summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README_OSE.md2
-rw-r--r--README_origin.md2
-rw-r--r--README_vagrant.md2
-rwxr-xr-xgit/pylint.sh6
-rw-r--r--inventory/byo/.gitignore1
-rw-r--r--inventory/byo/hosts43
-rw-r--r--inventory/byo/hosts.example67
-rw-r--r--playbooks/aws/openshift-cluster/terminate.yml9
-rw-r--r--playbooks/common/openshift-cluster/update_repos_and_packages.yml5
-rw-r--r--playbooks/common/openshift-master/config.yml29
-rw-r--r--playbooks/gce/openshift-cluster/terminate.yml15
-rw-r--r--playbooks/libvirt/openshift-cluster/launch.yml2
-rw-r--r--playbooks/libvirt/openshift-cluster/terminate.yml17
-rw-r--r--playbooks/libvirt/openshift-cluster/vars.yml9
-rw-r--r--playbooks/openstack/openshift-cluster/terminate.yml25
-rw-r--r--roles/etcd/defaults/main.yaml2
-rw-r--r--roles/etcd/meta/main.yml1
-rw-r--r--roles/etcd_ca/meta/main.yml2
-rw-r--r--roles/openshift_common/README.md2
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py42
-rw-r--r--roles/openshift_facts/tasks/main.yml1
-rw-r--r--roles/openshift_master/README.md2
-rw-r--r--roles/openshift_master/defaults/main.yml6
-rw-r--r--roles/openshift_master/handlers/main.yml1
-rw-r--r--roles/openshift_master/tasks/main.yml21
-rw-r--r--roles/openshift_master_ca/meta/main.yml2
-rw-r--r--roles/openshift_master_ca/tasks/main.yml2
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml16
-rw-r--r--roles/openshift_master_certificates/vars/main.yml3
-rw-r--r--roles/openshift_master_cluster/README.md34
-rw-r--r--roles/openshift_master_cluster/meta/main.yml16
-rw-r--r--roles/openshift_master_cluster/tasks/configure.yml44
-rw-r--r--roles/openshift_master_cluster/tasks/configure_deferred.yml8
-rw-r--r--roles/openshift_master_cluster/tasks/main.yml13
-rw-r--r--roles/openshift_node/README.md2
-rw-r--r--roles/openshift_node_certificates/tasks/main.yml2
-rw-r--r--roles/openshift_repos/README.md2
-rw-r--r--roles/rhel_subscribe/tasks/enterprise.yml5
-rw-r--r--roles/rhel_subscribe/tasks/main.yml29
-rw-r--r--roles/rhel_unsubscribe/tasks/main.yml5
40 files changed, 417 insertions, 80 deletions
diff --git a/README_OSE.md b/README_OSE.md
index 471fdcf9e..31173e5d6 100644
--- a/README_OSE.md
+++ b/README_OSE.md
@@ -46,7 +46,7 @@ subscription-manager repos --disable="*"
subscription-manager repos \
--enable="rhel-7-server-rpms" \
--enable="rhel-7-server-extras-rpms" \
---enable="rhel-server-7-ose-beta-rpms"
+--enable="rhel-7-server-ose-3.0-rpms"
```
* Configuration of router is not automated yet
* Configuration of docker-registry is not automated yet
diff --git a/README_origin.md b/README_origin.md
index 2ccedf4d5..fb0931132 100644
--- a/README_origin.md
+++ b/README_origin.md
@@ -35,7 +35,7 @@ subscription-manager repos --disable="*"
subscription-manager repos \
--enable="rhel-7-server-rpms" \
--enable="rhel-7-server-extras-rpms" \
---enable="rhel-server-7-ose-beta-rpms"
+--enable="rhel-7-server-ose-3.0-rpms"
```
* Configuration of router is not automated yet
* Configuration of docker-registry is not automated yet
diff --git a/README_vagrant.md b/README_vagrant.md
index e3b3b5551..26ec52c0a 100644
--- a/README_vagrant.md
+++ b/README_vagrant.md
@@ -1,7 +1,7 @@
Requirements
------------
- vagrant (tested against version 1.7.2)
-- vagrant-hostmaster plugin (tested against version 1.5.0)
+- vagrant-hostmanager plugin (tested against version 1.5.0)
- vagrant-libvirt (tested against version 0.0.26)
- Only required if using libvirt instead of virtualbox
diff --git a/git/pylint.sh b/git/pylint.sh
index 86ea52d45..8666931e9 100755
--- a/git/pylint.sh
+++ b/git/pylint.sh
@@ -15,7 +15,9 @@ NEWREV=$2
PYTHON=/var/lib/jenkins/python27/bin/python
+set +e
PY_DIFF=$(/usr/bin/git diff --name-only $OLDREV $NEWREV --diff-filter=ACM | grep ".py$")
+set -e
FILES_TO_TEST=""
@@ -40,5 +42,7 @@ done
if [ "${FILES_TO_TEST}" != "" ]; then
echo "Testing files: ${FILES_TO_TEST}"
- ${PYTHON} -m pylint --rcfile ${WORKSPACE}/git/.pylintrc ${FILES_TO_TEST}
+ exec ${PYTHON} -m pylint --rcfile ${WORKSPACE}/git/.pylintrc ${FILES_TO_TEST}
+else
+ exit 0
fi
