summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--inventory/hosts.example14
-rw-r--r--playbooks/aws/provisioning_vars.yml.example5
-rw-r--r--playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml7
-rw-r--r--playbooks/common/openshift-cluster/upgrades/pre/config.yml4
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml4
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml4
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml5
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml5
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml5
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml5
-rw-r--r--playbooks/container-runtime/private/build_container_groups.yml6
-rw-r--r--playbooks/container-runtime/private/config.yml9
-rw-r--r--playbooks/container-runtime/private/setup_storage.yml4
-rw-r--r--playbooks/init/base_packages.yml4
-rw-r--r--playbooks/init/evaluate_groups.yml1
-rw-r--r--playbooks/init/facts.yml6
-rw-r--r--playbooks/init/main.yml6
-rw-r--r--playbooks/init/version.yml32
-rw-r--r--playbooks/openshift-etcd/private/embedded2external.yml6
-rw-r--r--playbooks/openshift-etcd/private/migrate.yml2
-rw-r--r--playbooks/openshift-etcd/private/redeploy-ca.yml6
-rw-r--r--playbooks/openshift-etcd/private/upgrade_backup.yml1
-rw-r--r--playbooks/openshift-master/private/redeploy-openshift-ca.yml6
-rw-r--r--playbooks/openshift-master/private/tasks/restart_hosts.yml1
-rw-r--r--playbooks/openshift-master/private/validate_restart.yml2
-rw-r--r--playbooks/openshift-master/scaleup.yml1
-rw-r--r--playbooks/openshift-node/private/configure_nodes.yml1
-rw-r--r--playbooks/openshift-node/private/containerized_nodes.yml1
-rw-r--r--playbooks/openshift-node/private/setup.yml1
-rw-r--r--playbooks/openshift-node/scaleup.yml1
-rw-r--r--playbooks/openstack/openshift-cluster/install.yml3
-rw-r--r--playbooks/openstack/sample-inventory/group_vars/OSEv3.yml4
-rwxr-xr-xplaybooks/openstack/sample-inventory/inventory.py5
-rw-r--r--roles/container_runtime/tasks/common/post.yml2
-rw-r--r--roles/container_runtime/tasks/systemcontainer_crio.yml2
-rw-r--r--roles/container_runtime/tasks/systemcontainer_docker.yml6
-rw-r--r--roles/etcd/tasks/migration/migrate.yml2
-rw-r--r--roles/flannel/handlers/main.yml4
-rw-r--r--roles/flannel/tasks/main.yml10
-rwxr-xr-xroles/lib_openshift/src/test/unit/test_oc_scale.py351
-rw-r--r--roles/lib_utils/action_plugins/sanity_checks.py57
-rw-r--r--roles/openshift_aws/tasks/provision_instance.yml8
-rw-r--r--roles/openshift_certificate_expiry/filter_plugins/oo_cert_expiry.py1
-rw-r--r--roles/openshift_certificate_expiry/tasks/main.yml2
-rw-r--r--roles/openshift_cli/defaults/main.yml2
-rw-r--r--roles/openshift_cloud_provider/tasks/main.yml3
-rw-r--r--roles/openshift_cloud_provider/tasks/vsphere.yml6
-rw-r--r--roles/openshift_cloud_provider/templates/vsphere.conf.j215
-rw-r--r--roles/openshift_cloud_provider/vars/main.yml1
-rw-r--r--roles/openshift_etcd_facts/vars/main.yml2
-rw-r--r--roles/openshift_examples/tasks/main.yml6
-rw-r--r--roles/openshift_expand_partition/README.md2
-rw-r--r--roles/openshift_facts/defaults/main.yml2
-rw-r--r--roles/openshift_health_checker/callback_plugins/zz_failure_summary.py2
-rw-r--r--roles/openshift_hosted/defaults/main.yml2
-rw-r--r--roles/openshift_hosted_templates/tasks/main.yml6
-rw-r--r--roles/openshift_logging/README.md3
-rw-r--r--roles/openshift_logging/library/openshift_logging_facts.py4
-rw-r--r--roles/openshift_logging/tasks/generate_jks.yaml6
-rw-r--r--roles/openshift_logging/tasks/install_logging.yaml8
-rw-r--r--roles/openshift_logging/tasks/main.yaml7
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/determine_version.yaml2
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/get_es_version.yml42
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/main.yaml16
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/restart_cluster.yml58
-rw-r--r--roles/openshift_logging_elasticsearch/tasks/restart_es_node.yml2
-rw-r--r--roles/openshift_logging_elasticsearch/vars/main.yml2
-rw-r--r--roles/openshift_logging_fluentd/tasks/label_and_wait.yaml1
-rw-r--r--roles/openshift_logging_mux/defaults/main.yml1
-rw-r--r--roles/openshift_logging_mux/tasks/main.yaml2
-rw-r--r--roles/openshift_master/tasks/upgrade/rpm_upgrade.yml12
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml7
-rw-r--r--roles/openshift_named_certificates/tasks/main.yml1
-rw-r--r--roles/openshift_node/defaults/main.yml2
-rw-r--r--roles/openshift_node/meta/main.yml2
-rw-r--r--roles/openshift_node/tasks/install.yml38
-rw-r--r--roles/openshift_node/tasks/main.yml4
-rw-r--r--roles/openshift_node/tasks/openvswitch_system_container.yml4
-rw-r--r--roles/openshift_node/tasks/upgrade/config_changes.yml4
-rw-r--r--roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml2
-rw-r--r--roles/openshift_node/tasks/upgrade/rpm_upgrade.yml2
-rw-r--r--roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml2
-rw-r--r--roles/openshift_node/templates/node.service.j22
-rw-r--r--roles/openshift_node/templates/node.yaml.v1.j22
-rw-r--r--roles/openshift_node/templates/openshift.docker.node.dep.service2
-rw-r--r--roles/openshift_storage_nfs_lvm/README.md8
-rw-r--r--roles/openshift_version/defaults/main.yml2
-rw-r--r--roles/openshift_version/tasks/check_available_rpms.yml10
-rw-r--r--roles/openshift_version/tasks/first_master.yml30
-rw-r--r--roles/openshift_version/tasks/first_master_containerized_version.yml (renamed from roles/openshift_version/tasks/set_version_containerized.yml)0
-rw-r--r--roles/openshift_version/tasks/first_master_rpm_version.yml16
-rw-r--r--roles/openshift_version/tasks/main.yml206
-rw-r--r--roles/openshift_version/tasks/masters_and_nodes.yml39
-rw-r--r--roles/openshift_version/tasks/set_version_rpm.yml24
-rw-r--r--roles/openshift_web_console/tasks/install.yml2
-rw-r--r--roles/openshift_web_console/tasks/update_asset_config.yml2
-rw-r--r--roles/template_service_broker/tasks/install.yml2
-rw-r--r--roles/template_service_broker/tasks/remove.yml2
-rw-r--r--test/tox-inventory.txt4
99 files changed, 857 insertions, 391 deletions
diff --git a/inventory/hosts.example b/inventory/hosts.example
index 8c2590078..d786146fc 100644
--- a/inventory/hosts.example
+++ b/inventory/hosts.example
@@ -197,6 +197,10 @@ openshift_release=v3.7
#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}]
#openshift_repos_enable_testing=false
+# If the image for etcd needs to be pulled from anywhere else than registry.access.redhat.com, e.g. in
+# a disconnected and containerized installation, use osm_etcd_image to specify the image to use:
+#osm_etcd_image=rhel7/etcd
+
# htpasswd auth
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
# Defining htpasswd users
@@ -284,6 +288,16 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#
# GCE
#openshift_cloudprovider_kind=gce
+#
+# vSphere
+#openshift_cloudprovider_kind=vsphere
+#openshift_cloudprovider_vsphere_username=username
+#openshift_cloudprovider_vsphere_password=password
+#openshift_cloudprovider_vsphere_host=vcenter_host or vsphere_host
+#openshift_cloudprovider_vsphere_datacenter=datacenter
+#openshift_cloudprovider_vsphere_datastore=datastore
+#openshift_cloudprovider_vsphere_folder=optional_folder_name
+
# Project Configuration
#osm_project_request_message=''
diff --git a/playbooks/aws/provisioning_vars.yml.example b/playbooks/aws/provisioning_vars.yml.example
index 2eb7d23d4..f6b1a6b5d 100644
--- a/playbooks/aws/provisioning_vars.yml.example
+++ b/playbooks/aws/provisioning_vars.yml.example
@@ -93,6 +93,11 @@ openshift_aws_ssh_key_name: # myuser_key
# --------- #
# Variables in this section apply to building a node AMI for use in your
# openshift cluster.
+# openshift-ansible will perform the container runtime storage setup when specified
+# The current storage setup with require a drive if using a separate storage device
+# for the container runtime.
+container_runtime_docker_storage_type: overlay2
+container_runtime_docker_storage_setup_device: /dev/xvdb
# must specify a base_ami when building an AMI
openshift_aws_base_ami: # ami-12345678
diff --git a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml
index 372a39e74..ef8233b67 100644
--- a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml
+++ b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml
@@ -2,7 +2,6 @@
- name: Create local temp directory for syncing certs
hosts: localhost
connection: local
- become: no
gather_facts: no
tasks:
- name: Create local temp directory for syncing certs
@@ -11,6 +10,11 @@
changed_when: false
when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
+ - name: Chmod local temp directory
+ local_action: command chmod 777 "{{ local_cert_sync_tmpdir.stdout }}"
+ changed_when: false
+ when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
+
- name: Create service signer certificate
hosts: oo_first_master
tasks:
@@ -65,7 +69,6 @@
- name: Delete local temp directory
hosts: localhost
connection: local
- become: no
gather_facts: no
tasks:
- name: Delete local temp directory
diff --git a/playbooks/common/openshift-cluster/upgrades/pre/config.yml b/playbooks/common/openshift-cluster/upgrades/pre/config.yml
index cfc0c8745..da63450b8 100644
--- a/playbooks/common/openshift-cluster/upgrades/pre/config.yml
+++ b/playbooks/common/openshift-cluster/upgrades/pre/config.yml
@@ -1,4 +1,6 @@
---
+# for control-plane upgrade, several variables may be passed in to this play
+# why may affect the tasks here and in imported playbooks.
# Pre-upgrade
- import_playbook: ../initialize_nodes_to_upgrade.yml
@@ -48,6 +50,8 @@
# defined, and overriding the normal behavior of protecting the installed version
openshift_release: "{{ openshift_upgrade_target }}"
openshift_protect_installed_version: False
+ # l_openshift_version_set_hosts is passed via upgrade_control_plane.yml
+ # l_openshift_version_check_hosts is passed via upgrade_control_plane.yml
# If we're only upgrading nodes, we need to ensure masters are already upgraded
- name: Verify masters are already upgraded
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index 91d496ff4..412075d41 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -108,7 +108,6 @@
- name: Gate on master update
hosts: localhost
connection: local
- become: no
tasks:
- set_fact:
master_update_completed: "{{ hostvars
@@ -242,7 +241,6 @@
- name: Gate on reconcile
hosts: localhost
connection: local
- become: no
tasks:
- set_fact:
reconcile_completed: "{{ hostvars
@@ -304,8 +302,6 @@
- import_role:
name: openshift_node
tasks_from: upgrade.yml
- vars:
- openshift_node_upgrade_in_progress: True
- name: Set node schedulability
oc_adm_manage_node:
node: "{{ openshift.node.nodename | lower }}"
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
index aba179c2b..464af3ae6 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -7,8 +7,6 @@
- import_role:
name: openshift_node
tasks_from: upgrade_pre.yml
- vars:
- openshift_node_upgrade_in_progress: True
- name: Drain and upgrade nodes
hosts: oo_nodes_to_upgrade:!oo_masters_to_config
@@ -46,8 +44,6 @@
- import_role:
name: openshift_node
tasks_from: upgrade.yml
- vars:
- openshift_node_upgrade_in_progress: True
- name: Set node schedulability
oc_adm_manage_node:
node: "{{ openshift.node.nodename | lower }}"
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml
index a956fdde5..eb5f07ae0 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml
@@ -14,6 +14,7 @@
- import_playbook: ../init.yml
vars:
l_upgrade_no_switch_firewall_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
+ l_upgrade_non_node_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
- name: Configure the upgrade target for the common upgrade tasks
hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config
@@ -23,7 +24,11 @@
openshift_upgrade_min: "{{ '1.5' if openshift_deployment_type == 'origin' else '3.5' }}"
- import_playbook: ../pre/config.yml
+ # These vars a meant to exclude oo_nodes from plays that would otherwise include
+ # them by default.
vars:
+ l_openshift_version_set_hosts: "oo_etcd_to_config:oo_masters_to_config:!oo_first_master"
+ l_openshift_version_check_hosts: "oo_masters_to_config:!oo_first_master"
l_upgrade_repo_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
l_upgrade_no_proxy_hosts: "oo_masters_to_config"
l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml
index 1750148d4..8d42e4c91 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml
@@ -14,6 +14,7 @@
- import_playbook: ../init.yml
vars:
l_upgrade_no_switch_firewall_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
+ l_upgrade_non_node_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
- name: Configure the upgrade target for the common upgrade tasks
hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config
@@ -23,7 +24,11 @@
openshift_upgrade_min: '3.6'
- import_playbook: ../pre/config.yml
+ # These vars a meant to exclude oo_nodes from plays that would otherwise include
+ # them by default.
vars:
+ l_openshift_version_set_hosts: "oo_etcd_to_config:oo_masters_to_config:!oo_first_master"
+ l_openshift_version_check_hosts: "oo_masters_to_config:!oo_first_master"
l_upgrade_repo_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
l_upgrade_no_proxy_hosts: "oo_masters_to_config"
l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml
index 08bfd239f..a2f316c25 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml
@@ -14,6 +14,7 @@
- import_playbook: ../init.yml
vars:
l_upgrade_no_switch_firewall_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
+ l_upgrade_non_node_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
- name: Configure the upgrade target for the common upgrade tasks
hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config
@@ -23,7 +24,11 @@
openshift_upgrade_min: '3.7'
- import_playbook: ../pre/config.yml
+ # These vars a meant to exclude oo_nodes from plays that would otherwise include
+ # them by default.
vars:
+ l_openshift_version_set_hosts: "oo_etcd_to_config:oo_masters_to_config:!oo_first_master"
+ l_openshift_version_check_hosts: "oo_masters_to_config:!oo_first_master"
l_upgrade_repo_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
l_upgrade_no_proxy_hosts: "oo_masters_to_config"
l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
index 05aa737c6..ef9871008 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
@@ -14,6 +14,7 @@
- import_playbook: ../init.yml
vars:
l_upgrade_no_switch_firewall_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
+ l_upgrade_non_node_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
- name: Configure the upgrade target for the common upgrade tasks
hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config
@@ -23,7 +24,11 @@
openshift_upgrade_min: '3.7'
- import_playbook: ../pre/config.yml
+ # These vars a meant to exclude oo_nodes from plays that would otherwise include
+ # them by default.
vars:
+ l_openshift_version_set_hosts: "oo_etcd_to_config:oo_masters_to_config:!oo_first_master"
+ l_openshift_version_check_hosts: "oo_masters_to_config:!oo_first_master"
l_upgrade_repo_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
l_upgrade_no_proxy_hosts: "oo_masters_to_config"
l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
diff --git a/playbooks/container-runtime/private/build_container_groups.yml b/playbooks/container-runtime/private/build_container_groups.yml
new file mode 100644
index 000000000..7fd60743c
--- /dev/null
+++ b/playbooks/container-runtime/private/build_container_groups.yml
@@ -0,0 +1,6 @@
+---
+- name: create oo_hosts_containerized_managed_true host group
+ hosts: oo_all_hosts:!oo_nodes_to_config
+ tasks:
+ - group_by:
+ key: oo_hosts_containerized_managed_{{ (containerized | default(False)) | ternary('true','false') }}
diff --git a/playbooks/container-runtime/private/config.yml b/playbooks/container-runtime/private/config.yml
index dd13fa4a2..7a49adcf0 100644
--- a/playbooks/container-runtime/private/config.yml
+++ b/playbooks/container-runtime/private/config.yml
@@ -1,10 +1,7 @@
---
-- hosts: "{{ l_containerized_host_groups }}"
- vars:
- l_chg_temp: "{{ hostvars[groups['oo_first_master'][0]]['openshift_containerized_host_groups'] | default([]) }}"
- l_containerized_host_groups: "{{ (['oo_nodes_to_config'] | union(l_chg_temp)) | join(':') }}"
- # role: container_runtime is necessary here to bring role default variables
- # into the play scope.
+- import_playbook: build_container_groups.yml
+
+- hosts: oo_nodes_to_config:oo_hosts_containerized_managed_true
roles:
- role: container_runtime
tasks:
diff --git a/playbooks/container-runtime/private/setup_storage.yml b/playbooks/container-runtime/private/setup_storage.yml
index 357f67f0c..a6d396270 100644
--- a/playbooks/container-runtime/private/setup_storage.yml
+++ b/playbooks/container-runtime/private/setup_storage.yml
@@ -1,5 +1,7 @@
---
-- hosts: "{{ l_containerized_host_groups }}"
+- import_playbook: build_container_groups.yml
+
+- hosts: oo_nodes_to_config:oo_hosts_containerized_managed_true
vars:
l_chg_temp: "{{ hostvars[groups['oo_first_master'][0]]['openshift_containerized_host_groups'] | default([]) }}"
l_containerized_host_groups: "{{ (['oo_nodes_to_config'] | union(l_chg_temp)) | join(':') }}"
diff --git a/playbooks/init/base_packages.yml b/playbooks/init/base_packages.yml
index f7007087c..15b3dd492 100644
--- a/playbooks/init/base_packages.yml
+++ b/playbooks/init/base_packages.yml
@@ -1,6 +1,6 @@
---
-- name: Ensure that all non-node hosts are accessible
- hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_nfs_to_config
+- name: Install packages necessary for installer
+ hosts: oo_all_hosts
any_errors_fatal: true
tasks:
- when:
diff --git a/playbooks/init/evaluate_groups.yml b/playbooks/init/evaluate_groups.yml
index 8087f6ffc..c4cd226c9 100644
--- a/playbooks/init/evaluate_groups.yml
+++ b/playbooks/init/evaluate_groups.yml
@@ -2,7 +2,6 @@
- name: Populate config host groups
hosts: localhost
connection: local
- become: no
gather_facts: no
tasks:
- name: Load group name mapping variables
diff --git a/playbooks/init/facts.yml b/playbooks/init/facts.yml
index 6759240c9..8e4206948 100644
--- a/playbooks/init/facts.yml
+++ b/playbooks/init/facts.yml
@@ -5,7 +5,9 @@
tasks:
- name: Initialize host facts
- hosts: oo_all_hosts
+ # l_upgrade_non_node_hosts is passed in via play during control-plane-only
+ # upgrades; otherwise oo_all_hosts is used.
+ hosts: "{{ l_upgrade_non_node_hosts | default('oo_all_hosts') }}"
tasks:
- name: load openshift_facts module
import_role:
@@ -100,3 +102,5 @@
# We need to setup openshift_client_binary here for special uses of delegate_to in
# later roles and plays.
first_master_client_binary: "{{ openshift_client_binary }}"
+ #Some roles may require this to be set for first master
+ openshift_client_binary: "{{ openshift_client_binary }}"
diff --git a/playbooks/init/main.yml b/playbooks/init/main.yml
index 20457e508..8a3f4682d 100644
--- a/playbooks/init/main.yml
+++ b/playbooks/init/main.yml
@@ -17,12 +17,12 @@
- import_playbook: facts.yml
-- import_playbook: sanity_checks.yml
- when: not (skip_sanity_checks | default(False))
-
- import_playbook: version.yml
when: not (skip_verison | default(False))
+- import_playbook: sanity_checks.yml
+ when: not (skip_sanity_checks | default(False))
+
- name: Initialization Checkpoint End
hosts: all
gather_facts: false
diff --git a/playbooks/init/version.yml b/playbooks/init/version.yml
index 37a5284d5..962ee7220 100644
--- a/playbooks/init/version.yml
+++ b/playbooks/init/version.yml
@@ -2,20 +2,32 @@
# NOTE: requires openshift_facts be run
- name: Determine openshift_version to configure on first master
hosts: oo_first_master
- roles:
- - openshift_version
+ tasks:
+ - include_role:
+ name: openshift_version
+ tasks_from: first_master.yml
+ - debug: msg="openshift_pkg_version set to {{ openshift_pkg_version | default('') }}"
# NOTE: We set this even on etcd hosts as they may also later run as masters,
# and we don't want to install wrong version of docker and have to downgrade
# later.
- name: Set openshift_version for etcd, node, and master hosts
- hosts: oo_etcd_to_config:oo_nodes_to_config:oo_masters_to_config:!oo_first_master
+ hosts: "{{ l_openshift_version_set_hosts | default(l_default_version_set_hosts) }}"
vars:
- openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}"
- pre_tasks:
+ l_default_version_set_hosts: "oo_etcd_to_config:oo_nodes_to_config:oo_masters_to_config:!oo_first_master"
+ l_first_master_openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}"
+ l_first_master_openshift_pkg_version: "{{ hostvars[groups.oo_first_master.0].openshift_pkg_version | default('') }}"
+ l_first_master_openshift_image_tag: "{{ hostvars[groups.oo_first_master.0].openshift_image_tag}}"
+ tasks:
- set_fact:
- openshift_pkg_version: -{{ openshift_version }}
- when: openshift_pkg_version is not defined
- - debug: msg="openshift_pkg_version set to {{ openshift_pkg_version }}"
- roles:
- - openshift_version
+ openshift_version: "{{ l_first_master_openshift_version }}"
+ openshift_pkg_version: "{{ l_first_master_openshift_pkg_version }}"
+ openshift_image_tag: "{{ l_first_master_openshift_image_tag }}"
+
+# NOTE: These steps should only be run against masters and nodes.
+- name: Ensure the requested version packages are available.
+ hosts: "{{ l_openshift_version_check_hosts | default('oo_nodes_to_config:oo_masters_to_config:!oo_first_master') }}"
+ tasks:
+ - include_role:
+ name: openshift_version
+ tasks_from: masters_and_nodes.yml
diff --git a/playbooks/openshift-etcd/private/embedded2external.yml b/playbooks/openshift-etcd/private/embedded2external.yml
index b71eaacd0..674bd5088 100644
--- a/playbooks/openshift-etcd/private/embedded2external.yml
+++ b/playbooks/openshift-etcd/private/embedded2external.yml
@@ -89,7 +89,10 @@
local_action: command mktemp -d /tmp/etcd_backup-XXXXXXX
register: g_etcd_client_mktemp
changed_when: False
- become: no
+
+ - name: Chmod local temp directory for syncing etcd backup
+ local_action: command chmod 777 "{{ g_etcd_client_mktemp.stdout }}"
+ changed_when: False
- import_role:
name: etcd
@@ -116,7 +119,6 @@
- name: Delete temporary directory
local_action: file path="{{ g_etcd_client_mktemp.stdout }}" state=absent
changed_when: False
- become: no
# 7. force new cluster from the backup
- name: Force new etcd cluster
diff --git a/playbooks/openshift-etcd/private/migrate.yml b/playbooks/openshift-etcd/private/migrate.yml
index 0a2ac7f1a..3f8b44032 100644
--- a/playbooks/openshift-etcd/private/migrate.yml
+++ b/playbooks/openshift-etcd/private/migrate.yml
@@ -2,7 +2,6 @@
- name: Check if the master has embedded etcd
hosts: localhost
connection: local
- become: no
gather_facts: no
tags:
- always
@@ -53,7 +52,6 @@
- name: Gate on etcd backup
hosts: localhost
connection: local
- become: no
tasks:
- set_fact:
etcd_backup_completed: "{{ hostvars
diff --git a/playbooks/openshift-etcd/private/redeploy-ca.yml b/playbooks/openshift-etcd/private/redeploy-ca.yml
index 7b0d99255..a3acf6945 100644
--- a/playbooks/openshift-etcd/private/redeploy-ca.yml
+++ b/playbooks/openshift-etcd/private/redeploy-ca.yml
@@ -26,7 +26,6 @@
- name: Create temp directory for syncing certs
hosts: localhost
connection: local
- become: no
gather_facts: no
tasks:
- name: Create local temp directory for syncing certs
@@ -34,6 +33,10 @@
register: g_etcd_mktemp
changed_when: false
+ - name: Chmod local temp directory for syncing certs
+ local_action: command chmod 777 "{{ g_etcd_mktemp.stdout }}"
+ changed_when: false
+
- name: Distribute etcd CA to etcd hosts
hosts: oo_etcd_to_config
tasks:
@@ -74,7 +77,6 @@
- name: Delete temporary directory on localhost
hosts: localhost
connection: local
- become: no
gather_facts: no
tasks:
- file:
diff --git a/playbooks/openshift-etcd/private/upgrade_backup.yml b/playbooks/openshift-etcd/private/upgrade_backup.yml
index 97b6edba5..081c024fc 100644
--- a/playbooks/openshift-etcd/private/upgrade_backup.yml
+++ b/playbooks/openshift-etcd/private/upgrade_backup.yml
@@ -14,7 +14,6 @@
- name: Gate on etcd backup
hosts: localhost
connection: local
- become: no
tasks:
- set_fact:
etcd_backup_completed: "{{ hostvars
diff --git a/playbooks/openshift-master/private/redeploy-openshift-ca.yml b/playbooks/openshift-master/private/redeploy-openshift-ca.yml
index 9d3c12ba1..663c39868 100644
--- a/playbooks/openshift-master/private/redeploy-openshift-ca.yml
+++ b/playbooks/openshift-master/private/redeploy-openshift-ca.yml
@@ -125,7 +125,6 @@
- name: Create temp directory for syncing certs
hosts: localhost
connection: local
- become: no
gather_facts: no
tasks:
- name: Create local temp directory for syncing certs
@@ -133,6 +132,10 @@
register: g_master_mktemp
changed_when: false
+ - name: Chmod local temp directory for syncing certs
+ local_action: command chmod 777 "{{ g_master_mktemp.stdout }}"
+ changed_when: false
+
- name: Retrieve OpenShift CA
hosts: oo_first_master
vars:
@@ -264,7 +267,6 @@
- name: Delete temporary directory on localhost
hosts: localhost
connection: local
- become: no
gather_facts: no
tasks:
- file:
diff --git a/playbooks/openshift-master/private/tasks/restart_hosts.yml b/playbooks/openshift-master/private/tasks/restart_hosts.yml
index a5dbe0590..76e1ea5f3 100644
--- a/playbooks/openshift-master/private/tasks/restart_hosts.yml
+++ b/playbooks/openshift-master/private/tasks/restart_hosts.yml
@@ -27,7 +27,6 @@
delay=10
timeout=600
port="{{ ansible_port | default(ansible_ssh_port | default(22,boolean=True),boolean=True) }}"
- become: no
# Now that ssh is back up we can wait for API on the remote system,
# avoiding some potential connection issues from local system:
diff --git a/playbooks/openshift-master/private/validate_restart.yml b/playbooks/openshift-master/private/validate_restart.yml
index 1077d0b9c..60b0e5bb6 100644
--- a/playbooks/openshift-master/private/validate_restart.yml
+++ b/playbooks/openshift-master/private/validate_restart.yml
@@ -21,7 +21,6 @@
- name: Create temp file on localhost
hosts: localhost
connection: local
- become: no
gather_facts: no
tasks:
- local_action: command mktemp
@@ -38,7 +37,6 @@
- name: Cleanup temp file on localhost
hosts: localhost
connection: local
- become: no
gather_facts: no
tasks:
- file: path="{{ hostvars.localhost.mktemp.stdout }}" state=absent
diff --git a/playbooks/openshift-master/scaleup.yml b/playbooks/openshift-master/scaleup.yml
index f717cd0e9..7d31340a2 100644
--- a/playbooks/openshift-master/scaleup.yml
+++ b/playbooks/openshift-master/scaleup.yml
@@ -4,7 +4,6 @@
- name: Ensure there are new_masters or new_nodes
hosts: localhost
connection: local
- become: no
gather_facts: no
tasks:
- fail:
diff --git a/playbooks/openshift-node/private/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml
index 548ff7c4f..a13173e63 100644
--- a/playbooks/openshift-node/private/configure_nodes.yml
+++ b/playbooks/openshift-node/private/configure_nodes.yml
@@ -11,6 +11,7 @@
}}"
roles:
- role: openshift_clock
+ - role: openshift_cloud_provider
- role: openshift_node
- role: tuned
- role: nickhammond.logrotate
diff --git a/playbooks/openshift-node/private/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml
index dc68d7585..644e6a69c 100644
--- a/playbooks/openshift-node/private/containerized_nodes.yml
+++ b/playbooks/openshift-node/private/containerized_nodes.yml
@@ -13,6 +13,7 @@
roles:
- role: openshift_clock
+ - role: openshift_cloud_provider
- role: openshift_node
openshift_ca_host: "{{ groups.oo_first_master.0 }}"
- role: nickhammond.logrotate
diff --git a/playbooks/openshift-node/private/setup.yml b/playbooks/openshift-node/private/setup.yml
index 802dce37e..41c323f2b 100644
--- a/playbooks/openshift-node/private/setup.yml
+++ b/playbooks/openshift-node/private/setup.yml
@@ -8,7 +8,6 @@
- name: Evaluate node groups
hosts: localhost
- become: no
connection: local
tasks:
- name: Evaluate oo_containerized_master_nodes
diff --git a/playbooks/openshift-node/scaleup.yml b/playbooks/openshift-node/scaleup.yml
index bdfd3d3e6..cf13692ae 100644
--- a/playbooks/openshift-node/scaleup.yml
+++ b/playbooks/openshift-node/scaleup.yml
@@ -4,7 +4,6 @@
- name: Ensure there are new_nodes
hosts: localhost
connection: local
- become: no
gather_facts: no
tasks:
- fail:
diff --git a/playbooks/openstack/openshift-cluster/install.yml b/playbooks/openstack/openshift-cluster/install.yml
index 3211f619a..2ab7d14a0 100644
--- a/playbooks/openstack/openshift-cluster/install.yml
+++ b/playbooks/openstack/openshift-cluster/install.yml
@@ -9,4 +9,7 @@
# some logic here?
- name: run the cluster deploy
+ import_playbook: ../../prerequisites.yml
+
+- name: run the cluster deploy
import_playbook: ../../deploy_cluster.yml
diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml
index 933117127..481807dc9 100644
--- a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml
+++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml
@@ -14,12 +14,12 @@ openshift_hosted_router_wait: True
openshift_hosted_registry_wait: True
## Openstack credentials
-#openshift_cloudprovider_kind=openstack
+#openshift_cloudprovider_kind: openstack
#openshift_cloudprovider_openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}"
#openshift_cloudprovider_openstack_username: "{{ lookup('env','OS_USERNAME') }}"
#openshift_cloudprovider_openstack_password: "{{ lookup('env','OS_PASSWORD') }}"
#openshift_cloudprovider_openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}"
-#openshift_cloudprovider_openstack_region="{{ lookup('env', 'OS_REGION_NAME') }}"
+#openshift_cloudprovider_openstack_region: "{{ lookup('env', 'OS_REGION_NAME') }}"
## Use Cinder volume for Openshift registry:
diff --git a/playbooks/openstack/sample-inventory/inventory.py b/playbooks/openstack/sample-inventory/inventory.py
index 084b5c0a0..45cc4e15a 100755
--- a/playbooks/openstack/sample-inventory/inventory.py
+++ b/playbooks/openstack/sample-inventory/inventory.py
@@ -9,6 +9,7 @@ environment.
from __future__ import print_function
+from collections import Mapping
import json
import shade
@@ -101,6 +102,10 @@ def build_inventory():
hostvars['glusterfs_devices'] = ['/dev/nvme0n1']
node_labels = server.metadata.get('node_labels')
+ # NOTE(shadower): the node_labels value must be a dict not string
+ if not isinstance(node_labels, Mapping):
+ node_labels = json.loads(node_labels)
+
if node_labels:
hostvars['openshift_node_labels'] = node_labels
diff --git a/roles/container_runtime/tasks/common/post.yml b/roles/container_runtime/tasks/common/post.yml
index b90190ebf..23fd8528a 100644
--- a/roles/container_runtime/tasks/common/post.yml
+++ b/roles/container_runtime/tasks/common/post.yml
@@ -22,5 +22,5 @@
- include_tasks: setup_docker_symlink.yml
when:
- - openshift_use_crio
+ - openshift_use_crio | bool
- dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool)
diff --git a/roles/container_runtime/tasks/systemcontainer_crio.yml b/roles/container_runtime/tasks/systemcontainer_crio.yml
index eedb18604..d588f2618 100644
--- a/roles/container_runtime/tasks/systemcontainer_crio.yml
+++ b/roles/container_runtime/tasks/systemcontainer_crio.yml
@@ -104,4 +104,4 @@
# 'docker login'
- include_tasks: common/post.yml
vars:
- openshift_docker_alternative_creds: "{{ openshift_use_crio_only }}"
+ openshift_docker_alternative_creds: "{{ openshift_use_crio_only | bool }}"
diff --git a/roles/container_runtime/tasks/systemcontainer_docker.yml b/roles/container_runtime/tasks/systemcontainer_docker.yml
index dc0452553..5f715cd21 100644
--- a/roles/container_runtime/tasks/systemcontainer_docker.yml
+++ b/roles/container_runtime/tasks/systemcontainer_docker.yml
@@ -42,6 +42,12 @@
- debug:
var: l_docker_image
+# Do the authentication before pulling the container engine system container
+# as the pull might be from an authenticated registry.
+- include_tasks: registry_auth.yml
+ vars:
+ openshift_docker_alternative_creds: True
+
# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
- name: Pre-pull Container Engine System Container image
command: "atomic pull --storage ostree {{ l_docker_image }}"
diff --git a/roles/etcd/tasks/migration/migrate.yml b/roles/etcd/tasks/migration/migrate.yml
index 847b1d722..630640ab1 100644
--- a/roles/etcd/tasks/migration/migrate.yml
+++ b/roles/etcd/tasks/migration/migrate.yml
@@ -1,7 +1,7 @@
---
# Should this be run in a serial manner?
- set_fact:
- l_etcd_service: "{{ 'etcd_container' if openshift_is_containerized else 'etcd' }}"
+ l_etcd_service: "{{ 'etcd_container' if (openshift_is_containerized | bool) else 'etcd' }}"
- name: Migrate etcd data
command: >
diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml
index 7d79bd3d4..f94399fab 100644
--- a/roles/flannel/handlers/main.yml
+++ b/roles/flannel/handlers/main.yml
@@ -21,3 +21,7 @@
until: not (l_restart_node_result is failed)
retries: 3
delay: 30
+
+- name: save iptable rules
+ become: yes
+ command: 'iptables-save'
diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index 4627bf69c..11981fb80 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -41,3 +41,13 @@
notify:
- restart docker
- restart node
+
+- name: Enable Pod to Pod communication
+ command: /sbin/iptables --wait -I FORWARD -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -i {{ flannel_interface }} -j ACCEPT -m comment --comment "Pod to Pod communication"
+ notify:
+ - save iptable rules
+
+- name: Allow external network access
+ command: /sbin/iptables -t nat -A POSTROUTING -o {{ flannel_interface }} -j MASQUERADE -m comment --comment "Allow external network access"
+ notify:
+ - save iptable rules
diff --git a/roles/lib_openshift/src/test/unit/test_oc_scale.py b/roles/lib_openshift/src/test/unit/test_oc_scale.py
index d810735f2..9d10c84f3 100755
--- a/roles/lib_openshift/src/test/unit/test_oc_scale.py
+++ b/roles/lib_openshift/src/test/unit/test_oc_scale.py
@@ -27,7 +27,7 @@ class OCScaleTest(unittest.TestCase):
@mock.patch('oc_scale.Utils.create_tmpfile_copy')
@mock.patch('oc_scale.OCScale.openshift_cmd')
def test_state_list(self, mock_openshift_cmd, mock_tmpfile_copy):
- ''' Testing a get '''
+ ''' Testing a list '''
params = {'name': 'router',
'namespace': 'default',
'replicas': 2,
@@ -71,8 +71,296 @@ class OCScaleTest(unittest.TestCase):
@mock.patch('oc_scale.Utils.create_tmpfile_copy')
@mock.patch('oc_scale.OCScale.openshift_cmd')
+ def test_state_present(self, mock_openshift_cmd, mock_tmpfile_copy):
+ ''' Testing a state present '''
+ params = {'name': 'router',
+ 'namespace': 'default',
+ 'replicas': 2,
+ 'state': 'present',
+ 'kind': 'dc',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False}
+
+ dc = '''{"kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "router",
+ "namespace": "default",
+ "selfLink": "/oapi/v1/namespaces/default/deploymentconfigs/router",
+ "uid": "a441eedc-e1ae-11e6-a2d5-0e6967f34d42",
+ "resourceVersion": "6558",
+ "generation": 8,
+ "creationTimestamp": "2017-01-23T20:58:07Z",
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "replicas": 2,
+ }
+ }'''
+
+ mock_openshift_cmd.side_effect = [
+ {"cmd": '/usr/bin/oc get dc router -n default',
+ 'results': dc,
+ 'returncode': 0}]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCScale.run_ansible(params, False)
+
+ self.assertFalse(results['changed'])
+ self.assertEqual(results['state'], 'present')
+ self.assertEqual(results['result'][0], 2)
+
+ @mock.patch('oc_scale.Utils.create_tmpfile_copy')
+ @mock.patch('oc_scale.OCScale.openshift_cmd')
+ def test_scale_up(self, mock_openshift_cmd, mock_tmpfile_copy):
+ ''' Testing a scale up '''
+ params = {'name': 'router',
+ 'namespace': 'default',
+ 'replicas': 3,
+ 'state': 'present',
+ 'kind': 'dc',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False}
+
+ dc = '''{"kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "router",
+ "namespace": "default",
+ "selfLink": "/oapi/v1/namespaces/default/deploymentconfigs/router",
+ "uid": "a441eedc-e1ae-11e6-a2d5-0e6967f34d42",
+ "resourceVersion": "6558",
+ "generation": 8,
+ "creationTimestamp": "2017-01-23T20:58:07Z",
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "replicas": 2,
+ }
+ }'''
+ dc_updated = '''{"kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "router",
+ "namespace": "default",
+ "selfLink": "/oapi/v1/namespaces/default/deploymentconfigs/router",
+ "uid": "a441eedc-e1ae-11e6-a2d5-0e6967f34d42",
+ "resourceVersion": "6559",
+ "generation": 9,
+ "creationTimestamp": "2017-01-24T20:58:07Z",
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "replicas": 3,
+ }
+ }'''
+
+ mock_openshift_cmd.side_effect = [
+ {"cmd": '/usr/bin/oc get dc router -n default',
+ 'results': dc,
+ 'returncode': 0},
+ {"cmd": '/usr/bin/oc get dc router -n default',
+ 'results': dc,
+ 'returncode': 0},
+ {"cmd": '/usr/bin/oc replace',
+ 'results': dc,
+ 'returncode': 0},
+ {"cmd": '/usr/bin/oc get dc router -n default',
+ 'results': dc_updated,
+ 'returncode': 0}]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCScale.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+ self.assertEqual(results['state'], 'present')
+ self.assertEqual(results['result'][0], 3)
+
+ @mock.patch('oc_scale.Utils.create_tmpfile_copy')
+ @mock.patch('oc_scale.OCScale.openshift_cmd')
+ def test_scale_down(self, mock_openshift_cmd, mock_tmpfile_copy):
+ ''' Testing a scale down '''
+ params = {'name': 'router',
+ 'namespace': 'default',
+ 'replicas': 1,
+ 'state': 'present',
+ 'kind': 'dc',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False}
+
+ dc = '''{"kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "router",
+ "namespace": "default",
+ "selfLink": "/oapi/v1/namespaces/default/deploymentconfigs/router",
+ "uid": "a441eedc-e1ae-11e6-a2d5-0e6967f34d42",
+ "resourceVersion": "6558",
+ "generation": 8,
+ "creationTimestamp": "2017-01-23T20:58:07Z",
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "replicas": 2,
+ }
+ }'''
+ dc_updated = '''{"kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "router",
+ "namespace": "default",
+ "selfLink": "/oapi/v1/namespaces/default/deploymentconfigs/router",
+ "uid": "a441eedc-e1ae-11e6-a2d5-0e6967f34d42",
+ "resourceVersion": "6560",
+ "generation": 9,
+ "creationTimestamp": "2017-01-24T20:58:07Z",
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "replicas": 1,
+ }
+ }'''
+
+ mock_openshift_cmd.side_effect = [
+ {"cmd": '/usr/bin/oc get dc router -n default',
+ 'results': dc,
+ 'returncode': 0},
+ {"cmd": '/usr/bin/oc get dc router -n default',
+ 'results': dc,
+ 'returncode': 0},
+ {"cmd": '/usr/bin/oc replace',
+ 'results': dc,
+ 'returncode': 0},
+ {"cmd": '/usr/bin/oc get dc router -n default',
+ 'results': dc_updated,
+ 'returncode': 0}]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCScale.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+ self.assertEqual(results['state'], 'present')
+ self.assertEqual(results['result'][0], 1)
+
+ @mock.patch('oc_scale.Utils.create_tmpfile_copy')
+ @mock.patch('oc_scale.OCScale.openshift_cmd')
+ def test_scale_failed(self, mock_openshift_cmd, mock_tmpfile_copy):
+ ''' Testing a scale failure '''
+ params = {'name': 'router',
+ 'namespace': 'default',
+ 'replicas': 1,
+ 'state': 'present',
+ 'kind': 'dc',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False}
+
+ dc = '''{"kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "router",
+ "namespace": "default",
+ "selfLink": "/oapi/v1/namespaces/default/deploymentconfigs/router",
+ "uid": "a441eedc-e1ae-11e6-a2d5-0e6967f34d42",
+ "resourceVersion": "6558",
+ "generation": 8,
+ "creationTimestamp": "2017-01-23T20:58:07Z",
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "replicas": 2,
+ }
+ }'''
+ error_message = "foo"
+
+ mock_openshift_cmd.side_effect = [
+ {"cmd": '/usr/bin/oc get dc router -n default',
+ 'results': dc,
+ 'returncode': 0},
+ {"cmd": '/usr/bin/oc get dc router -n default',
+ 'results': dc,
+ 'returncode': 0},
+ {"cmd": '/usr/bin/oc replace',
+ 'results': error_message,
+ 'returncode': 1}]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCScale.run_ansible(params, False)
+
+ self.assertTrue(results['failed'])
+
+ @mock.patch('oc_scale.Utils.create_tmpfile_copy')
+ @mock.patch('oc_scale.OCScale.openshift_cmd')
+ def test_state_unknown(self, mock_openshift_cmd, mock_tmpfile_copy):
+ ''' Testing an unknown state '''
+ params = {'name': 'router',
+ 'namespace': 'default',
+ 'replicas': 2,
+ 'state': 'unknown-state',
+ 'kind': 'dc',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False}
+
+ dc = '''{"kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "router",
+ "namespace": "default",
+ "selfLink": "/oapi/v1/namespaces/default/deploymentconfigs/router",
+ "uid": "a441eedc-e1ae-11e6-a2d5-0e6967f34d42",
+ "resourceVersion": "6558",
+ "generation": 8,
+ "creationTimestamp": "2017-01-23T20:58:07Z",
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "replicas": 2,
+ }
+ }'''
+
+ mock_openshift_cmd.side_effect = [
+ {"cmd": '/usr/bin/oc get dc router -n default',
+ 'results': dc,
+ 'returncode': 0}]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCScale.run_ansible(params, False)
+
+ self.assertFalse('changed' in results)
+ self.assertEqual(results['failed'], True)
+
+ @mock.patch('oc_scale.Utils.create_tmpfile_copy')
+ @mock.patch('oc_scale.OCScale.openshift_cmd')
def test_scale(self, mock_openshift_cmd, mock_tmpfile_copy):
- ''' Testing a get '''
+ ''' Testing scale '''
params = {'name': 'router',
'namespace': 'default',
'replicas': 3,
@@ -120,8 +408,57 @@ class OCScaleTest(unittest.TestCase):
@mock.patch('oc_scale.Utils.create_tmpfile_copy')
@mock.patch('oc_scale.OCScale.openshift_cmd')
+ def test_scale_rc(self, mock_openshift_cmd, mock_tmpfile_copy):
+ ''' Testing scale for replication controllers '''
+ params = {'name': 'router',
+ 'namespace': 'default',
+ 'replicas': 3,
+ 'state': 'list',
+ 'kind': 'rc',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False}
+
+ rc = '''{"kind": "ReplicationController",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "router",
+ "namespace": "default",
+ "selfLink": "/oapi/v1/namespaces/default/deploymentconfigs/router",
+ "uid": "a441eedc-e1ae-11e6-a2d5-0e6967f34d42",
+ "resourceVersion": "6558",
+ "generation": 8,
+ "creationTimestamp": "2017-01-23T20:58:07Z",
+ "labels": {
+ "router": "router"
+ }
+ },
+ "spec": {
+ "replicas": 3,
+ }
+ }'''
+
+ mock_openshift_cmd.side_effect = [
+ {"cmd": '/usr/bin/oc get rc router -n default',
+ 'results': rc,
+ 'returncode': 0},
+ {"cmd": '/usr/bin/oc create -f /tmp/router -n default',
+ 'results': '',
+ 'returncode': 0}
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCScale.run_ansible(params, False)
+
+ self.assertFalse(results['changed'])
+ self.assertEqual(results['result'][0], 3)
+
+ @mock.patch('oc_scale.Utils.create_tmpfile_copy')
+ @mock.patch('oc_scale.OCScale.openshift_cmd')
def test_no_dc_scale(self, mock_openshift_cmd, mock_tmpfile_copy):
- ''' Testing a get '''
+ ''' Testing scale for inexisting dc '''
params = {'name': 'not_there',
'namespace': 'default',
'replicas': 3,
@@ -205,7 +542,7 @@ class OCScaleTest(unittest.TestCase):
@mock.patch('shutil.which')
@mock.patch('os.environ.get')
def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which):
- ''' Testing binary lookup fallback '''
+ ''' Testing binary lookup fallback in py3 '''
mock_env_get.side_effect = lambda _v, _d: ''
@@ -217,7 +554,7 @@ class OCScaleTest(unittest.TestCase):
@mock.patch('shutil.which')
@mock.patch('os.environ.get')
def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which):
- ''' Testing binary lookup in path '''
+ ''' Testing binary lookup in path in py3 '''
oc_bin = '/usr/bin/oc'
@@ -231,7 +568,7 @@ class OCScaleTest(unittest.TestCase):
@mock.patch('shutil.which')
@mock.patch('os.environ.get')
def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which):
- ''' Testing binary lookup in /usr/local/bin '''
+ ''' Testing binary lookup in /usr/local/bin in py3 '''
oc_bin = '/usr/local/bin/oc'
@@ -245,7 +582,7 @@ class OCScaleTest(unittest.TestCase):
@mock.patch('shutil.which')
@mock.patch('os.environ.get')
def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which):
- ''' Testing binary lookup in ~/bin '''
+ ''' Testing binary lookup in ~/bin in py3 '''
oc_bin = os.path.expanduser('~/bin/oc')
diff --git a/roles/lib_utils/action_plugins/sanity_checks.py b/roles/lib_utils/action_plugins/sanity_checks.py
index 1bf332678..09ce55e8f 100644
--- a/roles/lib_utils/action_plugins/sanity_checks.py
+++ b/roles/lib_utils/action_plugins/sanity_checks.py
@@ -2,6 +2,8 @@
Ansible action plugin to ensure inventory variables are set
appropriately and no conflicting options have been provided.
"""
+import re
+
from ansible.plugins.action import ActionBase
from ansible import errors
@@ -15,6 +17,27 @@ NET_PLUGIN_LIST = (('openshift_use_openshift_sdn', True),
('openshift_use_contiv', False),
('openshift_use_calico', False))
+ENTERPRISE_TAG_REGEX_ERROR = """openshift_image_tag must be in the format
+v#.#[.#[.#]]. Examples: v1.2, v3.4.1, v3.5.1.3,
+v3.5.1.3.4, v1.2-1, v1.2.3-4, v1.2.3-4.5, v1.2.3-4.5.6
+You specified openshift_image_tag={}"""
+
+ORIGIN_TAG_REGEX_ERROR = """openshift_image_tag must be in the format
+v#.#.#[-optional.#]. Examples: v1.2.3, v3.5.1-alpha.1
+You specified openshift_image_tag={}"""
+
+ORIGIN_TAG_REGEX = {'re': '(^v?\\d+\\.\\d+\\.\\d+(-[\\w\\-\\.]*)?$)',
+ 'error_msg': ORIGIN_TAG_REGEX_ERROR}
+ENTERPRISE_TAG_REGEX = {'re': '(^v\\d+\\.\\d+(\\.\\d+)*(-\\d+(\\.\\d+)*)?$)',
+ 'error_msg': ENTERPRISE_TAG_REGEX_ERROR}
+IMAGE_TAG_REGEX = {'origin': ORIGIN_TAG_REGEX,
+ 'openshift-enterprise': ENTERPRISE_TAG_REGEX}
+
+CONTAINERIZED_NO_TAG_ERROR_MSG = """To install a containerized Origin release,
+you must set openshift_release or openshift_image_tag in your inventory to
+specify which version of the OpenShift component images to use.
+(Suggestion: add openshift_release="x.y" to inventory.)"""
+
def to_bool(var_to_check):
"""Determine a boolean value given the multiple
@@ -44,6 +67,7 @@ class ActionModule(ActionBase):
type_strings = ", ".join(VALID_DEPLOYMENT_TYPES)
msg = "openshift_deployment_type must be defined and one of {}".format(type_strings)
raise errors.AnsibleModuleError(msg)
+ return openshift_deployment_type
def check_python_version(self, hostvars, host, distro):
"""Ensure python version is 3 for Fedora and python 2 for others"""
@@ -58,6 +82,35 @@ class ActionModule(ActionBase):
if ansible_python['version']['major'] != 2:
msg = "openshift-ansible requires Python 2 for {};".format(distro)
+ def check_image_tag_format(self, hostvars, host, openshift_deployment_type):
+ """Ensure openshift_image_tag is formatted correctly"""
+ openshift_image_tag = self.template_var(hostvars, host, 'openshift_image_tag')
+ if not openshift_image_tag or openshift_image_tag == 'latest':
+ return None
+ regex_to_match = IMAGE_TAG_REGEX[openshift_deployment_type]['re']
+ res = re.match(regex_to_match, str(openshift_image_tag))
+ if res is None:
+ msg = IMAGE_TAG_REGEX[openshift_deployment_type]['error_msg']
+ msg = msg.format(str(openshift_image_tag))
+ raise errors.AnsibleModuleError(msg)
+
+ def no_origin_image_version(self, hostvars, host, openshift_deployment_type):
+ """Ensure we can determine what image version to use with origin
+ fail when:
+ - openshift_is_containerized
+ - openshift_deployment_type == 'origin'
+ - openshift_release is not defined
+ - openshift_image_tag is not defined"""
+ if not openshift_deployment_type == 'origin':
+ return None
+ oic = self.template_var(hostvars, host, 'openshift_is_containerized')
+ if not to_bool(oic):
+ return None
+ orelease = self.template_var(hostvars, host, 'openshift_release')
+ oitag = self.template_var(hostvars, host, 'openshift_image_tag')
+ if not orelease and not oitag:
+ raise errors.AnsibleModuleError(CONTAINERIZED_NO_TAG_ERROR_MSG)
+
def network_plugin_check(self, hostvars, host):
"""Ensure only one type of network plugin is enabled"""
res = []
@@ -88,8 +141,10 @@ class ActionModule(ActionBase):
def run_checks(self, hostvars, host):
"""Execute the hostvars validations against host"""
distro = self.template_var(hostvars, host, 'ansible_distribution')
- self.check_openshift_deployment_type(hostvars, host)
+ odt = self.check_openshift_deployment_type(hostvars, host)
self.check_python_version(hostvars, host, distro)
+ self.check_image_tag_format(hostvars, host, odt)
+ self.no_origin_image_version(hostvars, host, odt)
self.network_plugin_check(hostvars, host)
self.check_hostname_vars(hostvars, host)
diff --git a/roles/openshift_aws/tasks/provision_instance.yml b/roles/openshift_aws/tasks/provision_instance.yml
index 696b323c0..786db1570 100644
--- a/roles/openshift_aws/tasks/provision_instance.yml
+++ b/roles/openshift_aws/tasks/provision_instance.yml
@@ -14,11 +14,7 @@
instance_type: m4.xlarge
vpc_subnet_id: "{{ openshift_aws_subnet_id | default(subnetout.subnets[0].id) }}"
image: "{{ openshift_aws_base_ami }}"
- volumes:
- - device_name: /dev/sdb
- volume_type: gp2
- volume_size: 100
- delete_on_termination: true
+ volumes: "{{ openshift_aws_node_group_config_node_volumes }}"
wait: yes
exact_count: 1
count_tag:
@@ -46,5 +42,5 @@
- name: add host to nodes
add_host:
- groups: nodes
+ groups: nodes,g_new_node_hosts
name: "{{ instancesout.instances[0].public_dns_name }}"
diff --git a/roles/openshift_certificate_expiry/filter_plugins/oo_cert_expiry.py b/roles/openshift_certificate_expiry/filter_plugins/oo_cert_expiry.py
index a2bc9ecdb..58b228fee 100644
--- a/roles/openshift_certificate_expiry/filter_plugins/oo_cert_expiry.py
+++ b/roles/openshift_certificate_expiry/filter_plugins/oo_cert_expiry.py
@@ -31,7 +31,6 @@ certificates
Example playbook usage:
- name: Generate expiration results JSON
- become: no
run_once: yes
delegate_to: localhost
when: openshift_certificate_expiry_save_json_results|bool
diff --git a/roles/openshift_certificate_expiry/tasks/main.yml b/roles/openshift_certificate_expiry/tasks/main.yml
index b5234bd1e..8dea2c07f 100644
--- a/roles/openshift_certificate_expiry/tasks/main.yml
+++ b/roles/openshift_certificate_expiry/tasks/main.yml
@@ -7,7 +7,6 @@
register: check_results
- name: Generate expiration report HTML
- become: no
run_once: yes
template:
src: cert-expiry-table.html.j2
@@ -21,7 +20,6 @@
when: openshift_certificate_expiry_save_json_results|bool
- name: Generate results JSON file
- become: no
run_once: yes
template:
src: save_json_results.j2
diff --git a/roles/openshift_cli/defaults/main.yml b/roles/openshift_cli/defaults/main.yml
index 631a0455e..9faec639f 100644
--- a/roles/openshift_cli/defaults/main.yml
+++ b/roles/openshift_cli/defaults/main.yml
@@ -8,4 +8,4 @@ system_images_registry: "{{ system_images_registry_dict[openshift_deployment_typ
openshift_use_crio_only: False
l_is_system_container_image: "{{ openshift_use_master_system_container | default(openshift_use_system_containers | default(False)) | bool }}"
-l_use_cli_atomic_image: "{{ openshift_use_crio_only or l_is_system_container_image }}"
+l_use_cli_atomic_image: "{{ (openshift_use_crio_only | bool) or (l_is_system_container_image | bool) }}"
diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml
index dff492a69..3513577fa 100644
--- a/roles/openshift_cloud_provider/tasks/main.yml
+++ b/roles/openshift_cloud_provider/tasks/main.yml
@@ -19,3 +19,6 @@
- include_tasks: gce.yml
when: cloudprovider_is_gce | bool
+
+- include_tasks: vsphere.yml
+ when: cloudprovider_is_vsphere | bool
diff --git a/roles/openshift_cloud_provider/tasks/vsphere.yml b/roles/openshift_cloud_provider/tasks/vsphere.yml
new file mode 100644
index 000000000..3a33df241
--- /dev/null
+++ b/roles/openshift_cloud_provider/tasks/vsphere.yml
@@ -0,0 +1,6 @@
+---
+- name: Create cloud config
+ template:
+ dest: "{{ openshift.common.config_base }}/cloudprovider/vsphere.conf"
+ src: vsphere.conf.j2
+ when: openshift_cloudprovider_vsphere_username is defined and openshift_cloudprovider_vsphere_password is defined and openshift_cloudprovider_vsphere_host is defined and openshift_cloudprovider_vsphere_datacenter is defined and openshift_cloudprovider_vsphere_datastore is defined
diff --git a/roles/openshift_cloud_provider/templates/vsphere.conf.j2 b/roles/openshift_cloud_provider/templates/vsphere.conf.j2
new file mode 100644
index 000000000..84e5e371c
--- /dev/null
+++ b/roles/openshift_cloud_provider/templates/vsphere.conf.j2
@@ -0,0 +1,15 @@
+[Global]
+user = "{{ openshift_cloudprovider_vsphere_username }}"
+password = "{{ openshift_cloudprovider_vsphere_password }}"
+server = "{{ openshift_cloudprovider_vsphere_host }}"
+port = 443
+insecure-flag = 1
+datacenter = {{ openshift_cloudprovider_vsphere_datacenter }}
+datastore = {{ openshift_cloudprovider_vsphere_datastore }}
+{% if openshift_cloudprovider_vsphere_folder is defined %}
+working-dir = /{{ openshift_cloudprovider_vsphere_datacenter }}/vm/{{ openshift_cloudprovider_vsphere_folder }}/
+{% else %}
+working-dir = /{{ openshift_cloudprovider_vsphere_datacenter }}/vm/
+{% endif %}
+[Disk]
+scsicontrollertype = pvscsi
diff --git a/roles/openshift_cloud_provider/vars/main.yml b/roles/openshift_cloud_provider/vars/main.yml
index c9d953f58..e71db80b9 100644
--- a/roles/openshift_cloud_provider/vars/main.yml
+++ b/roles/openshift_cloud_provider/vars/main.yml
@@ -3,3 +3,4 @@ has_cloudprovider: "{{ openshift_cloudprovider_kind | default(None) != None }}"
cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'aws' }}"
cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'openstack' }}"
cloudprovider_is_gce: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'gce' }}"
+cloudprovider_is_vsphere: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'vsphere' }}"
diff --git a/roles/openshift_etcd_facts/vars/main.yml b/roles/openshift_etcd_facts/vars/main.yml
index 9e635b34f..d716c9505 100644
--- a/roles/openshift_etcd_facts/vars/main.yml
+++ b/roles/openshift_etcd_facts/vars/main.yml
@@ -1,5 +1,5 @@
---
-etcd_is_containerized: "{{ openshift_is_containerized }}"
+etcd_is_containerized: "{{ openshift_is_containerized | bool }}"
etcd_is_atomic: "{{ openshift_is_atomic }}"
etcd_hostname: "{{ openshift.common.hostname }}"
etcd_ip: "{{ openshift.common.ip }}"
diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml
index ff04cdf9c..7787da4f0 100644
--- a/roles/openshift_examples/tasks/main.yml
+++ b/roles/openshift_examples/tasks/main.yml
@@ -16,8 +16,8 @@
register: copy_examples_mktemp
run_once: True
-- name: Create local temp dir for OpenShift examples copy
- local_action: command chmod 755 "{{ copy_examples_mktemp.stdout }}"
+- name: Chmod local temp dir for OpenShift examples copy
+ local_action: command chmod 777 "{{ copy_examples_mktemp.stdout }}"
run_once: True
- name: Create tar of OpenShift examples
@@ -27,7 +27,7 @@
# Consider using unarchive module rather than running tar
warn: no
-- name: Create local temp dir for OpenShift examples copy
+- name: Chmod local temp dir for OpenShift examples copy
local_action: command chmod 744 "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar"
run_once: True
diff --git a/roles/openshift_expand_partition/README.md b/roles/openshift_expand_partition/README.md
index c9c7b378c..402c3dc3e 100644
--- a/roles/openshift_expand_partition/README.md
+++ b/roles/openshift_expand_partition/README.md
@@ -45,7 +45,6 @@ space on /dev/xvda, and the file system will be expanded to fill the new
partition space.
- hosts: mynodes
- become: no
remote_user: root
gather_facts: no
roles:
@@ -68,7 +67,6 @@ partition space.
* Create an ansible playbook, say `expandvar.yaml`:
```
- hosts: mynodes
- become: no
remote_user: root
gather_facts: no
roles:
diff --git a/roles/openshift_facts/defaults/main.yml b/roles/openshift_facts/defaults/main.yml
index 980350d14..a223ffba6 100644
--- a/roles/openshift_facts/defaults/main.yml
+++ b/roles/openshift_facts/defaults/main.yml
@@ -1,5 +1,5 @@
---
-openshift_client_binary: "{{ openshift_is_containerized | ternary('/usr/local/bin/oc', 'oc') }}"
+openshift_client_binary: "{{ (openshift_is_containerized | bool) | ternary('/usr/local/bin/oc', 'oc') }}"
openshift_cli_image_dict:
origin: 'openshift/origin'
diff --git a/roles/openshift_health_checker/callback_plugins/zz_failure_summary.py b/roles/openshift_health_checker/callback_plugins/zz_failure_summary.py
index dcaf87eca..c83adb26d 100644
--- a/roles/openshift_health_checker/callback_plugins/zz_failure_summary.py
+++ b/roles/openshift_health_checker/callback_plugins/zz_failure_summary.py
@@ -175,6 +175,8 @@ def format_failure(failure):
play = failure['play']
task = failure['task']
msg = failure['msg']
+ if not isinstance(msg, string_types):
+ msg = str(msg)
checks = failure['checks']
fields = (
(u'Hosts', host),
diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml
index b6501d288..f40085976 100644
--- a/roles/openshift_hosted/defaults/main.yml
+++ b/roles/openshift_hosted/defaults/main.yml
@@ -69,7 +69,7 @@ r_openshift_hosted_router_os_firewall_allow: []
############
openshift_hosted_registry_selector: "{{ openshift_registry_selector | default(openshift_hosted_infra_selector) }}"
-penshift_hosted_registry_registryurl: "{{ openshift_hosted_images_dict[openshift_deployment_type] }}"
+openshift_hosted_registry_registryurl: "{{ openshift_hosted_images_dict[openshift_deployment_type] }}"
openshift_hosted_registry_routecertificates: {}
openshift_hosted_registry_routetermination: "passthrough"
diff --git a/roles/openshift_hosted_templates/tasks/main.yml b/roles/openshift_hosted_templates/tasks/main.yml
index 672d25b4d..34d39f3a5 100644
--- a/roles/openshift_hosted_templates/tasks/main.yml
+++ b/roles/openshift_hosted_templates/tasks/main.yml
@@ -6,8 +6,8 @@
# AUDIT:changed_when: not set here because this task actually
# creates something
-- name: Create local temp dir for OpenShift examples copy
- local_action: command chmod 755 "{{ copy_hosted_templates_mktemp.stdout }}"
+- name: Chmod local temp dir for OpenShift examples copy
+ local_action: command chmod 777 "{{ copy_hosted_templates_mktemp.stdout }}"
run_once: True
- name: Create tar of OpenShift examples
@@ -17,7 +17,7 @@
# Consider using unarchive module rather than running tar
warn: no
-- name: Create local temp dir for OpenShift examples copy
+- name: Chmod local tar of OpenShift examples
local_action: command chmod 744 "{{ copy_hosted_templates_mktemp.stdout }}/openshift-hosted-templates.tar"
run_once: True
diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md
index 27cfc17d6..a192bd67e 100644
--- a/roles/openshift_logging/README.md
+++ b/roles/openshift_logging/README.md
@@ -177,6 +177,9 @@ Elasticsearch OPS too, if using an OPS cluster:
clients will use to connect to mux, and will be used in the TLS server cert
subject.
- `openshift_logging_mux_port`: 24284
+- `openshift_logging_mux_external_address`: The IP address that mux will listen
+ on for connections from *external* clients. Default is the default ipv4
+ interface as reported by the `ansible_default_ipv4` fact.
- `openshift_logging_mux_cpu_request`: 100m
- `openshift_logging_mux_memory_limit`: 512Mi
- `openshift_logging_mux_default_namespaces`: Default `["mux-undefined"]` - the
diff --git a/roles/openshift_logging/library/openshift_logging_facts.py b/roles/openshift_logging/library/openshift_logging_facts.py
index 302a9b4c9..37ffb0204 100644
--- a/roles/openshift_logging/library/openshift_logging_facts.py
+++ b/roles/openshift_logging/library/openshift_logging_facts.py
@@ -276,7 +276,7 @@ class OpenshiftLoggingFacts(OCBaseCommand):
return
for item in role["subjects"]:
comp = self.comp(item["name"])
- if comp is not None and namespace == item["namespace"]:
+ if comp is not None and namespace == item.get("namespace"):
self.add_facts_for(comp, "clusterrolebindings", "cluster-readers", dict())
# this needs to end up nested under the service account...
@@ -288,7 +288,7 @@ class OpenshiftLoggingFacts(OCBaseCommand):
return
for item in role["subjects"]:
comp = self.comp(item["name"])
- if comp is not None and namespace == item["namespace"]:
+ if comp is not None and namespace == item.get("namespace"):
self.add_facts_for(comp, "rolebindings", "logging-elasticsearch-view-role", dict())
# pylint: disable=no-self-use, too-many-return-statements
diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml
index d6ac88dcc..6e3204589 100644
--- a/roles/openshift_logging/tasks/generate_jks.yaml
+++ b/roles/openshift_logging/tasks/generate_jks.yaml
@@ -24,25 +24,21 @@
local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r"
when: elasticsearch_jks.stat.exists
changed_when: False
- become: no
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/logging-es.jks" state=touch mode="u=rw,g=r,o=r"
when: logging_es_jks.stat.exists
changed_when: False
- become: no
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/system.admin.jks" state=touch mode="u=rw,g=r,o=r"
when: system_admin_jks.stat.exists
changed_when: False
- become: no
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/truststore.jks" state=touch mode="u=rw,g=r,o=r"
when: truststore_jks.stat.exists
changed_when: False
- become: no
- name: pulling down signing items from host
fetch:
@@ -61,12 +57,10 @@
vars:
- top_dir: "{{local_tmp.stdout}}"
when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
- become: no
- name: Run JKS generation script
local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}}
check_mode: no
- become: no
when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
- name: Pushing locally generated JKS certs to remote host...
diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml
index 185f47f50..67904a9d3 100644
--- a/roles/openshift_logging/tasks/install_logging.yaml
+++ b/roles/openshift_logging/tasks/install_logging.yaml
@@ -75,7 +75,7 @@
elasticsearch_storage_type: "{{ openshift_logging_elasticsearch_storage_type | default('pvc' if ( openshift_logging_es_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs' or openshift_logging_es_pvc_size | length > 0) else 'emptydir') }}"
# We don't allow scaling down of ES nodes currently
-- import_role:
+- include_role:
name: openshift_logging_elasticsearch
vars:
generated_certs_dir: "{{openshift.common.config_base}}/logging"
@@ -103,7 +103,7 @@
- openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | count > 0
# Create any new DC that may be required
-- import_role:
+- include_role:
name: openshift_logging_elasticsearch
vars:
generated_certs_dir: "{{openshift.common.config_base}}/logging"
@@ -137,7 +137,7 @@
when:
- openshift_logging_use_ops | bool
-- import_role:
+- include_role:
name: openshift_logging_elasticsearch
vars:
generated_certs_dir: "{{openshift.common.config_base}}/logging"
@@ -180,7 +180,7 @@
- openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count > 0
# Create any new DC that may be required
-- import_role:
+- include_role:
name: openshift_logging_elasticsearch
vars:
generated_certs_dir: "{{openshift.common.config_base}}/logging"
diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml
index 9949bb95d..60cc399fa 100644
--- a/roles/openshift_logging/tasks/main.yaml
+++ b/roles/openshift_logging/tasks/main.yaml
@@ -17,7 +17,11 @@
register: local_tmp
changed_when: False
check_mode: no
- become: no
+
+- name: Chmod local temp directory for doing work in
+ local_action: command chmod 777 "{{ local_tmp.stdout }}"
+ changed_when: False
+ check_mode: no
- include_tasks: install_logging.yaml
when:
@@ -31,4 +35,3 @@
local_action: file path="{{local_tmp.stdout}}" state=absent
tags: logging_cleanup
changed_when: False
- become: no
diff --git a/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml b/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml
index c53a06019..c55e7c5ea 100644
--- a/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml
+++ b/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml
@@ -15,3 +15,5 @@
- fail:
msg: Invalid version specified for Elasticsearch
when: es_version not in __allowed_es_versions
+
+- include_tasks: get_es_version.yml
diff --git a/roles/openshift_logging_elasticsearch/tasks/get_es_version.yml b/roles/openshift_logging_elasticsearch/tasks/get_es_version.yml
new file mode 100644
index 000000000..9182bddb2
--- /dev/null
+++ b/roles/openshift_logging_elasticsearch/tasks/get_es_version.yml
@@ -0,0 +1,42 @@
+---
+- command: >
+ oc get pod -l component=es,provider=openshift -n {{ openshift_logging_elasticsearch_namespace }} -o jsonpath={.items[*].metadata.name}
+ register: _cluster_pods
+
+- name: "Getting ES version for logging-es cluster"
+ command: >
+ oc exec {{ _cluster_pods.stdout.split(' ')[0] }} -c elasticsearch -n {{ openshift_logging_elasticsearch_namespace }} -- {{ __es_local_curl }} -XGET 'https://localhost:9200/'
+ register: _curl_output
+ when: _cluster_pods.stdout_lines | count > 0
+
+- command: >
+ oc get pod -l component=es-ops,provider=openshift -n {{ openshift_logging_elasticsearch_namespace }} -o jsonpath={.items[*].metadata.name}
+ register: _ops_cluster_pods
+
+- name: "Getting ES version for logging-es-ops cluster"
+ command: >
+ oc exec {{ _ops_cluster_pods.stdout.split(' ')[0] }} -c elasticsearch -n {{ openshift_logging_elasticsearch_namespace }} -- {{ __es_local_curl }} -XGET 'https://localhost:9200/'
+ register: _ops_curl_output
+ when: _ops_cluster_pods.stdout_lines | count > 0
+
+- set_fact:
+ _es_output: "{{ _curl_output.stdout | from_json }}"
+ when: _curl_output.stdout is defined
+
+- set_fact:
+ _es_ops_output: "{{ _ops_curl_output.stdout | from_json }}"
+ when: _ops_curl_output.stdout is defined
+
+- set_fact:
+ _es_installed_version: "{{ _es_output.version.number }}"
+ when:
+ - _es_output is defined
+ - _es_output.version is defined
+ - _es_output.version.number is defined
+
+- set_fact:
+ _es_ops_installed_version: "{{ _es_ops_output.version.number }}"
+ when:
+ - _es_ops_output is defined
+ - _es_ops_output.version is defined
+ - _es_ops_output.version.number is defined
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml
index 9bd37f33c..ff5ad1045 100644
--- a/roles/openshift_logging_elasticsearch/tasks/main.yaml
+++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml
@@ -32,6 +32,18 @@
- include_tasks: determine_version.yaml
+- set_fact:
+ full_restart_cluster: True
+ when:
+ - _es_installed_version is defined
+ - _es_installed_version.split('.')[0] | int < __es_version.split('.')[0] | int
+
+- set_fact:
+ full_restart_cluster: True
+ when:
+ - _es_ops_installed_version is defined
+ - _es_ops_installed_version.split('.')[0] | int < __es_version.split('.')[0] | int
+
# allow passing in a tempdir
- name: Create temp directory for doing work in
command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX
@@ -181,7 +193,9 @@
changed_when: no
# create diff between current configmap files and our current files
-- import_role:
+# NOTE: include_role must be used instead of import_role because
+# this task file is looped over from another role.
+- include_role:
name: openshift_logging
tasks_from: patch_configmap_files.yaml
vars:
diff --git a/roles/openshift_logging_elasticsearch/tasks/restart_cluster.yml b/roles/openshift_logging_elasticsearch/tasks/restart_cluster.yml
index 4a32453e3..d55beec86 100644
--- a/roles/openshift_logging_elasticsearch/tasks/restart_cluster.yml
+++ b/roles/openshift_logging_elasticsearch/tasks/restart_cluster.yml
@@ -1,4 +1,22 @@
---
+# Disable external communication for {{ _cluster_component }}
+- name: Disable external communication for logging-{{ _cluster_component }}
+ oc_service:
+ state: present
+ name: "logging-{{ _cluster_component }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
+ selector:
+ component: "{{ _cluster_component }}"
+ provider: openshift
+ connection: blocked
+ labels:
+ logging-infra: 'support'
+ ports:
+ - port: 9200
+ targetPort: "restapi"
+ when:
+ - full_restart_cluster | bool
+
## get all pods for the cluster
- command: >
oc get pod -l component={{ _cluster_component }},provider=openshift -n {{ openshift_logging_elasticsearch_namespace }} -o jsonpath={.items[*].metadata.name}
@@ -11,17 +29,38 @@
changed_when: "'\"acknowledged\":true' in _disable_output.stdout"
when: _cluster_pods.stdout_lines | count > 0
+# Flush ES
+- name: "Flushing for logging-{{ _cluster_component }} cluster"
+ command: >
+ oc exec {{ _cluster_pods.stdout.split(' ')[0] }} -c elasticsearch -n {{ openshift_logging_elasticsearch_namespace }} -- {{ __es_local_curl }} -XPUT 'https://localhost:9200/_flush/synced'
+ register: _flush_output
+ changed_when: "'\"acknowledged\":true' in _flush_output.stdout"
+ when:
+ - _cluster_pods.stdout_lines | count > 0
+ - full_restart_cluster | bool
+
- command: >
oc get dc -l component={{ _cluster_component }},provider=openshift -n {{ openshift_logging_elasticsearch_namespace }} -o jsonpath={.items[*].metadata.name}
register: _cluster_dcs
+## restart all dcs for full restart
+- name: "Restart ES node {{ _es_node }}"
+ include_tasks: restart_es_node.yml
+ with_items: "{{ _cluster_dcs }}"
+ loop_control:
+ loop_var: _es_node
+ when:
+ - full_restart_cluster | bool
+
## restart the node if it's dc is in the list of nodes to restart?
- name: "Restart ES node {{ _es_node }}"
include_tasks: restart_es_node.yml
with_items: "{{ _restart_logging_nodes }}"
loop_control:
loop_var: _es_node
- when: _es_node in _cluster_dcs.stdout
+ when:
+ - not full_restart_cluster | bool
+ - _es_node in _cluster_dcs.stdout
## we may need a new first pod to run against -- fetch them all again
- command: >
@@ -33,3 +72,20 @@
oc exec {{ _cluster_pods.stdout.split(' ')[0] }} -c elasticsearch -n {{ openshift_logging_elasticsearch_namespace }} -- {{ __es_local_curl }} -XPUT 'https://localhost:9200/_cluster/settings' -d '{ "transient": { "cluster.routing.allocation.enable" : "all" } }'
register: _enable_output
changed_when: "'\"acknowledged\":true' in _enable_output.stdout"
+
+# Reenable external communication for {{ _cluster_component }}
+- name: Reenable external communication for logging-{{ _cluster_component }}
+ oc_service:
+ state: present
+ name: "logging-{{ _cluster_component }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
+ selector:
+ component: "{{ _cluster_component }}"
+ provider: openshift
+ labels:
+ logging-infra: 'support'
+ ports:
+ - port: 9200
+ targetPort: "restapi"
+ when:
+ - full_restart_cluster | bool
diff --git a/roles/openshift_logging_elasticsearch/tasks/restart_es_node.yml b/roles/openshift_logging_elasticsearch/tasks/restart_es_node.yml
index b07b232ce..6d0df40c8 100644
--- a/roles/openshift_logging_elasticsearch/tasks/restart_es_node.yml
+++ b/roles/openshift_logging_elasticsearch/tasks/restart_es_node.yml
@@ -14,6 +14,8 @@
- _dc_output.results.results[0].status is defined
- _dc_output.results.results[0].status.readyReplicas is defined
- _dc_output.results.results[0].status.readyReplicas > 0
+ - _dc_output.results.results[0].status.updatedReplicas is defined
+ - _dc_output.results.results[0].status.updatedReplicas > 0
retries: 60
delay: 30
diff --git a/roles/openshift_logging_elasticsearch/vars/main.yml b/roles/openshift_logging_elasticsearch/vars/main.yml
index 0e56a6eac..ef259cd3a 100644
--- a/roles/openshift_logging_elasticsearch/vars/main.yml
+++ b/roles/openshift_logging_elasticsearch/vars/main.yml
@@ -4,6 +4,7 @@ __allowed_es_versions: ["3_5", "3_6", "3_7", "3_8"]
__allowed_es_types: ["data-master", "data-client", "master", "client"]
__es_log_appenders: ['file', 'console']
__kibana_index_modes: ["unique", "shared_ops"]
+__es_version: "2.4.4"
__es_local_curl: "curl -s --cacert /etc/elasticsearch/secret/admin-ca --cert /etc/elasticsearch/secret/admin-cert --key /etc/elasticsearch/secret/admin-key"
@@ -14,3 +15,4 @@ es_min_masters_default: "{{ (openshift_logging_elasticsearch_replica_count | int
es_min_masters: "{{ (openshift_logging_elasticsearch_replica_count == 1) | ternary(1, es_min_masters_default) }}"
es_recover_after_nodes: "{{ openshift_logging_elasticsearch_replica_count | int }}"
es_recover_expected_nodes: "{{ openshift_logging_elasticsearch_replica_count | int }}"
+full_restart_cluster: False
diff --git a/roles/openshift_logging_fluentd/tasks/label_and_wait.yaml b/roles/openshift_logging_fluentd/tasks/label_and_wait.yaml
index 1cef6c25e..2721438f0 100644
--- a/roles/openshift_logging_fluentd/tasks/label_and_wait.yaml
+++ b/roles/openshift_logging_fluentd/tasks/label_and_wait.yaml
@@ -8,4 +8,3 @@
# wait half a second between labels
- local_action: command sleep {{ openshift_logging_fluentd_label_delay | default('.5') }}
- become: no
diff --git a/roles/openshift_logging_mux/defaults/main.yml b/roles/openshift_logging_mux/defaults/main.yml
index db6f23126..dbf4549c4 100644
--- a/roles/openshift_logging_mux/defaults/main.yml
+++ b/roles/openshift_logging_mux/defaults/main.yml
@@ -30,6 +30,7 @@ openshift_logging_mux_allow_external: False
openshift_logging_use_mux: "{{ openshift_logging_mux_allow_external | default(False) }}"
openshift_logging_mux_hostname: "{{ 'mux.' ~ openshift_master_default_subdomain }}"
openshift_logging_mux_port: 24284
+openshift_logging_mux_external_address: "{{ ansible_default_ipv4.address }}"
# the namespace to use for undefined projects should come first, followed by any
# additional namespaces to create by default - users will typically not need to set this
openshift_logging_mux_default_namespaces: ["mux-undefined"]
diff --git a/roles/openshift_logging_mux/tasks/main.yaml b/roles/openshift_logging_mux/tasks/main.yaml
index 34bdb891c..7eba3cda4 100644
--- a/roles/openshift_logging_mux/tasks/main.yaml
+++ b/roles/openshift_logging_mux/tasks/main.yaml
@@ -148,7 +148,7 @@
port: "{{ openshift_logging_mux_port }}"
targetPort: "mux-forward"
external_ips:
- - "{{ ansible_eth0.ipv4.address }}"
+ - "{{ openshift_logging_mux_external_address }}"
when: openshift_logging_mux_allow_external | bool
- name: Set logging-mux service for internal communication
diff --git a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
index f72710832..7870f43e2 100644
--- a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
+++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
@@ -12,11 +12,11 @@
package: name={{ master_pkgs | join(',') }} state=present
vars:
master_pkgs:
- - "{{ openshift_service_type }}{{ openshift_pkg_version }}"
- - "{{ openshift_service_type }}-master{{ openshift_pkg_version }}"
- - "{{ openshift_service_type }}-node{{ openshift_pkg_version }}"
- - "{{ openshift_service_type }}-sdn-ovs{{ openshift_pkg_version }}"
- - "{{ openshift_service_type }}-clients{{ openshift_pkg_version }}"
- - "tuned-profiles-{{ openshift_service_type }}-node{{ openshift_pkg_version }}"
+ - "{{ openshift_service_type }}{{ openshift_pkg_version | default('') }}"
+ - "{{ openshift_service_type }}-master{{ openshift_pkg_version | default('') }}"
+ - "{{ openshift_service_type }}-node{{ openshift_pkg_version | default('') }}"
+ - "{{ openshift_service_type }}-sdn-ovs{{ openshift_pkg_version | default('') }}"
+ - "{{ openshift_service_type }}-clients{{ openshift_pkg_version | default('') }}"
+ - "tuned-profiles-{{ openshift_service_type }}-node{{ openshift_pkg_version | default('') }}"
register: result
until: result is succeeded
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 00cabe574..649a4bc5d 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -120,7 +120,11 @@
register: g_master_certs_mktemp
changed_when: False
when: master_certs_missing | bool
- become: no
+
+- name: Chmod local temp directory for syncing certs
+ local_action: command chmod 777 "{{ g_master_certs_mktemp.stdout }}"
+ changed_when: False
+ when: master_certs_missing | bool
- name: Create a tarball of the master certs
command: >
@@ -157,7 +161,6 @@
local_action: file path="{{ g_master_certs_mktemp.stdout }}" state=absent
changed_when: False
when: master_certs_missing | bool
- become: no
- name: Lookup default group for ansible_ssh_user
command: "/usr/bin/id -g {{ ansible_ssh_user | quote }}"
diff --git a/roles/openshift_named_certificates/tasks/main.yml b/roles/openshift_named_certificates/tasks/main.yml
index ad5472445..021fa8385 100644
--- a/roles/openshift_named_certificates/tasks/main.yml
+++ b/roles/openshift_named_certificates/tasks/main.yml
@@ -3,7 +3,6 @@
parsed_named_certificates: "{{ named_certificates | lib_utils_oo_parse_named_certificates(named_certs_dir, internal_hostnames) }}"
when: named_certificates | length > 0
delegate_to: localhost
- become: no
run_once: true
- openshift_facts:
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index 27fe2f5c0..c1fab4382 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -169,7 +169,7 @@ oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker"
oreg_auth_credentials_replace: False
l_bind_docker_reg_auth: False
openshift_use_crio: False
-openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False)) }}"
+openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False) | bool) }}"
openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index 86a2ca16f..59e743dce 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -13,6 +13,4 @@ galaxy_info:
- cloud
dependencies:
- role: lib_openshift
-- role: openshift_cloud_provider
- when: not (openshift_node_upgrade_in_progress | default(False))
- role: lib_utils
diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml
index 55738d759..a4a9c1237 100644
--- a/roles/openshift_node/tasks/install.yml
+++ b/roles/openshift_node/tasks/install.yml
@@ -1,28 +1,18 @@
---
-- when: not openshift_is_containerized | bool
- block:
- - name: Install Node package
- package:
- name: "{{ openshift_service_type }}-node{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
- state: present
- register: result
- until: result is succeeded
-
- - name: Install sdn-ovs package
- package:
- name: "{{ openshift_service_type }}-sdn-ovs{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
- state: present
- when:
- - openshift_node_use_openshift_sdn | bool
- register: result
- until: result is succeeded
-
- - name: Install conntrack-tools package
- package:
- name: "conntrack-tools"
- state: present
- register: result
- until: result is succeeded
+- name: Install Node package, sdn-ovs, conntrack packages
+ package:
+ name: "{{ item.name }}"
+ state: present
+ register: result
+ until: result is succeeded
+ with_items:
+ - name: "{{ openshift_service_type }}-node{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
+ - name: "{{ openshift_service_type }}-sdn-ovs{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
+ install: "{{ openshift_node_use_openshift_sdn | bool }}"
+ - name: "conntrack-tools"
+ when:
+ - not openshift_is_containerized | bool
+ - item['install'] | default(True) | bool
- when:
- openshift_is_containerized | bool
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 103572291..754ecacaf 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -4,7 +4,7 @@
when:
- (not ansible_selinux or ansible_selinux.status != 'enabled')
- openshift_deployment_type == 'openshift-enterprise'
- - not openshift_use_crio
+ - not openshift_use_crio | bool
- include_tasks: dnsmasq_install.yml
- include_tasks: dnsmasq.yml
@@ -50,7 +50,7 @@
name: cri-o
enabled: yes
state: restarted
- when: openshift_use_crio
+ when: openshift_use_crio | bool
register: task_result
failed_when:
- task_result is failed
diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml
index 30ef9ef44..d7dce6969 100644
--- a/roles/openshift_node/tasks/openvswitch_system_container.yml
+++ b/roles/openshift_node/tasks/openvswitch_system_container.yml
@@ -1,11 +1,11 @@
---
- set_fact:
l_service_name: "cri-o"
- when: openshift_use_crio
+ when: openshift_use_crio | bool
- set_fact:
l_service_name: "{{ openshift_docker_service_name }}"
- when: not openshift_use_crio
+ when: not openshift_use_crio | bool
- name: Pre-pull OpenVSwitch system container image
command: >
diff --git a/roles/openshift_node/tasks/upgrade/config_changes.yml b/roles/openshift_node/tasks/upgrade/config_changes.yml
index 50044eb3e..721656117 100644
--- a/roles/openshift_node/tasks/upgrade/config_changes.yml
+++ b/roles/openshift_node/tasks/upgrade/config_changes.yml
@@ -1,7 +1,7 @@
---
- name: Update systemd units
include_tasks: ../systemd_units.yml
- when: openshift_is_containerized
+ when: openshift_is_containerized | bool
- name: Update oreg value
yedit:
@@ -60,6 +60,7 @@
dest: "/etc/systemd/system/{{ openshift_service_type }}-node.service"
src: "node.service.j2"
register: l_node_unit
+ when: not openshift_is_containerized | bool
- name: Reset selinux context
command: restorecon -RF {{ openshift_node_data_dir }}/openshift.local.volumes
@@ -74,4 +75,3 @@
# require a service to be part of the call.
- name: Reload systemd units
command: systemctl daemon-reload
- when: l_node_unit is changed
diff --git a/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml b/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml
index 0a14e5174..e5477f389 100644
--- a/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml
+++ b/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml
@@ -10,6 +10,6 @@
docker pull {{ osn_ovs_image }}:{{ openshift_image_tag }}
register: pull_result
changed_when: "'Downloaded newer image' in pull_result.stdout"
- when: openshift_use_openshift_sdn | bool
+ when: openshift_node_use_openshift_sdn | bool
- include_tasks: ../container_images.yml
diff --git a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml
index 91a358095..d4b47bb9e 100644
--- a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml
+++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml
@@ -12,7 +12,7 @@
until: result is succeeded
vars:
openshift_node_upgrade_rpm_list:
- - "{{ openshift_service_type }}-node{{ openshift_pkg_version }}"
+ - "{{ openshift_service_type }}-node{{ openshift_pkg_version | default('') }}"
- "PyYAML"
- "dnsmasq"
diff --git a/roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml
index c9094e05a..ef5d8d662 100644
--- a/roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml
+++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml
@@ -14,6 +14,6 @@
until: result is succeeded
vars:
openshift_node_upgrade_rpm_list:
- - "{{ openshift_service_type }}-node{{ openshift_pkg_version }}"
+ - "{{ openshift_service_type }}-node{{ openshift_pkg_version | default('') }}"
- "PyYAML"
- "openvswitch"
diff --git a/roles/openshift_node/templates/node.service.j2 b/roles/openshift_node/templates/node.service.j2
index da751bd65..777f4a449 100644
--- a/roles/openshift_node/templates/node.service.j2
+++ b/roles/openshift_node/templates/node.service.j2
@@ -8,7 +8,7 @@ Wants={{ openshift_docker_service_name }}.service
Documentation=https://github.com/openshift/origin
Requires=dnsmasq.service
After=dnsmasq.service
-{% if openshift_use_crio %}Wants=cri-o.service{% endif %}
+{% if openshift_use_crio | bool %}Wants=cri-o.service{% endif %}
[Service]
Type=notify
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index f091263f5..5f2a94ea2 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -14,7 +14,7 @@ imageConfig:
latest: {{ openshift_node_image_config_latest }}
kind: NodeConfig
kubeletArguments: {{ l2_openshift_node_kubelet_args | default(None) | lib_utils_to_padded_yaml(level=1) }}
-{% if openshift_use_crio %}
+{% if openshift_use_crio | bool %}
container-runtime:
- remote
container-runtime-endpoint:
diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service
index 873744f34..9fe779057 100644
--- a/roles/openshift_node/templates/openshift.docker.node.dep.service
+++ b/roles/openshift_node/templates/openshift.docker.node.dep.service
@@ -3,7 +3,7 @@ Requires={{ openshift_docker_service_name }}.service
After={{ openshift_docker_service_name }}.service
PartOf={{ openshift_service_type }}-node.service
Before={{ openshift_service_type }}-node.service
-{% if openshift_use_crio %}Wants=cri-o.service{% endif %}
+{% if openshift_use_crio | bool %}Wants=cri-o.service{% endif %}
[Service]
ExecStart=/bin/bash -c 'if [[ -f /usr/bin/docker-current ]]; \
diff --git a/roles/openshift_storage_nfs_lvm/README.md b/roles/openshift_storage_nfs_lvm/README.md
index cc674d3fd..a11219f6d 100644
--- a/roles/openshift_storage_nfs_lvm/README.md
+++ b/roles/openshift_storage_nfs_lvm/README.md
@@ -1,7 +1,7 @@
# openshift_storage_nfs_lvm
This role is useful to create and export nfs disks for openshift persistent volumes.
-It does so by creating lvm partitions on an already setup pv/vg, creating xfs
+It does so by creating lvm partitions on an already setup pv/vg, creating xfs
filesystem on each partition, mounting the partitions, exporting the mounts via NFS
and creating a json file for each mount that an openshift master can use to
create persistent volumes.
@@ -20,7 +20,7 @@ create persistent volumes.
osnl_nfs_export_options: "*(rw,sync,all_squash)"
# Directory, where the created partitions should be mounted. They will be
-# mounted as <osnl_mount_dir>/<lvm volume name>
+# mounted as <osnl_mount_dir>/<lvm volume name>
osnl_mount_dir: /exports/openshift
# Volume Group to use.
@@ -64,11 +64,10 @@ None
## Example Playbook
With this playbook, 2 5Gig lvm partitions are created, named stg5g0003 and stg5g0004
-Both of them are mounted into `/exports/openshift` directory. Both directories are
+Both of them are mounted into `/exports/openshift` directory. Both directories are
exported via NFS. json files are created in /root.
- hosts: nfsservers
- become: no
remote_user: root
gather_facts: no
roles:
@@ -94,7 +93,6 @@ exported via NFS. json files are created in /root.
* Create an ansible playbook, say `setupnfs.yaml`:
```
- hosts: nfsservers
- become: no
remote_user: root
gather_facts: no
roles:
diff --git a/roles/openshift_version/defaults/main.yml b/roles/openshift_version/defaults/main.yml
index 354699637..e2e6538c9 100644
--- a/roles/openshift_version/defaults/main.yml
+++ b/roles/openshift_version/defaults/main.yml
@@ -8,3 +8,5 @@ openshift_service_type_dict:
openshift_service_type: "{{ openshift_service_type_dict[openshift_deployment_type] }}"
openshift_use_crio_only: False
+
+l_first_master_version_task_file: "{{ openshift_is_containerized | ternary('first_master_containerized_version.yml', 'first_master_rpm_version.yml') }}"
diff --git a/roles/openshift_version/tasks/check_available_rpms.yml b/roles/openshift_version/tasks/check_available_rpms.yml
new file mode 100644
index 000000000..bdbc63d27
--- /dev/null
+++ b/roles/openshift_version/tasks/check_available_rpms.yml
@@ -0,0 +1,10 @@
+---
+- name: Get available {{ openshift_service_type}} version
+ repoquery:
+ name: "{{ openshift_service_type}}"
+ ignore_excluders: true
+ register: rpm_results
+
+- fail:
+ msg: "Package {{ openshift_service_type}} not found"
+ when: not rpm_results.results.package_found
diff --git a/roles/openshift_version/tasks/first_master.yml b/roles/openshift_version/tasks/first_master.yml
new file mode 100644
index 000000000..374725086
--- /dev/null
+++ b/roles/openshift_version/tasks/first_master.yml
@@ -0,0 +1,30 @@
+---
+# Determine the openshift_version to configure if none has been specified or set previously.
+
+# Protect the installed version by default unless explicitly told not to, or given an
+# openshift_version already.
+- name: Use openshift.common.version fact as version to configure if already installed
+ set_fact:
+ openshift_version: "{{ openshift.common.version }}"
+ when:
+ - openshift.common.version is defined
+ - openshift_version is not defined or openshift_version == ""
+ - openshift_protect_installed_version | bool
+
+- include_tasks: "{{ l_first_master_version_task_file }}"
+
+- block:
+ - debug:
+ msg: "openshift_pkg_version was not defined. Falling back to -{{ openshift_version }}"
+ - set_fact:
+ openshift_pkg_version: -{{ openshift_version }}
+ when:
+ - openshift_pkg_version is not defined
+ - openshift_upgrade_target is not defined
+
+- block:
+ - debug:
+ msg: "openshift_image_tag was not defined. Falling back to v{{ openshift_version }}"
+ - set_fact:
+ openshift_image_tag: v{{ openshift_version }}
+ when: openshift_image_tag is not defined
diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/first_master_containerized_version.yml
index e02a75eab..e02a75eab 100644
--- a/roles/openshift_version/tasks/set_version_containerized.yml
+++ b/roles/openshift_version/tasks/first_master_containerized_version.yml
diff --git a/roles/openshift_version/tasks/first_master_rpm_version.yml b/roles/openshift_version/tasks/first_master_rpm_version.yml
new file mode 100644
index 000000000..264baca65
--- /dev/null
+++ b/roles/openshift_version/tasks/first_master_rpm_version.yml
@@ -0,0 +1,16 @@
+---
+- name: Set rpm version to configure if openshift_pkg_version specified
+ set_fact:
+ # Expects a leading "-" in inventory, strip it off here, and remove trailing release,
+ openshift_version: "{{ openshift_pkg_version[1:].split('-')[0] }}"
+ when:
+ - openshift_pkg_version is defined
+ - openshift_version is not defined
+
+# These tasks should only be run against masters and nodes
+- name: Set openshift_version for rpm installation
+ include_tasks: check_available_rpms.yml
+
+- set_fact:
+ openshift_version: "{{ rpm_results.results.versions.available_versions.0 }}"
+ when: openshift_version is not defined
diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml
index 97e58ffac..b42794858 100644
--- a/roles/openshift_version/tasks/main.yml
+++ b/roles/openshift_version/tasks/main.yml
@@ -1,206 +1,2 @@
---
-# Determine the openshift_version to configure if none has been specified or set previously.
-
-# Block attempts to install origin without specifying some kind of version information.
-# This is because the latest tags for origin are usually alpha builds, which should not
-# be used by default. Users must indicate what they want.
-- name: Abort when we cannot safely guess what Origin image version the user wanted
- fail:
- msg: |-
- To install a containerized Origin release, you must set openshift_release or
- openshift_image_tag in your inventory to specify which version of the OpenShift
- component images to use. You may want the latest (usually alpha) releases or
- a more stable release. (Suggestion: add openshift_release="x.y" to inventory.)
- when:
- - openshift_is_containerized | bool
- - openshift.common.deployment_type == 'origin'
- - openshift_release is not defined
- - openshift_image_tag is not defined
-
-# Normalize some values that we need in a certain format that might be confusing:
-- set_fact:
- openshift_release: "{{ openshift_release[1:] }}"
- when:
- - openshift_release is defined
- - openshift_release[0] == 'v'
-
-- set_fact:
- openshift_release: "{{ openshift_release | string }}"
- when:
- - openshift_release is defined
-
-# Verify that the image tag is in a valid format
-- when:
- - openshift_image_tag is defined
- - openshift_image_tag != "latest"
- block:
-
- # Verifies that when the deployment type is origin the version:
- # - starts with a v
- # - Has 3 integers seperated by dots
- # It also allows for optional trailing data which:
- # - must start with a dash
- # - may contain numbers, letters, dashes and dots.
- - name: (Origin) Verify openshift_image_tag is valid
- when: openshift.common.deployment_type == 'origin'
- assert:
- that:
- - "{{ openshift_image_tag is match('(^v?\\d+\\.\\d+\\.\\d+(-[\\w\\-\\.]*)?$)') }}"
- msg: |-
- openshift_image_tag must be in the format v#.#.#[-optional.#]. Examples: v1.2.3, v3.5.1-alpha.1
- You specified openshift_image_tag={{ openshift_image_tag }}
-
- # Verifies that when the deployment type is openshift-enterprise the version:
- # - starts with a v
- # - Has at least 2 integers seperated by dots
- # It also allows for optional trailing data which:
- # - must start with a dash
- # - may contain numbers
- # - may containe dots (https://github.com/openshift/openshift-ansible/issues/5192)
- #
- - name: (Enterprise) Verify openshift_image_tag is valid
- when: openshift.common.deployment_type == 'openshift-enterprise'
- assert:
- that:
- - "{{ openshift_image_tag is match('(^v\\d+\\.\\d+(\\.\\d+)*(-\\d+(\\.\\d+)*)?$)') }}"
- msg: |-
- openshift_image_tag must be in the format v#.#[.#[.#]]. Examples: v1.2, v3.4.1, v3.5.1.3,
- v3.5.1.3.4, v1.2-1, v1.2.3-4, v1.2.3-4.5, v1.2.3-4.5.6
- You specified openshift_image_tag={{ openshift_image_tag }}
-
-# Make sure we copy this to a fact if given a var:
-- set_fact:
- openshift_version: "{{ openshift_version | string }}"
- when: openshift_version is defined
-
-# Protect the installed version by default unless explicitly told not to, or given an
-# openshift_version already.
-- name: Use openshift.common.version fact as version to configure if already installed
- set_fact:
- openshift_version: "{{ openshift.common.version }}"
- when:
- - openshift.common.version is defined
- - openshift_version is not defined or openshift_version == ""
- - openshift_protect_installed_version | bool
-
-# The rest of these tasks should only execute on
-# masters and nodes as we can verify they have subscriptions
-- when:
- - inventory_hostname in groups['oo_masters_to_config'] or inventory_hostname in groups['oo_nodes_to_config']
- block:
- - name: Set openshift_version for rpm installation
- include_tasks: set_version_rpm.yml
- when: not openshift_is_containerized | bool
-
- - name: Set openshift_version for containerized installation
- include_tasks: set_version_containerized.yml
- when: openshift_is_containerized | bool
-
- - block:
- - name: Get available {{ openshift_service_type}} version
- repoquery:
- name: "{{ openshift_service_type}}"
- ignore_excluders: true
- register: rpm_results
- - fail:
- msg: "Package {{ openshift_service_type}} not found"
- when: not rpm_results.results.package_found
- - set_fact:
- openshift_rpm_version: "{{ rpm_results.results.versions.available_versions.0 | default('0.0', True) }}"
- - name: Fail if rpm version and docker image version are different
- fail:
- msg: "OCP rpm version {{ openshift_rpm_version }} is different from OCP image version {{ openshift_version }}"
- # Both versions have the same string representation
- when:
- - openshift_rpm_version != openshift_version
- # if openshift_pkg_version or openshift_image_tag is defined, user gives a permission the rpm and docker image versions can differ
- - openshift_pkg_version is not defined
- - openshift_image_tag is not defined
- when:
- - openshift_is_containerized | bool
- - not openshift_is_atomic | bool
-
- # Warn if the user has provided an openshift_image_tag but is not doing a containerized install
- # NOTE: This will need to be modified/removed for future container + rpm installations work.
- - name: Warn if openshift_image_tag is defined when not doing a containerized install
- debug:
- msg: >
- openshift_image_tag is used for containerized installs. If you are trying to
- specify an image for a non-container install see oreg_url or oreg_url_master or oreg_url_node.
- when:
- - not openshift_is_containerized | bool
- - openshift_image_tag is defined
-
- # At this point we know openshift_version is set appropriately. Now we set
- # openshift_image_tag and openshift_pkg_version, so all roles can always assume
- # each of this variables *will* be set correctly and can use them per their
- # intended purpose.
-
- - block:
- - debug:
- msg: "openshift_image_tag was not defined. Falling back to v{{ openshift_version }}"
-
- - set_fact:
- openshift_image_tag: v{{ openshift_version }}
-
- when: openshift_image_tag is not defined
-
- - block:
- - debug:
- msg: "openshift_pkg_version was not defined. Falling back to -{{ openshift_version }}"
-
- - set_fact:
- openshift_pkg_version: -{{ openshift_version }}
-
- when:
- - openshift_pkg_version is not defined
- - openshift_upgrade_target is not defined
-
- - fail:
- msg: openshift_version role was unable to set openshift_version
- name: Abort if openshift_version was not set
- when: openshift_version is not defined
-
- - fail:
- msg: openshift_version role was unable to set openshift_image_tag
- name: Abort if openshift_image_tag was not set
- when: openshift_image_tag is not defined
-
- - fail:
- msg: openshift_version role was unable to set openshift_pkg_version
- name: Abort if openshift_pkg_version was not set
- when:
- - openshift_pkg_version is not defined
- - openshift_upgrade_target is not defined
-
-
- - fail:
- msg: "No OpenShift version available; please ensure your systems are fully registered and have access to appropriate yum repositories."
- name: Abort if openshift_pkg_version was not set
- when:
- - not openshift_is_containerized | bool
- - openshift_version == '0.0'
-
- # We can't map an openshift_release to full rpm version like we can with containers; make sure
- # the rpm version we looked up matches the release requested and error out if not.
- - name: For an RPM install, abort when the release requested does not match the available version.
- when:
- - not openshift_is_containerized | bool
- - openshift_release is defined
- assert:
- that:
- - openshift_version.startswith(openshift_release) | bool
- msg: |-
- You requested openshift_release {{ openshift_release }}, which is not matched by
- the latest OpenShift RPM we detected as {{ openshift_service_type }}-{{ openshift_version }}
- on host {{ inventory_hostname }}.
- We will only install the latest RPMs, so please ensure you are getting the release
- you expect. You may need to adjust your Ansible inventory, modify the repositories
- available on the host, or run the appropriate OpenShift upgrade playbook.
-
- # The end result of these three variables is quite important so make sure they are displayed and logged:
- - debug: var=openshift_release
-
- - debug: var=openshift_image_tag
-
- - debug: var=openshift_pkg_version
+# This role is meant to be used with include_role.
diff --git a/roles/openshift_version/tasks/masters_and_nodes.yml b/roles/openshift_version/tasks/masters_and_nodes.yml
new file mode 100644
index 000000000..fbeb22d8b
--- /dev/null
+++ b/roles/openshift_version/tasks/masters_and_nodes.yml
@@ -0,0 +1,39 @@
+---
+# These tasks should only be run against masters and nodes
+
+- block:
+ - name: Check openshift_version for rpm installation
+ include_tasks: check_available_rpms.yml
+ - name: Fail if rpm version and docker image version are different
+ fail:
+ msg: "OCP rpm version {{ openshift_rpm_version }} is different from OCP image version {{ openshift_version }}"
+ # Both versions have the same string representation
+ when: rpm_results.results.versions.available_versions.0 != openshift_version
+ # block when
+ when: not openshift_is_atomic | bool
+
+# We can't map an openshift_release to full rpm version like we can with containers; make sure
+# the rpm version we looked up matches the release requested and error out if not.
+- name: For an RPM install, abort when the release requested does not match the available version.
+ when:
+ - not openshift_is_containerized | bool
+ - openshift_release is defined
+ assert:
+ that:
+ - l_rpm_version.startswith(openshift_release) | bool
+ msg: |-
+ You requested openshift_release {{ openshift_release }}, which is not matched by
+ the latest OpenShift RPM we detected as {{ openshift_service_type }}-{{ l_rpm_version }}
+ on host {{ inventory_hostname }}.
+ We will only install the latest RPMs, so please ensure you are getting the release
+ you expect. You may need to adjust your Ansible inventory, modify the repositories
+ available on the host, or run the appropriate OpenShift upgrade playbook.
+ vars:
+ l_rpm_version: "{{ rpm_results.results.versions.available_versions.0 }}"
+
+# The end result of these three variables is quite important so make sure they are displayed and logged:
+- debug: var=openshift_release
+
+- debug: var=openshift_image_tag
+
+- debug: var=openshift_pkg_version
diff --git a/roles/openshift_version/tasks/set_version_rpm.yml b/roles/openshift_version/tasks/set_version_rpm.yml
deleted file mode 100644
index c7ca5ceae..000000000
--- a/roles/openshift_version/tasks/set_version_rpm.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-- name: Set rpm version to configure if openshift_pkg_version specified
- set_fact:
- # Expects a leading "-" in inventory, strip it off here, and remove trailing release,
- openshift_version: "{{ openshift_pkg_version[1:].split('-')[0] }}"
- when:
- - openshift_pkg_version is defined
- - openshift_version is not defined
-
-- block:
- - name: Get available {{ openshift_service_type}} version
- repoquery:
- name: "{{ openshift_service_type}}"
- ignore_excluders: true
- register: rpm_results
-
- - fail:
- msg: "Package {{ openshift_service_type}} not found"
- when: not rpm_results.results.package_found
-
- - set_fact:
- openshift_version: "{{ rpm_results.results.versions.available_versions.0 | default('0.0', True) }}"
- when:
- - openshift_version is not defined
diff --git a/roles/openshift_web_console/tasks/install.yml b/roles/openshift_web_console/tasks/install.yml
index 8120c13e3..8ee95e36b 100644
--- a/roles/openshift_web_console/tasks/install.yml
+++ b/roles/openshift_web_console/tasks/install.yml
@@ -23,7 +23,6 @@
command: mktemp -d /tmp/console-ansible-XXXXXX
register: mktemp
changed_when: False
- become: no
- name: Copy asset config template to temp directory
copy:
@@ -76,4 +75,3 @@
state: absent
name: "{{ mktemp.stdout }}"
changed_when: False
- become: no
diff --git a/roles/openshift_web_console/tasks/update_asset_config.yml b/roles/openshift_web_console/tasks/update_asset_config.yml
index 36e37e35d..0992b32e1 100644
--- a/roles/openshift_web_console/tasks/update_asset_config.yml
+++ b/roles/openshift_web_console/tasks/update_asset_config.yml
@@ -30,7 +30,6 @@
command: mktemp -d /tmp/console-ansible-XXXXXX
register: mktemp
changed_when: False
- become: no
- name: Copy asset config to temp file
copy:
@@ -55,7 +54,6 @@
state: absent
name: "{{ mktemp.stdout }}"
changed_when: False
- become: no
# There's currently no command to trigger a rollout for a k8s deployment
# without changing the pod spec. Add an annotation to force a rollout after
diff --git a/roles/template_service_broker/tasks/install.yml b/roles/template_service_broker/tasks/install.yml
index 765263db5..604e94602 100644
--- a/roles/template_service_broker/tasks/install.yml
+++ b/roles/template_service_broker/tasks/install.yml
@@ -21,7 +21,6 @@
- command: mktemp -d /tmp/tsb-ansible-XXXXXX
register: mktemp
changed_when: False
- become: no
- copy:
src: "{{ __tsb_files_location }}/{{ item }}"
@@ -86,4 +85,3 @@
state: absent
name: "{{ mktemp.stdout }}"
changed_when: False
- become: no
diff --git a/roles/template_service_broker/tasks/remove.yml b/roles/template_service_broker/tasks/remove.yml
index 8b4d798db..db1b558e4 100644
--- a/roles/template_service_broker/tasks/remove.yml
+++ b/roles/template_service_broker/tasks/remove.yml
@@ -2,7 +2,6 @@
- command: mktemp -d /tmp/tsb-ansible-XXXXXX
register: mktemp
changed_when: False
- become: no
- copy:
src: "{{ __tsb_files_location }}/{{ item }}"
@@ -32,4 +31,3 @@
state: absent
name: "{{ mktemp.stdout }}"
changed_when: False
- become: no
diff --git a/test/tox-inventory.txt b/test/tox-inventory.txt
index 6e57d224b..ed9e946ab 100644
--- a/test/tox-inventory.txt
+++ b/test/tox-inventory.txt
@@ -13,6 +13,7 @@ oo_first_etcd
oo_etcd_hosts_to_backup
oo_etcd_hosts_to_upgrade
oo_etcd_to_migrate
+oo_hosts_containerized_managed_true
oo_masters
oo_masters_to_config
oo_first_master
@@ -103,3 +104,6 @@ localhost
[glusterfs_registry]
localhost
+
+[oo_hosts_containerized_managed_true]
+localhost