summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README_CONTAINERIZED_INSTALLATION.md101
-rw-r--r--playbooks/adhoc/uninstall.yml32
-rw-r--r--playbooks/common/openshift-cluster/config.yml2
-rw-r--r--playbooks/common/openshift-cluster/update_repos_and_packages.yml3
-rw-r--r--playbooks/common/openshift-docker/config.yml8
l---------playbooks/common/openshift-docker/filter_plugins1
l---------playbooks/common/openshift-docker/lookup_plugins1
l---------playbooks/common/openshift-docker/roles1
-rw-r--r--playbooks/common/openshift-etcd/config.yml6
-rw-r--r--playbooks/common/openshift-master/config.yml4
-rw-r--r--playbooks/common/openshift-node/config.yml2
-rw-r--r--roles/docker/README.md2
-rw-r--r--roles/docker/tasks/main.yml12
-rw-r--r--roles/etcd/defaults/main.yaml1
-rw-r--r--roles/etcd/handlers/main.yml3
-rw-r--r--roles/etcd/tasks/main.yml38
-rw-r--r--roles/etcd/templates/etcd.conf.j222
-rw-r--r--roles/etcd/templates/etcd.docker.service13
-rw-r--r--roles/fluentd_master/tasks/main.yml2
-rw-r--r--roles/fluentd_node/tasks/main.yml2
-rw-r--r--roles/kube_nfs_volumes/tasks/main.yml4
-rw-r--r--roles/openshift_docker/meta/main.yml16
-rw-r--r--roles/openshift_docker/tasks/main.yml27
-rw-r--r--roles/openshift_examples/defaults/main.yml2
-rw-r--r--roles/openshift_expand_partition/tasks/main.yml5
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py70
-rw-r--r--roles/openshift_facts/tasks/main.yml14
-rw-r--r--roles/openshift_master/tasks/main.yml61
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j226
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j225
-rw-r--r--roles/openshift_master/templates/master.docker.service.j2 (renamed from roles/openshift_master/templates/openshift.docker.master.service)9
-rw-r--r--roles/openshift_master/vars/main.yml2
-rw-r--r--roles/openshift_master_ca/tasks/main.yml7
-rw-r--r--roles/openshift_master_ca/vars/main.yml3
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml2
-rw-r--r--roles/openshift_master_cluster/tasks/main.yml2
-rw-r--r--roles/openshift_node/tasks/main.yml102
-rw-r--r--roles/openshift_node/tasks/storage_plugins/main.yml5
-rw-r--r--roles/openshift_node/templates/openshift.docker.node.service13
-rw-r--r--roles/openshift_node/templates/openvswitch.docker.service13
-rw-r--r--roles/openshift_node/vars/main.yml3
-rw-r--r--roles/openshift_repos/tasks/main.yaml15
-rw-r--r--roles/openshift_storage_nfs_lvm/tasks/main.yml5
-rw-r--r--roles/openshift_storage_nfs_lvm/tasks/nfs.yml2
-rw-r--r--roles/os_env_extras/tasks/main.yaml2
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml2
-rw-r--r--roles/os_update_latest/tasks/main.yml4
-rw-r--r--roles/os_zabbix/tasks/main.yml2
-rw-r--r--roles/yum_repos/tasks/main.yml2
49 files changed, 527 insertions, 174 deletions
diff --git a/README_CONTAINERIZED_INSTALLATION.md b/README_CONTAINERIZED_INSTALLATION.md
new file mode 100644
index 000000000..5f51b9507
--- /dev/null
+++ b/README_CONTAINERIZED_INSTALLATION.md
@@ -0,0 +1,101 @@
+# Overview
+
+Users may now deploy containerized versions of OpenShift Origin, OpenShift
+Enterprise, or Atomic Enterprise Platform on Atomic
+Host[https://projectatomic.io] or RHEL, Centos, and Fedora. This includes
+OpenvSwitch based SDN.
+
+
+## Installing on Atomic Host
+
+When installing on Atomic Host you will automatically have containerized
+installation methods selected for you based on detection of _/run/ostree-booted_
+
+## Installing on RHEL, Centos, or Fedora
+
+Currently the default installation method for traditional operating systems is
+via RPMs. If you wish to deploy using containerized installation you may set the
+ansible variable 'containerized=true' on a per host basis. This means that you
+may easily deploy environments mixing containerized and RPM based installs. At
+this point we suggest deploying heterogeneous environments.
+
+## CLI Wrappers
+
+When using containerized installations openshift-ansible will deploy a wrapper
+script on each master located in _/usr/local/bin/openshift_ and a set of
+symbolic links _/usr/local/bin/oc_, _/usr/local/bin/oadm_, and
+_/usr/local/bin/kubectl_ to ease administrative tasks. The wrapper script spawns
+a new container on each invocation so you may notice it's slightly slower than
+native clients.
+
+The wrapper scripts mount a limited subset of paths, _~/.kube_, _/etc/origin/_,
+and _/tmp_. Be mindful of this when passing in files to be processed by `oc` or
+ `oadm`. You may find it easier to redirect input like this :
+
+ `oc create -f - < my_file.json`
+
+## Technical Notes
+
+### Requisite Images
+
+Based on your deployment_type the installer will make use of the following
+images. Because you may make use of a private repository we've moved the
+configuration of docker additional, insecure, and blocked registries to the
+beginning of the installation process ensuring that these settings are applied
+before attempting to pull any of the following images.
+
+ Origin
+ openshift/origin
+ openshift/node (node + openshift-sdn + openvswitch rpm for client tools)
+ openshift/openvswitch (centos7 + openvswitch rpm, runs ovsdb ovsctl processes)
+ registry.access.redhat.com/rhel7/etcd
+ OpenShift Enterprise
+ openshift3/ose
+ openshift3/node
+ openshift3/openvswitch
+ registry.access.redhat.com/rhel7/etcd
+ Atomic Enterprise Platform
+ aep3/aep
+ aep3/node
+ aep3/openvswitch
+ registry.access.redhat.com/rhel7/etcd
+
+ * note openshift3/* and aep3/* images come from registry.access.redhat.com and
+rely on the --additional-repository flag being set appropriately.
+
+### Starting and Stopping Containers
+
+The installer will create relevant systemd units which can be used to start,
+stop, and poll services via normal systemctl commands. These unit names match
+those of an RPM installation with the exception of the etcd service which will
+be named 'etcd_container'. This change is necessary as currently Atomic Host
+ships with etcd package installed as part of Atomic Host and we will instead use
+a containerized version. The installer will disable the built in etcd service.
+etcd is slated to be removed from os-tree in the future.
