summaryrefslogtreecommitdiffstats
path: root/playbooks
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks')
-rw-r--r--playbooks/adhoc/uninstall.yml5
-rw-r--r--playbooks/common/openshift-cluster/evaluate_groups.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade.yml91
-rw-r--r--playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml36
-rw-r--r--playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml29
-rw-r--r--playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml2
-rw-r--r--playbooks/libvirt/openshift-cluster/templates/network.xml2
-rw-r--r--playbooks/libvirt/openshift-cluster/templates/storage-pool.xml6
-rw-r--r--playbooks/openstack/openshift-cluster/files/heat_stack.yaml11
-rw-r--r--playbooks/openstack/openshift-cluster/launch.yml43
-rw-r--r--playbooks/openstack/openshift-cluster/list.yml2
-rw-r--r--playbooks/openstack/openshift-cluster/terminate.yml2
-rw-r--r--playbooks/openstack/openshift-cluster/vars.yml2
13 files changed, 124 insertions, 109 deletions
diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml
index 4edd44fe4..3be3a0e96 100644
--- a/playbooks/adhoc/uninstall.yml
+++ b/playbooks/adhoc/uninstall.yml
@@ -338,7 +338,10 @@
- /etc/ansible/facts.d/openshift.fact
- /etc/etcd
- /etc/systemd/system/etcd_container.service
- - /var/lib/etcd
+
+ - name: Remove etcd data
+ shell: rm -rf /var/lib/etcd/*
+ failed_when: false
- hosts: lb
become: yes
diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml
index 3fb42a7fa..b3e02fb97 100644
--- a/playbooks/common/openshift-cluster/evaluate_groups.yml
+++ b/playbooks/common/openshift-cluster/evaluate_groups.yml
@@ -77,7 +77,7 @@
ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
ansible_become: "{{ g_sudo | default(omit) }}"
with_items: "{{ g_master_hosts | default([]) }}"
- when: g_nodeonmaster | default(false) == true and g_new_node_hosts is not defined
+ when: g_nodeonmaster | default(false) | bool and not g_new_node_hosts | default(false) | bool
- name: Evaluate oo_first_etcd
add_host:
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/upgrade.yml
index 3ec47d6f3..be4e02c4a 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade.yml
@@ -110,6 +110,52 @@
when: master_update_failed | length > 0
###############################################################################
+# Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints
+###############################################################################
+
+- name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints
+ hosts: oo_masters_to_config
+ roles:
+ - { role: openshift_cli }
+ vars:
+ origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}"
+ ent_reconcile_bindings: true
+ openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
+ # Similar to pre.yml, we don't want to upgrade docker during the openshift_cli role,
+ # it will be updated when we perform node upgrade.
+ docker_protect_installed_version: True
+ tasks:
+ - name: Verifying the correct commandline tools are available
+ shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}}
+ when: openshift.common.is_containerized | bool and verify_upgrade_version is defined
+
+ - name: Reconcile Cluster Roles
+ command: >
+ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
+ policy reconcile-cluster-roles --additive-only=true --confirm
+ run_once: true
+
+ - name: Reconcile Cluster Role Bindings
+ command: >
+ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
+ policy reconcile-cluster-role-bindings
+ --exclude-groups=system:authenticated
+ --exclude-groups=system:authenticated:oauth
+ --exclude-groups=system:unauthenticated
+ --exclude-users=system:anonymous
+ --additive-only=true --confirm
+ when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
+ run_once: true
+
+ - name: Reconcile Security Context Constraints
+ command: >
+ {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm --additive-only=true
+ run_once: true
+
+ - set_fact:
+ reconcile_complete: True
+
+###############################################################################
# Upgrade Nodes
###############################################################################
