diff options
Diffstat (limited to 'roles')
76 files changed, 249 insertions, 269 deletions
diff --git a/roles/etcd/tasks/fetch_backup.yml b/roles/etcd/tasks/fetch_backup.yml deleted file mode 100644 index a28db3d66..000000000 --- a/roles/etcd/tasks/fetch_backup.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- include_tasks: backup/vars.yml - -- include_tasks: backup/archive.yml - -- include_tasks: backup/sync_backup.yml - -- include_tasks: backup/ diff --git a/roles/etcd/tasks/migration/add_ttls.yml b/roles/etcd/tasks/migration/add_ttls.yml index 14625e49e..4bdc6bcc3 100644 --- a/roles/etcd/tasks/migration/add_ttls.yml +++ b/roles/etcd/tasks/migration/add_ttls.yml @@ -6,7 +6,7 @@ - set_fact: accessTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.accessTokenMaxAgeSeconds | default(86400) }}" - authroizeTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.authroizeTokenMaxAgeSeconds | default(500) }}" + authorizeTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.authorizeTokenMaxAgeSeconds | default(500) }}" controllerLeaseTTL: "{{ (g_master_config_output.content|b64decode|from_yaml).controllerLeaseTTL | default(30) }}" - name: Re-introduce leases (as a replacement for key TTLs) @@ -29,6 +29,6 @@ - keys: "/openshift.io/oauth/accesstokens" ttl: "{{ accessTokenMaxAgeSeconds }}s" - keys: "/openshift.io/oauth/authorizetokens" - ttl: "{{ authroizeTokenMaxAgeSeconds }}s" + ttl: "{{ authorizeTokenMaxAgeSeconds }}s" - keys: "/openshift.io/leases/controllers" ttl: "{{ controllerLeaseTTL }}s" diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py index 146f71f68..5969da7ca 100644 --- a/roles/lib_openshift/library/oc_adm_router.py +++ b/roles/lib_openshift/library/oc_adm_router.py @@ -3154,14 +3154,14 @@ def main(): external_host_insecure=dict(default=False, type='bool'), external_host_partition_path=dict(default=None, type='str'), external_host_username=dict(default=None, type='str'), - external_host_password=dict(default=None, type='str'), - external_host_private_key=dict(default=None, type='str'), + external_host_password=dict(default=None, type='str', no_log=True), + external_host_private_key=dict(default=None, type='str', no_log=True), # Metrics expose_metrics=dict(default=False, type='bool'), metrics_image=dict(default=None, type='str'), # Stats stats_user=dict(default=None, type='str'), - stats_password=dict(default=None, type='str'), + stats_password=dict(default=None, type='str', no_log=True), stats_port=dict(default=1936, type='int'), # extra cacert_file=dict(default=None, type='str'), diff --git a/roles/lib_openshift/src/ansible/oc_adm_router.py b/roles/lib_openshift/src/ansible/oc_adm_router.py index c6563cc2f..52499b273 100644 --- a/roles/lib_openshift/src/ansible/oc_adm_router.py +++ b/roles/lib_openshift/src/ansible/oc_adm_router.py @@ -34,14 +34,14 @@ def main(): external_host_insecure=dict(default=False, type='bool'), external_host_partition_path=dict(default=None, type='str'), external_host_username=dict(default=None, type='str'), - external_host_password=dict(default=None, type='str'), - external_host_private_key=dict(default=None, type='str'), + external_host_password=dict(default=None, type='str', no_log=True), + external_host_private_key=dict(default=None, type='str', no_log=True), # Metrics expose_metrics=dict(default=False, type='bool'), metrics_image=dict(default=None, type='str'), # Stats stats_user=dict(default=None, type='str'), - stats_password=dict(default=None, type='str'), + stats_password=dict(default=None, type='str', no_log=True), stats_port=dict(default=1936, type='int'), # extra cacert_file=dict(default=None, type='str'), diff --git a/roles/nickhammond.logrotate/templates/logrotate.d.j2 b/roles/nickhammond.logrotate/templates/logrotate.d.j2 index 6453be6b2..1ad1c595c 100644 --- a/roles/nickhammond.logrotate/templates/logrotate.d.j2 +++ b/roles/nickhammond.logrotate/templates/logrotate.d.j2 @@ -7,7 +7,7 @@ {% endfor -%} {% endif %} {%- if item.scripts is defined -%} - {%- for name, script in item.scripts.iteritems() -%} + {%- for name, script in item.scripts.items() -%} {{ name }} {{ script }} endscript diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 06dc5d14b..6aa15d568 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -12,13 +12,13 @@ - block: - name: Pull CLI Image command: > - docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} + docker pull {{ openshift_cli_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" - name: Copy client binaries/symlinks out of CLI image for use on the host openshift_container_binary_sync: - image: "{{ openshift.common.cli_image }}" + image: "{{ openshift_cli_image }}" tag: "{{ openshift_image_tag }}" backend: "docker" when: @@ -28,13 +28,13 @@ - block: - name: Pull CLI Image command: > - atomic pull --storage ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.common.cli_image }}:{{ openshift_image_tag }} + atomic pull --storage ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift_cli_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Copy client binaries/symlinks out of CLI image for use on the host openshift_container_binary_sync: - image: "{{ '' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.common.cli_image }}" + image: "{{ '' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift_cli_image }}" tag: "{{ openshift_image_tag }}" backend: "atomic" when: diff --git a/roles/openshift_etcd/meta/main.yml b/roles/openshift_etcd/meta/main.yml index de36b201b..7cc548f69 100644 --- a/roles/openshift_etcd/meta/main.yml +++ b/roles/openshift_etcd/meta/main.yml @@ -13,7 +13,6 @@ galaxy_info: - cloud dependencies: - role: openshift_etcd_facts -- role: openshift_clock - role: openshift_docker when: openshift.common.is_containerized | bool - role: etcd diff --git a/roles/openshift_facts/defaults/main.yml b/roles/openshift_facts/defaults/main.yml new file mode 100644 index 000000000..7064d727a --- /dev/null +++ b/roles/openshift_facts/defaults/main.yml @@ -0,0 +1,6 @@ +--- +openshift_cli_image_dict: + origin: 'openshift/origin' + openshift-enterprise: 'openshift3/ose' + +openshift_cli_image: "{{ osm_image | default(openshift_cli_image_dict[openshift_deployment_type]) }}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 3c121877a..bbcdbadd8 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -446,24 +446,6 @@ def normalize_provider_facts(provider, metadata): return facts -def set_node_schedulability(facts): - """ Set schedulable facts if not already present in facts dict - Args: - facts (dict): existing facts - Returns: - dict: the facts dict updated with the generated schedulable - facts if they were not