summaryrefslogtreecommitdiffstats
path: root/roles/openshift_hosted
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_hosted')
-rw-r--r--roles/openshift_hosted/README.md8
-rw-r--r--roles/openshift_hosted/defaults/main.yml9
-rw-r--r--roles/openshift_hosted/meta/main.yml5
-rw-r--r--roles/openshift_hosted/tasks/registry/registry.yml4
-rw-r--r--roles/openshift_hosted/tasks/registry/storage/glusterfs.yml43
-rw-r--r--roles/openshift_hosted/tasks/router/router.yml16
6 files changed, 72 insertions, 13 deletions
diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md
index 6d576df71..3e5d7f860 100644
--- a/roles/openshift_hosted/README.md
+++ b/roles/openshift_hosted/README.md
@@ -28,6 +28,14 @@ From this role:
| openshift_hosted_registry_selector | region=infra | Node selector used when creating registry. The OpenShift registry will only be deployed to nodes matching this selector. |
| openshift_hosted_registry_cert_expire_days | `730` (2 years) | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later. |
+If you specify `openshift_hosted_registry_kind=glusterfs`, the following
+variables also control configuration behavior:
+
+| Name | Default value | Description |
+|----------------------------------------------|---------------|------------------------------------------------------------------------------|
+| openshift_hosted_registry_glusterfs_swap | False | Whether to swap an existing registry's storage volume for a GlusterFS volume |
+| openshift_hosted_registry_glusterfs_swapcopy | True | If swapping, also copy the current contents of the registry volume |
+
Dependencies
------------
diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml
index 596b36239..089054e2f 100644
--- a/roles/openshift_hosted/defaults/main.yml
+++ b/roles/openshift_hosted/defaults/main.yml
@@ -24,9 +24,14 @@ openshift_hosted_routers:
ports:
- 80:80
- 443:443
- certificates: "{{ openshift_hosted_router_certificates | default({}) }}"
+ certificate: "{{ openshift_hosted_router_certificate | default({}) }}"
-openshift_hosted_router_certificates: {}
+openshift_hosted_router_certificate: {}
openshift_hosted_registry_cert_expire_days: 730
openshift_hosted_router_create_certificate: False
+
+os_firewall_allow:
+- service: Docker Registry Port
+ port: 5000/tcp
+ when: openshift.common.use_calico | bool
diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml
index 9626c23c1..9e3f37130 100644
--- a/roles/openshift_hosted/meta/main.yml
+++ b/roles/openshift_hosted/meta/main.yml
@@ -15,3 +15,8 @@ dependencies:
- role: openshift_cli
- role: openshift_hosted_facts
- role: lib_openshift
+- role: os_firewall
+ os_firewall_allow:
+ - service: Docker Registry Port
+ port: 5000/tcp
+ when: openshift.common.use_calico | bool
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index 6e691c26f..751489958 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -61,7 +61,7 @@
name: "{{ openshift_hosted_registry_serviceaccount }}"
namespace: "{{ openshift_hosted_registry_namespace }}"
-- name: Grant the registry serivce account access to the appropriate scc
+- name: Grant the registry service account access to the appropriate scc
oc_adm_policy_user:
user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
namespace: "{{ openshift_hosted_registry_namespace }}"
@@ -126,4 +126,4 @@
- include: storage/glusterfs.yml
when:
- - openshift.hosted.registry.storage.kind | default(none) == 'glusterfs'
+ - openshift.hosted.registry.storage.kind | default(none) == 'glusterfs' or openshift.hosted.registry.storage.glusterfs.swap
diff --git a/roles/openshift_hosted/tasks/registry/storage/glusterfs.yml b/roles/openshift_hosted/tasks/registry/storage/glusterfs.yml
index b18b24266..e6bb196b8 100644
--- a/roles/openshift_hosted/tasks/registry/storage/glusterfs.yml
+++ b/roles/openshift_hosted/tasks/registry/storage/glusterfs.yml
@@ -1,10 +1,18 @@
---
+- name: Get registry DeploymentConfig
+ oc_obj:
+ namespace: "{{ openshift_hosted_registry_namespace }}"
+ state: list
+ kind: dc
+ name: "{{ openshift_hosted_registry_name }}"
+ register: registry_dc
+
- name: Wait for registry pods
oc_obj:
namespace: "{{ openshift_hosted_registry_namespace }}"
state: list
kind: pod
- selector: "{{ openshift_hosted_registry_name }}={{ openshift_hosted_registry_namespace }}"
