diff options
Diffstat (limited to 'roles')
29 files changed, 296 insertions, 244 deletions
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 3368e7cd9..1f5f891c7 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,32 +1,4 @@ --- -# Going forward we require Docker 1.10 or greater. If the user has a lesser version installed they must run a separate upgrade process. -- name: Get current installed Docker version - command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" - when: not openshift.common.is_atomic | bool - register: curr_docker_version - changed_when: false - -# TODO: The use of upgrading var will be removed in the coming upgrade refactor. This is a temporary -# fix to wory around the fact that right now, this role is called during upgrade, before we're -# ready to upgrade Docker. -- name: Fail if Docker upgrade is required - fail: - msg: "Docker {{ curr_docker_version.stdout }} must be upgraded to Docker 1.10 or greater" - when: not upgrading | bool and not curr_docker_version | skipped and curr_docker_version.stdout | default('0.0', True) | version_compare('1.10', '<') - -- name: Get latest available version of Docker - command: > - {{ repoquery_cmd }} --qf '%{version}' "docker" - register: avail_docker_version - failed_when: false - changed_when: false - when: not curr_docker_version.stdout | default('0.0', True) | version_compare('1.10', '>=') and not openshift.common.is_atomic | bool - -- name: Verify Docker >= 1.10 is available - fail: - msg: "Docker {{ avail_docker_version.stdout }} is available, but 1.10 or greater is required" - when: not avail_docker_version | skipped and avail_docker_version.stdout | default('0.0', True) | version_compare('1.10', '<') - - stat: path=/etc/sysconfig/docker-storage register: docker_storage_check diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml index 606cdb9b9..f81f99e2b 100644 --- a/roles/docker/vars/main.yml +++ b/roles/docker/vars/main.yml @@ -1,3 +1,2 @@ --- -repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" udevw_udevd_dir: /etc/systemd/system/systemd-udevd.service.d diff --git a/roles/openshift_docker_facts/vars/main.yml b/roles/openshift_docker_facts/vars/main.yml index f7ad1b329..55c04b0c1 100644 --- a/roles/openshift_docker_facts/vars/main.yml +++ b/roles/openshift_docker_facts/vars/main.yml @@ -1,2 +1,2 @@ --- -repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" +repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index 976ff7702..d88014bea 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -20,3 +20,5 @@ infrastructure_origin_base: "{{ examples_base }}/infrastructure-templates/origin infrastructure_enterprise_base: "{{ examples_base }}/infrastructure-templates/enterprise" openshift_examples_import_command: "create" +registry_url: "" +registry_host: "{{ registry_url.split('/')[0] if '.' in registry_url.split('/')[0] else '' }}"
\ No newline at end of file diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index f9d194909..24c18f2b8 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -41,7 +41,7 @@ wget https://raw.githubusercontent.com/jboss-fuse/application-templates/master/f wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/metrics-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-metrics/enterprise/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/enterprise/metrics-deployer.yaml -wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployment/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/logging-deployer.yaml +wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployer/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/logging-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/enterprise/deployment/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/enterprise/logging-deployer.yaml popd diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json index 0e618624b..9a935be5e 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json @@ -85,7 +85,7 @@ "containers": [ { "name": "mongodb", - "image": "mongodb", + "image": " ", "ports": [ { "containerPort": 27017, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json index 07290b1ea..4f73d00cc 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json @@ -102,7 +102,7 @@ "containers": [ { "name": "mongodb", - "image": "mongodb", + "image": " ", "ports": [ { "containerPort": 27017, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json index 1457d288c..5f133b946 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json @@ -85,7 +85,7 @@ "containers": [ { "name": "mysql", - "image": "mysql", + "image": " ", "ports": [ { "containerPort": 3306, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json index e39ee57c8..88d8c3940 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json @@ -3,7 +3,6 @@ "apiVersion": "v1", "metadata": { "name": "mysql-persistent", - "creationTimestamp": null, "annotations": { "description": "MySQL