summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_master/tasks')
-rw-r--r--roles/openshift_master/tasks/bootstrap.yml28
-rw-r--r--roles/openshift_master/tasks/check_master_api_is_ready.yml14
-rw-r--r--roles/openshift_master/tasks/clean_systemd_units.yml9
-rw-r--r--roles/openshift_master/tasks/configure_external_etcd.yml17
-rw-r--r--roles/openshift_master/tasks/firewall.yml44
-rw-r--r--roles/openshift_master/tasks/main.yml389
-rw-r--r--roles/openshift_master/tasks/registry_auth.yml25
-rw-r--r--roles/openshift_master/tasks/set_loopback_context.yml34
-rw-r--r--roles/openshift_master/tasks/system_container.yml27
-rw-r--r--roles/openshift_master/tasks/systemd_units.yml140
-rw-r--r--roles/openshift_master/tasks/update_etcd_client_urls.yml8
-rw-r--r--roles/openshift_master/tasks/upgrade_facts.yml33
12 files changed, 768 insertions, 0 deletions
diff --git a/roles/openshift_master/tasks/bootstrap.yml b/roles/openshift_master/tasks/bootstrap.yml
new file mode 100644
index 000000000..0013f5289
--- /dev/null
+++ b/roles/openshift_master/tasks/bootstrap.yml
@@ -0,0 +1,28 @@
+---
+
+- name: ensure the node-bootstrap service account exists
+ oc_serviceaccount:
+ name: node-bootstrapper
+ namespace: openshift-infra
+ state: present
+ run_once: true
+
+- name: grant node-bootstrapper the correct permissions to bootstrap
+ oc_adm_policy_user:
+ namespace: openshift-infra
+ user: system:serviceaccount:openshift-infra:node-bootstrapper
+ resource_kind: cluster-role
+ resource_name: system:node-bootstrapper
+ state: present
+ run_once: true
+
+# TODO: create a module for this command.
+# oc_serviceaccounts_kubeconfig
+- name: create service account kubeconfig with csr rights
+ command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra"
+ register: kubeconfig_out
+
+- name: put service account kubeconfig into a file on disk for bootstrap
+ copy:
+ content: "{{ kubeconfig_out.stdout }}"
+ dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"
diff --git a/roles/openshift_master/tasks/check_master_api_is_ready.yml b/roles/openshift_master/tasks/check_master_api_is_ready.yml
new file mode 100644
index 000000000..7e8a7a596
--- /dev/null
+++ b/roles/openshift_master/tasks/check_master_api_is_ready.yml
@@ -0,0 +1,14 @@
+---
+- name: Wait for API to become available
+ # Using curl here since the uri module requires python-httplib2 and
+ # wait_for port doesn't provide health information.
+ command: >
+ curl --silent --tlsv1.2
+ --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+ {{ openshift.master.api_url }}/healthz/ready
+ register: l_api_available_output
+ until: l_api_available_output.stdout == 'ok'
+ retries: 120
+ delay: 1
+ run_once: true
+ changed_when: false
diff --git a/roles/openshift_master/tasks/clean_systemd_units.yml b/roles/openshift_master/tasks/clean_systemd_units.yml
new file mode 100644
index 000000000..e641f84d4
--- /dev/null
+++ b/roles/openshift_master/tasks/clean_systemd_units.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Disable master service
+ systemd:
+ name: "{{ openshift.common.service_type }}-master"
+ state: stopped
+ enabled: no
+ masked: yes
+ ignore_errors: true
diff --git a/roles/openshift_master/tasks/configure_external_etcd.yml b/roles/openshift_master/tasks/configure_external_etcd.yml
new file mode 100644
index 000000000..b0590ac84
--- /dev/null
+++ b/roles/openshift_master/tasks/configure_external_etcd.yml
@@ -0,0 +1,17 @@
+---
+- name: Remove etcdConfig section
+ yedit:
+ src: /etc/origin/master/master-config.yaml
+ key: "etcdConfig"
+ state: absent
+- name: Set etcdClientInfo.ca to master.etcd-ca.crt
+ yedit:
+ src: /etc/origin/master/master-config.yaml
+ key: etcdClientInfo.ca
