From 7b316631a2b988318b47d3a50a7b66e3ff3fdbd2 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 10 Jun 2015 10:31:39 -0400 Subject: Update for RC2 changes Remove openshift-deployer.kubeconfig from master template Sync config template Update enterprise image names Switch to node auto registration Add deployer to list of serviceAccountConfig.managedNames Move package installation before registering facts change default kubeconfig location Change system:openshift-client to system:openshift-master Rename node cert/key/kubeconfig per openshift/origin#3160 Update references to /var/lib/openshift/openshift.local.certificates --- roles/openshift_master/tasks/main.yml | 25 ++++++++++--------- roles/openshift_master/templates/master.yaml.v1.j2 | 29 ++++++++++++++++++---- 2 files changed, 37 insertions(+), 17 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 23f8b4649..da0a663ec 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -8,6 +8,15 @@ - openshift_master_oauth_grant_method in openshift_master_valid_grant_methods when: openshift_master_oauth_grant_method is defined +- name: Install OpenShift Master package + yum: pkg=openshift-master state=present + register: install_result + +# TODO: Is this necessary or was this a workaround for an old bug in packaging? +- name: Reload systemd units + command: systemctl daemon-reload + when: install_result | changed + - name: Set master OpenShift facts openshift_facts: role: master @@ -51,14 +60,6 @@ domain: cluster.local when: openshift.master.embedded_dns -- name: Install OpenShift Master package - yum: pkg=openshift-master state=present - register: install_result - -- name: Reload systemd units - command: systemctl daemon-reload - when: install_result | changed - - name: Create config parent directory if it doesn't exist file: path: "{{ openshift_master_config_dir }}" @@ -130,7 +131,7 @@ - name: Create the OpenShift client config dir(s) file: - path: "~{{ item }}/.config/openshift" + path: "~{{ item }}/.kube" state: directory mode: 0700 owner: "{{ item }}" @@ -142,16 +143,16 @@ # TODO: Update this file if the contents of the source file are not present in # the dest file, will need to make sure to ignore things that could be added - name: Copy the OpenShift admin client config(s) - command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.config/openshift/.config + command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config args: - creates: ~{{ item }}/.config/openshift/.config + creates: ~{{ item }}/.kube/config with_items: - root - "{{ ansible_ssh_user }}" - name: Update the permissions on the OpenShift admin client config(s) file: - path: "~{{ item }}/.config/openshift/.config" + path: "~{{ item }}/.kube/config" state: file mode: 0700 owner: "{{ item }}" diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 1c2d37b63..9df07e925 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -1,3 +1,6 @@ +apiLevels: +- v1beta3 +- v1 apiVersion: v1 assetConfig: logoutURL: "" @@ -8,6 +11,8 @@ assetConfig: certFile: master.server.crt clientCA: "" keyFile: master.server.key + maxRequestsInFlight: 0 + requestTimeoutSeconds: 0 corsAllowedOrigins: {# TODO: add support for user specified corsAllowedOrigins #} {% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %} @@ -43,9 +48,9 @@ etcdConfig: {% endif %} etcdStorageConfig: kubernetesStoragePrefix: kubernetes.io - kubernetesStorageVersion: v1beta3 - kubernetesStoragePrefix: kubernetes.io - openShiftStorageVersion: v1beta3 + kubernetesStorageVersion: v1 + openShiftStoragePrefix: openshift.io + openShiftStorageVersion: v1 imageConfig: format: {{ openshift.master.registry_url }} latest: false @@ -58,18 +63,24 @@ kubeletClientInfo: port: 10250 {% if openshift.master.embedded_kube %} kubernetesMasterConfig: + apiLevels: + - v1beta3 + - v1 + apiServerArguments: null + controllerArguments: null {# TODO: support overriding masterCount #} masterCount: 1 masterIP: "" + podEvictionTimeout: "" schedulerConfigFile: {{ openshift_master_scheduler_conf }} + servicesNodePortRange: "" servicesSubnet: {{ openshift.master.portal_net }} staticNodeNames: {{ openshift_node_ips | default([], true) }} {% endif %} masterClients: {# TODO: allow user to set externalKubernetesKubeConfig #} - deployerKubeConfig: openshift-deployer.kubeconfig externalKubernetesKubeConfig: "" - openshiftLoopbackKubeConfig: openshift-client.kubeconfig + openshiftLoopbackKubeConfig: openshift-master.kubeconfig masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }} @@ -78,16 +89,22 @@ networkConfig: {% include 'v1_partials/oauthConfig.j2' %} policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} + openshiftInfrastructureNamespace: openshift-infra openshiftSharedResourcesNamespace: openshift {# TODO: Allow users to override projectConfig items #} projectConfig: defaultNodeSelector: "" projectRequestMessage: "" projectRequestTemplate: "" + securityAllocator: + mcsAllocatorRange: s0:/2 + mcsLabelsPerProject: 5 + uidAllocatorRange: 1000000000-1999999999/10000 serviceAccountConfig: managedNames: - default - builder + - deployer privateKeyFile: serviceaccounts.private.key publicKeyFiles: - serviceaccounts.public.key @@ -96,3 +113,5 @@ servingInfo: certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key + maxRequestsInFlight: 0 + requestTimeoutSeconds: 0 -- cgit v1.2.3