diff options
Diffstat (limited to 'roles/openshift_node/tasks')
30 files changed, 593 insertions, 107 deletions
diff --git a/roles/openshift_node/tasks/aws.yml b/roles/openshift_node/tasks/aws.yml index 38c2b794d..a7f1fc116 100644 --- a/roles/openshift_node/tasks/aws.yml +++ b/roles/openshift_node/tasks/aws.yml @@ -1,7 +1,7 @@ --- - name: Configure AWS Cloud Provider Settings lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + dest: /etc/sysconfig/{{ openshift_service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" create: true diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml index 8c03f6c41..1a6f209e0 100644 --- a/roles/openshift_node/tasks/bootstrap.yml +++ b/roles/openshift_node/tasks/bootstrap.yml @@ -3,7 +3,9 @@ package: name: "{{ item }}" state: present - with_items: "{{ openshift_node_ami_prep_packages }}" + with_items: "{{ r_openshift_node_image_prep_packages }}" + register: result + until: result is succeeded - name: create the directory for node file: @@ -25,15 +27,15 @@ state: "{{ item.state | default('present') }}" with_items: # add the kubeconfig - - line: "KUBECONFIG=/etc/origin/node/csr_kubeconfig" + - line: "KUBECONFIG={{ openshift_node_config_dir }}/bootstrap.kubeconfig" regexp: "^KUBECONFIG=.*" # remove the config file. This comes from openshift_facts - - regexp: "^CONFIG_FILE=.*" - state: absent + - line: "CONFIG_FILE={{ openshift_node_config_dir }}/node-config.yaml" + regexp: "^CONFIG_FILE=.*" - name: include aws sysconfig credentials - include: aws.yml - static: yes + import_tasks: aws.yml + when: not (openshift_node_use_instance_profiles | default(False)) #- name: update the ExecStart to have bootstrap # lineinfile: @@ -76,7 +78,7 @@ state: link force: yes with_items: - - /var/lib/origin/openshift.local.config/node/node-client-ca.crt + - "{{ openshift_node_config_dir }}/node-client-ca.crt" - when: rpmgenerated_config.stat.exists block: diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml index c08f43118..1103fe4c9 100644 --- a/roles/openshift_node/tasks/config.yml +++ b/roles/openshift_node/tasks/config.yml @@ -1,6 +1,10 @@ --- - name: Install the systemd units - include: systemd_units.yml + include_tasks: systemd_units.yml + +- name: Pull container images + include_tasks: container_images.yml + when: openshift_is_containerized | bool - name: Start and enable openvswitch service systemd: @@ -9,20 +13,20 @@ state: started daemon_reload: yes when: - - openshift.common.is_containerized | bool + - openshift_is_containerized | bool - openshift_node_use_openshift_sdn | default(true) | bool register: ovs_start_result - until: not ovs_start_result | failed + until: not (ovs_start_result is failed) retries: 3 delay: 30 - set_fact: - ovs_service_status_changed: "{{ ovs_start_result | changed }}" + ovs_service_status_changed: "{{ ovs_start_result is changed }}" - file: - dest: "{{ (openshift_node_kubelet_args|default({'config':None})).config}}" + dest: "{{ l2_openshift_node_kubelet_args['config'] }}" state: directory - when: openshift_node_kubelet_args is defined and 'config' in openshift_node_kubelet_args + when: ('config' in l2_openshift_node_kubelet_args) | bool # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -38,23 +42,23 @@ - name: Configure Node Environment Variables lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + dest: /etc/sysconfig/{{ openshift_service_type }}-node regexp: "^{{ item.key }}=" line: "{{ item.key }}={{ item.value }}" create: true - with_dict: "{{ openshift.node.env_vars | default({}) }}" + with_dict: "{{ openshift_node_env_vars }}" notify: - restart node - name: include aws provider credentials - include: aws.yml - static: yes + import_tasks: aws.yml + when: not (openshift_node_use_instance_profiles | default(False)) # Necessary because when you're on a node that's also a master the master will be # restarted after the node restarts docker and it will take up to 60 seconds for # systemd to start the master again - when: - - openshift.common.is_containerized | bool + - openshift_is_containerized | bool - not openshift_node_bootstrap block: - name: Wait for master API to become available before proceeding @@ -76,7 +80,7 @@ - name: Start and enable node dep systemd: daemon_reload: yes - name: "{{ openshift.common.service_type }}-node-dep" + name: "{{ openshift_service_type }}-node-dep" enabled: yes state: started @@ -84,24 +88,24 @@ block: - name: Start and enable node systemd: - name: "{{ openshift.common.service_type }}-node" + name: "{{ openshift_service_type }}-node" enabled: yes state: started daemon_reload: yes register: node_start_result - until: not node_start_result | failed + until: not node_start_result