From 399b19864653806c769ac954a6c79ef13a895d64 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Fri, 19 Jun 2015 14:41:10 -0400 Subject: Atomic Enterprise related changes. --- roles/openshift_common/vars/main.yml | 2 ++ roles/openshift_facts/library/openshift_facts.py | 4 +++- roles/openshift_master/tasks/main.yml | 2 +- roles/openshift_master_ca/tasks/main.yml | 2 +- roles/openshift_node/tasks/main.yml | 9 +++++++++ 5 files changed, 16 insertions(+), 3 deletions(-) (limited to 'roles') diff --git a/roles/openshift_common/vars/main.yml b/roles/openshift_common/vars/main.yml index 50816d319..817fe0a5f 100644 --- a/roles/openshift_common/vars/main.yml +++ b/roles/openshift_common/vars/main.yml @@ -5,3 +5,5 @@ # chains with the public zone (or the zone associated with the correct # interfaces) os_firewall_use_firewalld: False + +openshift_data_dir: /var/lib/origin diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 1b2ba6be3..24ae5183e 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -540,7 +540,7 @@ def set_deployment_facts_if_unset(facts): if 'service_type' not in facts['common']: service_type = 'atomic-openshift' if deployment_type == 'origin': - service_type = 'origin' + service_type = 'openshift' elif deployment_type in ['enterprise', 'online']: service_type = 'openshift' facts['common']['service_type'] = service_type @@ -548,6 +548,8 @@ def set_deployment_facts_if_unset(facts): config_base = '/etc/origin' if deployment_type in ['enterprise', 'online']: config_base = '/etc/openshift' + elif deployment_type == 'origin': + config_base = '/etc/openshift' facts['common']['config_base'] = config_base if 'data_dir' not in facts['common']: data_dir = '/var/lib/origin' diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 3a886935f..e1049abdd 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -65,7 +65,7 @@ disabled_features: "{{ osm_disabled_features | default(None) }}" - name: Install Master package - yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present + yum: pkg={{ openshift.common.service_type }}-master state=present register: install_result # TODO: These values need to be configurable diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index cfd1ceabf..abb0f8252 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install the base package for admin tooling - yum: pkg={{ openshift.common.service_type }}{{ openshift_version }} state=present + yum: pkg={{ openshift.common.service_type }} state=present register: install_result - name: Reload generated facts diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index aea60b75c..fbeba823e 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -45,6 +45,15 @@ register: sdn_install_result when: openshift.common.use_openshift_sdn +- name: Install Node package + yum: pkg={{ openshift.common.service_type }}-node state=present + register: node_install_result + +- name: Install sdn-ovs package + yum: pkg={{ openshift.common.service_type }}-sdn-ovs state=present + register: sdn_install_result + when: openshift.common.use_openshift_sdn + # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config template: -- cgit v1.2.3 From 3778662ef816b2bb0a3788ed65229b45622a0139 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 21 Aug 2015 23:49:49 -0400 Subject: Start of true master ha --- roles/haproxy/README.md | 34 ++++++++++++++++++++++++ roles/haproxy/defaults/main.yml | 13 +++++++++ roles/haproxy/handlers/main.yml | 5 ++++ roles/haproxy/meta/main.yml | 12 +++++++++ roles/haproxy/tasks/main.yml | 25 ++++++++++++++++++ roles/haproxy/templates/haproxy.cfg.j2 | 48 ++++++++++++++++++++++++++++++++++ roles/openshift_master/tasks/main.yml | 8 +++--- 7 files changed, 141 insertions(+), 4 deletions(-) create mode 100644 roles/haproxy/README.md create mode 100644 roles/haproxy/defaults/main.yml create mode 100644 roles/haproxy/handlers/main.yml create mode 100644 roles/haproxy/meta/main.yml create mode 100644 roles/haproxy/tasks/main.yml create mode 100644 roles/haproxy/templates/haproxy.cfg.j2 (limited to 'roles') diff --git a/roles/haproxy/README.md b/roles/haproxy/README.md new file mode 100644 index 000000000..5bc415066 --- /dev/null +++ b/roles/haproxy/README.md @@ -0,0 +1,34 @@ +HAProxy +======= + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml new file mode 100644 index 000000000..c002efdbc --- /dev/null +++ b/roles/haproxy/defaults/main.yml @@ -0,0 +1,13 @@ +--- +haproxy_frontends: +- name: main + bind: "*:80" + default_backend: default + +haproxy_backends: +- name: default + balance: roundrobin + servers: + - name: web01 + address: 127.0.0.1:9000 + opts: check diff --git a/roles/haproxy/handlers/main.yml b/roles/haproxy/handlers/main.yml new file mode 100644 index 000000000..ee60adcab --- /dev/null +++ b/roles/haproxy/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart haproxy + service: + name: haproxy + state: restarted diff --git a/roles/haproxy/meta/main.yml b/roles/haproxy/meta/main.yml new file mode 100644 index 000000000..e02d8f53c --- /dev/null +++ b/roles/haproxy/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: HAProxy + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 +dependencies: [] diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml new file mode 100644 index 000000000..5638b7313 --- /dev/null +++ b/roles/haproxy/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: Install haproxy + yum: + pkg: haproxy + state: present + +- name: Configure haproxy + template: + src: haproxy.cfg.j2 + dest: /etc/haproxy/haproxy.cfg + owner: root + group: root + mode: 0644 + notify: restart haproxy + +- name: Enable and start haproxy + service: + name: haproxy + state: started + enabled: yes + register: start_result + +- name: Pause 30 seconds if haproxy was just started + pause: seconds=30 + when: start_result | changed diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 new file mode 100644 index 000000000..bfcdcfdb1 --- /dev/null +++ b/roles/haproxy/templates/haproxy.cfg.j2 @@ -0,0 +1,48 @@ +# Global settings +#--------------------------------------------------------------------- +global + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user haproxy + group haproxy + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats + +#--------------------------------------------------------------------- +# common defaults that all the 'listen' and 'backend' sections will +# use if not designated in their block +#--------------------------------------------------------------------- +defaults + mode http + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 + +{% for frontend in haproxy_frontends %} +frontend {{ frontend.name }} + bind {{ frontend.bind }} + default_backend {{ frontend.default_backend }} +{% endfor %} + +{% for backend in haproxy_backends %} +backend {{ backend.name }} + balance {{ backend.balance }} +{% for server in backend.servers %} + server {{ server.name }} {{ server.address }} {{ server.opts }} +{% endfor %} +{% endfor %} diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index e1049abdd..abe652bcb 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -8,9 +8,9 @@ - openshift_master_oauth_grant_method in openshift_master_valid_grant_methods when: openshift_master_oauth_grant_method is defined -- fail: - msg: "openshift_master_cluster_password must be set for multi-master installations" - when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool and openshift_master_cluster_password is not defined +#- fail: +# msg: "openshift_master_cluster_password must be set for multi-master installations" +# when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool and openshift_master_cluster_password is not defined - name: Set master facts openshift_facts: @@ -144,7 +144,7 @@ - name: Start and enable master service: name={{ openshift.common.service_type }}-master enabled=yes state=started - when: not openshift_master_ha | bool +# when: not openshift_master_ha | bool register: start_result - set_fact: -- cgit v1.2.3 From 51bcc78aea4015bf23d06b621b57de675b21e7cf Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Thu, 22 Oct 2015 13:58:38 -0400 Subject: additional native ha changes --- roles/openshift_master/tasks/main.yml | 1 + roles/openshift_master/templates/master.yaml.v1.j2 | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'roles') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index abe652bcb..f11582ce7 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -63,6 +63,7 @@ controller_args: "{{ osm_controller_args | default(None) }}" infra_nodes: "{{ num_infra | default(None) }}" disabled_features: "{{ osm_disabled_features | default(None) }}" + master_count: "{{ openshift_master_count | default(None) }}" - name: Install Master package yum: pkg={{ openshift.common.service_type }}-master state=present diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 9547a6945..877c44772 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -80,8 +80,7 @@ kubernetesMasterConfig: - v1 apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }} controllerArguments: {{ controller_args if controller_args is defined else 'null' }} -{# TODO: support overriding masterCount #} - masterCount: 1 + masterCount: {{ openshift.master.master_count }} masterIP: "" podEvictionTimeout: "" proxyClientInfo: -- cgit v1.2.3 From 18c877db73dcb63b1402322fe8352505006e4985 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 25 Aug 2015 08:42:20 -0400 Subject: additional ha related updates --- roles/haproxy/defaults/main.yml | 3 +- roles/haproxy/templates/haproxy.cfg.j2 | 25 ++++++- roles/openshift_master/handlers/main.yml | 8 +++ roles/openshift_master/tasks/main.yml | 84 +++++++++++++++++++++- roles/openshift_master/templates/master.yaml.v1.j2 | 18 +++-- 5 files changed, 130 insertions(+), 8 deletions(-) (limited to 'roles') diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml index c002efdbc..16e9af4d1 100644 --- a/roles/haproxy/defaults/main.yml +++ b/roles/haproxy/defaults/main.yml @@ -1,7 +1,8 @@ --- haproxy_frontends: - name: main - bind: "*:80" + binds: + - "*:80" default_backend: default haproxy_backends: diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 index bfcdcfdb1..fddf0ede1 100644 --- a/roles/haproxy/templates/haproxy.cfg.j2 +++ b/roles/haproxy/templates/haproxy.cfg.j2 @@ -35,13 +35,36 @@ defaults {% for frontend in haproxy_frontends %} frontend {{ frontend.name }} - bind {{ frontend.bind }} +{% for bind in frontend.binds %} + bind {{ bind }} +{% endfor %} default_backend {{ frontend.default_backend }} +{% if 'mode' in frontend %} + mode {{ frontend.mode }} +{% endif %} +{% if 'options' in frontend %} +{% for option in frontend.options %} + option {{ option }} +{% endfor %} +{% endif %} +{% if 'redirects' in frontend %} +{% for redirect in frontend.redirects %} + redirect {{ redirect }} +{% endfor %} +{% endif %} {% endfor %} {% for backend in haproxy_backends %} backend {{ backend.name }} balance {{ backend.balance }} +{% if 'mode' in backend %} + mode {{ backend.mode }} +{% endif %} +{% if 'options' in backend %} +{% for option in backend.options %} + option {{ option }} +{% endfor %} +{% endif %} {% for server in backend.servers %} server {{ server.name }} {{ server.address }} {{ server.opts }} {% endfor %} diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index 37028e0f6..9ce4f512b 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -2,3 +2,11 @@ - name: restart master service: name={{ openshift.common.service_type }}-master state=restarted when: (not openshift_master_ha | bool) and (not master_service_status_changed | default(false)) + +- name: restart master api + service: name={{ openshift.common.service_type }}-master-api state=restarted + when: openshift_master_ha | bool + +- name: restart master controllers + service: name={{ openshift.common.service_type }}-master-controllers state=restarted + when: openshift_master_ha | bool diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index f11582ce7..b23c19d37 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -91,6 +91,8 @@ creates: "{{ openshift_master_policy }}" notify: - restart master + - restart master api + - restart master controllers - name: Create the scheduler config template: @@ -99,6 +101,8 @@ backup: true notify: - restart master + - restart master api + - restart master controllers - name: Install httpd-tools if needed yum: pkg=httpd-tools state=present @@ -121,6 +125,30 @@ when: item.kind == 'HTPasswdPasswordIdentityProvider' with_items: openshift.master.identity_providers +# workaround for missing systemd unit files for controllers/api +- name: Create the api service file + copy: + src: atomic-openshift-master-api.service + dest: /usr/lib/systemd/system/atomic-openshift-master-api.service + force: no +- name: Create the controllers service file + copy: + src: atomic-openshift-master-controllers.service + dest: /usr/lib/systemd/system/atomic-openshift-master-controllers.service + force: no +- name: Create the api env file + copy: + src: atomic-openshift-master-api + dest: /etc/sysconfig/atomic-openshift-master-api + force: no +- name: Create the controllers env file + copy: + src: atomic-openshift-master-controllers + dest: /etc/sysconfig/atomic-openshift-master-controllers + force: no +- command: systemctl daemon-reload +# end workaround for missing systemd unit files + # TODO: add the validate parameter when there is a validation