diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | .tito/packages/openshift-ansible | 2 | ||||
| -rw-r--r-- | ansible.cfg (renamed from ansible.cfg.example) | 19 | ||||
| -rw-r--r-- | openshift-ansible.spec | 66 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/openshift_hosted.yml | 2 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml | 15 | ||||
| -rw-r--r-- | playbooks/common/openshift-master/restart_hosts.yml | 3 | ||||
| -rw-r--r-- | roles/etcd_server_certificates/tasks/main.yml | 32 | ||||
| -rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 6 | ||||
| -rw-r--r-- | roles/openshift_logging/tasks/install_fluentd.yaml | 4 |
10 files changed, 134 insertions, 16 deletions
diff --git a/.gitignore b/.gitignore index d3fab9f1a..1e187db16 100644 --- a/.gitignore +++ b/.gitignore @@ -16,7 +16,6 @@ gce.ini multi_ec2.yaml .vagrant .tags* -/ansible.cfg *.retry .vscode/* .cache diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index d29838038..3b7826d31 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.5.2-1 ./ +3.5.3-1 ./ diff --git a/ansible.cfg.example b/ansible.cfg index 6a7722ad8..034733684 100644 --- a/ansible.cfg.example +++ b/ansible.cfg @@ -3,15 +3,18 @@ # This config file provides examples for running # the OpenShift playbooks with the provided -# inventory scripts. Only global defaults are -# left uncommented +# inventory scripts. [defaults] -# Add the roles directory to the roles path -roles_path = roles/ - # Set the log_path -log_path = /tmp/ansible.log +#log_path = /tmp/ansible.log + +# Additional default options for OpenShift Ansible +callback_plugins = callback_plugins/ +forks = 20 +host_key_checking = False +retry_files_enabled = False +nocows = True # Uncomment to use the provided BYO inventory #hostfile = inventory/byo/hosts @@ -21,3 +24,7 @@ log_path = /tmp/ansible.log # Uncomment to use the provided AWS dynamic inventory script #hostfile = inventory/aws/ec2.py + +# Additional ssh options for OpenShift Ansible +[ssh_connection] +pipelining = True diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 85675f5f9..9faf3e78e 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.5.2 +Version: 3.5.3 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -253,6 +253,70 @@ Atomic OpenShift Utilities includes %changelog +* Tue Jan 31 2017 Scott Dodson <sdodson@redhat.com> 3.5.3-1 +- Adding bool filter to ensure that we correctly set ops host for fluentd + (ewolinet@redhat.com) +- Set default GCE hostname to shost instance name. (abutcher@redhat.com) +- Fail on Ansible version 2.2.1.0 (rteague@redhat.com) +- During node upgrade upgrade openvswitch rpms (sdodson@redhat.com) +- HTPASSWD_AUTH (tbielawa@redhat.com) +- Added repoquery to lib_utils. (twiest@redhat.com) +- Create v3_5 upgrade playbooks (rteague@redhat.com) +- GCE deployment fails due to invalid lookup (ccoleman@redhat.com) +- Resolving yamllint issues from logging playbooks (ewolinet@redhat.com) +- Updating openshift_hosted_logging to update master-configs with + publicLoggingURL (ewolinet@redhat.com) +- Added oc_serviceaccount to lib_openshift. (twiest@redhat.com) +- Breaking out master-config changing and updated playbook to apply change to + other masters (ewolinet@redhat.com) +- fix negative stride encountered from openshift_logging (jcantril@redhat.com) +- add persistent versions of quickstarts (bparees@redhat.com) +- Fixing docs. Added bugzilla to doc. (kwoodson@redhat.com) +- ensuring ruamel.yaml is on target for oc_scale (ewolinet@redhat.com) +- Updating to correctly pull handler for openshift_logging. Adding logic to + openshift_hosted_logging too (ewolinet@redhat.com) +- Adding names to plays and standardizing (rteague@redhat.com) +- Updating openshift_logging role to add kibana public url to loggingPublicURL + in master-config (ewolinet@redhat.com) +- Only manual scale down being allowed now (ewolinet@redhat.com) +- adopt oc_scale for openshift_metrics role (jcantril@redhat.com) +- fix 1414625. Additional fix to run password commands on control node + (jcantril@redhat.com) +- adopt oc_scale module for openshift_logging role (jcantril@redhat.com) +- Adding fix for when the resource does not exist. Added test cases. + (kwoodson@redhat.com) +- Updating to reuse previous ES DC names and always generate DCs + (ewolinet@redhat.com) +- Correct usage of draining nodes (rteague@redhat.com) +- Fixing fluentd node labelling (ewolinet@redhat.com) +- Fixing linters. (kwoodson@redhat.com) +- Fixing base.py for node and scale. Autogenerated code. (kwoodson@redhat.com) +- Added unit integration tests. Enhanced unit tests. Fixed an issue in + openshift_cmd for namespace. (kwoodson@redhat.com) +- Adding oadm_manage_node to lib_openshift. (kwoodson@redhat.com) +- Fixing namespace param in doc to reflect default value. (kwoodson@redhat.com) +- .gitignore cleanup (rteague@redhat.com) +- Standardize add_host: with name and changed_when (rteague@redhat.com) +- Adding banners. Small bug fix to namespace appending in base. + (kwoodson@redhat.com) +- Comma separate no_proxy host list in openshift_facts so that it appears as a + string everywhere it is used. (abutcher@redhat.com) +- Fixing tests and linting. (kwoodson@redhat.com) +- Adding unit test for oc_scale (kwoodson@redhat.com) +- Adding integration test for oc_scale. (kwoodson@redhat.com) +- Adding oc_scale to lib_openshift. (kwoodson@redhat.com) +- Add 10 second wait after disabling firewalld (sdodson@redhat.com) +- Added oc_secret to lib_openshift. (twiest@redhat.com) +- Remove master_count restriction. (abutcher@redhat.com) +- flake8 mccabe dependency fix (rteague@redhat.com) +- Generate the artifacts from fragments. (tbielawa@redhat.com) +- Update the generators to include fragment banners (tbielawa@redhat.com) +- Make use of AnsibleDumper in openshift_master filters s.t. we can represent + AnsibleUnsafeText when dumping yaml. (abutcher@redhat.com) +- Set metrics url even if metrics_deploy is false + (alberto.rodriguez.peon@cern.ch) +- Template update for Hawkular Metrics 0.23 (mwringe@redhat.com) + * Wed Jan 25 2017 Scott Dodson <sdodson@redhat.com> 3.5.2-1 - Sync latest image streams (sdodson@redhat.com) - Fix containerized haproxy config (andrew@andrewklau.com) diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index 021d19dad..34f1a979b 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -55,4 +55,4 @@ - include_role: name: openshift_hosted_logging tasks_from: update_master_config - when: openshift_hosted_logging_deploy | default(false) | boola + when: openshift_hosted_logging_deploy | default(false) | bool diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml index 5fa74898f..a6a49e5ff 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml @@ -81,6 +81,21 @@ failed_when: false when: openshift.common.is_containerized | bool + - name: Upgrade openvswitch + package: + name: openvswitch + state: latest + register: ovs_pkg + when: inventory_hostname in groups.oo_nodes_to_upgrade and not openshift.common.is_containerized | bool + + - name: Restart openvswitch + systemd: + name: openvswitch + state: restarted + when: + - inventory_hostname in groups.oo_nodes_to_upgrade and not openshift.common.is_containerized | bool + - ovs_pkg | changed + # Mandatory Docker restart, ensure all containerized services are running: - include: docker/restart.yml diff --git a/playbooks/common/openshift-master/restart_hosts.yml b/playbooks/common/openshift-master/restart_hosts.yml index 832301e3d..475144dbf 100644 --- a/playbooks/common/openshift-master/restart_hosts.yml +++ b/playbooks/common/openshift-master/restart_hosts.yml @@ -10,9 +10,10 @@ - name: Wait for master to restart local_action: module: wait_for - host="{{ inventory_hostname }}" + host="{{ ansible_host }}" state=started delay=10 + timeout=600 become: no # Now that ssh is back up we can wait for API on the remote system, diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd_server_certificates/tasks/main.yml index b0fd117ed..1acdf1c85 100644 --- a/roles/etcd_server_certificates/tasks/main.yml +++ b/roles/etcd_server_certificates/tasks/main.yml @@ -142,6 +142,38 @@ dest: "{{ etcd_cert_config_dir }}" when: etcd_server_certs_missing | bool +- name: Create a tarball of the etcd ca certs + command: > + tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_ca_name }}.tgz + -C {{ etcd_ca_dir }} . + args: + creates: "{{ etcd_generated_certs_dir }}/{{ etcd_ca_name }}.tgz" + warn: no + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Retrieve etcd ca cert tarball + fetch: + src: "{{ etcd_generated_certs_dir }}/{{ etcd_ca_name }}.tgz" + dest: "{{ g_etcd_server_mktemp.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Ensure ca directory exists + file: + path: "{{ etcd_ca_dir }}" + state: directory + when: etcd_server_certs_missing | bool + +- name: Unarchive etcd ca cert tarballs + unarchive: + src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_ca_name }}.tgz" + dest: "{{ etcd_ca_dir }}" + when: etcd_server_certs_missing | bool + - name: Delete temporary directory file: name={{ g_etcd_server_mktemp.stdout }} state=absent become: no diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 60c564e5b..7c61da950 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -195,8 +195,7 @@ def hostname_valid(hostname): if (not hostname or hostname.startswith('localhost') or hostname.endswith('localdomain') or - hostname.endswith('novalocal') or - len(hostname.split('.')) < 2): + hostname.endswith('novalocal')): return False return True @@ -332,7 +331,8 @@ def normalize_gce_facts(metadata, facts): facts['network']['ip'] = facts['network']['interfaces'][0]['ips'][0] pub_ip = facts['network']['interfaces'][0]['public_ips'][0] facts['network']['public_ip'] = pub_ip - facts['network']['hostname'] = metadata['instance']['hostname'] + # Split instance hostname from GCE metadata to use the short instance name + facts['network']['hostname'] = metadata['instance']['hostname'].split('.')[0] # TODO: attempt to resolve public_hostname facts['network']['public_hostname'] = facts['network']['public_ip'] diff --git a/roles/openshift_logging/tasks/install_fluentd.yaml b/roles/openshift_logging/tasks/install_fluentd.yaml index 4c510c6e7..35273829c 100644 --- a/roles/openshift_logging/tasks/install_fluentd.yaml +++ b/roles/openshift_logging/tasks/install_fluentd.yaml @@ -1,8 +1,8 @@ --- -- set_fact: fluentd_ops_host={{ (openshift_logging_use_ops) | ternary(openshift_logging_es_ops_host, openshift_logging_es_host) }} +- set_fact: fluentd_ops_host={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_host, openshift_logging_es_host) }} check_mode: no -- set_fact: fluentd_ops_port={{ (openshift_logging_use_ops) | ternary(openshift_logging_es_ops_port, openshift_logging_es_port) }} +- set_fact: fluentd_ops_port={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_port, openshift_logging_es_port) }} check_mode: no - name: Generating Fluentd daemonset |