+ value: master.etcd-ca.crt
+- name: Set etcdClientInfo.urls to the external etcd
+ yedit:
+ src: /etc/origin/master/master-config.yaml
+ key: etcdClientInfo.urls
+ value:
+ - "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}"
diff --git a/roles/openshift_master/tasks/firewall.yml b/roles/openshift_master/tasks/firewall.yml
new file mode 100644
index 000000000..38afb6764
--- /dev/null
+++ b/roles/openshift_master/tasks/firewall.yml
@@ -0,0 +1,44 @@
+---
+- when: r_openshift_master_firewall_enabled | bool and not r_openshift_master_use_firewalld | bool
+ block:
+ - name: Add iptables allow rules
+ os_firewall_manage_iptables:
+ name: "{{ item.service }}"
+ action: add
+ protocol: "{{ item.port.split('/')[1] }}"
+ port: "{{ item.port.split('/')[0] }}"
+ when:
+ - item.cond | default(True)
+ with_items: "{{ r_openshift_master_os_firewall_allow }}"
+
+ - name: Remove iptables rules
+ os_firewall_manage_iptables:
+ name: "{{ item.service }}"
+ action: remove
+ protocol: "{{ item.port.split('/')[1] }}"
+ port: "{{ item.port.split('/')[0] }}"
+ when:
+ - item.cond | default(True)
+ with_items: "{{ r_openshift_master_os_firewall_deny }}"
+
+- when: r_openshift_master_firewall_enabled | bool and r_openshift_master_use_firewalld | bool
+ block:
+ - name: Add firewalld allow rules
+ firewalld:
+ port: "{{ item.port }}"
+ permanent: true
+ immediate: true
+ state: enabled
+ when:
+ - item.cond | default(True)
+ with_items: "{{ r_openshift_master_os_firewall_allow }}"
+
+ - name: Remove firewalld allow rules
+ firewalld:
+ port: "{{ item.port }}"
+ permanent: true
+ immediate: true
+ state: disabled
+ when:
+ - item.cond | default(True)
+ with_items: "{{ r_openshift_master_os_firewall_deny }}"
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
new file mode 100644
index 000000000..824a5886e
--- /dev/null
+++ b/roles/openshift_master/tasks/main.yml
@@ -0,0 +1,389 @@
+---
+# TODO: add ability to configure certificates given either a local file to
+# point to or certificate contents, set in default cert locations.
+
+# Authentication Variable Validation
+# TODO: validate the different identity provider kinds as well
+- fail:
+ msg: >
+ Invalid OAuth grant method: {{ openshift_master_oauth_grant_method }}
+ when:
+ - openshift_master_oauth_grant_method is defined
+ - openshift_master_oauth_grant_method not in openshift_master_valid_grant_methods
+
+# HA Variable Validation
+- fail:
+ msg: "openshift_master_cluster_method must be set to either 'native' or 'pacemaker' for multi-master installations"
+ when:
+ - openshift.master.ha | bool
+ - (openshift.master.cluster_method is not defined) or (openshift.master.cluster_method is defined and openshift.master.cluster_method not in ["native", "pacemaker"])
+- fail:
+ msg: "'native' high availability is not supported for the requested OpenShift version"
+ when:
+ - openshift.master.ha | bool
+ - openshift.master.cluster_method == "native"
+ - not openshift.common.version_gte_3_1_or_1_1 | bool
+- fail:
+ msg: "openshift_master_cluster_password must be set for multi-master installations"
+ when:
+ - openshift.master.ha | bool
+ - openshift.master.cluster_method == "pacemaker"
+ - openshift_master_cluster_password is not defined or not openshift_master_cluster_password
+- fail:
+ msg: "Pacemaker based HA is not supported at this time when used with containerized installs"
+ when:
+ - openshift.master.ha | bool
+ - openshift.master.cluster_method == "pacemaker"
+ - openshift.common.is_containerized | bool
+
+- name: Open up firewall ports
+ include: firewall.yml
+ static: yes
+
+- name: Install Master package
+ package:
+ name: "{{ openshift.common.service_type }}-master{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}"