+
+### File Paths
+
+All configuration files are placed in the same locations as RPM based
+installations and will survive os-tree upgrades.
+
+The examples are installed into _/etc/origin/examples_ rather than
+_/usr/share/openshift/examples_ because that is read-only on Atomic Host.
+
+
+### Storage Requirements
+
+Atomic Host installs normally have a very small root filesystem. However the
+etcd, master, and node containers will persist data in /var/lib. Please ensure
+that you have enough space on the root filesystem.
+
+### OpenvSwitch SDN Initialization
+
+OpenShift SDN initialization requires that the docker bridge be reconfigured and
+docker is restarted. This complicates the situation when the node is running
+within a container. When using the OVS SDN you'll see the node start,
+reconfigure docker, restart docker which will restart all containers, and
+finally start successfully.
+
+The node service may fail to start and be restarted a few times because the
+master services are also restarted along with docker. We currently work around
+this by relying on Restart=always in the docker based systemd units.
diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml
index 9161076e5..55df78a3f 100644
--- a/playbooks/adhoc/uninstall.yml
+++ b/playbooks/adhoc/uninstall.yml
@@ -19,15 +19,19 @@
failed_when: false
register: ostree_output
+ # Since we're not calling openshift_facts we'll do this for now
- set_fact:
is_atomic: "{{ ostree_output.rc == 0 }}"
+ - set_fact:
+ is_containerized: "{{ is_atomic or containerized | default(false) | bool }}"
- name: Remove br0 interface
shell: ovs-vsctl del-br br0
changed_when: False
failed_when: False
- - service: name={{ item }} state=stopped
+ - name: Stop services
+ service: name={{ item }} state=stopped
with_items:
- atomic-enterprise-master
- atomic-enterprise-node
@@ -46,8 +50,10 @@
- origin-master-controllers
- origin-node
- pcsd
+ failed_when: false
- - action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent"
+ - name: Remove packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent"
when: not is_atomic | bool
with_items:
- atomic-enterprise
@@ -132,14 +138,26 @@
with_items:
- registry\.access\..*redhat\.com/openshift3
- registry\.access\..*redhat\.com/aep3
+ - registry\.access\..*redhat\.com/rhel7/etcd
- docker.io/openshift
- shell: "docker rmi -f {{ item.stdout_lines | join(' ') }}"
changed_when: False
failed_when: False
with_items: "{{ images_to_delete.results }}"
+
+ - name: Remove sdn drop files
+ file:
+ path: /run/openshift-sdn
+ state: absent
+
+ - name: restart docker
+ service:
+ name: docker
+ state: restarted
- - file: path={{ item }} state=absent
+ - name: Remove remaining files
+ file: path={{ item }} state=absent
with_items:
- "~{{ ansible_ssh_user }}/.kube"
- /etc/ansible/facts.d/openshift.fact
@@ -149,7 +167,15 @@
- /etc/openshift
- /etc/openshift-sdn
- /etc/origin
+ - /etc/systemd/system/atomic-openshift-master.service
+ - /etc/systemd/system/atomic-openshift-master-api.service
+ - /etc/systemd/system/atomic-openshift-master-controllers.service
+ - /etc/systemd/system/atomic-openshift-node.service
+ - /etc/systemd/system/etcd_container.service
+ - /etc/systemd/system/openvswitch.service
- /etc/sysconfig/atomic-enterprise-master
+ - /etc/sysconfig/atomic-enterprise-master-api
+ - /etc/sysconfig/atomic-enterprise-master-controllers
- /etc/sysconfig/atomic-enterprise-node
- /etc/sysconfig/atomic-openshift-master
- /etc/sysconfig/atomic-openshift-master-api
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 482fa8441..a62d60167 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -1,6 +1,8 @@
---
- include: evaluate_groups.yml
+- include: ../openshift-docker/config.yml
+
- include: ../openshift-etcd/config.yml
- include: ../openshift-master/config.yml
diff --git a/playbooks/common/openshift-cluster/update_repos_and_packages.yml b/playbooks/common/openshift-cluster/update_repos_and_packages.yml
index 6e4ad7d3f..9a303c62d 100644
--- a/playbooks/common/openshift-cluster/update_repos_and_packages.yml
+++ b/playbooks/common/openshift-cluster/update_repos_and_packages.yml
@@ -8,5 +8,6 @@
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
- - {role: openshift_repos, when: not is_atomic}
+ and not openshift.common.is_atomic | bool
+ - openshift_repos
- os_update_latest
diff --git a/playbooks/common/openshift-docker/config.yml b/playbooks/common/openshift-docker/config.yml
new file mode 100644
index 000000000..c3541e544
--- /dev/null
+++ b/playbooks/common/openshift-docker/config.yml
@@ -0,0 +1,8 @@
+- name: Configure docker hosts
+ hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config
+ vars:
+ docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') | oo_split }}"
+ docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') | oo_split }}"
+ docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') | oo_split }}"
+ roles:
+ - openshift-docker
diff --git a/playbooks/common/openshift-docker/filter_plugins b/playbooks/common/openshift-docker/filter_plugins
new file mode 120000
index 000000000..99a95e4ca
--- /dev/null
+++ b/playbooks/common/openshift-docker/filter_plugins
@@ -0,0 +1 @@
+../../../filter_plugins \ No newline at end of file
diff --git a/playbooks/common/openshift-docker/lookup_plugins b/playbooks/common/openshift-docker/lookup_plugins
new file mode 120000
index 000000000..ac79701db
--- /dev/null
+++ b/playbooks/common/openshift-docker/lookup_plugins
@@ -0,0 +1 @@
+../../../lookup_plugins \ No newline at end of file
diff --git a/playbooks/common/openshift-docker/roles b/playbooks/common/openshift-docker/roles
new file mode 120000
index 000000000..20c4c58cf
--- /dev/null
+++ b/playbooks/common/openshift-docker/roles
@@ -0,0 +1 @@
+../../../roles \ No newline at end of file
diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml
index a0dd330e7..9a5ae0e6b 100644
--- a/playbooks/common/openshift-etcd/config.yml
+++ b/playbooks/common/openshift-etcd/config.yml
@@ -14,7 +14,8 @@
public_hostname: "{{ openshift_public_hostname | default(None) }}"
deployment_type: "{{ openshift_deployment_type }}"
- role: etcd
- local_facts: {}
+ local_facts:
+ etcd_image: "{{ osm_etcd_image | default(None) }}"
- name: Check status of etcd certificates
stat:
path: "{{ item }}"
@@ -87,7 +88,8 @@
when: etcd_server_certs_missing
roles:
- etcd
- - { role: nickhammond.logrotate, when: not is_atomic }
+ - role: nickhammond.logrotate
+ when: not openshift.common.is_containerized | bool
- name: Delete temporary directory on localhost
hosts: localhost
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 453adb4ff..9c800af39 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -328,7 +328,7 @@
roles:
- openshift_master
- role: nickhammond.logrotate
- when: not is_atomic
+ when: not openshift.common.is_containerized | bool
- role: fluentd_master
when: openshift.common.use_fluentd | bool
post_tasks:
@@ -357,7 +357,7 @@
cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}"
roles:
- role: cockpit
- when: ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and
+ when: not openshift.common.is_containerized and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and
(osm_use_cockpit | bool or osm_use_cockpit is undefined )
- name: Configure flannel
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 6eee75064..80098d240 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -181,7 +181,7 @@
- role: flannel
when: openshift.common.use_flannel | bool
- role: nickhammond.logrotate
- when: not is_atomic
+ when: not openshift.common.is_containerized | bool
- role: fluentd_node
when: openshift.common.use_fluentd | bool
tasks:
diff --git a/roles/docker/README.md b/roles/docker/README.md
index 46f259eb7..6b5ee4421 100644
--- a/roles/docker/README.md
+++ b/roles/docker/README.md
@@ -1,4 +1,4 @@
-Role Name
+Docker
=========
Ensures docker package is installed, and optionally raises timeout for systemd-udevd.service to 5 minutes.
