summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/cockpit/defaults/main.yml1
-rw-r--r--roles/dns/README.md2
-rw-r--r--roles/dns/defaults/main.yml2
-rw-r--r--roles/dns/meta/main.yml3
-rw-r--r--roles/dns/tasks/main.yml34
-rw-r--r--roles/dns/templates/Dockerfile11
-rw-r--r--roles/dns/templates/named.service.j215
-rw-r--r--roles/docker/tasks/main.yml18
-rw-r--r--roles/etcd/defaults/main.yaml1
-rw-r--r--roles/etcd_certificates/tasks/client.yml8
-rw-r--r--roles/etcd_certificates/tasks/main.yml4
-rw-r--r--roles/etcd_certificates/tasks/server.yml12
-rw-r--r--roles/flannel/handlers/main.yml4
-rw-r--r--roles/flannel/tasks/main.yml12
-rw-r--r--roles/flannel_register/tasks/main.yml6
-rw-r--r--roles/haproxy/defaults/main.yml1
-rw-r--r--roles/kube_nfs_volumes/README.md2
-rw-r--r--roles/nuage_master/defaults/main.yaml4
-rw-r--r--roles/nuage_master/files/serviceaccount.sh63
-rw-r--r--roles/nuage_master/handlers/main.yaml2
-rw-r--r--roles/nuage_master/tasks/main.yaml14
-rw-r--r--roles/nuage_master/tasks/serviceaccount.yml51
-rw-r--r--roles/nuage_master/vars/main.yaml16
-rw-r--r--roles/nuage_node/handlers/main.yaml4
-rw-r--r--roles/nuage_node/tasks/main.yaml14
-rw-r--r--roles/openshift_builddefaults/meta/main.yml15
-rw-r--r--roles/openshift_builddefaults/tasks/main.yml24
-rw-r--r--roles/openshift_builddefaults/vars/main.yml15
-rw-r--r--roles/openshift_cloud_provider/tasks/main.yml4
-rw-r--r--roles/openshift_cloud_provider/templates/openstack.conf.j27
-rw-r--r--roles/openshift_cluster_metrics/tasks/main.yml1
-rw-r--r--roles/openshift_common/tasks/main.yml1
-rw-r--r--roles/openshift_common/vars/main.yml7
-rw-r--r--roles/openshift_docker/tasks/main.yml9
-rw-r--r--roles/openshift_docker_facts/tasks/main.yml3
-rw-r--r--roles/openshift_etcd_facts/meta/main.yml2
-rw-r--r--roles/openshift_expand_partition/README.md4
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py96
-rw-r--r--roles/openshift_facts/tasks/main.yml26
-rw-r--r--roles/openshift_hosted_facts/tasks/main.yml4
-rw-r--r--roles/openshift_hosted_logging/tasks/deploy_logging.yaml40
-rw-r--r--roles/openshift_manage_node/tasks/main.yml2
-rw-r--r--roles/openshift_master/defaults/main.yml8
-rw-r--r--roles/openshift_master/meta/main.yml1
-rw-r--r--roles/openshift_master/tasks/main.yml45
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master.j215
-rw-r--r--roles/openshift_master/templates/htpasswd.j25
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j22
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j215
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j215
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml8
-rw-r--r--roles/openshift_master_facts/tasks/main.yml8
-rw-r--r--roles/openshift_master_facts/vars/main.yml14
-rw-r--r--roles/openshift_metrics/README.md8
-rw-r--r--roles/openshift_metrics/tasks/main.yaml8
-rw-r--r--roles/openshift_node_certificates/tasks/main.yml6
-rwxr-xr-xroles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh1
-rw-r--r--roles/openshift_node_dnsmasq/tasks/no-network-manager.yml2
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml12
-rw-r--r--roles/openshift_storage_nfs/defaults/main.yml1
-rw-r--r--roles/openshift_storage_nfs_lvm/README.md4
-rw-r--r--roles/os_env_extras/files/irbrc2
-rw-r--r--roles/os_env_extras/files/vimrc12
-rw-r--r--roles/os_env_extras/tasks/main.yaml16
-rw-r--r--roles/os_env_extras_node/tasks/main.yml5
-rw-r--r--roles/os_firewall/defaults/main.yml8
-rw-r--r--roles/os_firewall/tasks/firewall/firewalld.yml24
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml24
-rw-r--r--roles/pods/README.md38
-rw-r--r--roles/pods/files/pods/docker-registry.json30
-rw-r--r--roles/pods/files/pods/fedora_apache.json23
-rw-r--r--roles/pods/files/pods/frontend-controller.json23
-rw-r--r--roles/pods/files/pods/redis-master-service.json10
-rw-r--r--roles/pods/files/pods/redis-master.json22
-rw-r--r--roles/pods/files/pods/redis-slave-controller.json24
-rw-r--r--roles/pods/files/pods/redis-slave-service.json13
-rw-r--r--roles/pods/files/pods/registry-service.json10
-rw-r--r--roles/pods/meta/main.yml124
-rw-r--r--roles/pods/tasks/main.yml6
79 files changed, 569 insertions, 587 deletions
diff --git a/roles/cockpit/defaults/main.yml b/roles/cockpit/defaults/main.yml
index ffd55f1dd..9cf665841 100644
--- a/roles/cockpit/defaults/main.yml
+++ b/roles/cockpit/defaults/main.yml
@@ -1,5 +1,4 @@
---
-os_firewall_use_firewalld: false
os_firewall_allow:
- service: cockpit-ws
port: 9090/tcp
diff --git a/roles/dns/README.md b/roles/dns/README.md
index e238fb92e..7e0140772 100644
--- a/roles/dns/README.md
+++ b/roles/dns/README.md
@@ -16,6 +16,7 @@ Role Variables
| `dns_zones` | Mandatory | DNS zones in which we must find the hosts |
| `dns_forwarders` | If not set, the DNS will be a recursive non-forwarding DNS server | DNS forwarders to delegate the requests for hosts outside of `dns_zones` |
| `dns_all_hosts` | Mandatory | Exhaustive list of hosts |
+| `base_docker_image` | Optional | Base docker image to build Bind image from, used only in containerized deployments |
Dependencies
------------
@@ -31,6 +32,7 @@ Example Playbook
dns_forwarders: [ '8.8.8.8', '8.8.4.4' ]
dns_zones: [ novalocal, openstacklocal ]
dns_all_hosts: "{{ g_all_hosts }}"
+ base_docker_image: 'centos:centos7'
License
-------
diff --git a/roles/dns/defaults/main.yml b/roles/dns/defaults/main.yml
new file mode 100644
index 000000000..82055c8cd
--- /dev/null
+++ b/roles/dns/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+base_docker_image: "{{ 'centos:centos7' if openshift.common.deployment_type == 'origin' else 'rhel7' }}"
diff --git a/roles/dns/meta/main.yml b/roles/dns/meta/main.yml
index b6e9d9ad0..048274c49 100644
--- a/roles/dns/meta/main.yml
+++ b/roles/dns/meta/main.yml
@@ -4,4 +4,5 @@ galaxy_info:
description: Deploy and configure a DNS server
company: Amadeus SAS
license: ASL 2.0
-dependencies: []
+dependencies:
+- { role: openshift_facts }
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
index af728585d..57a7e6269 100644
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@@ -1,18 +1,46 @@
- name: Install Bind
action: "{{ ansible_pkg_mgr }} name=bind"
+ when: not openshift.common.is_containerized | bool
+
+- name: Create docker build dir
+ file: path=/tmp/dockerbuild state=directory
+ when: openshift.common.is_containerized | bool
+
+- name: Install dockerfile
+ template:
+ dest: "/tmp/dockerbuild/Dockerfile"
+ src: Dockerfile
+ register: install_result
+ when: openshift.common.is_containerized | bool
+
+- name: Build Bind image
+ docker_image: path="/tmp/dockerbuild" name="bind" state=present
+ when: openshift.common.is_containerized | bool
+
+- name: Install bind service file
+ template:
+ dest: "/etc/systemd/system/named.service"
+ src: named.service.j2
+ register: install_result
+ when: openshift.common.is_containerized | bool
+
+- name: reload systemd
+ command: /usr/bin/systemctl --system daemon-reload
+ when: openshift.common.is_containerized | bool and install_result | changed
+
+- name: Create bind zone dir
+ file: path=/var/named state=directory
+ when: openshift.common.is_containerized | bool
- name: Configure Bind
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
- validate: "{{ item.validate }}"
with_items:
- src: openshift-cluster.zone
dest: /var/named/openshift-cluster.zone
- validate: "named-checkzone {{ dns_zones[0] }} %s"
- src: named.conf
dest: /etc/named.conf
- validate: "named-checkconf %s"
notify: restart bind
- name: Enable Bind
diff --git a/roles/dns/templates/Dockerfile b/roles/dns/templates/Dockerfile
new file mode 100644
index 000000000..cdff0a228
--- /dev/null
+++ b/roles/dns/templates/Dockerfile
@@ -0,0 +1,11 @@
+FROM {{ base_docker_image }}
+MAINTAINER Jan Provaznik <jprovazn@redhat.com>
+
+# install main packages:
+RUN yum -y update; yum clean all;
+RUN yum -y install bind-utils bind
+
+EXPOSE 53
+
+# start services:
+CMD ["/usr/sbin/named", "-f"]
diff --git a/roles/dns/templates/named.service.j2 b/roles/dns/templates/named.service.j2
new file mode 100644
index 000000000..566739f25
--- /dev/null
+++ b/roles/dns/templates/named.service.j2
@@ -0,0 +1,15 @@
+[Unit]
+Requires=docker.service
+After=docker.service
+PartOf=docker.service
+
+[Service]
+Type=simple
+TimeoutStartSec=5m
+ExecStartPre=/usr/bin/docker run --rm -v /etc/named.conf:/etc/named.conf -v /var/named:/var/named:z bind named-checkconf -z /etc/named.conf
+ExecStartPre=-/usr/bin/docker rm -f bind
+ExecStart=/usr/bin/docker run --name bind -p 53:53/udp -v /var/log:/var/log -v /etc/named.conf:/etc/named.conf -v /var/named:/var/named:z bind
+ExecStop=/usr/bin/docker stop bind
+
+[Install]
+WantedBy=docker.service
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 4a47a60fa..b9b2666fb 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -16,7 +16,7 @@
when: docker_storage_check.stat.exists | bool and not docker_version_result | skipped and docker_version_result.stdout | default('0.0', True) | version_compare('1.9', '>=') and docker_version | version_compare('1.9', '<')
- name: Downgrade docker if necessary
- command: "{{ ansible_pkg_mgr }} downgrade -y docker-{{ docker_version }}"
+ command: "{{ ansible_pkg_mgr }} swap -y docker-* docker-*{{ docker_version }}"
register: docker_downgrade_result
when: not docker_version_result | skipped and docker_version_result.stdout | default('0.0', True) | version_compare(docker_version, 'gt')
@@ -70,6 +70,22 @@
notify:
- restart docker
+- name: Set Proxy Settings
+ lineinfile:
+ dest: /etc/sysconfig/docker
+ regexp: '^{{ item.reg_conf_var }}=.*$'
