diff options
33 files changed, 318 insertions, 170 deletions
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index b81c3bf7f..7510975f2 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -881,14 +881,13 @@ class FilterModule(object): """ if not isinstance(version, basestring): raise errors.AnsibleFilterError("|failed expects a string or unicode") - # TODO: Do we need to make this actually convert v1.2.0-rc1 into 1.2.0-0.rc1 - # We'd need to be really strict about how we build the RPM Version+Release if version.startswith("v"): - version = version.replace("v", "") + version = version[1:] + # Strip release from requested version, we no longer support this. version = version.split('-')[0] - if include_dash: - version = "-" + version + if include_dash and version and not version.startswith("-"): + version = "-" + version return version diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 5fec11541..5cf5df08e 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -5,6 +5,8 @@ - include: validate_hostnames.yml +- include: initialize_openshift_version.yml + - name: Set oo_options hosts: oo_all_hosts tasks: diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml new file mode 100644 index 000000000..972df050c --- /dev/null +++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml @@ -0,0 +1,29 @@ +--- +# NOTE: requires openshift_facts be run +- name: Determine openshift_version to configure on first master + hosts: oo_first_master + roles: + - openshift_version + pre_tasks: + - debug: var=openshift_version + post_tasks: + - debug: var=openshift_version + +# NOTE: We set this even on etcd hosts as they may also later run as masters, +# and we don't want to install wrong version of docker and have to downgrade +# later. +- name: Set openshift_version for all hosts + hosts: oo_all_hosts:!oo_first_master + vars: + openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}" + roles: + - openshift_version + pre_tasks: + - debug: var=hostvars[groups.oo_first_master.0].openshift_version + - debug: var=openshift.common.version + - debug: var=openshift_version + post_tasks: + - debug: var=hostvars[groups.oo_first_master.0].openshift_version + - debug: var=openshift.common.version + - debug: var=openshift_version + diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml index 6bff16674..c2847e163 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -22,10 +22,10 @@ ############################################################################### # Pre-upgrade checks ############################################################################### -- name: Verify upgrade can proceed +- name: Verify upgrade can proceed on first master hosts: oo_first_master vars: - target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" + target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" g_pacemaker_upgrade_url_segment: "{{ 'org/latest' if deployment_type =='origin' else '.com/enterprise/3.1' }}" gather_facts: no tasks: @@ -41,6 +41,11 @@ https://docs.openshift.{{ g_pacemaker_upgrade_url_segment }}/install_config/upgrading/pacemaker_to_native_ha.html when: openshift.master.cluster_method is defined and openshift.master.cluster_method == 'pacemaker' + # Error out in situations where the user has older versions specified in their + # inventory in any of the openshift_release, openshift_image_tag, and + # openshift_pkg_version variables. These must be removed or updated to proceed + # with upgrade. + # TODO: Should we block if you're *over* the next major release version as well? - fail: msg: > openshift_pkg_version is {{ openshift_pkg_version }} which is not a @@ -53,6 +58,21 @@ valid version for a {{ target_version }} upgrade when: openshift_image_tag is defined and openshift_image_tag.split('v',1).1 | version_compare(target_version ,'<') + - fail: + msg: > + openshift_release is {{ openshift_release }} which is not a + valid release for a {{ target_version }} upgrade + when: openshift_release is defined and not openshift_release | version_compare(target_version ,'=') + +- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml + vars: + # Request openshift_release 3.2 and let the openshift_version role handle converting this + # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if + # defined, and overriding the normal behavior of protecting the installed version + openshift_release: "3.2" + openshift_protect_installed_version: False + upgrading: true + - name: Verify master processes hosts: oo_masters_to_config roles: @@ -88,6 +108,7 @@ hosts: oo_nodes_to_config roles: - openshift_facts + - openshift_docker_facts tasks: - name: Ensure Node is running service: @@ -99,19 +120,17 @@ - name: Verify upgrade targets hosts: oo_masters_to_config:oo_nodes_to_config vars: - target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" + target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" - upgrading: True - handlers: - - include: ../../../../../roles/openshift_master/handlers/main.yml - - include: ../../../../../roles/openshift_node/handlers/main.yml - roles: - # We want the cli role to evaluate so that the containerized oc/oadm wrappers - # are modified to use the correct image tag. However, this can trigger a - # docker restart if new configuration is laid down which would immediately - # pull the latest image and defeat the purpose of these tasks. - - { role: openshift_cli } pre_tasks: + - fail: + msg: Verify OpenShift is already installed + when: openshift.common.version is not defined + + - fail: + msg: Verify the correct version was found + when: verify_upgrade_version is defined and openshift_version != verify_upgrade_version + - name: Clean package cache command: "{{ ansible_pkg_mgr }} clean all" when: not openshift.common.is_atomic | bool @@ -120,58 +139,17 @@ g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}" when: not openshift.common.is_containerized | bool - - name: Determine available versions - script: ../files/rpm_versions.sh {{ g_new_service_name }} - register: g_rpm_versions_result - when: not openshift.common.is_containerized | bool - - - set_fact: - g_aos_versions: "{{ g_rpm_versions_result.stdout | from_yaml }}" - when: not openshift.common.is_containerized | bool - - - name: Determine available versions - script: ../files/openshift_container_versions.sh {{ openshift.common.service_type }} - register: g_containerized_versions_result - when: openshift.common.is_containerized | bool - - - set_fact: - g_aos_versions: "{{ g_containerized_versions_result.stdout | from_yaml }}" + - name: Verify containers are available for upgrade + command: > + docker pull {{ openshift.common.cli_image }}:v{{ openshift_version }} when: openshift.common.is_containerized | bool - - set_fact: - g_new_version: "{{ g_aos_versions.curr_version.split('-', 1).0 if g_aos_versions.avail_version is none else g_aos_versions.avail_version.split('-', 1).0 }}" - when: openshift_pkg_version is not defined - - - set_fact: - g_new_version: "{{ openshift_pkg_version | replace('-','') }}" - when: openshift_pkg_version is defined - - - set_fact: - g_new_version: "{{ openshift_image_tag | replace('v','') }}" - when: openshift_image_tag is defined - - - fail: - msg: Verifying the correct version was found - when: g_aos_versions.curr_version == "" - - - fail: - msg: Verifying the correct version was found - when: verify_upgrade_version is defined and g_new_version != verify_upgrade_version - - - include_vars: ../../../../../roles/openshift_master/vars/main.yml - when: inventory_hostname in groups.oo_masters_to_config - - - name: Update systemd units - include: ../../../../../roles/openshift_master/tasks/systemd_units.yml openshift_version=v{{ g_new_version }} - when: inventory_hostname in groups.oo_masters_to_config - - - include_vars: ../../../../../roles/openshift_node/vars/main.yml - when: inventory_hostname in groups.oo_nodes_to_config - - - name: Update systemd units - include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version=v{{ g_new_version }} - when: inventory_hostname in groups.oo_nodes_to_config + - name: Verify RPMs are available for upgrade + command: > + yum list available -e 0 -q "{{ g_new_service_name }}" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ') + when: not openshift.common.is_containerized | bool + # TODO: Are these two grep checks necessary anymore? # Note: the version number is hardcoded here in hopes of catching potential # bugs in how g_aos_versions.curr_version is set - name: Verifying the correct version is installed for upgrade @@ -186,19 +164,15 @@ with_items: - /etc/systemd/system/openvswitch.service - /etc/systemd/system/{{ openshift.common.service_type }}*.service - when: openshift.common.is_containerized | bool - - - fail: - msg: This playbook requires Origin 1.1 or later - when: deployment_type == 'origin' and g_aos_versions.curr_version | version_compare('1.1','<') + when: openshift.common.is_containerized | bool and verify_upgrade_version is defined - fail: - msg: This playbook requires Atomic Enterprise Platform/OpenShift Enterprise 3.1 or later - when: deployment_type == 'atomic-openshift' and g_aos_versions.curr_version | version_compare('3.1','<') + msg: This upgrade playbook must be run on Origin 1.1 or later + when: deployment_type == 'origin' and