summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/container_runtime/defaults/main.yml1
-rw-r--r--roles/etcd/defaults/main.yaml2
-rw-r--r--roles/lib_utils/filter_plugins/oo_filters.py48
-rw-r--r--roles/openshift_aws/templates/user_data.j23
-rw-r--r--roles/openshift_facts/defaults/main.yml3
-rw-r--r--roles/openshift_logging_curator/tasks/main.yaml7
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/main.yaml327
-rw-r--r--roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml7
-rw-r--r--roles/openshift_logging_kibana/tasks/main.yaml7
-rw-r--r--roles/openshift_logging_mux/tasks/main.yaml55
-rw-r--r--roles/openshift_metrics/tasks/install_cassandra.yaml7
-rw-r--r--roles/openshift_metrics/tasks/install_hawkular.yaml7
-rw-r--r--roles/openshift_metrics/tasks/install_heapster.yaml19
-rw-r--r--roles/openshift_metrics/tasks/install_hosa.yaml13
-rw-r--r--roles/openshift_node/files/bootstrap.yml8
-rw-r--r--roles/openshift_openstack/defaults/main.yml4
-rw-r--r--roles/openshift_openstack/templates/heat_stack.yaml.j222
-rw-r--r--roles/openshift_prometheus/tasks/install_prometheus.yaml61
-rw-r--r--roles/openshift_provisioners/tasks/install_provisioners.yaml15
-rw-r--r--roles/openshift_service_catalog/tasks/install.yml57
-rw-r--r--roles/openshift_service_catalog/tasks/start_api_server.yml4
-rw-r--r--roles/openshift_web_console/tasks/install.yml153
-rw-r--r--roles/template_service_broker/tasks/install.yml25
23 files changed, 492 insertions, 363 deletions
diff --git a/roles/container_runtime/defaults/main.yml b/roles/container_runtime/defaults/main.yml
index 22e16d29d..01540776f 100644
--- a/roles/container_runtime/defaults/main.yml
+++ b/roles/container_runtime/defaults/main.yml
@@ -101,6 +101,7 @@ l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registrie
# options:
# - rw
# - mode=755
+# type: bind
container_runtime_crio_additional_mounts: []
l_crio_additional_mounts: "{{ ',' + (container_runtime_crio_additional_mounts | lib_utils_oo_l_of_d_to_csv) if container_runtime_crio_additional_mounts != [] else '' }}"
diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml
index 87e249642..6f1dc5847 100644
--- a/roles/etcd/defaults/main.yaml
+++ b/roles/etcd/defaults/main.yaml
@@ -78,7 +78,7 @@ etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_p
# required role variable
#etcd_peer: 127.0.0.1
-etcdctlv2: "etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} -C https://{{ etcd_peer }}:{{ etcd_client_port }}"
+etcdctlv2: "{{ r_etcd_common_etcdctl_command }} --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} -C https://{{ etcd_peer }}:{{ etcd_client_port }}"
etcd_service: "{{ 'etcd_container' if r_etcd_common_etcd_runtime == 'docker' else 'etcd' }}"
# Location of the service file is fixed and not meant to be changed
diff --git a/roles/lib_utils/filter_plugins/oo_filters.py b/roles/lib_utils/filter_plugins/oo_filters.py
index c355115b5..ed6bb4c28 100644
--- a/roles/lib_utils/filter_plugins/oo_filters.py
+++ b/roles/lib_utils/filter_plugins/oo_filters.py
@@ -660,6 +660,50 @@ def map_from_pairs(source, delim="="):
return dict(item.split(delim) for item in source.split(","))
+def lib_utils_oo_get_node_labels(source, hostvars=None):
+ ''' Return a list of labels assigned to schedulable nodes '''
+ labels = list()
+
+ # Filter out the unschedulable nodes
+ for host in source:
+ if host not in hostvars:
+ return
+ node_vars = hostvars[host]
+
+ # All nodes are considered schedulable,
+ # unless explicitly marked so
+ schedulable = node_vars.get('openshift_schedulable')
+ if schedulable is None:
+ schedulable = True
+ try:
+ if not strtobool(str(schedulable)):
+ # explicitly marked as unschedulable
+ continue
+ except ValueError:
+ # Incorrect value in openshift_schedulable, skip node
+ continue
+
+ # Get a list of labels from the node
+ node_labels = node_vars.get('openshift_node_labels')
+ if node_labels:
+ labels.append(node_labels)
+
+ return labels
+
+
+def lib_utils_oo_has_no_matching_selector(source, selector=None):
+ ''' Return True when selector cannot be placed
+ on nodes with labels from source '''
+ # Empty selector means any node
+ if not selector:
+ return False
+ for item in source:
+ if selector.items() <= item.items():
+ # Matching selector found
+ return False
+ return True
+
+
class FilterModule(object):
""" Custom ansible filter mapping """
@@ -691,5 +735,7 @@ class FilterModule(object):
"lib_utils_oo_selector_to_string_list": lib_utils_oo_selector_to_string_list,
"lib_utils_oo_filter_sa_secrets": lib_utils_oo_filter_sa_secrets,
"lib_utils_oo_l_of_d_to_csv": lib_utils_oo_l_of_d_to_csv,
- "map_from_pairs": map_from_pairs
+ "lib_utils_oo_has_no_matching_selector": lib_utils_oo_has_no_matching_selector,
+ "lib_utils_oo_get_node_labels": lib_utils_oo_get_node_labels,
+ "map_from_pairs": map_from_pairs,
}
diff --git a/roles/openshift_aws/templates/user_data.j2 b/roles/openshift_aws/templates/user_data.j2
index bda1334cd..46e4e1cc5 100644
--- a/roles/openshift_aws/templates/user_data.j2
+++ b/roles/openshift_aws/templates/user_data.j2
@@ -20,6 +20,9 @@ runcmd:
- [ ansible-playbook, /root/openshift_bootstrap/bootstrap.yml]
{% endif %}
{% if openshift_aws_node_group.group != 'master' %}
+{# Restarting systemd-hostnamed ensures that instances will have FQDN
+hostnames following network restart. #}
+- [ systemctl, restart, systemd-hostnamed]
- [ systemctl, restart, NetworkManager]
- [ systemctl, enable, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node]
- [ systemctl, start, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node]
diff --git a/roles/openshift_facts/defaults/main.yml b/roles/openshift_facts/defaults/main.yml
index a223ffba6..3b381b1e4 100644
--- a/roles/openshift_facts/defaults/main.yml
+++ b/roles/openshift_facts/defaults/main.yml
@@ -104,3 +104,6 @@ openshift_service_type_dict:
openshift-enterprise: atomic-openshift
openshift_service_type: "{{ openshift_service_type_dict[openshift_deployment_type] }}"
+
+# Create a list of node labels (dict) for schedulable nodes
+openshift_schedulable_node_labels: "{{ groups['oo_nodes_to_config'] | lib_utils_oo_get_node_labels(hostvars) }}"
diff --git a/roles/openshift_logging_curator/tasks/main.yaml b/roles/openshift_logging_curator/tasks/main.yaml
index 6e8605d28..456a25082 100644
--- a/roles/openshift_logging_curator/tasks/main.yaml
+++ b/roles/openshift_logging_curator/tasks/main.yaml
@@ -14,6 +14,13 @@
- include_tasks: determine_version.yaml
+- name: Ensure that logging curator has nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for logging curator - '{{ openshift_logging_curator_nodeselector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(openshift_logging_curator_nodeselector)
+
# allow passing in a tempdir
- name: Create temp directory for doing work in
command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml
index 9db67ea9b..64e5a3a1f 100644
--- a/roles/openshift_logging_elasticsearch/tasks/main.yaml
+++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml
@@ -1,4 +1,11 @@
---
+- name: Ensure that ElasticSearch has nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for Elasticsearch - '{{ openshift_logging_es_nodeselector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(openshift_logging_es_nodeselector)
+
- name: Validate Elasticsearch cluster size
fail: msg="The openshift_logging_es_cluster_size may only be scaled down manually. Please see official documentation on how to do this."
