summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_master')
-rw-r--r--roles/openshift_master/defaults/main.yml20
-rw-r--r--roles/openshift_master/tasks/main.yml24
-rw-r--r--roles/openshift_master/tasks/system_container.yml6
-rw-r--r--roles/openshift_master/tasks/systemd_units.yml10
-rw-r--r--roles/openshift_master/tasks/upgrade.yml10
-rw-r--r--roles/openshift_master/tasks/upgrade/rpm_upgrade.yml2
-rw-r--r--roles/openshift_master/templates/htpasswd.j22
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j214
8 files changed, 55 insertions, 33 deletions
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index 3fb94fff8..8e4a46ebb 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -7,6 +7,22 @@ openshift_master_debug_level: "{{ debug_level | default(2) }}"
r_openshift_master_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
r_openshift_master_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
+system_images_registry_dict:
+ openshift-enterprise: "registry.access.redhat.com"
+ origin: "docker.io"
+
+system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}"
+
+l_is_master_system_container: "{{ (openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool) }}"
+
+openshift_master_dns_port: 8053
+osm_default_node_selector: ''
+osm_project_request_template: ''
+osm_mcs_allocator_range: 's0:/2'
+osm_mcs_labels_per_project: 5
+osm_uid_allocator_range: '1000000000-1999999999/10000'
+osm_project_request_message: ''
+
openshift_node_ips: []
r_openshift_master_clean_install: false
r_openshift_master_etcd3_storage: false
@@ -18,9 +34,9 @@ default_r_openshift_master_os_firewall_allow:
- service: api controllers https
port: "{{ openshift.master.controllers_port }}/tcp"
- service: skydns tcp
- port: "{{ openshift.master.dns_port }}/tcp"
+ port: "{{ openshift_master_dns_port }}/tcp"
- service: skydns udp
- port: "{{ openshift.master.dns_port }}/udp"
+ port: "{{ openshift_master_dns_port }}/udp"
- service: etcd embedded
port: 4001/tcp
cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index b6d3539b1..e52cd6231 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -31,8 +31,7 @@
- openshift.common.is_containerized | bool
- name: Open up firewall ports
- include: firewall.yml
- static: yes
+ import_tasks: firewall.yml
- name: Install Master package
package:
@@ -40,6 +39,8 @@
state: present
when:
- not openshift.common.is_containerized | bool
+ register: result
+ until: result | success
- name: Create r_openshift_master_data_dir
file:
@@ -89,6 +90,8 @@
- item.kind == 'HTPasswdPasswordIdentityProvider'
- not openshift.common.is_atomic | bool
with_items: "{{ openshift.master.identity_providers }}"
+ register: result
+ until: result | success
- name: Ensure htpasswd directory exists
file:
@@ -172,16 +175,16 @@
no_proxy_etcd_host_ips: "{{ openshift_no_proxy_etcd_host_ips }}"
- name: Update journald config
- include: journald.yml
+ include_tasks: journald.yml
- name: Install the systemd units
- include: systemd_units.yml
+ include_tasks: systemd_units.yml
- name: Install Master system container
- include: system_container.yml
+ include_tasks: system_container.yml
when:
- openshift.common.is_containerized | bool
- - openshift.common.is_master_system_container | bool
+ - l_is_master_system_container | bool
- name: Create session secrets file
template:
@@ -212,10 +215,10 @@
- restart master api
- restart master controllers
-- include: bootstrap_settings.yml
+- include_tasks: bootstrap_settings.yml
when: openshift_master_bootstrap_enabled | default(False)
-- include: set_loopback_context.yml
+- include_tasks: set_loopback_context.yml
- name: Start and enable master api on first master
systemd:
@@ -273,7 +276,7 @@
# A separate wait is required here for native HA since notifies will
# be resolved after all tasks in the role.
-- include: check_master_api_is_ready.yml
+- include_tasks: check_master_api_is_ready.yml
when:
- openshift.master.cluster_method == 'native'
- master_api_service_status_changed | bool
@@ -307,6 +310,7 @@
- openshift.master.cluster_method == 'pacemaker'
- not openshift.common.is_containerized | bool
register: l_install_result
+ until: l_install_result | success
- name: Start and enable cluster service
systemd:
@@ -323,5 +327,5 @@
- l_install_result | changed
- name: node bootstrap settings
- include: bootstrap.yml
+ include_tasks: bootstrap.yml
when: openshift_master_bootstrap_enabled | default(False)
diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml
index 843352532..23386f11b 100644
--- a/roles/openshift_master/tasks/system_container.yml
+++ b/roles/openshift_master/tasks/system_container.yml
@@ -6,7 +6,7 @@
- name: Pre-pull master system container image
command: >
- atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}
+ atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}
register: l_pull_result
changed_when: "'Pulling layer' in l_pull_result.stdout"
@@ -18,7 +18,7 @@
- name: Install or Update HA api master system container
oc_atomic_container:
name: "{{ openshift.common.service_type }}-master-api"
- image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
+ image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
state: latest
values:
- COMMAND=api
@@ -26,7 +26,7 @@
- name: Install or Update HA controller master system container
oc_atomic_container:
name: "{{ openshift.common.service_type }}-master-controllers"
- image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
+ image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
state: latest
values:
- COMMAND=controllers
diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml
index b0fa72f19..9d11ed574 100644
--- a/roles/openshift_master/tasks/systemd_units.yml
+++ b/roles/openshift_master/tasks/systemd_units.yml
@@ -9,7 +9,7 @@
when:
- openshift.common.is_containerized | bool
-- include: registry_auth.yml
+- include_tasks: registry_auth.yml
- name: Disable the legacy master service if it exists
systemd:
@@ -26,7 +26,7 @@
ignore_errors: true
when:
- openshift.master.cluster_method == "native"
- - not openshift.common.is_master_system_container | bool
+ - not l_is_master_system_container | bool
# This is the image used for both HA and non-HA clusters:
- name: Pre-pull master image
@@ -36,7 +36,7 @@
changed_when: "'Downloaded newer image' in l_pull_result.stdout"
when:
- openshift.common.is_containerized | bool
- - not openshift.common.is_master_system_container | bool
+ - not l_is_master_system_container | bool
- name: Create the ha systemd unit files
template:
@@ -44,7 +44,7 @@
dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master-{{ item }}.service"
when:
- openshift.master.cluster_method == "native"
- - not openshift.common.is_master_system_container | bool
+ - not l_is_master_system_container | bool
with_items:
- api
- controllers
@@ -64,7 +64,7 @@
- controllers
when:
- openshift.master.cluster_method == "native"
- - not openshift.common.is_master_system_container | bool
+ - not l_is_master_system_container | bool
- name: Preserve Master API Proxy Config options
command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api
diff --git a/roles/openshift_master/tasks/upgrade.yml b/roles/openshift_master/tasks/upgrade.yml
index 92371921d..f84cf2f6e 100644
--- a/roles/openshift_master/tasks/upgrade.yml
+++ b/roles/openshift_master/tasks/upgrade.yml
@@ -1,16 +1,16 @@
---
-- include: upgrade/rpm_upgrade.yml
+- include_tasks: upgrade/rpm_upgrade.yml
when: not openshift.common.is_containerized | bool
-- include: upgrade/upgrade_scheduler.yml
+- include_tasks: upgrade/upgrade_scheduler.yml
# master_config_hook is passed in from upgrade play.
-- include: "upgrade/{{ master_config_hook }}"
+- include_tasks: "upgrade/{{ master_config_hook }}"
when: master_config_hook is defined
-- include: journald.yml
+- include_tasks: journald.yml
-- include: systemd_units.yml
+- include_tasks: systemd_units.yml
- name: Check for ca-bundle.crt
stat:
diff --git a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
index f914a9978..caab3045a 100644
--- a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
+++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
@@ -18,3 +18,5 @@
- "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}"
- "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}"
- "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}"
+ register: result
+ until: result | success
diff --git a/roles/openshift_master/templates/htpasswd.j2 b/roles/openshift_master/templates/htpasswd.j2
index ba2c02e20..7e2e05076 100644
--- a/roles/openshift_master/templates/htpasswd.j2
+++ b/roles/openshift_master/templates/htpasswd.j2
@@ -1,5 +1,5 @@
{% if 'htpasswd_users' in openshift.master %}
-{% for user,pass in openshift.master.htpasswd_users.iteritems() %}
+{% for user,pass in openshift.master.htpasswd_users.items() %}
{{ user ~ ':' ~ pass }}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 629fe3286..a0f00e545 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -65,7 +65,7 @@ disabledFeatures: {{ openshift.master.disabled_features | to_json }}
{% endif %}
{% if openshift.master.embedded_dns | bool %}
dnsConfig:
- bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}
+ bindAddress: {{ openshift.master.bind_addr }}:{{ openshift_master_dns_port }}
bindNetwork: tcp4
{% endif %}
etcdClientInfo:
@@ -196,13 +196,13 @@ policyConfig:
openshiftInfrastructureNamespace: openshift-infra
openshiftSharedResourcesNamespace: openshift
projectConfig:
- defaultNodeSelector: "{{ openshift.master.default_node_selector }}"
- projectRequestMessage: "{{ openshift.master.project_request_message }}"
- projectRequestTemplate: "{{ openshift.master.project_request_template }}"
+ defaultNodeSelector: "{{ osm_default_node_selector }}"
+ projectRequestMessage: "{{ osm_project_request_message }}"
+ projectRequestTemplate: "{{ osm_project_request_template }}"
securityAllocator:
- mcsAllocatorRange: "{{ openshift.master.mcs_allocator_range }}"
- mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }}
- uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}"
+ mcsAllocatorRange: "{{ osm_mcs_allocator_range }}"
+ mcsLabelsPerProject: {{ osm_mcs_labels_per_project }}
+ uidAllocatorRange: "{{ osm_uid_allocator_range }}"
routingConfig:
subdomain: "{{ openshift_master_default_subdomain | default("") }}"
serviceAccountConfig:
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 20:58:25 +0000