already present - - """ - if 'node' in facts: - if 'schedulable' not in facts['node']: - if 'master' in facts: - facts['node']['schedulable'] = False - else: - facts['node']['schedulable'] = True - return facts - - # pylint: disable=too-many-branches def set_selectors(facts): """ Set selectors facts if not already present in facts dict @@ -516,49 +498,6 @@ def set_selectors(facts): return facts -def set_dnsmasq_facts_if_unset(facts): - """ Set dnsmasq facts if not already present in facts - Args: - facts (dict) existing facts - Returns: - facts (dict) updated facts with values set if not previously set - """ - - if 'common' in facts: - if 'master' in facts and 'dns_port' not in facts['master']: - facts['master']['dns_port'] = 8053 - - return facts - - -def set_project_cfg_facts_if_unset(facts): - """ Set Project Configuration facts if not already present in facts dict - dict: - Args: - facts (dict): existing facts - Returns: - dict: the facts dict updated with the generated Project Configuration - facts if they were not already present - - """ - - config = { - 'default_node_selector': '', - 'project_request_message': '', - 'project_request_template': '', - 'mcs_allocator_range': 's0:/2', - 'mcs_labels_per_project': 5, - 'uid_allocator_range': '1000000000-1999999999/10000' - } - - if 'master' in facts: - for key, value in config.items(): - if key not in facts['master']: - facts['master'][key] = value - - return facts - - def set_identity_providers_if_unset(facts): """ Set identity_providers fact if not already present in facts dict @@ -1628,7 +1567,6 @@ def set_container_facts_if_unset(facts): deployment_type = facts['common']['deployment_type'] if deployment_type == 'openshift-enterprise': master_image = 'openshift3/ose' - cli_image = master_image node_image = 'openshift3/node' ovs_image = 'openshift3/openvswitch' pod_image = 'openshift3/ose-pod' @@ -1637,7 +1575,6 @@ def set_container_facts_if_unset(facts): deployer_image = 'openshift3/ose-deployer' else: master_image = 'openshift/origin' - cli_image = master_image node_image = 'openshift/node' ovs_image = 'openshift/openvswitch' pod_image = 'openshift/origin-pod' @@ -1656,8 +1593,6 @@ def set_container_facts_if_unset(facts): if 'is_containerized' not in facts['common']: facts['common']['is_containerized'] = facts['common']['is_atomic'] - if 'cli_image' not in facts['common']: - facts['common']['cli_image'] = cli_image if 'pod_image' not in facts['common']: facts['common']['pod_image'] = pod_image if 'router_image' not in facts['common']: @@ -1837,8 +1772,6 @@ class OpenShiftFacts(object): facts = migrate_oauth_template_facts(facts) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) - facts = set_project_cfg_facts_if_unset(facts) - facts = set_node_schedulability(facts) facts = set_selectors(facts) facts = set_identity_providers_if_unset(facts) facts = set_deployment_facts_if_unset(facts) @@ -1848,7 +1781,6 @@ class OpenShiftFacts(object): facts = build_controller_args(facts) facts = build_api_server_args(facts) facts = set_version_facts_if_unset(facts) - facts = set_dnsmasq_facts_if_unset(facts) facts = set_aggregate_facts(facts) facts = set_etcd_facts_if_unset(facts) facts = set_proxy_facts(facts) @@ -1969,6 +1901,7 @@ class OpenShiftFacts(object): glusterfs=dict( endpoints='glusterfs-registry-endpoints', path='glusterfs-registry-volume', + ips=[], readOnly=False, swap=False, swapcopy=True), diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md index d6f6e3e09..a1c2c3956 100644 --- a/roles/openshift_hosted/README.md +++ b/roles/openshift_hosted/README.md @@ -34,13 +34,27 @@ variables also control configuration behavior: | Name | Default value | Description | |----------------------------------------------|---------------|------------------------------------------------------------------------------| -| openshift_hosted_registry_glusterfs_swap | False | Whether to swap an existing registry's storage volume for a GlusterFS volume | -| openshift_hosted_registry_glusterfs_swapcopy | True | If swapping, also copy the current contents of the registry volume | +| openshift_hosted_registry_storage_glusterfs_endpoints | glusterfs-registry-endpoints | The name for the Endpoints resource that will point the registry to the GlusterFS nodes +| openshift_hosted_registry_storage_glusterfs_path | glusterfs-registry-volume | The name for the GlusterFS volume that will provide registry storage +| openshift_hosted_registry_storage_glusterfs_readonly | False | Whether the GlusterFS volume should be read-only +| openshift_hosted_registry_storage_glusterfs_swap | False | Whether to swap an existing registry's storage volume for a GlusterFS volume +| openshift_hosted_registry_storage_glusterfs_swapcopy | True | If swapping, copy the contents of the pre-existing registry storage to the new GlusterFS volume +| openshift_hosted_registry_storage_glusterfs_ips | `[]` | A list of IP addresses of the nodes of the GlusterFS cluster to use for hosted registry storage + +**NOTE:** Configuring a value for +`openshift_hosted_registry_storage_glusterfs_ips` with a `glusterfs_registry` +host group is not allowed. Specifying a `glusterfs_registry` host group +indicates that a new GlusterFS cluster should be configured, whereas +specifying `openshift_hosted_registry_storage_glusterfs_ips` indicates wanting +to use a pre-configured GlusterFS cluster for the registry storage. + +_ Dependencies ------------ * openshift_hosted_facts +* openshift_persistent_volumes Example Playbook ---------------- @@ -56,6 +70,10 @@ Example Playbook cafile: /path/to/my-router-ca.crt openshift_hosted_router_registryurl: 'registry.access.redhat.com/openshift3/ose-haproxy-router:v3.0.2.0' openshift_hosted_router_selector: 'type=infra' + openshift_hosted_registry_storage_kind=glusterfs + openshift_hosted_registry_storage_glusterfs_path=external_glusterfs_volume_name + openshift_hosted_registry_storage_glusterfs_ips=['192.168.20.239','192.168.20.96','192.168.20.114'] + ``` License diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index 2af42fba4..e70c0c420 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -70,7 +70,6 @@ r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | defau openshift_hosted_registry_name: docker-registry openshift_hosted_registry_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}" openshift_hosted_registry_cert_expire_days: 730 - r_openshift_hosted_registry_os_firewall_deny: [] r_openshift_hosted_registry_os_firewall_allow: - service: Docker Registry Port diff --git a/roles/openshift_hosted/tasks/registry.yml b/roles/openshift_hosted/tasks/registry.yml index eaaac9da2..9f2ef4e40 