database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mysql-database", @@ -15,28 +14,18 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${DATABASE_SERVICE_NAME}", - "creationTimestamp": null + "name": "${DATABASE_SERVICE_NAME}" }, "spec": { "ports": [ { "name": "mysql", - "protocol": "TCP", - "port": 3306, - "targetPort": 3306, - "nodePort": 0 + "port": 3306 } ], "selector": { "name": "${DATABASE_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - }, - "status": { - "loadBalancer": {} + } } }, { @@ -60,8 +49,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "${DATABASE_SERVICE_NAME}", - "creationTimestamp": null + "name": "${DATABASE_SERVICE_NAME}" }, "spec": { "strategy": { @@ -79,8 +67,7 @@ "kind": "ImageStreamTag", "name": "mysql:latest", "namespace": "${NAMESPACE}" - }, - "lastTriggeredImage": "" + } } }, { @@ -93,7 +80,6 @@ }, "template": { "metadata": { - "creationTimestamp": null, "labels": { "name": "${DATABASE_SERVICE_NAME}" } @@ -102,11 +88,10 @@ "containers": [ { "name": "mysql", - "image": "mysql", + "image": " ", "ports": [ { - "containerPort": 3306, - "protocol": "TCP" + "containerPort": 3306 } ], "readinessProbe": { @@ -149,13 +134,7 @@ "mountPath": "/var/lib/mysql/data" } ], - "terminationMessagePath": "/dev/termination-log", - "imagePullPolicy": "IfNotPresent", - "capabilities": {}, - "securityContext": { - "capabilities": {}, - "privileged": false - } + "imagePullPolicy": "IfNotPresent" } ], "volumes": [ @@ -165,13 +144,10 @@ "claimName": "${DATABASE_SERVICE_NAME}" } } - ], - "restartPolicy": "Always", - "dnsPolicy": "ClusterFirst" + ] } } - }, - "status": {} + } } ], "parameters": [ @@ -179,7 +155,8 @@ "name": "MEMORY_LIMIT", "displayName": "Memory Limit", "description": "Maximum amount of memory the container can use.", - "value": "512Mi" + "value": "512Mi", + "required": true }, { "name": "NAMESPACE", diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json index 39a71f25c..e90244a6b 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json @@ -85,7 +85,7 @@ "containers": [ { "name": "postgresql", - "image": "postgresql", + "image": " ", "ports": [ { "containerPort": 5432, diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json index 347e01de3..7b05076a5 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json @@ -102,7 +102,7 @@ "containers": [ { "name": "postgresql", - "image": "postgresql", + "image": " ", "ports": [ { "containerPort": 5432, diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml index 67e49f327..032f94a18 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/enterprise/metrics-deployer.yaml @@ -54,6 +54,8 @@ objects: value: ${IMAGE_VERSION} - name: MASTER_URL value: ${MASTER_URL} + - name: MODE + value: ${MODE} - name: REDEPLOY value: ${REDEPLOY} - name: USE_PERSISTENT_STORAGE @@ -66,6 +68,8 @@ objects: value: ${CASSANDRA_PV_SIZE} - name: METRIC_DURATION value: ${METRIC_DURATION} + - name: METRIC_RESOLUTION + value: ${METRIC_RESOLUTION} dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: metrics-deployer @@ -83,7 +87,7 @@ parameters: - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION - value: "3.2.0" + value: "3.2.1" - description: "Internal URL for the master, for authentication retrieval" name: MASTER_URL @@ -93,7 +97,11 @@ parameters: name: HAWKULAR_METRICS_HOSTNAME required: true - - description: "If set to true the deployer will try and delete all the existing components before trying to redeploy." + description: "Can be set to: 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process)" + name: MODE + value: "deploy" +- + description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" name: REDEPLOY value: "false" - @@ -112,3 +120,7 @@ parameters: description: "How many days metrics should be stored for." name: METRIC_DURATION value: "7" +- + description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds" + name: METRIC_RESOLUTION + value: "10s" diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml index fd5841db7..77ffee7f9 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml @@ -10,7 +10,8 @@ items: description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." tags: "infrastructure" objects: - - apiVersion: v1 + - + apiVersion: v1 kind: ServiceAccount name: logging-deployer metadata: @@ -19,8 +20,6 @@ items: logging-infra: deployer provider: openshift component: deployer - secrets: - - name: logging-deployer - apiVersion: v1 kind: ServiceAccount @@ -67,18 +66,39 @@ items: - watch - delete - update + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-edit-role + roleRef: + kind: ClusterRole + name: edit + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-dsadmin-role + roleRef: + kind: ClusterRole + name: daemonset-admin + subjects: + - kind: ServiceAccount + name: logging-deployer - apiVersion: "v1" kind: "Template" metadata: name: logging-deployer-template annotations: - description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account and 'logging-deployer' secret." + description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." tags: "infrastructure" labels: logging-infra: deployer provider: openshift - component: deployer objects: - apiVersion: v1 @@ -91,9 +111,6 @@ items: imagePullPolicy: Always name: deployer volumeMounts: - - name: secret - mountPath: /secret - readOnly: true - name: empty mountPath: /etc/deploy env: @@ -125,6 +142,8 @@ items: value: ${ES_PVC_SIZE} - name: ES_PVC_PREFIX value: ${ES_PVC_PREFIX} + - name: ES_PVC_DYNAMIC + value: ${ES_PVC_DYNAMIC} - name: ES_CLUSTER_SIZE value: ${ES_CLUSTER_SIZE} - name: ES_NODE_QUORUM @@ -141,6 +160,8 @@ items: value: ${ES_OPS_PVC_SIZE} - name: ES_OPS_PVC_PREFIX value: ${ES_OPS_PVC_PREFIX} + - name: ES_OPS_PVC_DYNAMIC + value: ${ES_OPS_PVC_DYNAMIC} - name: ES_OPS_CLUSTER_SIZE value: ${ES_OPS_CLUSTER_SIZE} - name: ES_OPS_NODE_QUORUM @@ -173,130 +194,133 @@ items: volumes: - name: empty emptyDir: {} - - name: secret - secret: - secretName: logging-deployer parameters: - - description: "If true, set up to use a second ES cluster for ops logs." + description: "The mode that the deployer runs in." + name: MODE + value: "install" + - + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" + - + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" + - + description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." + name: IMAGE_PULL_SECRET + - + description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" + name: INSECURE_REGISTRY + value: "false" + - + description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." name: ENABLE_OPS_CLUSTER value: "false" - - description: "External hostname where clients will reach kibana" + description: "(Deprecated) External hostname where clients will reach kibana" name: KIBANA_HOSTNAME - required: true + value: "kibana.example.com" - - description: "External hostname at which admins will visit the ops Kibana." + description: "(Deprecated) External hostname at which admins will visit the ops Kibana." name: KIBANA_OPS_HOSTNAME value: kibana-ops.example.com - - description: "External URL for the master, for OAuth purposes" + description: "(Deprecated) External URL for the master, for OAuth purposes" name: PUBLIC_MASTER_URL - required: true + value: "https://localhost:8443" - - description: "Internal URL for the master, for authentication retrieval" + description: "(Deprecated) Internal URL for the master, for authentication retrieval" name: MASTER_URL value: "https://kubernetes.default.svc.cluster.local" - - description: "How many instances of ElasticSearch to deploy." + description: "(Deprecated) How many instances of ElasticSearch to deploy." name: ES_CLUSTER_SIZE - required: true + value: "1" - - description: "Amount of RAM to reserve per ElasticSearch instance." + description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." name: ES_INSTANCE_RAM value: "8G" - - description: "Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." name: ES_PVC_SIZE - - description: "Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." name: ES_PVC_PREFIX value: "logging-es-" - - description: "Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' + name: ES_PVC_DYNAMIC + - + description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." name: ES_NODE_QUORUM - - description: "Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." name: ES_RECOVER_AFTER_NODES - - description: "Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." name: ES_RECOVER_EXPECTED_NODES - - description: "Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." name: ES_RECOVER_AFTER_TIME value: "5m" - - description: "How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." name: ES_OPS_CLUSTER_SIZE - - description: "Amount of RAM to reserve per ops ElasticSearch instance." + description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." name: ES_OPS_INSTANCE_RAM value: "8G" - - description: "Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." name: ES_OPS_PVC_SIZE - - description: "Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." name: ES_OPS_PVC_PREFIX value: "logging-es-ops-" - - description: "Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' + name: ES_OPS_PVC_DYNAMIC + - + description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." name: ES_OPS_NODE_QUORUM - - description: "Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." name: ES_OPS_RECOVER_AFTER_NODES - - description: "Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." name: ES_OPS_RECOVER_EXPECTED_NODES - - description: "Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." name: ES_OPS_RECOVER_AFTER_TIME value: "5m" - - description: "The nodeSelector used for the Fluentd