diff options
Diffstat (limited to 'playbooks')
98 files changed, 1822 insertions, 2038 deletions
diff --git a/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml b/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml index 72fcd77b3..1438fd7d5 100755 --- a/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml +++ b/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml @@ -16,7 +16,7 @@ # * You may need to re-deploy docker images after this is run (like monitoring) - name: Fix docker to have a provisioned iops drive - hosts: "{{ cli_name }}" + hosts: "{{ cli_host }}" user: root connection: ssh gather_facts: no diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 0755d8bc5..4edd44fe4 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -7,245 +7,369 @@ # images # RPMs --- -- hosts: - - OSEv3:children +- hosts: OSEv3:children + become: yes + tasks: + - name: Detecting Operating System + shell: ls /run/ostree-booted + ignore_errors: yes + failed_when: false + register: ostree_output + + # Since we're not calling openshift_facts we'll do this for now + - set_fact: + is_atomic: "{{ ostree_output.rc == 0 }}" + - set_fact: + is_containerized: "{{ is_atomic or containerized | default(false) | bool }}" +- hosts: nodes become: yes + tasks: + - name: Stop services + service: name={{ item }} state=stopped + with_items: + - atomic-enterprise-node + - atomic-openshift-node + - openshift-node + - openvswitch + - origin-node + failed_when: false + + - name: unmask services + command: systemctl unmask "{{ item }}" + changed_when: False + failed_when: False + with_items: + - firewalld + + - name: Remove packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" + when: not is_atomic | bool + with_items: + - atomic-enterprise + - atomic-enterprise-node + - atomic-enterprise-sdn-ovs + - atomic-openshift + - atomic-openshift-clients + - atomic-openshift-node + - atomic-openshift-sdn-ovs + - cockpit-bridge + - cockpit-docker + - cockpit-shell + - cockpit-ws + - kubernetes-client + - openshift + - openshift-node + - openshift-sdn + - openshift-sdn-ovs + - openvswitch + - origin + - origin-clients + - origin-node + - origin-sdn-ovs + - tuned-profiles-atomic-enterprise-node + - tuned-profiles-atomic-openshift-node + - tuned-profiles-openshift-node + - tuned-profiles-origin-node + + - shell: systemctl reset-failed + changed_when: False + + - shell: systemctl daemon-reload + changed_when: False + + - name: Remove br0 interface + shell: ovs-vsctl del-br br0 + changed_when: False + failed_when: False + + - name: Remove linux interfaces + shell: ip link del "{{ item }}" + changed_when: False + failed_when: False + with_items: + - lbr0 + - vlinuxbr + - vovsbr + + - name: restart docker + service: name=docker state=restarted + + - name: restart NetworkManager + service: name=NetworkManager state=restarted + + - shell: find /var/lib/origin/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true + changed_when: False + + - shell: find /var/lib/atomic-enterprise/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true + changed_when: False + + - shell: find /var/lib/openshift/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true + changed_when: False + + - shell: docker rm -f "{{ item }}"-master "{{ item }}"-node + changed_when: False + failed_when: False + with_items: + - openshift-enterprise + - atomic-enterprise + - origin + + - shell: docker ps -a | grep Exited | egrep "{{ item }}" | awk '{print $1}' + changed_when: False + failed_when: False + register: exited_containers_to_delete + with_items: + - aep3.*/aep + - aep3.*/node + - aep3.*/openvswitch + - openshift3/ose + - openshift3/node + - openshift3/openvswitch + - openshift/origin + + - shell: "docker rm {{ item.stdout_lines | join(' ') }}" + changed_when: False + failed_when: False + with_items: "{{ exited_containers_to_delete.results }}" + + - shell: docker images | egrep {{ item }} | awk '{ print $3 }' + changed_when: False + failed_when: False + register: images_to_delete + with_items: + - registry\.access\..*redhat\.com/openshift3 + - registry\.access\..*redhat\.com/aep3 + - registry\.qe\.openshift\.com/.* + - registry\.access\..*redhat\.com/rhel7/etcd + - docker.io/openshift + when: openshift_uninstall_images | default(True) | bool + + - shell: "docker rmi -f {{ item.stdout_lines | join(' ') }}" + changed_when: False + failed_when: False + with_items: "{{ images_to_delete.results }}" + when: openshift_uninstall_images | default(True) | bool + + - name: Remove sdn drop files + file: + path: /run/openshift-sdn + state: absent + + - name: Remove remaining files + file: path={{ item }} state=absent + with_items: + - /etc/ansible/facts.d/openshift.fact + - /etc/atomic-enterprise + - /etc/openshift + - /etc/openshift-sdn + - /etc/origin + - /etc/systemd/system/atomic-openshift-node.service + - /etc/systemd/system/atomic-openshift-node-dep.service + - /etc/systemd/system/origin-node.service + - /etc/systemd/system/origin-node-dep.service + - /etc/systemd/system/openvswitch.service + - /etc/sysconfig/atomic-enterprise-node + - /etc/sysconfig/atomic-openshift-node + - /etc/sysconfig/atomic-openshift-node-dep + - /etc/sysconfig/origin-node + - /etc/sysconfig/origin-node-dep + - /etc/sysconfig/openshift-node + - /etc/sysconfig/openshift-node-dep + - /etc/sysconfig/openvswitch + - /etc/sysconfig/origin-node + - /etc/systemd/system/atomic-openshift-node.service.wants + - /run/openshift-sdn + - /var/lib/atomic-enterprise + - /var/lib/openshift + - /var/lib/origin + - /etc/NetworkManager/dispatcher.d/99-origin-dns.sh + - /etc/dnsmasq.d/origin-dns.conf + - /etc/dnsmasq.d/origin-upstream-dns.conf +- hosts: masters + become: yes tasks: - - name: Detecting Operating System - shell: ls /run/ostree-booted - ignore_errors: yes - failed_when: false - register: ostree_output - - # Since we're not calling openshift_facts we'll do this for now - - set_fact: - is_atomic: "{{ ostree_output.rc == 0 }}" - - set_fact: - is_containerized: "{{ is_atomic or containerized | default(false) | bool }}" - - - name: Remove br0 interface - shell: ovs-vsctl del-br br0 - changed_when: False - failed_when: False - - - name: Stop services - service: name={{ item }} state=stopped - with_items: - - atomic-enterprise-master - - atomic-enterprise-node - - atomic-openshift-master - - atomic-openshift-master-api - - atomic-openshift-master-controllers - - atomic-openshift-node - - etcd - - haproxy - - openshift-master - - openshift-master-api - - openshift-master-controllers - - openshift-node - - openvswitch - - origin-master - - origin-master-api - - origin-master-controllers - - origin-node - - pcsd - failed_when: false - - - name: unmask services - command: systemctl unmask "{{ item }}" - changed_when: False - failed_when: False - with_items: - - etcd - - firewalld - - - name: Stop additional atomic services - service: name={{ item }} state=stopped - when: is_containerized | bool - with_items: - - etcd_container - failed_when: false - - - name: Remove packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" - when: not is_atomic | bool - with_items: - - atomic-enterprise - - atomic-enterprise-master - - atomic-enterprise-node - - atomic-enterprise-sdn-ovs - - atomic-openshift - - atomic-openshift-clients - - atomic-openshift-master - - atomic-openshift-node - - atomic-openshift-sdn-ovs - - cockpit-bridge - - cockpit-docker - - cockpit-shell - - cockpit-ws - - corosync - - etcd - - haproxy - - kubernetes-client - - openshift - - openshift-master - - openshift-node - - openshift-sdn - - openshift-sdn-ovs - - openvswitch - - origin - - origin-clients - - origin-master - - origin-node - - origin-sdn-ovs - - pacemaker - - pcs - - tuned-profiles-atomic-enterprise-node - - tuned-profiles-atomic-openshift-node - - tuned-profiles-openshift-node - - tuned-profiles-origin-node - - - name: Remove linux interfaces - shell: ip link del "{{ item }}" - changed_when: False - failed_when: False - with_items: - - lbr0 - - vlinuxbr - - vovsbr - - - shell: systemctl reset-failed - changed_when: False - - - shell: systemctl daemon-reload - changed_when: False - - - shell: find /var/lib/origin/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true - changed_when: False - - - shell: find /var/lib/atomic-enterprise/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true - changed_when: False - - - shell: find /var/lib/openshift/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true - changed_when: False - - - shell: docker rm -f "{{ item }}"-master "{{ item }}"-node - changed_when: False - failed_when: False - with_items: - - openshift-enterprise - - atomic-enterprise - - origin - - - shell: docker ps -a | grep Exited | egrep "{{ item }}" | awk '{print $1}' - changed_when: False - failed_when: False - register: exited_containers_to_delete - with_items: - - aep3.*/aep - - aep3.*/node - - aep3.*/openvswitch - - openshift3/ose - - openshift3/node - - openshift3/openvswitch - - openshift/origin - - - shell: "docker rm {{ item.stdout_lines | join(' ') }}" - changed_when: False - failed_when: False - with_items: "{{ exited_containers_to_delete.results }}" - - - shell: docker images | egrep {{ item }} | awk '{ print $3 }' - changed_when: False - failed_when: False - register: images_to_delete - with_items: - - registry\.access\..*redhat\.com/openshift3 - - registry\.access\..*redhat\.com/aep3 - - registry\.qe\.openshift\.com/.* - - registry\.access\..*redhat\.com/rhel7/etcd - - docker.io/openshift - - - shell: "docker rmi -f {{ item.stdout_lines | join(' ') }}" - changed_when: False - failed_when: False - with_items: "{{ images_to_delete.results }}" - - - name: Remove sdn drop files - file: - path: /run/openshift-sdn - state: absent - - - name: restart docker - service: - name: docker - state: restarted - - - name: Remove remaining files - file: path={{ item }} state=absent - with_items: - - "~{{ ansible_ssh_user }}/.kube" - - /etc/ansible/facts.d/openshift.fact - - /etc/atomic-enterprise - - /etc/corosync - - /etc/etcd - - /etc/openshift - - /etc/openshift-sdn - - /etc/origin - - /etc/systemd/system/atomic-openshift-master.service - - /etc/systemd/system/atomic-openshift-master-api.service - - /etc/systemd/system/atomic-openshift-master-controllers.service - - /etc/systemd/system/atomic-openshift-node.service - - /etc/systemd/system/etcd_container.service - - /etc/systemd/system/openvswitch.service - - /etc/sysconfig/atomic-enterprise-master - - /etc/sysconfig/atomic-enterprise-master-api - - /etc/sysconfig/atomic-enterprise-master-controllers - - /etc/sysconfig/atomic-enterprise-node - - /etc/sysconfig/atomic-openshift-master - - /etc/sysconfig/atomic-openshift-master-api - - /etc/sysconfig/atomic-openshift-master-controllers - - /etc/sysconfig/atomic-openshift-node - - /etc/sysconfig/openshift-master - - /etc/sysconfig/openshift-node - - /etc/sysconfig/openvswitch - - /etc/sysconfig/origin-master - - /etc/sysconfig/origin-master-api - - /etc/sysconfig/origin-master-controllers - - /etc/sysconfig/origin-node - - /etc/systemd/system/atomic-openshift-node.service.wants - - /root/.kube - - /run/openshift-sdn - - /usr/share/openshift/examples - - /var/lib/atomic-enterprise - - /var/lib/etcd - - /var/lib/openshift - - /var/lib/origin - - /var/lib/pacemaker - - /usr/lib/systemd/system/atomic-openshift-master-api.service - - /usr/lib/systemd/system/atomic-openshift-master-controllers.service - - /usr/lib/systemd/system/origin-master-api.service - - /usr/lib/systemd/system/origin-master-controllers.service - - /usr/local/bin/openshift - - /usr/local/bin/oadm - - /usr/local/bin/oc - - /usr/local/bin/kubectl - - /etc/NetworkManager/dispatcher.d/99-origin-dns.sh - - /etc/dnsmasq.d/origin-dns.conf - - /etc/dnsmasq.d/origin-upstream-dns.conf - - # Since we are potentially removing the systemd unit files for separated - # master-api and master-controllers services, so we need to reload the - # systemd configuration manager - - name: Reload systemd manager configuration - command: systemctl daemon-reload + - name: Stop services + service: name={{ item }} state=stopped + with_items: + - atomic-enterprise-master + - atomic-openshift-master + - atomic-openshift-master-api + - atomic-openshift-master-controllers + - openshift-master + - openshift-master-api + - openshift-master-controllers + - origin-master + - origin-master-api + - origin-master-controllers + - pcsd + failed_when: false -- hosts: nodes + - name: unmask services + command: systemctl unmask "{{ item }}" + changed_when: False + failed_when: False + with_items: + - firewalld + - atomic-openshift-master + + - name: Remove packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" + when: not is_atomic | bool + with_items: + - atomic-enterprise + - atomic-enterprise-master + - atomic-openshift + - atomic-openshift-clients + - atomic-openshift-master + - cockpit-bridge + - cockpit-docker + - cockpit-shell + - cockpit-ws + - corosync + - kubernetes-client + - openshift + - openshift-master + - origin + - origin-clients + - origin-master + - pacemaker + - pcs + + - shell: systemctl reset-failed + changed_when: False + + - shell: systemctl daemon-reload + changed_when: False + + - name: Remove remaining files + file: path={{ item }} state=absent + with_items: + - "~{{ ansible_ssh_user }}/.kube" + - /etc/ansible/facts.d/openshift.fact + - /etc/atomic-enterprise + - /etc/corosync + - /etc/openshift + - /etc/openshift-sdn + - /etc/origin + - /etc/systemd/system/atomic-openshift-master.service + - /etc/systemd/system/atomic-openshift-master-api.service + - /etc/systemd/system/atomic-openshift-master-controllers.service + - /etc/systemd/system/origin-master.service + - /etc/systemd/system/origin-master-api.service + - /etc/systemd/system/origin-master-controllers.service + - /etc/systemd/system/openvswitch.service + - /etc/sysconfig/atomic-enterprise-master + - /etc/sysconfig/atomic-enterprise-master-api + - /etc/sysconfig/atomic-enterprise-master-controllers + - /etc/sysconfig/atomic-openshift-master + - /etc/sysconfig/atomic-openshift-master-api + - /etc/sysconfig/atomic-openshift-master-controllers + - /etc/sysconfig/origin-master + - /etc/sysconfig/origin-master-api + - /etc/sysconfig/origin-master-controllers + - /etc/sysconfig/openshift-master + - /etc/sysconfig/openvswitch + - /etc/sysconfig/origin-master + - /etc/sysconfig/origin-master-api + - /etc/sysconfig/origin-master-controllers + - /root/.kube + - /usr/share/openshift/examples + - /var/lib/atomic-enterprise + - /var/lib/openshift + - /var/lib/origin + - /var/lib/pacemaker + - /var/lib/pcsd + - /usr/lib/systemd/system/atomic-openshift-master-api.service + - /usr/lib/systemd/system/atomic-openshift-master-controllers.service + - /usr/lib/systemd/system/origin-master-api.service + - /usr/lib/systemd/system/origin-master-controllers.service + - /usr/local/bin/openshift + - /usr/local/bin/oadm + - /usr/local/bin/oc + - /usr/local/bin/kubectl + + # Since we are potentially removing the systemd unit files for separated + # master-api and master-controllers services, so we need to reload the + # systemd configuration manager + - name: Reload systemd manager configuration + command: systemctl daemon-reload + +- hosts: etcd + become: yes + tasks: + - name: Stop services + service: name={{ item }} state=stopped + with_items: + - etcd + failed_when: false + + - name: unmask services + command: systemctl unmask "{{ item }}" + changed_when: False + failed_when: False + with_items: + - etcd + - firewalld + + - name: Stop additional atomic services + service: name={{ item }} state=stopped + when: is_containerized | bool + with_items: + - etcd_container + failed_when: false + + - name: Remove packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" + when: not is_atomic | bool + with_items: + - etcd + + - shell: systemctl reset-failed + changed_when: False + + - shell: systemctl daemon-reload + changed_when: False + + - name: Remove remaining files + file: path={{ item }} state=absent + with_items: + - /etc/ansible/facts.d/openshift.fact + - /etc/etcd + - /etc/systemd/system/etcd_container.service + - /var/lib/etcd + +- hosts: lb become: yes tasks: - - name: restart docker - service: name=docker state=restarted - - name: restart NetworkManager - service: name=NetworkManager state=restarted + - name: Stop services + service: name={{ item }} state=stopped + with_items: + - haproxy + failed_when: false + + - name: unmask services + command: systemctl unmask "{{ item }}" + changed_when: False + failed_when: False + with_items: + - firewalld + + - name: Remove packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" + when: not is_atomic | bool + with_items: + - haproxy + + - shell: systemctl reset-failed + changed_when: False + + - shell: systemctl daemon-reload + changed_when: False + + - name: Remove remaining files + file: path={{ item }} state=absent + with_items: + - /etc/ansible/facts.d/openshift.fact + - /var/lib/haproxy diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml index 8402b3579..647c72239 100644 --- a/playbooks/aws/openshift-cluster/config.yml +++ b/playbooks/aws/openshift-cluster/config.yml @@ -1,7 +1,23 @@ +--- +- include: ../../common/openshift-cluster/verify_ansible_version.yml + +- hosts: localhost + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: "{{ g_all_hosts | default([]) }}" + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - include: ../../common/openshift-cluster/config.yml - vars_files: - - ../../aws/openshift-cluster/vars.yml - - ../../aws/openshift-cluster/cluster_hosts.yml vars: g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" g_sudo: "{{ deployment_vars[deployment_type].become }}" @@ -10,9 +26,8 @@ openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" openshift_public_hostname: "{{ ec2_ip_address }}" - openshift_registry_selector: 'type=infra' + openshift_hosted_registry_selector: 'type=infra' openshift_hosted_router_selector: 'type=infra' - openshift_infra_nodes: "{{ g_infra_hosts }}" openshift_node_labels: region: "{{ deployment_vars[deployment_type].region }}" type: "{{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] if inventory_hostname in groups['tag_host-type_node'] else hostvars[inventory_hostname]['ec2_tag_host-type'] }}" @@ -21,3 +36,4 @@ os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" openshift_use_flannel: "{{ lookup('oo_option', 'use_flannel') }}" openshift_use_fluentd: "{{ lookup('oo_option', 'use_fluentd') }}" + openshift_use_dnsmasq: false diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml index 7d5776ae6..d22c86cda 100644 --- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml @@ -150,6 +150,7 @@ groups: "{{ instance_groups }}" ec2_private_ip_address: "{{ item.1.private_ip }}" ec2_ip_address: "{{ item.1.public_ip }}" + ec2_tag_sub-host-type: "{{ sub_host_type }}" openshift_node_labels: "{{ node_label }}" logrotate_scripts: "{{ logrotate }}" with_together: diff --git a/playbooks/aws/openshift-cluster/templates/user_data.j2 b/playbooks/aws/openshift-cluster/templates/user_data.j2 index 2a3974a8c..b1087f9c4 100644 --- a/playbooks/aws/openshift-cluster/templates/user_data.j2 +++ b/playbooks/aws/openshift-cluster/templates/user_data.j2 @@ -3,8 +3,10 @@ mounts: - [ xvdb ] - [ ephemeral0 ] +{% endif %} write_files: +{% if type in ['node', 'master'] and 'docker' in volume_defs[type] %} - content: | DEVS=/dev/xvdb VG=docker_vg @@ -12,8 +14,7 @@ write_files: owner: root:root permissions: '0644' {% endif %} - -{% if deployment_vars[deployment_type].become %} +{% if deployment_vars[deployment_type].become | bool %} - path: /etc/sudoers.d/99-{{ deployment_vars[deployment_type].ssh_user }}-cloud-init-requiretty permissions: 440 content: | diff --git a/playbooks/aws/openshift-cluster/update.yml b/playbooks/aws/openshift-cluster/update.yml index bd31c42dd..d762203b2 100644 --- a/playbooks/aws/openshift-cluster/update.yml +++ b/playbooks/aws/openshift-cluster/update.yml @@ -1,12 +1,25 @@ --- +- hosts: localhost + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - name: Update - Populate oo_hosts_to_update group hosts: localhost connection: local become: no gather_facts: no - vars_files: - - vars.yml - - cluster_hosts.yml tasks: - name: Update - Evaluate oo_hosts_to_update add_host: @@ -14,7 +27,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - with_items: "{{ g_all_hosts | default([]) }}" + with_items: g_all_hosts | default([]) - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml deleted file mode 100644 index 44d9a3e25..000000000 --- a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Usage: -# ansible-playbook playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml -e deployment_type=<deployment_type> -e cluster_id=<cluster_id> -- include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml - vars_files: - - "{{lookup('file', '../../../../aws/openshift-cluster/vars.yml')}}" - - "{{lookup('file', '../../../../aws/openshift-cluster/cluster_hosts.yml')}}" - vars: - g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo: "{{ deployment_vars[deployment_type].become }}" - g_nodeonmaster: true - openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: "{{ debug_level }}" - openshift_deployment_type: "{{ deployment_type }}" - openshift_hostname: "{{ ec2_private_ip_address }}" - openshift_public_hostname: "{{ ec2_ip_address }}" diff --git a/playbooks/aws/openshift-cluster/vars.yml b/playbooks/aws/openshift-cluster/vars.yml index 8bda72ac2..d774187f0 100644 --- a/playbooks/aws/openshift-cluster/vars.yml +++ b/playbooks/aws/openshift-cluster/vars.yml @@ -17,7 +17,7 @@ deployment_rhel7_ent_base: deployment_vars: origin: # centos-7, requires marketplace - image: "{{ lookup('oo_option', 'ec2_image') | default('ami-61bbf104', True) }}" + image: "{{ lookup('oo_option', 'ec2_image') | default('ami-6d1c2007', True) }}" image_name: "{{ lookup('oo_option', 'ec2_image_name') | default(None, True) }}" region: "{{ lookup('oo_option', 'ec2_region') | default('us-east-1', True) }}" ssh_user: centos diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index c5479d098..0a931fbe0 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -1,4 +1,6 @@ --- +- include: ../../common/openshift-cluster/verify_ansible_version.yml + - hosts: localhost connection: local become: no @@ -8,7 +10,7 @@ - add_host: name: "{{ item }}" groups: l_oo_all_hosts - with_items: g_all_hosts + with_items: "{{ g_all_hosts | default([]) }}" - hosts: l_oo_all_hosts gather_facts: no diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml new file mode 100644 index 000000000..1c8d99341 --- /dev/null +++ b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml @@ -0,0 +1,18 @@ +--- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + +- include: ../../common/openshift-cluster/enable_dnsmasq.