+ state: present
+ when:
+ - not openshift.common.is_containerized | bool
+
+- name: Create r_openshift_master_data_dir
+ file:
+ path: "{{ r_openshift_master_data_dir }}"
+ state: directory
+ mode: 0755
+ owner: root
+ group: root
+ when:
+ - openshift.common.is_containerized | bool
+
+- name: Reload systemd units
+ command: systemctl daemon-reload
+ when:
+ - openshift.common.is_containerized | bool
+
+- name: Re-gather package dependent master facts
+ openshift_facts:
+
+- name: Create config parent directory if it does not exist
+ file:
+ path: "{{ openshift_master_config_dir }}"
+ state: directory
+
+- name: Create the policy file if it does not already exist
+ command: >
+ {{ openshift.common.client_binary }} adm create-bootstrap-policy-file
+ --filename={{ openshift_master_policy }}
+ args:
+ creates: "{{ openshift_master_policy }}"
+ notify:
+ - restart master api
+ - restart master controllers
+
+- name: Create the scheduler config
+ copy:
+ content: "{{ scheduler_config | to_nice_json }}"
+ dest: "{{ openshift_master_scheduler_conf }}"
+ backup: true
+ notify:
+ - restart master api
+ - restart master controllers
+
+- name: Install httpd-tools if needed
+ package: name=httpd-tools state=present
+ when:
+ - item.kind == 'HTPasswdPasswordIdentityProvider'
+ - not openshift.common.is_atomic | bool
+ with_items: "{{ openshift.master.identity_providers }}"
+
+- name: Ensure htpasswd directory exists
+ file:
+ path: "{{ item.filename | dirname }}"
+ state: directory
+ when:
+ - item.kind == 'HTPasswdPasswordIdentityProvider'
+ with_items: "{{ openshift.master.identity_providers }}"
+
+- name: Create the htpasswd file if needed
+ template:
+ dest: "{{ item.filename }}"
+ src: htpasswd.j2
+ backup: yes
+ when:
+ - item.kind == 'HTPasswdPasswordIdentityProvider'
+ - openshift.master.manage_htpasswd | bool
+ with_items: "{{ openshift.master.identity_providers }}"
+
+- name: Ensure htpasswd file exists
+ copy:
+ dest: "{{ item.filename }}"
+ force: no
+ content: ""
+ mode: 0600
+ when:
+ - item.kind == 'HTPasswdPasswordIdentityProvider'
+ with_items: "{{ openshift.master.identity_providers }}"
+
+- name: Create the ldap ca file if needed
+ copy:
+ dest: "{{ item.ca if 'ca' in item and '/' in item.ca else openshift_master_config_dir ~ '/' ~ item.ca | default('ldap_ca.crt') }}"
+ content: "{{ openshift.master.ldap_ca }}"
+ mode: 0600
+ backup: yes
+ when:
+ - openshift.master.ldap_ca is defined
+ - item.kind == 'LDAPPasswordIdentityProvider'
+ with_items: "{{ openshift.master.identity_providers }}"
+
+- name: Create the openid ca file if needed
+ copy:
+ dest: "{{ item.ca if 'ca' in item and '/' in item.ca else openshift_master_config_dir ~ '/' ~ item.ca | default('openid_ca.crt') }}"
+ content: "{{ openshift.master.openid_ca }}"
+ mode: 0600
+ backup: yes
+ when:
+ - openshift.master.openid_ca is defined
+ - item.kind == 'OpenIDIdentityProvider'
+ - item.ca | default('') != ''
+ with_items: "{{ openshift.master.identity_providers }}"
+
+- name: Create the request header ca file if needed
+ copy:
+ dest: "{{ item.clientCA if 'clientCA' in item and '/' in item.clientCA else openshift_master_config_dir ~ '/' ~ item.clientCA | default('request_header_ca.crt') }}"
+ content: "{{ openshift.master.request_header_ca }}"
+ mode: 0600
+ backup: yes
+ when:
+ - openshift.master.request_header_ca is defined
+ - item.kind == 'RequestHeaderIdentityProvider'
+ - item.clientCA | default('') != ''
+ with_items: "{{ openshift.master.identity_providers }}"
+
+# This is an ugly hack to verify settings are in a file without modifying them with lineinfile.
+# The template file will stomp any other settings made.