command to run - name: Create master config template: @@ -129,6 +157,8 @@ backup: true notify: - restart master + - restart master api + - restart master controllers - name: Configure master settings lineinfile: @@ -143,9 +173,61 @@ notify: - restart master +- name: Configure master api settings + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + with_items: + - regex: '^OPTIONS=' + line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8443 --master=https://{{ openshift.common.ip }}:8443" + - regex: '^CONFIG_FILE=' + line: "CONFIG_FILE={{ openshift_master_config_file }}" + notify: + - restart master api + +- name: Configure master controller settings + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + with_items: + - regex: '^OPTIONS=' + line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8444" + - regex: '^CONFIG_FILE=' + line: "CONFIG_FILE={{ openshift_master_config_file }}" + notify: + - restart master controllers + - name: Start and enable master service: name={{ openshift.common.service_type }}-master enabled=yes state=started -# when: not openshift_master_ha | bool + when: not openshift_master_ha | bool + register: start_result + +# workaround for start bug when configuring ha +- name: Start master for ha workaround + service: name={{ openshift.common.service_type }}-master state=started + when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master + +- name: pause for 30 seconds to let master finish starting up for ha workaround + pause: seconds=30 + when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master + +- name: Stop master for ha workaround + service: name={{ openshift.common.service_type }}-master state=stopped + when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master +# end workaround for start bug when configuring ha + +- fail: + +- name: Start and enable master api + service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started + when: openshift_master_ha | bool + register: start_result + +- name: Start and enable master controller + service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started + when: openshift_master_ha | bool register: start_result - set_fact: diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 877c44772..3f2c51417 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -10,13 +10,16 @@ assetConfig: publicURL: {{ openshift.master.public_console_url }}/ servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }} + bindNetwork: tcp4 certFile: master.server.crt clientCA: "" keyFile: master.server.key maxRequestsInFlight: 0 requestTimeoutSeconds: 0 +controllerLeaseTTL: 0 +controllers: '*' corsAllowedOrigins: -{% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] | unique %} +{% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} - {{ origin }} {% endfor %} {% for custom_origin in openshift.master.custom_cors_origins | default("") %} @@ -29,8 +32,10 @@ corsAllowedOrigins: disabledFeatures: {{ openshift.master.disabled_features | to_json }} {% endif %} {% if openshift.master.embedded_dns | bool %} +disabledFeatures: null dnsConfig: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }} + bindNetwork: tcp4 {% endif %} etcdClientInfo: ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} @@ -81,13 +86,13 @@ kubernetesMasterConfig: apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }} controllerArguments: {{ controller_args if controller_args is defined else 'null' }} masterCount: {{ openshift.master.master_count }} - masterIP: "" - podEvictionTimeout: "" + masterIP: {{ openshift.common.ip }} + podEvictionTimeout: 5m proxyClientInfo: certFile: master.proxy-client.crt keyFile: master.proxy-client.key schedulerConfigFile: {{ openshift_master_scheduler_conf }} - servicesNodePortRange: "" + servicesNodePortRange: 30000-32767 servicesSubnet: {{ openshift.master.portal_net }} staticNodeNames: {{ openshift_node_ips | default([], true) }} {% endif %} @@ -105,6 +110,7 @@ networkConfig: # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.master.portal_net }} {% include 'v1_partials/oauthConfig.j2' %} +pauseControllers: false policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} openshiftInfrastructureNamespace: openshift-infra @@ -118,8 +124,9 @@ projectConfig: mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }} uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}" routingConfig: - subdomain: "{{ openshift.master.default_subdomain | default("") }}" + subdomain: "{{ openshift.master.default_subdomain | default("router.default.svc.cluster.local") }}" serviceAccountConfig: + limitSecretReferences: false managedNames: - default - builder @@ -130,6 +137,7 @@ serviceAccountConfig: - serviceaccounts.public.key servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} + bindNetwork: tcp4 certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key -- cgit v1.2.3 From ac0f4cb56e1469e9033e3a218265bc70f774624d Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 25 Aug 2015 14:40:08 -0400 Subject: more tweaks --- roles/haproxy/defaults/main.yml | 7 +++++++ roles/haproxy/meta/main.yml | 4 +++- roles/haproxy/templates/haproxy.cfg.j2 | 9 +++++++-- .../files/atomic-openshift-master-api | 9 +++++++++ .../files/atomic-openshift-master-api.service | 21 +++++++++++++++++++++ .../files/atomic-openshift-master-controllers | 9 +++++++++ .../atomic-openshift-master-controllers.service | 22 ++++++++++++++++++++++ roles/openshift_master/tasks/main.yml | 21 +++++---------------- roles/openshift_master_ca/tasks/main.yml | 2 +- 9 files changed, 84 insertions(+), 20 deletions(-) create mode 100644 roles/openshift_master/files/atomic-openshift-master-api create mode 100644 roles/openshift_master/files/atomic-openshift-master-api.service create mode 100644 roles/openshift_master/files/atomic-openshift-master-controllers create mode 100644 roles/openshift_master/files/atomic-openshift-master-controllers.service (limited to 'roles') diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml index 16e9af4d1..7ba5bd485 100644 --- a/roles/haproxy/defaults/main.yml +++ b/roles/haproxy/defaults/main.yml @@ -12,3 +12,10 @@ haproxy_backends: - name: web01 address: 127.0.0.1:9000 opts: check + +os_firewall_use_firewalld: False +os_firewall_allow: +- service: haproxy stats + port: "9000/tcp" +- service: haproxy balance + port: "8443/tcp" diff --git a/roles/haproxy/meta/main.yml b/roles/haproxy/meta/main.yml index e02d8f53c..0fad106a9 100644 --- a/roles/haproxy/meta/main.yml +++ b/roles/haproxy/meta/main.yml @@ -9,4 +9,6 @@ galaxy_info: - name: EL versions: - 7 -dependencies: [] +dependencies: +- { role: os_firewall } +- { role: openshift_repos } diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 index