diff options
36 files changed, 211 insertions, 93 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index ce95728c2..c5214c999 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.9.0-0.25.0 ./ +3.9.0-0.31.0 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 5ad1c9983..f01c923d2 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -10,7 +10,7 @@ Name: openshift-ansible Version: 3.9.0 -Release: 0.25.0%{?dist} +Release: 0.31.0%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -65,9 +65,6 @@ rm -f %{buildroot}%{python_sitelib}/openshift_ansible/gce mkdir -p docs/example-inventories cp inventory/hosts.* inventory/README.md docs/example-inventories/ -# openshift-ansible-files install -cp -rp files %{buildroot}%{_datadir}/ansible/%{name}/ - # openshift-ansible-playbooks install cp -rp playbooks %{buildroot}%{_datadir}/ansible/%{name}/ # remove contiv plabooks @@ -101,7 +98,6 @@ popd %doc README* %license LICENSE %dir %{_datadir}/ansible/%{name} -%{_datadir}/ansible/%{name}/files %{_datadir}/ansible/%{name}/inventory/dynamic %ghost %{_datadir}/ansible/%{name}/playbooks/common/openshift-master/library.rpmmoved @@ -204,6 +200,30 @@ Atomic OpenShift Utilities includes %changelog +* Sat Jan 27 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.31.0 +- removed references to 'files' dir in spec file (dyocum@redhat.com) +- files in ansible roles do not need to have the path specified to them when + referenced by a builtin module, i.e., copy: (dyocum@redhat.com) +- moving files to their correct <role>/files dir for the openshift_web_console + and template_service_broker roles (dyocum@redhat.com) + +* Fri Jan 26 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.30.0 +- Removing dependency on the extra stroage device. (kwoodson@redhat.com) + +* Fri Jan 26 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.29.0 +- Add prometheus annotations to console service (spadgett@redhat.com) +- Add resource requests to console template (spadgett@redhat.com) +- ignore 'users' field in oc_group module (jdiaz@redhat.com) + +* Fri Jan 26 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.28.0 +- Updating deprecations to use callback plugin (ewolinet@redhat.com) +- Run console pods on the master (spadgett@redhat.com) + +* Fri Jan 26 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.26.0 +- docker_image_availability: containerized overrides (lmeyer@redhat.com) +- Remove old assetConfig from master-config.yaml (spadgett@redhat.com) +- Don't emit assetConfig on 3.9 (sdodson@redhat.com) + * Fri Jan 26 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.25.0 - [1502838] Correct certificate alt name parsing (rteague@redhat.com) - sync imagestreams+templates from origin master for v3.9 (bparees@redhat.com) diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml index 869e185af..c8f397186 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml @@ -12,3 +12,5 @@ # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # - import_playbook: ../../../../common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml + +- import_playbook: ../../../../openshift-master/private/restart.yml diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index f790fd98d..de612da21 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -6,7 +6,9 @@ hosts: oo_first_master roles: - role: openshift_web_console - when: openshift_web_console_install | default(true) | bool + when: + - openshift_web_console_install | default(true) | bool + - openshift_upgrade_target is version_compare('3.9','>=') - name: Upgrade default router and default registry hosts: oo_first_master diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml index 1dcc38def..fe1fdefff 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml @@ -25,10 +25,18 @@ openshift_upgrade_target: '3.8' openshift_upgrade_min: '3.7' openshift_release: '3.8' - _requested_pkg_version: "{{openshift_pkg_version if openshift_pkg_version is defined else omit }}" - _requested_image_tag: "{{openshift_image_tag if openshift_image_tag is defined else omit }}" + _requested_pkg_version: "{{ openshift_pkg_version if openshift_pkg_version is defined else omit }}" + _requested_image_tag: "{{ openshift_image_tag if