+- block:
+ - name: check whether our docker-registry setting exists in the env file
+ command: "awk '/^OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000/' /etc/sysconfig/{{ openshift.common.service_type }}-master"
+ failed_when: false
+ changed_when: false
+ register: l_already_set
+
+ - set_fact:
+ openshift_push_via_dns: "{{ openshift.common.version_gte_3_6 or (l_already_set.stdout is defined and l_already_set.stdout | match('OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000')) }}"
+
+- name: Set fact of all etcd host IPs
+ openshift_facts:
+ role: common
+ local_facts:
+ no_proxy_etcd_host_ips: "{{ openshift_no_proxy_etcd_host_ips }}"
+
+- name: Install the systemd units
+ include: systemd_units.yml
+
+- name: Checking for journald.conf
+ stat: path=/etc/systemd/journald.conf
+ register: journald_conf_file
+
+- name: Update journald setup
+ replace:
+ dest: /etc/systemd/journald.conf
+ regexp: '^(\#| )?{{ item.var }}=\s*.*?$'
+ replace: ' {{ item.var }}={{ item.val }}'
+ backup: yes
+ with_items: "{{ journald_vars_to_replace | default([]) }}"
+ when: journald_conf_file.stat.exists
+ register: journald_update
+
+# I need to restart journald immediatelly, otherwise it gets into way during
+# further steps in ansible
+- name: Restart journald
+ systemd:
+ name: systemd-journald
+ state: restarted
+ when: journald_update | changed
+
+- name: Install Master system container
+ include: system_container.yml
+ when:
+ - openshift.common.is_containerized | bool
+ - openshift.common.is_master_system_container | bool
+
+- name: Create session secrets file
+ template:
+ dest: "{{ openshift.master.session_secrets_file }}"
+ src: sessionSecretsFile.yaml.v1.j2
+ owner: root
+ group: root
+ mode: 0600
+ when:
+ - openshift.master.session_auth_secrets is defined
+ - openshift.master.session_encryption_secrets is defined
+ notify:
+ - restart master api
+
+- set_fact:
+ translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1') }}"
+
+# TODO: add the validate parameter when there is a validation command to run
+- name: Create master config
+ template:
+ dest: "{{ openshift_master_config_file }}"
+ src: master.yaml.v1.j2
+ backup: true
+ owner: root
+ group: root
+ mode: 0600
+ notify:
+ - restart master api
+ - restart master controllers
+
+- name: modify controller args
+ yedit:
+ src: /etc/origin/master/master-config.yaml
+ edits:
+ - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file
+ value:
+ - /etc/origin/master/ca.crt
+ - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file
+ value:
+ - /etc/origin/master/ca.key
+ notify:
+ - restart master controllers
+ when: openshift_master_bootstrap_enabled | default(False)
+
+- include: set_loopback_context.yml
+ when:
+ - openshift.common.version_gte_3_2_or_1_2
+
+- name: Start and enable master api on first master
+ systemd:
+ name: "{{ openshift.common.service_type }}-master-api"
+ enabled: yes
+ state: started
+ when:
+ - openshift.master.cluster_method == 'native'
+ - inventory_hostname == openshift_master_hosts[0]
+ register: l_start_result
+ until: not l_start_result | failed
+ retries: 1
+ delay: 60
+
+- name: Dump logs from master-api if it failed
+ command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-master-api
+ when:
+ - l_start_result | failed
+
+- set_fact:
+ master_api_service_status_changed: "{{ l_start_result | changed }}"
+ when:
+ - openshift.master.cluster_method == 'native'
+ - inventory_hostname == openshift_master_hosts[0]
+
+- pause:
+ seconds: 15
+ when:
+ - openshift.master.ha | bool
+ - openshift.master.cluster_method == 'native'
+
+- name: Start and enable master api all masters
+ systemd:
+ name: "{{ openshift.common.service_type }}-master-api"
+ enabled: yes
+ state: started
+ when:
+ - openshift.master.cluster_method == 'native'
+ - inventory_hostname != openshift_master_hosts[0]
+ register: l_start_result
+ until: not l_start_result | failed
+ retries: 1
+ delay: 60
+
+- name: Dump logs from master-api if it failed
+ command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-master-api
+ when:
+ - l_start_result | failed
+
+- set_fact:
+ master_api_service_status_changed: "{{ l_start_result | changed }}"
+ when:
+ - openshift.master.cluster_method == 'native'
+ - inventory_hostname != openshift_master_hosts[0]
+
+# A separate wait is required here for native HA since notifies will
+# be resolved after all tasks in the role.
