diff options
| -rw-r--r-- | .tito/packages/openshift-ansible | 2 | ||||
| -rw-r--r-- | Dockerfile | 3 | ||||
| -rw-r--r-- | README.md | 7 | ||||
| -rw-r--r-- | inventory/byo/hosts.origin.example | 2 | ||||
| -rw-r--r-- | inventory/byo/hosts.ose.example | 2 | ||||
| -rw-r--r-- | openshift-ansible.spec | 19 | ||||
| -rw-r--r-- | playbooks/common/openshift-master/scaleup.yml | 2 | ||||
| -rw-r--r-- | playbooks/common/openshift-node/config.yml | 2 | ||||
| -rw-r--r-- | roles/etcd_common/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_cloud_provider/tasks/aws.yml | 12 | ||||
| -rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 24 | ||||
| -rw-r--r-- | roles/openshift_loadbalancer/tasks/main.yml | 10 | ||||
| -rw-r--r-- | roles/openshift_master/handlers/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_metrics/handlers/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/systemd_units.yml | 19 | ||||
| -rw-r--r-- | roles/openshift_node/templates/openvswitch-avoid-oom.conf | 3 | ||||
| -rwxr-xr-x | roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh | 47 | ||||
| -rw-r--r-- | utils/src/ooinstall/cli_installer.py | 37 | ||||
| -rw-r--r-- | utils/src/ooinstall/oo_config.py | 4 | ||||
| -rw-r--r-- | utils/src/ooinstall/variants.py | 7 |
20 files changed, 173 insertions, 35 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 25d0f87c7..1a1d3cabe 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.4.14-1 ./ +3.4.16-1 ./ diff --git a/Dockerfile b/Dockerfile index 70f6f8a18..f3d45837a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,6 +8,9 @@ LABEL Version="v3.1.1.901" LABEL Release="6" LABEL BZComponent="aos3-installation-docker" LABEL Architecture="x86_64" +LABEL io.k8s.description="Ansible code and playbooks for installing Openshift Container Platform." \ + io.k8s.display-name="Openshift Installer" \ + io.openshift.tags="openshift,installer" RUN INSTALL_PKGS="atomic-openshift-utils" && \ yum install -y --enablerepo=rhel-7-server-ose-3.2-rpms $INSTALL_PKGS && \ @@ -22,11 +22,16 @@ not practical to start over at 1.0. ##Setup - Install base dependencies: + - Requirements: + - Ansible >= 2.1.0 though 2.2 is preferred for performance reasons. + - Jinja >= 2.7 + - Fedora: ``` dnf install -y ansible-2.1.0.0 pyOpenSSL python-cryptography ``` - - OSX: + + - OSX: ``` # Install ansible 2.1.0.0 and python 2 brew install ansible python diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 04922894b..13f4c214c 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -30,7 +30,7 @@ deployment_type=origin # use this to lookup the latest exact version of the container images, which is the tag actually used to configure # the cluster. For RPM installations we just verify the version detected in your configured repos matches this # release. -openshift_release=v1.2 +openshift_release=v1.4 # Specify an exact container image tag to install or configure. # WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed. diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index fd5c8a5f4..2d54dfceb 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -30,7 +30,7 @@ deployment_type=openshift-enterprise # use this to lookup the latest exact version of the container images, which is the tag actually used to configure # the cluster. For RPM installations we just verify the version detected in your configured repos matches this # release. -openshift_release=v3.2 +openshift_release=v3.4 # Specify an exact container image tag to install or configure. # WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed. diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 69d02d43c..6d8132740 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.4.14 +Version: 3.4.16 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -249,6 +249,23 @@ Atomic OpenShift Utilities