summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/ansible_service_broker/vars/openshift-enterprise.yml2
-rw-r--r--roles/calico/defaults/main.yaml2
-rw-r--r--roles/calico_master/defaults/main.yaml2
-rw-r--r--roles/docker/tasks/main.yml4
-rw-r--r--roles/docker/templates/crio.conf.j22
-rw-r--r--roles/etcd_migrate/tasks/migrate.yml9
-rw-r--r--roles/lib_openshift/library/oc_route.py7
-rw-r--r--roles/lib_openshift/src/class/oc_route.py7
-rw-r--r--roles/nuage_node/handlers/main.yaml2
-rw-r--r--roles/nuage_node/tasks/main.yaml5
-rw-r--r--roles/nuage_node/vars/main.yaml2
-rw-r--r--roles/openshift_cfme/defaults/main.yml1
-rw-r--r--roles/openshift_cfme/templates/miq-pv-db.yaml.j22
-rw-r--r--roles/openshift_cfme/templates/miq-pv-region.yaml.j22
-rw-r--r--roles/openshift_cfme/templates/miq-pv-server.yaml.j22
-rw-r--r--roles/openshift_cli/tasks/main.yml2
-rw-r--r--roles/openshift_docker_facts/tasks/main.yml2
-rw-r--r--roles/openshift_health_checker/openshift_checks/docker_image_availability.py5
-rw-r--r--roles/openshift_logging/tasks/annotate_ops_projects.yaml17
-rw-r--r--roles/openshift_logging/tasks/install_logging.yaml1
-rw-r--r--roles/openshift_logging/vars/main.yaml2
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/main.yaml4
-rw-r--r--roles/openshift_master/defaults/main.yml5
-rw-r--r--roles/openshift_master/tasks/main.yml16
-rw-r--r--roles/openshift_node/defaults/main.yml5
-rw-r--r--roles/openshift_node/tasks/main.yml19
-rw-r--r--roles/openshift_node/tasks/openvswitch_system_container.yml2
-rw-r--r--roles/openshift_node/templates/node.service.j22
-rw-r--r--roles/openshift_node/templates/node.yaml.v1.j22
-rw-r--r--roles/openshift_node/templates/openshift.docker.node.dep.service2
-rw-r--r--roles/openshift_service_catalog/tasks/install.yml44
-rw-r--r--roles/openshift_service_catalog/templates/api_server_service.j213
-rw-r--r--roles/openshift_service_catalog/templates/controller_manager_service.j213
-rw-r--r--roles/openshift_version/tasks/set_version_containerized.yml2
34 files changed, 129 insertions, 80 deletions
diff --git a/roles/ansible_service_broker/vars/openshift-enterprise.yml b/roles/ansible_service_broker/vars/openshift-enterprise.yml
index 0b3a2a69d..ce2ae8365 100644
--- a/roles/ansible_service_broker/vars/openshift-enterprise.yml
+++ b/roles/ansible_service_broker/vars/openshift-enterprise.yml
@@ -1,7 +1,7 @@
---
__ansible_service_broker_image_prefix: registry.access.redhat.com/openshift3/ose-
-__ansible_service_broker_image_tag: latest
+__ansible_service_broker_image_tag: v3.6
__ansible_service_broker_etcd_image_prefix: rhel7/
__ansible_service_broker_etcd_image_tag: latest
diff --git a/roles/calico/defaults/main.yaml b/roles/calico/defaults/main.yaml
index b1907f8cb..be73e8a73 100644
--- a/roles/calico/defaults/main.yaml
+++ b/roles/calico/defaults/main.yaml
@@ -11,4 +11,4 @@ calico_url_ipam: "https://github.com/projectcalico/cni-plugin/releases/download/
calico_ipv4pool_ipip: "always"
calico_log_dir: "/var/log/calico"
-calico_node_image: "calico/node:v2.4.1"
+calico_node_image: "calico/node:v2.5.0"
diff --git a/roles/calico_master/defaults/main.yaml b/roles/calico_master/defaults/main.yaml
index d40286aba..01a2b9529 100644
--- a/roles/calico_master/defaults/main.yaml
+++ b/roles/calico_master/defaults/main.yaml
@@ -3,5 +3,5 @@ kubeconfig: "{{ openshift.common.config_base }}/master/openshift-master.kubeconf
calicoctl_bin_dir: "/usr/local/bin/"
-calico_url_calicoctl: "https://github.com/projectcalico/calicoctl/releases/download/v1.4.0/calicoctl"
+calico_url_calicoctl: "https://github.com/projectcalico/calicoctl/releases/download/v1.5.0/calicoctl"
calico_url_policy_controller: "quay.io/calico/kube-policy-controller:v0.7.0"
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 1f9ac5059..78c6671d8 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -7,8 +7,8 @@
- set_fact:
l_use_system_container: "{{ openshift.docker.use_system_container | default(False) }}"
- l_use_crio: "{{ openshift.docker.use_crio | default(False) }}"
- l_use_crio_only: "{{ openshift.docker.use_crio_only | default(False) }}"
+ l_use_crio: "{{ openshift_use_crio | default(False) }}"
+ l_use_crio_only: "{{ openshift_use_crio_only | default(False) }}"
- name: Use Package Docker if Requested
include: package_docker.yml
diff --git a/roles/docker/templates/crio.conf.j2 b/roles/docker/templates/crio.conf.j2
index eae1759ab..5b31932b1 100644
--- a/roles/docker/templates/crio.conf.j2
+++ b/roles/docker/templates/crio.conf.j2
@@ -43,7 +43,7 @@ stream_port = "10010"