when: openshift_logging_facts.elasticsearch.deploymentconfigs | length > openshift_logging_es_cluster_size|int
@@ -18,8 +25,8 @@
- name: Set default image variables based on openshift_deployment_type
include_vars: "{{ var_file_name }}"
with_first_found:
- - "{{ openshift_deployment_type }}.yml"
- - "default_images.yml"
+ - "{{ openshift_deployment_type }}.yml"
+ - "default_images.yml"
loop_control:
loop_var: var_file_name
@@ -35,14 +42,14 @@
- set_fact:
full_restart_cluster: True
when:
- - _es_installed_version is defined
- - _es_installed_version.split('.')[0] | int < __es_version.split('.')[0] | int
+ - _es_installed_version is defined
+ - _es_installed_version.split('.')[0] | int < __es_version.split('.')[0] | int
- set_fact:
full_restart_cluster: True
when:
- - _es_ops_installed_version is defined
- - _es_ops_installed_version.split('.')[0] | int < __es_version.split('.')[0] | int
+ - _es_ops_installed_version is defined
+ - _es_ops_installed_version.split('.')[0] | int < __es_version.split('.')[0] | int
# allow passing in a tempdir
- name: Create temp directory for doing work in
@@ -78,7 +85,7 @@
name: "aggregated-logging-elasticsearch"
namespace: "{{ openshift_logging_elasticsearch_namespace }}"
when:
- - openshift_logging_image_pull_secret == ''
+ - openshift_logging_image_pull_secret == ''
# rolebinding reader
- name: Create rolebinding-reader role
@@ -86,9 +93,9 @@
state: present
name: rolebinding-reader
rules:
- - apiGroups: [""]
- resources: ["clusterrolebindings"]
- verbs: ["get"]
+ - apiGroups: [""]
+ resources: ["clusterrolebindings"]
+ verbs: ["get"]
# SA roles
- name: Set rolebinding-reader permissions for ES
@@ -128,8 +135,8 @@
- fail:
msg: "There was an error creating the logging-metrics-role and binding: {{prometheus_out}}"
when:
- - "prometheus_out.stderr | length > 0"
- - "'already exists' not in prometheus_out.stderr"
+ - "prometheus_out.stderr | length > 0"
+ - "'already exists' not in prometheus_out.stderr"
- set_fact:
_logging_metrics_proxy_passwd: "{{ 16 | lib_utils_oo_random_word | b64encode }}"
@@ -151,8 +158,8 @@
roleRef:
name: view
subjects:
- - kind: ServiceAccount
- name: aggregated-logging-elasticsearch
+ - kind: ServiceAccount
+ name: aggregated-logging-elasticsearch
changed_when: no
- name: Set logging-elasticsearch-view-role role
@@ -162,18 +169,18 @@
kind: rolebinding
namespace: "{{ openshift_logging_elasticsearch_namespace }}"
files:
- - "{{ tempdir }}/logging-elasticsearch-view-role.yaml"
+ - "{{ tempdir }}/logging-elasticsearch-view-role.yaml"
delete_after: true
# configmap
- assert:
that:
- - openshift_logging_elasticsearch_kibana_index_mode in __kibana_index_modes
+ - openshift_logging_elasticsearch_kibana_index_mode in __kibana_index_modes
msg: "The openshift_logging_elasticsearch_kibana_index_mode '{{ openshift_logging_elasticsearch_kibana_index_mode }}' only supports one of: {{ __kibana_index_modes | join(', ') }}"
- assert:
that:
- - "{{ openshift_logging_es_log_appenders | length > 0 }}"
+ - "{{ openshift_logging_es_log_appenders | length > 0 }}"
msg: "The openshift_logging_es_log_appenders '{{ openshift_logging_es_log_appenders }}' has an unrecognized option and only supports the following as a list: {{ __es_log_appenders | join(', ') }}"
- template:
@@ -189,81 +196,81 @@
# create diff between current configmap files and our current files
- when: not openshift_logging_es5_techpreview
block:
- - template:
- src: "{{ __base_file_dir }}/elasticsearch-logging.yml.j2"
- dest: "{{ tempdir }}/elasticsearch-logging.yml"
- vars:
- root_logger: "{{openshift_logging_es_log_appenders | join(', ')}}"
- changed_when: no
-
- - include_role:
- name: openshift_logging
- tasks_from: patch_configmap_files.yaml
- vars:
- configmap_name: "logging-elasticsearch"
- configmap_namespace: "logging"
- configmap_file_names:
- - current_file: "elasticsearch.yml"
- new_file: "{{ tempdir }}/elasticsearch.yml"
- protected_lines: ["number_of_shards", "number_of_replicas"]
- - current_file: "logging.yml"
- new_file: "{{ tempdir }}/elasticsearch-logging.yml"
-
- - name: Set ES configmap
- oc_configmap:
- state: present
- name: "{{ elasticsearch_name }}"
- namespace: "{{ openshift_logging_elasticsearch_namespace }}"
- from_file:
- elasticsearch.yml: "{{ tempdir }}/elasticsearch.yml"
- logging.yml: "{{ tempdir }}/elasticsearch-logging.yml"
- register: es_config_creation
- notify: "restart elasticsearch"
+ - template:
+ src: "{{ __base_file_dir }}/elasticsearch-logging.yml.j2"
+ dest: "{{ tempdir }}/elasticsearch-logging.yml"
+ vars:
+ root_logger: "{{openshift_logging_es_log_appenders | join(', ')}}"
+ changed_when: no
+
+ - include_role:
+ name: openshift_logging
+ tasks_from: patch_configmap_files.yaml
+ vars:
+ configmap_name: "logging-elasticsearch"
+ configmap_namespace: "logging"
+ configmap_file_names:
+ - current_file: "elasticsearch.yml"
+ new_file: "{{ tempdir }}/elasticsearch.yml"
+ protected_lines: ["number_of_shards", "number_of_replicas"]
+ - current_file: "logging.yml"
+ new_file: "{{ tempdir }}/elasticsearch-logging.yml"
+
+ - name: Set ES configmap
+ oc_configmap:
+ state: present
+ name: "{{ elasticsearch_name }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
+ from_file:
+ elasticsearch.yml: "{{ tempdir }}/elasticsearch.yml"
+ logging.yml: "{{ tempdir }}/elasticsearch-logging.yml"
+ register: es_config_creation
+ notify: "restart elasticsearch"
- when: openshift_logging_es5_techpreview | bool
block:
- - template:
- src: "{{ __base_file_dir }}/log4j2.properties.j2"
- dest: "{{ tempdir }}/log4j2.properties"
- vars:
- root_logger: "{{ openshift_logging_es_log_appenders | list }}"
- changed_when: no
-
- - include_role:
- name: openshift_logging
- tasks_from: patch_configmap_files.yaml
- vars:
- configmap_name: "logging-elasticsearch"
- configmap_namespace: "logging"
- configmap_file_names:
- - current_file: "elasticsearch.yml"
- new_file: "{{ tempdir }}/elasticsearch.yml"
- - current_file: "log4j2.properties"
- new_file: "{{ tempdir }}/log4j2.properties"
-
- - name: Set ES configmap
- oc_configmap:
- state: present
- name: "{{ elasticsearch_name }}"
- namespace: "{{ openshift_logging_elasticsearch_namespace }}"
- from_file:
- elasticsearch.yml: "{{ tempdir }}/elasticsearch.yml"
- log4j2.properties: "{{ tempdir }}/log4j2.properties"
- register: es_config_creation
- notify: "restart elasticsearch"
+ - template:
+ src: "{{ __base_file_dir }}/log4j2.properties.j2"
+ dest: "{{ tempdir }}/log4j2.properties"
+ vars:
+ root_logger: "{{ openshift_logging_es_log_appenders | list }}"
+ changed_when: no
+
+ - include_role:
+ name: openshift_logging
+ tasks_from: patch_configmap_files.yaml
+ vars:
+ configmap_name: "logging-elasticsearch"
+ configmap_namespace: "logging"
+ configmap_file_names:
+ - current_file: "elasticsearch.yml"
+ new_file: "{{ tempdir }}/elasticsearch.yml"
+ - current_file: "log4j2.properties"
+ new_file: "{{ tempdir }}/log4j2.properties"
+
+ - name: Set ES configmap
+ oc_configmap:
+ state: present
+ name: "{{ elasticsearch_name }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
+ from_file:
+ elasticsearch.yml: "{{ tempdir }}/elasticsearch.yml"
+ log4j2.properties: "{{ tempdir }}/log4j2.properties"
+ register: es_config_creation
+ notify: "restart elasticsearch"
- when: es_config_creation.changed | bool
block:
- - set_fact:
- _restart_logging_components: "{{ _restart_logging_components | default([]) + [es_component] | unique }}"
+ - set_fact:
+ _restart_logging_components: "{{ _restart_logging_components | default([]) + [es_component] | unique }}"
- - shell: >
- {{ openshift_client_binary }} get dc -l component="{{ es_component }}" -n "{{ openshift_logging_elasticsearch_namespace }}" -o name | cut -d'/' -f2
- register: _es_dcs
+ - shell: >
+ {{ openshift_client_binary }} get dc -l component="{{ es_component }}" -n "{{ openshift_logging_elasticsearch_namespace }}" -o name | cut -d'/' -f2
+ register: _es_dcs
- - set_fact:
- _restart_logging_nodes: "{{ _restart_logging_nodes | default([]) + [_es_dcs.stdout] | unique }}"
- when: _es_dcs.stdout != ""
+ - set_fact:
+ _restart_logging_nodes: "{{ _restart_logging_nodes | default([]) + [_es_dcs.stdout] | unique }}"
+ when: _es_dcs.stdout != ""
# secret
- name: Set ES secret
@@ -272,24 +279,24 @@
name: "logging-elasticsearch"
namespace: "{{ openshift_logging_elasticsearch_namespace }}"
files:
- - name: key
- path: "{{ generated_certs_dir }}/logging-es.jks"
- - name: truststore
- path: "{{ generated_certs_dir }}/truststore.jks"
- - name: searchguard.key
- path: "{{ generated_certs_dir }}/elasticsearch.jks"
- - name: searchguard.truststore
- path: "{{ generated_certs_dir }}/truststore.jks"
- - name: admin-key
- path: "{{ generated_certs_dir }}/system.admin.key"
- - name: admin-cert
- path: "{{ generated_certs_dir }}/system.admin.crt"
- - name: admin-ca
- path: "{{ generated_certs_dir }}/ca.crt"
- - name: admin.jks
- path: "{{ generated_certs_dir }}/system.admin.jks"
- - name: passwd.yml
- path: "{{mktemp.stdout}}/passwd.yml"
+ - name: key
+ path: "{{ generated_certs_dir }}/logging-es.jks"
+ - name: truststore
+ path: "{{ generated_certs_dir }}/truststore.jks"
+ - name: searchguard.key
+ path: "{{ generated_certs_dir }}/elasticsearch.jks"
+ - name: searchguard.truststore
+ path: "{{ generated_certs_dir }}/truststore.jks"
+ - name: admin-key
+ path: "{{ generated_certs_dir }}/system.admin.key"
+ - name: admin-cert
+ path: "{{ generated_certs_dir }}/system.admin.crt"
+ - name: admin-ca
+ path: "{{ generated_certs_dir }}/ca.crt"
+ - name: admin.jks
+ path: "{{ generated_certs_dir }}/system.admin.jks"
+ - name: passwd.yml
+ path: "{{mktemp.stdout}}/passwd.yml"
# services
- name: Set logging-{{ es_component }}-cluster service
@@ -303,7 +310,7 @@
labels:
logging-infra: 'support'
ports:
- - port: 9300
+ - port: 9300
- name: Set logging-{{ es_component }} service
oc_service:
@@ -316,8 +323,8 @@
labels:
logging-infra: 'support'
ports:
- - port: 9200
- targetPort: "restapi"
+ - port: 9200
+ targetPort: "restapi"
- name: Set logging-{{ es_component}}-prometheus service
oc_service:
@@ -327,9 +334,9 @@
labels:
logging-infra: 'support'
ports:
- - name: proxy
- port: 443
- targetPort: 4443
+ - name: proxy
+ port: 443
+ targetPort: 4443
selector:
component: "{{ es_component }}"
provider: openshift
@@ -357,46 +364,46 @@
# so we check for the presence of 'stderr' to determine if the obj exists or not
# the RC for existing and not existing is both 0
- when:
- - logging_elasticsearch_pvc.results.stderr is defined
- - openshift_logging_elasticsearch_storage_type == "pvc"
+ - logging_elasticsearch_pvc.results.stderr is defined
+ - openshift_logging_elasticsearch_storage_type == "pvc"
block:
- # storageclasses are used by default but if static then disable
- # storageclasses with the storageClassName set to "" in pvc.j2
- - name: Creating ES storage template - static
- template:
- src: "{{ __base_file_dir }}/pvc.j2"
- dest: "{{ tempdir }}/templates/logging-es-pvc.yml"
- vars:
- obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}"
- size: "{{ (openshift_logging_elasticsearch_pvc_size | trim | length == 0) | ternary('10Gi', openshift_logging_elasticsearch_pvc_size) }}"
- access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}"
- pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}"
- storage_class_name: "{{ openshift_logging_elasticsearch_pvc_storage_class_name | default('', true) }}"
- when:
- - not openshift_logging_elasticsearch_pvc_dynamic | bool
-
- # Storageclasses are used by default if configured
- - name: Creating ES storage template - dynamic
- template:
- src: "{{ __base_file_dir }}/pvc.j2"
- dest: "{{ tempdir }}/templates/logging-es-pvc.yml"
- vars:
- obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}"
- size: "{{ (openshift_logging_elasticsearch_pvc_size | trim | length == 0) | ternary('10Gi', openshift_logging_elasticsearch_pvc_size) }}"
- access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}"
- pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}"
- when:
- - openshift_logging_elasticsearch_pvc_dynamic | bool
-
- - name: Set ES storage
- oc_obj:
- state: present
- kind: pvc
- name: "{{ openshift_logging_elasticsearch_pvc_name }}"
- namespace: "{{ openshift_logging_elasticsearch_namespace }}"
- files:
- - "{{ tempdir }}/templates/logging-es-pvc.yml"
- delete_after: true
+ # storageclasses are used by default but if static then disable
+ # storageclasses with the storageClassName set to "" in pvc.j2
+ - name: Creating ES storage template - static
+ template:
+ src: "{{ __base_file_dir }}/pvc.j2"
+ dest: "{{ tempdir }}/templates/logging-es-pvc.yml"
+ vars:
+ obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}"
+ size: "{{ (openshift_logging_elasticsearch_pvc_size | trim | length == 0) | ternary('10Gi', openshift_logging_elasticsearch_pvc_size) }}"
+ access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}"
+ pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}"
+ storage_class_name: "{{ openshift_logging_elasticsearch_pvc_storage_class_name | default('', true) }}"
+ when:
+ - not openshift_logging_elasticsearch_pvc_dynamic | bool
+
+ # Storageclasses are used by default if configured
+ - name: Creating ES storage template - dynamic
+ template:
+ src: "{{ __base_file_dir }}/pvc.j2"
+ dest: "{{ tempdir }}/templates/logging-es-pvc.yml"
+ vars:
+ obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}"
+ size: "{{ (openshift_logging_elasticsearch_pvc_size | trim | length == 0) | ternary('10Gi', openshift_logging_elasticsearch_pvc_size) }}"
+ access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}"
+ pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}"
+ when:
+ - openshift_logging_elasticsearch_pvc_dynamic | bool
+
+ - name: Set ES storage
+ oc_obj:
+ state: present
+ kind: pvc
+ name: "{{ openshift_logging_elasticsearch_pvc_name }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
+ files:
+ - "{{ tempdir }}/templates/logging-es-pvc.yml"
+ delete_after: true
- set_fact:
es_deploy_name: "logging-{{ es_component }}-{{ openshift_logging_elasticsearch_deployment_type }}-{{ 8 | lib_utils_oo_random_word('abcdefghijklmnopqrstuvwxyz0123456789') }}"
@@ -437,7 +444,7 @@
namespace: "{{ openshift_logging_elasticsearch_namespace }}"
kind: dc
files:
- - "{{ tempdir }}/templates/logging-es-dc.yml"
+ - "{{ tempdir }}/templates/logging-es-dc.yml"
delete_after: true
register: es_dc_creation
notify: "restart elasticsearch"
@@ -452,37 +459,37 @@
src: "{{ generated_certs_dir }}/{{ item.file }}"
register: key_pairs
with_items:
- - { name: "ca_file", file: "ca.crt" }
- - { name: "es_key", file: "system.logging.es.key" }
- - { name: "es_cert", file: "system.logging.es.crt" }
+ - { name: "ca_file", file: "ca.crt" }
+ - { name: "es_key", file: "system.logging.es.key" }
+ - { name: "es_cert", file: "system.logging.es.crt" }
when: openshift_logging_es_allow_external | bool
- set_fact:
es_key: "{{ lookup('file', openshift_logging_es_key) | b64encode }}"
when:
- - openshift_logging_es_key | trim | length > 0
- - openshift_logging_es_allow_external | bool
+ - openshift_logging_es_key | trim | length > 0
+ - openshift_logging_es_allow_external | bool
changed_when: false
- set_fact:
es_cert: "{{ lookup('file', openshift_logging_es_cert) | b64encode }}"
when:
- - openshift_logging_es_cert | trim | length > 0
- - openshift_logging_es_allow_external | bool
+ - openshift_logging_es_cert | trim | length > 0
+ - openshift_logging_es_allow_external | bool
changed_when: false
- set_fact:
es_ca: "{{ lookup('file', openshift_logging_es_ca_ext) | b64encode }}"
when:
- - openshift_logging_es_ca_ext | trim | length > 0
- - openshift_logging_es_allow_external | bool
+ - openshift_logging_es_ca_ext | trim | length > 0
+ - openshift_logging_es_allow_external | bool
changed_when: false
- set_fact:
es_ca: "{{ key_pairs | entry_from_named_pair('ca_file') }}"
when:
- - es_ca is not defined
- - openshift_logging_es_allow_external | bool
+ - es_ca is not defined
+ - openshift_logging_es_allow_external | bool
changed_when: false
- name: Generating Elasticsearch {{ es_component }} route template
@@ -513,7 +520,7 @@
namespace: "{{ openshift_logging_elasticsearch_namespace }}"
kind: route
files:
- - "{{ tempdir }}/templates/logging-{{ es_component }}-route.yaml"
+ - "{{ tempdir }}/templates/logging-{{ es_component }}-route.yaml"
when: openshift_logging_es_allow_external | bool
## Placeholder for migration when necessary ##
diff --git a/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml b/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml
index fffdd9f8b..2adc51a16 100644
--- a/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml
+++ b/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml
@@ -4,6 +4,13 @@
msg: Invalid sink type "{{openshift_logging_eventrouter_sink}}", only one of "{{__eventrouter_sinks}}" allowed
that: openshift_logging_eventrouter_sink in __eventrouter_sinks
+- name: Ensure that logging eventrouter has nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for logging EventRouter - '{{ openshift_logging_eventrouter_nodeselector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(openshift_logging_eventrouter_nodeselector)
+
# allow passing in a tempdir
- name: Create temp directory for doing work in
command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX
diff --git a/roles/openshift_logging_kibana/tasks/main.yaml b/roles/openshift_logging_kibana/tasks/main.yaml
index 58edc5ce5..7b6bc02e1 100644
--- a/roles/openshift_logging_kibana/tasks/main.yaml
+++ b/roles/openshift_logging_kibana/tasks/main.yaml
@@ -8,6 +8,13 @@
loop_control:
loop_var: var_file_name
+- name: Ensure that Kibana has nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for Kibana - '{{ openshift_logging_kibana_nodeselector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(openshift_logging_kibana_nodeselector)
+
- name: Set kibana image facts
set_fact:
openshift_logging_kibana_image_prefix: "{{ openshift_logging_kibana_image_prefix | default(__openshift_logging_kibana_image_prefix) }}"
diff --git a/roles/openshift_logging_mux/tasks/main.yaml b/roles/openshift_logging_mux/tasks/main.yaml
index b2699b285..f810f3606 100644
--- a/roles/openshift_logging_mux/tasks/main.yaml
+++ b/roles/openshift_logging_mux/tasks/main.yaml
@@ -7,11 +7,18 @@
msg: Operations logs destination is required
when: not openshift_logging_mux_ops_host or openshift_logging_mux_ops_host == ''
+- name: Ensure that logging mux has nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for logging mux - '{{ openshift_logging_mux_nodeselector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(openshift_logging_mux_nodeselector)
+
- name: Set default image variables based on openshift_deployment_type
include_vars: "{{ var_file_name }}"
with_first_found:
- - "{{ openshift_deployment_type }}.yml"
- - "default_images.yml"
+ - "{{ openshift_deployment_type }}.yml"
+ - "default_images.yml"
loop_control:
loop_var: var_file_name
@@ -55,7 +62,7 @@
name: "aggregated-logging-mux"
namespace: "{{ openshift_logging_mux_namespace }}"
when:
- - openshift_logging_image_pull_secret == ''
+ - openshift_logging_image_pull_secret == ''
# set service account scc
- name: Set privileged permissions for Mux
@@ -102,10 +109,10 @@
configmap_name: "logging-mux"
configmap_namespace: "{{ openshift_logging_mux_namespace }}"
configmap_file_names:
- - current_file: "fluent.conf"
- new_file: "{{ tempdir }}/fluent-mux.conf"
- - current_file: "secure-forward.conf"
- new_file: "{{ tempdir }}/secure-forward-mux.conf"
+ - current_file: "fluent.conf"
+ new_file: "{{ tempdir }}/fluent-mux.conf"
+ - current_file: "secure-forward.conf"
+ new_file: "{{ tempdir }}/secure-forward-mux.conf"
- name: Set Mux configmap
oc_configmap:
@@ -123,14 +130,14 @@
name: logging-mux
namespace: "{{ openshift_logging_mux_namespace }}"
files:
- - name: ca
- path: "{{ generated_certs_dir }}/ca.crt"
- - name: key
- path: "{{ generated_certs_dir }}/system.logging.mux.key"
- - name: cert
- path: "{{ generated_certs_dir }}/system.logging.mux.crt"
- - name: shared_key
- path: "{{ generated_certs_dir }}/mux_shared_key"
+ - name: ca
+ path: "{{ generated_certs_dir }}/ca.crt"
+ - name: key
+ path: "{{ generated_certs_dir }}/system.logging.mux.key"
+ - name: cert
+ path: "{{ generated_certs_dir }}/system.logging.mux.crt"
+ - name: shared_key
+ path: "{{ generated_certs_dir }}/mux_shared_key"
# services
- name: Set logging-mux service for external communication
@@ -144,11 +151,11 @@
labels:
logging-infra: 'support'
ports:
- - name: mux-forward
- port: "{{ openshift_logging_mux_port }}"
- targetPort: "mux-forward"
+ - name: mux-forward
+ port: "{{ openshift_logging_mux_port }}"
+ targetPort: "mux-forward"
external_ips:
- - "{{ openshift_logging_mux_external_address }}"
+ - "{{ openshift_logging_mux_external_address }}"
when: openshift_logging_mux_allow_external | bool