is failed retries: 1 delay: 30 ignore_errors: true - name: Dump logs from node service if it failed - command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-node - when: node_start_result | failed + command: journalctl --no-pager -n 100 -u {{ openshift_service_type }}-node + when: node_start_result is failed - name: Abort if node failed to start fail: msg: Node failed to start please inspect the logs and try again - when: node_start_result | failed + when: node_start_result is failed - set_fact: - node_service_status_changed: "{{ node_start_result | changed }}" + node_service_status_changed: "{{ node_start_result is changed }}" diff --git a/roles/openshift_node/tasks/config/configure-node-settings.yml b/roles/openshift_node/tasks/config/configure-node-settings.yml index 527580481..ebc1426d3 100644 --- a/roles/openshift_node/tasks/config/configure-node-settings.yml +++ b/roles/openshift_node/tasks/config/configure-node-settings.yml @@ -1,7 +1,7 @@ --- - name: Configure Node settings lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + dest: /etc/sysconfig/{{ openshift_service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" create: true diff --git a/roles/openshift_node/tasks/config/configure-proxy-settings.yml b/roles/openshift_node/tasks/config/configure-proxy-settings.yml index d60794305..7ddd319d2 100644 --- a/roles/openshift_node/tasks/config/configure-proxy-settings.yml +++ b/roles/openshift_node/tasks/config/configure-proxy-settings.yml @@ -1,7 +1,7 @@ --- - name: Configure Proxy Settings lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + dest: /etc/sysconfig/{{ openshift_service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" create: true diff --git a/roles/openshift_node/tasks/config/install-node-deps-docker-service-file.yml b/roles/openshift_node/tasks/config/install-node-deps-docker-service-file.yml index ee91a88ab..9f1145d12 100644 --- a/roles/openshift_node/tasks/config/install-node-deps-docker-service-file.yml +++ b/roles/openshift_node/tasks/config/install-node-deps-docker-service-file.yml @@ -1,7 +1,7 @@ --- - name: Install Node dependencies docker service file template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node-dep.service" + dest: "/etc/systemd/system/{{ openshift_service_type }}-node-dep.service" src: openshift.docker.node.dep.service notify: - reload systemd units diff --git a/roles/openshift_node/tasks/config/install-node-docker-service-file.yml b/roles/openshift_node/tasks/config/install-node-docker-service-file.yml new file mode 100644 index 000000000..649fc5f6b --- /dev/null +++ b/roles/openshift_node/tasks/config/install-node-docker-service-file.yml @@ -0,0 +1,8 @@ +--- +- name: Install Node docker service file + template: + dest: "/etc/systemd/system/{{ openshift_service_type }}-node.service" + src: openshift.docker.node.service + notify: + - reload systemd units + - restart node diff --git a/roles/openshift_node/tasks/container_images.yml b/roles/openshift_node/tasks/container_images.yml new file mode 100644 index 000000000..bb788e2f1 --- /dev/null +++ b/roles/openshift_node/tasks/container_images.yml @@ -0,0 +1,20 @@ +--- +- name: Install Node system container + include_tasks: node_system_container.yml + when: + - l_is_node_system_container | bool + +- name: Install OpenvSwitch system containers + include_tasks: openvswitch_system_container.yml + when: + - openshift_node_use_openshift_sdn | bool + - l_is_openvswitch_system_container | bool + +- name: Pre-pull openvswitch image + command: > + docker pull {{ osn_ovs_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" + when: + - openshift_node_use_openshift_sdn | bool + - not l_is_openvswitch_system_container | bool diff --git a/roles/openshift_node/tasks/dnsmasq.yml b/roles/openshift_node/tasks/dnsmasq.yml new file mode 100644 index 000000000..31ca46ec0 --- /dev/null +++ b/roles/openshift_node/tasks/dnsmasq.yml @@ -0,0 +1,26 @@ +--- +- name: Install dnsmasq configuration + template: + src: origin-dns.conf.j2 + dest: /etc/dnsmasq.d/origin-dns.conf + notify: restart dnsmasq + +- name: Deploy additional dnsmasq.conf + template: + src: "{{ openshift_node_dnsmasq_additional_config_file }}" + dest: /etc/dnsmasq.d/openshift-ansible.conf + owner: root + group: root + mode: 0644 + when: openshift_node_dnsmasq_additional_config_file is defined + notify: restart dnsmasq + +- name: Enable dnsmasq + systemd: + name: dnsmasq + enabled: yes + state: started + +# Dynamic NetworkManager based dispatcher +- include_tasks: dnsmasq/network-manager.yml + when: network_manager_active | bool diff --git a/roles/openshift_node/tasks/dnsmasq/network-manager.yml b/roles/openshift_node/tasks/dnsmasq/network-manager.yml new file mode 100644 index 000000000..e5a92a630 --- /dev/null +++ b/roles/openshift_node/tasks/dnsmasq/network-manager.yml @@ -0,0 +1,10 @@ +--- +- name: Install network manager dispatch script + copy: + src: networkmanager/99-origin-dns.sh + dest: /etc/NetworkManager/dispatcher.d/ + mode: 0755 + notify: restart NetworkManager + when: openshift_node_dnsmasq_install_network_manager_hook | default(true) | bool + +- meta: flush_handlers diff --git a/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml new file mode 100644 index 000000000..5d2c67b86 --- /dev/null +++ b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml @@ -0,0 +1,13 @@ +--- +- fail: msg="Currently, NetworkManager must be installed and enabled prior to installation." + when: not openshift_node_bootstrap | bool + +- name: Install NetworkManager during node_bootstrap provisioning + package: + name: NetworkManager + state: present + notify: restart NetworkManager + register: result + until: result is succeeded + +- include_tasks: network-manager.yml diff --git a/roles/openshift_node/tasks/dnsmasq_install.yml b/roles/openshift_node/tasks/dnsmasq_install.yml new file mode 100644 index 000000000..5e06ba032 --- /dev/null +++ b/roles/openshift_node/tasks/dnsmasq_install.yml @@ -0,0 +1,43 @@ +--- +- name: Check for NetworkManager service + command: > + systemctl show NetworkManager + register: nm_show + changed_when: false + ignore_errors: True + +- name: Set fact using_network_manager + set_fact: + network_manager_active: "{{ True if 'ActiveState=active' in nm_show.stdout else False }}" + +- name: Install dnsmasq + package: name=dnsmasq state=installed + when: not openshift_is_atomic | bool + register: result + until: result is succeeded + +- name: ensure origin/node directory exists + file: + state: directory + path: "{{ item }}" + owner: root + group: root + mode: '0700' + with_items: + - /etc/origin + - /etc/origin/node + +# this file is copied to /etc/dnsmasq.d/ when the node starts and is removed +# when the node stops. A dbus-message is sent to dnsmasq to add the same entries +# so that dnsmasq doesn't need to be restarted. Once we can use dnsmasq 2.77 or +# newer we can use --server-file option to update the servers dynamically and +# reload them by sending dnsmasq a SIGHUP. We write the file in case someone else +# triggers a restart of dnsmasq but not a node restart. +- name: Install node-dnsmasq.conf + template: + src: node-dnsmasq.conf.j2 + dest: /etc/origin/node/node-dnsmasq.conf + +# Relies on ansible in order to configure static config +- include_tasks: dnsmasq/no-network-manager.yml + when: not network_manager_active | bool diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml index 6b7e40491..55738d759 100644 --- a/roles/openshift_node/tasks/install.yml +++ b/roles/openshift_node/tasks/install.yml @@ -1,29 +1,35 @@ --- -- when: not openshift.common.is_containerized | bool +- when: not openshift_is_containerized | bool block: - name: Install Node package package: - name: "{{ openshift.common.service_type }}-node{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift_service_type }}-node{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}" state: present + register: result + until: result is succeeded - name: Install sdn-ovs package package: - name: "{{ openshift.common.service_type }}-sdn-ovs{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift_service_type }}-sdn-ovs{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}" state: present when: - openshift_node_use_openshift_sdn | bool + register: result + until: result is succeeded - name: Install conntrack-tools package package: name: "conntrack-tools" state: present + register: result + until: result is succeeded - when: - - openshift.common.is_containerized | bool - - not openshift.common.is_node_system_container | bool + - openshift_is_containerized | bool + - not l_is_node_system_container | bool block: - name: Pre-pull node image when containerized command: > - docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }} + docker pull {{ osn_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index eae9ca7bc..754ecacaf 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -3,12 +3,14 @@ msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." when: - (not ansible_selinux or ansible_selinux.status != 'enabled') - - deployment_type == 'openshift-enterprise' - - not openshift_use_crio | default(false) + - openshift_deployment_type == 'openshift-enterprise' + - not openshift_use_crio | bool + +- include_tasks: dnsmasq_install.yml +- include_tasks: dnsmasq.yml - name: setup firewall - include: firewall.yml - static: yes + import_tasks: firewall.yml #### Disable SWAP ##### # https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory @@ -41,14 +43,18 @@ #### End Disable Swap Block #### - name: include node installer - include: install.yml + include_tasks: install.yml - name: Restart cri-o systemd: name: cri-o enabled: yes state: restarted - when: openshift_use_crio | default(false) + when: openshift_use_crio | bool + register: task_result + failed_when: + - task_result is failed + - ('could not find the requested service' not in task_result.msg|lower) - name: restart NetworkManager to ensure resolv.conf is present systemd: @@ -66,34 +72,30 @@ sysctl_file: "/etc/sysctl.d/99-openshift.conf" reload: yes -- include: registry_auth.yml +- include_tasks: registry_auth.yml - name: include standard node config - include: config.yml + include_tasks: config.yml #### Storage class plugins here #### - name: NFS storage plugin configuration - include: storage_plugins/nfs.yml + include_tasks: storage_plugins/nfs.yml tags: - nfs - name: GlusterFS storage plugin configuration - include: storage_plugins/glusterfs.yml - when: "'glusterfs' in openshift.node.storage_plugin_deps" + include_tasks: storage_plugins/glusterfs.yml + when: "'glusterfs' in osn_storage_plugin_deps" - name: Ceph storage plugin configuration - include: storage_plugins/ceph.yml - when: "'ceph' in openshift.node.storage_plugin_deps" + include_tasks: storage_plugins/ceph.yml + when: "'ceph' in osn_storage_plugin_deps" - name: iSCSI storage plugin configuration - include: storage_plugins/iscsi.yml - when: "'iscsi' in openshift.node.storage_plugin_deps" + include_tasks: storage_plugins/iscsi.yml + when: "'iscsi' in osn_storage_plugin_deps" ##### END Storage ##### -- include: config/workaround-bz1331590-ovs-oom-fix.yml +- include_tasks: config/workaround-bz1331590-ovs-oom-fix.yml when: openshift_node_use_openshift_sdn | default(true) | bool - -- name: include bootstrap node config - include: bootstrap.yml - when: openshift_node_bootstrap diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml index 20d7a9539..06b879050 100644 --- a/roles/openshift_node/tasks/node_system_container.yml +++ b/roles/openshift_node/tasks/node_system_container.yml @@ -1,16 +1,17 @@ --- + - name: Pre-pull node system container image command: > - atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }} + atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ osn_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Install or Update node system container oc_atomic_container: - name: "{{ openshift.common.service_type }}-node" - image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}" + name: "{{ openshift_service_type }}-node" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ osn_image }}:{{ openshift_image_tag }}" values: - "DNS_DOMAIN={{ openshift.common.dns_domain }}" - - "DOCKER_SERVICE={{ openshift.docker.service_name }}.service" - - "MASTER_SERVICE={{ openshift.common.service_type }}.service" + - "DOCKER_SERVICE={{ openshift_docker_service_name }}.service" + - "MASTER_SERVICE={{ openshift_service_type }}.service" state: latest diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml index e09063aa5..d7dce6969 100644 --- a/roles/openshift_node/tasks/openvswitch_system_container.yml +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -1,25 +1,22 @@ --- - set_fact: - l_use_crio: "{{ openshift_use_crio | default(false) }}" - -- set_fact: l_service_name: "cri-o" - when: l_use_crio + when: openshift_use_crio | bool - set_fact: - l_service_name: "{{ openshift.docker.service_name }}" - when: not l_use_crio + l_service_name: "{{ openshift_docker_service_name }}" + when: not openshift_use_crio | bool - name: Pre-pull OpenVSwitch system container image command: > - atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} + atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ osn_ovs_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Install or Update OpenVSwitch system container oc_atomic_container: name: openvswitch - image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }}" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ osn_ovs_image }}:{{ openshift_image_tag }}" state: latest values: - "DOCKER_SERVICE={{ l_service_name }}" diff --git a/roles/openshift_node/tasks/registry_auth.yml b/roles/openshift_node/tasks/registry_auth.yml index de396fb4b..92650e6b7 100644 --- a/roles/openshift_node/tasks/registry_auth.yml +++ b/roles/openshift_node/tasks/registry_auth.yml @@ -8,9 +8,31 @@ - name: Create credentials for registry auth command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" when: + - not (openshift_docker_alternative_creds | default(False)) - oreg_auth_user is defined - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool register: node_oreg_auth_credentials_create + retries: 3 + delay: 5 + until: node_oreg_auth_credentials_create.rc == 0 + notify: + - restart node + +# docker_creds is a custom module from lib_utils +# 'docker login' requires a docker.service running on the local host, this is an +# alternative implementation for non-docker hosts. This implementation does not +# check the registry to determine whether or not the credentials will work. +- name: Create credentials for registry auth (alternative) + docker_creds: + path: "{{ oreg_auth_credentials_path }}" + registry: "{{ oreg_host }}" + username: "{{ oreg_auth_user }}" + password: "{{ oreg_auth_password }}" + when: + - openshift_docker_alternative_creds | bool + - oreg_auth_user is defined + - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + register: node_oreg_auth_credentials_create_alt notify: - restart node @@ -19,6 +41,10 @@ set_fact: l_bind_docker_reg_auth: True when: - - openshift.common.is_containerized | bool + - openshift_is_containerized | bool - oreg_auth_user is defined - - (node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace or node_oreg_auth_credentials_create.changed) | bool + - > + (node_oreg_auth_credentials_stat.stat.exists + or oreg_auth_credentials_replace + or node_oreg_auth_credentials_create.changed + or node_oreg_auth_credentials_create_alt.changed) | bool diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml index 037efe81a..e30f58a9a 100644 --- a/roles/openshift_node/tasks/storage_plugins/ceph.yml +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -1,4 +1,6 @@ --- - name: Install Ceph storage plugin dependencies package: name=ceph-common state=present - when: not openshift.common.is_atomic | bool + when: not openshift_is_atomic | bool + register: result + until: result is succeeded diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index 1b8a7ad50..c04a6922a 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -1,7 +1,9 @@ --- - name: Install GlusterFS storage plugin dependencies package: name=glusterfs-fuse state=present - when: not openshift.common.is_atomic | bool + when: not openshift_is_atomic | bool + register: result + until: result is succeeded - name: Check for existence of fusefs sebooleans command: getsebool {{ item }} @@ -29,7 +31,7 @@ # since getsebool prints the resolved name. (At some point Ansible's seboolean module # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - - ansible_python_version | version_compare('3', '<') + - ansible_python_version is version_compare('3', '<') with_items: "{{ fusefs_getsebool_status.results }}" # Workaround for https://github.com/openshift/openshift-ansible/issues/4438 @@ -50,5 +52,5 @@ # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - ('--> off' in item.stdout) # Boolean is currently off. - - ansible_python_version | version_compare('3', '>=') + - ansible_python_version is version_compare('3', '>=') with_items: "{{ fusefs_getsebool_status.results }}" diff --git a/roles/openshift_node/tasks/storage_plugins/iscsi.yml b/roles/openshift_node/tasks/storage_plugins/iscsi.yml index 1c5478c55..a8048c42f 100644 --- a/roles/openshift_node/tasks/storage_plugins/iscsi.yml +++ b/roles/openshift_node/tasks/storage_plugins/iscsi.yml @@ -1,4 +1,6 @@ --- - name: Install iSCSI storage plugin dependencies package: name=iscsi-initiator-utils state=present - when: not openshift.common.is_atomic | bool + when: not openshift_is_atomic | bool + register: result + until: result is succeeded diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 7e1035893..c2922644f 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -1,7 +1,9 @@ --- - name: Install NFS storage plugin dependencies package: name=nfs-utils state=present - when: not openshift.common.is_atomic | bool + when: not openshift_is_atomic | bool + register: result + until: result is succeeded - name: Check for existence of nfs sebooleans command: getsebool {{ item }} @@ -29,7 +31,7 @@ # since getsebool prints the resolved name. (At some point Ansible's seboolean module # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - - ansible_python_version | version_compare('3', '<') + - ansible_python_version is version_compare('3', '<') with_items: "{{ nfs_getsebool_status.results }}" # Workaround for https://github.com/openshift/openshift-ansible/issues/4438 @@ -50,5 +52,5 @@ # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - ('--> off' in item.stdout) # Boolean is currently off. - - ansible_python_version | version_compare('3', '>=') + - ansible_python_version is version_compare('3', '>=') with_items: "{{ nfs_getsebool_status.results }}" diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 9c182ade6..e33a4999f 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -1,44 +1,25 @@ --- - name: Install Node service file template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" - src: "{{ openshift.common.is_containerized | bool | ternary('openshift.docker.node.service', 'node.service.j2') }}" - when: not openshift.common.is_node_system_container | bool + dest: "/etc/systemd/system/{{ openshift_service_type }}-node.service" + src: "{{ openshift_is_containerized | bool | ternary('openshift.docker.node.service', 'node.service.j2') }}" + when: not l_is_node_system_container | bool notify: - reload systemd units - restart node -- when: openshift.common.is_containerized | bool +- when: openshift_is_containerized | bool block: - name: include node deps docker service file - include: config/install-node-deps-docker-service-file.yml + include_tasks: config/install-node-deps-docker-service-file.yml - name: include ovs service environment file - include: config/install-ovs-service-env-file.yml + include_tasks: config/install-ovs-service-env-file.yml - - name: Install Node system container - include: node_system_container.yml - when: - - openshift.common.is_node_system_container | bool - - - name: Install OpenvSwitch system containers - include: openvswitch_system_container.yml + - include_tasks: config/install-ovs-docker-service-file.yml when: - openshift_node_use_openshift_sdn | bool - - openshift.common.is_openvswitch_system_container | bool - -- block: - - name: Pre-pull openvswitch image - command: > - docker pull {{ openshift.node.ovs_image }}:{{ openshift_image_tag }} - register: pull_result - changed_when: "'Downloaded newer image' in pull_result.stdout" - - - include: config/install-ovs-docker-service-file.yml - when: - - openshift.common.is_containerized | bool - - openshift_node_use_openshift_sdn | bool - - not openshift.common.is_openvswitch_system_container | bool + - not l_is_openvswitch_system_container | bool -- include: config/configure-node-settings.yml -- include: config/configure-proxy-settings.yml +- include_tasks: config/configure-node-settings.yml +- include_tasks: config/configure-proxy-settings.yml diff --git a/roles/openshift_node/tasks/upgrade.yml b/roles/openshift_node/tasks/upgrade.yml new file mode 100644 index 000000000..02e417937 --- /dev/null +++ b/roles/openshift_node/tasks/upgrade.yml @@ -0,0 +1,54 @@ +--- +# input variables: +# - l_docker_upgrade +# - openshift_is_atomic +# - node_config_hook +# - openshift_pkg_version +# - openshift_is_containerized +# - openshift_release + +# tasks file for openshift_node_upgrade + +- name: stop services for upgrade + include_tasks: upgrade/stop_services.yml + +# Ensure actually install latest package. +- name: download docker upgrade rpm + command: "{{ ansible_pkg_mgr }} install -C -y docker{{ '-' + docker_version }}" + register: result + until: result is succeeded + when: + - l_docker_upgrade is defined + - l_docker_upgrade | bool + +- name: install pre-pulled rpms. + include_tasks: upgrade/rpm_upgrade_install.yml + vars: + openshift_version: "{{ openshift_pkg_version | default('') }}" + when: not openshift_is_containerized | bool + + +- include_tasks: "{{ node_config_hook }}" + when: node_config_hook is defined + +- include_tasks: upgrade/config_changes.yml + +# Restart all services +- include_tasks: upgrade/restart.yml + +- name: Wait for node to be ready + oc_obj: + state: list + kind: node + name: "{{ openshift.common.hostname | lower }}" + register: node_output + delegate_to: "{{ groups.oo_first_master.0 }}" + until: node_output.results.returncode == 0 and node_output.results.results[0].status.conditions | selectattr('type', 'match', '^Ready$') | map(attribute='status') | join | bool == True + # Give the node two minutes to come back online. + retries: 24 + delay: 5 + +- include_tasks: dnsmasq_install.yml +- include_tasks: dnsmasq.yml + +- meta: flush_handlers diff --git a/roles/openshift_node/tasks/upgrade/config_changes.yml b/roles/openshift_node/tasks/upgrade/config_changes.yml new file mode 100644 index 000000000..721656117 --- /dev/null +++ b/roles/openshift_node/tasks/upgrade/config_changes.yml @@ -0,0 +1,77 @@ +--- +- name: Update systemd units + include_tasks: ../systemd_units.yml + when: openshift_is_containerized | bool + +- name: Update oreg value + yedit: + src: "{{ openshift.common.config_base }}/node/node-config.yaml" + key: 'imageConfig.format' + value: "{{ oreg_url | default(oreg_url_node) }}" + when: oreg_url is defined or oreg_url_node is defined + +- name: Remove obsolete docker-sdn-ovs.conf + file: + path: "/etc/systemd/system/docker.service.d/docker-sdn-ovs.conf" + state: absent + +# https://bugzilla.redhat.com/show_bug.cgi?id=1513054 +- name: Clean up dockershim data + file: + path: "/var/lib/dockershim/sandbox/" + state: absent + +# Disable Swap Block (pre) +- block: + - name: Remove swap entries from /etc/fstab + replace: + dest: /etc/fstab + regexp: '(^[^#].*swap.*)' + replace: '# \1' + backup: yes + + - name: Add notice about disabling swap + lineinfile: + dest: /etc/fstab + line: '# OpenShift-Ansible Installer disabled swap per overcommit guidelines' + state: present + + - name: Disable swap + command: swapoff --all + + when: + - openshift_node_upgrade_swap_result | default(False) | bool + - openshift_disable_swap | default(true) | bool +# End Disable Swap Block + +- name: Apply 3.6 dns config changes + yedit: + src: /etc/origin/node/node-config.yaml + key: "{{ item.key }}" + value: "{{ item.value }}" + with_items: + - key: "dnsBindAddress" + value: "127.0.0.1:53" + - key: "dnsRecursiveResolvConf" + value: "/etc/origin/node/resolv.conf" + +- name: Install Node service file + template: + dest: "/etc/systemd/system/{{ openshift_service_type }}-node.service" + src: "node.service.j2" + register: l_node_unit + when: not openshift_is_containerized | bool + +- name: Reset selinux context + command: restorecon -RF {{ openshift_node_data_dir }}/openshift.local.volumes + when: + - ansible_selinux is defined + - ansible_selinux.status == 'enabled' + +# NOTE: This is needed to make sure we are using the correct set +# of systemd unit files. The RPMs lay down defaults but +# the install/upgrade may override them in /etc/systemd/system/. +# NOTE: We don't use the systemd module as some versions of the module +# require a service to be part of the call. +- name: Reload systemd units + command: systemctl daemon-reload diff --git a/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml b/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml new file mode 100644 index 000000000..e5477f389 --- /dev/null +++ b/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml @@ -0,0 +1,15 @@ +--- +- name: Pre-pull node image + command: > + docker pull {{ osn_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" + +- name: Pre-pull openvswitch image + command: > + docker pull {{ osn_ovs_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" + when: openshift_node_use_openshift_sdn | bool + +- include_tasks: ../container_images.yml diff --git a/roles/openshift_node/tasks/upgrade/restart.yml b/roles/openshift_node/tasks/upgrade/restart.yml new file mode 100644 index 000000000..bd6f42182 --- /dev/null +++ b/roles/openshift_node/tasks/upgrade/restart.yml @@ -0,0 +1,51 @@ +--- +# input variables: +# - openshift_service_type +# - openshift_is_containerized +# - openshift.common.hostname +# - openshift.master.api_port + +# NOTE: This is needed to make sure we are using the correct set +# of systemd unit files. The RPMs lay down defaults but +# the install/upgrade may override them in /etc/systemd/system/. +# NOTE: We don't use the systemd module as some versions of the module +# require a service to be part of the call. +- name: Reload systemd to ensure latest unit files + command: systemctl daemon-reload + +- name: Restart support services + service: + name: "{{ item }}" + state: restarted + enabled: True + with_items: + - NetworkManager + - dnsmasq + +- name: Restart container runtime + service: + name: "{{ openshift_docker_service_name }}" + state: started + register: docker_start_result + until: not (docker_start_result is failed) + retries: 3 + delay: 30 + +- name: Start services + service: name={{ item }} state=started + with_items: + - etcd_container + - openvswitch + - "{{ openshift_service_type }}-master-api" + - "{{ openshift_service_type }}-master-controllers" + - "{{ openshift_service_type }}-node" + failed_when: false + +- name: Wait for master API to come back online + wait_for: + host: "{{ openshift.common.hostname }}" + state: started + delay: 10 + port: "{{ openshift.master.api_port }}" + timeout: 600 + when: inventory_hostname in groups.oo_masters_to_config diff --git a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml new file mode 100644 index 000000000..91a358095 --- /dev/null +++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml @@ -0,0 +1,24 @@ +--- +# input variables: +# - openshift_service_type +# - component +# - openshift_pkg_version +# - openshift_is_atomic + +# Pre-pull new node rpm, but don't install +- name: download new node packages + command: "{{ ansible_pkg_mgr }} install -y --downloadonly {{ openshift_node_upgrade_rpm_list | join(' ')}}" + register: result + until: result is succeeded + vars: + openshift_node_upgrade_rpm_list: + - "{{ openshift_service_type }}-node{{ openshift_pkg_version }}" + - "PyYAML" + - "dnsmasq" + +# Pre-pull the rpms for openvswitch, but don't install +# openvswitch requires the latest version to be installed. +- name: download openvswitch upgrade rpm + command: "{{ ansible_pkg_mgr }} update -y --downloadonly openvswitch" + register: result + until: result is succeeded diff --git a/roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml new file mode 100644 index 000000000..c9094e05a --- /dev/null +++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml @@ -0,0 +1,19 @@ +--- +# input variables: +# - openshift_service_type +# - component +# - openshift_pkg_version +# - openshift_is_atomic + +# Install the pre-pulled RPM +# Note: dnsmasq is covered in it's own play. openvswitch is included here +# because once we have the latest rpm downloaded, it will happily be installed. +- name: download new node packages + command: "{{ ansible_pkg_mgr }} install -C -y {{ openshift_node_upgrade_rpm_list | join(' ')}}" + register: result + until: result is succeeded + vars: + openshift_node_upgrade_rpm_list: + - "{{ openshift_service_type }}-node{{ openshift_pkg_version }}" + - "PyYAML" + - "openvswitch" diff --git a/roles/openshift_node/tasks/upgrade/stop_services.yml b/roles/openshift_node/tasks/upgrade/stop_services.yml new file mode 100644 index 000000000..6d92516c3 --- /dev/null +++ b/roles/openshift_node/tasks/upgrade/stop_services.yml @@ -0,0 +1,43 @@ +--- +- name: Stop node and openvswitch services + service: + name: "{{ item }}" + state: stopped + with_items: + - "{{ openshift_service_type }}-node" + - openvswitch + failed_when: false + +- name: Ensure containerized services stopped before Docker restart + service: + name: "{{ item }}" + state: stopped + with_items: + - etcd_container + - openvswitch + - "{{ openshift_service_type }}-master-api" + - "{{ openshift_service_type }}-master-controllers" + - "{{ openshift_service_type }}-node" + failed_when: false + when: openshift_is_containerized | bool + +- service: + name: docker + state: stopped + register: l_openshift_node_upgrade_docker_stop_result + until: not (l_openshift_node_upgrade_docker_stop_result is failed) + retries: 3 + delay: 30 + when: + - l_docker_upgrade is defined + - l_docker_upgrade | bool + +- name: Stop rpm based services + service: + name: "{{ item }}" + state: stopped + with_items: + - "{{ openshift_service_type }}-node" + - openvswitch + failed_when: false + when: not openshift_is_containerized | bool diff --git a/roles/openshift_node/tasks/upgrade_pre.yml b/roles/openshift_node/tasks/upgrade_pre.yml new file mode 100644 index 000000000..3ae7dc6b6 --- /dev/null +++ b/roles/openshift_node/tasks/upgrade_pre.yml @@ -0,0 +1,56 @@ +--- +# This is a hack to allow us to update various components without restarting +# services. This will persist into the upgrade play as well, so everything +# needs to be restarted by hand. +- set_fact: + skip_node_svc_handlers: True + +- include_tasks: registry_auth.yml + +- name: update package meta data to speed install later. + command: "{{ ansible_pkg_mgr }} makecache" + register: result + until: result is succeeded + when: not openshift_is_containerized | bool + +- name: Check Docker image count + shell: "docker images -aq | wc -l" + register: docker_image_count + when: + - l_docker_upgrade is defined + - l_docker_upgrade | bool + +- debug: var=docker_image_count.stdout + when: + - l_docker_upgrade is defined + - l_docker_upgrade | bool + +- include_tasks: upgrade/containerized_upgrade_pull.yml + when: openshift_is_containerized | bool + +# Prepull the rpms for docker upgrade, but don't install +- name: download docker upgrade rpm + command: "{{ ansible_pkg_mgr }} install -y --downloadonly docker{{ '-' + docker_version }}" + register: result + until: result is succeeded + when: + - l_docker_upgrade is defined + - l_docker_upgrade | bool + +- include_tasks: upgrade/rpm_upgrade.yml + vars: + openshift_version: "{{ openshift_pkg_version | default('') }}" + when: not openshift_is_containerized | bool + +# https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory +- name: Check for swap usage + command: grep "^[^#].*swap" /etc/fstab + # grep: match any lines which don't begin with '#' and contain 'swap' + changed_when: false + failed_when: false + register: swap_result + +# Set this fact here so we can use it during the next play, which is serial. +- name: set_fact swap_result + set_fact: + openshift_node_upgrade_swap_result: "{{ swap_result.stdout_lines | length > 0 | bool }}" |