55391e3 100644 --- a/roles/lib_openshift/src/ansible/oc_service.py +++ b/roles/lib_openshift/src/ansible/oc_service.py @@ -14,6 +14,7 @@ def main(): debug=dict(default=False, type='bool'), namespace=dict(default='default', type='str'), name=dict(default=None, type='str'), + annotations=dict(default=None, type='dict'), labels=dict(default=None, type='dict'), selector=dict(default=None, type='dict'), clusterip=dict(default=None, type='str'), diff --git a/roles/lib_openshift/src/class/oc_service.py b/roles/lib_openshift/src/class/oc_service.py index 7268a0c88..e41237b7e 100644 --- a/roles/lib_openshift/src/class/oc_service.py +++ b/roles/lib_openshift/src/class/oc_service.py @@ -13,6 +13,7 @@ class OCService(OpenShiftCLI): sname, namespace, labels, + annotations, selector, cluster_ip, portal_ip, @@ -25,7 +26,7 @@ class OCService(OpenShiftCLI): ''' Constructor for OCVolume ''' super(OCService, self).__init__(namespace, kubeconfig, verbose) self.namespace = namespace - self.config = ServiceConfig(sname, namespace, ports, selector, labels, + self.config = ServiceConfig(sname, namespace, ports, annotations, selector, labels, cluster_ip, portal_ip, session_affinity, service_type, external_ips) self.user_svc = Service(content=self.config.data) @@ -90,6 +91,7 @@ class OCService(OpenShiftCLI): oc_svc = OCService(params['name'], params['namespace'], params['labels'], + params['annotations'], params['selector'], params['clusterip'], params['portalip'], diff --git a/roles/lib_openshift/src/doc/service b/roles/lib_openshift/src/doc/service index ba9aa0b38..b596dff85 100644 --- a/roles/lib_openshift/src/doc/service +++ b/roles/lib_openshift/src/doc/service @@ -39,6 +39,12 @@ options: required: false default: default aliases: [] + annotations: + description: + - Annotations to apply to the object + required: false + default: None + aliases: [] selector: description: - The selector to apply when filtering for services. diff --git a/roles/lib_openshift/src/lib/service.py b/roles/lib_openshift/src/lib/service.py index 0e8cc3aa5..84620c518 100644 --- a/roles/lib_openshift/src/lib/service.py +++ b/roles/lib_openshift/src/lib/service.py @@ -10,6 +10,7 @@ class ServiceConfig(object): sname, namespace, ports, + annotations=None, selector=None, labels=None, cluster_ip=None, @@ -21,6 +22,7 @@ class ServiceConfig(object): self.name = sname self.namespace = namespace self.ports = ports + self.annotations = annotations self.selector = selector self.labels = labels self.cluster_ip = cluster_ip @@ -43,6 +45,9 @@ class ServiceConfig(object): self.data['metadata']['labels'] = {} for lab, lab_value in self.labels.items(): self.data['metadata']['labels'][lab] = lab_value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations + self.data['spec'] = {} if self.ports: diff --git a/roles/lib_openshift/src/test/unit/test_oc_service.py b/roles/lib_openshift/src/test/unit/test_oc_service.py index 9c21a262f..2a7b3c7dc 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_service.py +++ b/roles/lib_openshift/src/test/unit/test_oc_service.py @@ -34,6 +34,7 @@ class OCServiceTest(unittest.TestCase): 'ports': None, 'state': 'list', 'labels': None, + 'annotations': None, 'clusterip': None, 'portalip': None, 'selector': None, @@ -120,6 +121,7 @@ class OCServiceTest(unittest.TestCase): 'targetPOrt': 9000}, 'state': 'present', 'labels': None, + 'annotations': None, 'clusterip': None, 'portalip': None, 'selector': {'router': 'router'}, @@ -318,6 +320,7 @@ class OCServiceTest(unittest.TestCase): 'targetPOrt': 9000}, 'state': 'present', 'labels': {'component': 'some_component', 'infra': 'true'}, + 'annotations': None, 'clusterip': None, 'portalip': None, 'selector': {'router': 'router'}, @@ -407,6 +410,7 @@ class OCServiceTest(unittest.TestCase): 'targetPOrt': 9000}, 'state': 'present', 'labels': {'component': 'some_component', 'infra': 'true'}, + 'annotations': None, 'clusterip': None, 'portalip': None, 'selector': {'router': 'router'}, diff --git a/roles/nickhammond.logrotate/tasks/main.yml b/roles/nickhammond.logrotate/tasks/main.yml index 657cb10ec..32d3acb86 100644 --- a/roles/nickhammond.logrotate/tasks/main.yml +++ b/roles/nickhammond.logrotate/tasks/main.yml @@ -2,6 +2,8 @@ - name: nickhammond.logrotate | Install logrotate package: name=logrotate state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: nickhammond.logrotate | Setup logrotate.d scripts template: diff --git a/roles/nuage_ca/tasks/main.yaml b/roles/nuage_ca/tasks/main.yaml