From 03e6ae850ce718c008636bd8db093f453e62ccf3 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Thu, 12 Nov 2015 10:46:25 -0500 Subject: Refactor named certificates. --- playbooks/common/openshift-master/config.yml | 53 +++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 9 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index b1da85d5d..8719d080d 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -204,14 +204,6 @@ validate_checksum: yes with_items: masters_needing_certs -- name: Inspect named certificates - hosts: oo_first_master - tasks: - - name: Collect certificate names - set_fact: - parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}" - when: openshift_master_named_certificates is defined - - name: Compute haproxy_backend_servers hosts: localhost connection: local @@ -272,11 +264,54 @@ | map(attribute='stdout') | list) }}" +- name: Parse named certificates + hosts: localhost + vars: + internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}" + named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}" + named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].master_cert_config_dir }}/named_certificates/" + tasks: + - set_fact: + parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}" + when: named_certificates | length > 0 + +- name: Deploy named certificates + hosts: oo_masters_to_config + vars: + named_certs_dir: "{{ master_cert_config_dir }}/named_certificates/" + named_certs_specified: "{{ openshift_master_named_certificates is defined }}" + overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}" + roles: + - role: openshift_facts + post_tasks: + - openshift_facts: + role: master + local_facts: + named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}" + overwrite_additive_facts: "{{ overwrite_named_certs }}" + - name: Clear named certificates + file: + path: "{{ named_certs_dir }}" + state: absent + when: overwrite_named_certs | bool + - name: Ensure named certificate directory exists + file: + path: "{{ named_certs_dir }}" + state: directory + when: named_certs_specified | bool + - name: Land named certificates + copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}" + with_items: openshift_master_named_certificates + when: named_certs_specified | bool + - name: Land named certificate keys + copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" + with_items: openshift_master_named_certificates + when: named_certs_specified | bool + - name: Configure master instances hosts: oo_masters_to_config serial: 1 vars: - named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" openshift_master_count: "{{ groups.oo_masters_to_config | length }}" -- cgit v1.2.3 From 927e585bbeb049523313bacedc57efee2eacf232 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Mon, 16 Nov 2015 16:01:35 -0500 Subject: Add additive_facts_to_overwrite instead of overwriting all additive_facts --- playbooks/common/openshift-master/config.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 8719d080d..ff1579218 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -288,7 +288,8 @@ role: master local_facts: named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}" - overwrite_additive_facts: "{{ overwrite_named_certs }}" + additive_facts_to_overwrite: + - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}" - name: Clear named certificates file: path: "{{ named_certs_dir }}" -- cgit v1.2.3 From 8741b61d46361deffd5d67a310f1995ae2217b77 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Fri, 20 Nov 2015 09:17:16 -0500 Subject: Replace map with oo_collect to support python-jinja2 <2.7 --- playbooks/common/openshift-etcd/config.yml | 2 +- playbooks/common/openshift-master/config.yml | 8 ++++---- playbooks/common/openshift-node/config.yml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index ed23ada88..7d94ced2e 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -24,7 +24,7 @@ - /etc/etcd/ca.crt register: g_etcd_server_cert_stat_result - set_fact: - etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | map(attribute='stat.exists') + etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | oo_collect(attribute='stat.exists') | list | intersect([false])}}" etcd_cert_subdir: etcd-{{ openshift.common.hostname }} etcd_cert_config_dir: /etc/etcd diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index ff1579218..902fde956 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -60,7 +60,7 @@ register: g_external_etcd_cert_stat_result - set_fact: etcd_client_certs_missing: "{{ g_external_etcd_cert_stat_result.results - | map(attribute='stat.exists') + | oo_collect(attribute='stat.exists') | list | intersect([false])}}" etcd_cert_subdir: openshift-master-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" @@ -157,7 +157,7 @@ register: g_master_cert_stat_result - set_fact: master_certs_missing: "{{ False in (g_master_cert_stat_result.results - | map(attribute='stat.exists') + | oo_collect(attribute='stat.exists') | list ) }}" master_cert_subdir: master-{{ openshift.common.hostname }} master_cert_config_dir: "{{ openshift.common.config_base }}/master" @@ -257,11 +257,11 @@ - set_fact: session_auth_secret: "{{ openshift_master_session_auth_secrets | default(session_auth_output.results - | map(attribute='stdout') + | oo_collect(attribute='stdout') | list) }}" session_encryption_secret: "{{ openshift_master_session_encryption_secrets | default(session_encryption_output.results - | map(attribute='stdout') + | oo_collect(attribute='stdout') | list) }}" - name: Parse named certificates diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 8da9e231f..2b6171cb3 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -33,7 +33,7 @@ - server.crt register: stat_result - set_fact: - certs_missing: "{{ stat_result.results | map(attribute='stat.exists') + certs_missing: "{{ stat_result.results | oo_collect(attribute='stat.exists') | list | intersect([false])}}" node_subdir: node-{{ openshift.common.hostname }} config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}" @@ -48,7 +48,7 @@ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) - set_fact: etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results - | map(attribute='stat.exists') + | oo_collect(attribute='stat.exists') | list | intersect([false])}}" etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" -- cgit v1.2.3 From bc9a52fcc1b27379c093eac5d8b63e87c0511c35 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Mon, 23 Nov 2015 10:24:10 -0500 Subject: Add serviceAccountConfig.masterCA during 3.1 upgrade - uses the value of oauthConfig.masterCA if present, otherwise sets it to ca.crt --- .../openshift-cluster/upgrades/library/openshift_upgrade_config.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py b/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py index a6721bb92..9a065fd1c 100755 --- a/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py +++ b/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py @@ -78,6 +78,10 @@ def upgrade_master_3_0_to_3_1(ansible_module, config_base, backup): config['kubernetesMasterConfig'].pop('apiLevels') changes.append('master-config.yaml: removed kubernetesMasterConfig.apiLevels') + # Add masterCA to serviceAccountConfig + if 'serviceAccountConfig' in config and 'masterCA' not in config['serviceAccountConfig']: + config['serviceAccountConfig']['masterCA'] = config['oauthConfig'].get('masterCA', 'ca.crt') + # Add proxyClientInfo to master-config if 'proxyClientInfo' not in config['kubernetesMasterConfig']: config['kubernetesMasterConfig']['proxyClientInfo'] = { -- cgit v1.2.3 From 6fa3dc760065e622efca6ce33fcf838177bcadff Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 13 Nov 2015 12:11:13 -0500 Subject: Improve scaleup playbook - modify evaluate host to set oo_nodes_to_config to a new variable g_new_nodes_group if defined rather than g_nodes_group and also skip adding the master when g_new_nodes_group is set. - Remove byo specific naming from playbooks/common/openshift-cluster/scaleup.yml and created a new playbooks/byo/openshift-cluster/scaleup.yml playbook. --- playbooks/common/openshift-cluster/evaluate_groups.yml | 13 +++++++++---- playbooks/common/openshift-cluster/scaleup.yml | 8 -------- 2 files changed, 9 insertions(+), 12 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index 2bb69614f..34da372a4 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -12,8 +12,8 @@ when: g_masters_group is not defined - fail: - msg: This playbook requires g_nodes_group to be set - when: g_nodes_group is not defined + msg: This playbook requires g_nodes_group or g_new_nodes_group to be set + when: g_nodes_group is not defined and g_new_nodes_group is not defined - fail: msg: This playbook requires g_lb_group to be set @@ -35,14 +35,19 @@ ansible_sudo: "{{ g_sudo | default(omit) }}" with_items: groups[g_masters_group] | default([]) + # Use g_new_nodes_group if it exists otherwise g_nodes_group + - set_fact: + g_nodes_to_config: "{{ g_new_nodes_group | default(g_nodes_group | default([])) }}" + - name: Evaluate oo_nodes_to_config add_host: name: "{{ item }}" groups: oo_nodes_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_sudo: "{{ g_sudo | default(omit) }}" - with_items: groups[g_nodes_group] | default([]) + with_items: groups[g_nodes_to_config] | default([]) + # Skip adding the master to oo_nodes_to_config when g_new_nodes_group is - name: Evaluate oo_nodes_to_config add_host: name: "{{ item }}" @@ -50,7 +55,7 @@ ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_sudo: "{{ g_sudo | default(omit) }}" with_items: groups[g_masters_group] | default([]) - when: g_nodeonmaster is defined and g_nodeonmaster == true + when: g_nodeonmaster | default(false) == true and g_new_nodes_group is not defined - name: Evaluate oo_first_etcd add_host: diff --git a/playbooks/common/openshift-cluster/scaleup.yml