@@ -142,7 +188,7 @@
- include: docker/upgrade.yml
when: l_docker_upgrade is defined and l_docker_upgrade | bool and not openshift.common.is_atomic | bool
- include: "{{ node_config_hook }}"
- when: node_config_hook is defined
+ when: node_config_hook is defined and inventory_hostname in groups.oo_nodes_to_config
- include: rpm_upgrade.yml
vars:
@@ -160,49 +206,6 @@
when: inventory_hostname in groups.oo_nodes_to_config and openshift.node.schedulable | bool
-###############################################################################
-# Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints
-###############################################################################
-
-- name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints
- hosts: oo_masters_to_config
- roles:
- - { role: openshift_cli }
- vars:
- origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}"
- ent_reconcile_bindings: true
- openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
- tasks:
- - name: Verifying the correct commandline tools are available
- shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}}
- when: openshift.common.is_containerized | bool and verify_upgrade_version is defined
-
- - name: Reconcile Cluster Roles
- command: >
- {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
- policy reconcile-cluster-roles --additive-only=true --confirm
- run_once: true
-
- - name: Reconcile Cluster Role Bindings
- command: >
- {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
- policy reconcile-cluster-role-bindings
- --exclude-groups=system:authenticated
- --exclude-groups=system:authenticated:oauth
- --exclude-groups=system:unauthenticated
- --exclude-users=system:anonymous
- --additive-only=true --confirm
- when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
- run_once: true
-
- - name: Reconcile Security Context Constraints
- command: >
- {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm --additive-only=true
- run_once: true
-
- - set_fact:
- reconcile_complete: True
-
##############################################################################
# Gate on reconcile
##############################################################################
diff --git a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml
index 3117d9edc..b42ca83af 100644
--- a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml
+++ b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml
@@ -1,27 +1,11 @@
---
-- name: Test if libvirt network for openshift already exists
- command: "virsh -c {{ libvirt_uri }} net-info {{ libvirt_network }}"
- register: net_info_result
- changed_when: False
- failed_when: "net_info_result.rc != 0 and 'no network with matching name' not in net_info_result.stderr"
-
-- name: Create a temp directory for the template xml file
- command: "mktemp -d /tmp/openshift-ansible-XXXXXXX"
- register: mktemp
- when: net_info_result.rc == 1
-
-- name: Create network xml file
- template:
- src: templates/network.xml
- dest: "{{ mktemp.stdout }}/network.xml"
- when: net_info_result.rc == 1
-
-- name: Create libvirt network for openshift
- command: "virsh -c {{ libvirt_uri }} net-create {{ mktemp.stdout }}/network.xml"
- when: net_info_result.rc == 1
-
-- name: Remove the temp directory
- file:
- path: "{{ mktemp.stdout }}"
- state: absent
- when: net_info_result.rc == 1
+- name: Create the libvirt network for OpenShift
+ virt_net:
+ name: '{{ libvirt_network }}'
+ state: '{{ item }}'
+ autostart: 'yes'
+ xml: "{{ lookup('template', 'network.xml') }}"
+ uri: '{{ libvirt_uri }}'
+ with_items:
+ - present
+ - active
diff --git a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml
index 397158b9e..8685624ec 100644
--- a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml
+++ b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml
@@ -6,22 +6,25 @@
# We need to set permissions on the directory and any items created under the directory, so we need to call the acl module with and without default set.
- acl:
- default: "{{ item }}"
+ default: '{{ item.default }}'
entity: kvm
etype: group
