From 98e46eda537fae3a7547f8a1ab1337dd7229252e Mon Sep 17 00:00:00 2001
From: Diego Castro <spinolacastro@gmail.com>
Date: Wed, 16 Dec 2015 10:40:44 -0300
Subject: Fix bind address/port when isn't default
---
roles/openshift_master/tasks/main.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 3b46a0df4..61b416f93 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -244,7 +244,7 @@
line: "{{ item.line }}"
with_items:
- regex: '^OPTIONS='
- line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8443 --master=https://{{ openshift.common.ip }}:8443"
+ line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master=https://{{ openshift.common.ip }}:{{ openshift.master.api_port }}"
- regex: '^CONFIG_FILE='
line: "CONFIG_FILE={{ openshift_master_config_file }}"
when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
--
cgit v1.2.3
From 22eb2be9a1131279f1057912c36eba9591450dac Mon Sep 17 00:00:00 2001
From: Diego Castro <spinolacastro@gmail.com>
Date: Thu, 17 Dec 2015 08:58:12 -0300
Subject: Controllers_port and firewall rules
---
playbooks/common/openshift-master/config.yml | 1 +
roles/openshift_facts/library/openshift_facts.py | 3 ++-
roles/openshift_master/defaults/main.yml | 6 +++---
roles/openshift_master/tasks/main.yml | 2 +-
4 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 4ecdf2a0c..543583642 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -43,6 +43,7 @@
api_port: "{{ openshift_master_api_port | default(None) }}"
api_url: "{{ openshift_master_api_url | default(None) }}"
api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}"
+ controllers_port: "{{ openshift_master_controllers_port | default(None) }}"
public_api_url: "{{ openshift_master_public_api_url | default(None) }}"
cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 2a3d4acbd..a148c1362 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -463,6 +463,7 @@ def set_url_facts_if_unset(facts):
if 'master' in facts:
api_use_ssl = facts['master']['api_use_ssl']
api_port = facts['master']['api_port']
+ controllers_port = facts['master']['controllers_port']
console_use_ssl = facts['master']['console_use_ssl']
console_port = facts['master']['console_port']
console_path = facts['master']['console_path']
@@ -1156,7 +1157,7 @@ class OpenShiftFacts(object):
defaults['common'] = common
if 'master' in roles:
- master = dict(api_use_ssl=True, api_port='8443',
+ master = dict(api_use_ssl=True, api_port='8443', controllers_port='8444',
console_use_ssl=True, console_path='/console',
console_port='8443', etcd_use_ssl=True, etcd_hosts='',
etcd_port='4001', portal_net='172.30.0.0/16',
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index 9766d01ae..1f74d851a 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -6,7 +6,9 @@ os_firewall_allow:
- service: etcd embedded
port: 4001/tcp
- service: api server https
- port: 8443/tcp
+ port: "{{ openshift.master.api_port }}/tcp"
+- service: api controllers https
+ port: "{{ openshift.master.controllers_port }}/tcp"
- service: dns tcp
port: 53/tcp
- service: dns udp
@@ -24,7 +26,5 @@ os_firewall_allow:
os_firewall_deny:
- service: api server http
port: 8080/tcp
-- service: former web console port
- port: 8444/tcp
- service: former etcd peer port
port: 7001/tcp
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 61b416f93..d749bce8d 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -258,7 +258,7 @@
line: "{{ item.line }}"
with_items:
- regex: '^OPTIONS='
- line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8444"
+ line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }}"
- regex: '^CONFIG_FILE='
line: "CONFIG_FILE={{ openshift_master_config_file }}"
when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
--
cgit v1.2.3
From bb68821ae9a65beee135cb6a3ddfbfbdd39d8b4a Mon Sep 17 00:00:00 2001
From: Jason DeTiberus <jdetiber@redhat.com>
Date: Tue, 12 Jan 2016 16:42:01 -0500
Subject: consolidate steps and cleanup template dir
---
roles/openshift_master/tasks/main.yml | 92 ++++++++--------------
.../atomic-openshift-master-api.docker.service.j2 | 26 ------
.../templates/atomic-openshift-master-api.j2 | 9 ---
.../atomic-openshift-master-api.service.j2 | 21 -----
...-openshift-master-controllers.docker.service.j2 | 25 ------
.../atomic-openshift-master-controllers.j2 | 9 ---
.../atomic-openshift-master-controllers.service.j2 | 26 ------
.../templates/atomic-openshift-master.j2 | 9 +++
.../docker-cluster/atomic-openshift-master-api.j2 | 1 +
.../atomic-openshift-master-api.service.j2 | 26 ++++++
.../atomic-openshift-master-controllers.j2 | 1 +
.../atomic-openshift-master-controllers.service.j2 | 25 ++++++
