diff options
Diffstat (limited to 'playbooks')
52 files changed, 1003 insertions, 129 deletions
diff --git a/playbooks/adhoc/create_pv/pv-template.j2 b/playbooks/adhoc/create_pv/pv-template.j2 index 5654ef6c4..df082614b 100644 --- a/playbooks/adhoc/create_pv/pv-template.j2 +++ b/playbooks/adhoc/create_pv/pv-template.j2 @@ -10,7 +10,7 @@ spec: storage: {{ vol_size }}Gi accessModes: - ReadWriteOnce - persistentVolumeReclaimPolicy: Recycle + persistentVolumeReclaimPolicy: Retain awsElasticBlockStore: volumeID: aws://{{ vol_az }}/{{ vol_id }} fsType: ext4 diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml index 38ce92e92..daf84e242 100644 --- a/playbooks/adhoc/s3_registry/s3_registry.yml +++ b/playbooks/adhoc/s3_registry/s3_registry.yml @@ -15,6 +15,9 @@ aws_secret_key: "{{ lookup('env', 'S3_SECRET_ACCESS_KEY') }}" aws_bucket_name: "{{ aws_bucket | default(clusterid ~ '-docker') }}" aws_bucket_region: "{{ aws_region | default(lookup('env', 'S3_REGION') | default('us-east-1', true)) }}" + aws_create_bucket: "{{ aws_create | default(True) }}" + aws_tmp_path: "{{ aws_tmp_pathfile | default('/root/config.yml')}}" + aws_delete_tmp_file: "{{ aws_delete_tmp | default(True) }}" tasks: @@ -30,6 +33,7 @@ command: oc scale --replicas=0 dc/docker-registry - name: Create S3 bucket + when: aws_create_bucket | bool local_action: module: s3 bucket="{{ aws_bucket_name }}" mode=create @@ -70,4 +74,5 @@ command: oc scale --replicas=1 dc/docker-registry - name: Delete temporary config file - file: path=/root/config.yml state=absent + file: path={{ aws_tmp_path }} state=absent + when: aws_delete_tmp_file | bool diff --git a/playbooks/adhoc/sdn_restart/oo-sdn-restart.yml b/playbooks/adhoc/sdn_restart/oo-sdn-restart.yml index 0dc021fbc..08e8f8968 100755 --- a/playbooks/adhoc/sdn_restart/oo-sdn-restart.yml +++ b/playbooks/adhoc/sdn_restart/oo-sdn-restart.yml @@ -49,5 +49,4 @@ name: "{{ item }}" state: restarted with_items: - - oso-f22-host-monitoring - - oso-rhel7-zagg-client + - oso-rhel7-host-monitoring diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 36d686c8b..e68fd810a 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -53,6 +53,13 @@ - pcsd failed_when: false + - name: Stop additional atomic services + service: name={{ item }} state=stopped + when: is_atomic | bool + with_items: + - etcd_container + failed_when: false + - name: Remove packages action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" when: not is_atomic | bool @@ -66,9 +73,14 @@ - atomic-openshift-master - atomic-openshift-node - atomic-openshift-sdn-ovs + - cockpit-bridge + - cockpit-docker + - cockpit-shell + - cockpit-ws - corosync - etcd - haproxy + - kubernetes-client - openshift - openshift-master - openshift-node @@ -125,7 +137,11 @@ register: exited_containers_to_delete with_items: - aep3.*/aep + - aep3.*/node + - aep3.*/openvswitch - openshift3/ose + - openshift3/node + - openshift3/openvswitch - openshift/origin - shell: "docker rm {{ item.stdout_lines | join(' ') }}" @@ -140,6 +156,7 @@ with_items: - registry\.access\..*redhat\.com/openshift3 - registry\.access\..*redhat\.com/aep3 + - registry\.qe\.openshift\.com/.* - registry\.access\..*redhat\.com/rhel7/etcd - docker.io/openshift @@ -185,6 +202,7 @@ - /etc/sysconfig/atomic-openshift-node - /etc/sysconfig/openshift-master - /etc/sysconfig/openshift-node + - /etc/sysconfig/openvswitch - /etc/sysconfig/origin-master - /etc/sysconfig/origin-master-api - /etc/sysconfig/origin-master-controllers diff --git a/playbooks/adhoc/zabbix_setup/oo-config-zaio.yml b/playbooks/adhoc/zabbix_setup/oo-config-zaio.yml index ec28564cf..2f1d003ff 100755 --- a/playbooks/adhoc/zabbix_setup/oo-config-zaio.yml +++ b/playbooks/adhoc/zabbix_setup/oo-config-zaio.yml @@ -8,8 +8,12 @@ g_server: http://localhost/zabbix/api_jsonrpc.php g_user: Admin g_password: zabbix + g_zbx_scriptrunner_user: scriptrunner + g_zbx_scriptrunner_bastion_host: specialhost.example.com roles: - role: os_zabbix ozb_server: "{{ g_server }}" ozb_user: "{{ g_user }}" ozb_password: "{{ g_password }}" + ozb_scriptrunner_user: "{{ g_zbx_scriptrunner_user }}" + ozb_scriptrunner_bastion_host: "{{ g_zbx_scriptrunner_bastion_host }}" diff --git a/playbooks/aws/openshift-cluster/cluster_hosts.yml b/playbooks/aws/openshift-cluster/cluster_hosts.yml index 1023f3ec1..9a3361919 100644 --- a/playbooks/aws/openshift-cluster/cluster_hosts.yml +++ b/playbooks/aws/openshift-cluster/cluster_hosts.yml @@ -10,8 +10,12 @@ g_nfs_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_nfs'] | defau g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_master'] | default([])) }}" +g_new_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_new_master'] | default([])) }}" + g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_node'] | default([])) }}" +g_new_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_new_node'] | default([])) }}" + g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_infra']) | default([]) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute'] | default([])) }}" diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml index 6090ed6fe..63be06ecf 100644 --- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml @@ -34,26 +34,22 @@ - set_fact: ec2_instance_type: "{{ ec2_master_instance_type | default(lookup('env', 'ec2_master_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_master_security_groups - | default(deployment_vars[deployment_type].security_groups, true) }}" + ec2_security_groups: "{{ ec2_master_security_groups | default(lookup('env', 'ec2_master_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" when: host_type == "master" and sub_host_type == "default" - set_fact: ec2_instance_type: "{{ ec2_etcd_instance_type | default(lookup('env', 'ec2_etcd_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_etcd_security_groups - | default(deployment_vars[deployment_type].security_groups, true)}}" + ec2_security_groups: "{{ ec2_etcd_security_groups | default(lookup('env', 'ec2_etcd_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" when: host_type == "etcd" and sub_host_type == "default" - set_fact: ec2_instance_type: "{{ ec2_infra_instance_type | default(lookup('env', 'ec2_infra_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_infra_security_groups - | default(deployment_vars[deployment_type].security_groups, true) }}" + ec2_security_groups: "{{ ec2_infra_security_groups | default(lookup('env', 'ec2_infra_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" when: host_type == "node" and sub_host_type == "infra" - set_fact: ec2_instance_type: "{{ ec2_node_instance_type | default(lookup('env', 'ec2_node_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type, true), true), true) }}" - ec2_security_groups: "{{ ec2_node_security_groups - | default(deployment_vars[deployment_type].security_groups, true) }}" + ec2_security_groups: "{{ ec2_node_security_groups | default(lookup('env', 'ec2_node_security_groups') | default(lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true), true), true) }}" when: host_type == "node" and sub_host_type == "compute" - set_fact: @@ -61,8 +57,7 @@ | default(deployment_vars[deployment_type].type, true) }}" when: ec2_instance_type is not defined - set_fact: - ec2_security_groups: "{{ lookup('env', 'ec2_security_groups') - | default(deployment_vars[deployment_type].security_groups, true) }}" + ec2_security_groups: "{{ lookup('env', 'ec2_security_groups') | default(deployment_vars[deployment_type].security_groups, true) }}" when: ec2_security_groups is not defined - name: Find amis for deployment_type diff --git a/playbooks/byo/openshift-cluster/cluster_hosts.yml b/playbooks/byo/openshift-cluster/cluster_hosts.yml index 10872e738..8893db245 100644 --- a/playbooks/byo/openshift-cluster/cluster_hosts.yml +++ b/playbooks/byo/openshift-cluster/cluster_hosts.yml @@ -5,6 +5,8 @@ g_lb_hosts: "{{ groups.lb | default([]) }}" g_master_hosts: "{{ groups.masters | default([]) }}" +g_new_master_hosts: "{{ groups.new_masters | default([]) }}" + g_node_hosts: "{{ groups.nodes | default([]) }}" g_new_node_hosts: "{{ groups.new_nodes | default([]) }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/README.md index c434be5b7..eb1f481d7 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/README.md +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/README.md @@ -4,7 +4,6 @@ This playbook currently performs the following steps. -**TODO: update for current steps** * Upgrade and restart master services * Upgrade and restart node services * Modifies the subset of the configuration necessary diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/README.md new file mode 100644 index 000000000..62577c3df --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/README.md @@ -0,0 +1,16 @@ +# v3.1 to v3.2 upgrade playbook + +## Overview +This playbook currently performs the +following steps. + + * Upgrade and restart master services + * Upgrade and restart node services + * Modifies the subset of the configuration necessary + * Applies the latest cluster policies + * Updates the default router if one exists + * Updates the default registry if one exists + * Updates image streams and quickstarts + +## Usage +ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml new file mode 100644 index 000000000..0c91b51d6 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -0,0 +1,19 @@ +--- +- include: ../../../../common/openshift-cluster/evaluate_groups.yml + vars: + g_etcd_hosts: "{{ groups.etcd | default([]) }}" + g_master_hosts: "{{ groups.masters | default([]) }}" + g_new_master_hosts: [] + g_nfs_hosts: "{{ groups.nfs | default([]) }}" + g_node_hosts: "{{ groups.nodes | default([]) }}" + g_lb_hosts: "{{ groups.lb | default([]) }}" + openshift_cluster_id: "{{ cluster_id | default('default') }}" + openshift_deployment_type: "{{ deployment_type }}" +- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml + vars: + openshift_deployment_type: "{{ deployment_type }}" +- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml + vars: + openshift_deployment_type: "{{ deployment_type }}" +- include: ../../../openshift-master/restart.yml +- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml diff --git a/playbooks/byo/openshift-cluster/scaleup.yml b/playbooks/byo/openshift-master/scaleup.yml index 1702690f6..18797d02a 100644 --- a/playbooks/byo/openshift-cluster/scaleup.yml +++ b/playbooks/byo/openshift-master/scaleup.yml @@ -1,5 +1,5 @@ --- -- include: ../../common/openshift-cluster/scaleup.yml +- include: ../../common/openshift-master/scaleup.yml vars_files: - ../../byo/openshift-cluster/cluster_hosts.yml vars: diff --git a/playbooks/byo/openshift-node/filter_plugins b/playbooks/byo/openshift-node/filter_plugins new file mode 120000 index 000000000..99a95e4ca --- /dev/null +++ b/playbooks/byo/openshift-node/filter_plugins @@ -0,0 +1 @@ +../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-node/lookup_plugins b/playbooks/byo/openshift-node/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/byo/openshift-node/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-node/roles b/playbooks/byo/openshift-node/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/byo/openshift-node/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml new file mode 100644 index 000000000..0343597b5 --- /dev/null +++ b/playbooks/byo/openshift-node/scaleup.yml @@ -0,0 +1,8 @@ +--- +- include: ../../common/openshift-node/scaleup.yml + vars_files: + - ../../byo/openshift-cluster/cluster_hosts.yml + vars: + openshift_cluster_id: "{{ cluster_id | default('default') }}" + openshift_debug_level: "{{ debug_level | default(2) }}" + openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-cluster/additional_config.yml new file mode 100644 index 000000000..1ac78468a --- /dev/null +++ b/playbooks/common/openshift-cluster/additional_config.yml @@ -0,0 +1,56 @@ +- name: Configure flannel + hosts: oo_first_master + vars: + etcd_urls: "{{ openshift.master.etcd_urls }}" + roles: + - role: flannel_register + when: openshift.common.use_flannel | bool + +- name: Additional master configuration + hosts: oo_first_master + vars: + cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}" + etcd_urls: "{{ openshift.master.etcd_urls }}" + openshift_master_ha: "{{ groups.oo_masters | length > 1 }}" + omc_cluster_hosts: "{{ groups.oo_masters | join(' ')}}" + roles: + - role: openshift_master_cluster + when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker" + - role: openshift_examples + when: openshift.common.install_examples | bool + - role: openshift_cluster_metrics + when: openshift.common.use_cluster_metrics | bool + - role: openshift_manageiq + when: openshift.common.use_manageiq | bool + - role: cockpit + when: not openshift.common.is_atomic and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and + (osm_use_cockpit | bool or osm_use_cockpit is undefined ) + - role: flannel_register + when: openshift.common.use_flannel | bool + - role: pods + when: openshift.common.deployment_type == 'online' + - role: os_env_extras + when: openshift.common.deployment_type == 'online' + +- name: Create persistent volumes and create hosted services + hosts: oo_first_master + vars: + attach_registry_volume: "{{ openshift.hosted.registry.storage.kind != None }}" + deploy_infra: "{{ openshift.master.infra_nodes | default([]) | length > 0 }}" + persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" + persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" + roles: + - role: openshift_persistent_volumes + when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0 + - role: openshift_serviceaccounts + openshift_serviceaccounts_names: + - router + - registry + openshift_serviceaccounts_namespace: default + openshift_serviceaccounts_sccs: + - privileged + - role: openshift_router + when: deploy_infra | bool + - role: openshift_registry + registry_volume_claim: "{{ openshift.hosted.registry.storage.volume.name }}-claim" + when: deploy_infra | bool and attach_registry_volume | bool diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 2cad4b362..23c8f039e 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -11,4 +11,6 @@ - include: ../openshift-master/config.yml +- include: additional_config.yml + - include: ../openshift-node/config.yml diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index 7917bfba5..432a92b49 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -10,8 +10,8 @@ when: g_etcd_hosts is not defined - fail: - msg: This playbook requires g_master_hosts to be set - when: g_master_hosts is not defined + msg: This playbook requires g_master_hosts or g_new_master_hosts to be set + when: g_master_hosts is not defined and g_new_master_hosts is not defined - fail: msg: This playbook requires g_node_hosts or g_new_node_hosts to be set @@ -29,6 +29,14 @@ msg: The nfs group must be limited to one host when: (groups[g_nfs_hosts] | default([])) | length > 1 + - name: Evaluate oo_masters + add_host: + name: "{{ item }}" + groups: oo_masters + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + with_items: "{{ g_master_hosts | union(g_new_master_hosts) | default([]) }}" + - name: Evaluate oo_etcd_to_config add_host: name: "{{ item }}" @@ -43,11 +51,7 @@ groups: oo_masters_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_sudo: "{{ g_sudo | default(omit) }}" - with_items: "{{ g_master_hosts | default([]) }}" - - # Use g_new_node_hosts if it exists otherwise g_node_hosts - - set_fact: - g_node_hosts_to_config: "{{ g_new_node_hosts | default(g_node_hosts | default([], true), true) }}" + with_items: "{{ g_new_master_hosts | default(g_master_hosts | default([], true), true) }}" - name: Evaluate oo_nodes_to_config add_host: @@ -55,7 +59,7 @@ groups: oo_nodes_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_sudo: "{{ g_sudo | default(omit) }}" - with_items: "{{ g_node_hosts_to_config | default([]) }}" + with_items: "{{ g_new_node_hosts | default(g_node_hosts | default([], true), true) }}" # Skip adding the master to oo_nodes_to_config when g_new_node_hosts is - name: Evaluate oo_nodes_to_config diff --git a/playbooks/common/openshift-cluster/scaleup.yml b/playbooks/common/openshift-cluster/scaleup.yml deleted file mode 100644 index d2ba3fc7a..000000000 --- a/playbooks/common/openshift-cluster/scaleup.