diff options
156 files changed, 4015 insertions, 2004 deletions
diff --git a/README_AWS.md b/README_AWS.md index 7f4b1832b..0e3128a92 100644 --- a/README_AWS.md +++ b/README_AWS.md @@ -20,17 +20,18 @@ Create a credentials file ``` Note: You must source this file before running any Ansible commands. +Alternatively, you could configure credentials in either ~/.boto or ~/.aws/credentials, see the [boto docs](http://docs.pythonboto.org/en/latest/boto_config_tut.html) for the format. (Optional) Setup your $HOME/.ssh/config file ------------------------------------------- -In case of a cluster creation, or any other case where you don't know the machine hostname in advance, you can use '.ssh/config' +In case of a cluster creation, or any other case where you don't know the machine hostname in advance, you can use `.ssh/config` to setup a private key file to allow ansible to connect to the created hosts. To do so, add the the following entry to your $HOME/.ssh/config file and make it point to the private key file which allows you to login on AWS. -''' +``` Host *.compute-1.amazonaws.com PrivateKey $HOME/.ssh/my_private_key.pem -''' +``` Alternatively, you can configure your ssh-agent to hold the credentials to connect to your AWS instances. @@ -62,10 +63,16 @@ Node specific defaults: If needed, these values can be changed by setting environment variables on your system. - export ec2_instance_type='m3.large' -- export ec2_ami='ami-307b3658' +- export ec2_image='ami-307b3658' - export ec2_region='us-east-1' - export ec2_keypair='libra' - export ec2_security_groups="['public']" +- export ec2_vpc_subnet='my_vpc_subnet' +- export ec2_assign_public_ip='true' +- export os_etcd_root_vol_size='20' +- export os_etcd_root_vol_type='standard' +- export os_etcd_vol_size='20' +- export os_etcd_vol_type='standard' - export os_master_root_vol_size='20' - export os_master_root_vol_type='standard' - export os_node_root_vol_size='15' @@ -114,3 +121,12 @@ Terminating a cluster ``` bin/cluster terminate aws <cluster-id> ``` + +Specifying a deployment type +--------------------------- +The --deployment-type flag can be passed to bin/cluster to specify the deployment type +1. To launch an online cluster (requires access to private repositories and amis): +``` + bin/cluster create aws --deployment-type=online <cluster-id> +``` +Note: If no deployment type is specified, then the default is origin. diff --git a/README_OSE.md b/README_OSE.md index 5a691053c..471fdcf9e 100644 --- a/README_OSE.md +++ b/README_OSE.md @@ -119,7 +119,7 @@ inventory file use the -i option for ansible-playbook. #### Create the default router On the master host: ```sh -openshift ex router --create=true \ +oadm router --create=true \ --credentials=/etc/openshift/master/openshift-router.kubeconfig \ --images='docker-buildvm-rhose.usersys.redhat.com:5000/openshift3/ose-${component}:${version}' ``` @@ -127,7 +127,7 @@ openshift ex router --create=true \ #### Create the default docker-registry On the master host: ```sh -openshift ex registry --create=true \ +oadm registry --create=true \ --credentials=/etc/openshift/master/openshift-registry.kubeconfig \ --images='docker-buildvm-rhose.usersys.redhat.com:5000/openshift3/ose-${component}:${version}' \ --mount-host=/var/lib/openshift/docker-registry diff --git a/README_libvirt.md b/README_libvirt.md index 92f0b3dc9..60af0ac88 100644 --- a/README_libvirt.md +++ b/README_libvirt.md @@ -102,6 +102,16 @@ Test The Setup bin/cluster list libvirt '' ``` +Configuration +------------- + +The following options can be passed via the `-o` flag of the `create` command or as environment variables: + +* `image_url` (default to `http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2`): URL of the QCOW2 image to download +* `image_name` (default to `CentOS-7-x86_64-GenericCloud.qcow2`): Name of the QCOW2 image to boot the VMs on +* `image_sha256` (default to `e324e3ab1d24a1bbf035ddb365e7f9058c0b454acf48d7aa15c5519fae5998ab`): Expected SHA256 checksum of the downloaded image +* `skip_image_download` (default to `no`): Skip QCOW2 image download. This requires the `image_name` QCOW2 image to be already present in `$HOME/libvirt-storage-pool-openshift-ansible` + Creating a cluster ------------------ diff --git a/README_origin.md b/README_origin.md index 32287d65c..2ccedf4d5 100644 --- a/README_origin.md +++ b/README_origin.md @@ -91,14 +91,14 @@ inventory file use the -i option for ansible-playbook. #### Create the default router On the master host: ```sh -openshift ex router --create=true \ +oadm router --create=true \ --credentials=/etc/openshift/master/openshift-router.kubeconfig ``` #### Create the default docker-registry On the master host: ```sh -openshift ex registry --create=true \ +oadm registry --create=true \ --credentials=/etc/openshift/master/openshift-registry.kubeconfig \ --mount-host=/var/lib/openshift/docker-registry ``` diff --git a/ansible-profile/README.md b/ansible-profile/README.md new file mode 100644 index 000000000..4f10817d4 --- /dev/null +++ b/ansible-profile/README.md @@ -0,0 +1,6 @@ +# Ansible profile + +This is a callback plugin for timing tasks. + +The upstream project lies in: +https://github.com/jlafon/ansible-profile diff --git a/ansible-profile/callback_plugins/profile_tasks.py b/ansible-profile/callback_plugins/profile_tasks.py new file mode 100644 index 000000000..e9728a803 --- /dev/null +++ b/ansible-profile/callback_plugins/profile_tasks.py @@ -0,0 +1,83 @@ +# The MIT License (MIT) + +# Copyright (c) 2014 Jharrod LaFon + +# Permission is hereby granted, free of charge, to any person obtaining a copy of +# this software and associated documentation files (the "Software"), to deal in +# the Software without restriction, including without limitation the rights to +# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +# the Software, and to permit persons to whom the Software is furnished to do so, +# subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +''' +A plugin for timing tasks + +This plugin records the time spent in each task. +At the end of the playbook, it displays the time spent in the 10 slowest tasks. +''' + +import time + + +class CallbackModule(object): + """ + A plugin for timing tasks + """ + def __init__(self): + self.stats = {} + self.current = None + + # Reason: The is_conditional parameter is part of the Ansible plugin API + # Status: permanently disabled + # pylint: disable=unused-argument + def playbook_on_task_start(self, name, is_conditional): + """ + Logs the start of each task + """ + if self.current is not None: + # Record the running time of the last executed task + self.stats[self.current] = time.time() - self.stats[self.current] + + # Record the start time of the current task + self.current = name + self.stats[self.current] = time.time() + + # Reason: The stats parameter is part of the Ansible plugin API + # Status: permanently disabled + # pylint: disable=unused-argument + def playbook_on_stats(self, stats): + """ + Prints the timings + """ + # Record the timing of the very last task + if self.current is not None: + self.stats[self.current] = time.time() - self.stats[self.current] + + # Sort the tasks by their running time + results = sorted( + self.stats.items(), + key=lambda value: value[1], + reverse=True, + ) + + # Just keep the top 10 + results = results[:10] + + # Print the timings + for name, elapsed in results: + print( + "{0:-<70}{1:->9}".format( + '{0} '.format(name), + ' {0:.02f}s'.format(elapsed), + ) + ) diff --git a/bin/cluster b/bin/cluster index 2ea389523..746c0349a 100755 --- a/bin/cluster +++ b/bin/cluster @@ -3,8 +3,9 @@ import argparse import ConfigParser -import sys import os +import sys +import traceback class Cluster(object): @@ -50,6 +51,7 @@ class Cluster(object): env['num_masters'] = args.masters env['num_nodes'] = args.nodes + env['num_etcd'] = args.etcd return self.action(args, inventory, env, playbook) @@ -141,6 +143,17 @@ class Cluster(object): os.environ[key] = config.get('ec2', key) inventory = '-i inventory/aws/hosts' + + key_vars = ['AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY'] + key_missing = [key for key in key_vars if key not in os.environ] + + boto_conf_files = ['~/.aws/credentials', '~/.boto'] + conf_exists = lambda conf: os.path.isfile(os.path.expanduser(conf)) + boto_configs = [ conf for conf in boto_conf_files if conf_exists(conf)] + + if len(key_missing) > 0 and len(boto_configs) == 0: + raise ValueError("PROVIDER aws requires {} environment variable(s). See README_AWS.md".format(missing)) + elif 'libvirt' == provider: inventory = '-i inventory/libvirt/hosts' elif 'openstack' == provider: @@ -168,7 +181,7 @@ class Cluster(object): if args.option: for opt in args.option: k, v = opt.split('=', 1) - env['opt_'+k] = v + env['cli_' + k] = v ansible_env = '-e \'{}\''.format( ' '.join(['%s=%s' % (key, value) for (key, value) in env.items()]) @@ -178,6 +191,9 @@ class Cluster(object): verbose, inventory, ansible_env, playbook ) + if args.profile: + command = 'ANSIBLE_CALLBACK_PLUGINS=ansible-profile/callback_plugins ' + command + if args.verbose > 1: command = 'time {}'.format(command) @@ -234,6 +250,9 @@ if __name__ == '__main__': meta_parser.add_argument('-o', '--option', action='append', help='options') + meta_parser.add_argument('-p', '--profile', action='store_true', + help='Enable playbook profiling') + action_parser = parser.add_subparsers(dest='action', title='actions', description='Choose from valid actions') @@ -243,6 +262,8 @@ if __name__ == '__main__': help='number of masters to create in cluster') create_parser.add_argument('-n', '--nodes', default=2, type=int, help='number of nodes to create in cluster') + create_parser.add_argument('-e', '--etcd', default=0, type=int, + help='number of external etcd hosts to create in cluster') create_parser.set_defaults(func=cluster.create) config_parser = action_parser.add_parser('config', @@ -290,7 +311,14 @@ if __name__ == '__main__': sys.stderr.write('\nACTION [update] aborted by user!\n') exit(1) - status = args.func(args) - if status != 0: - sys.stderr.write("ACTION [{}] failed with exit status {}\n".format(args.action, status)) + status = 1 + try: + status = args.func(args) + if status != 0: + sys.stderr.write("ACTION [{}] failed with exit status {}\n".format(args.action, status)) + except Exception, e: + if args.verbose: + traceback.print_exc(file=sys.stderr) + else: + sys.stderr.write("{}\n".format(e)) exit(status) diff --git a/docs/best_practices_guide.adoc b/docs/best_practices_guide.adoc index 9208e99a3..6aaf5228a 100644 --- a/docs/best_practices_guide.adoc +++ b/docs/best_practices_guide.adoc @@ -27,6 +27,24 @@ The tooling is flexible enough that exceptions can be made so that the tool the == Python +=== Python Source Files + +''' +[cols="2v,v"] +|=== +| **Rule** +| Python source files MUST contain the following vim mode line. +|=== + +[source] +---- +# vim: expandtab:tabstop=4:shiftwidth=4 +---- + +Since most developers contributing to this repository use vim, this rule helps to promote consistency. + +If mode lines for other editors are needed, please open a GitHub issue. + === Method Signatures ''' @@ -39,7 +57,6 @@ The purpose of this rule is to make it so that method signatures are backwards c If this rule isn't followed, it will be necessary for the person who changed the method to search out all callers and make sure that they're able to use the new method signature. -Example: .Before: [source,python] ---- @@ -125,6 +142,7 @@ YAML is a superset of JSON, which means that Ansible allows JSON syntax to be in Every effort should be made to keep our Ansible YAML files in pure YAML. +=== Modules ''' [cols="2v,v"] |=== @@ -176,6 +194,51 @@ Lines that are long quickly become a wall of text that isn't easily parsable. It sha256sum: b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c ---- +''' +[cols="2v,v"] +|=== +| **Rule** +| The Ansible `shell` module SHOULD NOT be used. Instead, use the `command` module. +|=== +.Context +* http://docs.ansible.com/shell_module.html#notes[Ansible Doc on why using the command module is a best practice] + +The Ansible `shell` module can run most commands that can be run from a bash CLI. This makes it extremely powerful, but it also opens our playbooks up to being exploited by attackers. + +.Bad: +[source,yaml] +---- +- shell: "/bin/echo {{ cli_var }}" +---- + +.Better: +[source,yaml] +---- +- command: "/bin/echo {{ cli_var }}" +---- + +''' +[cols="2v,v"] +|=== +| **Rule** +| The Ansible `quote` filter MUST be used with any variable passed into the shell module. +|=== +.Context +* http://docs.ansible.com/shell_module.html#notes[Ansible Doc describing why to use the quote filter] + +It is recommended not to use the `shell` module. However, if it absolutely must be used, all variables passed into the `shell` module MUST use the `quote` filter to ensure they are shell safe. + +.Bad: +[source,yaml] +---- +- shell: "/bin/echo {{ cli_var }}" +---- + +.Good: +[source,yaml] +---- +- shell: "/bin/echo {{ cli_var | quote }}" +---- === Defensive Programming @@ -220,12 +283,88 @@ If an Ansible role requires certain variables to be set, it's best to check for when: arl_environment is not defined or arl_environment == '' ---- +=== Tasks +''' +[cols="2v,v"] +|=== +| **Rule** +| Ansible tasks SHOULD NOT be used in ansible playbooks. Instead, use pre_tasks and post_tasks. +|=== +An Ansible play is defined as a Yaml dictionary. Because of that, ansible doesn't know if the play's tasks list or roles list was specified first. Therefore Ansible always runs tasks after roles. + +This can be quite confusing if the tasks list is defined in the playbook before the roles list because people assume in order execution in Ansible. + +Therefore, we SHOULD use pre_tasks and post_tasks to make it more clear when the tasks will be run. + +.Context +* https://docs.ansible.com/playbooks_roles.html[Ansible documentation on pre_tasks and post_tasks] + +.Bad: +[source,yaml] +---- +--- +# playbook.yml +- hosts: localhost + gather_facts: no + tasks: + - name: This will execute AFTER the example_role, so it's confusing + debug: msg="in tasks list" + roles: + - role: example_role + +# roles/example_role/tasks/main.yml +- debug: msg="in example_role" +---- + +.Good: +[source,yaml] +---- +--- +# playbook.yml +- hosts: localhost + gather_facts: no + pre_tasks: + - name: This will execute BEFORE the example_role, so it makes sense + debug: msg="in pre_tasks list" + roles: + - role: example_role + +# roles/example_role/tasks/main.yml +- debug: msg="in example_role" +---- + + === Roles ''' [cols="2v,v"] |=== | **Rule** +| All tasks in a role SHOULD be tagged with the role name. +|=== + +.Context +* http://docs.ansible.com/playbooks_tags.html[Ansible doc explaining tags] + +Ansible tasks can be tagged, and then these tags can be used to either _run_ or _skip_ the tagged tasks using the `--tags` and `--skip-tags` ansible-playbook options respectively. + +This is very useful when developing and debugging new tasks. It can also significantly speed up playbook runs if the user specifies only the roles that changed. + +.Example: +[source,yaml] +---- +--- +# roles/example_role/tasks/main.yml +- debug: msg="in example_role" + tags: + - example_role +---- + + +''' +[cols="2v,v"] +|=== +| **Rule** | The Ansible roles directory MUST maintain a flat structure. |=== diff --git a/docs/style_guide.adoc b/docs/style_guide.adoc index 2f89a5fae..110e7153f 100644 --- a/docs/style_guide.adoc +++ b/docs/style_guide.adoc @@ -57,18 +57,34 @@ Ansible tooling (like `ansible-galaxy init`) create files with a .yml extension. Example: `tasks.yml` -=== Ansible Global Variables -Ansible global variables are defined as any variables outside of ansible roles. Examples include playbook variables, variables passed in on the cli, etc. +=== Ansible CLI Variables +''' +[cols="2v,v"] +|=== +| **Rule** +| Variables meant to be passed in from the ansible CLI MUST have a prefix of cli_ +|=== + +Ansible allows variables to be passed in on the command line using the `-e` option. These variables MUST have a prefix of cli_ so that it's clear where they came from, and how dangerous they are (can be exploited). + +.Example: +[source] +---- +ansible-playbook -e cli_foo=bar someplays.yml +---- + +=== Ansible Global Variables ''' [cols="2v,v"] |=== | **Rule** | Global variables MUST have a prefix of g_ |=== +Ansible global variables are defined as any variables outside of ansible roles. Examples include playbook variables, variables passed in on the cli, etc. -Example: +.Example: [source] ---- g_environment: someval diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index b7248efaa..aeeeb4b68 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -52,8 +52,9 @@ class FilterModule(object): @staticmethod def oo_collect(data, attribute=None, filters=None): ''' This takes a list of dict and collects all attributes specified into a - list If filter is specified then we will include all items that match - _ALL_ of filters. + list. If filter is specified then we will include all items that + match _ALL_ of filters. If a dict entry is missing the key in a + filter it will be excluded from the match. Ex: data = [ {'a':1, 'b':5, 'z': 'z'}, # True, return {'a':2, 'z': 'z'}, # True, return {'a':3, 'z': 'z'}, # True, return @@ -74,7 +75,7 @@ class FilterModule(object): raise errors.AnsibleFilterError("|fialed expects filter to be a" " dict") retval = [FilterModule.get_attr(d, attribute) for d in data if ( - all([d[key] == filters[key] for key in filters]))] + all([d.get(key, None) == filters[key] for key in filters]))] else: retval = [FilterModule.get_attr(d, attribute) for d in data] @@ -174,9 +175,9 @@ class FilterModule(object): ''' if not issubclass(type(data), dict): raise errors.AnsibleFilterError("|failed expects first param is a dict") - if host_type not in ['master', 'node']: - raise errors.AnsibleFilterError("|failed expects either master or node" - " host type") + if host_type not in ['master', 'node', 'etcd']: + raise errors.AnsibleFilterError("|failed expects etcd, master or node" + " as the host type") root_vol = data[host_type]['root'] root_vol['device_name'] = '/dev/sda1' @@ -194,6 +195,13 @@ class FilterModule(object): docker_vol.pop('delete_on_termination', None) docker_vol['ephemeral'] = 'ephemeral0' return [root_vol, docker_vol] + elif host_type == 'etcd': + etcd_vol = data[host_type]['etcd'] + etcd_vol['device_name'] = '/dev/xvdb' + etcd_vol['delete_on_termination'] = True + if etcd_vol['device_type'] != 'io1': + etcd_vol.pop('iops', None) + return [root_vol, etcd_vol] return [root_vol] @staticmethod @@ -222,6 +230,15 @@ class FilterModule(object): # Gather up the values for the list of keys passed in return [x for x in data if x[filter_attr]] + @staticmethod + def oo_build_zabbix_list_dict(values, string): + ''' Build a list of dicts with string as key for each value + ''' + rval = [] + for value in values: + rval.append({string: value}) + return rval + def filters(self): ''' returns a mapping of filters to methods ''' return { @@ -234,5 +251,6 @@ class FilterModule(object): "oo_ec2_volume_definition": self.oo_ec2_volume_definition, "oo_combine_key_value": self.oo_combine_key_value, "oo_split": self.oo_split, - "oo_filter_list": self.oo_filter_list + "oo_filter_list": self.oo_filter_list, + "oo_build_zabbix_list_dict": self.oo_build_zabbix_list_dict } diff --git a/git/pylint.sh b/git/pylint.sh index 286747565..86ea52d45 100755 --- a/git/pylint.sh +++ b/git/pylint.sh @@ -1,14 +1,44 @@ #!/usr/bin/env bash +set -eu +ANSIBLE_UPSTREAM_FILES=( + 'inventory/aws/hosts/ec2.py' + 'inventory/gce/hosts/gce.py' + 'inventory/libvirt/hosts/libvirt_generic.py' + 'inventory/openstack/hosts/nova.py' + 'lookup_plugins/sequence.py' + ) OLDREV=$1 NEWREV=$2 -TRG_BRANCH=$3 +#TRG_BRANCH=$3 PYTHON=/var/lib/jenkins/python27/bin/python -/usr/bin/git diff --name-only $OLDREV $NEWREV --diff-filter=ACM | \ - grep ".py$" | \ - xargs -r -I{} ${PYTHON} -m pylint --rcfile ${WORKSPACE}/git/.pylintrc {} +PY_DIFF=$(/usr/bin/git diff --name-only $OLDREV $NEWREV --diff-filter=ACM | grep ".py$") -exit $? +FILES_TO_TEST="" + +for PY_FILE in $PY_DIFF; do + IGNORE_FILE=false + for UPSTREAM_FILE in "${ANSIBLE_UPSTREAM_FILES[@]}"; do + if [ "${PY_FILE}" == "${UPSTREAM_FILE}" ]; then + IGNORE_FILE=true + break + fi + done + + if [ "${IGNORE_FILE}" == true ]; then + echo "Skipping file ${PY_FILE} as an upstream Ansible file..." + continue + fi + + if [ -e "${PY_FILE}" ]; then + FILES_TO_TEST="${FILES_TO_TEST} ${PY_FILE}" + fi +done + +if [ "${FILES_TO_TEST}" != "" ]; then + echo "Testing files: ${FILES_TO_TEST}" + ${PYTHON} -m pylint --rcfile ${WORKSPACE}/git/.pylintrc ${FILES_TO_TEST} +fi diff --git a/inventory/byo/hosts b/inventory/byo/hosts index ab54ce2db..a9add6a60 100644 --- a/inventory/byo/hosts +++ b/inventory/byo/hosts @@ -4,6 +4,7 @@ [OSEv3:children] masters nodes +etcd # Set variables common for all OSEv3 hosts [OSEv3:vars] @@ -33,7 +34,10 @@ openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': [masters] ose3-master-ansible.test.example.com +[etcd] +#ose3-master-ansible.test.example.com + # host group for nodes [nodes] -#ose3-master-ansible.test.example.com openshift_node_labels="{'region': 'infra', 'zone': 'default'}" +ose3-master-ansible.test.example.com openshift_scheduleable=False ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}" diff --git a/lookup_plugins/oo_option.py b/lookup_plugins/oo_option.py new file mode 100644 index 000000000..35dce48f9 --- /dev/null +++ b/lookup_plugins/oo_option.py @@ -0,0 +1,73 @@ +#!/usr/bin/env python2 +# -*- coding: utf-8 -*- +# vim: expandtab:tabstop=4:shiftwidth=4 + +''' +oo_option lookup plugin for openshift-ansible + +Usage: + + - debug: + msg: "{{ lookup('oo_option', '<key>') | default('<default_value>', True) }}" + +This returns, by order of priority: + +* if it exists, the `cli_<key>` ansible variable. This variable is set by `bin/cluster --option <key>=<value> …` +* if it exists, the envirnoment variable named `<key>` +* if none of the above conditions are met, empty string is returned +''' + +from ansible.utils import template +import os + +# Reason: disable too-few-public-methods because the `run` method is the only +# one required by the Ansible API +# Status: permanently disabled +# pylint: disable=too-few-public-methods +class LookupModule(object): + ''' oo_option lookup plugin main class ''' + + # Reason: disable unused-argument because Ansible is calling us with many + # parameters we are not interested in. + # The lookup plugins of Ansible have this kwargs “catch-all” parameter + # which is not used + # Status: permanently disabled unless Ansible API evolves + # pylint: disable=unused-argument + def __init__(self, basedir=None, **kwargs): + ''' Constructor ''' + self.basedir = basedir + + # Reason: disable unused-argument because Ansible is calling us with many + # parameters we are not interested in. + # The lookup plugins of Ansible have this kwargs “catch-all” parameter + # which is not used + # Status: permanently disabled unless Ansible API evolves + # pylint: disable=unused-argument + def run(self, terms, inject=None, **kwargs): + ''' Main execution path ''' + + try: + terms = template.template(self.basedir, terms, inject) + # Reason: disable broad-except to really ignore any potential exception + # This is inspired by the upstream "env" lookup plugin: + # https://github.com/ansible/ansible/blob/devel/v1/ansible/runner/lookup_plugins/env.py#L29 + # pylint: disable=broad-except + except Exception: + pass + + if isinstance(terms, basestring): + terms = [terms] + + ret = [] + + for term in terms: + option_name = term.split()[0] + cli_key = 'cli_' + option_name + if inject and cli_key in inject: + ret.append(inject[cli_key]) + elif option_name in os.environ: + ret.append(os.environ[option_name]) + else: + ret.append('') + + return ret diff --git a/lookup_plugins/sequence.py b/lookup_plugins/sequence.py new file mode 100644 index 000000000..8ca9e7b39 --- /dev/null +++ b/lookup_plugins/sequence.py @@ -0,0 +1,215 @@ +# (c) 2013, Jayson Vantuyl <jayson@aggressive.ly> +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +from ansible.errors import AnsibleError +import ansible.utils as utils +from re import compile as re_compile, IGNORECASE + +# shortcut format +NUM = "(0?x?[0-9a-f]+)" +SHORTCUT = re_compile( + "^(" + # Group 0 + NUM + # Group 1: Start + "-)?" + + NUM + # Group 2: End + "(/" + # Group 3 + NUM + # Group 4: Stride + ")?" + + "(:(.+))?$", # Group 5, Group 6: Format String + IGNORECASE +) + + +class LookupModule(object): + """ + sequence lookup module + + Used to generate some sequence of items. Takes arguments in two forms. + + The simple / shortcut form is: + + [start-]end[/stride][:format] + + As indicated by the brackets: start, stride, and format string are all + optional. The format string is in the style of printf. This can be used + to pad with zeros, format in hexadecimal, etc. All of the numerical values + can be specified in octal (i.e. 0664) or hexadecimal (i.e. 0x3f8). + Negative numbers are not supported. + + Some examples: + + 5 -> ["1","2","3","4","5"] + 5-8 -> ["5", "6", "7", "8"] + 2-10/2 -> ["2", "4", "6", "8", "10"] + 4:host%02d -> ["host01","host02","host03","host04"] + + The standard Ansible key-value form is accepted as well. For example: + + start=5 end=11 stride=2 format=0x%02x -> ["0x05","0x07","0x09","0x0a"] + + This format takes an alternate form of "end" called "count", which counts + some number from the starting value. For example: + + count=5 -> ["1", "2", "3", "4", "5"] + start=0x0f00 count=4 format=%04x -> ["0f00", "0f01", "0f02", "0f03"] + start=0 count=5 stride=2 -> ["0", "2", "4", "6", "8"] + start=1 count=5 stride=2 -> ["1", "3", "5", "7", "9"] + + The count option is mostly useful for avoiding off-by-one errors and errors + calculating the number of entries in a sequence when a stride is specified. + """ + + def __init__(self, basedir, **kwargs): + """absorb any keyword args""" + self.basedir = basedir + + def reset(self): + """set sensible defaults""" + self.start = 1 + self.count = None + self.end = None + self.stride = 1 + self.format = "%d" + + def parse_kv_args(self, args): + """parse key-value style arguments""" + for arg in ["start", "end", "count", "stride"]: + try: + arg_raw = args.pop(arg, None) + if arg_raw is None: + continue + arg_cooked = int(arg_raw, 0) + setattr(self, arg, arg_cooked) + except ValueError: + raise AnsibleError( + "can't parse arg %s=%r as integer" + % (arg, arg_raw) + ) + if 'format' in args: + self.format = args.pop("format") + if args: + raise AnsibleError( + "unrecognized arguments to with_sequence: %r" + % args.keys() + ) + + def parse_simple_args(self, term): + """parse the shortcut forms, return True/False""" + match = SHORTCUT.match(term) + if not match: + return False + + _, start, end, _, stride, _, format = match.groups() + + if start is not None: + try: + start = int(start, 0) + except ValueError: + raise AnsibleError("can't parse start=%s as integer" % start) + if end is not None: + try: + end = int(end, 0) + except ValueError: + raise AnsibleError("can't parse end=%s as integer" % end) + if stride is not None: + try: + stride = int(stride, 0) + except ValueError: + raise AnsibleError("can't parse stride=%s as integer" % stride) + + if start is not None: + self.start = start + if end is not None: + self.end = end + if stride is not None: + self.stride = stride + if format is not None: + self.format = format + + def sanity_check(self): + if self.count is None and self.end is None: + raise AnsibleError( + "must specify count or end in with_sequence" + ) + elif self.count is not None and self.end is not None: + raise AnsibleError( + "can't specify both count and end in with_sequence" + ) + elif self.count is not None: + # convert count to end + if self.count != 0: + self.end = self.start + self.count * self.stride - 1 + else: + self.start = 0 + self.end = 0 + self.stride = 0 + del self.count + if self.stride > 0 and self.end < self.start: + raise AnsibleError("to count backwards make stride negative") + if self.stride < 0 and self.end > self.start: + raise AnsibleError("to count forward don't make stride negative") + if self.format.count('%') != 1: + raise AnsibleError("bad formatting string: %s" % self.format) + + def generate_sequence(self): + if self.stride > 0: + adjust = 1 + else: + adjust = -1 + numbers = xrange(self.start, self.end + adjust, self.stride) + + for i in numbers: + try: + formatted = self.format % i + yield formatted + except (ValueError, TypeError): + raise AnsibleError( + "problem formatting %r with %r" % self.format + ) + + def run(self, terms, inject=None, **kwargs): + results = [] + + terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject) + + if isinstance(terms, basestring): + terms = [ terms ] + + for term in terms: + try: + self.reset() # clear out things for this iteration + + try: + if not self.parse_simple_args(term): + self.parse_kv_args(utils.parse_kv(term)) + except Exception: + raise AnsibleError( + "unknown error parsing with_sequence arguments: %r" + % term + ) + + self.sanity_check() + if self.stride != 0: + results.extend(self.generate_sequence()) + except AnsibleError: + raise + except Exception, e: + raise AnsibleError( + "unknown error generating sequence: %s" % str(e) + ) + + return results diff --git a/playbooks/adhoc/noc/create_host.yml b/playbooks/adhoc/noc/create_host.yml new file mode 100644 index 000000000..d250e6e69 --- /dev/null +++ b/playbooks/adhoc/noc/create_host.yml @@ -0,0 +1,55 @@ +--- +- name: 'Create a host object in zabbix' + hosts: localhost + gather_facts: no + roles: + - os_zabbix + post_tasks: + + - zbxapi: + server: https://noc2.ops.rhcloud.com/zabbix/api_jsonrpc.php + zbx_class: Template + state: list + params: + host: ctr_test_kwoodson + filter: + host: + - ctr_kwoodson_test_tmpl + + register: tmpl_results + + - debug: var=tmpl_results + +#ansible-playbook -e 'oo_desc=kwoodson test' -e 'oo_name=kwoodson test name' -e 'oo_start=1435715357' -e 'oo_stop=1435718985' -e 'oo_hostids=11549' create_maintenance.yml +- name: 'Create a host object in zabbix' + hosts: localhost + gather_facts: no + roles: + - os_zabbix + post_tasks: + + - zbxapi: + server: https://noc2.ops.rhcloud.com/zabbix/api_jsonrpc.php + zbx_class: Host + state: absent + params: + host: ctr_test_kwoodson + interfaces: + - type: 1 + main: 1 + useip: 1 + ip: 127.0.0.1 + dns: "" + port: 10050 + groups: + - groupid: 1 + templates: "{{ tmpl_results.results | oo_collect('templateid') | oo_build_zabbix_list_dict('templateid') }}" + output: extend + filter: + host: + - ctr_test_kwoodson + + register: host_results + + - debug: var=host_results + diff --git a/playbooks/adhoc/noc/create_maintenance.yml b/playbooks/adhoc/noc/create_maintenance.yml new file mode 100644 index 000000000..c0ec57ce1 --- /dev/null +++ b/playbooks/adhoc/noc/create_maintenance.yml @@ -0,0 +1,36 @@ +--- +#ansible-playbook -e 'oo_desc=kwoodson test' -e 'oo_name=kwoodson test name' -e 'oo_start=1435715357' -e 'oo_stop=1435718985' -e 'oo_hostids=11549' create_maintenance.yml +- name: 'Create a maintenace object in zabbix' + hosts: localhost + gather_facts: no + roles: + - os_zabbix + vars: + oo_hostids: '' + oo_groupids: '' + post_tasks: + - assert: + that: oo_desc is defined + + - zbxapi: + server: https://noc2.ops.rhcloud.com/zabbix/api_jsonrpc.php + zbx_class: Maintenance + state: present + params: + name: "{{ oo_name }}" + description: "{{ oo_desc }}" + active_since: "{{ oo_start }}" + active_till: "{{ oo_stop }}" + maintenance_type: "0" + output: extend + hostids: "{{ oo_hostids.split(',') | default([]) }}" +#groupids: "{{ oo_groupids.split(',') | default([]) }}" + timeperiods: + - start_time: "{{ oo_start }}" + period: "{{ oo_stop }}" + selectTimeperiods: extend + + register: maintenance + + - debug: var=maintenance + diff --git a/playbooks/adhoc/noc/get_zabbix_problems.yml b/playbooks/adhoc/noc/get_zabbix_problems.yml index 02bffc1d2..4b94fa228 100644 --- a/playbooks/adhoc/noc/get_zabbix_problems.yml +++ b/playbooks/adhoc/noc/get_zabbix_problems.yml @@ -11,7 +11,7 @@ - zbxapi: server: https://noc2.ops.rhcloud.com/zabbix/api_jsonrpc.php zbx_class: Trigger - action: get + state: list params: only_true: true output: extend diff --git a/playbooks/aws/ansible-tower/launch.yml b/playbooks/aws/ansible-tower/launch.yml index 4bcc8b8dc..850238ffb 100644 --- a/playbooks/aws/ansible-tower/launch.yml +++ b/playbooks/aws/ansible-tower/launch.yml @@ -6,7 +6,7 @@ vars: inst_region: us-east-1 - rhel7_ami: ami-78756d10 + rhel7_ami: ami-9101c8fa user_data_file: user_data.txt vars_files: diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml index 7188312ed..6ee539c7e 100644 --- a/playbooks/aws/openshift-cluster/config.yml +++ b/playbooks/aws/openshift-cluster/config.yml @@ -1,37 +1,22 @@ --- -- name: Populate oo_masters_to_config host group - hosts: localhost +- hosts: localhost gather_facts: no vars_files: - vars.yml tasks: - - name: Evaluate oo_masters_to_config - add_host: - name: "{{ item }}" - groups: oo_masters_to_config - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-master"] | default([]) - - name: Evaluate oo_nodes_to_config - add_host: - name: "{{ item }}" - groups: oo_nodes_to_config - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-node"] | default([]) - - name: Evaluate oo_first_master - add_host: - name: "{{ groups['tag_env-host-type_' ~ cluster_id ~ '-openshift-master'][0] }}" - groups: oo_first_master - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - when: "'tag_env-host-type_{{ cluster_id }}-openshift-master' in groups" + - set_fact: + g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" - include: ../../common/openshift-cluster/config.yml vars: + g_etcd_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-etcd' }}" + g_masters_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-master' }}" + g_nodes_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-node' }}" + g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" + g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: 4 openshift_deployment_type: "{{ deployment_type }}" - openshift_first_master: "{{ groups.oo_first_master.0 }}" openshift_hostname: "{{ ec2_private_ip_address }}" openshift_public_hostname: "{{ ec2_ip_address }}" diff --git a/playbooks/aws/openshift-cluster/launch.yml b/playbooks/aws/openshift-cluster/launch.yml index 33e1ec25d..5db87fa90 100644 --- a/playbooks/aws/openshift-cluster/launch.yml +++ b/playbooks/aws/openshift-cluster/launch.yml @@ -11,6 +11,13 @@ msg: Deployment type not supported for aws provider yet when: deployment_type == 'enterprise' + - include: ../../common/openshift-cluster/set_etcd_launch_facts_tasks.yml + - include: tasks/launch_instances.yml + vars: + instances: "{{ etcd_names }}" + cluster: "{{ cluster_id }}" + type: "{{ k8s_type }}" + - include: ../../common/openshift-cluster/set_master_launch_facts_tasks.yml - include: tasks/launch_instances.yml vars: @@ -25,9 +32,10 @@ cluster: "{{ cluster_id }}" type: "{{ k8s_type }}" - - set_fact: - a_master: "{{ master_names[0] }}" - - add_host: name={{ a_master }} groups=service_master + - add_host: + name: "{{ master_names.0 }}" + groups: service_master + when: master_names is defined and master_names.0 is defined - include: update.yml diff --git a/playbooks/aws/openshift-cluster/lookup_plugins b/playbooks/aws/openshift-cluster/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/aws/openshift-cluster/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml index 060147659..25a87aaf6 100644 --- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml @@ -51,8 +51,17 @@ - set_fact: latest_ami: "{{ ami_result.results | oo_ami_selector(ec2_image_name) }}" - user_data: "{{ lookup('template', '../templates/user_data.j2') if type == 'node' else None | default('omit') }}" + user_data: "{{ lookup('template', '../templates/user_data.j2') }}" volume_defs: + etcd: + root: + volume_size: "{{ lookup('env', 'os_etcd_root_vol_size') | default(25, true) }}" + device_type: "{{ lookup('env', 'os_etcd_root_vol_type') | default('gp2', true) }}" + iops: "{{ lookup('env', 'os_etcd_root_vol_iops') | default(500, true) }}" + etcd: + volume_size: "{{ lookup('env', 'os_etcd_vol_size') | default(32, true) }}" + device_type: "{{ lookup('env', 'os_etcd_vol_type') | default('gp2', true) }}" + iops: "{{ lookup('env', 'os_etcd_vol_iops') | default(500, true) }}" master: root: volume_size: "{{ lookup('env', 'os_master_root_vol_size') | default(25, true) }}" diff --git a/playbooks/aws/openshift-cluster/templates/user_data.j2 b/playbooks/aws/openshift-cluster/templates/user_data.j2 index 7dbc8f552..82c2f4d57 100644 --- a/playbooks/aws/openshift-cluster/templates/user_data.j2 +++ b/playbooks/aws/openshift-cluster/templates/user_data.j2 @@ -1,17 +1,25 @@ #cloud-config -yum_repos: - jdetiber-copr: - name: Copr repo for origin owned by jdetiber - baseurl: https://copr-be.cloud.fedoraproject.org/results/jdetiber/origin/epel-7-$basearch/ - skip_if_unavailable: true - gpgcheck: true - gpgkey: https://copr-be.cloud.fedoraproject.org/results/jdetiber/origin/pubkey.gpg - enabled: true +{% if type =='etcd' %} +cloud_config_modules: +- disk_setup +- mounts -packages: -- xfsprogs # can be dropped after docker-storage-setup properly requires it: https://github.com/projectatomic/docker-storage-setup/pull/8 -- docker-storage-setup +mounts: +- [ xvdb, /var/lib/etcd, xfs, "defaults" ] + +disk_setup: + xvdb: + table_type: mbr + layout: True +fs_setup: +- label: etcd_storage + filesystem: xfs + device: /dev/xvdb + partition: auto +{% endif %} + +{% if type == 'node' %} mounts: - [ xvdb ] - [ ephemeral0 ] @@ -23,7 +31,15 @@ write_files: path: /etc/sysconfig/docker-storage-setup owner: root:root permissions: '0644' +{% endif %} + +{% if deployment_type == 'online' %} +devices: ['/var'] # Workaround for https://bugs.launchpad.net/bugs/1455436 +disable_root: 0 +growpart: + mode: auto + devices: ['/var'] runcmd: -- systemctl daemon-reload -- systemctl enable lvm2-lvmetad.service docker-storage-setup.service +- xfs_growfs /var +{% endif %} diff --git a/playbooks/aws/openshift-cluster/terminate.yml b/playbooks/aws/openshift-cluster/terminate.yml index 617d0d456..9c3703aba 100644 --- a/playbooks/aws/openshift-cluster/terminate.yml +++ b/playbooks/aws/openshift-cluster/terminate.yml @@ -13,4 +13,53 @@ ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" with_items: groups[scratch_group] | default([]) | difference(['localhost']) -- include: ../terminate.yml +- name: Terminate instances + hosts: localhost + connection: local + gather_facts: no + vars: + host_vars: "{{ hostvars + | oo_select_keys(groups['oo_hosts_to_terminate']) }}" + tasks: + - name: Remove tags from instances + ec2_tag: resource={{ item.ec2_id }} region={{ item.ec2_region }} state=absent + args: + tags: + env: "{{ item['ec2_tag_env'] }}" + host-type: "{{ item['ec2_tag_host-type'] }}" + env-host-type: "{{ item['ec2_tag_env-host-type'] }}" + with_items: host_vars + when: "'oo_hosts_to_terminate' in groups" + + - name: Terminate instances + ec2: + state: absent + instance_ids: ["{{ item.ec2_id }}"] + region: "{{ item.ec2_region }}" + ignore_errors: yes + register: ec2_term + with_items: host_vars + when: "'oo_hosts_to_terminate' in groups" + + # Fail if any of the instances failed to terminate with an error other + # than 403 Forbidden + - fail: msg=Terminating instance {{ item.ec2_id }} failed with message {{ item.msg }} + when: "'oo_hosts_to_terminate' in groups and item.failed and not item.msg | search(\"error: EC2ResponseError: 403 Forbidden\")" + with_items: ec2_term.results + + - name: Stop instance if termination failed + ec2: + state: stopped + instance_ids: ["{{ item.item.ec2_id }}"] + region: "{{ item.item.ec2_region }}" + register: ec2_stop + when: "'oo_hosts_to_terminate' in groups and item.failed" + with_items: ec2_term.results + + - name: Rename stopped instances + ec2_tag: resource={{ item.item.item.ec2_id }} region={{ item.item.item.ec2_region }} state=present + args: + tags: + Name: "{{ item.item.item.ec2_tag_Name }}-terminate" + with_items: ec2_stop.results + when: "'oo_hosts_to_terminate' in groups" diff --git a/playbooks/aws/openshift-cluster/update.yml b/playbooks/aws/openshift-cluster/update.yml index 5e7ab4e58..e006aa74a 100644 --- a/playbooks/aws/openshift-cluster/update.yml +++ b/playbooks/aws/openshift-cluster/update.yml @@ -11,7 +11,9 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-master"] | union(groups["tag_env-host-type_{{ cluster_id }}-openshift-node"]) | default([]) + with_items: (groups["tag_env-host-type_{{ cluster_id }}-openshift-master"] | default([])) + | union(groups["tag_env-host-type_{{ cluster_id }}-openshift-node"] | default([])) + | union(groups["tag_env-host-type_{{ cluster_id }}-openshift-etcd"] | default([])) - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/aws/openshift-cluster/vars.online.int.yml b/playbooks/aws/openshift-cluster/vars.online.int.yml index e115615d5..e406a7635 100644 --- a/playbooks/aws/openshift-cluster/vars.online.int.yml +++ b/playbooks/aws/openshift-cluster/vars.online.int.yml @@ -1,5 +1,5 @@ --- -ec2_image: ami-78756d10 +ec2_image: ami-9101c8fa ec2_image_name: libra-ops-rhel7* ec2_region: us-east-1 ec2_keypair: mmcgrath_libra diff --git a/playbooks/aws/openshift-cluster/vars.online.prod.yml b/playbooks/aws/openshift-cluster/vars.online.prod.yml index e115615d5..e406a7635 100644 --- a/playbooks/aws/openshift-cluster/vars.online.prod.yml +++ b/playbooks/aws/openshift-cluster/vars.online.prod.yml @@ -1,5 +1,5 @@ --- -ec2_image: ami-78756d10 +ec2_image: ami-9101c8fa ec2_image_name: libra-ops-rhel7* ec2_region: us-east-1 ec2_keypair: mmcgrath_libra diff --git a/playbooks/aws/openshift-cluster/vars.online.stage.yml b/playbooks/aws/openshift-cluster/vars.online.stage.yml index e115615d5..e406a7635 100644 --- a/playbooks/aws/openshift-cluster/vars.online.stage.yml +++ b/playbooks/aws/openshift-cluster/vars.online.stage.yml @@ -1,5 +1,5 @@ --- -ec2_image: ami-78756d10 +ec2_image: ami-9101c8fa ec2_image_name: libra-ops-rhel7* ec2_region: us-east-1 ec2_keypair: mmcgrath_libra diff --git a/playbooks/aws/openshift-master/config.yml b/playbooks/aws/openshift-master/config.yml deleted file mode 100644 index 37ab4fbe6..000000000 --- a/playbooks/aws/openshift-master/config.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Populate oo_masters_to_config host group - hosts: localhost - gather_facts: no - tasks: - - name: Evaluate oo_masters_to_config - add_host: - name: "{{ item }}" - groups: oo_masters_to_config - ansible_ssh_user: root - with_items: oo_host_group_exp | default([]) - -- include: ../../common/openshift-master/config.yml - vars: - openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: 4 - openshift_deployment_type: "{{ deployment_type }}" - openshift_hostname: "{{ ec2_private_ip_address }}" - openshift_public_hostname: "{{ ec2_ip_address }}" diff --git a/playbooks/aws/openshift-master/launch.yml b/playbooks/aws/openshift-master/launch.yml deleted file mode 100644 index 1cefad492..000000000 --- a/playbooks/aws/openshift-master/launch.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -- name: Launch instance(s) - hosts: localhost - connection: local - gather_facts: no - -# TODO: modify g_ami based on deployment_type - vars: - inst_region: us-east-1 - g_ami: ami-86781fee - user_data_file: user_data.txt - - tasks: - - name: Launch instances - ec2: - state: present - region: "{{ inst_region }}" - keypair: libra - group: ['public'] - instance_type: m3.large - image: "{{ g_ami }}" - count: "{{ oo_new_inst_names | length }}" - user_data: "{{ lookup('file', user_data_file) }}" - wait: yes - register: ec2 - - - name: Add new instances public IPs to the host group - add_host: "hostname={{ item.public_ip }} groupname=new_ec2_instances" - with_items: ec2.instances - - - name: Add Name and environment tags to instances - ec2_tag: "resource={{ item.1.id }} region={{ inst_region }} state=present" - with_together: - - oo_new_inst_names - - ec2.instances - args: - tags: - Name: "{{ item.0 }}" - - - name: Add other tags to instances - ec2_tag: resource={{ item.id }} region={{ inst_region }} state=present - with_items: ec2.instances - args: - tags: "{{ oo_new_inst_tags }}" - - - name: Add new instances public IPs to oo_masters_to_config - add_host: - hostname: "{{ item.0 }}" - ansible_ssh_host: "{{ item.1.dns_name }}" - groupname: oo_masters_to_config - ec2_private_ip_address: "{{ item.1.private_ip }}" - ec2_ip_address: "{{ item.1.public_ip }}" - with_together: - - oo_new_inst_names - - ec2.instances - - - name: Wait for ssh - wait_for: port=22 host={{ item.dns_name }} - with_items: ec2.instances - - - name: Wait for root user setup - command: "ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null root@{{ item.dns_name }} echo root user is setup" - register: result - until: result.rc == 0 - retries: 20 - delay: 10 - with_items: ec2.instances - -# Apply the configs, seprate so that just the configs can be run by themselves -- include: config.yml diff --git a/playbooks/aws/openshift-master/terminate.yml b/playbooks/aws/openshift-master/terminate.yml deleted file mode 100644 index 07d9961bc..000000000 --- a/playbooks/aws/openshift-master/terminate.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- include: ../terminate.yml diff --git a/playbooks/aws/openshift-node/config.yml b/playbooks/aws/openshift-node/config.yml deleted file mode 100644 index a993a1e99..000000000 --- a/playbooks/aws/openshift-node/config.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Populate oo_nodes_to_config and oo_first_master host groups - hosts: localhost - gather_facts: no - tasks: - - name: Evaluate oo_nodes_to_config - add_host: - name: "{{ item }}" - groups: oo_nodes_to_config - ansible_ssh_user: root - with_items: oo_host_group_exp | default([]) - - name: Evaluate oo_first_master - add_host: - name: "{{ groups['tag_env-host-type_' ~ cluster_id ~ '-openshift-master'][0] }}" - groups: oo_first_master - ansible_ssh_user: root - - -- include: ../../common/openshift-node/config.yml - vars: - openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: 4 - openshift_deployment_type: "{{ deployment_type }}" - openshift_first_master: "{{ groups.oo_first_master.0 }}" - openshift_hostname: "{{ ec2_private_ip_address }}" - openshift_public_hostname: "{{ ec2_ip_address }}" diff --git a/playbooks/aws/openshift-node/launch.yml b/playbooks/aws/openshift-node/launch.yml deleted file mode 100644 index e7d1f7310..000000000 --- a/playbooks/aws/openshift-node/launch.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -- name: Launch instance(s) - hosts: localhost - connection: local - gather_facts: no - -# TODO: modify g_ami based on deployment_type - vars: - inst_region: us-east-1 - g_ami: ami-86781fee - user_data_file: user_data.txt - - tasks: - - name: Launch instances - ec2: - state: present - region: "{{ inst_region }}" - keypair: libra - group: ['public'] - instance_type: m3.large - image: "{{ g_ami }}" - count: "{{ oo_new_inst_names | length }}" - user_data: "{{ lookup('file', user_data_file) }}" - wait: yes - register: ec2 - - - name: Add new instances public IPs to the host group - add_host: - hostname: "{{ item.public_ip }}" - groupname: new_ec2_instances" - with_items: ec2.instances - - - name: Add Name and environment tags to instances - ec2_tag: resource={{ item.1.id }} region={{ inst_region }} state=present - with_together: - - oo_new_inst_names - - ec2.instances - args: - tags: - Name: "{{ item.0 }}" - - - name: Add other tags to instances - ec2_tag: resource={{ item.id }} region={{ inst_region }} state=present - with_items: ec2.instances - args: - tags: "{{ oo_new_inst_tags }}" - - - name: Add new instances public IPs to oo_nodes_to_config - add_host: - hostname: "{{ item.0 }}" - ansible_ssh_host: "{{ item.1.dns_name }}" - groupname: oo_nodes_to_config - ec2_private_ip_address: "{{ item.1.private_ip }}" - ec2_ip_address: "{{ item.1.public_ip }}" - with_together: - - oo_new_inst_names - - ec2.instances - - - name: Wait for ssh - wait_for: port=22 host={{ item.dns_name }} - with_items: ec2.instances - - - name: Wait for root user setup - command: "ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null root@{{ item.dns_name }} echo root user is setup" - register: result - until: result.rc == 0 - retries: 20 - delay: 10 - with_items: ec2.instances - -# Apply the configs, seprate so that just the configs can be run by themselves -- include: config.yml diff --git a/playbooks/aws/openshift-node/roles b/playbooks/aws/openshift-node/roles deleted file mode 120000 index 20c4c58cf..000000000 --- a/playbooks/aws/openshift-node/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles
\ No newline at end of file diff --git a/playbooks/aws/openshift-node/terminate.yml b/playbooks/aws/openshift-node/terminate.yml deleted file mode 100644 index 07d9961bc..000000000 --- a/playbooks/aws/openshift-node/terminate.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- include: ../terminate.yml diff --git a/playbooks/aws/terminate.yml b/playbooks/aws/terminate.yml deleted file mode 100644 index e9767b260..000000000 --- a/playbooks/aws/terminate.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -- name: Populate oo_hosts_to_terminate host group - hosts: localhost - gather_facts: no - tasks: - - name: Evaluate oo_hosts_to_terminate - add_host: name={{ item }} groups=oo_hosts_to_terminate - with_items: oo_host_group_exp | default([]) - -- name: Gather dynamic inventory variables for hosts to terminate - hosts: oo_hosts_to_terminate - gather_facts: no - -- name: Terminate instances - hosts: localhost - connection: local - gather_facts: no - vars: - host_vars: "{{ hostvars - | oo_select_keys(groups['oo_hosts_to_terminate']) }}" - tasks: - - name: Remove tags from instances - ec2_tag: resource={{ item.ec2_id }} region={{ item.ec2_region }} state=absent - args: - tags: - env: "{{ item['ec2_tag_env'] }}" - host-type: "{{ item['ec2_tag_host-type'] }}" - env-host-type: "{{ item['ec2_tag_env-host-type'] }}" - with_items: host_vars - when: "'oo_hosts_to_terminate' in groups" - - - name: Terminate instances - ec2: - state: absent - instance_ids: ["{{ item.ec2_id }}"] - region: "{{ item.ec2_region }}" - ignore_errors: yes - register: ec2_term - with_items: host_vars - when: "'oo_hosts_to_terminate' in groups" - - # Fail if any of the instances failed to terminate with an error other - # than 403 Forbidden - - fail: msg=Terminating instance {{ item.item.ec2_id }} failed with message {{ item.msg }} - when: "'oo_hosts_to_terminate' in groups and item.failed and not item.msg | search(\"error: EC2ResponseError: 403 Forbidden\")" - with_items: ec2_term.results - - - name: Stop instance if termination failed - ec2: - state: stopped - instance_ids: ["{{ item.item.ec2_id }}"] - region: "{{ item.item.ec2_region }}" - register: ec2_stop - when: item.failed - with_items: ec2_term.results - when: "'oo_hosts_to_terminate' in groups" - - - name: Rename stopped instances - ec2_tag: resource={{ item.item.item.ec2_id }} region={{ item.item.item.ec2_region }} state=present - args: - tags: - Name: "{{ item.item.item.ec2_tag_Name }}-terminate" - with_items: ec2_stop.results - when: "'oo_hosts_to_terminate' in groups" diff --git a/playbooks/byo/config.yml b/playbooks/byo/config.yml index e059514db..7d03914a2 100644 --- a/playbooks/byo/config.yml +++ b/playbooks/byo/config.yml @@ -1,8 +1,2 @@ --- -- name: Run the openshift-master config playbook - include: openshift-master/config.yml - when: groups.masters is defined and groups.masters - -- name: Run the openshift-node config playbook - include: openshift-node/config.yml - when: groups.nodes is defined and groups.nodes and groups.masters is defined and groups.masters +- include: openshift-cluster/config.yml diff --git a/playbooks/byo/lookup_plugins b/playbooks/byo/lookup_plugins new file mode 120000 index 000000000..c528bcd1d --- /dev/null +++ b/playbooks/byo/lookup_plugins @@ -0,0 +1 @@ +../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml new file mode 100644 index 000000000..2ee1d50a7 --- /dev/null +++ b/playbooks/byo/openshift-cluster/config.yml @@ -0,0 +1,9 @@ +--- +- include: ../../common/openshift-cluster/config.yml + vars: + g_etcd_group: "{{ 'etcd' }}" + g_masters_group: "{{ 'masters' }}" + g_nodes_group: "{{ 'nodes' }}" + openshift_cluster_id: "{{ cluster_id | default('default') }}" + openshift_debug_level: 4 + openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/aws/openshift-master/filter_plugins b/playbooks/byo/openshift-cluster/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/aws/openshift-master/filter_plugins +++ b/playbooks/byo/openshift-cluster/filter_plugins diff --git a/playbooks/byo/openshift-cluster/lookup_plugins b/playbooks/byo/openshift-cluster/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/byo/openshift-cluster/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/aws/openshift-master/roles b/playbooks/byo/openshift-cluster/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/aws/openshift-master/roles +++ b/playbooks/byo/openshift-cluster/roles diff --git a/playbooks/byo/openshift-master/config.yml b/playbooks/byo/openshift-master/config.yml deleted file mode 100644 index f61d277c6..000000000 --- a/playbooks/byo/openshift-master/config.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Populate oo_masters_to_config host group - hosts: localhost - gather_facts: no - tasks: - - add_host: - name: "{{ item }}" - groups: oo_masters_to_config - with_items: groups['masters'] - -- include: ../../common/openshift-master/config.yml - vars: - openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_debug_level: 4 - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-master/filter_plugins b/playbooks/byo/openshift-master/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/byo/openshift-master/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-master/roles b/playbooks/byo/openshift-master/roles deleted file mode 120000 index 20c4c58cf..000000000 --- a/playbooks/byo/openshift-master/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles
\ No newline at end of file diff --git a/playbooks/byo/openshift-node/config.yml b/playbooks/byo/openshift-node/config.yml deleted file mode 100644 index f50903061..000000000 --- a/playbooks/byo/openshift-node/config.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Populate oo_nodes_to_config and oo_first_master host groups - hosts: localhost - gather_facts: no - tasks: - - name: Evaluate oo_nodes_to_config - add_host: - name: "{{ item }}" - groups: oo_nodes_to_config - with_items: groups.nodes - - name: Evaluate oo_first_master - add_host: - name: "{{ item }}" - groups: oo_first_master - with_items: groups.masters.0 - - -- include: ../../common/openshift-node/config.yml - vars: - openshift_first_master: "{{ groups.masters.0 }}" - openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_debug_level: 4 - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-node/filter_plugins b/playbooks/byo/openshift-node/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/byo/openshift-node/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-node/roles b/playbooks/byo/openshift-node/roles deleted file mode 120000 index 20c4c58cf..000000000 --- a/playbooks/byo/openshift-node/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 14ffa928f..0779cfe47 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,4 +1,65 @@ --- +- name: Populate config host groups + hosts: localhost + gather_facts: no + tasks: + - fail: + msg: This playbook rquires g_etcd_group to be set + when: g_etcd_group is not defined + + - fail: + msg: This playbook rquires g_masters_group to be set + when: g_masters_group is not defined + + - fail: + msg: This playbook rquires g_nodes_group to be set + when: g_nodes_group is not defined + + - name: Evaluate oo_etcd_to_config + add_host: + name: "{{ item }}" + groups: oo_etcd_to_config + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + with_items: groups[g_etcd_group] | default([]) + + - name: Evaluate oo_masters_to_config + add_host: + name: "{{ item }}" + groups: oo_masters_to_config + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + with_items: groups[g_masters_group] | default([]) + + - name: Evaluate oo_nodes_to_config + add_host: + name: "{{ item }}" + groups: oo_nodes_to_config + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + with_items: groups[g_nodes_group] | default([]) + + - name: Evaluate oo_first_etcd + add_host: + name: "{{ groups[g_etcd_group][0] }}" + groups: oo_first_etcd + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + when: g_etcd_group in groups and (groups[g_etcd_group] | length) > 0 + + - name: Evaluate oo_first_master + add_host: + name: "{{ groups[g_masters_group][0] }}" + groups: oo_first_master + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + when: g_masters_group in groups and (groups[g_masters_group] | length) > 0 + +- include: ../openshift-etcd/config.yml + - include: ../openshift-master/config.yml - include: ../openshift-node/config.yml + vars: + osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}" + osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}" diff --git a/playbooks/common/openshift-cluster/lookup_plugins b/playbooks/common/openshift-cluster/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/common/openshift-cluster/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/set_etcd_launch_facts_tasks.yml b/playbooks/common/openshift-cluster/set_etcd_launch_facts_tasks.yml new file mode 100644 index 000000000..1a6580795 --- /dev/null +++ b/playbooks/common/openshift-cluster/set_etcd_launch_facts_tasks.yml @@ -0,0 +1,13 @@ +--- +- set_fact: k8s_type="etcd" + +- name: Generate etcd instance names(s) + set_fact: + scratch_name: "{{ cluster_id }}-{{ k8s_type }}-{{ '%05x' | format(1048576 | random) }}" + register: etcd_names_output + with_sequence: count={{ num_etcd }} + +- set_fact: + etcd_names: "{{ etcd_names_output.results | default([]) + | oo_collect('ansible_facts') + | oo_collect('scratch_name') }}" diff --git a/playbooks/common/openshift-cluster/set_master_launch_facts_tasks.yml b/playbooks/common/openshift-cluster/set_master_launch_facts_tasks.yml index 118727273..36d7b7870 100644 --- a/playbooks/common/openshift-cluster/set_master_launch_facts_tasks.yml +++ b/playbooks/common/openshift-cluster/set_master_launch_facts_tasks.yml @@ -5,7 +5,9 @@ set_fact: scratch_name: "{{ cluster_id }}-{{ k8s_type }}-{{ '%05x' | format(1048576 | random) }}" register: master_names_output - with_sequence: start=1 end={{ num_masters }} + with_sequence: count={{ num_masters }} - set_fact: - master_names: "{{ master_names_output.results | oo_collect('ansible_facts') | oo_collect('scratch_name') }}" + master_names: "{{ master_names_output.results | default([]) + | oo_collect('ansible_facts') + | oo_collect('scratch_name') }}" diff --git a/playbooks/common/openshift-cluster/set_node_launch_facts_tasks.yml b/playbooks/common/openshift-cluster/set_node_launch_facts_tasks.yml index 162315d46..96e1a9a63 100644 --- a/playbooks/common/openshift-cluster/set_node_launch_facts_tasks.yml +++ b/playbooks/common/openshift-cluster/set_node_launch_facts_tasks.yml @@ -5,7 +5,9 @@ set_fact: scratch_name: "{{ cluster_id }}-{{ k8s_type }}-{{ '%05x' | format(1048576 | random) }}" register: node_names_output - with_sequence: start=1 end={{ num_nodes }} + with_sequence: count={{ num_nodes }} - set_fact: - node_names: "{{ node_names_output.results | oo_collect('ansible_facts') | oo_collect('scratch_name') }}" + node_names: "{{ node_names_output.results | default([]) + | oo_collect('ansible_facts') + | oo_collect('scratch_name') }}" diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml new file mode 100644 index 000000000..3cc561ba0 --- /dev/null +++ b/playbooks/common/openshift-etcd/config.yml @@ -0,0 +1,96 @@ +--- +- name: Set etcd facts needed for generating certs + hosts: oo_etcd_to_config + roles: + - openshift_facts + tasks: + - openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + hostname: "{{ openshift_hostname | default(None) }}" + public_hostname: "{{ openshift_public_hostname | default(None) }}" + deployment_type: "{{ openshift_deployment_type }}" + - name: Check status of etcd certificates + stat: + path: "{{ item }}" + with_items: + - /etc/etcd/server.crt + - /etc/etcd/peer.crt + - /etc/etcd/ca.crt + register: g_etcd_server_cert_stat_result + - set_fact: + etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | map(attribute='stat.exists') + | list | intersect([false])}}" + etcd_cert_subdir: etcd-{{ openshift.common.hostname }} + etcd_cert_config_dir: /etc/etcd + etcd_cert_prefix: + +- name: Create temp directory for syncing certs + hosts: localhost + connection: local + sudo: false + gather_facts: no + tasks: + - name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX + register: g_etcd_mktemp + changed_when: False + +- name: Configure etcd certificates + hosts: oo_first_etcd + vars: + etcd_generated_certs_dir: /etc/etcd/generated_certs + etcd_needing_server_certs: "{{ hostvars + | oo_select_keys(groups['oo_etcd_to_config']) + | oo_filter_list(filter_attr='etcd_server_certs_missing') }}" + sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}" + roles: + - etcd_certificates + post_tasks: + - name: Create a tarball of the etcd certs + command: > + tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz + -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} . + args: + creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" + with_items: etcd_needing_server_certs + - name: Retrieve the etcd cert tarballs + fetch: + src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" + dest: "{{ sync_tmpdir }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + with_items: etcd_needing_server_certs + +- name: Configure etcd hosts + hosts: oo_etcd_to_config + vars: + sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}" + etcd_url_scheme: https + etcd_peer_url_scheme: https + etcd_peers_group: oo_etcd_to_config + pre_tasks: + - name: Ensure certificate directory exists + file: + path: "{{ etcd_cert_config_dir }}" + state: directory + - name: Unarchive the tarball on the etcd host + unarchive: + src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ etcd_cert_config_dir }}" + when: etcd_server_certs_missing + roles: + - etcd + +- name: Delete temporary directory on localhost + hosts: localhost + connection: local + sudo: false + gather_facts: no + tasks: + - file: name={{ g_etcd_mktemp.stdout }} state=absent + changed_when: False diff --git a/playbooks/aws/openshift-node/filter_plugins b/playbooks/common/openshift-etcd/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/aws/openshift-node/filter_plugins +++ b/playbooks/common/openshift-etcd/filter_plugins diff --git a/playbooks/common/openshift-etcd/lookup_plugins b/playbooks/common/openshift-etcd/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/common/openshift-etcd/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-etcd/roles b/playbooks/common/openshift-etcd/roles new file mode 120000 index 000000000..e2b799b9d --- /dev/null +++ b/playbooks/common/openshift-etcd/roles @@ -0,0 +1 @@ +../../../roles/
\ No newline at end of file diff --git a/playbooks/common/openshift-etcd/service.yml b/playbooks/common/openshift-etcd/service.yml new file mode 100644 index 000000000..0bf69b22f --- /dev/null +++ b/playbooks/common/openshift-etcd/service.yml @@ -0,0 +1,18 @@ +--- +- name: Populate g_service_masters host group if needed + hosts: localhost + gather_facts: no + tasks: + - fail: msg="new_cluster_state is required to be injected in this playbook" + when: new_cluster_state is not defined + + - name: Evaluate g_service_etcd + add_host: name={{ item }} groups=g_service_etcd + with_items: oo_host_group_exp | default([]) + +- name: Change etcd state on etcd instance(s) + hosts: g_service_etcd + connection: ssh + gather_facts: no + tasks: + - service: name=etcd state="{{ new_cluster_state }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 29c4d9c5c..3956128e1 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -1,19 +1,214 @@ --- +- name: Set master facts and determine if external etcd certs need to be generated + hosts: oo_masters_to_config + pre_tasks: + - set_fact: + openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}" + openshift_master_etcd_hosts: "{{ hostvars + | oo_select_keys(groups['oo_etcd_to_config'] + | default([])) + | oo_collect('openshift.common.hostname') + | default(none, true) }}" + roles: + - openshift_facts + post_tasks: + - openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + hostname: "{{ openshift_hostname | default(None) }}" + public_hostname: "{{ openshift_public_hostname | default(None) }}" + deployment_type: "{{ openshift_deployment_type }}" + - role: master + local_facts: + api_port: "{{ openshift_master_api_port | default(None) }}" + api_url: "{{ openshift_master_api_url | default(None) }}" + api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}" + public_api_url: "{{ openshift_master_public_api_url | default(None) }}" + console_path: "{{ openshift_master_console_path | default(None) }}" + console_port: "{{ openshift_master_console_port | default(None) }}" + console_url: "{{ openshift_master_console_url | default(None) }}" + console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" + public_console_url: "{{ openshift_master_public_console_url | default(None) }}" + - name: Check status of external etcd certificatees + stat: + path: "/etc/openshift/master/{{ item }}" + with_items: + - master.etcd-client.crt + - master.etcd-ca.crt + register: g_external_etcd_cert_stat_result + - set_fact: + etcd_client_certs_missing: "{{ g_external_etcd_cert_stat_result.results + | map(attribute='stat.exists') + | list | intersect([false])}}" + etcd_cert_subdir: openshift-master-{{ openshift.common.hostname }} + etcd_cert_config_dir: /etc/openshift/master + etcd_cert_prefix: master.etcd- + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config + +- name: Create temp directory for syncing certs + hosts: localhost + connection: local + sudo: false + gather_facts: no + tasks: + - name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX + register: g_master_mktemp + changed_when: False + +- name: Configure etcd certificates + hosts: oo_first_etcd + vars: + etcd_generated_certs_dir: /etc/etcd/generated_certs + etcd_needing_client_certs: "{{ hostvars + | oo_select_keys(groups['oo_masters_to_config']) + | oo_filter_list(filter_attr='etcd_client_certs_missing') }}" + sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" + roles: + - etcd_certificates + post_tasks: + - name: Create a tarball of the etcd certs + command: > + tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz + -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} . + args: + creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" + with_items: etcd_needing_client_certs + - name: Retrieve the etcd cert tarballs + fetch: + src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" + dest: "{{ sync_tmpdir }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + with_items: etcd_needing_client_certs + +- name: Copy the external etcd certs to the masters + hosts: oo_masters_to_config + vars: + sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" + tasks: + - name: Ensure certificate directory exists + file: + path: /etc/openshift/master + state: directory + when: etcd_client_certs_missing is defined and etcd_client_certs_missing + - name: Unarchive the tarball on the master + unarchive: + src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ etcd_cert_config_dir }}" + when: etcd_client_certs_missing is defined and etcd_client_certs_missing + - file: + path: "{{ etcd_cert_config_dir }}/{{ item }}" + owner: root + group: root + mode: 0600 + with_items: + - master.etcd-client.crt + - master.etcd-client.key + - master.etcd-ca.crt + when: etcd_client_certs_missing is defined and etcd_client_certs_missing + +- name: Determine if master certificates need to be generated + hosts: oo_masters_to_config + tasks: + - set_fact: + openshift_master_certs_no_etcd: + - admin.crt + - master.kubelet-client.crt + - master.server.crt + - openshift-master.crt + - openshift-registry.crt + - openshift-router.crt + - etcd.server.crt + openshift_master_certs_etcd: + - master.etcd-client.crt + - set_fact: + openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd)) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else openshift_master_certs_no_etcd }}" + + - name: Check status of master certificates + stat: + path: "/etc/openshift/master/{{ item }}" + with_items: openshift_master_certs + register: g_master_cert_stat_result + - set_fact: + master_certs_missing: "{{ g_master_cert_stat_result.results + | map(attribute='stat.exists') + | list | intersect([false])}}" + master_cert_subdir: master-{{ openshift.common.hostname }} + master_cert_config_dir: /etc/openshift/master + +- name: Configure master certificates + hosts: oo_first_master + vars: + master_generated_certs_dir: /etc/openshift/generated-configs + masters_needing_certs: "{{ hostvars + | oo_select_keys(groups['oo_masters_to_config'] | difference(groups['oo_first_master'])) + | oo_filter_list(filter_attr='master_certs_missing') }}" + sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" + roles: + - openshift_master_certificates + post_tasks: + - name: Create a tarball of the master certs + command: > + tar -czvf {{ master_generated_certs_dir }}/{{ item.master.cert_subdir }}.tgz + -C {{ master_generated_certs_dir }}/{{ item.master.cert_subdir }} . + args: + creates: "{{ master_generated_certs_dir }}/{{ item.master.cert_subdir }}.tgz" + with_items: masters_needing_certs + - name: Retrieve the master cert tarball from the master + fetch: + src: "{{ master_generated_certs_dir }}/{{ item.master.cert_subdir }}.tgz" + dest: "{{ sync_tmpdir }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + with_items: masters_needing_certs + - name: Configure master instances hosts: oo_masters_to_config + vars: + sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" + pre_tasks: + - name: Ensure certificate directory exists + file: + path: /etc/openshift/master + state: directory + when: master_certs_missing and 'oo_first_master' not in group_names + - name: Unarchive the tarball on the master + unarchive: + src: "{{ sync_tmpdir }}/{{ master_cert_subdir }}.tgz" + dest: "{{ master_cert_config_dir }}" + when: master_certs_missing and 'oo_first_master' not in group_names roles: - openshift_master - - openshift_examples - role: fluentd_master when: openshift.common.use_fluentd | bool - tasks: + post_tasks: - name: Create group for deployment type group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }} changed_when: False +- name: Deploy OpenShift examples + hosts: oo_first_master + roles: + - openshift_examples + # Additional instance config for online deployments - name: Additional instance config hosts: oo_masters_deployment_type_online roles: - pods - os_env_extras + +- name: Delete temporary directory on localhost + hosts: localhost + connection: local + sudo: false + gather_facts: no + tasks: + - file: name={{ g_master_mktemp.stdout }} state=absent + changed_when: False diff --git a/playbooks/common/openshift-master/lookup_plugins b/playbooks/common/openshift-master/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/common/openshift-master/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 2d2560db4..bd35008b8 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -18,21 +18,18 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - resources_cpu: "{{ openshift_node_resources_cpu | default(None) }}" - resources_memory: "{{ openshift_node_resources_memory | default(None) }}" - pod_cidr: "{{ openshift_node_pod_cidr | default(None) }}" labels: "{{ openshift_node_labels | default(None) }}" annotations: "{{ openshift_node_annotations | default(None) }}" - name: Check status of node certificates stat: - path: "{{ item }}" + path: "/etc/openshift/node/{{ item }}" with_items: - - "/etc/openshift/node/system:node:{{ openshift.common.hostname }}.crt" - - "/etc/openshift/node/system:node:{{ openshift.common.hostname }}.key" - - "/etc/openshift/node/system:node:{{ openshift.common.hostname }}.kubeconfig" - - "/etc/openshift/node/ca.crt" - - "/etc/openshift/node/server.key" - - "/etc/openshift/node/server.crt" + - "system:node:{{ openshift.common.hostname }}.crt" + - "system:node:{{ openshift.common.hostname }}.key" + - "system:node:{{ openshift.common.hostname }}.kubeconfig" + - ca.crt + - server.key + - server.crt register: stat_result - set_fact: certs_missing: "{{ stat_result.results | map(attribute='stat.exists') @@ -56,10 +53,9 @@ hosts: oo_first_master vars: nodes_needing_certs: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) + | oo_select_keys(groups['oo_nodes_to_config'] + | default([])) | oo_filter_list(filter_attr='certs_missing') }}" - openshift_nodes: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) }}" sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" roles: - openshift_node_certificates @@ -86,7 +82,7 @@ hosts: oo_nodes_to_config vars: sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" - openshift_node_master_api_url: "{{ hostvars[openshift_first_master].openshift.master.api_url }}" + openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" pre_tasks: - name: Ensure certificate directory exists file: @@ -110,15 +106,6 @@ group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }} changed_when: False -- name: Delete the temporary directory on the master - hosts: oo_first_master - gather_facts: no - vars: - sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" - tasks: - - file: name={{ sync_tmpdir }} state=absent - changed_when: False - - name: Delete temporary directory on localhost hosts: localhost connection: local @@ -135,3 +122,23 @@ roles: - os_env_extras - os_env_extras_node + +- name: Set scheduleability + hosts: oo_first_master + vars: + openshift_nodes: "{{ hostvars + | oo_select_keys(groups['oo_nodes_to_config']) + | oo_collect('openshift.common.hostname') }}" + openshift_unscheduleable_nodes: "{{ hostvars + | oo_select_keys(groups['oo_nodes_to_config'] + | default([])) + | oo_collect('openshift.common.hostname', {'openshift_scheduleable': False}) }}" + pre_tasks: + - set_fact: + openshift_scheduleable_nodes: "{{ hostvars + | oo_select_keys(groups['oo_nodes_to_config'] + | default([])) + | oo_collect('openshift.common.hostname') + | difference(openshift_unscheduleable_nodes) }}" + roles: + - openshift_manage_node diff --git a/playbooks/common/openshift-node/lookup_plugins b/playbooks/common/openshift-node/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/common/openshift-node/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/gce/openshift-cluster/config.yml b/playbooks/gce/openshift-cluster/config.yml index 8c320dbd2..219ebe6a0 100644 --- a/playbooks/gce/openshift-cluster/config.yml +++ b/playbooks/gce/openshift-cluster/config.yml @@ -1,38 +1,24 @@ --- # TODO: fix firewall related bug with GCE and origin, since GCE is overriding # /etc/sysconfig/iptables -- name: Populate oo_masters_to_config host group - hosts: localhost + +- hosts: localhost gather_facts: no vars_files: - vars.yml tasks: - - name: Evaluate oo_masters_to_config - add_host: - name: "{{ item }}" - groups: oo_masters_to_config - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups["tag_env-host-type-{{ cluster_id }}-openshift-master"] | default([]) - - name: Evaluate oo_nodes_to_config - add_host: - name: "{{ item }}" - groups: oo_nodes_to_config - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups["tag_env-host-type-{{ cluster_id }}-openshift-node"] | default([]) - - name: Evaluate oo_first_master - add_host: - name: "{{ groups['tag_env-host-type-' ~ cluster_id ~ '-openshift-master'][0] }}" - groups: oo_first_master - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - when: "'tag_env-host-type-{{ cluster_id }}-openshift-master' in groups" + - set_fact: + g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" - include: ../../common/openshift-cluster/config.yml vars: + g_etcd_group: "{{ 'tag_env-host-type-' ~ cluster_id ~ '-openshift-etcd' }}" + g_masters_group: "{{ 'tag_env-host-type-' ~ cluster_id ~ '-openshift-master' }}" + g_nodes_group: "{{ 'tag_env-host-type-' ~ cluster_id ~ '-openshift-node' }}" + g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" + g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: 4 openshift_deployment_type: "{{ deployment_type }}" - openshift_first_master: "{{ groups.oo_first_master.0 }}" openshift_hostname: "{{ gce_private_ip }}" diff --git a/playbooks/gce/openshift-cluster/lookup_plugins b/playbooks/gce/openshift-cluster/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/gce/openshift-cluster/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/gce/openshift-cluster/update.yml b/playbooks/gce/openshift-cluster/update.yml index 9ebf39a13..8096aa654 100644 --- a/playbooks/gce/openshift-cluster/update.yml +++ b/playbooks/gce/openshift-cluster/update.yml @@ -11,7 +11,9 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups["tag_env-host-type-{{ cluster_id }}-openshift-master"] | union(groups["tag_env-host-type-{{ cluster_id }}-openshift-node"]) | default([]) + with_items: (groups["tag_env-host-type-{{ cluster_id }}-openshift-master"] | default([])) + | union(groups["tag_env-host-type-{{ cluster_id }}-openshift-node"] | default([])) + | union(groups["tag_env-host-type-{{ cluster_id }}-openshift-etcd"] | default([])) - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/gce/openshift-master/config.yml b/playbooks/gce/openshift-master/config.yml deleted file mode 100644 index af6000bc8..000000000 --- a/playbooks/gce/openshift-master/config.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Populate oo_masters_to_config host group - hosts: localhost - gather_facts: no - tasks: - - name: Evaluate oo_masters_to_config - add_host: - name: "{{ item }}" - groups: oo_masters_to_config - ansible_ssh_user: root - with_items: oo_host_group_exp | default([]) - -- include: ../../common/openshift-master/config.yml - vars: - openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: 4 - openshift_deployment_type: "{{ deployment_type }}" - openshift_hostname: "{{ gce_private_ip }}" diff --git a/playbooks/gce/openshift-master/filter_plugins b/playbooks/gce/openshift-master/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/gce/openshift-master/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/gce/openshift-master/launch.yml b/playbooks/gce/openshift-master/launch.yml deleted file mode 100644 index ef10b6cf0..000000000 --- a/playbooks/gce/openshift-master/launch.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# TODO: when we are ready to go to ansible 1.9+ support only, we can update to -# the gce task to use the disk_auto_delete parameter to avoid having to delete -# the disk as a separate step on termination - -- name: Launch instance(s) - hosts: localhost - connection: local - gather_facts: no - -# TODO: modify image based on deployment_type - vars: - inst_names: "{{ oo_new_inst_names }}" - machine_type: n1-standard-1 - image: libra-rhel7 - - tasks: - - name: Launch instances - gce: - instance_names: "{{ inst_names }}" - machine_type: "{{ machine_type }}" - image: "{{ image }}" - service_account_email: "{{ gce_service_account_email }}" - pem_file: "{{ gce_pem_file }}" - project_id: "{{ gce_project_id }}" - tags: "{{ oo_new_inst_tags }}" - register: gce - - - name: Add new instances public IPs to oo_masters_to_config - add_host: - hostname: "{{ item.name }}" - ansible_ssh_host: "{{ item.public_ip }}" - groupname: oo_masters_to_config - gce_private_ip: "{{ item.private_ip }}" - with_items: gce.instance_data - - - name: Wait for ssh - wait_for: port=22 host={{ item.public_ip }} - with_items: gce.instance_data - - - name: Wait for root user setup - command: "ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null root@{{ item.public_ip }} echo root user is setup" - register: result - until: result.rc == 0 - retries: 20 - delay: 10 - with_items: gce.instance_data - - -# Apply the configs, separate so that just the configs can be run by themselves -- include: config.yml diff --git a/playbooks/gce/openshift-master/roles b/playbooks/gce/openshift-master/roles deleted file mode 120000 index 20c4c58cf..000000000 --- a/playbooks/gce/openshift-master/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles
\ No newline at end of file diff --git a/playbooks/gce/openshift-master/terminate.yml b/playbooks/gce/openshift-master/terminate.yml deleted file mode 100644 index 452ac5199..000000000 --- a/playbooks/gce/openshift-master/terminate.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: Populate oo_masters_to_terminate host group if needed - hosts: localhost - gather_facts: no - tasks: - - name: Evaluate oo_masters_to_terminate - add_host: name={{ item }} groups=oo_masters_to_terminate - with_items: oo_host_group_exp | default([]) - -- name: Terminate master instances - hosts: localhost - connection: local - gather_facts: no - tasks: - - name: Terminate master instances - gce: - service_account_email: "{{ gce_service_account_email }}" - pem_file: "{{ gce_pem_file }}" - project_id: "{{ gce_project_id }}" - state: 'absent' - instance_names: "{{ groups['oo_masters_to_terminate'] }}" - disks: "{{ groups['oo_masters_to_terminate'] }}" - register: gce - when: "'oo_masters_to_terminate' in groups" - - - name: Remove disks of instances - gce_pd: - service_account_email: "{{ gce_service_account_email }}" - pem_file: "{{ gce_pem_file }}" - project_id: "{{ gce_project_id }}" - name: "{{ item }}" - zone: "{{ gce.zone }}" - state: absent - with_items: gce.instance_names - when: "'oo_masters_to_terminate' in groups" diff --git a/playbooks/gce/openshift-node/config.yml b/playbooks/gce/openshift-node/config.yml deleted file mode 100644 index 54b0da2ca..000000000 --- a/playbooks/gce/openshift-node/config.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Populate oo_nodes_to_config and oo_first_master host groups - hosts: localhost - gather_facts: no - tasks: - - name: Evaluate oo_nodes_to_config - add_host: - name: "{{ item }}" - groups: oo_nodes_to_config - ansible_ssh_user: root - with_items: oo_host_group_exp | default([]) - - name: Evaluate oo_first_master - add_host: - name: "{{ groups['tag_env-host-type-' ~ cluster_id ~ '-openshift-master'][0] }}" - groups: oo_first_master - ansible_ssh_user: root - - -- include: ../../common/openshift-node/config.yml - vars: - openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: 4 - openshift_deployment_type: "{{ deployment_type }}" - openshift_first_master: "{{ groups.oo_first_master.0 }}" - openshift_hostname: "{{ gce_private_ip }}" diff --git a/playbooks/gce/openshift-node/filter_plugins b/playbooks/gce/openshift-node/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/gce/openshift-node/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/gce/openshift-node/launch.yml b/playbooks/gce/openshift-node/launch.yml deleted file mode 100644 index 086ba58bc..000000000 --- a/playbooks/gce/openshift-node/launch.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# TODO: when we are ready to go to ansible 1.9+ support only, we can update to -# the gce task to use the disk_auto_delete parameter to avoid having to delete -# the disk as a separate step on termination - -- name: Launch instance(s) - hosts: localhost - connection: local - gather_facts: no - -# TODO: modify image based on deployment_type - vars: - inst_names: "{{ oo_new_inst_names }}" - machine_type: n1-standard-1 - image: libra-rhel7 - - tasks: - - name: Launch instances - gce: - instance_names: "{{ inst_names }}" - machine_type: "{{ machine_type }}" - image: "{{ image }}" - service_account_email: "{{ gce_service_account_email }}" - pem_file: "{{ gce_pem_file }}" - project_id: "{{ gce_project_id }}" - tags: "{{ oo_new_inst_tags }}" - register: gce - - - name: Add new instances public IPs to oo_nodes_to_config - add_host: - hostname: "{{ item.name }}" - ansible_ssh_host: "{{ item.public_ip }}" - groupname: oo_nodes_to_config - gce_private_ip: "{{ item.private_ip }}" - with_items: gce.instance_data - - - name: Wait for ssh - wait_for: port=22 host={{ item.public_ip }} - with_items: gce.instance_data - - - name: Wait for root user setup - command: "ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null root@{{ item.public_ip }} echo root user is setup" - register: result - until: result.rc == 0 - retries: 20 - delay: 10 - with_items: gce.instance_data - - -# Apply the configs, separate so that just the configs can be run by themselves -- include: config.yml diff --git a/playbooks/gce/openshift-node/roles b/playbooks/gce/openshift-node/roles deleted file mode 120000 index 20c4c58cf..000000000 --- a/playbooks/gce/openshift-node/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles
\ No newline at end of file diff --git a/playbooks/gce/openshift-node/terminate.yml b/playbooks/gce/openshift-node/terminate.yml deleted file mode 100644 index 357e0c295..000000000 --- a/playbooks/gce/openshift-node/terminate.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: Populate oo_nodes_to_terminate host group if needed - hosts: localhost - gather_facts: no - tasks: - - name: Evaluate oo_nodes_to_terminate - add_host: name={{ item }} groups=oo_nodes_to_terminate - with_items: oo_host_group_exp | default([]) - -- name: Terminate node instances - hosts: localhost - connection: local - gather_facts: no - tasks: - - name: Terminate node instances - gce: - service_account_email: "{{ gce_service_account_email }}" - pem_file: "{{ gce_pem_file }}" - project_id: "{{ gce_project_id }}" - state: 'absent' - instance_names: "{{ groups['oo_nodes_to_terminate'] }}" - disks: "{{ groups['oo_nodes_to_terminate'] }}" - register: gce - when: "'oo_nodes_to_terminate' in groups" - - - name: Remove disks of instances - gce_pd: - service_account_email: "{{ gce_service_account_email }}" - pem_file: "{{ gce_pem_file }}" - project_id: "{{ gce_project_id }}" - name: "{{ item }}" - zone: "{{ gce.zone }}" - state: absent - with_items: gce.instance_names - when: "'oo_nodes_to_terminate' in groups" diff --git a/playbooks/libvirt/openshift-cluster/config.yml b/playbooks/libvirt/openshift-cluster/config.yml index 75e2005a2..98fe11251 100644 --- a/playbooks/libvirt/openshift-cluster/config.yml +++ b/playbooks/libvirt/openshift-cluster/config.yml @@ -3,37 +3,22 @@ # is localhost, so no hostname value (or public_hostname) value is getting # assigned -- name: Populate oo_masters_to_config host group - hosts: localhost +- hosts: localhost gather_facts: no vars_files: - vars.yml tasks: - - name: Evaluate oo_masters_to_config - add_host: - name: "{{ item }}" - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: oo_masters_to_config - with_items: groups["tag_env-host-type-{{ cluster_id }}-openshift-master"] | default([]) - - name: Evaluate oo_nodes_to_config - add_host: - name: "{{ item }}" - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: oo_nodes_to_config - with_items: groups["tag_env-host-type-{{ cluster_id }}-openshift-node"] | default([]) - - name: Evaluate oo_first_master - add_host: - name: "{{ groups['tag_env-host-type-' ~ cluster_id ~ '-openshift-master'][0] }}" - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: oo_first_master - when: "'tag_env-host-type-{{ cluster_id }}-openshift-master' in groups" + - set_fact: + g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" - include: ../../common/openshift-cluster/config.yml vars: + g_etcd_group: "{{ 'tag_env-host-type-' ~ cluster_id ~ '-openshift-etcd' }}" + g_masters_group: "{{ 'tag_env-host-type-' ~ cluster_id ~ '-openshift-master' }}" + g_nodes_group: "{{ 'tag_env-host-type-' ~ cluster_id ~ '-openshift-node' }}" + g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" + g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: 4 openshift_deployment_type: "{{ deployment_type }}" - openshift_first_master: "{{ groups.oo_first_master.0 }}" diff --git a/playbooks/libvirt/openshift-cluster/lookup_plugins b/playbooks/libvirt/openshift-cluster/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/libvirt/openshift-cluster/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml index 8291192ab..4cb494056 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml @@ -14,6 +14,7 @@ url: '{{ image_url }}' sha256sum: '{{ image_sha256 }}' dest: '{{ os_libvirt_storage_pool_path }}/{{ image_name }}' + when: '{{ ( lookup("oo_option", "skip_image_download") | default("no", True) | lower ) in ["false", "no"] }}' - name: Create the cloud-init config drive path file: diff --git a/playbooks/libvirt/openshift-cluster/update.yml b/playbooks/libvirt/openshift-cluster/update.yml index 57e36db9e..d09832c16 100644 --- a/playbooks/libvirt/openshift-cluster/update.yml +++ b/playbooks/libvirt/openshift-cluster/update.yml @@ -11,7 +11,9 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups["tag_env-host-type-{{ cluster_id }}-openshift-master"] | union(groups["tag_env-host-type-{{ cluster_id }}-openshift-node"]) | default([]) + with_items: (groups["tag_env-host-type-{{ cluster_id }}-openshift-master"] | default([])) + | union(groups["tag_env-host-type-{{ cluster_id }}-openshift-node"] | default([])) + | union(groups["tag_env-host-type-{{ cluster_id }}-openshift-etcd"] | default([])) - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/libvirt/openshift-cluster/vars.yml b/playbooks/libvirt/openshift-cluster/vars.yml index 65d954fee..e3c8cd8d0 100644 --- a/playbooks/libvirt/openshift-cluster/vars.yml +++ b/playbooks/libvirt/openshift-cluster/vars.yml @@ -7,9 +7,12 @@ libvirt_uri: 'qemu:///system' deployment_vars: origin: image: - url: "http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2" - name: CentOS-7-x86_64-GenericCloud.qcow2 - sha256: e324e3ab1d24a1bbf035ddb365e7f9058c0b454acf48d7aa15c5519fae5998ab + url: "{{ lookup('oo_option', 'image_url') | + default('http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2', True) }}" + name: "{{ lookup('oo_option', 'image_name') | + default('CentOS-7-x86_64-GenericCloud.qcow2', True) }}" + sha256: "{{ lookup('oo_option', 'image_sha256') | + default('e324e3ab1d24a1bbf035ddb365e7f9058c0b454acf48d7aa15c5519fae5998ab', True) }}" ssh_user: openshift sudo: yes online: diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml index abadaf5ca..3c9a231e3 100644 --- a/playbooks/openstack/openshift-cluster/config.yml +++ b/playbooks/openstack/openshift-cluster/config.yml @@ -1,35 +1,20 @@ -- name: Populate oo_masters_to_config host group - hosts: localhost +- hosts: localhost gather_facts: no vars_files: - vars.yml tasks: - - name: Evaluate oo_masters_to_config - add_host: - name: "{{ item }}" - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: oo_masters_to_config - with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-master"] | default([]) - - name: Evaluate oo_nodes_to_config - add_host: - name: "{{ item }}" - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: oo_nodes_to_config - with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-node"] | default([]) - - name: Evaluate oo_first_master - add_host: - name: "{{ groups['tag_env-host-type_' ~ cluster_id ~ '-openshift-master'][0] }}" - ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: oo_first_master - when: "'tag_env-host-type_{{ cluster_id }}-openshift-master' in groups" + - set_fact: + g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" - include: ../../common/openshift-cluster/config.yml vars: + g_etcd_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-etcd' }}" + g_masters_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-master' }}" + g_nodes_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-node' }}" + g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" + g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: 4 openshift_deployment_type: "{{ deployment_type }}" - openshift_first_master: "{{ groups.oo_first_master.0 }}" openshift_hostname: "{{ ansible_default_ipv4.address }}" diff --git a/playbooks/openstack/openshift-cluster/lookup_plugins b/playbooks/openstack/openshift-cluster/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/openstack/openshift-cluster/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/openstack/openshift-cluster/update.yml b/playbooks/openstack/openshift-cluster/update.yml index 5e7ab4e58..e006aa74a 100644 --- a/playbooks/openstack/openshift-cluster/update.yml +++ b/playbooks/openstack/openshift-cluster/update.yml @@ -11,7 +11,9 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups["tag_env-host-type_{{ cluster_id }}-openshift-master"] | union(groups["tag_env-host-type_{{ cluster_id }}-openshift-node"]) | default([]) + with_items: (groups["tag_env-host-type_{{ cluster_id }}-openshift-master"] | default([])) + | union(groups["tag_env-host-type_{{ cluster_id }}-openshift-node"] | default([])) + | union(groups["tag_env-host-type_{{ cluster_id }}-openshift-etcd"] | default([])) - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml index c754f19fc..1ae7c17d2 100644 --- a/playbooks/openstack/openshift-cluster/vars.yml +++ b/playbooks/openstack/openshift-cluster/vars.yml @@ -1,27 +1,36 @@ --- -openstack_infra_heat_stack: "{{ opt_infra_heat_stack | default('files/heat_stack.yml') }}" -openstack_network_prefix: "{{ opt_network_prefix | default('openshift-ansible-'+cluster_id) }}" -openstack_network_cidr: "{{ opt_net_cidr | default('192.168.' + ( ( 1048576 | random % 256 ) | string() ) + '.0/24') }}" -openstack_network_external_net: "{{ opt_external_net | default('external') }}" -openstack_floating_ip_pools: "{{ opt_floating_ip_pools | default('external') | oo_split() }}" -openstack_network_dns: "{{ opt_dns | default('8.8.8.8,8.8.4.4') | oo_split() }}" -openstack_ssh_keypair: "{{ opt_keypair | default(lookup('env', 'LOGNAME')+'_key') }}" -openstack_ssh_public_key: "{{ lookup('file', opt_public_key | default('~/.ssh/id_rsa.pub')) }}" -openstack_ssh_access_from: "{{ opt_ssh_from | default('0.0.0.0/0') }}" +openstack_infra_heat_stack: "{{ lookup('oo_option', 'infra_heat_stack' ) | + default('files/heat_stack.yml', True) }}" +openstack_network_prefix: "{{ lookup('oo_option', 'network_prefix' ) | + default('openshift-ansible-'+cluster_id, True) }}" +openstack_network_cidr: "{{ lookup('oo_option', 'net_cidr' ) | + default('192.168.' + ( ( 1048576 | random % 256 ) | string() ) + '.0/24', True) }}" +openstack_network_external_net: "{{ lookup('oo_option', 'external_net' ) | + default('external', True) }}" +openstack_floating_ip_pools: "{{ lookup('oo_option', 'floating_ip_pools') | + default('external', True) | oo_split() }}" +openstack_network_dns: "{{ lookup('oo_option', 'dns' ) | + default('8.8.8.8,8.8.4.4', True) | oo_split() }}" +openstack_ssh_keypair: "{{ lookup('oo_option', 'keypair' ) | + default(lookup('env', 'LOGNAME')+'_key', True) }}" +openstack_ssh_public_key: "{{ lookup('file', lookup('oo_option', 'public_key') | + default('~/.ssh/id_rsa.pub', True)) }}" +openstack_ssh_access_from: "{{ lookup('oo_option', 'ssh_from') | + default('0.0.0.0/0', True) }}" openstack_flavor: master: - ram: "{{ opt_master_flavor_ram | default(2048) }}" - id: "{{ opt_master_flavor_id | default() }}" - include: "{{ opt_master_flavor_include | default() }}" + ram: "{{ lookup('oo_option', 'master_flavor_ram' ) | default(2048, True) }}" + id: "{{ lookup('oo_option', 'master_flavor_id' ) | default(True) }}" + include: "{{ lookup('oo_option', 'master_flavor_include') | default(True) }}" node: - ram: "{{ opt_node_flavor_ram | default(4096) }}" - id: "{{ opt_node_flavor_id | default() }}" - include: "{{ opt_node_flavor_include | default() }}" + ram: "{{ lookup('oo_option', 'node_flavor_ram' ) | default(4096, True) }}" + id: "{{ lookup('oo_option', 'node_flavor_id' ) | default(True) }}" + include: "{{ lookup('oo_option', 'node_flavor_include' ) | default(True) }}" deployment_vars: origin: image: - name: "{{ opt_image_name | default('centos-70-raw') }}" + name: "{{ lookup('oo_option', 'image_name') | default('centos-70-raw', True) }}" id: ssh_user: openshift sudo: yes @@ -33,7 +42,7 @@ deployment_vars: sudo: no enterprise: image: - name: "{{ opt_image_name | default('centos-70-raw') }}" + name: "{{ lookup('oo_option', 'image_name') | default('rhel-guest-image-7.1-20150224.0.x86_64', True) }}" id: ssh_user: openshift sudo: yes diff --git a/roles/etcd/README.md b/roles/etcd/README.md new file mode 100644 index 000000000..49207c428 --- /dev/null +++ b/roles/etcd/README.md @@ -0,0 +1,39 @@ +Role Name +========= + +Configures an etcd cluster for an arbitrary number of hosts + +Requirements +------------ + +This role assumes it's being deployed on a RHEL/Fedora based host with package +named 'etcd' available via yum. + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +None + +Example Playbook +---------------- + + - hosts: etcd + roles: + - { etcd } + +License +------- + +MIT + +Author Information +------------------ + +Scott Dodson <sdodson@redhat.com> +Adapted from https://github.com/retr0h/ansible-etcd for use on RHEL/Fedora. We +should at some point submit a PR to merge this with that module. diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml new file mode 100644 index 000000000..0fb45f37c --- /dev/null +++ b/roles/etcd/defaults/main.yaml @@ -0,0 +1,31 @@ +--- +etcd_interface: eth0 +etcd_client_port: 2379 +etcd_peer_port: 2380 +etcd_peers_group: etcd +etcd_url_scheme: http +etcd_peer_url_scheme: http +etcd_conf_dir: /etc/etcd +etcd_ca_file: "{{ etcd_conf_dir }}/ca.crt" +etcd_cert_file: "{{ etcd_conf_dir }}/server.crt" +etcd_key_file: "{{ etcd_conf_dir }}/server.key" +etcd_peer_ca_file: "{{ etcd_conf_dir }}/ca.crt" +etcd_peer_cert_file: "{{ etcd_conf_dir }}/peer.crt" +etcd_peer_key_file: "{{ etcd_conf_dir }}/peer.key" + +etcd_initial_cluster_state: new +etcd_initial_cluster_token: etcd-cluster-1 + +etcd_initial_advertise_peer_urls: "{{ etcd_peer_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }}" +etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }}" +etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_client_port }}" +etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_client_port }}" + +etcd_data_dir: /var/lib/etcd/ + +os_firewall_use_firewalld: False +os_firewall_allow: +- service: etcd + port: "{{etcd_client_port}}/tcp" +- service: etcd peering + port: "{{ etcd_peer_port }}/tcp" diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml new file mode 100644 index 000000000..b897913f9 --- /dev/null +++ b/roles/etcd/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart etcd + service: name=etcd state=restarted diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml new file mode 100644 index 000000000..82b1a62b8 --- /dev/null +++ b/roles/etcd/meta/main.yml @@ -0,0 +1,19 @@ +--- +# This module is based on https://github.com/retr0h/ansible-etcd with most +# changes centered around installing from a pre-existing rpm +# TODO: Extend https://github.com/retr0h/ansible-etcd rather than forking +galaxy_info: + author: Scott Dodson + description: etcd management + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: os_firewall } diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml new file mode 100644 index 000000000..79a91dfde --- /dev/null +++ b/roles/etcd/tasks/main.yml @@ -0,0 +1,52 @@ +--- +- name: Install etcd + yum: pkg=etcd state=present + +- name: Validate permissions on the config dir + file: + path: "{{ etcd_conf_dir }}" + state: directory + owner: etcd + group: etcd + mode: 0700 + +- name: Validate permissions on certificate files + file: + path: "{{ item }}" + mode: 0600 + group: etcd + owner: etcd + when: etcd_url_scheme == 'https' + with_items: + - "{{ etcd_ca_file }}" + - "{{ etcd_cert_file }}" + - "{{ etcd_key_file }}" + +- name: Validate permissions on peer certificate files + file: + path: "{{ item }}" + mode: 0600 + group: etcd + owner: etcd + when: etcd_peer_url_scheme == 'https' + with_items: + - "{{ etcd_peer_ca_file }}" + - "{{ etcd_peer_cert_file }}" + - "{{ etcd_peer_key_file }}" + +- name: Write etcd global config file + template: + src: etcd.conf.j2 + dest: /etc/etcd/etcd.conf + notify: + - restart etcd + +- name: Enable etcd + service: + name: etcd + state: started + enabled: yes + register: start_result + +- pause: seconds=30 + when: start_result | changed diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2 new file mode 100644 index 000000000..801be2c97 --- /dev/null +++ b/roles/etcd/templates/etcd.conf.j2 @@ -0,0 +1,52 @@ +{% macro initial_cluster() -%} +{% for host in groups[etcd_peers_group] -%} +{% if loop.last -%} +{{ host }}={{ etcd_peer_url_scheme }}://{{ hostvars[host]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }} +{%- else -%} +{{ host }}={{ etcd_peer_url_scheme }}://{{ hostvars[host]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }}, +{%- endif -%} +{% endfor -%} +{% endmacro -%} + +{% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 1 %} +ETCD_NAME={{ inventory_hostname }} +ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }} +{% else %} +ETCD_NAME=default +{% endif %} +ETCD_DATA_DIR={{ etcd_data_dir }} +#ETCD_SNAPSHOT_COUNTER="10000" +#ETCD_HEARTBEAT_INTERVAL="100" +#ETCD_ELECTION_TIMEOUT="1000" +ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }} +#ETCD_MAX_SNAPSHOTS="5" +#ETCD_MAX_WALS="5" +#ETCD_CORS="" + +{% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 1 %} +#[cluster] +ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }} +ETCD_INITIAL_CLUSTER={{ initial_cluster() }} +ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }} +ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }} +#ETCD_DISCOVERY="" +#ETCD_DISCOVERY_SRV="" +#ETCD_DISCOVERY_FALLBACK="proxy" +#ETCD_DISCOVERY_PROXY="" +{% endif %} +ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }} + +#[proxy] +#ETCD_PROXY="off" + +#[security] +{% if etcd_url_scheme == 'https' -%} +ETCD_CA_FILE={{ etcd_ca_file }} +ETCD_CERT_FILE={{ etcd_cert_file }} +ETCD_KEY_FILE={{ etcd_key_file }} +{% endif -%} +{% if etcd_peer_url_scheme == 'https' -%} +ETCD_PEER_CA_FILE={{ etcd_peer_ca_file }} +ETCD_PEER_CERT_FILE={{ etcd_peer_cert_file }} +ETCD_PEER_KEY_FILE={{ etcd_peer_key_file }} +{% endif -%} diff --git a/roles/etcd_ca/README.md b/roles/etcd_ca/README.md new file mode 100644 index 000000000..60a880e30 --- /dev/null +++ b/roles/etcd_ca/README.md @@ -0,0 +1,34 @@ +etcd_ca +======================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Scott Dodson (sdodson@redhat.com) diff --git a/roles/etcd_ca/meta/main.yml b/roles/etcd_ca/meta/main.yml new file mode 100644 index 000000000..ce909b992 --- /dev/null +++ b/roles/etcd_ca/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: openshift_facts } diff --git a/roles/etcd_ca/tasks/main.yml b/roles/etcd_ca/tasks/main.yml new file mode 100644 index 000000000..ab151fe5b --- /dev/null +++ b/roles/etcd_ca/tasks/main.yml @@ -0,0 +1,44 @@ +--- +- file: + path: "{{ etcd_ca_dir }}/{{ item }}" + state: directory + mode: 0700 + owner: root + group: root + with_items: + - certs + - crl + - fragments + +- command: cp /etc/pki/tls/openssl.cnf ./ + args: + chdir: "{{ etcd_ca_dir }}/fragments" + creates: "{{ etcd_ca_dir }}/fragments/openssl.cnf" + +- template: + dest: "{{ etcd_ca_dir }}/fragments/openssl_append.cnf" + src: openssl_append.j2 + +- assemble: + src: "{{ etcd_ca_dir }}/fragments" + dest: "{{ etcd_ca_dir }}/openssl.cnf" + +- command: touch index.txt + args: + chdir: "{{ etcd_ca_dir }}" + creates: "{{ etcd_ca_dir }}/index.txt" + +- copy: + dest: "{{ etcd_ca_dir }}/serial" + content: "01" + force: no + +- command: > + openssl req -config openssl.cnf -newkey rsa:4096 + -keyout ca.key -new -out ca.crt -x509 -extensions etcd_v3_ca_self + -batch -nodes -subj /CN=etcd-signer@{{ ansible_date_time.epoch }} + args: + chdir: "{{ etcd_ca_dir }}" + creates: "{{ etcd_ca_dir }}/ca.crt" + environment: + SAN: '' diff --git a/roles/etcd_ca/templates/openssl_append.j2 b/roles/etcd_ca/templates/openssl_append.j2 new file mode 100644 index 000000000..de2adaead --- /dev/null +++ b/roles/etcd_ca/templates/openssl_append.j2 @@ -0,0 +1,51 @@ + +[ etcd_v3_req ] +basicConstraints = critical,CA:FALSE +keyUsage = digitalSignature,keyEncipherment +subjectAltName = ${ENV::SAN} + +[ etcd_ca ] +dir = {{ etcd_ca_dir }} +crl_dir = $dir/crl +database = $dir/index.txt +new_certs_dir = $dir/certs +certificate = $dir/ca.crt +serial = $dir/serial +private_key = $dir/ca.key +crl_number = $dir/crlnumber +x509_extensions = etcd_v3_ca_client +default_days = 365 +default_md = sha256 +preserve = no +name_opt = ca_default +cert_opt = ca_default +policy = policy_anything +unique_subject = no +copy_extensions = copy + +[ etcd_v3_ca_self ] +authorityKeyIdentifier = keyid,issuer +basicConstraints = critical,CA:TRUE,pathlen:0 +keyUsage = critical,digitalSignature,keyEncipherment,keyCertSign +subjectKeyIdentifier = hash + +[ etcd_v3_ca_peer ] +authorityKeyIdentifier = keyid,issuer:always +basicConstraints = critical,CA:FALSE +extendedKeyUsage = clientAuth,serverAuth +keyUsage = digitalSignature,keyEncipherment +subjectKeyIdentifier = hash + +[ etcd_v3_ca_server ] +authorityKeyIdentifier = keyid,issuer:always +basicConstraints = critical,CA:FALSE +extendedKeyUsage = serverAuth +keyUsage = digitalSignature,keyEncipherment +subjectKeyIdentifier = hash + +[ etcd_v3_ca_client ] +authorityKeyIdentifier = keyid,issuer:always +basicConstraints = critical,CA:FALSE +extendedKeyUsage = clientAuth +keyUsage = digitalSignature,keyEncipherment +subjectKeyIdentifier = hash diff --git a/roles/etcd_ca/vars/main.yml b/roles/etcd_ca/vars/main.yml new file mode 100644 index 000000000..901e95027 --- /dev/null +++ b/roles/etcd_ca/vars/main.yml @@ -0,0 +1,3 @@ +--- +etcd_conf_dir: /etc/etcd +etcd_ca_dir: /etc/etcd/ca diff --git a/roles/etcd_certificates/README.md b/roles/etcd_certificates/README.md new file mode 100644 index 000000000..95f8f8aab --- /dev/null +++ b/roles/etcd_certificates/README.md @@ -0,0 +1,34 @@ +OpenShift etcd certificates +======================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Scott Dodson (sdodson@redhat.com) diff --git a/roles/etcd_certificates/meta/main.yml b/roles/etcd_certificates/meta/main.yml new file mode 100644 index 000000000..41370fab4 --- /dev/null +++ b/roles/etcd_certificates/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: etcd_ca } diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml new file mode 100644 index 000000000..28f33f442 --- /dev/null +++ b/roles/etcd_certificates/tasks/client.yml @@ -0,0 +1,42 @@ +--- +- name: Ensure generated_certs directory present + file: + path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + state: directory + mode: 0700 + with_items: etcd_needing_client_certs + +- name: Create the client csr + command: > + openssl req -new -keyout {{ item.etcd_cert_prefix }}client.key + -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}client.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ item.openshift.common.hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'client.csr' }}" + environment: + SAN: "IP:{{ item.openshift.common.ip }}" + with_items: etcd_needing_client_certs + +- name: Sign and create the client crt + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}client.crt + -in {{ item.etcd_cert_prefix }}client.csr + -batch + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'client.crt' }}" + environment: + SAN: '' + with_items: etcd_needing_client_certs + +- file: + src: "{{ etcd_ca_cert }}" + dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" + state: hard + with_items: etcd_needing_client_certs diff --git a/roles/etcd_certificates/tasks/main.yml b/roles/etcd_certificates/tasks/main.yml new file mode 100644 index 000000000..da875e8ea --- /dev/null +++ b/roles/etcd_certificates/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- include: client.yml + when: etcd_needing_client_certs is defined and etcd_needing_client_certs + +- include: server.yml + when: etcd_needing_server_certs is defined and etcd_needing_server_certs + + + diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml new file mode 100644 index 000000000..727b7fa2c --- /dev/null +++ b/roles/etcd_certificates/tasks/server.yml @@ -0,0 +1,73 @@ +--- +- name: Ensure generated_certs directory present + file: + path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + state: directory + mode: 0700 + with_items: etcd_needing_server_certs + +- name: Create the server csr + command: > + openssl req -new -keyout {{ item.etcd_cert_prefix }}server.key + -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}server.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ item.openshift.common.hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'server.csr' }}" + environment: + SAN: "IP:{{ item.openshift.common.ip }}" + with_items: etcd_needing_server_certs + +- name: Sign and create the server crt + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}server.crt + -in {{ item.etcd_cert_prefix }}server.csr + -extensions {{ etcd_ca_exts_server }} -batch + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'server.crt' }}" + environment: + SAN: '' + with_items: etcd_needing_server_certs + +- name: Create the peer csr + command: > + openssl req -new -keyout {{ item.etcd_cert_prefix }}peer.key + -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}peer.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ item.openshift.common.hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'peer.csr' }}" + environment: + SAN: "IP:{{ item.openshift.common.ip }}" + with_items: etcd_needing_server_certs + +- name: Sign and create the peer crt + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}peer.crt + -in {{ item.etcd_cert_prefix }}peer.csr + -extensions {{ etcd_ca_exts_peer }} -batch + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'peer.crt' }}" + environment: + SAN: '' + with_items: etcd_needing_server_certs + +- file: + src: "{{ etcd_ca_cert }}" + dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" + state: hard + with_items: etcd_needing_server_certs + + diff --git a/roles/etcd_certificates/vars/main.yml b/roles/etcd_certificates/vars/main.yml new file mode 100644 index 000000000..0eaeeb82b --- /dev/null +++ b/roles/etcd_certificates/vars/main.yml @@ -0,0 +1,11 @@ +--- +etcd_conf_dir: /etc/etcd +etcd_ca_dir: /etc/etcd/ca +etcd_generated_certs_dir: /etc/etcd/generated_certs +etcd_ca_cert: "{{ etcd_ca_dir }}/ca.crt" +etcd_ca_key: "{{ etcd_ca_dir }}/ca.key" +etcd_openssl_conf: "{{ etcd_ca_dir }}/openssl.cnf" +etcd_ca_name: etcd_ca +etcd_req_ext: etcd_v3_req +etcd_ca_exts_peer: etcd_v3_ca_peer +etcd_ca_exts_server: etcd_v3_ca_server diff --git a/roles/openshift_examples/README.md b/roles/openshift_examples/README.md index 787624ab6..7d8735a0a 100644 --- a/roles/openshift_examples/README.md +++ b/roles/openshift_examples/README.md @@ -4,6 +4,10 @@ OpenShift Examples Installs example image streams, db-templates, and quickstart-templates by copying examples from this module to your first master and importing them with oc create -n into the openshift namespace +The examples-sync.sh script can be used to pull the latest content from github +and stage it for updating the ansible repo. This script is not used directly by +ansible. + Requirements ------------ diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index 0f8e9f7ee..3246790aa 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -3,7 +3,7 @@ openshift_examples_load_centos: "{{ openshift_deployment_type != 'enterprise' }}" openshift_examples_load_rhel: "{{ openshift_deployment_type == 'enterprise' }}" openshift_examples_load_db_templates: true -openshift_examples_load_xpaas: false +openshift_examples_load_xpaas: "{{ openshift_deployment_type == 'enterprise' }}" openshift_examples_load_quickstarts: true examples_base: /usr/share/openshift/examples diff --git a/roles/openshift_examples/templates.sh b/roles/openshift_examples/examples-sync.sh index 4f3050494..12d3bc263 100755 --- a/roles/openshift_examples/templates.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -1,5 +1,10 @@ #!/bin/bash +# Utility script to update the ansible repo with the latest templates and image +# streams from several github repos +# +# This script should be run from openshift-ansible/roles/openshift_examples + EXAMPLES_BASE=$(pwd)/files/examples find files/examples -name '*.json' -delete TEMP=`mktemp -d` @@ -26,6 +31,6 @@ cp nodejs-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ cp dancer-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ cp cakephp-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ mv application-templates-master/jboss-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/ -find application-templates-master/ -name '*.json' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \; +find application-templates-master/ -name '*.json' ! -wholename '*secret*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \; popd git diff files/examples diff --git a/roles/openshift_examples/files/examples/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/xpaas-streams/jboss-image-streams.json index 425cc3e0f..37e6269fe 100644 --- a/roles/openshift_examples/files/examples/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/xpaas-streams/jboss-image-streams.json @@ -81,7 +81,7 @@ "name": "jboss-amq-6" }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-amq-6/amq-openshift:6.2", + "dockerImageRepository": "registry.access.redhat.com/jboss-amq-6/amq-openshift", "tags": [ { "name": "6.2", @@ -95,63 +95,6 @@ } ] } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "jboss-mysql-55", - "annotations": { - "description": "Provides MySQL 5.5 images for use with JBoss Middleware products." - } - }, - "spec": { - "dockerImageRepository": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7", - "tags": [ - { - "name": "latest", - "dockerImageReference": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest" - } - ] - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "jboss-postgresql-92", - "annotations": { - "description": "Provides PostgreSQL 9.2 images for use with JBoss Middleware products." - } - }, - "spec": { - "dockerImageRepository": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7", - "tags": [ - { - "name": "latest", - "dockerImageReference": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest" - } - ] - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "jboss-mongodb-24", - "annotations": { - "description": "Provides MongoDB 2.4 images for use with JBoss Middleware products." - } - }, - "spec": { - "dockerImageRepository": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7", - "tags": [ - { - "name": "latest", - "dockerImageReference": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest" - } - ] - } } ] } diff --git a/roles/openshift_examples/files/examples/xpaas-templates/amq6-persistent.json b/roles/openshift_examples/files/examples/xpaas-templates/amq6-persistent.json index 00b63ce8c..c0925b453 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/amq6-persistent.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/amq6-persistent.json @@ -64,6 +64,21 @@ "name": "AMQ_ADMIN_PASSWORD", "from": "[a-zA-Z0-9]{8}", "generate": "expression" + }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret" + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts" + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks" } ], "objects": [ @@ -258,6 +273,7 @@ ], "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-amq-6:${AMQ_RELEASE}" } } @@ -276,11 +292,23 @@ } }, "spec": { + "serviceAccount": "amq-service-account", "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "registry.access.redhat.com/jboss-amq-6/amq-openshift:${AMQ_RELEASE}", + "image": "jboss-amq-6", "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + }, + { + "mountPath": "/opt/amq/data/kahadb", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], "readinessProbe": { "exec": { "command": [ @@ -327,12 +355,6 @@ "protocol": "TCP" } ], - "volumeMounts": [ - { - "mountPath": "/opt/amq/data/kahadb", - "name": "${APPLICATION_NAME}-amq-pvol" - } - ], "env": [ { "name": "AMQ_USER", @@ -361,12 +383,30 @@ { "name": "AMQ_ADMIN_PASSWORD", "value": "${AMQ_ADMIN_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" } ] } ], "volumes": [ { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + }, + { "name": "${APPLICATION_NAME}-amq-pvol", "persistentVolumeClaim": { "claimName": "${APPLICATION_NAME}-amq-claim" diff --git a/roles/openshift_examples/files/examples/xpaas-templates/amq6.json b/roles/openshift_examples/files/examples/xpaas-templates/amq6.json index 0bb1b0651..63ec9a235 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/amq6.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/amq6.json @@ -59,6 +59,21 @@ "name": "AMQ_ADMIN_PASSWORD", "from": "[a-zA-Z0-9]{8}", "generate": "expression" + }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret" + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts" + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks" } ], "objects": [ @@ -253,6 +268,7 @@ ], "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-amq-6:${AMQ_RELEASE}" } } @@ -271,11 +287,19 @@ } }, "spec": { + "serviceAccount": "amq-service-account", "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "registry.access.redhat.com/jboss-amq-6/amq-openshift:${AMQ_RELEASE}", + "image": "jboss-amq-6", "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + } + ], "readinessProbe": { "exec": { "command": [ @@ -354,9 +378,29 @@ { "name": "AMQ_MESH_SERVICE_NAME", "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" } ] } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + } ] } } diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap-app-secret.json b/roles/openshift_examples/files/examples/xpaas-templates/eap-app-secret.json deleted file mode 100644 index cfe038048..000000000 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap-app-secret.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "kind": "List", - "apiVersion": "v1", - "metadata": {}, - "items": [ - { - "kind": "ServiceAccount", - "apiVersion": "v1", - "metadata": { - "name": "eap-service-account" - }, - "secrets": [ - { - "name": "eap-app-secret" - } - ] - }, - { - "kind": "Secret", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Default secret file with name 'jboss' and password 'mykeystorepass'" - }, - "name": "eap-app-secret" - }, - "data": { - "keystore.jks": "/u3+7QAAAAIAAAABAAAAAQAFamJvc3MAAAFNbVtLLAAABQMwggT/MA4GCisGAQQBKgIRAQEFAASCBOsxl4wqa+E+XP8+qMZY9XLhvKrRX8V1MHdwFZQaLTEVURCizqYXoMnbhtfV0oMAUFsE7013TTA9Q2l+pSs+cqz6HH/vwjEEIkqJx5wD8WcD/bu9e9F9EHQ+zrjZFmpMFvXsvj9+ux1o/YLBDGY3kd4MoDcJy0yJ/ZpzNYLkXanlrMhWqxC7MAliCBsdyVgNn5RFb4Nn+JZgJuNSIGo/K292+0IFaFv9vsXbX889W9HPCvfO0mQIzoy8In0NhzdKli/67y4kbDkWaI0fRONckZTxNpxn6rMc0nN9zKrGVToLxj1Ufcoj/tCvR8agtPpv7KIWUqBYDg83ad+i4EE5XYISovlsl6RmtrrTb39PJcL86+wJ+x2ZrLuyzh6C9sAOdSBiKt/DY97ICIYltRMrb+cNwWdnJvT+PeYvv3vKo7YThha+akoJDjsWMp1HWpbIC9zg9ZjugU+/ao6nHtmoZmCaYjLuEE+sYl5s179uyQjE3LRc+0cVY2+bYCOD6P6JLH9GdfjkR40OhjryiWy2Md6vAGaATh6kjjreRHfSie4KCgIZx9Ngb1+uAwauYSM8d9OIwT5lRmLd4Go9CaFXtFdq/IZv3x5ZEPVqMjxcq0KXcs1QcfK3oSYL/rrkxXxKFTrd0N3KgvwATWx/KS90tdHBg65dF3PpBjK1AYQL3Q7KV3t45SVyYHd92TUsaduY1nUQk4TukNC8l9f8xYVeOFXoFHZRx9edqn8fjDMmCYn5PTPNuMPHQm7nKxeWhV2URY5jt774gmvHLNcXeEgrM7US81wOvs2y1jY/paJWn+OACf2x2a75MWFFkZH67bZoh9pPWAwOUEtegXTL5QVicHjzZrop8Qb7K7hlGgD0RP5YYOFYF4DD+SL5BHKr6fw/LS6MMJaK1wKsJd0oGg9HcHXjph9Kb+mqXrQ54C1KI42LpFftU3DCg8wGoqvg/zO/UtVeHX3rBZDUIkeQrCULEkki9oL5diDxe9mNx9Qua5FJ6FJGIffQmsC4b0+Xys6NyqUu1aeWLcAPA/5hcs6ZTiSRTHTBe3vxapyBjnAL5uij4ILbWbEGH1e0mAHBeiihRx+w4oxH4OGCvXOhwIDHETLJJUcnJe1CouECdqdfVy/eEsIfiEheVs8OwogJLiWgzB7PoebXM4SKsAWL3NcDtC1LV3KuPgFuTDH7MjPIR83eSxkKlJLMNGfEpUHyg+lm7aJ98PVIS+l1YV9oUzLfbo3S6S2sMjVgyviS90vNIPo5JOTEFHsg5aWJNHL0OV4zRUeILzwwdQz+VkTk9DobnkLWUeLnwUNWheOpaQh79Mk0IfwfLj4D0Vx9p+PShKKZCGs0wjckmCFBM5Pc1x2lwMdaP5yATzrw+jUc+/3UY4PF/4Ya66m/DRsBKEcXjVAHcTce6OdNdGlBNT8VgkxPiylwO8hvyvpf6j+wdb9iXi6eOnk0AiEJ6mUAXs/eyDD/cqQjnUBKRGLQUSdHhvtpw8RfvyVhAAxNOnBsOT0WYol9iK6pSclGTF5mZleASRzZhH69GgdebfFhXimb0j/wYj3uLgf6mrKMDwlrXJ80SiWkXxd5TX/7XtB9lbPzNpaR12M8U8UVg16VOtMwCR2Gss2vmhqQnQFLsUsAKcYM0TRp1pWqbzpGebCvJkVWiIYocN3ZI1csAhGX3G86ewAAAAEABVguNTA5AAADeTCCA3UwggJdoAMCAQICBGekovEwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMB4XDTE1MDUxOTE4MDYxOFoXDTE1MDgxNzE4MDYxOFowazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0zbGtem+If//jw0OTszIcpX4ydOCC0PeqktulYkm4pG0qEVBB+HuMj7yeTBc1KCDl2xm+Q6LPeTzUufk7BXFEg4Ru1l3PSW70LyJBfHy5ns0dYE5M1I0Avv9rvjgC1VTsiBmdXh+tIIQDPknIKpWpcs79XPOURGLvuGjfyj08EZWFvAZzYrk3lKwkceDHpYYb5i+zxFRz5K6of/h9gQ9CzslqNd7uxxvyy/yTtNFk2J797Vk3hKtbiATqc9+egEHcEQrzADejPYol5ke3DA1NPRBqFGku5n215i2eYzYvVV1xmifID/3lzvNWN0bWlOxl74VsPnWa/2JPP3hZ6p5QIDAQABoyEwHzAdBgNVHQ4EFgQURLJKk/gaSrMjDyX8iYtCzPtTBqAwDQYJKoZIhvcNAQELBQADggEBAA4ESTKsWevv40hFv11t+lGNHT16u8Xk+WnvB4Ko5sZjVhvRWTTKOEBE5bDYfMhf0esn8gg0B4Qtm4Rb5t9PeaG/0d6xxD0BIV6eWihJVtEGOH47Wf/UzfC88fqoIxZ6MMBPik/WeafvOK+HIHfZSwAmqlXgl4nNVDdMNHtBhNAvikL3osxrSbqdi3eyI7rqSpb41Lm9v+PF+vZTOGRQf22Gq30/Ie85DlqugtRKimWHJYL2HeL4ywTtQKgde6JDRCOHwbDcsl6CbMjugt3yyI7Yo9EJdKb5p6YoVOpnCz7369W9Uim+Xrl2ELZWM5WTiQFxd6S36Ql2TUk+s8zj/GoN9ov0Y/yNNCxAibwyzo94N+Q4vA==" - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-persistent-sti.json index 2a9c06bee..0790d6546 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-persistent-sti.json @@ -28,9 +28,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -144,7 +144,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -168,7 +168,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -242,7 +242,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -262,7 +262,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -302,6 +302,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -502,6 +503,7 @@ ], "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-amq-6:${AMQ_RELEASE}" } } @@ -523,7 +525,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "registry.access.redhat.com/jboss-amq-6/amq-openshift:${AMQ_RELEASE}", + "image": "jboss-amq-6", "imagePullPolicy": "Always", "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-sti.json index e96eef6f7..a0505f81e 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-sti.json @@ -28,9 +28,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -139,7 +139,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -163,7 +163,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -237,7 +237,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -257,7 +257,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -297,6 +297,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -497,6 +498,7 @@ ], "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-amq-6:${AMQ_RELEASE}" } } @@ -518,7 +520,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "registry.access.redhat.com/jboss-amq-6/amq-openshift:${AMQ_RELEASE}", + "image": "jboss-amq-6", "imagePullPolicy": "Always", "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-basic-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-basic-sti.json index 7148d8fd7..d894deda0 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-basic-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-basic-sti.json @@ -23,23 +23,24 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", - "name": "GIT_URI" + "name": "GIT_URI", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts" }, { "description": "Git branch/tag reference", "name": "GIT_REF", - "value": "master" + "value": "6.4.x" }, { "description": "Path within Git project to build; empty for root project directory.", "name": "GIT_CONTEXT_DIR", - "value": "" + "value": "kitchensink" }, { "description": "Queue names", @@ -52,26 +53,6 @@ "value": "" }, { - "description": "The name of the secret containing the keystore file", - "name": "EAP_HTTPS_SECRET", - "value": "eap-app-secret" - }, - { - "description": "The name of the keystore file within the secret", - "name": "EAP_HTTPS_KEYSTORE", - "value": "keystore.jks" - }, - { - "description": "The name associated with the server certificate", - "name": "EAP_HTTPS_NAME", - "value": "" - }, - { - "description": "The password for the keystore and certificate", - "name": "EAP_HTTPS_PASSWORD", - "value": "" - }, - { "description": "HornetQ cluster admin password", "name": "HORNETQ_CLUSTER_PASSWORD", "from": "[a-zA-Z0-9]{8}", @@ -106,7 +87,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -121,30 +102,6 @@ "spec": { "ports": [ { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-https-service", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { "port": 8888, "targetPort": 8888 } @@ -180,30 +137,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https-route", - "metadata": { - "name": "${APPLICATION_NAME}-https-route", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${APPLICATION_HOSTNAME}", - "to": { - "name": "${APPLICATION_NAME}-https-service" - }, - "tls": { - "termination" : "passthrough" + "name": "${APPLICATION_NAME}" } } }, @@ -240,6 +174,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -310,19 +245,11 @@ } }, "spec": { - "serviceAccount": "eap-service-account", "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", - "volumeMounts": [ - { - "name": "eap-keystore-volume", - "mountPath": "/etc/eap-secret-volume", - "readOnly": true - } - ], "readinessProbe": { "exec": { "command": [ @@ -339,11 +266,6 @@ "protocol": "TCP" }, { - "name": "${APPLICATION_NAME}-tcp-8443", - "containerPort": 8443, - "protocol": "TCP" - }, - { "name": "${APPLICATION_NAME}-ping-8888", "containerPort": 8888, "protocol": "TCP" @@ -359,22 +281,6 @@ "value": "8888" }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", - "value": "/etc/eap-secret-volume" - }, - { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${EAP_HTTPS_KEYSTORE}" - }, - { - "name": "EAP_HTTPS_NAME", - "value": "${EAP_HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${EAP_HTTPS_PASSWORD}" - }, - { "name": "HORNETQ_CLUSTER_PASSWORD", "value": "${HORNETQ_CLUSTER_PASSWORD}" }, @@ -388,14 +294,6 @@ } ] } - ], - "volumes": [ - { - "name": "eap-keystore-volume", - "secret": { - "secretName": "${EAP_HTTPS_SECRET}" - } - } ] } } diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-https-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-https-sti.json new file mode 100644 index 000000000..14585d60f --- /dev/null +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-https-sti.json @@ -0,0 +1,407 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-jboss", + "description": "Application template for EAP 6 applications built using STI." + }, + "name": "eap6-basic-sti" + }, + "labels": { + "template": "eap6-basic-sti" + }, + "parameters": [ + { + "description": "EAP Release version, e.g. 6.4, etc.", + "name": "EAP_RELEASE", + "value": "6.4" + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app" + }, + { + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "APPLICATION_HOSTNAME", + "value": "" + }, + { + "description": "Git source URI for application", + "name": "GIT_URI", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts" + }, + { + "description": "Git branch/tag reference", + "name": "GIT_REF", + "value": "6.4.x" + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "GIT_CONTEXT_DIR", + "value": "kitchensink" + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "" + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "" + }, + { + "description": "The name of the secret containing the keystore file", + "name": "EAP_HTTPS_SECRET", + "value": "eap-app-secret" + }, + { + "description": "The name of the keystore file within the secret", + "name": "EAP_HTTPS_KEYSTORE", + "value": "keystore.jks" + }, + { + "description": "The name associated with the server certificate", + "name": "EAP_HTTPS_NAME", + "value": "" + }, + { + "description": "The password for the keystore and certificate", + "name": "EAP_HTTPS_PASSWORD", + "value": "" + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Github trigger secret", + "name": "GITHUB_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8888, + "targetPort": 8888 + } + ], + "portalIP": "None", + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-ping", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Ping service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http-route", + "metadata": { + "name": "${APPLICATION_NAME}-http-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https-route", + "metadata": { + "name": "${APPLICATION_NAME}-https-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination" : "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${GIT_URI}", + "ref": "${GIT_REF}" + }, + "contextDir":"${GIT_CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "openshift", + "name": "jboss-eap6-openshift:${EAP_RELEASE}" + } + } + }, + "output": { + "to": { + "name": "${APPLICATION_NAME}" + } + }, + "triggers": [ + { + "type": "github", + "github": { + "secret": "${GITHUB_TRIGGER_SECRET}" + } + }, + { + "type": "generic", + "generic": { + "secret": "${GENERIC_TRIGGER_SECRET}" + } + }, + { + "type": "imageChange", + "imageChange": {} + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "eap-service-account", + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "${APPLICATION_NAME}-tcp-8080", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "${APPLICATION_NAME}-tcp-8443", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "${APPLICATION_NAME}-ping-8888", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", + "value": "${APPLICATION_NAME}-ping" + }, + { + "name": "OPENSHIFT_DNS_PING_SERVICE_PORT", + "value": "8888" + }, + { + "name": "EAP_HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "EAP_HTTPS_KEYSTORE", + "value": "${EAP_HTTPS_KEYSTORE}" + }, + { + "name": "EAP_HTTPS_NAME", + "value": "${EAP_HTTPS_NAME}" + }, + { + "name": "EAP_HTTPS_PASSWORD", + "value": "${EAP_HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${EAP_HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-persistent-sti.json index 03cfbb11e..13d4289ae 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-persistent-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -87,6 +87,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -151,7 +163,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -175,7 +187,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -249,7 +261,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -269,7 +281,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -309,6 +321,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -444,6 +457,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", "value": "${APPLICATION_NAME}-ping" }, @@ -517,7 +542,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -538,7 +564,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-sti.json index 39f5a5a62..690b918a1 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -82,6 +82,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -146,7 +158,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -170,7 +182,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -244,7 +256,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -264,7 +276,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -304,6 +316,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -439,6 +452,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", "value": "${APPLICATION_NAME}-ping" }, @@ -512,7 +537,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -533,7 +559,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-persistent-sti.json index 0fa4421c6..27062596f 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -87,6 +87,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -153,7 +165,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -177,7 +189,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -251,7 +263,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -271,7 +283,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -311,6 +323,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -443,7 +456,19 @@ }, { "name": "TX_DATABASE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB" + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" }, { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", @@ -519,7 +544,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -540,7 +566,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-sti.json index 981e16cef..69537e697 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -82,6 +82,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -148,7 +160,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -172,7 +184,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -246,7 +258,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -266,7 +278,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -306,6 +318,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -441,6 +454,18 @@ "value": "${APPLICATION_NAME}-mysql=DB" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", "value": "${APPLICATION_NAME}-ping" }, @@ -514,7 +539,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -535,7 +561,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-persistent-sti.json index 409ba5165..1325e26de 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -87,6 +87,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -141,7 +153,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -165,7 +177,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -239,7 +251,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -259,7 +271,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -299,6 +311,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -434,6 +447,18 @@ "value": "${APPLICATION_NAME}-postgresql=DB" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", "value": "${APPLICATION_NAME}-ping" }, @@ -507,7 +532,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -528,7 +554,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-sti.json index c2ca18f9d..83921c57e 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -82,6 +82,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -136,7 +148,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -160,7 +172,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -234,7 +246,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -254,7 +266,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -294,6 +306,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -429,6 +442,18 @@ "value": "${APPLICATION_NAME}-postgresql=DB" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", "value": "${APPLICATION_NAME}-ping" }, @@ -502,7 +527,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -523,7 +549,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-app-secret.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-app-secret.json deleted file mode 100644 index c24e4ed8b..000000000 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-app-secret.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "kind": "List", - "apiVersion": "v1", - "metadata": {}, - "items": [ - { - "kind": "ServiceAccount", - "apiVersion": "v1", - "metadata": { - "name": "jws-service-account" - }, - "secrets": [ - { - "name": "jws-app-secret" - } - ] - }, - { - "kind": "Secret", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Default secret files with password 'mycertpass'" - }, - "name": "jws-app-secret" - }, - "data": { - "server.crt": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURhakNDQWxLZ0F3SUJBZ0lKQUlVcmJBS2pjd3lkTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ3d4Q3pBSkJnTlYKQkFZVEFrTkJNUXN3Q1FZRFZRUUlFd0pDUXpFUU1BNEdBMVVFQ2hNSFVtVmtJRWhoZERBZUZ3MHhOVEExTWpNdwpNalE0TWpCYUZ3MHhPREExTWpJd01qUTRNakJhTUN3eEN6QUpCZ05WQkFZVEFrTkJNUXN3Q1FZRFZRUUlFd0pDClF6RVFNQTRHQTFVRUNoTUhVbVZrSUVoaGREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0MKZ2dFQkFMejlGcWYwbFV0eHBXbFlqQVF3MGNPVU5NMmF0SjFjWmMybEx5UEh3NVVYMkNna29jaHhuY0ZhSDZsYwpSeWVvUC9KQXVlM2d2cjJ0ZURicTRGMitRRWRFL3hrM0xLZEVhVXhwaGgvaVpDYUg0VnlXdzE3Y01aaS83UFUxCkhTak1waEVoK3MwQ1JIZnBCSVZDZ2hFQjZCekhYazNLSHU1K0JsRTYzRDVOSXJuNVBiRGhwUG5VaG1vY05HNU0KdFlEZE9mRHphTVdzcWU2ZGFkL0c3eXpDeVZYMnA2RllIbEdvQWpDTkVPdkFtTEFtMVcwNDdOOGV0QjIybFA3NQozK2dYby83T2Q1WHJJU0xLWTBNZ0puaDdmVEh1VVdhWEIxSEZ0YmFReXVreGVYZG1wRFR4VkdzenhHVXIxemd4ClU4VVFnMjFGOFhONjVydGNScVdCNWNFQXcrRUNBd0VBQWFPQmpqQ0JpekFkQmdOVkhRNEVGZ1FVVXJZUm5NOXIKemNGUS9QMFk4VlhzUm1OWVlUUXdYQVlEVlIwakJGVXdVNEFVVXJZUm5NOXJ6Y0ZRL1AwWThWWHNSbU5ZWVRTaApNS1F1TUN3eEN6QUpCZ05WQkFZVEFrTkJNUXN3Q1FZRFZRUUlFd0pDUXpFUU1BNEdBMVVFQ2hNSFVtVmtJRWhoCmRJSUpBSVVyYkFLamN3eWRNQXdHQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUZCUUFEZ2dFQkFEeGcKckh1NFpoeXU4UjlZWGpLZVBXaXUxQnZYUVhJRG5DQVZiZXlMNHZ5WHczdFZTeng1S3BuaHprTm5zemxpS1RQRAozOWNNbTJ0VTBUcGpHRVZ1TDVTR0R5V3JRakNQWDY2NjZpdjhzNkpVYUxmdnBPNlduN0wzVXVMVnFoMmpVM2FOCkU2TDB4UEg4SWRzc3lGZ3Rac3BueVlxZ0cvYUoxUEtmZDYweXRtK0hveUYyZW5xZnVKaHNKNnp3QUVZdi9vUCsKcXhYK04yZDJEVmt2RjVRZ3llSjZiYWd1M0QxbWRpbE5pWDliZmVHZ3ptT1JXaHBYNkVqdnFqeTZ4TllqQ2IxbAo1anVzdHhHZlFGSm1UOTdaZnZQK1kxeTJvUkZFc01BVy9BNWNrai92SnlUUlZIeWZZSG1qeW82SFhSdzRWdERNCjJtOWZqOFhYTDh5TlZha2h6dE09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K", - "server.key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpQcm9jLVR5cGU6IDQsRU5DUllQVEVECkRFSy1JbmZvOiBERVMtRURFMy1DQkMsODRGOEVFQjcyN0FCNzc4RgoKS2lkL0tKZ2JyWE1YUGwwQXc4azI0dW1QcW53NUhQZHk3ZUZ2aG1NNEU3T1V2bkZYeWpMN2dQZ0JjTmxTbEx2Rgp6eXZYVWZwUXROQ2dUWWJvU0dWVFpkV01OL0ttcTNheUJTckNvWGg3MUFMWm1KVDF4aDNCcWUyMzVNRzZlR2NTCngrY3hudW0yMXNWRFBHUnBmZUx4VXA3WU5mOTNwYzBNaTUzSVdmT0IvM2FscDJlajI0RkRTVG1xM0NpVFR1b3cKcUc2MjdjREY2RVNhNFphZmFXelpOVDJnUStrejRGQkcwc1dJYWVod012SXJiQWFldGpUSUhQTmZraUtOcTF3Qwpma2h0NU9xRDU0RzVnR1ZYd0tXcGF4S2M0K24rcEtsZk1od2NPQ3Z5Y2hwQmtQbzk0T2E2bE1oVUk3Y0FkemVOCmI0TmNVWS9UekxpNjgyRjlFZUpsOXJuQ0N2N0RJcEZJbkg5bG4zUElVT2pCYVlySFpqY0pSK2xWOFhWRVJzcTAKZ0hyTUZ2WjRXYXZPclhVaFhxTm10UmNSOVpoS3pvVnB5MStIRUlONTZIL2huaFB5ZEJLb3pnbXFwSFJoWVZwNApNWEk0ZGtlMVZ5VmlRQUMxUzU3Wi81anFTZTN5akRyYTZJMThJRzNPSGNxeEpuWXNNOS9NdVBRZjlJNlJWTEx3CnVXcDNDdkIvNUJyWlNQWVFGbnhCT09hLzd3SWVtNjE2Z2ZnREdCRjZpc3BVNTlhbjlKQWtHYmhKT2h4RzYvRjYKZFpNZUZOa0lkRUwzR3pQRWNjNWpVTGJmSE5tWmVsODlYRUVpak96LzhvVEdHYUNyRkUxVVZKLytZSVVzK3lnOQpwRFJ6bkxyV2hwNGxNTnVLYjRNeXkySlkrWW9DOHhMVUtaYnNYcUxlN2k5QTJwYWtFUmdhazZaK1BEZUR2OWpYCnU0M3dzU0dwRTRUeDFkR2JsRzJDd0pPSW53WnpETUEwTDliWm8xemY4bUZGN0FmejlCbjNMOWMybTVJUDlZQ1AKQ1dVcFA4S3AzbEhzQkpQWWl4VTJ3TlZWSGs1Vjlla2R3aEl3Mlc3d0gyOTB6azZFTXJvZ2NoMjdKTFk0MlBzOApyRDl6Wm5vbEgrN1pPa3lLQ1UxVWJHWUJFSUtvZVFGa1FCek01aEpFT0xGVXd0YmdvZE5YYS9oMStXMjdkaHd1CnIyMG1tb3lCRGpNNWdGVVh6dGpqNDZMakZuNE5iRmtwbkNNT1VDNVM2bkIyeTlONnoxUWRSekVPRy80cU5xVFkKRzY3c2szemlqVzFISkxJVGorMVNPZHdIWktSUFl3cGxNTkY4TFRKVlBOYVQ5L3FDVGV3bXl4WUpIVjljVWhuSwpMQUZZYXNKVG9HZytEQnNJL21GbDY3WHNhWnp1cUdSSksydnVvNG9jWjJNb250L3BSSXRwQStaUFNpREFqTzNjCm9kTW5LRmhkRkpMSTZZTXVja1RySGQycXREQmdPaEEyZjk3ajArckVGeWVNOHY2eGhGN0I4cEtscW5TQU01M2kKbGl1ZHh1NzA2RWNQQ3JlU3pPRjF5bWMrQnBmVjVtSnU0U1hEcUF4aEYzZFFPbEg5TDdPVmJtRDU4dUs0eDNldwpXQ05Qa2FGc1UxRThJR2M4UGVqc1kwdHUxdWtoK3ZMYnlNQlBVRXRxaEgrNFhNeUVJL0xjUVhIRlkybjBEcmZDCmxTclM3T3FKcGhPbW1VSWFwNGZLK0QzcldzZmFpSm9wc2Yxc044MEdLeVptSFY1TWtEY0k3NXdTWWp1RXhvcGgKVW0wcmJxMDdVVVVFR0tYL1JIQWhWS21nek5JMEZpYUZtbkhHOUw0bWZwclFHd2J5dTR1RktLUGtjOGxodlVwRAp6Z29SMTZQSUM4THpvcE5qTmJPem0xV0RUd1FxaUt5NWRsVWlWZlFRRlNmd09vcDMzakhvQXUzVWxYU3Bwby9vCnJnbGIxUUtBdm5zUEVFaG9HZUZpenFIWXhLVjZpT1hET3ZCcFhOcC8yMVB0OHpRbWVXUXZRZmhyOEc0cEpkVVcKRTFBWlc1b2JWWG1seWc4OWRML0pMTG02VFVNdUZaZFgxRlRNaVphangvQklqekhFVjdRNkhJZWFHYjBRb2dFZwotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=" - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-basic-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-basic-sti.json index bb5bbb134..a3947593c 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-basic-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-basic-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -42,26 +42,6 @@ "value": "" }, { - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret" - }, - { - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt" - }, - { - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key" - }, - { - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "" - }, - { "description": "JWS Admin User", "name": "JWS_ADMIN_USERNAME", "from": "[a-zA-Z0-9]{8}", @@ -102,7 +82,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -112,30 +92,6 @@ } }, { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-https-service", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port." - } - } - }, - { "kind": "Route", "apiVersion": "v1", "id": "${APPLICATION_NAME}-http-route", @@ -151,30 +107,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https-route", - "metadata": { - "name": "${APPLICATION_NAME}-https-route", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${APPLICATION_HOSTNAME}", - "to": { - "name": "${APPLICATION_NAME}-https-service" - }, - "tls": { - "termination" : "passthrough" + "name": "${APPLICATION_NAME}" } } }, @@ -211,6 +144,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -281,7 +215,6 @@ } }, "spec": { - "serviceAccount": "jws-service-account", "containers": [ { "name": "${APPLICATION_NAME}", @@ -296,43 +229,15 @@ ] } }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], "ports": [ { "name": "${APPLICATION_NAME}-tcp-8080", "containerPort": 8080, "protocol": "TCP" - }, - { - "name": "${APPLICATION_NAME}-tcp-8443", - "containerPort": 8443, - "protocol": "TCP" } ], "env": [ { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { "name": "JWS_ADMIN_USERNAME", "value": "${JWS_ADMIN_USERNAME}" }, @@ -342,14 +247,6 @@ } ] } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } ] } } diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-https-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-https-sti.json new file mode 100644 index 000000000..1f9c17cf2 --- /dev/null +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-https-sti.json @@ -0,0 +1,360 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-tomcat", + "description": "Application template for JWS applications built using STI." + }, + "name": "jws-tomcat7-basic-sti" + }, + "labels": { + "template": "jws-tomcat7-basic-sti" + }, + "parameters": [ + { + "description": "JWS Release version, e.g. 3.0, 2.1, etc.", + "name": "JWS_RELEASE", + "value": "3.0" + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app" + }, + { + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "APPLICATION_HOSTNAME", + "value": "" + }, + { + "description": "Git source URI for application", + "name": "GIT_URI" + }, + { + "description": "Git branch/tag reference", + "name": "GIT_REF", + "value": "master" + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "GIT_CONTEXT_DIR", + "value": "" + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret" + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt" + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key" + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "" + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Github trigger secret", + "name": "GITHUB_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http-route", + "metadata": { + "name": "${APPLICATION_NAME}-http-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https-route", + "metadata": { + "name": "${APPLICATION_NAME}-https-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination" : "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${GIT_URI}", + "ref": "${GIT_REF}" + }, + "contextDir":"${GIT_CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "openshift", + "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" + } + } + }, + "output": { + "to": { + "name": "${APPLICATION_NAME}" + } + }, + "triggers": [ + { + "type": "github", + "github": { + "secret": "${GITHUB_TRIGGER_SECRET}" + } + }, + { + "type": "generic", + "generic": { + "secret": "${GENERIC_TRIGGER_SECRET}" + } + }, + { + "type": "imageChange", + "imageChange": {} + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "jws-service-account", + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "${APPLICATION_NAME}-tcp-8080", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "${APPLICATION_NAME}-tcp-8443", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-persistent-sti.json index 86d4d3d25..55746fc11 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -147,7 +159,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -171,7 +183,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -220,7 +232,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -240,7 +252,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -280,6 +292,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -410,6 +423,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -471,7 +496,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -492,7 +518,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-sti.json index 696587cf3..f540c885c 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -142,7 +154,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -166,7 +178,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -215,7 +227,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -235,7 +247,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -275,6 +287,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -405,6 +418,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -466,7 +491,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -487,7 +513,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-persistent-sti.json index 3ff5a712e..984b075a2 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -149,7 +161,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -173,7 +185,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -222,7 +234,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -242,7 +254,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -282,6 +294,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -408,6 +421,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -469,7 +494,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -490,7 +516,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "ports": [ { "name": "${APPLICATION_NAME}-mysql-tcp-3306", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-sti.json index 872e13f95..af9c7c17c 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -144,7 +156,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -168,7 +180,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -217,7 +229,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -237,7 +249,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -277,6 +289,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -403,6 +416,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -464,7 +489,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -485,7 +511,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "ports": [ { "name": "${APPLICATION_NAME}-mysql-tcp-3306", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-persistent-sti.json index b22cce6fd..ec59a6a5b 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -137,7 +149,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -161,7 +173,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -210,7 +222,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -230,7 +242,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -270,6 +282,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -396,6 +409,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -457,7 +482,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -478,7 +504,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "ports": [ { "name": "${APPLICATION_NAME}-postgresql-tcp-5432", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-sti.json index 43be3c3fe..6040f7208 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -132,7 +144,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -156,7 +168,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -205,7 +217,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -225,7 +237,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -265,6 +277,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -391,6 +404,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -452,7 +477,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -473,7 +499,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "ports": [ { "name": "${APPLICATION_NAME}-postgresql-tcp-5432", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-basic-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-basic-sti.json index 1d45b4214..25b6497b2 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-basic-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-basic-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -42,26 +42,6 @@ "value": "" }, { - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret" - }, - { - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt" - }, - { - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key" - }, - { - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "" - }, - { "description": "JWS Admin User", "name": "JWS_ADMIN_USERNAME", "from": "[a-zA-Z0-9]{8}", @@ -102,7 +82,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -112,30 +92,6 @@ } }, { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-https-service", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port." - } - } - }, - { "kind": "Route", "apiVersion": "v1", "id": "${APPLICATION_NAME}-http-route", @@ -151,30 +107,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https-route", - "metadata": { - "name": "${APPLICATION_NAME}-https-route", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${APPLICATION_HOSTNAME}", - "to": { - "name": "${APPLICATION_NAME}-https-service" - }, - "tls": { - "termination" : "passthrough" + "name": "${APPLICATION_NAME}" } } }, @@ -211,6 +144,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -281,7 +215,6 @@ } }, "spec": { - "serviceAccount": "jws-service-account", "containers": [ { "name": "${APPLICATION_NAME}", @@ -296,43 +229,15 @@ ] } }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], "ports": [ { "name": "${APPLICATION_NAME}-tcp-8080", "containerPort": 8080, "protocol": "TCP" - }, - { - "name": "${APPLICATION_NAME}-tcp-8443", - "containerPort": 8443, - "protocol": "TCP" } ], "env": [ { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { "name": "JWS_ADMIN_USERNAME", "value": "${JWS_ADMIN_USERNAME}" }, @@ -342,14 +247,6 @@ } ] } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } ] } } diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-https-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-https-sti.json new file mode 100644 index 000000000..af4c94ae0 --- /dev/null +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-https-sti.json @@ -0,0 +1,360 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-tomcat", + "description": "Application template for JWS applications built using STI." + }, + "name": "jws-tomcat8-basic-sti" + }, + "labels": { + "template": "jws-tomcat8-basic-sti" + }, + "parameters": [ + { + "description": "JWS Release version, e.g. 3.0, 2.1, etc.", + "name": "JWS_RELEASE", + "value": "3.0" + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app" + }, + { + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "APPLICATION_HOSTNAME", + "value": "" + }, + { + "description": "Git source URI for application", + "name": "GIT_URI" + }, + { + "description": "Git branch/tag reference", + "name": "GIT_REF", + "value": "master" + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "GIT_CONTEXT_DIR", + "value": "" + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret" + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt" + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key" + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "" + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Github trigger secret", + "name": "GITHUB_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http-route", + "metadata": { + "name": "${APPLICATION_NAME}-http-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https-route", + "metadata": { + "name": "${APPLICATION_NAME}-https-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination" : "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${GIT_URI}", + "ref": "${GIT_REF}" + }, + "contextDir":"${GIT_CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "openshift", + "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" + } + } + }, + "output": { + "to": { + "name": "${APPLICATION_NAME}" + } + }, + "triggers": [ + { + "type": "github", + "github": { + "secret": "${GITHUB_TRIGGER_SECRET}" + } + }, + { + "type": "generic", + "generic": { + "secret": "${GENERIC_TRIGGER_SECRET}" + } + }, + { + "type": "imageChange", + "imageChange": {} + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "jws-service-account", + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "${APPLICATION_NAME}-tcp-8080", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "${APPLICATION_NAME}-tcp-8443", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-persistent-sti.json index 693cfaa0f..b5975b646 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -147,7 +159,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -171,7 +183,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -220,7 +232,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -240,7 +252,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -280,6 +292,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -410,6 +423,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -471,7 +496,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -492,7 +518,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-sti.json index 8d27e8d94..8145ee34e 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -142,7 +154,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -166,7 +178,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -215,7 +227,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -235,7 +247,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -275,6 +287,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -405,6 +418,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -466,7 +491,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -487,7 +513,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-persistent-sti.json index 1abf4e8cd..b0808949c 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -149,7 +161,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -173,7 +185,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -222,7 +234,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -242,7 +254,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -282,6 +294,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -408,6 +421,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -469,7 +494,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -490,7 +516,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "ports": [ { "name": "${APPLICATION_NAME}-mysql-tcp-3306", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-sti.json index 1944d3557..46ad18b91 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -144,7 +156,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -168,7 +180,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -217,7 +229,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -237,7 +249,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -277,6 +289,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -403,6 +416,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -464,7 +489,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -485,7 +511,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "ports": [ { "name": "${APPLICATION_NAME}-mysql-tcp-3306", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-persistent-sti.json index 619895655..19cd2be30 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -137,7 +149,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -161,7 +173,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -210,7 +222,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -230,7 +242,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -270,6 +282,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -396,6 +409,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -457,7 +482,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -478,7 +504,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "ports": [ { "name": "${APPLICATION_NAME}-postgresql-tcp-5432", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-sti.json index 0e269d53f..185808baf 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -132,7 +144,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -156,7 +168,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -205,7 +217,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -225,7 +237,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -265,6 +277,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -391,6 +404,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -452,7 +477,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -473,7 +499,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "ports": [ { "name": "${APPLICATION_NAME}-postgresql-tcp-5432", diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 1b789ca89..727861b07 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -366,13 +366,23 @@ def set_url_facts_if_unset(facts): console_port = facts['master']['console_port'] console_path = facts['master']['console_path'] etcd_use_ssl = facts['master']['etcd_use_ssl'] + etcd_hosts = facts['master']['etcd_hosts'] etcd_port = facts['master']['etcd_port'], hostname = facts['common']['hostname'] public_hostname = facts['common']['public_hostname'] if 'etcd_urls' not in facts['master']: - facts['master']['etcd_urls'] = [format_url(etcd_use_ssl, hostname, - etcd_port)] + etcd_urls = [] + if etcd_hosts != '': + facts['master']['etcd_port'] = etcd_port + facts['master']['embedded_etcd'] = False + for host in etcd_hosts: + etcd_urls.append(format_url(etcd_use_ssl, host, + etcd_port)) + else: + etcd_urls = [format_url(etcd_use_ssl, hostname, + etcd_port)] + facts['master']['etcd_urls'] = etcd_urls if 'api_url' not in facts['master']: facts['master']['api_url'] = format_url(api_use_ssl, hostname, api_port) @@ -487,7 +497,7 @@ def get_current_config(facts): current_config['kubeconfig'] = config # override pylint broad-except warning, since we do not want - # to bubble up any exceptions if openshift ex config view + # to bubble up any exceptions if oc config view # fails # pylint: disable=broad-except except Exception: @@ -683,7 +693,7 @@ class OpenShiftFacts(object): hostname_f = output.strip() if exit_code == 0 else '' hostname_values = [hostname_f, self.system_facts['nodename'], self.system_facts['fqdn']] - hostname = choose_hostname(hostname_values) + hostname = choose_hostname(hostname_values, ip_addr) common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, deployment_type='origin', hostname=hostname, @@ -695,7 +705,7 @@ class OpenShiftFacts(object): if 'master' in roles: master = dict(api_use_ssl=True, api_port='8443', console_use_ssl=True, console_path='/console', - console_port='8443', etcd_use_ssl=True, + console_port='8443', etcd_use_ssl=True, etcd_hosts='', etcd_port='4001', portal_net='172.30.0.0/16', embedded_etcd=True, embedded_kube=True, embedded_dns=True, dns_port='53', @@ -707,11 +717,7 @@ class OpenShiftFacts(object): defaults['master'] = master if 'node' in roles: - node = dict(pod_cidr='', labels={}, annotations={}, portal_net='172.30.0.0/16') - node['resources_cpu'] = self.system_facts['processor_cores'] - node['resources_memory'] = int( - int(self.system_facts['memtotal_mb']) * 1024 * 1024 * 0.75 - ) + node = dict(labels={}, annotations={}, portal_net='172.30.0.0/16') defaults['node'] = node return defaults diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml new file mode 100644 index 000000000..d17f3f532 --- /dev/null +++ b/roles/openshift_manage_node/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Wait for Node Registration + command: > + {{ openshift.common.client_binary }} get node {{ item }} + register: omd_get_node + until: omd_get_node.rc == 0 + retries: 10 + delay: 5 + with_items: openshift_nodes + +- name: Handle unscheduleable node + command: > + {{ openshift.common.admin_binary }} manage-node {{ item }} --schedulable=false + with_items: openshift_unscheduleable_nodes + +- name: Handle scheduleable node + command: > + {{ openshift.common.admin_binary }} manage-node {{ item }} --schedulable=true + with_items: openshift_scheduleable_nodes diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index da0a663ec..02905f32d 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -12,11 +12,6 @@ yum: pkg=openshift-master state=present register: install_result -# TODO: Is this necessary or was this a workaround for an old bug in packaging? -- name: Reload systemd units - command: systemctl daemon-reload - when: install_result | changed - - name: Set master OpenShift facts openshift_facts: role: master @@ -31,6 +26,7 @@ console_url: "{{ openshift_master_console_url | default(None) }}" console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" public_console_url: "{{ openshift_master_public_console_url | default(None) }}" + etcd_hosts: "{{ openshift_master_etcd_hosts | default(None)}}" etcd_port: "{{ openshift_master_etcd_port | default(None) }}" etcd_use_ssl: "{{ openshift_master_etcd_use_ssl | default(None) }}" etcd_urls: "{{ openshift_master_etcd_urls | default(None) }}" @@ -65,16 +61,6 @@ path: "{{ openshift_master_config_dir }}" state: directory -- name: Create the master certificates if they do not already exist - command: > - {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }} - --master={{ openshift.master.api_url }} - --public-master={{ openshift.master.public_api_url }} - --cert-dir={{ openshift_master_config_dir }} --overwrite=false - args: - creates: "{{ openshift_master_config_dir }}/master.server.key" - - name: Create the policy file if it does not already exist command: > {{ openshift.common.admin_binary }} create-bootstrap-policy-file @@ -128,6 +114,11 @@ - name: Start and enable openshift-master service: name=openshift-master enabled=yes state=started + register: start_result + +- name: pause to prevent service restart from interfering with bootstrapping + pause: seconds=30 + when: start_result | changed - name: Create the OpenShift client config dir(s) file: diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 9df07e925..bc766ec9b 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -18,19 +18,19 @@ corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %} - {{ origin }} {% endfor %} -{% if openshift.master.embedded_dns %} +{% if openshift.master.embedded_dns | bool %} dnsConfig: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }} {% endif %} etcdClientInfo: - ca: ca.crt + ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} certFile: master.etcd-client.crt keyFile: master.etcd-client.key urls: {% for etcd_url in openshift.master.etcd_urls %} - {{ etcd_url }} {% endfor %} -{% if openshift.master.embedded_etcd %} +{% if openshift.master.embedded_etcd | bool %} etcdConfig: address: {{ openshift.common.hostname }}:{{ openshift.master.etcd_port }} peerAddress: {{ openshift.common.hostname }}:7001 @@ -61,7 +61,7 @@ kubeletClientInfo: certFile: master.kubelet-client.crt keyFile: master.kubelet-client.key port: 10250 -{% if openshift.master.embedded_kube %} +{% if openshift.master.embedded_kube | bool %} kubernetesMasterConfig: apiLevels: - v1beta3 @@ -100,6 +100,8 @@ projectConfig: mcsAllocatorRange: s0:/2 mcsLabelsPerProject: 5 uidAllocatorRange: 1000000000-1999999999/10000 +routingConfig: + subdomain: router.default.local serviceAccountConfig: managedNames: - default @@ -113,5 +115,5 @@ servingInfo: certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key - maxRequestsInFlight: 0 - requestTimeoutSeconds: 0 + maxRequestsInFlight: 500 + requestTimeoutSeconds: 3600 diff --git a/roles/openshift_master_ca/README.md b/roles/openshift_master_ca/README.md new file mode 100644 index 000000000..5b2d3601b --- /dev/null +++ b/roles/openshift_master_ca/README.md @@ -0,0 +1,34 @@ +OpenShift Master CA +======================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_register_nodes/meta/main.yml b/roles/openshift_master_ca/meta/main.yml index e40a152c1..f3236e850 100644 --- a/roles/openshift_register_nodes/meta/main.yml +++ b/roles/openshift_master_ca/meta/main.yml @@ -14,4 +14,3 @@ galaxy_info: - system dependencies: - { role: openshift_facts } - diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml new file mode 100644 index 000000000..8163ecd7f --- /dev/null +++ b/roles/openshift_master_ca/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- name: Install the OpenShift package for admin tooling + yum: pkg=openshift state=present + register: install_result + +- name: Reload generated facts + openshift_facts: + +- name: Create openshift_master_config_dir if it doesn't exist + file: + path: "{{ openshift_master_config_dir }}" + state: directory + +- name: Create the master certificates if they do not already exist + command: > + {{ openshift.common.admin_binary }} create-master-certs + --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.public_api_url }} + --cert-dir={{ openshift_master_config_dir }} --overwrite=false + args: + creates: "{{ openshift_master_config_dir }}/master.server.key" diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml new file mode 100644 index 000000000..2925680bb --- /dev/null +++ b/roles/openshift_master_ca/vars/main.yml @@ -0,0 +1,5 @@ +--- +openshift_master_config_dir: /etc/openshift/master +openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" +openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" +openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" diff --git a/roles/openshift_master_certificates/README.md b/roles/openshift_master_certificates/README.md new file mode 100644 index 000000000..ba3d5f28c --- /dev/null +++ b/roles/openshift_master_certificates/README.md @@ -0,0 +1,34 @@ +OpenShift Master Certificates +======================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_master_certificates/meta/main.yml b/roles/openshift_master_certificates/meta/main.yml new file mode 100644 index 000000000..fd7b73b0f --- /dev/null +++ b/roles/openshift_master_certificates/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: openshift_master_ca } diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml new file mode 100644 index 000000000..b5a3f8e40 --- /dev/null +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Ensure the generated_configs directory present + file: + path: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}" + state: directory + mode: 0700 + with_items: masters_needing_certs + +- file: + src: "{{ openshift_master_ca_cert }}" + dest: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/ca.crt" + with_items: masters_needing_certs + +- name: Create the master certificates if they do not already exist + command: > + {{ openshift.common.admin_binary }} create-master-certs + --hostnames={{ item.openshift.common.hostname }},{{ item.openshift.common.public_hostname }} + --master={{ item.openshift.master.api_url }} + --public-master={{ item.openshift.master.public_api_url }} + --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }} + --overwrite=false + args: + creates: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/master.server.crt" + with_items: masters_needing_certs diff --git a/roles/openshift_register_nodes/vars/main.yml b/roles/openshift_master_certificates/vars/main.yml index 3801b8427..6e577b13b 100644 --- a/roles/openshift_register_nodes/vars/main.yml +++ b/roles/openshift_master_certificates/vars/main.yml @@ -1,8 +1,6 @@ --- -openshift_node_config_dir: /etc/openshift/node -openshift_master_config_dir: /etc/openshift/master openshift_generated_configs_dir: /etc/openshift/generated-configs +openshift_master_config_dir: /etc/openshift/master openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" -openshift_kube_api_version: v1beta3 diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 13f30a6f8..e18846db8 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -1,5 +1,11 @@ --- # TODO: allow for overriding default ports where possible +- fail: + msg: This role requres that osn_cluster_dns_domain is set + when: osn_cluster_dns_domain is not defined or not osn_cluster_dns_domain +- fail: + msg: This role requres that osn_cluster_dns_ip is set + when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip - name: Install OpenShift Node package yum: pkg=openshift-node state=present @@ -10,11 +16,6 @@ register: sdn_install_result when: openshift.common.use_openshift_sdn -- name: Reload systemd units - command: systemctl daemon-reload - when: (node_install_result | changed or (openshift.common.use_openshift_sdn - and sdn_install_result | changed)) - - name: Set node OpenShift facts openshift_facts: role: "{{ item.role }}" @@ -27,9 +28,6 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - resources_cpu: "{{ openshift_node_resources_cpu | default(none) }}" - resources_memory: "{{ openshift_node_resources_memory | default(none) }}" - pod_cidr: "{{ openshift_node_pod_cidr | default(none) }}" labels: "{{ openshift_node_labels | default(none) }}" annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" @@ -73,24 +71,3 @@ - name: Start and enable openshift-node service: name=openshift-node enabled=yes state=started - -- name: Check scheduleable state - delegate_to: "{{ openshift_first_master }}" - command: > - {{ openshift.common.client_binary }} get node {{ openshift.common.hostname }} - register: ond_get_node - until: ond_get_node.rc == 0 - retries: 10 - delay: 5 - -- name: Handle unscheduleable node - delegate_to: "{{ openshift_first_master }}" - command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname }} --schedulable=false - when: openshift_scheduleable is defined and openshift_scheduleable == False and "SchedulingDisabled" not in ond_get_node.stdout - -- name: Handle scheduleable node - delegate_to: "{{ openshift_first_master }}" - command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname }} --schedulable=true - when: (openshift_scheduleable is not defined or openshift_scheduleable == True) and "SchedulingDisabled" in ond_get_node.stdout diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index f313f6a4b..7778a2a61 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -1,7 +1,7 @@ allowDisabledDocker: false apiVersion: v1 -dnsDomain: {{ hostvars[openshift_first_master].openshift.dns.domain }} -dnsIP: {{ hostvars[openshift_first_master].openshift.dns.ip }} +dnsDomain: {{ osn_cluster_dns_domain }} +dnsIP: {{ osn_cluster_dns_ip }} dockerConfig: execHandlerName: "" imageConfig: diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 1b68bc673..64a799dfb 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -3,6 +3,7 @@ file: path: "{{ openshift_generated_configs_dir }}" state: directory + when: nodes_needing_certs | length > 0 - name: Generate the node client config command: > @@ -21,7 +22,6 @@ with_items: nodes_needing_certs - name: Generate the node server certificate - delegate_to: "{{ openshift_first_master }}" command: > {{ openshift.common.admin_binary }} create-server-cert --cert=server.crt --key=server.key --overwrite=true diff --git a/roles/openshift_node_certificates/vars/main.yml b/roles/openshift_node_certificates/vars/main.yml index 3801b8427..a018bb0f9 100644 --- a/roles/openshift_node_certificates/vars/main.yml +++ b/roles/openshift_node_certificates/vars/main.yml @@ -5,4 +5,3 @@ openshift_generated_configs_dir: /etc/openshift/generated-configs openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" -openshift_kube_api_version: v1beta3 diff --git a/roles/openshift_register_nodes/README.md b/roles/openshift_register_nodes/README.md deleted file mode 100644 index b1d2000f1..000000000 --- a/roles/openshift_register_nodes/README.md +++ /dev/null @@ -1,15 +0,0 @@ -OpenShift Register Nodes -======================== - -DEPRECATED!!! -Nodes should now auto register themselves. Use openshift_node_certificates role instead. - -License -------- - -Apache License Version 2.0 - -Author Information ------------------- - -Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_register_nodes/library/kubernetes_register_node.py b/roles/openshift_register_nodes/library/kubernetes_register_node.py deleted file mode 100755 index a8c38627b..000000000 --- a/roles/openshift_register_nodes/library/kubernetes_register_node.py +++ /dev/null @@ -1,513 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# vim: expandtab:tabstop=4:shiftwidth=4 -# -# disable pylint checks -# permanently disabled unless someone wants to refactor the object model: -# too-few-public-methods -# no-self-use -# too-many-arguments -# too-many-locals -# too-many-branches -# pylint:disable=too-many-arguments, no-self-use -# pylint:disable=too-many-locals, too-many-branches, too-few-public-methods -"""Ansible module to register a kubernetes node to the cluster""" - -import os - -DOCUMENTATION = ''' ---- -module: kubernetes_register_node -short_description: Registers a kubernetes node with a master -description: - - Registers a kubernetes node with a master -options: - name: - default: null - description: - - Identifier for this node (usually the node fqdn). - required: true - api_verison: - choices: ['v1beta1', 'v1beta3'] - default: 'v1beta1' - description: - - Kubernetes API version to use - required: true - host_ip: - default: null - description: - - IP Address to associate with the node when registering. - Available in the following API versions: v1beta1. - required: false - cpu: - default: null - description: - - Number of CPUs to allocate for this node. When using the v1beta1 - API, you must specify the CPU count as a floating point number - with no more than 3 decimal places. API version v1beta3 and newer - accepts arbitrary float values. - required: false - memory: - default: null - description: - - Memory available for this node. When using the v1beta1 API, you - must specify the memory size in bytes. API version v1beta3 and - newer accepts binary SI and decimal SI values. - required: false -''' -EXAMPLES = ''' -# Minimal node registration -- openshift_register_node: name=ose3.node.example.com - -# Node registration using the v1beta1 API and assigning 1 CPU core and 10 GB of -# Memory -- openshift_register_node: - name: ose3.node.example.com - api_version: v1beta1 - hostIP: 192.168.1.1 - cpu: 1 - memory: 500000000 -''' - - -class ClientConfigException(Exception): - """Client Configuration Exception""" - pass - -class ClientConfig(object): - """ Representation of a client config - - Attributes: - config (dict): dictionary representing the client configuration - - Args: - client_opts (list of str): client options to use - module (AnsibleModule): - - Raises: - ClientConfigException: - """ - def __init__(self, client_opts, module): - kubectl = module.params['kubectl_cmd'] - _, output, _ = module.run_command((kubectl + - ["config", "view", "-o", "json"] + - client_opts), check_rc=True) - self.config = json.loads(output) - - if not (bool(self.config['clusters']) or - bool(self.config['contexts']) or - bool(self.config['current-context']) or - bool(self.config['users'])): - raise ClientConfigException( - "Client config missing required values: %s" % output - ) - - def current_context(self): - """ Gets the current context for the client config - - Returns: - str: The current context as set in the config - """ - return self.config['current-context'] - - def section_has_value(self, section_name, value): - """ Test if specified section contains a value - - Args: - section_name (str): config section to test - value (str): value to test if present - Returns: - bool: True if successful, false otherwise - """ - section = self.config[section_name] - if isinstance(section, dict): - return value in section - else: - val = next((item for item in section - if item['name'] == value), None) - return val is not None - - def has_context(self, context): - """ Test if specified context exists in config - - Args: - context (str): value to test if present - Returns: - bool: True if successful, false otherwise - """ - return self.section_has_value('contexts', context) - - def has_user(self, user): - """ Test if specified user exists in config - - Args: - context (str): value to test if present - Returns: - bool: True if successful, false otherwise - """ - return self.section_has_value('users', user) - - def has_cluster(self, cluster): - """ Test if specified cluster exists in config - - Args: - context (str): value to test if present - Returns: - bool: True if successful, false otherwise - """ - return self.section_has_value('clusters', cluster) - - def get_value_for_context(self, context, attribute): - """ Get the value of attribute in context - - Args: - context (str): context to search - attribute (str): attribute wanted - Returns: - str: The value for attribute in context - """ - contexts = self.config['contexts'] - if isinstance(contexts, dict): - return contexts[context][attribute] - else: - return next((c['context'][attribute] for c in contexts - if c['name'] == context), None) - - def get_user_for_context(self, context): - """ Get the user attribute in context - - Args: - context (str): context to search - Returns: - str: The value for the attribute in context - """ - return self.get_value_for_context(context, 'user') - - def get_cluster_for_context(self, context): - """ Get the cluster attribute in context - - Args: - context (str): context to search - Returns: - str: The value for the attribute in context - """ - return self.get_value_for_context(context, 'cluster') - - def get_namespace_for_context(self, context): - """ Get the namespace attribute in context - - Args: - context (str): context to search - Returns: - str: The value for the attribute in context - """ - return self.get_value_for_context(context, 'namespace') - -class Util(object): - """Utility methods""" - @staticmethod - def remove_empty_elements(mapping): - """ Recursively removes empty elements from a dict - - Args: - mapping (dict): dict to remove empty attributes from - Returns: - dict: A copy of the dict with empty elements removed - """ - if isinstance(mapping, dict): - copy = mapping.copy() - for key, val in mapping.iteritems(): - if not val: - del copy[key] - return copy - else: - return mapping - -class NodeResources(object): - """ Kubernetes Node Resources - - Attributes: - resources (dict): A dictionary representing the node resources - - Args: - version (str): kubernetes api version - cpu (str): string representation of the cpu resources for the node - memory (str): string representation of the memory resources for the - node - """ - def __init__(self, version, cpu=None, memory=None): - if version == 'v1beta1': - self.resources = dict(capacity=dict()) - self.resources['capacity']['cpu'] = cpu - self.resources['capacity']['memory'] = memory - - def get_resources(self): - """ Get the dict representing the node resources - - Returns: - dict: representation of the node resources with any empty - elements removed - """ - return Util.remove_empty_elements(self.resources) - -class NodeSpec(object): - """ Kubernetes Node Spec - - Attributes: - spec (dict): A dictionary representing the node resources - - Args: - version (str): kubernetes api version - cpu (str): string representation of the cpu resources for the node - memory (str): string representation of the memory resources for the - node - cidr (str): string representation of the cidr block available for - the node - externalID (str): The external id of the node - """ - def __init__(self, version, cpu=None, memory=None, cidr=None, - externalID=None): - if version == 'v1beta3': - self.spec = dict(podCIDR=cidr, externalID=externalID, - capacity=dict()) - self.spec['capacity']['cpu'] = cpu - self.spec['capacity']['memory'] = memory - - def get_spec(self): - """ Get the dict representing the node spec - - Returns: - dict: representation of the node spec with any empty elements - removed - """ - return Util.remove_empty_elements(self.spec) - -class Node(object): - """ Kubernetes Node - - Attributes: - node (dict): A dictionary representing the node - - Args: - module (AnsibleModule): - client_opts (list): client connection options - version (str, optional): kubernetes api version - node_name (str, optional): name for node - hostIP (str, optional): node host ip - cpu (str, optional): cpu resources for the node - memory (str, optional): memory resources for the node - labels (list, optional): labels for the node - annotations (list, optional): annotations for the node - podCIDR (list, optional): cidr block to use for pods - externalID (str, optional): external id of the node - """ - def __init__(self, module, client_opts, version='v1beta1', node_name=None, - hostIP=None, cpu=None, memory=None, labels=None, - annotations=None, podCIDR=None, externalID=None): - self.module = module - self.client_opts = client_opts - if version == 'v1beta1': - self.node = dict(id=node_name, - kind='Node', - apiVersion=version, - hostIP=hostIP, - resources=NodeResources(version, cpu, memory), - cidr=podCIDR, - labels=labels, - annotations=annotations, - externalID=externalID) - elif version == 'v1beta3': - metadata = dict(name=node_name, - labels=labels, - annotations=annotations) - self.node = dict(kind='Node', - apiVersion=version, - metadata=metadata, - spec=NodeSpec(version, cpu, memory, podCIDR, - externalID)) - - def get_name(self): - """ Get the name for the node - - Returns: - str: node name - """ - if self.node['apiVersion'] == 'v1beta1': - return self.node['id'] - elif self.node['apiVersion'] == 'v1beta3': - return self.node['metadata']['name'] - - def get_node(self): - """ Get the dict representing the node - - Returns: - dict: representation of the node with any empty elements - removed - """ - node = self.node.copy() - if self.node['apiVersion'] == 'v1beta1': - node['resources'] = self.node['resources'].get_resources() - elif self.node['apiVersion'] == 'v1beta3': - node['spec'] = self.node['spec'].get_spec() - return Util.remove_empty_elements(node) - - def exists(self): - """ Tests if the node already exists - - Returns: - bool: True if node exists, otherwise False - """ - kubectl = self.module.params['kubectl_cmd'] - _, output, _ = self.module.run_command((kubectl + ["get", "nodes"] + - self.client_opts), - check_rc=True) - if re.search(self.module.params['name'], output, re.MULTILINE): - return True - return False - - def create(self): - """ Creates the node - - Returns: - bool: True if node creation successful - """ - kubectl = self.module.params['kubectl_cmd'] - cmd = kubectl + self.client_opts + ['create', '-f', '-'] - exit_code, output, error = self.module.run_command( - cmd, data=self.module.jsonify(self.get_node()) - ) - if exit_code != 0: - if re.search("minion \"%s\" already exists" % self.get_name(), - error): - self.module.exit_json(msg="node definition already exists", - changed=False, node=self.get_node()) - else: - self.module.fail_json(msg="Node creation failed.", - exit_code=exit_code, - output=output, error=error, - node=self.get_node()) - else: - return True - -def generate_client_opts(module): - """ Generates the client options - - Args: - module(AnsibleModule) - - Returns: - str: client options - """ - client_config = '~/.kube/.kubeconfig' - if 'default_client_config' in module.params: - client_config = module.params['default_client_config'] - user_has_client_config = os.path.exists(os.path.expanduser(client_config)) - if not (user_has_client_config or module.params['client_config']): - module.fail_json(msg="Could not locate client configuration, " - "client_config must be specified if " - "~/.kube/.kubeconfig is not present") - - client_opts = [] - if module.params['client_config']: - kubeconfig_flag = '--kubeconfig' - if 'kubeconfig_flag' in module.params: - kubeconfig_flag = module.params['kubeconfig_flag'] - client_opts.append(kubeconfig_flag + '=' + os.path.expanduser(module.params['client_config'])) - - try: - config = ClientConfig(client_opts, module) - except ClientConfigException as ex: - module.fail_json(msg="Failed to get client configuration", - exception=str(ex)) - - client_context = module.params['client_context'] - if config.has_context(client_context): - if client_context != config.current_context(): - client_opts.append("--context=%s" % client_context) - else: - module.fail_json(msg="Context %s not found in client config" % client_context) - - client_user = module.params['client_user'] - if config.has_user(client_user): - if client_user != config.get_user_for_context(client_context): - client_opts.append("--user=%s" % client_user) - else: - module.fail_json(msg="User %s not found in client config" % client_user) - - client_cluster = module.params['client_cluster'] - if config.has_cluster(client_cluster): - if client_cluster != config.get_cluster_for_context(client_context): - client_opts.append("--cluster=%s" % client_cluster) - else: - module.fail_json(msg="Cluster %s not found in client config" % client_cluster) - - client_namespace = module.params['client_namespace'] - if client_namespace != config.get_namespace_for_context(client_context): - client_opts.append("--namespace=%s" % client_namespace) - - return client_opts - - -def main(): - """ main """ - module = AnsibleModule( - argument_spec=dict( - name=dict(required=True, type='str'), - host_ip=dict(type='str'), - api_version=dict(type='str', default='v1beta1', - choices=['v1beta1', 'v1beta3']), - cpu=dict(type='str'), - memory=dict(type='str'), - # TODO: needs documented - labels=dict(type='dict', default={}), - # TODO: needs documented - annotations=dict(type='dict', default={}), - # TODO: needs documented - pod_cidr=dict(type='str'), - # TODO: needs documented - client_config=dict(type='str'), - # TODO: needs documented - client_cluster=dict(type='str', default='master'), - # TODO: needs documented - client_context=dict(type='str', default='default'), - # TODO: needs documented - client_namespace=dict(type='str', default='default'), - # TODO: needs documented - client_user=dict(type='str', default='system:admin'), - # TODO: needs documented - kubectl_cmd=dict(type='list', default=['kubectl']), - # TODO: needs documented - kubeconfig_flag=dict(type='str'), - # TODO: needs documented - default_client_config=dict(type='str') - ), - supports_check_mode=True - ) - - labels = module.params['labels'] - kube_hostname_label = 'kubernetes.io/hostname' - if kube_hostname_label not in labels: - labels[kube_hostname_label] = module.params['name'] - - node = Node(module, generate_client_opts(module), - module.params['api_version'], module.params['name'], - module.params['host_ip'], module.params['cpu'], - module.params['memory'], labels, module.params['annotations'], - module.params['pod_cidr']) - - if node.exists(): - module.exit_json(changed=False, node=node.get_node()) - elif module.check_mode: - module.exit_json(changed=True, node=node.get_node()) - elif node.create(): - module.exit_json(changed=True, msg="Node created successfully", - node=node.get_node()) - else: - module.fail_json(msg="Unknown error creating node", node=node.get_node()) - -# ignore pylint errors related to the module_utils import -# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import -# import module snippets -from ansible.module_utils.basic import * -if __name__ == '__main__': - main() diff --git a/roles/openshift_register_nodes/tasks/main.yml b/roles/openshift_register_nodes/tasks/main.yml deleted file mode 100644 index 502dffc26..000000000 --- a/roles/openshift_register_nodes/tasks/main.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: Create openshift_generated_configs_dir if it doesn't exist - file: - path: "{{ openshift_generated_configs_dir }}" - state: directory - -- name: Generate the node client config - command: > - {{ openshift.common.admin_binary }} create-api-client-config - --certificate-authority={{ openshift_master_ca_cert }} - --client-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }} - --groups=system:nodes - --master={{ openshift.master.api_url }} - --signer-cert={{ openshift_master_ca_cert }} - --signer-key={{ openshift_master_ca_key }} - --signer-serial={{ openshift_master_ca_serial }} - --user=system:node:{{ item.openshift.common.hostname }} - args: - chdir: "{{ openshift_generated_configs_dir }}" - creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" - with_items: nodes_needing_certs - -- name: Generate the node server certificate - delegate_to: "{{ openshift_first_master }}" - command: > - {{ openshift.common.admin_binary }} create-server-cert - --cert=server.crt --key=server.key --overwrite=true - --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname]|unique|join(",") }} - --signer-cert={{ openshift_master_ca_cert }} - --signer-key={{ openshift_master_ca_key }} - --signer-serial={{ openshift_master_ca_serial }} - args: - chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" - creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt" - with_items: nodes_needing_certs - -- name: Register unregistered nodes - kubernetes_register_node: - kubectl_cmd: "{{ [openshift.common.client_binary] }}" - default_client_config: '~/.kube/config' - name: "{{ item.openshift.common.hostname }}" - api_version: "{{ openshift_kube_api_version }}" - cpu: "{{ item.openshift.node.resources_cpu | default(None) }}" - memory: "{{ item.openshift.node.resources_memory | default(None) }}" - pod_cidr: "{{ item.openshift.node.pod_cidr | default(None) }}" - host_ip: "{{ item.openshift.common.ip }}" - labels: "{{ item.openshift.node.labels | default({}) }}" - annotations: "{{ item.openshift.node.annotations | default({}) }}" - client_context: default/ose3-master-example-com:8443/system:openshift-master - client_user: system:openshift-master/ose3-master-example-com:8443 - client_cluster: ose3-master-example-com:8443 - with_items: openshift_nodes - register: register_result diff --git a/roles/openshift_repos/files/online/repos/enterprise-v3.repo b/roles/openshift_repos/files/online/repos/enterprise-v3.repo index 69c480f0a..92bd35834 100644 --- a/roles/openshift_repos/files/online/repos/enterprise-v3.repo +++ b/roles/openshift_repos/files/online/repos/enterprise-v3.repo @@ -1,7 +1,7 @@ [enterprise-v3] -name=OpenShift Enterprise Beta4 -baseurl=https://mirror.ops.rhcloud.com/libra/libra-7-ose-beta4/ - https://gce-mirror1.ops.rhcloud.com/libra/libra-7-ose-beta4/ +name=OpenShift Enterprise +baseurl=https://mirror.ops.rhcloud.com/libra/rhui-rhel-server-7-ose/ + https://gce-mirror1.ops.rhcloud.com/libra/rhui-rhel-server-7-ose/ enabled=1 gpgcheck=0 failovermethod=priority diff --git a/roles/os_zabbix/library/zbxapi.py b/roles/os_zabbix/library/zbxapi.py index b5fa5ee2b..48f294938 100755 --- a/roles/os_zabbix/library/zbxapi.py +++ b/roles/os_zabbix/library/zbxapi.py @@ -103,7 +103,6 @@ class ZabbixAPI(object): # pylint: disable=no-member # This method does not exist until the metaprogramming executed - # This is permanently disabled. results = self.user.login(user=self.username, password=self.password) if results[0]['status'] == '200': @@ -251,17 +250,26 @@ def exists(content, key='result'): return True -def diff_content(from_zabbix, from_user): +def diff_content(from_zabbix, from_user, ignore=None): ''' Compare passed in object to results returned from zabbix ''' - terms = ['search', 'output', 'groups', 'select', 'expand'] + terms = ['search', 'output', 'groups', 'select', 'expand', 'filter'] + if ignore: + terms.extend(ignore) regex = '(' + '|'.join(terms) + ')' retval = {} for key, value in from_user.items(): if re.findall(regex, key): continue - if from_zabbix[key] != str(value): + # special case here for templates. You query templates and + # the zabbix api returns parentTemplates. These will obviously fail. + # So when its templates compare against parentTemplates. + if key == 'templates' and from_zabbix.has_key('parentTemplates'): + if from_zabbix['parentTemplates'] != value: + retval[key] = value + + elif from_zabbix[key] != str(value): retval[key] = str(value) return retval @@ -280,6 +288,7 @@ def main(): params=dict(), debug=dict(default=False, type='bool'), state=dict(default='present', type='str'), + ignore=dict(default=None, type='list'), ), #supports_check_mode=True ) @@ -306,10 +315,12 @@ def main(): zapi = ZabbixAPI(api_data) + ignore = module.params['ignore'] zbx_class = module.params.get('zbx_class') rpc_params = module.params.get('params', {}) state = module.params.get('state') + # Get the instance we are trying to call zbx_class_inst = zapi.__getattribute__(zbx_class.lower()) @@ -337,14 +348,14 @@ def main(): module.exit_json(changed=True, results=content['result'], state="absent") if state == 'present': - # It's not there, create it! + # It's not there, create it! if not exists(content): zbx_action_method = zapi.__getattribute__(zbx_class.capitalize()).__dict__['create'] _, content = zbx_action_method(zbx_class_inst, rpc_params) module.exit_json(changed=True, results=content['result'], state='present') - # It's there and the same, do nothing! - diff_params = diff_content(content['result'][0], rpc_params) + # It's there and the same, do nothing! + diff_params = diff_content(content['result'][0], rpc_params, ignore) if not diff_params: module.exit_json(changed=False, results=content['result'], state="present") @@ -368,3 +379,4 @@ def main(): from ansible.module_utils.basic import * main() + |