.../templates/docker/master.docker.service.j2 | 16 ++++
.../templates/master.docker.service.j2 | 16 ----
.../native-cluster/atomic-openshift-master-api.j2 | 9 +++
.../atomic-openshift-master-api.service.j2 | 21 +++++
.../atomic-openshift-master-controllers.j2 | 9 +++
.../atomic-openshift-master-controllers.service.j2 | 26 ++++++
roles/openshift_master/vars/main.yml | 3 +
19 files changed, 178 insertions(+), 192 deletions(-)
delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2
delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-api.j2
delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-api.service.j2
delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2
delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-controllers.j2
delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2
create mode 100644 roles/openshift_master/templates/atomic-openshift-master.j2
create mode 120000 roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.j2
create mode 100644 roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2
create mode 120000 roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.j2
create mode 100644 roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2
create mode 100644 roles/openshift_master/templates/docker/master.docker.service.j2
delete mode 100644 roles/openshift_master/templates/master.docker.service.j2
create mode 100644 roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
create mode 100644 roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2
create mode 100644 roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
create mode 100644 roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index d749bce8d..80a605c43 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -94,12 +94,12 @@
- name: Install Master docker service file
template:
dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service"
- src: master.docker.service.j2
+ src: docker/master.docker.service.j2
register: install_result
when: openshift.common.is_containerized | bool and not openshift_master_ha | bool
-
+
- name: Create openshift.common.data_dir
- file:
+ file:
path: "{{ openshift.common.data_dir }}"
state: directory
mode: 0755
@@ -174,31 +174,45 @@
when: openshift.common.is_containerized | bool
# workaround for missing systemd unit files for controllers/api
-- name: Create the api service file
+- name: Create the systemd unit files
template:
- src: atomic-openshift-master-api{{ ha_suffix }}.service.j2
- dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-api.service"
+ src: "{{ ha_svc_template_path }}/atomic-openshift-master-{{ item }}.service.j2"
+ dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-{{ item }}.service"
when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
-- name: Create the controllers service file
- template:
- src: atomic-openshift-master-controllers{{ ha_suffix }}.service.j2
- dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-controllers.service"
- when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
-- name: Create the api env file
+ with_items:
+ - api
+ - controllers
+ register: create_unit_files
+
+- command: systemctl daemon-reload
+ when: create_unit_files | changed
+# end workaround for missing systemd unit files
+
+- name: Create the master api service env file
template:
- src: atomic-openshift-master-api.j2
+ src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2"
dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
force: no
when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
-- name: Create the controllers env file
+ notify:
+ - restart master api
+
+- name: Create the master controllers service env file
template:
- src: atomic-openshift-master-controllers.j2
+ src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2"
dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
force: no
when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
-- command: systemctl daemon-reload
- when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
-# end workaround for missing systemd unit files
+ notify:
+ - restart master controllers
+
+- name: Create the master service env file
+ template:
+ src: "atomic-openshift-master.j2"
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master
+ force: no
+ notify:
+ - restart master
- name: Create session secrets file
template:
@@ -223,48 +237,6 @@
- restart master api
- restart master controllers
-- name: Configure master settings
- lineinfile:
- dest: /etc/sysconfig/{{ openshift.common.service_type }}-master
- regexp: "{{ item.regex }}"
- line: "{{ item.line }}"
- create: yes
