diff options
Diffstat (limited to 'roles/openshift_node')
| -rw-r--r-- | roles/openshift_node/defaults/main.yml | 15 | ||||
| -rw-r--r-- | roles/openshift_node/handlers/main.yml | 6 | ||||
| -rw-r--r-- | roles/openshift_node/meta/main.yml | 22 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/main.yml | 90 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/storage_plugins/nfs.yml | 7 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/systemd_units.yml | 49 | ||||
| -rw-r--r-- | roles/openshift_node/templates/node.yaml.v1.j2 | 7 | ||||
| -rw-r--r-- | roles/openshift_node/templates/openshift.docker.node.dep.service | 11 | ||||
| -rw-r--r-- | roles/openshift_node/templates/openshift.docker.node.service | 16 | ||||
| -rw-r--r-- | roles/openshift_node/templates/openvswitch.docker.service | 7 | ||||
| -rw-r--r-- | roles/openshift_node/templates/openvswitch.sysconfig.j2 | 1 | ||||
| -rw-r--r-- | roles/openshift_node/vars/main.yml | 1 |
12 files changed, 167 insertions, 65 deletions
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index fffbf2994..efff5d6cd 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,15 +1,2 @@ --- -os_firewall_allow: -- service: Kubernetes kubelet - port: 10250/tcp -- service: http - port: 80/tcp -- service: https - port: 443/tcp -- service: Openshift kubelet ReadOnlyPort - port: 10255/tcp -- service: Openshift kubelet ReadOnlyPort udp - port: 10255/udp -- service: OpenShift OVS sdn - port: 4789/udp - when: openshift.node.use_openshift_sdn | bool +openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag | default(openshift.docker.openshift_image_tag | default(''))) }}" diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index c288f4d05..df3f6ee65 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,7 +1,9 @@ --- +- name: restart openvswitch + service: name=openvswitch state=restarted + when: not (ovs_service_status_changed | default(false) | bool) + - name: restart node service: name={{ openshift.common.service_type }}-node state=restarted when: not (node_service_status_changed | default(false) | bool) -- name: restart docker - service: name=docker state=restarted diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index c92008a77..97ab8241b 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -12,4 +12,24 @@ galaxy_info: categories: - cloud dependencies: -- { role: openshift_common } +- role: openshift_clock +- role: openshift_docker +- role: openshift_cloud_provider +- role: openshift_common +- role: openshift_node_dnsmasq + when: openshift.common.use_dnsmasq +- role: os_firewall + os_firewall_allow: + - service: Kubernetes kubelet + port: 10250/tcp + - service: http + port: 80/tcp + - service: https + port: 443/tcp + - service: Openshift kubelet ReadOnlyPort + port: 10255/tcp + - service: Openshift kubelet ReadOnlyPort udp + port: 10255/udp + - service: OpenShift OVS sdn + port: 4789/udp + when: openshift.node.use_openshift_sdn | bool diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 43253d72b..165010afb 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -9,15 +9,6 @@ role: "{{ item.role }}" local_facts: "{{ item.local_facts }}" with_items: - - role: common - local_facts: - hostname: "{{ openshift_hostname | default(none) }}" - public_hostname: "{{ openshift_public_hostname | default(none) }}" - deployment_type: "{{ openshift_deployment_type }}" - # TODO: Replace this with a lookup or filter plugin. - dns_ip: "{{ openshift_dns_ip - | default(openshift_master_cluster_vip - | default(None if openshift.common.version_gte_3_1_or_1_1 | bool else openshift_node_first_master_ip | default(None, true), true), true) }}" - role: node local_facts: annotations: "{{ openshift_node_annotations | default(none) }}" @@ -25,7 +16,6 @@ iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" - portal_net: "{{ openshift_master_portal_net | default(None) }}" registry_url: "{{ oreg_url | default(none) }}" schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" @@ -34,49 +24,46 @@ node_image: "{{ osn_image | default(None) }}" ovs_image: "{{ osn_ovs_image | default(None) }}" proxy_mode: "{{ openshift_node_proxy_mode | default('iptables') }}" + local_quota_per_fsgroup: "{{ openshift_node_local_quota_per_fsgroup | default(None) }}" + dns_ip: "{{ openshift_dns_ip | default(none) | get_dns_ip(hostvars[inventory_hostname])}}" + env_vars: "{{ openshift_node_env_vars | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging. - name: Install Node package - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present" + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: not openshift.common.is_containerized | bool - name: Install sdn-ovs package - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present" + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool - name: Pull node image command: > - docker pull {{ openshift.node.node_image }} + docker pull {{ openshift.node.node_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} when: openshift.common.is_containerized | bool - name: Pull OpenVSwitch image command: > - docker pull {{ openshift.node.ovs_image }} + docker pull {{ openshift.node.ovs_image }}{{ ':' + openshift_version if openshift_version is defined and openshift_version != '' else '' }} when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool -- name: Install Node docker service file - template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" - src: openshift.docker.node.service - register: install_node_result - when: openshift.common.is_containerized | bool - -- name: Install OpenvSwitch docker service file - template: - dest: "/etc/systemd/system/openvswitch.service" - src: openvswitch.docker.service - register: install_ovs_result - when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool +- name: Install the systemd units + include: systemd_units.yml - name: Reload systemd units command: systemctl daemon-reload - when: openshift.common.is_containerized and ( ( install_node_result | changed ) - or ( install_ovs_result | changed ) ) + when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed) + notify: + - restart node - name: Start and enable openvswitch docker service service: name=openvswitch.service enabled=yes state=started when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool + register: ovs_start_result + +- set_fact: + ovs_service_status_changed: "{{ ovs_start_result | changed }}" # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -90,17 +77,28 @@ notify: - restart node -- name: Configure Node settings +- name: Configure AWS Cloud Provider Settings lineinfile: dest: /etc/sysconfig/{{ openshift.common.service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" create: true with_items: - - regex: '^OPTIONS=' - line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}" - - regex: '^CONFIG_FILE=' - line: "CONFIG_FILE={{ openshift_node_config_file }}" + - regex: '^AWS_ACCESS_KEY_ID=' + line: "AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}" + - regex: '^AWS_SECRET_ACCESS_KEY=' + line: "AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}" + when: "'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws" + notify: + - restart node + +- name: Configure Node Environment Variables + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + create: true + with_dict: "{{ openshift.node.env_vars | default({}) }}" notify: - restart node @@ -114,17 +112,33 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl -k --head --silent {{ openshift_node_master_api_url }} + curl --silent --cacert {{ openshift.common.config_base }}/node/ca.crt + {{ openshift_node_master_api_url }}/healthz/ready register: api_available_output - until: api_available_output.stdout.find("200 OK") != -1 + until: api_available_output.stdout == 'ok' retries: 120 delay: 1 changed_when: false when: openshift.common.is_containerized | bool +- name: Start and enable node dep + service: name={{ openshift.common.service_type }}-node-dep enabled=yes state=started + when: openshift.common.is_containerized | bool + - name: Start and enable node service: name={{ openshift.common.service_type }}-node enabled=yes state=started - register: start_result + register: node_start_result + ignore_errors: yes + +- name: Wait 30 seconds for docker initialization whenever node has failed + pause: + seconds: 30 + when: node_start_result | failed + +- name: Start and enable node again + service: name={{ openshift.common.service_type }}-node enabled=yes state=started + register: node_start_result + when: node_start_result | failed - set_fact: - node_service_status_changed: "{{ start_result | changed }}" + node_service_status_changed: "{{ node_start_result | changed }}" diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 14a613786..8380714d4 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -9,3 +9,10 @@ state: yes persistent: yes when: ansible_selinux and ansible_selinux.status == "enabled" + +- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) + seboolean: + name: virt_sandbox_use_nfs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml new file mode 100644 index 000000000..e2a268260 --- /dev/null +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -0,0 +1,49 @@ +# This file is included both in the openshift_master role and in the upgrade +# playbooks. + +- name: Install Node dependencies docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node-dep.service" + src: openshift.docker.node.dep.service + register: install_node_dep_result + when: openshift.common.is_containerized | bool + +- name: Install Node docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" + src: openshift.docker.node.service + register: install_node_result + when: openshift.common.is_containerized | bool + +- name: Create the openvswitch service env file + template: + src: openvswitch.sysconfig.j2 + dest: /etc/sysconfig/openvswitch + when: openshift.common.is_containerized | bool + register: install_ovs_sysconfig + notify: + - restart openvswitch + +- name: Install OpenvSwitch docker service file + template: + dest: "/etc/systemd/system/openvswitch.service" + src: openvswitch.docker.service + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool + notify: + - restart openvswitch + +- name: Configure Node settings + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + create: true + with_items: + - regex: '^OPTIONS=' + line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}" + - regex: '^CONFIG_FILE=' + line: "CONFIG_FILE={{ openshift_node_config_file }}" + - regex: '^IMAGE_VERSION=' + line: "IMAGE_VERSION={{ openshift_version }}" + notify: + - restart node diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 67975d372..9ba1a01dd 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -1,8 +1,8 @@ allowDisabledDocker: false apiVersion: v1 dnsDomain: {{ openshift.common.dns_domain }} -{% if 'dns_ip' in openshift.common %} -dnsIP: {{ openshift.common.dns_ip }} +{% if 'dns_ip' in openshift.node %} +dnsIP: {{ openshift.node.dns_ip }} {% endif %} dockerConfig: execHandlerName: "" @@ -38,3 +38,6 @@ volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes proxyArguments: proxy-mode: - {{ openshift.node.proxy_mode }} +volumeConfig: + localQuota: + perFSGroup: {{ openshift.node.local_quota_per_fsgroup }} diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service new file mode 100644 index 000000000..0fb34cffd --- /dev/null +++ b/roles/openshift_node/templates/openshift.docker.node.dep.service @@ -0,0 +1,11 @@ +[Unit] +Requires=docker.service +After=docker.service +PartOf={{ openshift.common.service_type }}-node.service +Before={{ openshift.common.service_type }}-node.service + + +[Service] +ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" +ExecStop= +SyslogIdentifier={{ openshift.common.service_type }}-node-dep diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index df3e0a44a..443e18498 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -1,20 +1,26 @@ [Unit] -After=docker.service After={{ openshift.common.service_type }}-master.service +After=docker.service After=openvswitch.service +PartOf=docker.service +Requires=docker.service {% if openshift.common.use_openshift_sdn %} Requires=openvswitch.service {% endif %} -Requires=docker.service -PartOf=docker.service +Wants={{ openshift.common.service_type }}-master.service +Requires={{ openshift.common.service_type }}-node-dep.service +After={{ openshift.common.service_type }}-node-dep.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node -ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log {{ openshift.node.node_image }} +ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node +SyslogIdentifier={{ openshift.common.service_type }}-node Restart=always +RestartSec=5s [Install] -WantedBy=multi-user.target +WantedBy=docker.service diff --git a/roles/openshift_node/templates/openvswitch.docker.service b/roles/openshift_node/templates/openvswitch.docker.service index 6c02b26bf..1e1f8967d 100644 --- a/roles/openshift_node/templates/openvswitch.docker.service +++ b/roles/openshift_node/templates/openvswitch.docker.service @@ -4,11 +4,14 @@ Requires=docker.service PartOf=docker.service [Service] +EnvironmentFile=/etc/sysconfig/openvswitch ExecStartPre=-/usr/bin/docker rm -f openvswitch -ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ openshift.node.ovs_image }} +ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ openshift.node.ovs_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 5 ExecStop=/usr/bin/docker stop openvswitch +SyslogIdentifier=openvswitch Restart=always +RestartSec=5s [Install] -WantedBy=multi-user.target +WantedBy=docker.service diff --git a/roles/openshift_node/templates/openvswitch.sysconfig.j2 b/roles/openshift_node/templates/openvswitch.sysconfig.j2 new file mode 100644 index 000000000..1f8c20e07 --- /dev/null +++ b/roles/openshift_node/templates/openvswitch.sysconfig.j2 @@ -0,0 +1 @@ +IMAGE_VERSION={{ openshift_version }} diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml index 43dc50ca8..77a9694de 100644 --- a/roles/openshift_node/vars/main.yml +++ b/roles/openshift_node/vars/main.yml @@ -1,4 +1,3 @@ --- openshift_node_config_dir: "{{ openshift.common.config_base }}/node" openshift_node_config_file: "{{ openshift_node_config_dir }}/node-config.yaml" -openshift_version: "{{ openshift_pkg_version | default('') }}" |