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 7939221a1..4e24fd3b3 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -1,10 +1,18 @@
---
# tasks file for docker
- name: Install docker
- action: "{{ ansible_pkg_mgr }} name=docker state=present" and not is_atomic
+ action: "{{ ansible_pkg_mgr }} name=docker state=present"
+ when: not openshift.common.is_atomic | bool
- name: enable and start the docker service
- service: name=docker enabled=yes state=started
+ service:
+ name: docker
+ enabled: yes
+ state: started
+ register: start_result
+
+- set_fact:
+ docker_service_status_changed = start_result | changed
- include: udev_workaround.yml
when: docker_udev_workaround | default(False)
diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml
index 0fd3de585..9e7fa59cf 100644
--- a/roles/etcd/defaults/main.yaml
+++ b/roles/etcd/defaults/main.yaml
@@ -1,4 +1,5 @@
---
+etcd_service: "{{ 'etcd' if not openshift.common.is_containerized else 'etcd_container' }}"
etcd_interface: "{{ ansible_default_ipv4.interface }}"
etcd_client_port: 2379
etcd_peer_port: 2380
diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml
index 4c0efb97b..aeb26d6b2 100644
--- a/roles/etcd/handlers/main.yml
+++ b/roles/etcd/handlers/main.yml
@@ -1,4 +1,5 @@
---
+
- name: restart etcd
- service: name=etcd state=restarted
+ service: name={{ etcd_service }} state=restarted
when: not etcd_service_status_changed | default(false)
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index d661ce437..aef52886b 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -7,8 +7,42 @@
msg: IPv4 address not found for {{ etcd_interface }}
when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4"
+- debug: var=openshift.common.is_containerized
+- debug: var=openshift.common.is_atomic
+
- name: Install etcd
- action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present" and not is_atomic
+ action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present"
+ when: not openshift.common.is_containerized | bool
+
+- name: Pull etcd container
+ command: >
+ docker pull {{ openshift.etcd.etcd_image }}
+ when: openshift.common.is_containerized | bool
+
+- name: Install etcd container service file
+ template:
+ dest: "/etc/systemd/system/etcd_container.service"
+ src: etcd.docker.service
+ register: install_etcd_result
+ when: openshift.common.is_containerized | bool
+
+- name: Ensure etcd datadir exists
+ when: openshift.common.is_containerized | bool
+ file:
+ path: "{{ etcd_data_dir }}"
+ state: directory
+ mode: 0700
+
+- name: Disable system etcd when containerized
+ when: openshift.common.is_containerized | bool
+ service:
+ name: etcd
+ state: stopped
+ enabled: no
+
+- name: Reload systemd units
+ command: systemctl daemon-reload
+ when: openshift.common.is_containerized and ( install_etcd_result | changed )
- name: Validate permissions on the config dir
file:
@@ -52,7 +86,7 @@
- name: Enable etcd
service:
- name: etcd
+ name: "{{ etcd_service }}"
state: started
enabled: yes
register: start_result
diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2
index 32577c96c..28816fd87 100644
--- a/roles/etcd/templates/etcd.conf.j2
+++ b/roles/etcd/templates/etcd.conf.j2
@@ -15,13 +15,13 @@ ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }}
ETCD_NAME=default
{% endif %}
ETCD_DATA_DIR={{ etcd_data_dir }}
-#ETCD_SNAPSHOT_COUNTER="10000"
-ETCD_HEARTBEAT_INTERVAL="500"
-ETCD_ELECTION_TIMEOUT="2500"
+#ETCD_SNAPSHOT_COUNTER=10000
+ETCD_HEARTBEAT_INTERVAL=500
+ETCD_ELECTION_TIMEOUT=2500
ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }}
-#ETCD_MAX_SNAPSHOTS="5"
-#ETCD_MAX_WALS="5"
-#ETCD_CORS=""
+#ETCD_MAX_SNAPSHOTS=5
+#ETCD_MAX_WALS=5
+#ETCD_CORS=
{% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 1 %}
#[cluster]
@@ -29,15 +29,15 @@ ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }}
ETCD_INITIAL_CLUSTER={{ initial_cluster() }}
ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }}
ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }}
-#ETCD_DISCOVERY=""
-#ETCD_DISCOVERY_SRV=""
-#ETCD_DISCOVERY_FALLBACK="proxy"
-#ETCD_DISCOVERY_PROXY=""
+#ETCD_DISCOVERY=
+#ETCD_DISCOVERY_SRV=
+#ETCD_DISCOVERY_FALLBACK=proxy
+#ETCD_DISCOVERY_PROXY=
{% endif %}
ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }}
#[proxy]
-#ETCD_PROXY="off"
+#ETCD_PROXY=off
#[security]
{% if etcd_url_scheme == 'https' -%}
diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service
new file mode 100644
index 000000000..8058fa188
--- /dev/null
+++ b/roles/etcd/templates/etcd.docker.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=The Etcd Server container
+After=docker.service
+
+[Service]
+EnvironmentFile=/etc/etcd/etcd.conf
+ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }}
+ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:z --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }}
+ExecStop=/usr/bin/docker stop {{ etcd_service }}
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/fluentd_master/tasks/main.yml b/roles/fluentd_master/tasks/main.yml
index ddfa39284..a9531eecf 100644
--- a/roles/fluentd_master/tasks/main.yml
+++ b/roles/fluentd_master/tasks/main.yml
@@ -1,7 +1,7 @@
---
- fail:
msg: "fluentd master is not yet supported on atomic hosts"
- when: is_atomic
+ when: openshift.common.is_containerized | bool
# TODO: Update fluentd install and configuration when packaging is complete
- name: download and install td-agent
diff --git a/roles/fluentd_node/tasks/main.yml b/roles/fluentd_node/tasks/main.yml
index 4a29d1270..0c0dae973 100644
--- a/roles/fluentd_node/tasks/main.yml
+++ b/roles/fluentd_node/tasks/main.yml
@@ -1,7 +1,7 @@
---
- fail:
msg: "fluentd node is not yet supported on atomic hosts"
- when: is_atomic
+ when: openshift.common.is_containerized | bool
# TODO: Update fluentd install and configuration when packaging is complete
- name: download and install td-agent
diff --git a/roles/kube_nfs_volumes/tasks/main.yml b/roles/kube_nfs_volumes/tasks/main.yml
index 85338cd84..b3fe2f185 100644
--- a/roles/kube_nfs_volumes/tasks/main.yml
+++ b/roles/kube_nfs_volumes/tasks/main.yml
@@ -1,7 +1,7 @@
---
- fail:
- msg: "That playbook is not yet supported on atomic hosts"
- when: is_atomic
+ msg: "This role is not yet supported on atomic hosts"
+ when: openshift.common.is_atomic | bool
- name: Install pyparted (RedHat/Fedora)
action: "{{ ansible_pkg_mgr }} name=pyparted,python-httplib2 state=present"
diff --git a/roles/openshift_docker/meta/main.yml b/roles/openshift_docker/meta/main.yml
new file mode 100644
index 000000000..1e8f8b719