- with_items:
- - regex: '^OPTIONS='
- line: "OPTIONS=--loglevel={{ openshift.master.debug_level }}"
- - regex: '^CONFIG_FILE='
- line: "CONFIG_FILE={{ openshift_master_config_file }}"
- notify:
- - restart master
-
-- name: Configure master api settings
- lineinfile:
- dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
- regexp: "{{ item.regex }}"
- line: "{{ item.line }}"
- with_items:
- - regex: '^OPTIONS='
- line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master=https://{{ openshift.common.ip }}:{{ openshift.master.api_port }}"
- - regex: '^CONFIG_FILE='
- line: "CONFIG_FILE={{ openshift_master_config_file }}"
- when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
- notify:
- - restart master api
-
-- name: Configure master controller settings
- lineinfile:
- dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
- regexp: "{{ item.regex }}"
- line: "{{ item.line }}"
- with_items:
- - regex: '^OPTIONS='
- line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }}"
- - regex: '^CONFIG_FILE='
- line: "CONFIG_FILE={{ openshift_master_config_file }}"
- when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
- notify:
- - restart master controllers
-
- name: Start and enable master
service: name={{ openshift.common.service_type }}-master enabled=yes state=started
when: not openshift_master_ha | bool
diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2
deleted file mode 100644
index 936c39edf..000000000
--- a/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2
+++ /dev/null
@@ -1,26 +0,0 @@
-[Unit]
-Description=Atomic OpenShift Master API
-Documentation=https://github.com/openshift/origin
-After=network.target
-After=etcd.service
-Before={{ openshift.common.service_type }}-node.service
-Requires=network.target
-Requires=docker.service
-PartOf=docker.service
-
-[Service]
-EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api
-Environment=GOTRACEBACK=crash
-ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api
-ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master api --config=${CONFIG_FILE} $OPTIONS
-ExecStartPost=/usr/bin/sleep 10
-ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api
-LimitNOFILE=131072
-LimitCORE=infinity
-WorkingDirectory={{ openshift.common.data_dir }}
-SyslogIdentifier=atomic-openshift-master-api
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
-WantedBy={{ openshift.common.service_type }}-node.service
\ No newline at end of file
diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.j2
deleted file mode 100644
index 205934248..000000000
--- a/roles/openshift_master/templates/atomic-openshift-master-api.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-OPTIONS=
-CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml
-
-# Proxy configuration
-# Origin uses standard HTTP_PROXY environment variables. Be sure to set
-# NO_PROXY for your master
-#NO_PROXY=master.example.com
-#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
-#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2
deleted file mode 100644
index ba19fb348..000000000
--- a/roles/openshift_master/templates/atomic-openshift-master-api.service.j2
+++ /dev/null
@@ -1,21 +0,0 @@
-[Unit]
-Description=Atomic OpenShift Master API
-Documentation=https://github.com/openshift/origin
-After=network.target
-After=etcd.service
-Before={{ openshift.common.service_type }}-node.service
-Requires=network.target
-
-[Service]
-Type=notify
-EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api
-Environment=GOTRACEBACK=crash
-ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS
-LimitNOFILE=131072
-LimitCORE=infinity
-WorkingDirectory={{ openshift.common.data_dir }}
-SyslogIdentifier=atomic-openshift-master-api
-
-[Install]
-WantedBy=multi-user.target
-WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2
deleted file mode 100644
index 6ba7d6e2a..000000000
--- a/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2
+++ /dev/null
@@ -1,25 +0,0 @@
-[Unit]
-Description=Atomic OpenShift Master Controllers
-Documentation=https://github.com/openshift/origin
-After=network.target
-After={{ openshift.common.service_type }}-master-api.service
-Before={{ openshift.common.service_type }}-node.service
-Requires=docker.service
-PartOf=docker.service
-
-[Service]
-EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
-Environment=GOTRACEBACK=crash
-ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers
-ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master controllers --config=${CONFIG_FILE} $OPTIONS
-ExecStartPost=/usr/bin/sleep 10
-ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers
-LimitNOFILE=131072
-LimitCORE=infinity
-WorkingDirectory={{ openshift.common.data_dir }}
-SyslogIdentifier={{ openshift.common.service_type }}-master-controllers
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2
deleted file mode 100644
index 205934248..000000000
--- a/roles/openshift_master/templates/atomic-openshift-master-controllers.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-OPTIONS=
-CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml
-
-# Proxy configuration
-# Origin uses standard HTTP_PROXY environment variables. Be sure to set
-# NO_PROXY for your master
-#NO_PROXY=master.example.com
-#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
-#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2
deleted file mode 100644
index e6e97b24f..000000000
--- a/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2
+++ /dev/null
@@ -1,26 +0,0 @@
-[Unit]
-Description=Atomic OpenShift Master Controllers
-Documentation=https://github.com/openshift/origin
-After=network.target
-After={{ openshift.common.service_type }}-master-api.service
-Before={{ openshift.common.service_type }}-node.service
-Requires=network.target
-
-[Service]
-{% if openshift.common.version_greater_than_3_1_1_or_1_1_1 | bool %}
-Type=notify
-{% else %}
-Type=simple
-{% endif %}
-EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
-Environment=GOTRACEBACK=crash
-ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS
-LimitNOFILE=131072
-LimitCORE=infinity
-WorkingDirectory={{ openshift.common.data_dir }}
-SyslogIdentifier={{ openshift.common.service_type }}-master-controllers
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2
new file mode 100644
index 000000000..81bae5470
--- /dev/null
+++ b/roles/openshift_master/templates/atomic-openshift-master.j2
@@ -0,0 +1,9 @@
+OPTIONS=--loglevel={{ openshift.master.debug_level }}
+CONFIG_FILE={{ openshift_master_config_file }}
+
+# Proxy configuration
+# Origin uses standard HTTP_PROXY environment variables. Be sure to set
+# NO_PROXY for your master
+#NO_PROXY=master.example.com
+#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
+#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.j2
new file mode 120000
index 000000000..4bb7095ee
--- /dev/null
+++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.j2
@@ -0,0 +1 @@
+../native-cluster/atomic-openshift-master-api.j2
\ No newline at end of file
diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2
new file mode 100644
index 000000000..a935b82f6
--- /dev/null
+++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2
@@ -0,0 +1,26 @@
+[Unit]
+Description=Atomic OpenShift Master API
+Documentation=https://github.com/openshift/origin
+After=network.target
+After=etcd.service
+Before={{ openshift.common.service_type }}-node.service
+Requires=network.target
+Requires=docker.service
+PartOf=docker.service
+
+[Service]
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api
+Environment=GOTRACEBACK=crash
+ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master api --config=${CONFIG_FILE} $OPTIONS
+ExecStartPost=/usr/bin/sleep 10
+ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api
+LimitNOFILE=131072
+LimitCORE=infinity
+WorkingDirectory={{ openshift.common.data_dir }}
+SyslogIdentifier=atomic-openshift-master-api
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.j2
new file mode 120000
index 000000000..8714ebbae
--- /dev/null
+++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.j2
@@ -0,0 +1 @@
+../native-cluster/atomic-openshift-master-controllers.j2
\ No newline at end of file
diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2
new file mode 100644
index 000000000..6ba7d6e2a
--- /dev/null
+++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2
@@ -0,0 +1,25 @@
+[Unit]
+Description=Atomic OpenShift Master Controllers
+Documentation=https://github.com/openshift/origin
+After=network.target
+After={{ openshift.common.service_type }}-master-api.service
+Before={{ openshift.common.service_type }}-node.service
+Requires=docker.service
+PartOf=docker.service
+
+[Service]
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+Environment=GOTRACEBACK=crash
+ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master controllers --config=${CONFIG_FILE} $OPTIONS
+ExecStartPost=/usr/bin/sleep 10
+ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers
+LimitNOFILE=131072
+LimitCORE=infinity
+WorkingDirectory={{ openshift.common.data_dir }}
+SyslogIdentifier={{ openshift.common.service_type }}-master-controllers
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/templates/docker/master.docker.service.j2 b/roles/openshift_master/templates/docker/master.docker.service.j2
