diff options
Diffstat (limited to 'playbooks/common')
14 files changed, 202 insertions, 168 deletions
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 23c8f039e..2411e7360 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -3,7 +3,27 @@ - include: validate_hostnames.yml -- include: ../openshift-docker/config.yml +- name: Set oo_options + hosts: oo_hosts_to_config + tasks: + - set_fact: + openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}" + when: openshift_docker_additional_registries is not defined + - set_fact: + openshift_docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') }}" + when: openshift_docker_insecure_registries is not defined + - set_fact: + openshift_docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') }}" + when: openshift_docker_blocked_registries is not defined + - set_fact: + openshift_docker_options: "{{ lookup('oo_option', 'docker_options') }}" + when: openshift_docker_options is not defined + - set_fact: + openshift_docker_log_driver: "{{ lookup('oo_option', 'docker_log_driver') }}" + when: openshift_docker_log_driver is not defined + - set_fact: + openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}" + when: openshift_docker_log_options is not defined - include: ../openshift-etcd/config.yml diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index 432a92b49..ce0134c44 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -29,6 +29,14 @@ msg: The nfs group must be limited to one host when: (groups[g_nfs_hosts] | default([])) | length > 1 + - name: Evaluate oo_all_hosts + add_host: + name: "{{ item }}" + groups: oo_all_hosts + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + with_items: "{{ g_all_hosts | default([]) }}" + - name: Evaluate oo_masters add_host: name: "{{ item }}" diff --git a/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh index da6bcd23c..7a1edf38f 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh @@ -4,7 +4,7 @@ # We just need to know the version of one of them. unit_file=$(ls /etc/systemd/system/${1}*.service | head -n1) installed_container_name=$(basename -s .service ${unit_file}) -installed=$(docker exec ${installed_container_name} openshift version | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') +installed=$(docker exec ${installed_container_name} openshift version 2> /dev/null | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') if [ ${1} == "origin" ]; then image_name="openshift/origin" @@ -15,7 +15,7 @@ elif grep openshift3 $unit_file 2>&1 > /dev/null; then fi docker pull ${image_name} 2>&1 > /dev/null -available=$(docker run --rm ${image_name} version | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') +available=$(docker run --rm ${image_name} version 2> /dev/null | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') echo "---" echo "curr_version: ${installed}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 6d7cefc8e..31ba8c4a9 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -212,13 +212,10 @@ - name: Update deployment type hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config + vars: + openshift_deployment_type: "{{ deployment_type }}" roles: - openshift_facts - post_tasks: - - openshift_facts: - role: common - local_facts: - deployment_type: "{{ deployment_type }}" - name: Update master facts hosts: oo_masters_to_config diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml index c9afca559..668a80996 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -24,7 +24,6 @@ - name: Verify upgrade can proceed hosts: oo_first_master vars: - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" gather_facts: no tasks: @@ -47,6 +46,42 @@ when: openshift_image_tag is defined and openshift_image_tag.split('v',1).1 | version_compare(target_version ,'<') - name: Verify upgrade can proceed + hosts: oo_masters_to_config + vars: + openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" + tasks: + - name: Ensure Master is running + service: + name: "{{ openshift.common.service_type }}-master" + state: started + enabled: yes + when: not openshift_master_ha | bool and openshift.common.is_containerized | bool + + - name: Ensure HA Master is running + service: + name: "{{ openshift.common.service_type }}-master-api" + state: started + enabled: yes + when: openshift_master_ha | bool and openshift.common.is_containerized | bool + + - name: Ensure HA Master is running + service: + name: "{{ openshift.common.service_type }}-master-controllers" + state: started + enabled: yes + when: openshift_master_ha | bool and openshift.common.is_containerized | bool + +- name: Verify upgrade can proceed + hosts: oo_nodes_to_config + tasks: + - name: Ensure Node is running + service: + name: "{{ openshift.common.service_type }}-node" + state: started + enabled: yes + when: openshift.common.is_containerized | bool + +- name: Verify upgrade can proceed hosts: oo_masters_to_config:oo_nodes_to_config vars: target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" @@ -116,10 +151,9 @@ msg: This playbook requires Atomic Enterprise Platform/OpenShift Enterprise 3.1 or later when: deployment_type == 'atomic-openshift' and g_aos_versions.curr_version | version_compare('3.1','<') - # TODO: this may only make sense for RPM installs. We probably need another check for