summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md2
-rw-r--r--inventory/byo/hosts.origin.example3
-rw-r--r--inventory/byo/hosts.ose.example3
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml15
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml15
-rw-r--r--roles/docker/README.md2
-rw-r--r--roles/docker/meta/main.yml2
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py54
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j210
-rw-r--r--roles/openshift_master_facts/tasks/main.yml4
-rw-r--r--roles/os_firewall/README.md2
-rw-r--r--roles/os_firewall/meta/main.yml2
12 files changed, 81 insertions, 33 deletions
diff --git a/README.md b/README.md
index b6f8f3eca..635981b45 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,7 @@ not practical to start over at 1.0.
***
Requirements:
- - Ansible >= 2.1.0 (>= 2.2 is preferred for performance reasons)
+ - Ansible >= 2.2.0
- Jinja >= 2.7
- pyOpenSSL
- python-lxml
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index 5a95ecf94..324e2477f 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -619,6 +619,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default
#openshift_master_dynamic_provisioning_enabled=False
+# Admission plugin config
+#openshift_master_admission_plugin_config={"ProjectRequestLimit":{"configuration":{"apiVersion":"v1","kind":"ProjectRequestLimitConfig","limits":[{"selector":{"admin":"true"}},{"maxProjects":"1"}]}},"PodNodeConstraints":{"configuration":{"apiVersion":"v1","kind":"PodNodeConstraintsConfig"}}}
+
# Configure usage of openshift_clock role.
#openshift_clock_enabled=true
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index be919c105..4a2925599 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -619,6 +619,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default
#openshift_master_dynamic_provisioning_enabled=False
+# Admission plugin config
+#openshift_master_admission_plugin_config={"ProjectRequestLimit":{"configuration":{"apiVersion":"v1","kind":"ProjectRequestLimitConfig","limits":[{"selector":{"admin":"true"}},{"maxProjects":"1"}]}},"PodNodeConstraints":{"configuration":{"apiVersion":"v1","kind":"PodNodeConstraintsConfig"}}}
+
# Configure usage of openshift_clock role.
#openshift_clock_enabled=true
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml
index 684eea343..8c0bd272c 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml
@@ -48,3 +48,18 @@
dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
yaml_key: 'controllerConfig.servicesServingCert.signer.keyFile'
yaml_value: service-signer.key
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'admissionConfig.pluginConfig'
+ yaml_value: "{{ openshift.master.admission_plugin_config }}"
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'admissionConfig.pluginOrderOverride'
+ yaml_value:
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'kubernetesMasterConfig.admissionConfig'
+ yaml_value:
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml
new file mode 100644
index 000000000..32de9d94a
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml
@@ -0,0 +1,15 @@
+---
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'admissionConfig.pluginConfig'
+ yaml_value: "{{ openshift.master.admission_plugin_config }}"
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'admissionConfig.pluginOrderOverride'
+ yaml_value:
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'kubernetesMasterConfig.admissionConfig'
+ yaml_value:
diff --git a/roles/docker/README.md b/roles/docker/README.md
index 1f0d94da0..ea06fd41a 100644
--- a/roles/docker/README.md
+++ b/roles/docker/README.md
@@ -6,7 +6,7 @@ Ensures docker package is installed, and optionally raises timeout for systemd-u
Requirements
------------
-None
+Ansible 2.2
Role Variables
--------------
diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml
index 3d362158d..c5c95c0d2 100644
--- a/roles/docker/meta/main.yml
+++ b/roles/docker/meta/main.yml
@@ -4,7 +4,7 @@ galaxy_info:
description: docker package install
company: Red Hat, Inc
license: ASL 2.0
- min_ansible_version: 1.2
+ min_ansible_version: 2.2
platforms:
- name: EL
versions:
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index d797eb4d3..ad4b1e47b 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -22,9 +22,14 @@ from distutils.util import strtobool
from distutils.version import LooseVersion
import struct
import socket
-from dbus import SystemBus, Interface
-from dbus.exceptions import DBusException
+HAVE_DBUS=False
+try:
+ from dbus import SystemBus, Interface
+ from dbus.exceptions import DBusException
+ HAVE_DBUS=True
+except ImportError:
+ pass
DOCUMENTATION = '''
---
@@ -102,14 +107,6 @@ def migrate_node_facts(facts):
facts['node'][param] = facts[role].pop(param)
return facts
-def migrate_local_facts(facts):
- """ Apply migrations of local facts """
- migrated_facts = copy.deepcopy(facts)
- migrated_facts = migrate_docker_facts(migrated_facts)
- migrated_facts = migrate_common_facts(migrated_facts)
- migrated_facts = migrate_node_facts(migrated_facts)
- migrated_facts = migrate_hosted_facts(migrated_facts)
- return migrated_facts
def migrate_hosted_facts(facts):
""" Apply migrations for master facts """
@@ -128,6 +125,30 @@ def migrate_hosted_facts(facts):
facts['hosted']['registry']['selector'] = facts['master'].pop('registry_selector')
return facts
+def migrate_admission_plugin_facts(facts):
+ if 'master' in facts:
+ if 'kube_admission_plugin_config' in facts['master']:
+ if 'admission_plugin_config' not in facts['master']:
+ facts['master']['admission_plugin_config'] = dict()
+ # Merge existing kube_admission_plugin_config with admission_plugin_config.
+ facts['master']['admission_plugin_config'] = merge_facts(facts['master']['admission_plugin_config'],
+ facts['master']['kube_admission_plugin_config'],
+ additive_facts_to_overwrite=[],
+ protected_facts_to_overwrite=[])
+ # Remove kube_admission_plugin_config fact
+ facts['master'].pop('kube_admission_plugin_config', None)
+ return facts
+
+def migrate_local_facts(facts):
+ """ Apply migrations of local facts """
+ migrated_facts = copy.deepcopy(facts)
+ migrated_facts = migrate_docker_facts(migrated_facts)
+ migrated_facts = migrate_common_facts(migrated_facts)
+ migrated_facts = migrate_node_facts(migrated_facts)
+ migrated_facts = migrate_hosted_facts(migrated_facts)
+ migrated_facts = migrate_admission_plugin_facts(migrated_facts)
+ return migrated_facts
+
def first_ip(network):
""" Return the first IPv4 address in network
@@ -1567,14 +1588,14 @@ def set_proxy_facts(facts):
builddefaults['git_http_proxy'] = builddefaults['http_proxy']
if 'git_https_proxy' not in builddefaults and 'https_proxy' in builddefaults:
builddefaults['git_https_proxy'] = builddefaults['https_proxy']
- # If we're actually defining a proxy config then create kube_admission_plugin_config
+ # If we're actually defining a proxy config then create admission_plugin_config
# if it doesn't exist, then merge builddefaults[config] structure
- # into kube_admission_plugin_config
- if 'kube_admission_plugin_config' not in facts['master']:
- facts['master']['kube_admission_plugin_config'] = dict()
+ # into admission_plugin_config
+ if 'admission_plugin_config' not in facts['master']:
+ facts['master']['admission_plugin_config'] = dict()
if 'config' in builddefaults and ('http_proxy' in builddefaults or \
'https_proxy' in builddefaults):
- facts['master']['kube_admission_plugin_config'].update(builddefaults['config'])
+ facts['master']['admission_plugin_config'].update(builddefaults['config'])
facts['builddefaults'] = builddefaults
return facts
@@ -2277,6 +2298,9 @@ def main():
add_file_common_args=True,
)
+ if not HAVE_DBUS:
+ module.fail_json(msg="This module requires dbus python bindings")
+
module.params['gather_subset'] = ['hardware', 'network', 'virtual', 'facter']
module.params['gather_timeout'] = 10
module.params['filter'] = '*'
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index a52ae578c..dc9226a5a 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -1,7 +1,4 @@
admissionConfig:
-{% if 'admission_plugin_order' in openshift.master %}
- pluginOrderOverride:{{ openshift.master.admission_plugin_order | to_padded_yaml(level=2) }}
-{% endif %}
{% if 'admission_plugin_config' in openshift.master %}
pluginConfig:{{ openshift.master.admission_plugin_config | to_padded_yaml(level=2) }}
{% endif %}
@@ -116,13 +113,6 @@ kubernetesMasterConfig:
- v1beta3
- v1
{% endif %}
- admissionConfig:
-{% if 'kube_admission_plugin_order' in openshift.master %}
- pluginOrderOverride:{{ openshift.master.kube_admission_plugin_order | to_padded_yaml(level=3) }}
-{% endif %}
-{% if 'kube_admission_plugin_config' in openshift.master %}
- pluginConfig:{{ openshift.master.kube_admission_plugin_config | to_padded_yaml(level=3) }}
-{% endif %}
apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }}
controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }}
masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }}
diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml
index 62ac1aef5..1f27a2c1d 100644
--- a/roles/openshift_master_facts/tasks/main.yml
+++ b/roles/openshift_master_facts/tasks/main.yml
@@ -66,10 +66,8 @@
master_image: "{{ osm_image | default(None) }}"
scheduler_predicates: "{{ openshift_master_scheduler_predicates | default(None) }}"
scheduler_priorities: "{{ openshift_master_scheduler_priorities | default(None) }}"
- admission_plugin_order: "{{openshift_master_admission_plugin_order | default(None) }}"
admission_plugin_config: "{{openshift_master_admission_plugin_config | default(None) }}"
- kube_admission_plugin_order: "{{openshift_master_kube_admission_plugin_order | default(None) }}"
- kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}"
+ kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}" # deprecated, merged with admission_plugin_config
oauth_template: "{{ openshift_master_oauth_template | default(None) }}" # deprecated in origin 1.2 / OSE 3.2
oauth_templates: "{{ openshift_master_oauth_templates | default(None) }}"
oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}"
diff --git a/roles/os_firewall/README.md b/roles/os_firewall/README.md
index bb7fc2384..c13c5dfc9 100644
--- a/roles/os_firewall/README.md
+++ b/roles/os_firewall/README.md
@@ -7,7 +7,7 @@ case (Adding/Removing rules based on protocol and port number).
Requirements
------------
-None.
+Ansible 2.2
Role Variables
--------------
diff --git a/roles/os_firewall/meta/main.yml b/roles/os_firewall/meta/main.yml
index 4cfc72011..dca5fc5ff 100644
--- a/roles/os_firewall/meta/main.yml
+++ b/roles/os_firewall/meta/main.yml
@@ -4,7 +4,7 @@ galaxy_info:
description: os_firewall
company: Red Hat, Inc.
license: Apache License, Version 2.0
- min_ansible_version: 1.7
+ min_ansible_version: 2.2
platforms:
- name: EL
versions:
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 10:10:51 +0000