new file mode 100644
index 000000000..23781a313
--- /dev/null
+++ b/roles/openshift_master/templates/docker/master.docker.service.j2
@@ -0,0 +1,16 @@
+[Unit]
+After=docker.service
+Before={{ openshift.common.service_type }}-node.service
+Requires=docker.service
+PartOf=docker.service
+
+[Service]
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master
+ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master --config=${CONFIG_FILE} $OPTIONS
+ExecStartPost=/usr/bin/sleep 10
+ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/openshift_master/templates/master.docker.service.j2 b/roles/openshift_master/templates/master.docker.service.j2
deleted file mode 100644
index 23781a313..000000000
--- a/roles/openshift_master/templates/master.docker.service.j2
+++ /dev/null
@@ -1,16 +0,0 @@
-[Unit]
-After=docker.service
-Before={{ openshift.common.service_type }}-node.service
-Requires=docker.service
-PartOf=docker.service
-
-[Service]
-EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master
-ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master
-ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master --config=${CONFIG_FILE} $OPTIONS
-ExecStartPost=/usr/bin/sleep 10
-ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
new file mode 100644
index 000000000..6e5783f9d
--- /dev/null
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
@@ -0,0 +1,9 @@
+OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master=https://{{ openshift.common.ip }}:{{ openshift.master.api_port }}
+CONFIG_FILE={{ openshift_master_config_file }}
+
+# Proxy configuration
+# Origin uses standard HTTP_PROXY environment variables. Be sure to set
+# NO_PROXY for your master
+#NO_PROXY=master.example.com
+#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
+#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2
new file mode 100644
index 000000000..ba19fb348
--- /dev/null
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2
@@ -0,0 +1,21 @@
+[Unit]
+Description=Atomic OpenShift Master API
+Documentation=https://github.com/openshift/origin
+After=network.target
+After=etcd.service
+Before={{ openshift.common.service_type }}-node.service
+Requires=network.target
+
+[Service]
+Type=notify
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api
+Environment=GOTRACEBACK=crash
+ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS
+LimitNOFILE=131072
+LimitCORE=infinity
+WorkingDirectory={{ openshift.common.data_dir }}
+SyslogIdentifier=atomic-openshift-master-api
+
+[Install]
+WantedBy=multi-user.target
+WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
new file mode 100644
index 000000000..cdc56eece
--- /dev/null
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
@@ -0,0 +1,9 @@
+OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }}
+CONFIG_FILE={{ openshift_master_config_file }}
+
+# Proxy configuration
+# Origin uses standard HTTP_PROXY environment variables. Be sure to set
+# NO_PROXY for your master
+#NO_PROXY=master.example.com
+#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
+#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2
new file mode 100644
index 000000000..e6e97b24f
--- /dev/null
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2
@@ -0,0 +1,26 @@
+[Unit]
+Description=Atomic OpenShift Master Controllers
+Documentation=https://github.com/openshift/origin
+After=network.target
+After={{ openshift.common.service_type }}-master-api.service
+Before={{ openshift.common.service_type }}-node.service
+Requires=network.target
+
+[Service]
+{% if openshift.common.version_greater_than_3_1_1_or_1_1_1 | bool %}
+Type=notify
+{% else %}
+Type=simple
+{% endif %}
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+Environment=GOTRACEBACK=crash
+ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS
+LimitNOFILE=131072
+LimitCORE=infinity
+WorkingDirectory={{ openshift.common.data_dir }}
+SyslogIdentifier={{ openshift.common.service_type }}-master-controllers
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml
index 534465451..48b5940f9 100644
--- a/roles/openshift_master/vars/main.yml
+++ b/roles/openshift_master/vars/main.yml
@@ -6,6 +6,9 @@ openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/sessio
openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json"
openshift_version: "{{ openshift_pkg_version | default('') }}"
+ha_svc_template_path: "{{ 'docker-cluster' if openshift.common.is_containerized | bool else 'native-cluster' }}"
+ha_svc_svc_dir: "{{ '/etc/systemd/system' if openshift.common.is_containerized | bool else '/usr/lib/systemd/system' }}"
