diff options
28 files changed, 247 insertions, 98 deletions
diff --git a/.papr.inventory b/.papr.inventory index 23bc9923c..878d434e2 100644 --- a/.papr.inventory +++ b/.papr.inventory @@ -9,6 +9,7 @@ ansible_python_interpreter=/usr/bin/python3 deployment_type=origin openshift_image_tag="{{ lookup('env', 'OPENSHIFT_IMAGE_TAG') }}" openshift_master_default_subdomain="{{ lookup('env', 'RHCI_ocp_node1_IP') }}.xip.io" +openshift_check_min_host_disk_gb=1.5 openshift_check_min_host_memory_gb=1.9 [masters] diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index e7eddc506..b331c69ef 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.6.123.1003-1 ./ +3.6.129-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 415a62e63..3e999a774 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -9,7 +9,7 @@ %global __requires_exclude ^/usr/bin/ansible-playbook$ Name: openshift-ansible -Version: 3.6.123.1003 +Version: 3.6.129 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -280,6 +280,31 @@ Atomic OpenShift Utilities includes %changelog +* Fri Jun 30 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.6.129-1 +- Fix generate role binding destination for the HOSA service account + (steveteuber@users.noreply.github.com) +- Correct version comparisons to ensure proper evaluation (rteague@redhat.com) +- Adding become: false to local_action tasks (ewolinet@redhat.com) +- upgrade: fix name for the etcd system container (gscrivan@redhat.com) +- fix backup and working directory for etcd run as a system container + (jchaloup@redhat.com) +- etcd_migrate: Add /var/usrlocal/bin to path for oadm (smilner@redhat.com) +- etcd_migrate: Add /usr/local/bin to path for oadm (smilner@redhat.com) +- Sync environment variables FLUENTD/MUX_CPU_LIMIT FLUENTD/MUX_MEMORY_LIMIT + with the resource limit values. (nhosoi@redhat.com) +- Update master configuration for named certificates during master cert + redeploy. (abutcher@redhat.com) +- Get rid of openshift_facts dep in rhel_subscribe (sdodson@redhat.com) +- logging: write ES heap dump to persistent storage (jwozniak@redhat.com) + +* Thu Jun 29 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.6.128-1 +- parameterize etcd binary path (fabian@fabianism.us) +- attach leases via the first master only and only once (jchaloup@redhat.com) +- evalute groups when running etcd upgrade from byo/openshift- + cluster/upgrades/upgrade_etcd.yml (jchaloup@redhat.com) +- Bug 1465168 - mux doesn't recognize ansible boolean parameters correctly + (rmeggins@redhat.com) + * Tue Jun 27 2017 Scott Dodson <sdodson@redhat.com> 3.6.123.1003-1 - Generate loopback kubeconfig separately to preserve OpenShift CA certificate. (abutcher@redhat.com) diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml b/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml index c30889d64..51b196299 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml @@ -51,3 +51,13 @@ | oo_collect('openshift.common.hostname') | default(none, true) }}" openshift_certificates_redeploy: true + - role: lib_utils + post_tasks: + - yedit: + src: "{{ openshift.common.config_base }}/master/master-config.yaml" + key: servingInfo.namedCertificates + value: "{{ openshift.master.named_certificates | default([]) | oo_named_certificates_list }}" + when: + - ('named_certificates' in openshift.master) + - openshift.master.named_certificates | default([]) | length > 0 + - openshift_master_overwrite_named_certificates | default(false) | bool diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml index 0431c1ce0..39e82498d 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml @@ -36,7 +36,7 @@ - not openshift.common.is_etcd_system_container | bool - name: Record containerized etcd version (runc) - command: runc exec etcd_container rpm -qa --qf '%{version}' etcd\* + command: runc exec etcd rpm -qa --qf '%{version}' etcd\* register: etcd_container_version_runc failed_when: false # AUDIT:changed_when: `false` because we are only inspecting diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index e383c94da..81c3f8e5b 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -14,6 +14,7 @@ ansible_service_broker_etcd_image_prefix: "{{ ansible_service_broker_etcd_image_prefix | default(__ansible_service_broker_etcd_image_prefix) }}" ansible_service_broker_etcd_image_tag: "{{ ansible_service_broker_etcd_image_tag | default(__ansible_service_broker_etcd_image_tag) }}" + ansible_service_broker_etcd_image_etcd_path: "{{ ansible_service_broker_etcd_image_etcd_path | default(__ansible_service_broker_etcd_image_etcd_path) }}" ansible_service_broker_registry_type: "{{ ansible_service_broker_registry_type | default(__ansible_service_broker_registry_type) }}" ansible_service_broker_registry_url: "{{ ansible_service_broker_registry_url | default(__ansible_service_broker_registry_url) }}" @@ -144,7 +145,7 @@ terminationMessagePath: /tmp/termination-log workingDir: /etcd args: - - /usr/local/bin/etcd + - '{{ ansible_service_broker_etcd_image_etcd_path }}' - --data-dir=/data - "--listen-client-urls=http://0.0.0.0:2379" - "--advertise-client-urls=http://0.0.0.0:2379" diff --git a/roles/ansible_service_broker/vars/default_images.yml b/roles/ansible_service_broker/vars/default_images.yml index b0b3835e3..15e448515 100644 --- a/roles/ansible_service_broker/vars/default_images.yml +++ b/roles/ansible_service_broker/vars/default_images.yml @@ -5,6 +5,7 @@ __ansible_service_broker_image_tag: latest __ansible_service_broker_etcd_image_prefix: quay.io/coreos/ __ansible_service_broker_etcd_image_tag: latest +__ansible_service_broker_etcd_image_etcd_path: /usr/local/bin/etcd __ansible_service_broker_registry_type: dockerhub __ansible_service_broker_registry_url: null diff --git a/roles/ansible_service_broker/vars/openshift-enterprise.yml b/roles/ansible_service_broker/vars/openshift-enterprise.yml index a6d999647..19b4a5147 100644 --- a/roles/ansible_service_broker/vars/openshift-enterprise.yml +++ b/roles/ansible_service_broker/vars/openshift-enterprise.yml @@ -5,6 +5,7 @@ __ansible_service_broker_image_tag: latest __ansible_service_broker_etcd_image_prefix: rhel7/ __ansible_service_broker_etcd_image_tag: latest +__ansible_service_broker_etcd_image_etcd_path: /bin/etcd __ansible_service_broker_registry_type: rhcc __ansible_service_broker_registry_url: "https://registry.access.redhat.com" diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service index adeca7a91..d9327f433 100644 --- a/roles/etcd/templates/etcd.docker.service +++ b/roles/etcd/templates/etcd.docker.service @@ -7,7 +7,7 @@ PartOf={{ openshift.docker.service_name }}.service [Service] EnvironmentFile={{ etcd_conf_file }} ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }} -ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v {{ etcd_data_dir }}:{{ etcd_data_dir }}:z -v {{ etcd_conf_dir }}:{{ etcd_conf_dir }}:ro --env-file={{ etcd_conf_file }} --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} +ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v {{ etcd_data_dir }}:{{ etcd_data_dir }}:z -v {{ etcd_conf_dir }}:{{ etcd_conf_dir }}:ro --env-file={{ etcd_conf_file }} --net=host --security-opt label=type:spc_t --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} ExecStop=/usr/bin/docker stop {{ etcd_service }} SyslogIdentifier=etcd_container Restart=always diff --git a/roles/etcd_common/tasks/backup.yml b/roles/etcd_common/tasks/backup.yml index 4a4832275..1a0b857f1 100644 --- a/roles/etcd_common/tasks/backup.yml +++ b/roles/etcd_common/tasks/backup.yml @@ -1,10 +1,25 @@ --- +# set the etcd backup directory name here in case the tag or sufix consists of dynamic value that changes over time +# e.g. openshift-backup-{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }} value will change every second so if the date changes +# right after setting l_etcd_incontainer_backup_dir and before l_etcd_backup_dir facts, the backup directory name is different - set_fact: - l_etcd_backup_dir: "{{ etcd_data_dir }}/openshift-backup-{{ r_etcd_common_backup_tag }}{{ r_etcd_common_backup_sufix_name }}" + l_backup_dir_name: "openshift-backup-{{ r_etcd_common_backup_tag }}{{ r_etcd_common_backup_sufix_name }}" + +- set_fact: + l_etcd_data_dir: "{{ etcd_data_dir }}{{ '/etcd.etcd' if r_etcd_common_etcd_runtime == 'runc' else '' }}" + +- set_fact: + l_etcd_incontainer_data_dir: "{{ etcd_data_dir }}" + +- set_fact: + l_etcd_incontainer_backup_dir: "{{ l_etcd_incontainer_data_dir }}/{{ l_backup_dir_name }}" + +- set_fact: + l_etcd_backup_dir: "{{ l_etcd_data_dir }}/{{ l_backup_dir_name }}" # TODO: replace shell module with command and update later checks - name: Check available disk space for etcd backup - shell: df --output=avail -k {{ etcd_data_dir }} | tail -n 1 + shell: df --output=avail -k {{ l_etcd_data_dir }} | tail -n 1 register: l_avail_disk # AUDIT:changed_when: `false` because we are only inspecting # state, not manipulating anything @@ -12,7 +27,7 @@ # TODO: replace shell module with command and update later checks - name: Check current etcd disk usage - shell: du --exclude='*openshift-backup*' -k {{ etcd_data_dir }} | tail -n 1 | cut -f1 + shell: du --exclude='*openshift-backup*' -k {{ l_etcd_data_dir }} | tail -n 1 | cut -f1 register: l_etcd_disk_usage when: r_etcd_common_embedded_etcd | bool # AUDIT:changed_when: `false` because we are only inspecting @@ -48,19 +63,19 @@ - name: Generate etcd backup command: > - {{ r_etcd_common_etcdctl_command }} backup --data-dir={{ etcd_data_dir }} - --backup-dir={{ l_etcd_backup_dir }} + {{ r_etcd_common_etcdctl_command }} backup --data-dir={{ l_etcd_incontainer_data_dir }} + --backup-dir={{ l_etcd_incontainer_backup_dir }} # According to the docs change you can simply copy snap/db # https://github.com/openshift/openshift-docs/commit/b38042de02d9780842dce95cfa0ef45d53b58bc6 - name: Check for v3 data store stat: - path: "{{ etcd_data_dir }}/member/snap/db" + path: "{{ l_etcd_data_dir }}/member/snap/db" register: l_v3_db - name: Copy etcd v3 data store command: > - cp -a {{ etcd_data_dir }}/member/snap/db + cp -a {{ l_etcd_data_dir }}/member/snap/db {{ l_etcd_backup_dir }}/member/snap/ when: l_v3_db.stat.exists diff --git a/roles/etcd_migrate/tasks/migrate.yml b/roles/etcd_migrate/tasks/migrate.yml index 27eb945aa..7f441568a 100644 --- a/roles/etcd_migrate/tasks/migrate.yml +++ b/roles/etcd_migrate/tasks/migrate.yml @@ -31,6 +31,8 @@ name: "{{ l_etcd_service }}" state: started +# NOTE: /usr/local/bin may be removed from the PATH by ansible hence why +# it's added to the environment in this task. - name: Re-introduce leases (as a replacement for key TTLs) command: > oadm migrate etcd-ttl \ @@ -42,6 +44,7 @@ --lease-duration 1h environment: ETCDCTL_API: 3 + PATH: "/usr/local/bin:/var/usrlocal/bin:{{ ansible_env.PATH }}" with_items: - "/kubernetes.io/events" - "/kubernetes.io/masterleases" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 663423061..cc2a1d2eb 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -912,17 +912,17 @@ def set_version_facts_if_unset(facts): version_gte_3_1_1_or_1_1_1 = version >= LooseVersion('1.1.1') version_gte_3_2_or_1_2 = version >= LooseVersion('1.2.0') version_gte_3_3_or_1_3 = version >= LooseVersion('1.3.0') - version_gte_3_4_or_1_4 = version >= LooseVersion('1.4.0') - version_gte_3_5_or_1_5 = version >= LooseVersion('1.5.0') - version_gte_3_6 = version >= LooseVersion('3.6.0') + version_gte_3_4_or_1_4 = version >= LooseVersion('1.4') + version_gte_3_5_or_1_5 = version >= LooseVersion('1.5') + version_gte_3_6 = version >= LooseVersion('3.6') else: version_gte_3_1_or_1_1 = version >= LooseVersion('3.0.2.905') version_gte_3_1_1_or_1_1_1 = version >= LooseVersion('3.1.1') version_gte_3_2_or_1_2 = version >= LooseVersion('3.1.1.901') version_gte_3_3_or_1_3 = version >= LooseVersion('3.3.0') - version_gte_3_4_or_1_4 = version >= LooseVersion('3.4.0') - version_gte_3_5_or_1_5 = version >= LooseVersion('3.5.0') - version_gte_3_6 = version >= LooseVersion('3.6.0') + version_gte_3_4_or_1_4 = version >= LooseVersion('3.4') + version_gte_3_5_or_1_5 = version >= LooseVersion('3.5') + version_gte_3_6 = version >= LooseVersion('3.6') else: # 'Latest' version is set to True, 'Next' versions set to False version_gte_3_1_or_1_1 = True diff --git a/roles/openshift_health_checker/openshift_checks/disk_availability.py b/roles/openshift_health_checker/openshift_checks/disk_availability.py index 962148cb8..e93e81efa 100644 --- a/roles/openshift_health_checker/openshift_checks/disk_availability.py +++ b/roles/openshift_health_checker/openshift_checks/disk_availability.py @@ -1,9 +1,12 @@ -# pylint: disable=missing-docstring +"""Check that there is enough disk space in predefined paths.""" + +import os.path +import tempfile + from openshift_checks import OpenShiftCheck, OpenShiftCheckException, get_var -from openshift_checks.mixins import NotContainerizedMixin -class DiskAvailability(NotContainerizedMixin, OpenShiftCheck): +class DiskAvailability(OpenShiftCheck): """Check that recommended disk space is available before a first-time install.""" name = "disk_availability" @@ -12,56 +15,101 @@ class DiskAvailability(NotContainerizedMixin, OpenShiftCheck): # Values taken from the official installation documentation: # https://docs.openshift.org/latest/install_config/install/prerequisites.html#system-requirements recommended_disk_space_bytes = { - "masters": 40 * 10**9, - "nodes": 15 * 10**9, - "etcd": 20 * 10**9, + '/var': { + 'masters': 40 * 10**9, + 'nodes': 15 * 10**9, + 'etcd': 20 * 10**9, + }, + # Used to copy client binaries into, + # see roles/openshift_cli/library/openshift_container_binary_sync.py. + '/usr/local/bin': { + 'masters': 1 * 10**9, + 'nodes': 1 * 10**9, + 'etcd': 1 * 10**9, + }, + # Used as temporary storage in several cases. + tempfile.gettempdir(): { + 'masters': 1 * 10**9, + 'nodes': 1 * 10**9, + 'etcd': 1 * 10**9, + }, } @classmethod def is_active(cls, task_vars): """Skip hosts that do not have recommended disk space requirements.""" group_names = get_var(task_vars, "group_names", default=[]) - has_disk_space_recommendation = bool(set(group_names).intersection(cls.recommended_disk_space_bytes)) + active_groups = set() + for recommendation in cls.recommended_disk_space_bytes.values(): + active_groups.update(recommendation.keys()) + has_disk_space_recommendation = bool(active_groups.intersection(group_names)) return super(DiskAvailability, cls).is_active(task_vars) and has_disk_space_recommendation def run(self, tmp, task_vars): group_names = get_var(task_vars, "group_names") ansible_mounts = get_var(task_vars, "ansible_mounts") - free_bytes = self.openshift_available_disk(ansible_mounts) - - recommended_min = max(self.recommended_disk_space_bytes.get(name, 0) for name in group_names) - configured_min = int(get_var(task_vars, "openshift_check_min_host_disk_gb", default=0)) * 10**9 - min_free_bytes = configured_min or recommended_min - - if free_bytes < min_free_bytes: - return { - 'failed': True, - 'msg': ( - 'Available disk space ({:.1f} GB) for the volume containing ' - '"/var" is below minimum recommended space ({:.1f} GB)' - ).format(float(free_bytes) / 10**9, float(min_free_bytes) / 10**9) + ansible_mounts = {mount['mount']: mount for mount in ansible_mounts} + + user_config = get_var(task_vars, "openshift_check_min_host_disk_gb", default={}) + try: + # For backwards-compatibility, if openshift_check_min_host_disk_gb + # is a number, then it overrides the required config for '/var'. + number = float(user_config) + user_config = { + '/var': { + 'masters': number, + 'nodes': number, + 'etcd': number, + }, } + except TypeError: + # If it is not a number, then it should be a nested dict. + pass + + # TODO: as suggested in + # https://github.com/openshift/openshift-ansible/pull/4436#discussion_r122180021, + # maybe we could support checking disk availability in paths that are + # not part of the official recommendation but present in the user + # configuration. + for path, recommendation in self.recommended_disk_space_bytes.items(): + free_bytes = self.free_bytes(path, ansible_mounts) + recommended_bytes = max(recommendation.get(name, 0) for name in group_names) + + config = user_config.get(path, {}) + # NOTE: the user config is in GB, but we compare bytes, thus the + # conversion. + config_bytes = max(config.get(name, 0) for name in group_names) * 10**9 + recommended_bytes = config_bytes or recommended_bytes + + if free_bytes < recommended_bytes: + free_gb = float(free_bytes) / 10**9 + recommended_gb = float(recommended_bytes) / 10**9 + return { + 'failed': True, + 'msg': ( + 'Available disk space in "{}" ({:.1f} GB) ' + 'is below minimum recommended ({:.1f} GB)' + ).format(path, free_gb, recommended_gb) + } return {} @staticmethod - def openshift_available_disk(ansible_mounts): - """Determine the available disk space for an OpenShift installation. - - ansible_mounts should be a list of dicts like the 'setup' Ansible module - returns. - """ - # priority list in descending order - supported_mnt_paths = ["/var", "/"] - available_mnts = {mnt.get("mount"): mnt for mnt in ansible_mounts} + def free_bytes(path, ansible_mounts): + """Return the size available in path based on ansible_mounts.""" + mount_point = path + # arbitry value to prevent an infinite loop, in the unlike case that '/' + # is not in ansible_mounts. + max_depth = 32 + while mount_point not in ansible_mounts and max_depth > 0: + mount_point = os.path.dirname(mount_point) + max_depth -= 1 try: - for path in supported_mnt_paths: - if path in available_mnts: - return available_mnts[path]["size_available"] + free_bytes = ansible_mounts[mount_point]['size_available'] except KeyError: - pass + known_mounts = ', '.join('"{}"'.format(mount) for mount in sorted(ansible_mounts)) or 'none' + msg = 'Unable to determine disk availability for "{}". Known mount points: {}.' + raise OpenShiftCheckException(msg.format(path, known_mounts)) - paths = ''.join(sorted(available_mnts)) or 'none' - msg = "Unable to determine available disk space. Paths mounted: {}.".format(paths) - raise OpenShiftCheckException(msg) + return free_bytes diff --git a/roles/openshift_health_checker/test/disk_availability_test.py b/roles/openshift_health_checker/test/disk_availability_test.py index b353fa610..945b9eafc 100644 --- a/roles/openshift_health_checker/test/disk_availability_test.py +++ b/roles/openshift_health_checker/test/disk_availability_test.py @@ -3,22 +3,19 @@ import pytest from openshift_checks.disk_availability import DiskAvailability, OpenShiftCheckException -@pytest.mark.parametrize('group_names,is_containerized,is_active', [ - (['masters'], False, True), - # ensure check is skipped on containerized installs - (['masters'], True, False), - (['nodes'], False, True), - (['etcd'], False, True), - (['masters', 'nodes'], False, True), - (['masters', 'etcd'], False, True), - ([], False, False), - (['lb'], False, False), - (['nfs'], False, False), +@pytest.mark.parametrize('group_names,is_active', [ + (['masters'], True), + (['nodes'], True), + (['etcd'], True), + (['masters', 'nodes'], True), + (['masters', 'etcd'], True), + ([], False), + (['lb'], False), + (['nfs'], False), ]) -def test_is_active(group_names, is_containerized, is_active): +def test_is_active(group_names, is_active): task_vars = dict( group_names=group_names, - openshift=dict(common=dict(is_containerized=is_containerized)), ) assert DiskAvailability.is_active(task_vars=task_vars) == is_active @@ -38,7 +35,7 @@ def test_cannot_determine_available_disk(ansible_mounts, extra_words): with pytest.raises(OpenShiftCheckException) as excinfo: check.run(tmp=None, task_vars=task_vars) - for word in 'determine available disk'.split() + extra_words: + for word in 'determine disk availability'.split() + extra_words: assert word in str(excinfo.value) @@ -81,7 +78,7 @@ def test_cannot_determine_available_disk(ansible_mounts, extra_words): [{ # not enough space on / ... 'mount': '/', - 'size_available': 0, + 'size_available': 2 * 10**9, }, { # ... but enough on /var 'mount': '/var', diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 9b7767ccd..c243a6e4a 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -128,7 +128,7 @@ openshift_logging_es_ops_client_key: /etc/fluent/keys/key openshift_logging_es_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}" openshift_logging_es_ops_cpu_limit: null openshift_logging_es_ops_memory_limit: "{{ openshift_hosted_logging_elasticsearch_ops_instance_ram | default('8Gi') }}" -openshift_logging_es_ops_pv_selector: "{{ openshift_hosted_loggingops_storage_labels | default(null) }}" +openshift_logging_es_ops_pv_selector: "{{ openshift_hosted_loggingops_storage_labels | default('') }}" openshift_logging_es_ops_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic | default(False) }}" openshift_logging_es_ops_pvc_size: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_size | default('') }}" openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | default('logging-es-ops') }}" diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 66dc0e096..221a81340 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -105,20 +105,22 @@ - set_fact: es_ops_indices=[] when: openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count == 0 +- set_fact: openshift_logging_es_ops_pvc_prefix="logging-es-ops" + when: openshift_logging_es_ops_pvc_prefix == "" - include_role: name: openshift_logging_elasticsearch vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" openshift_logging_elasticsearch_deployment_name: "{{ item.0 }}" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix ~ '-' ~ item.2 if item.1 is none else item.1 }}" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix ~ '-' ~ item.2 if item.1 is none else item.1 }}" openshift_logging_elasticsearch_ops_deployment: true openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_ops_cluster_size | int }}" - openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" - openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" - openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_pvc_dynamic }}" - openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" + openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_ops_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" + openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic }}" + openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}" openshift_logging_es_cert: "{{ openshift_logging_es_ops_cert }}" openshift_logging_es_ca_ext: "{{ openshift_logging_es_ops_ca_ext }}" @@ -139,14 +141,14 @@ name: openshift_logging_elasticsearch vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix }}-{{ item | int + openshift_logging_facts.elasticsearch_ops.deploymentconfigs | count - 1 }}" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix }}-{{ item | int + openshift_logging_facts.elasticsearch_ops.deploymentconfigs | count - 1 }}" openshift_logging_elasticsearch_ops_deployment: true openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_ops_cluster_size | int }}" - openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" - openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" - openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_pvc_dynamic }}" - openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" + openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_ops_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" + openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic }}" + openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}" openshift_logging_es_cert: "{{ openshift_logging_es_ops_cert }}" openshift_logging_es_ca_ext: "{{ openshift_logging_es_ops_ca_ext }}" diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index d9ac52cb7..68726aa78 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -173,9 +173,8 @@ selector: component: "{{ es_component }}" provider: openshift - # pending #4091 - #labels: - #- logging-infra: 'support' + labels: + logging-infra: 'support' ports: - port: 9300 @@ -187,9 +186,8 @@ selector: component: "{{ es_component }}" provider: openshift - # pending #4091 - #labels: - #- logging-infra: 'support' + labels: + logging-infra: 'support' ports: - port: 9200 targetPort: "restapi" diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index 844dbc8c2..1ca4220a3 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -78,6 +78,9 @@ spec: name: "INSTANCE_RAM" value: "{{openshift_logging_elasticsearch_memory_limit}}" - + name: "HEAP_DUMP_LOCATION" + value: "/elasticsearch/persistent/heapdump.hprof" + - name: "NODE_QUORUM" value: "{{es_node_quorum | int}}" - diff --git a/roles/openshift_logging_fluentd/templates/fluentd.j2 b/roles/openshift_logging_fluentd/templates/fluentd.j2 index a5695ee26..d9814370f 100644 --- a/roles/openshift_logging_fluentd/templates/fluentd.j2 +++ b/roles/openshift_logging_fluentd/templates/fluentd.j2 @@ -98,9 +98,15 @@ spec: - name: "BUFFER_SIZE_LIMIT" value: "{{ openshift_logging_fluentd_buffer_size_limit }}" - name: "FLUENTD_CPU_LIMIT" - value: "{{ openshift_logging_fluentd_cpu_limit }}" + valueFrom: + resourceFieldRef: + containerName: "{{ daemonset_container_name }}" + resource: limits.cpu - name: "FLUENTD_MEMORY_LIMIT" - value: "{{ openshift_logging_fluentd_memory_limit }}" + valueFrom: + resourceFieldRef: + containerName: "{{ daemonset_container_name }}" + resource: limits.memory volumes: - name: runlogjournal hostPath: diff --git a/roles/openshift_logging_kibana/tasks/main.yaml b/roles/openshift_logging_kibana/tasks/main.yaml index bae55ffaa..93cb82793 100644 --- a/roles/openshift_logging_kibana/tasks/main.yaml +++ b/roles/openshift_logging_kibana/tasks/main.yaml @@ -89,9 +89,8 @@ selector: component: "{{ kibana_component }}" provider: openshift - # pending #4091 - #labels: - #- logging-infra: 'support' + labels: + logging-infra: 'support' ports: - port: 443 targetPort: "oaproxy" diff --git a/roles/openshift_logging_mux/templates/mux.j2 b/roles/openshift_logging_mux/templates/mux.j2 index bd392c194..c3f9b3433 100644 --- a/roles/openshift_logging_mux/templates/mux.j2 +++ b/roles/openshift_logging_mux/templates/mux.j2 @@ -108,9 +108,15 @@ spec: - name: "BUFFER_SIZE_LIMIT" value: "{{ openshift_logging_mux_buffer_size_limit }}" - name: "MUX_CPU_LIMIT" - value: "{{ openshift_logging_mux_cpu_limit }}" + valueFrom: + resourceFieldRef: + containerName: "mux" + resource: limits.cpu - name: "MUX_MEMORY_LIMIT" - value: "{{ openshift_logging_mux_memory_limit }}" + valueFrom: + resourceFieldRef: + containerName: "mux" + resource: limits.memory volumes: - name: config configMap: diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index 7b81b3c10..8d7ee00ed 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -17,14 +17,17 @@ local_action: copy dest="{{ local_tmp.stdout }}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}" with_items: - hawkular-metrics + become: false - local_action: slurp src="{{ local_tmp.stdout }}/hawkular-metrics.pwd" register: hawkular_metrics_pwd no_log: true + become: false - name: generate htpasswd file for hawkular metrics local_action: htpasswd path="{{ local_tmp.stdout }}/hawkular-metrics.htpasswd" name=hawkular password="{{ hawkular_metrics_pwd.content | b64decode }}" no_log: true + become: false - name: copy local generated passwords to target copy: diff --git a/roles/openshift_metrics/tasks/install_hosa.yaml b/roles/openshift_metrics/tasks/install_hosa.yaml index cc533a68b..7c9bc26d0 100644 --- a/roles/openshift_metrics/tasks/install_hosa.yaml +++ b/roles/openshift_metrics/tasks/install_hosa.yaml @@ -28,7 +28,7 @@ - name: Generate role binding for the hawkular-openshift-agent service account template: src: rolebinding.j2 - dest: "{{ mktemp.stdout }}/templates/metrics-hawkular-agent-rolebinding.yaml" + dest: "{{ mktemp.stdout }}/templates/metrics-hawkular-openshift-agent-rolebinding.yaml" vars: cluster: True obj_name: hawkular-openshift-agent-rb diff --git a/roles/openshift_metrics/tasks/install_support.yaml b/roles/openshift_metrics/tasks/install_support.yaml index 5cefb273d..584e3be05 100644 --- a/roles/openshift_metrics/tasks/install_support.yaml +++ b/roles/openshift_metrics/tasks/install_support.yaml @@ -4,6 +4,7 @@ register: htpasswd_check failed_when: no changed_when: no + become: false - fail: msg="'htpasswd' is unavailable. Please install httpd-tools on the control node" when: htpasswd_check.rc == 1 @@ -13,6 +14,7 @@ register: keytool_check failed_when: no changed_when: no + become: false - fail: msg="'keytool' is unavailable. Please install java-1.8.0-openjdk-headless on the control node" when: keytool_check.rc == 1 diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 0b5f23c24..eaabdd20f 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -1,6 +1,7 @@ --- - local_action: shell python -c 'import passlib' 2>/dev/null || echo not installed register: passlib_result + become: false - name: Check that python-passlib is available on the control host assert: @@ -52,3 +53,4 @@ tags: metrics_cleanup changed_when: False check_mode: no + become: false diff --git a/roles/openshift_named_certificates/filter_plugins/openshift_named_certificates.py b/roles/openshift_named_certificates/filter_plugins/openshift_named_certificates.py new file mode 100644 index 000000000..6ed6d404c --- /dev/null +++ b/roles/openshift_named_certificates/filter_plugins/openshift_named_certificates.py @@ -0,0 +1,21 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +''' +Custom filters for use with openshift named certificates +''' + + +class FilterModule(object): + ''' Custom ansible filters for use with openshift named certificates''' + + @staticmethod + def oo_named_certificates_list(named_certificates): + ''' Returns named certificates list with correct fields for the master + config file.''' + return [{'certFile': named_certificate['certfile'], + 'keyFile': named_certificate['keyfile'], + 'names': named_certificate['names']} for named_certificate in named_certificates] + + def filters(self): + ''' returns a mapping of filters to methods ''' + return {"oo_named_certificates_list": self.oo_named_certificates_list} diff --git a/roles/rhel_subscribe/meta/main.yml b/roles/rhel_subscribe/meta/main.yml index 0bbeadd34..23d65c7ef 100644 --- a/roles/rhel_subscribe/meta/main.yml +++ b/roles/rhel_subscribe/meta/main.yml @@ -1,3 +1,2 @@ --- -dependencies: - - role: openshift_facts +dependencies: [] diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml index 28c3c7080..453044a6e 100644 --- a/roles/rhel_subscribe/tasks/main.yml +++ b/roles/rhel_subscribe/tasks/main.yml @@ -21,6 +21,11 @@ msg: Either rhsub_pass or the rhel_subscription_pass env variable are required for this role. when: rhel_subscription_pass is not defined +- name: Detecting Atomic Host Operating System + stat: + path: /run/ostree-booted + register: ostree_booted + - name: Satellite preparation command: "rpm -Uvh http://{{ rhel_subscription_server }}/pub/katello-ca-consumer-latest.noarch.rpm" args: @@ -57,5 +62,6 @@ when: openshift_pool_id.stdout != '' - include: enterprise.yml - when: deployment_type in [ 'enterprise', 'atomic-enterprise', 'openshift-enterprise' ] and - not openshift.common.is_atomic | bool + when: + - deployment_type in [ 'enterprise', 'atomic-enterprise', 'openshift-enterprise' ] + - not ostree_booted.stat.exists | bool |