diff options
Diffstat (limited to 'roles')
17 files changed, 539 insertions, 366 deletions
diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml index c752bcff1..9fc15ee8b 100644 --- a/roles/cockpit-ui/tasks/main.yml +++ b/roles/cockpit-ui/tasks/main.yml @@ -1,31 +1,53 @@ --- -- name: Expose docker-registry +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + +- set_fact: + openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + +- name: Copy the admin client config(s) command: > - {{ openshift.common.client_binary }} expose service docker-registry -n default - register: expose_docker_registry - changed_when: "'already exists' not in expose_docker_registry.stderr" - failed_when: "'already exists' not in expose_docker_registry.stderr and expose_docker_registry.rc != 0" + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_kubeconfig }} + changed_when: False + +- name: Create passthrough route for docker-registry + command: > + {{ openshift.common.client_binary }} create route passthrough + --service docker-registry + --config={{ openshift_hosted_kubeconfig }} + -n default + register: create_docker_registry_route + changed_when: "'already exists' not in create_docker_registry_route.stderr" + failed_when: "'already exists' not in create_docker_registry_route.stderr and create_docker_registry_route.rc != 0" - name: Create passthrough route for registry-console command: > {{ openshift.common.client_binary }} create route passthrough --service registry-console --port registry-console + --config={{ openshift_hosted_kubeconfig }} -n default register: create_registry_console_route changed_when: "'already exists' not in create_registry_console_route.stderr" failed_when: "'already exists' not in create_registry_console_route.stderr and create_registry_console_route.rc != 0" - name: Retrieve docker-registry route - command: "{{ openshift.common.client_binary }} get route docker-registry -n default --template='{{ '{{' }} .spec.host {{ '}}' }}'" + command: > + {{ openshift.common.client_binary }} get route docker-registry + --template='{{ '{{' }} .spec.host {{ '}}' }}' + --config={{ openshift_hosted_kubeconfig }} + -n default register: docker_registry_route - failed_when: false changed_when: false - name: Retrieve cockpit kube url - command: "{{ openshift.common.client_binary }} get route registry-console -n default --template='https://{{ '{{' }} .spec.host {{ '}}' }}'" + command: > + {{ openshift.common.client_binary }} get route registry-console + --template='https://{{ '{{' }} .spec.host {{ '}}' }}' + -n default register: registry_console_cockpit_kube_url - failed_when: false changed_when: false - set_fact: @@ -36,9 +58,16 @@ {{ openshift.common.client_binary }} new-app --template=registry-console {{ cockpit_image_prefix }} -p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}" - -p REGISTRY_HOST="{{ docker_registry_route.stdout }}:80" + -p REGISTRY_HOST="{{ docker_registry_route.stdout }}" -p COCKPIT_KUBE_URL="{{ registry_console_cockpit_kube_url.stdout }}" + --config={{ openshift_hosted_kubeconfig }} -n default register: deploy_registry_console changed_when: "'already exists' not in deploy_registry_console.stderr" failed_when: "'already exists' not in deploy_registry_console.stderr and deploy_registry_console.rc != 0" + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index eb8b5e99b..0ce142983 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -13,7 +13,7 @@ log_options: "{{ openshift_docker_log_options | default(None) }}" options: "{{ openshift_docker_options | default(None) }}" disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}" - hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(None) }}" + hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(openshift.common.deployment_subtype != 'registry') }}" hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}" - set_fact: diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/README.md b/roles/openshift_examples/files/examples/v1.2/db-templates/README.md index 609f4dec9..c66bdb8bf 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/README.md +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/README.md @@ -38,35 +38,11 @@ Replace `/path/to/template.json` with an appropriate path, that can be either a local path or an URL. Example: $ oc new-app https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json - --> Deploying template mongodb-ephemeral for "https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json" - With parameters: - DATABASE_SERVICE_NAME=mongodb - MONGODB_USER=userJNX # generated - MONGODB_PASSWORD=tnEDilMVrgjp5AI2 # generated - MONGODB_DATABASE=sampledb - MONGODB_ADMIN_PASSWORD=8bYEs8OlNYhVyMBs # generated - --> Creating resources ... - Service "mongodb" created - DeploymentConfig "mongodb" created - --> Success - Run 'oc status' to