b/playbooks/common/openshift-cluster/scaleup.yml index 6d2777732..e1778e41e 100644 --- a/playbooks/common/openshift-cluster/scaleup.yml +++ b/playbooks/common/openshift-cluster/scaleup.yml @@ -1,13 +1,5 @@ --- - include: evaluate_groups.yml - vars: - g_etcd_group: "{{ 'etcd' }}" - g_masters_group: "{{ 'masters' }}" - g_nodes_group: "{{ 'nodes' }}" - g_lb_group: "{{ 'lb' }}" - openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_debug_level: 2 - openshift_deployment_type: "{{ deployment_type }}" - include: ../openshift-node/config.yml vars: -- cgit v1.2.3 From 4013fd47fed61ceb0b92cfa4c271b420b4ced66b Mon Sep 17 00:00:00 2001 From: Federico Simoncelli Date: Wed, 25 Nov 2015 14:08:49 +0100 Subject: Make sure that OpenSSL is installed before use Signed-off-by: Federico Simoncelli --- playbooks/common/openshift-master/config.yml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 902fde956..2be25b1e3 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -244,6 +244,8 @@ - fail: msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length" when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) + - name: Install OpenSSL package + action: "{{ansible_pkg_mgr}} pkg=openssl state=present" - name: Generate session authentication key command: /usr/bin/openssl rand -base64 24 register: session_auth_output -- cgit v1.2.3 From 2bfed1383e4d8eed1e0ab3e4c99eecacc5936047 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 25 Nov 2015 13:22:52 -0500 Subject: Use admin.kubeconfig for get svc ip. --- playbooks/common/openshift-master/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 902fde956..f8d90374e 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -355,7 +355,7 @@ hosts: oo_first_master tasks: - name: Get master service ip - command: "{{ openshift.common.client_binary }} get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}" + command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}" register: master_service_ip_output when: openshift.common.version_greater_than_3_1_or_1_1 | bool - set_fact: -- cgit v1.2.3 From 342cd8dd931d7006ad27f022735f6785b6c214c7 Mon Sep 17 00:00:00 2001 From: Urs Breu Date: Thu, 26 Nov 2015 09:18:05 +0100 Subject: Add -q flag to remove unwantend output (such as mirror and cache information) This prevents ansible failures when trying to set version facts --- playbooks/common/openshift-cluster/upgrades/files/versions.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-cluster/upgrades/files/versions.sh b/playbooks/common/openshift-cluster/upgrades/files/versions.sh index f90719cab..c7c966b60 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/versions.sh @@ -2,9 +2,9 @@ yum_installed=$(yum list installed "$@" 2>&1 | tail -n +2 | grep -v 'Installed Packages' | grep -v 'Red Hat Subscription Management' | grep -v 'Error:' | awk '{ print $2 }' | tr '\n' ' ') -yum_available=$(yum list available "$@" 2>&1 | tail -n +2 | grep -v 'Available Packages' | grep -v 'Red Hat Subscription Management' | grep -v 'el7ose' | grep -v 'Error:' | awk '{ print $2 }' | tr '\n' ' ') +yum_available=$(yum list available -q "$@" 2>&1 | tail -n +2 | grep -v 'Available Packages' | grep -v 'Red Hat Subscription Management' | grep -v 'el7ose' | grep -v 'Error:' | awk '{ print $2 }' | tr '\n' ' ') echo "---" -echo "curr_version: ${yum_installed}" +echo "curr_version: ${yum_installed}" echo "avail_version: ${yum_available}" -- cgit v1.2.3 From 018fc6ad154b51f9ff1c7e355072993758125a21 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 25 Nov 2015 15:06:40 -0500 Subject: Clarify the preflight port check output --- .../openshift-cluster/upgrades/files/pre-upgrade-check | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check b/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check index b5459f312..e5c958ebb 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check +++ b/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check @@ -111,13 +111,16 @@ def print_validation_header(): overwhelming the user. """ print """\ -At least one port name does not validate. Valid port names: +At least one port name is invalid and must be corrected before upgrading. +Please update or remove any resources with invalid port names. - * must be less that 16 chars + Valid port names must: + + * be less that 16 characters * have at least one letter - * only a-z0-9- - * do not start or end with - - * Dashes may not be next to eachother ('--') + * contain only a-z0-9- + * not start or end with - + * not contain dashes next to each other ('--') """ @@ -142,9 +145,9 @@ def main(): # Where the magic happens first_error = True for kind, path in [ + ('deploymentconfigs', ("spec", "template", "spec", "containers")), ('replicationcontrollers', ("spec", "template", "spec", "containers")), - ('pods', ("spec", "containers")), - ('deploymentconfigs', ("spec", "template", "spec", "containers"))]: + ('pods', ("spec", "containers"))]: for item in list_items(kind): namespace = item["metadata"]["namespace"] item_name = item["metadata"]["name"] -- cgit v1.2.3 From 830b2891f8628828bc4385ebafb71f4174f79a05 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 24 Nov 2015 10:32:53 -0500 Subject: 3.1 upgrade - use --api-version for patch commands --- .../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index eea147229..cc7367801 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -517,24 +517,29 @@ - _default_router.rc == 0 - "'false' in _scc.stdout" command: > - {{ oc_cmd }} patch scc/privileged -p '{"allowHostPorts":true,"allowHostNetwork":true}' --loglevel=9 + {{ oc_cmd }} patch scc/privileged -p + '{"allowHostPorts":true,"allowHostNetwork":true}' --loglevel=9 + --api-version=v1 - name: Update deployment config to 1.0.4/3.0.1 spec when: _default_router.rc == 0 command: > {{ oc_cmd }} patch dc/router -p '{"spec":{"strategy":{"rollingParams":{"updatePercent":-10},"spec":{"serviceAccount":"router","serviceAccountName":"router"}}}}' + --api-version=v1 - name: Switch to hostNetwork=true when: _default_router.rc == 0 command: > {{ oc_cmd }} patch dc/router -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}' + --api-version=v1 - name: Update router image to current version when: _default_router.rc == 0 command: > {{ oc_cmd }} patch dc/router -p '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}' + --api-version=v1 - name: Check for default registry command: > @@ -548,3 +553,4 @@ command: > {{ oc_cmd }} patch dc/docker-registry -p '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' + --api-version=v1 -- cgit v1.2.3 From a2dc715e54f47fa2abbac58d9d04565837bc6e56 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 24 Nov 2015 10:49:44 -0500 Subject: Set api version for oc commands --- playbooks/common/openshift-master/config.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 43e7836b3..f382494bd 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -353,11 +353,16 @@ - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool + # TODO: Setting the cluster dns ip should be pushed into openshift-facts - name: Determine cluster dns ip hosts: oo_first_master tasks: - name: Get master service ip - command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}" + command: > + {{ openshift.common.client_binary }} -n default + --config={{ openshift.common.config_base }}/master/admin.kubeconfig + get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\} + --output-version=v1 register: master_service_ip_output when: openshift.common.version_greater_than_3_1_or_1_1 | bool - set_fact: -- cgit v1.2.3 From 526038fa15a6c02661f2315278c086477157b87f Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 24 Nov 2015 14:14:28 -0500 Subject: remove debug logging from scc/privileged patch command --- playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index cc7367801..00ebf4ce6 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -518,8 +518,7 @@ - "'false' in _scc.stdout" command: > {{ oc_cmd }} patch scc/privileged -p - '{"allowHostPorts":true,"allowHostNetwork":true}' --loglevel=9 - --api-version=v1 + '{"allowHostPorts":true,"allowHostNetwork":true}' --api-version=v1 - name: Update deployment config to 1.0.4/3.0.1 spec when: _default_router.rc == 0 -- cgit v1.2.3 From 6a71953ec28a358223a96444ea6ba5b2139becde Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 1 Dec 2015 11:44:13 -0500 Subject: Fix kubernetes service ip gathering. --- playbooks/common/openshift-master/config.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index f382494bd..1c8a92122 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -358,11 +358,8 @@ hosts: oo_first_master tasks: - name: Get master service ip - command: > - {{ openshift.common.client_binary }} -n default - --config={{ openshift.common.config_base }}/master/admin.kubeconfig - get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\} - --output-version=v1 + # This command has to be on a single line. + command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\} --output-version=v1" register: master_service_ip_output when: openshift.common.version_greater_than_3_1_or_1_1 | bool - set_fact: -- cgit v1.2.3 From 91411addfbaec7db5a039358d9fac8736f064b57 Mon Sep 17 00:00:00 2001 From: Stefanie Forrester Date: Wed, 25 Nov 2015 13:03:58 -0500 Subject: added upgrade playbook for online --- playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 00ebf4ce6..0309e8a77 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -36,9 +36,9 @@ - fail: msg: > - This upgrade is only supported for origin and openshift-enterprise + This upgrade is only supported for origin, openshift-enterprise, and online deployment types - when: deployment_type not in ['origin','openshift-enterprise'] + when: deployment_type not in ['origin','openshift-enterprise', 'online'] - fail: msg: > -- cgit v1.2.3 From 192ccc8e6e6f465351828f32e9dc43b840897b67 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 