diff options
Diffstat (limited to 'roles/openshift_sdn_node')
| -rw-r--r-- | roles/openshift_sdn_node/tasks/main.yml | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/roles/openshift_sdn_node/tasks/main.yml b/roles/openshift_sdn_node/tasks/main.yml index 729c28879..37a30d019 100644 --- a/roles/openshift_sdn_node/tasks/main.yml +++ b/roles/openshift_sdn_node/tasks/main.yml @@ -9,9 +9,15 @@ yum: pkg: openshift-sdn-node state: installed + register: install_result + +- name: Reload systemd units + command: systemctl daemon-reload + when: install_result | changed # TODO: we are specifying -hostname= for OPTIONS as a workaround for # openshift-sdn-node not properly detecting the hostname. +# TODO: we should probably generate certs specifically for sdn - name: Configure openshift-sdn-node settings lineinfile: dest: /etc/sysconfig/openshift-sdn-node @@ -20,17 +26,33 @@ backrefs: yes with_items: - regex: '^(OPTIONS=)' - line: '\1"-v={{ openshift.node_sdn.debug_level }} -hostname={{ openshift.common.hostname }}"' + line: '\1"-v={{ openshift.node_sdn.debug_level }} -hostname={{ openshift.common.hostname }} + -etcd-cafile={{ openshift_node_cert_dir }}/ca.crt + -etcd-certfile={{ openshift_node_cert_dir }}/client.crt + -etcd-keyfile={{ openshift_node_cert_dir }}/client.key\"' - regex: '^(MASTER_URL=)' line: '\1"{{ openshift_sdn_master_url }}"' - regex: '^(MINION_IP=)' line: '\1"{{ openshift.common.ip }}"' - # TODO lock down the insecure-registry config to a more sane value than - # 0.0.0.0/0 - - regex: '^(DOCKER_OPTIONS=)' - line: '\1"--insecure-registry=0.0.0.0/0 -b=lbr0 --mtu=1450 --selinux-enabled"' notify: restart openshift-sdn-node +- name: Ensure we aren't setting DOCKER_OPTIONS in /etc/sysconfig/openshift-sdn-node + lineinfile: + dest: /etc/sysconfig/openshift-sdn-node + regexp: '^DOCKER_OPTIONS=' + state: absent + notify: restart openshift-sdn-node + +# TODO lock down the insecure-registry config to a more sane value than +# 0.0.0.0/0 +- name: Configure docker insecure-registry setting + lineinfile: + dest: /etc/sysconfig/docker + regexp: INSECURE_REGISTRY= + line: INSECURE_REGISTRY='--insecure-registry=0.0.0.0/0' + notify: restart openshift-sdn-node + + - name: Start and enable openshift-sdn-node service: name: openshift-sdn-node |