summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_master')
-rw-r--r--roles/openshift_master/defaults/main.yml13
-rw-r--r--roles/openshift_master/tasks/main.yml41
2 files changed, 37 insertions, 17 deletions
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index 3c941089c..0159afbb5 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -1,3 +1,16 @@
---
openshift_master_manage_service_externally: false
openshift_master_debug_level: "{{ openshift_debug_level | default(0) }}"
+openshift_node_ips: []
+os_firewall_allow:
+- service: etcd embedded
+ port: 4001/tcp
+- service: etcd peer
+ port: 7001/tcp
+- service: OpenShift api https
+ port: 8443/tcp
+- service: OpenShift web console https
+ port: 8444/tcp
+os_firewall_deny:
+- service: OpenShift api http
+ port: 8080/tcp
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 2f8f8b950..7a7f02be9 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -2,27 +2,13 @@
- name: Install OpenShift Master package
yum: pkg=openshift-master state=installed
-- name: Configure firewall for OpenShift Master
- include: "{{ role_path | dirname }}/openshift_common/tasks/firewall.yml"
- allow:
- - service: etcd embedded
- port: 4001/tcp
- - service: etcd peer
- port: 7001/tcp
- - service: OpenShift api https
- port: 8443/tcp
- - service: OpenShift web console https
- port: 8444/tcp
- deny:
- - service: OpenShift api http
- port: 8080/tcp
-
- name: Configure OpenShift settings
lineinfile:
dest: /etc/sysconfig/openshift-master
regexp: '^OPTIONS='
- line: "OPTIONS=\"--public-master={{ openshift_hostname }} --nodes={{ openshift_node_ips
- | join(',') }} --loglevel={{ openshift_master_debug_level }}\""
+ line: "OPTIONS=\"--public-master={{ openshift_hostname }} {% if
+ openshift_node_ips %} --nodes={{ openshift_node_ips
+ | join(',') }} {% endif %} --loglevel={{ openshift_master_debug_level }}\""
notify:
- restart openshift-master
@@ -51,7 +37,28 @@
- name: Start and enable openshift-master
service: name=openshift-master enabled=yes state=started
when: not openshift_master_manage_service_externally
+ register: result
+
+#TODO: remove this when origin PR #1204 has landed in OSE
+- name: need to pause here, otherwise we attempt to copy certificates generated by the master before they are generated
+ pause: seconds=30
+ when: result | changed
- name: Disable openshift-master if openshift-master is managed externally
service: name=openshift-master enabled=false
when: openshift_master_manage_service_externally
+
+# TODO: create an os_vars role that has generic env related config and move
+# the root kubeconfig setting there, cannot use dependencies to force ordering
+# with openshift_node and openshift_master because the way conditional
+# dependencies work with current ansible would also exclude the
+# openshift_common dependency.
+- name: Create .kube directory
+ file:
+ path: /root/.kube
+ state: directory
+ mode: 0700
+- name: Configure root user kubeconfig
+ command: cp /var/lib/openshift/openshift.local.certificates/admin/.kubeconfig /root/.kube/.kubeconfig
+ args:
+ creates: /root/.kube/.kubeconfig
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-15 07:04:56 +0000