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- include: evaluate_groups.yml - -- include: ../openshift-node/config.yml - vars: - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/common/openshift-cluster/upgrades/files/ensure_system_units_have_version.sh b/playbooks/common/openshift-cluster/upgrades/files/ensure_system_units_have_version.sh new file mode 100644 index 000000000..239f43314 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/files/ensure_system_units_have_version.sh @@ -0,0 +1,51 @@ +#!/bin/bash +set -e + +SERVICE_TYPE=$1 +DEPLOYMENT_TYPE=$2 +VERSION="v${3}" + +add_image_version_to_sysconfig () { + unit_name=$2 + sysconfig_file=/etc/sysconfig/${unit_name} + + if ! grep IMAGE_VERSION ${sysconfig_file}; then + sed -i "/CONFIG_FILE/a IMAGE_VERSION=${1}" ${sysconfig_file} + else + sed -i "s/\(IMAGE_VERSION=\).*/\1${1}/" ${sysconfig_file} + fi +} + +add_image_version_to_unit () { + deployment_type=$1 + unit_file=$2 + + if ! grep IMAGE_VERSION $unit_file; then + image_namespace="openshift/" + if [ $deployment_type == "atomic-enterprise" ]; then + image_namespace="aep3/" + elif [ $deployment_type == "openshift-enterprise" ]; then + image_namespace="openshift3/" + fi + + sed -i "s|\(${image_namespace}[a-zA-Z0-9]\+\)|\1:\${IMAGE_VERSION}|" $unit_file + fi +} + +for unit_file in $(ls /etc/systemd/system/${SERVICE_TYPE}*.service); do + unit_name=$(basename -s .service ${unit_file}) + add_image_version_to_sysconfig $VERSION $unit_name + add_image_version_to_unit $DEPLOYMENT_TYPE $unit_file +done + +if [ -e /etc/sysconfig/openvswitch ]; then + add_image_version_to_sysconfig $VERSION openvswitch +else + echo IMAGE_VERSION=${VERSION} > /etc/sysconfig/openvswitch +fi +if ! grep EnvironmentFile /etc/systemd/system/openvswitch.service > /dev/null; then + sed -i "/Service/a EnvironmentFile=/etc/sysconfig/openvswitch" /etc/systemd/system/openvswitch.service +fi +add_image_version_to_unit $DEPLOYMENT_TYPE /etc/systemd/system/openvswitch.service + +systemctl daemon-reload diff --git a/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh new file mode 100644 index 000000000..4095b9829 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# Here we don't really care if this is a master, api, controller or node image. +# We just need to know the version of one of them. +unit_file=$(ls /etc/systemd/system/${1}*.service | head -n1) +installed_container_name=$(basename -s .service ${unit_file}) +installed=$(docker exec ${installed_container_name} openshift version | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') + +if [ ${1} == "origin" ]; then + image_name="openshift/origin" +elif grep aep $unit_file > /dev/null; then + image_name="aep3/aep" +elif grep ose $unit_file > /dev/null; then + image_name="openshift3/ose" +fi + +docker pull ${image_name} 1>&2 +available=$(docker run --rm ${image_name} version | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') + +echo "---" +echo "curr_version: ${installed}" +echo "avail_version: ${available}" diff --git a/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh new file mode 100644 index 000000000..a2a9579b5 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | sort -r | tr '\n' ' ') +available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ') + +echo "---" +echo "curr_version: ${installed}" +echo "avail_version: ${available}" diff --git a/playbooks/common/openshift-cluster/upgrades/files/versions.sh b/playbooks/common/openshift-cluster/upgrades/files/versions.sh deleted file mode 100644 index 3a1a8ebb1..000000000 --- a/playbooks/common/openshift-cluster/upgrades/files/versions.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -yum_installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | sort -r | tr '\n' ' ') - -yum_available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ') - -echo "---" -echo "curr_version: ${yum_installed}" -echo "avail_version: ${yum_available}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 049ac997c..6d7cefc8e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -66,7 +66,7 @@ g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}" - name: Determine available versions - script: ../files/versions.sh {{ g_new_service_name }} openshift + script: ../files/rpm_versions.sh {{ g_new_service_name }} openshift register: g_versions_result - set_fact: @@ -622,6 +622,16 @@ '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}' --api-version=v1 with_items: haproxy_routers + when: not openshift.common.version_gte_3_1_1_or_1_1_1 + + - name: Update router image to current version + when: all_routers.rc == 0 + command: > + {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p + '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' + --api-version=v1 + with_items: haproxy_routers + when: openshift.common.version_gte_3_1_1_or_1_1_1 - name: Check for default registry command: > diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml index d7a2ac405..196393b2a 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml @@ -37,7 +37,7 @@ when: all_routers.rc == 0 command: > {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p - '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}' + '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' --api-version=v1 with_items: haproxy_routers diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml index 12b9c84d3..864622a09 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml @@ -41,7 +41,7 @@ g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}" - name: Determine available versions - script: ../files/versions.sh {{ g_new_service_name }} + script: ../files/rpm_versions.sh {{ g_new_service_name }} register: g_versions_result - set_fact: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml index dbf746f12..54bb251f7 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml @@ -13,10 +13,11 @@ tasks: - name: Upgrade master packages command: "{{ ansible_pkg_mgr}} update -y {{ openshift.common.service_type }}-master{{ openshift_version }}" + when: not openshift.common.is_containerized | bool - name: Ensure python-yaml present for config upgrade action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" - when: not openshift.common.is_atomic | bool + when: not openshift.common.is_containerized | bool # Currently 3.1.1 does not have any new configuration settings # @@ -63,6 +64,7 @@ tasks: - name: Upgrade node packages command: "{{ ansible_pkg_mgr }} update -y {{ openshift.common.service_type }}-node{{ openshift_version }}" + when: not openshift.common.is_containerized | bool - name: Restart node service service: name="{{ openshift.common.service_type }}-node" state=restarted diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_upgrade.yml new file mode 100644 index 000000000..696994688 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_upgrade.yml @@ -0,0 +1,9 @@ +- name: Update system_units + script: ../files/ensure_system_units_have_version.sh {{ openshift.common.service_type }} {{ openshift.common.deployment_type }} {{ g_new_version }} + +- name: Verifying the correct version was configured + command: grep {{ verify_upgrade_version }} {{ item }} + with_items: + - /etc/sysconfig/openvswitch + - /etc/sysconfig/{{ openshift.common.service_type }}* + when: verify_upgrade_version is defined diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml new file mode 100644 index 000000000..09372e3bd --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml @@ -0,0 +1,20 @@ +--- +- name: Upgrade Docker + hosts: oo_masters_to_config + vars: + openshift_version: "{{ openshift_pkg_version | default('') }}" + tasks: + - name: Check if Docker is installed + command: rpm -q docker + register: pkg_check + failed_when: pkg_check.rc > 1 + changed_when: no + + - name: Upgrade Docker + command: "{{ ansible_pkg_mgr}} update -y docker" + when: pkg_check.rc == 0 and g_docker_version.curr_version | version_compare('1.9','<') + register: docker_upgrade + + - name: Restart Docker + service: name=docker state=restarted + when: docker_upgrade | changed diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/filter_plugins new file mode 120000 index 000000000..27ddaa18b --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/filter_plugins @@ -0,0 +1 @@ +../../../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/library b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/library new file mode 120000 index 000000000..53bed9684 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/library @@ -0,0 +1 @@ +../library
