diff options
Diffstat (limited to 'roles/openshift_master')
-rw-r--r-- | roles/openshift_master/handlers/main.yml | 4 | ||||
-rw-r--r-- | roles/openshift_master/tasks/main.yml | 75 | ||||
-rw-r--r-- | roles/openshift_master/templates/atomic-openshift-master-api.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-api) | 2 | ||||
-rw-r--r-- | roles/openshift_master/templates/atomic-openshift-master-api.service.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-api.service) | 8 | ||||
-rw-r--r-- | roles/openshift_master/templates/atomic-openshift-master-controllers.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-controllers) | 2 | ||||
-rw-r--r-- | roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-controllers.service) | 12 | ||||
-rw-r--r-- | roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 | 7 | ||||
-rw-r--r-- | roles/openshift_master/vars/main.yml | 1 |
8 files changed, 71 insertions, 40 deletions
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index ad3ac5a9f..4b9500cbd 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -5,10 +5,10 @@ - name: restart master api service: name={{ openshift.common.service_type }}-master-api state=restarted - when: openshift_master_ha | bool + when: (openshift_master_ha | bool) and (not master_api_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' # TODO: need to fix up ignore_errors here - name: restart master controllers service: name={{ openshift.common.service_type }}-master-controllers state=restarted - when: openshift_master_ha | bool + when: (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' ignore_errors: yes diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 290f22358..be77fce4a 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -8,17 +8,23 @@ - openshift_master_oauth_grant_method in openshift_master_valid_grant_methods when: openshift_master_oauth_grant_method is defined -#- fail: -# msg: "openshift_master_cluster_password must be set for multi-master installations" -# when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool and openshift_master_cluster_password is not defined +- fail: + msg: "openshift_master_cluster_method must be set to either 'native' or 'pacemaker' for multi-master installations" + when: openshift_master_ha | bool and ((openshift_master_cluster_method is not defined) or (openshift_master_cluster_method is defined and openshift_master_cluster_method not in ["native", "pacemaker"])) +- fail: + msg: "'native' high availability is not supported for the requested OpenShift version" + when: openshift_master_ha | bool and openshift_master_cluster_method == "native" and not openshift.common.version_greater_than_3_1_or_1_1 | bool +- fail: + msg: "openshift_master_cluster_password must be set for multi-master installations" + when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password) - name: Set master facts openshift_facts: role: master local_facts: + cluster_method: "{{ openshift_master_cluster_method | default(None) }}" cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" - cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}" debug_level: "{{ openshift_master_debug_level | default(openshift.common.debug_level) }}" api_port: "{{ openshift_master_api_port | default(None) }}" api_url: "{{ openshift_master_api_url | default(None) }}" @@ -41,6 +47,8 @@ portal_net: "{{ openshift_master_portal_net | default(None) }}" session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}" session_name: "{{ openshift_master_session_name | default(None) }}" + session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(None) }}" + session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(None) }}" session_secrets_file: "{{ openshift_master_session_secrets_file | default(None) }}" access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}" auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}" @@ -67,7 +75,7 @@ controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}" - name: Install Master package - yum: pkg={{ openshift.common.service_type }}-master state=present + yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present register: install_result # TODO: These values need to be configurable @@ -79,7 +87,7 @@ domain: cluster.local when: openshift.master.embedded_dns -- name: Create config parent directory if it doesn't exist +- name: Create config parent directory if it does not exist file: path: "{{ openshift_master_config_dir }}" state: directory @@ -128,28 +136,37 @@ # workaround for missing systemd unit files for controllers/api - name: Create the api service file - copy: - src: atomic-openshift-master-api.service - dest: /usr/lib/systemd/system/atomic-openshift-master-api.service + template: + src: atomic-openshift-master-api.service.j2 + dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-api.service force: no - name: Create the controllers service file - copy: - src: atomic-openshift-master-controllers.service - dest: /usr/lib/systemd/system/atomic-openshift-master-controllers.service + template: + src: atomic-openshift-master-controllers.service.j2 + dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-controllers.service force: no - name: Create the api env file - copy: - src: atomic-openshift-master-api - dest: /etc/sysconfig/atomic-openshift-master-api + template: + src: atomic-openshift-master-api.j2 + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api force: no - name: Create the controllers env file - copy: - src: atomic-openshift-master-controllers - dest: /etc/sysconfig/atomic-openshift-master-controllers + template: + src: atomic-openshift-master-controllers.j2 + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers force: no - command: systemctl daemon-reload # end workaround for missing systemd unit files +- name: Create session secrets file + template: + dest: "{{ openshift.master.session_secrets_file }}" + src: sessionSecretsFile.yaml.v1.j2 + force: no + notify: + - restart master + - restart master api + # TODO: add the validate parameter when there is a validation command to run - name: Create master