index 8d73e6840..46929fa1f 100644 --- a/roles/nuage_ca/tasks/main.yaml +++ b/roles/nuage_ca/tasks/main.yaml @@ -2,6 +2,8 @@ - name: Install openssl package: name=openssl state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Create CA directory file: path="{{ nuage_ca_dir }}" state=directory diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml index c9a429675..42ef22846 100644 --- a/roles/openshift_aws/defaults/main.yml +++ b/roles/openshift_aws/defaults/main.yml @@ -6,6 +6,9 @@ openshift_aws_create_security_groups: True openshift_aws_create_launch_config: True openshift_aws_create_scale_group: True +openshift_aws_current_version: '' +openshift_aws_new_version: '' + openshift_aws_wait_for_ssh: True openshift_aws_clusterid: default @@ -39,6 +42,7 @@ openshift_aws_ami_tags: bootstrap: "true" openshift-created: "true" clusterid: "{{ openshift_aws_clusterid }}" + parent: "{{ openshift_aws_base_ami | default('unknown') }}" openshift_aws_s3_mode: create openshift_aws_s3_bucket_name: "{{ openshift_aws_clusterid }}-docker-registry" @@ -114,7 +118,6 @@ openshift_aws_node_group_config_tags: "{{ openshift_aws_clusterid | build_instan openshift_aws_node_group_termination_policy: Default openshift_aws_node_group_replace_instances: [] openshift_aws_node_group_replace_all_instances: False -openshift_aws_node_group_config_extra_labels: {} openshift_aws_ami_map: master: "{{ openshift_aws_ami }}" @@ -135,8 +138,8 @@ openshift_aws_master_group_config: tags: host-type: master sub-host-type: default - labels: - type: master + runtime: docker + version: "{{ openshift_aws_new_version }}" wait_for_instances: True termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" @@ -159,8 +162,8 @@ openshift_aws_node_group_config: tags: host-type: node sub-host-type: compute - labels: - type: compute + runtime: docker + version: "{{ openshift_aws_new_version }}" termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" iam_role: "{{ openshift_aws_iam_role_name }}" @@ -179,8 +182,8 @@ openshift_aws_node_group_config: tags: host-type: node sub-host-type: infra - labels: - type: infra + runtime: docker + version: "{{ openshift_aws_new_version }}" termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" iam_role: "{{ openshift_aws_iam_role_name }}" @@ -262,7 +265,7 @@ openshift_aws_node_security_groups: openshift_aws_vpc_tags: Name: "{{ openshift_aws_vpc_name }}" -openshift_aws_subnet_name: us-east-1c +openshift_aws_subnet_az: us-east-1c openshift_aws_vpc: name: "{{ openshift_aws_vpc_name }}" @@ -280,6 +283,10 @@ openshift_aws_node_run_bootstrap_startup: True openshift_aws_node_user_data: '' openshift_aws_node_config_namespace: openshift-node +openshift_aws_node_groups: nodes + +openshift_aws_masters_groups: masters,etcd,nodes + # If creating extra node groups, you'll need to define all of the following # The format is the same as openshift_aws_node_group_config, but the top-level diff --git a/roles/openshift_aws/filter_plugins/openshift_aws_filters.py b/roles/openshift_aws/filter_plugins/openshift_aws_filters.py index a9893c0a7..e707abd3f 100644 --- a/roles/openshift_aws/filter_plugins/openshift_aws_filters.py +++ b/roles/openshift_aws/filter_plugins/openshift_aws_filters.py @@ -9,6 +9,18 @@ class FilterModule(object): ''' Custom ansible filters for use by openshift_aws role''' @staticmethod + def scale_groups_match_capacity(scale_group_info): + ''' This function will verify that the scale group instance count matches + the scale group desired capacity + + ''' + for scale_group in scale_group_info: + if scale_group['desired_capacity'] != len(scale_group['instances']): + return False + + return True + + @staticmethod def build_instance_tags(clusterid): ''' This function will return a dictionary of the instance tags. @@ -25,4 +37,5 @@ class FilterModule(object): def filters(self): ''' returns a mapping of filters to methods ''' - return {'build_instance_tags': self.build_instance_tags} + return {'build_instance_tags': self.build_instance_tags, + 'scale_groups_match_capacity': self.scale_groups_match_capacity} diff --git a/roles/openshift_aws/meta/main.yml b/roles/openshift_aws/meta/main.yml index 875efcb8f..fa0a24a33 100644 --- a/roles/openshift_aws/meta/main.yml +++ b/roles/openshift_aws/meta/main.yml @@ -1,3 +1,4 @@ --- dependencies: - lib_utils +- lib_openshift diff --git a/roles/openshift_aws/tasks/accept_nodes.yml b/roles/openshift_aws/tasks/accept_nodes.yml new file mode 100644 index 