# This is a mandatory setting as this runtime will be the default one
# and will also be used for untrusted container workloads if
# runtime_untrusted_workload is not set.
-runtime = "/usr/libexec/crio/runc"
+runtime = "/usr/bin/runc"
# runtime_untrusted_workload is the OCI compatible runtime used for untrusted
# container workloads. This is an optional setting, except if
diff --git a/roles/etcd_migrate/tasks/migrate.yml b/roles/etcd_migrate/tasks/migrate.yml
index 173de77f4..54a9c74ff 100644
--- a/roles/etcd_migrate/tasks/migrate.yml
+++ b/roles/etcd_migrate/tasks/migrate.yml
@@ -21,15 +21,24 @@
lineinfile:
line: "ETCD_FORCE_NEW_CLUSTER=true"
dest: /etc/etcd/etcd.conf
+ backup: true
- name: Start etcd
systemd:
name: "{{ l_etcd_service }}"
state: started
+- name: Wait for cluster to become healthy after bringing up first member
+ command: >
+ etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} --endpoint https://{{ etcd_peer }}:{{ etcd_client_port }} cluster-health
+ register: l_etcd_migrate_health
+ until: l_etcd_migrate_health.rc == 0
+ retries: 3
+ delay: 30
- name: Unset ETCD_FORCE_NEW_CLUSTER=true on first etcd host
lineinfile:
line: "ETCD_FORCE_NEW_CLUSTER=true"
dest: /etc/etcd/etcd.conf
state: absent
+ backup: true
- name: Restart first etcd host
systemd:
name: "{{ l_etcd_service }}"
diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py
index d6db75e1e..8f8e46e1e 100644
--- a/roles/lib_openshift/library/oc_route.py
+++ b/roles/lib_openshift/library/oc_route.py
@@ -1665,9 +1665,6 @@ class OCRoute(OpenShiftCLI):
@staticmethod
def get_cert_data(path, content):
'''get the data for a particular value'''
- if not path and not content:
- return None
-
rval = None
if path and os.path.exists(path) and os.access(path, os.R_OK):
rval = open(path).read()
@@ -1706,14 +1703,14 @@ class OCRoute(OpenShiftCLI):
if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501
for key, option in files.items():
- if key == 'destcacert' and params['tls_termination'] != 'reencrypt':
+ if not option['path'] and not option['content']:
continue
option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501
if not option['value']:
return {'failed': True,
- 'msg': 'Verify that you pass a value for %s' % key}
+ 'msg': 'Verify that you pass a correct value for %s' % key}
rconfig = RouteConfig(params['name'],
params['namespace'],
diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py
index 3935525f1..3a1bd732f 100644
--- a/roles/lib_openshift/src/class/oc_route.py
+++ b/roles/lib_openshift/src/class/oc_route.py
@@ -68,9 +68,6 @@ class OCRoute(OpenShiftCLI):
@staticmethod
def get_cert_data(path, content):
'''get the data for a particular value'''
- if not path and not content:
- return None
-
rval = None
if path and os.path.exists(path) and os.access(path, os.R_OK):
rval = open(path).read()
@@ -109,14 +106,14 @@ class OCRoute(OpenShiftCLI):
if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501
for key, option in files.items():
- if key == 'destcacert' and params['tls_termination'] != 'reencrypt':
+ if not option['path'] and not option['content']:
continue
option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501
if not option['value']:
return {'failed': True,
- 'msg': 'Verify that you pass a value for %s' % key}
+ 'msg': 'Verify that you pass a correct value for %s' % key}
rconfig = RouteConfig(params['name'],
params['namespace'],
diff --git a/roles/nuage_node/handlers/main.yaml b/roles/nuage_node/handlers/main.yaml
index 60247c33e..e68ae74bd 100644
--- a/roles/nuage_node/handlers/main.yaml
+++ b/roles/nuage_node/handlers/main.yaml
@@ -1,7 +1,7 @@
---
- name: restart node
become: yes
- systemd: name={{ openshift.common.service_type }}-node state=restarted
+ systemd: name={{ openshift.common.service_type }}-node daemon-reload=yes state=restarted
- name: save iptable rules
become: yes
diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml
index 3764681ff..9db9dbb6a 100644
