diff options
Diffstat (limited to 'roles/openshift_node/tasks')
-rw-r--r-- | roles/openshift_node/tasks/main.yml | 9 | ||||
-rw-r--r-- | roles/openshift_node/tasks/storage_plugins/nfs.yml | 32 | ||||
-rw-r--r-- | roles/openshift_node/tasks/systemd_units.yml | 21 |
3 files changed, 39 insertions, 23 deletions
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 8e9c9f511..474df497e 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -9,6 +9,10 @@ role: "{{ item.role }}" local_facts: "{{ item.local_facts }}" with_items: + # Reset node labels to an empty dictionary. + - role: node + local_facts: + labels: {} - role: node local_facts: annotations: "{{ openshift_node_annotations | default(none) }}" @@ -76,7 +80,7 @@ # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config template: - dest: "{{ openshift_node_config_file }}" + dest: "{{ openshift.common.config_base }}/node/node-config.yaml" src: node.yaml.v1.j2 backup: true owner: root @@ -96,6 +100,7 @@ line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key | default('') }}" - regex: '^AWS_SECRET_ACCESS_KEY=' line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key | default('') }}" + no_log: True when: "openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined" notify: - restart node @@ -112,6 +117,8 @@ - name: NFS storage plugin configuration include: storage_plugins/nfs.yml + tags: + - nfs - name: GlusterFS storage plugin configuration include: storage_plugins/glusterfs.yml diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 22b539d16..5f99f129c 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -3,30 +3,24 @@ action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" when: not openshift.common.is_atomic | bool -- name: Check for existence of virt_use_nfs seboolean - command: getsebool virt_use_nfs - register: virt_use_nfs_output +- name: Check for existence of seboolean + command: getsebool {{ item }} + register: getsebool_status when: ansible_selinux and ansible_selinux.status == "enabled" failed_when: false changed_when: false + with_items: + - virt_use_nfs + - virt_sandbox_use_nfs - name: Set seboolean to allow nfs storage plugin access from containers seboolean: - name: virt_use_nfs + name: "{{ item.item }}" state: yes persistent: yes - when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_nfs_output.rc == 0 - -- name: Check for existence of virt_sandbox_use_nfs seboolean (RHEL) - command: getsebool virt_sandbox_use_nfs - register: virt_sandbox_use_nfs_output - when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled" - failed_when: false - changed_when: false - -- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) (RHEL) - seboolean: - name: virt_sandbox_use_nfs - state: yes - persistent: yes - when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0 + # We need to detect whether or not the boolean is an alias, since `seboolean` + # will error if it is an alias. We do this by inspecting stdout for the boolean name, + # since getsebool prints the resolved name. (At some point Ansible's seboolean module + # should learn to deal with aliases) + when: ansible_selinux and ansible_selinux.status == "enabled" and item.rc == 0 and item.stdout.find(item.item) != -1 + with_items: "{{ getsebool_status.results }}" diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 40d1dd50b..f722a6e69 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -24,11 +24,26 @@ notify: - restart openvswitch +# May be a temporary workaround. +# https://bugzilla.redhat.com/show_bug.cgi?id=1331590 +- name: Create OpenvSwitch service.d directory + file: path=/etc/systemd/system/openvswitch.service.d/ state=directory + when: openshift.common.use_openshift_sdn | default(true) | bool + +- name: Install OpenvSwitch service OOM fix + template: + dest: "/etc/systemd/system/openvswitch.service.d/01-avoid-oom.conf" + src: openvswitch-avoid-oom.conf + when: openshift.common.use_openshift_sdn | default(true) | bool + register: install_oom_fix_result + notify: + - restart openvswitch + - name: Install OpenvSwitch docker service file template: dest: "/etc/systemd/system/openvswitch.service" src: openvswitch.docker.service - when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | default(true) | bool notify: - restart openvswitch @@ -42,7 +57,7 @@ - regex: '^OPTIONS=' line: "OPTIONS=--loglevel={{ openshift.node.debug_level | default(2) }}" - regex: '^CONFIG_FILE=' - line: "CONFIG_FILE={{ openshift_node_config_file }}" + line: "CONFIG_FILE={{ openshift.common.config_base }}/node/node-config.yaml" - regex: '^IMAGE_VERSION=' line: "IMAGE_VERSION={{ openshift_image_tag }}" notify: @@ -67,6 +82,6 @@ - name: Reload systemd units command: systemctl daemon-reload - when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed) + when: (openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed)) or install_oom_fix_result | changed notify: - restart node |