000000000..ae320962f --- /dev/null +++ b/roles/openshift_aws/tasks/accept_nodes.yml @@ -0,0 +1,34 @@ +--- +- name: fetch masters + ec2_remote_facts: + region: "{{ openshift_aws_region | default('us-east-1') }}" + filters: + "{{ {'tag:kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid, + 'tag:host-type': 'master', 'instance-state-name': 'running'} }}" + register: mastersout + retries: 20 + delay: 3 + until: "'instances' in mastersout and mastersout.instances|length > 0" + +- name: fetch new node instances + ec2_remote_facts: + region: "{{ openshift_aws_region }}" + filters: + "{{ {'tag:kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid, + 'tag:host-type': 'node', + 'instance-state-name': 'running'} }}" + register: instancesout + retries: 20 + delay: 3 + until: "'instances' in instancesout and instancesout.instances|length > 0" + +- debug: + msg: "{{ instancesout.instances|map(attribute='private_dns_name') | list }}" + +- name: approve nodes + oc_adm_csr: + #approve_all: True + nodes: "{{ instancesout.instances|map(attribute='private_dns_name') | list }}" + timeout: 60 + register: nodeout + delegate_to: "{{ mastersout.instances[0].public_ip_address }}" diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml index a543222d5..5d371ec7a 100644 --- a/roles/openshift_aws/tasks/elb.yml +++ b/roles/openshift_aws/tasks/elb.yml @@ -17,6 +17,7 @@ listeners: "{{ item.value }}" scheme: "{{ openshift_aws_elb_scheme }}" tags: "{{ openshift_aws_elb_tags }}" + wait: True register: new_elb with_dict: "{{ l_elb_dict_item.value }}" diff --git a/roles/openshift_aws/tasks/launch_config_create.yml b/roles/openshift_aws/tasks/launch_config_create.yml index a688496d2..f7f0f0953 100644 --- a/roles/openshift_aws/tasks/launch_config_create.yml +++ b/roles/openshift_aws/tasks/launch_config_create.yml @@ -10,7 +10,7 @@ # Create the scale group config - name: Create the node scale group launch config ec2_lc: - name: "{{ openshift_aws_launch_config_basename }}-{{ launch_config_item.key }}-{{ l_epoch_time }}" + name: "{{ openshift_aws_launch_config_basename }}-{{ launch_config_item.key }}{{'-' ~ openshift_aws_new_version if openshift_aws_new_version != '' else '' }}" region: "{{ openshift_aws_region }}" image_id: "{{ l_aws_ami_map[launch_config_item.key] | default(openshift_aws_ami) }}" instance_type: "{{ launch_config_item.value.instance_type }}" diff --git a/roles/openshift_aws/tasks/provision_nodes.yml b/roles/openshift_aws/tasks/provision_nodes.yml index 1b40f24d3..3e84666a2 100644 --- a/roles/openshift_aws/tasks/provision_nodes.yml +++ b/roles/openshift_aws/tasks/provision_nodes.yml @@ -12,7 +12,9 @@ register: instancesout retries: 20 delay: 3 - until: instancesout.instances|length > 0 + until: + - "'instances' in instancesout" + - instancesout.instances|length > 0 - name: slurp down the bootstrap.kubeconfig slurp: @@ -42,29 +44,7 @@ l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups_extra }}" l_aws_ami_map: "{{ openshift_aws_ami_map_extra }}" - +# instances aren't scaling fast enough here, we need to wait for them - when: openshift_aws_wait_for_ssh | bool - block: - - name: pause and allow for instances to scale before we query them - pause: - seconds: 10 - - - name: fetch newly created instances - ec2_remote_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:clusterid": "{{ openshift_aws_clusterid }}" - "tag:host-type": node - instance-state-name: running - register: instancesout - retries: 20 - delay: 3 - until: instancesout.instances|length > 0 - - - name: wait for ssh to become available - wait_for: - port: 22 - host: "{{ item.public_ip_address }}" - timeout: 300 - search_regex: OpenSSH - with_items: "{{ instancesout.instances }}" + name: wait for our new nodes to come up + include: wait_for_groups.yml diff --git a/roles/openshift_aws/tasks/remove_scale_group.yml b/roles/openshift_aws/tasks/remove_scale_group.yml new file mode 100644 index 000000000..55d1af2b5 --- /dev/null +++ b/roles/openshift_aws/tasks/remove_scale_group.yml @@ -0,0 +1,27 @@ +--- +- name: fetch the scale groups + ec2_asg_facts: + region: "{{ openshift_aws_region }}" + tags: + "{{ {'kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid, + 'version': openshift_aws_current_version} }}" + register: qasg + +- name: remove non-master scale groups + ec2_asg: + region: "{{ openshift_aws_region }}" + state: absent + name: "{{ item.auto_scaling_group_name }}" + when: "'master' not in item.auto_scaling_group_name" + register: asg_results + with_items: "{{ qasg.results }}" + async: 600 + poll: 0 + +- name: join the asynch scale group removals + async_status: + jid: "{{ item.ansible_job_id }}" + register: jobs_results + with_items: "{{ asg_results.results }}" + until: jobs_results.finished + retries: 200 diff --git a/roles/openshift_aws/tasks/scale_group.yml b/roles/openshift_aws/tasks/scale_group.yml index 097859af2..30df7545d 100644 --- a/roles/openshift_aws/tasks/scale_group.yml +++ b/roles/openshift_aws/tasks/scale_group.yml @@ -1,16 +1,8 @@ --- -- name: fetch the subnet to use in scale group - ec2_vpc_subnet_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:Name": "{{ openshift_aws_subnet_name }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - register: subnetout - - name: Create the scale group ec2_asg: name: "{{ openshift_aws_scale_group_basename }} {{ item.key }}" - launch_config_name: "{{ openshift_aws_launch_config_basename }}-{{ item.key }}-{{ l_epoch_time }}" + launch_config_name: "{{ openshift_aws_launch_config_basename }}-{{ item.key }}{{ '-' ~ openshift_aws_new_version if openshift_aws_new_version != '' else '' }}" health_check_period: "{{ item.value.health_check.period }}" health_check_type: "{{ item.value.health_check.type }}" min_size: "{{ item.value.min_size }}" diff --git a/roles/openshift_aws/tasks/setup_master_group.yml b/roles/openshift_aws/tasks/setup_master_group.yml index 166f3b938..05b68f460 100644 --- a/roles/openshift_aws/tasks/setup_master_group.yml +++ b/roles/openshift_aws/tasks/setup_master_group.yml @@ -21,7 +21,7 @@ - name: add new master to masters group add_host: - groups: "masters,etcd,nodes" + groups: "{{ openshift_aws_masters_groups }}" name: "{{ item.public_dns_name }}" hostname: "{{ openshift_aws_clusterid }}-master-{{ item.id[:-5] }}" with_items: "{{ instancesout.instances }}" diff --git a/roles/openshift_aws/tasks/setup_scale_group_facts.yml b/roles/openshift_aws/tasks/setup_scale_group_facts.yml new file mode 100644 index 000000000..d65fdc2de --- /dev/null +++ b/roles/openshift_aws/tasks/setup_scale_group_facts.yml @@ -0,0 +1,37 @@ +--- +- name: group scale group nodes + ec2_remote_facts: + region: "{{ openshift_aws_region }}" + filters: + "{{ {'tag:kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid }}}" + register: qinstances + +- name: Build new node group + add_host: + groups: oo_sg_new_nodes + ansible_ssh_host: "{{ item.public_dns_name }}" + name: "{{ item.public_dns_name }}" + hostname: "{{ item.public_dns_name }}" + when: + - (item.tags.version | default(False)) == openshift_aws_new_version + - "'node' in item.tags['host-type']" + with_items: "{{ qinstances.instances }}" + +- name: Build current node group + add_host: + groups: oo_sg_current_nodes + ansible_ssh_host: "{{ item.public_dns_name }}" + name: "{{ item.public_dns_name }}" + hostname: "{{ item.public_dns_name }}" + when: + - (item.tags.version | default('')) == openshift_aws_current_version + - "'node' in item.tags['host-type']" + with_items: "{{ qinstances.instances }}" + +- name: place all nodes into nodes group + add_host: + groups: nodes + ansible_ssh_host: "{{ item.public_dns_name }}" + name: "{{ item.public_dns_name }}" + hostname: "{{ item.public_dns_name }}" + with_items: "{{ qinstances.instances }}" diff --git a/roles/openshift_aws/tasks/upgrade_node_group.yml b/roles/openshift_aws/tasks/upgrade_node_group.yml new file mode 100644 index 000000000..d7851d887 --- /dev/null +++ b/roles/openshift_aws/tasks/upgrade_node_group.yml @@ -0,0 +1,16 @@ +--- +- fail: + msg: 'Please ensure the current_version and new_version variables are not the same.' + when: + - openshift_aws_current_version == openshift_aws_new_version + +- include: provision_nodes.yml + +- include: accept_nodes.yml + +- include: setup_scale_group_facts.yml + +- include: setup_master_group.yml + vars: + # we do not set etcd here as its limited to 1 or 3 + openshift_aws_masters_groups: masters,nodes diff --git a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml index aaf9b300f..1b754f863 100644 --- a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml +++ b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml @@ -6,13 +6,16 @@ 'tag:Name': "{{ openshift_aws_vpc_name }}" register: vpcout -- name: debug +- name: debug vcpout debug: var=vpcout - name: fetch the default subnet id ec2_vpc_subnet_facts: region: "{{ openshift_aws_region }}" filters: - "tag:Name": "{{ openshift_aws_subnet_name }}" + "availability_zone": "{{ openshift_aws_subnet_az }}" vpc-id: "{{ vpcout.vpcs[0].id }}" register: subnetout + +- name: debug subnetout + debug: var=subnetout diff --git a/roles/openshift_aws/tasks/wait_for_groups.yml b/roles/openshift_aws/tasks/wait_for_groups.yml new file mode 100644 index 000000000..9f1a68a2a --- /dev/null +++ b/roles/openshift_aws/tasks/wait_for_groups.yml @@ -0,0 +1,31 @@ +--- +# The idea here is to wait until all scale groups are at +# their desired capacity before continuing. +- name: fetch the scale groups + ec2_asg_facts: + region: "{{ openshift_aws_region }}" + tags: + "{{ {'kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid} }}" + register: qasg + until: qasg.results | scale_groups_match_capacity | bool + delay: 10 + retries: 60 + +- name: fetch newly created instances + ec2_remote_facts: + region: "{{ openshift_aws_region }}" + filters: + "{{ {'tag:kubernetes.io/cluster/' ~ openshift_aws_clusterid: openshift_aws_clusterid, + 'tag:version': openshift_aws_new_version} }}" + register: instancesout + until: instancesout.instances|length > 0 + delay: 5 + retries: 60 + +- name: wait for ssh to become available + wait_for: + port: 22 + host: "{{ item.public_ip_address }}" + timeout: 300 + search_regex: OpenSSH + with_items: "{{ instancesout.instances }}" diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 31f0f8e7a..05e0a1352 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -13,6 +13,7 @@ state: present when: not openshift.common.is_containerized | bool register: install_result + until: install_result | success delegate_to: "{{ openshift_ca_host }}" run_once: true diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 6aa15d568..7b046b2c4 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -8,6 +8,8 @@ - name: Install clients package: name={{ openshift.common.service_type }}-clients state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - block: - name: Pull CLI Image @@ -47,3 +49,5 @@ - name: Install bash completion for oc tools package: name=bash-completion state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success diff --git a/roles/openshift_clock/tasks/main.yaml b/roles/openshift_clock/tasks/main.yaml index f8b02524a..82c73b583 100644 --- a/roles/openshift_clock/tasks/main.yaml +++ b/roles/openshift_clock/tasks/main.yaml @@ -9,6 +9,8 @@ when: - openshift_clock_enabled | bool - chrony_installed.rc != 0 + register: result + until: result | success - name: Start and enable ntpd/chronyd command: timedatectl set-ntp true diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml index 7a5bebf6f..3ac55894f 100644 --- a/roles/openshift_excluder/tasks/install.yml +++ b/roles/openshift_excluder/tasks/install.yml @@ -13,6 +13,8 @@ when: - r_openshift_excluder_enable_docker_excluder | bool - ansible_pkg_mgr == "yum" + register: result + until: result | success # For DNF we do not need the "*" and if we add it, it causes an error because @@ -26,6 +28,8 @@ when: - r_openshift_excluder_enable_docker_excluder | bool - ansible_pkg_mgr == "dnf" + register: result + until: result | success - name: Install openshift excluder - yum package: @@ -34,6 +38,8 @@ when: - r_openshift_excluder_enable_openshift_excluder | bool - ansible_pkg_mgr == "yum" + register: result + until: result | success # For DNF we do not need the "*" and if we add it, it causes an error because # it's not a valid pkg_spec @@ -46,6 +52,8 @@ when: - r_openshift_excluder_enable_openshift_excluder | bool - ansible_pkg_mgr == "dnf" + register: result + until: result | success - set_fact: r_openshift_excluder_install_ran: True diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml index 4cb5418c6..b7acb0c5a 100644 --- a/roles/openshift_expand_partition/tasks/main.yml +++ b/roles/openshift_expand_partition/tasks/main.yml @@ -2,6 +2,8 @@ - name: Ensure growpart is installed package: name=cloud-utils-growpart state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Determine if growpart is installed command: "rpm -q cloud-utils-growpart" diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml index c87a327a4..79c5793d9 100644 --- a/roles/openshift_loadbalancer/tasks/main.yml +++ b/roles/openshift_loadbalancer/tasks/main.yml @@ -5,6 +5,8 @@ - name: Install haproxy package: name=haproxy state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Pull haproxy image command: > diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml index 6e3204589..d6ac88dcc 100644 --- a/roles/openshift_logging/tasks/generate_jks.yaml +++ b/roles/openshift_logging/tasks/generate_jks.yaml @@ -24,21 +24,25 @@ local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r" when: elasticsearch_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/logging-es.jks" state=touch mode="u=rw,g=r,o=r" when: logging_es_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/system.admin.jks" state=touch mode="u=rw,g=r,o=r" when: system_admin_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/truststore.jks" state=touch mode="u=rw,g=r,o=r" when: truststore_jks.stat.exists changed_when: False + become: no - name: pulling down signing items from host fetch: @@ -57,10 +61,12 @@ vars: - top_dir: "{{local_tmp.stdout}}" when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists + become: no - name: Run JKS generation script local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}} check_mode: no + become: no when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists - name: Pushing locally generated JKS certs to remote host... diff --git a/roles/openshift_management/tasks/add_container_provider.yml b/roles/openshift_management/tasks/add_container_provider.yml index 50a5252cc..24b2ce6ac 100644 --- a/roles/openshift_management/tasks/add_container_provider.yml +++ b/roles/openshift_management/tasks/add_container_provider.yml @@ -1,8 +1,4 @@ --- -- name: Ensure lib_openshift modules are available - include_role: - role: lib_openshift - - name: Ensure OpenShift facts module is available include_role: role: openshift_facts diff --git a/roles/openshift_master/tasks/bootstrap_settings.yml b/roles/openshift_master/tasks/bootstrap_settings.yml index cbd7f587b..10e0828eb 100644 --- a/roles/openshift_master/tasks/bootstrap_settings.yml +++ b/roles/openshift_master/tasks/bootstrap_settings.yml @@ -11,4 +11,5 @@ - /etc/origin/master/ca.key notify: - restart master controllers + - restart master api when: openshift_master_bootstrap_enabled | default(False) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index d570a1c7f..e52cd6231 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -39,6 +39,8 @@ state: present when: - not openshift.common.is_containerized | bool + register: result + until: result | success - name: Create r_openshift_master_data_dir file: @@ -88,6 +90,8 @@ - item.kind == 'HTPasswdPasswordIdentityProvider' - not openshift.common.is_atomic | bool with_items: "{{ openshift.master.identity_providers }}" + register: result + until: result | success - name: Ensure htpasswd directory exists file: @@ -306,6 +310,7 @@ - openshift.master.cluster_method == 'pacemaker' - not openshift.common.is_containerized | bool register: l_install_result + until: l_install_result | success - name: Start and enable cluster service systemd: diff --git a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml index f914a9978..caab3045a 100644 --- a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml +++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml @@ -18,3 +18,5 @@ - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}" - "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}" - "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" + register: result + until: result | success diff --git a/roles/openshift_nfs/tasks/setup.yml b/roles/openshift_nfs/tasks/setup.yml index 3070de495..edb854467 100644 --- a/roles/openshift_nfs/tasks/setup.yml +++ b/roles/openshift_nfs/tasks/setup.yml @@ -5,6 +5,8 @@ - name: Install nfs-utils package: name=nfs-utils state=present + register: result + until: result | success - name: Configure NFS lineinfile: diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml index ac43ef039..a042bc01b 100644 --- a/roles/openshift_node/tasks/bootstrap.yml +++ b/roles/openshift_node/tasks/bootstrap.yml @@ -4,6 +4,8 @@ name: "{{ item }}" state: present with_items: "{{ r_openshift_node_image_prep_packages }}" + register: result + until: result | success - name: create the directory for node file: diff --git a/roles/openshift_node/tasks/dnsmasq.yml b/roles/openshift_node/tasks/dnsmasq.yml index 22bdce6c6..f210a3a21 100644 --- a/roles/openshift_node/tasks/dnsmasq.yml +++ b/roles/openshift_node/tasks/dnsmasq.yml @@ -13,6 +13,8 @@ - name: Install dnsmasq package: name=dnsmasq state=installed when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: ensure origin/node directory exists file: diff --git a/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml index dede2fb8f..541c8115a 100644 --- a/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml +++ b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml @@ -7,5 +7,7 @@ name: NetworkManager state: present notify: restart NetworkManager + register: result + until: result | success - include_tasks: network-manager.yml diff --git a/roles/openshift_node/tasks/docker/upgrade.yml b/roles/openshift_node/tasks/docker/upgrade.yml index ebe87d6fd..d743d2188 100644 --- a/roles/openshift_node/tasks/docker/upgrade.yml +++ b/roles/openshift_node/tasks/docker/upgrade.yml @@ -36,5 +36,7 @@ - name: Upgrade Docker package: name=docker{{ '-' + docker_version }} state=present + register: result + until: result | success # starting docker happens back in ../main.yml where it calls ../restart.yml diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml index 9a91e2fb6..1ed4a05c1 100644 --- a/roles/openshift_node/tasks/install.yml +++ b/roles/openshift_node/tasks/install.yml @@ -5,6 +5,8 @@ package: name: "{{ openshift.common.service_type }}-node{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" state: present + register: result + until: result | success - name: Install sdn-ovs package package: @@ -12,11 +14,15 @@ state: present when: - openshift_node_use_openshift_sdn | bool + register: result + until: result | success - name: Install conntrack-tools package package: name: "conntrack-tools" state: present + register: result + until: result | success - when: - openshift.common.is_containerized | bool diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml index 037efe81a..72a3b837f 100644 --- a/roles/openshift_node/tasks/storage_plugins/ceph.yml +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -2,3 +2,5 @@ - name: Install Ceph storage plugin dependencies package: name=ceph-common state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index 1b8a7ad50..08ea71a0c 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -2,6 +2,8 @@ - name: Install GlusterFS storage plugin dependencies package: name=glusterfs-fuse state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check for existence of fusefs sebooleans command: getsebool {{ item }} diff --git a/roles/openshift_node/tasks/storage_plugins/iscsi.yml b/roles/openshift_node/tasks/storage_plugins/iscsi.yml index 1c5478c55..ece68dc71 100644 --- a/roles/openshift_node/tasks/storage_plugins/iscsi.yml +++ b/roles/openshift_node/tasks/storage_plugins/iscsi.yml @@ -2,3 +2,5 @@ - name: Install iSCSI storage plugin dependencies package: name=iscsi-initiator-utils state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 7e1035893..5eacf42e8 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -2,6 +2,8 @@ - name: Install NFS storage plugin dependencies package: name=nfs-utils state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Check for existence of nfs sebooleans command: getsebool {{ item }} diff --git a/roles/openshift_node/tasks/upgrade.yml b/roles/openshift_node/tasks/upgrade.yml index ff3478800..561b56918 100644 --- a/roles/openshift_node/tasks/upgrade.yml +++ b/roles/openshift_node/tasks/upgrade.yml @@ -107,6 +107,8 @@ name: openvswitch state: latest when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Update oreg value yedit: diff --git a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml index a998acf21..fcbe1a598 100644 --- a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml @@ -8,10 +8,14 @@ # We verified latest rpm available is suitable, so just yum update. - name: Upgrade packages package: "name={{ openshift.common.service_type }}-{{ component }}{{ openshift_pkg_version }} state=present" + register: result + until: result | success - name: Ensure python-yaml present for config upgrade package: name=PyYAML state=present when: not openshift.common.is_atomic | bool + register: result + until: result | success - name: Install Node service file template: diff --git a/roles/openshift_node_group/tasks/create_config.yml b/roles/openshift_node_group/tasks/create_config.yml index 02ec30a62..8b3218e7b 100644 --- a/roles/openshift_node_group/tasks/create_config.yml +++ b/roles/openshift_node_group/tasks/create_config.yml @@ -9,6 +9,7 @@ - name: debug node config debug: var=configout + run_once: true - when: - configout.results.results.0 == {} or (configout.results.results.0 != {} and openshift_node_group_edits|length > 0) @@ -24,6 +25,7 @@ dest: "{{ mktempout.stdout }}/node-config.yaml" when: - configout.results.results.0 == {} + run_once: true - name: lay down the config from