+- include: check_master_api_is_ready.yml
+ when:
+ - openshift.master.cluster_method == 'native'
+ - master_api_service_status_changed | bool
+
+- name: Start and enable master controller on first master
+ systemd:
+ name: "{{ openshift.common.service_type }}-master-controllers"
+ enabled: yes
+ state: started
+ when:
+ - openshift.master.cluster_method == 'native'
+ - inventory_hostname == openshift_master_hosts[0]
+ register: l_start_result
+ until: not l_start_result | failed
+ retries: 1
+ delay: 60
+
+- name: Dump logs from master-controllers if it failed
+ command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-master-controllers
+ when:
+ - l_start_result | failed
+
+- name: Wait for master controller service to start on first master
+ pause:
+ seconds: 15
+ when:
+ - openshift.master.cluster_method == 'native'
+
+- name: Start and enable master controller on all masters
+ systemd:
+ name: "{{ openshift.common.service_type }}-master-controllers"
+ enabled: yes
+ state: started
+ when:
+ - openshift.master.cluster_method == 'native'
+ - inventory_hostname != openshift_master_hosts[0]
+ register: l_start_result
+ until: not l_start_result | failed
+ retries: 1
+ delay: 60
+
+- name: Dump logs from master-controllers if it failed
+ command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-master-controllers
+ when:
+ - l_start_result | failed
+
+- set_fact:
+ master_controllers_service_status_changed: "{{ l_start_result | changed }}"
+ when:
+ - openshift.master.cluster_method == 'native'
+
+- name: Install cluster packages
+ package: name=pcs state=present
+ when:
+ - openshift.master.cluster_method == 'pacemaker'
+ - not openshift.common.is_containerized | bool
+ register: l_install_result
+
+- name: Start and enable cluster service
+ systemd:
+ name: pcsd
+ enabled: yes
+ state: started
+ when:
+ - openshift.master.cluster_method == 'pacemaker'
+ - not openshift.common.is_containerized | bool
+
+- name: Set the cluster user password
+ shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster
+ when:
+ - l_install_result | changed
+
+- name: node bootstrap settings
+ include: bootstrap.yml
+ when: openshift_master_bootstrap_enabled | default(False)
diff --git a/roles/openshift_master/tasks/registry_auth.yml b/roles/openshift_master/tasks/registry_auth.yml
new file mode 100644
index 000000000..63d483760
--- /dev/null
+++ b/roles/openshift_master/tasks/registry_auth.yml
@@ -0,0 +1,25 @@
+---
+- name: Check for credentials file for registry auth
+ stat:
+ path: "{{ oreg_auth_credentials_path }}"
+ when: oreg_auth_user is defined
+ register: master_oreg_auth_credentials_stat
+
+- name: Create credentials for registry auth
+ command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}"
+ when:
+ - oreg_auth_user is defined
+ - (not master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+ register: master_oreg_auth_credentials_create
+ notify:
+ - restart master api
+ - restart master controllers
+
+# Container images may need the registry credentials
+- name: Setup ro mount of /root/.docker for containerized hosts
+ set_fact:
+ l_bind_docker_reg_auth: True
+ when:
+ - openshift.common.is_containerized | bool
+ - oreg_auth_user is defined
+ - (master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace or master_oreg_auth_credentials_create.changed) | bool
diff --git a/roles/openshift_master/tasks/set_loopback_context.yml b/roles/openshift_master/tasks/set_loopback_context.yml
new file mode 100644
index 000000000..308b2f4cd
--- /dev/null
+++ b/roles/openshift_master/tasks/set_loopback_context.yml
@@ -0,0 +1,34 @@
+---
+- name: Test local loopback context
+ command: >
+ {{ openshift.common.client_binary }} config view
+ --config={{ openshift_master_loopback_config }}
+ changed_when: false
+ register: l_loopback_config
+
+- command: >
+ {{ openshift.common.client_binary }} config set-cluster
+ --certificate-authority={{ openshift_master_config_dir }}/ca.crt
+ --embed-certs=true --server={{ openshift.master.loopback_api_url }}
+ {{ openshift.master.loopback_cluster_name }}
+ --config={{ openshift_master_loopback_config }}
+ when:
+ - loopback_context_string not in l_loopback_config.stdout