fddf0ede1..c932af72f 100644 --- a/roles/haproxy/templates/haproxy.cfg.j2 +++ b/roles/haproxy/templates/haproxy.cfg.j2 @@ -27,12 +27,17 @@ defaults timeout http-request 10s timeout queue 1m timeout connect 10s - timeout client 1m - timeout server 1m + timeout client 300s + timeout server 300s timeout http-keep-alive 10s timeout check 10s maxconn 3000 +listen stats :9000 + mode http + stats enable + stats uri / + {% for frontend in haproxy_frontends %} frontend {{ frontend.name }} {% for bind in frontend.binds %} diff --git a/roles/openshift_master/files/atomic-openshift-master-api b/roles/openshift_master/files/atomic-openshift-master-api new file mode 100644 index 000000000..ea82468a0 --- /dev/null +++ b/roles/openshift_master/files/atomic-openshift-master-api @@ -0,0 +1,9 @@ +OPTIONS= +CONFIG_FILE=/etc/origin/master/master-config.yaml + +# Proxy configuration +# Origin uses standard HTTP_PROXY environment variables. Be sure to set +# NO_PROXY for your master +#NO_PROXY=master.example.com +#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT +#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/files/atomic-openshift-master-api.service b/roles/openshift_master/files/atomic-openshift-master-api.service new file mode 100644 index 000000000..b24b9809e --- /dev/null +++ b/roles/openshift_master/files/atomic-openshift-master-api.service @@ -0,0 +1,21 @@ +[Unit] +Description=Atomic OpenShift Master API +Documentation=https://github.com/openshift/origin +After=network.target +After=etcd.service +Before=atomic-openshift-node.service +Requires=network.target + +[Service] +Type=notify +EnvironmentFile=/etc/sysconfig/atomic-openshift-master-api +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/atomic-enterprise start master api --config=${CONFIG_FILE} $OPTIONS +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory=/var/lib/origin/ +SyslogIdentifier=atomic-openshift-master-api + +[Install] +WantedBy=multi-user.target +WantedBy=atomic-openshift-node.service diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers b/roles/openshift_master/files/atomic-openshift-master-controllers new file mode 100644 index 000000000..ea82468a0 --- /dev/null +++ b/roles/openshift_master/files/atomic-openshift-master-controllers @@ -0,0 +1,9 @@ +OPTIONS= +CONFIG_FILE=/etc/origin/master/master-config.yaml + +# Proxy configuration +# Origin uses standard HTTP_PROXY environment variables. Be sure to set +# NO_PROXY for your master +#NO_PROXY=master.example.com +#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT +#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers.service b/roles/openshift_master/files/atomic-openshift-master-controllers.service new file mode 100644 index 000000000..e84160e5a --- /dev/null +++ b/roles/openshift_master/files/atomic-openshift-master-controllers.service @@ -0,0 +1,22 @@ +[Unit] +Description=Atomic OpenShift Master Controllers +Documentation=https://github.com/openshift/origin +After=network.target +After=atomic-openshift-master-api.service +Before=atomic-openshift-node.service +Requires=network.target + +[Service] +Type=notify +EnvironmentFile=/etc/sysconfig/atomic-openshift-master-controllers +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/atomic-enterprise start master controllers --config=${CONFIG_FILE} $OPTIONS +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory=/var/lib/origin/ +SyslogIdentifier=atomic-openshift-master-controllers +Restart=on-failure + +[Install] +WantedBy=multi-user.target +WantedBy=atomic-openshift-node.service diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index b23c19d37..00aaa2e57 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -204,27 +204,16 @@ when: not openshift_master_ha | bool register: start_result -# workaround for start bug when configuring ha -- name: Start master for ha workaround - service: name={{ openshift.common.service_type }}-master state=started - when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master - -- name: pause for 30 seconds to let master finish starting up for ha workaround - pause: seconds=30 - when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master - -- name: Stop master for ha workaround - service: name={{ openshift.common.service_type }}-master state=stopped - when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master -# end workaround for start bug when configuring ha - -- fail: - - name: Start and enable master api service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started when: openshift_master_ha | bool register: start_result +# TODO: work to eliminate this workaround +- name: pause a random interval to avoid startup errors for controller + pause: seconds={{ 60 | random(step=5) }} + when: openshift_master_ha | bool + - name: Start and enable master controller service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started when: openshift_master_ha | bool diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index abb0f8252..0738048d3 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -14,7 +14,7 @@ - name: Create the master certificates if they do not already exist command: > {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ openshift.common.all_hostnames | join(',') }} + --hostnames={{ master_hostnames | join(',') }} --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_master_config_dir }} --overwrite=false -- cgit v1.2.3 From 037d77599632faa81f0c6ca1e912a19f04628b55 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 25 Aug 2015 15:48:42 -0400 Subject: more tweaks --- roles/openshift_master/tasks/main.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'roles') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 00aaa2e57..085855750 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -209,15 +209,17 @@ when: openshift_master_ha | bool register: start_result -# TODO: work to eliminate this workaround -- name: pause a random interval to avoid startup errors for controller - pause: seconds={{ 60 | random(step=5) }} +- name: pause to prevent service restart from interfering with bootstrapping + pause: seconds=30 when: openshift_master_ha | bool +# TODO: fix the ugly workaround of setting ignore_errors +# the controllers service tries to start even if it is already started - name: Start and enable master controller service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started when: openshift_master_ha | bool register: start_result + ignore_errors: yes - set_fact: master_service_status_changed = start_result | changed -- cgit v1.2.3 From a094ba9c632d9b0f66f49d35f6fed26e4b118a12 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 25 Aug 2015 16:28:11 -0400 Subject: hardcode openshift binaries for now --- roles/openshift_master/files/atomic-openshift-master-api.service | 2 +- .../openshift_master/files/atomic-openshift-master-controllers.service | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'roles') diff --git a/roles/openshift_master/files/atomic-openshift-master-api.service b/roles/openshift_master/files/atomic-openshift-master-api.service index b24b9809e..4663b77f2 100644 --- a/roles/openshift_master/files/atomic-openshift-master-api.service +++ b/roles/openshift_master/files/atomic-openshift-master-api.service @@ -10,7 +10,7 @@ Requires=network.target Type=notify EnvironmentFile=/etc/sysconfig/atomic-openshift-master-api Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/atomic-enterprise start master api --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS LimitNOFILE=131072 LimitCORE=infinity WorkingDirectory=/var/lib/origin/ diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers.service b/roles/openshift_master/files/atomic-openshift-master-controllers.service index e84160e5a..517f9c908 100644 --- a/roles/openshift_master/files/atomic-openshift-master-controllers.service +++ b/roles/openshift_master/files/atomic-openshift-master-controllers.service @@ -10,7 +10,7 @@ Requires=network.target Type=notify EnvironmentFile=/etc/sysconfig/atomic-openshift-master-controllers Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/atomic-enterprise start master controllers --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS LimitNOFILE=131072 LimitCORE=infinity WorkingDirectory=/var/lib/origin/ -- cgit v1.2.3 From a6dd87452379403704fb5cd1d8647ef3cf978e28 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 26 Aug 2015 17:07:06 -0400 Subject: fix dueling controllers - without controllerLeaseTTL set in config, multiple controllers will attempt to start --- roles/openshift_master/handlers/main.yml | 2 ++ roles/openshift_master/tasks/main.yml | 1 + roles/openshift_master/templates/master.yaml.v1.j2 | 4 +++- 3 files changed, 6 insertions(+), 1 deletion(-) (limited to 'roles') diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index 9ce4f512b..ad3ac5a9f 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -7,6 +7,8 @@ service: name={{ openshift.common.service_type }}-master-api state=restarted when: openshift_master_ha | bool +# TODO: need to fix up ignore_errors here - name: restart master controllers service: name={{ openshift.common.service_type }}-master-controllers state=restarted when: openshift_master_ha | bool + ignore_errors: yes diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 085855750..290f22358 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -64,6 +64,7 @@ infra_nodes: "{{ num_infra | default(None) }}" disabled_features: "{{ osm_disabled_features | default(None) }}" master_count: "{{ openshift_master_count | default(None) }}" + controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}" - name: Install Master package yum: pkg={{ openshift.common.service_type }}-master state=present diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 3f2c51417..9145df479 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -16,7 +16,9 @@ assetConfig: keyFile: master.server.key maxRequestsInFlight: 0 requestTimeoutSeconds: 0 -controllerLeaseTTL: 0 +{% if openshift_master_ha | bool %} +controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }} +{% endif %} controllers: '*' corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} -- cgit v1.2.3 From 6571fd9d220b7cc67ae5738149164104d5662902 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 26 Aug 2015 22:15:02 -0400 Subject: Atomic Enterprise/OpenShift Enterprise merge update --- roles/openshift_facts/library/openshift_facts.py | 2 +- roles/openshift_node/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'roles') diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 24ae5183e..41c7ff1de 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -407,7 +407,7 @@ def set_identity_providers_if_unset(facts): name='allow_all', challenge=True, login=True, kind='AllowAllPasswordIdentityProvider' ) - if deployment_type == 'enterprise': + if deployment_type in ['enterprise', 'atomic-enterprise', 'openshift-enterprise']: identity_provider = dict( name='deny_all', challenge=True, login=True, kind='DenyAllPasswordIdentityProvider' diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index fbeba823e..c455a09f1 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -8,7 +8,7 @@ when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip - fail: msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." - when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online'] + when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] - name: Set node facts openshift_facts: -- cgit v1.2.3 From ca9f4f08fbf14f9edfa7331e327cf92a25cd4401 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 22 Sep 2015 16:42:36 -0400 Subject: Various HA changes for pacemaker and native methods. --- roles/openshift_common/vars/main.yml | 2 - roles/openshift_facts/library/openshift_facts.py | 39 ++++++----- .../files/atomic-openshift-master-api | 9 --- .../files/atomic-openshift-master-api.service | 21 ------ .../files/atomic-openshift-master-controllers | 9 --- .../atomic-openshift-master-controllers.service | 22 ------- roles/openshift_master/handlers/main.yml | 4 +- roles/openshift_master/tasks/main.yml | 75 ++++++++++++++-------- .../templates/atomic-openshift-master-api.j2 | 9 +++ .../atomic-openshift-master-api.service.j2 | 21 ++++++ .../atomic-openshift-master-controllers.j2 | 9 +++ .../atomic-openshift-master-controllers.service.j2 | 22 +++++++ .../templates/sessionSecretsFile.yaml.v1.j2 | 7 ++ roles/openshift_master/vars/main.yml | 1 + .../tasks/configure_deferred.yml | 8 --- roles/openshift_master_cluster/tasks/main.yml | 5 +- roles/openshift_node/meta/main.yml | 1 + roles/openshift_node/tasks/main.yml | 1 + roles/openshift_repos/tasks/main.yaml | 2 +- 19 files changed, 148 insertions(+), 119 deletions(-) delete mode 100644 roles/openshift_master/files/atomic-openshift-master-api delete mode 100644 roles/openshift_master/files/atomic-openshift-master-api.service delete mode 100644 roles/openshift_master/files/atomic-openshift-master-controllers delete mode 100644 roles/openshift_master/files/atomic-openshift-master-controllers.service create mode 100644 roles/openshift_master/templates/atomic-openshift-master-api.j2 create mode 100644 roles/openshift_master/templates/atomic-openshift-master-api.service.j2 create mode 100644 roles/openshift_master/templates/atomic-openshift-master-controllers.j2 create mode 100644 roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 create mode 100644 roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 delete mode 100644 roles/openshift_master_cluster/tasks/configure_deferred.yml (limited to 'roles') diff --git a/roles/openshift_common/vars/main.yml b/roles/openshift_common/vars/main.yml index 817fe0a5f..50816d319 100644 --- a/roles/openshift_common/vars/main.yml +++ b/roles/openshift_common/vars/main.yml @@ -5,5 +5,3 @@ # chains with the public zone (or the zone associated with the correct # interfaces) os_firewall_use_firewalld: False - -openshift_data_dir: /var/lib/origin diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 41c7ff1de..ae5d99121 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -540,7 +540,7 @@ def set_deployment_facts_if_unset(facts): if 'service_type' not in facts['common']: service_type = 'atomic-openshift' if deployment_type == 'origin': - service_type = 'openshift' + service_type = 'origin' elif deployment_type in ['enterprise', 'online']: service_type = 'openshift' facts['common']['service_type'] = service_type @@ -548,23 +548,10 @@ def set_deployment_facts_if_unset(facts): config_base = '/etc/origin' if deployment_type in ['enterprise', 'online']: config_base = '/etc/openshift' - elif deployment_type == 'origin': - config_base = '/etc/openshift' facts['common']['config_base'] = config_base if 'data_dir' not in facts['common']: data_dir = '/var/lib/origin' - if deployment_type in ['enterprise', 'online']: - data_dir = '/var/lib/openshift' facts['common']['data_dir'] = data_dir - facts['common']['version'] = version = get_openshift_version() - if version is not None: - if deployment_type == 'origin': - version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('1.0.6') - else: - version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('3.0.2.900') - else: - version_gt_3_1_or_1_1 = True - facts['common']['version_greater_than_3_1_or_1_1'] = version_gt_3_1_or_1_1 for role in ('master', 'node'): if role in facts: @@ -598,6 +585,27 @@ def set_deployment_facts_if_unset(facts): return facts +def set_version_facts_if_unset(facts): + """ Set version facts. This currently includes common.version and + common.version_greater_than_3_1_or_1_1. + + Args: + facts (dict): existing facts + Returns: + dict: the facts dict updated with version facts. + """ + if 'common' in facts: + deployment_type = facts['common']['deployment_type'] + facts['common']['version'] = version = get_openshift_version() + if version is not None: + if deployment_type == 'origin': + version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('1.0.6') + else: + version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('3.0.2.900') + else: + version_gt_3_1_or_1_1 = True + facts['common']['version_greater_than_3_1_or_1_1'] = version_gt_3_1_or_1_1 + return facts def set_sdn_facts_if_unset(facts): """ Set sdn facts if not already present in facts dict @@ -897,6 +905,7 @@ class OpenShiftFacts(object): facts = set_identity_providers_if_unset(facts) facts = set_sdn_facts_if_unset(facts) facts = set_deployment_facts_if_unset(facts) + facts = set_version_facts_if_unset(facts) facts = set_aggregate_facts(facts) return dict(openshift=facts) @@ -936,7 +945,7 @@ class OpenShiftFacts(object): session_name='ssn', session_secrets_file='', access_token_max_seconds=86400, auth_token_max_seconds=500, - oauth_grant_method='auto', cluster_defer_ha=False) + oauth_grant_method='auto') defaults['master'] = master if 'node' in roles: diff --git a/roles/openshift_master/files/atomic-openshift-master-api b/roles/openshift_master/files/atomic-openshift-master-api deleted file mode 100644 index ea82468a0..000000000 --- a/roles/openshift_master/files/atomic-openshift-master-api +++ /dev/null @@ -1,9 +0,0 @@ -OPTIONS= -CONFIG_FILE=/etc/origin/master/master-config.yaml - -# Proxy configuration -# Origin uses standard HTTP_PROXY environment variables. Be sure to set -# NO_PROXY for your master -#NO_PROXY=master.example.com -#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT -#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/files/atomic-openshift-master-api.service b/roles/openshift_master/files/atomic-openshift-master-api.service deleted file mode 100644 index 4663b77f2..000000000 --- a/roles/openshift_master/files/atomic-openshift-master-api.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Atomic OpenShift Master API -Documentation=https://github.com/openshift/origin -After=network.target -After=etcd.service -Before=atomic-openshift-node.service -Requires=network.target - -[Service] -Type=notify -EnvironmentFile=/etc/sysconfig/atomic-openshift-master-api -Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS -LimitNOFILE=131072 -LimitCORE=infinity -WorkingDirectory=/var/lib/origin/ -SyslogIdentifier=atomic-openshift-master-api - -[Install] -WantedBy=multi-user.target -WantedBy=atomic-openshift-node.service diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers b/roles/openshift_master/files/atomic-openshift-master-controllers deleted file mode 100644 index ea82468a0..000000000 --- a/roles/openshift_master/files/atomic-openshift-master-controllers +++ /dev/null @@ -1,9 +0,0 @@ -OPTIONS= -CONFIG_FILE=/etc/origin/master/master-config.yaml - -# Proxy configuration -# Origin uses standard HTTP_PROXY environment variables. Be sure to set -# NO_PROXY for your master -#NO_PROXY=master.example.com -#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT -#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers.service b/roles/openshift_master/files/atomic-openshift-master-controllers.service deleted file mode 100644 index 517f9c908..000000000 --- a/roles/openshift_master/files/atomic-openshift-master-controllers.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=Atomic OpenShift Master Controllers -Documentation=https://github.com/openshift/origin -After=network.target -After=atomic-openshift-master-api.service -Before=atomic-openshift-node.service -Requires=network.target - -[Service] -Type=notify -EnvironmentFile=/etc/sysconfig/atomic-openshift-master-controllers -Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS -LimitNOFILE=131072 -LimitCORE=infinity -WorkingDirectory=/var/lib/origin/ -SyslogIdentifier=atomic-openshift-master-controllers -Restart=on-failure - -[Install] -WantedBy=multi-user.target -WantedBy=atomic-openshift-node.service diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index ad3ac5a9f..4b9500cbd 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -5,10 +5,10 @@ - name: restart master api service: name={{ openshift.common.service_type }}-master-api state=restarted - when: openshift_master_ha | bool + when: (openshift_master_ha | bool) and (not master_api_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' # TODO: need to fix up ignore_errors here - name: restart master controllers service: name={{ openshift.common.service_type }}-master-controllers state=restarted - when: openshift_master_ha | bool + when: (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' ignore_errors: yes diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 290f22358..be77fce4a 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -8,17 +8,23 @@ - openshift_master_oauth_grant_method in openshift_master_valid_grant_methods when: openshift_master_oauth_grant_method is defined -#- fail: -# msg: "openshift_master_cluster_password must be set for multi-master installations" -# when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool and openshift_master_cluster_password is not defined +- fail: + msg: "openshift_master_cluster_method must be set to either 'native' or 'pacemaker' for multi-master installations" + when: openshift_master_ha | bool and ((openshift_master_cluster_method is not defined) or (openshift_master_cluster_method is defined and openshift_master_cluster_method not in ["native", "pacemaker"])) +- fail: + msg: "'native' high availability is not supported for the requested OpenShift version" + when: openshift_master_ha | bool and openshift_master_cluster_method == "native" and not openshift.common.version_greater_than_3_1_or_1_1 | bool +- fail: + msg: "openshift_master_cluster_password must be set for multi-master installations" + when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password) - name: Set master facts openshift_facts: role: master local_facts: + cluster_method: "{{ openshift_master_cluster_method | default(None) }}" cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" - cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}" debug_level: "{{ openshift_master_debug_level | default(openshift.common.debug_level) }}" api_port: "{{ openshift_master_api_port | default(None) }}" api_url: "{{ openshift_master_api_url | default(None) }}" @@ -41,6 +47,8 @@ portal_net: "{{ openshift_master_portal_net | default(None) }}" session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}" session_name: "{{ openshift_master_session_name | default(None) }}" + session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(None) }}" + session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(None) }}" session_secrets_file: "{{ openshift_master_session_secrets_file | default(None) }}" access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}" auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}" @@ -67,7 +75,7 @@ controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}" - name: Install Master package - yum: pkg={{ openshift.common.service_type }}-master state=present + yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present register: install_result # TODO: These values need to be configurable @@ -79,7 +87,7 @@ domain: cluster.local when: openshift.master.embedded_dns -- name: Create config parent directory if it doesn't exist +- name: Create config parent directory if it does not exist file: path: "{{ openshift_master_config_dir }}" state: directory @@ -128,28 +136,37 @@ # workaround for missing systemd unit files for controllers/api - name: Create the api service file - copy: - src: atomic-openshift-master-api.service - dest: /usr/lib/systemd/system/atomic-openshift-master-api.service + template: + src: atomic-openshift-master-api.service.j2 + dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-api.service force: no - name: Create the controllers service file - copy: - src: atomic-openshift-master-controllers.service - dest: /usr/lib/systemd/system/atomic-openshift-master-controllers.service + template: + src: atomic-openshift-master-controllers.service.j2 + dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-controllers.service force: no - name: Create the api env file - copy: - src: atomic-openshift-master-api - dest: /etc/sysconfig/atomic-openshift-master-api + template: + src: atomic-openshift-master-api.j2 + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api force: no - name: Create the controllers env file - copy: - src: atomic-openshift-master-controllers - dest: /etc/sysconfig/atomic-openshift-master-controllers + template: + src: atomic-openshift-master-controllers.j2 + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers force: no - command: systemctl daemon-reload # end workaround for missing systemd unit files +- name: Create session secrets file + template: + dest: "{{ openshift.master.session_secrets_file }}" + src: sessionSecretsFile.yaml.v1.j2 + force: no + notify: + - restart master + - restart master api + # TODO: add the validate parameter when there is a validation command to run - name: Create master config template: @@ -166,6 +183,7 @@ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master regexp: "{{ item.regex }}" line: "{{ item.line }}" + create: yes with_items: - regex: '^OPTIONS=' line: "OPTIONS=--loglevel={{ openshift.master.debug_level }}" @@ -205,34 +223,39 @@ when: not openshift_master_ha | bool register: start_result +- set_fact: + master_service_status_changed = start_result | changed + when: not openshift_master_ha | bool + - name: Start and enable master api service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started - when: openshift_master_ha | bool + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' register: start_result -- name: pause to prevent service restart from interfering with bootstrapping - pause: seconds=30 - when: openshift_master_ha | bool +- set_fact: + master_api_service_status_changed = start_result | changed + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' # TODO: fix the ugly workaround of setting ignore_errors # the controllers service tries to start even if it is already started - name: Start and enable master controller service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started - when: openshift_master_ha | bool + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' register: start_result ignore_errors: yes - set_fact: - master_service_status_changed = start_result | changed + master_controllers_service_status_changed = start_result | changed + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' - name: Install cluster packages yum: pkg=pcs state=present - when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool + when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' register: install_result - name: Start and enable cluster service service: name=pcsd enabled=yes state=started - when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool + when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' - name: Set the cluster user password shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.j2 new file mode 100644 index 000000000..205934248 --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-api.j2 @@ -0,0 +1,9 @@ +OPTIONS= +CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml + +# Proxy configuration +# Origin uses standard HTTP_PROXY environment variables. Be sure to set +# NO_PROXY for your master +#NO_PROXY=master.example.com +#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT +#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 new file mode 100644 index 000000000..ba19fb348 --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 @@ -0,0 +1,21 @@ +[Unit] +Description=Atomic OpenShift Master API +Documentation=https://github.com/openshift/origin +After=network.target +After=etcd.service +Before={{ openshift.common.service_type }}-node.service +Requires=network.target + +[Service] +Type=notify +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier=atomic-openshift-master-api + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 new file mode 100644 index 000000000..205934248 --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 @@ -0,0 +1,9 @@ +OPTIONS= +CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml + +# Proxy configuration +# Origin uses standard HTTP_PROXY environment variables. Be sure to set +# NO_PROXY for your master +#NO_PROXY=master.example.com +#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT +#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 new file mode 100644 index 000000000..8952c86ef --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 @@ -0,0 +1,22 @@ +[Unit] +Description=Atomic OpenShift Master Controllers +Documentation=https://github.com/openshift/origin +After=network.target +After={{ openshift.common.service_type }}-master-api.service +Before={{ openshift.common.service_type }}-node.service +Requires=network.target + +[Service] +Type=notify +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier={{ openshift.common.service_type }}-master-controllers +Restart=on-failure + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 new file mode 100644 index 000000000..d12d9db90 --- /dev/null +++ b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: SessionSecrets +secrets: +{% for secret in openshift_master_session_auth_secrets %} +- authentication: "{{ openshift_master_session_auth_secrets[loop.index0] }}" + encryption: "{{ openshift_master_session_encryption_secrets[loop.index0] }}" +{% endfor %} diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index ecdb4f883..534465451 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -2,6 +2,7 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml" openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json" +openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" openshift_version: "{{ openshift_pkg_version | default('') }}" diff --git a/roles/openshift_master_cluster/tasks/configure_deferred.yml b/roles/openshift_master_cluster/tasks/configure_deferred.yml deleted file mode 100644 index 3b416005b..000000000 --- a/roles/openshift_master_cluster/tasks/configure_deferred.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- debug: msg="Deferring config" - -- name: Start and enable the master - service: - name: "{{ openshift.common.service_type }}-master" - state: started - enabled: yes diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml index 315947183..6303a6e46 100644 --- a/roles/openshift_master_cluster/tasks/main.yml +++ b/roles/openshift_master_cluster/tasks/main.yml @@ -4,10 +4,7 @@ register: pcs_status changed_when: false failed_when: false - when: not openshift.master.cluster_defer_ha | bool + when: openshift.master.cluster_method == "pacemaker" - include: configure.yml when: "pcs_status | failed and 'Error: cluster is not currently running on this node' in pcs_status.stderr" - -- include: configure_deferred.yml - when: openshift.master.cluster_defer_ha | bool diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index c92008a77..9d40ae3b3 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - { role: openshift_common } +- { role: docker } diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index c455a09f1..6f163f541 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -68,6 +68,7 @@ dest: /etc/sysconfig/{{ openshift.common.service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" + create: yes with_items: - regex: '^OPTIONS=' line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}" diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 12e98b7a1..aa696ae12 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -8,7 +8,7 @@ # proper repos correctly. - assert: - that: openshift_deployment_type in known_openshift_deployment_types + that: openshift.common.deployment_type in known_openshift_deployment_types - name: Ensure libselinux-python is installed yum: -- cgit v1.2.3 From 11e7783d4b4177f100ecea8a8ffafbfb07ec47ee Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Thu, 5 Nov 2015 14:06:42 -0500 Subject: Revert to defaults --- roles/openshift_master/templates/master.yaml.v1.j2 | 6 +++--- roles/openshift_node/tasks/main.yml | 1 - 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'roles') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 9145df479..d4a6590ea 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -89,12 +89,12 @@ kubernetesMasterConfig: controllerArguments: {{ controller_args if controller_args is defined else 'null' }} masterCount: {{ openshift.master.master_count }} masterIP: {{ openshift.common.ip }} - podEvictionTimeout: 5m + podEvictionTimeout: "" proxyClientInfo: certFile: master.proxy-client.crt keyFile: master.proxy-client.key schedulerConfigFile: {{ openshift_master_scheduler_conf }} - servicesNodePortRange: 30000-32767 + servicesNodePortRange: "" servicesSubnet: {{ openshift.master.portal_net }} staticNodeNames: {{ openshift_node_ips | default([], true) }} {% endif %} @@ -126,7 +126,7 @@ projectConfig: mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }} uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}" routingConfig: - subdomain: "{{ openshift.master.default_subdomain | default("router.default.svc.cluster.local") }}" + subdomain: "{{ openshift.master.default_subdomain | default("") }}" serviceAccountConfig: limitSecretReferences: false managedNames: diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 6f163f541..c455a09f1 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -68,7 +68,6 @@ dest: /etc/sysconfig/{{ openshift.common.service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" - create: yes with_items: - regex: '^OPTIONS=' line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}" -- cgit v1.2.3