+ line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val }}'"
+ state: "{{ 'present' if item.reg_fact_val != '' else 'absent'}}"
+ with_items:
+ - reg_conf_var: HTTP_PROXY
+ reg_fact_val: "{{ docker_http_proxy | default('') }}"
+ - reg_conf_var: HTTPS_PROXY
+ reg_fact_val: "{{ docker_https_proxy | default('') }}"
+ - reg_conf_var: NO_PROXY
+ reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}"
+ notify:
+ - restart docker
+
- name: Set various docker options
lineinfile:
dest: /etc/sysconfig/docker
diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml
index a2212bacd..1cb055816 100644
--- a/roles/etcd/defaults/main.yaml
+++ b/roles/etcd/defaults/main.yaml
@@ -15,7 +15,6 @@ etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_p
etcd_data_dir: /var/lib/etcd/
-os_firewall_use_firewalld: False
os_firewall_allow:
- service: etcd
port: "{{etcd_client_port}}/tcp"
diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml
index 7bf95809f..a9f130bb9 100644
--- a/roles/etcd_certificates/tasks/client.yml
+++ b/roles/etcd_certificates/tasks/client.yml
@@ -4,7 +4,7 @@
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
- with_items: etcd_needing_client_certs
+ with_items: etcd_needing_client_certs | default([])
- name: Create the client csr
command: >
@@ -19,7 +19,7 @@
~ item.etcd_cert_prefix ~ 'client.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_client_certs
+ with_items: etcd_needing_client_certs | default([])
- name: Sign and create the client crt
command: >
@@ -33,10 +33,10 @@
~ item.etcd_cert_prefix ~ 'client.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_client_certs
+ with_items: etcd_needing_client_certs | default([])
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
- with_items: etcd_needing_client_certs
+ with_items: etcd_needing_client_certs | default([])
diff --git a/roles/etcd_certificates/tasks/main.yml b/roles/etcd_certificates/tasks/main.yml
index 3bb715943..17092ca58 100644
--- a/roles/etcd_certificates/tasks/main.yml
+++ b/roles/etcd_certificates/tasks/main.yml
@@ -1,6 +1,6 @@
---
- include: client.yml
- when: etcd_needing_client_certs is defined and etcd_needing_client_certs
+ when: etcd_needing_client_certs | default([]) | length > 0
- include: server.yml
- when: etcd_needing_server_certs is defined and etcd_needing_server_certs
+ when: etcd_needing_server_certs | default([]) | length > 0
diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml
index 2589c5192..223917ccd 100644
--- a/roles/etcd_certificates/tasks/server.yml
+++ b/roles/etcd_certificates/tasks/server.yml
@@ -4,7 +4,7 @@
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
- with_items: etcd_needing_server_certs
+ with_items: etcd_needing_server_certs | default([])
- name: Create the server csr
command: >
@@ -19,7 +19,7 @@
~ item.etcd_cert_prefix ~ 'server.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_server_certs
+ with_items: etcd_needing_server_certs | default([])
- name: Sign and create the server crt
command: >
@@ -33,7 +33,7 @@
~ item.etcd_cert_prefix ~ 'server.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_server_certs
+ with_items: etcd_needing_server_certs | default([])
- name: Create the peer csr
command: >
@@ -48,7 +48,7 @@
~ item.etcd_cert_prefix ~ 'peer.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_server_certs
+ with_items: etcd_needing_server_certs | default([])
- name: Sign and create the peer crt
command: >
@@ -62,10 +62,10 @@
~ item.etcd_cert_prefix ~ 'peer.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
- with_items: etcd_needing_server_certs
+ with_items: etcd_needing_server_certs | default([])
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
- with_items: etcd_needing_server_certs
+ with_items: etcd_needing_server_certs | default([])
diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml
index f9b9ae7f1..981ea5c7a 100644
--- a/roles/flannel/handlers/main.yml
+++ b/roles/flannel/handlers/main.yml
@@ -1,8 +1,8 @@
---
- name: restart flanneld
- sudo: true
+ become: yes
service: name=flanneld state=restarted
- name: restart docker
- sudo: true
+ become: yes
service: name=docker state=restarted
diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index aa27b674e..6b6dfb423 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -1,11 +1,11 @@
---
- name: Install flannel
- sudo: true
+ become: yes
action: "{{ ansible_pkg_mgr }} name=flannel state=present"
when: not openshift.common.is_containerized | bool
- name: Set flannel etcd url
- sudo: true
+ become: yes
lineinfile:
dest: /etc/sysconfig/flanneld
backrefs: yes
@@ -13,7 +13,7 @@
line: '\1{{ etcd_hosts|join(",") }}'
- name: Set flannel etcd key
- sudo: true
+ become: yes
lineinfile:
dest: /etc/sysconfig/flanneld
backrefs: yes
@@ -21,7 +21,7 @@
line: '\1{{ flannel_etcd_key }}'
- name: Set flannel options
- sudo: true
+ become: yes
lineinfile:
dest: /etc/sysconfig/flanneld
backrefs: yes
@@ -29,7 +29,7 @@
line: '\1--iface {{ flannel_interface }} --etcd-cafile={{ etcd_peer_ca_file }} --etcd-keyfile={{ etcd_peer_key_file }} --etcd-certfile={{ etcd_peer_cert_file }}'
- name: Enable flanneld
- sudo: true
+ become: yes
service:
name: flanneld
state: started
@@ -37,7 +37,7 @@
register: start_result
- name: Remove docker bridge ip
- sudo: true
+ become: yes
shell: ip a del `ip a show docker0 | grep "inet[[:space:]]" | awk '{print $2}'` dev docker0
notify:
- restart docker
diff --git a/roles/flannel_register/tasks/main.yml b/roles/flannel_register/tasks/main.yml
index 1629157c8..845b7ef40 100644
--- a/roles/flannel_register/tasks/main.yml
+++ b/roles/flannel_register/tasks/main.yml
@@ -1,14 +1,14 @@
---
- name: Assures /etc/flannel dir exists
- sudo: true
+ become: yes
file: path=/etc/flannel state=directory
- name: Generate etcd configuration for etcd
- sudo: true
+ become: yes
template:
src: "flannel-config.json"
dest: "/etc/flannel/config.json"
- name: Insert flannel configuration into etcd
- sudo: true
+ become: yes
command: 'curl -L --cacert "{{ etcd_peer_ca_file }}" --cert "{{ etcd_peer_cert_file }}" --key "{{ etcd_peer_key_file }}" "{{ etcd_hosts[0] }}/v2/keys{{ flannel_etcd_key }}/config" -XPUT --data-urlencode value@/etc/flannel/config.json'
diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml
index 937d94209..a1524cfe1 100644
--- a/roles/haproxy/defaults/main.yml
+++ b/roles/haproxy/defaults/main.yml
@@ -15,7 +15,6 @@ haproxy_backends:
address: 127.0.0.1:9000
opts: check
-os_firewall_use_firewalld: False
os_firewall_allow:
- service: haproxy stats
port: "9000/tcp"
diff --git a/roles/kube_nfs_volumes/README.md b/roles/kube_nfs_volumes/README.md
index 1520f79b2..dd91ad8b1 100644
--- a/roles/kube_nfs_volumes/README.md
+++ b/roles/kube_nfs_volumes/README.md
@@ -94,7 +94,7 @@ partitions.
* Create an ansible playbook, say `setupnfs.yaml`:
```
- hosts: nfsservers
- sudo: yes
+ become: yes
roles:
- role: kube_nfs_volumes
disks: "/dev/sdb,/dev/sdc"
diff --git a/roles/nuage_master/defaults/main.yaml b/roles/nuage_master/defaults/main.yaml
new file mode 100644
index 000000000..cf670a9e1
--- /dev/null
+++ b/roles/nuage_master/defaults/main.yaml
@@ -0,0 +1,4 @@
+---
+nuage_master_cspadminpasswd: ""
+nuage_master_adminusername: admin
+nuage_master_adminuserpasswd: admin
diff --git a/roles/nuage_master/files/serviceaccount.sh b/roles/nuage_master/files/serviceaccount.sh
deleted file mode 100644
index f6fdb8a8d..000000000
--- a/roles/nuage_master/files/serviceaccount.sh
+++ /dev/null
@@ -1,63 +0,0 @@
-#!/bin/bash
-# Parse CLI options
-for i in "$@"; do
- case $i in
- --master-cert-dir=*)
- MASTER_DIR="${i#*=}"
- CA_CERT=${MASTER_DIR}/ca.crt
- CA_KEY=${MASTER_DIR}/ca.key
- CA_SERIAL=${MASTER_DIR}/ca.serial.txt
- ADMIN_FILE=${MASTER_DIR}/admin.kubeconfig
- ;;
- --server=*)
- SERVER="${i#*=}"
- ;;
- --output-cert-dir=*)
- OUTDIR="${i#*=}"
- CONFIG_FILE=${OUTDIR}/nuage.kubeconfig
- ;;
- esac
-done
-
-# If any are missing, print the usage and exit
-if [ -z $SERVER ] || [ -z $OUTDIR ] || [ -z $MASTER_DIR ]; then
- echo "Invalid syntax: $@"
- echo "Usage:"
- echo " $0 --server=<address>:<port> --output-cert-dir=/path/to/output/dir/ --master-cert-dir=/path/to/master/"
- echo "--master-cert-dir: Directory where the master's configuration is held"
- echo "--server: Address of Kubernetes API server (default port is 8443)"
- echo "--output-cert-dir: Directory to put artifacts in"
- echo ""
- echo "All options are required"
- exit 1
-fi
-
-# Login as admin so that we can create the service account
-oc login -u system:admin --config=$ADMIN_FILE || exit 1
-oc project default --config=$ADMIN_FILE
-
-ACCOUNT_CONFIG='
-{
- "apiVersion": "v1",
- "kind": "ServiceAccount",
- "metadata": {
- "name": "nuage"
- }
-}
-'
-
-# Create the account with the included info
-echo $ACCOUNT_CONFIG|oc create --config=$ADMIN_FILE -f -
-
-# Add the cluser-reader role, which allows this service account read access to
-# everything in the cluster except secrets
-oadm policy add-cluster-role-to-user cluster-reader system:serviceaccounts:default:nuage --config=$ADMIN_FILE
-
-# Generate certificates and a kubeconfig for the service account
-oadm create-api-client-config --certificate-authority=${CA_CERT} --client-dir=${OUTDIR} --signer-cert=${CA_CERT} --signer-key=${CA_KEY} --signer-serial=${CA_SERIAL} --user=system:serviceaccounts:default:nuage --master=${SERVER} --public-master=${SERVER} --basename='nuage'
-
-# Verify the finalized kubeconfig
-if ! [ $(oc whoami --config=$CONFIG_FILE) == 'system:serviceaccounts:default:nuage' ]; then
- echo "Service account creation failed!"