openshift.common.version | version_compare('1.1','<') - fail: - msg: Upgrade packages not found - when: openshift_image_tag is not defined and (g_aos_versions.avail_version | default(g_aos_versions.curr_version, true) | version_compare(target_version, '<')) + msg: This upgrade playbook must be run on OpenShift Enterprise 3.1 or later + when: deployment_type == 'atomic-openshift' and openshift.common.version | version_compare('3.1','<') - name: Determine available Docker script: ../files/rpm_versions.sh docker @@ -218,6 +192,7 @@ g_docker_version: "{{ g_atomic_docker_version_result.stdout | from_yaml }}" when: openshift.common.is_atomic | bool + # TODO: Update to 1.10 once branch merges - fail: msg: This playbook requires access to Docker 1.9 or later when: g_docker_version.avail_version | default(g_docker_version.curr_version, true) | version_compare('1.9','<') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 0ca148169..5e57cdeef 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -310,7 +310,7 @@ with_items: openshift_master_named_certificates when: named_certs_specified | bool -- name: Configure master instances +- name: Configure masters hosts: oo_masters_to_config any_errors_fatal: true serial: 1 @@ -326,7 +326,7 @@ | union(groups['oo_etcd_to_config'] | default([]))) | oo_collect('openshift.common.hostname') | default([]) | join (',') }}" - when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and openshift_generate_no_proxy_hosts | default(True) | bool }}" pre_tasks: - name: Ensure certificate directory exists diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index b3491ef8d..bffac0e56 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -121,7 +121,7 @@ | union(groups['oo_etcd_to_config'] | default([]))) | oo_collect('openshift.common.hostname') | default([]) | join (',') }}" - when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - openshift_node @@ -137,7 +137,7 @@ | union(groups['oo_etcd_to_config'] | default([]))) | oo_collect('openshift.common.hostname') | default([]) | join (',') }}" - when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - openshift_node diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml new file mode 100644 index 000000000..cd72a4e21 --- /dev/null +++ b/roles/openshift_ca/tasks/main.yml @@ -0,0 +1,53 @@ +--- +- fail: + msg: "openshift_ca_host variable must be defined for this role" + when: openshift_ca_host is not defined + +- name: Install the base package for admin tooling + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" + when: not openshift.common.is_containerized | bool + register: install_result + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Reload generated facts + openshift_facts: + when: install_result | changed + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Create openshift_ca_config_dir if it does not exist + file: + path: "{{ openshift_ca_config_dir }}" + state: directory + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Determine if CA must be created + stat: + path: "{{ openshift_ca_config_dir }}/{{ item }}" + register: g_master_ca_stat_result + with_items: + - ca.crt + - ca.key + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- set_fact: + master_ca_missing: "{{ False in (g_master_ca_stat_result.results + | oo_collect(attribute='stat.exists') + | list) }}" + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Create the master certificates if they do not already exist + command: > + {{ openshift.common.admin_binary }} create-master-certs + --hostnames={{ openshift_master_hostnames | join(',') }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.public_api_url }} + --cert-dir={{ openshift_ca_config_dir }} + --overwrite=false + when: hostvars[openshift_ca_host].master_ca_missing | bool + delegate_to: "{{ openshift_ca_host }}" + run_once: true diff --git a/roles/openshift_cli/defaults/main.yml b/roles/openshift_cli/defaults/main.yml index 7baa87ab8..ed97d539c 100644 --- a/roles/openshift_cli/defaults/main.yml +++ b/roles/openshift_cli/defaults/main.yml @@ -1,2 +1 @@ --- -openshift_version: "{{ openshift_image_tag | default(openshift.docker.openshift_image_tag | default('')) }}" diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index c0a712513..cdd0564c7 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -1,11 +1,15 @@ --- +- debug: var=openshift_version +- debug: var=openshift.common + - name: Install clients action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-clients state=present" when: not openshift.common.is_containerized | bool +# TODO: handle no openshift_version set? - name: Pull CLI Image command: > - docker pull {{ openshift.common.cli_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} + docker pull {{ openshift.common.cli_image }}{{ ':v' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} when: openshift.common.is_containerized | bool - name: Create /usr/local/bin/openshift cli wrapper @@ -25,3 +29,7 @@ - /usr/local/bin/oc - /usr/local/bin/kubectl when: openshift.common.is_containerized | bool + +- name: Reload facts to pick up installed OpenShift version + openshift_facts: + diff --git a/roles/openshift_cli/templates/openshift.j2 b/roles/openshift_cli/templates/openshift.j2 index 8a3f3a257..1c82e02a2 100644 --- a/roles/openshift_cli/templates/openshift.j2 +++ b/roles/openshift_cli/templates/openshift.j2 @@ -5,7 +5,7 @@ fi cmd=`basename $0` user=`id -u` group=`id -g` -image_tag="{{ openshift_version }}" +image_tag="v{{ openshift_version }}" >&2 echo """ ================================================================================ diff --git a/roles/openshift_common/defaults/main.yml b/roles/openshift_common/defaults/main.yml index e46af70c7..267c03605 100644 --- a/roles/openshift_common/defaults/main.yml +++ b/roles/openshift_common/defaults/main.yml @@ -1,4 +1,3 @@ --- openshift_cluster_id: 'default' openshift_debug_level: 2 -openshift_version: "{{ openshift_pkg_version | default('') }}" diff --git a/roles/openshift_common/meta/main.yml b/roles/openshift_common/meta/main.yml index f1cf3e161..cd8c75ec5 100644 --- a/roles/openshift_common/meta/main.yml +++ b/roles/openshift_common/meta/main.yml @@ -14,3 +14,4 @@ galaxy_info: dependencies: - role: openshift_facts - role: openshift_repos +- role: openshift_version diff --git a/roles/openshift_docker/meta/main.yml b/roles/openshift_docker/meta/main.yml index d98f953ea..c1a6611d1 100644 --- a/roles/openshift_docker/meta/main.yml +++ b/roles/openshift_docker/meta/main.yml @@ -12,6 +12,4 @@ galaxy_info: categories: - cloud dependencies: -- role: openshift_repos -- role: openshift_docker_facts -- role: docker +- role: openshift_version diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml index 9c5887f76..ed97d539c 100644 --- a/roles/openshift_docker/tasks/main.yml +++ b/roles/openshift_docker/tasks/main.yml @@ -1,41 +1 @@ --- -# It's important that we don't explicitly pull this image here. Otherwise we -# could result in upgrading a preinstalled environment. We'll have to set -# openshift_image_tag correctly for upgrades. -- set_fact: - is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}" - # Does the host already have an image tag fact, used to determine if it's a new node - # in non-upgrade scenarios: - has_image_tag_fact: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag is defined }}" - -- name: Set version when containerized - command: > - docker run --rm {{ openshift.common.cli_image }} version - register: cli_image_version - when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool) - -# Use the pre-existing image tag from system facts if present, and we're not upgrading. -# Ignores explicit openshift_image_tag if it's in the inventory, as this isn't an upgrade. -- set_fact: - l_image_tag: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag }}" - when: is_containerized | bool and not upgrading | bool and has_image_tag_fact | bool - -- set_fact: - l_image_tag: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-') if openshift.common.deployment_type == 'origin' else - cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0] }}" - when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool) - -- set_fact: - l_image_tag: "{{ openshift_image_tag }}" - when: is_containerized | bool and openshift_image_tag is defined and (upgrading | bool or not has_image_tag_fact | bool) - -- name: Set post docker install facts - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: docker - local_facts: - openshift_image_tag: "{{ l_image_tag | default(None) }}" - openshift_version: "{{ l_image_tag.split('-')[0] | oo_image_tag_to_rpm_version if l_image_tag is defined else '' }}" - when: is_containerized | bool diff --git a/roles/openshift_docker_facts/defaults/main.yml b/roles/openshift_docker_facts/defaults/main.yml index 7baa87ab8..ed97d539c 100644 --- a/roles/openshift_docker_facts/defaults/main.yml +++ b/roles/openshift_docker_facts/defaults/main.yml @@ -1,2 +1 @@ --- -openshift_version: "{{ openshift_image_tag | default(openshift.docker.openshift_image_tag | default('')) }}" diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index cdea90413..2e68809ca 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -38,22 +38,3 @@ - set_fact: docker_options: "{{ openshift.docker.options | default(omit) }}" when: not