config template: @@ -166,6 +183,7 @@ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master regexp: "{{ item.regex }}" line: "{{ item.line }}" + create: yes with_items: - regex: '^OPTIONS=' line: "OPTIONS=--loglevel={{ openshift.master.debug_level }}" @@ -205,34 +223,39 @@ when: not openshift_master_ha | bool register: start_result +- set_fact: + master_service_status_changed = start_result | changed + when: not openshift_master_ha | bool + - name: Start and enable master api service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started - when: openshift_master_ha | bool + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' register: start_result -- name: pause to prevent service restart from interfering with bootstrapping - pause: seconds=30 - when: openshift_master_ha | bool +- set_fact: + master_api_service_status_changed = start_result | changed + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' # TODO: fix the ugly workaround of setting ignore_errors # the controllers service tries to start even if it is already started - name: Start and enable master controller service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started - when: openshift_master_ha | bool + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' register: start_result ignore_errors: yes - set_fact: - master_service_status_changed = start_result | changed + master_controllers_service_status_changed = start_result | changed + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' - name: Install cluster packages yum: pkg=pcs state=present - when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool + when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' register: install_result - name: Start and enable cluster service service: name=pcsd enabled=yes state=started - when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool + when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' - name: Set the cluster user password shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster diff --git a/roles/openshift_master/files/atomic-openshift-master-api b/roles/openshift_master/templates/atomic-openshift-master-api.j2 index ea82468a0..205934248 100644 --- a/roles/openshift_master/files/atomic-openshift-master-api +++ b/roles/openshift_master/templates/atomic-openshift-master-api.j2 @@ -1,5 +1,5 @@ OPTIONS= -CONFIG_FILE=/etc/origin/master/master-config.yaml +CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml # Proxy configuration # Origin uses standard HTTP_PROXY environment variables. Be sure to set diff --git a/roles/openshift_master/files/atomic-openshift-master-api.service b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 index 4663b77f2..ba19fb348 100644 --- a/roles/openshift_master/files/atomic-openshift-master-api.service +++ b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 @@ -3,19 +3,19 @@ Description=Atomic OpenShift Master API Documentation=https://github.com/openshift/origin After=network.target After=etcd.service -Before=atomic-openshift-node.service +Before={{ openshift.common.service_type }}-node.service Requires=network.target [Service] Type=notify -EnvironmentFile=/etc/sysconfig/atomic-openshift-master-api +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api Environment=GOTRACEBACK=crash ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS LimitNOFILE=131072 LimitCORE=infinity -WorkingDirectory=/var/lib/origin/ +WorkingDirectory={{ openshift.common.data_dir }} SyslogIdentifier=atomic-openshift-master-api [Install] WantedBy=multi-user.target -WantedBy=atomic-openshift-node.service +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 index ea82468a0..205934248 100644 --- a/roles/openshift_master/files/atomic-openshift-master-controllers +++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 @@ -1,5 +1,5 @@ OPTIONS= -CONFIG_FILE=/etc/origin/master/master-config.yaml +CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml # Proxy configuration # Origin uses standard HTTP_PROXY environment variables. Be sure to set diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers.service b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 index 517f9c908..8952c86ef 100644 --- a/roles/openshift_master/files/atomic-openshift-master-controllers.service +++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 @@ -2,21 +2,21 @@ Description=Atomic OpenShift Master Controllers Documentation=https://github.com/openshift/origin After=network.target -After=atomic-openshift-master-api.service -Before=atomic-openshift-node.service +After={{ openshift.common.service_type }}-master-api.service +Before={{ openshift.common.service_type }}-node.service Requires=network.target [Service] Type=notify -EnvironmentFile=/etc/sysconfig/atomic-openshift-master-controllers +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers Environment=GOTRACEBACK=crash ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS LimitNOFILE=131072 LimitCORE=infinity -WorkingDirectory=/var/lib/origin/ -SyslogIdentifier=atomic-openshift-master-controllers +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier={{ openshift.common.service_type }}-master-controllers Restart=on-failure [Install] WantedBy=multi-user.target -WantedBy=atomic-openshift-node.service +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 new file mode 100644 index 000000000..d12d9db90 --- /dev/null +++ b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: SessionSecrets +secrets: +{% for secret in openshift_master_session_auth_secrets %} +- authentication: "{{ openshift_master_session_auth_secrets[loop.index0] }}" + encryption: "{{ openshift_master_session_encryption_secrets[loop.index0] }}" +{% endfor %} diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index ecdb4f883..534465451 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -2,6 +2,7 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml" openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json" +openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" openshift_version: "{{ openshift_pkg_version | default('') }}" |