openshift_image_tag is defined else omit }}" + l_double_upgrade_cp: True when: hostvars[groups.oo_first_master.0].openshift_currently_installed_version | version_compare('3.8','<') + - name: set l_force_image_tag_to_version = True + set_fact: + # Need to set this during 3.8 upgrade to ensure image_tag is set correctly + # to match 3.8 version + l_force_image_tag_to_version: True + when: _requested_image_tag is defined + - import_playbook: ../pre/config.yml # These vars a meant to exclude oo_nodes from plays that would otherwise include # them by default. @@ -69,7 +77,20 @@ openshift_upgrade_min: '3.8' openshift_release: '3.9' openshift_pkg_version: "{{ _requested_pkg_version | default ('-3.9*') }}" - openshift_image_tag: "{{ _requested_image_tag | default('v3.9') }}" + # Set the user's specified image_tag for 3.9 upgrade if it was provided. + - set_fact: + openshift_image_tag: "{{ _requested_image_tag }}" + l_force_image_tag_to_version: False + when: _requested_image_tag is defined + # If the user didn't specify an image_tag, we need to force update image_tag + # because it will have already been set during 3.8. If we aren't running + # a double upgrade, then we can preserve image_tag because it will still + # be the user provided value. + - set_fact: + l_force_image_tag_to_version: True + when: + - l_double_upgrade_cp is defined and l_double_upgrade_cp + - _requested_image_tag is not defined - import_playbook: ../pre/config.yml # These vars a meant to exclude oo_nodes from plays that would otherwise include @@ -112,3 +133,9 @@ state: started - import_playbook: ../post_control_plane.yml + +- hosts: oo_masters + tasks: + - import_role: + name: openshift_web_console + tasks_from: remove_old_asset_config diff --git a/playbooks/deploy_cluster.yml b/playbooks/deploy_cluster.yml index 361553ee4..c8e30ddbc 100644 --- a/playbooks/deploy_cluster.yml +++ b/playbooks/deploy_cluster.yml @@ -6,11 +6,3 @@ - import_playbook: openshift-node/private/config.yml - import_playbook: common/private/components.yml - -- name: Print deprecated variable warning message if necessary - hosts: oo_first_master - gather_facts: no - tasks: - - debug: msg="{{__deprecation_message}}" - when: - - __deprecation_message | default ('') | length > 0 diff --git a/playbooks/gcp/openshift-cluster/build_base_image.yml b/playbooks/gcp/openshift-cluster/build_base_image.yml index 75d0ddf9d..8e9b0024a 100644 --- a/playbooks/gcp/openshift-cluster/build_base_image.yml +++ b/playbooks/gcp/openshift-cluster/build_base_image.yml @@ -90,6 +90,8 @@ repo_gpgcheck: no state: present when: ansible_os_family == "RedHat" + - name: Accept GPG keys for the repos + command: yum -q makecache -y --disablerepo='*' --enablerepo='google-cloud,jdetiber-qemu-user-static' - name: Install qemu-user-static package: name: qemu-user-static @@ -121,7 +123,6 @@ with_items: # required by Ansible - PyYAML - - docker - google-compute-engine - google-compute-engine-init - google-config diff --git a/playbooks/openshift-master/private/tasks/wire_aggregator.yml b/playbooks/openshift-master/private/tasks/wire_aggregator.yml index 59e2b515c..cc812c300 100644 --- a/playbooks/openshift-master/private/tasks/wire_aggregator.yml +++ b/playbooks/openshift-master/private/tasks/wire_aggregator.yml @@ -142,11 +142,6 @@ state: absent changed_when: False -- name: Setup extension file for service console UI - template: - src: ../templates/openshift-ansible-catalog-console.js - dest: /etc/origin/master/openshift-ansible-catalog-console.js - - name: Update master config yedit: state: present @@ -166,8 +161,6 @@ value: [X-Remote-Group] - key: authConfig.requestHeader.extraHeaderPrefixes value: [X-Remote-Extra-] - - key: assetConfig.extensionScripts - value: [/etc/origin/master/openshift-ansible-catalog-console.js] - key: kubernetesMasterConfig.apiServerArguments.runtime-config value: [apis/settings.k8s.io/v1alpha1=true] - key: admissionConfig.pluginConfig.PodPreset.configuration.kind @@ -178,37 +171,50 @@ value: false register: yedit_output -#restart master serially here -- name: restart master api - systemd: name={{ openshift_service_type }}-master-api state=restarted - when: - - yedit_output.changed - -# We retry the