openshift.docker.hosted_registry_insecure | default(False) | bool - -# Avoid docker 1.9 when installing origin < 1.2 or OSE < 3.2 on RHEL/Centos and -# See: https://bugzilla.redhat.com/show_bug.cgi?id=1304038 -- name: Gather common package version - command: > - {{ repoquery_cmd }} --qf '%{version}' "{{ openshift.common.service_type}}" - register: common_version - failed_when: false - changed_when: false - when: not openshift.common.is_containerized | bool - -- set_fact: - l_common_version: "{{ openshift_version | default('0.0', True) | oo_image_tag_to_rpm_version }}" - when: openshift.common.is_containerized | bool - -- set_fact: - l_common_version: "{{ common_version.stdout | default('0.0', True) }}" - when: not openshift.common.is_containerized | bool - diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 2f8af2454..9d7705af7 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -826,7 +826,7 @@ def set_version_facts_if_unset(facts): if 'common' in facts: deployment_type = facts['common']['deployment_type'] version = get_openshift_version(facts) - if version is not None: + if version: facts['common']['version'] = version if deployment_type == 'origin': version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('1.1.0') @@ -1133,18 +1133,27 @@ def get_openshift_version(facts): if os.path.isfile('/usr/bin/openshift'): _, output, _ = module.run_command(['/usr/bin/openshift', 'version']) version = parse_openshift_version(output) - - # openshift_facts runs before openshift_docker_facts. However, it will be - # called again and set properly throughout the playbook run. This could be - # refactored to simply set the openshift.common.version in the - # openshift_docker_facts role but it would take reworking some assumptions - # on how get_openshift_version is called. - if 'is_containerized' in facts['common'] and safe_get_bool(facts['common']['is_containerized']): - if 'docker' in facts and 'openshift_version' in facts['docker']: - version = facts['docker']['openshift_version'] + elif os.path.isfile('/usr/local/bin/openshift'): + # TODO: this should probably make sure the actual image is already present, this can take awhile if it has to pull + # and is falsely acting like openshift is already installed + _, output, _ = module.run_command(['/usr/local/bin/openshift', 'version']) + version = parse_openshift_version(output) + elif 'node' in facts and 'common' in facts and 'is_containerized' in facts['common']: + version = get_containerized_node_openshift_version(facts) return version +def get_containerized_node_openshift_version(facts): + node_svc = "%s-node" % facts['common']['service_type'] + rc, _, _ = module.run_command(['systemctl', 'is-active', node_svc]) + if rc > 0: + # Node service not running or doesn't exist: + return None + # Node service running, exec in and get the version: + _, output, _ = module.run_command(['docker', 'exec', '-ti', node_svc, 'openshift', 'version']) + return parse_openshift_version(output) + + def parse_openshift_version(output): """ Apply provider facts to supplied facts dict @@ -1154,7 +1163,11 @@ def parse_openshift_version(output): string: the version number """ versions = dict(e.split(' v') for e in output.splitlines() if ' v' in e) - return versions.get('openshift', '') + ver = versions.get('openshift', '') + # Remove trailing build number and commit hash from older versions, we need to return a straight + # w.x.y.z version here for use as openshift_version throughout the playbooks/roles. (i.e. 3.1.1.6-64-g80b61da) + ver = ver.split('-')[0] + return ver def apply_provider_facts(facts, provider_facts): diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index ca1a9b1e4..c67f6b86a 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -41,3 +41,4 @@ no_proxy: "{{ openshift_no_proxy | default(None) }}" generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}" + version_requested: "{{ openshift_version | default(None) }}" diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index dbd62c80f..14a1daf6c 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -1,4 +1,4 @@ --- openshift_node_ips: [] # TODO: update setting these values based on the facts -openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}" +#openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 28faee155..6b3893570 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -1,6 +1,7 @@ --- # TODO: add ability to configure certificates given either a local file to # point to or certificate contents, set in default cert locations. +- debug: var=openshift_version # Authentication Variable Validation # TODO: validate the different identity provider