diff options
Diffstat (limited to 'roles/openshift_master')
-rw-r--r-- | roles/openshift_master/defaults/main.yml | 13 | ||||
-rw-r--r-- | roles/openshift_master/tasks/main.yml | 41 |
2 files changed, 37 insertions, 17 deletions
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 3c941089c..0159afbb5 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -1,3 +1,16 @@ --- openshift_master_manage_service_externally: false openshift_master_debug_level: "{{ openshift_debug_level | default(0) }}" +openshift_node_ips: [] +os_firewall_allow: +- service: etcd embedded + port: 4001/tcp +- service: etcd peer + port: 7001/tcp +- service: OpenShift api https + port: 8443/tcp +- service: OpenShift web console https + port: 8444/tcp +os_firewall_deny: +- service: OpenShift api http + port: 8080/tcp diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 2f8f8b950..7a7f02be9 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -2,27 +2,13 @@ - name: Install OpenShift Master package yum: pkg=openshift-master state=installed -- name: Configure firewall for OpenShift Master - include: "{{ role_path | dirname }}/openshift_common/tasks/firewall.yml" - allow: - - service: etcd embedded - port: 4001/tcp - - service: etcd peer - port: 7001/tcp - - service: OpenShift api https - port: 8443/tcp - - service: OpenShift web console https - port: 8444/tcp - deny: - - service: OpenShift api http - port: 8080/tcp - - name: Configure OpenShift settings lineinfile: dest: /etc/sysconfig/openshift-master regexp: '^OPTIONS=' - line: "OPTIONS=\"--public-master={{ openshift_hostname }} --nodes={{ openshift_node_ips - | join(',') }} --loglevel={{ openshift_master_debug_level }}\"" + line: "OPTIONS=\"--public-master={{ openshift_hostname }} {% if + openshift_node_ips %} --nodes={{ openshift_node_ips + | join(',') }} {% endif %} --loglevel={{ openshift_master_debug_level }}\"" notify: - restart openshift-master @@ -51,7 +37,28 @@ - name: Start and enable openshift-master service: name=openshift-master enabled=yes state=started when: not openshift_master_manage_service_externally + register: result + +#TODO: remove this when origin PR #1204 has landed in OSE +- name: need to pause here, otherwise we attempt to copy certificates generated by the master before they are generated + pause: seconds=30 + when: result | changed - name: Disable openshift-master if openshift-master is managed externally service: name=openshift-master enabled=false when: openshift_master_manage_service_externally + +# TODO: create an os_vars role that has generic env related config and move +# the root kubeconfig setting there, cannot use dependencies to force ordering +# with openshift_node and openshift_master because the way conditional +# dependencies work with current ansible would also exclude the +# openshift_common dependency. +- name: Create .kube directory + file: + path: /root/.kube + state: directory + mode: 0700 +- name: Configure root user kubeconfig + command: cp /var/lib/openshift/openshift.local.certificates/admin/.kubeconfig /root/.kube/.kubeconfig + args: + creates: /root/.kube/.kubeconfig |