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml new file mode 100644 index 000000000..3a285ab9f --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml @@ -0,0 +1,47 @@ + +- name: Check for appropriate Docker versions + hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config + roles: + - openshift_facts + tasks: + - set_fact: + repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" + + - fail: + msg: Cannot upgrade Docker on Atomic operating systems. + when: openshift.common.is_atomic | bool + + - include: ../../../../common/openshift-cluster/upgrades/docker/upgrade_check.yml + when: docker_upgrade is not defined or docker_upgrade | bool + + +# If a node fails, halt everything, the admin will need to clean up and we +# don't want to carry on, potentially taking out every node. The playbook can safely be re-run +# and will not take any action on a node already running the requested docker version. +- name: Evacuate and upgrade nodes + hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config + serial: 1 + any_errors_fatal: true + tasks: + - name: Prepare for Node evacuation + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=false + delegate_to: "{{ groups.oo_first_master.0 }}" + when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_config + + - name: Evacuate Node for Kubelet upgrade + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --evacuate --force + delegate_to: "{{ groups.oo_first_master.0 }}" + when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_config + + - include: ../../../../common/openshift-cluster/upgrades/docker/upgrade.yml + when: l_docker_upgrade is defined and l_docker_upgrade | bool + + - name: Set node schedulability + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=true + delegate_to: "{{ groups.oo_first_master.0 }}" + when: openshift.node.schedulable | bool + when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_config and openshift.node.schedulable | bool + diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/roles b/playbooks/byo/openshift-cluster/upgrades/docker/roles index 6bc1a7aef..6bc1a7aef 120000 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/roles +++ b/playbooks/byo/openshift-cluster/upgrades/docker/roles diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml new file mode 100644 index 000000000..0f86abd89 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml @@ -0,0 +1,29 @@ +# Playbook to upgrade Docker to the max allowable version for an OpenShift cluster. +# +# Currently only supports upgrading 1.9.x to >= 1.10.x. +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: ../../cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts | default([]) + changed_when: false + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../cluster_hosts.yml + +- include: ../../../../common/openshift-cluster/evaluate_groups.yml + vars: + # Do not allow adding hosts during upgrade. + g_new_master_hosts: [] + g_new_node_hosts: [] + openshift_cluster_id: "{{ cluster_id | default('default') }}" + openshift_deployment_type: "{{ deployment_type }}" + +- include: docker_upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/README.md deleted file mode 100644 index c91a6cb96..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# v3.0 minor upgrade playbook -**Note:** This playbook will re-run installation steps overwriting any local -modifications. You should ensure that your inventory has been updated with any -modifications you've made after your initial installation. If you find any items -that cannot be configured via ansible please open an issue at -https://github.com/openshift/openshift-ansible - -## Overview -This playbook is available as a technical preview. It currently performs the -following steps. - - * Upgrade and restart master services - * Upgrade and restart node services - * Applies latest configuration by re-running the installation playbook - * Applies the latest cluster policies - * Updates the default router if one exists - * Updates the default registry if one exists - * Updates image streams and quickstarts - -## Usage -ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml deleted file mode 100644 index 628a07752..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- include: ../../../../common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml - vars_files: - - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}" - vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" - g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" - openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/README.md deleted file mode 100644 index eb1f481d7..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/README.md +++ /dev/null @@ -1,16 +0,0 @@ -# v3.0 to v3.1 upgrade playbook - -## Overview -This playbook currently performs the -following steps. - - * Upgrade and restart master services - * Upgrade and restart node services - * Modifies the subset of the configuration necessary - * Applies the latest cluster policies - * Updates the default router if one exists - * Updates the default registry if one exists - * Updates image streams and quickstarts - -## Usage -ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml deleted file mode 100644 index 8fadd2ce7..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml - vars_files: - - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}" - vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" - g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" - openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/README.md deleted file mode 100644 index b230835c3..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# v3.1 minor upgrade playbook -This upgrade will preserve all locally made configuration modifications to the -Masters and Nodes. - -## Overview -This playbook is available as a technical preview. It currently performs the -following steps. - - * Upgrade and restart master services - * Upgrade and restart node services - * Applies the latest cluster policies - * Updates the default router if one exists - * Updates the default registry if one exists - * Updates image streams and quickstarts - -## Usage -ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml deleted file mode 100644 index 42078584b..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_1_minor/upgrade.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- include: ../../../../common/openshift-cluster/evaluate_groups.yml - vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" - g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" - openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_deployment_type: "{{ deployment_type }}" -- include: ../../../../common/openshift-cluster/upgrades/v3_1_minor/pre.yml -- include: ../../../../common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml -- include: ../../../openshift-master/restart.yml -- include: ../../../../common/openshift-cluster/upgrades/v3_1_minor/post.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml deleted file mode 100644 index 0c91b51d6..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- include: ../../../../common/openshift-cluster/evaluate_groups.yml - vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" - g_new_master_hosts: [] - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" - openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_deployment_type: "{{ deployment_type }}" -- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml - vars: - openshift_deployment_type: "{{ deployment_type }}" -- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml - vars: - openshift_deployment_type: "{{ deployment_type }}" -- include: ../../../openshift-master/restart.yml -- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_2/README.md index 62577c3df..62577c3df 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/README.md +++ b/playbooks/byo/openshift-cluster/upgrades/v3_2/README.md diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml new file mode 100644 index 000000000..e28313221 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml @@ -0,0 +1,57 @@ +--- +- include: ../../../../common/openshift-cluster/verify_ansible_version.yml + +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts | default([]) + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + +- include: ../../../../common/openshift-cluster/evaluate_groups.yml + vars: + # Do not allow adding hosts during upgrade. + g_new_master_hosts: [] + g_new_node_hosts: [] + openshift_cluster_id: "{{ cluster_id | default('default') }}" + openshift_deployment_type: "{{ deployment_type }}" + +- name: Set oo_options + hosts: oo_all_hosts + tasks: + - set_fact: + openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}" + when: openshift_docker_additional_registries is not defined + - set_fact: + openshift_docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') }}" + when: openshift_docker_insecure_registries is not defined + - set_fact: + openshift_docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') }}" + when: openshift_docker_blocked_registries is not defined + - set_fact: + openshift_docker_options: "{{ lookup('oo_option', 'docker_options') }}" + when: openshift_docker_options is not defined + - set_fact: + openshift_docker_log_driver: "{{ lookup('oo_option', 'docker_log_driver') }}" + when: openshift_docker_log_driver is not defined + - set_fact: + openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}" + when: openshift_docker_log_options is not defined + +- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml + vars: + openshift_deployment_type: "{{ deployment_type }}" +- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml + vars: + openshift_deployment_type: "{{ deployment_type }}" +- include: ../../../openshift-master/restart.yml +- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml index db8703db6..d966b58fd 100644 --- a/playbooks/byo/openshift_facts.yml +++ b/playbooks/byo/openshift_facts.yml @@ -1,4 +1,6 @@ --- +- include: ../common/openshift-cluster/verify_ansible_version.yml + - hosts: localhost connection: local become: no diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml index 990ddd2f2..f093411ef 100644 --- a/playbooks/byo/rhel_subscribe.yml +++ b/playbooks/byo/rhel_subscribe.yml @@ -1,5 +1,23 @@ --- -- hosts: all +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: openshift-cluster/cluster_hosts.yml + +- include: ../common/openshift-cluster/evaluate_groups.yml + +- hosts: l_oo_all_hosts vars: openshift_deployment_type: "{{ deployment_type }}" roles: diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-cluster/additional_config.yml index 5ed1d3b3c..e9fb3de96 100644 --- a/playbooks/common/openshift-cluster/additional_config.yml +++ b/playbooks/common/openshift-cluster/additional_config.yml @@ -17,9 +17,8 @@ - role: openshift_master_cluster when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker" - role: openshift_examples + registry_url: "{{ openshift.master.registry_url }}" when: openshift.common.install_examples | bool - - role: openshift_cluster_metrics - when: openshift.common.use_cluster_metrics | bool - role: openshift_manageiq when: openshift.common.use_manageiq | bool - role: cockpit @@ -28,25 +27,4 @@ - role: flannel_register when: openshift.common.use_flannel | bool -- name: Create persistent volumes and create hosted services - hosts: oo_first_master - vars: - attach_registry_volume: "{{ openshift.hosted.registry.storage.kind != None }}" - deploy_infra: "{{ openshift.master.infra_nodes | default([]) | length > 0 }}" - persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" - persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" - roles: - - role: openshift_persistent_volumes - when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0 - - role: openshift_serviceaccounts - openshift_serviceaccounts_names: - - router - - registry - openshift_serviceaccounts_namespace: default - openshift_serviceaccounts_sccs: - - privileged - - role: openshift_registry - registry_volume_claim: "{{ openshift.hosted.registry.storage.volume.name }}-claim" - when: deploy_infra | bool and attach_registry_volume | bool - - role: openshift_metrics - when: openshift.hosted.metrics.deploy | bool + diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 99b36098a..5cf5df08e 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,8 +1,12 @@ --- - include: evaluate_groups.yml +- include: initialize_facts.yml + - include: validate_hostnames.yml +- include: initialize_openshift_version.yml + - name: Set oo_options hosts: oo_all_hosts tasks: @@ -29,6 +33,8 @@ - include: ../openshift-nfs/config.yml +- include: ../openshift-loadbalancer/config.yml + - include: ../openshift-master/config.yml - include: additional_config.yml diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml new file mode 100644 index 000000000..f2bcc872f --- /dev/null +++ b/playbooks/common/openshift-cluster/enable_dnsmasq.yml @@ -0,0 +1,66 @@ +--- +- include: evaluate_groups.yml + +- name: Load openshift_facts + hosts: oo_masters_to_config:oo_nodes_to_config + roles: + - openshift_facts + post_tasks: + - fail: msg="This playbook requires a master version of at least Origin 1.1 or OSE 3.1" + when: not openshift.common.version_gte_3_1_1_or_1_1_1 | bool + +- name: Reconfigure masters to listen on our new dns_port + hosts: oo_masters_to_config + handlers: + - include: ../../../roles/openshift_master/handlers/main.yml + vars: + os_firewall_allow: + - service: skydns tcp + port: "{{ openshift.master.dns_port }}/tcp" + - service: skydns udp + port: "{{ openshift.master.dns_port }}/udp" + roles: + - os_firewall + tasks: + - openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + use_dnsmasq: True + - role: master + local_facts: + dns_port: '8053' + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: dnsConfig.bindAddress + yaml_value: "{{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}" + notify: restart master + - meta: flush_handlers + +- name: Configure nodes for dnsmasq + hosts: oo_nodes_to_config + handlers: + - include: ../../../roles/openshift_node/handlers/main.yml + pre_tasks: + - openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + use_dnsmasq: True + - role: node + local_facts: + dns_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + vars: + openshift_deployment_type: "{{ deployment_type }}" + roles: + - openshift_node_dnsmasq + post_tasks: + - modify_yaml: + dest: "{{ openshift.common.config_base }}/node/node-config.yaml" + yaml_key: dnsIP + yaml_value: "{{ openshift.node.dns_ip }}" + notify: restart node diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index c5273b08f..3fb42a7fa 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -35,7 +35,7 @@ groups: oo_all_hosts ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_become: "{{ g_sudo | default(omit) }}" - with_items: g_all_hosts | default([]) + with_items: "{{ g_all_hosts | default([]) }}" - name: Evaluate oo_masters add_host: diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml new file mode 100644 index 000000000..04dde632b --- /dev/null +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -0,0 +1,13 @@ +--- +- name: Initialize host facts + hosts: oo_all_hosts + any_errors_fatal: true + roles: + - openshift_facts + tasks: + - openshift_facts: + role: common + local_facts: + hostname: "{{ openshift_hostname | default(None) }}" + - set_fact: + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml new file mode 100644 index 000000000..7112a6084 --- /dev/null +++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml @@ -0,0 +1,16 @@ +--- +# NOTE: requires openshift_facts be run +- name: Determine openshift_version to configure on first master + hosts: oo_first_master + roles: + - openshift_version + +# NOTE: We set this even on etcd hosts as they may also later run as masters, +# and we don't want to install wrong version of docker and have to downgrade +# later. +- name: Set openshift_version for all hosts + hosts: oo_all_hosts:!oo_first_master + vars: + openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}" + roles: + - openshift_version diff --git a/playbooks/common/openshift-cluster/library b/playbooks/common/openshift-cluster/library new file mode 120000 index 000000000..d0b7393d3 --- /dev/null +++ b/playbooks/common/openshift-cluster/library @@ -0,0 +1 @@ +../../../library/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index 1cbc0f544..c3077e3c2 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -1,5 +1,18 @@ +- name: Create persistent volumes + hosts: oo_first_master + vars: + persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" + persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" + roles: + - role: openshift_persistent_volumes + when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0 + - name: Create Hosted Resources hosts: oo_first_master + pre_tasks: + - set_fact: + openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}" + openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}" + when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master" roles: - role: openshift_hosted - openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}" diff --git a/playbooks/common/openshift-cluster/update_repos_and_packages.yml b/playbooks/common/openshift-cluster/update_repos_and_packages.yml index 1474bb3ca..e3d16d359 100644 --- a/playbooks/common/openshift-cluster/update_repos_and_packages.yml +++ b/playbooks/common/openshift-cluster/update_repos_and_packages.yml @@ -1,8 +1,15 @@ --- +- include: evaluate_groups.yml + - hosts: oo_hosts_to_update vars: openshift_deployment_type: "{{ deployment_type }}" roles: + # Explicitly calling openshift_facts because it appears that when + # rhel_subscribe is skipped that the openshift_facts dependency for + # openshift_repos is also skipped (this is the case at least for Ansible + # 2.0.2) + - openshift_facts - role: rhel_subscribe when: deployment_type in ["enterprise", "atomic-enterprise", "openshift-enterprise"] and ansible_distribution == "RedHat" and diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml new file mode 100644 index 000000000..20d66522f --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml @@ -0,0 +1,44 @@ +--- +# We need docker service up to remove all the images, but these services will keep +# trying to re-start and thus re-pull the images we're trying to delete. +- name: Stop containerized services + service: name={{ item }} state=stopped + with_items: + - "{{ openshift.common.service_type }}-master" + - "{{ openshift.common.service_type }}-master-api" + - "{{ openshift.common.service_type }}-master-controllers" + - "{{ openshift.common.service_type }}-node" + - etcd_container + - openvswitch + failed_when: false + when: openshift.common.is_containerized | bool + +- name: Remove all containers and images + script: nuke_images.sh docker + register: nuke_images_result + when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool + +- name: Upgrade Docker + action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version }} state=present" + +- name: Restart containerized services + service: name={{ item }} state=started + with_items: + - etcd_container + - openvswitch + - "{{ openshift.common.service_type }}-master" + - "{{ openshift.common.service_type }}-master-api" + - "{{ openshift.common.service_type }}-master-controllers" + - "{{ openshift.common.service_type }}-node" + failed_when: false + when: openshift.common.is_containerized | bool + +- name: Wait for master API to come back online + become: no + local_action: + module: wait_for + host="{{ inventory_hostname }}" + state=started + delay=10 + port="{{ openshift.master.api_port }}" + when: inventory_hostname in groups.oo_masters_to_config diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml new file mode 100644 index 000000000..06b3e244f --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml @@ -0,0 +1,51 @@ +--- + +# This snippet determines if a Docker upgrade is required by checking the inventory +# variables, the available packages, and sets l_docker_version to True if so. + +- set_fact: + docker_upgrade: True + when: docker_upgrade is not defined + +- name: Check if Docker is installed + command: rpm -q docker + register: pkg_check + failed_when: pkg_check.rc > 1 + changed_when: no + +- name: Get current version of Docker + command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" + register: curr_docker_version + changed_when: false + +- name: Get latest available version of Docker + command: > + {{ repoquery_cmd }} --qf '%{version}' "docker" + register: avail_docker_version + failed_when: false + changed_when: false + +- fail: + msg: This playbook requires access to Docker 1.10 or later + # Disable the 1.10 requirement if the user set a specific Docker version + when: avail_docker_version.stdout | version_compare('1.10','<') and docker_version is not defined + +# Default l_docker_upgrade to False, we'll set to True if an upgrade is required: +- set_fact: + l_docker_upgrade: False + +# Make sure a docker_verison is set if none was requested: +- set_fact: + docker_version: "{{ avail_docker_version.stdout }}" + when: docker_version is not defined + +- name: Flag for Docker upgrade if necessary + set_fact: + l_docker_upgrade: True + when: pkg_check.rc == 0 and curr_docker_version.stdout | version_compare(docker_version,'<') + +- name: Flag to delete all images prior to upgrade if crossing Docker 1.10 boundary + set_fact: + docker_upgrade_nuke_images: True + when: l_docker_upgrade | bool and docker_upgrade_nuke_images is not defined and curr_docker_version.stdout | version_compare('1.10','<') and docker_version | version_compare('1.10','>=') + diff --git a/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh b/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh new file mode 100644 index 000000000..6b155f7fa --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Stop any running containers +running_container_ids=`docker ps -q` +if test -n "$running_container_ids" +then + docker stop $running_container_ids +fi + +# Delete all containers +container_ids=`docker ps -a -q` +if test -n "$container_ids" +then + docker rm -f -v $container_ids +fi + +# Delete all images (forcefully) +image_ids=`docker images -q` +if test -n "$image_ids" +then + # Taken from: https://gist.github.com/brianclements/f72b2de8e307c7b56689#gistcomment-1443144 + docker rmi $(docker images | grep "$2/\|/$2 \| $2 \|$2 \|$2-\|$2_" | awk '{print $1 ":" $2}') 2>/dev/null || echo "No images matching \"$2\" left to purge." +fi diff --git a/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh deleted file mode 100644 index 96944a78b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -# Here we don't really care if this is a master, api, controller or node image. -# We just need to know the version of one of them. -unit_file=$(ls /etc/systemd/system/${1}*.service | head -n1) - -if [ ${1} == "origin" ]; then - image_name="openshift/origin" -elif grep aep $unit_file 2>&1 > /dev/null; then - image_name="aep3/node" -elif grep openshift3 $unit_file 2>&1 > /dev/null; then - image_name="openshift3/node" -fi - -installed=$(docker run --rm --entrypoint=/bin/openshift ${image_name} version 2> /dev/null | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') - -docker pull ${image_name} 2>&1 > /dev/null -available=$(docker run --rm --entrypoint=/bin/openshift ${image_name} version 2> /dev/null | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') - -echo "---" -echo "curr_version: ${installed}" -echo "avail_version: ${available}" diff --git a/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh index a2a9579b5..7bf249742 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh @@ -1,7 +1,11 @@ #!/bin/bash - -installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | sort -r | tr '\n' ' ') -available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ') +if [ `which dnf 2> /dev/null` ]; then + installed=$(dnf repoquery --installed --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null) + available=$(dnf repoquery --available --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null) +else + installed=$(repoquery --plugins --pkgnarrow=installed --qf '%{version}-%{release}' "${@}" 2> /dev/null) + available=$(repoquery --plugins --pkgnarrow=available --qf '%{version}-%{release}' "${@}" 2> /dev/null) +fi echo "---" echo "curr_version: ${installed}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/filter_plugins deleted file mode 120000 index 27ddaa18b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/library b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/library deleted file mode 120000 index 53bed9684..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/library +++ /dev/null @@ -1 +0,0 @@ -../library
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/lookup_plugins b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/lookup_plugins deleted file mode 120000 index cf407f69b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml deleted file mode 100644 index 51b108f6a..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- -- name: Evaluate groups - include: ../../evaluate_groups.yml - -- name: Re-Run cluster configuration to apply latest configuration changes - include: ../../config.yml - -- name: Upgrade masters - hosts: oo_masters_to_config - vars: - openshift_version: "{{ openshift_pkg_version | default('') }}" - tasks: - - name: Upgrade master packages - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version }} state=latest" - - name: Restart master services - service: name="{{ openshift.common.service_type}}-master" state=restarted - -- name: Upgrade nodes - hosts: oo_nodes_to_config - vars: - openshift_version: "{{ openshift_pkg_version | default('') }}" - tasks: - - name: Upgrade node packages - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version }} state=latest" - - name: Restart node services - service: name="{{ openshift.common.service_type }}-node" state=restarted - -- name: Determine new master version - hosts: oo_first_master - tasks: - - name: Determine new version - command: > - rpm -q --queryformat '%{version}' {{ openshift.common.service_type }}-master - register: _new_version - -- name: Ensure AOS 3.0.2 or Origin 1.0.6 - hosts: oo_first_master - tasks: - fail: This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later - when: _new_version.stdout | version_compare('1.0.6','<') or ( _new_version.stdout | version_compare('3.0','>=' and _new_version.stdout | version_compare('3.0.2','<') ) - -- name: Update cluster policy - hosts: oo_first_master - tasks: - - name: oadm policy reconcile-cluster-roles --additive-only=true --confirm - command: > - {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-roles --additive-only=true --confirm - -- name: Upgrade default router - hosts: oo_first_master - vars: - - router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', 'v' + _new_version.stdout ) }}" - - oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig" - tasks: - - name: Check for default router - command: > - {{ oc_cmd }} get -n default dc/router - register: _default_router - failed_when: false - changed_when: false - - name: Check for allowHostNetwork and allowHostPorts - when: _default_router.rc == 0 - shell: > - {{ oc_cmd }} get -o yaml scc/privileged | /usr/bin/grep -e allowHostPorts -e allowHostNetwork - register: _scc - - name: Grant allowHostNetwork and allowHostPorts - when: - - _default_router.rc == 0 - - "'false' in _scc.stdout" - command: > - {{ oc_cmd }} patch scc/privileged -p '{"allowHostPorts":true,"allowHostNetwork":true}' --loglevel=9 - - name: Update deployment config to 1.0.4/3.0.1 spec - when: _default_router.rc == 0 - command: > - {{ oc_cmd }} patch dc/router -p - '{"spec":{"strategy":{"rollingParams":{"updatePercent":-10},"spec":{"serviceAccount":"router","serviceAccountName":"router"}}}}' - - name: Switch to hostNetwork=true - when: _default_router.rc == 0 - command: > - {{ oc_cmd }} patch dc/router -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}' - - name: Update router image to current version - when: _default_router.rc == 0 - command: > - {{ oc_cmd }} patch dc/router -p - '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}' - -- name: Upgrade default - hosts: oo_first_master - vars: - - registry_image: "{{ openshift.master.registry_url | replace( '${component}', 'docker-registry' ) | replace ( '${version}', 'v' + _new_version.stdout ) }}" - - oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig" - tasks: - - name: Check for default registry - command: > - {{ oc_cmd }} get -n default dc/docker-registry - register: _default_registry - failed_when: false - changed_when: false - - name: Update registry image to current version - when: _default_registry.rc == 0 - command: > - {{ oc_cmd }} patch dc/docker-registry -p - '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' - -- name: Update image streams and templates - hosts: oo_first_master - vars: - openshift_examples_import_command: "update" - openshift_deployment_type: "{{ deployment_type }}" - roles: - - openshift_examples diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/filter_plugins deleted file mode 120000 index 27ddaa18b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/library b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/library deleted file mode 120000 index 53bed9684..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/library +++ /dev/null @@ -1 +0,0 @@ -../library
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/lookup_plugins b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/lookup_plugins deleted file mode 120000 index cf407f69b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/roles b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/roles deleted file mode 120000 index 6bc1a7aef..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/roles +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml deleted file mode 100644 index a72749a2b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ /dev/null @@ -1,645 +0,0 @@ ---- -############################################################################### -# Evaluate host groups and gather facts -############################################################################### -- name: Evaluate host groups - include: ../../evaluate_groups.yml - -- name: Load openshift_facts - hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config - roles: - - openshift_facts - -- name: Evaluate additional groups for upgrade - hosts: localhost - connection: local - become: no - tasks: - - name: Evaluate etcd_hosts_to_backup - add_host: - name: "{{ item }}" - groups: etcd_hosts_to_backup - with_items: groups.oo_etcd_to_config if groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config | length > 0 else groups.oo_first_master - - -############################################################################### -# Pre-upgrade checks -############################################################################### -- name: Verify upgrade can proceed - hosts: oo_first_master - vars: - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - target_version: "{{ '1.1' if deployment_type == 'origin' else '3.1' }}" - gather_facts: no - tasks: - # Pacemaker is currently the only supported upgrade path for multiple masters - - fail: - msg: "openshift_master_cluster_method must be set to 'pacemaker'" - when: openshift_master_ha | bool and ((openshift_master_cluster_method is not defined) or (openshift_master_cluster_method is defined and openshift_master_cluster_method != "pacemaker")) - - - fail: - msg: > - This upgrade is only supported for origin, openshift-enterprise, and online - deployment types - when: deployment_type not in ['origin','openshift-enterprise', 'online'] - - - fail: - msg: > - openshift_pkg_version is {{ openshift_pkg_version }} which is not a - valid version for a {{ target_version }} upgrade - when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(target_version ,'<') - - # If this script errors out ansible will show the default stdout/stderr - # which contains details for the user: - - script: ../files/pre-upgrade-check - - -- name: Verify upgrade can proceed - hosts: oo_masters_to_config:oo_nodes_to_config - vars: - target_version: "{{ '1.1' if deployment_type == 'origin' else '3.1' }}" - tasks: - - name: Clean package cache - command: "{{ ansible_pkg_mgr }} clean all" - - - set_fact: - g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}" - - - name: Determine available versions - script: ../files/rpm_versions.sh {{ g_new_service_name }} openshift - register: g_versions_result - - - set_fact: - g_aos_versions: "{{ g_versions_result.stdout | from_yaml }}" - - - set_fact: - g_new_version: "{{ g_aos_versions.curr_version.split('-', 1).0 if g_aos_versions.avail_version is none else g_aos_versions.avail_version.split('-', 1).0 }}" - when: openshift_pkg_version is not defined - - - set_fact: - g_new_version: "{{ openshift_pkg_version | replace('-','') }}" - when: openshift_pkg_version is defined - - - fail: - msg: This playbook requires Origin 1.0.6 or later - when: deployment_type == 'origin' and g_aos_versions.curr_version | version_compare('1.0.6','<') - - - fail: - msg: Upgrade packages not found - when: (g_aos_versions.avail_version | default(g_aos_versions.curr_version, true) | version_compare(target_version, '<')) - - - set_fact: - pre_upgrade_complete: True - - -############################################################################## -# Gate on pre-upgrade checks -############################################################################## -- name: Gate on pre-upgrade checks - hosts: localhost - connection: local - become: no - vars: - pre_upgrade_hosts: "{{ groups.oo_masters_to_config | union(groups.oo_nodes_to_config) }}" - tasks: - - set_fact: - pre_upgrade_completed: "{{ hostvars - | oo_select_keys(pre_upgrade_hosts) - | oo_collect('inventory_hostname', {'pre_upgrade_complete': true}) }}" - - set_fact: - pre_upgrade_failed: "{{ pre_upgrade_hosts | difference(pre_upgrade_completed) }}" - - fail: - msg: "Upgrade cannot continue. The following hosts did not complete pre-upgrade checks: {{ pre_upgrade_failed | join(',') }}" - when: pre_upgrade_failed | length > 0 - - - -############################################################################### -# Backup etcd -############################################################################### -- name: Backup etcd - hosts: etcd_hosts_to_backup - vars: - embedded_etcd: "{{ openshift.master.embedded_etcd }}" - timestamp: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" - roles: - - openshift_facts - tasks: - # Ensure we persist the etcd role for this host in openshift_facts - - openshift_facts: - role: etcd - local_facts: {} - when: "'etcd' not in openshift" - - - stat: path=/var/lib/openshift - register: var_lib_openshift - - - stat: path=/var/lib/origin - register: var_lib_origin - - - name: Create origin symlink if necessary - file: src=/var/lib/openshift/ dest=/var/lib/origin state=link - when: var_lib_openshift.stat.exists == True and var_lib_origin.stat.exists == False - - # TODO: replace shell module with command and update later checks - # We assume to be using the data dir for all backups. - - name: Check available disk space for etcd backup - shell: df --output=avail -k {{ openshift.common.data_dir }} | tail -n 1 - register: avail_disk - - # TODO: replace shell module with command and update later checks - - name: Check current embedded etcd disk usage - shell: du -k {{ openshift.etcd.etcd_data_dir }} | tail -n 1 | cut -f1 - register: etcd_disk_usage - when: embedded_etcd | bool - - - name: Abort if insufficient disk space for etcd backup - fail: - msg: > - {{ etcd_disk_usage.stdout }} Kb disk space required for etcd backup, - {{ avail_disk.stdout }} Kb available. - when: (embedded_etcd | bool) and (etcd_disk_usage.stdout|int > avail_disk.stdout|int) - - - name: Install etcd (for etcdctl) - action: "{{ ansible_pkg_mgr }} name=etcd state=latest" - - - name: Generate etcd backup - command: > - etcdctl backup --data-dir={{ openshift.etcd.etcd_data_dir }} - --backup-dir={{ openshift.common.data_dir }}/etcd-backup-{{ timestamp }} - - - set_fact: - etcd_backup_complete: True - - - name: Display location of etcd backup - debug: - msg: "Etcd backup created in {{ openshift.common.data_dir }}/etcd-backup-{{ timestamp }}" - - -############################################################################## -# Gate on etcd backup -############################################################################## -- name: Gate on etcd backup - hosts: localhost - connection: local - become: no - tasks: - - set_fact: - etcd_backup_completed: "{{ hostvars - | oo_select_keys(groups.etcd_hosts_to_backup) - | oo_collect('inventory_hostname', {'etcd_backup_complete': true}) }}" - - set_fact: - etcd_backup_failed: "{{ groups.etcd_hosts_to_backup | difference(etcd_backup_completed) }}" - - fail: - msg: "Upgrade cannot continue. The following hosts did not complete etcd backup: {{ etcd_backup_failed | join(',') }}" - when: etcd_backup_failed | length > 0 - - - -############################################################################### -# Upgrade Masters -############################################################################### -- name: Create temp directory for syncing certs - hosts: localhost - connection: local - become: no - gather_facts: no - tasks: - - name: Create local temp directory for syncing certs - local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX - register: g_master_mktemp - changed_when: False - -- name: Update deployment type - hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config - vars: - openshift_deployment_type: "{{ deployment_type }}" - roles: - - openshift_facts - -- name: Update master facts - hosts: oo_masters_to_config - roles: - - openshift_facts - post_tasks: - - openshift_facts: - role: master - local_facts: - cluster_method: "{{ openshift_master_cluster_method | default(None) }}" - -- name: Upgrade master packages and configuration - hosts: oo_masters_to_config - vars: - openshift_version: "{{ openshift_pkg_version | default('') }}" - roles: - - openshift_facts - tasks: - - name: Upgrade to latest available kernel - action: "{{ ansible_pkg_mgr}} name=kernel state=latest" - - - name: Upgrade master packages - command: "{{ ansible_pkg_mgr}} update -y {{ openshift.common.service_type }}-master{{ openshift_version }}" - when: openshift_pkg_version is not defined - - - name: Upgrade packages - command: "{{ ansible_pkg_mgr}} install -y {{ openshift.common.installed_variant_rpms | oo_31_rpm_rename_conversion(openshift_version) | join (' ')}}" - when: openshift_pkg_version is defined and deployment_type == 'openshift-enterprise' - - - name: Ensure python-yaml present for config upgrade - action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" - when: not openshift.common.is_atomic | bool - - - name: Upgrade master configuration - openshift_upgrade_config: - from_version: '3.0' - to_version: '3.1' - role: master - config_base: "{{ hostvars[inventory_hostname].openshift.common.config_base }}" - - - set_fact: - openshift_master_certs_no_etcd: - - admin.crt - - master.kubelet-client.crt - - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}" - - master.server.crt - - openshift-master.crt - - openshift-registry.crt - - openshift-router.crt - - etcd.server.crt - openshift_master_certs_etcd: - - master.etcd-client.crt - - - set_fact: - openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd)) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else openshift_master_certs_no_etcd }}" - - - name: Check status of master certificates - stat: - path: "{{ openshift.common.config_base }}/master/{{ item }}" - with_items: openshift_master_certs - register: g_master_cert_stat_result - - - set_fact: - master_certs_missing: "{{ False in (g_master_cert_stat_result.results - | oo_collect(attribute='stat.exists') - | list ) }}" - master_cert_subdir: master-{{ openshift.common.hostname }} - master_cert_config_dir: "{{ openshift.common.config_base }}/master" - - -- name: Generate missing master certificates - hosts: oo_first_master - vars: - master_hostnames: "{{ hostvars - | oo_select_keys(groups.oo_masters_to_config) - | oo_collect('openshift.common.all_hostnames') - | oo_flatten | unique }}" - master_generated_certs_dir: "{{ openshift.common.config_base }}/generated-configs" - masters_needing_certs: "{{ hostvars - | oo_select_keys(groups['oo_masters_to_config'] | difference(groups['oo_first_master'])) - | oo_filter_list(filter_attr='master_certs_missing') }}" - sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" - openshift_deployment_type: "{{ deployment_type }}" - roles: - - openshift_master_certificates - post_tasks: - - name: Remove generated etcd client certs when using external etcd - file: - path: "{{ master_generated_certs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" - state: absent - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config - with_nested: - - masters_needing_certs - - - master.etcd-client.crt - - master.etcd-client.key - - - name: Create a tarball of the master certs - command: > - tar -czvf {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz - -C {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }} . - with_items: masters_needing_certs - - - name: Retrieve the master cert tarball from the master - fetch: - src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz" - dest: "{{ sync_tmpdir }}/" - flat: yes - fail_on_missing: yes - validate_checksum: yes - with_items: masters_needing_certs - - -- name: Sync generated certs, update service config and restart master services - hosts: oo_masters_to_config - vars: - sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - openshift_deployment_type: "{{ deployment_type }}" - tasks: - - name: Unarchive the tarball on the master - unarchive: - src: "{{ sync_tmpdir }}/{{ master_cert_subdir }}.tgz" - dest: "{{ master_cert_config_dir }}" - when: inventory_hostname != groups.oo_first_master.0 - - - name: Restart master service - service: name="{{ openshift.common.service_type}}-master" state=restarted - when: not openshift_master_ha | bool - - - name: Ensure the master service is enabled - service: name="{{ openshift.common.service_type}}-master" state=started enabled=yes - when: not openshift_master_ha | bool - - - name: Check for configured cluster - stat: - path: /etc/corosync/corosync.conf - register: corosync_conf - when: openshift_master_ha | bool - - - name: Destroy cluster - command: pcs cluster destroy --all - when: openshift_master_ha | bool and corosync_conf.stat.exists == true - run_once: true - - - name: Start pcsd - service: name=pcsd enabled=yes state=started - when: openshift_master_ha | bool - - -- name: Re-create cluster - hosts: oo_first_master - vars: - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - openshift_deployment_type: "{{ deployment_type }}" - omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ') }}" - roles: - - role: openshift_master_cluster - when: openshift_master_ha | bool - - -- name: Delete temporary directory on localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tasks: - - file: name={{ g_master_mktemp.stdout }} state=absent - changed_when: False - - -- name: Set master update status to complete - hosts: oo_masters_to_config - tasks: - - set_fact: - master_update_complete: True - - -############################################################################## -# Gate on master update complete -############################################################################## -- name: Gate on master update - hosts: localhost - connection: local - become: no - tasks: - - set_fact: - master_update_completed: "{{ hostvars - | oo_select_keys(groups.oo_masters_to_config) - | oo_collect('inventory_hostname', {'master_update_complete': true}) }}" - - set_fact: - master_update_failed: "{{ groups.oo_masters_to_config | difference(master_update_completed) }}" - - fail: - msg: "Upgrade cannot continue. The following masters did not finish updating: {{ master_update_failed | join(',') }}" - when: master_update_failed | length > 0 - - -############################################################################### -# Upgrade Nodes -############################################################################### -- name: Upgrade nodes - hosts: oo_nodes_to_config - vars: - openshift_version: "{{ openshift_pkg_version | default('') }}" - roles: - - openshift_facts - tasks: - - name: Upgrade node packages - command: "{{ ansible_pkg_mgr }} update -y {{ openshift.common.service_type }}-node{{ openshift_version }}" - when: openshift_pkg_version is not defined - - - name: Upgrade packages - command: "{{ ansible_pkg_mgr}} install -y {{ openshift.common.installed_variant_rpms | oo_31_rpm_rename_conversion(openshift_version) | join (' ')}}" - when: openshift_pkg_version is defined and deployment_type == 'openshift-enterprise' - - - name: Restart node service - service: name="{{ openshift.common.service_type }}-node" state=restarted - - - name: Ensure node service enabled - service: name="{{ openshift.common.service_type }}-node" state=started enabled=yes - - - name: Install Ceph storage plugin dependencies - action: "{{ ansible_pkg_mgr }} name=ceph-common state=present" - - - name: Install GlusterFS storage plugin dependencies - action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present" - - - name: Set sebooleans to allow gluster storage plugin access from containers - seboolean: - name: "{{ item }}" - state: yes - persistent: yes - when: ansible_selinux and ansible_selinux.status == "enabled" - with_items: - - virt_use_fusefs - - virt_sandbox_use_fusefs - register: sebool_result - failed_when: "'state' not in sebool_result and 'msg' in sebool_result and 'SELinux boolean {{ item }} does not exist' not in sebool_result.msg" - - - set_fact: - node_update_complete: True - - -############################################################################## -# Gate on nodes update -############################################################################## -- name: Gate on nodes update - hosts: localhost - connection: local - become: no - tasks: - - set_fact: - node_update_completed: "{{ hostvars - | oo_select_keys(groups.oo_nodes_to_config) - | oo_collect('inventory_hostname', {'node_update_complete': true}) }}" - - set_fact: - node_update_failed: "{{ groups.oo_nodes_to_config | difference(node_update_completed) }}" - - fail: - msg: "Upgrade cannot continue. The following nodes did not finish updating: {{ node_update_failed | join(',') }}" - when: node_update_failed | length > 0 - - -############################################################################### -# Post upgrade - Reconcile Cluster Roles and Cluster Role Bindings -############################################################################### -- name: Reconcile Cluster Roles and Cluster Role Bindings - hosts: oo_masters_to_config - vars: - origin_reconcile_bindings: "{{ deployment_type == 'origin' and g_new_version | version_compare('1.0.6', '>') }}" - ent_reconcile_bindings: true - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - tasks: - - name: Reconcile Cluster Roles - command: > - {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-roles --additive-only=true --confirm - run_once: true - - - name: Reconcile Cluster Role Bindings - command: > - {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-role-bindings - --exclude-groups=system:authenticated - --exclude-groups=system:authenticated:oauth - --exclude-groups=system:unauthenticated - --exclude-users=system:anonymous - --additive-only=true --confirm - when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool - run_once: true - - - name: Restart master services - service: name="{{ openshift.common.service_type}}-master" state=restarted - when: not openshift_master_ha | bool - - - name: Restart master cluster - command: pcs resource restart master - when: openshift_master_ha | bool - run_once: true - - - name: Wait for the clustered master service to be available - wait_for: - host: "{{ openshift_master_cluster_vip }}" - port: 8443 - state: started - timeout: 180 - delay: 90 - when: openshift_master_ha | bool - run_once: true - - - set_fact: - reconcile_complete: True - - -############################################################################## -# Gate on reconcile -############################################################################## -- name: Gate on reconcile - hosts: localhost - connection: local - become: no - tasks: - - set_fact: - reconcile_completed: "{{ hostvars - | oo_select_keys(groups.oo_masters_to_config) - | oo_collect('inventory_hostname', {'reconcile_complete': true}) }}" - - set_fact: - reconcile_failed: "{{ groups.oo_masters_to_config | difference(reconcile_completed) }}" - - fail: - msg: "Upgrade cannot continue. The following masters did not finish reconciling: {{ reconcile_failed | join(',') }}" - when: reconcile_failed | length > 0 - - - - -############################################################################### -# Post upgrade - Upgrade default router, default registry and examples -############################################################################### -- name: Upgrade default router and default registry - hosts: oo_first_master - vars: - openshift_deployment_type: "{{ deployment_type }}" - registry_image: "{{ openshift.master.registry_url | replace( '${component}', 'docker-registry' ) | replace ( '${version}', 'v' + g_new_version ) }}" - router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', 'v' + g_new_version ) }}" - oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig" - roles: - # Create the new templates shipped in 3.1, existing templates are left - # unmodified. This prevents the subsequent role definition for - # openshift_examples from failing when trying to replace templates that do - # not already exist. We could have potentially done a replace --force to - # create and update in one step. - - openshift_examples - # Update the existing templates - - role: openshift_examples - openshift_examples_import_command: replace - pre_tasks: - - name: Collect all routers - command: > - {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json - register: all_routers - failed_when: false - changed_when: false - - - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}" - when: all_routers.rc == 0 - - - set_fact: haproxy_routers=[] - when: all_routers.rc != 0 - - - name: Check for allowHostNetwork and allowHostPorts - when: all_routers.rc == 0 - shell: > - {{ oc_cmd }} get -o yaml scc/privileged | /usr/bin/grep -e allowHostPorts -e allowHostNetwork - register: _scc - - - name: Grant allowHostNetwork and allowHostPorts - when: - - all_routers.rc == 0 - - "'false' in _scc.stdout" - command: > - {{ oc_cmd }} patch scc/privileged -p - '{"allowHostPorts":true,"allowHostNetwork":true}' --api-version=v1 - - - name: Update deployment config to 1.0.4/3.0.1 spec - when: all_routers.rc == 0 - command: > - {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p - '{"spec":{"strategy":{"rollingParams":{"updatePercent":-10},"spec":{"serviceAccount":"router","serviceAccountName":"router"}}}}' - --api-version=v1 - with_items: haproxy_routers - - - name: Switch to hostNetwork=true - when: all_routers.rc == 0 - command: > - {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}' - --api-version=v1 - with_items: haproxy_routers - - - name: Update router image to current version - when: all_routers.rc == 0 - command: > - {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p - '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}' - --api-version=v1 - with_items: haproxy_routers - when: not openshift.common.version_gte_3_1_1_or_1_1_1 - - - name: Update router image to current version - when: all_routers.rc == 0 - command: > - {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p - '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' - --api-version=v1 - with_items: haproxy_routers - when: openshift.common.version_gte_3_1_1_or_1_1_1 - - - name: Check for default registry - command: > - {{ oc_cmd }} get -n default dc/docker-registry - register: _default_registry - failed_when: false - changed_when: false - - - name: Update registry image to current version - when: _default_registry.rc == 0 - command: > - {{ oc_cmd }} patch dc/docker-registry -p - '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' - --api-version=v1 diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/filter_plugins deleted file mode 120000 index 27ddaa18b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/library b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/library deleted file mode 120000 index 53bed9684..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/library +++ /dev/null @@ -1 +0,0 @@ -../library
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/lookup_plugins b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/lookup_plugins deleted file mode 120000 index cf407f69b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml deleted file mode 100644 index 196393b2a..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -############################################################################### -# Post upgrade - Upgrade default router, default registry and examples -############################################################################### -- name: Upgrade default router and default registry - hosts: oo_first_master - vars: - openshift_deployment_type: "{{ deployment_type }}" - registry_image: "{{ openshift.master.registry_url | replace( '${component}', 'docker-registry' ) | replace ( '${version}', 'v' + g_new_version ) }}" - router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', 'v' + g_new_version ) }}" - oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig" - roles: - # Create the new templates shipped in 3.1.z, existing templates are left - # unmodified. This prevents the subsequent role definition for - # openshift_examples from failing when trying to replace templates that do - # not already exist. We could have potentially done a replace --force to - # create and update in one step. - - openshift_examples - # Update the existing templates - - role: openshift_examples - openshift_examples_import_command: replace - pre_tasks: - - name: Collect all routers - command: > - {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json - register: all_routers - failed_when: false - changed_when: false - - - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}" - when: all_routers.rc == 0 - - - set_fact: haproxy_routers=[] - when: all_routers.rc != 0 - - - name: Update router image to current version - when: all_routers.rc == 0 - command: > - {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p - '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' - --api-version=v1 - with_items: haproxy_routers - - - name: Check for default registry - command: > - {{ oc_cmd }} get -n default dc/docker-registry - register: _default_registry - failed_when: false - changed_when: false - - - name: Update registry image to current version - when: _default_registry.rc == 0 - command: > - {{ oc_cmd }} patch dc/docker-registry -p - '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' - --api-version=v1 - diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml deleted file mode 100644 index 66935e061..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -############################################################################### -# Evaluate host groups and gather facts -############################################################################### -- name: Load openshift_facts - hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config - roles: - - openshift_facts - -############################################################################### -# Pre-upgrade checks -############################################################################### -- name: Verify upgrade can proceed - hosts: oo_first_master - vars: - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - target_version: "{{ '1.1.1' if deployment_type == 'origin' else '3.1.1' }}" - gather_facts: no - tasks: - - fail: - msg: > - This upgrade is only supported for origin, openshift-enterprise, and online - deployment types - when: deployment_type not in ['origin','openshift-enterprise', 'online'] - - - fail: - msg: > - openshift_pkg_version is {{ openshift_pkg_version }} which is not a - valid version for a {{ target_version }} upgrade - when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(target_version ,'<') - -- name: Verify upgrade can proceed - hosts: oo_masters_to_config:oo_nodes_to_config - vars: - target_version: "{{ '1.1.1' if deployment_type == 'origin' else '3.1.1' }}" - tasks: - - name: Clean package cache - command: "{{ ansible_pkg_mgr }} clean all" - when: not openshift.common.is_atomic | bool - - - set_fact: - g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}" - - - name: Determine available versions - script: ../files/rpm_versions.sh {{ g_new_service_name }} - register: g_versions_result - - - set_fact: - g_aos_versions: "{{ g_versions_result.stdout | from_yaml }}" - - - set_fact: - g_new_version: "{{ g_aos_versions.curr_version.split('-', 1).0 if g_aos_versions.avail_version is none else g_aos_versions.avail_version.split('-', 1).0 }}" - - - fail: - msg: This playbook requires Origin 1.1 or later - when: deployment_type == 'origin' and g_aos_versions.curr_version | version_compare('1.1','<') - - - fail: - msg: This playbook requires Atomic Enterprise Platform/OpenShift Enterprise 3.1 or later - when: deployment_type == 'atomic-openshift' and g_aos_versions.curr_version | version_compare('3.1','<') - - - fail: - msg: Upgrade packages not found - when: (g_aos_versions.avail_version | default(g_aos_versions.curr_version, true) | version_compare(target_version, '<')) - - - set_fact: - pre_upgrade_complete: True - - -############################################################################## -# Gate on pre-upgrade checks -############################################################################## -- name: Gate on pre-upgrade checks - hosts: localhost - connection: local - become: no - vars: - pre_upgrade_hosts: "{{ groups.oo_masters_to_config | union(groups.oo_nodes_to_config) }}" - tasks: - - set_fact: - pre_upgrade_completed: "{{ hostvars - | oo_select_keys(pre_upgrade_hosts) - | oo_collect('inventory_hostname', {'pre_upgrade_complete': true}) }}" - - set_fact: - pre_upgrade_failed: "{{ pre_upgrade_hosts | difference(pre_upgrade_completed) }}" - - fail: - msg: "Upgrade cannot continue. The following hosts did not complete pre-upgrade checks: {{ pre_upgrade_failed | join(',') }}" - when: pre_upgrade_failed | length > 0 diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/roles b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/roles deleted file mode 120000 index 6bc1a7aef..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/roles +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml deleted file mode 100644 index 5e62b43a3..