--- a/roles/nuage_node/tasks/main.yaml
+++ b/roles/nuage_node/tasks/main.yaml
@@ -33,6 +33,11 @@
- include: certificates.yml
+- name: Add additional Docker mounts for Nuage for atomic hosts
+ become: yes
+ lineinfile: dest="{{ openshift_atomic_node_config_file }}" line="{{ nuage_atomic_docker_additional_mounts }}"
+ when: openshift.common.is_atomic | bool
+
- name: Restart node services
command: /bin/true
notify:
diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml
index 4cf68411f..d8bfca62a 100644
--- a/roles/nuage_node/vars/main.yaml
+++ b/roles/nuage_node/vars/main.yaml
@@ -23,3 +23,5 @@ cni_conf_dir: "/etc/cni/net.d/"
cni_bin_dir: "/opt/cni/bin/"
nuage_plugin_crt_dir: /usr/share/vsp-openshift
+openshift_atomic_node_config_file: /etc/sysconfig/{{ openshift.common.service_type }}-node
+nuage_atomic_docker_additional_mounts: "DOCKER_ADDTL_BIND_MOUNTS=-v /var/usr/share/vsp-openshift:/var/usr/share/vsp-openshift -v /etc/default:/etc/default -v /var/run:/var/run -v /opt/cni/bin:/opt/cni/bin -v /etc/cni/net.d:/etc/cni/net.d"
diff --git a/roles/openshift_cfme/defaults/main.yml b/roles/openshift_cfme/defaults/main.yml
index 393bee1f3..8aa57e75a 100644
--- a/roles/openshift_cfme/defaults/main.yml
+++ b/roles/openshift_cfme/defaults/main.yml
@@ -29,6 +29,7 @@ openshift_cfme_pv_data:
openshift_cfme_maxImagesBulkImportedPerRepository: 100
# Hostname/IP of the NFS server. Currently defaults to first master
openshift_cfme_nfs_server: "{{ groups.nfs.0 }}"
+openshift_cfme_nfs_directory: "/exports"
# TODO: Refactor '_install_app' variable. This is just for testing but
# maybe in the future it should control the entire yes/no for CFME.
#
diff --git a/roles/openshift_cfme/templates/miq-pv-db.yaml.j2 b/roles/openshift_cfme/templates/miq-pv-db.yaml.j2
index b8c3bb277..280f3e97a 100644
--- a/roles/openshift_cfme/templates/miq-pv-db.yaml.j2
+++ b/roles/openshift_cfme/templates/miq-pv-db.yaml.j2
@@ -8,6 +8,6 @@ spec:
accessModes:
- ReadWriteOnce
nfs:
- path: /exports/miq-pv01
+ path: {{ openshift_cfme_nfs_directory }}/miq-pv01
server: {{ openshift_cfme_nfs_server }}
persistentVolumeReclaimPolicy: Retain
diff --git a/roles/openshift_cfme/templates/miq-pv-region.yaml.j2 b/roles/openshift_cfme/templates/miq-pv-region.yaml.j2
index 7218773f0..fe80dffa5 100644
--- a/roles/openshift_cfme/templates/miq-pv-region.yaml.j2
+++ b/roles/openshift_cfme/templates/miq-pv-region.yaml.j2
@@ -8,6 +8,6 @@ spec:
accessModes:
- ReadWriteOnce
nfs:
- path: /exports/miq-pv02
+ path: {{ openshift_cfme_nfs_directory }}/miq-pv02
server: {{ openshift_cfme_nfs_server }}
persistentVolumeReclaimPolicy: Retain
diff --git a/roles/openshift_cfme/templates/miq-pv-server.yaml.j2 b/roles/openshift_cfme/templates/miq-pv-server.yaml.j2
index 7b40b6c69..f84b67ea9 100644
--- a/roles/openshift_cfme/templates/miq-pv-server.yaml.j2
+++ b/roles/openshift_cfme/templates/miq-pv-server.yaml.j2
@@ -8,6 +8,6 @@ spec:
accessModes:
- ReadWriteOnce
nfs:
- path: /exports/miq-pv03
+ path: {{ openshift_cfme_nfs_directory }}/miq-pv03
server: {{ openshift_cfme_nfs_server }}
persistentVolumeReclaimPolicy: Retain
diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml
index c716a0860..9e61805f9 100644
--- a/roles/openshift_cli/tasks/main.yml
+++ b/roles/openshift_cli/tasks/main.yml
@@ -1,6 +1,6 @@
---
- set_fact:
- l_use_crio: "{{ openshift_docker_use_crio | default(false) }}"
+ l_use_crio: "{{ openshift_use_crio | default(false) }}"
- name: Install clients
package: name={{ openshift.common.service_type }}-clients state=present
diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml
index 516d7dc29..334150f63 100644
--- a/roles/openshift_docker_facts/tasks/main.yml
+++ b/roles/openshift_docker_facts/tasks/main.yml
@@ -17,7 +17,7 @@
hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(openshift.docker.hosted_registry_insecure | default(False)) }}"
hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}"
use_system_container: "{{ openshift_docker_use_system_container | default(False) }}"