kinds as well @@ -29,7 +30,7 @@ - name: Pull master image command: > - docker pull {{ openshift.master.master_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} + docker pull {{ openshift.master.master_image }}{{ ':v' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} when: openshift.common.is_containerized | bool - name: Create openshift.common.data_dir diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 026787421..ba2974476 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -1,7 +1,7 @@ OPTIONS=--loglevel={{ openshift.master.debug_level }} CONFIG_FILE={{ openshift_master_config_file }} {% if openshift.common.is_containerized | bool %} -IMAGE_VERSION={{ openshift_version }} +IMAGE_VERSION=v{{ openshift_version }} {% endif %} {% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 02c22e374..36e4446b9 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -1,7 +1,7 @@ OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }} CONFIG_FILE={{ openshift_master_config_file }} {% if openshift.common.is_containerized | bool %} -IMAGE_VERSION={{ openshift_version }} +IMAGE_VERSION=v{{ openshift_version }} {% endif %} {% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 644640577..ca3ae0ef8 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -1,7 +1,7 @@ OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }} CONFIG_FILE={{ openshift_master_config_file }} {% if openshift.common.is_containerized | bool %} -IMAGE_VERSION={{ openshift_version }} +IMAGE_VERSION=v{{ openshift_version }} {% endif %} {% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 4b7ef1d84..613aecc38 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -1,6 +1,9 @@ --- + +- debug: msg="{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + - name: Install the base package for admin tooling - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version }} state=present" + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: not openshift.common.is_containerized | bool register: install_result diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml index b35339b18..1f6af808c 100644 --- a/roles/openshift_master_ca/vars/main.yml +++ b/roles/openshift_master_ca/vars/main.yml @@ -3,4 +3,3 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" -openshift_version: "{{ openshift_pkg_version | default('') }}" diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index efff5d6cd..fffbf2994 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,2 +1,15 @@ --- -openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}" +os_firewall_allow: +- service: Kubernetes kubelet + port: 10250/tcp +- service: http + port: 80/tcp +- service: https + port: 443/tcp +- service: Openshift kubelet ReadOnlyPort + port: 10255/tcp +- service: Openshift kubelet ReadOnlyPort udp + port: 10255/udp +- service: OpenShift OVS sdn + port: 4789/udp + when: openshift.node.use_openshift_sdn | bool diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 657e99e87..36f69645f 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -1,4 +1,5 @@ --- +- debug: var=openshift_version # TODO: allow for overriding default ports where possible - fail: msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." @@ -39,12 +40,12 @@ - name: Pull node image command: > - docker pull {{ openshift.node.node_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} + docker pull {{ openshift.node.node_image }}{{ ':v' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} when: openshift.common.is_containerized | bool - name: Pull OpenVSwitch image command: > - docker pull {{ openshift.node.ovs_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} + docker pull {{ openshift.node.ovs_image }}{{ ':v' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool - name: Install the systemd units diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index e2a268260..0117a5a02 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -44,6 +44,6 @@ - regex: '^CONFIG_FILE=' line: "CONFIG_FILE={{ openshift_node_config_file }}" - regex: '^IMAGE_VERSION=' - line: "IMAGE_VERSION={{ openshift_version }}" + line: "IMAGE_VERSION=v{{ openshift_version }}" notify: - restart node diff --git a/roles/openshift_node/templates/openvswitch.sysconfig.j2 b/roles/openshift_node/templates/openvswitch.sysconfig.j2 index 1f8c20e07..53163b359 100644 --- a/roles/openshift_node/templates/openvswitch.sysconfig.j2 +++ b/roles/openshift_node/templates/openvswitch.sysconfig.j2 @@ -1 +1 @@ -IMAGE_VERSION={{ openshift_version }} +IMAGE_VERSION=v{{ openshift_version }} diff --git a/roles/openshift_version/meta/main.yml b/roles/openshift_version/meta/main.yml new file mode 100644 index 