view your app. The parameters listed in the output above can be tweaked by specifying values in the command line with the `-p` option: $ oc new-app examples/db-templates/mongodb-ephemeral-template.json -p DATABASE_SERVICE_NAME=mydb -p MONGODB_USER=default - --> Deploying template mongodb-ephemeral for "examples/db-templates/mongodb-ephemeral-template.json" - With parameters: - DATABASE_SERVICE_NAME=mydb - MONGODB_USER=default - MONGODB_PASSWORD=RPvMbWlQFOevSowQ # generated - MONGODB_DATABASE=sampledb - MONGODB_ADMIN_PASSWORD=K7tIjDxDHHYCvFrJ # generated - --> Creating resources ... - Service "mydb" created - DeploymentConfig "mydb" created - --> Success - Run 'oc status' to view your app. Note that the persistent template requires an existing persistent volume, otherwise the deployment won't ever succeed. diff --git a/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json index 3d7afe4aa..6cbf81591 100644 --- a/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json +++ b/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json @@ -1,5 +1,5 @@ { - "kind": "List", + "kind": "ImageStreamList", "apiVersion": "v1", "metadata": { "name": "dotnet-image-streams", @@ -12,21 +12,39 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "dotnetcore-10-rhel7" + "name": "dotnet" }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7", "tags": [ { + "name": "latest", + "annotations": { + "description": ".Net Core 1.0 S2I image.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.0/test/asp-net-hello-world" + }, + "from": { + "kind": "ImageStreamTag", + "name": "1.0" + } + }, + { "name": "1.0", "annotations": { "description": ".Net Core 1.0 S2I image.", "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", - "supports":"dotnet:1.0", + "supports":"dotnet:1.0,dotnet", "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", "sampleContextDir": "1.0/test/asp-net-hello-world", "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7:1.0" } } ] diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json index f85e7e537..ab4982690 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json @@ -126,9 +126,9 @@ }, "spec": { "strategy": { - "type": "Rolling", + "type": "Recreate", "recreateParams": { - "pre": { + "pre": { "failurePolicy": "Retry", "execNewPod": { "command": [ diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json index 4f565206f..e8e361415 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json @@ -5,12 +5,12 @@ "name": "jenkins-ephemeral", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, without persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "description": "Jenkins service, without persistent storage.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, - "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.", + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -26,6 +26,7 @@ }, "tls": { "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" @@ -75,6 +76,7 @@ } }, "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", "containers": [ { "name": "jenkins", @@ -89,7 +91,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 60, + "initialDelaySeconds": 120, "httpGet": { "path": "/login", "port": 8080 @@ -99,6 +101,18 @@ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" } ], "resources": { @@ -136,19 +150,42 @@ } }, { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null + "name": "${JNLP_SERVICE_NAME}" }, "spec": { "ports": [ { - "name": "web", + "name": "agent", "protocol": "TCP", - "port": 8080, - "targetPort": 8080, + "port": 50000, + "targetPort": 50000, "nodePort": 0 } ], @@ -159,6 +196,35 @@ "type": "ClusterIP", "sessionAffinity": "None" } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ @@ -169,6 +235,12 @@ "value": "jenkins" }, { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json index eda826a5b..e4a18961e 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json @@ -5,12 +5,12 @@ "name": "jenkins-persistent", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, with persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nYou must have persistent volumes available in your cluster to use this template.", + "description": "Jenkins service, with persistent storage.\nYou must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, - "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.", + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -26,6 +26,7 @@ }, "tls": { "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" @@ -92,6 +93,7 @@ } }, "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", "containers": [ { "name": "jenkins", @@ -106,7 +108,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 60, + "initialDelaySeconds": 120, "httpGet": { "path": "/login", "port": 8080 @@ -116,6 +118,18 @@ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" } ], "resources": { @@ -153,19 +167,42 @@ } }, { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null + "name": "${JNLP_SERVICE_NAME}" }, "spec": { "ports": [ { - "name": "web", + "name": "agent", "protocol": "TCP", - "port": 8080, - "targetPort": 8080, + "port": 50000, + "targetPort": 50000, "nodePort": 0 } ], @@ -176,6 +213,35 @@ "type": "ClusterIP", "sessionAffinity": "None" } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ @@ -186,6 +252,12 @@ "value": "jenkins" }, { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkinstemplate.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkinstemplate.json deleted file mode 100644 index fc409f709..000000000 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkinstemplate.json +++ /dev/null @@ -1,256 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "jenkins", - "creationTimestamp": null, - "annotations": { - "description": "Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", - "iconClass": "icon-jenkins", - "tags": "instant-app,jenkins" - } - }, - "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.", - "objects": [ - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "jenkins", - "creationTimestamp": null - }, - "spec": { - "to": { - "kind": "Service", - "name": "${JENKINS_SERVICE_NAME}" - }, - "tls": { - "termination": "edge", - "insecureEdgeTerminationPolicy": "Redirect", - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", - "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", - "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "jenkins" - ], - "from": { - "kind": "ImageStreamTag", - "name": "jenkins:1", - "namespace": "openshift" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "name": "${JENKINS_SERVICE_NAME}" - } - }, - "spec": { - "serviceAccountName": "${JENKINS_SERVICE_NAME}", - "containers": [ - { - "name": "jenkins", - "image": " ", - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/login", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 120, - "httpGet": { - "path": "/login", - "port": 8080 - } - }, - "env": [ - { - "name": "JENKINS_PASSWORD", - "value": "${JENKINS_PASSWORD}" - }, - { - "name": "KUBERNETES_MASTER", - "value": "https://kubernetes.default:443" - }, - { - "name": "KUBERNETES_TRUST_CERTIFICATES", - "value": "true" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, - "volumeMounts": [ - { - "name": "${JENKINS_SERVICE_NAME}-data", - "mountPath": "/var/lib/jenkins" - } - ], - "terminationMessagePath": "/dev/termination-log", - "imagePullPolicy": "IfNotPresent", - "capabilities": {}, - "securityContext": { - "capabilities": {}, - "privileged": false - } - } - ], - "volumes": [ - { - "name": "${JENKINS_SERVICE_NAME}-data", - "emptyDir": { - "medium": "" - } - } - ], - "restartPolicy": "Always", - "dnsPolicy": "ClusterFirst" - } - } - } - }, - { - "kind": "ServiceAccount", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}" - } - }, - { - "kind": "RoleBinding", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}_edit" - }, - "groupNames": null, - "subjects": [ - { - "kind": "ServiceAccount", - "name": "${JENKINS_SERVICE_NAME}" - } - ], - "roleRef": { - "name": "edit" - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "jenkins-jnlp" - }, - "spec": { - "ports": [ - { - "name": "agent", - "protocol": "TCP", - "port": 50000, - "targetPort": 50000, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "annotations": { - "service.alpha.openshift.io/dependencies": "[{\"name\": \"jenkins-jnlp\", \"namespace\": \"\", \"kind\": \"Service\"}]", - "service.openshift.io/infrastructure": "true" - }, - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "web", - "protocol": "TCP", - "port": 80, - "targetPort": 8080, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - } - ], - "parameters": [ - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "value": "openshift" - }, - { - "name": "JENKINS_SERVICE_NAME", - "displayName": "Jenkins Service Name", - "description": "The name of the OpenShift Service exposed for the Jenkins container.", - "value": "jenkins" - }, - { - "name": "JENKINS_PASSWORD", - "displayName": "Jenkins Password", - "description": "Password for the Jenkins 'admin' user.", - "generate": "expression", - "from": "[a-zA-Z0-9]{16}", - "required": true - } - ], - "labels": { - "template": "jenkins-pipeline-template" - } -} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/fis-image-streams.json b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/fis-image-streams.json index ed0e94bed..65060cc2c 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/fis-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/fis-image-streams.json @@ -20,13 +20,23 @@ { "name": "1.0", "annotations": { - "description": "JBoss Fuse Integration Services 6.2.1 Java S2I images.", + "description": "JBoss Fuse Integration Services 1.0 Java S2I