the existing configmap copy: @@ -31,6 +33,7 @@ dest: "{{ mktempout.stdout }}/node-config.yaml" when: - configout.results.results.0 != {} + run_once: true - name: "specialize the generated configs for {{ openshift_node_group_name }}" yedit: @@ -42,6 +45,7 @@ run_once: true - debug: var=yeditout + run_once: true - name: create node-config.yaml configmap oc_configmap: diff --git a/roles/openshift_openstack/tasks/node-packages.yml b/roles/openshift_openstack/tasks/node-packages.yml index 7864f5269..e41104af1 100644 --- a/roles/openshift_openstack/tasks/node-packages.yml +++ b/roles/openshift_openstack/tasks/node-packages.yml @@ -6,6 +6,8 @@ name: "{{ item }}" state: latest with_items: "{{ openshift_openstack_required_packages }}" + register: result + until: result | success - name: Install debug packages (optional) yum: @@ -13,3 +15,5 @@ state: latest with_items: "{{ openshift_openstack_debug_packages }}" when: openshift_openstack_install_debug_packages|bool + register: result + until: result | success diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 552a22a0f..5e7bde1e1 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -9,6 +9,8 @@ # TODO: This needs to be removed and placed into a role - name: Ensure libselinux-python is installed package: name=libselinux-python state=present + register: result + until: result | success - name: Remove openshift_additional.repo file file: diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index 2a678af57..4b33e91b4 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -4,6 +4,8 @@ when: - not openshift.common.is_atomic | bool - not glusterfs_heketi_is_native | bool + register: result + until: result | success - name: Verify heketi-cli is installed shell: "command -v {{ glusterfs_heketi_cli }} >/dev/null 2>&1 || { echo >&2 'ERROR: Make sure heketi-cli is available, then re-run the installer'; exit 1; }" diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml index b8fd7979f..71c1311cd 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml @@ -44,6 +44,6 @@ glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_heketi_ssh_sudo | bool }}" glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_heketi_ssh_keyfile }}" glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_heketi_fstab }}" - glusterfs_nodes: "{{ groups.glusterfs | default([]]) }}" + glusterfs_nodes: "{{ groups.glusterfs | default([]) }}" - include: glusterfs_common.yml diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index 24264fa43..c25cad74c 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -4,6 +4,8 @@ - name: Install nfs-utils package: name=nfs-utils state=present + register: result + until: result | success - name: Configure NFS lineinfile: diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml index 03f4fcec0..bee786a90 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml @@ -2,6 +2,8 @@ - name: Install NFS server package: name=nfs-utils state=present when: not openshift.common.is_containerized | bool + register: result + until: result | success - name: Start rpcbind systemd: diff --git a/roles/os_firewall/tasks/firewalld.yml b/roles/os_firewall/tasks/firewalld.yml index 54430f402..1e27ebaf9 100644 --- a/roles/os_firewall/tasks/firewalld.yml +++ b/roles/os_firewall/tasks/firewalld.yml @@ -8,6 +8,8 @@ package: name: firewalld state: present + register: result + until: result | success - name: Ensure iptables services are not enabled systemd: diff --git a/roles/os_firewall/tasks/iptables.yml b/roles/os_firewall/tasks/iptables.yml index 2d74f2e48..a7c13e487 100644 --- a/roles/os_firewall/tasks/iptables.yml +++ b/roles/os_firewall/tasks/iptables.yml @@ -22,6 +22,8 @@ - iptables - iptables-services when: not r_os_firewall_is_atomic | bool + register: result + until: result | success - name: Start and enable iptables service systemd: diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml index 6b5fd0106..60d665587 100644 --- a/roles/os_update_latest/tasks/main.yml +++ b/roles/os_update_latest/tasks/main.yml @@ -1,3 +1,5 @@ --- - name: Update all packages package: name=* state=latest + register: result + until: result | success diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml index b06f51908..9ca49b569 100644 --- a/roles/rhel_subscribe/tasks/main.yml +++ b/roles/rhel_subscribe/tasks/main.yml @@ -36,6 +36,8 @@ yum: name: subscription-manager state: present + register: result + until: result | success - name: RedHat subscriptions redhat_subscription: |