name: "{{ libvirt_storage_pool_path }}"
- permissions: rwx
+ permissions: '{{ item.permissions }}'
state: present
with_items:
- - no
- - yes
+ - default: no
+ permissions: x
+ - default: yes
+ permissions: rwx
-- name: Test if libvirt storage pool for openshift already exists
- command: "virsh -c {{ libvirt_uri }} pool-info {{ libvirt_storage_pool }}"
- register: pool_info_result
- changed_when: False
- failed_when: "pool_info_result.rc != 0 and 'no storage pool with matching name' not in pool_info_result.stderr"
-
-- name: Create the libvirt storage pool for openshift
- command: 'virsh -c {{ libvirt_uri }} pool-create-as {{ libvirt_storage_pool }} dir --target {{ libvirt_storage_pool_path }}'
- when: pool_info_result.rc == 1
+- name: Create the libvirt storage pool for OpenShift
+ virt_pool:
+ name: '{{ libvirt_storage_pool }}'
+ state: '{{ item }}'
+ autostart: 'yes'
+ xml: "{{ lookup('template', 'storage-pool.xml') }}"
+ uri: '{{ libvirt_uri }}'
+ with_items:
+ - present
+ - active
diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
index cc34d0ef9..e0afc43ba 100644
--- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
+++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
@@ -134,4 +134,4 @@
delay: 1
with_together:
- '{{ instances }}'
- - '{{ ips }}' \ No newline at end of file
+ - '{{ ips }}'
diff --git a/playbooks/libvirt/openshift-cluster/templates/network.xml b/playbooks/libvirt/openshift-cluster/templates/network.xml
index 050bc7ab9..0ce2a8342 100644
--- a/playbooks/libvirt/openshift-cluster/templates/network.xml
+++ b/playbooks/libvirt/openshift-cluster/templates/network.xml
@@ -1,5 +1,5 @@
<network>
- <name>openshift-ansible</name>
+ <name>{{ libvirt_network }}</name>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
diff --git a/playbooks/libvirt/openshift-cluster/templates/storage-pool.xml b/playbooks/libvirt/openshift-cluster/templates/storage-pool.xml
new file mode 100644
index 000000000..da139afd0
--- /dev/null
+++ b/playbooks/libvirt/openshift-cluster/templates/storage-pool.xml
@@ -0,0 +1,6 @@
+<pool type='dir'>
+ <name>{{ libvirt_storage_pool }}</name>
+ <target>
+ <path>{{ libvirt_storage_pool_path }}</path>
+ </target>
+</pool>
diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
index 2d0098784..458cf5ac7 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
@@ -42,6 +42,12 @@ parameters:
description: Source of legitimate ssh connections
default: 0.0.0.0/0
+ node_port_incoming:
+ type: string
+ label: Source of node port connections
+ description: Authorized sources targetting node ports
+ default: 0.0.0.0/0
+
num_etcd:
type: number
label: Number of etcd nodes
@@ -393,6 +399,11 @@ resources:
port_range_min: 4789
port_range_max: 4789
remote_mode: remote_group_id
+ - direction: ingress
+ protocol: tcp
+ port_range_min: 30000
+ port_range_max: 32767
+ remote_ip_prefix: { get_param: node_port_incoming }
infra-secgrp:
type: OS::Neutron::SecurityGroup
diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml
index b9aae2f4c..5cf543204 100644
--- a/playbooks/openstack/openshift-cluster/launch.yml
+++ b/playbooks/openstack/openshift-cluster/launch.yml
@@ -33,6 +33,7 @@
-P external_net={{ openstack_network_external_net }}
-P ssh_public_key="{{ openstack_ssh_public_key }}"
-P ssh_incoming={{ openstack_ssh_access_from }}
+ -P node_port_incoming={{ openstack_node_port_access_from }}
-P num_etcd={{ num_etcd }}
-P num_masters={{ num_masters }}
-P num_nodes={{ num_nodes }}
@@ -48,6 +49,8 @@
-P infra_flavor={{ openstack_flavor["infra"] }}
-P dns_flavor={{ openstack_flavor["dns"] }}
openshift-ansible-{{ cluster_id }}-stack'
+ args:
+ chdir: '{{ playbook_dir }}'
- name: Wait for OpenStack Stack readiness
shell: 'heat stack-show openshift-ansible-{{ cluster_id }}-stack | awk ''$2 == "stack_status" {print $4}'''
@@ -107,9 +110,9 @@
openshift_node_labels:
type: "etcd"
with_together:
- - parsed_outputs.etcd_names
- - parsed_outputs.etcd_ips
- - parsed_outputs.etcd_floating_ips
+ - '{{ parsed_outputs.etcd_names }}'
+ - '{{ parsed_outputs.etcd_ips }}'
+ - '{{ parsed_outputs.etcd_floating_ips }}'