1 Dec 2015 16:30:05 -0500 Subject: Refactor dns options and facts. --- playbooks/common/openshift-cluster/config.yml | 3 --- playbooks/common/openshift-master/config.yml | 16 ---------------- 2 files changed, 19 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index a8bd634d3..482fa8441 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -6,6 +6,3 @@ - include: ../openshift-master/config.yml - include: ../openshift-node/config.yml - vars: - osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}" - osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].cluster_dns_ip }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 1c8a92122..785a78497 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -353,22 +353,6 @@ - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool - # TODO: Setting the cluster dns ip should be pushed into openshift-facts -- name: Determine cluster dns ip - hosts: oo_first_master - tasks: - - name: Get master service ip - # This command has to be on a single line. - command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\} --output-version=v1" - register: master_service_ip_output - when: openshift.common.version_greater_than_3_1_or_1_1 | bool - - set_fact: - cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}" - when: not openshift.common.version_greater_than_3_1_or_1_1 | bool - - set_fact: - cluster_dns_ip: "{{ master_service_ip_output.stdout }}" - when: openshift.common.version_greater_than_3_1_or_1_1 | bool - - name: Enable cockpit hosts: oo_first_master vars: -- cgit v1.2.3 From 04ce758d35666c9f887a9bb1b44ccae1d20ee908 Mon Sep 17 00:00:00 2001 From: enoodle Date: Mon, 23 Nov 2015 17:46:27 +0200 Subject: ManageIQ Service Account: added role for ManageIQ service account Signed-off-by: enoodle --- playbooks/common/openshift-master/config.yml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 902fde956..7bdaca2c9 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -350,6 +350,8 @@ - openshift_examples - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool + - role: openshift_manageiq + when: openshift.common.use_manageiq | bool - name: Determine cluster dns ip hosts: oo_first_master -- cgit v1.2.3 From 208063939b6b97b80b4bd3ab12358fb745993d44 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Fri, 4 Dec 2015 08:53:30 -0500 Subject: Pass in and use first_master_ip as dnsIP for pre 3.1 nodes. --- playbooks/common/openshift-cluster/scaleup.yml | 2 -- playbooks/common/openshift-node/config.yml | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-cluster/scaleup.yml b/playbooks/common/openshift-cluster/scaleup.yml index e1778e41e..d2ba3fc7a 100644 --- a/playbooks/common/openshift-cluster/scaleup.yml +++ b/playbooks/common/openshift-cluster/scaleup.yml @@ -3,6 +3,4 @@ - include: ../openshift-node/config.yml vars: - osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}" - osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}" openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 2b6171cb3..952a9fd51 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -158,8 +158,10 @@ vars: sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" + # TODO: Prefix flannel role variables. etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}" embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" + openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" pre_tasks: - name: Ensure certificate directory exists file: -- cgit v1.2.3 From dd17fd49597ec27f66ff9436f211036125dbb08f Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 9 Dec 2015 12:08:56 -0500 Subject: Simplify session secrets overrides. --- playbooks/common/openshift-master/config.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'playbooks/common') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index becd68dbe..196cdc8fe 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -249,22 +249,14 @@ - name: Generate session authentication key command: /usr/bin/openssl rand -base64 24 register: session_auth_output - with_sequence: count=1 when: openshift_master_session_auth_secrets is undefined - name: Generate session encryption key command: /usr/bin/openssl rand -base64 24 register: session_encryption_output - with_sequence: count=1 when: openshift_master_session_encryption_secrets is undefined - set_fact: - session_auth_secret: "{{ openshift_master_session_auth_secrets - | default(session_auth_output.results - | oo_collect(attribute='stdout') - | list) }}" - session_encryption_secret: "{{ openshift_master_session_encryption_secrets - | default(session_encryption_output.results - | oo_collect(attribute='stdout') - | list) }}" + session_auth_secret: "{{ openshift_master_session_auth_secrets | default([session_auth_output.stdout]) }}" + session_encryption_secret: "{{ openshift_master_session_encryption_secrets | default([session_encryption_output.stdout]) }}" - name: Parse named certificates hosts: localhost -- cgit v1.2.3