- use_crio: "{{ openshift_docker_use_crio | default(False) }}"
+ use_crio: "{{ openshift_use_crio | default(False) }}"
- role: node
local_facts:
sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
index 85a922f86..857a80c74 100644
--- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
+++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
@@ -168,7 +168,10 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck):
registries = [registry]
for registry in registries:
- args = {"_raw_params": "skopeo inspect --tls-verify=false docker://{}/{}".format(registry, image)}
+ args = {
+ "_raw_params": "timeout 10 skopeo inspect --tls-verify=false "
+ "docker://{}/{}".format(registry, image)
+ }
result = self.execute_module("command", args)
if result.get("rc", 0) == 0 and not result.get("failed"):
return True
diff --git a/roles/openshift_logging/tasks/annotate_ops_projects.yaml b/roles/openshift_logging/tasks/annotate_ops_projects.yaml
new file mode 100644
index 000000000..d4b33616a
--- /dev/null
+++ b/roles/openshift_logging/tasks/annotate_ops_projects.yaml
@@ -0,0 +1,17 @@
+---
+- oc_obj:
+ state: list
+ kind: project
+ name: "{{ item }}"
+ with_items: "{{ __default_logging_ops_projects }}"
+ register: __logging_ops_projects
+
+- name: Annotate Operations Projects
+ oc_edit:
+ kind: ns
+ name: "{{ item.item }}"
+ separator: '#'
+ content:
+ metadata#annotations#openshift.io/logging.ui.hostname: "{{ openshift_logging_kibana_ops_hostname }}"
+ with_items: "{{ __logging_ops_projects.results }}"
+ when: "{{ item.results.stderr is not defined }}"
diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml
index f8553be79..a77df9986 100644
--- a/roles/openshift_logging/tasks/install_logging.yaml
+++ b/roles/openshift_logging/tasks/install_logging.yaml
@@ -216,6 +216,7 @@
when:
- openshift_logging_use_ops | bool
+- include: annotate_ops_projects.yaml
## Curator
- include_role:
diff --git a/roles/openshift_logging/vars/main.yaml b/roles/openshift_logging/vars/main.yaml
index e561b41e2..01809fddf 100644
--- a/roles/openshift_logging/vars/main.yaml
+++ b/roles/openshift_logging/vars/main.yaml
@@ -6,3 +6,5 @@ es_ops_node_quorum: "{{ (openshift_logging_es_ops_cluster_size | int/2 | round(0
es_ops_recover_expected_nodes: "{{openshift_logging_es_ops_cluster_size | int}}"
es_log_appenders: ['file', 'console']
+
+__default_logging_ops_projects: ['default', 'openshift', 'openshift-infra', 'kube-system']
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml
index 931846fdb..1e800b1d6 100644
--- a/roles/openshift_logging_elasticsearch/tasks/main.yaml
+++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml
@@ -229,7 +229,7 @@
dest: "{{ tempdir }}/templates/logging-es-pvc.yml"
vars:
obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}"
- size: "{{ openshift_logging_elasticsearch_pvc_size }}"
+ size: "{{ (openshift_logging_elasticsearch_pvc_size | trim | length == 0) | ternary('10Gi', openshift_logging_elasticsearch_pvc_size) }}"
access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}"
pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}"
storage_class_name: "{{ openshift_logging_elasticsearch_pvc_storage_class_name | default('', true) }}"
@@ -243,7 +243,7 @@
dest: "{{ tempdir }}/templates/logging-es-pvc.yml"
vars:
obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}"
- size: "{{ openshift_logging_elasticsearch_pvc_size }}"
+ size: "{{ (openshift_logging_elasticsearch_pvc_size | trim | length == 0) | ternary('10Gi', openshift_logging_elasticsearch_pvc_size) }}"
access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}"
pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}"
when:
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index cbc879d31..d70106276 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -19,3 +19,8 @@ r_openshift_master_os_firewall_allow:
- service: etcd embedded
port: 4001/tcp
cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
+
+oreg_url: ''
