summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--filter_plugins/oo_filters.py9
-rw-r--r--playbooks/common/openshift-cluster/config.yml2
-rw-r--r--playbooks/common/openshift-cluster/initialize_openshift_version.yml29
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml117
-rw-r--r--playbooks/common/openshift-master/config.yml4
-rw-r--r--playbooks/common/openshift-node/config.yml4
-rw-r--r--roles/openshift_ca/tasks/main.yml53
-rw-r--r--roles/openshift_cli/defaults/main.yml1
-rw-r--r--roles/openshift_cli/tasks/main.yml10
-rw-r--r--roles/openshift_cli/templates/openshift.j22
-rw-r--r--roles/openshift_common/defaults/main.yml1
-rw-r--r--roles/openshift_common/meta/main.yml1
-rw-r--r--roles/openshift_docker/meta/main.yml4
-rw-r--r--roles/openshift_docker/tasks/main.yml40
-rw-r--r--roles/openshift_docker_facts/defaults/main.yml1
-rw-r--r--roles/openshift_docker_facts/tasks/main.yml19
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py35
-rw-r--r--roles/openshift_facts/tasks/main.yml1
-rw-r--r--roles/openshift_master/defaults/main.yml2
-rw-r--r--roles/openshift_master/tasks/main.yml3
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master.j22
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j22
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j22
-rw-r--r--roles/openshift_master_ca/tasks/main.yml5
-rw-r--r--roles/openshift_master_ca/vars/main.yml1
-rw-r--r--roles/openshift_node/defaults/main.yml15
-rw-r--r--roles/openshift_node/tasks/main.yml5
-rw-r--r--roles/openshift_node/tasks/systemd_units.yml2
-rw-r--r--roles/openshift_node/templates/openvswitch.sysconfig.j22
-rw-r--r--roles/openshift_version/meta/main.yml17
-rw-r--r--roles/openshift_version/tasks/main.yml38
-rw-r--r--roles/openshift_version/tasks/set_version_containerized.yml37
-rw-r--r--roles/openshift_version/tasks/set_version_rpm.yml22
33 files changed, 318 insertions, 170 deletions
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index b81c3bf7f..7510975f2 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -881,14 +881,13 @@ class FilterModule(object):
"""
if not isinstance(version, basestring):
raise errors.AnsibleFilterError("|failed expects a string or unicode")
- # TODO: Do we need to make this actually convert v1.2.0-rc1 into 1.2.0-0.rc1
- # We'd need to be really strict about how we build the RPM Version+Release
if version.startswith("v"):
- version = version.replace("v", "")
+ version = version[1:]
+ # Strip release from requested version, we no longer support this.
version = version.split('-')[0]
- if include_dash:
- version = "-" + version
+ if include_dash and version and not version.startswith("-"):
+ version = "-" + version
return version
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 5fec11541..5cf5df08e 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -5,6 +5,8 @@
- include: validate_hostnames.yml
+- include: initialize_openshift_version.yml
+
- name: Set oo_options
hosts: oo_all_hosts
tasks:
diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml
new file mode 100644
index 000000000..972df050c
--- /dev/null
+++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml
@@ -0,0 +1,29 @@
+---
+# NOTE: requires openshift_facts be run
+- name: Determine openshift_version to configure on first master
+ hosts: oo_first_master
+ roles:
+ - openshift_version
+ pre_tasks:
+ - debug: var=openshift_version
+ post_tasks:
+ - debug: var=openshift_version
+
+# NOTE: We set this even on etcd hosts as they may also later run as masters,
+# and we don't want to install wrong version of docker and have to downgrade
+# later.
+- name: Set openshift_version for all hosts
+ hosts: oo_all_hosts:!oo_first_master
+ vars:
+ openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}"
+ roles:
+ - openshift_version
+ pre_tasks:
+ - debug: var=hostvars[groups.oo_first_master.0].openshift_version
+ - debug: var=openshift.common.version
+ - debug: var=openshift_version
+ post_tasks:
+ - debug: var=hostvars[groups.oo_first_master.0].openshift_version
+ - debug: var=openshift.common.version
+ - debug: var=openshift_version
+
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml
index 6bff16674..c2847e163 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml
@@ -22,10 +22,10 @@
###############################################################################
# Pre-upgrade checks
###############################################################################
-- name: Verify upgrade can proceed
+- name: Verify upgrade can proceed on first master
hosts: oo_first_master
vars:
- target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}"
+ target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
g_pacemaker_upgrade_url_segment: "{{ 'org/latest' if deployment_type =='origin' else '.com/enterprise/3.1' }}"
gather_facts: no
tasks:
@@ -41,6 +41,11 @@
https://docs.openshift.{{ g_pacemaker_upgrade_url_segment }}/install_config/upgrading/pacemaker_to_native_ha.html
when: openshift.master.cluster_method is defined and openshift.master.cluster_method == 'pacemaker'
+ # Error out in situations where the user has older versions specified in their
+ # inventory in any of the openshift_release, openshift_image_tag, and
+ # openshift_pkg_version variables. These must be removed or updated to proceed
+ # with upgrade.
+ # TODO: Should we block if you're *over* the next major release version as well?
- fail:
msg: >
openshift_pkg_version is {{ openshift_pkg_version }} which is not a
@@ -53,6 +58,21 @@
valid version for a {{ target_version }} upgrade
when: openshift_image_tag is defined and openshift_image_tag.split('v',1).1 | version_compare(target_version ,'<')
+ - fail:
+ msg: >
+ openshift_release is {{ openshift_release }} which is not a
+ valid release for a {{ target_version }} upgrade
+ when: openshift_release is defined and not openshift_release | version_compare(target_version ,'=')
+
+- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
+ vars:
+ # Request openshift_release 3.2 and let the openshift_version role handle converting this
+ # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if
+ # defined, and overriding the normal behavior of protecting the installed version
+ openshift_release: "3.2"
+ openshift_protect_installed_version: False
+ upgrading: true
+
- name: Verify master processes
hosts: oo_masters_to_config
roles:
@@ -88,6 +108,7 @@
hosts: oo_nodes_to_config
roles:
- openshift_facts
+ - openshift_docker_facts
tasks:
- name: Ensure Node is running
service:
@@ -99,19 +120,17 @@
- name: Verify upgrade targets
hosts: oo_masters_to_config:oo_nodes_to_config
vars:
- target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}"
+ target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
- upgrading: True
- handlers:
- - include: ../../../../../roles/openshift_master/handlers/main.yml
- - include: ../../../../../roles/openshift_node/handlers/main.yml
- roles:
- # We want the cli role to evaluate so that the containerized oc/oadm wrappers
- # are modified to use the correct image tag. However, this can trigger a
- # docker restart if new configuration is laid down which would immediately
- # pull the latest image and defeat the purpose of these tasks.
- - { role: openshift_cli }
pre_tasks:
+ - fail:
+ msg: Verify OpenShift is already installed
+ when: openshift.common.version is not defined
+
+ - fail:
+ msg: Verify the correct version was found
+ when: verify_upgrade_version is defined and openshift_version != verify_upgrade_version
+
- name: Clean package cache
command: "{{ ansible_pkg_mgr }} clean all"
when: not openshift.common.is_atomic | bool
@@ -120,58 +139,17 @@
g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}"
when: not openshift.common.is_containerized | bool
- - name: Determine available versions
- script: ../files/rpm_versions.sh {{ g_new_service_name }}
- register: g_rpm_versions_result
- when: not openshift.common.is_containerized | bool
-
- - set_fact:
- g_aos_versions: "{{ g_rpm_versions_result.stdout | from_yaml }}"
- when: not openshift.common.is_containerized | bool
-
- - name: Determine available versions
- script: ../files/openshift_container_versions.sh {{ openshift.common.service_type }}
- register: g_containerized_versions_result
- when: openshift.common.is_containerized | bool
-
- - set_fact:
- g_aos_versions: "{{ g_containerized_versions_result.stdout | from_yaml }}"
+ - name: Verify containers are available for upgrade
+ command: >
+ docker pull {{ openshift.common.cli_image }}:v{{ openshift_version }}
when: openshift.common.is_containerized | bool
- - set_fact:
- g_new_version: "{{ g_aos_versions.curr_version.split('-', 1).0 if g_aos_versions.avail_version is none else g_aos_versions.avail_version.split('-', 1).0 }}"
- when: openshift_pkg_version is not defined
-
- - set_fact:
- g_new_version: "{{ openshift_pkg_version | replace('-','') }}"
- when: openshift_pkg_version is defined
-
- - set_fact:
- g_new_version: "{{ openshift_image_tag | replace('v','') }}"
- when: openshift_image_tag is defined
-
- - fail:
- msg: Verifying the correct version was found
- when: g_aos_versions.curr_version == ""
-
- - fail:
- msg: Verifying the correct version was found
- when: verify_upgrade_version is defined and g_new_version != verify_upgrade_version
-
- - include_vars: ../../../../../roles/openshift_master/vars/main.yml
- when: inventory_hostname in groups.oo_masters_to_config
-
- - name: Update systemd units
- include: ../../../../../roles/openshift_master/tasks/systemd_units.yml openshift_version=v{{ g_new_version }}
- when: inventory_hostname in groups.oo_masters_to_config
-
- - include_vars: ../../../../../roles/openshift_node/vars/main.yml
- when: inventory_hostname in groups.oo_nodes_to_config
-
- - name: Update systemd units
- include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version=v{{ g_new_version }}
- when: inventory_hostname in groups.oo_nodes_to_config
+ - name: Verify RPMs are available for upgrade
+ command: >
+ yum list available -e 0 -q "{{ g_new_service_name }}" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ')
+ when: not openshift.common.is_containerized | bool
+ # TODO: Are these two grep checks necessary anymore?
# Note: the version number is hardcoded here in hopes of catching potential
# bugs in how g_aos_versions.curr_version is set
- name: Verifying the correct version is installed for upgrade
@@ -186,19 +164,15 @@
with_items:
- /etc/systemd/system/openvswitch.service
- /etc/systemd/system/{{ openshift.common.service_type }}*.service
- when: openshift.common.is_containerized | bool
-
- - fail:
- msg: This playbook requires Origin 1.1 or later
- when: deployment_type == 'origin' and g_aos_versions.curr_version | version_compare('1.1','<')
+ when: openshift.common.is_containerized | bool and verify_upgrade_version is defined
- fail:
- msg: This playbook requires Atomic Enterprise Platform/OpenShift Enterprise 3.1 or later
- when: deployment_type == 'atomic-openshift' and g_aos_versions.curr_version | version_compare('3.1','<')
+ msg: This upgrade playbook must be run on Origin 1.1 or later
+ when: deployment_type == 'origin' and openshift.common.version | version_compare('1.1','<')
- fail:
- msg: Upgrade packages not found
- when: openshift_image_tag is not defined and (g_aos_versions.avail_version | default(g_aos_versions.curr_version, true) | version_compare(target_version, '<'))
+ msg: This upgrade playbook must be run on OpenShift Enterprise 3.1 or later
+ when: deployment_type == 'atomic-openshift' and openshift.common.version | version_compare('3.1','<')
- name: Determine available Docker
script: ../files/rpm_versions.sh docker
@@ -218,6 +192,7 @@
g_docker_version: "{{ g_atomic_docker_version_result.stdout | from_yaml }}"
when: openshift.common.is_atomic | bool
+ # TODO: Update to 1.10 once branch merges
- fail:
msg: This playbook requires access to Docker 1.9 or later
when: g_docker_version.avail_version | default(g_docker_version.curr_version, true) | version_compare('1.9','<')
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 0ca148169..5e57cdeef 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -310,7 +310,7 @@
with_items: openshift_master_named_certificates
when: named_certs_specified | bool
-- name: Configure master instances
+- name: Configure masters
hosts: oo_masters_to_config
any_errors_fatal: true
serial: 1
@@ -326,7 +326,7 @@
| union(groups['oo_etcd_to_config'] | default([])))
| oo_collect('openshift.common.hostname') | default([]) | join (',')
}}"
- when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
+ when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
openshift_generate_no_proxy_hosts | default(True) | bool }}"
pre_tasks:
- name: Ensure certificate directory exists
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index b3491ef8d..bffac0e56 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -121,7 +121,7 @@
| union(groups['oo_etcd_to_config'] | default([])))
| oo_collect('openshift.common.hostname') | default([]) | join (',')
}}"
- when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
+ when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
openshift_generate_no_proxy_hosts | default(True) | bool }}"
roles:
- openshift_node
@@ -137,7 +137,7 @@
| union(groups['oo_etcd_to_config'] | default([])))
| oo_collect('openshift.common.hostname') | default([]) | join (',')
}}"
- when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
+ when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
openshift_generate_no_proxy_hosts | default(True) | bool }}"
roles:
- openshift_node
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
new file mode 100644
index 000000000..cd72a4e21
--- /dev/null
+++ b/roles/openshift_ca/tasks/main.yml
@@ -0,0 +1,53 @@
+---
+- fail:
+ msg: "openshift_ca_host variable must be defined for this role"
+ when: openshift_ca_host is not defined
+
+- name: Install the base package for admin tooling
+ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
+ when: not openshift.common.is_containerized | bool
+ register: install_result
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Reload generated facts
+ openshift_facts:
+ when: install_result | changed
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Create openshift_ca_config_dir if it does not exist
+ file:
+ path: "{{ openshift_ca_config_dir }}"
+ state: directory
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Determine if CA must be created
+ stat:
+ path: "{{ openshift_ca_config_dir }}/{{ item }}"
+ register: g_master_ca_stat_result
+ with_items:
+ - ca.crt
+ - ca.key
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- set_fact:
+ master_ca_missing: "{{ False in (g_master_ca_stat_result.results
+ | oo_collect(attribute='stat.exists')
+ | list) }}"
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Create the master certificates if they do not already exist
+ command: >
+ {{ openshift.common.admin_binary }} create-master-certs
+ --hostnames={{ openshift_master_hostnames | join(',') }}
+ --master={{ openshift.master.api_url }}
+ --public-master={{ openshift.master.public_api_url }}
+ --cert-dir={{ openshift_ca_config_dir }}
+ --overwrite=false
+ when: hostvars[openshift_ca_host].master_ca_missing | bool
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
diff --git a/roles/openshift_cli/defaults/main.yml b/roles/openshift_cli/defaults/main.yml
index 7baa87ab8..ed97d539c 100644
--- a/roles/openshift_cli/defaults/main.yml
+++ b/roles/openshift_cli/defaults/main.yml
@@ -1,2 +1 @@
---
-openshift_version: "{{ openshift_image_tag | default(openshift.docker.openshift_image_tag | default('')) }}"
diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml
index c0a712513..cdd0564c7 100644
--- a/roles/openshift_cli/tasks/main.yml
+++ b/roles/openshift_cli/tasks/main.yml
@@ -1,11 +1,15 @@
---
+- debug: var=openshift_version
+- debug: var=openshift.common
+
- name: Install clients
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-clients state=present"
when: not openshift.common.is_containerized | bool
+# TODO: handle no openshift_version set?
- name: Pull CLI Image
command: >
- docker pull {{ openshift.common.cli_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
+ docker pull {{ openshift.common.cli_image }}{{ ':v' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
when: openshift.common.is_containerized | bool
- name: Create /usr/local/bin/openshift cli wrapper
@@ -25,3 +29,7 @@
- /usr/local/bin/oc
- /usr/local/bin/kubectl
when: openshift.common.is_containerized | bool
+
+- name: Reload facts to pick up installed OpenShift version
+ openshift_facts:
+
diff --git a/roles/openshift_cli/templates/openshift.j2 b/roles/openshift_cli/templates/openshift.j2
index 8a3f3a257..1c82e02a2 100644
--- a/roles/openshift_cli/templates/openshift.j2
+++ b/roles/openshift_cli/templates/openshift.j2
@@ -5,7 +5,7 @@ fi
cmd=`basename $0`
user=`id -u`
group=`id -g`
-image_tag="{{ openshift_version }}"
+image_tag="v{{ openshift_version }}"
>&2 echo """
================================================================================
diff --git a/roles/openshift_common/defaults/main.yml b/roles/openshift_common/defaults/main.yml
index e46af70c7..267c03605 100644
--- a/roles/openshift_common/defaults/main.yml
+++ b/roles/openshift_common/defaults/main.yml
@@ -1,4 +1,3 @@
---
openshift_cluster_id: 'default'
openshift_debug_level: 2
-openshift_version: "{{ openshift_pkg_version | default('') }}"
diff --git a/roles/openshift_common/meta/main.yml b/roles/openshift_common/meta/main.yml
index f1cf3e161..cd8c75ec5 100644
--- a/roles/openshift_common/meta/main.yml
+++ b/roles/openshift_common/meta/main.yml
@@ -14,3 +14,4 @@ galaxy_info:
dependencies:
- role: openshift_facts
- role: openshift_repos
+- role: openshift_version
diff --git a/roles/openshift_docker/meta/main.yml b/roles/openshift_docker/meta/main.yml
index d98f953ea..c1a6611d1 100644
--- a/roles/openshift_docker/meta/main.yml
+++ b/roles/openshift_docker/meta/main.yml
@@ -12,6 +12,4 @@ galaxy_info:
categories:
- cloud
dependencies:
-- role: openshift_repos
-- role: openshift_docker_facts
-- role: docker
+- role: openshift_version
diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml
index 9c5887f76..ed97d539c 100644
--- a/roles/openshift_docker/tasks/main.yml
+++ b/roles/openshift_docker/tasks/main.yml
@@ -1,41 +1 @@
---
-# It's important that we don't explicitly pull this image here. Otherwise we
-# could result in upgrading a preinstalled environment. We'll have to set
-# openshift_image_tag correctly for upgrades.
-- set_fact:
- is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}"
- # Does the host already have an image tag fact, used to determine if it's a new node
- # in non-upgrade scenarios:
- has_image_tag_fact: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag is defined }}"
-
-- name: Set version when containerized
- command: >
- docker run --rm {{ openshift.common.cli_image }} version
- register: cli_image_version
- when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool)
-
-# Use the pre-existing image tag from system facts if present, and we're not upgrading.
-# Ignores explicit openshift_image_tag if it's in the inventory, as this isn't an upgrade.
-- set_fact:
- l_image_tag: "{{ hostvars[inventory_hostname].openshift.docker.openshift_image_tag }}"
- when: is_containerized | bool and not upgrading | bool and has_image_tag_fact | bool
-
-- set_fact:
- l_image_tag: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2] | join('-') if openshift.common.deployment_type == 'origin' else
- cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0] }}"
- when: is_containerized | bool and openshift_image_tag is not defined and (upgrading | bool or not has_image_tag_fact | bool)
-
-- set_fact:
- l_image_tag: "{{ openshift_image_tag }}"
- when: is_containerized | bool and openshift_image_tag is defined and (upgrading | bool or not has_image_tag_fact | bool)
-
-- name: Set post docker install facts
- openshift_facts:
- role: "{{ item.role }}"
- local_facts: "{{ item.local_facts }}"
- with_items:
- - role: docker
- local_facts:
- openshift_image_tag: "{{ l_image_tag | default(None) }}"
- openshift_version: "{{ l_image_tag.split('-')[0] | oo_image_tag_to_rpm_version if l_image_tag is defined else '' }}"
- when: is_containerized | bool
diff --git a/roles/openshift_docker_facts/defaults/main.yml b/roles/openshift_docker_facts/defaults/main.yml
index 7baa87ab8..ed97d539c 100644
--- a/roles/openshift_docker_facts/defaults/main.yml
+++ b/roles/openshift_docker_facts/defaults/main.yml
@@ -1,2 +1 @@
---
-openshift_version: "{{ openshift_image_tag | default(openshift.docker.openshift_image_tag | default('')) }}"
diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml
index cdea90413..2e68809ca 100644
--- a/roles/openshift_docker_facts/tasks/main.yml
+++ b/roles/openshift_docker_facts/tasks/main.yml
@@ -38,22 +38,3 @@
- set_fact:
docker_options: "{{ openshift.docker.options | default(omit) }}"
when: not openshift.docker.hosted_registry_insecure | default(False) | bool
-
-# Avoid docker 1.9 when installing origin < 1.2 or OSE < 3.2 on RHEL/Centos and
-# See: https://bugzilla.redhat.com/show_bug.cgi?id=1304038
-- name: Gather common package version
- command: >
- {{ repoquery_cmd }} --qf '%{version}' "{{ openshift.common.service_type}}"
- register: common_version
- failed_when: false
- changed_when: false
- when: not openshift.common.is_containerized | bool
-
-- set_fact:
- l_common_version: "{{ openshift_version | default('0.0', True) | oo_image_tag_to_rpm_version }}"
- when: openshift.common.is_containerized | bool
-
-- set_fact:
- l_common_version: "{{ common_version.stdout | default('0.0', True) }}"
- when: not openshift.common.is_containerized | bool
-
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 2f8af2454..9d7705af7 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -826,7 +826,7 @@ def set_version_facts_if_unset(facts):
if 'common' in facts:
deployment_type = facts['common']['deployment_type']
version = get_openshift_version(facts)
- if version is not None:
+ if version:
facts['common']['version'] = version
if deployment_type == 'origin':
version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('1.1.0')
@@ -1133,18 +1133,27 @@ def get_openshift_version(facts):
if os.path.isfile('/usr/bin/openshift'):
_, output, _ = module.run_command(['/usr/bin/openshift', 'version'])
version = parse_openshift_version(output)
-
- # openshift_facts runs before openshift_docker_facts. However, it will be
- # called again and set properly throughout the playbook run. This could be
- # refactored to simply set the openshift.common.version in the
- # openshift_docker_facts role but it would take reworking some assumptions
- # on how get_openshift_version is called.
- if 'is_containerized' in facts['common'] and safe_get_bool(facts['common']['is_containerized']):
- if 'docker' in facts and 'openshift_version' in facts['docker']:
- version = facts['docker']['openshift_version']
+ elif os.path.isfile('/usr/local/bin/openshift'):
+ # TODO: this should probably make sure the actual image is already present, this can take awhile if it has to pull
+ # and is falsely acting like openshift is already installed
+ _, output, _ = module.run_command(['/usr/local/bin/openshift', 'version'])
+ version = parse_openshift_version(output)
+ elif 'node' in facts and 'common' in facts and 'is_containerized' in facts['common']:
+ version = get_containerized_node_openshift_version(facts)
return version
+def get_containerized_node_openshift_version(facts):
+ node_svc = "%s-node" % facts['common']['service_type']
+ rc, _, _ = module.run_command(['systemctl', 'is-active', node_svc])
+ if rc > 0:
+ # Node service not running or doesn't exist:
+ return None
+ # Node service running, exec in and get the version:
+ _, output, _ = module.run_command(['docker', 'exec', '-ti', node_svc, 'openshift', 'version'])
+ return parse_openshift_version(output)
+
+
def parse_openshift_version(output):
""" Apply provider facts to supplied facts dict
@@ -1154,7 +1163,11 @@ def parse_openshift_version(output):
string: the version number
"""
versions = dict(e.split(' v') for e in output.splitlines() if ' v' in e)
- return versions.get('openshift', '')
+ ver = versions.get('openshift', '')
+ # Remove trailing build number and commit hash from older versions, we need to return a straight
+ # w.x.y.z version here for use as openshift_version throughout the playbooks/roles. (i.e. 3.1.1.6-64-g80b61da)
+ ver = ver.split('-')[0]
+ return ver
def apply_provider_facts(facts, provider_facts):
diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml
index ca1a9b1e4..c67f6b86a 100644
--- a/roles/openshift_facts/tasks/main.yml
+++ b/roles/openshift_facts/tasks/main.yml
@@ -41,3 +41,4 @@
no_proxy: "{{ openshift_no_proxy | default(None) }}"
generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}"
no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}"
+ version_requested: "{{ openshift_version | default(None) }}"
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index dbd62c80f..14a1daf6c 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -1,4 +1,4 @@
---
openshift_node_ips: []
# TODO: update setting these values based on the facts
-openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
+#openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 28faee155..6b3893570 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -1,6 +1,7 @@
---
# TODO: add ability to configure certificates given either a local file to
# point to or certificate contents, set in default cert locations.
+- debug: var=openshift_version
# Authentication Variable Validation
# TODO: validate the different identity provider kinds as well
@@ -29,7 +30,7 @@
- name: Pull master image
command: >
- docker pull {{ openshift.master.master_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
+ docker pull {{ openshift.master.master_image }}{{ ':v' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
when: openshift.common.is_containerized | bool
- name: Create openshift.common.data_dir
diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2
index 026787421..ba2974476 100644
--- a/roles/openshift_master/templates/atomic-openshift-master.j2
+++ b/roles/openshift_master/templates/atomic-openshift-master.j2
@@ -1,7 +1,7 @@
OPTIONS=--loglevel={{ openshift.master.debug_level }}
CONFIG_FILE={{ openshift_master_config_file }}
{% if openshift.common.is_containerized | bool %}
-IMAGE_VERSION={{ openshift_version }}
+IMAGE_VERSION=v{{ openshift_version }}
{% endif %}
{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
index 02c22e374..36e4446b9 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
@@ -1,7 +1,7 @@
OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }}
CONFIG_FILE={{ openshift_master_config_file }}
{% if openshift.common.is_containerized | bool %}
-IMAGE_VERSION={{ openshift_version }}
+IMAGE_VERSION=v{{ openshift_version }}
{% endif %}
{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
index 644640577..ca3ae0ef8 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
@@ -1,7 +1,7 @@
OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }}
CONFIG_FILE={{ openshift_master_config_file }}
{% if openshift.common.is_containerized | bool %}
-IMAGE_VERSION={{ openshift_version }}
+IMAGE_VERSION=v{{ openshift_version }}
{% endif %}
{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml
index 4b7ef1d84..613aecc38 100644
--- a/roles/openshift_master_ca/tasks/main.yml
+++ b/roles/openshift_master_ca/tasks/main.yml
@@ -1,6 +1,9 @@
---
+
+- debug: msg="{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}"
+
- name: Install the base package for admin tooling
- action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version }} state=present"
+ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
when: not openshift.common.is_containerized | bool
register: install_result
diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml
index b35339b18..1f6af808c 100644
--- a/roles/openshift_master_ca/vars/main.yml
+++ b/roles/openshift_master_ca/vars/main.yml
@@ -3,4 +3,3 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
-openshift_version: "{{ openshift_pkg_version | default('') }}"
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index efff5d6cd..fffbf2994 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -1,2 +1,15 @@
---
-openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}"
+os_firewall_allow:
+- service: Kubernetes kubelet
+ port: 10250/tcp
+- service: http
+ port: 80/tcp
+- service: https
+ port: 443/tcp
+- service: Openshift kubelet ReadOnlyPort
+ port: 10255/tcp
+- service: Openshift kubelet ReadOnlyPort udp
+ port: 10255/udp
+- service: OpenShift OVS sdn
+ port: 4789/udp
+ when: openshift.node.use_openshift_sdn | bool
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 657e99e87..36f69645f 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -1,4 +1,5 @@
---
+- debug: var=openshift_version
# TODO: allow for overriding default ports where possible
- fail:
msg: "SELinux is disabled, This deployment type requires that SELinux is enabled."
@@ -39,12 +40,12 @@
- name: Pull node image
command: >
- docker pull {{ openshift.node.node_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
+ docker pull {{ openshift.node.node_image }}{{ ':v' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
when: openshift.common.is_containerized | bool
- name: Pull OpenVSwitch image
command: >
- docker pull {{ openshift.node.ovs_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
+ docker pull {{ openshift.node.ovs_image }}{{ ':v' + openshift_version if openshift_version is defined and openshift_version != '' else '' }}
when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool
- name: Install the systemd units
diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml
index e2a268260..0117a5a02 100644
--- a/roles/openshift_node/tasks/systemd_units.yml
+++ b/roles/openshift_node/tasks/systemd_units.yml
@@ -44,6 +44,6 @@
- regex: '^CONFIG_FILE='
line: "CONFIG_FILE={{ openshift_node_config_file }}"
- regex: '^IMAGE_VERSION='
- line: "IMAGE_VERSION={{ openshift_version }}"
+ line: "IMAGE_VERSION=v{{ openshift_version }}"
notify:
- restart node
diff --git a/roles/openshift_node/templates/openvswitch.sysconfig.j2 b/roles/openshift_node/templates/openvswitch.sysconfig.j2
index 1f8c20e07..53163b359 100644
--- a/roles/openshift_node/templates/openvswitch.sysconfig.j2
+++ b/roles/openshift_node/templates/openvswitch.sysconfig.j2
@@ -1 +1 @@
-IMAGE_VERSION={{ openshift_version }}
+IMAGE_VERSION=v{{ openshift_version }}
diff --git a/roles/openshift_version/meta/main.yml b/roles/openshift_version/meta/main.yml
new file mode 100644
index 000000000..8142fe823
--- /dev/null
+++ b/roles/openshift_version/meta/main.yml
@@ -0,0 +1,17 @@
+---
+galaxy_info:
+ author: Devan Goodwin
+ description: Determines the version of OpenShift to install or upgrade to
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.9
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- role: openshift_repos
+- role: openshift_docker_facts
+- role: docker
diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml
new file mode 100644
index 000000000..29724a9e5
--- /dev/null
+++ b/roles/openshift_version/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+# Determine the openshift_version to configure if none has been specified or set previously.
+
+- set_fact:
+ is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}"
+
+# Make sure we copy this to a fact if given a var:
+- set_fact:
+ openshift_version: "{{ openshift_version }}"
+ when: openshift_version is defined
+
+- debug: var=openshift_version
+- debug: var=openshift_release
+- debug: var=openshift_pkg_version
+- debug: var=openshift_image_tag
+
+# Protect the installed version by default unless explicitly told not to, or given an
+# openshift_version already.
+- name: Use openshift.common.version fact as version to configure if already installed
+ set_fact:
+ openshift_version: "{{ openshift.common.version }}"
+ when: openshift.common.version is defined and openshift_version is not defined and openshift_protect_installed_version
+
+- name: Set openshift_version for rpm installation
+ include: set_version_rpm.yml
+ when: not is_containerized
+
+- name: Set openshift_version for containerized installation
+ include: set_version_containerized.yml
+ when: is_containerized
+
+- debug: var=openshift_version
+
+# At this point we know openshift_version is set appropriately. Now we set
+# openshift_image_tag and openshift_pkg_version, so all roles can always assume
+# each of this variables *will* be set correctly and can use them per their
+# intended purpose.
+
diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml
new file mode 100644
index 000000000..fc15b2d35
--- /dev/null
+++ b/roles/openshift_version/tasks/set_version_containerized.yml
@@ -0,0 +1,37 @@
+---
+- name: Set containerized version to configure if openshift_image_tag specified
+ set_fact:
+ openshift_version: "{{ openshift_image_tag.split('v',1)[1] }}"
+ when: openshift_image_tag is defined and openshift_version is not defined
+
+- name: Set containerized version to configure if openshift_release specified
+ set_fact:
+ openshift_version: "{{ openshift_release }}"
+ when: openshift_release is defined and openshift_version is not defined
+
+- name: Lookup latest containerized version if no version specified
+ command: >
+ docker run --rm {{ openshift.common.cli_image }}:latest version
+ register: cli_image_version
+ when: openshift_version is not defined
+
+- debug: var=cli_image_version
+
+- set_fact:
+ openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}"
+ when: openshift_version is not defined
+
+- debug: msg="{{ openshift_version }}"
+
+# If we got an openshift_version like "3.2", lookup the latest 3.2 container version
+# and use that value instead.
+- name: Set precise containerized version to configure if openshift_release specified
+ command: >
+ docker run --rm {{ openshift.common.cli_image }}:v{{ openshift_version }} version
+ register: cli_image_version
+ when: openshift_version is defined and openshift_version.split('.') | length == 2
+
+- set_fact:
+ openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}"
+ when: openshift_version is defined and openshift_version.split('.') | length == 2
+
diff --git a/roles/openshift_version/tasks/set_version_rpm.yml b/roles/openshift_version/tasks/set_version_rpm.yml
new file mode 100644
index 000000000..bcf275135
--- /dev/null
+++ b/roles/openshift_version/tasks/set_version_rpm.yml
@@ -0,0 +1,22 @@
+---
+# TODO: support openshift_release here?
+- name: Set rpm version to configure if openshift_pkg_version specified
+ set_fact:
+ # Expects a leading "-" in inventory, strip it off here, and ignore a trailing release,
+ # openshift_version should always just be "3.2" or "3.2.0.44"
+ openshift_version: "{{ openshift_pkg_version[1:].split('-')[0] }}"
+ when: openshift_pkg_version is defined and openshift_version is not defined
+
+- name: Gather common package version
+ command: >
+ {{ repoquery_cmd }} --qf '%{version}' "{{ openshift.common.service_type}}"
+ register: common_version
+ failed_when: false
+ changed_when: false
+ when: openshift_version is not defined
+
+- debug: var=common_version
+
+- set_fact:
+ openshift_version: "{{ common_version.stdout | default('0.0', True) }}"
+ when: openshift_version is not defined