controllers because the API may not be 100% initialized yet. -- name: restart master controllers - command: "systemctl restart {{ openshift_service_type }}-master-controllers" - retries: 3 - delay: 5 - register: result - until: result.rc == 0 - when: - - yedit_output.changed +# Only add the catalog extension script if not 3.9. From 3.9 on, the console +# can discover if template service broker is running. +- when: not openshift.common.version_gte_3_9 + block: + - name: Setup extension file for service console UI + template: + src: ../templates/openshift-ansible-catalog-console.js + dest: /etc/origin/master/openshift-ansible-catalog-console.js + + - name: Update master config + yedit: + state: present + src: /etc/origin/master/master-config.yaml + key: assetConfig.extensionScripts + value: [/etc/origin/master/openshift-ansible-catalog-console.js] + register: yedit_asset_config_output -- name: Verify API Server - # Using curl here since the uri module requires python-httplib2 and - # wait_for port doesn't provide health information. - command: > - curl --silent --tlsv1.2 - --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {{ openshift.master.api_url }}/healthz/ready - args: - # Disables the following warning: - # Consider using get_url or uri module rather than running curl - warn: no - register: api_available_output - until: api_available_output.stdout == 'ok' - retries: 120 - delay: 1 - changed_when: false - when: - - yedit_output.changed +#restart master serially here +- when: yedit_output.changed or (yedit_asset_config_output is defined and yedit_asset_config_output.changed) + block: + - name: restart master api + systemd: name={{ openshift_service_type }}-master-api state=restarted + + # We retry the controllers because the API may not be 100% initialized yet. + - name: restart master controllers + command: "systemctl restart {{ openshift_service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 + + - name: Verify API Server + # Using curl here since the uri module requires python-httplib2 and + # wait_for port doesn't provide health information. + command: > + curl --silent --tlsv1.2 + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {{ openshift.master.api_url }}/healthz/ready + args: + # Disables the following warning: + # Consider using get_url or uri module rather than running curl + warn: no + register: api_available_output + until: api_available_output.stdout == 'ok' + retries: 120 + delay: 1 + changed_when: false diff --git a/roles/container_runtime/defaults/main.yml b/roles/container_runtime/defaults/main.yml index 8203d15f5..7397e2bec 100644 --- a/roles/container_runtime/defaults/main.yml +++ b/roles/container_runtime/defaults/main.yml @@ -64,7 +64,7 @@ docker_storage_setup_options: root_lv_mount_path: "{{ docker_storage_path }}" docker_storage_extra_options: - "--storage-opt overlay2.override_kernel_check=true" -- "--storage-opt overlay2.size={{ docker_storage_size }}" +- "{{ '--storage-opt overlay2.size=' ~ docker_storage_size if container_runtime_docker_storage_setup_device is defined and container_runtime_docker_storage_setup_device != '' else '' }}" - "--graph={{ docker_storage_path}}" @@ -117,7 +117,7 @@ l_crio_image: "{{ openshift_crio_systemcontainer_image_override | default(l_crio # ----------------------- # l_crt_docker_image_dict: Fedora: "registry.fedoraproject.org/latest/docker" - Centos: "registry.centos.org/projectatomic/docker" + CentOS: "registry.centos.org/projectatomic/docker" RedHat: "registry.access.redhat.com/openshift3/container-engine" openshift_docker_image_tag_default: "latest" diff --git a/roles/container_runtime/templates/docker_storage_setup.j2 b/roles/container_runtime/templates/docker_storage_setup.j2 index b056087e0..ec540ea44 100644 --- a/roles/container_runtime/templates/docker_storage_setup.j2 +++ b/roles/container_runtime/templates/docker_storage_setup.j2 @@ -2,6 +2,7 @@ # /usr/lib/docker-storage-setup/docker-storage-setup. # # For more details refer to "man docker-storage-setup" +{% if container_runtime_docker_storage_setup_device is defined and container_runtime_docker_storage_setup_device != '' %} DEVS={{ container_runtime_docker_storage_setup_device }} VG={{ docker_storage_setup_options.vg }} DATA_SIZE={{ docker_storage_setup_options.data_size }} @@ -9,4 +10,7 @@ STORAGE_DRIVER="{{ docker_storage_setup_options.storage_driver }}" CONTAINER_ROOT_LV_NAME="{{ docker_storage_setup_options.root_lv_name }}" CONTAINER_ROOT_LV_SIZE="{{ docker_storage_setup_options.root_lv_size }}" CONTAINER_ROOT_LV_MOUNT_PATH="{{ docker_storage_setup_options.root_lv_mount_path }}" +{% else %} +STORAGE_DRIVER="{{ docker_storage_setup_options.storage_driver }}" +{% endif %} EXTRA_STORAGE_OPTIONS="{{ docker_storage_extra_options | join(' ') }}" diff --git a/roles/lib_openshift/library/oc_group.py b/roles/lib_openshift/library/oc_group.py index 1b63a6c13..72023eaf7 100644 --- a/roles/lib_openshift/library/oc_group.py +++ b/roles/lib_openshift/library/oc_group.py @@ -1485,7 +1485,7 @@ class OCGroup(OpenShiftCLI): def needs_update(self): ''' verify an update is needed ''' - return not Utils.check_def_equal(self.config.data, self.group.yaml_dict, skip_keys=[], debug=True) + return not Utils.check_def_equal(self.config.data, self.group.yaml_dict, skip_keys=['users'], debug=True) # pylint: disable=too-many-return-statements,too-many-branches @staticmethod diff --git a/roles/lib_openshift/src/class/oc_group.py b/roles/lib_openshift/src/class/oc_group.py index 89fb09ea4..53e6b6766 100644 --- a/roles/lib_openshift/src/class/oc_group.py +++ b/roles/lib_openshift/src/class/oc_group.py @@ -59,7 +59,7 @@ class OCGroup(OpenShiftCLI): def needs_update(self): ''' verify an update is needed ''' - return not Utils.check_def_equal(self.config.data, self.group.yaml_dict, skip_keys=[], debug=True) + return not Utils.check_def_equal(self.config.data, self.group.yaml_dict, skip_keys=['users'], debug=True) # pylint: disable=too-many-return-statements,too-many-branches @staticmethod diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py index d298fbab2..145b82491 100644 --- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py +++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py @@ -171,16 +171,21 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): required.add(self._registry_console_image(image_tag, image_info)) # images for containerized components - if self.get_var("openshift_is_containerized"): - components = set() + def add_var_or_default_img(var_name, comp_name): + """Returns: default image from comp_name, overridden by var_name in task_vars""" + default = "{}/{}:{}".format(image_info["namespace"], comp_name, image_tag) + required.add(self.template_var(self.get_var(var_name, default=default))) + + if self.get_var("openshift_is_containerized", convert=bool): if 'oo_nodes_to_config' in host_groups: - components.update(["node", "openvswitch"]) + add_var_or_default_img("osn_image", "node") + add_var_or_default_img("osn_ovs_image", "openvswitch") if 'oo_masters_to_config' in host_groups: # name is "origin" or "ose" - components.add(image_info["name"]) - for component in components: - required.add("{}/{}:{}".format(image_info["namespace"], component, image_tag)) - if 'oo_etcd_to_config' in host_groups: # special case, note it is the same for origin/enterprise - required.add("registry.access.redhat.com/rhel7/etcd") # and no image tag + add_var_or_default_img("osm_image", image_info["name"]) + if 'oo_etcd_to_config' in host_groups: + # special case, note default is the same for origin/enterprise and has no image tag + etcd_img = self.get_var("osm_etcd_image", default="registry.access.redhat.com/rhel7/etcd") + required.add(self.template_var(etcd_img)) return required diff --git a/roles/openshift_health_checker/test/docker_image_availability_test.py b/roles/openshift_health_checker/test/docker_image_availability_test.py index 9fd6e049d..d31f263dd 100644 --- a/roles/openshift_health_checker/test/docker_image_availability_test.py +++ b/roles/openshift_health_checker/test/docker_image_availability_test.py @@ -276,11 +276,40 @@ def test_registry_console_image(task_vars, expected): assert expected == DockerImageAvailability(task_vars=task_vars)._registry_console_image(tag, info) -def test_containerized_etcd(): - task_vars = dict( +@pytest.mark.parametrize("task_vars, expected", [ + ( + dict( + group_names=['oo_nodes_to_config'], + osn_ovs_image='spam/ovs', + openshift_image_tag="veggs", + ), + set([ + 'spam/ovs', 'openshift/node:veggs', 'cockpit/kubernetes:latest', + 'openshift/origin-haproxy-router:veggs', 'openshift/origin-deployer:veggs', + 'openshift/origin-docker-registry:veggs', 'openshift/origin-pod:veggs', + ]), + ), ( + dict( + group_names=['oo_masters_to_config'], + ), + set(['openshift/origin:latest']), + ), ( + dict( + group_names=['oo_etcd_to_config'], + ), + set(['registry.access.redhat.com/rhel7/etcd']), + ), ( + dict( + group_names=['oo_etcd_to_config'], + osm_etcd_image='spam/etcd', + ), + set(['spam/etcd']), + ), +]) +def test_containerized(task_vars, expected): + task_vars.update(dict( openshift_is_containerized=True, openshift_deployment_type="origin", - group_names=['oo_etcd_to_config'], - ) - expected = set(['registry.access.redhat.com/rhel7/etcd']) + )) + assert expected == DockerImageAvailability(task_vars=task_vars).required_images() diff --git a/roles/openshift_hosted/tasks/registry.yml b/roles/openshift_hosted/tasks/registry.yml index bc4d81eb7..22294e3d4 100644 --- a/roles/openshift_hosted/tasks/registry.yml +++ b/roles/openshift_hosted/tasks/registry.yml @@ -43,7 +43,7 @@ - name: Update registry environment variables when pushing via dns set_fact: - openshift_hosted_registry_env_vars: "{{ openshift_hosted_registry_env_vars | combine({'REGISTRY_OPENSHIFT_SERVER_ADDR':'docker-registry.default.svc:5000'}) }}" + openshift_hosted_registry_env_vars: "{{ openshift_hosted_registry_env_vars | combine({'OPENSHIFT_DEFAULT_REGISTRY':'docker-registry.default.svc:5000'}) }}" when: openshift_push_via_dns | bool - name: Update registry proxy settings for dc/docker-registry diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 3afd8680f..e4883bfa0 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -314,8 +314,8 @@ openshift_logging_install_eventrouter | default(false) | bool -# TODO: Remove when asset config is removed from master-config.yaml - include_tasks: update_master_config.yaml + when: not openshift.common.version_gte_3_9 # Update asset config in openshift-web-console namespace - name: Add Kibana route information to web console asset config diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 14023ea73..4c9ab1864 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -5,6 +5,7 @@ admissionConfig: apiLevels: - v1 apiVersion: v1 +{% if not openshift.common.version_gte_3_9 %} assetConfig: logoutURL: "{{ openshift.master.logout_url | default('') }}" masterPublicURL: {{ openshift.master.public_api_url }} @@ -41,6 +42,8 @@ assetConfig: - {{ cipher_suite }} {% endfor %} {% endif %} +# assetconfig end +{% endif %} {% if openshift.master.audit_config | default(none) is not none %} auditConfig:{{ openshift.master.audit_config | lib_utils_to_padded_yaml(level=1) }} {% endif %} diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml index 0dd5d1621..6b6c21d71 100644 --- a/roles/openshift_metrics/tasks/install_metrics.yaml +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -67,8 +67,8 @@ with_items: "{{ hawkular_agent_object_defs.results }}" when: openshift_metrics_install_hawkular_agent | bool -# TODO: Remove when asset config is removed from master-config.yaml - include_tasks: update_master_config.yaml + when: not openshift.common.version_gte_3_9 # Update asset config in openshift-web-console namespace - name: Add metrics route information to web console asset config diff --git a/roles/openshift_sanitize_inventory/tasks/deprecations.yml b/roles/openshift_sanitize_inventory/tasks/deprecations.yml index 795b8ee60..b1ddbc07a 100644 --- a/roles/openshift_sanitize_inventory/tasks/deprecations.yml +++ b/roles/openshift_sanitize_inventory/tasks/deprecations.yml @@ -2,15 +2,18 @@ - name: Check for usage of deprecated variables set_fact: - __deprecation_message: "{{ __deprecation_message | default([]) }} + ['{{ __deprecation_header }} {{ item }} is a deprecated variable and will be no longer be used in the next minor release. Please update your inventory accordingly.']" + __deprecation_message: "{{ __deprecation_message | default( __deprecation_header ) }} \n\t{{ item }}" when: - hostvars[inventory_hostname][item] is defined