diff options
20 files changed, 45 insertions, 60 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 70f88dcd6..822a6dca2 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.9.0-0.3.0 ./ +3.9.0-0.6.0 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 54fe962fb..9db43e4cc 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -10,7 +10,7 @@ Name: openshift-ansible Version: 3.9.0 -Release: 0.3.0%{?dist} +Release: 0.6.0%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -285,6 +285,17 @@ Atomic OpenShift Utilities includes %changelog +* Tue Dec 12 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.6.0 +- add openshift_master_api_port var to example inventory (jdiaz@redhat.com) +- Allow 2 sets of hostnames for openstack provider (bdobreli@redhat.com) + +* Mon Dec 11 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.5.0 +- Remove unneeded embedded etcd logic (mgugino@redhat.com) + +* Mon Dec 11 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.4.0 +- Copying upstream fix for ansible 2.4 ec2_group module. (kwoodson@redhat.com) +- Add missing dependencies on openshift_facts role (sdodson@redhat.com) + * Mon Dec 11 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.3.0 - remove integration tests from tox (lmeyer@redhat.com) - correct ansible-playbook command syntax (jdiaz@redhat.com) diff --git a/playbooks/aws/provisioning-inventory.example.ini b/playbooks/aws/provisioning-inventory.example.ini index 238a7eb2f..cf76c9d10 100644 --- a/playbooks/aws/provisioning-inventory.example.ini +++ b/playbooks/aws/provisioning-inventory.example.ini @@ -11,6 +11,7 @@ etcd openshift_deployment_type=origin openshift_master_bootstrap_enabled=True +openshift_master_api_port=443 openshift_hosted_router_wait=False openshift_hosted_registry_wait=False diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index 37fc8a0f6..7b82fe05b 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -2,20 +2,6 @@ ############################################################################### # Upgrade Masters ############################################################################### - -# If facts cache were for some reason deleted, this fact may not be set, and if not set -# it will always default to true. This causes problems for the etcd data dir fact detection -# so we must first make sure this is set correctly before attempting the backup. -- name: Set master embedded_etcd fact - hosts: oo_masters_to_config - roles: - - openshift_facts - tasks: - - openshift_facts: - role: master - local_facts: - embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" - - name: Backup and upgrade etcd import_playbook: ../../../openshift-etcd/private/upgrade_main.yml diff --git a/playbooks/init/evaluate_groups.yml b/playbooks/init/evaluate_groups.yml index 8787c87e1..8087f6ffc 100644 --- a/playbooks/init/evaluate_groups.yml +++ b/playbooks/init/evaluate_groups.yml @@ -46,14 +46,9 @@ - name: Evaluate groups - Fail if no etcd hosts group is defined fail: msg: > - Running etcd as an embedded service is no longer supported. If this is a - new install please define an 'etcd' group with either one or three - hosts. These hosts may be the same hosts as your masters. If this is an - upgrade you may set openshift_master_unsupported_embedded_etcd=true - until a migration playbook becomes available. + Running etcd as an embedded service is no longer supported. when: - g_etcd_hosts | default([]) | length not in [3,1] - - not openshift_master_unsupported_embedded_etcd | default(False) - not (openshift_node_bootstrap | default(False)) - name: Evaluate oo_all_hosts diff --git a/playbooks/openshift-etcd/private/migrate.yml b/playbooks/openshift-etcd/private/migrate.yml index 9ddb4afe2..313ed8bec 100644 --- a/playbooks/openshift-etcd/private/migrate.yml +++ b/playbooks/openshift-etcd/private/migrate.yml @@ -19,7 +19,6 @@ name: etcd tasks_from: migrate.pre_check.yml vars: - r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" etcd_peer: "{{ ansible_default_ipv4.address }}" # TODO: This will be different for release-3.6 branch @@ -49,7 +48,6 @@ tasks_from: backup.yml vars: r_etcd_common_backup_tag: pre-migration - r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_etcd_common_backup_sufix_name: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" - name: Gate on etcd backup @@ -84,7 +82,6 @@ name: etcd tasks_from: migrate.yml vars: - r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" etcd_peer: "{{ openshift.common.ip }}" etcd_url_scheme: "https" etcd_peer_url_scheme: "https" @@ -97,7 +94,6 @@ name: etcd tasks_from: clean_data.yml vars: - r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" etcd_peer: "{{ openshift.common.ip }}" etcd_url_scheme: "https" etcd_peer_url_scheme: "https" diff --git a/playbooks/openshift-etcd/private/upgrade_backup.yml b/playbooks/openshift-etcd/private/upgrade_backup.yml index 22ed7e610..7dfea07f1 100644 --- a/playbooks/openshift-etcd/private/upgrade_backup.yml +++ b/playbooks/openshift-etcd/private/upgrade_backup.yml @@ -9,7 +9,6 @@ tasks_from: backup.yml vars: r_etcd_common_backup_tag: "{{ etcd_backup_tag }}" - r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_etcd_common_backup_sufix_name: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" - name: Gate on etcd backup diff --git a/playbooks/openshift-node/private/additional_config.yml b/playbooks/openshift-node/private/additional_config.yml index 261e2048f..b86cb3cc2 100644 --- a/playbooks/openshift-node/private/additional_config.yml +++ b/playbooks/openshift-node/private/additional_config.yml @@ -33,7 +33,6 @@ roles: - role: flannel etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}" - embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" when: openshift_use_flannel | default(false) | bool - name: Additional node config diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index 403e0e1a7..2c9b70b5f 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -159,11 +159,22 @@ So the provisioned cluster nodes will start using those natively as default nameservers. Technically, this allows to deploy OpenShift clusters without dnsmasq proxies. -The `openshift_openstack_clusterid` and `openshift_openstack_public_dns_domain` will form the cluster's DNS domain all -your servers will be under. With the default values, this will be -`openshift.example.com`. For workloads, the default subdomain is 'apps'. -That sudomain can be set as well by the `openshift_openstack_app_subdomain` variable in -the inventory. +The `openshift_openstack_clusterid` and `openshift_openstack_public_dns_domain` +will form the cluster's public DNS domain all your servers will be under. With +the default values, this will be `openshift.example.com`. For workloads, the +default subdomain is 'apps'. That sudomain can be set as well by the +`openshift_openstack_app_subdomain` variable in the inventory. + +If you want to use a two sets of hostnames for public and private/prefixed DNS +records for your externally managed public DNS server, you can specify +`openshift_openstack_public_hostname_suffix` and/or +`openshift_openstack_private_hostname_suffix`. The suffixes will be added +to the nsupdate records sent to the external DNS server. Those are empty by default. + +**Note** the real hostnames, Nova servers' or ansible hostnames and inventory +variables will not be updated. The deployment may be done on arbitrary named +hosts with the hostnames managed by cloud-init. Inventory hostnames will ignore +the suffixes. The `openstack_<role name>_hostname` is a set of variables used for customising public names of Nova servers provisioned with a given role. When such a variable stays commented, diff --git a/roles/calico/tasks/main.yml b/roles/calico/tasks/main.yml index 0e3863304..bbc6edd48 100644 --- a/roles/calico/tasks/main.yml +++ b/roles/calico/tasks/main.yml @@ -14,7 +14,6 @@ vars: etcd_cert_prefix: calico.etcd- etcd_cert_config_dir: "{{ openshift.common.config_base }}/calico" - embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_cert_subdir: "openshift-calico-{{ openshift.common.hostname }}" diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml index 879ca4f4e..f2e1fc310 100644 --- a/roles/etcd/meta/main.yml +++ b/roles/etcd/meta/main.yml @@ -19,3 +19,4 @@ dependencies: - role: lib_openshift - role: lib_os_firewall - role: lib_utils +- role: openshift_facts diff --git a/roles/flannel/defaults/main.yaml b/roles/flannel/defaults/main.yaml index 488b6b0bc..2e4a0dc39 100644 --- a/roles/flannel/defaults/main.yaml +++ b/roles/flannel/defaults/main.yaml @@ -2,8 +2,8 @@ flannel_interface: "{{ ansible_default_ipv4.interface }}" flannel_etcd_key: /openshift.com/network etcd_hosts: "{{ etcd_urls }}" -etcd_peer_ca_file: "{{ openshift.common.config_base }}/node/{{ 'ca' if (embedded_etcd | bool) else 'flannel.etcd-ca' }}.crt" -etcd_peer_cert_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.crt" -etcd_peer_key_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.key" +etcd_peer_ca_file: "{{ openshift.common.config_base }}/node/flannel.etcd-ca.crt" +etcd_peer_cert_file: "{{ openshift.common.config_base }}/node/flannel.etcd-client.crt" +etcd_peer_key_file: "{{ openshift.common.config_base }}/node/flannel.etcd-client.key" openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" diff --git a/roles/flannel_register/defaults/main.yaml b/roles/flannel_register/defaults/main.yaml index 1d0f5df6a..cd11fd9ff 100644 --- a/roles/flannel_register/defaults/main.yaml +++ b/roles/flannel_register/defaults/main.yaml @@ -4,6 +4,6 @@ flannel_subnet_len: "{{ 32 - (openshift.master.sdn_host_subnet_length | int) }}" flannel_etcd_key: /openshift.com/network etcd_hosts: "{{ etcd_urls }}" etcd_conf_dir: "{{ openshift.common.config_base }}/master" -etcd_peer_ca_file: "{{ etcd_conf_dir + '/ca.crt' if (openshift.master.embedded_etcd | bool) else etcd_conf_dir + '/master.etcd-ca.crt' }}" +etcd_peer_ca_file: "{{ etcd_conf_dir + '/master.etcd-ca.crt' }}" etcd_peer_cert_file: "{{ etcd_conf_dir }}/master.etcd-client.crt" etcd_peer_key_file: "{{ etcd_conf_dir }}/master.etcd-client.key" diff --git a/roles/openshift_ca/meta/main.yml b/roles/openshift_ca/meta/main.yml index f8b784a63..81b49ce60 100644 --- a/roles/openshift_ca/meta/main.yml +++ b/roles/openshift_ca/meta/main.yml @@ -14,3 +14,4 @@ galaxy_info: - system dependencies: - role: openshift_cli +- role: openshift_facts diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 520c00340..a10ba9310 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -458,7 +458,6 @@ def set_url_facts_if_unset(facts): etcd_urls = [] if etcd_hosts != '': facts['master']['etcd_port'] = ports['etcd'] - facts['master']['embedded_etcd'] = False for host in etcd_hosts: etcd_urls.append(format_url(use_ssl['etcd'], host, ports['etcd'])) @@ -1595,7 +1594,7 @@ class OpenShiftFacts(object): console_port='8443', etcd_use_ssl=True, etcd_hosts='', etcd_port='4001', portal_net='172.30.0.0/16', - embedded_etcd=True, embedded_kube=True, + embedded_kube=True, embedded_dns=True, bind_addr='0.0.0.0', session_max_seconds=3600, diff --git a/roles/openshift_management/meta/main.yml b/roles/openshift_management/meta/main.yml index 07ad51126..9f19704a8 100644 --- a/roles/openshift_management/meta/main.yml +++ b/roles/openshift_management/meta/main.yml @@ -16,3 +16,4 @@ galaxy_info: dependencies: - role: lib_openshift - role: lib_utils +- role: openshift_facts diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 92668b227..f1a76e5f5 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -69,29 +69,13 @@ dnsConfig: bindNetwork: tcp4 {% endif %} etcdClientInfo: - ca: {{ "ca-bundle.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} + ca: master.etcd-ca.crt certFile: master.etcd-client.crt keyFile: master.etcd-client.key urls: {% for etcd_url in openshift.master.etcd_urls %} - {{ etcd_url }} {% endfor %} -{% if openshift.master.embedded_etcd | bool %} -etcdConfig: - address: {{ openshift.common.hostname }}:{{ openshift.master.etcd_port }} - peerAddress: {{ openshift.common.hostname }}:7001 - peerServingInfo: - bindAddress: {{ openshift.master.bind_addr }}:7001 - certFile: etcd.server.crt - clientCA: ca-bundle.crt - keyFile: etcd.server.key - servingInfo: - bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.etcd_port }} - certFile: etcd.server.crt - clientCA: ca-bundle.crt - keyFile: etcd.server.key - storageDirectory: {{ r_openshift_master_data_dir }}/openshift.local.etcd -{% endif %} etcdStorageConfig: kubernetesStoragePrefix: kubernetes.io kubernetesStorageVersion: v1 diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 0cb87dcaa..418dcba67 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -45,7 +45,6 @@ etcd_port: "{{ openshift_master_etcd_port | default(None) }}" etcd_use_ssl: "{{ openshift_master_etcd_use_ssl | default(None) }}" etcd_urls: "{{ openshift_master_etcd_urls | default(None) }}" - embedded_etcd: "{{ openshift_master_embedded_etcd | default(None) }}" embedded_kube: "{{ openshift_master_embedded_kube | default(None) }}" embedded_dns: "{{ openshift_master_embedded_dns | default(None) }}" bind_addr: "{{ openshift_master_bind_addr | default(None) }}" diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml index 929b76f54..65a647b8f 100644 --- a/roles/openshift_openstack/defaults/main.yml +++ b/roles/openshift_openstack/defaults/main.yml @@ -44,6 +44,9 @@ openshift_openstack_container_storage_setup: # populate-dns openshift_openstack_dns_records_add: [] +openshift_openstack_public_hostname_suffix: "" +openshift_openstack_private_hostname_suffix: "" +openshift_openstack_public_dns_domain: "example.com" openshift_openstack_full_dns_domain: "{{ (openshift_openstack_clusterid|trim == '') | ternary(openshift_openstack_public_dns_domain, openshift_openstack_clusterid + '.' + openshift_openstack_public_dns_domain) }}" openshift_openstack_app_subdomain: "apps" diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml index eae4967f7..cf2ead5c3 100644 --- a/roles/openshift_openstack/tasks/populate-dns.yml +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -1,7 +1,7 @@ --- - name: "Generate list of private A records" set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'] + openshift_openstack_private_hostname_suffix, 'ip': hostvars[item]['private_v4'] } ] }}" with_items: "{{ groups['cluster_hosts'] }}" - name: "Add wildcard records to the private A records for infrahosts" @@ -48,7 +48,7 @@ - name: "Generate list of public A records" set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'] + openshift_openstack_public_hostname_suffix, 'ip': hostvars[item]['public_v4'] } ] }}" with_items: "{{ groups['cluster_hosts'] }}" when: hostvars[item]['public_v4'] is defined |