100644 --- a/roles/openshift_hosted/tasks/registry.yml +++ b/roles/openshift_hosted/tasks/registry.yml @@ -1,4 +1,10 @@ --- +- name: Create temp directory for doing work in + command: mktemp -d /tmp/openshift-hosted-ansible-XXXXXX + register: mktempHosted + changed_when: False + check_mode: no + - name: setup firewall include: firewall.yml vars: @@ -36,13 +42,13 @@ l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}" when: l_node_count | int > 0 - - name: set openshift_hosted facts set_fact: openshift_hosted_registry_replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}" openshift_hosted_registry_namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" openshift_hosted_registry_selector: "{{ openshift.hosted.registry.selector }}" openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}" + openshift_hosted_registry_storage_glusterfs_ips: "{%- set gluster_ips = [] %}{% if groups.glusterfs_registry is defined %}{% for node in groups.glusterfs_registry %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% elif groups.glusterfs is defined %}{% for node in groups.glusterfs %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% else %}{{ openshift.hosted.registry.storage.glusterfs.ips }}{% endif %}" - name: Update registry environment variables when pushing via dns set_fact: @@ -113,6 +119,11 @@ when: - openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack', 'glusterfs'] +- include: storage/glusterfs_endpoints.yml + when: + - openshift_hosted_registry_storage_glusterfs_ips|length > 0 + - openshift.hosted.registry.storage.kind | default(none) in ['glusterfs'] + - name: Create OpenShift registry oc_adm_registry: name: "{{ openshift_hosted_registry_name }}" @@ -141,3 +152,10 @@ - include: storage/glusterfs.yml when: - openshift.hosted.registry.storage.kind | default(none) == 'glusterfs' or openshift.hosted.registry.storage.glusterfs.swap + +- name: Delete temp directory + file: + name: "{{ mktempHosted.stdout }}" + state: absent + changed_when: False + check_mode: no diff --git a/roles/openshift_hosted/tasks/storage/glusterfs.yml b/roles/openshift_hosted/tasks/storage/glusterfs.yml index 9b998142a..7cae67baa 100644 --- a/roles/openshift_hosted/tasks/storage/glusterfs.yml +++ b/roles/openshift_hosted/tasks/storage/glusterfs.yml @@ -12,7 +12,7 @@ namespace: "{{ openshift_hosted_registry_namespace }}" state: list kind: pod - selector: "{% for label, value in registry_dc.results.results[0].spec.selector.iteritems() %}{{ label }}={{ value }}{% if not loop.last %},{% endif %}{% endfor %}" + selector: "{% for label, value in registry_dc.results.results[0].spec.selector.items() %}{{ label }}={{ value }}{% if not loop.last %},{% endif %}{% endfor %}" register: registry_pods until: - "registry_pods.results.results[0]['items'] | count > 0" @@ -35,7 +35,7 @@ mount: state: mounted fstype: glusterfs - src: "{% if 'glusterfs_registry' in groups %}{% set node = groups.glusterfs_registry[0] %}{% else %}{% set node = groups.glusterfs[0] %}{% endif %}{% if 'glusterfs_hostname' in hostvars[node] %}{{ hostvars[node].glusterfs_hostname }}{% elif 'openshift' in hostvars[node] %}{{ hostvars[node].openshift.node.nodename }}{% else %}{{ node }}{% endif %}:/{{ openshift.hosted.registry.storage.glusterfs.path }}" + src: "{% if 'glusterfs_registry' in groups %}{% set node = groups.glusterfs_registry[0] %}{% elif 'glusterfs' in groups %}{% set node = groups.glusterfs[0] %}{% endif %}{% if openshift_hosted_registry_storage_glusterfs_ips is defined and openshift_hosted_registry_storage_glusterfs_ips|length > 0 %}{{ openshift_hosted_registry_storage_glusterfs_ips[0] }}{% elif 'glusterfs_hostname' in hostvars[node] %}{{ hostvars[node].glusterfs_hostname }}{% elif 'openshift' in hostvars[node] %}{{ hostvars[node].openshift.node.nodename }}{% else %}{{ node }}{% endif %}:/{{ openshift.hosted.registry.storage.glusterfs.path }}" name: "{{ mktemp.stdout }}" - name: Set registry volume permissions diff --git a/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml b/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml new file mode 100644 index 000000000..0f4381748 --- /dev/null +++ b/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml @@ -0,0 +1,16 @@ +--- +- name: Generate GlusterFS registry endpoints + template: + src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-endpoints.yml.j2" + dest: "{{ mktempHosted.stdout }}/glusterfs-registry-endpoints.yml" + +- name: Generate GlusterFS registry service + template: + src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-service.yml.j2" + dest: "{{ mktempHosted.stdout }}/glusterfs-registry-service.yml" + +- name: Create GlusterFS registry service and endpoint + command: "{{ openshift.common.client_binary }} apply -f {{ item }} -n {{ openshift.hosted.registry.namespace | default('default') }}" + with_items: + - "{{ mktempHosted.stdout }}/glusterfs-registry-service.yml" + - "{{ mktempHosted.stdout }}/glusterfs-registry-endpoints.yml" diff --git a/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2 new file mode 100644 index 000000000..607d25533 --- /dev/null +++ b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} +subsets: +- addresses: +{% for ip in openshift_hosted_registry_storage_glusterfs_ips %} + - ip: {{ ip }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2 b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2 new file mode 100644 index 000000000..452c7c3e1 --- /dev/null +++ b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2 new file mode 100644 index 000000000..607d25533 --- /dev/null +++ b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} +subsets: +- addresses: +{% for ip in openshift_hosted_registry_storage_glusterfs_ips %} + - ip: {{ ip }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2 b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2 new file mode 100644 index 000000000..452c7c3e1 --- /dev/null +++ b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }} +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_logging_curator/templates/curator.j2 b/roles/openshift_logging_curator/templates/curator.j2 index 462128366..8acff8141 100644 --- a/roles/openshift_logging_curator/templates/curator.j2 +++ b/roles/openshift_logging_curator/templates/curator.j2 @@ -30,7 +30,7 @@ spec: serviceAccountName: aggregated-logging-curator {% if curator_node_selector is iterable and curator_node_selector | length > 0 %} nodeSelector: -{% for key, value in curator_node_selector.iteritems() %} +{% for key, value in curator_node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index 0c7d8b46e..0bfa9e85b 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -34,7 +34,7 @@ spec: {% endfor %} {% if es_node_selector is iterable and es_node_selector | length > 0 %} nodeSelector: -{% for key, value in es_node_selector.iteritems() %} +{% for key, value in es_node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_logging_elasticsearch/templates/pvc.j2 b/roles/openshift_logging_elasticsearch/templates/pvc.j2 index 063f9c5ae..3c6896df4 100644 --- a/roles/openshift_logging_elasticsearch/templates/pvc.j2 +++ b/roles/openshift_logging_elasticsearch/templates/pvc.j2 @@ -6,7 +6,7 @@ metadata: logging-infra: support {% if annotations is defined %} annotations: -{% for key,value in annotations.iteritems() %} +{% for key,value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} @@ -14,7 +14,7 @@ spec: {% if pv_selector is defined and pv_selector is mapping %} selector: matchLabels: -{% for key,value in pv_selector.iteritems() %} +{% for key,value in pv_selector.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 b/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 index cf8a9e65f..d2e8b8bcb 100644 --- a/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 +++ b/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 @@ -4,7 +4,7 @@ metadata: name: "{{obj_name}}" {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 index 8529b61d5..3bd29163b 100644 --- a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 +++ b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 @@ -55,7 +55,7 @@ objects: serviceAccountName: aggregated-logging-eventrouter {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{ key }}: "{{ value }}" {% endfor %} {% endif %} diff --git a/roles/openshift_logging_kibana/templates/kibana.j2 b/roles/openshift_logging_kibana/templates/kibana.j2 index 4ff86729a..57d216373 100644 --- a/roles/openshift_logging_kibana/templates/kibana.j2 +++ b/roles/openshift_logging_kibana/templates/kibana.j2 @@ -29,7 +29,7 @@ spec: serviceAccountName: aggregated-logging-kibana {% if kibana_node_selector is iterable and kibana_node_selector | length > 0 %} nodeSelector: -{% for key, value in kibana_node_selector.iteritems() %} +{% for key, value in kibana_node_selector.items() %} {{ key }}: "{{ value }}" {% endfor %} {% endif %} diff --git a/roles/openshift_logging_kibana/templates/route_reencrypt.j2 b/roles/openshift_logging_kibana/templates/route_reencrypt.j2 index cf8a9e65f..d2e8b8bcb 100644 --- a/roles/openshift_logging_kibana/templates/route_reencrypt.j2 +++ b/roles/openshift_logging_kibana/templates/route_reencrypt.j2 @@ -4,7 +4,7 @@ metadata: name: "{{obj_name}}" {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_logging_mux/templates/mux.j2 b/roles/openshift_logging_mux/templates/mux.j2 index 79e449b73..2337c33d5 100644 --- a/roles/openshift_logging_mux/templates/mux.j2 +++ b/roles/openshift_logging_mux/templates/mux.j2 @@ -29,7 +29,7 @@ spec: serviceAccountName: aggregated-logging-mux {% if mux_node_selector is iterable and mux_node_selector | length > 0 %} nodeSelector: -{% for key, value in mux_node_selector.iteritems() %} +{% for key, value in mux_node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_manage_node/defaults/main.yml b/roles/openshift_manage_node/defaults/main.yml new file mode 100644 index 000000000..f0e728a3f --- /dev/null +++ b/roles/openshift_manage_node/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# openshift_manage_node_is_master is set at the play level. +openshift_manage_node_is_master: False + +# Default is to be schedulable except for master nodes. +l_openshift_manage_schedulable: "{{ openshift_schedulable | default(not openshift_manage_node_is_master) }}" diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index fbbac1176..247757ca9 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -37,7 +37,7 @@ - name: Set node schedulability oc_adm_manage_node: node: "{{ openshift.node.nodename | lower }}" - schedulable: "{{ 'true' if openshift.node.schedulable | bool else 'false' }}" + schedulable: "{{ 'true' if l_openshift_manage_schedulable | bool else 'false' }}" retries: 10 delay: 5 register: node_schedulable diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index e9a51e55b..8e4a46ebb 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -15,6 +15,14 @@ system_images_registry: "{{ system_images_registry_dict[openshift_deployment_typ l_is_master_system_container: "{{ (openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" +openshift_master_dns_port: 8053 +osm_default_node_selector: '' +osm_project_request_template: '' +osm_mcs_allocator_range: 's0:/2' +osm_mcs_labels_per_project: 5 +osm_uid_allocator_range: '1000000000-1999999999/10000' +osm_project_request_message: '' + openshift_node_ips: [] r_openshift_master_clean_install: false r_openshift_master_etcd3_storage: false @@ -26,9 +34,9 @@ default_r_openshift_master_os_firewall_allow: - service: api controllers https port: "{{ openshift.master.controllers_port }}/tcp" - service: skydns tcp - port: "{{ openshift.master.dns_port }}/tcp" + port: "{{ openshift_master_dns_port }}/tcp" - service: skydns udp - port: "{{ openshift.master.dns_port }}/udp" + port: "{{ openshift_master_dns_port }}/udp" - service: etcd embedded port: 4001/tcp cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" diff --git a/roles/openshift_master/templates/htpasswd.j2 b/roles/openshift_master/templates/htpasswd.j2 index ba2c02e20..7e2e05076 100644 --- a/roles/openshift_master/templates/htpasswd.j2 +++ b/roles/openshift_master/templates/htpasswd.j2 @@ -1,5 +1,5 @@ {% if 'htpasswd_users' in openshift.master %} -{% for user,pass in openshift.master.htpasswd_users.iteritems() %} +{% for user,pass in openshift.master.htpasswd_users.items() %} {{ user ~ ':' ~ pass }} {% endfor %} {% endif %} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 629fe3286..a0f00e545 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -65,7 +65,7 @@ disabledFeatures: {{ openshift.master.disabled_features | to_json }} {% endif %} {% if openshift.master.embedded_dns | bool %} dnsConfig: - bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }} + bindAddress: {{ openshift.master.bind_addr }}:{{ openshift_master_dns_port }} bindNetwork: tcp4 {% endif %} etcdClientInfo: @@ -196,13 +196,13 @@ policyConfig: openshiftInfrastructureNamespace: openshift-infra openshiftSharedResourcesNamespace: openshift projectConfig: - defaultNodeSelector: "{{ openshift.master.default_node_selector }}" - projectRequestMessage: "{{ openshift.master.project_request_message }}" - projectRequestTemplate: "{{ openshift.master.project_request_template }}" + defaultNodeSelector: "{{ osm_default_node_selector }}" + projectRequestMessage: "{{ osm_project_request_message }}" + projectRequestTemplate: "{{ osm_project_request_template }}" securityAllocator: - mcsAllocatorRange: "{{ openshift.master.mcs_allocator_range }}" - mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }} - uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}" + mcsAllocatorRange: "{{ osm_mcs_allocator_range }}" + mcsLabelsPerProject: {{ osm_mcs_labels_per_project }} + uidAllocatorRange: "{{ osm_uid_allocator_range }}" routingConfig: subdomain: "{{ openshift_master_default_subdomain | default("") }}" serviceAccountConfig: diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index cf0be3bef..20cc5358e 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -55,8 +55,6 @@ embedded_etcd: "{{ openshift_master_embedded_etcd | default(None) }}" embedded_kube: "{{ openshift_master_embedded_kube | default(None) }}" embedded_dns: "{{ openshift_master_embedded_dns | default(None) }}" - # defaults to 8053 when using dnsmasq in 1.2/3.2 - dns_port: "{{ openshift_master_dns_port | default(None) }}" bind_addr: "{{ openshift_master_bind_addr | default(None) }}" pod_eviction_timeout: "{{ openshift_master_pod_eviction_timeout | default(None) }}" session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}" @@ -77,12 +75,6 @@ sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}" sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" - default_node_selector: "{{ osm_default_node_selector | default(None) }}" - project_request_message: "{{ osm_project_request_message | default(None) }}" - project_request_template: "{{ osm_project_request_template | default(None) }}" - mcs_allocator_range: "{{ osm_mcs_allocator_range | default(None) }}" - mcs_labels_per_project: "{{ osm_mcs_labels_per_project | default(None) }}" - uid_allocator_range: "{{ osm_uid_allocator_range | default(None) }}" registry_selector: "{{ openshift_registry_selector | default(None) }}" api_server_args: "{{ osm_api_server_args | default(None) }}" controller_args: "{{ osm_controller_args | default(None) }}" diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index 6a3811598..11476bf75 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -24,7 +24,7 @@ spec: - {{openshift_metrics_cassandra_storage_group}} {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index 0662bea53..e976bc222 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -19,7 +19,7 @@ spec: serviceAccount: hawkular {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 index 40d09e9fa..04e2b2937 100644 --- a/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 +++ b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 @@ -19,7 +19,7 @@ spec: serviceAccount: hawkular-openshift-agent {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index e732c1eee..0d4dd0e2b 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -20,7 +20,7 @@ spec: serviceAccountName: heapster {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2 index b4e6a1503..9a4b428ec 100644 --- a/roles/openshift_metrics/templates/pvc.j2 +++ b/roles/openshift_metrics/templates/pvc.j2 @@ -7,13 +7,13 @@ metadata: metrics-infra: support {% elif labels %} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{ key }}: {{ value }} {% endfor %} {% endif %} {% if annotations is defined and annotations %} annotations: -{% for key,value in annotations.iteritems() %} +{% for key,value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} @@ -21,7 +21,7 @@ spec: {% if pv_selector is defined and pv_selector is mapping %} selector: matchLabels: -{% for key,value in pv_selector.iteritems() %} +{% for key,value in pv_selector.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/rolebinding.j2 b/roles/openshift_metrics/templates/rolebinding.j2 index 5230f0780..a9a24c157 100644 --- a/roles/openshift_metrics/templates/rolebinding.j2 +++ b/roles/openshift_metrics/templates/rolebinding.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if labels is defined %} labels: -{% for k, v in labels.iteritems() %} +{% for k, v in labels.items() %} {{ k }}: {{ v }} {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/route.j2 b/roles/openshift_metrics/templates/route.j2 index 253d6ecf5..9d628b666 100644 --- a/roles/openshift_metrics/templates/route.j2 +++ b/roles/openshift_metrics/templates/route.j2 @@ -7,7 +7,7 @@ metadata: {% endif %} {% if labels is defined and labels %} labels: -{% for k, v in labels.iteritems() %} +{% for k, v in labels.items() %} {{ k }}: {{ v }} {% endfor %} {% endif %} diff --git a/roles/openshift_metrics/templates/secret.j2 b/roles/openshift_metrics/templates/secret.j2 index 5b9dba122..b788be04e 100644 --- a/roles/openshift_metrics/templates/secret.j2 +++ b/roles/openshift_metrics/templates/secret.j2 @@ -4,15 +4,15 @@ metadata: name: "{{ name }}" {% if annotations is defined%} annotations: -{% for key, value in annotations.iteritems() %} +{% for key, value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} labels: -{% for k, v in labels.iteritems() %} +{% for k, v in labels.items() %} {{ k }}: {{ v }} {% endfor %} data: -{% for k, v in data.iteritems() %} +{% for k, v in data.items() %} {{ k }}: {{ v }} {% endfor %} diff --git a/roles/openshift_metrics/templates/service.j2 b/roles/openshift_metrics/templates/service.j2 index ce0bc2eec..4d23982f1 100644 --- a/roles/openshift_metrics/templates/service.j2 +++ b/roles/openshift_metrics/templates/service.j2 @@ -4,13 +4,13 @@ metadata: name: "{{obj_name}}" {% if annotations is defined%} annotations: -{% for key, value in annotations.iteritems() %} +{% for key, value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} @@ -22,7 +22,7 @@ spec: ports: {% for port in ports %} - -{% for key, value in port.iteritems() %} +{% for key, value in port.items() %} {{key}}: {{value}} {% endfor %} {% if port.targetPort is undefined %} @@ -33,6 +33,6 @@ spec: targetPort: {{service_targetPort}} {% endif %} selector: - {% for key, value in selector.iteritems() %} + {% for key, value in selector.items() %} {{key}}: {{value}} {% endfor %} diff --git a/roles/openshift_metrics/templates/serviceaccount.j2 b/roles/openshift_metrics/templates/serviceaccount.j2 index b22acc594..ea19f17d7 100644 --- a/roles/openshift_metrics/templates/serviceaccount.j2 +++ b/roles/openshift_metrics/templates/serviceaccount.