+ register: set_loopback_cluster
+
+- command: >
+ {{ openshift.common.client_binary }} config set-context
+ --cluster={{ openshift.master.loopback_cluster_name }}
+ --namespace=default --user={{ openshift.master.loopback_user }}
+ {{ openshift.master.loopback_context_name }}
+ --config={{ openshift_master_loopback_config }}
+ when:
+ - set_loopback_cluster | changed
+ register: l_set_loopback_context
+
+- command: >
+ {{ openshift.common.client_binary }} config use-context {{ openshift.master.loopback_context_name }}
+ --config={{ openshift_master_loopback_config }}
+ when:
+ - l_set_loopback_context | changed
+ register: set_current_context
diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml
new file mode 100644
index 000000000..91332acfb
--- /dev/null
+++ b/roles/openshift_master/tasks/system_container.yml
@@ -0,0 +1,27 @@
+---
+- name: Pre-pull master system container image
+ command: >
+ atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}
+ register: l_pull_result
+ changed_when: "'Pulling layer' in l_pull_result.stdout"
+
+- name: Check Master system container package
+ command: >
+ atomic containers list --no-trunc -a -f container={{ openshift.common.service_type }}-master
+
+# HA
+- name: Install or Update HA api master system container
+ oc_atomic_container:
+ name: "{{ openshift.common.service_type }}-master-api"
+ image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
+ state: latest
+ values:
+ - COMMAND=api
+
+- name: Install or Update HA controller master system container
+ oc_atomic_container:
+ name: "{{ openshift.common.service_type }}-master-controllers"
+ image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
+ state: latest
+ values:
+ - COMMAND=controllers
diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml
new file mode 100644
index 000000000..fcc66044b
--- /dev/null
+++ b/roles/openshift_master/tasks/systemd_units.yml
@@ -0,0 +1,140 @@
+---
+# systemd_units.yml is included both in the openshift_master role and in the upgrade
+# playbooks.
+
+- include: upgrade_facts.yml
+ when: openshift_master_defaults_in_use is not defined
+
+- name: Set HA Service Info for containerized installs
+ set_fact:
+ containerized_svc_dir: "/etc/systemd/system"
+ ha_svc_template_path: "docker-cluster"
+ when:
+ - openshift.common.is_containerized | bool
+
+- include: registry_auth.yml
+
+- name: Remove the legacy master service if it exists
+ include: clean_systemd_units.yml
+
+# This is the image used for both HA and non-HA clusters:
+- name: Pre-pull master image
+ command: >
+ docker pull {{ openshift.master.master_image }}:{{ openshift_image_tag }}
+ register: l_pull_result
+ changed_when: "'Downloaded newer image' in l_pull_result.stdout"
+ when:
+ - openshift.common.is_containerized | bool
+ - not openshift.common.is_master_system_container | bool
+
+- name: Create the ha systemd unit files
+ template:
+ src: "{{ ha_svc_template_path }}/atomic-openshift-master-{{ item }}.service.j2"
+ dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master-{{ item }}.service"
+ when:
+ - openshift.master.cluster_method == "native"
+ - not openshift.common.is_master_system_container | bool
+ with_items:
+ - api
+ - controllers
+ register: l_create_ha_unit_files
+
+- command: systemctl daemon-reload
+ when:
+ - l_create_ha_unit_files | changed
+# end workaround for missing systemd unit files
+
+- name: Preserve Master API Proxy Config options
+ command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+ register: l_master_api_proxy
+ when:
+ - openshift.master.cluster_method == "native"
+ failed_when: false
+ changed_when: false
+
+- name: Preserve Master API AWS options
+ command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+ register: master_api_aws
+ when:
+ - openshift.master.cluster_method == "native"
+ failed_when: false
+ changed_when: false
+
+- name: Create the master api service env file
+ template:
+ src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2"
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+ backup: true
+ when:
+ - openshift.master.cluster_method == "native"
+ notify:
+ - restart master api
+
+- name: Restore Master API Proxy Config Options
+ when:
+ - openshift.master.cluster_method == "native"