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml +++ /dev/null @@ -1,140 +0,0 @@ ---- -############################################################################### -# The restart playbook should be run after this playbook completes. -############################################################################### - -############################################################################### -# Upgrade Masters -############################################################################### -- name: Upgrade master packages and configuration - hosts: oo_masters_to_config - vars: - openshift_version: "{{ openshift_pkg_version | default('') }}" - tasks: - - name: Upgrade master packages - command: "{{ ansible_pkg_mgr}} update -y {{ openshift.common.service_type }}-master{{ openshift_version }}" - when: not openshift.common.is_containerized | bool - - - name: Ensure python-yaml present for config upgrade - action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" - when: not openshift.common.is_containerized | bool - -# Currently 3.1.1 does not have any new configuration settings -# -# - name: Upgrade master configuration -# openshift_upgrade_config: -# from_version: '3.0' -# to_version: '3.1' -# role: master -# config_base: "{{ hostvars[inventory_hostname].openshift.common.config_base }}" - -- name: Set master update status to complete - hosts: oo_masters_to_config - tasks: - - set_fact: - master_update_complete: True - -############################################################################## -# Gate on master update complete -############################################################################## -- name: Gate on master update - hosts: localhost - connection: local - become: no - tasks: - - set_fact: - master_update_completed: "{{ hostvars - | oo_select_keys(groups.oo_masters_to_config) - | oo_collect('inventory_hostname', {'master_update_complete': true}) }}" - - set_fact: - master_update_failed: "{{ groups.oo_masters_to_config | difference(master_update_completed) }}" - - fail: - msg: "Upgrade cannot continue. The following masters did not finish updating: {{ master_update_failed | join(',') }}" - when: master_update_failed | length > 0 - -############################################################################### -# Upgrade Nodes -############################################################################### -- name: Upgrade nodes - hosts: oo_nodes_to_config - vars: - openshift_version: "{{ openshift_pkg_version | default('') }}" - roles: - - openshift_facts - tasks: - - name: Upgrade node packages - command: "{{ ansible_pkg_mgr }} update -y {{ openshift.common.service_type }}-node{{ openshift_version }}" - when: not openshift.common.is_containerized | bool - - - name: Restart node service - service: name="{{ openshift.common.service_type }}-node" state=restarted - - - set_fact: - node_update_complete: True - -############################################################################## -# Gate on nodes update -############################################################################## -- name: Gate on nodes update - hosts: localhost - connection: local - become: no - tasks: - - set_fact: - node_update_completed: "{{ hostvars - | oo_select_keys(groups.oo_nodes_to_config) - | oo_collect('inventory_hostname', {'node_update_complete': true}) }}" - - set_fact: - node_update_failed: "{{ groups.oo_nodes_to_config | difference(node_update_completed) }}" - - fail: - msg: "Upgrade cannot continue. The following nodes did not finish updating: {{ node_update_failed | join(',') }}" - when: node_update_failed | length > 0 - -############################################################################### -# Reconcile Cluster Roles and Cluster Role Bindings -############################################################################### -- name: Reconcile Cluster Roles and Cluster Role Bindings - hosts: oo_masters_to_config - vars: - origin_reconcile_bindings: "{{ deployment_type == 'origin' and g_new_version | version_compare('1.0.6', '>') }}" - ent_reconcile_bindings: true - openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" - tasks: - - name: Reconcile Cluster Roles - command: > - {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-roles --additive-only=true --confirm - run_once: true - - - name: Reconcile Cluster Role Bindings - command: > - {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-role-bindings - --exclude-groups=system:authenticated - --exclude-groups=system:authenticated:oauth - --exclude-groups=system:unauthenticated - --exclude-users=system:anonymous - --additive-only=true --confirm - when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool - run_once: true - - - set_fact: - reconcile_complete: True - -############################################################################## -# Gate on reconcile -############################################################################## -- name: Gate on reconcile - hosts: localhost - connection: local - become: no - tasks: - - set_fact: - reconcile_completed: "{{ hostvars - | oo_select_keys(groups.oo_masters_to_config) - | oo_collect('inventory_hostname', {'reconcile_complete': true}) }}" - - set_fact: - reconcile_failed: "{{ groups.oo_masters_to_config | difference(reconcile_completed) }}" - - fail: - msg: "Upgrade cannot continue. The following masters did not finish reconciling: {{ reconcile_failed | join(',') }}" - when: reconcile_failed | length > 0 diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 new file mode 120000 index 000000000..cf20e8959 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/atomic-openshift-master.j2
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_node_upgrade.yml index 319758a06..60ea84f8e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_node_upgrade.yml @@ -1,7 +1,7 @@ - include_vars: ../../../../../roles/openshift_node/vars/main.yml - name: Update systemd units - include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version=v{{ g_new_version }} + include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version={{ openshift_image_tag }} - name: Verifying the correct version was configured shell: grep {{ verify_upgrade_version }} {{ item }} diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker new file mode 120000 index 000000000..5a3dd12b3 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/docker
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster new file mode 120000 index 000000000..3ee319365 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/docker-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml deleted file mode 100644 index d9177e8a0..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker_upgrade.yml +++ /dev/null @@ -1,14 +0,0 @@ -- name: Check if Docker is installed - command: rpm -q docker - register: pkg_check - failed_when: pkg_check.rc > 1 - changed_when: no - -- name: Upgrade Docker - command: "{{ ansible_pkg_mgr}} update -y docker" - when: pkg_check.rc == 0 and g_docker_version.curr_version | version_compare('1.9','<') - register: docker_upgrade - -- name: Restart Docker - service: name=docker state=restarted - when: docker_upgrade | changed diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster new file mode 120000 index 000000000..f44f8eb4f --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/native-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/node_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/node_upgrade.yml deleted file mode 100644 index a911f12be..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/node_upgrade.yml +++ /dev/null @@ -1,24 +0,0 @@ -- name: Prepare for Node evacuation - command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=false - delegate_to: "{{ groups.oo_first_master.0 }}" - -- name: Evacuate Node for Kubelet upgrade - command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --evacuate --force - delegate_to: "{{ groups.oo_first_master.0 }}" - -- include: rpm_upgrade.yml - vars: - component: "node" - openshift_version: "{{ openshift_pkg_version | default('') }}" - when: not openshift.common.is_containerized | bool - -- include: containerized_upgrade.yml - when: openshift.common.is_containerized | bool - -- name: Set node schedulability - command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=true - delegate_to: "{{ groups.oo_first_master.0 }}" - when: openshift.node.schedulable | bool diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/nuke_images.sh b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/nuke_images.sh new file mode 120000 index 000000000..49a51bba9 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/nuke_images.sh @@ -0,0 +1 @@ +../files/nuke_images.sh
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.dep.service b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.dep.service new file mode 120000 index 000000000..b384a3f4d --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.dep.service @@ -0,0 +1 @@ +../../../../../roles/openshift_node/templates/openshift.docker.node.dep.service
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.service b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.service new file mode 120000 index 000000000..a2f140144 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.service @@ -0,0 +1 @@ +../../../../../roles/openshift_node/templates/openshift.docker.node.service
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.docker.service b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.docker.service new file mode 120000 index 000000000..61946ff91 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.docker.service @@ -0,0 +1 @@ +../../../../../roles/openshift_node/templates/openvswitch.docker.service
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.sysconfig.j2 b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.sysconfig.j2 new file mode 120000 index 000000000..3adc56e4e --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.sysconfig.j2 @@ -0,0 +1 @@ +../../../../../roles/openshift_node/templates/openvswitch.sysconfig.j2
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml index 3fd97ac14..ccf9514f1 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml @@ -6,10 +6,11 @@ hosts: oo_first_master vars: openshift_deployment_type: "{{ deployment_type }}" - registry_image: "{{ openshift.master.registry_url | replace( '${component}', 'docker-registry' ) | replace ( '${version}', 'v' + g_new_version ) }}" - router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', 'v' + g_new_version ) }}" + registry_image: "{{ openshift.master.registry_url | replace( '${component}', 'docker-registry' ) | replace ( '${version}', openshift_image_tag ) }}" + router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', openshift_image_tag ) }}" oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig" roles: + - openshift_manageiq # Create the new templates shipped in 3.2, existing templates are left # unmodified. This prevents the subsequent role definition for # openshift_examples from failing when trying to replace templates that do @@ -18,6 +19,7 @@ - openshift_examples # Update the existing templates - role: openshift_examples + registry_url: "{{ openshift.master.registry_url }}" openshift_examples_import_command: replace pre_tasks: - name: Collect all routers @@ -36,7 +38,7 @@ - name: Update router image to current version when: all_routers.rc == 0 command: > - {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p + {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -n {{ item['namespace'] }} -p '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' --api-version=v1 with_items: haproxy_routers @@ -51,7 +53,7 @@ - name: Update registry image to current version when: _default_registry.rc == 0 command: > - {{ oc_cmd }} patch dc/docker-registry -p + {{ oc_cmd }} patch dc/docker-registry -n default -p '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' --api-version=v1 diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml index 1dd47dc15..a32123952 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -2,12 +2,26 @@ ############################################################################### # Evaluate host groups and gather facts ############################################################################### -- name: Load openshift_facts and update repos + +- include: ../../initialize_facts.yml + +- name: Update repos and initialize facts on all hosts hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config roles: - - openshift_facts - openshift_repos +- name: Set openshift_no_proxy_internal_hostnames + hosts: oo_masters_to_config:oo_nodes_to_config + tasks: + - set_fact: + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + openshift_generate_no_proxy_hosts | default(True) | bool }}" + - name: Evaluate additional groups for upgrade hosts: localhost connection: local @@ -22,10 +36,10 @@ ############################################################################### # Pre-upgrade checks ############################################################################### -- name: Verify upgrade can proceed +- name: Verify upgrade can proceed on first master hosts: oo_first_master vars: - target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" + target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" g_pacemaker_upgrade_url_segment: "{{ 'org/latest' if deployment_type =='origin' else '.com/enterprise/3.1' }}" gather_facts: no tasks: @@ -41,6 +55,11 @@ https://docs.openshift.{{ g_pacemaker_upgrade_url_segment }}/install_config/upgrading/pacemaker_to_native_ha.html when: openshift.master.cluster_method is defined and openshift.master.cluster_method == 'pacemaker' + # Error out in situations where the user has older versions specified in their + # inventory in any of the openshift_release, openshift_image_tag, and + # openshift_pkg_version variables. These must be removed or updated to proceed + # with upgrade. + # TODO: Should we block if you're *over* the next major release version as well? - fail: msg: > openshift_pkg_version is {{ openshift_pkg_version }} which is not a @@ -53,7 +72,29 @@ valid version for a {{ target_version }} upgrade when: openshift_image_tag is defined and openshift_image_tag.split('v',1).1 | version_compare(target_version ,'<') -- name: Verify upgrade can proceed + - set_fact: + openshift_release: "{{ openshift_release[1:] }}" + when: openshift_release is defined and openshift_release[0] == 'v' + + - fail: + msg: > + openshift_release is {{ openshift_release }} which is not a + valid release for a {{ target_version }} upgrade + when: openshift_release is defined and not openshift_release | version_compare(target_version ,'=') + +- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml + vars: + # Request openshift_release 3.2 and let the openshift_version role handle converting this + # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if + # defined, and overriding the normal behavior of protecting the installed version + openshift_release: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" + openshift_protect_installed_version: False + # Docker role (a dependency) should be told not to do anything to installed version + # of docker, we handle this separately during upgrade. (the inventory may have a + # docker_version defined, we don't want to actually do it until later) + docker_protect_installed_version: True + +- name: Verify master processes hosts: oo_masters_to_config roles: - openshift_facts @@ -84,10 +125,11 @@ enabled: yes when: openshift.master.ha is defined and openshift.master.ha | bool and openshift.common.is_containerized | bool -- name: Verify upgrade can proceed +- name: Verify node processes hosts: oo_nodes_to_config roles: - openshift_facts + - openshift_docker_facts tasks: - name: Ensure Node is running service: @@ -96,22 +138,20 @@ enabled: yes when: openshift.common.is_containerized | bool -- name: Verify upgrade can proceed +- name: Verify upgrade targets hosts: oo_masters_to_config:oo_nodes_to_config vars: - target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" - openshift_docker_hosted_registry_insecure: True + target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" - handlers: - - include: ../../../../../roles/openshift_master/handlers/main.yml - - include: ../../../../../roles/openshift_node/handlers/main.yml - roles: - # We want the cli role to evaluate so that the containerized oc/oadm wrappers - # are modified to use the correct image tag. However, this can trigger a - # docker restart if new configuration is laid down which would immediately - # pull the latest image and defeat the purpose of these tasks. - - openshift_cli pre_tasks: + - fail: + msg: Verify OpenShift is already installed + when: openshift.common.version is not defined + + - fail: + msg: Verify the correct version was found + when: verify_upgrade_version is defined and openshift_version != verify_upgrade_version + - name: Clean package cache command: "{{ ansible_pkg_mgr }} clean all" when: not openshift.common.is_atomic | bool @@ -120,58 +160,32 @@ g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}" when: not openshift.common.is_containerized | bool - - name: Determine available versions - script: ../files/rpm_versions.sh {{ g_new_service_name }} - register: g_rpm_versions_result - when: not openshift.common.is_containerized | bool - - - set_fact: - g_aos_versions: "{{ g_rpm_versions_result.stdout | from_yaml }}" - when: not openshift.common.is_containerized | bool - - - name: Determine available versions - script: ../files/openshift_container_versions.sh {{ openshift.common.service_type }} - register: g_containerized_versions_result - when: openshift.common.is_containerized | bool - - - set_fact: - g_aos_versions: "{{ g_containerized_versions_result.stdout | from_yaml }}" + - name: Verify containers are available for upgrade + command: > + docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" when: openshift.common.is_containerized | bool - - set_fact: - g_new_version: "{{ g_aos_versions.curr_version.split('-', 1).0 if g_aos_versions.avail_version is none else g_aos_versions.avail_version.split('-', 1).0 }}" - when: openshift_pkg_version is not defined - - - set_fact: - g_new_version: "{{ openshift_pkg_version | replace('-','') }}" - when: openshift_pkg_version is defined - - - set_fact: - g_new_version: "{{ openshift_image_tag | replace('v','') }}" - when: openshift_image_tag is defined - - - fail: - msg: Verifying the correct version was found - when: g_aos_versions.curr_version == "" - - - fail: - msg: Verifying the correct version was found - when: verify_upgrade_version is defined and g_new_version != verify_upgrade_version - - - include_vars: ../../../../../roles/openshift_master/vars/main.yml - when: inventory_hostname in groups.oo_masters_to_config - - - name: Update systemd units - include: ../../../../../roles/openshift_master/tasks/systemd_units.yml openshift_version=v{{ g_new_version }} - when: inventory_hostname in groups.oo_masters_to_config + - name: Check latest available OpenShift RPM version + command: > + {{ repoquery_cmd }} --qf '%{version}' "{{ openshift.common.service_type }}" + failed_when: false + changed_when: false + register: avail_openshift_version + when: not openshift.common.is_containerized | bool - - include_vars: ../../../../../roles/openshift_node/vars/main.yml - when: inventory_hostname in groups.oo_nodes_to_config + - name: Verify OpenShift 3.2 RPMs are available for upgrade + fail: + msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but 3.2 or greater is required" + when: deployment_type != 'origin' and not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<') - - name: Update systemd units - include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version=v{{ g_new_version }} - when: inventory_hostname in groups.oo_nodes_to_config + - name: Verify Origin 1.2 RPMs are available for upgrade + fail: + msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but 1.2 or greater is required" + when: deployment_type == 'origin' and not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<') + # TODO: Are these two grep checks necessary anymore? # Note: the version number is hardcoded here in hopes of catching potential # bugs in how g_aos_versions.curr_version is set - name: Verifying the correct version is installed for upgrade @@ -186,20 +200,19 @@ with_items: - /etc/systemd/system/openvswitch.service - /etc/systemd/system/{{ openshift.common.service_type }}*.service - when: openshift.common.is_containerized | bool + when: openshift.common.is_containerized | bool and verify_upgrade_version is defined - fail: - msg: This playbook requires Origin 1.1 or later - when: deployment_type == 'origin' and g_aos_versions.curr_version | version_compare('1.1','<') + msg: This upgrade playbook must be run on Origin 1.1 or later + when: deployment_type == 'origin' and openshift.common.version | version_compare('1.1','<') - fail: - msg: This playbook requires Atomic Enterprise Platform/OpenShift Enterprise 3.1 or later - when: deployment_type == 'atomic-openshift' and g_aos_versions.curr_version | version_compare('3.1','<') - - - fail: - msg: Upgrade packages not found - when: openshift_image_tag is not defined and (g_aos_versions.avail_version | default(g_aos_versions.curr_version, true) | version_compare(target_version, '<')) + msg: This upgrade playbook must be run on OpenShift Enterprise 3.1 or later + when: deployment_type == 'atomic-openshift' and openshift.common.version | version_compare('3.1','<') +- name: Verify docker upgrade targets + hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config + tasks: - name: Determine available Docker script: ../files/rpm_versions.sh docker register: g_docker_version_result @@ -219,8 +232,8 @@ when: openshift.common.is_atomic | bool - fail: - msg: This playbook requires access to Docker 1.9 or later - when: g_docker_version.avail_version | default(g_docker_version.curr_version, true) | version_compare('1.9','<') + msg: This playbook requires access to Docker 1.10 or later + when: g_docker_version.avail_version | default(g_docker_version.curr_version, true) | version_compare('1.10','<') # TODO: add check to upgrade ostree to get latest Docker @@ -254,7 +267,7 @@ - name: Backup etcd hosts: etcd_hosts_to_backup vars: - embedded_etcd: "{{ openshift.master.embedded_etcd }}" + embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" timestamp: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" roles: - openshift_facts diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml index 5c96ad094..f5e4d807e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml @@ -1,5 +1,6 @@ +# We verified latest rpm available is suitable, so just yum update. - name: Upgrade packages - command: "{{ ansible_pkg_mgr}} update -y {{ openshift.common.service_type }}-{{ component }}-{{ g_new_version }}" + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-{{ component }}{{ openshift_pkg_version }} state=present" - name: Ensure python-yaml present for config upgrade action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml index a91727ecd..59cedc839 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -3,37 +3,6 @@ # The restart playbook should be run after this playbook completes. ############################################################################### -- name: Upgrade docker - hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config - roles: - - openshift_facts - tasks: - - include: docker_upgrade.yml - when: not openshift.common.is_atomic | bool - - name: Set post docker install facts - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: docker - local_facts: - openshift_image_tag: "v{{ g_new_version }}" - openshift_version: "{{ g_new_version }}" - -# The cli image is used by openshift_docker_facts to determine the currently installed -# version. We need to explicitly pull the latest image to handle cases where -# the locally cached 'latest' tag is older the g_new_version. -- name: Download cli image - hosts: oo_masters_to_config:oo_nodes_to_config - roles: - - { role: openshift_docker_facts } - tasks: - - name: Pull Images - command: > - docker pull {{ item }}:latest - with_items: - - "{{ openshift.common.cli_image }}" - ############################################################################### # Upgrade Masters ############################################################################### @@ -50,7 +19,7 @@ - include_vars: ../../../../../roles/openshift_master/vars/main.yml - name: Update systemd units - include: ../../../../../roles/openshift_master/tasks/systemd_units.yml openshift_version=v{{ g_new_version }} + include: ../../../../../roles/openshift_master/tasks/systemd_units.yml # - name: Upgrade master configuration # openshift_upgrade_config: @@ -86,36 +55,55 @@ ############################################################################### # Upgrade Nodes ############################################################################### -- name: Upgrade nodes - hosts: oo_nodes_to_config + +# Here we handle all tasks that might require a node evac. (upgrading docker, and the node service) +- name: Perform upgrades that may require node evacuation + hosts: oo_masters_to_config:oo_etcd_to_config:oo_nodes_to_config serial: 1 + any_errors_fatal: true roles: - openshift_facts handlers: - include: ../../../../../roles/openshift_node/handlers/main.yml tasks: - - include: node_upgrade.yml + # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node + # or docker actually needs an upgrade before proceeding. Perhaps best to save this until + # we merge upgrade functionality into the base roles and a normal config.yml playbook run. + - name: Mark unschedulable if host is a node + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=false + delegate_to: "{{ groups.oo_first_master.0 }}" + when: inventory_hostname in groups.oo_nodes_to_config - - set_fact: - node_update_complete: True + - name: Evacuate Node for Kubelet upgrade + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --evacuate --force + delegate_to: "{{ groups.oo_first_master.0 }}" + when: inventory_hostname in groups.oo_nodes_to_config + + # Only check if docker upgrade is required if docker_upgrade is not + # already set to False. + - include: ../docker/upgrade_check.yml + when: docker_upgrade is not defined or docker_upgrade | bool and not openshift.common.is_atomic | bool + + - include: ../docker/upgrade.yml + when: l_docker_upgrade is defined and l_docker_upgrade | bool and not openshift.common.is_atomic | bool + + - include: rpm_upgrade.yml + vars: + component: "node" + openshift_version: "{{ openshift_pkg_version | default('') }}" + when: inventory_hostname in groups.oo_nodes_to_config and not openshift.common.is_containerized | bool + + - include: containerized_node_upgrade.yml + when: inventory_hostname in groups.oo_nodes_to_config and openshift.common.is_containerized | bool + + - name: Set node schedulability + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=true + delegate_to: "{{ groups.oo_first_master.0 }}" + when: inventory_hostname in groups.oo_nodes_to_config and openshift.node.schedulable | bool -############################################################################## -# Gate on nodes update -############################################################################## -- name: Gate on nodes update - hosts: localhost - connection: local - become: no - tasks: - - set_fact: - node_update_completed: "{{ hostvars - | oo_select_keys(groups.oo_nodes_to_config) - | oo_collect('inventory_hostname', {'node_update_complete': true}) }}" - - set_fact: - node_update_failed: "{{ groups.oo_nodes_to_config | difference(node_update_completed) }}" - - fail: - msg: "Upgrade cannot continue. The following nodes did not finish updating: {{ node_update_failed | join(',') }}" - when: node_update_failed | length > 0 ############################################################################### # Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints @@ -124,11 +112,10 @@ - name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints hosts: oo_masters_to_config roles: - - { role: openshift_cli, openshift_image_tag: "v{{ g_new_version }}" } + - { role: openshift_cli } vars: - origin_reconcile_bindings: "{{ deployment_type == 'origin' and g_new_version | version_compare('1.0.6', '>') }}" + origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}" ent_reconcile_bindings: true - openshift_docker_hosted_registry_insecure: True openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" tasks: - name: Verifying the correct commandline tools are available diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml index 0f562e019..50e25984f 100644 --- a/playbooks/common/openshift-cluster/validate_hostnames.yml +++ b/playbooks/common/openshift-cluster/validate_hostnames.yml @@ -1,6 +1,4 @@ --- -- include: evaluate_groups.yml - - name: Gather and set facts for node hosts hosts: oo_nodes_to_config roles: diff --git a/playbooks/common/openshift-cluster/verify_ansible_version.yml b/playbooks/common/openshift-cluster/verify_ansible_version.yml new file mode 100644 index 000000000..2a143b065 --- /dev/null +++ b/playbooks/common/openshift-cluster/verify_ansible_version.yml @@ -0,0 +1,10 @@ +--- +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Verify Ansible version is greater than or equal to 2.1.0.0 + fail: + msg: "Unsupported ansible version: {{ ansible_version.full }} found" + when: not ansible_version.full | version_compare('2.1.0.0', 'ge') diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 6cb3a954f..a95de8cf3 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -1,6 +1,7 @@ --- - name: Set etcd facts needed for generating certs hosts: oo_etcd_to_config + any_errors_fatal: true roles: - openshift_facts tasks: diff --git a/playbooks/common/openshift-loadbalancer/config.yml b/playbooks/common/openshift-loadbalancer/config.yml new file mode 100644 index 000000000..f4392173a --- /dev/null +++ b/playbooks/common/openshift-loadbalancer/config.yml @@ -0,0 +1,5 @@ +--- +- name: Configure load balancers + hosts: oo_lb_to_config + roles: + - role: openshift_loadbalancer diff --git a/playbooks/common/openshift-loadbalancer/filter_plugins b/playbooks/common/openshift-loadbalancer/filter_plugins new file mode 120000 index 000000000..99a95e4ca --- /dev/null +++ b/playbooks/common/openshift-loadbalancer/filter_plugins @@ -0,0 +1 @@ +../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-loadbalancer/lookup_plugins b/playbooks/common/openshift-loadbalancer/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/common/openshift-loadbalancer/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-loadbalancer/roles b/playbooks/common/openshift-loadbalancer/roles new file mode 120000 index 000000000..e2b799b9d --- /dev/null +++ b/playbooks/common/openshift-loadbalancer/roles @@ -0,0 +1 @@ +../../../roles/
\ No newline at end of file diff --git a/playbooks/common/openshift-loadbalancer/service.yml b/playbooks/common/openshift-loadbalancer/service.yml new file mode 100644 index 000000000..e06a14c89 --- /dev/null +++ b/playbooks/common/openshift-loadbalancer/service.yml @@ -0,0 +1,20 @@ +--- +- name: Populate g_service_nodes host group if needed + hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - fail: msg="new_cluster_state is required to be injected in this playbook" + when: new_cluster_state is not defined + + - name: Evaluate g_service_lb + add_host: name={{ item }} groups=g_service_lb + with_items: oo_host_group_exp | default([]) + +- name: Change state on lb instance(s) + hosts: g_service_lb + connection: ssh + gather_facts: no + tasks: + - service: name=haproxy state="{{ new_cluster_state }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 1f5e3aaff..2f12b08c9 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -46,7 +46,7 @@ openshift_hosted_metrics_duration: "{{ lookup('oo_option', 'openshift_hosted_metrics_duration') | default(7) }}" when: openshift_hosted_metrics_duration is not defined - set_fact: - openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default(10) }}" + openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default('10s', true) }}" when: openshift_hosted_metrics_resolution is not defined roles: - openshift_facts @@ -156,111 +156,6 @@ - master.etcd-ca.crt when: etcd_client_certs_missing is defined and etcd_client_certs_missing -- name: Determine if master certificates need to be generated - hosts: oo_first_master:oo_masters_to_config - tasks: - - set_fact: - openshift_master_certs_no_etcd: - - admin.crt - - master.kubelet-client.crt - - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}" - - master.server.crt - - openshift-master.crt - - openshift-registry.crt - - openshift-router.crt - - etcd.server.crt - openshift_master_certs_etcd: - - master.etcd-client.crt - - - set_fact: - openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd)) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else openshift_master_certs_no_etcd }}" - - - name: Check status of master certificates - stat: - path: "{{ openshift.common.config_base }}/master/{{ item }}" - with_items: "{{ openshift_master_certs }}" - register: g_master_cert_stat_result - - set_fact: - master_certs_missing: "{{ False in (g_master_cert_stat_result.results - | oo_collect(attribute='stat.exists') - | list ) }}" - master_cert_subdir: master-{{ openshift.common.hostname }} - master_cert_config_dir: "{{ openshift.common.config_base }}/master" - - set_fact: - openshift_infra_nodes: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']) - | oo_nodes_with_label('region', 'infra') - | oo_collect('inventory_hostname') }}" - when: openshift_infra_nodes is not defined and groups.oo_nodes_to_config | default([]) | length > 0 - -- name: Configure master certificates - hosts: oo_first_master - vars: - master_generated_certs_dir: "{{ openshift.common.config_base }}/generated-configs" - masters_needing_certs: "{{ hostvars - | oo_select_keys(groups['oo_masters_to_config'] | difference(groups['oo_first_master'])) - | oo_filter_list(filter_attr='master_certs_missing') }}" - master_hostnames: "{{ hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('openshift.common.all_hostnames') - | oo_flatten | unique }}" - sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" - roles: - - openshift_master_certificates - post_tasks: - - name: Remove generated etcd client certs when using external etcd - file: - path: "{{ master_generated_certs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" - state: absent - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config - with_nested: - - "{{ masters_needing_certs | default([]) }}" - - - master.etcd-client.crt - - master.etcd-client.key - - - name: Create a tarball of the master certs - command: > - tar -czvf {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz - -C {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }} . - args: - creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz" - with_items: "{{ masters_needing_certs | default([]) }}" - - - name: Retrieve the master cert tarball from the master - fetch: - src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz" - dest: "{{ sync_tmpdir }}/" - flat: yes - fail_on_missing: yes - validate_checksum: yes - with_items: "{{ masters_needing_certs | default([]) }}" - -- name: Configure load balancers - hosts: oo_lb_to_config - vars: - sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" - haproxy_limit_nofile: 100000 - haproxy_global_maxconn: 20000 - haproxy_default_maxconn: 20000 - haproxy_frontend_port: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }}" - haproxy_frontends: - - name: atomic-openshift-api - mode: tcp - options: - - tcplog - binds: - - "*:{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }}" - default_backend: atomic-openshift-api - haproxy_backends: - - name: atomic-openshift-api - mode: tcp - option: tcplog - balance: source - servers: "{{ hostvars | oo_select_keys(groups['oo_masters']) | oo_haproxy_backend_masters }}" - roles: - - role: openshift_facts - - role: haproxy - when: hostvars[groups.oo_first_master.0].openshift.master.ha | bool - - name: Check for cached session secrets hosts: oo_first_master roles: @@ -275,7 +170,7 @@ - name: Generate master session secrets hosts: oo_first_master vars: - g_session_secrets_present: "{{ (openshift.master.session_auth_secrets | default([]) and openshift.master.session_encryption_secrets | default([])) | length > 0 }}" + g_session_secrets_present: "{{ (openshift.master.session_auth_secrets | default([])) | length > 0 and (openshift.master.session_encryption_secrets | default([])) | length > 0 }}" g_session_auth_secrets: "{{ [ 24 | oo_generate_secret ] }}" g_session_encryption_secrets: "{{ [ 24 | oo_generate_secret ] }}" roles: @@ -295,7 +190,7 @@ vars: internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}" named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}" - named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].master_cert_config_dir }}/named_certificates/" + named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].openshift.common.config_base }}/master/named_certificates/" tasks: - set_fact: parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}" @@ -304,7 +199,7 @@ - name: Deploy named certificates hosts: oo_masters_to_config vars: - named_certs_dir: "{{ master_cert_config_dir }}/named_certificates/" + named_certs_dir: "{{ openshift.common.config_base }}/master/named_certificates/" named_certs_specified: "{{ openshift_master_named_certificates is defined }}" overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}" roles: @@ -329,36 +224,40 @@ when: named_certs_specified | bool - name: Land named certificates copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}" - with_items: openshift_master_named_certificates + with_items: "{{ openshift_master_named_certificates }}" when: named_certs_specified | bool - name: Land named certificate keys copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" mode=0600 - with_items: openshift_master_named_certificates + with_items: "{{ openshift_master_named_certificates }}" when: named_certs_specified | bool -- name: Configure master instances +- name: Configure masters hosts: oo_masters_to_config any_errors_fatal: true - serial: 1 vars: sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" openshift_master_ha: "{{ openshift.master.ha }}" openshift_master_count: "{{ openshift.master.master_count }}" openshift_master_session_auth_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_auth_secrets }}" openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}" - pre_tasks: - - name: Ensure certificate directory exists - file: - path: "{{ openshift.common.config_base }}/master" - state: directory - when: master_certs_missing | bool and 'oo_first_master' not in group_names - - name: Unarchive the tarball on the master - unarchive: - src: "{{ sync_tmpdir }}/{{ master_cert_subdir }}.tgz" - dest: "{{ master_cert_config_dir }}" - when: master_certs_missing | bool and 'oo_first_master' not in group_names + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - - openshift_master + - role: openshift_master + openshift_ca_host: "{{ groups.oo_first_master.0 }}" + openshift_master_etcd_hosts: "{{ hostvars + | oo_select_keys(groups['oo_etcd_to_config'] | default([])) + | oo_collect('openshift.common.hostname') + | default(none, true) }}" + openshift_master_hostnames: "{{ hostvars + | oo_select_keys(groups['oo_masters_to_config'] | default([])) + | oo_collect('openshift.common.all_hostnames') + | oo_flatten | unique }}" - role: nickhammond.logrotate - role: nuage_master when: openshift.common.use_nuage | bool diff --git a/playbooks/common/openshift-master/library b/playbooks/common/openshift-master/library new file mode 120000 index 000000000..d0b7393d3 --- /dev/null +++ b/playbooks/common/openshift-master/library @@ -0,0 +1 @@ +../../../library/