- name: Add new master instances groups and variables
add_host:
@@ -121,9 +124,9 @@
openshift_node_labels:
type: "master"
with_together:
- - parsed_outputs.master_names
- - parsed_outputs.master_ips
- - parsed_outputs.master_floating_ips
+ - '{{ parsed_outputs.master_names }}'
+ - '{{ parsed_outputs.master_ips }}'
+ - '{{ parsed_outputs.master_floating_ips }}'
- name: Add new node instances groups and variables
add_host:
@@ -135,9 +138,9 @@
openshift_node_labels:
type: "compute"
with_together:
- - parsed_outputs.node_names
- - parsed_outputs.node_ips
- - parsed_outputs.node_floating_ips
+ - '{{ parsed_outputs.node_names }}'
+ - '{{ parsed_outputs.node_ips }}'
+ - '{{ parsed_outputs.node_floating_ips }}'
- name: Add new infra instances groups and variables
add_host:
@@ -149,9 +152,9 @@
openshift_node_labels:
type: "infra"
with_together:
- - parsed_outputs.infra_names
- - parsed_outputs.infra_ips
- - parsed_outputs.infra_floating_ips
+ - '{{ parsed_outputs.infra_names }}'
+ - '{{ parsed_outputs.infra_ips }}'
+ - '{{ parsed_outputs.infra_floating_ips }}'
- name: Add DNS groups and variables
add_host:
@@ -166,10 +169,10 @@
host: '{{ item }}'
port: 22
with_flattened:
- - parsed_outputs.master_floating_ips
- - parsed_outputs.node_floating_ips
- - parsed_outputs.infra_floating_ips
- - parsed_outputs.dns_floating_ip
+ - '{{ parsed_outputs.master_floating_ips }}'
+ - '{{ parsed_outputs.node_floating_ips }}'
+ - '{{ parsed_outputs.infra_floating_ips }}'
+ - '{{ parsed_outputs.dns_floating_ip }}'
- name: Wait for user setup
command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null {{ deployment_vars[deployment_type].ssh_user }}@{{ item }} echo {{ deployment_vars[deployment_type].ssh_user }} user is setup'
@@ -178,10 +181,10 @@
retries: 30
delay: 1
with_flattened:
- - parsed_outputs.master_floating_ips
- - parsed_outputs.node_floating_ips
- - parsed_outputs.infra_floating_ips
- - parsed_outputs.dns_floating_ip
+ - '{{ parsed_outputs.master_floating_ips }}'
+ - '{{ parsed_outputs.node_floating_ips }}'
+ - '{{ parsed_outputs.infra_floating_ips }}'
+ - '{{ parsed_outputs.dns_floating_ip }}'
- include: update.yml
diff --git a/playbooks/openstack/openshift-cluster/list.yml b/playbooks/openstack/openshift-cluster/list.yml
index ba9c6bf9c..60372e262 100644
--- a/playbooks/openstack/openshift-cluster/list.yml
+++ b/playbooks/openstack/openshift-cluster/list.yml
@@ -17,7 +17,7 @@
ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
ansible_ssh_host: "{{ hostvars[item].ansible_ssh_host | default(item) }}"
ansible_become: "{{ deployment_vars[deployment_type].become }}"
- with_items: groups[scratch_group] | default([]) | difference(['localhost'])
+ with_items: "{{ groups[scratch_group] | default([]) | difference(['localhost']) }}"
- name: List Hosts
hosts: oo_list_hosts
diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml
index 5bd8476f1..980ab7337 100644
--- a/playbooks/openstack/openshift-cluster/terminate.yml
+++ b/playbooks/openstack/openshift-cluster/terminate.yml
@@ -11,7 +11,7 @@
groups: oo_hosts_to_terminate
ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
ansible_become: "{{ deployment_vars[deployment_type].become }}"
- with_items: (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([]))
+ with_items: "{{ (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([])) }}"
- name: Unsubscribe VMs
hosts: oo_hosts_to_terminate
diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml
index bc53a51b0..17063ef34 100644
--- a/playbooks/openstack/openshift-cluster/vars.yml
+++ b/playbooks/openstack/openshift-cluster/vars.yml
@@ -12,6 +12,8 @@ openstack_ssh_public_key: "{{ lookup('file', lookup('oo_option', 'public_k
default('~/.ssh/id_rsa.pub', True)) }}"
openstack_ssh_access_from: "{{ lookup('oo_option', 'ssh_from') |
default('0.0.0.0/0', True) }}"
+openstack_node_port_access_from: "{{ lookup('oo_option', 'node_port_from') |
+ default('0.0.0.0/0', True) }}"
openstack_flavor:
dns: "{{ lookup('oo_option', 'dns_flavor' ) | default('m1.small', True) }}"
etcd: "{{ lookup('oo_option', 'etcd_flavor' ) | default('m1.small', True) }}"