diff options
Diffstat (limited to 'roles/openshift_node')
-rw-r--r-- | roles/openshift_node/handlers/main.yml | 2 | ||||
-rw-r--r-- | roles/openshift_node/meta/main.yml | 1 | ||||
-rw-r--r-- | roles/openshift_node/tasks/main.yml | 138 | ||||
-rw-r--r-- | roles/openshift_node/tasks/storage_plugins/ceph.yml | 12 | ||||
-rw-r--r-- | roles/openshift_node/tasks/storage_plugins/glusterfs.yml | 12 | ||||
-rw-r--r-- | roles/openshift_node/tasks/storage_plugins/nfs.yml | 4 | ||||
-rw-r--r-- | roles/openshift_node/templates/node.yaml.v1.j2 | 6 | ||||
-rw-r--r-- | roles/openshift_node/templates/openshift.docker.node.service | 20 | ||||
-rw-r--r-- | roles/openshift_node/templates/openvswitch.docker.service | 14 |
9 files changed, 105 insertions, 104 deletions
diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 447ca85f3..c288f4d05 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: restart node service: name={{ openshift.common.service_type }}-node state=restarted - when: not node_service_status_changed | default(false) + when: not (node_service_status_changed | default(false) | bool) - name: restart docker service: name=docker state=restarted diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 9d40ae3b3..c92008a77 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -13,4 +13,3 @@ galaxy_info: - cloud dependencies: - { role: openshift_common } -- { role: docker } diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 29e7eb532..9035248f9 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -14,13 +14,14 @@ hostname: "{{ openshift_hostname | default(none) }}" public_hostname: "{{ openshift_public_hostname | default(none) }}" deployment_type: "{{ openshift_deployment_type }}" - dns_ip: "{{ openshift_dns_ip | default(openshift_master_cluster_vip | default(None, true), true) }}" + # TODO: Replace this with a lookup or filter plugin. + dns_ip: "{{ openshift_dns_ip + | default(openshift_master_cluster_vip + | default(None if openshift.common.version_greater_than_3_1_or_1_1 | bool else openshift_node_first_master_ip | default(None, true), true), true) }}" - role: node local_facts: annotations: "{{ openshift_node_annotations | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" - docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" - docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" @@ -30,28 +31,51 @@ sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" set_node_ip: "{{ openshift_set_node_ip | default(None) }}" + node_image: "{{ osn_image | default(None) }}" + ovs_image: "{{ osn_ovs_image | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving -# problems because the rpms don't pin the version properly. +# problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging. - name: Install Node package - yum: pkg={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present - when: ansible_pkg_mgr == "yum" - register: node_install_result - -- name: Install Node package - dnf: pkg={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present - when: ansible_pkg_mgr == "dnf" - register: node_install_result + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present" + when: not openshift.common.is_containerized | bool - name: Install sdn-ovs package - yum: pkg={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present - register: sdn_install_result - when: ansible_pkg_mgr == "yum" and openshift.common.use_openshift_sdn + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present" + when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool -- name: Install sdn-ovs package - dnf: pkg={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present - register: sdn_install_result - when: ansible_pkg_mgr == "dnf" and openshift.common.use_openshift_sdn +- name: Pull node image + command: > + docker pull {{ openshift.node.node_image }} + when: openshift.common.is_containerized | bool + +- name: Pull OpenVSwitch image + command: > + docker pull {{ openshift.node.ovs_image }} + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool + +- name: Install Node docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" + src: openshift.docker.node.service + register: install_node_result + when: openshift.common.is_containerized | bool + +- name: Install OpenvSwitch docker service file + template: + dest: "/etc/systemd/system/openvswitch.service" + src: openvswitch.docker.service + register: install_ovs_result + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool + +- name: Reload systemd units + command: systemctl daemon-reload + when: openshift.common.is_containerized and ( ( install_node_result | changed ) + or ( install_ovs_result | changed ) ) + +- name: Start and enable openvswitch docker service + service: name=openvswitch.service enabled=yes state=started + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -67,6 +91,7 @@ dest: /etc/sysconfig/{{ openshift.common.service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" + create: true with_items: - regex: '^OPTIONS=' line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}" @@ -75,70 +100,27 @@ notify: - restart node -- stat: path=/etc/sysconfig/docker - register: docker_check - - # TODO: Enable secure registry when code available in origin -- name: Secure Registry and Logs Options - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^OPTIONS=.*$' - line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ -{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \ -{% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }} {% endif %} \ -{% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '" - when: docker_check.stat.isreg - notify: - - restart docker - -- set_fact: - docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') - | oo_split() | union(['registry.access.redhat.com']) - | difference(['']) }}" - when: openshift.common.deployment_type == 'enterprise' -- set_fact: - docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') - | oo_split() | difference(['']) }}" - when: openshift.common.deployment_type != 'enterprise' - -- name: Add personal registries - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^ADD_REGISTRY=.*$' - line: "ADD_REGISTRY='{{ docker_additional_registries - | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'" - when: docker_check.stat.isreg and docker_additional_registries - notify: - - restart docker - -- name: Block registries - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^BLOCK_REGISTRY=.*$' - line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split() - | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'" - when: docker_check.stat.isreg and - lookup('oo_option', 'docker_blocked_registries') != '' - notify: - - restart docker - -- name: Grant access to additional insecure registries - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^INSECURE_REGISTRY=.*' - line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split() - | oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'" - when: docker_check.stat.isreg and - lookup('oo_option', 'docker_insecure_registries') != '' - notify: - - restart docker - - name: Additional storage plugin configuration include: storage_plugins/main.yml +# Necessary because when you're on a node that's also a master the master will be +# restarted after the node restarts docker and it will take up to 60 seconds for +# systemd to start the master again +- name: Wait for master API to become available before proceeding + # Using curl here since the uri module requires python-httplib2 and + # wait_for port doesn't provide health information. + command: > + curl -k --head --silent {{ openshift_node_master_api_url }} + register: api_available_output + until: api_available_output.stdout.find("200 OK") != -1 + retries: 120 + delay: 1 + changed_when: false + when: openshift.common.is_containerized | bool + - name: Start and enable node service: name={{ openshift.common.service_type }}-node enabled=yes state=started register: start_result - set_fact: - node_service_status_changed = start_result | changed + node_service_status_changed: "{{ start_result | changed }}" diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml index b5146dcac..eed3c99a3 100644 --- a/roles/openshift_node/tasks/storage_plugins/ceph.yml +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -1,12 +1,4 @@ --- - name: Install Ceph storage plugin dependencies - yum: - pkg: ceph-common - state: installed - when: ansible_pkg_mgr == "yum" - -- name: Install Ceph storage plugin dependencies - dnf: - pkg: ceph-common - state: installed - when: ansible_pkg_mgr == "dnf" + action: "{{ ansible_pkg_mgr }} name=ceph-common state=present" + when: not openshift.common.is_atomic | bool
\ No newline at end of file diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index a357023e1..8fc8497fa 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -1,15 +1,7 @@ --- - name: Install GlusterFS storage plugin dependencies - yum: - pkg: glusterfs-fuse - state: installed - when: ansible_pkg_mgr == "yum" - -- name: Install GlusterFS storage plugin dependencies - dnf: - pkg: glusterfs-fuse - state: installed - when: ansible_pkg_mgr == "dnf" + action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present" + when: not openshift.common.is_atomic | bool - name: Set sebooleans to allow gluster storage plugin access from containers seboolean: diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 1edf21d9b..14a613786 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -1,4 +1,8 @@ --- +- name: Install NFS storage plugin dependencies + action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" + when: not openshift.common.is_atomic | bool + - name: Set seboolean to allow nfs storage plugin access from containers seboolean: name: virt_use_nfs diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 23bd81f91..44065f4bd 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -11,9 +11,7 @@ imageConfig: format: {{ openshift.node.registry_url }} latest: false kind: NodeConfig -{% if openshift.node.kubelet_args is defined and openshift.node.kubelet_args %} -kubeletArguments: {{ openshift.node.kubelet_args | to_json }} -{% endif %} +kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig {% if openshift.common.use_openshift_sdn %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} @@ -22,7 +20,7 @@ networkPluginName: {{ openshift.common.sdn_network_plugin_name }} # deprecates networkPluginName above. The two should match. networkConfig: mtu: {{ openshift.node.sdn_mtu }} -{% if openshift.common.use_openshift_sdn %} +{% if openshift.common.use_openshift_sdn or openshift.common.use_nuage %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} {% if openshift.node.set_node_ip | bool %} diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service new file mode 100644 index 000000000..7a11a10fa --- /dev/null +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -0,0 +1,20 @@ +[Unit] +After=docker.service +After={{ openshift.common.service_type }}-master.service +After=openvswitch.service +{% if openshift.common.use_openshift_sdn %} +Requires=openvswitch.service +{% endif %} +Requires=docker.service +PartOf=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node +ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system {{ openshift.node.node_image }} +ExecStartPost=/usr/bin/sleep 10 +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/roles/openshift_node/templates/openvswitch.docker.service b/roles/openshift_node/templates/openvswitch.docker.service new file mode 100644 index 000000000..6c02b26bf --- /dev/null +++ b/roles/openshift_node/templates/openvswitch.docker.service @@ -0,0 +1,14 @@ +[Unit] +After=docker.service +Requires=docker.service +PartOf=docker.service + +[Service] +ExecStartPre=-/usr/bin/docker rm -f openvswitch +ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ openshift.node.ovs_image }} +ExecStartPost=/usr/bin/sleep 5 +ExecStop=/usr/bin/docker stop openvswitch +Restart=always + +[Install] +WantedBy=multi-user.target |