+ selector: "{% for label, value in registry_dc.results.results[0].spec.selector.iteritems() %}{{ label }}={{ value }}{% if not loop.last %},{% endif %}{% endfor %}"
register: registry_pods
until:
- "registry_pods.results.results[0]['items'] | count > 0"
@@ -38,6 +46,39 @@
mode: "2775"
recurse: True
+- block:
+ - name: Activate registry maintenance mode
+ oc_env:
+ namespace: "{{ openshift_hosted_registry_namespace }}"
+ name: "{{ openshift_hosted_registry_name }}"
+ env_vars:
+ - REGISTRY_STORAGE_MAINTENANCE_READONLY_ENABLED: 'true'
+
+ - name: Get first registry pod name
+ set_fact:
+ registry_pod_name: "{{ registry_pods.results.results[0]['items'][0].metadata.name }}"
+
+ - name: Copy current registry contents to new GlusterFS volume
+ command: "oc rsync {{ registry_pod_name }}:/registry/ {{ mktemp.stdout }}/"
+ when: openshift.hosted.registry.storage.glusterfs.swapcopy
+
+ - name: Swap new GlusterFS registry volume
+ oc_volume:
+ namespace: "{{ openshift_hosted_registry_namespace }}"
+ name: "{{ openshift_hosted_registry_name }}"
+ vol_name: registry-storage
+ mount_type: pvc
+ claim_name: "{{ openshift.hosted.registry.storage.volume.name }}-glusterfs-claim"
+
+ - name: Deactivate registry maintenance mode
+ oc_env:
+ namespace: "{{ openshift_hosted_registry_namespace }}"
+ name: "{{ openshift_hosted_registry_name }}"
+ state: absent
+ env_vars:
+ - REGISTRY_STORAGE_MAINTENANCE_READONLY_ENABLED: 'true'
+ when: openshift.hosted.registry.storage.glusterfs.swap
+
- name: Unmount registry volume
mount:
state: unmounted
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml
index c71d0a34f..e75e3b16f 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router/router.yml
@@ -25,13 +25,13 @@
hostnames:
- "{{ openshift_master_default_subdomain }}"
- "*.{{ openshift_master_default_subdomain }}"
- cert: "{{ ('/etc/origin/master/' ~ (item.certificates.certfile | basename)) if 'certfile' in item.certificates else ((openshift_master_config_dir) ~ '/openshift-router.crt') }}"
- key: "{{ ('/etc/origin/master/' ~ (item.certificates.keyfile | basename)) if 'keyfile' in item.certificates else ((openshift_master_config_dir) ~ '/openshift-router.key') }}"
+ cert: "{{ ('/etc/origin/master/' ~ (item.certificate.certfile | basename)) if 'certfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.crt') }}"
+ key: "{{ ('/etc/origin/master/' ~ (item.certificate.keyfile | basename)) if 'keyfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.key') }}"
with_items: "{{ openshift_hosted_routers }}"
- - name: set the openshift_hosted_router_certificates
+ - name: set the openshift_hosted_router_certificate
set_fact:
- openshift_hosted_router_certificates:
+ openshift_hosted_router_certificate:
certfile: "{{ openshift_master_config_dir ~ '/openshift-router.crt' }}"
keyfile: "{{ openshift_master_config_dir ~ '/openshift-router.key' }}"
cafile: "{{ openshift_master_config_dir ~ '/ca.crt' }}"
@@ -44,7 +44,7 @@
backup: True
dest: "/etc/origin/master/{{ item | basename }}"
src: "{{ item }}"
- with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificates') |
+ with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') |
oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}"
when: not openshift_hosted_router_create_certificate
@@ -82,9 +82,9 @@
service_account: "{{ item.serviceaccount | default('router') }}"
selector: "{{ item.selector | default(none) }}"
images: "{{ item.images | default(omit) }}"
- cert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.certfile | basename)) if 'certfile' in item.certificates else omit }}"
- key_file: "{{ ('/etc/origin/master/' ~ (item.certificates.keyfile | basename)) if 'keyfile' in item.certificates else omit }}"
- cacert_file: "{{ ('/etc/origin/master/' ~ (item.certificates.cafile | basename)) if 'cafile' in item.certificates else omit }}"
+ cert_file: "{{ ('/etc/origin/master/' ~ (item.certificate.certfile | basename)) if 'certfile' in item.certificate else omit }}"
+ key_file: "{{ ('/etc/origin/master/' ~ (item.certificate.keyfile | basename)) if 'keyfile' in item.certificate else omit }}"
+ cacert_file: "{{ ('/etc/origin/master/' ~ (item.certificate.cafile | basename)) if 'cafile' in item.certificate else omit }}"
edits: "{{ openshift_hosted_router_edits | union(item.edits) }}"
ports: "{{ item.ports }}"
stats_port: "{{ item.stats_port }}"
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 07:25:24 +0000