\ No newline at end of file diff --git a/playbooks/common/openshift-master/library/modify_yaml.py b/playbooks/common/openshift-master/library/modify_yaml.py deleted file mode 100755 index a4be10ca3..000000000 --- a/playbooks/common/openshift-master/library/modify_yaml.py +++ /dev/null @@ -1,95 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# vim: expandtab:tabstop=4:shiftwidth=4 - -''' modify_yaml ansible module ''' - -import yaml - -DOCUMENTATION = ''' ---- -module: modify_yaml -short_description: Modify yaml key value pairs -author: Andrew Butcher -requirements: [ ] -''' -EXAMPLES = ''' -- modify_yaml: - dest: /etc/origin/master/master-config.yaml - yaml_key: 'kubernetesMasterConfig.masterCount' - yaml_value: 2 -''' - -def main(): - ''' Modify key (supplied in jinja2 dot notation) in yaml file, setting - the key to the desired value. - ''' - - # disabling pylint errors for global-variable-undefined and invalid-name - # for 'global module' usage, since it is required to use ansible_facts - # pylint: disable=global-variable-undefined, invalid-name, - # redefined-outer-name - global module - - module = AnsibleModule( - argument_spec=dict( - dest=dict(required=True), - yaml_key=dict(required=True), - yaml_value=dict(required=True), - backup=dict(required=False, default=True, type='bool'), - ), - supports_check_mode=True, - ) - - dest = module.params['dest'] - yaml_key = module.params['yaml_key'] - yaml_value = module.safe_eval(module.params['yaml_value']) - backup = module.params['backup'] - - # Represent null values as an empty string. - # pylint: disable=missing-docstring, unused-argument - def none_representer(dumper, data): - return yaml.ScalarNode(tag=u'tag:yaml.org,2002:null', value=u'') - yaml.add_representer(type(None), none_representer) - - try: - changes = [] - - yaml_file = open(dest) - yaml_data = yaml.safe_load(yaml_file.read()) - yaml_file.close() - - ptr = yaml_data - for key in yaml_key.split('.'): - if key not in ptr and key != yaml_key.split('.')[-1]: - ptr[key] = {} - elif key == yaml_key.split('.')[-1]: - if (key in ptr and module.safe_eval(ptr[key]) != yaml_value) or (key not in ptr): - ptr[key] = yaml_value - changes.append((yaml_key, yaml_value)) - else: - ptr = ptr[key] - - if len(changes) > 0: - if backup: - module.backup_local(dest) - yaml_file = open(dest, 'w') - yaml_string = yaml.dump(yaml_data, default_flow_style=False) - yaml_string = yaml_string.replace('\'\'', '""') - yaml_file.write(yaml_string) - yaml_file.close() - - return module.exit_json(changed=(len(changes) > 0), changes=changes) - - # ignore broad-except error to avoid stack trace to ansible user - # pylint: disable=broad-except - except Exception, e: - return module.fail_json(msg=str(e)) - -# ignore pylint errors related to the module_utils import -# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import -# import module snippets -from ansible.module_utils.basic import * - -if __name__ == '__main__': - main() diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index f0bb91568..a8c49d37b 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -19,23 +19,6 @@ labels: "{{ openshift_node_labels | default(None) }}" annotations: "{{ openshift_node_annotations | default(None) }}" schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" - - name: Check status of node certificates - stat: - path: "{{ openshift.common.config_base }}/node/{{ item }}" - with_items: - - "system:node:{{ openshift.common.hostname }}.crt" - - "system:node:{{ openshift.common.hostname }}.key" - - "system:node:{{ openshift.common.hostname }}.kubeconfig" - - ca.crt - - server.key - - server.crt - register: stat_result - - set_fact: - certs_missing: "{{ stat_result.results | oo_collect(attribute='stat.exists') - | list | intersect([false])}}" - node_subdir: node-{{ openshift.common.hostname }} - config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}" - node_cert_dir: "{{ openshift.common.config_base }}/node" - name: Create temp directory for syncing certs hosts: localhost @@ -48,53 +31,6 @@ register: mktemp changed_when: False -- name: Create node certificates - hosts: oo_first_master - vars: - nodes_needing_certs: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config'] - | default([])) - | oo_filter_list(filter_attr='certs_missing') }}" - sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" - roles: - - openshift_node_certificates - post_tasks: - - name: Create a tarball of the node config directories - command: > - tar -czvf {{ item.config_dir }}.tgz - --transform 's|system:{{ item.node_subdir }}|node|' - -C {{ item.config_dir }} . - args: - creates: "{{ item.config_dir }}.tgz" - with_items: "{{ nodes_needing_certs | default([]) }}" - - - name: Retrieve the node config tarballs from the master - fetch: - src: "{{ item.config_dir }}.tgz" - dest: "{{ sync_tmpdir }}/" - flat: yes - fail_on_missing: yes - validate_checksum: yes - with_items: "{{ nodes_needing_certs | default([]) }}" - -- name: Deploy node certificates - hosts: oo_nodes_to_config - vars: - sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}" - tasks: - - name: Ensure certificate directory exists - file: - path: "{{ node_cert_dir }}" - state: directory - # TODO: notify restart node - # possibly test service started time against certificate/config file - # timestamps in node to trigger notify - - name: Unarchive the tarball on the node - unarchive: - src: "{{ sync_tmpdir }}/{{ node_subdir }}.tgz" - dest: "{{ node_cert_dir }}" - when: certs_missing - - name: Evaluate node groups hosts: localhost become: no @@ -115,26 +51,34 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" - # TODO: configure these based on - # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of - # hardcoding - openshift_docker_hosted_registry_insecure: "{{ openshift.docker.hosted_registry_insecure | default(True) }}" openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - - openshift_node + - role: openshift_node + openshift_ca_host: "{{ groups.oo_first_master.0 }}" - name: Configure node instances hosts: oo_nodes_to_config:!oo_containerized_master_nodes vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" - # TODO: configure these based on - # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of - # hardcoding - openshift_docker_hosted_registry_insecure: "{{ openshift.docker.hosted_registry_insecure | default(True) }}" openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + openshift_generate_no_proxy_hosts | default(True) | bool }}" roles: - - openshift_node + - role: openshift_node + openshift_ca_host: "{{ groups.oo_first_master.0 }}" - name: Gather and set facts for flannel certificatess hosts: oo_nodes_to_config @@ -148,15 +92,15 @@ register: g_external_etcd_flannel_cert_stat_result when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) - set_fact: - etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results + etcd_client_flannel_certs_missing: "{{ False in g_external_etcd_flannel_cert_stat_result.results | oo_collect(attribute='stat.exists') - | list | intersect([false])}}" + | list }}" etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }} etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" etcd_cert_prefix: node.etcd- etcd_hostname: "{{ openshift.common.hostname }}" etcd_ip: "{{ openshift.common.ip }}" - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool) + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config | length > 0 and (openshift.common.use_flannel | bool) - name: Configure flannel etcd certificates hosts: oo_first_etcd @@ -166,9 +110,8 @@ pre_tasks: - set_fact: etcd_needing_client_certs: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_filter_list(filter_attr='etcd_client_flannel_certs_missing') | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + | oo_select_keys(groups['oo_nodes_to_config']) + | oo_filter_list('etcd_client_flannel_certs_missing') | default([]) }}" roles: - role: openshift_etcd_certificates when: openshift_use_flannel | default(false) | bool @@ -180,7 +123,6 @@ args: creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" with_items: "{{ etcd_needing_client_certs | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing - name: Retrieve the etcd cert tarballs fetch: src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz" @@ -189,7 +131,6 @@ fail_on_missing: yes validate_checksum: yes with_items: "{{ etcd_needing_client_certs | default([]) }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing - name: Copy the external etcd flannel certs to the nodes hosts: oo_nodes_to_config @@ -200,12 +141,12 @@ file: path: "{{ openshift.common.config_base }}/node" state: directory - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - name: Unarchive the tarball on the master unarchive: src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz" dest: "{{ etcd_cert_config_dir }}" - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - file: path: "{{ etcd_cert_config_dir }}/{{ item }}" owner: root @@ -215,7 +156,7 @@ - node.etcd-client.crt - node.etcd-client.key - node.etcd-ca.crt - when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing + when: etcd_client_flannel_certs_missing | default(false) | bool - name: Additional node config diff --git a/playbooks/gce/openshift-cluster/config.yml b/playbooks/gce/openshift-cluster/config.yml index 475d29293..8e46c5919 100644 --- a/playbooks/gce/openshift-cluster/config.yml +++ b/playbooks/gce/openshift-cluster/config.yml @@ -1,8 +1,23 @@ --- +- hosts: localhost + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + ansible_become: "{{ deployment_vars[deployment_type].become }}" + with_items: "{{ g_all_hosts | default([]) }}" + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - include: ../../common/openshift-cluster/config.yml - vars_files: - - ../../gce/openshift-cluster/vars.yml - - ../../gce/openshift-cluster/cluster_hosts.yml vars: g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" g_sudo: "{{ deployment_vars[deployment_type].become }}" @@ -11,9 +26,8 @@ openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" openshift_hostname: "{{ gce_private_ip }}" - openshift_registry_selector: 'type=infra' + openshift_hosted_registry_selector: 'type=infra' openshift_hosted_router_selector: 'type=infra' - openshift_infra_nodes: "{{ g_infra_hosts }}" openshift_master_cluster_method: 'native' openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" diff --git a/playbooks/gce/openshift-cluster/library/gce.py b/playbooks/gce/openshift-cluster/library/gce.py new file mode 100644 index 000000000..fcaa3b850 --- /dev/null +++ b/playbooks/gce/openshift-cluster/library/gce.py @@ -0,0 +1,543 @@ +#!/usr/bin/python +# Copyright 2013 Google Inc. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +DOCUMENTATION = ''' +--- +module: gce +version_added: "1.4" +short_description: create or terminate GCE instances +description: + - Creates or terminates Google Compute Engine (GCE) instances. See + U(https://cloud.google.com/products/compute-engine) for an overview. + Full install/configuration instructions for the gce* modules can + be found in the comments of ansible/test/gce_tests.py. +options: + image: + description: + - image string to use for the instance + required: false + default: "debian-7" + instance_names: + description: + - a comma-separated list of instance names to create or destroy + required: false + default: null + machine_type: + description: + - machine type to use for the instance, use 'n1-standard-1' by default + required: false + default: "n1-standard-1" + metadata: + description: + - a hash/dictionary of custom data for the instance; + '{"key":"value", ...}' + required: false + default: null + service_account_email: + version_added: "1.5.1" + description: + - service account email + required: false + default: null + service_account_permissions: + version_added: "2.0" + description: + - service account permissions (see + U(https://cloud.google.com/sdk/gcloud/reference/compute/instances/create), + --scopes section for detailed information) + required: false + default: null + choices: [ + "bigquery", "cloud-platform", "compute-ro", "compute-rw", + "computeaccounts-ro", "computeaccounts-rw", "datastore", "logging-write", + "monitoring", "sql", "sql-admin", "storage-full", "storage-ro", + "storage-rw", "taskqueue", "userinfo-email" + ] + pem_file: + version_added: "1.5.1" + description: + - path to the pem file associated with the service account email + required: false + default: null + project_id: + version_added: "1.5.1" + description: + - your GCE project ID + required: false + default: null + name: + description: + - identifier when working with a single instance + required: false + network: + description: + - name of the network, 'default' will be used if not specified + required: false + default: "default" + persistent_boot_disk: + description: + - if set, create the instance with a persistent boot disk + required: false + default: "false" + disks: + description: + - a list of persistent disks to attach to the instance; a string value + gives the name of the disk; alternatively, a dictionary value can + define 'name' and 'mode' ('READ_ONLY' or 'READ_WRITE'). The first entry + will be the boot disk (which must be READ_WRITE). + required: false + default: null + version_added: "1.7" + state: + description: + - desired state of the resource + required: false + default: "present" + choices: ["active", "present", "absent", "deleted"] + tags: + description: + - a comma-separated list of tags to associate with the instance + required: false + default: null + zone: + description: + - the GCE zone to use + required: true + default: "us-central1-a" + ip_forward: + version_added: "1.9" + description: + - set to true if the instance can forward ip packets (useful for + gateways) + required: false + default: "false" + external_ip: + version_added: "1.9" + description: + - type of external ip, ephemeral by default + required: false + default: "ephemeral" + disk_auto_delete: + version_added: "1.9" + description: + - if set boot disk will be removed after instance destruction + required: false + default: "true" + +requirements: + - "python >= 2.6" + - "apache-libcloud >= 0.13.3" +notes: + - Either I(name) or I(instance_names) is required. +author: "Eric Johnson (@erjohnso) <erjohnso@google.com>" +''' + +EXAMPLES = ''' +# Basic provisioning example. Create a single Debian 7 instance in the +# us-central1-a Zone of n1-standard-1 machine type. +- local_action: + module: gce + name: test-instance + zone: us-central1-a + machine_type: n1-standard-1 + image: debian-7 + +# Example using defaults and with metadata to create a single 'foo' instance +- local_action: + module: gce + name: foo + metadata: '{"db":"postgres", "group":"qa", "id":500}' + + +# Launch instances from a control node, runs some tasks on the new instances, +# and then terminate them +- name: Create a sandbox instance + hosts: localhost + vars: + names: foo,bar + machine_type: n1-standard-1 + image: debian-6 + zone: us-central1-a + service_account_email: unique-email@developer.gserviceaccount.com + pem_file: /path/to/pem_file + project_id: project-id + tasks: + - name: Launch instances + local_action: gce instance_names={{names}} machine_type={{machine_type}} + image={{image}} zone={{zone}} + service_account_email={{ service_account_email }} + pem_file={{ pem_file }} project_id={{ project_id }} + register: gce + - name: Wait for SSH to come up + local_action: wait_for host={{item.public_ip}} port=22 delay=10 + timeout=60 state=started + with_items: {{gce.instance_data}} + +- name: Configure instance(s) + hosts: launched + sudo: True + roles: + - my_awesome_role + - my_awesome_tasks + +- name: Terminate instances + hosts: localhost + connection: local + tasks: + - name: Terminate instances that were previously launched + local_action: + module: gce + state: 'absent' + instance_names: {{gce.instance_names}} + +''' + +try: + import libcloud + from libcloud.compute.types import Provider + from libcloud.compute.providers import get_driver + from libcloud.common.google import GoogleBaseError, QuotaExceededError, \ + ResourceExistsError, ResourceInUseError, ResourceNotFoundError + _ = Provider.GCE + HAS_LIBCLOUD = True +except ImportError: + HAS_LIBCLOUD = False + +try: + from ast import literal_eval + HAS_PYTHON26 = True +except ImportError: + HAS_PYTHON26 = False + + +def get_instance_info(inst): + """Retrieves instance information from an instance object and returns it + as a dictionary. + + """ + metadata = {} + if 'metadata' in inst.extra and 'items' in inst.extra['metadata']: + for md in inst.extra['metadata']['items']: + metadata[md['key']] = md['value'] + + try: + netname = inst.extra['networkInterfaces'][0]['network'].split('/')[-1] + except: + netname = None + if 'disks' in inst.extra: + disk_names = [disk_info['source'].split('/')[-1] + for disk_info + in sorted(inst.extra['disks'], + key=lambda disk_info: disk_info['index'])] + else: + disk_names = [] + + if len(inst.public_ips) == 0: + public_ip = None + else: + public_ip = inst.public_ips[0] + + return({ + 'image': inst.image is not None and inst.image.split('/')[-1] or None, + 'disks': disk_names, + 'machine_type': inst.size, + 'metadata': metadata, + 'name': inst.name, + 'network': netname, + 'private_ip': inst.private_ips[0], + 'public_ip': public_ip, + 'status': ('status' in inst.extra) and inst.extra['status'] or None, + 'tags': ('tags' in inst.extra) and inst.extra['tags'] or [], + 'zone': ('zone' in inst.extra) and inst.extra['zone'].name or None, + }) + + +def create_instances(module, gce, instance_names): + """Creates new instances. Attributes other than instance_names are picked + up from 'module' + + module : AnsibleModule object + gce: authenticated GCE libcloud driver + instance_names: python list of instance names to create + + Returns: + A list of dictionaries with instance information + about the instances that were launched. + + """ + image = module.params.get('image') + machine_type = module.params.get('machine_type') + metadata = module.params.get('metadata') + network = module.params.get('network') + persistent_boot_disk = module.params.get('persistent_boot_disk') + disks = module.params.get('disks') + state = module.params.get('state') + tags = module.params.get('tags') + zone = module.params.get('zone') + ip_forward = module.params.get('ip_forward') + external_ip = module.params.get('external_ip') + disk_auto_delete = module.params.get('disk_auto_delete') + service_account_permissions = module.params.get('service_account_permissions') + service_account_email = module.params.get('service_account_email') + + if external_ip == "none": + external_ip = None + + new_instances = [] + changed = False + + lc_image = gce.ex_get_image(image) + lc_disks = [] + disk_modes = [] + for i, disk in enumerate(disks or []): + if isinstance(disk, dict): + lc_disks.append(gce.ex_get_volume(disk['name'])) + disk_modes.append(disk['mode']) + else: + lc_disks.append(gce.ex_get_volume(disk)) + # boot disk is implicitly READ_WRITE + disk_modes.append('READ_ONLY' if i > 0 else 'READ_WRITE') + lc_network = gce.ex_get_network(network) + lc_machine_type = gce.ex_get_size(machine_type) + lc_zone = gce.ex_get_zone(zone) + + # Try to convert the user's metadata value into the format expected + # by GCE. First try to ensure user has proper quoting of a + # dictionary-like syntax using 'literal_eval', then convert the python + # dict into a python list of 'key' / 'value' dicts. Should end up + # with: + # [ {'key': key1, 'value': value1}, {'key': key2, 'value': value2}, ...] + if metadata: + if isinstance(metadata, dict): + md = metadata + else: + try: + md = literal_eval(str(metadata)) + if not isinstance(md, dict): + raise ValueError('metadata must be a dict') + except ValueError as e: + module.fail_json(msg='bad metadata: %s' % str(e)) + except SyntaxError as e: + module.fail_json(msg='bad metadata syntax') + + if hasattr(libcloud, '__version__') and libcloud.