+
openshift_master_valid_grant_methods:
- auto
- prompt
--
cgit v1.2.3
From 57b7434b1e34c8bcdfbc2db7f1261d63bcf39128 Mon Sep 17 00:00:00 2001
From: Jason DeTiberus <jdetiber@redhat.com>
Date: Tue, 12 Jan 2016 16:24:44 -0500
Subject: Use local address for loopback kubeconfig
---
roles/openshift_facts/library/openshift_facts.py | 101 ++++++++++++---------
roles/openshift_master/tasks/main.yml | 34 ++++++-
.../native-cluster/atomic-openshift-master-api.j2 | 2 +-
roles/openshift_master/vars/main.yml | 2 +
4 files changed, 92 insertions(+), 47 deletions(-)
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index a148c1362..9096f7ebf 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -461,53 +461,68 @@ def set_url_facts_if_unset(facts):
were not already present
"""
if 'master' in facts:
- api_use_ssl = facts['master']['api_use_ssl']
- api_port = facts['master']['api_port']
- controllers_port = facts['master']['controllers_port']
- console_use_ssl = facts['master']['console_use_ssl']
- console_port = facts['master']['console_port']
- console_path = facts['master']['console_path']
- etcd_use_ssl = facts['master']['etcd_use_ssl']
- etcd_hosts = facts['master']['etcd_hosts']
- etcd_port = facts['master']['etcd_port']
hostname = facts['common']['hostname']
- public_hostname = facts['common']['public_hostname']
cluster_hostname = facts['master'].get('cluster_hostname')
cluster_public_hostname = facts['master'].get('cluster_public_hostname')
+ public_hostname = facts['common']['public_hostname']
+ api_hostname = cluster_hostname if cluster_hostname else hostname
+ api_public_hostname = cluster_public_hostname if cluster_public_hostname else public_hostname
+ console_path = facts['master']['console_path']
+ etcd_hosts = facts['master']['etcd_hosts']
+
+ use_ssl = dict(
+ api=facts['master']['api_use_ssl'],
+ public_api=facts['master']['api_use_ssl'],
+ loopback_api=facts['master']['api_use_ssl'],
+ console=facts['master']['console_use_ssl'],
+ public_console=facts['master']['console_use_ssl'],
+ etcd=facts['master']['etcd_use_ssl']
+ )
+
+ ports = dict(
+ api=facts['master']['api_port'],
+ public_api=facts['master']['api_port'],
+ loopback_api=facts['master']['api_port'],
+ console=facts['master']['console_port'],
+ public_console=facts['master']['console_port'],
+ etcd=facts['master']['etcd_port'],
+ )
+
+ etcd_urls = []
+ if etcd_hosts != '':
+ facts['master']['etcd_port'] = ports['etcd']
+ facts['master']['embedded_etcd'] = False
+ for host in etcd_hosts:
+ etcd_urls.append(format_url(use_ssl['etcd'], host,
+ ports['etcd']))
+ else:
+ etcd_urls = [format_url(use_ssl['etcd'], hostname,
+ ports['etcd'])]
+
+ facts['master'].setdefault('etcd_urls', etcd_urls)
+
+ prefix_hosts = [('api', api_hostname),
+ ('public_api', api_public_hostname),
+ ('loopback_api', hostname)]
+
+ for prefix, host in prefix_hosts:
+ facts['master'].setdefault(prefix + '_url', format_url(use_ssl[prefix],
+ host,
+ ports[prefix]))
+
+
+ r_lhn = "{0}:{1}".format(api_hostname, ports['api']).replace('.', '-')
+ facts['master'].setdefault('loopback_cluster_name', r_lhn)
+ facts['master'].setdefault('loopback_context_name', "default/{0}/system:openshift-master".format(r_lhn))
+ facts['master'].setdefault('loopback_user', "system:openshift-master/{0}".format(r_lhn))
+
+ prefix_hosts = [('console', api_hostname), ('public_console', api_public_hostname)]
+ for prefix, host in prefix_hosts:
+ facts['master'].setdefault(prefix + '_url', format_url(use_ssl[prefix],
+ host,
+ ports[prefix],
+ console_path))
- if 'etcd_urls' not in facts['master']:
- etcd_urls = []
- if etcd_hosts != '':
- facts['master']['etcd_port'] = etcd_port
- facts['master']['embedded_etcd'] = False
- for host in etcd_hosts:
- etcd_urls.append(format_url(etcd_use_ssl, host,
- etcd_port))
- else:
- etcd_urls = [format_url(etcd_use_ssl, hostname,
- etcd_port)]
- facts['master']['etcd_urls'] = etcd_urls
- if 'api_url' not in facts['master']:
- api_hostname = cluster_hostname if cluster_hostname else hostname
- facts['master']['api_url'] = format_url(api_use_ssl, api_hostname,
- api_port)
- if 'public_api_url' not in facts['master']:
- api_public_hostname = cluster_public_hostname if cluster_public_hostname else public_hostname
- facts['master']['public_api_url'] = format_url(api_use_ssl,
- api_public_hostname,
- api_port)
- if 'console_url' not in facts['master']:
- console_hostname = cluster_hostname if cluster_hostname else hostname
- facts['master']['console_url'] = format_url(console_use_ssl,
- console_hostname,
- console_port,