DaemonSet." + description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." name: FLUENTD_NODESELECTOR value: "logging-infra-fluentd=true" - - description: "Node selector Elasticsearch cluster (label=value)." + description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." name: ES_NODESELECTOR value: "" - - description: "Node selector Elasticsearch operations cluster (label=value)." + description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." name: ES_OPS_NODESELECTOR value: "" - - description: "Node selector Kibana cluster (label=value)." + description: "(Deprecated) Node selector Kibana cluster (label=value)." name: KIBANA_NODESELECTOR value: "" - - description: "Node selector Kibana operations cluster (label=value)." + description: "(Deprecated) Node selector Kibana operations cluster (label=value)." name: KIBANA_OPS_NODESELECTOR value: "" - - description: "Node selector Curator (label=value)." + description: "(Deprecated) Node selector Curator (label=value)." name: CURATOR_NODESELECTOR value: "" - - description: "Node selector operations Curator (label=value)." + description: "(Deprecated) Node selector operations Curator (label=value)." name: CURATOR_OPS_NODESELECTOR value: "" - - - description: "The mode that the deployer runs in." - name: MODE - value: "install" - - - description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' - name: IMAGE_PREFIX - value: "docker.io/openshift/origin-" - - - description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' - name: IMAGE_VERSION - value: "latest" - - - description: 'Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry.' - name: IMAGE_PULL_SECRET - - - description: 'Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)' - name: INSECURE_REGISTRY - value: "false" diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml index 8fb594ce8..89639fd67 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml @@ -34,9 +34,11 @@ objects: metadata: generateName: metrics-deployer- spec: + securityContext: {} containers: - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} name: deployer + securityContext: {} volumeMounts: - name: secret mountPath: /secret @@ -48,6 +50,10 @@ objects: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name - name: IMAGE_PREFIX value: ${IMAGE_PREFIX} - name: IMAGE_VERSION diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json index f044152b3..dda16ecfa 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json @@ -437,7 +437,7 @@ }, { "name": "DJANGO_SECRET_KEY", - "displayName": "Djange Secret Key", + "displayName": "Django Secret Key", "description": "Set this to a long random string.", "generate": "expression", "from": "[\\w]{50}" diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json index 67fce4a46..d1ae6de90 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json @@ -12,35 +12,10 @@ }, "objects": [ { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "web", - "protocol": "TCP", - "port": 8080, - "targetPort": 8080, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - }, - { "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "jenkins", + "name": "${JENKINS_SERVICE_NAME}", "creationTimestamp": null }, "spec": { @@ -77,7 +52,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jenkins:latest", + "name": "${JENKINS_IMAGE_STREAM_TAG}", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -102,7 +77,7 @@ "containers": [ { "name": "jenkins", - "image": "JENKINS_IMAGE", + "image": " ", "readinessProbe": { "timeoutSeconds": 3, "initialDelaySeconds": 3, @@ -126,10 +101,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${JENKINS_SERVICE_NAME}-data", @@ -158,22 +133,35 @@ } } } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 8080, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "value": "openshift" - }, - { "name": "JENKINS_SERVICE_NAME", "displayName": "Jenkins Service Name", "description": "The name of the OpenShift Service exposed for the Jenkins container.", @@ -185,6 +173,24 @@ "description": "Password for the Jenkins 'admin' user.", "generate": "expression", "value": "password" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Jenkins ImageStream Namespace", + "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", + "value": "openshift" + }, + { + "name": "JENKINS_IMAGE_STREAM_TAG", + "displayName": "Jenkins ImageStreamTag", + "description": "Name of the ImageStreamTag to be used for the Jenkins image.", + "value": "jenkins:latest" } ], "labels": { diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json index ef04b4482..c7bc3f2fa 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json @@ -12,35 +12,10 @@ }, "objects": [ { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "web", - "protocol": "TCP", - "port": 8080, - "targetPort": 8080, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - }, - { "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "jenkins", + "name": "${JENKINS_SERVICE_NAME}", "creationTimestamp": null }, "spec": { @@ -82,7 +57,7 @@ }, "spec": { "strategy": { - "type": "Recreate" + "type": "Recreate" }, "triggers": [ { @@ -94,7 +69,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jenkins:latest", + "name": "${JENKINS_IMAGE_STREAM_TAG}", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -119,7 +94,7 @@ "containers": [ { "name": "jenkins", - "image": "JENKINS_IMAGE", + "image": " ", "readinessProbe": { "timeoutSeconds": 3, "initialDelaySeconds": 3, @@ -143,10 +118,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${JENKINS_SERVICE_NAME}-data", @@ -175,22 +150,35 @@ } } } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 8080, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "value": "openshift" - }, - { "name": "JENKINS_SERVICE_NAME", "displayName": "Jenkins Service Name", "description": "The name of the OpenShift Service exposed for the Jenkins container.", @@ -204,11 +192,29 @@ "value": "password" }, { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { "name": "VOLUME_CAPACITY", "displayName": "Volume Capacity", "description": "Volume space available for data, e.g. 512Mi, 2Gi.", "value": "1Gi", "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Jenkins ImageStream Namespace", + "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", + "value": "openshift" + }, + { + "name": "JENKINS_IMAGE_STREAM_TAG", + "displayName": "Jenkins ImageStreamTag", + "description": "Name of the ImageStreamTag to be used for the Jenkins image.", + "value": "jenkins:latest" } ], "labels": { diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index a5731be09..fb10188f2 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -4,6 +4,11 @@ src: "examples/{{ content_version }}/" dest: "{{ examples_base }}/" +- name: Modify registry paths if registry_url is not registry.access.redhat.com + shell: > + find {{ examples_base }} -type f | xargs -n 1 sed -i 's|registry.access.redhat.com|{{ registry_host | quote }}|g' + when: registry_host != '' + # RHEL and Centos image streams are mutually exclusive - name: Import RHEL streams command: > diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 2f8af2454..a5ccfb152 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1749,7 +1749,7 @@ class OpenShiftFacts(object): metrics=dict( deploy=False, duration=7, - resolution=10, + resolution='10s', storage=dict( kind=None, volume=dict( diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 026787421..3d532db04 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -9,6 +9,12 @@ AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} +{% if 'api_env_vars' in openshift.master or 'controllers_env_vars' in openshift.master -%} +{% for key, value in openshift.master.api_env_vars.items() | default([]) | union(openshift.master.controllers_env_vars.items() | default([])) -%} +{{ key }}={{ value }} +{% endfor -%} +{% endif -%} + # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 02c22e374..ab560b1bd 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -9,6 +9,12 @@ AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} +{% if 'api_env_vars' in openshift.master -%} +{% for key, value in openshift.master.api_env_vars.items() -%} +{{ key }}={{ value }} +{% endfor -%} +{% endif -%} + # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 644640577..1a83b98e1 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -9,6 +9,12 @@ AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} {% endif %} +{% if 'controllers_env_vars' in openshift.master -%} +{% for key, value in openshift.master.controllers_env_vars.items() -%} +{{ key }}={{ value }} +{% endfor -%} +{% endif -%} + # Proxy configuration # See https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#configuring-global-proxy {% if 'http_proxy' in openshift.common %} diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index d51c5a0a3..3377e29e6 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -78,3 +78,5 @@ image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}" dynamic_provisioning_enabled: "{{ openshift_master_dynamic_provisioning_enabled | default(None) }}" max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}" + api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}" + controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}" diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md index 2e903379a..f7ec86c55 100644 --- a/roles/openshift_metrics/README.md +++ b/roles/openshift_metrics/README.md @@ -21,7 +21,7 @@ From this role: | openshift_hosted_metrics_storage_volume_size | 10Gi | Metrics volume size | | openshift_hosted_metrics_storage_nfs_options | *(rw,root_squash) | NFS options for configured exports. | | openshift_hosted_metrics_duration | 7 | Metrics query duration | -| openshift_hosted_metrics_resolution | 10 | Metrics resolution | +| openshift_hosted_metrics_resolution | 10s | Metrics resolution | From openshift_common: diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 657e99e87..165010afb 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -26,6 +26,7 @@ proxy_mode: "{{ openshift_node_proxy_mode | default('iptables') }}" local_quota_per_fsgroup: "{{ openshift_node_local_quota_per_fsgroup | default(None) }}" dns_ip: "{{ openshift_dns_ip | default(none) | get_dns_ip(hostvars[inventory_hostname])}}" + env_vars: "{{ openshift_node_env_vars | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging. @@ -91,6 +92,16 @@ notify: - restart node +- name: Configure Node Environment Variables + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + create: true + with_dict: "{{ openshift.node.env_vars | default({}) }}" + notify: + - restart node + - name: Additional storage plugin configuration include: storage_plugins/main.yml @@ -110,18 +121,23 @@ changed_when: false when: openshift.common.is_containerized | bool +- name: Start and enable node dep + service: name={{ openshift.common.service_type }}-node-dep enabled=yes state=started + when: openshift.common.is_containerized | bool + - name: Start and enable node service: name={{ openshift.common.service_type }}-node enabled=yes state=started register: node_start_result ignore_errors: yes - -- name: Check logs on failure - command: journalctl -xe - register: node_failure + +- name: Wait 30 seconds for docker initialization whenever node has failed + pause: + seconds: 30 when: node_start_result | failed - -- name: Dump failure information - debug: var=node_failure + +- name: Start and enable node again + service: name={{ openshift.common.service_type }}-node enabled=yes state=started + register: node_start_result when: node_start_result | failed - set_fact: diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 14a613786..8380714d4 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -9,3 +9,10 @@ state: yes persistent: yes when: ansible_selinux and ansible_selinux.status == "enabled" + +- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) + seboolean: + name: virt_sandbox_use_nfs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service index f66a78479..0fb34cffd 100644 --- a/roles/openshift_node/templates/openshift.docker.node.dep.service +++ b/roles/openshift_node/templates/openshift.docker.node.dep.service @@ -6,6 +6,6 @@ Before={{ openshift.common.service_type }}-node.service [Service] -ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" +ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" ExecStop= SyslogIdentifier={{ openshift.common.service_type }}-node-dep diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml index 4cb24469d..7147b78f5 100644 --- a/roles/openshift_node_dnsmasq/tasks/main.yml +++ b/roles/openshift_node_dnsmasq/tasks/main.yml @@ -3,15 +3,16 @@ command: > systemctl show NetworkManager register: nm_show - + changed_when: false + - name: Set fact using_network_manager set_fact: network_manager_active: "{{ True if 'ActiveState=active' in nm_show.stdout else False }}" - + - name: Install dnsmasq action: "{{ ansible_pkg_mgr }} name=dnsmasq state=installed" when: not openshift.common.is_atomic | bool - + - name: Install dnsmasq configuration template: src: origin-dns.conf.j2 @@ -20,8 +21,7 @@ # Dynamic NetworkManager based dispatcher - include: ./network-manager.yml when: network_manager_active | bool - + # Relies on ansible in order to configure static config - include: ./no-network-manager.yml when: not network_manager_active | bool - diff --git a/roles/os_firewall/library/os_firewall_manage_iptables.py b/roles/os_firewall/library/os_firewall_manage_iptables.py index 1cb539a8c..190016c14 100755 --- a/roles/os_firewall/library/os_firewall_manage_iptables.py +++ b/roles/os_firewall/library/os_firewall_manage_iptables.py @@ -37,14 +37,14 @@ class IpTablesSaveError(IpTablesError): class IpTablesCreateChainError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateChainError, self).__init__(msg, cmd, exit_code, output) self.chain = chain class IpTablesCreateJumpRuleError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateJumpRuleError, self).__init__(msg, cmd, exit_code, output) self.chain = chain @@ -152,11 +152,11 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes continue last_rule_target = rule[1] - # Naively assume that if the last row is a REJECT rule, then - # we can add insert our rule right before it, otherwise we + # Naively assume that if the last row is a REJECT or DROP rule, + # then we can insert our rule right before it, otherwise we # assume that we can just append the rule. if (last_rule_num and last_rule_target - and last_rule_target == 'REJECT'): + and last_rule_target in ['REJECT', 'DROP']): # insert rule cmd = self.cmd + ['-I', self.jump_rule_chain, str(last_rule_num)] |