--- /dev/null
+++ b/roles/openshift_docker/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Jason DeTiberus
+ description: OpenShift Docker
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.9
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- { role: openshift_common }
+- { role: docker }
diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml
new file mode 100644
index 000000000..f63b3acd5
--- /dev/null
+++ b/roles/openshift_docker/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- openshift_facts:
+ - role: common
+ local_facts:
+ deployment_type: "{{ openshift_deployment_type }}"
+ docker_additional_registries: "{{ docker_additional_registries | oo_split() }}"
+ docker_insecure_registries: "{{ docker_insecure_registries | oo_split() }}"
+ docker_blocked_registries: "{{ docker_blocked_registries | oo_split() }}"
+
+- name: Set registry params
+ lineinfile:
+ dest: /etc/sysconfig/docker
+ regexp: '^{{ reg_conf_var }}=.*$'
+ line: "{{ reg_conf_var }}='{{ reg_fact_val | oo_prepend_strings_in_list(reg_flag ~ ' ') | join(' ') }}'"
+ when: "'docker_additional_registries' in openshift.common"
+ with_items:
+ - reg_conf_var: ADD_REGISTRY
+ reg_fact_val: {{ openshift.common.docker_additional_registries }}
+ reg_flag: --add-registry
+ - reg_conf_var: BLOCK_REGISTRY
+ reg_fact_val: {{ openshift.common.docker_blocked_registries }}
+ reg_flag: --block-registry
+ - reg_conf_var: INSECURE_REGISTRY
+ reg_fact_val: {{ openshift.common.docker_insecure_registries }}
+ reg_flag: --insecure-registry
+ notify:
+ - restart docker
diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml
index ae642fae1..d318d17e3 100644
--- a/roles/openshift_examples/defaults/main.yml
+++ b/roles/openshift_examples/defaults/main.yml
@@ -8,7 +8,7 @@ openshift_examples_load_quickstarts: true
content_version: "{{ 'v1.1' if openshift.common.version_greater_than_3_1_or_1_1 else 'v1.0' }}"
-examples_base: "{% if is_atomic %}{{ openshift.common.config_base }}{% else %}/usr/share/openshift{% endif %}/examples"
+examples_base: "{% if openshift.common.is_atomic %}{{ openshift.common.config_base }}{% else %}/usr/share/openshift{% endif %}/examples"
image_streams_base: "{{ examples_base }}/image-streams"
centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json"
rhel_image_streams: "{{ image_streams_base}}/image-streams-rhel7.json"
diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml
index b74d635d5..cdd813e6a 100644
--- a/roles/openshift_expand_partition/tasks/main.yml
+++ b/roles/openshift_expand_partition/tasks/main.yml
@@ -1,13 +1,14 @@
---
- name: Ensure growpart is installed
- action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present" and not is_atomic
+ action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present"
+ when: not openshift.common.is_containerized | bool
- name: Determine if growpart is installed
command: "rpm -q cloud-utils-growpart"
register: has_growpart
failed_when: "has_growpart.cr != 0 and 'package cloud-utils-growpart is not installed' not in has_growpart.stdout"
changed_when: false
- when: is_atomic
+ when: openshift.common.is_containerized | bool
- name: Grow the partitions
command: "growpart {{oep_drive}} {{oep_partition}}"
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 4278111c2..8e733a3a2 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -643,6 +643,20 @@ def set_deployment_facts_if_unset(facts):
data_dir = '/var/lib/openshift'
facts['common']['data_dir'] = data_dir
+ # remove duplicate and empty strings from registry lists
+ for cat in ['additional', 'blocked', 'insecure']:
+ key = 'docker_{0}_registries'.format(cat)
+ if key in facts['common']:
+ facts['common'][key] = set(facts['common'][key]) - set([''])
+
+
+ if deployment_type in ['enterprise', 'atomic-enterprise', 'openshift-enterprise']:
+ addtl_regs = facts['common']['docker_additional_registries']:
+ ent_reg = 'registry.access.redhat.com'
+ if ent_reg not in addtl_regs
+ facts['common']['docker_additional_registries'].append(ent_reg)
+
+
for role in ('master', 'node'):
if role in facts:
deployment_type = facts['common']['deployment_type']
@@ -1032,7 +1046,7 @@ class OpenShiftFacts(object):
facts = set_version_facts_if_unset(facts)
facts = set_aggregate_facts(facts)
facts = set_etcd_facts_if_unset(facts)
- facts = self.init_in_docker_facts(facts)
+ facts = self.set_containerized_facts_if_unset(facts)
return dict(openshift=facts)
def get_defaults(self, roles):
@@ -1199,26 +1213,54 @@ class OpenShiftFacts(object):
self.changed = changed
return new_local_facts
- def init_in_docker_facts(self, facts):
- facts['is_atomic'] = os.path.isfile('/run/ostree-booted')
-
- docker = dict()
- docker['image_name'] = 'openshift/origin'
- # TODO: figure out right way to set the version
- docker['image_version'] = 'latest'
- docker['image'] = "%s:%s" % (docker['image_name'], docker['image_version'])
+ def set_containerized_facts_if_unset(self, facts):
+ deployment_type = facts['common']['deployment_type']
+ if deployment_type in ['enterprise','openshift-enterprise']:
+ master_image = 'openshift3/ose'
+ cli_image = master_image
+ node_image = 'openshift3/node'
+ ovs_image = 'openshift3/openvswitch'
+ etcd_image = 'registry.access.redhat.com/rhel7/etcd'
+ elif deployment_type == 'atomic-enterprise':
+ master_image = 'aep3_beta/aep'
+ cli_image = master_image
+ node_image = 'aep3_beta/node'
+ ovs_image = 'aep3_beta/openvswitch'
+ etcd_image = 'registry.access.redhat.com/rhel7/etcd'
+ else:
+ master_image = 'openshift/origin'
+ cli_image = master_image
+ node_image = 'openshift/node'
+ ovs_image = 'openshift/openvswitch'
+ etcd_image = 'registry.access.redhat.com/rhel7/etcd'
+
+ facts['common']['is_atomic'] = os.path.isfile('/run/ostree-booted')
+ if 'is_containerized' not in facts['common']:
+ facts['common']['is_containerized'] = facts['common']['is_atomic']
+ if 'cli_image' not in facts['common']:
+ facts['common']['cli_image'] = cli_image
+ if 'master' in facts:
+ if 'master_image' not in facts['master']:
+ facts['master']['master_image'] = master_image
+ if 'node' in facts:
+ if 'node_image' not in facts ['node']:
+ facts['node']['node_image'] = node_image
+ if 'ovs_image' not in facts ['node']:
+ facts['node']['ovs_image'] = ovs_image
+ if 'etcd' in facts:
+ if 'etcd_image' not in facts['etcd']:
+ facts['etcd']['etcd_image'] = etcd_image
# shared /tmp/openshift vol is for file exchange with ansible
# --privileged is required to read the config dir
# --net host to access openshift from the container
# maybe -v /var/run/docker.sock:/var/run/docker.sock is required as well
- docker['runner'] = "docker run --rm --privileged --net host -v /tmp/openshift:/tmp/openshift -v {datadir}:{datadir} -v {confdir}:{confdir} -e KUBECONFIG={confdir}/master/admin.kubeconfig {image}".format(confdir=facts['common']['config_base'], datadir=facts['common']['data_dir'], image=docker['image'])
+ runner = "docker run --rm --privileged --net host -v /tmp/openshift:/tmp/openshift -v {datadir}:{datadir} -v {confdir}:{confdir} -e KUBECONFIG={confdir}/master/admin.kubeconfig {image}".format(confdir=facts['common']['config_base'], datadir=facts['common']['data_dir'], image=facts['common']['cli_image'])
- if facts['is_atomic']:
- facts['common']['client_binary'] = '%s cli' % docker['runner']
- facts['common']['admin_binary'] = '%s admin' % docker['runner']
+ if facts['common']['is_containerized']:
+ facts['common']['client_binary'] = '%s cli' % runner
+ facts['common']['admin_binary'] = '%s admin' % runner
- facts['docker'] = docker
return facts
diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml
index e98b7c591..832f7ad84 100644
--- a/roles/openshift_facts/tasks/main.yml
+++ b/roles/openshift_facts/tasks/main.yml
@@ -6,20 +6,6 @@
- ansible_version | version_compare('1.9.0', 'ne')
- ansible_version | version_compare('1.9.0.1', 'ne')
-- name: Determine if Atomic
- stat: path=/run/ostree-booted
- register: s
- changed_when: false
-
-- name: Init the is_atomic fact
- set_fact:
- is_atomic: false
-
-- name: Set the is_atomic fact
- set_fact:
- is_atomic: true
- when: s.stat.exists
-
- name: Ensure PyYaml is installed
action: "{{ ansible_pkg_mgr }} name=PyYAML state=present"
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 6844a16cc..e9e77d231 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -20,10 +20,9 @@
- fail:
msg: "openshift_master_cluster_password must be set for multi-master installations"
when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password)
-
- fail:
- msg: "openshift_master_ha is not yet supported on atomic hosts"
- when: openshift_master_ha | bool and is_atomic
+ msg: "Pacemaker based HA is not supported at this time when used with containerized installs"
+ when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and openshift.common.is_containerized | bool
- name: Set master facts
openshift_facts:
@@ -80,28 +79,38 @@
disabled_features: "{{ osm_disabled_features | default(None) }}"
master_count: "{{ openshift_master_count | default(None) }}"
controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}"
+ master_image: "{{ osm_image | default(None) }}"
- name: Install Master package
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version }} state=present"
- when: not is_atomic
+ when: not openshift.common.is_containerized | bool
# TODO: enable when ansible#1993 lands and is widespread enough
# - name: Docker image present
# docker:
# image: "{{ openshift.common.docker.image }}"
# state: image_present
-# when: is_atomic
+# when: openshift.common.is_containerized | bool
- name: Install Master docker service file
template:
dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service"
- src: openshift.docker.master.service
- register: install_result
- when: is_atomic
+ src: master.docker.service.j2
+ register: install_result
+ when: openshift.common.is_containerized | bool and not openshift_master_ha | bool
+
+- name: Create openshift.common.data_dir
+ file:
+ path: "{{ openshift.common.data_dir }}"
+ state: directory
+ mode: 0755
+ owner: root
+ group: root
+ when: openshift.common.is_containerized | bool
-- name: Reload systemd units
+- name: Reload systemd units
command: systemctl daemon-reload
- when: is_atomic and install_result | changed
+ when: openshift.common.is_containerized | bool and install_result | changed
- name: Re-gather package dependent master facts
openshift_facts:
@@ -134,9 +143,9 @@
- name: Install httpd-tools if needed
action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present"
- when: (item.kind == 'HTPasswdPasswordIdentityProvider')
+ when: (item.kind == 'HTPasswdPasswordIdentityProvider') and
+ not openshift.common.is_containerized | bool
with_items: openshift.master.identity_providers
- when: not is_atomic
- name: Ensure htpasswd directory exists
file:
@@ -154,16 +163,27 @@
when: item.kind == 'HTPasswdPasswordIdentityProvider'
with_items: openshift.master.identity_providers
+- name: Init HA Service Info
+ set_fact:
+ ha_suffix: ""
+ ha_svcdir: "/usr/lib/systemd/system"
+
+- name: Set HA Service Info for containerized installs
+ set_fact:
+ ha_suffix: ".docker"
+ ha_svcdir: "/etc/systemd/system"
+ when: openshift.common.is_containerized | bool
+
# workaround for missing systemd unit files for controllers/api
- name: Create the api service file
template:
- src: atomic-openshift-master-api.service.j2
- dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-api.service
+ src: atomic-openshift-master-api{{ ha_suffix }}.service.j2
+ dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-api.service"
when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
- name: Create the controllers service file
template:
- src: atomic-openshift-master-controllers.service.j2
- dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-controllers.service
+ src: atomic-openshift-master-controllers{{ ha_suffix }}.service.j2
+ dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-controllers.service"
when: openshift_master_ha | bool and openshift_master_cluster_method == "native"
- name: Create the api env file
template:
@@ -251,6 +271,10 @@
when: not openshift_master_ha | bool
register: start_result
+- name: Stop and disable non HA master when running HA
+ service: name={{ openshift.common.service_type }}-master enabled=no state=stopped
+ when: openshift_master_ha | bool
+
- set_fact:
master_service_status_changed: start_result | changed
when: not openshift_master_ha | bool
@@ -275,12 +299,14 @@
- name: Install cluster packages
action: "{{ ansible_pkg_mgr }} name=pcs state=present"
- when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' and not is_atomic
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker'
+ and not openshift.common.is_containerized | bool
register: install_result
- name: Start and enable cluster service
service: name=pcsd enabled=yes state=started
when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker'
+ and not openshift.common.is_containerized | bool
- name: Set the cluster user password
shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster
@@ -307,7 +333,6 @@
command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config
args:
creates: ~{{ item }}/.kube/config
- when: not is_atomic
with_items:
- root
- "{{ ansible_ssh_user }}"
diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2
new file mode 100644
index 000000000..936c39edf
--- /dev/null
+++ b/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2
@@ -0,0 +1,26 @@
+[Unit]
+Description=Atomic OpenShift Master API
+Documentation=https://github.com/openshift/origin
+After=network.target
+After=etcd.service
+Before={{ openshift.common.service_type }}-node.service
+Requires=network.target
+Requires=docker.service
+PartOf=docker.service
+
+[Service]
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api
+Environment=GOTRACEBACK=crash
+ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master api --config=${CONFIG_FILE} $OPTIONS
+ExecStartPost=/usr/bin/sleep 10
+ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api
+LimitNOFILE=131072
+LimitCORE=infinity
+WorkingDirectory={{ openshift.common.data_dir }}
+SyslogIdentifier=atomic-openshift-master-api
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+WantedBy={{ openshift.common.service_type }}-node.service \ No newline at end of file
diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2
new file mode 100644
index 000000000..6ba7d6e2a
--- /dev/null
+++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2
@@ -0,0 +1,25 @@
+[Unit]
+Description=Atomic OpenShift Master Controllers
+Documentation=https://github.com/openshift/origin
+After=network.target
+After={{ openshift.common.service_type }}-master-api.service
+Before={{ openshift.common.service_type }}-node.service
+Requires=docker.service
+PartOf=docker.service
+
+[Service]
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+Environment=GOTRACEBACK=crash
+ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master controllers --config=${CONFIG_FILE} $OPTIONS
+ExecStartPost=/usr/bin/sleep 10
+ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers
+LimitNOFILE=131072
+LimitCORE=infinity
+WorkingDirectory={{ openshift.common.data_dir }}
+SyslogIdentifier={{ openshift.common.service_type }}-master-controllers
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/templates/openshift.docker.master.service b/roles/openshift_master/templates/master.docker.service.j2
index 9e436f8eb..8b23d70b1 100644
--- a/roles/openshift_master/templates/openshift.docker.master.service
+++ b/roles/openshift_master/templates/master.docker.service.j2
@@ -1,11 +1,16 @@
[Unit]
After=docker.service
-Require=docker.service
+Before={{ openshift.common.service_type }}-node.service
+Requires=docker.service
+PartOf=docker.service
[Service]
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master
-ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start master --config=${CONFIG_FILE} ${OPTIONS}
+ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master --config=${CONFIG_FILE} $OPTIONS
+ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master
+Restart=always
[Install]
WantedBy=multi-user.target
diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml
index 875d61a3b..534465451 100644
--- a/roles/openshift_master/vars/main.yml
+++ b/roles/openshift_master/vars/main.yml
@@ -5,8 +5,6 @@ openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.js
openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml"
openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json"
openshift_version: "{{ openshift_pkg_version | default('') }}"
-openshift_docker_image_name: openshift/origin
-openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}"
openshift_master_valid_grant_methods:
- auto
diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml
index c179ceb61..17d832d26 100644
--- a/roles/openshift_master_ca/tasks/main.yml
+++ b/roles/openshift_master_ca/tasks/main.yml
@@ -1,7 +1,7 @@
---
- name: Install the base package for admin tooling
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version }} state=present"
- when: not is_atomic
+ when: openshift.common.is_containerized | bool
- name: Reload generated facts
openshift_facts:
@@ -12,6 +12,11 @@
path: "{{ openshift_master_config_dir }}"
state: directory
+- name: Pull required docker image
+ command: >
+ docker pull {{ openshift.common.cli_image }}
+ when: openshift.common.is_containerized | bool
+
- name: Create the master certificates if they do not already exist
command: >
{{ openshift.common.admin_binary }} create-master-certs
diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml
index 0f1f32a34..b35339b18 100644
--- a/roles/openshift_master_ca/vars/main.yml
+++ b/roles/openshift_master_ca/vars/main.yml
@@ -4,6 +4,3 @@ openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
openshift_version: "{{ openshift_pkg_version | default('') }}"
-
-openshift_docker_image_name: openshift/origin
-openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}"
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 13e5d7a4b..36d953111 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -16,6 +16,8 @@
- admin.kubeconfig
- master.kubelet-client.crt
- master.kubelet-client.key
+ - master.server.crt
+ - master.server.key
- openshift-master.crt
- openshift-master.key
- openshift-master.kubeconfig
diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml
index 978e2920d..40705d357 100644
--- a/roles/openshift_master_cluster/tasks/main.yml
+++ b/roles/openshift_master_cluster/tasks/main.yml
@@ -1,7 +1,7 @@
---
- fail:
msg: "Not possible on atomic hosts for now"
- when: is_atomic
+ when: openshift.common.is_containerized | bool
- name: Test if cluster is already configured
command: pcs status
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 8607aa3fb..67c6387a3 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -4,10 +4,6 @@
msg: "SELinux is disabled, This deployment type requires that SELinux is enabled."
when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise']
-- fail:
- msg: "This playbook does not support using SDN on atomic hosts yet"
- when: openshift.common.use_openshift_sdn and is_atomic
-
- name: Set node facts
openshift_facts:
role: "{{ item.role }}"
@@ -37,16 +33,50 @@
sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}"
set_node_ip: "{{ openshift_set_node_ip | default(None) }}"
+ node_image: "{{ osn_image | default(None) }}"
+ ovs_image: "{{ osn_ovs_image | default(None) }}"
# We have to add tuned-profiles in the same transaction otherwise we run into depsolving
-# problems because the rpms don't pin the version properly.
+# problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging.
- name: Install Node package
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present"
- when: not is_atomic
+ when: not openshift.common.is_containerized | bool
- name: Install sdn-ovs package
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present"
- when: openshift.common.use_openshift_sdn and not is_atomic
+ when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool
+
+- name: Install Node docker service file
+ template:
+ dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service"
+ src: openshift.docker.node.service
+ register: install_node_result
+ when: openshift.common.is_containerized | bool
+
+- name: Create openshift.common.data_dir
+ file:
+ path: openshift.common.data_dir
+ state: directory
+ mode: 0755
+ owner: root
+ group: root
+ when: openshift.common.is_containerized | bool
+
+- name: Install OpenvSwitch docker service file
+ template:
+ dest: "/etc/systemd/system/openvswitch.service"
+ src: openvswitch.docker.service
+ register: install_ovs_result
+ when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool
+
+- name: Reload systemd units
+ command: systemctl daemon-reload
+ when: openshift.common.is_containerized and ( ( install_node_result | changed )
+ or ( install_ovs_result | changed ) )
+
+- name: Start and enable openvswitch docker service
+ service: name=openvswitch.service enabled=yes state=started
+ when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool
# TODO: add the validate parameter when there is a validation command to run
- name: Create the Node config
@@ -71,64 +101,6 @@
notify:
- restart node
-- stat: path=/etc/sysconfig/docker
- register: docker_check
-
- # TODO: Enable secure registry when code available in origin
-- name: Secure Registry and Logs Options
- lineinfile:
- dest: /etc/sysconfig/docker
- regexp: '^OPTIONS=.*$'
- line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \
-{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \
-{% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }} {% endif %} \
-{% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '"
- when: docker_check.stat.isreg
- notify:
- - restart docker
-
-- set_fact:
- docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries')
- | oo_split() | union(['registry.access.redhat.com'])
- | difference(['']) }}"
- when: openshift.common.deployment_type in ['enterprise', 'openshift-enterprise', 'atomic-enterprise']
-- set_fact:
- docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries')
- | oo_split() | difference(['']) }}"
- when: openshift.common.deployment_type not in ['enterprise', 'openshift-enterprise', 'atomic-enterprise']
-
-- name: Add personal registries
- lineinfile:
- dest: /etc/sysconfig/docker
- regexp: '^ADD_REGISTRY=.*$'
- line: "ADD_REGISTRY='{{ docker_additional_registries
- | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'"
- when: docker_check.stat.isreg and docker_additional_registries
- notify:
- - restart docker
-
-- name: Block registries
- lineinfile:
- dest: /etc/sysconfig/docker
- regexp: '^BLOCK_REGISTRY=.*$'
- line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split()
- | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'"
- when: docker_check.stat.isreg and
- lookup('oo_option', 'docker_blocked_registries') != ''
- notify:
- - restart docker
-
-- name: Grant access to additional insecure registries
- lineinfile:
- dest: /etc/sysconfig/docker
- regexp: '^INSECURE_REGISTRY=.*'
- line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split()
- | oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'"
- when: docker_check.stat.isreg and
- lookup('oo_option', 'docker_insecure_registries') != ''
- notify:
- - restart docker
-
- name: Additional storage plugin configuration
include: storage_plugins/main.yml
diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml
index 39c7b9390..d237c26ec 100644
--- a/roles/openshift_node/tasks/storage_plugins/main.yml
+++ b/roles/openshift_node/tasks/storage_plugins/main.yml
@@ -3,11 +3,12 @@
# additional package dependencies
- name: NFS storage plugin configuration
include: nfs.yml
+ when: not openshift.common.is_containerized | bool
- name: GlusterFS storage plugin configuration
include: glusterfs.yml
- when: "'glusterfs' in openshift.node.storage_plugin_deps"
+ when: "'glusterfs' in openshift.node.storage_plugin_deps and not openshift.common.is_containerized | bool "
- name: Ceph storage plugin configuration
include: ceph.yml
- when: "'ceph' in openshift.node.storage_plugin_deps"
+ when: "'ceph' in openshift.node.storage_plugin_deps and not openshift.common.is_containerized | bool"
diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service
index e9df34940..7a11a10fa 100644
--- a/roles/openshift_node/templates/openshift.docker.node.service
+++ b/roles/openshift_node/templates/openshift.docker.node.service
@@ -1,11 +1,20 @@
[Unit]
After=docker.service
-Require=docker.service
+After={{ openshift.common.service_type }}-master.service
+After=openvswitch.service
+{% if openshift.common.use_openshift_sdn %}
+Requires=openvswitch.service
+{% endif %}
+Requires=docker.service
+PartOf=docker.service
[Service]
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
-ExecStart=/usr/bin/docker run --rm --privileged --net=host --name "{{ openshift.common.service_type }}-node" -v /:/rootfs:ro -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start node --config=${CONFIG_FILE} ${OPTIONS}
+ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node
+ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system {{ openshift.node.node_image }}
+ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node
+Restart=always
[Install]
WantedBy=multi-user.target
diff --git a/roles/openshift_node/templates/openvswitch.docker.service b/roles/openshift_node/templates/openvswitch.docker.service
new file mode 100644
index 000000000..0b42ca6d5
--- /dev/null
+++ b/roles/openshift_node/templates/openvswitch.docker.service
@@ -0,0 +1,13 @@
+[Unit]
+After=docker.service
+Requires=docker.service
+PartOf=docker.service
+
+[Service]
+ExecStartPre=-/usr/bin/docker rm -f openvswitch
+ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ openshift.node.ovs_image }}
+ExecStop=/usr/bin/docker stop openvswitch