- exit 1
-fi
diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml
index 5d133cf16..56224cf82 100644
--- a/roles/nuage_master/handlers/main.yaml
+++ b/roles/nuage_master/handlers/main.yaml
@@ -1,6 +1,6 @@
---
- name: restart nuage-openshift-monitor
- sudo: true
+ become: yes
service: name=nuage-openshift-monitor state=restarted
- name: restart master
diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml
index abeee3d71..b8eaede3b 100644
--- a/roles/nuage_master/tasks/main.yaml
+++ b/roles/nuage_master/tasks/main.yaml
@@ -1,22 +1,20 @@
---
- name: Create directory /usr/share/nuage-openshift-monitor
- sudo: true
+ become: yes
file: path=/usr/share/nuage-openshift-monitor state=directory
- name: Create the log directory
- sudo: true
+ become: yes
file: path={{ nuage_mon_rest_server_logdir }} state=directory
- name: Install Nuage Openshift Monitor
- sudo: true
+ become: yes
yum: name={{ nuage_openshift_rpm }} state=present
-- name: Run the service account creation script
- sudo: true
- script: serviceaccount.sh --server={{ openshift.master.api_url }} --output-cert-dir={{ cert_output_dir }} --master-cert-dir={{ openshift_master_config_dir }}
+- include: serviceaccount.yml
- name: Download the certs and keys
- sudo: true
+ become: yes
fetch: src={{ cert_output_dir }}/{{ item }} dest=/tmp/{{ item }} flat=yes
with_items:
- ca.crt
@@ -27,7 +25,7 @@
- include: certificates.yml
- name: Create nuage-openshift-monitor.yaml
- sudo: true
+ become: yes
template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644
notify:
- restart master
diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml
new file mode 100644
index 000000000..5b4af5824
--- /dev/null
+++ b/roles/nuage_master/tasks/serviceaccount.yml
@@ -0,0 +1,51 @@
+---
+- name: Create temporary directory for admin kubeconfig
+ command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig
+ register: nuage_tmp_conf_mktemp
+ changed_when: False
+
+- set_fact:
+ nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}"
+
+- name: Copy Configuration to temporary conf
+ command: >
+ cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}}
+ changed_when: false
+
+- name: Create Admin Service Account
+ shell: >
+ echo {{ nuage_service_account_config | to_json | quote }} |
+ {{ openshift.common.client_binary }} create
+ -n default
+ --config={{nuage_tmp_conf}}
+ -f -
+ register: osnuage_create_service_account
+ failed_when: "'already exists' not in osnuage_create_service_account.stderr and osnuage_create_service_account.rc != 0"
+ changed_when: osnuage_create_service_account.rc == 0
+
+- name: Configure role/user permissions
+ command: >
+ {{ openshift.common.admin_binary }} {{item}}
+ --config={{nuage_tmp_conf}}
+ with_items: "{{nuage_tasks}}"
+ register: osnuage_perm_task
+ failed_when: "'already exists' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
+ changed_when: osnuage_perm_task.rc == 0
+
+- name: Generate the node client config
+ command: >
+ {{ openshift.common.admin_binary }} create-api-client-config
+ --certificate-authority={{ openshift_master_ca_cert }}
+ --client-dir={{ cert_output_dir }}
+ --master={{ openshift.master.api_url }}
+ --public-master={{ openshift.master.api_url }}
+ --signer-cert={{ openshift_master_ca_cert }}
+ --signer-key={{ openshift_master_ca_key }}
+ --signer-serial={{ openshift_master_ca_serial }}
+ --basename='nuage'
+ --user={{ nuage_service_account }}
+
+- name: Clean temporary configuration file
+ command: >
+ rm -f {{nuage_tmp_conf}}
+ changed_when: false
diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml
index c4c15d65c..5bc735bb6 100644
--- a/roles/nuage_master/vars/main.yaml
+++ b/roles/nuage_master/vars/main.yaml
@@ -1,4 +1,7 @@
openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
+openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
+openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
+openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig"
cert_output_dir: /usr/share/nuage-openshift-monitor
@@ -15,6 +18,13 @@ nuage_ca_master_rest_server_key: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonSe
nuage_ca_master_rest_server_crt: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.crt"
nuage_master_crt_dir : /usr/share/nuage-openshift-monitor
-nuage_master_cspadminpasswd: ''
-nuage_master_adminsusername: 'admin'
-nuage_master_adminuserpasswd: 'admin'
+nuage_service_account: system:serviceaccount:default:nuage
+
+nuage_service_account_config:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ name: nuage
+
+nuage_tasks:
+ - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }}
diff --git a/roles/nuage_node/handlers/main.yaml b/roles/nuage_node/handlers/main.yaml
index 25482a845..5f2b97ae2 100644
--- a/roles/nuage_node/handlers/main.yaml
+++ b/roles/nuage_node/handlers/main.yaml
@@ -1,8 +1,8 @@
---
- name: restart vrs
- sudo: true
+ become: yes
service: name=openvswitch state=restarted
- name: restart node
- sudo: true
+ become: yes
service: name={{ openshift.common.service_type }}-node state=restarted
diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml
index d7dd53802..1146573d3 100644
--- a/roles/nuage_node/tasks/main.yaml
+++ b/roles/nuage_node/tasks/main.yaml
@@ -1,27 +1,27 @@
---
- name: Install Nuage VRS
- sudo: true
+ become: yes
yum: name={{ vrs_rpm }} state=present
- name: Set the uplink interface
- sudo: true
+ become: yes
lineinfile: dest={{ vrs_config }} regexp=^NETWORK_UPLINK_INTF line='NETWORK_UPLINK_INTF={{ uplink_interface }}'
- name: Set the Active Controller
- sudo: true
+ become: yes
lineinfile: dest={{ vrs_config }} regexp=^ACTIVE_CONTROLLER line='ACTIVE_CONTROLLER={{ vsc_active_ip }}'
- name: Set the Standby Controller
- sudo: true
+ become: yes
lineinfile: dest={{ vrs_config }} regexp=^STANDBY_CONTROLLER line='STANDBY_CONTROLLER={{ vsc_standby_ip }}'
when: vsc_standby_ip is defined
- name: Install plugin rpm
- sudo: true
+ become: yes
yum: name={{ plugin_rpm }} state=present
- name: Copy the certificates and keys
- sudo: true
+ become: yes
copy: src="/tmp/{{ item }}" dest="{{ vsp_openshift_dir }}/{{ item }}"
with_items:
- ca.crt
@@ -32,7 +32,7 @@
- include: certificates.yml
- name: Set the vsp-openshift.yaml
- sudo: true
+ become: yes
template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644
notify:
- restart vrs
diff --git a/roles/openshift_builddefaults/meta/main.yml b/roles/openshift_builddefaults/meta/main.yml
new file mode 100644
index 000000000..422d08400
--- /dev/null
+++ b/roles/openshift_builddefaults/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: Scott Dodson
+ description: OpenShift Build Defaults configuration
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.9
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- role: openshift_facts
diff --git a/roles/openshift_builddefaults/tasks/main.yml b/roles/openshift_builddefaults/tasks/main.yml
new file mode 100644
index 000000000..6a4e919e8
--- /dev/null
+++ b/roles/openshift_builddefaults/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: Set builddefaults
+ openshift_facts:
+ role: builddefaults
+ # TODO: add ability to define builddefaults env vars sort of like this
+ # may need to move the config generation to a filter however.
+ # openshift_env: "{{ hostvars
+ # | oo_merge_hostvars(vars, inventory_hostname)
+ # | oo_openshift_env }}"
+ # openshift_env_structures:
+ # - 'openshift.builddefaults.env.*'
+ local_facts:
+ http_proxy: "{{ openshift_builddefaults_http_proxy | default(None) }}"
+ https_proxy: "{{ openshift_builddefaults_https_proxy | default(None) }}"
+ no_proxy: "{{ openshift_builddefaults_no_proxy | default(None) }}"
+ git_http_proxy: "{{ openshift_builddefaults_git_http_proxy | default(None) }}"
+ git_https_proxy: "{{ openshift_builddefaults_git_https_proxy | default(None) }}"
+
+- name: Set builddefaults config structure
+ openshift_facts:
+ role: builddefaults
+ local_facts:
+ config: "{{ openshift_builddefaults_json | default(builddefaults_yaml) }}"
+
diff --git a/roles/openshift_builddefaults/vars/main.yml b/roles/openshift_builddefaults/vars/main.yml
new file mode 100644
index 000000000..9727c73a5
--- /dev/null
+++ b/roles/openshift_builddefaults/vars/main.yml
@@ -0,0 +1,15 @@
+---
+builddefaults_yaml:
+ BuildDefaults:
+ configuration:
+ apiVersion: v1
+ kind: BuildDefaultsConfig
+ gitHTTPProxy: "{{ openshift.builddefaults.git_http_proxy | default('', true) }}"
+ gitHTTPSProxy: "{{ openshift.builddefaults.git_https_proxy | default('', true) }}"
+ env:
+ - name: HTTP_PROXY
+ value: "{{ openshift.builddefaults.http_proxy | default('', true) }}"
+ - name: HTTPS_PROXY
+ value: "{{ openshift.builddefaults.https_proxy | default('', true) }}"
+ - name: NO_PROXY
+ value: "{{ openshift.builddefaults.no_proxy | default('', true) | join(',') }}"
diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml
index d7442924f..6111d1207 100644
--- a/roles/openshift_cloud_provider/tasks/main.yml
+++ b/roles/openshift_cloud_provider/tasks/main.yml
@@ -2,8 +2,8 @@
- name: Set cloud provider facts
openshift_facts:
role: cloudprovider
- openshift_env: "{{ hostvars[inventory_hostname]
- | oo_merge_dicts(hostvars)
+ openshift_env: "{{ hostvars
+ | oo_merge_hostvars(vars, inventory_hostname)
| oo_openshift_env }}"
openshift_env_structures:
- 'openshift.cloudprovider.aws.*'
diff --git a/roles/openshift_cloud_provider/templates/openstack.conf.j2 b/roles/openshift_cloud_provider/templates/openstack.conf.j2
index 1b70edc16..8a06b3a08 100644
--- a/roles/openshift_cloud_provider/templates/openstack.conf.j2
+++ b/roles/openshift_cloud_provider/templates/openstack.conf.j2
@@ -11,7 +11,6 @@ tenant-name = {{ openshift.cloudprovider.openstack.tenant_name }}
region = {{ openshift.cloudprovider.openstack.region }}
{% endif %}
{% if 'lb_subnet_id' in openshift.cloudprovider.openstack %}
-+
-+[LoadBalancer]
-+subnet-id = {{ openshift.cloudprovider.openstack.lb_subnet_id }}
-+{% endif %}
+[LoadBalancer]
+subnet-id = {{ openshift.cloudprovider.openstack.lb_subnet_id }}
+{% endif %}
diff --git a/roles/openshift_cluster_metrics/tasks/main.yml b/roles/openshift_cluster_metrics/tasks/main.yml
index d45f62eca..1fc8a074a 100644
--- a/roles/openshift_cluster_metrics/tasks/main.yml
+++ b/roles/openshift_cluster_metrics/tasks/main.yml
@@ -28,7 +28,6 @@
cluster-reader
system:serviceaccount:default:heapster
register: oex_cluster_header_role
- register: oex_cluster_header_role
failed_when: "'already exists' not in oex_cluster_header_role.stderr and oex_cluster_header_role.rc != 0"
changed_when: false
diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml
index d5166b52e..4ec255dbc 100644
--- a/roles/openshift_common/tasks/main.yml
+++ b/roles/openshift_common/tasks/main.yml
@@ -27,7 +27,6 @@
use_nuage: "{{ openshift_use_nuage | default(None) }}"
use_manageiq: "{{ openshift_use_manageiq | default(None) }}"
data_dir: "{{ openshift_data_dir | default(None) }}"
- portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}"
use_dnsmasq: "{{ openshift_use_dnsmasq | default(None) }}"
# Using oo_image_tag_to_rpm_version here is a workaround for how
diff --git a/roles/openshift_common/vars/main.yml b/roles/openshift_common/vars/main.yml
deleted file mode 100644
index 50816d319..000000000
--- a/roles/openshift_common/vars/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# TODO: Upstream kubernetes only supports iptables currently, if this changes,
-# then these variable should be moved to defaults
-# TODO: it might be possible to still use firewalld if we wire up the created
-# chains with the public zone (or the zone associated with the correct
-# interfaces)
-os_firewall_use_firewalld: False
diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml
index 23613b762..4e5cec82f 100644
--- a/roles/openshift_docker/tasks/main.yml
+++ b/roles/openshift_docker/tasks/main.yml
@@ -4,12 +4,13 @@
# openshift_image_tag correctly for upgrades.
- name: Set version when containerized
command: >
- docker run --rm {{ openshift.common.cli_image }}:latest version
+ docker run --rm {{ openshift.common.cli_image }} version
register: cli_image_version
when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is not defined
- set_fact:
- l_image_tag: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0] }}"
+ l_image_tag: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-') if openshift.common.deployment_type == 'origin' else
+ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0] }}"
when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool and openshift_image_tag is not defined
- set_fact:
@@ -23,6 +24,6 @@
with_items:
- role: docker
local_facts:
- openshift_image_tag: "{{ l_image_tag }}"
- openshift_version: "{{ l_image_tag if l_image_tag is defined else '' | oo_image_tag_to_rpm_version }}"
+ openshift_image_tag: "{{ l_image_tag | default(None) }}"
+ openshift_version: "{{ l_image_tag.split('-')[0] | oo_image_tag_to_rpm_version if l_image_tag is defined else '' }}"
when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool
diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml
index 89393168b..3acd2bba8 100644
--- a/roles/openshift_docker_facts/tasks/main.yml
+++ b/roles/openshift_docker_facts/tasks/main.yml
@@ -27,6 +27,9 @@
docker_log_options: "{{ openshift.docker.log_options | default(omit) }}"
docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub
| default(omit) }}"
+ docker_http_proxy: "{{ openshift.common.http_proxy | default(omit) }}"
+ docker_https_proxy: "{{ openshift.common.https_proxy | default(omit) }}"
+ docker_no_proxy: "{{ openshift.common.no_proxy | default(omit) }}"
- set_fact:
docker_options: >
diff --git a/roles/openshift_etcd_facts/meta/main.yml b/roles/openshift_etcd_facts/meta/main.yml
index 18d289ea1..925aa9f92 100644
--- a/roles/openshift_etcd_facts/meta/main.yml
+++ b/roles/openshift_etcd_facts/meta/main.yml
@@ -12,4 +12,4 @@ galaxy_info:
categories:
- cloud
dependencies:
-- role: openshift_common
+- role: openshift_facts
diff --git a/roles/openshift_expand_partition/README.md b/roles/openshift_expand_partition/README.md
index aed4ec871..c9c7b378c 100644
--- a/roles/openshift_expand_partition/README.md
+++ b/roles/openshift_expand_partition/README.md
@@ -45,7 +45,7 @@ space on /dev/xvda, and the file system will be expanded to fill the new
partition space.
- hosts: mynodes
- sudo: no
+ become: no
remote_user: root
gather_facts: no
roles:
@@ -68,7 +68,7 @@ partition space.
* Create an ansible playbook, say `expandvar.yaml`:
```
- hosts: mynodes
- sudo: no
+ become: no
remote_user: root
gather_facts: no
roles:
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 48b117b8f..cb8301da4 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -499,12 +499,12 @@ def set_dnsmasq_facts_if_unset(facts):
"""
if 'common' in facts:
- if 'use_dnsmasq' not in facts['common'] and facts['common']['version_gte_3_2_or_1_2']:
+ if 'use_dnsmasq' not in facts['common'] and safe_get_bool(facts['common']['version_gte_3_2_or_1_2']):
facts['common']['use_dnsmasq'] = True
else:
facts['common']['use_dnsmasq'] = False
if 'master' in facts and 'dns_port' not in facts['master']:
- if facts['common']['use_dnsmasq']:
+ if safe_get_bool(facts['common']['use_dnsmasq']):
facts['master']['dns_port'] = 8053
else:
facts['master']['dns_port'] = 53
@@ -1276,7 +1276,12 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw
facts[key] = copy.deepcopy(value)
new_keys = set(new.keys()) - set(orig.keys())
for key in new_keys:
- facts[key] = copy.deepcopy(new[key])
+ # Watchout for JSON facts that sometimes load as strings.
+ # (can happen if the JSON contains a boolean)
+ if key in inventory_json_facts and isinstance(new[key], basestring):
+ facts[key] = yaml.safe_load(new[key])
+ else:
+ facts[key] = copy.deepcopy(new[key])
return facts
def save_local_facts(filename, facts):
@@ -1327,6 +1332,23 @@ def get_local_facts_from_file(filename):
return local_facts
+def sort_unique(alist):
+ """ Sorts and de-dupes a list
+
+ Args:
+ list: a list
+ Returns:
+ list: a sorted de-duped list
+ """
+
+ alist.sort()
+ out = list()
+ for i in alist:
+ if i not in out:
+ out.append(i)
+
+ return out
+
def safe_get_bool(fact):
""" Get a boolean fact safely.
@@ -1337,6 +1359,62 @@ def safe_get_bool(fact):
"""
return bool(strtobool(str(fact)))
+def set_proxy_facts(facts):
+ """ Set global proxy facts and promote defaults from http_proxy, https_proxy,
+ no_proxy to the more specific builddefaults and builddefaults_git vars.
+ 1. http_proxy, https_proxy, no_proxy
+ 2. builddefaults_*
+ 3. builddefaults_git_*
+
+ Args:
+ facts(dict): existing facts
+ Returns:
+ facts(dict): Updated facts with missing values
+ """
+ if 'common' in facts:
+ common = facts['common']
+ if 'http_proxy' in common or 'https_proxy' in common:
+ if 'no_proxy' in common and \
+ isinstance(common['no_proxy'], basestring):
+ common['no_proxy'] = common['no_proxy'].split(",")
+ elif 'no_proxy' not in common:
+ common['no_proxy'] = []
+ if 'generate_no_proxy_hosts' in common and \
+ safe_get_bool(common['generate_no_proxy_hosts']):
+ if 'no_proxy_internal_hostnames' in common:
+ common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(','))
+ common['no_proxy'].append('.' + common['dns_domain'])
+ # We always add ourselves no matter what
+ common['no_proxy'].append(common['hostname'])
+ common['no_proxy'] = sort_unique(common['no_proxy'])
+ facts['common'] = common
+
+ if 'builddefaults' in facts:
+ builddefaults = facts['builddefaults']
+ common = facts['common']
+ # Copy values from common to builddefaults
+ if 'http_proxy' not in builddefaults and 'http_proxy' in common:
+ builddefaults['http_proxy'] = common['http_proxy']
+ if 'https_proxy' not in builddefaults and 'https_proxy' in common:
+ builddefaults['https_proxy'] = common['https_proxy']
+ if 'no_proxy' not in builddefaults and 'no_proxy' in common:
+ builddefaults['no_proxy'] = common['no_proxy']
+ if 'git_http_proxy' not in builddefaults and 'http_proxy' in builddefaults:
+ builddefaults['git_http_proxy'] = builddefaults['http_proxy']
+ if 'git_https_proxy' not in builddefaults and 'https_proxy' in builddefaults:
+ builddefaults['git_https_proxy'] = builddefaults['https_proxy']
+ # If we're actually defining a proxy config then create kube_admission_plugin_config
+ # if it doesn't exist, then merge builddefaults[config] structure
+ # into kube_admission_plugin_config
+ if 'kube_admission_plugin_config' not in facts['master']:
+ facts['master']['kube_admission_plugin_config'] = dict()
+ if 'config' in builddefaults and ('http_proxy' in builddefaults or \
+ 'https_proxy' in builddefaults):
+ facts['master']['kube_admission_plugin_config'].update(builddefaults['config'])
+ facts['builddefaults'] = builddefaults
+
+ return facts
+
# pylint: disable=too-many-statements
def set_container_facts_if_unset(facts):
""" Set containerized facts.
@@ -1470,7 +1548,8 @@ class OpenShiftFacts(object):
Raises:
OpenShiftFactsUnsupportedRoleError:
"""
- known_roles = ['cloudprovider',
+ known_roles = ['builddefaults',
+ 'cloudprovider',
'common',
'docker',
'etcd',
@@ -1558,6 +1637,7 @@ class OpenShiftFacts(object):
facts = set_manageiq_facts_if_unset(facts)
facts = set_aggregate_facts(facts)
facts = set_etcd_facts_if_unset(facts)
+ facts = set_proxy_facts(facts)
if not safe_get_bool(facts['common']['is_containerized']):
facts = set_installed_variant_rpm_facts(facts)
return dict(openshift=facts)
@@ -1621,7 +1701,8 @@ class OpenShiftFacts(object):
auth_token_max_seconds=500,
oauth_grant_method='auto',
scheduler_predicates=scheduler_predicates,
- scheduler_priorities=scheduler_priorities)
+ scheduler_priorities=scheduler_priorities,
+ dynamic_provisioning_enabled=True)
if 'node' in roles:
defaults['node'] = dict(labels={}, annotations={},
@@ -1644,6 +1725,8 @@ class OpenShiftFacts(object):
defaults['hosted'] = dict(
metrics=dict(
deploy=False,
+ duration=7,
+ resolution=10,
storage=dict(
kind=None,
volume=dict(
@@ -1653,6 +1736,9 @@ class OpenShiftFacts(object):
nfs=dict(
directory='/exports',
options='*(rw,root_squash)'),
+ openstack=dict(
+ filesystem='ext4',
+ volumeID='123'),
host=None,
access_modes=['ReadWriteMany'],
create_pv=True
diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml
index 36def57c8..ff726ae24 100644
--- a/roles/openshift_facts/tasks/main.yml
+++ b/roles/openshift_facts/tasks/main.yml
@@ -5,15 +5,13 @@
when: ansible_version.full | version_compare('1.9.4', 'lt') or ansible_version.full | version_compare('2.0', 'ge')
- name: Detecting Operating System
- shell: ls /run/ostree-booted
- ignore_errors: yes
- failed_when: false
- changed_when: false
- register: ostree_output
+ stat:
+ path: /run/ostree-booted
+ register: ostree_booted
# Locally setup containerized facts for now
- set_fact:
- l_is_atomic: "{{ ostree_output.rc == 0 }}"
+ l_is_atomic: "{{ ostree_booted.stat.exists }}"
- set_fact:
l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}"
@@ -33,3 +31,19 @@
is_containerized: "{{ l_is_containerized | default(None) }}"
public_hostname: "{{ openshift_public_hostname | default(None) }}"
public_ip: "{{ openshift_public_ip | default(None) }}"
+ portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}"
+
+# had to be done outside of the above because hostname isn't yet set
+- name: Gather hostnames for proxy configuration
+ openshift_facts:
+ role: common
+ local_facts:
+ http_proxy: "{{ openshift_http_proxy | default(None) }}"
+ https_proxy: "{{ openshift_https_proxy | default(None) }}"
+ no_proxy: "{{ openshift_no_proxy | default(None) }}"
+ generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}"
+ no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']
+ | union(groups['oo_masters_to_config'])
+ | union(groups['oo_etcd_to_config'] | default([])))
+ | oo_collect('openshift.common.hostname') | default([]) | join (',')
+ }}"
diff --git a/roles/openshift_hosted_facts/tasks/main.yml b/roles/openshift_hosted_facts/tasks/main.yml
index f595e1e81..2a11e6cbd 100644
--- a/roles/openshift_hosted_facts/tasks/main.yml
+++ b/roles/openshift_hosted_facts/tasks/main.yml
@@ -2,6 +2,6 @@
- name: Set hosted facts
openshift_facts:
role: hosted
- openshift_env: "{{ hostvars[inventory_hostname]
- | oo_merge_dicts(hostvars)
+ openshift_env: "{{ hostvars
+ | oo_merge_hostvars(vars, inventory_hostname)
| oo_openshift_env }}"
diff --git a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml
index d8a5b62a0..072f7bb4e 100644
--- a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml
+++ b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml
@@ -15,43 +15,52 @@
changed_when: False
- name: "Create logging project"
- command: {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project logging
+ command: >
+ {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project logging
- name: "Changing projects"
- command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging"
+ command: >
+ {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging
- name: "Creating logging deployer secret"
- command: " {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }}"
+ command: >
+ {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }}
register: secret_output
failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr"
- name: "Copy serviceAccount file"
- copy: dest=/tmp/logging-deployer-sa.yaml
- src={{role_path}}/files/logging-deployer-sa.yaml
- force=yes
+ copy:
+ dest: /tmp/logging-deployer-sa.yaml
+ src: "{{role_path}}/files/logging-deployer-sa.yaml"
+ force: yes
- name: "Create logging-deployer service account"
- command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /tmp/logging-deployer-sa.yaml"
+ command: >
+ {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /tmp/logging-deployer-sa.yaml
register: deployer_output
failed_when: "deployer_output.rc == 1 and 'exists' not in deployer_output.stderr"
- name: "Set permissions for logging-deployer service account"
- command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-role-to-user edit system:serviceaccount:logging:logging-deployer"
+ command: >
+ {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-role-to-user edit system:serviceaccount:logging:logging-deployer
register: permiss_output
failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr"
- name: "Set permissions for fluentd"
- command: {{ openshift.common.admin_binary}} policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd
+ command: >
+ {{ openshift.common.admin_binary}} policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd
register: fluentd_output
failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr"
- name: "Set additional permissions for fluentd"
- command: {{ openshift.common.admin_binary}} policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd
+ command: >
+ {{ openshift.common.admin_binary}} policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd
register: fluentd2_output
failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr"
- name: "Create deployer template"
- command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml -n openshift"
+ command: >
+ {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml -n openshift
register: template_output
failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr"
@@ -90,13 +99,12 @@
- name: "Scale fluentd deployment config"
- command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }}"
-
+ command: >
+ {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }}
- - name: "Scale fluentd replication controller"
- command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale rc/logging-fluentd-1 --replicas={{ fluentd_replicas | default('1') }}"
- - debug: msg="Logging components deployed. Note persistant volume for elasticsearch must be setup manually"
+ - debug:
+ msg: "Logging components deployed. Note persistant volume for elasticsearch must be setup manually"
- name: Delete temp directory
file:
diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml
index cee1f1738..291cdbbb5 100644
--- a/roles/openshift_manage_node/tasks/main.yml
+++ b/roles/openshift_manage_node/tasks/main.yml
@@ -6,7 +6,7 @@
retries: 50
delay: 5
changed_when: false
- with_items: openshift_nodes
+ with_items: "{{ openshift_nodes }}"
- name: Set node schedulability
command: >
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index 09bde6002..16df984f9 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -13,6 +13,14 @@ os_firewall_allow:
port: "{{ openshift.master.dns_port }}/tcp"
- service: skydns udp
port: "{{ openshift.master.dns_port }}/udp"
+# On HA masters version_gte facts are not properly set so open port 53
+# whenever we're not certain of the need
+- service: legacy skydns tcp
+ port: "53/tcp"
+ when: "{{ 'version' not in openshift.common or openshift.common.version == None }}"
+- service: legacy skydns udp
+ port: "53/udp"
+ when: "{{ 'version' not in openshift.common or openshift.common.version == None }}"
- service: Fluentd td-agent tcp
port: 24224/tcp
- service: Fluentd td-agent udp
diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml
index 0d4241e2c..e882e0b8b 100644
--- a/roles/openshift_master/meta/main.yml
+++ b/roles/openshift_master/meta/main.yml
@@ -15,5 +15,6 @@ dependencies:
- role: openshift_docker
- role: openshift_cli
- role: openshift_cloud_provider
+- role: openshift_builddefaults
- role: openshift_master_facts
- role: openshift_hosted_facts
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 18a42bf93..fe0784ea2 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -78,23 +78,50 @@
action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present"
when: (item.kind == 'HTPasswdPasswordIdentityProvider') and
not openshift.common.is_atomic | bool
- with_items: openshift.master.identity_providers
+ with_items: "{{ openshift.master.identity_providers }}"
- name: Ensure htpasswd directory exists
file:
path: "{{ item.filename | dirname }}"
state: directory
when: item.kind == 'HTPasswdPasswordIdentityProvider'
- with_items: openshift.master.identity_providers
+ with_items: "{{ openshift.master.identity_providers }}"
- name: Create the htpasswd file if needed
- copy:
+ template:
dest: "{{ item.filename }}"
- content: ""
+ src: htpasswd.j2
mode: 0600
- force: no
+ backup: yes
when: item.kind == 'HTPasswdPasswordIdentityProvider'
- with_items: openshift.master.identity_providers
+ with_items: "{{ openshift.master.identity_providers }}"
+
+- name: Create the ldap ca file if needed
+ copy:
+ dest: "{{ item.ca if 'ca' in item and '/' in item.ca else openshift_master_config_dir ~ '/' ~ item.ca | default('ldap_ca.crt') }}"
+ content: "{{ openshift.master.ldap_ca }}"
+ mode: 0600
+ backup: yes
+ when: openshift.master.ldap_ca is defined and item.kind == 'LDAPPasswordIdentityProvider'
+ with_items: "{{ openshift.master.identity_providers }}"
+
+- name: Create the openid ca file if needed
+ copy:
+ dest: "{{ item.ca if 'ca' in item and '/' in item.ca else openshift_master_config_dir ~ '/' ~ item.ca | default('openid_ca.crt') }}"
+ content: "{{ openshift.master.openid_ca }}"
+ mode: 0600
+ backup: yes
+ when: openshift.master.openid_ca is defined and item.kind == 'OpenIDIdentityProvider' and item.ca | default('') != ''
+ with_items: "{{ openshift.master.identity_providers }}"
+
+- name: Create the request header ca file if needed
+ copy:
+ dest: "{{ item.clientCA if 'clientCA' in item and '/' in item.clientCA else openshift_master_config_dir ~ '/' ~ item.clientCA | default('request_header_ca.crt') }}"
+ content: "{{ openshift.master.request_header_ca }}"
+ mode: 0600
+ backup: yes
+ when: openshift.master.request_header_ca is defined and item.kind == 'RequestHeaderIdentityProvider' and item.clientCA | default('') != ''
+ with_items: "{{ openshift.master.identity_providers }}"
- name: Install the systemd units
include: systemd_units.yml
@@ -212,7 +239,7 @@
mode: 0700
owner: "{{ item }}"
group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}"
- with_items: client_users
+ with_items: "{{ client_users }}"
# TODO: Update this file if the contents of the source file are not present in
# the dest file, will need to make sure to ignore things that could be added
@@ -220,7 +247,7 @@
command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config
args:
creates: ~{{ item }}/.kube/config
- with_items: client_users
+ with_items: "{{ client_users }}"
- name: Update the permissions on the admin client config(s)
file:
@@ -229,4 +256,4 @@
mode: 0700
owner: "{{ item }}"
group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}"
- with_items: client_users
+ with_items: "{{ client_users }}"
diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2
index 862cfa8f1..4cf632841 100644
--- a/roles/openshift_master/templates/atomic-openshift-master.j2
+++ b/roles/openshift_master/templates/atomic-openshift-master.j2
@@ -10,8 +10,13 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
{% endif %}
# Proxy configuration
-# Origin uses standard HTTP_PROXY environment variables. Be sure to set
-# NO_PROXY for your master
-#NO_PROXY=master.example.com
-#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
-#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
+# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
+{% if 'http_proxy' in openshift.common %}
+HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+{% endif %}
+{% if 'https_proxy' in openshift.common %}
+HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+{% endif %}
+{% if 'no_proxy' in openshift.common %}
+NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+{% endif %}
diff --git a/roles/openshift_master/templates/htpasswd.j2 b/roles/openshift_master/templates/htpasswd.j2
new file mode 100644
index 000000000..ba2c02e20
--- /dev/null
+++ b/roles/openshift_master/templates/htpasswd.j2
@@ -0,0 +1,5 @@
+{% if 'htpasswd_users' in openshift.master %}
+{% for user,pass in openshift.master.htpasswd_users.iteritems() %}
+{{ user ~ ':' ~ pass }}
+{% endfor %}
+{% endif %}
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 979b428bf..48bb8a13f 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -209,3 +209,5 @@ servingInfo:
{% endfor %}
{% endfor %}
{% endif %}
+volumeConfig:
+ dynamicProvisioningEnabled: {{ openshift.master.dynamic_provisioning_enabled }}
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
index 69754ee10..01a8428a0 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
@@ -10,8 +10,13 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
{% endif %}
# Proxy configuration
-# Origin uses standard HTTP_PROXY environment variables. Be sure to set
-# NO_PROXY for your master
-#NO_PROXY=master.example.com
-#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
-#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
+# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
+{% if 'http_proxy' in openshift.common %}
+HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+{% endif %}
+{% if 'https_proxy' in openshift.common %}
+HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+{% endif %}
+{% if 'no_proxy' in openshift.common %}
+NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+{% endif %}
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
index 048a4305a..89ccb1eed 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
@@ -10,8 +10,13 @@ AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
{% endif %}
# Proxy configuration
-# Origin uses standard HTTP_PROXY environment variables. Be sure to set
-# NO_PROXY for your master
-#NO_PROXY=master.example.com
-#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
-#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
+# See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy
+{% if 'http_proxy' in openshift.common %}
+HTTP_PROXY='{{ openshift.common.http_proxy | default('') }}'
+{% endif %}
+{% if 'https_proxy' in openshift.common %}
+HTTPS_PROXY='{{ openshift.common.https_proxy | default('')}}'
+{% endif %}
+{% if 'no_proxy' in openshift.common %}
+NO_PROXY='{{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }}'
+{% endif %}
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 9017b7d2b..394f9d381 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -4,14 +4,14 @@
path: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}"
state: directory
mode: 0700
- with_items: masters_needing_certs
+ with_items: "{{ masters_needing_certs | default([]) }}"
- file:
src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
state: hard
with_nested:
- - masters_needing_certs
+ - "{{ masters_needing_certs | default([]) }}"
-
- ca.crt
- ca.key
@@ -26,7 +26,7 @@
--cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
--overwrite=false
when: item.master_certs_missing | bool
- with_items: masters_needing_certs
+ with_items: "{{ masters_needing_certs | default([]) }}"
- file:
src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
@@ -34,5 +34,5 @@
state: hard
force: true
with_nested:
- - masters_needing_certs
+ - "{{ masters_needing_certs | default([]) }}"
- "{{ hostvars[inventory_hostname] | certificates_to_synchronize }}"
diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml
index a020fdb41..0cbbaffc2 100644
--- a/roles/openshift_master_facts/tasks/main.yml
+++ b/roles/openshift_master_facts/tasks/main.yml
@@ -22,7 +22,6 @@
extension_scripts: "{{ openshift_master_extension_scripts | default(None) }}"
extension_stylesheets: "{{ openshift_master_extension_stylesheets | default(None) }}"
extensions: "{{ openshift_master_extensions | default(None) }}"
- oauth_template: "{{ openshift_master_oauth_template | default(None) }}"
etcd_hosts: "{{ openshift_master_etcd_hosts | default(None) }}"
etcd_port: "{{ openshift_master_etcd_port | default(None) }}"
etcd_use_ssl: "{{ openshift_master_etcd_use_ssl | default(None) }}"
@@ -42,11 +41,15 @@
access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}"
auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}"
identity_providers: "{{ openshift_master_identity_providers | default(None) }}"
+ htpasswd_users: "{{ openshift_master_htpasswd_users | default(lookup('file', openshift_master_htpasswd_file) | oo_htpasswd_users_from_file if openshift_master_htpasswd_file is defined else None) }}"
+ ldap_ca: "{{ openshift_master_ldap_ca | default(lookup('file', openshift_master_ldap_ca_file) if openshift_master_ldap_ca_file is defined else None) }}"
+ openid_ca: "{{ openshift_master_openid_ca | default(lookup('file', openshift_master_openid_ca_file) if openshift_master_openid_ca_file is defined else None) }}"
+ request_header_ca: "{{ openshift_master_request_header_ca | default(lookup('file', openshift_master_request_header_ca_file) if openshift_master_request_header_ca_file is defined else None) }}"
registry_url: "{{ oreg_url | default(None) }}"
oauth_grant_method: "{{ openshift_master_oauth_grant_method | default(None) }}"
sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}"
sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}"
- default_subdomain: "{{ openshift_master_default_subdomain | default(osm_default_subdomain) | default(None) }}"
+ default_subdomain: "{{ openshift_master_default_subdomain | default(osm_default_subdomain | default(None), true) }}"
custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}"
default_node_selector: "{{ osm_default_node_selector | default(None) }}"
project_request_message: "{{ osm_project_request_message | default(None) }}"
@@ -72,3 +75,4 @@
oauth_templates: "{{ openshift_master_oauth_templates | default(None) }}"
oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}"
image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}"
+ dynamic_provisioning_enabled: "{{ openshift_master_dynamic_provisioning_enabled | default(None) }}"
diff --git a/roles/openshift_master_facts/vars/main.yml b/roles/openshift_master_facts/vars/main.yml
new file mode 100644
index 000000000..3b0ee2761
--- /dev/null
+++ b/roles/openshift_master_facts/vars/main.yml
@@ -0,0 +1,14 @@
+builddefaults_yaml:
+ BuildDefaults:
+ configuration:
+ apiVersion: v1
+ kind: BuildDefaultsConfig
+ gitHTTPProxy: "{{ openshift.master.builddefaults_git_http_proxy | default(omit, true) }}"
+ gitHTTPSProxy: "{{ openshift.master.builddefaults_git_https_proxy | default(omit, true) }}"
+ env:
+ - name: HTTP_PROXY
+ value: "{{ openshift.master.builddefaults_http_proxy | default(omit, true) }}"
+ - name: HTTPS_PROXY
+ value: "{{ openshift.master.builddefaults_https_proxy | default(omit, true) }}"
+ - name: NO_PROXY
+ value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}" \ No newline at end of file
diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md
index 610917d7d..2e903379a 100644
--- a/roles/openshift_metrics/README.md
+++ b/roles/openshift_metrics/README.md
@@ -6,12 +6,13 @@ OpenShift Metrics Installation
Requirements
------------
It requires subdomain fqdn to be set.
-If persistence is enabled, then it also requires NFS
+If persistence is enabled, then it also requires NFS.
Role Variables
--------------
From this role:
+
| Name | Default value | |
|-------------------------------------------------|-----------------------|-------------------------------------------------------------|
| openshift_hosted_metrics_deploy | False | If metrics should be deployed |
@@ -19,9 +20,12 @@ From this role:
| openshift_hosted_metrics_storage_volume_name | metrics | Metrics volume within openshift_hosted_metrics_volume_dir |
| openshift_hosted_metrics_storage_volume_size | 10Gi | Metrics volume size |
| openshift_hosted_metrics_storage_nfs_options | *(rw,root_squash) | NFS options for configured exports. |
+| openshift_hosted_metrics_duration | 7 | Metrics query duration |
+| openshift_hosted_metrics_resolution | 10 | Metrics resolution |
From openshift_common:
+
| Name | Default Value | |
|---------------------------------------|----------------|----------------------------------------|
| openshift_master_default_subdomain | null | Subdomain FQDN (Mandatory) |
@@ -35,10 +39,12 @@ openshift_examples
Example Playbook
----------------
+```
- name: Configure openshift-metrics
hosts: oo_first_master
roles:
- role: openshift_metrics
+```
License
-------
diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml
index 1a86cb1ea..ca29ad6e1 100644
--- a/roles/openshift_metrics/tasks/main.yaml
+++ b/roles/openshift_metrics/tasks/main.yaml
@@ -20,6 +20,7 @@
{{ openshift.common.client_binary }}
secrets new metrics-deployer
nothing=/dev/null
+ --config={{hawkular_tmp_conf}}
-n openshift-infra
register: deployer_create_secret
failed_when: "'already exists' not in deployer_create_secret.stderr and deployer_create_secret.rc !=0"
@@ -43,8 +44,9 @@
shell: >
{{ openshift.common.client_binary }} process -f \
/usr/share/openshift/examples/infrastructure-templates/{{ hawkular_type }}/metrics-deployer.yaml -v \
- HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }},USE_PERSISTENT_STORAGE={{ hawkular_persistence }} | \
- {{ openshift.common.client_binary }} create -n openshift-infra -f -
+ HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }} USE_PERSISTENT_STORAGE={{ hawkular_persistence }} \
+ METRIC_DURATION={{ openshift.hosted.metrics.duration }} METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} |
+ {{ openshift.common.client_binary }} create -n openshift-infra --config={{hawkular_tmp_conf}} -f -
register: oex_heapster_services
failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0"
changed_when: false
@@ -52,4 +54,4 @@
- name: Clean temporary config file
command: >
rm -rf {{hawkular_tmp_conf}}
- changed_when: false \ No newline at end of file
+ changed_when: false
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
index c9a7a40c8..216c11093 100644
--- a/roles/openshift_node_certificates/tasks/main.yml
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -1,5 +1,5 @@
---
-- name: Create openshift_generated_configs_dir if it doesn't exist
+- name: Create openshift_generated_configs_dir if it doesn\'t exist
file:
path: "{{ openshift_generated_configs_dir }}"
state: directory
@@ -19,7 +19,7 @@
--user=system:node:{{ item.openshift.common.hostname }}
args:
creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
- with_items: nodes_needing_certs
+ with_items: "{{ nodes_needing_certs | default([]) }}"
- name: Generate the node server certificate
command: >
@@ -33,4 +33,4 @@
--signer-serial={{ openshift_master_ca_serial }}
args:
creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt"
- with_items: nodes_needing_certs
+ with_items: "{{ nodes_needing_certs | default([]) }}"
diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
index 51e0751e9..691fa32f3 100755
--- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
+++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
@@ -46,7 +46,6 @@ EOF
for ns in ${DHCP4_DOMAIN_NAME_SERVERS}; do
echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf
done
- echo "listen-address=${def_route_ip}" >> /etc/dnsmasq.d/origin-upstream-dns.conf
systemctl restart dnsmasq
sed -i 's/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf
diff --git a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml
index cda90bd10..4d1bd3794 100644
--- a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml
+++ b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml
@@ -1,2 +1,2 @@
---
-- fail: msg="Not implemented" \ No newline at end of file
+- fail: msg="Currently, NetworkManager must be installed and enabled prior to installation." \ No newline at end of file
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
index 5dd28d52a..bafda9695 100644
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ b/roles/openshift_serviceaccounts/tasks/main.yml
@@ -1,7 +1,7 @@
- name: test if service accounts exists
command: >
{{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }}
- with_items: openshift_serviceaccounts_names
+ with_items: "{{ openshift_serviceaccounts_names }}"
failed_when: false
changed_when: false
register: account_test
@@ -13,8 +13,8 @@
-n {{ openshift_serviceaccounts_namespace }} create -f -
when: item.1.rc != 0
with_together:
- - openshift_serviceaccounts_names
- - account_test.results
+ - "{{ openshift_serviceaccounts_names }}"
+ - "{{ account_test.results }}"
- name: test if scc needs to be updated
command: >
@@ -22,7 +22,7 @@
changed_when: false
failed_when: false
register: scc_test
- with_items: openshift_serviceaccounts_sccs
+ with_items: "{{ openshift_serviceaccounts_sccs }}"
- name: Grant the user access to the privileged scc
command: >
@@ -30,8 +30,8 @@
privileged system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}
when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
with_nested:
- - openshift_serviceaccounts_names
- - scc_test.results
+ - "{{ openshift_serviceaccounts_names }}"
+ - "{{ scc_test.results }}"
- include: legacy_add_scc_to_user.yml
when: not openshift.common.version_gte_3_1_or_1_1
diff --git a/roles/openshift_storage_nfs/defaults/main.yml b/roles/openshift_storage_nfs/defaults/main.yml
index 90592e9d0..df0bb9fd4 100644
--- a/roles/openshift_storage_nfs/defaults/main.yml
+++ b/roles/openshift_storage_nfs/defaults/main.yml
@@ -16,7 +16,6 @@ openshift:
options: "*(rw,root_squash)"
volume:
name: "metrics"
-os_firewall_use_firewalld: False
os_firewall_allow:
- service: nfs
port: "2049/tcp"
diff --git a/roles/openshift_storage_nfs_lvm/README.md b/roles/openshift_storage_nfs_lvm/README.md
index 1ee02e18a..3680ef5b5 100644
--- a/roles/openshift_storage_nfs_lvm/README.md
+++ b/roles/openshift_storage_nfs_lvm/README.md
@@ -62,7 +62,7 @@ Both of them are mounted into `/exports/openshift` directory. Both directories
exported via NFS. json files are created in /root.
- hosts: nfsservers
- sudo: no
+ become: no
remote_user: root
gather_facts: no
roles:
@@ -87,7 +87,7 @@ exported via NFS. json files are created in /root.
* Create an ansible playbook, say `setupnfs.yaml`:
```
- hosts: nfsservers
- sudo: no
+ become: no
remote_user: root
gather_facts: no
roles:
diff --git a/roles/os_env_extras/files/irbrc b/roles/os_env_extras/files/irbrc
deleted file mode 100644
index 47374e920..000000000
--- a/roles/os_env_extras/files/irbrc
+++ /dev/null
@@ -1,2 +0,0 @@
-require 'irb/completion'
-IRB.conf[:PROMPT_MODE] = :SIMPLE
diff --git a/roles/os_env_extras/files/vimrc b/roles/os_env_extras/files/vimrc
deleted file mode 100644
index 537b944ed..000000000
--- a/roles/os_env_extras/files/vimrc
+++ /dev/null
@@ -1,12 +0,0 @@
-set tabstop=4
-set shiftwidth=4
-set expandtab
-set list
-
-"flag problematic whitespace (trailing and spaces before tabs)
-"Note you get the same by doing let c_space_errors=1 but
-"this rule really applies to everything.
-highlight RedundantSpaces term=standout ctermbg=red guibg=red
-match RedundantSpaces /\s\+$\| \+\ze\t/ "\ze sets end of match so only spaces highlighted
-"use :set list! to toggle visible whitespace on/off
-set listchars=tab:>-,trail:.,extends:>
diff --git a/roles/os_env_extras/tasks/main.yaml b/roles/os_env_extras/tasks/main.yaml
deleted file mode 100644
index 628df713a..000000000
--- a/roles/os_env_extras/tasks/main.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-# environment configuration role, configures irbrc, vimrc
-
-- name: Ensure irbrc is installed for user root
- copy:
- src: irbrc
- dest: /root/.irbrc
-
-- name: Ensure vimrc is installed for user root
- copy:
- src: vimrc
- dest: /root/.vimrc
-
-- name: Bash Completion
- action: "{{ ansible_pkg_mgr }} name=bash-completion state=present"
- when: not openshift.common.is_containerized | bool \ No newline at end of file
diff --git a/roles/os_env_extras_node/tasks/main.yml b/roles/os_env_extras_node/tasks/main.yml
deleted file mode 100644
index 208065df2..000000000
--- a/roles/os_env_extras_node/tasks/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-# From the origin rpm there exists instructions on how to
-# setup origin properly. The following steps come from there
-- name: Change root to be in the Docker group
- user: name=root groups=dockerroot append=yes
diff --git a/roles/os_firewall/defaults/main.yml b/roles/os_firewall/defaults/main.yml
index e3176e611..c870a301a 100644
--- a/roles/os_firewall/defaults/main.yml
+++ b/roles/os_firewall/defaults/main.yml
@@ -1,3 +1,9 @@
---
os_firewall_enabled: True
-os_firewall_use_firewalld: True
+# TODO: Upstream kubernetes only supports iptables currently
+# TODO: it might be possible to still use firewalld if we wire up the created
+# chains with the public zone (or the zone associated with the correct
+# interfaces)
+os_firewall_use_firewalld: False
+os_firewall_allow: []
+os_firewall_deny: []
diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml
index ac4600f83..5ddca1fc0 100644
--- a/roles/os_firewall/tasks/firewall/firewalld.yml
+++ b/roles/os_firewall/tasks/firewall/firewalld.yml
@@ -24,6 +24,18 @@
command: systemctl daemon-reload
when: install_result | changed
+- name: Determine if firewalld service masked
+ command: >
+ systemctl is-enabled firewalld
+ register: os_firewall_firewalld_masked_output
+ changed_when: false
+ failed_when: false
+
+- name: Unmask firewalld service
+ command: >
+ systemctl unmask firewalld
+ when: os_firewall_firewalld_masked_output.stdout == "masked"
+
- name: Start and enable firewalld service
service:
name: firewalld
@@ -52,29 +64,25 @@
port: "{{ item.port }}"
permanent: false
state: enabled
- with_items: os_firewall_allow
- when: os_firewall_allow is defined
+ with_items: "{{ os_firewall_allow }}"
- name: Persist firewalld allow rules
firewalld:
port: "{{ item.port }}"
permanent: true
state: enabled
- with_items: os_firewall_allow
- when: os_firewall_allow is defined
+ with_items: "{{ os_firewall_allow }}"
- name: Remove firewalld allow rules
firewalld:
port: "{{ item.port }}"
permanent: false
state: disabled
- with_items: os_firewall_deny
- when: os_firewall_deny is defined
+ with_items: "{{ os_firewall_deny }}"
- name: Persist removal of firewalld allow rules
firewalld:
port: "{{ item.port }}"
permanent: true
state: disabled
- with_items: os_firewall_deny
- when: os_firewall_deny is defined
+ with_items: "{{ os_firewall_deny }}"
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 3b584f8eb..774916798 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -32,6 +32,24 @@
command: systemctl daemon-reload
when: install_result | changed
+- name: Determine if iptables service masked
+ command: >
+ systemctl is-enabled {{ item }}
+ with_items:
+ - iptables
+ - ip6tables
+ register: os_firewall_iptables_masked_output
+ changed_when: false
+ failed_when: false
+
+- name: Unmask iptables service
+ command: >
+ systemctl unmask {{ item }}
+ with_items:
+ - iptables
+ - ip6tables
+ when: "'masked' in os_firewall_iptables_masked_output.results | map(attribute='stdout')"
+
- name: Start and enable iptables service
service:
name: iptables
@@ -49,8 +67,7 @@
action: add
protocol: "{{ item.port.split('/')[1] }}"
port: "{{ item.port.split('/')[0] }}"
- with_items: os_firewall_allow
- when: os_firewall_allow is defined
+ with_items: "{{ os_firewall_allow }}"
- name: Remove iptables rules
os_firewall_manage_iptables:
@@ -58,5 +75,4 @@
action: remove
protocol: "{{ item.port.split('/')[1] }}"
port: "{{ item.port.split('/')[0] }}"
- with_items: os_firewall_deny
- when: os_firewall_deny is defined
+ with_items: "{{ os_firewall_deny }}"
diff --git a/roles/pods/README.md b/roles/pods/README.md
deleted file mode 100644
index 225dd44b9..000000000
--- a/roles/pods/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-Role Name
-=========
-
-A brief description of the role goes here.
-
-Requirements
-------------
-
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
-
-Role Variables
---------------
-
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
-
-Dependencies
-------------
-
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
-
-Example Playbook
-----------------
-
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
-
- - hosts: servers
- roles:
- - { role: username.rolename, x: 42 }
-
-License
--------
-
-BSD
-
-Author Information
-------------------
-
-An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/roles/pods/files/pods/docker-registry.json b/roles/pods/files/pods/docker-registry.json
deleted file mode 100644
index a480e6b30..000000000
--- a/roles/pods/files/pods/docker-registry.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
- "kind": "Pod",
- "version": "v1beta2",
- "desiredState": {
- "manifest": {
- "version": "v1beta1",
- "containers": [{
- "name": "docker-registry",
- "image": "registry",
- "volumeMounts": [{
- "name": "data",
- "mountPath": "/var/lib/docker-registry"
- }],
- "ports": [{
- "containerPort": 5000,
- "hostPort": 9999
- }]
- }],
- "volumes": [{
- "name": "data",
- "source": {
- "emptyDir": true
- }
- }]
- }
- },
- "labels": {
- "name": "docker-registry"
- }
-}
diff --git a/roles/pods/files/pods/fedora_apache.json b/roles/pods/files/pods/fedora_apache.json
deleted file mode 100644
index 187927559..000000000
--- a/roles/pods/files/pods/fedora_apache.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "id": "apache",
- "kind": "Pod",
- "apiVersion": "v1beta2",
- "desiredState": {
- "manifest": {
- "version": "v1beta1",
- "id": "apache-1",
- "containers": [{
- "name": "master",
- "image": "fedora/apache",
- "ports": [{
- "containerPort": 80,
- "hostPort": 80
- }]
- }]
- }
- },
- "labels": {
- "name": "apache",
- "distro": "fedora"
- }
-}
diff --git a/roles/pods/files/pods/frontend-controller.json b/roles/pods/files/pods/frontend-controller.json
deleted file mode 100644
index 2a2cdea9a..000000000
--- a/roles/pods/files/pods/frontend-controller.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- "id": "frontendController",
- "kind": "ReplicationController",
- "apiVersion": "v1beta2",
- "desiredState": {
- "replicas": 2,
- "replicaSelector": {"name": "frontend"},
- "podTemplate": {
- "desiredState": {
- "manifest": {
- "version": "v1beta1",
- "id": "frontendController",
- "containers": [{
- "name": "php-redis",
- "image": "brendanburns/php-redis",
- "ports": [{"containerPort": 80, "hostPort": 8000}]
- }]
- }
- },
- "labels": {"name": "frontend"}
- }},
- "labels": {"name": "frontend"}
-}
diff --git a/roles/pods/files/pods/redis-master-service.json b/roles/pods/files/pods/redis-master-service.json
deleted file mode 100644
index 0f590272d..000000000
--- a/roles/pods/files/pods/redis-master-service.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "id": "redismaster",
- "kind": "Service",
- "apiVersion": "v1beta2",
- "port": 10000,
- "containerPort": 6379,
- "selector": {
- "name": "redis-master"
- }
-}
diff --git a/roles/pods/files/pods/redis-master.json b/roles/pods/files/pods/redis-master.json
deleted file mode 100644
index 0a281a045..000000000
--- a/roles/pods/files/pods/redis-master.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "id": "redis-master-2",
- "kind": "Pod",
- "apiVersion": "v1beta2",
- "desiredState": {
- "manifest": {
- "version": "v1beta1",
- "id": "redis-master-2",
- "containers": [{
- "name": "master",
- "image": "dockerfile/redis",
- "ports": [{
- "containerPort": 6379,
- "hostPort": 6379
- }]
- }]
- }
- },
- "labels": {
- "name": "redis-master"
- }
-}
diff --git a/roles/pods/files/pods/redis-slave-controller.json b/roles/pods/files/pods/redis-slave-controller.json
deleted file mode 100644
index b85fff66a..000000000
--- a/roles/pods/files/pods/redis-slave-controller.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
- "id": "redisSlaveController",
- "kind": "ReplicationController",
- "apiVersion": "v1beta2",
- "desiredState": {
- "replicas": 2,
- "replicaSelector": {"name": "redisslave"},
- "podTemplate": {
- "desiredState": {
- "manifest": {
- "version": "v1beta1",
- "id": "redisSlaveController",
- "containers": [{
- "name": "slave",
- "image": "brendanburns/redis-slave",
- "ports": [{"containerPort": 6379, "hostPort": 6380}]
- }]
- }
- },
- "labels": {"name": "redisslave"}
- }},
- "labels": {"name": "redisslave"}
-}
-
diff --git a/roles/pods/files/pods/redis-slave-service.json b/roles/pods/files/pods/redis-slave-service.json
deleted file mode 100644
index e1c5029f6..000000000
--- a/roles/pods/files/pods/redis-slave-service.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- "id": "redisslave",
- "kind": "Service",
- "apiVersion": "v1beta2",
- "port": 10001,
- "containerPort": 6379,
- "labels": {
- "name": "redisslave"
- },
- "selector": {
- "name": "redisslave"
- }
-}
diff --git a/roles/pods/files/pods/registry-service.json b/roles/pods/files/pods/registry-service.json
deleted file mode 100644
index 3a711a1ac..000000000
--- a/roles/pods/files/pods/registry-service.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "id": "dockerregistry",
- "kind": "Service",
- "apiVersion": "v1beta2",
- "port": 8888,
- "selector": {
- "name": "docker-registry"
- }
-}
-
diff --git a/roles/pods/meta/main.yml b/roles/pods/meta/main.yml
deleted file mode 100644
index bddf14bb2..000000000
--- a/roles/pods/meta/main.yml
+++ /dev/null
@@ -1,124 +0,0 @@
----
-galaxy_info:
- author: your name
- description:
- company: your company (optional)
- # Some suggested licenses:
- # - BSD (default)
- # - MIT
- # - GPLv2
- # - GPLv3
- # - Apache
- # - CC-BY
- license: license (GPLv2, CC-BY, etc)
- min_ansible_version: 1.2
- #
- # Below are all platforms currently available. Just uncomment
- # the ones that apply to your role. If you don't see your
- # platform on this list, let us know and we'll get it added!
- #
- #platforms:
- #- name: EL
- # versions:
- # - all
- # - 5
- # - 6
- # - 7
- #- name: GenericUNIX
- # versions:
- # - all
- # - any
- #- name: Fedora
- # versions:
- # - all
- # - 16
- # - 17
- # - 18
- # - 19
- # - 20
- #- name: opensuse
- # versions:
- # - all
- # - 12.1
- # - 12.2
- # - 12.3
- # - 13.1
- # - 13.2
- #- name: Amazon
- # versions:
- # - all
- # - 2013.03
- # - 2013.09
- #- name: GenericBSD
- # versions:
- # - all
- # - any
- #- name: FreeBSD
- # versions:
- # - all
- # - 8.0
- # - 8.1
- # - 8.2
- # - 8.3
- # - 8.4
- # - 9.0
- # - 9.1
- # - 9.1
- # - 9.2
- #- name: Ubuntu
- # versions:
- # - all
- # - lucid
- # - maverick
- # - natty
- # - oneiric
- # - precise
- # - quantal
- # - raring
- # - saucy
- # - trusty
- #- name: SLES
- # versions:
- # - all
- # - 10SP3
- # - 10SP4
- # - 11
- # - 11SP1
- # - 11SP2
- # - 11SP3
- #- name: GenericLinux
- # versions:
- # - all
- # - any
- #- name: Debian
- # versions:
- # - all
- # - etch
- # - lenny
- # - squeeze
- # - wheezy
- #
- # Below are all categories currently available. Just as with
- # the platforms above, uncomment those that apply to your role.
- #
- #categories:
- #- cloud
- #- cloud:ec2
- #- cloud:gce
- #- cloud:rax
- #- clustering
- #- database
- #- database:nosql
- #- database:sql
- #- development
- #- monitoring
- #- networking
- #- packaging
- #- system
- #- web
-dependencies: []
- # List your role dependencies here, one per line. Only
- # dependencies available via galaxy should be listed here.
- # Be sure to remove the '[]' above if you add dependencies
- # to this list.
-
diff --git a/roles/pods/tasks/main.yml b/roles/pods/tasks/main.yml
deleted file mode 100644
index 30c387c65..000000000
--- a/roles/pods/tasks/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Transfer the fedora_apache pod template
- file: path=/usr/local/etc/pods state=directory
-
-- name: Transfer the fedora_apache pod template
- copy: directory_mode=on src=pods/ dest=/usr/local/etc/pods/