+ - l_master_api_proxy.rc == 0
+ - "'http_proxy' not in openshift.common"
+ - "'https_proxy' not in openshift.common"
+ lineinfile:
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+ line: "{{ item }}"
+ with_items: "{{ l_master_api_proxy.stdout_lines | default([]) }}"
+
+- name: Restore Master API AWS Options
+ when:
+ - openshift.master.cluster_method == "native"
+ - master_api_aws.rc == 0
+ - not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined)
+ lineinfile:
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+ line: "{{ item }}"
+ with_items: "{{ master_api_aws.stdout_lines | default([]) }}"
+ no_log: True
+
+- name: Preserve Master Controllers Proxy Config options
+ command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+ register: master_controllers_proxy
+ when:
+ - openshift.master.cluster_method == "native"
+ failed_when: false
+ changed_when: false
+
+- name: Preserve Master Controllers AWS options
+ command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+ register: master_controllers_aws
+ when:
+ - openshift.master.cluster_method == "native"
+ failed_when: false
+ changed_when: false
+
+- name: Create the master controllers service env file
+ template:
+ src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2"
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+ backup: true
+ when:
+ - openshift.master.cluster_method == "native"
+ notify:
+ - restart master controllers
+
+- name: Restore Master Controllers Proxy Config Options
+ lineinfile:
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+ line: "{{ item }}"
+ with_items: "{{ master_controllers_proxy.stdout_lines | default([]) }}"
+ when:
+ - openshift.master.cluster_method == "native"
+ - master_controllers_proxy.rc == 0
+ - "'http_proxy' not in openshift.common"
+ - "'https_proxy' not in openshift.common"
+
+- name: Restore Master Controllers AWS Options
+ lineinfile:
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+ line: "{{ item }}"
+ with_items: "{{ master_controllers_aws.stdout_lines | default([]) }}"
+ when:
+ - openshift.master.cluster_method == "native"
+ - master_controllers_aws.rc == 0
+ - not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined)
diff --git a/roles/openshift_master/tasks/update_etcd_client_urls.yml b/roles/openshift_master/tasks/update_etcd_client_urls.yml
new file mode 100644
index 000000000..1ab105808
--- /dev/null
+++ b/roles/openshift_master/tasks/update_etcd_client_urls.yml
@@ -0,0 +1,8 @@
+---
+- yedit:
+ src: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ key: 'etcdClientInfo.urls'
+ value: "{{ openshift.master.etcd_urls }}"
+ notify:
+ - restart master api
+ - restart master controllers
diff --git a/roles/openshift_master/tasks/upgrade_facts.yml b/roles/openshift_master/tasks/upgrade_facts.yml
new file mode 100644
index 000000000..f6ad438aa
--- /dev/null
+++ b/roles/openshift_master/tasks/upgrade_facts.yml
@@ -0,0 +1,33 @@
+---
+# This file exists because we call systemd_units.yml from outside of the role
+# during upgrades. When we remove this pattern, we can probably
+# eliminate most of these set_fact items.
+
+- name: Set openshift_master_config_dir if unset
+ set_fact:
+ openshift_master_config_dir: '/etc/origin/master'
+ when: openshift_master_config_dir is not defined
+
+- name: Set r_openshift_master_data_dir if unset
+ set_fact:
+ r_openshift_master_data_dir: "{{ openshift_data_dir | default('/var/lib/origin') }}"
+ when: r_openshift_master_data_dir is not defined
+
+- set_fact:
+ oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker"
+ when: oreg_auth_credentials_path is not defined
+
+- set_fact:
+ oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
+ when: oreg_host is not defined
+
+- name: Set openshift_master_debug_level
+ set_fact:
+ openshift_master_debug_level: "{{ debug_level | default(2) }}"
+ when:
+ - openshift_master_debug_level is not defined
+
+- name: Init HA Service Info
+ set_fact:
+ containerized_svc_dir: "{{ containerized_svc_dir | default('/usr/lib/systemd/system') }}"
+ ha_svc_template_path: "{{ ha_svc_template_path | default('native-cluster') }}"
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-15 18:20:33 +0000