diff options
Diffstat (limited to 'roles/openshift_node')
-rw-r--r-- | roles/openshift_node/defaults/main.yml | 3 | ||||
-rw-r--r-- | roles/openshift_node/files/bootstrap.yml | 8 | ||||
-rw-r--r-- | roles/openshift_node/tasks/bootstrap.yml | 1 | ||||
-rw-r--r-- | roles/openshift_node/tasks/config.yml | 1 | ||||
-rw-r--r-- | roles/openshift_node/tasks/registry_auth.yml | 19 | ||||
-rw-r--r-- | roles/openshift_node/templates/node.yaml.v1.j2 | 2 |
6 files changed, 32 insertions, 2 deletions
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 0c6d8db38..89d154ad7 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -85,6 +85,7 @@ oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_ur oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker" oreg_auth_credentials_replace: False l_bind_docker_reg_auth: False +openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False)) or (openshift_use_crio_only | default(False)) }}" # NOTE # r_openshift_node_*_default may be defined external to this role. @@ -115,3 +116,5 @@ openshift_node_config_dir: "{{ openshift_node_config_dir_default }}" openshift_node_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}" openshift_node_image_config_latest: "{{ openshift_node_image_config_latest_default }}" + +openshift_node_use_instance_profiles: False diff --git a/roles/openshift_node/files/bootstrap.yml b/roles/openshift_node/files/bootstrap.yml index ea280640f..a5545c81b 100644 --- a/roles/openshift_node/files/bootstrap.yml +++ b/roles/openshift_node/files/bootstrap.yml @@ -61,3 +61,11 @@ with_items: - line: "BOOTSTRAP_CONFIG_NAME=node-config-{{ openshift_group_type }}" regexp: "^BOOTSTRAP_CONFIG_NAME=.*" + + - name: "Start the {{ openshift_service_type }}-node service" + systemd: + daemon_reload: yes + state: restarted + enabled: True + name: "{{ openshift_service_type }}-node" + no_block: true diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml index 8cf41ab4c..b8be50f6c 100644 --- a/roles/openshift_node/tasks/bootstrap.yml +++ b/roles/openshift_node/tasks/bootstrap.yml @@ -34,6 +34,7 @@ - name: include aws sysconfig credentials include: aws.yml static: yes + when: not (openshift_node_use_instance_profiles | default(False)) #- name: update the ExecStart to have bootstrap # lineinfile: diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml index c08f43118..2fea33454 100644 --- a/roles/openshift_node/tasks/config.yml +++ b/roles/openshift_node/tasks/config.yml @@ -49,6 +49,7 @@ - name: include aws provider credentials include: aws.yml static: yes + when: not (openshift_node_use_instance_profiles | default(False)) # Necessary because when you're on a node that's also a master the master will be # restarted after the node restarts docker and it will take up to 60 seconds for diff --git a/roles/openshift_node/tasks/registry_auth.yml b/roles/openshift_node/tasks/registry_auth.yml index 5e5e4f94a..f5428867a 100644 --- a/roles/openshift_node/tasks/registry_auth.yml +++ b/roles/openshift_node/tasks/registry_auth.yml @@ -8,6 +8,7 @@ - name: Create credentials for registry auth command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" when: + - not (openshift_docker_alternative_creds | default(False)) - oreg_auth_user is defined - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool register: node_oreg_auth_credentials_create @@ -17,6 +18,24 @@ notify: - restart node +# docker_creds is a custom module from lib_utils +# 'docker login' requires a docker.service running on the local host, this is an +# alternative implementation for non-docker hosts. This implementation does not +# check the registry to determine whether or not the credentials will work. +- name: Create credentials for registry auth (alternative) + docker_creds: + path: "{{ oreg_auth_credentials_path }}" + registry: "{{ oreg_host }}" + username: "{{ oreg_auth_user }}" + password: "{{ oreg_auth_password }}" + when: + - openshift_docker_alternative_creds | bool + - oreg_auth_user is defined + - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + register: node_oreg_auth_credentials_create + notify: + - restart node + # Container images may need the registry credentials - name: Setup ro mount of /root/.docker for containerized hosts set_fact: diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 718d35dca..d452cc45c 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -29,13 +29,11 @@ kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yam runtime-request-timeout: - 10m {% endif %} -{% if openshift.common.version_gte_3_3_or_1_3 | bool %} masterClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json contentType: application/vnd.kubernetes.protobuf burst: 200 qps: 100 -{% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig {% if openshift_node_use_openshift_sdn | bool %} networkPluginName: {{ openshift_node_sdn_network_plugin_name }} |