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/lookup_plugins b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/lookup_plugins new file mode 120000 index 000000000..cf407f69b --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/lookup_plugins @@ -0,0 +1 @@ +../../../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml new file mode 100644 index 000000000..3fd97ac14 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml @@ -0,0 +1,57 @@ +--- +############################################################################### +# Post upgrade - Upgrade default router, default registry and examples +############################################################################### +- name: Upgrade default router and default registry + hosts: oo_first_master + vars: + openshift_deployment_type: "{{ deployment_type }}" + registry_image: "{{ openshift.master.registry_url | replace( '${component}', 'docker-registry' ) | replace ( '${version}', 'v' + g_new_version ) }}" + router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', 'v' + g_new_version ) }}" + oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig" + roles: + # Create the new templates shipped in 3.2, existing templates are left + # unmodified. This prevents the subsequent role definition for + # openshift_examples from failing when trying to replace templates that do + # not already exist. We could have potentially done a replace --force to + # create and update in one step. + - openshift_examples + # Update the existing templates + - role: openshift_examples + openshift_examples_import_command: replace + pre_tasks: + - name: Collect all routers + command: > + {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json + register: all_routers + failed_when: false + changed_when: false + + - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}" + when: all_routers.rc == 0 + + - set_fact: haproxy_routers=[] + when: all_routers.rc != 0 + + - name: Update router image to current version + when: all_routers.rc == 0 + command: > + {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p + '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' + --api-version=v1 + with_items: haproxy_routers + + - name: Check for default registry + command: > + {{ oc_cmd }} get -n default dc/docker-registry + register: _default_registry + failed_when: false + changed_when: false + + - name: Update registry image to current version + when: _default_registry.rc == 0 + command: > + {{ oc_cmd }} patch dc/docker-registry -p + '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' + --api-version=v1 + diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml new file mode 100644 index 000000000..d423238ec --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -0,0 +1,240 @@ +--- +############################################################################### +# Evaluate host groups and gather facts +############################################################################### +- name: Load openshift_facts + hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config + roles: + - openshift_facts + +- name: Evaluate additional groups for upgrade + hosts: localhost + connection: local + become: no + tasks: + - name: Evaluate etcd_hosts_to_backup + add_host: + name: "{{ item }}" + groups: etcd_hosts_to_backup + with_items: groups.oo_etcd_to_config if groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config | length > 0 else groups.oo_first_master + +############################################################################### +# Pre-upgrade checks +############################################################################### +- name: Verify upgrade can proceed + hosts: oo_first_master + vars: + openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" + target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" + gather_facts: no + tasks: + - fail: + msg: > + This upgrade is only supported for atomic-enterprise, origin, openshift-enterprise, and online + deployment types + when: deployment_type not in ['atomic-enterprise', 'origin','openshift-enterprise', 'online'] + + - fail: + msg: > + openshift_pkg_version is {{ openshift_pkg_version }} which is not a + valid version for a {{ target_version }} upgrade + when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(target_version ,'<') + +- name: Verify upgrade can proceed + hosts: oo_masters_to_config:oo_nodes_to_config + vars: + target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" + roles: + - openshift_cli + tasks: + - name: Clean package cache + command: "{{ ansible_pkg_mgr }} clean all" + + - set_fact: + g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}" + when: not openshift.common.is_containerized | bool + + - name: Determine available versions + script: ../files/rpm_versions.sh {{ g_new_service_name }} + register: g_rpm_versions_result + when: not openshift.common.is_containerized | bool + + - set_fact: + g_aos_versions: "{{ g_rpm_versions_result.stdout | from_yaml }}" + when: not openshift.common.is_containerized | bool + + - name: Determine available versions + script: ../files/openshift_container_versions.sh {{ openshift.common.service_type }} + register: g_containerized_versions_result + when: openshift.common.is_containerized | bool + + - set_fact: + g_aos_versions: "{{ g_containerized_versions_result.stdout | from_yaml }}" + when: openshift.common.is_containerized | bool + + - set_fact: + g_new_version: "{{ g_aos_versions.curr_version.split('-', 1).0 if g_aos_versions.avail_version is none else g_aos_versions.avail_version.split('-', 1).0 }}" + when: openshift_pkg_version is not defined + + - fail: + msg: Verifying the correct version was found + when: verify_upgrade_version is defined and g_new_version != verify_upgrade_version + + - set_fact: + g_new_version: "{{ openshift_pkg_version | replace('-','') }}" + when: openshift_pkg_version is defined + + - name: Update systemd units + script: ../files/ensure_system_units_have_version.sh {{ openshift.common.service_type }} {{ openshift.common.deployment_type }} {{ g_aos_versions.curr_version }} + when: openshift.common.is_containerized | bool + + # Note: the version number is hardcoded here in hopes of catching potential + # bugs in how g_aos_versions.curr_version is set + - name: Verifying the correct version is installed for upgrade + shell: grep 3.1.1.6 {{ item }} + with_items: + - /etc/sysconfig/openvswitch + - /etc/sysconfig/{{ openshift.common.service_type }}* + when: verify_upgrade_version is defined + + - fail: + msg: This playbook requires Origin 1.1 or later + when: deployment_type == 'origin' and g_aos_versions.curr_version | version_compare('1.1','<') + + - fail: + msg: This playbook requires Atomic Enterprise Platform/OpenShift Enterprise 3.1 or later + when: deployment_type == 'atomic-openshift' and g_aos_versions.curr_version | version_compare('3.1','<') + + # TODO: this may only make sense for RPM installs. We probably need another check for containerized installs. + - fail: + msg: Upgrade packages not found + when: (g_aos_versions.avail_version | default(g_aos_versions.curr_version, true) | version_compare(target_version, '<')) + + - name: Determine available Docker + script: ../files/rpm_versions.sh docker + register: g_docker_version_result + when: not openshift.common.is_atomic | bool + + - name: Determine available Docker + shell: "rpm -q --queryformat '---\ncurr_version: %{VERSION}\navail_version: \n' docker" + register: g_atomic_docker_version_result + when: openshift.common.is_atomic | bool + + - set_fact: + g_docker_version: "{{ g_docker_version_result.stdout | from_yaml }}" + when: not openshift.common.is_atomic | bool + + - set_fact: + g_docker_version: "{{ g_atomic_docker_version_result.stdout | from_yaml }}" + when: openshift.common.is_atomic | bool + + - fail: + msg: This playbook requires access to Docker 1.9 or later + when: not openshift.common.is_atomic | bool + and (g_docker_version.avail_version | default(g_docker_version.curr_version, true) | version_compare('1.9','<')) + + # TODO: add check to upgrade ostree to get latest Docker + + - set_fact: + pre_upgrade_complete: True + + +############################################################################## +# Gate on pre-upgrade checks +############################################################################## +- name: Gate on pre-upgrade checks + hosts: localhost + connection: local + become: no + vars: + pre_upgrade_hosts: "{{ groups.oo_masters_to_config | union(groups.oo_nodes_to_config) }}" + tasks: + - set_fact: + pre_upgrade_completed: "{{ hostvars + | oo_select_keys(pre_upgrade_hosts) + | oo_collect('inventory_hostname', {'pre_upgrade_complete': true}) }}" + - set_fact: + pre_upgrade_failed: "{{ pre_upgrade_hosts | difference(pre_upgrade_completed) }}" + - fail: + msg: "Upgrade cannot continue. The following hosts did not complete pre-upgrade checks: {{ pre_upgrade_failed | join(',') }}" + when: pre_upgrade_failed | length > 0 + +############################################################################### +# Backup etcd +############################################################################### +- name: Backup etcd + hosts: etcd_hosts_to_backup + vars: + embedded_etcd: "{{ openshift.master.embedded_etcd }}" + timestamp: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" + roles: + - openshift_facts + tasks: + # Ensure we persist the etcd role for this host in openshift_facts + - openshift_facts: + role: etcd + local_facts: {} + when: "'etcd' not in openshift" + + - stat: path=/var/lib/openshift + register: var_lib_openshift + + - stat: path=/var/lib/origin + register: var_lib_origin + + - name: Create origin symlink if necessary + file: src=/var/lib/openshift/ dest=/var/lib/origin state=link + when: var_lib_openshift.stat.exists == True and var_lib_origin.stat.exists == False + + # TODO: replace shell module with command and update later checks + # We assume to be using the data dir for all backups. + - name: Check available disk space for etcd backup + shell: df --output=avail -k {{ openshift.common.data_dir }} | tail -n 1 + register: avail_disk + + # TODO: replace shell module with command and update later checks + - name: Check current embedded etcd disk usage + shell: du -k {{ openshift.etcd.etcd_data_dir }} | tail -n 1 | cut -f1 + register: etcd_disk_usage + when: embedded_etcd | bool + + - name: Abort if insufficient disk space for etcd backup + fail: + msg: > + {{ etcd_disk_usage.stdout }} Kb disk space required for etcd backup, + {{ avail_disk.stdout }} Kb available. + when: (embedded_etcd | bool) and (etcd_disk_usage.stdout|int > avail_disk.stdout|int) + + - name: Install etcd (for etcdctl) + action: "{{ ansible_pkg_mgr }} name=etcd state=latest" + + - name: Generate etcd backup + command: > + etcdctl backup --data-dir={{ openshift.etcd.etcd_data_dir }} + --backup-dir={{ openshift.common.data_dir }}/etcd-backup-{{ timestamp }} + + - set_fact: + etcd_backup_complete: True + + - name: Display location of etcd backup + debug: + msg: "Etcd backup created in {{ openshift.common.data_dir }}/etcd-backup-{{ timestamp }}" + + +############################################################################## +# Gate on etcd backup +############################################################################## +- name: Gate on etcd backup + hosts: localhost + connection: local + become: no + tasks: + - set_fact: + etcd_backup_completed: "{{ hostvars + | oo_select_keys(groups.etcd_hosts_to_backup) + | oo_collect('inventory_hostname', {'etcd_backup_complete': true}) }}" + - set_fact: + etcd_backup_failed: "{{ groups.etcd_hosts_to_backup | difference(etcd_backup_completed) }}" + - fail: + msg: "Upgrade cannot continue. The following hosts did not complete etcd backup: {{ etcd_backup_failed | join(',') }}" + when: etcd_backup_failed | length > 0 diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/roles b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/roles new file mode 120000 index 000000000..6bc1a7aef --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/roles @@ -0,0 +1 @@ +../../../../../roles
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml new file mode 100644 index 000000000..7a2718e1b --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml @@ -0,0 +1,6 @@ +- name: Upgrade packages + command: "{{ ansible_pkg_mgr}} update -y {{ openshift.common.service_type }}-{{ component }}-{{ g_new_version }}" + +- name: Ensure python-yaml present for config upgrade + action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" + when: not openshift.common.is_atomic | bool diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml new file mode 100644 index 000000000..1f58a1e3f --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -0,0 +1,150 @@ +--- +############################################################################### +# The restart playbook should be run after this playbook completes. +############################################################################### + +- include: docker_upgrade.yml + when: not openshift.common.is_atomic | bool + +############################################################################### +# Upgrade Masters +############################################################################### +- name: Upgrade master + hosts: oo_masters_to_config + tasks: + - include: rpm_upgrade.yml component=master + when: not openshift.common.is_containerized | bool + + - include: containerized_upgrade.yml + when: openshift.common.is_containerized | bool + +# - name: Upgrade master configuration +# openshift_upgrade_config: +# from_version: '3.1' +# to_version: '3.2' +# role: master +# config_base: "{{ hostvars[inventory_hostname].openshift.common.config_base }}" + +- name: Set master update status to complete + hosts: oo_masters_to_config + tasks: + - set_fact: + master_update_complete: True + +############################################################################## +# Gate on master update complete +############################################################################## +- name: Gate on master update + hosts: localhost + connection: local + become: no + tasks: + - set_fact: + master_update_completed: "{{ hostvars + | oo_select_keys(groups.oo_masters_to_config) + | oo_collect('inventory_hostname', {'master_update_complete': true}) }}" + - set_fact: + master_update_failed: "{{ groups.oo_masters_to_config | difference(master_update_completed) }}" + - fail: + msg: "Upgrade cannot continue. The following masters did not finish updating: {{ master_update_failed | join(',') }}" + when: master_update_failed | length > 0 + +############################################################################### +# Upgrade Nodes +############################################################################### +- name: Upgrade nodes + hosts: oo_nodes_to_config + tasks: + - include: rpm_upgrade.yml + vars: + component: "node" + openshift_version: "{{ openshift_pkg_version | default('') }}" + when: not openshift.common.is_containerized | bool + + - include: containerized_upgrade.yml + when: openshift.common.is_containerized | bool + + # This will restart the node + - name: Restart openvswitch service + service: name="{{ openshift.common.service_type }}-node" state=restarted + + - set_fact: + node_update_complete: True + +############################################################################## +# Gate on nodes update +############################################################################## +- name: Gate on nodes update + hosts: localhost + connection: local + become: no + tasks: + - set_fact: + node_update_completed: "{{ hostvars + | oo_select_keys(groups.oo_nodes_to_config) + | oo_collect('inventory_hostname', {'node_update_complete': true}) }}" + - set_fact: + node_update_failed: "{{ groups.oo_nodes_to_config | difference(node_update_completed) }}" + - fail: + msg: "Upgrade cannot continue. The following nodes did not finish updating: {{ node_update_failed | join(',') }}" + when: node_update_failed | length > 0 + +############################################################################### +# Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints +############################################################################### +- name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints + hosts: oo_masters_to_config + roles: + - { role: openshift_cli, image_tag: "v{{ g_new_version }}" } + vars: + origin_reconcile_bindings: "{{ deployment_type == 'origin' and g_new_version | version_compare('1.0.6', '>') }}" + ent_reconcile_bindings: true + openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" + tasks: + - name: Verifying the correct commandline tools are available + shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}} + when: openshift.common.is_containerized | bool and verify_upgrade_version is defined + + - name: Reconcile Cluster Roles + command: > + {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig + policy reconcile-cluster-roles --confirm + run_once: true + + - name: Reconcile Cluster Role Bindings + command: > + {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig + policy reconcile-cluster-role-bindings + --exclude-groups=system:authenticated + --exclude-groups=system:authenticated:oauth + --exclude-groups=system:unauthenticated + --exclude-users=system:anonymous + --additive-only=true --confirm + when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool + run_once: true + + - name: Reconcile Security Context Constraints + command: > + {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm + run_once: true + + - set_fact: + reconcile_complete: True + +############################################################################## +# Gate on reconcile +############################################################################## +- name: Gate on reconcile + hosts: localhost + connection: local + become: no + tasks: + - set_fact: + reconcile_completed: "{{ hostvars + | oo_select_keys(groups.oo_masters_to_config) + | oo_collect('inventory_hostname', {'reconcile_complete': true}) }}" + - set_fact: + reconcile_failed: "{{ groups.oo_masters_to_config | difference(reconcile_completed) }}" + - fail: + msg: "Upgrade cannot continue. The following masters did not finish reconciling: {{ reconcile_failed | join(',') }}" + when: reconcile_failed | length > 0 diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml index 047431b63..fd82997b9 100644 --- a/playbooks/common/openshift-cluster/validate_hostnames.yml +++ b/playbooks/common/openshift-cluster/validate_hostnames.yml @@ -21,6 +21,6 @@ failed_when: false - name: Warn user about bad openshift_hostname values pause: - prompt: "The hostname \"{{ openshift.common.hostname }}\" for \"{{ ansible_nodename }}\" doesn't resolve to an ip address owned by this host. Please set openshift_hostname variable to a hostname that when resolved on the host in question resolves to an IP address matching an interface on this host. This host will fail liveness checks for pods utilizing hostPorts, press CTRL-C to continue." + prompt: "The hostname \"{{ openshift.common.hostname }}\" for \"{{ ansible_nodename }}\" doesn't resolve to an ip address owned by this host. Please set openshift_hostname variable to a hostname that when resolved on the host in question resolves to an IP address matching an interface on this host. This host will fail liveness checks for pods utilizing hostPorts, press ENTER to continue or CTRL-C to abort." seconds: "{{ 10 if openshift_override_hostname_check | default(false) | bool else omit }}" when: lookupip.stdout not in ansible_all_ipv4_addresses diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 77edbd1a6..d087a678a 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -28,6 +28,11 @@ | default([])) | oo_collect('openshift.common.hostname') | default(none, true) }}" + + - set_fact: + openshift_master_debug_level: "{{ lookup('oo_option', 'openshift_master_debug_level') | default(openshift.common.debug_level, true) }}" + when: openshift_master_debug_level is not defined + roles: - openshift_facts post_tasks: @@ -57,6 +62,8 @@ console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" public_console_url: "{{ openshift_master_public_console_url | default(None) }}" portal_net: "{{ openshift_master_portal_net | default(None) }}" + ha: "{{ openshift_master_ha | default(groups.oo_masters | length > 1) }}" + master_count: "{{ openshift_master_count | default(groups.oo_masters | length) }}" - openshift_facts: role: hosted openshift_env: @@ -144,7 +151,7 @@ when: etcd_client_certs_missing is defined and etcd_client_certs_missing - name: Determine if master certificates need to be generated - hosts: oo_masters_to_config + hosts: oo_first_master:oo_masters_to_config tasks: - set_fact: openshift_master_certs_no_etcd: @@ -221,19 +228,12 @@ validate_checksum: yes with_items: masters_needing_certs -- name: Compute haproxy_backend_servers - hosts: localhost - connection: local - become: no - gather_facts: no - tasks: - - set_fact: - haproxy_backend_servers: "{{ hostvars | oo_select_keys(groups['oo_masters_to_config']) | oo_haproxy_backend_masters }}" - - name: Configure load balancers hosts: oo_lb_to_config vars: sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" + haproxy_global_maxconn: 20000 + haproxy_default_maxconn: 20000 haproxy_frontend_port: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }}" haproxy_frontends: - name: atomic-openshift-api @@ -248,11 +248,11 @@ mode: tcp option: tcplog balance: source - servers: "{{ hostvars.localhost.haproxy_backend_servers }}" + servers: "{{ hostvars | oo_select_keys(groups['oo_masters']) | oo_haproxy_backend_masters }}" roles: - role: openshift_facts - role: haproxy - when: groups.oo_masters_to_config | length > 1 + when: hostvars[groups.oo_first_master.0].openshift.master.ha | bool - name: Check for cached session secrets hosts: oo_first_master @@ -334,8 +334,8 @@ serial: 1 vars: sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - openshift_master_count: "{{ groups.oo_masters_to_config | length }}" + openshift_master_ha: "{{ openshift.master.ha }}" + openshift_master_count: "{{ openshift.master.master_count }}" openshift_master_session_auth_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_auth_secrets }}" openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}" pre_tasks: @@ -343,12 +343,12 @@ file: path: "{{ openshift.common.config_base }}/master" state: directory - when: master_certs_missing and 'oo_first_master' not in group_names + when: master_certs_missing | bool and 'oo_first_master' not in group_names - name: Unarchive the tarball on the master unarchive: src: "{{ sync_tmpdir }}/{{ master_cert_subdir }}.tgz" dest: "{{ master_cert_config_dir }}" - when: master_certs_missing and 'oo_first_master' not in group_names + when: master_certs_missing | bool and 'oo_first_master' not in group_names roles: - openshift_master - role: nickhammond.logrotate @@ -359,32 +359,12 @@ group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }} changed_when: False -- name: Additional master configuration - hosts: oo_first_master - vars: - cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}" - etcd_urls: "{{ openshift.master.etcd_urls }}" - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}" +# Additional instance config for online deployments +- name: Additional instance config + hosts: oo_masters_deployment_type_online roles: - - role: openshift_master_cluster - when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker" - - role: openshift_examples - when: openshift.common.install_examples | bool - - role: openshift_cluster_metrics - when: openshift.common.use_cluster_metrics | bool - - role: openshift_manageiq - when: openshift.common.use_manageiq | bool - - role: cockpit - when: not openshift.common.is_atomic and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and - (osm_use_cockpit | bool or osm_use_cockpit is undefined ) - - role: flannel_register - when: openshift.common.use_flannel | bool - - role: pods - when: openshift.common.deployment_type == 'online' - - role: os_env_extras - when: openshift.common.deployment_type == 'online' - + - pods + - os_env_extras - name: Delete temporary directory on localhost hosts: localhost @@ -394,26 +374,3 @@ tasks: - file: name={{ g_master_mktemp.stdout }} state=absent changed_when: False - -- name: Create persistent volumes and create hosted services - hosts: oo_first_master - vars: - attach_registry_volume: "{{ openshift.hosted.registry.storage.kind != None }}" - deploy_infra: "{{ openshift.master.infra_nodes | default([]) | length > 0 }}" - persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" - persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" - roles: - - role: openshift_persistent_volumes - when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0 - - role: openshift_serviceaccounts - openshift_serviceaccounts_names: - - router - - registry - openshift_serviceaccounts_namespace: default - openshift_serviceaccounts_sccs: - - privileged - - role: openshift_router - when: deploy_infra | bool - - role: openshift_registry - when: deploy_infra | bool and attach_registry_volume | bool - diff --git a/playbooks/common/openshift-master/library/modify_yaml.py b/playbooks/common/openshift-master/library/modify_yaml.py new file mode 100755 index 000000000..a4be10ca3 --- /dev/null +++ b/playbooks/common/openshift-master/library/modify_yaml.py @@ -0,0 +1,95 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# vim: expandtab:tabstop=4:shiftwidth=4 + +''' modify_yaml ansible module ''' + +import yaml + +DOCUMENTATION = ''' +--- +module: modify_yaml +short_description: Modify yaml key value pairs +author: Andrew Butcher +requirements: [ ] +''' +EXAMPLES = ''' +- modify_yaml: + dest: /etc/origin/master/master-config.yaml + yaml_key: 'kubernetesMasterConfig.masterCount' + yaml_value: 2 +''' + +def main(): + ''' Modify key (supplied in jinja2 dot notation) in yaml file, setting + the key to the desired value. + ''' + + # disabling pylint errors for global-variable-undefined and invalid-name + # for 'global module' usage, since it is required to use ansible_facts + # pylint: disable=global-variable-undefined, invalid-name, + # redefined-outer-name + global module + + module = AnsibleModule( + argument_spec=dict( + dest=dict(required=True), + yaml_key=dict(required=True), + yaml_value=dict(required=True), + backup=dict(required=False, default=True, type='bool'), + ), + supports_check_mode=True, + ) + + dest = module.params['dest'] + yaml_key = module.params['yaml_key'] + yaml_value = module.safe_eval(module.params['yaml_value']) + backup = module.params['backup'] + + # Represent null values as an empty string. + # pylint: disable=missing-docstring, unused-argument + def none_representer(dumper, data): + return yaml.ScalarNode(tag=u'tag:yaml.org,2002:null', value=u'') + yaml.add_representer(type(None), none_representer) + + try: + changes = [] + + yaml_file = open(dest) + yaml_data = yaml.safe_load(yaml_file.read()) + yaml_file.close() + + ptr = yaml_data + for key in yaml_key.split('.'): + if key not in ptr and key != yaml_key.split('.')[-1]: + ptr[key] = {} + elif key == yaml_key.split('.')[-1]: + if (key in ptr and module.safe_eval(ptr[key]) != yaml_value) or (key not in ptr): + ptr[key] = yaml_value + changes.append((yaml_key, yaml_value)) + else: + ptr = ptr[key] + + if len(changes) > 0: + if backup: + module.backup_local(dest) + yaml_file = open(dest, 'w') + yaml_string = yaml.dump(yaml_data, default_flow_style=False) + yaml_string = yaml_string.replace('\'\'', '""') + yaml_file.write(yaml_string) + yaml_file.close() + + return module.exit_json(changed=(len(changes) > 0), changes=changes) + + # ignore broad-except error to avoid stack trace to ansible user + # pylint: disable=broad-except + except Exception, e: + return module.fail_json(msg=str(e)) + +# ignore pylint errors related to the module_utils import +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import +# import module snippets +from ansible.module_utils.basic import * + +if __name__ == '__main__': + main() diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml new file mode 100644 index 000000000..6f8151d30 --- /dev/null +++ b/playbooks/common/openshift-master/scaleup.yml @@ -0,0 +1,55 @@ +--- +- include: ../openshift-cluster/evaluate_groups.yml + +- name: Gather facts + hosts: oo_etcd_to_config:oo_masters_to_config:oo_nodes_to_config + roles: + - openshift_facts + +- name: Update master count + hosts: oo_masters:!oo_masters_to_config + serial: 1 + roles: + - openshift_facts + post_tasks: + - openshift_facts: + role: master + local_facts: + ha: "{{ openshift_master_ha | default(groups.oo_masters | length > 1) }}" + master_count: "{{ openshift_master_count | default(groups.oo_masters | length) }}" + - name: Update master count + modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'kubernetesMasterConfig.masterCount' + yaml_value: "{{ openshift.master.master_count }}" + notify: + - restart master api + - restart master controllers + handlers: + - name: restart master api + service: name={{ openshift.common.service_type }}-master-controllers state=restarted + notify: verify api server + - name: restart master controllers + service: name={{ openshift.common.service_type }}-master-controllers state=restarted + - name: verify api server + command: > + curl -k --head --silent {{ openshift.master.api_url }} + register: api_available_output + until: api_available_output.stdout.find("200 OK") != -1 + retries: 120 + delay: 1 + changed_when: false + +- name: Configure docker hosts + hosts: oo_masters_to-config:oo_nodes_to_config + vars: + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') | oo_split }}" + docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') | oo_split }}" + docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') | oo_split }}" + roles: + - openshift_facts + - openshift_docker + +- include: ../openshift-master/config.yml + +- include: ../openshift-node/config.yml diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 56d30e9b9..7edea9160 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -1,6 +1,10 @@ --- - name: Gather and set facts for node hosts hosts: oo_nodes_to_config + pre_tasks: + - set_fact: + openshift_node_debug_level: "{{ lookup('oo_option', 'openshift_node_debug_level') | default(openshift.common.debug_level, true) }}" + when: openshift_node_debug_level is not defined roles: - openshift_facts tasks: diff --git a/playbooks/common/openshift-node/scaleup.yml b/playbooks/common/openshift-node/scaleup.yml new file mode 100644 index 000000000..d36f7acea --- /dev/null +++ b/playbooks/common/openshift-node/scaleup.yml @@ -0,0 +1,14 @@ +--- +- include: ../openshift-cluster/evaluate_groups.yml + +- name: Configure docker hosts + hosts: oo_nodes_to_config + vars: + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') | oo_split }}" + docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') | oo_split }}" + docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') | oo_split }}" + roles: + - openshift_facts + - openshift_docker + +- include: ../openshift-node/config.yml diff --git a/playbooks/gce/openshift-cluster/cluster_hosts.yml b/playbooks/gce/openshift-cluster/cluster_hosts.yml index 15690e3bf..b989e15fa 100644 --- a/playbooks/gce/openshift-cluster/cluster_hosts.yml +++ b/playbooks/gce/openshift-cluster/cluster_hosts.yml @@ -10,8 +10,12 @@ g_nfs_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-nfs'] | defau