diff --git a/inventory/byo/.gitignore b/inventory/byo/.gitignore
new file mode 100644
index 000000000..6ff331c7e
--- /dev/null
+++ b/inventory/byo/.gitignore
@@ -0,0 +1 @@
+hosts
diff --git a/inventory/byo/hosts b/inventory/byo/hosts
deleted file mode 100644
index a9add6a60..000000000
--- a/inventory/byo/hosts
+++ /dev/null
@@ -1,43 +0,0 @@
-# This is an example of a bring your own (byo) host inventory
-
-# Create an OSEv3 group that contains the masters and nodes groups
-[OSEv3:children]
-masters
-nodes
-etcd
-
-# Set variables common for all OSEv3 hosts
-[OSEv3:vars]
-# SSH user, this user should allow ssh based auth without requiring a password
-ansible_ssh_user=root
-
-# If ansible_ssh_user is not root, ansible_sudo must be set to true
-#ansible_sudo=true
-
-# To deploy origin, change deployment_type to origin
-deployment_type=enterprise
-
-# Pre-release registry URL
-oreg_url=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3/ose-${component}:${version}
-
-# Pre-release additional repo
-openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterprise/3.0/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]
-#openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterpriseErrata/3.0/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]
-
-# Origin copr repo
-#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, gpgkey: 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}]
-
-# htpasswd auth
-#openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/openshift/htpasswd'}]
-
-# host group for masters
-[masters]
-ose3-master-ansible.test.example.com
-
-[etcd]
-#ose3-master-ansible.test.example.com
-
-# host group for nodes
-[nodes]
-ose3-master-ansible.test.example.com openshift_scheduleable=False
-ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}"
diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example
new file mode 100644
index 000000000..56f4da5a2
--- /dev/null
+++ b/inventory/byo/hosts.example
@@ -0,0 +1,67 @@
+# This is an example of a bring your own (byo) host inventory
+
+# Create an OSEv3 group that contains the masters and nodes groups
+[OSEv3:children]
+masters
+nodes
+etcd
+
+# Set variables common for all OSEv3 hosts
+[OSEv3:vars]
+# SSH user, this user should allow ssh based auth without requiring a
+# password. If using ssh key based auth, then the key should be managed by an
+# ssh agent.
+ansible_ssh_user=root
+
+# If ansible_ssh_user is not root, ansible_sudo must be set to true and the
+# user must be configured for passwordless sudo
+#ansible_sudo=true
+
+# deployment type valid values are origin, online and enterprise
+deployment_type=enterprise
+
+# Pre-release registry URL
+#oreg_url=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3/ose-${component}:${version}
+
+# Pre-release Dev puddle repo
+#openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterprise/3.0/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]
+
+# Pre-release Errata puddle repo
+#openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterpriseErrata/3.0/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]
+
+# Origin copr repo
+#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, gpgkey: 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}]
+
+# htpasswd auth
+#openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/openshift/htpasswd'}]
+
+# Allow all auth
+#openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}]
+
+# master cluster ha variables using pacemaker or RHEL HA
+#openshift_master_cluster_password=openshift_cluster
+#openshift_master_cluster_vip=192.168.133.25
+#openshift_master_cluster_public_vip=192.168.133.25
+#openshift_master_cluster_hostname=openshift-ansible.test.example.com
+#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com
+
+# master cluster ha variables when using a different HA solution
+# For installation the value of openshift_master_cluster_hostname must resolve
+# to the first master defined in the inventory.
+# The HA solution must be manually configured after installation and must ensure
+# that openshift-master is running on a single master host.
+#openshift_master_cluster_hostname=openshift-ansible.test.example.com
+#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com
+#openshift_master_cluster_defer_ha=True
+
+# host group for masters
+[masters]
+ose3-master[1:3]-ansible.test.example.com
+
+[etcd]
+ose3-etcd[1:3]-ansible.test.example.com
+
+# host group for nodes
+[nodes]
+ose3-master[1:3]-ansible.test.example.com openshift_scheduleable=False
+ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}"
diff --git a/playbooks/aws/openshift-cluster/terminate.yml b/playbooks/aws/openshift-cluster/terminate.yml
index 9c3703aba..3a08ed966 100644
--- a/playbooks/aws/openshift-cluster/terminate.yml
+++ b/playbooks/aws/openshift-cluster/terminate.yml
@@ -13,6 +13,15 @@
ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
with_items: groups[scratch_group] | default([]) | difference(['localhost'])
+- name: Unsubscribe VMs
+ hosts: oo_hosts_to_terminate
+ roles:
+ - role: rhel_unsubscribe
+ when: deployment_type == "enterprise" and
+ ansible_distribution == "RedHat" and
+ lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
+ default('no', True) | lower in ['no', 'false']
+
- name: Terminate instances
hosts: localhost
connection: local
diff --git a/playbooks/common/openshift-cluster/update_repos_and_packages.yml b/playbooks/common/openshift-cluster/update_repos_and_packages.yml
index e92c6f1ee..190e2d862 100644
--- a/playbooks/common/openshift-cluster/update_repos_and_packages.yml
+++ b/playbooks/common/openshift-cluster/update_repos_and_packages.yml
@@ -3,5 +3,10 @@
vars:
openshift_deployment_type: "{{ deployment_type }}"
roles:
+ - role: rhel_subscribe
+ when: deployment_type == "enterprise" and
+ ansible_distribution == "RedHat" and
+ lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
+ default('no', True) | lower in ['no', 'false']
- openshift_repos
- os_update_latest
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 3956128e1..904ad2dab 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -27,6 +27,9 @@
api_url: "{{ openshift_master_api_url | default(None) }}"
api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}"
public_api_url: "{{ openshift_master_public_api_url | default(None) }}"
+ cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
+ cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"
+ cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}"
console_path: "{{ openshift_master_console_path | default(None) }}"
console_port: "{{ openshift_master_console_port | default(None) }}"
console_url: "{{ openshift_master_console_url | default(None) }}"
@@ -152,16 +155,26 @@
roles:
- openshift_master_certificates
post_tasks:
+ - name: Remove generated etcd client certs when using external etcd
+ file:
+ path: "{{ master_generated_certs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
+ state: absent
+ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
+ with_nested:
+ - masters_needing_certs
+ - - master.etcd-client.crt
+ - master.etcd-client.key
+
- name: Create a tarball of the master certs
command: >
- tar -czvf {{ master_generated_certs_dir }}/{{ item.master.cert_subdir }}.tgz
- -C {{ master_generated_certs_dir }}/{{ item.master.cert_subdir }} .
+ tar -czvf {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz
+ -C {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }} .
args:
- creates: "{{ master_generated_certs_dir }}/{{ item.master.cert_subdir }}.tgz"
+ creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
with_items: masters_needing_certs
- name: Retrieve the master cert tarball from the master
fetch:
- src: "{{ master_generated_certs_dir }}/{{ item.master.cert_subdir }}.tgz"
+ src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
dest: "{{ sync_tmpdir }}/"
flat: yes
fail_on_missing: yes
@@ -172,6 +185,7 @@
hosts: oo_masters_to_config
vars:
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
+ openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
pre_tasks:
- name: Ensure certificate directory exists
file:
@@ -192,9 +206,14 @@
group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }}
changed_when: False
-- name: Deploy OpenShift examples
+- name: Additional master configuration
hosts: oo_first_master
+ vars:
+ openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
+ omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}"
roles:
+ - role: openshift_master_cluster
+ when: openshift_master_ha | bool
- openshift_examples
# Additional instance config for online deployments
diff --git a/playbooks/gce/openshift-cluster/terminate.yml b/playbooks/gce/openshift-cluster/terminate.yml
index abe6a4c95..098b0df73 100644
--- a/playbooks/gce/openshift-cluster/terminate.yml
+++ b/playbooks/gce/openshift-cluster/terminate.yml
@@ -8,7 +8,7 @@
- set_fact: scratch_group=tag_env-host-type-{{ cluster_id }}-openshift-node
- add_host:
name: "{{ item }}"
- groups: oo_nodes_to_terminate
+ groups: oo_hosts_to_terminate, oo_nodes_to_terminate
ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}"
ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
with_items: groups[scratch_group] | default([]) | difference(['localhost']) | difference(groups.status_terminated)
@@ -16,11 +16,22 @@
- set_fact: scratch_group=tag_env-host-type-{{ cluster_id }}-openshift-master
- add_host:
name: "{{ item }}"
- groups: oo_masters_to_terminate
+ groups: oo_hosts_to_terminate, oo_masters_to_terminate
ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}"
ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
with_items: groups[scratch_group] | default([]) | difference(['localhost']) | difference(groups.status_terminated)
+- name: Unsubscribe VMs
+ hosts: oo_hosts_to_terminate
+ vars_files:
+ - vars.yml
+ roles:
+ - role: rhel_unsubscribe
+ when: deployment_type == "enterprise" and
+ ansible_distribution == "RedHat" and
+ lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
+ default('no', True) | lower in ['no', 'false']
+
- include: ../openshift-node/terminate.yml
vars:
gce_service_account_email: "{{ lookup('env', 'gce_service_account_email_address') }}"
diff --git a/playbooks/libvirt/openshift-cluster/launch.yml b/playbooks/libvirt/openshift-cluster/launch.yml
index a7ddc1e7e..6badcb325 100644
--- a/playbooks/libvirt/openshift-cluster/launch.yml
+++ b/playbooks/libvirt/openshift-cluster/launch.yml
@@ -13,7 +13,7 @@
image_name: "{{ deployment_vars[deployment_type].image.name }}"
tasks:
- fail: msg="Deployment type not supported for libvirt provider yet"
- when: deployment_type in ['online', 'enterprise']
+ when: deployment_type == 'online'
- include: tasks/configure_libvirt.yml
diff --git a/playbooks/libvirt/openshift-cluster/terminate.yml b/playbooks/libvirt/openshift-cluster/terminate.yml
index b173a09dd..8f00812a9 100644
--- a/playbooks/libvirt/openshift-cluster/terminate.yml
+++ b/playbooks/libvirt/openshift-cluster/terminate.yml
@@ -15,6 +15,23 @@
ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
with_items: groups[cluster_group] | default([])
+- name: Unsubscribe VMs
+ hosts: oo_hosts_to_terminate
+ vars_files:
+ - vars.yml
+ roles:
+ - role: rhel_unsubscribe
+ when: deployment_type == "enterprise" and
+ ansible_distribution == "RedHat" and
+ lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
+ default('no', True) | lower in ['no', 'false']
+
+- name: Terminate instance(s)
+ hosts: localhost
+ gather_facts: no
+ vars_files:
+ - vars.yml
+ tasks:
- name: Destroy VMs
virt:
name: '{{ item[0] }}'
diff --git a/playbooks/libvirt/openshift-cluster/vars.yml b/playbooks/libvirt/openshift-cluster/vars.yml
index e3c8cd8d0..c77a0797e 100644
--- a/playbooks/libvirt/openshift-cluster/vars.yml
+++ b/playbooks/libvirt/openshift-cluster/vars.yml
@@ -24,9 +24,12 @@ deployment_vars:
sudo: no
enterprise:
image:
- url:
- name:
- sha256:
+ url: "{{ lookup('oo_option', 'image_url') |
+ default('https://access.cdn.redhat.com//content/origin/files/sha256/ff/ff8198653cfd9c39411fc57077451ac291b3a605d305e905932fd6d5b1890bf3/rhel-guest-image-7.1-20150224.0.x86_64.qcow2', True) }}"
+ name: "{{ lookup('oo_option', 'image_name') |
+ default('rhel-guest-image-7.1-20150224.0.x86_64.qcow2', True) }}"
+ sha256: "{{ lookup('oo_option', 'image_sha256') |
+ default('ff8198653cfd9c39411fc57077451ac291b3a605d305e905932fd6d5b1890bf3', True) }}"
ssh_user: openshift
sudo: yes
# origin:
diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml
index fc4ec3c88..62df2be73 100644
--- a/playbooks/openstack/openshift-cluster/terminate.yml
+++ b/playbooks/openstack/openshift-cluster/terminate.yml
@@ -5,6 +5,31 @@
vars_files:
- vars.yml
tasks:
+ - set_fact: cluster_group=tag_env_{{ cluster_id }}
+ - add_host:
+ name: "{{ item }}"
+ groups: oo_hosts_to_terminate
+ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
+ ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
+ with_items: groups[cluster_group] | default([])
+
+- name: Unsubscribe VMs
+ hosts: oo_hosts_to_terminate
+ vars_files:
+ - vars.yml
+ roles:
+ - role: rhel_unsubscribe
+ when: deployment_type == "enterprise" and
+ ansible_distribution == "RedHat" and
+ lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
+ default('no', True) | lower in ['no', 'false']
+
+- hosts: localhost
+ connection: local
+ gather_facts: no
+ vars_files:
+ - vars.yml
+ tasks:
- name: Delete the OpenStack Stack
command: 'heat stack-delete openshift-ansible-{{ cluster_id }}-stack'
register: stack_delete_result
diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml
index 0fb45f37c..0f216b84e 100644
--- a/roles/etcd/defaults/main.yaml
+++ b/roles/etcd/defaults/main.yaml
@@ -1,5 +1,5 @@
---
-etcd_interface: eth0
+etcd_interface: "{{ ansible_default_ipv4.interface }}"
etcd_client_port: 2379
etcd_peer_port: 2380
etcd_peers_group: etcd
diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml
index 82b1a62b8..92d44ef4d 100644
--- a/roles/etcd/meta/main.yml
+++ b/roles/etcd/meta/main.yml
@@ -17,3 +17,4 @@ galaxy_info:
- system
dependencies:
- { role: os_firewall }
+- { role: openshift_repos }
diff --git a/roles/etcd_ca/meta/main.yml b/roles/etcd_ca/meta/main.yml
index ce909b992..fb9280c9e 100644
--- a/roles/etcd_ca/meta/main.yml
+++ b/roles/etcd_ca/meta/main.yml
@@ -13,4 +13,4 @@ galaxy_info:
- cloud
- system
dependencies:
-- { role: openshift_facts }
+- { role: openshift_repos }
diff --git a/roles/openshift_common/README.md b/roles/openshift_common/README.md
index 14c2037e4..eb4ef26e8 100644
--- a/roles/openshift_common/README.md
+++ b/roles/openshift_common/README.md
@@ -7,7 +7,7 @@ Requirements
------------
A RHEL 7.1 host pre-configured with access to the rhel-7-server-rpms,
-rhel-7-server-extra-rpms, and rhel-7-server-ose-beta-rpms repos.
+rhel-7-server-extra-rpms, and rhel-7-server-ose-3.0-rpms repos.
Role Variables
--------------
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 727861b07..d733639c3 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -367,9 +367,11 @@ def set_url_facts_if_unset(facts):
console_path = facts['master']['console_path']
etcd_use_ssl = facts['master']['etcd_use_ssl']
etcd_hosts = facts['master']['etcd_hosts']
- etcd_port = facts['master']['etcd_port'],
+ etcd_port = facts['master']['etcd_port']
hostname = facts['common']['hostname']
public_hostname = facts['common']['public_hostname']
+ cluster_hostname = facts['master'].get('cluster_hostname')
+ cluster_public_hostname = facts['master'].get('cluster_public_hostname')
if 'etcd_urls' not in facts['master']:
etcd_urls = []
@@ -384,24 +386,51 @@ def set_url_facts_if_unset(facts):
etcd_port)]
facts['master']['etcd_urls'] = etcd_urls
if 'api_url' not in facts['master']:
- facts['master']['api_url'] = format_url(api_use_ssl, hostname,
+ api_hostname = cluster_hostname if cluster_hostname else hostname
+ facts['master']['api_url'] = format_url(api_use_ssl, api_hostname,
api_port)
if 'public_api_url' not in facts['master']:
+ api_public_hostname = cluster_public_hostname if cluster_public_hostname else public_hostname
facts['master']['public_api_url'] = format_url(api_use_ssl,
- public_hostname,
+ api_public_hostname,
api_port)
if 'console_url' not in facts['master']:
+ console_hostname = cluster_hostname if cluster_hostname else hostname
facts['master']['console_url'] = format_url(console_use_ssl,
- hostname,
+ console_hostname,
console_port,
console_path)
if 'public_console_url' not in facts['master']:
+ console_public_hostname = cluster_public_hostname if cluster_public_hostname else public_hostname
facts['master']['public_console_url'] = format_url(console_use_ssl,
- public_hostname,
+ console_public_hostname,
console_port,
console_path)
return facts
+def set_aggregate_facts(facts):
+ """ Set aggregate facts
+
+ Args:
+ facts (dict): existing facts
+ Returns:
+ dict: the facts dict updated with aggregated facts
+ """
+ all_hostnames = set()
+ if 'common' in facts:
+ all_hostnames.add(facts['common']['hostname'])
+ all_hostnames.add(facts['common']['public_hostname'])
+
+ if 'master' in facts:
+ if 'cluster_hostname' in facts['master']:
+ all_hostnames.add(facts['master']['cluster_hostname'])
+ if 'cluster_public_hostname' in facts['master']:
+ all_hostnames.add(facts['master']['cluster_public_hostname'])
+
+ facts['common']['all_hostnames'] = list(all_hostnames)
+
+ return facts
+
def set_sdn_facts_if_unset(facts):
""" Set sdn facts if not already present in facts dict
@@ -675,6 +704,7 @@ class OpenShiftFacts(object):
facts = set_identity_providers_if_unset(facts)
facts = set_registry_url_if_unset(facts)
facts = set_sdn_facts_if_unset(facts)
+ facts = set_aggregate_facts(facts)
return dict(openshift=facts)
def get_defaults(self, roles):
@@ -713,7 +743,7 @@ class OpenShiftFacts(object):
session_name='ssn', session_secrets_file='',
access_token_max_seconds=86400,
auth_token_max_seconds=500,
- oauth_grant_method='auto')
+ oauth_grant_method='auto', cluster_defer_ha=False)
defaults['master'] = master
if 'node' in roles:
diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml
index d71e6d019..b2cda3a85 100644
--- a/roles/openshift_facts/tasks/main.yml
+++ b/roles/openshift_facts/tasks/main.yml
@@ -4,6 +4,7 @@
that:
- ansible_version | version_compare('1.8.0', 'ge')
- ansible_version | version_compare('1.9.0', 'ne')
+ - ansible_version | version_compare('1.9.0.1', 'ne')
- name: Gather OpenShift facts
openshift_facts:
diff --git a/roles/openshift_master/README.md b/roles/openshift_master/README.md
index 3178e318c..19f77d145 100644
--- a/roles/openshift_master/README.md
+++ b/roles/openshift_master/README.md
@@ -7,7 +7,7 @@ Requirements
------------
A RHEL 7.1 host pre-configured with access to the rhel-7-server-rpms,
-rhel-7-server-extras-rpms, and rhel-server-7-ose-beta-rpms repos.
+rhel-7-server-extras-rpms, and rhel-7-server-ose-3.0-rpms repos.
Role Variables
--------------
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index 11195e83e..ca8860099 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -15,6 +15,12 @@ os_firewall_allow:
port: 24224/tcp
- service: Fluentd td-agent udp
port: 24224/udp
+- service: pcsd
+ port: 2224/tcp
+- service: Corosync UDP
+ port: 5404/udp
+- service: Corosync UDP
+ port: 5405/udp
os_firewall_deny:
- service: OpenShift api http
port: 8080/tcp
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml
index 6fd4dfb51..d57f9a4ea 100644
--- a/roles/openshift_master/handlers/main.yml
+++ b/roles/openshift_master/handlers/main.yml
@@ -1,3 +1,4 @@
---
- name: restart openshift-master
service: name=openshift-master state=restarted
+ when: not openshift_master_ha
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 02905f32d..bb1689e5f 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -8,6 +8,10 @@
- openshift_master_oauth_grant_method in openshift_master_valid_grant_methods
when: openshift_master_oauth_grant_method is defined
+- fail:
+ msg: "openshift_master_cluster_password must be set for multi-master installations"
+ when: openshift_master_ha and not openshift.master.cluster_defer_ha | bool and openshift_master_cluster_password is not defined
+
- name: Install OpenShift Master package
yum: pkg=openshift-master state=present
register: install_result
@@ -16,6 +20,9 @@
openshift_facts:
role: master
local_facts:
+ cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
+ cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"
+ cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}"
debug_level: "{{ openshift_master_debug_level | default(openshift.common.debug_level) }}"
api_port: "{{ openshift_master_api_port | default(None) }}"
api_url: "{{ openshift_master_api_url | default(None) }}"
@@ -114,12 +121,26 @@
- name: Start and enable openshift-master
service: name=openshift-master enabled=yes state=started
+ when: not openshift_master_ha
register: start_result
- name: pause to prevent service restart from interfering with bootstrapping
pause: seconds=30
when: start_result | changed
+- name: Install cluster packages
+ yum: pkg=pcs state=present
+ when: openshift_master_ha and not openshift.master.cluster_defer_ha | bool
+ register: install_result
+
+- name: Start and enable cluster service
+ service: name=pcsd enabled=yes state=started
+ when: openshift_master_ha and not openshift.master.cluster_defer_ha | bool
+
+- name: Set the cluster user password
+ shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster
+ when: install_result | changed
+
- name: Create the OpenShift client config dir(s)
file:
path: "~{{ item }}/.kube"
diff --git a/roles/openshift_master_ca/meta/main.yml b/roles/openshift_master_ca/meta/main.yml
index f3236e850..0c8881521 100644
--- a/roles/openshift_master_ca/meta/main.yml
+++ b/roles/openshift_master_ca/meta/main.yml
@@ -13,4 +13,4 @@ galaxy_info:
- cloud
- system
dependencies:
-- { role: openshift_facts }
+- { role: openshift_repos }
diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml
index 8163ecd7f..03eb7e15f 100644
--- a/roles/openshift_master_ca/tasks/main.yml
+++ b/roles/openshift_master_ca/tasks/main.yml
@@ -14,7 +14,7 @@
- name: Create the master certificates if they do not already exist
command: >
{{ openshift.common.admin_binary }} create-master-certs
- --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }}
+ --hostnames={{ openshift.common.all_hostnames | join(',') }}
--master={{ openshift.master.api_url }}
--public-master={{ openshift.master.public_api_url }}
--cert-dir={{ openshift_master_config_dir }} --overwrite=false
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index b5a3f8e40..297d53bcd 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -7,14 +7,20 @@
with_items: masters_needing_certs
- file:
- src: "{{ openshift_master_ca_cert }}"
- dest: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/ca.crt"
- with_items: masters_needing_certs
+ src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
+ dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
+ state: hard
+ with_nested:
+ - masters_needing_certs
+ - - ca.crt
+ - ca.key
+ - ca.serial.txt
+
- name: Create the master certificates if they do not already exist
command: >
{{ openshift.common.admin_binary }} create-master-certs
- --hostnames={{ item.openshift.common.hostname }},{{ item.openshift.common.public_hostname }}
+ --hostnames={{ item.openshift.common.all_hostnames | join(',') }}
--master={{ item.openshift.master.api_url }}
--public-master={{ item.openshift.master.public_api_url }}
--cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
@@ -22,3 +28,5 @@
args:
creates: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/master.server.crt"
with_items: masters_needing_certs
+
+
diff --git a/roles/openshift_master_certificates/vars/main.yml b/roles/openshift_master_certificates/vars/main.yml
index 6e577b13b..6214f7918 100644
--- a/roles/openshift_master_certificates/vars/main.yml
+++ b/roles/openshift_master_certificates/vars/main.yml
@@ -1,6 +1,3 @@
---
openshift_generated_configs_dir: /etc/openshift/generated-configs
openshift_master_config_dir: /etc/openshift/master
-openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
-openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
-openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
diff --git a/roles/openshift_master_cluster/README.md b/roles/openshift_master_cluster/README.md
new file mode 100644
index 000000000..f150981fa
--- /dev/null
+++ b/roles/openshift_master_cluster/README.md
@@ -0,0 +1,34 @@
+OpenShift Master Cluster
+========================
+
+TODO
+
+Requirements
+------------
+
+TODO
+
+Role Variables
+--------------
+
+TODO
+
+Dependencies
+------------
+
+TODO
+
+Example Playbook
+----------------
+
+TODO
+
+License
+-------
+
+Apache License Version 2.0
+
+Author Information
+------------------
+
+Jason DeTiberus (jdetiber@redhat.com)
diff --git a/roles/openshift_master_cluster/meta/main.yml b/roles/openshift_master_cluster/meta/main.yml
new file mode 100644
index 000000000..0c8881521
--- /dev/null
+++ b/roles/openshift_master_cluster/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Jason DeTiberus
+ description:
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.8
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- { role: openshift_repos }
diff --git a/roles/openshift_master_cluster/tasks/configure.yml b/roles/openshift_master_cluster/tasks/configure.yml
new file mode 100644
index 000000000..8ddc8bfda
--- /dev/null
+++ b/roles/openshift_master_cluster/tasks/configure.yml
@@ -0,0 +1,44 @@
+---
+- fail:
+ msg: This role requires that openshift_master_cluster_vip is set
+ when: openshift_master_cluster_vip is not defined or not openshift_master_cluster_vip
+- fail:
+ msg: This role requires that openshift_master_cluster_public_vip is set
+ when: openshift_master_cluster_public_vip is not defined or not openshift_master_cluster_public_vip
+
+- name: Authenticate to the cluster
+ command: pcs cluster auth -u hacluster -p {{ openshift_master_cluster_password }} {{ omc_cluster_hosts }}
+
+- name: Create the cluster
+ command: pcs cluster setup --name openshift_master {{ omc_cluster_hosts }}
+
+- name: Start the cluster
+ command: pcs cluster start --all
+
+- name: Enable the cluster on all nodes
+ command: pcs cluster enable --all
+
+- name: Set default resource stickiness
+ command: pcs resource defaults resource-stickiness=100
+
+- name: Add the cluster VIP resource
+ command: pcs resource create virtual-ip IPaddr2 ip={{ openshift_master_cluster_vip }} --group openshift-master
+
+- name: Add the cluster public VIP resource
+ command: pcs resource create virtual-ip IPaddr2 ip={{ openshift_master_cluster_public_vip }} --group openshift-master
+ when: openshift_master_cluster_public_vip != openshift_master_cluster_vip
+
+- name: Add the cluster openshift-master service resource
+ command: pcs resource create master systemd:openshift-master op start timeout=90s stop timeout=90s --group openshift-master
+
+- name: Disable stonith
+ command: pcs property set stonith-enabled=false
+
+# TODO: handle case where api port is not 8443
+- name: Wait for the clustered master service to be available
+ wait_for:
+ host: "{{ openshift_master_cluster_vip }}"
+ port: 8443
+ state: started
+ timeout: 180
+ delay: 90
diff --git a/roles/openshift_master_cluster/tasks/configure_deferred.yml b/roles/openshift_master_cluster/tasks/configure_deferred.yml
new file mode 100644
index 000000000..a80b6c5b4
--- /dev/null
+++ b/roles/openshift_master_cluster/tasks/configure_deferred.yml
@@ -0,0 +1,8 @@
+---
+- debug: msg="Deferring config"
+
+- name: Start and enable openshift-master
+ service:
+ name: openshift-master
+ state: started
+ enabled: yes
diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml
new file mode 100644
index 000000000..315947183
--- /dev/null
+++ b/roles/openshift_master_cluster/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+- name: Test if cluster is already configured
+ command: pcs status
+ register: pcs_status
+ changed_when: false
+ failed_when: false
+ when: not openshift.master.cluster_defer_ha | bool
+
+- include: configure.yml
+ when: "pcs_status | failed and 'Error: cluster is not currently running on this node' in pcs_status.stderr"
+
+- include: configure_deferred.yml
+ when: openshift.master.cluster_defer_ha | bool
diff --git a/roles/openshift_node/README.md b/roles/openshift_node/README.md
index c3c17b848..5edb3b8dd 100644
--- a/roles/openshift_node/README.md
+++ b/roles/openshift_node/README.md
@@ -9,7 +9,7 @@ Requirements
One or more OpenShift Master servers.