- console_path)
- if 'public_console_url' not in facts['master']:
- console_public_hostname = cluster_public_hostname if cluster_public_hostname else public_hostname
- facts['master']['public_console_url'] = format_url(console_use_ssl,
- console_public_hostname,
- console_port,
- console_path)
return facts
def set_aggregate_facts(facts):
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 80a605c43..462a7ab58 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -192,7 +192,6 @@
template:
src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2"
dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
- force: no
when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
notify:
- restart master api
@@ -201,7 +200,6 @@
template:
src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2"
dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
- force: no
when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
notify:
- restart master controllers
@@ -210,7 +208,6 @@
template:
src: "atomic-openshift-master.j2"
dest: /etc/sysconfig/{{ openshift.common.service_type }}-master
- force: no
notify:
- restart master
@@ -237,6 +234,37 @@
- restart master api
- restart master controllers
+- name: Test local loopback context
+ command: >
+ {{ openshift.common.client_binary }} config view
+ --config={{ openshift_master_loopback_config }}
+ changed_when: false
+ register: loopback_config
+
+- command: >
+ {{ openshift.common.client_binary }} config set-cluster
+ --certificate-authority={{ openshift_master_config_dir }}/ca.crt
+ --embed-certs=true --server={{ openshift.master.loopback_api_url }}
+ {{ openshift.master.loopback_cluster_name }}
+ --config={{ openshift_master_loopback_config }}
+ when: loopback_context_string not in loopback_config.stdout
+ register: set_loopback_cluster
+
+- command: >
+ {{ openshift.common.client_binary }} config set-context
+ --cluster={{ openshift.master.loopback_cluster_name }}
+ --namespace=default --user={{ openshift.master.loopback_user }}
+ {{ openshift.master.loopback_context_name }}
+ --config={{ openshift_master_loopback_config }}
+ when: set_loopback_cluster | changed
+ register: set_loopback_context
+
+- command: >
+ {{ openshift.common.client_binary }} config use-context {{ openshift.master.loopback_context_name }}
+ --config={{ openshift_master_loopback_config }}
+ when: set_loopback_context | changed
+ register: set_current_context
+
- name: Start and enable master
service: name={{ openshift.common.service_type }}-master enabled=yes state=started
when: not openshift_master_ha | bool
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
index 6e5783f9d..c9aa15b41 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
@@ -1,4 +1,4 @@
-OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master=https://{{ openshift.common.ip }}:{{ openshift.master.api_port }}
+OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }}:{{ openshift.master.api_port }}
CONFIG_FILE={{ openshift_master_config_file }}
# Proxy configuration
diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml
index 48b5940f9..fe88c3c16 100644
--- a/roles/openshift_master/vars/main.yml
+++ b/roles/openshift_master/vars/main.yml
@@ -1,6 +1,8 @@
---
openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml"
+openshift_master_loopback_config: "{{ openshift_master_config_dir }}/openshift-master.kubeconfig"
+loopback_context_string: "current-context: {{ openshift.master.loopback_context_name }}"
openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json"
openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml"
openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json"
--
cgit v1.2.3
From f97c972fb9848327e9d66678d81d296928deb520 Mon Sep 17 00:00:00 2001
From: Jason DeTiberus <jdetiber@redhat.com>
Date: Thu, 14 Jan 2016 14:57:28 -0500
Subject: Fix hardcoded api_port in openshift_master_cluster
---
roles/openshift_master_cluster/tasks/configure.yml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/roles/openshift_master_cluster/tasks/configure.yml b/roles/openshift_master_cluster/tasks/configure.yml
index 7ab9afb51..1b94598dd 100644
--- a/roles/openshift_master_cluster/tasks/configure.yml
+++ b/roles/openshift_master_cluster/tasks/configure.yml
@@ -34,11 +34,10 @@
- name: Disable stonith
command: pcs property set stonith-enabled=false
-# TODO: handle case where api port is not 8443
- name: Wait for the clustered master service to be available
wait_for:
host: "{{ openshift_master_cluster_vip }}"
- port: 8443
+ port: "{{ openshift.master.api_port }}"
state: started
timeout: 180
delay: 90
--
cgit v1.2.3