000000000..8142fe823 --- /dev/null +++ b/roles/openshift_version/meta/main.yml @@ -0,0 +1,17 @@ +--- +galaxy_info: + author: Devan Goodwin + description: Determines the version of OpenShift to install or upgrade to + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_repos +- role: openshift_docker_facts +- role: docker diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml new file mode 100644 index 000000000..29724a9e5 --- /dev/null +++ b/roles/openshift_version/tasks/main.yml @@ -0,0 +1,38 @@ +--- +# Determine the openshift_version to configure if none has been specified or set previously. + +- set_fact: + is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}" + +# Make sure we copy this to a fact if given a var: +- set_fact: + openshift_version: "{{ openshift_version }}" + when: openshift_version is defined + +- debug: var=openshift_version +- debug: var=openshift_release +- debug: var=openshift_pkg_version +- debug: var=openshift_image_tag + +# Protect the installed version by default unless explicitly told not to, or given an +# openshift_version already. +- name: Use openshift.common.version fact as version to configure if already installed + set_fact: + openshift_version: "{{ openshift.common.version }}" + when: openshift.common.version is defined and openshift_version is not defined and openshift_protect_installed_version + +- name: Set openshift_version for rpm installation + include: set_version_rpm.yml + when: not is_containerized + +- name: Set openshift_version for containerized installation + include: set_version_containerized.yml + when: is_containerized + +- debug: var=openshift_version + +# At this point we know openshift_version is set appropriately. Now we set +# openshift_image_tag and openshift_pkg_version, so all roles can always assume +# each of this variables *will* be set correctly and can use them per their +# intended purpose. + diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml new file mode 100644 index 000000000..fc15b2d35 --- /dev/null +++ b/roles/openshift_version/tasks/set_version_containerized.yml @@ -0,0 +1,37 @@ +--- +- name: Set containerized version to configure if openshift_image_tag specified + set_fact: + openshift_version: "{{ openshift_image_tag.split('v',1)[1] }}" + when: openshift_image_tag is defined and openshift_version is not defined + +- name: Set containerized version to configure if openshift_release specified + set_fact: + openshift_version: "{{ openshift_release }}" + when: openshift_release is defined and openshift_version is not defined + +- name: Lookup latest containerized version if no version specified + command: > + docker run --rm {{ openshift.common.cli_image }}:latest version + register: cli_image_version + when: openshift_version is not defined + +- debug: var=cli_image_version + +- set_fact: + openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" + when: openshift_version is not defined + +- debug: msg="{{ openshift_version }}" + +# If we got an openshift_version like "3.2", lookup the latest 3.2 container version +# and use that value instead. +- name: Set precise containerized version to configure if openshift_release specified + command: > + docker run --rm {{ openshift.common.cli_image }}:v{{ openshift_version }} version + register: cli_image_version + when: openshift_version is defined and openshift_version.split('.') | length == 2 + +- set_fact: + openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" + when: openshift_version is defined and openshift_version.split('.') | length == 2 + diff --git a/roles/openshift_version/tasks/set_version_rpm.yml b/roles/openshift_version/tasks/set_version_rpm.yml new file mode 100644 index 000000000..bcf275135 --- /dev/null +++ b/roles/openshift_version/tasks/set_version_rpm.yml @@ -0,0 +1,22 @@ +--- +# TODO: support openshift_release here? +- name: Set rpm version to configure if openshift_pkg_version specified + set_fact: + # Expects a leading "-" in inventory, strip it off here, and ignore a trailing release, + # openshift_version should always just be "3.2" or "3.2.0.44" + openshift_version: "{{ openshift_pkg_version[1:].split('-')[0] }}" + when: openshift_pkg_version is defined and openshift_version is not defined + +- name: Gather common package version + command: > + {{ repoquery_cmd }} --qf '%{version}' "{{ openshift.common.service_type}}" + register: common_version + failed_when: false + changed_when: false + when: openshift_version is not defined + +- debug: var=common_version + +- set_fact: + openshift_version: "{{ common_version.stdout | default('0.0', True) }}" + when: openshift_version is not defined |