+oreg_host: "{{ oreg_url.split('/')[0] if '.' in oreg_url.split('/')[0] else '' }}"
+oreg_auth_credentials_path: "{{ openshift.common.data_dir }}/.docker"
+oreg_auth_credentials_replace: False
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index b80941b48..ba56ac94e 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -232,6 +232,22 @@
- restart master controllers
when: openshift_master_bootstrap_enabled | default(False)
+- name: Check for credentials file for registry auth
+ stat:
+ path: "{{oreg_auth_credentials_path }}"
+ when:
+ - oreg_auth_user is defined
+ register: master_oreg_auth_credentials_stat
+
+- name: Create credentials for registry auth
+ command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}"
+ when:
+ - oreg_auth_user is defined
+ - (not master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+ notify:
+ - restart master api
+ - restart master controllers
+
- include: set_loopback_context.yml
when:
- openshift.common.version_gte_3_2_or_1_2
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index 131c9ae0a..a7dad5b1f 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -79,3 +79,8 @@ r_openshift_node_os_firewall_allow:
- service: Kubernetes service NodePort UDP
port: "{{ openshift_node_port_range | default('') }}/udp"
cond: "{{ openshift_node_port_range is defined }}"
+
+oreg_url: ''
+oreg_host: "{{ oreg_url.split('/')[0] if '.' in oreg_url.split('/')[0] else '' }}"
+oreg_auth_credentials_path: "{{ openshift.common.data_dir }}/.docker"
+oreg_auth_credentials_replace: False
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 4ed1892c9..60a25dcc6 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -3,7 +3,7 @@
msg: "SELinux is disabled, This deployment type requires that SELinux is enabled."
when:
- (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise']
- - not openshift_docker_use_crio | default(false)
+ - not openshift_use_crio | default(false)
- name: setup firewall
include: firewall.yml
@@ -47,7 +47,7 @@
name: cri-o
enabled: yes
state: restarted
- when: openshift_docker_use_crio | default(false)
+ when: openshift_use_crio | default(false)
# The atomic-openshift-node service will set this parameter on
# startup, but if the network service is restarted this setting is
@@ -69,6 +69,21 @@
include: config.yml
when: not openshift_node_bootstrap
+- name: Check for credentials file for registry auth
+ stat:
+ path: "{{oreg_auth_credentials_path }}"
+ when:
+ - oreg_auth_user is defined
+ register: node_oreg_auth_credentials_stat
+
+- name: Create credentials for registry auth
+ command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}"
+ when:
+ - oreg_auth_user is defined
+ - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+ notify:
+ - restart node
+
- name: Configure AWS Cloud Provider Settings
lineinfile:
dest: /etc/sysconfig/{{ openshift.common.service_type }}-node
diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml
index dc1df9185..e09063aa5 100644
--- a/roles/openshift_node/tasks/openvswitch_system_container.yml
+++ b/roles/openshift_node/tasks/openvswitch_system_container.yml
@@ -1,6 +1,6 @@
---
- set_fact:
- l_use_crio: "{{ openshift_docker_use_crio | default(false) }}"
+ l_use_crio: "{{ openshift_use_crio | default(false) }}"
- set_fact:
l_service_name: "cri-o"
diff --git a/roles/openshift_node/templates/node.service.j2 b/roles/openshift_node/templates/node.service.j2
index 3d0ae3bbd..0856737f6 100644
--- a/roles/openshift_node/templates/node.service.j2
+++ b/roles/openshift_node/templates/node.service.j2
@@ -8,7 +8,7 @@ Wants={{ openshift.docker.service_name }}.service
Documentation=https://github.com/openshift/origin
Requires=dnsmasq.service
After=dnsmasq.service
-{% if openshift.docker.use_crio %}Wants=cri-o.service{% endif %}
+{% if openshift_use_crio|default(false) %}Wants=cri-o.service{% endif %}
[Service]
Type=notify
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index 93f8658b4..711afcadb 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -16,7 +16,7 @@ imageConfig:
latest: false
kind: NodeConfig
kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }}
-{% if openshift.docker.use_crio | default(False) %}
+{% if openshift_use_crio | default(False) %}
container-runtime:
- remote
container-runtime-endpoint:
diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service
index c4580be1f..8734e7443 100644
--- a/roles/openshift_node/templates/openshift.docker.node.dep.service
+++ b/roles/openshift_node/templates/openshift.docker.node.dep.service
@@ -3,7 +3,7 @@ Requires={{ openshift.docker.service_name }}.service
After={{ openshift.docker.service_name }}.service
PartOf={{ openshift.common.service_type }}-node.service
Before={{ openshift.common.service_type }}-node.service
-{% if openshift.docker.use_crio %}Wants=cri-o.service{% endif %}
+{% if openshift_use_crio|default(false) %}Wants=cri-o.service{% endif %}
[Service]
ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi"
diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml
index 686857d94..64f94347b 100644
--- a/roles/openshift_service_catalog/tasks/install.yml
+++ b/roles/openshift_service_catalog/tasks/install.yml
@@ -168,19 +168,19 @@
- "{{ mktemp.stdout }}/service_catalog_api_server.yml"
delete_after: yes
-- template:
- src: api_server_service.j2
- dest: "{{ mktemp.stdout }}/service_catalog_api_service.yml"
-
- name: Set Service Catalog API Server service
- oc_obj:
- state: present
- namespace: "kube-service-catalog"
- kind: service
+ oc_service:
name: apiserver
- files:
- - "{{ mktemp.stdout }}/service_catalog_api_service.yml"
- delete_after: yes
+ namespace: kube-service-catalog
+ state: present
+ ports:
+ - name: secure
+ port: 443
+ protocol: TCP
+ targetPort: 6443
+ selector:
+ app: apiserver
+ session_affinity: None
- template:
src: api_server_route.j2
@@ -216,19 +216,19 @@
- "{{ mktemp.stdout }}/controller_manager.yml"
delete_after: yes
-- template:
- src: controller_manager_service.j2
- dest: "{{ mktemp.stdout }}/controller_manager_service.yml"
-
- name: Set Controller Manager service
- oc_obj:
- state: present
- namespace: "kube-service-catalog"
- kind: service
+ oc_service:
name: controller-manager
- files:
- - "{{ mktemp.stdout }}/controller_manager_service.yml"
- delete_after: yes
+ namespace: kube-service-catalog
+ state: present
+ ports:
+ - port: 6443
+ protocol: TCP
+ targetPort: 6443
+ selector:
+ app: controller-manager
+ session_affinity: None
+ service_type: ClusterIP
- include: start_api_server.yml
diff --git a/roles/openshift_service_catalog/templates/api_server_service.j2 b/roles/openshift_service_catalog/templates/api_server_service.j2
deleted file mode 100644
index bae337201..000000000
--- a/roles/openshift_service_catalog/templates/api_server_service.j2
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: apiserver
-spec:
- ports:
- - name: secure
- port: 443
- protocol: TCP
- targetPort: 6443
- selector:
- app: apiserver
- sessionAffinity: None
diff --git a/roles/openshift_service_catalog/templates/controller_manager_service.j2 b/roles/openshift_service_catalog/templates/controller_manager_service.j2
deleted file mode 100644
index 2bac645fc..000000000
--- a/roles/openshift_service_catalog/templates/controller_manager_service.j2
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: controller-manager
-spec:
- ports:
- - port: 6443
- protocol: TCP
- targetPort: 6443
- selector:
- app: controller-manager
- sessionAffinity: None
- type: ClusterIP
diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml
index 4d9f72f01..a2a579e9d 100644
--- a/roles/openshift_version/tasks/set_version_containerized.yml
+++ b/roles/openshift_version/tasks/set_version_containerized.yml
@@ -1,6 +1,6 @@
---
- set_fact:
- l_use_crio: "{{ openshift_docker_use_crio | default(false) }}"
+ l_use_crio: "{{ openshift_use_crio | default(false) }}"
- name: Set containerized version to configure if openshift_image_tag specified
set_fact: