summaryrefslogtreecommitdiffstats
path: root/playbooks/common/openshift-master/config.yml
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/common/openshift-master/config.yml')
-rw-r--r--playbooks/common/openshift-master/config.yml92
1 files changed, 56 insertions, 36 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index becd68dbe..6f86703d6 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -43,6 +43,7 @@
api_port: "{{ openshift_master_api_port | default(None) }}"
api_url: "{{ openshift_master_api_url | default(None) }}"
api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}"
+ controllers_port: "{{ openshift_master_controllers_port | default(None) }}"
public_api_url: "{{ openshift_master_public_api_url | default(None) }}"
cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"
@@ -51,6 +52,7 @@
console_url: "{{ openshift_master_console_url | default(None) }}"
console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}"
public_console_url: "{{ openshift_master_public_console_url | default(None) }}"
+ portal_net: "{{ openshift_master_portal_net | default(None) }}"
- name: Check status of external etcd certificatees
stat:
path: "{{ openshift.common.config_base }}/master/{{ item }}"
@@ -70,7 +72,7 @@
- name: Create temp directory for syncing certs
hosts: localhost
connection: local
- sudo: false
+ become: no
gather_facts: no
tasks:
- name: Create local temp directory for syncing certs
@@ -84,6 +86,7 @@
etcd_generated_certs_dir: /etc/etcd/generated_certs
etcd_needing_client_certs: "{{ hostvars
| oo_select_keys(groups['oo_masters_to_config'])
+ | default([])
| oo_filter_list(filter_attr='etcd_client_certs_missing') }}"
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
roles:
@@ -161,6 +164,11 @@
| list ) }}"
master_cert_subdir: master-{{ openshift.common.hostname }}
master_cert_config_dir: "{{ openshift.common.config_base }}/master"
+ - set_fact:
+ openshift_infra_nodes: "{{ hostvars | oo_select_keys(groups['nodes'])
+ | oo_nodes_with_label('region', 'infra')
+ | oo_collect('inventory_hostname') }}"
+ when: openshift_infra_nodes is not defined
- name: Configure master certificates
hosts: oo_first_master
@@ -207,7 +215,7 @@
- name: Compute haproxy_backend_servers
hosts: localhost
connection: local
- sudo: false
+ become: no
gather_facts: no
tasks:
- set_fact:
@@ -217,6 +225,7 @@
hosts: oo_lb_to_config
vars:
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
+ haproxy_frontend_port: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }}"
haproxy_frontends:
- name: atomic-openshift-api
mode: tcp
@@ -232,42 +241,41 @@
balance: source
servers: "{{ hostvars.localhost.haproxy_backend_servers }}"
roles:
+ - role: openshift_facts
- role: haproxy
when: groups.oo_masters_to_config | length > 1
-- name: Generate master session keys
+- name: Check for cached session secrets
hosts: oo_first_master
+ roles:
+ - role: openshift_facts
+ post_tasks:
+ - openshift_facts:
+ role: master
+ local_facts:
+ session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(openshift.master.session_auth_secrets | default(None)) }}"
+ session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(openshift.master.session_encryption_secrets | default(None)) }}"
+
+- name: Generate master session secrets
+ hosts: oo_first_master
+ vars:
+ g_session_secrets_present: "{{ (openshift.master.session_auth_secrets | default([]) and openshift.master.session_encryption_secrets | default([])) | length > 0 }}"
+ g_session_auth_secrets: "{{ [ 24 | oo_generate_secret ] }}"
+ g_session_encryption_secrets: "{{ [ 24 | oo_generate_secret ] }}"
+ roles:
+ - role: openshift_facts
tasks:
- - fail:
- msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set"
- when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined)
- - fail:
- msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length"
- when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length)
- - name: Install OpenSSL package
- action: "{{ansible_pkg_mgr}} pkg=openssl state=present"
- - name: Generate session authentication key
- command: /usr/bin/openssl rand -base64 24
- register: session_auth_output
- with_sequence: count=1
- when: openshift_master_session_auth_secrets is undefined
- - name: Generate session encryption key
- command: /usr/bin/openssl rand -base64 24
- register: session_encryption_output
- with_sequence: count=1
- when: openshift_master_session_encryption_secrets is undefined
- - set_fact:
- session_auth_secret: "{{ openshift_master_session_auth_secrets
- | default(session_auth_output.results
- | oo_collect(attribute='stdout')
- | list) }}"
- session_encryption_secret: "{{ openshift_master_session_encryption_secrets
- | default(session_encryption_output.results
- | oo_collect(attribute='stdout')
- | list) }}"
+ - openshift_facts:
+ role: master
+ local_facts:
+ session_auth_secrets: "{{ g_session_auth_secrets }}"
+ session_encryption_secrets: "{{ g_session_encryption_secrets }}"
+ when: not g_session_secrets_present | bool
- name: Parse named certificates
hosts: localhost
+ connection: local
+ become: no
vars:
internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}"
named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}"
@@ -313,13 +321,14 @@
- name: Configure master instances
hosts: oo_masters_to_config
+ any_errors_fatal: true
serial: 1
vars:
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
openshift_master_count: "{{ groups.oo_masters_to_config | length }}"
- openshift_master_session_auth_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_auth_secret'] }}"
- openshift_master_session_encryption_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_encryption_secret'] }}"
+ openshift_master_session_auth_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_auth_secrets }}"
+ openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}"
pre_tasks:
- name: Ensure certificate directory exists
file:
@@ -336,6 +345,8 @@
- role: nickhammond.logrotate
- role: fluentd_master
when: openshift.common.use_fluentd | bool
+ - role: nuage_master
+ when: openshift.common.use_nuage | bool
post_tasks:
- name: Create group for deployment type
group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }}
@@ -349,7 +360,8 @@
roles:
- role: openshift_master_cluster
when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker"
- - openshift_examples
+ - role: openshift_examples
+ when: openshift.common.install_examples | bool
- role: openshift_cluster_metrics
when: openshift.common.use_cluster_metrics | bool
- role: openshift_manageiq
@@ -361,7 +373,7 @@
cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}"
roles:
- role: cockpit
- when: ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and
+ when: not openshift.common.is_atomic and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and
(osm_use_cockpit | bool or osm_use_cockpit is undefined )
- name: Configure flannel
@@ -382,7 +394,7 @@
- name: Delete temporary directory on localhost
hosts: localhost
connection: local
- sudo: false
+ become: no
gather_facts: no
tasks:
- file: name={{ g_master_mktemp.stdout }} state=absent
@@ -399,7 +411,15 @@
- name: Create services
hosts: oo_first_master
+ vars:
+ attach_registry_volume: "{{ groups.oo_nfs_to_config | length > 0 }}"
+ pre_tasks:
+ - set_fact:
+ nfs_host: "{{ groups.oo_nfs_to_config.0 }}"
+ registry_volume_path: "{{ hostvars[groups.oo_nfs_to_config.0].openshift.nfs.exports_dir + '/' + hostvars[groups.oo_nfs_to_config.0].openshift.nfs.registry_volume }}"
+ when: attach_registry_volume | bool
roles:
- role: openshift_router
when: openshift.master.infra_nodes is defined
- #- role: openshift_registry
+ - role: openshift_registry
+ when: openshift.master.infra_nodes is defined and attach_registry_volume | bool
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 12:12:58 +0000