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 62208c155..5a0c09f5c 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,6 +1,13 @@ --- openshift_node_debug_level: "{{ debug_level | default(2) }}" +openshift_node_dnsmasq_install_network_manager_hook: true + +# lo must always be present in this list or dnsmasq will conflict with +# the node's dns service. +openshift_node_dnsmasq_except_interfaces: +- lo + r_openshift_node_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node/files/networkmanager/99-origin-dns.sh index f4e48b5b7..f4e48b5b7 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node/files/networkmanager/99-origin-dns.sh diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index b102c1b18..229c6bbed 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,4 +1,15 @@ --- +- name: restart NetworkManager + systemd: + name: NetworkManager + state: restarted + enabled: True + +- name: restart dnsmasq + systemd: + name: dnsmasq + state: restarted + - name: restart openvswitch systemd: name: openvswitch diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index c32aa1600..927d107c6 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -17,11 +17,8 @@ dependencies: - role: lib_openshift - role: lib_os_firewall when: not (openshift_node_upgrade_in_progress | default(False)) -- role: openshift_clock - when: not (openshift_node_upgrade_in_progress | default(False)) - role: openshift_docker - role: openshift_cloud_provider when: not (openshift_node_upgrade_in_progress | default(False)) -- role: openshift_node_dnsmasq - role: lib_utils when: openshift_node_upgrade_in_progress | default(False) diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node/tasks/dnsmasq.yml index a33b78780..22bdce6c6 100644 --- a/roles/openshift_node_dnsmasq/tasks/main.yml +++ b/roles/openshift_node/tasks/dnsmasq.yml @@ -59,9 +59,9 @@ state: started # Dynamic NetworkManager based dispatcher -- include_tasks: ./network-manager.yml +- include_tasks: dnsmasq/network-manager.yml when: network_manager_active | bool # Relies on ansible in order to configure static config -- include_tasks: ./no-network-manager.yml +- include_tasks: dnsmasq/no-network-manager.yml when: not network_manager_active | bool diff --git a/roles/openshift_node_dnsmasq/tasks/network-manager.yml b/roles/openshift_node/tasks/dnsmasq/network-manager.yml index e5a92a630..e5a92a630 100644 --- a/roles/openshift_node_dnsmasq/tasks/network-manager.yml +++ b/roles/openshift_node/tasks/dnsmasq/network-manager.yml diff --git a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml index dede2fb8f..dede2fb8f 100644 --- a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml +++ b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 8e9d1d1b5..d46b1f9c3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -6,6 +6,8 @@ - deployment_type == 'openshift-enterprise' - not openshift_use_crio | default(false) +- include: dnsmasq.yml + - name: setup firewall import_tasks: firewall.yml diff --git a/roles/openshift_node/tasks/upgrade.yml b/roles/openshift_node/tasks/upgrade.yml index fb21b39a1..ff3478800 100644 --- a/roles/openshift_node/tasks/upgrade.yml +++ b/roles/openshift_node/tasks/upgrade.yml @@ -179,5 +179,4 @@ retries: 24 delay: 5 -- include_role: - name: openshift_node_dnsmasq +- include_tasks: dnsmasq.yml diff --git a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 b/roles/openshift_node/templates/node-dnsmasq.conf.j2 index 3caa3bd4a..3caa3bd4a 100644 --- a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 +++ b/roles/openshift_node/templates/node-dnsmasq.conf.j2 diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node/templates/origin-dns.conf.j2 index 6543c7c3e..6543c7c3e 100644 --- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 +++ b/roles/openshift_node/templates/origin-dns.conf.j2 diff --git a/roles/openshift_node_dnsmasq/README.md b/roles/openshift_node_dnsmasq/README.md deleted file mode 100644 index 4596190d7..000000000 --- a/roles/openshift_node_dnsmasq/README.md +++ /dev/null @@ -1,27 +0,0 @@ -OpenShift Node DNS resolver -=========================== - -Configure dnsmasq to act as a DNS resolver for an OpenShift node. - -Requirements ------------- - -Role Variables --------------- - -From this role: - -| Name | Default value | Description | -|-----------------------------------------------------|---------------|-----------------------------------------------------------------------------------| -| openshift_node_dnsmasq_install_network_manager_hook | true | Install NetworkManager hook updating /etc/resolv.conf with local dnsmasq instance | - -Dependencies ------------- - -* openshift_common -* openshift_node_facts - -License -------- - -Apache License Version 2.0 diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml deleted file mode 100644 index ebcff46b5..000000000 --- a/roles/openshift_node_dnsmasq/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -openshift_node_dnsmasq_install_network_manager_hook: true - -# lo must always be present in this list or dnsmasq will conflict with -# the node's dns service. -openshift_node_dnsmasq_except_interfaces: -- lo diff --git a/roles/openshift_node_dnsmasq/handlers/main.yml b/roles/openshift_node_dnsmasq/handlers/main.yml deleted file mode 100644 index 9f98126a0..000000000 --- a/roles/openshift_node_dnsmasq/handlers/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: restart NetworkManager - systemd: - name: NetworkManager - state: restarted - enabled: True - -- name: restart dnsmasq - systemd: - name: dnsmasq - state: restarted diff --git a/roles/openshift_node_dnsmasq/meta/main.yml b/roles/openshift_node_dnsmasq/meta/main.yml deleted file mode 100644 index d80ed1b72..000000000 --- a/roles/openshift_node_dnsmasq/meta/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -galaxy_info: - author: Scott Dodson - description: OpenShift Node DNSMasq support - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 2.2 - platforms: - - name: EL - versions: - - 7 - categories: - - cloud -dependencies: -- role: openshift_node_facts diff --git a/roles/openshift_node_facts/tasks/main.yml b/roles/openshift_node_facts/tasks/main.yml index b45130400..d33d09980 100644 --- a/roles/openshift_node_facts/tasks/main.yml +++ b/roles/openshift_node_facts/tasks/main.yml @@ -15,7 +15,6 @@ kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" labels: "{{ openshift_node_labels | default(None) }}" registry_url: "{{ oreg_url_node | default(oreg_url) | default(None) }}" - schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" set_node_ip: "{{ openshift_set_node_ip | default(None) }}" diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2 index bfa65b460..0e7538629 100644 --- a/roles/openshift_openstack/templates/heat_stack.yaml.j2 +++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2 @@ -724,7 +724,7 @@ resources: type: node subtype: app node_labels: -{% for k, v in openshift_openstack_cluster_node_labels.app.iteritems() %} +{% for k, v in openshift_openstack_cluster_node_labels.app.items() %} {{ k|e }}: {{ v|e }} {% endfor %} image: {{ openshift_openstack_node_image }} @@ -788,7 +788,7 @@ resources: type: node subtype: infra node_labels: -{% for k, v in openshift_openstack_cluster_node_labels.infra.iteritems() %} +{% for k, v in openshift_openstack_cluster_node_labels.infra.items() %} {{ k|e }}: {{ v|e }} {% endfor %} image: {{ openshift_openstack_infra_image }} diff --git a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 index 9c5103597..ee9dac7cb 100644 --- a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 +++ b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 @@ -9,7 +9,7 @@ items: name: "{{ volume.name }}" {% if volume.labels is defined and volume.labels is mapping %} labels: -{% for key,value in volume.labels.iteritems() %} +{% for key,value in volume.labels.items() %} {{ key }}: {{ value }} {% endfor %} {% endif %} diff --git a/roles/openshift_prometheus/templates/prometheus.j2 b/roles/openshift_prometheus/templates/prometheus.j2 index e73a94eee..d780550b8 100644 --- a/roles/openshift_prometheus/templates/prometheus.j2 +++ b/roles/openshift_prometheus/templates/prometheus.j2 @@ -22,7 +22,7 @@ spec: serviceAccountName: prometheus {% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %} nodeSelector: -{% for key, value in openshift_prometheus_node_selector.iteritems() %} +{% for key, value in openshift_prometheus_node_selector.items() %} {{ key }}: "{{ value }}" {% endfor %} {% endif %} diff --git a/roles/openshift_prometheus/vars/default_images.yml b/roles/openshift_prometheus/vars/default_images.yml index ad52a3125..31f6c1bb1 100644 --- a/roles/openshift_prometheus/vars/default_images.yml +++ b/roles/openshift_prometheus/vars/default_images.yml @@ -6,7 +6,7 @@ l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_alter l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}" # image version defaults -l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v2.0.0-dev.3') }}" +l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v2.0.0') }}" l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v1.0.0') }}" l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v0.9.1') }}" l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v0.0.2') }}" diff --git a/roles/openshift_provisioners/templates/clusterrolebinding.j2 b/roles/openshift_provisioners/templates/clusterrolebinding.j2 index 994afa32d..1f26c93a4 100644 --- a/roles/openshift_provisioners/templates/clusterrolebinding.j2 +++ b/roles/openshift_provisioners/templates/clusterrolebinding.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_provisioners/templates/efs.j2 b/roles/openshift_provisioners/templates/efs.j2 index 81b9ccca5..37fd02977 100644 --- a/roles/openshift_provisioners/templates/efs.j2 +++ b/roles/openshift_provisioners/templates/efs.j2 @@ -22,7 +22,7 @@ spec: serviceAccountName: "{{deploy_serviceAccount}}" {% if node_selector is iterable and node_selector | length > 0 %} nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} {% endif %} diff --git a/roles/openshift_provisioners/templates/pv.j2 b/roles/openshift_provisioners/templates/pv.j2 index f81b1617a..b648cd15e 100644 --- a/roles/openshift_provisioners/templates/pv.j2 +++ b/roles/openshift_provisioners/templates/pv.j2 @@ -4,13 +4,13 @@ metadata: name: {{obj_name}} {% if annotations is defined %} annotations: -{% for key,value in annotations.iteritems() %} +{% for key,value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_provisioners/templates/pvc.j2 b/roles/openshift_provisioners/templates/pvc.j2 index 0dd8772eb..0a88b7c88 100644 --- a/roles/openshift_provisioners/templates/pvc.j2 +++ b/roles/openshift_provisioners/templates/pvc.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if annotations is defined %} annotations: -{% for key,value in annotations.iteritems() %} +{% for key,value in annotations.items() %} {{key}}: {{value}} {% endfor %} {% endif %} @@ -12,7 +12,7 @@ spec: {% if pv_selector is defined and pv_selector is mapping %} selector: matchLabels: -{% for key,value in pv_selector.iteritems() %} +{% for key,value in pv_selector.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_provisioners/templates/secret.j2 b/roles/openshift_provisioners/templates/secret.j2 index 78824095b..2fbb28829 100644 --- a/roles/openshift_provisioners/templates/secret.j2 +++ b/roles/openshift_provisioners/templates/secret.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_provisioners/templates/serviceaccount.j2 b/roles/openshift_provisioners/templates/serviceaccount.j2 index b22acc594..ea19f17d7 100644 --- a/roles/openshift_provisioners/templates/serviceaccount.j2 +++ b/roles/openshift_provisioners/templates/serviceaccount.j2 @@ -4,7 +4,7 @@ metadata: name: {{obj_name}} {% if labels is defined%} labels: -{% for key, value in labels.iteritems() %} +{% for key, value in labels.items() %} {{key}}: {{value}} {% endfor %} {% endif %} diff --git a/roles/openshift_sanitize_inventory/tasks/unsupported.yml b/roles/openshift_sanitize_inventory/tasks/unsupported.yml index b70ab90a1..1c4984467 100644 --- a/roles/openshift_sanitize_inventory/tasks/unsupported.yml +++ b/roles/openshift_sanitize_inventory/tasks/unsupported.yml @@ -40,3 +40,27 @@ openshift_master_dynamic_provisioning_enabled to True and set an openshift_cloudprovider_kind. You can disable this check with 'dynamic_volumes_check=False'. + +#if we have registry backend as glusterfs, and we have clashing configuration. +- name: Ensure the hosted registry's GlusterFS storage is configured correctly + when: + - openshift_hosted_registry_storage_kind | default(none) in ['glusterfs'] + - openshift_hosted_registry_storage_glusterfs_ips is defined and openshift_hosted_registry_storage_glusterfs_ips != '' + - "'glusterfs_registry' in groups | default([])" + fail: + msg: |- + Configuring a value for openshift_hosted_registry_storage_glusterfs_ips and with a glusterfs_registry host group is not allowed. + Specifying a glusterfs_registry host group indicates that a new GlusterFS cluster should be configured, whereas + specifying openshift_hosted_registry_storage_glusterfs_ips indicates wanting to use a pre-configured GlusterFS cluster for the registry storage. + +#if we have registry backend as glusterfs and no gluster specified. +- name: Ensure the hosted registry's GlusterFS storage is configured correctly + when: + - openshift_hosted_registry_storage_kind | default(none) in ['glusterfs'] + - not openshift_hosted_registry_storage_glusterfs_ips is defined + - not 'glusterfs_registry' in groups | default([]) + - not 'glusterfs' in groups | default([]) + fail: + msg: |- + Configuring a value for