with_items: "{{ __warn_deprecated_vars }}" - block: - debug: msg="{{__deprecation_message}}" - - pause: - seconds: "{{ 10 }}" + - run_once: true + set_stats: + data: + installer_phase_initialize: + message: "{{ __deprecation_message }}" when: - __deprecation_message | default ('') | length > 0 diff --git a/roles/openshift_sanitize_inventory/vars/main.yml b/roles/openshift_sanitize_inventory/vars/main.yml index df15948d2..51c6e0a64 100644 --- a/roles/openshift_sanitize_inventory/vars/main.yml +++ b/roles/openshift_sanitize_inventory/vars/main.yml @@ -1,6 +1,6 @@ --- -__deprecation_header: "[DEPRECATION WARNING]:" +__deprecation_header: "[DEPRECATION WARNING]: The following are deprecated variables and will be no longer be used in the next minor release. Please update your inventory accordingly." # this is a list of variables that we will be deprecating within the next minor release, this list should be expected to change from release to release __warn_deprecated_vars: diff --git a/roles/openshift_version/defaults/main.yml b/roles/openshift_version/defaults/main.yml index e2e6538c9..513dff045 100644 --- a/roles/openshift_version/defaults/main.yml +++ b/roles/openshift_version/defaults/main.yml @@ -10,3 +10,4 @@ openshift_service_type: "{{ openshift_service_type_dict[openshift_deployment_typ openshift_use_crio_only: False l_first_master_version_task_file: "{{ openshift_is_containerized | ternary('first_master_containerized_version.yml', 'first_master_rpm_version.yml') }}" +l_force_image_tag_to_version: False diff --git a/roles/openshift_version/tasks/first_master.yml b/roles/openshift_version/tasks/first_master.yml index 374725086..e01a56dc1 100644 --- a/roles/openshift_version/tasks/first_master.yml +++ b/roles/openshift_version/tasks/first_master.yml @@ -24,7 +24,9 @@ - block: - debug: - msg: "openshift_image_tag was not defined. Falling back to v{{ openshift_version }}" + msg: "openshift_image_tag set to v{{ openshift_version }}" - set_fact: openshift_image_tag: v{{ openshift_version }} - when: openshift_image_tag is not defined + when: > + openshift_image_tag is not defined + or l_force_image_tag_to_version | bool diff --git a/roles/openshift_web_console/defaults/main.yml b/roles/openshift_web_console/defaults/main.yml index c747f73a8..627db393a 100644 --- a/roles/openshift_web_console/defaults/main.yml +++ b/roles/openshift_web_console/defaults/main.yml @@ -1,2 +1,2 @@ --- -openshift_web_console_nodeselector: "{{ openshift_hosted_infra_selector | default('region=infra') | map_from_pairs }}" +openshift_web_console_nodeselector: {"node-role.kubernetes.io/master":"true"} diff --git a/files/origin-components/console-config.yaml b/roles/openshift_web_console/files/console-config.yaml index 55c650fbe..55c650fbe 100644 --- a/files/origin-components/console-config.yaml +++ b/roles/openshift_web_console/files/console-config.yaml diff --git a/files/origin-components/console-rbac-template.yaml b/roles/openshift_web_console/files/console-rbac-template.yaml index 9ee117199..9ee117199 100644 --- a/files/origin-components/console-rbac-template.yaml +++ b/roles/openshift_web_console/files/console-rbac-template.yaml diff --git a/files/origin-components/console-template.yaml b/roles/openshift_web_console/files/console-template.yaml index 7bf2d0cf4..547e7a265 100644 --- a/files/origin-components/console-template.yaml +++ b/roles/openshift_web_console/files/console-template.yaml @@ -71,6 +71,10 @@ objects: path: / port: 8443 scheme: HTTPS + resources: + requests: + cpu: 100m + memory: 100Mi nodeSelector: "${{NODE_SELECTOR}}" volumes: - name: serving-cert @@ -112,6 +116,8 @@ objects: app: openshift-web-console annotations: service.alpha.openshift.io/serving-cert-secret-name: webconsole-serving-cert + prometheus.io/scrape: "true" + prometheus.io/scheme: https spec: selector: webconsole: "true" diff --git a/roles/openshift_web_console/tasks/install.yml b/roles/openshift_web_console/tasks/install.yml index cc5eef47d..ff33338a6 100644 --- a/roles/openshift_web_console/tasks/install.yml +++ b/roles/openshift_web_console/tasks/install.yml @@ -33,7 +33,7 @@ - name: Copy web console templates to temp directory copy: - src: "{{ __console_files_location }}/{{ item }}" + src: "{{ item }}" dest: "{{ mktemp.stdout }}/{{ item }}" with_items: - "{{ __console_template_file }}" diff --git a/roles/openshift_web_console/tasks/remove_old_asset_config.yml b/roles/openshift_web_console/tasks/remove_old_asset_config.yml new file mode 100644 index 000000000..34158150c --- /dev/null +++ b/roles/openshift_web_console/tasks/remove_old_asset_config.yml @@ -0,0 +1,19 @@ +--- +# Remove the obsolete assetConfig stanza from master-config.yaml. Since the +# web console has been split out into a separate deployment, those settings +# are no longer used. +- name: Remove assetConfig from master-config.yaml + yedit: + state: absent + src: "{{ openshift.common.config_base }}/master/master-config.yaml" + key: assetConfig + +# This file was written by wire_aggregator.yml. It is no longer needed since +# the web console now discovers if the template service broker is running on +# startup. Remove the file if it exists. +- name: Remove obsolete web console / service catalog extension file + file: + state: absent + # Hard-code the path instead of using `openshift.common.config_base` since + # the path is hard-coded in wire_aggregator.yml. + path: /etc/origin/master/openshift-ansible-catalog-console.js diff --git a/roles/openshift_web_console/vars/main.yml b/roles/openshift_web_console/vars/main.yml index e91048e38..72bff5d01 100644 --- a/roles/openshift_web_console/vars/main.yml +++ b/roles/openshift_web_console/vars/main.yml @@ -1,6 +1,4 @@ --- -__console_files_location: "../../../files/origin-components/" - __console_template_file: "console-template.yaml" __console_rbac_file: "console-rbac-template.yaml" __console_config_file: "console-config.yaml" diff --git a/files/origin-components/apiserver-config.yaml b/roles/template_service_broker/files/apiserver-config.yaml index e4048d1da..e4048d1da 100644 --- a/files/origin-components/apiserver-config.yaml +++ b/roles/template_service_broker/files/apiserver-config.yaml diff --git a/files/origin-components/apiserver-template.yaml b/roles/template_service_broker/files/apiserver-template.yaml index 4dd9395d0..4dd9395d0 100644 --- a/files/origin-components/apiserver-template.yaml +++ b/roles/template_service_broker/files/apiserver-template.yaml diff --git a/files/origin-components/rbac-template.yaml b/roles/template_service_broker/files/rbac-template.yaml index 0937a9065..0937a9065 100644 --- a/files/origin-components/rbac-template.yaml +++ b/roles/template_service_broker/files/rbac-template.yaml diff --git a/files/origin-components/template-service-broker-registration.yaml b/roles/template_service_broker/files/template-service-broker-registration.yaml index 95fb72924..95fb72924 100644 --- a/files/origin-components/template-service-broker-registration.yaml +++ b/roles/template_service_broker/files/template-service-broker-registration.yaml diff --git a/roles/template_service_broker/tasks/install.yml b/roles/template_service_broker/tasks/install.yml index 4e6ad2ae5..d0a07c48d 100644 --- a/roles/template_service_broker/tasks/install.yml +++ b/roles/template_service_broker/tasks/install.yml @@ -28,7 +28,7 @@ changed_when: false - copy: - src: "{{ __tsb_files_location }}/{{ item }}" + src: "{{ item }}" dest: "{{ mktemp.stdout }}/{{ item }}" with_items: - "{{ __tsb_template_file }}" diff --git a/roles/template_service_broker/tasks/remove.yml b/roles/template_service_broker/tasks/remove.yml index 48dc1327e..b46dd4771 100644 --- a/roles/template_service_broker/tasks/remove.yml +++ b/roles/template_service_broker/tasks/remove.yml @@ -9,7 +9,7 @@ changed_when: false - copy: - src: "{{ __tsb_files_location }}/{{ item }}" + src: "{{ item }}" dest: "{{ mktemp.stdout }}/{{ item }}" with_items: - "{{ __tsb_template_file }}" diff --git a/roles/template_service_broker/vars/main.yml b/roles/template_service_broker/vars/main.yml index a65340f16..7dec24a79 100644 --- a/roles/template_service_broker/vars/main.yml +++ b/roles/template_service_broker/vars/main.yml @@ -1,6 +1,4 @@ --- -__tsb_files_location: "../../../files/origin-components/" - __tsb_template_file: "apiserver-template.yaml" __tsb_config_file: "apiserver-config.yaml" __tsb_rbac_file: "rbac-template.yaml" |