- name: Set logging-mux service for internal communication
@@ -162,9 +169,9 @@
labels:
logging-infra: 'support'
ports:
- - name: mux-forward
- port: "{{ openshift_logging_mux_port }}"
- targetPort: "mux-forward"
+ - name: mux-forward
+ port: "{{ openshift_logging_mux_port }}"
+ targetPort: "mux-forward"
when: not openshift_logging_mux_allow_external | bool
# create Mux DC
@@ -199,7 +206,7 @@
selector: "{{ openshift_logging_mux_file_buffer_pvc_pv_selector }}"
storage_class_name: "{{ openshift_logging_mux_file_buffer_pvc_storage_class_name | default('', true) }}"
when:
- - openshift_logging_mux_file_buffer_storage_type == "pvc"
+ - openshift_logging_mux_file_buffer_storage_type == "pvc"
- name: Set logging-mux DC
oc_obj:
@@ -208,7 +215,7 @@
namespace: "{{ openshift_logging_mux_namespace }}"
kind: dc
files:
- - "{{ tempdir }}/templates/logging-mux-dc.yaml"
+ - "{{ tempdir }}/templates/logging-mux-dc.yaml"
delete_after: true
- name: Add mux namespaces
diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml
index 158e596ec..e0b37ac26 100644
--- a/roles/openshift_metrics/tasks/install_cassandra.yaml
+++ b/roles/openshift_metrics/tasks/install_cassandra.yaml
@@ -1,4 +1,11 @@
---
+- name: Ensure that Cassandra has nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for cassandra - '{{ openshift_metrics_cassandra_nodeselector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(openshift_metrics_cassandra_nodeselector)
+
- shell: >
{{ openshift_client_binary }} -n {{ openshift_metrics_project | quote }}
--config={{ mktemp.stdout }}/admin.kubeconfig
diff --git a/roles/openshift_metrics/tasks/install_hawkular.yaml b/roles/openshift_metrics/tasks/install_hawkular.yaml
index f45e7a042..de4e89a01 100644
--- a/roles/openshift_metrics/tasks/install_hawkular.yaml
+++ b/roles/openshift_metrics/tasks/install_hawkular.yaml
@@ -1,4 +1,11 @@
---
+- name: Ensure that Hawkular has nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for hawkular - '{{ openshift_metrics_hawkular_nodeselector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(openshift_metrics_hawkular_nodeselector)
+
- command: >
{{ openshift_client_binary }} -n {{ openshift_metrics_project | quote }}
--config={{ mktemp.stdout }}/admin.kubeconfig
diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml
index 73e7454f0..e4ddf98ff 100644
--- a/roles/openshift_metrics/tasks/install_heapster.yaml
+++ b/roles/openshift_metrics/tasks/install_heapster.yaml
@@ -1,4 +1,11 @@
---
+- name: Ensure that Heapster has nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for heapster - '{{ openshift_metrics_heapster_nodeselector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(openshift_metrics_heapster_nodeselector)
+
- command: >
{{ openshift_client_binary }} -n {{ openshift_metrics_project | quote }}
--config={{ mktemp.stdout }}/admin.kubeconfig
@@ -20,8 +27,8 @@
- set_fact:
heapster_sa_secrets: "{{ heapster_sa_secrets + [item] }}"
with_items:
- - hawkular-metrics-certs
- - hawkular-metrics-account
+ - hawkular-metrics-certs
+ - hawkular-metrics-account
when: not openshift_metrics_heapster_standalone | bool
- name: Generating serviceaccount for heapster
@@ -38,7 +45,7 @@
vars:
obj_name: heapster
ports:
- - {port: 80, targetPort: http-endpoint}
+ - {port: 80, targetPort: http-endpoint}
selector:
name: "{{obj_name}}"
annotations:
@@ -61,9 +68,9 @@
kind: ClusterRole
name: cluster-reader
subjects:
- - kind: ServiceAccount
- name: heapster
- namespace: "{{ openshift_metrics_project }}"
+ - kind: ServiceAccount
+ name: heapster
+ namespace: "{{ openshift_metrics_project }}"
changed_when: no
- include_tasks: generate_heapster_secrets.yaml
diff --git a/roles/openshift_metrics/tasks/install_hosa.yaml b/roles/openshift_metrics/tasks/install_hosa.yaml
index 7c9bc26d0..3624cb5ab 100644
--- a/roles/openshift_metrics/tasks/install_hosa.yaml
+++ b/roles/openshift_metrics/tasks/install_hosa.yaml
@@ -1,4 +1,11 @@
---
+- name: Ensure that Hawkular agent has nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for Hawkular agent - '{{ openshift_metrics_hawkular_agent_nodeselector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(openshift_metrics_hawkular_agent_nodeselector)
+
- name: Generate Hawkular Agent (HOSA) Cluster Role
template:
src: hawkular_openshift_agent_role.j2
@@ -38,7 +45,7 @@
kind: ClusterRole
name: hawkular-openshift-agent
subjects:
- - kind: ServiceAccount
- name: hawkular-openshift-agent
- namespace: "{{openshift_metrics_hawkular_agent_namespace}}"
+ - kind: ServiceAccount
+ name: hawkular-openshift-agent
+ namespace: "{{openshift_metrics_hawkular_agent_namespace}}"
changed_when: no
diff --git a/roles/openshift_node/files/bootstrap.yml b/roles/openshift_node/files/bootstrap.yml
index a5545c81b..ea280640f 100644
--- a/roles/openshift_node/files/bootstrap.yml
+++ b/roles/openshift_node/files/bootstrap.yml
@@ -61,11 +61,3 @@
with_items:
- line: "BOOTSTRAP_CONFIG_NAME=node-config-{{ openshift_group_type }}"
regexp: "^BOOTSTRAP_CONFIG_NAME=.*"
-
- - name: "Start the {{ openshift_service_type }}-node service"
- systemd:
- daemon_reload: yes
- state: restarted
- enabled: True
- name: "{{ openshift_service_type }}-node"
- no_block: true
diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml
index 4e3b7939a..75f1300e1 100644
--- a/roles/openshift_openstack/defaults/main.yml
+++ b/roles/openshift_openstack/defaults/main.yml
@@ -55,7 +55,9 @@ openshift_openstack_app_subdomain: "apps"
# heat vars
openshift_openstack_clusterid: openshift
openshift_openstack_stack_name: "{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}"
-openshift_openstack_subnet_prefix: "192.168.99"
+openshift_openstack_subnet_cidr: "192.168.99.0/24"
+openshift_openstack_pool_start: "192.168.99.3"
+openshift_openstack_pool_end: "192.168.99.254"
openshift_openstack_master_hostname: master
openshift_openstack_infra_hostname: infra-node
openshift_openstack_cns_hostname: cns
diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2
index 1d3173022..b62cb2bc8 100644
--- a/roles/openshift_openstack/templates/heat_stack.yaml.j2
+++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2
@@ -78,22 +78,10 @@ resources:
params:
cluster_id: {{ openshift_openstack_stack_name }}
network: { get_resource: net }
- cidr:
- str_replace:
- template: subnet_24_prefix.0/24
- params:
- subnet_24_prefix: {{ openshift_openstack_subnet_prefix }}
+ cidr: {{ openshift_openstack_subnet_cidr }}
allocation_pools:
- - start:
- str_replace:
- template: subnet_24_prefix.3
- params:
- subnet_24_prefix: {{ openshift_openstack_subnet_prefix }}
- end:
- str_replace:
- template: subnet_24_prefix.254
- params:
- subnet_24_prefix: {{ openshift_openstack_subnet_prefix }}
+ - start: {{ openshift_openstack_pool_start }}
+ end: {{ openshift_openstack_pool_end }}
dns_nameservers:
{% for nameserver in openshift_openstack_dns_nameservers %}
- {{ nameserver }}
@@ -261,7 +249,7 @@ resources:
protocol: tcp
port_range_min: 30000
port_range_max: 32767
- remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24"
+ remote_ip_prefix: "{{ openshift_openstack_subnet_cidr }}"
{% else %}
master-secgrp:
type: OS::Neutron::SecurityGroup
@@ -393,7 +381,7 @@ resources:
protocol: tcp
port_range_min: 30000
port_range_max: 32767
- remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24"
+ remote_ip_prefix: "{{ openshift_openstack_subnet_cidr }}"
{% endif %}
infra-secgrp:
diff --git a/roles/openshift_prometheus/tasks/install_prometheus.yaml b/roles/openshift_prometheus/tasks/install_prometheus.yaml
index 0b565502f..5a8228bc4 100644
--- a/roles/openshift_prometheus/tasks/install_prometheus.yaml
+++ b/roles/openshift_prometheus/tasks/install_prometheus.yaml
@@ -2,6 +2,13 @@
# set facts
- include_tasks: facts.yaml
+- name: Ensure that Prometheus has nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for Prometheus - '{{ openshift_prometheus_node_selector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(openshift_prometheus_node_selector)
+
# namespace
- name: Add prometheus project
oc_project:
@@ -17,12 +24,12 @@
name: "{{ item }}-proxy"
namespace: "{{ openshift_prometheus_namespace }}"
contents:
- - path: session_secret
- data: "{{ 43 | lib_utils_oo_random_word }}="
+ - path: session_secret
+ data: "{{ 43 | lib_utils_oo_random_word }}="
with_items:
- - prometheus
- - alerts
- - alertmanager
+ - prometheus
+ - alerts
+ - alertmanager
# serviceaccount
- name: create prometheus serviceaccount
@@ -62,10 +69,10 @@
oprometheus.io/scheme: https
service.alpha.openshift.io/serving-cert-secret-name: prometheus-tls
ports:
- - name: prometheus
- port: "{{ openshift_prometheus_service_port }}"
- targetPort: "{{ openshift_prometheus_service_targetport }}"
- protocol: TCP
+ - name: prometheus
+ port: "{{ openshift_prometheus_service_port }}"
+ targetPort: "{{ openshift_prometheus_service_targetport }}"
+ protocol: TCP
selector:
app: prometheus
@@ -78,10 +85,10 @@
annotations:
service.alpha.openshift.io/serving-cert-secret-name: alerts-tls
ports:
- - name: prometheus
- port: "{{ openshift_prometheus_service_port }}"
- targetPort: "{{ openshift_prometheus_alerts_service_targetport }}"
- protocol: TCP
+ - name: prometheus
+ port: "{{ openshift_prometheus_service_port }}"
+ targetPort: "{{ openshift_prometheus_alerts_service_targetport }}"
+ protocol: TCP
selector:
app: prometheus
@@ -94,10 +101,10 @@
annotations:
service.alpha.openshift.io/serving-cert-secret-name: alertmanager-tls
ports:
- - name: prometheus
- port: "{{ openshift_prometheus_service_port }}"
- targetPort: "{{ openshift_prometheus_alertmanager_service_targetport }}"
- protocol: TCP
+ - name: prometheus
+ port: "{{ openshift_prometheus_service_port }}"
+ targetPort: "{{ openshift_prometheus_alertmanager_service_targetport }}"
+ protocol: TCP
selector:
app: prometheus
@@ -112,12 +119,12 @@
service_name: "{{ item.name }}"
tls_termination: reencrypt
with_items:
- - name: prometheus
- host: "{{ openshift_prometheus_hostname }}"
- - name: alerts
- host: "{{ openshift_prometheus_alerts_hostname }}"
- - name: alertmanager
- host: "{{ openshift_prometheus_alertmanager_hostname }}"
+ - name: prometheus
+ host: "{{ openshift_prometheus_hostname }}"
+ - name: alerts
+ host: "{{ openshift_prometheus_alerts_hostname }}"
+ - name: alertmanager
+ host: "{{ openshift_prometheus_alertmanager_hostname }}"
# Storage
- name: create prometheus pvc
@@ -157,9 +164,9 @@
src: "{{ openshift_prometheus_additional_rules_file }}"
dest: "{{ tempdir }}/prometheus.additional.rules"
when:
- - openshift_prometheus_additional_rules_file is defined
- - openshift_prometheus_additional_rules_file is not none
- - openshift_prometheus_additional_rules_file | trim | length > 0
+ - openshift_prometheus_additional_rules_file is defined
+ - openshift_prometheus_additional_rules_file is not none
+ - openshift_prometheus_additional_rules_file | trim | length > 0
- stat:
path: "{{ tempdir }}/prometheus.additional.rules"
@@ -227,5 +234,5 @@
namespace: "{{ openshift_prometheus_namespace }}"
kind: statefulset
files:
- - "{{ tempdir }}/templates/prometheus.yaml"
+ - "{{ tempdir }}/templates/prometheus.yaml"
delete_after: true
diff --git a/roles/openshift_provisioners/tasks/install_provisioners.yaml b/roles/openshift_provisioners/tasks/install_provisioners.yaml
index 2d1217c74..1be498489 100644
--- a/roles/openshift_provisioners/tasks/install_provisioners.yaml
+++ b/roles/openshift_provisioners/tasks/install_provisioners.yaml
@@ -15,6 +15,13 @@
fail: msg='the openshift_provisioners_efs_aws_secret_access_key variable is required'
when: (openshift_provisioners_efs | bool) and openshift_provisioners_efs_aws_secret_access_key is not defined
+- name: Ensure that provisioners have nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for Prometheus - '{{ openshift_provisioners_efs_nodeselector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(openshift_provisioners_efs_nodeselector)
+
- name: Install support
include_tasks: install_support.yaml
@@ -34,10 +41,10 @@
- name: Create objects
include_tasks: oc_apply.yaml
vars:
- - kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
- - namespace: "{{ openshift_provisioners_project }}"
- - file_name: "{{ file.source }}"
- - file_content: "{{ file.content | b64decode | from_yaml }}"
+ - kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+ - namespace: "{{ openshift_provisioners_project }}"
+ - file_name: "{{ file.source }}"
+ - file_content: "{{ file.content | b64decode | from_yaml }}"
with_items: "{{ object_defs.results }}"
loop_control:
loop_var: file
diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml
index 4d06c1872..96fa4a93e 100644
--- a/roles/openshift_service_catalog/tasks/install.yml
+++ b/roles/openshift_service_catalog/tasks/install.yml
@@ -1,6 +1,5 @@
---
# do any asserts here
-
- name: Create temp directory for doing work in
command: mktemp -d /tmp/openshift-service-catalog-ansible-XXXXXX
register: mktemp
@@ -9,8 +8,8 @@
- name: Set default image variables based on openshift_deployment_type
include_vars: "{{ item }}"
with_first_found:
- - "{{ openshift_deployment_type }}.yml"
- - "default_images.yml"
+ - "{{ openshift_deployment_type }}.yml"
+ - "default_images.yml"
- name: Set service_catalog image facts
set_fact:
@@ -25,20 +24,20 @@
- when: os_sdn_network_plugin_name == 'redhat/openshift-ovs-multitenant'
block:
- - name: Waiting for netnamespace kube-service-catalog to be ready
- oc_obj:
- kind: netnamespace
- name: kube-service-catalog
- state: list
- register: get_output
- until: not get_output.results.stderr is defined
- retries: 30
- delay: 1
- changed_when: false
-
- - name: Make kube-service-catalog project network global
- command: >
- {{ openshift_client_binary }} --config=/etc/origin/master/admin.kubeconfig adm pod-network make-projects-global kube-service-catalog
+ - name: Waiting for netnamespace kube-service-catalog to be ready
+ oc_obj:
+ kind: netnamespace
+ name: kube-service-catalog
+ state: list
+ register: get_output