containerized installs. - fail: msg: Upgrade packages not found - when: (g_aos_versions.avail_version | default(g_aos_versions.curr_version, true) | version_compare(target_version, '<')) + when: openshift_image_tag is not defined and (g_aos_versions.avail_version | default(g_aos_versions.curr_version, true) | version_compare(target_version, '<')) - name: Determine available Docker script: ../files/rpm_versions.sh docker diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml index fd82997b9..0f562e019 100644 --- a/playbooks/common/openshift-cluster/validate_hostnames.yml +++ b/playbooks/common/openshift-cluster/validate_hostnames.yml @@ -6,14 +6,6 @@ roles: - openshift_facts tasks: - - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: common - local_facts: - hostname: "{{ openshift_hostname | default(None) }}" - public_hostname: "{{ openshift_public_hostname | default(None) }}" - shell: getent ahostsv4 {{ openshift.common.hostname }} | head -n 1 | awk '{ print $1 }' register: lookupip diff --git a/playbooks/common/openshift-docker/config.yml b/playbooks/common/openshift-docker/config.yml deleted file mode 100644 index 092d5533c..000000000 --- a/playbooks/common/openshift-docker/config.yml +++ /dev/null @@ -1,9 +0,0 @@ -- name: Configure docker hosts - hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config - vars: - docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') | oo_split }}" - docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') | oo_split }}" - docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') | oo_split }}" - roles: - - openshift_facts - - openshift_docker diff --git a/playbooks/common/openshift-docker/filter_plugins b/playbooks/common/openshift-docker/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/common/openshift-docker/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-docker/lookup_plugins b/playbooks/common/openshift-docker/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/common/openshift-docker/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-docker/roles b/playbooks/common/openshift-docker/roles deleted file mode 120000 index 20c4c58cf..000000000 --- a/playbooks/common/openshift-docker/roles +++ /dev/null @@ -1 +0,0 @@ -../../../roles
\ No newline at end of file diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 93eb157cb..06fbd6862 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -5,17 +5,9 @@ - openshift_facts tasks: - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: common - local_facts: - hostname: "{{ openshift_hostname | default(None) }}" - public_hostname: "{{ openshift_public_hostname | default(None) }}" - deployment_type: "{{ openshift_deployment_type }}" - - role: etcd - local_facts: - etcd_image: "{{ osm_etcd_image | default(None) }}" + role: etcd + local_facts: + etcd_image: "{{ osm_etcd_image | default(None) }}" - name: Check status of etcd certificates stat: path: "{{ item }}" @@ -89,8 +81,8 @@ dest: "{{ etcd_cert_config_dir }}" when: etcd_server_certs_missing roles: - - etcd - - role: nickhammond.logrotate + - openshift_etcd + - nickhammond.logrotate # Configure the remaining etcd hosts, skipping the first one we dealt with above. - name: Configure remaining etcd hosts diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 3c7d94c96..f1eaf8e16 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -1,6 +1,9 @@ --- - name: Set master facts and determine if external etcd certs need to be generated hosts: oo_masters_to_config + vars: + t_oo_option_master_debug_level: "{{ lookup('oo_option', 'openshift_master_debug_level') }}" + pre_tasks: - name: Check for RPM generated config marker file .config_managed stat: @@ -30,40 +33,29 @@ | default(none, true) }}" - set_fact: - openshift_master_debug_level: "{{ lookup('oo_option', 'openshift_master_debug_level') | default(openshift.common.debug_level, true) }}" - when: openshift_master_debug_level is not defined - + openshift_master_debug_level: "{{ t_oo_option_master_debug_level }}" + when: openshift_master_debug_level is not defined and t_oo_option_master_debug_level != "" roles: - openshift_facts post_tasks: - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: common - local_facts: - hostname: "{{ openshift_hostname | default(None) }}" - ip: "{{ openshift_ip | default(None) }}" - public_hostname: "{{ openshift_public_hostname | default(None) }}" - public_ip: "{{ openshift_public_ip | default(None) }}" - deployment_type: "{{ openshift_deployment_type }}" - - role: master - local_facts: - api_port: "{{ openshift_master_api_port | default(None) }}" - api_url: "{{ openshift_master_api_url | default(None) }}" - api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}" - controllers_port: "{{ openshift_master_controllers_port | default(None) }}" - public_api_url: "{{ openshift_master_public_api_url | default(None) }}" - cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" - cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" - console_path: "{{ openshift_master_console_path | default(None) }}" - console_port: "{{ openshift_master_console_port | default(None) }}" - console_url: "{{ openshift_master_console_url | default(None) }}" - console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" - public_console_url: "{{ openshift_master_public_console_url | default(None) }}" - portal_net: "{{ openshift_master_portal_net | default(None) }}" - ha: "{{ openshift_master_ha | default(groups.oo_masters | length > 1) }}" - master_count: "{{ openshift_master_count | default(groups.oo_masters | length) }}" + role: master + local_facts: + api_port: "{{ openshift_master_api_port | default(None) }}" + api_url: "{{ openshift_master_api_url | default(None) }}" + api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}" + controllers_port: "{{ openshift_master_controllers_port | default(None) }}" + public_api_url: "{{ openshift_master_public_api_url | default(None) }}" + cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" + cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" + console_path: "{{ openshift_master_console_path | default(None) }}" + console_port: "{{ openshift_master_console_port | default(None) }}" + console_url: "{{ openshift_master_console_url | default(None) }}" + console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" + public_console_url: "{{ openshift_master_public_console_url | default(None) }}" + portal_net: "{{ openshift_master_portal_net | default(None) }}" + ha: "{{ openshift_master_ha | default(groups.oo_masters | length > 1) }}" + master_count: "{{ openshift_master_count | default(groups.oo_masters | length) }}" - openshift_facts: role: hosted openshift_env: @@ -319,13 +311,14 @@ file: path: "{{ named_certs_dir }}" state: directory + mode: 0700 when: named_certs_specified | bool - name: Land named certificates copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}" with_items: openshift_master_named_certificates when: named_certs_specified | bool - name: Land named certificate keys - copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" + copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" mode=0600 with_items: openshift_master_named_certificates when: named_certs_specified | bool diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index ccb1d23f1..6e6cb3e01 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -33,7 +33,8 @@ service: name={{ openshift.common.service_type }}-master-controllers state=restarted - name: verify api server command: > - curl -k --silent {{ openshift.master.api_url }}/healthz/ready + curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' retries: 120 diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index c62167bd3..7ca941732 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -1,10 +1,12 @@ --- - name: Gather and set facts for node hosts hosts: oo_nodes_to_config + vars: + t_oo_option_node_debug_level: "{{ lookup('oo_option', 'openshift_node_debug_level') }}" pre_tasks: - set_fact: - openshift_node_debug_level: "{{ lookup('oo_option', 'openshift_node_debug_level') | default(openshift.common.debug_level, true) }}" - when: openshift_node_debug_level is not defined + openshift_node_debug_level: "{{ t_oo_option_node_debug_level }}" + when: openshift_node_debug_level is not defined and t_oo_option_node_debug_level != "" roles: - openshift_facts tasks: @@ -12,20 +14,11 @@ # configured, we need to make sure to set the node properties beforehand if # we do not want the defaults - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: common - local_facts: - hostname: "{{ openshift_hostname | default(None) }}" - public_hostname: "{{ openshift_public_hostname | default(None) }}" - deployment_type: "{{ openshift_deployment_type }}" - use_flannel: "{{ openshift_use_flannel | default(None) }}" - - role: node - local_facts: - labels: "{{ openshift_node_labels | default(None) }}" - annotations: "{{ openshift_node_annotations | default(None) }}" - schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" + role: node + local_facts: + labels: "{{ openshift_node_labels | default(None) }}" + annotations: "{{ openshift_node_annotations | default(None) }}" + schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" - name: Check status of node certificates stat: path: "{{ openshift.common.config_base }}/node/{{ item }}" @@ -43,22 +36,6 @@ node_subdir: node-{{ openshift.common.hostname }} config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}" node_cert_dir: "{{ openshift.common.config_base }}/node" - - name: Check status of flannel external etcd certificates - stat: - path: "{{ openshift.common.config_base }}/node/{{ item }}" - with_items: - - node.etcd-client.crt - - node.etcd-ca.crt - register: g_external_etcd_flannel_cert_stat_result - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) - - set_fact: - etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results - | oo_collect(attribute='stat.exists') - | list | intersect([false])}}" - etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} - etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" - etcd_cert_prefix: node.etcd- - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) - name: Create temp directory for syncing certs hosts: localhost @@ -71,65 +48,6 @@ register: mktemp changed_when: False -- name: Configure flannel etcd certificates - hosts: oo_first_etcd - vars: - etcd_generated_certs_dir: /etc/etcd/generated_certs - sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" - pre_tasks: - - set_fact: - etcd_needing_client_certs: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing - roles: - - role: etcd_certificates - when: openshift_use_flannel | default(false) | bool - post_tasks: - - name: Create a tarball of the etcd flannel certs - command: > - tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz - -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} . - args: - creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" - with_items: etcd_needing_client_certs - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing - - name: Retrieve the etcd cert tarballs - fetch: - src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" - dest: "{{ sync_tmpdir }}/" - flat: yes - fail_on_missing: yes - validate_checksum: yes - with_items: etcd_needing_client_certs - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing - -- name: Copy the external etcd flannel certs to the nodes - hosts: oo_nodes_to_config - vars: - sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" - tasks: - - name: Ensure certificate directory exists - file: - path: "{{ openshift.common.config_base }}/node" - state: directory - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing - - name: Unarchive the tarball on the master - unarchive: - src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz" - dest: "{{ etcd_cert_config_dir }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing - - file: - path: "{{ etcd_cert_config_dir }}/{{ item }}" - owner: root - group: root - mode: 0600 - with_items: - - node.etcd-client.crt - - node.etcd-client.key - - node.etcd-ca.crt - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing - - name: Create node certificates hosts: oo_first_master vars: @@ -197,6 +115,11 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" + # TODO: configure these based on + # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of + # hardcoding + openshift_docker_hosted_registry_insecure: True + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}" roles: - openshift_node @@ -205,9 +128,94 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" + # TODO: configure these based on + # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of + # hardcoding + openshift_docker_hosted_registry_insecure: True + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}" roles: - openshift_node +- name: Gather and set facts for flannel certificatess + hosts: oo_nodes_to_config + tasks: + - name: Check status of flannel external etcd certificates + stat: + path: "{{ openshift.common.config_base }}/node/{{ item }}" + with_items: + - node.etcd-client.crt + - node.etcd-ca.crt + register: g_external_etcd_flannel_cert_stat_result + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) + - set_fact: + etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results + | oo_collect(attribute='stat.exists') + | list | intersect([false])}}" + etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} + etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" + etcd_cert_prefix: node.etcd- + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) + +- name: Configure flannel etcd certificates + hosts: oo_first_etcd + vars: + etcd_generated_certs_dir: /etc/etcd/generated_certs + sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" + pre_tasks: + - set_fact: + etcd_needing_client_certs: "{{ hostvars + | oo_select_keys(groups['oo_nodes_to_config']) + | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}" + when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + roles: + - role: etcd_certificates + when: openshift_use_flannel | default(false) | bool + post_tasks: + - name: Create a tarball of the etcd flannel certs + command: > + tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz + -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} . + args: + creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" + with_items: etcd_needing_client_certs + when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + - name: Retrieve the etcd cert tarballs + fetch: + src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" + dest: "{{ sync_tmpdir }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + with_items: etcd_needing_client_certs + when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + +- name: Copy the external etcd flannel certs to the nodes + hosts: oo_nodes_to_config + vars: + sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" + tasks: + - name: Ensure certificate directory exists + file: + path: "{{ openshift.common.config_base }}/node" + state: directory + when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + - name: Unarchive the tarball on the master + unarchive: + src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ etcd_cert_config_dir }}" + when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + - file: + path: "{{ etcd_cert_config_dir }}/{{ item }}" + owner: root + group: root + mode: 0600 + with_items: + - node.etcd-client.crt + - node.etcd-client.key + - node.etcd-ca.crt + when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + + - name: Additional node config hosts: oo_nodes_to_config vars: @@ -258,7 +266,8 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl -k --silent {{ openshift.master.api_url }}/healthz/ready + curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' retries: 120 |