__version__ < '0.15': + items = [] + for k, v in md.items(): + items.append({"key": k, "value": v}) + metadata = {'items': items} + else: + metadata = md + + ex_sa_perms = [] + bad_perms = [] + if service_account_permissions: + for perm in service_account_permissions: + if perm not in gce.SA_SCOPES_MAP.keys(): + bad_perms.append(perm) + if len(bad_perms) > 0: + module.fail_json(msg='bad permissions: %s' % str(bad_perms)) + if service_account_email: + ex_sa_perms.append({'email': service_account_email}) + else: + ex_sa_perms.append({'email': "default"}) + ex_sa_perms[0]['scopes'] = service_account_permissions + + # These variables all have default values but check just in case + if not lc_image or not lc_network or not lc_machine_type or not lc_zone: + module.fail_json(msg='Missing required create instance variable', + changed=False) + + for name in instance_names: + pd = None + if lc_disks: + pd = lc_disks[0] + elif persistent_boot_disk: + try: + pd = gce.create_volume(None, "%s" % name, image=lc_image) + except ResourceExistsError: + pd = gce.ex_get_volume("%s" % name, lc_zone) + inst = None + try: + inst = gce.create_node( + name, lc_machine_type, lc_image, location=lc_zone, + ex_network=network, ex_tags=tags, ex_metadata=metadata, + ex_boot_disk=pd, ex_can_ip_forward=ip_forward, + external_ip=external_ip, ex_disk_auto_delete=disk_auto_delete, + ex_service_accounts=ex_sa_perms + ) + changed = True + except ResourceExistsError: + inst = gce.ex_get_node(name, lc_zone) + except GoogleBaseError as e: + module.fail_json(msg='Unexpected error attempting to create ' + + 'instance %s, error: %s' % (name, e.value)) + + for i, lc_disk in enumerate(lc_disks): + # Check whether the disk is already attached + if (len(inst.extra['disks']) > i): + attached_disk = inst.extra['disks'][i] + if attached_disk['source'] != lc_disk.extra['selfLink']: + module.fail_json( + msg=("Disk at index %d does not match: requested=%s found=%s" % ( + i, lc_disk.extra['selfLink'], attached_disk['source']))) + elif attached_disk['mode'] != disk_modes[i]: + module.fail_json( + msg=("Disk at index %d is in the wrong mode: requested=%s found=%s" % ( + i, disk_modes[i], attached_disk['mode']))) + else: + continue + gce.attach_volume(inst, lc_disk, ex_mode=disk_modes[i]) + # Work around libcloud bug: attached volumes don't get added + # to the instance metadata. get_instance_info() only cares about + # source and index. + if len(inst.extra['disks']) != i+1: + inst.extra['disks'].append( + {'source': lc_disk.extra['selfLink'], 'index': i}) + + if inst: + new_instances.append(inst) + + instance_names = [] + instance_json_data = [] + for inst in new_instances: + d = get_instance_info(inst) + instance_names.append(d['name']) + instance_json_data.append(d) + + return (changed, instance_json_data, instance_names) + + +def terminate_instances(module, gce, instance_names, zone_name): + """Terminates a list of instances. + + module: Ansible module object + gce: authenticated GCE connection object + instance_names: a list of instance names to terminate + zone_name: the zone where the instances reside prior to termination + + Returns a dictionary of instance names that were terminated. + + """ + changed = False + terminated_instance_names = [] + for name in instance_names: + inst = None + try: + inst = gce.ex_get_node(name, zone_name) + except ResourceNotFoundError: + pass + except Exception as e: + module.fail_json(msg=unexpected_error_msg(e), changed=False) + if inst: + gce.destroy_node(inst) + terminated_instance_names.append(inst.name) + changed = True + + return (changed, terminated_instance_names) + + +def main(): + module = AnsibleModule( + argument_spec=dict( + image=dict(default='debian-7'), + instance_names=dict(), + machine_type=dict(default='n1-standard-1'), + metadata=dict(), + name=dict(), + network=dict(default='default'), + persistent_boot_disk=dict(type='bool', default=False), + disks=dict(type='list'), + state=dict(choices=['active', 'present', 'absent', 'deleted'], + default='present'), + tags=dict(type='list'), + zone=dict(default='us-central1-a'), + service_account_email=dict(), + service_account_permissions=dict(type='list'), + pem_file=dict(), + project_id=dict(), + ip_forward=dict(type='bool', default=False), + external_ip=dict(choices=['ephemeral', 'none'], + default='ephemeral'), + disk_auto_delete=dict(type='bool', default=True), + ) + ) + + if not HAS_PYTHON26: + module.fail_json(msg="GCE module requires python's 'ast' module, python v2.6+") + if not HAS_LIBCLOUD: + module.fail_json(msg='libcloud with GCE support (0.13.3+) required for this module') + + gce = gce_connect(module) + + image = module.params.get('image') + instance_names = module.params.get('instance_names') + machine_type = module.params.get('machine_type') + metadata = module.params.get('metadata') + name = module.params.get('name') + network = module.params.get('network') + persistent_boot_disk = module.params.get('persistent_boot_disk') + state = module.params.get('state') + tags = module.params.get('tags') + zone = module.params.get('zone') + ip_forward = module.params.get('ip_forward') + changed = False + + inames = [] + if isinstance(instance_names, list): + inames = instance_names + elif isinstance(instance_names, str): + inames = instance_names.split(',') + if name: + inames.append(name) + if not inames: + module.fail_json(msg='Must specify a "name" or "instance_names"', + changed=False) + if not zone: + module.fail_json(msg='Must specify a "zone"', changed=False) + + json_output = {'zone': zone} + if state in ['absent', 'deleted']: + json_output['state'] = 'absent' + (changed, terminated_instance_names) = terminate_instances( + module, gce, inames, zone) + + # based on what user specified, return the same variable, although + # value could be different if an instance could not be destroyed + if instance_names: + json_output['instance_names'] = terminated_instance_names + elif name: + json_output['name'] = name + + elif state in ['active', 'present']: + json_output['state'] = 'present' + (changed, instance_data, instance_name_list) = create_instances( + module, gce, inames) + json_output['instance_data'] = instance_data + if instance_names: + json_output['instance_names'] = instance_name_list + elif name: + json_output['name'] = name + + json_output['changed'] = changed + module.exit_json(**json_output) + +# import module snippets +from ansible.module_utils.basic import * +from ansible.module_utils.gce import * +if __name__ == '__main__': + main() diff --git a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml index e3efd8566..c5c479052 100644 --- a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml @@ -17,6 +17,11 @@ - clusterid-{{ cluster_id }} - host-type-{{ type }} - sub-host-type-{{ g_sub_host_type }} + metadata: + startup-script: | + #!/bin/bash + echo "Defaults:{{ deployment_vars[deployment_type].ssh_user }} !requiretty" > /etc/sudoers.d/99-{{ deployment_vars[deployment_type].ssh_user }} + when: instances |length > 0 register: gce diff --git a/playbooks/gce/openshift-cluster/update.yml b/playbooks/gce/openshift-cluster/update.yml index 9b7a2777a..332f27da7 100644 --- a/playbooks/gce/openshift-cluster/update.yml +++ b/playbooks/gce/openshift-cluster/update.yml @@ -1,12 +1,25 @@ --- +- hosts: localhost + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - name: Populate oo_hosts_to_update group hosts: localhost connection: local become: no gather_facts: no - vars_files: - - vars.yml - - cluster_hosts.yml tasks: - name: Evaluate oo_hosts_to_update add_host: @@ -14,7 +27,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - with_items: "{{ g_all_hosts | default([]) }}" + with_items: g_all_hosts | default([]) - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/libvirt/openshift-cluster/config.yml b/playbooks/libvirt/openshift-cluster/config.yml index 81a6fff0d..299325fc4 100644 --- a/playbooks/libvirt/openshift-cluster/config.yml +++ b/playbooks/libvirt/openshift-cluster/config.yml @@ -2,10 +2,26 @@ # TODO: need to figure out a plan for setting hostname, currently the default # is localhost, so no hostname value (or public_hostname) value is getting # assigned + +- include: ../../common/openshift-cluster/verify_ansible_version.yml + +- hosts: localhost + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: "{{ g_all_hosts | default([]) }}" + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - include: ../../common/openshift-cluster/config.yml - vars_files: - - ../../libvirt/openshift-cluster/vars.yml - - ../../libvirt/openshift-cluster/cluster_hosts.yml vars: g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" g_sudo: "{{ deployment_vars[deployment_type].become }}" @@ -13,11 +29,11 @@ openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" - openshift_registry_selector: 'type=infra' + openshift_hosted_registry_selector: 'type=infra' openshift_hosted_router_selector: 'type=infra' - openshift_infra_nodes: "{{ g_infra_hosts }}" openshift_master_cluster_method: 'native' openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" openshift_use_flannel: "{{ lookup('oo_option', 'use_flannel') }}" openshift_use_fluentd: "{{ lookup('oo_option', 'use_fluentd') }}" + openshift_use_dnsmasq: false diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml index 7231f255a..cc34d0ef9 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml @@ -39,14 +39,14 @@ file: dest: '{{ libvirt_storage_pool_path }}/{{ item }}_configdrive/' state: directory - with_items: instances + with_items: '{{ instances }}' - name: Create the cloud-init config drive files template: src: '{{ item[1] }}' dest: '{{ libvirt_storage_pool_path }}/{{ item[0] }}_configdrive/{{ item[1] }}' with_nested: - - instances + - '{{ instances }}' - [ user-data, meta-data ] - name: Create the cloud-init config drive @@ -54,18 +54,18 @@ args: chdir: '{{ libvirt_storage_pool_path }}/{{ item }}_configdrive/' creates: '{{ libvirt_storage_pool_path }}/{{ item }}_cloud-init.iso' - with_items: instances + with_items: '{{ instances }}' - name: Refresh the libvirt storage pool for openshift command: 'virsh -c {{ libvirt_uri }} pool-refresh {{ libvirt_storage_pool }}' - name: Create VM drives command: 'virsh -c {{ libvirt_uri }} vol-create-as {{ libvirt_storage_pool }} {{ item }}.qcow2 10G --format qcow2 --backing-vol {{ image_name }} --backing-vol-format qcow2' - with_items: instances + with_items: '{{ instances }}' - name: Create VM docker drives command: 'virsh -c {{ libvirt_uri }} vol-create-as {{ libvirt_storage_pool }} {{ item }}-docker.qcow2 10G --format qcow2 --allocation 0' - with_items: instances + with_items: '{{ instances }}' - name: Create VMs virt: @@ -73,17 +73,17 @@ command: define xml: "{{ lookup('template', '../templates/domain.xml') }}" uri: '{{ libvirt_uri }}' - with_items: instances + with_items: '{{ instances }}' - name: Start VMs virt: name: '{{ item }}' state: running uri: '{{ libvirt_uri }}' - with_items: instances + with_items: '{{ instances }}' - name: Wait for the VMs to get an IP - shell: 'virsh -c {{ libvirt_uri }} net-dhcp-leases openshift-ansible | egrep -c ''{{ instances | join("|") }}''' + shell: 'virsh -c {{ libvirt_uri }} net-dhcp-leases {{ libvirt_network }} | egrep -c ''{{ instances | join("|") }}''' register: nb_allocated_ips until: nb_allocated_ips.stdout == '{{ instances | length }}' retries: 60 @@ -91,9 +91,9 @@ when: instances | length != 0 - name: Collect IP addresses of the VMs - shell: 'virsh -c {{ libvirt_uri }} net-dhcp-leases openshift-ansible | awk ''$6 == "{{ item }}" {gsub(/\/.*/, "", $5); print $5}''' + shell: 'virsh -c {{ libvirt_uri }} net-dhcp-leases {{ libvirt_network }} | awk ''$6 == "{{ item }}" {gsub(/\/.*/, "", $5); print $5}''' register: scratch_ip - with_items: instances + with_items: '{{ instances }}' - set_fact: ips: "{{ scratch_ip.results | default([]) | oo_collect('stdout') }}" @@ -117,14 +117,14 @@ groups: "tag_environment-{{ cluster_env }}, tag_host-type-{{ type }}, tag_sub-host-type-{{ g_sub_host_type }}, tag_clusterid-{{ cluster_id }}" openshift_node_labels: "{{ node_label }}" with_together: - - instances - - ips + - '{{ instances }}' + - '{{ ips }}' - name: Wait for ssh wait_for: host: '{{ item }}' port: 22 - with_items: ips + with_items: '{{ ips }}' - name: Wait for openshift user setup command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null openshift@{{ item.1 }} echo openshift user is setup' @@ -133,5 +133,5 @@ retries: 30 delay: 1 with_together: - - instances - - ips + - '{{ instances }}' + - '{{ ips }}'
\ No newline at end of file diff --git a/playbooks/libvirt/openshift-cluster/templates/domain.xml b/playbooks/libvirt/openshift-cluster/templates/domain.xml index 8e96cec8d..88504a5f6 100644 --- a/playbooks/libvirt/openshift-cluster/templates/domain.xml +++ b/playbooks/libvirt/openshift-cluster/templates/domain.xml @@ -19,6 +19,9 @@ <apic/> <pae/> </features> + <cpu mode='host-model'> + <model fallback='allow'/> + </cpu> <clock offset='utc'> <timer name='rtc' tickpolicy='catchup'/> <timer name='pit' tickpolicy='delay'/> @@ -30,22 +33,22 @@ <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> <disk type='file' device='disk'> - <driver name='qemu' type='qcow2'/> + <driver name='qemu' type='qcow2' discard='unmap'/> <source file='{{ libvirt_storage_pool_path }}/{{ item }}.qcow2'/> - <target dev='vda' bus='virtio'/> + <target dev='sda' bus='scsi'/> </disk> <disk type='file' device='disk'> - <driver name='qemu' type='qcow2'/> + <driver name='qemu' type='qcow2' discard='unmap'/> <source file='{{ libvirt_storage_pool_path }}/{{ item }}-docker.qcow2'/> - <target dev='vdb' bus='virtio'/> + <target dev='sdb' bus='scsi'/> </disk> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='{{ libvirt_storage_pool_path }}/{{ item }}_cloud-init.iso'/> - <target dev='vdc' bus='virtio'/> + <target dev='sdc' bus='scsi'/> <readonly/> </disk> - <controller type='usb' index='0' /> + <controller type='scsi' model='virtio-scsi' /> <interface type='network'> <source network='{{ libvirt_network }}'/> <model type='virtio'/> @@ -56,17 +59,6 @@ <console type='pty'> <target type='serial' port='0'/> </console> - <channel type='spicevmc'> - <target type='virtio' name='com.redhat.spice.0'/> - </channel> - <input type='tablet' bus='usb' /> - <input type='mouse' bus='ps2'/> - <graphics type='spice' autoport='yes' /> - <video> - <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1'/> - </video> - <redirdev bus='usb' type='spicevmc'> - </redirdev> <memballoon model='virtio'> </memballoon> </devices> diff --git a/playbooks/libvirt/openshift-cluster/templates/user-data b/playbooks/libvirt/openshift-cluster/templates/user-data index 8b79940f4..fbcf7c886 100644 --- a/playbooks/libvirt/openshift-cluster/templates/user-data +++ b/playbooks/libvirt/openshift-cluster/templates/user-data @@ -5,7 +5,7 @@ hostname: {{ item[0] }} fqdn: {{ item[0] }}.example.com mounts: -- [ vdb ] +- [ sdb ] users: - default @@ -26,12 +26,18 @@ write_files: permissions: 440 content: | Defaults:openshift !requiretty - - content: | - DEVS=/dev/vdb - VG=docker_vg - path: /etc/sysconfig/docker-storage-setup + - path: /etc/sysconfig/docker-storage-setup owner: root:root permissions: '0644' + content: | + DEVS=/dev/sdb + VG=docker_vg + EXTRA_DOCKER_STORAGE_OPTIONS='--storage-opt dm.blkdiscard=true' + - path: /etc/systemd/system/fstrim.timer.d/hourly.conf + content: | + [Timer] + OnCalendar=hourly runcmd: - NETWORK_CONFIG=/etc/sysconfig/network-scripts/ifcfg-eth0; if ! grep DHCP_HOSTNAME ${NETWORK_CONFIG}; then echo 'DHCP_HOSTNAME="{{ item[0] }}.example.com"' >> ${NETWORK_CONFIG}; fi; pkill -9 dhclient; service network restart + - systemctl enable --now fstrim.timer diff --git a/playbooks/libvirt/openshift-cluster/terminate.yml b/playbooks/libvirt/openshift-cluster/terminate.yml index baef911f9..df5c52f2d 100644 --- a/playbooks/libvirt/openshift-cluster/terminate.yml +++ b/playbooks/libvirt/openshift-cluster/terminate.yml @@ -15,7 +15,7 @@ groups: oo_hosts_to_terminate ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - with_items: groups[cluster_group] | default([]) + with_items: '{{ groups[cluster_group] | default([]) }}' - name: Unsubscribe VMs hosts: oo_hosts_to_terminate @@ -42,30 +42,30 @@ command: '{{ item[1] }}' uri: '{{ libvirt_uri }}' with_nested: - - groups['oo_hosts_to_terminate'] + - "{{ groups['oo_hosts_to_terminate'] }}" - [ destroy, undefine ] - name: Delete VM drives command: 'virsh -c {{ libvirt_uri }} vol-delete --pool {{ libvirt_storage_pool }} {{ item }}.qcow2' args: removes: '{{ libvirt_storage_pool_path }}/{{ item }}.qcow2' - with_items: groups['oo_hosts_to_terminate'] + with_items: "{{ groups['oo_hosts_to_terminate'] }}" - name: Delete VM docker drives command: 'virsh -c {{ libvirt_uri }} vol-delete --pool {{ libvirt_storage_pool }} {{ item }}-docker.qcow2' args: removes: '{{ libvirt_storage_pool_path }}/{{ item }}-docker.qcow2' - with_items: groups['oo_hosts_to_terminate'] + with_items: "{{ groups['oo_hosts_to_terminate'] }}" - name: Delete the VM cloud-init image file: path: '{{ libvirt_storage_pool_path }}/{{ item }}_cloud-init.iso' state: absent - with_items: groups['oo_hosts_to_terminate'] + with_items: "{{ groups['oo_hosts_to_terminate'] }}" - name: Remove the cloud-init config directory file: path: '{{ libvirt_storage_pool_path }}/{{ item }}_configdrive/' state: absent - with_items: groups['oo_hosts_to_terminate'] + with_items: "{{ groups['oo_hosts_to_terminate'] }}" diff --git a/playbooks/libvirt/openshift-cluster/update.yml b/playbooks/libvirt/openshift-cluster/update.yml index 9b7a2777a..a152135fc 100644 --- a/playbooks/libvirt/openshift-cluster/update.yml +++ b/playbooks/libvirt/openshift-cluster/update.yml @@ -1,4 +1,20 @@ --- +- hosts: localhost + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: '{{ g_all_hosts }}' + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - name: Populate oo_hosts_to_update group hosts: localhost connection: local @@ -14,7 +30,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - with_items: "{{ g_all_hosts | default([]) }}" + with_items: '{{ g_all_hosts | default([]) }}' - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml index 9c0ca9af9..f6550b2c4 100644 --- a/playbooks/openstack/openshift-cluster/config.yml +++ b/playbooks/openstack/openshift-cluster/config.yml @@ -1,8 +1,23 @@ --- +- include: ../../common/openshift-cluster/verify_ansible_version.yml + +- hosts: localhost + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: "{{ g_all_hosts | default([]) }}" + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - include: ../../common/openshift-cluster/config.yml - vars_files: - - ../../openstack/openshift-cluster/vars.yml - - ../../openstack/openshift-cluster/cluster_hosts.yml vars: g_nodeonmaster: true g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" @@ -10,9 +25,8 @@ openshift_cluster_id: "{{ cluster_id }}" openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" - openshift_registry_selector: 'type=infra' + openshift_hosted_registry_selector: 'type=infra' openshift_hosted_router_selector: 'type=infra' - openshift_infra_nodes: "{{ g_infra_hosts }}" openshift_master_cluster_method: 'native' openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" diff --git a/playbooks/openstack/openshift-cluster/dns.yml b/playbooks/openstack/openshift-cluster/dns.yml index 31113d5f0..446a1846f 100644 --- a/playbooks/openstack/openshift-cluster/dns.yml +++ b/playbooks/openstack/openshift-cluster/dns.yml @@ -35,6 +35,11 @@ - vars.yml - cluster_hosts.yml roles: + # Explicitly calling openshift_facts because it appears that when + # rhel_subscribe is skipped that the openshift_facts dependency for + # openshift_repos is also skipped (this is the case at least for Ansible + # 2.0.2) + - openshift_facts - role: rhel_subscribe when: deployment_type in ["enterprise", "atomic-enterprise", "openshift-enterprise"] and ansible_distribution == "RedHat" and diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml index 2f05c3adc..2d0098784 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml @@ -280,6 +280,10 @@ resources: port_range_max: 8443 - direction: ingress protocol: tcp + port_range_min: 8444 + port_range_max: 8444 + - direction: ingress + protocol: tcp port_range_min: 53 port_range_max: 53 - direction: ingress @@ -288,12 +292,36 @@ resources: port_range_max: 53 - direction: ingress protocol: tcp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: udp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: tcp port_range_min: 24224 port_range_max: 24224 - direction: ingress protocol: udp port_range_min: 24224 port_range_max: 24224 + - direction: ingress + protocol: tcp + port_range_min: 2224 + port_range_max: 2224 + - direction: ingress + protocol: udp + port_range_min: 5404 + port_range_max: 5404 + - direction: ingress + protocol: udp + port_range_min: 5405 + port_range_max: 5405 + - direction: ingress + protocol: tcp + port_range_min: 9090 + port_range_max: 9090 etcd-secgrp: type: OS::Neutron::SecurityGroup @@ -351,6 +379,16 @@ resources: port_range_max: 10250 remote_mode: remote_group_id - direction: ingress + protocol: tcp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress protocol: udp port_range_min: 4789 port_range_max: 4789 @@ -591,11 +629,17 @@ resources: type: OS::Heat::MultipartMime properties: parts: - - config: { get_file: user-data } - config: str_replace: template: | #cloud-config + disable_root: true + + system_info: + default_user: + name: openshift + sudo: ["ALL=(ALL) NOPASSWD: ALL"] + write_files: - path: /etc/sudoers.d/00-openshift-no-requiretty permissions: 440 diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index 3d4fe42d0..b9aae2f4c 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -46,7 +46,7 @@ -P master_flavor={{ openstack_flavor["master"] }} -P node_flavor={{ openstack_flavor["node"] }} -P infra_flavor={{ openstack_flavor["infra"] }} - -P dns_flavor=m1.small + -P dns_flavor={{ openstack_flavor["dns"] }} openshift-ansible-{{ cluster_id }}-stack' - name: Wait for OpenStack Stack readiness diff --git a/playbooks/openstack/openshift-cluster/update.yml b/playbooks/openstack/openshift-cluster/update.yml index 539af6524..6d4d23963 100644 --- a/playbooks/openstack/openshift-cluster/update.yml +++ b/playbooks/openstack/openshift-cluster/update.yml @@ -1,4 +1,20 @@ --- +- hosts: localhost + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: vars.yml + - include_vars: cluster_hosts.yml + - include: dns.yml - name: Populate oo_hosts_to_update group @@ -6,9 +22,6 @@ connection: local become: no gather_facts: no - vars_files: - - vars.yml - - cluster_hosts.yml tasks: - name: Evaluate oo_hosts_to_update add_host: @@ -16,7 +29,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - with_items: "{{ g_all_hosts | default([]) }}" + with_items: g_all_hosts | default([]) - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml index 84cba0506..bc53a51b0 100644 --- a/playbooks/openstack/openshift-cluster/vars.yml +++ b/playbooks/openstack/openshift-cluster/vars.yml @@ -13,6 +13,7 @@ openstack_ssh_public_key: "{{ lookup('file', lookup('oo_option', 'public_k openstack_ssh_access_from: "{{ lookup('oo_option', 'ssh_from') | default('0.0.0.0/0', True) }}" openstack_flavor: + dns: "{{ lookup('oo_option', 'dns_flavor' ) | default('m1.small', True) }}" etcd: "{{ lookup('oo_option', 'etcd_flavor' ) | default('m1.small', True) }}" master: "{{ lookup('oo_option', 'master_flavor' ) | default('m1.small', True) }}" infra: "{{ lookup('oo_option', 'infra_flavor' ) | default('m1.small', True) }}" |