+ until: not get_output.results.stderr is defined
+ retries: 30
+ delay: 1
+ changed_when: false
+
+ - name: Make kube-service-catalog project network global
+ command: >
+ {{ openshift_client_binary }} --config=/etc/origin/master/admin.kubeconfig adm pod-network make-projects-global kube-service-catalog
- include_tasks: generate_certs.yml
@@ -51,7 +50,7 @@
kind: template
namespace: "kube-service-catalog"
files:
- - "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml"
+ - "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml"
- oc_process:
create: True
@@ -67,7 +66,7 @@
kind: template
namespace: kube-system
files:
- - "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml"
+ - "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml"
- oc_process:
create: True
@@ -132,7 +131,7 @@
kind: daemonset
name: apiserver
files:
- - "{{ mktemp.stdout }}/service_catalog_api_server.yml"
+ - "{{ mktemp.stdout }}/service_catalog_api_server.yml"
delete_after: yes
- name: Set Service Catalog API Server service
@@ -141,10 +140,10 @@
namespace: kube-service-catalog
state: present
ports:
- - name: secure
- port: 443
- protocol: TCP
- targetPort: 6443
+ - name: secure
+ port: 443
+ protocol: TCP
+ targetPort: 6443
selector:
app: apiserver
session_affinity: None
@@ -160,7 +159,7 @@
kind: route
name: apiserver
files:
- - "{{ mktemp.stdout }}/service_catalog_api_route.yml"
+ - "{{ mktemp.stdout }}/service_catalog_api_route.yml"
delete_after: yes
## controller manager
@@ -180,7 +179,7 @@
kind: daemonset
name: controller-manager
files:
- - "{{ mktemp.stdout }}/controller_manager.yml"
+ - "{{ mktemp.stdout }}/controller_manager.yml"
delete_after: yes
- name: Set Controller Manager service
@@ -189,9 +188,9 @@
namespace: kube-service-catalog
state: present
ports:
- - port: 6443
- protocol: TCP
- targetPort: 6443
+ - port: 6443
+ protocol: TCP
+ targetPort: 6443
selector:
app: controller-manager
session_affinity: None
diff --git a/roles/openshift_service_catalog/tasks/start_api_server.yml b/roles/openshift_service_catalog/tasks/start_api_server.yml
index 84e542eaf..687d07abd 100644
--- a/roles/openshift_service_catalog/tasks/start_api_server.yml
+++ b/roles/openshift_service_catalog/tasks/start_api_server.yml
@@ -17,6 +17,6 @@
warn: no
register: api_health
until: api_health.stdout == 'ok'
- retries: 120
- delay: 1
+ retries: 60
+ delay: 5
changed_when: false
diff --git a/roles/openshift_web_console/tasks/install.yml b/roles/openshift_web_console/tasks/install.yml
index f79a05c94..ab6613567 100644
--- a/roles/openshift_web_console/tasks/install.yml
+++ b/roles/openshift_web_console/tasks/install.yml
@@ -3,8 +3,8 @@
- name: Set default image variables based on deployment type
include_vars: "{{ item }}"
with_first_found:
- - "{{ openshift_deployment_type | default(deployment_type) }}.yml"
- - "default_images.yml"
+ - "{{ openshift_deployment_type | default(deployment_type) }}.yml"
+ - "default_images.yml"
- name: Set openshift_web_console facts
set_fact:
@@ -19,7 +19,8 @@
name: openshift-web-console
state: present
node_selector:
- - ""
+ - ""
+ register: create_console_project
- name: Make temp directory for web console templates
command: mktemp -d /tmp/console-ansible-XXXXXX
@@ -36,9 +37,9 @@
src: "{{ item }}"
dest: "{{ mktemp.stdout }}/{{ item }}"
with_items:
- - "{{ __console_template_file }}"
- - "{{ __console_rbac_file }}"
- - "{{ __console_config_file }}"
+ - "{{ __console_template_file }}"
+ - "{{ __console_rbac_file }}"
+ - "{{ __console_config_file }}"
# Check if an existing webconsole-config config map exists. If so, use those
# contents so we don't overwrite changes.
@@ -61,69 +62,69 @@
# Generate a new config when a config map is not defined.
- when: existing_config_map_data['webconsole-config.yaml'] is not defined
block:
- # Migrate the previous master-config.yaml asset config if it exists into the new
- # web console config config map.
- - name: Read existing assetConfig in master-config.yaml
- slurp:
- src: "{{ openshift.common.config_base }}/master/master-config.yaml"
- register: master_config_output
-
- - set_fact:
- config_to_migrate: "{{ master_config_output.content | b64decode | from_yaml }}"
-
- - set_fact:
- cro_plugin_enabled: "{{ config_to_migrate.admissionConfig is defined and config_to_migrate.admissionConfig.pluginConfig is defined and config_to_migrate.admissionConfig.pluginConfig.ClusterResourceOverrides is defined }}"
-
- # Update properties in the config template based on inventory vars when the
- # asset config does not exist.
- - name: Set web console config properties from inventory variables
- yedit:
- src: "{{ mktemp.stdout }}/{{ __console_config_file }}"
- edits:
- - key: clusterInfo#consolePublicURL
- # Must have a trailing slash
- value: "{{ openshift.master.public_console_url }}/"
- - key: clusterInfo#masterPublicURL
- value: "{{ openshift.master.public_api_url }}"
- - key: clusterInfo#logoutPublicURL
- value: "{{ openshift.master.logout_url | default('') }}"
- - key: features#inactivityTimeoutMinutes
- value: "{{ openshift_web_console_inactivity_timeout_minutes | default(0) }}"
- - key: features#clusterResourceOverridesEnabled
- value: "{{ openshift_web_console_cluster_resource_overrides_enabled | default(cro_plugin_enabled) }}"
- - key: extensions#scriptURLs
- value: "{{ openshift_web_console_extension_script_urls | default([]) }}"
- - key: extensions#stylesheetURLs
- value: "{{ openshift_web_console_extension_stylesheet_urls | default([]) }}"
- - key: extensions#properties
- value: "{{ openshift_web_console_extension_properties | default({}) }}"
- separator: '#'
- state: present
- when: config_to_migrate.assetConfig is not defined
-
- - name: Migrate assetConfig from master-config.yaml
- yedit:
- src: "{{ mktemp.stdout }}/{{ __console_config_file }}"
- edits:
- - key: clusterInfo#consolePublicURL
- value: "{{ config_to_migrate.assetConfig.publicURL }}"
- - key: clusterInfo#masterPublicURL
- value: "{{ config_to_migrate.assetConfig.masterPublicURL }}"
- - key: clusterInfo#logoutPublicURL
- value: "{{ config_to_migrate.assetConfig.logoutURL | default('') }}"
- - key: clusterInfo#metricsPublicURL
- value: "{{ config_to_migrate.assetConfig.metricsPublicURL | default('') }}"
- - key: clusterInfo#loggingPublicURL
- value: "{{ config_to_migrate.assetConfig.loggingPublicURL | default('') }}"
- - key: servingInfo#maxRequestsInFlight
- value: "{{ config_to_migrate.assetConfig.servingInfo.maxRequestsInFlight | default(0) }}"
- - key: servingInfo#requestTimeoutSeconds
- value: "{{ config_to_migrate.assetConfig.servingInfo.requestTimeoutSeconds | default(0) }}"
- - key: features#clusterResourceOverridesEnabled
- value: "{{ openshift_web_console_cluster_resource_overrides_enabled | default(cro_plugin_enabled) }}"
- separator: '#'
- state: present
- when: config_to_migrate.assetConfig is defined
+ # Migrate the previous master-config.yaml asset config if it exists into the new
+ # web console config config map.