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml
index c57d1bcca..43dc50ca8 100644
--- a/roles/openshift_node/vars/main.yml
+++ b/roles/openshift_node/vars/main.yml
@@ -2,6 +2,3 @@
openshift_node_config_dir: "{{ openshift.common.config_base }}/node"
openshift_node_config_file: "{{ openshift_node_config_dir }}/node-config.yaml"
openshift_version: "{{ openshift_pkg_version | default('') }}"
-
-openshift_docker_image_name: openshift/origin
-openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}"
diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml
index 6d0d1d493..6d910a66e 100644
--- a/roles/openshift_repos/tasks/main.yaml
+++ b/roles/openshift_repos/tasks/main.yaml
@@ -12,20 +12,20 @@
- name: Ensure libselinux-python is installed
action: "{{ ansible_pkg_mgr }} name=libselinux-python state=present"
- when: not is_atomic
+ when: not openshift.common.is_containerized | bool
- name: Create any additional repos that are defined
template:
src: yum_repo.j2
dest: /etc/yum.repos.d/openshift_additional.repo
- when: openshift_additional_repos | length > 0 and not is_atomic
+ when: openshift_additional_repos | length > 0 and not openshift.common.is_containerized | bool
notify: refresh cache
- name: Remove the additional repos if no longer defined
file:
dest: /etc/yum.repos.d/openshift_additional.repo
state: absent
- when: openshift_additional_repos | length == 0 and not is_atomic
+ when: openshift_additional_repos | length == 0 and not openshift.common.is_containerized | bool
notify: refresh cache
- name: Remove any yum repo files for other deployment types RHEL/CentOS
@@ -36,7 +36,7 @@
- '*/repos/*'
when: not (item | search("/files/" ~ openshift_deployment_type ~ "/repos")) and
(ansible_os_family == "RedHat" and ansible_distribution != "Fedora")
- and not is_atomic
+ and not openshift.common.is_containerized | bool
notify: refresh cache
- name: Remove any yum repo files for other deployment types Fedora
@@ -47,7 +47,7 @@
- '*/repos/*'
when: not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) and
(ansible_distribution == "Fedora")
- and not is_atomic
+ and not openshift.common.is_containerized | bool
notify: refresh cache
- name: Configure gpg keys if needed
@@ -55,6 +55,7 @@
with_fileglob:
- "{{ openshift_deployment_type }}/gpg_keys/*"
notify: refresh cache
+ when: not openshift.common.is_containerized | bool
- name: Configure yum repositories RHEL/CentOS
copy: src={{ item }} dest=/etc/yum.repos.d/
@@ -62,11 +63,11 @@
- "{{ openshift_deployment_type }}/repos/*"
notify: refresh cache
when: (ansible_os_family == "RedHat" and ansible_distribution != "Fedora")
- and not is_atomic
+ and not openshift.common.is_containerized | bool
- name: Configure yum repositories Fedora
copy: src={{ item }} dest=/etc/yum.repos.d/
with_fileglob:
- "fedora-{{ openshift_deployment_type }}/repos/*"
notify: refresh cache
- when: (ansible_distribution == "Fedora") and not is_atomic
+ when: (ansible_distribution == "Fedora") and not openshift.common.is_containerized | bool
diff --git a/roles/openshift_storage_nfs_lvm/tasks/main.yml b/roles/openshift_storage_nfs_lvm/tasks/main.yml
index ead81b876..ea0cc2a94 100644
--- a/roles/openshift_storage_nfs_lvm/tasks/main.yml
+++ b/roles/openshift_storage_nfs_lvm/tasks/main.yml
@@ -1,4 +1,9 @@
---
+# TODO -- this may actually work on atomic hosts
+- fail:
+ msg: "openshift_storage_nfs_lvm is not compatible with atomic host"
+ when: openshift.common.is_atomic | true
+
- name: Create lvm volumes
lvol: vg={{osnl_volume_group}} lv={{ item }} size={{osnl_volume_size}}G
with_sequence: start={{osnl_volume_num_start}} count={{osnl_number_of_volumes}} format={{osnl_volume_prefix}}{{osnl_volume_size}}g%04d
diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
index df7c0e57d..fc8de1cb5 100644
--- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
+++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
@@ -1,7 +1,7 @@
---
- name: Install NFS server
action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present"
- when: not is_atomic
+ when: not openshift.common.is_containerized | bool
- name: Start rpcbind
service: name=rpcbind state=started enabled=yes
diff --git a/roles/os_env_extras/tasks/main.yaml b/roles/os_env_extras/tasks/main.yaml
index d52795289..628df713a 100644
--- a/roles/os_env_extras/tasks/main.yaml
+++ b/roles/os_env_extras/tasks/main.yaml
@@ -13,4 +13,4 @@
- name: Bash Completion
action: "{{ ansible_pkg_mgr }} name=bash-completion state=present"
- when: not is_atomic \ No newline at end of file
+ when: not openshift.common.is_containerized | bool \ No newline at end of file
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 01b8263d5..d26ba7ee9 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -5,7 +5,7 @@
- iptables
- iptables-services
register: install_result
- when: not is_atomic
+ when: not openshift.common.is_containerized | bool
- name: Check if firewalld is installed
command: rpm -q firewalld
diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml
index 3c3e80979..2400164fa 100644
--- a/roles/os_update_latest/tasks/main.yml
+++ b/roles/os_update_latest/tasks/main.yml
@@ -1,8 +1,8 @@
---
- fail:
msg: "Update is not yet supported by this playbook on atomic hosts"
- when: is_atomic
+ when: openshift.common.is_containerized | bool
- name: Update all packages
action: "{{ ansible_pkg_mgr }} name=* state=latest"
- when: not is_atomic \ No newline at end of file
+ when: not openshift.common.is_containerized | bool \ No newline at end of file
diff --git a/roles/os_zabbix/tasks/main.yml b/roles/os_zabbix/tasks/main.yml
index bd879c25f..a8b65dd56 100644
--- a/roles/os_zabbix/tasks/main.yml
+++ b/roles/os_zabbix/tasks/main.yml
@@ -1,7 +1,7 @@
---
- fail:
msg: "Zabbix config is not yet supported on atomic hosts"
- when: is_atomic
+ when: openshift.common.is_containerized | bool
- name: Main List all templates
zbx_template:
diff --git a/roles/yum_repos/tasks/main.yml b/roles/yum_repos/tasks/main.yml
index 252dc71d5..46928a00b 100644
--- a/roles/yum_repos/tasks/main.yml
+++ b/roles/yum_repos/tasks/main.yml
@@ -45,4 +45,4 @@
src: yumrepo.j2
dest: /etc/yum.repos.d/{{ item.id }}.repo
with_items: repo_files
- when: not is_atomic
+ when: not openshift.common.is_containerized | bool