diff options
Diffstat (limited to 'roles')
10 files changed, 50 insertions, 33 deletions
diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml index cc33f77d8..fd5841db7 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml @@ -105,6 +105,10 @@ items: value: ${IMAGE_PREFIX} - name: IMAGE_VERSION value: ${IMAGE_VERSION} + - name: IMAGE_PULL_SECRET + value: ${IMAGE_PULL_SECRET} + - name: INSECURE_REGISTRY + value: ${INSECURE_REGISTRY} - name: ENABLE_OPS_CLUSTER value: ${ENABLE_OPS_CLUSTER} - name: KIBANA_HOSTNAME @@ -174,14 +178,6 @@ items: secretName: logging-deployer parameters: - - description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "docker.io/openshift/origin-" - - - description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' - name: IMAGE_VERSION - value: "latest" - - description: "If true, set up to use a second ES cluster for ops logs." name: ENABLE_OPS_CLUSTER value: "false" @@ -288,3 +284,19 @@ items: description: "The mode that the deployer runs in." name: MODE value: "install" + - + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" + - + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" + - + description: 'Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry.' + name: IMAGE_PULL_SECRET + - + description: 'Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)' + name: INSECURE_REGISTRY + value: "false" + diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml index c620c46ec..8fb594ce8 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml @@ -91,7 +91,7 @@ parameters: - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION - value: "v0.1.0" + value: "latest" - description: "Internal URL for the master, for authentication retrieval" name: MASTER_URL diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index cb8301da4..f8e447b84 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -19,8 +19,8 @@ EXAMPLES = ''' import ConfigParser import copy +import io import os -import StringIO import yaml from distutils.util import strtobool from distutils.version import LooseVersion @@ -689,7 +689,7 @@ def set_etcd_facts_if_unset(facts): If anything goes wrong parsing these, the fact will not be set. """ - if 'master' in facts and facts['master']['embedded_etcd']: + if 'master' in facts and safe_get_bool(facts['master']['embedded_etcd']): etcd_facts = facts['etcd'] if 'etcd' in facts else dict() if 'etcd_data_dir' not in etcd_facts: @@ -716,8 +716,8 @@ def set_etcd_facts_if_unset(facts): # Read ETCD_DATA_DIR from /etc/etcd/etcd.conf: try: # Add a fake section for parsing: - ini_str = '[root]\n' + open('/etc/etcd/etcd.conf', 'r').read() - ini_fp = StringIO.StringIO(ini_str) + ini_str = unicode('[root]\n' + open('/etc/etcd/etcd.conf', 'r').read(), 'utf-8') + ini_fp = io.StringIO(ini_str) config = ConfigParser.RawConfigParser() config.readfp(ini_fp) etcd_data_dir = config.get('root', 'ETCD_DATA_DIR') @@ -1702,7 +1702,8 @@ class OpenShiftFacts(object): oauth_grant_method='auto', scheduler_predicates=scheduler_predicates, scheduler_priorities=scheduler_priorities, - dynamic_provisioning_enabled=True) + dynamic_provisioning_enabled=True, + max_requests_inflight=500) if 'node' in roles: defaults['node'] = dict(labels={}, annotations={}, diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index ff726ae24..ce410d1d5 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -1,8 +1,8 @@ --- -- name: Verify Ansible version is greater than or equal to 1.9.4 and less than 2.0 +- name: Verify Ansible version is greater than or equal to 1.9.4 fail: msg: "Unsupported ansible version: {{ ansible_version }} found" - when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge') + when: not ansible_version.full | version_compare('1.9.4', 'ge') - name: Detecting Operating System stat: diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 4cf632841..026787421 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} -HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +HTTP_PROXY={{ openshift.common.http_proxy | default('') }} {% endif %} {% if 'https_proxy' in openshift.common %} -HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +HTTPS_PROXY={{ openshift.common.https_proxy | default('')}} {% endif %} {% if 'no_proxy' in openshift.common %} -NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }} {% endif %} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 48bb8a13f..17a10ae71 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -196,7 +196,7 @@ servingInfo: certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key - maxRequestsInFlight: 500 + maxRequestsInFlight: {{ openshift.master.max_requests_inflight }} requestTimeoutSeconds: 3600 {% if openshift.master.named_certificates %} namedCertificates: diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 01a8428a0..02c22e374 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} -HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +HTTP_PROXY={{ openshift.common.http_proxy | default('') }} {% endif %} {% if 'https_proxy' in openshift.common %} -HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +HTTPS_PROXY={{ openshift.common.https_proxy | default('')}} {% endif %} {% if 'no_proxy' in openshift.common %} -NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }} {% endif %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 89ccb1eed..644640577 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -12,11 +12,11 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} -HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}' +HTTP_PROXY={{ openshift.common.http_proxy | default('') }} {% endif %} {% if 'https_proxy' in openshift.common %} -HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}' +HTTPS_PROXY={{ openshift.common.https_proxy | default('')}} {% endif %} {% if 'no_proxy' in openshift.common %} -NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}' +NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }} {% endif %} diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 0cbbaffc2..896dd5e35 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -76,3 +76,4 @@ oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}" image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}" dynamic_provisioning_enabled: "{{ openshift_master_dynamic_provisioning_enabled | default(None) }}" + max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}" diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index 691fa32f3..09bae1777 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -8,10 +8,12 @@ # a pod would fail. # # To use this, -# Drop this script in /etc/NetworkManager/dispatcher.d/ -# systemctl restart NetworkManager -# Configure node-config.yaml to set dnsIP: to the ip address of this -# node +# - If this host is also a master, reconfigure master dnsConfig to listen on +# 8053 to avoid conflicts on port 53 and open port 8053 in the firewall +# - Drop this script in /etc/NetworkManager/dispatcher.d/ +# - systemctl restart NetworkManager +# - Configure node-config.yaml to set dnsIP: to the ip address of this +# node # # Test it: # host kubernetes.default.svc.cluster.local @@ -31,7 +33,8 @@ if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }') def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}') def_route_ip=$(/sbin/ip route get to ${def_route} | awk '{print $5}') - if [[ ${DEVICE_IFACE} == ${def_route_int} ]]; then + if [[ ${DEVICE_IFACE} == ${def_route_int} && \ + -n "${IP4_NAMESERVERS}" ]]; then if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then cat << EOF > /etc/dnsmasq.d/origin-dns.conf strict-order @@ -42,8 +45,8 @@ server=/30.172.in-addr.arpa/172.30.0.1 EOF fi # zero out our upstream servers list and feed it into dnsmasq - echo '' > /etc/dnsmasq.d/origin-upstream-dns.conf - for ns in ${DHCP4_DOMAIN_NAME_SERVERS}; do + echo -n > /etc/dnsmasq.d/origin-upstream-dns.conf + for ns in ${IP4_NAMESERVERS}; do echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf done systemctl restart dnsmasq |