+ - name: Read existing assetConfig in master-config.yaml
+ slurp:
+ src: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ register: master_config_output
+
+ - set_fact:
+ config_to_migrate: "{{ master_config_output.content | b64decode | from_yaml }}"
+
+ - set_fact:
+ cro_plugin_enabled: "{{ config_to_migrate.admissionConfig is defined and config_to_migrate.admissionConfig.pluginConfig is defined and config_to_migrate.admissionConfig.pluginConfig.ClusterResourceOverrides is defined }}"
+
+ # Update properties in the config template based on inventory vars when the
+ # asset config does not exist.
+ - name: Set web console config properties from inventory variables
+ yedit:
+ src: "{{ mktemp.stdout }}/{{ __console_config_file }}"
+ edits:
+ - key: clusterInfo#consolePublicURL
+ # Must have a trailing slash
+ value: "{{ openshift.master.public_console_url }}/"
+ - key: clusterInfo#masterPublicURL
+ value: "{{ openshift.master.public_api_url }}"
+ - key: clusterInfo#logoutPublicURL
+ value: "{{ openshift.master.logout_url | default('') }}"
+ - key: features#inactivityTimeoutMinutes
+ value: "{{ openshift_web_console_inactivity_timeout_minutes | default(0) }}"
+ - key: features#clusterResourceOverridesEnabled
+ value: "{{ openshift_web_console_cluster_resource_overrides_enabled | default(cro_plugin_enabled) }}"
+ - key: extensions#scriptURLs
+ value: "{{ openshift_web_console_extension_script_urls | default([]) }}"
+ - key: extensions#stylesheetURLs
+ value: "{{ openshift_web_console_extension_stylesheet_urls | default([]) }}"
+ - key: extensions#properties
+ value: "{{ openshift_web_console_extension_properties | default({}) }}"
+ separator: '#'
+ state: present
+ when: config_to_migrate.assetConfig is not defined
+
+ - name: Migrate assetConfig from master-config.yaml
+ yedit:
+ src: "{{ mktemp.stdout }}/{{ __console_config_file }}"
+ edits:
+ - key: clusterInfo#consolePublicURL
+ value: "{{ config_to_migrate.assetConfig.publicURL }}"
+ - key: clusterInfo#masterPublicURL
+ value: "{{ config_to_migrate.assetConfig.masterPublicURL }}"
+ - key: clusterInfo#logoutPublicURL
+ value: "{{ config_to_migrate.assetConfig.logoutURL | default('') }}"
+ - key: clusterInfo#metricsPublicURL
+ value: "{{ config_to_migrate.assetConfig.metricsPublicURL | default('') }}"
+ - key: clusterInfo#loggingPublicURL
+ value: "{{ config_to_migrate.assetConfig.loggingPublicURL | default('') }}"
+ - key: servingInfo#maxRequestsInFlight
+ value: "{{ config_to_migrate.assetConfig.servingInfo.maxRequestsInFlight | default(0) }}"
+ - key: servingInfo#requestTimeoutSeconds
+ value: "{{ config_to_migrate.assetConfig.servingInfo.requestTimeoutSeconds | default(0) }}"
+ - key: features#clusterResourceOverridesEnabled
+ value: "{{ openshift_web_console_cluster_resource_overrides_enabled | default(cro_plugin_enabled) }}"
+ separator: '#'
+ state: present
+ when: config_to_migrate.assetConfig is defined
- slurp:
src: "{{ mktemp.stdout }}/{{ __console_config_file }}"
@@ -144,6 +145,16 @@
--config={{ mktemp.stdout }}/admin.kubeconfig
| {{ openshift_client_binary }} apply --config={{ mktemp.stdout }}/admin.kubeconfig -f -
+# Wait to give the rollout time to start before verifying that the console is
+# running. Unfortunately, we can't check if the deployment revision changed
+# because it's possible applying the template did not result in any changes to
+# the pod template spec, which would skip a new revision.
+- name: Pause for the web console deployment to start
+ pause:
+ seconds: 30
+ # Skip if the project didn't exist since there was no previous deployment.
+ when: not create_console_project.changed
+
- name: Verify that the web console is running
command: >
curl -k https://webconsole.openshift-web-console.svc/healthz
@@ -153,8 +164,8 @@
warn: no
register: console_health
until: console_health.stdout == 'ok'
- retries: 120
- delay: 1
+ retries: 60
+ delay: 5
changed_when: false
- name: Remove temp directory
diff --git a/roles/template_service_broker/tasks/install.yml b/roles/template_service_broker/tasks/install.yml
index d0a07c48d..d674d24e4 100644
--- a/roles/template_service_broker/tasks/install.yml
+++ b/roles/template_service_broker/tasks/install.yml
@@ -1,10 +1,17 @@
---
# Fact setting
+- name: Ensure that Template Service Broker has nodes to run on
+ fail:
+ msg: |-
+ No schedulable nodes found matching node selector for Template Service Broker - '{{ template_service_broker_selector }}'
+ when:
+ - openshift_schedulable_node_labels | lib_utils_oo_has_no_matching_selector(template_service_broker_selector)
+
- name: Set default image variables based on openshift_deployment_type
include_vars: "{{ item }}"
with_first_found:
- - "{{ openshift_deployment_type }}.yml"
- - "default_images.yml"
+ - "{{ openshift_deployment_type }}.yml"
+ - "default_images.yml"
- name: set template_service_broker facts
set_fact:
@@ -16,7 +23,7 @@
name: openshift-template-service-broker
state: present
node_selector:
- - ""
+ - ""
- command: mktemp -d /tmp/tsb-ansible-XXXXXX
register: mktemp
@@ -31,10 +38,10 @@
src: "{{ item }}"
dest: "{{ mktemp.stdout }}/{{ item }}"
with_items:
- - "{{ __tsb_template_file }}"
- - "{{ __tsb_rbac_file }}"
- - "{{ __tsb_broker_file }}"
- - "{{ __tsb_config_file }}"
+ - "{{ __tsb_template_file }}"
+ - "{{ __tsb_rbac_file }}"
+ - "{{ __tsb_broker_file }}"
+ - "{{ __tsb_config_file }}"
- yedit:
src: "{{ mktemp.stdout }}/{{ __tsb_config_file }}"
@@ -71,8 +78,8 @@
warn: no
register: api_health
until: api_health.stdout == 'ok'
- retries: 120
- delay: 1
+ retries: 60
+ delay: 5
changed_when: false
- set_fact: