diff options
20 files changed, 168 insertions, 66 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 608b430ce..cbfb1fd48 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.7.0-0.147.0 ./ +3.7.0-0.148.0 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 2ae7d48a3..aee30b29b 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -10,7 +10,7 @@ Name: openshift-ansible Version: 3.7.0 -Release: 0.147.0%{?dist} +Release: 0.148.0%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -276,6 +276,18 @@ Atomic OpenShift Utilities includes %changelog +* Wed Oct 11 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.148.0 +- Bug 1490647 - logging-fluentd deployed with openshift_logging_use_mux=false + fails to start due to missing (nhosoi@redhat.com) +- Fix typo in inventory example (rteague@redhat.com) +- Separate tuned daemon setup into a role. (jmencak@redhat.com) +- crio, docker: expect openshift_release to have 'v' (gscrivan@redhat.com) +- rebase on master (maxamillion@fedoraproject.org) +- Add fedora compatibility (maxamillion@fedoraproject.org) +- Allow checkpoint status to work across all groups (rteague@redhat.com) +- Add valid search when search does not exist on resolv.conf + (nakayamakenjiro@gmail.com) + * Tue Oct 10 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.147.0 - Add PartOf to docker systemd service unit. (mgugino@redhat.com) - crio: use systemd manager (gscrivan@redhat.com) diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index b399ea995..dbe09dce2 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -8,7 +8,10 @@ vars: - r_openshift_health_checker_playbook_context: install post_tasks: - - action: openshift_health_check + + - name: Verify Requirements - EL + when: ansible_distribution != "Fedora" + action: openshift_health_check args: checks: - disk_availability @@ -17,6 +20,12 @@ - package_version - docker_image_availability - docker_storage + - name: Verify Requirements - Fedora + when: ansible_distribution == "Fedora" + action: openshift_health_check + args: + checks: + - docker_image_availability - include: ../openshift-etcd/config.yml diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index 32e5e708a..c1536eb36 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -1,7 +1,6 @@ --- - name: Hosted Install Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Hosted install 'In Progress' @@ -26,8 +25,7 @@ when: openshift_hosted_prometheus_deploy | default(False) | bool - name: Hosted Install Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Hosted install 'Complete' diff --git a/playbooks/common/openshift-cluster/openshift_logging.yml b/playbooks/common/openshift-cluster/openshift_logging.yml index 69f50fbcd..529a4c939 100644 --- a/playbooks/common/openshift-cluster/openshift_logging.yml +++ b/playbooks/common/openshift-cluster/openshift_logging.yml @@ -1,7 +1,6 @@ --- - name: Logging Install Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Logging install 'In Progress' @@ -24,8 +23,7 @@ tasks_from: update_master_config - name: Logging Install Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Logging install 'Complete' diff --git a/playbooks/common/openshift-cluster/openshift_metrics.yml b/playbooks/common/openshift-cluster/openshift_metrics.yml index e369dcd86..9c0bd489b 100644 --- a/playbooks/common/openshift-cluster/openshift_metrics.yml +++ b/playbooks/common/openshift-cluster/openshift_metrics.yml @@ -1,7 +1,6 @@ --- - name: Metrics Install Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Metrics install 'In Progress' @@ -25,8 +24,7 @@ tasks_from: update_master_config.yaml - name: Metrics Install Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Metrics install 'Complete' diff --git a/playbooks/common/openshift-cluster/service_catalog.yml b/playbooks/common/openshift-cluster/service_catalog.yml index 95a8f601c..bd964b2ce 100644 --- a/playbooks/common/openshift-cluster/service_catalog.yml +++ b/playbooks/common/openshift-cluster/service_catalog.yml @@ -1,7 +1,6 @@ --- - name: Service Catalog Install Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Service Catalog install 'In Progress' @@ -20,8 +19,7 @@ first_master: "{{ groups.oo_first_master[0] }}" - name: Service Catalog Install Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Service Catalog install 'Complete' diff --git a/playbooks/common/openshift-cluster/std_include.yml b/playbooks/common/openshift-cluster/std_include.yml index 090ad6445..45b34c8bd 100644 --- a/playbooks/common/openshift-cluster/std_include.yml +++ b/playbooks/common/openshift-cluster/std_include.yml @@ -1,7 +1,6 @@ --- - name: Initialization Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false roles: - installer_checkpoint @@ -37,8 +36,7 @@ - always - name: Initialization Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set install initialization 'Complete' diff --git a/playbooks/common/openshift-cluster/upgrades/files/shared_resource_viewer_role.yaml b/playbooks/common/openshift-cluster/upgrades/files/shared_resource_viewer_role.yaml new file mode 100644 index 000000000..9c9c260fb --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/files/shared_resource_viewer_role.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: v1 +kind: Role +metadata: + name: shared-resource-viewer + namespace: openshift +rules: +- apiGroups: + - "" + - template.openshift.io + attributeRestrictions: null + resources: + - templates + verbs: + - get + - list + - watch +- apiGroups: + - "" + - image.openshift.io + attributeRestrictions: null + resources: + - imagestreamimages + - imagestreams + - imagestreamtags + verbs: + - get + - list + - watch +- apiGroups: + - "" + - image.openshift.io + attributeRestrictions: null + resources: + - imagestreams/layers + verbs: + - get diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index 07e521a89..122066955 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -103,9 +103,16 @@ openshift_hosted_templates_import_command: replace # Check for warnings to be printed at the end of the upgrade: -- name: Check for warnings +- name: Clean up and display warnings hosts: oo_masters_to_config - tasks: + tags: + - always + gather_facts: no + roles: + - role: openshift_excluder + r_openshift_excluder_action: enable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" + post_tasks: # Check if any masters are using pluginOrderOverride and warn if so, only for 1.3/3.3 and beyond: - name: grep pluginOrderOverride command: grep pluginOrderOverride {{ openshift.common.config_base }}/master/master-config.yaml @@ -121,12 +128,8 @@ - not grep_plugin_order_override | skipped - grep_plugin_order_override.rc == 0 -- name: Re-enable excluder if it was previously enabled - hosts: oo_masters_to_config - tags: - - always - gather_facts: no - roles: - - role: openshift_excluder - r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" + - name: Warn if shared-resource-viewer could not be updated + debug: + msg: "WARNING the shared-resource-viewer role could not be upgraded to 3.6 spec because it's marked protected, please see https://bugzilla.redhat.com/show_bug.cgi?id=1493213" + when: + - __shared_resource_viewer_protected | default(false) diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index da47491c1..797e21bc3 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -193,6 +193,7 @@ # Another spot where we assume docker is running and do not want to accidentally trigger an unsafe # restart. skip_docker_role: True + __master_shared_resource_viewer_file: "shared_resource_viewer_role.yaml" tasks: - name: Reconcile Cluster Roles command: > @@ -231,6 +232,44 @@ - reconcile_jenkins_role_binding_result.rc == 0 when: (not openshift.common.version_gte_3_7 | bool) and (openshift.common.version_gte_3_4_or_1_4 | bool) + - when: (openshift.common.version_gte_3_6 | bool) and (not openshift.common.version_gte_3_7 | bool) + block: + - name: Retrieve shared-resource-viewer + oc_obj: + state: list + kind: role + name: "shared-resource-viewer" + namespace: "openshift" + register: objout + + - name: Determine if shared-resource-viewer is protected + set_fact: + __shared_resource_viewer_protected: true + when: + - "'results' in objout" + - "'results' in objout['results']" + - "'annotations' in objout['results']['results'][0]['metadata']" + - "'openshift.io/reconcile-protect' in objout['results']['results'][0]['metadata']['annotations']" + - "objout['results']['results'][0]['metadata']['annotations']['openshift.io/reconcile-protect'] == 'true'" + + - copy: + src: "{{ item }}" + dest: "/tmp/{{ item }}" + with_items: + - "{{ __master_shared_resource_viewer_file }}" + when: __shared_resource_viewer_protected is not defined + + - name: Fixup shared-resource-viewer role + oc_obj: + state: present + kind: role + name: "shared-resource-viewer" + namespace: "openshift" + files: + - "/tmp/{{ __master_shared_resource_viewer_file }}" + delete_after: true + when: __shared_resource_viewer_protected is not defined + - name: Reconcile Security Context Constraints command: > {{ openshift.common.client_binary }} adm policy --config={{ openshift.common.config_base }}/master/admin.kubeconfig reconcile-sccs --confirm --additive-only=true -o name diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 82539dac8..48d46bbb0 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -1,7 +1,6 @@ --- - name: etcd Install Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set etcd install 'In Progress' @@ -27,8 +26,7 @@ - role: nickhammond.logrotate - name: etcd Install Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set etcd install 'Complete' diff --git a/playbooks/common/openshift-glusterfs/config.yml b/playbooks/common/openshift-glusterfs/config.yml index 516618de2..80cda9e21 100644 --- a/playbooks/common/openshift-glusterfs/config.yml +++ b/playbooks/common/openshift-glusterfs/config.yml @@ -1,7 +1,6 @@ --- - name: GlusterFS Install Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set GlusterFS install 'In Progress' @@ -37,8 +36,7 @@ when: groups.oo_glusterfs_to_config | default([]) | count > 0 - name: GlusterFS Install Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set GlusterFS install 'Complete' diff --git a/playbooks/common/openshift-loadbalancer/config.yml b/playbooks/common/openshift-loadbalancer/config.yml index 9e148e636..d4addedee 100644 --- a/playbooks/common/openshift-loadbalancer/config.yml +++ b/playbooks/common/openshift-loadbalancer/config.yml @@ -1,7 +1,6 @@ --- - name: Load Balancer Install Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set load balancer install 'In Progress' @@ -30,8 +29,7 @@ - role: tuned - name: Load Balancer Install Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set load balancer install 'Complete' diff --git a/playbooks/common/openshift-master/additional_config.yml b/playbooks/common/openshift-master/additional_config.yml index ee76e2ed7..1b3eb268a 100644 --- a/playbooks/common/openshift-master/additional_config.yml +++ b/playbooks/common/openshift-master/additional_config.yml @@ -1,7 +1,6 @@ --- - name: Master Additional Install Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Master Additional install 'In Progress' @@ -37,8 +36,7 @@ when: openshift_use_flannel | default(false) | bool - name: Master Additional Install Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Master Additional install 'Complete' diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 04e2bdbbf..6e57f282e 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -1,7 +1,6 @@ --- - name: Master Install Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Master install 'In Progress' @@ -227,8 +226,7 @@ r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - name: Master Install Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Master install 'Complete' diff --git a/playbooks/common/openshift-nfs/config.yml b/playbooks/common/openshift-nfs/config.yml index 66303d6f7..ce672daf5 100644 --- a/playbooks/common/openshift-nfs/config.yml +++ b/playbooks/common/openshift-nfs/config.yml @@ -1,7 +1,6 @@ --- - name: NFS Install Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set NFS install 'In Progress' @@ -17,8 +16,7 @@ - role: openshift_storage_nfs - name: NFS Install Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set NFS install 'Complete' diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 700aab48c..4f8f98aef 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -1,7 +1,6 @@ --- - name: Node Install Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Node install 'In Progress' @@ -25,8 +24,7 @@ - include: enable_excluders.yml - name: Node Install Checkpoint End - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false tasks: - name: Set Node install 'Complete' diff --git a/roles/installer_checkpoint/README.md b/roles/installer_checkpoint/README.md index 321acca21..83e00e504 100644 --- a/roles/installer_checkpoint/README.md +++ b/roles/installer_checkpoint/README.md @@ -92,8 +92,7 @@ phase/component and then a final play for setting `installer_hase_initialize` to # common/openshift-cluster/std_include.yml --- - name: Initialization Checkpoint Start - hosts: localhost - connection: local + hosts: oo_all_hosts gather_facts: false roles: - installer_checkpoint diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml index 3a866cedf..7a5bebf6f 100644 --- a/roles/openshift_excluder/tasks/install.yml +++ b/roles/openshift_excluder/tasks/install.yml @@ -6,19 +6,46 @@ block: - - name: Install docker excluder + - name: Install docker excluder - yum package: name: "{{ r_openshift_excluder_service_type }}-docker-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" state: "{{ r_openshift_excluder_docker_package_state }}" when: - r_openshift_excluder_enable_docker_excluder | bool + - ansible_pkg_mgr == "yum" - - name: Install openshift excluder + + # For DNF we do not need the "*" and if we add it, it causes an error because + # it's not a valid pkg_spec + # + # https://bugzilla.redhat.com/show_bug.cgi?id=1199432 + - name: Install docker excluder - dnf + package: + name: "{{ r_openshift_excluder_service_type }}-docker-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + state: "{{ r_openshift_excluder_docker_package_state }}" + when: + - r_openshift_excluder_enable_docker_excluder | bool + - ansible_pkg_mgr == "dnf" + + - name: Install openshift excluder - yum package: name: "{{ r_openshift_excluder_service_type }}-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" state: "{{ r_openshift_excluder_package_state }}" when: - r_openshift_excluder_enable_openshift_excluder | bool + - ansible_pkg_mgr == "yum" + + # For DNF we do not need the "*" and if we add it, it causes an error because + # it's not a valid pkg_spec + # + # https://bugzilla.redhat.com/show_bug.cgi?id=1199432 + - name: Install openshift excluder - dnf + package: + name: "{{ r_openshift_excluder_service_type }}-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + state: "{{ r_openshift_excluder_package_state }}" + when: + - r_openshift_excluder_enable_openshift_excluder | bool + - ansible_pkg_mgr == "dnf" - set_fact: r_openshift_excluder_install_ran: True |