g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-master'] | default([])) }}" +g_new_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-new-master'] | default([])) }}" + g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-node'] | default([])) }}" +g_new_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-new-node'] | default([])) }}" + g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-infra']) | default([]) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute'] | default([])) }}" diff --git a/playbooks/gce/openshift-cluster/list.yml b/playbooks/gce/openshift-cluster/list.yml index f3004ede9..992033d16 100644 --- a/playbooks/gce/openshift-cluster/list.yml +++ b/playbooks/gce/openshift-cluster/list.yml @@ -18,9 +18,16 @@ ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" with_items: groups[scratch_group] | default([], true) | difference(['localhost']) | difference(groups.status_terminated | default([], true)) -- name: List instance(s) +- name: List Hosts hosts: oo_list_hosts + +- name: List Hosts + hosts: localhost + become: no + connection: local gather_facts: no + vars_files: + - vars.yml tasks: - debug: - msg: "public ip: {{ hostvars[inventory_hostname].gce_public_ip }} private ip:{{ hostvars[inventory_hostname].gce_private_ip }}" + msg: "{{ hostvars | oo_select_keys(groups[scratch_group] | default([])) | oo_pretty_print_cluster }}" diff --git a/playbooks/gce/openshift-cluster/vars.yml b/playbooks/gce/openshift-cluster/vars.yml index 1ae73fd68..d173213fc 100644 --- a/playbooks/gce/openshift-cluster/vars.yml +++ b/playbooks/gce/openshift-cluster/vars.yml @@ -2,15 +2,15 @@ debug_level: 2 deployment_rhel7_ent_base: - image: rhel-7 - machine_type: n1-standard-1 + image: "{{ lookup('oo_option', 'image_name') | default('rhel-7', True) }}" + machine_type: "{{ lookup('oo_option', 'machine_type') | default('n1-standard-1', True) }}" ssh_user: "{{ lookup('env', 'gce_ssh_user') | default(ansible_ssh_user, true) }}" sudo: yes deployment_vars: origin: - image: centos-7 - machine_type: n1-standard-1 + image: "{{ lookup('oo_option', 'image_name') | default('centos-7', True) }}" + machine_type: "{{ lookup('oo_option', 'machine_type') | default('n1-standard-1', True) }}" ssh_user: "{{ lookup('env', 'gce_ssh_user') | default(ansible_ssh_user, true) }}" sudo: yes online: diff --git a/playbooks/libvirt/openshift-cluster/cluster_hosts.yml b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml index 15690e3bf..b989e15fa 100644 --- a/playbooks/libvirt/openshift-cluster/cluster_hosts.yml +++ b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml @@ -10,8 +10,12 @@ g_nfs_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-nfs'] | defau g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-master'] | default([])) }}" +g_new_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-new-master'] | default([])) }}" + g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-node'] | default([])) }}" +g_new_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type-new-node'] | default([])) }}" + g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-infra']) | default([]) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type-compute'] | default([])) }}" diff --git a/playbooks/libvirt/openshift-cluster/vars.yml b/playbooks/libvirt/openshift-cluster/vars.yml index c78b52867..f28245f88 100644 --- a/playbooks/libvirt/openshift-cluster/vars.yml +++ b/playbooks/libvirt/openshift-cluster/vars.yml @@ -23,13 +23,13 @@ deployment_vars: origin: image: url: "{{ lookup('oo_option', 'image_url') | - default('http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2.xz', True) }}" + default('http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1602.qcow2.xz', True) }}" compression: "{{ lookup('oo_option', 'image_compression') | default('xz', True) }}" name: "{{ lookup('oo_option', 'image_name') | default('CentOS-7-x86_64-GenericCloud.qcow2', True) }}" sha256: "{{ lookup('oo_option', 'image_sha256') | - default('9461006300d65172f5668d8875f2aad7b54f7ba4e9c5435d65a84a5a2d66e39b', True) }}" + default('dd0f5e610e7c5ffacaca35ed7a78a19142a588f4543da77b61c1fb0d74400471', True) }}" ssh_user: openshift sudo: yes online: @@ -42,5 +42,3 @@ deployment_vars: enterprise: "{{ deployment_rhel7_ent_base }}" openshift-enterprise: "{{ deployment_rhel7_ent_base }}" atomic-enterprise: "{{ deployment_rhel7_ent_base }}" - - diff --git a/playbooks/openstack/openshift-cluster/cluster_hosts.yml b/playbooks/openstack/openshift-cluster/cluster_hosts.yml index 1023f3ec1..9a3361919 100644 --- a/playbooks/openstack/openshift-cluster/cluster_hosts.yml +++ b/playbooks/openstack/openshift-cluster/cluster_hosts.yml @@ -10,8 +10,12 @@ g_nfs_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_nfs'] | defau g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_master'] | default([])) }}" +g_new_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_new_master'] | default([])) }}" + g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_node'] | default([])) }}" +g_new_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_new_node'] | default([])) }}" + g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_infra']) | default([]) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute']) | default([]) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute'] | default([])) }}" diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml index ac1612634..af774aa32 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml @@ -346,16 +346,16 @@ resources: port_range_max: 22 remote_ip_prefix: { get_param: ssh_incoming } - direction: ingress - protocol: udp - port_range_min: 4789 - port_range_max: 4789 - remote_mode: remote_group_id - - direction: ingress protocol: tcp port_range_min: 10250 port_range_max: 10250 remote_mode: remote_group_id remote_group_id: { get_resource: master-secgrp } + - direction: ingress + protocol: udp + port_range_min: 4789 + port_range_max: 4789 + remote_mode: remote_group_id infra-secgrp: type: OS::Neutron::SecurityGroup @@ -473,6 +473,7 @@ resources: subnet: { get_resource: subnet } secgrp: - { get_resource: master-secgrp } + - { get_resource: node-secgrp } floating_network: { get_param: external_net } net_name: str_replace: diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index e9b9cf540..0afcad72e 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -29,7 +29,7 @@ - name: Create or Update OpenStack Stack command: 'heat {{ heat_stack_action }} -f {{ openstack_infra_heat_stack }} - --timeout 3 --enable-rollback + --timeout 3 -P cluster_env={{ cluster_env }} -P cluster_id={{ cluster_id }} -P subnet_24_prefix={{ openstack_subnet_24_prefix }} @@ -59,7 +59,40 @@ until: stack_show_status_result.stdout not in ['CREATE_IN_PROGRESS', 'UPDATE_IN_PROGRESS'] retries: 30 delay: 5 - failed_when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE'] + + - name: Display the stack resources + command: 'heat resource-list openshift-ansible-{{ cluster_id }}-stack' + register: stack_resource_list_result + when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE'] + + - name: Display the stack status + command: 'heat stack-show openshift-ansible-{{ cluster_id }}-stack' + register: stack_show_result + when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE'] + + - name: Delete the stack + command: 'heat stack-delete openshift-ansible-{{ cluster_id }}-stack' + when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE'] + + - fail: + msg: | + + +--------------------------------------+ + | ^ | + | /!\ Failed to create the heat stack | + | /___\ | + +--------------------------------------+ + + Here is the list of stack resources and their status: + {{ stack_resource_list_result.stdout }} + + Here is the status of the stack: + {{ stack_show_result.stdout }} + + ^ Failed to create the heat stack + /!\ + /___\ Please check the `stack_status_reason` line in the above array to know why. + when: stack_show_status_result.stdout not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE'] - name: Read OpenStack Stack outputs command: 'heat stack-show openshift-ansible-{{ cluster_id }}-stack' |