A RHEL 7.1 host pre-configured with access to the rhel-7-server-rpms,
-rhel-7-server-extras-rpms, and rhel-server-7-ose-beta-rpms repos.
+rhel-7-server-extras-rpms, and rhel-7-server-ose-3.0-rpms repos.
Role Variables
--------------
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
index 64a799dfb..c9f02aaf0 100644
--- a/roles/openshift_node_certificates/tasks/main.yml
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -25,7 +25,7 @@
command: >
{{ openshift.common.admin_binary }} create-server-cert
--cert=server.crt --key=server.key --overwrite=true
- --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname]|unique|join(",") }}
+ --hostnames={{ openshift.common.all_hostnames |join(",") }}
--signer-cert={{ openshift_master_ca_cert }}
--signer-key={{ openshift_master_ca_key }}
--signer-serial={{ openshift_master_ca_serial }}
diff --git a/roles/openshift_repos/README.md b/roles/openshift_repos/README.md
index 6bbedd839..95b155b29 100644
--- a/roles/openshift_repos/README.md
+++ b/roles/openshift_repos/README.md
@@ -7,7 +7,7 @@ Requirements
------------
A RHEL 7.1 host pre-configured with access to the rhel-7-server-rpms,
-rhel-7-server-extra-rpms, and rhel-7-server-ose-beta-rpms repos.
+rhel-7-server-extra-rpms, and rhel-7-server-ose-3.0-rpms repos.
Role Variables
--------------
diff --git a/roles/rhel_subscribe/tasks/enterprise.yml b/roles/rhel_subscribe/tasks/enterprise.yml
new file mode 100644
index 000000000..fc4d44745
--- /dev/null
+++ b/roles/rhel_subscribe/tasks/enterprise.yml
@@ -0,0 +1,5 @@
+---
+- name: Enable RHEL repositories
+ command: subscription-manager repos \
+ --enable="rhel-7-server-rpms" \
+ --enable="rhel-7-server-ose-3.0-rpms"
diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml
new file mode 100644
index 000000000..8fb2fc042
--- /dev/null
+++ b/roles/rhel_subscribe/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+# TODO: Enhance redhat_subscription module
+# to make it able to attach to a pool
+# to make it able to enable repositories
+
+- set_fact:
+ rhel_subscription_user: "{{ lookup('oo_option', 'rhel_subscription_user') | default(rhsub_user, True) | default(omit, True) }}"
+ rhel_subscription_pass: "{{ lookup('oo_option', 'rhel_subscription_pass') | default(rhsub_pass, True) | default(omit, True) }}"
+
+- fail:
+ msg: "This role is only supported for Red Hat hosts"
+ when: ansible_distribution != 'RedHat'
+
+- fail:
+ msg: Either rsub_user or the rhel_subscription_user env variable are required for this role.
+ when: rhel_subscription_user is not defined
+
+- fail:
+ msg: Either rsub_pass or the rhel_subscription_pass env variable are required for this role.
+ when: rhel_subscription_pass is not defined
+
+- name: RedHat subscriptions
+ redhat_subscription:
+ username: "{{ rhel_subscription_user }}"
+ password: "{{ rhel_subscription_pass }}"
+ autosubscribe: yes
+
+- include: enterprise.yml
+ when: deployment_type == 'enterprise'
diff --git a/roles/rhel_unsubscribe/tasks/main.yml b/roles/rhel_unsubscribe/tasks/main.yml
new file mode 100644
index 000000000..2aeb09d83
--- /dev/null
+++ b/roles/rhel_unsubscribe/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Remove RedHat subscriptions
+ redhat_subscription:
+ state: absent
+ when: ansible_distribution == "RedHat"