includes %changelog +* Wed Nov 02 2016 Scott Dodson <sdodson@redhat.com> 3.4.16-1 +- Fix HA environments incorrectly detecting mixed installed environments + (tbielawa@redhat.com) +- Deploy an OOM systemd override for openvswitch. (dgoodwin@redhat.com) +- Only restart dnsmasq if the DNS servers have changed (tbielawa@redhat.com) +- Update installation summary for etcd members (smunilla@redhat.com) +- Fix changed_when (sdodson@redhat.com) +- add io labels (tdawson@redhat.com) +- Touch all ini_file files before using them (sdodson@redhat.com) +- Remove commit offset strings from parsed versions (tbielawa@redhat.com) +- Update variant_version (smunilla@redhat.com) + +* Mon Oct 31 2016 Troy Dawson <tdawson@redhat.com> 3.4.15-1 +- Bump documented openshift_release for 1.4/3.4. (dgoodwin@redhat.com) +- Add requirements, fix a small formatting issue. + (erinn.looneytriggs@gmail.com) + * Fri Oct 28 2016 Troy Dawson <tdawson@redhat.com> 3.4.14-1 - Change HA master controller service to restart always. (dgoodwin@redhat.com) - Default hosted_registry_insecure true when insecure registry present in diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index 56ed09e1b..18e5c665f 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -33,7 +33,7 @@ service: name={{ openshift.common.service_type }}-master-controllers state=restarted - name: verify api server command: > - curl --silent + curl --silent --tlsv1.2 {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt {% else %} diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 5191662f7..4824eeef3 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -165,7 +165,7 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent + curl --silent --tlsv1.2 {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt {% else %} diff --git a/roles/etcd_common/defaults/main.yml b/roles/etcd_common/defaults/main.yml index 1ff1d6ef8..93633e3e6 100644 --- a/roles/etcd_common/defaults/main.yml +++ b/roles/etcd_common/defaults/main.yml @@ -25,7 +25,7 @@ etcd_ca_new_certs_dir: "{{ etcd_ca_dir }}/certs" etcd_ca_db: "{{ etcd_ca_dir }}/index.txt" etcd_ca_serial: "{{ etcd_ca_dir }}/serial" etcd_ca_crl_number: "{{ etcd_ca_dir }}/crlnumber" -etcd_ca_default_days: 365 +etcd_ca_default_days: 1825 # etcd server & certificate vars etcd_hostname: "{{ inventory_hostname }}" diff --git a/roles/openshift_cloud_provider/tasks/aws.yml b/roles/openshift_cloud_provider/tasks/aws.yml index bf2abcbf5..127a5b392 100644 --- a/roles/openshift_cloud_provider/tasks/aws.yml +++ b/roles/openshift_cloud_provider/tasks/aws.yml @@ -1,4 +1,14 @@ -- name: Create cloud config +# Work around ini_file create option in 2.2 which defaults to no +- name: Create cloud config file + file: + dest: "{{ openshift.common.config_base }}/cloudprovider/aws.conf" + state: touch + mode: 0660 + owner: root + group: root + changed_when: false + +- name: Configure AWS cloud provider ini_file: dest: "{{ openshift.common.config_base }}/cloudprovider/aws.conf" section: Global diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 0a783b164..6c045e7ab 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1206,7 +1206,7 @@ def get_openshift_version(facts): # version if 'common' in facts: if 'version' in facts['common'] and facts['common']['version'] is not None: - return facts['common']['version'] + return chomp_commit_offset(facts['common']['version']) if os.path.isfile('/usr/bin/openshift'): _, output, _ = module.run_command(['/usr/bin/openshift', 'version']) @@ -1221,7 +1221,27 @@ def get_openshift_version(facts): _, output, _ = module.run_command(['/usr/local/bin/openshift', 'version']) version = parse_openshift_version(output) - return version + return chomp_commit_offset(version) + + +def chomp_commit_offset(version): + """Chomp any "+git.foo" commit offset string from the given `version` + and return the modified version string. + +Ex: +- chomp_commit_offset(None) => None +- chomp_commit_offset(1337) => "1337" +- chomp_commit_offset("v3.4.0.15+git.derp") => "v3.4.0.15" +- chomp_commit_offset("v3.4.0.15") => "v3.4.0.15" +- chomp_commit_offset("v1.3.0+52492b4") => "v1.3.0" + """ + if version is None: + return version + else: + # Stringify, just in case it's a Number type. Split by '+' and + # return the first split. No concerns about strings without a + # '+', .split() returns an array of the original string. + return str(version).split('+')[0] def get_container_openshift_version(facts): diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml index b8e6a7da2..863738143 100644 --- a/roles/openshift_loadbalancer/tasks/main.yml +++ b/roles/openshift_loadbalancer/tasks/main.yml @@ -10,6 +10,16 @@ path: /etc/systemd/system/haproxy.service.d state: directory +# Work around ini_file create option in 2.2 which defaults to no +- name: Create limits.conf file + file: + dest: /etc/systemd/system/haproxy.service.d/limits.conf + state: touch + mode: 0660 + owner: root + group: root + changed_when: false + - name: Configure the nofile limits for haproxy ini_file: dest: /etc/systemd/system/haproxy.service.d/limits.conf diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index 913f3b0ae..e119db1a2 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -17,7 +17,7 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent + curl --silent --tlsv1.2 {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt {% else %} diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml index 913f3b0ae..e119db1a2 100644 --- a/roles/openshift_metrics/handlers/main.yml +++ b/roles/openshift_metrics/handlers/main.yml @@ -17,7 +17,7 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent + curl --silent --tlsv1.2 {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt {% else %} diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 27c9b48f0..f722a6e69 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -24,11 +24,26 @@ notify: - restart openvswitch +# May be a temporary workaround. +# https://bugzilla.redhat.com/show_bug.cgi?id=1331590 +- name: Create OpenvSwitch service.d directory + file: path=/etc/systemd/system/openvswitch.service.d/ state=directory + when: openshift.common.use_openshift_sdn | default(true) | bool + +- name: Install OpenvSwitch service OOM fix + template: + dest: "/etc/systemd/system/openvswitch.service.d/01-avoid-oom.conf" + src: openvswitch-avoid-oom.conf + when: openshift.common.use_openshift_sdn | default(true) | bool + register: install_oom_fix_result + notify: + - restart openvswitch + - name: Install OpenvSwitch docker service file template: dest: "/etc/systemd/system/openvswitch.service" src: openvswitch.docker.service - when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | default(true) | bool notify: - restart openvswitch @@ -67,6 +82,6 @@ - name: Reload systemd units command: systemctl daemon-reload - when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed) + when: (openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed)) or install_oom_fix_result | changed notify: - restart node diff --git a/roles/openshift_node/templates/openvswitch-avoid-oom.conf b/roles/openshift_node/templates/openvswitch-avoid-oom.conf new file mode 100644 index 000000000..3229bc56b --- /dev/null +++ b/roles/openshift_node/templates/openvswitch-avoid-oom.conf @@ -0,0 +1,3 @@ +# Avoid the OOM killer for openvswitch and it's children: +[Service] +OOMScoreAdjust=-1000 diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index 5a187710b..ced0fa663 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -1,4 +1,5 @@ #!/bin/bash -x +# -*- mode: sh; sh-indentation: 2 -*- # This NetworkManager dispatcher script replicates the functionality of # NetworkManager's dns=dnsmasq however, rather than hardcoding the listening @@ -28,7 +29,16 @@ cd /etc/sysconfig/network-scripts [ -f ../network ] && . ../network if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then - # couldn't find an existing method to determine if the interface owns the + # If the origin-upstream-dns config file changed we need to restart + NEEDS_RESTART=0 + UPSTREAM_DNS='/etc/dnsmasq.d/origin-upstream-dns.conf' + # We'll regenerate the dnsmasq origin config in a temp file first + UPSTREAM_DNS_TMP=`mktemp` + UPSTREAM_DNS_TMP_SORTED=`mktemp` + CURRENT_UPSTREAM_DNS_SORTED=`mktemp` + + ###################################################################### + # couldn't find an existing method to determine if the interface owns the # default route def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }') def_route_int=$(/sbin/ip route get to ${def_route} | awk '{print $3}') @@ -43,15 +53,37 @@ domain-needed server=/cluster.local/172.30.0.1 server=/30.172.in-addr.arpa/172.30.0.1 EOF + # New config file, must restart + NEEDS_RESTART=1 fi - # zero out our upstream servers list and feed it into dnsmasq - echo -n > /etc/dnsmasq.d/origin-upstream-dns.conf + + ###################################################################### + # Generate a new origin dns config file for ns in ${IP4_NAMESERVERS}; do if [[ ! -z $ns ]]; then - echo "server=${ns}" >> /etc/dnsmasq.d/origin-upstream-dns.conf + echo "server=${ns}" fi - done - systemctl restart dnsmasq + done > $UPSTREAM_DNS_TMP + + # Sort it in case DNS servers arrived in a different order + sort $UPSTREAM_DNS_TMP > $UPSTREAM_DNS_TMP_SORTED + sort $UPSTREAM_DNS > $CURRENT_UPSTREAM_DNS_SORTED + + # Compare to the current config file (sorted) + NEW_DNS_SUM=`md5sum ${UPSTREAM_DNS_TMP_SORTED} | awk '{print $1}'` + CURRENT_DNS_SUM=`md5sum ${CURRENT_UPSTREAM_DNS_SORTED} | awk '{print $1}'` + + if [ "${NEW_DNS_SUM}" != "${CURRENT_DNS_SUM}" ]; then + # DNS has changed, copy the temp file to the proper location (-Z + # sets default selinux context) and set the restart flag + cp -Z $UPSTREAM_DNS_TMP $UPSTREAM_DNS + NEEDS_RESTART=1 + fi + + ###################################################################### + if [ "${NEEDS_RESTART}" -eq "1" ]; then + systemctl restart dnsmasq + fi sed -i '0,/^nameserver/ s/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf @@ -59,4 +91,7 @@ EOF echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> /etc/resolv.conf fi fi + + # Clean up after yourself + rm -f $UPSTREAM_DNS_TMP $UPSTREAM_DNS_TMP_SORTED $CURRENT_UPSTREAM_DNS_SORTED fi diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py index 989dae2ad..2a23866e0 100644 --- a/utils/src/ooinstall/cli_installer.py +++ b/utils/src/ooinstall/cli_installer.py @@ -108,11 +108,6 @@ a high-availability (HA) deployment. If you choose an HA deployment, then you are prompted to identify a *separate* system to act as the load balancer for your cluster once you define all masters and nodes. -If only one master is specified, an etcd instance is embedded within the -OpenShift master service to use as the datastore. This can be later replaced -with a separate etcd instance, if required. If multiple masters are specified, -then a separate etcd cluster is configured with each master serving as a member. - Any masters configured as part of this installation process are also configured as nodes. This enables the master to proxy to pods from the API. By default, this node is unschedulable, but this can be changed @@ -256,11 +251,8 @@ def print_host_summary(all_hosts, host): click.echo(" - Load Balancer (Preconfigured)") else: click.echo(" - Load Balancer (HAProxy)") - if host.is_master(): - if host.is_etcd_member(all_hosts): - click.echo(" - Etcd Member") - else: - click.echo(" - Etcd (Embedded)") + if host.is_etcd(): + click.echo(" - Etcd") if host.is_storage(): click.echo(" - Storage") if host.new_host: @@ -699,8 +691,10 @@ def get_installed_hosts(hosts, callback_facts): for host in [h for h in hosts if h.is_master() or h.is_node()]: if host.connect_to in callback_facts.keys(): if is_installed_host(host, callback_facts): + INSTALLER_LOG.debug("%s is already installed", str(host)) installed_hosts.append(host) else: + INSTALLER_LOG.debug("%s is not installed", str(host)) uninstalled_hosts.append(host) return installed_hosts, uninstalled_hosts @@ -733,6 +727,17 @@ def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force): installed_hosts, uninstalled_hosts = get_installed_hosts(oo_cfg.deployment.hosts, callback_facts) nodes = [host for host in oo_cfg.deployment.hosts if host.is_node()] + not_balancers = [host for host in oo_cfg.deployment.hosts if not host.is_master_lb()] + + in_hosts = [str(h) for h in installed_hosts] + un_hosts = [str(h) for h in uninstalled_hosts] + all_hosts = [str(h) for h in oo_cfg.deployment.hosts] + no_bals = [str(h) for h in not_balancers] + + INSTALLER_LOG.debug("installed hosts: %s", ", ".join(in_hosts)) + INSTALLER_LOG.debug("uninstalled hosts: %s", ", ".join(un_hosts)) + INSTALLER_LOG.debug("deployment hosts: %s", ", ".join(all_hosts)) + INSTALLER_LOG.debug("not balancers: %s", ", ".join(no_bals)) # Case (1): All uninstalled hosts if len(uninstalled_hosts) == len(nodes): @@ -740,7 +745,7 @@ def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force): hosts_to_run_on = list(oo_cfg.deployment.hosts) else: # Case (2): All installed hosts - if len(installed_hosts) == len(list(oo_cfg.deployment.hosts)): + if len(installed_hosts) == len(not_balancers): message = """ All specified hosts in specified environment are installed. """ @@ -751,6 +756,16 @@ A mix of installed and uninstalled hosts have been detected in your environment. Please make sure your environment was installed successfully before adding new nodes. """ + # Still inside the case 2/3 else condition + mixed_msg = """ +\tInstalled hosts: +\t\t{inst_hosts} + +\tUninstalled hosts: +\t\t{uninst_hosts}""".format(inst_hosts=", ".join(in_hosts), uninst_hosts=", ".join(un_hosts)) + click.echo(mixed_msg) + + # Out of the case 2/3 if/else click.echo(message) if not unattended: diff --git a/utils/src/ooinstall/oo_config.py b/utils/src/ooinstall/oo_config.py index e6bff7133..64eb340f3 100644 --- a/utils/src/ooinstall/oo_config.py +++ b/utils/src/ooinstall/oo_config.py @@ -120,6 +120,10 @@ class Host(object): def is_storage(self): return 'storage' in self.roles + def is_etcd(self): + """ Does this host have the etcd role """ + return 'etcd' in self.roles + def is_etcd_member(self, all_hosts): """ Will this host be a member of a standalone etcd cluster. """ if not self.is_master(): diff --git a/utils/src/ooinstall/variants.py b/utils/src/ooinstall/variants.py index 6993794fe..39772bb2e 100644 --- a/utils/src/ooinstall/variants.py +++ b/utils/src/ooinstall/variants.py @@ -40,24 +40,25 @@ class Variant(object): # WARNING: Keep the versions ordered, most recent first: OSE = Variant('openshift-enterprise', 'OpenShift Container Platform', [ - Version('3.3', 'openshift-enterprise'), + Version('3.4', 'openshift-enterprise'), ] ) REG = Variant('openshift-enterprise', 'Registry', [ - Version('3.3', 'openshift-enterprise', 'registry'), + Version('3.4', 'openshift-enterprise', 'registry'), ] ) origin = Variant('origin', 'OpenShift Origin', [ - Version('1.2', 'origin'), + Version('1.4', 'origin'), ] ) LEGACY = Variant('openshift-enterprise', 'OpenShift Container Platform', [ + Version('3.3', 'openshift-enterprise'), Version('3.2', 'openshift-enterprise'), Version('3.1', 'openshift-enterprise'), Version('3.0', 'openshift-enterprise'), |