openshift_hosted_registry_storage_kind=glusterfs without a any glusterfs option is not allowed. + Specify either openshift_hosted_registry_storage_glusterfs_ips variable or glusterfs, glusterfs_registry host groups. diff --git a/roles/openshift_service_catalog/templates/api_server.j2 b/roles/openshift_service_catalog/templates/api_server.j2 index 0e5bb7230..4f51b8c3c 100644 --- a/roles/openshift_service_catalog/templates/api_server.j2 +++ b/roles/openshift_service_catalog/templates/api_server.j2 @@ -19,7 +19,7 @@ spec: spec: serviceAccountName: service-catalog-apiserver nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} containers: diff --git a/roles/openshift_service_catalog/templates/controller_manager.j2 b/roles/openshift_service_catalog/templates/controller_manager.j2 index e5e5f6b50..137222f04 100644 --- a/roles/openshift_service_catalog/templates/controller_manager.j2 +++ b/roles/openshift_service_catalog/templates/controller_manager.j2 @@ -19,7 +19,7 @@ spec: spec: serviceAccountName: service-catalog-controller nodeSelector: -{% for key, value in node_selector.iteritems() %} +{% for key, value in node_selector.items() %} {{key}}: "{{value}}" {% endfor %} containers: diff --git a/roles/openshift_storage_glusterfs/README.md b/roles/openshift_storage_glusterfs/README.md index 54adcf78d..be749a2e1 100644 --- a/roles/openshift_storage_glusterfs/README.md +++ b/roles/openshift_storage_glusterfs/README.md @@ -133,8 +133,7 @@ are an exception: | openshift_storage_glusterfs_registry_heketi_admin_key | auto-generated | Separate from the above | openshift_storage_glusterfs_registry_heketi_user_key | auto-generated | Separate from the above -Additionally, this role's behavior responds to the following registry-specific -variables: +Additionally, this role's behavior responds to several registry-specific variables in the [openshift_hosted role](../openshift_hosted/README.md): | Name | Default value | Description | |-------------------------------------------------------|------------------------------|-----------------------------------------| diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml index 1ede0ae94..b8fd7979f 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml @@ -44,6 +44,6 @@ glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_heketi_ssh_sudo | bool }}" glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_heketi_ssh_keyfile }}" glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_heketi_fstab }}" - glusterfs_nodes: "{{ groups.glusterfs }}" + glusterfs_nodes: "{{ groups.glusterfs | default([]]) }}" - include: glusterfs_common.yml diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml index ef37762f9..30e83e79b 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml @@ -77,6 +77,14 @@ files: - "{{ mktemp.stdout }}/glusterfs-template.yml" +- name: Check GlusterFS DaemonSet status + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: daemonset + name: glusterfs-{{ glusterfs_name }} + state: list + register: glusterfs_ds + - name: Deploy GlusterFS pods oc_process: namespace: "{{ glusterfs_namespace }}" @@ -88,6 +96,8 @@ NODE_LABELS: "{{ glusterfs_nodeselector }}" CLUSTER_NAME: "{{ glusterfs_name }}" GB_GLFS_LRU_COUNT: "{{ glusterfs_block_host_vol_max }}" + when: (glusterfs_ds.results.results[0].status is not defined) or + (glusterfs_ds.results.results[0].status.numberReady | default(0) < glusterfs_ds.results.results[0].status.desiredNumberScheduled | default(glusterfs_nodes | count)) - name: Wait for GlusterFS pods oc_obj: diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml index 1fa42efa7..d3cba61cf 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml @@ -44,52 +44,13 @@ glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_registry_heketi_ssh_sudo | bool }}" glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_registry_heketi_ssh_keyfile }}" glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_registry_heketi_fstab }}" - glusterfs_nodes: "{{ groups.glusterfs_registry | default(groups.glusterfs) }}" + glusterfs_nodes: "{% if groups.glusterfs_registry is defined %}{% set nodes = groups.glusterfs_registry %}{% elif 'groups.glusterfs' is defined %}{% set nodes = groups.glusterfs %}{% else %}{% set nodes = '[]' %}{% endif %}{{ nodes }}" - include: glusterfs_common.yml when: - glusterfs_nodes | default([]) | count > 0 - "'glusterfs' not in groups or glusterfs_nodes != groups.glusterfs" -- name: Delete pre-existing GlusterFS registry resources - oc_obj: - namespace: "{{ glusterfs_namespace }}" - kind: "{{ item.kind }}" - name: "{{ item.name }}" - state: absent - with_items: - - kind: "svc" - name: "glusterfs-{{ glusterfs_name | default }}-endpoints" - failed_when: False - -- name: Generate GlusterFS registry endpoints - template: - src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-endpoints.yml.j2" - dest: "{{ mktemp.stdout }}/glusterfs-registry-endpoints.yml" - -- name: Copy GlusterFS registry service - template: - src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-service.yml.j2" - dest: "{{ mktemp.stdout }}/glusterfs-registry-service.yml" - -- name: Create GlusterFS registry endpoints - oc_obj: - namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" - state: present - kind: endpoints - name: "glusterfs-{{ glusterfs_name }}-endpoints" - files: - - "{{ mktemp.stdout }}/glusterfs-registry-endpoints.yml" - -- name: Create GlusterFS registry service - oc_obj: - namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" - state: present - kind: service - name: "glusterfs-{{ glusterfs_name }}-endpoints" - files: - - "{{ mktemp.stdout }}/glusterfs-registry-service.yml" - - name: Check if GlusterFS registry volume exists command: "{{ glusterfs_heketi_client }} volume list" register: registry_volume diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml index b727eb74d..574e89899 100644 --- a/roles/openshift_version/tasks/set_version_containerized.yml +++ b/roles/openshift_version/tasks/set_version_containerized.yml @@ -20,7 +20,7 @@ - name: Lookup latest containerized version if no version specified command: > - docker run --rm {{ openshift.common.cli_image }}:latest version + docker run --rm {{ openshift_cli_image }}:latest version register: cli_image_version when: - openshift_version is not defined @@ -43,7 +43,7 @@ # and use that value instead. - name: Set precise containerized version to configure if openshift_release specified command: > - docker run --rm {{ openshift.common.cli_image }}:v{{ openshift_version }} version + docker run --rm {{ openshift_cli_image }}:v{{ openshift_version }} version register: cli_image_version when: - openshift_version is defined |