images.", "iconClass": "icon-jboss", "tags": "builder,jboss-fuse,java,xpaas", "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", "version": "1.0" } - } + }, + { + "name": "2.0", + "annotations": { + "description": "JBoss Fuse Integration Services 2.0 Java S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,xpaas", + "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", + "version": "2.0" + } + } ] } }, @@ -42,13 +52,23 @@ { "name": "1.0", "annotations": { - "description": "JBoss Fuse Integration Services 6.2.1 Karaf S2I images.", + "description": "JBoss Fuse Integration Services 1.0 Karaf S2I images.", "iconClass": "icon-jboss", "tags": "builder,jboss-fuse,java,karaf,xpaas", "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", "version": "1.0" } - } + }, + { + "name": "2.0", + "annotations": { + "description": "JBoss Fuse Integration Services 2.0 Karaf S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,karaf,xpaas", + "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", + "version": "2.0" + } + } ] } } diff --git a/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json index 3d7afe4aa..6cbf81591 100644 --- a/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json +++ b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json @@ -1,5 +1,5 @@ { - "kind": "List", + "kind": "ImageStreamList", "apiVersion": "v1", "metadata": { "name": "dotnet-image-streams", @@ -12,21 +12,39 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "dotnetcore-10-rhel7" + "name": "dotnet" }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7", "tags": [ { + "name": "latest", + "annotations": { + "description": ".Net Core 1.0 S2I image.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.0/test/asp-net-hello-world" + }, + "from": { + "kind": "ImageStreamTag", + "name": "1.0" + } + }, + { "name": "1.0", "annotations": { "description": ".Net Core 1.0 S2I image.", "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", - "supports":"dotnet:1.0", + "supports":"dotnet:1.0,dotnet", "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", "sampleContextDir": "1.0/test/asp-net-hello-world", "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7:1.0" } } ] diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json index ed0e94bed..65060cc2c 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json @@ -20,13 +20,23 @@ { "name": "1.0", "annotations": { - "description": "JBoss Fuse Integration Services 6.2.1 Java S2I images.", + "description": "JBoss Fuse Integration Services 1.0 Java S2I images.", "iconClass": "icon-jboss", "tags": "builder,jboss-fuse,java,xpaas", "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", "version": "1.0" } - } + }, + { + "name": "2.0", + "annotations": { + "description": "JBoss Fuse Integration Services 2.0 Java S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,xpaas", + "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", + "version": "2.0" + } + } ] } }, @@ -42,13 +52,23 @@ { "name": "1.0", "annotations": { - "description": "JBoss Fuse Integration Services 6.2.1 Karaf S2I images.", + "description": "JBoss Fuse Integration Services 1.0 Karaf S2I images.", "iconClass": "icon-jboss", "tags": "builder,jboss-fuse,java,karaf,xpaas", "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", "version": "1.0" } - } + }, + { + "name": "2.0", + "annotations": { + "description": "JBoss Fuse Integration Services 2.0 Karaf S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,karaf,xpaas", + "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", + "version": "2.0" + } + } ] } } diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index b28974236..d5077932b 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -18,7 +18,9 @@ l_default_replicas: 0 when: l_node_count | int == 0 -# If registry nodes are defined and the registry storage kind is defined, default should be the number of registry nodes, otherwise just 1: +# If registry nodes are defined and the registry storage kind is +# defined, default should be the number of registry nodes, otherwise +# just 1: - set_fact: l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}" when: l_node_count | int > 0 @@ -49,6 +51,10 @@ failed_when: "openshift_hosted_registry_results.rc != 0 and 'service exists' not in openshift_hosted_registry_results.stdout and 'deployment_config' not in openshift_hosted_registry_results.stderr and 'service' not in openshift_hosted_registry_results.stderr" when: replicas | int > 0 +- include: secure.yml + static: no + when: openshift.common.deployment_subtype == 'registry' + - include: storage/object_storage.yml static: no when: replicas | int > 0 and openshift.hosted.registry.storage.kind | default(none) == 'object' diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml new file mode 100644 index 000000000..ef1c7c5bc --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -0,0 +1,83 @@ +--- +- name: Determine if registry certificates must be created + stat: + path: "{{ openshift_master_config_dir }}/{{ item }}" + with_items: + - registry.crt + - registry.key + register: docker_registry_certificates_stat_result + changed_when: false + failed_when: false + +- name: Retrieve registry service IP + command: > + {{ openshift.common.client_binary }} get service docker-registry + --template='{{ '{{' }} .spec.clusterIP {{ '}}' }}' + register: docker_registry_service_ip + changed_when: false + +- set_fact: + docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift.master.default_subdomain | default('router.default.svc.cluster.local', true)) }}" + +- name: Create registry certificates if they do not exist + command: > + {{ openshift.common.admin_binary }} ca create-server-cert + --signer-cert=/etc/origin/master/ca.crt + --signer-key=/etc/origin/master/ca.key + --signer-serial=/etc/origin/master/ca.serial.txt + --hostnames="{{ docker_registry_service_ip.stdout }},docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}" + --cert={{ openshift_master_config_dir }}/registry.crt + --key={{ openshift_master_config_dir }}/registry.key + when: False in (docker_registry_certificates_stat_result.results | default([]) | oo_collect(attribute='stat.exists') | list) + +- name: Create the secret for the registry certificates + command: > + {{ openshift.common.client_binary }} secrets new registry-certificates + {{ openshift_master_config_dir }}/registry.crt + {{ openshift_master_config_dir }}/registry.key + --config={{ openshift_hosted_kubeconfig }} + -n default + register: create_registry_certificates_secret + changed_when: "'already exists' not in create_registry_certificates_secret.stderr" + failed_when: "'already exists' not in create_registry_certificates_secret.stderr and create_registry_certificates_secret.rc != 0" + +- name: "Add the secret to the registry's pod service accounts" + command: > + {{ openshift.common.client_binary }} secrets link {{ item }} registry-certificates + --config={{ openshift_hosted_kubeconfig }} + -n default + with_items: + - registry + - default + +- name: Determine if registry-certificates secret volume attached + command: > + {{ openshift.common.client_binary }} get dc/docker-registry + --template='{{ '{{' }} range .spec.template.spec.volumes {{ '}}' }}{{ '{{' }} .secret.secretName {{ '}}' }}{{ '{{' }} end {{ '}}' }}' + --config={{ openshift_hosted_kubeconfig }} + -n default + register: docker_registry_volumes + changed_when: false + failed_when: false + +- name: Attach registry-certificates secret volume + command: > + {{ openshift.common.client_binary }} volume dc/docker-registry --add --type=secret + --secret-name=registry-certificates + -m /etc/secrets + --config={{ openshift_hosted_kubeconfig }} + -n default + when: "'registry-certificates' not in docker_registry_volumes.stdout" + +- name: Set registry environment variables for TLS certificate + command: > + {{ openshift.common.client_binary }} env dc/docker-registry + REGISTRY_HTTP_TLS_CERTIFICATE=/etc/secrets/registry.crt + REGISTRY_HTTP_TLS_KEY=/etc/secrets/registry.key + +# These commands are on a single line to preserve patch json. +- name: Update registry liveness probe from HTTP to HTTPS + command: "{{ openshift.common.client_binary }} patch dc/docker-registry --api-version=v1 -p '{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"registry\",\"livenessProbe\":{\"httpGet\":{\"scheme\":\"HTTPS\"}}}]}}}}' --config={{ openshift_hosted_kubeconfig }} -n default" + +- name: Update registry readiness probe from HTTP to HTTPS + command: "{{ openshift.common.client_binary }} patch dc/docker-registry --api-version=v1 -p '{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"registry\",\"readinessProbe\":{\"httpGet\":{\"scheme\":\"HTTPS\"}}}]}}}}' --config={{ openshift_hosted_kubeconfig }} -n default" diff --git a/roles/openshift_hosted_logging/README.md b/roles/openshift_hosted_logging/README.md index b3f363571..03db1c4b1 100644 --- a/roles/openshift_hosted_logging/README.md +++ b/roles/openshift_hosted_logging/README.md @@ -5,6 +5,35 @@ - openshift_hosted_logging_master_public_url: https://localhost:8443 ###Optional vars: +- openshift_hosted_logging_image_prefix: logging image prefix. No default. Use this to specify an alternate image repository e.g. my.private.repo:5000/private_openshift/ +- target_registry: DEPRECATED - use openshift_hosted_logging_image_prefix instead +- openshift_hosted_logging_image_version: logging image version suffix. Defaults to the current version of the deployed software. - openshift_hosted_logging_secret_vars: (defaults to nothing=/dev/null) kibana.crt=/etc/origin/master/ca.crt kibana.key=/etc/origin/master/ca.key ca.crt=/etc/origin/master/ca.crt ca.key=/etc/origin/master/ca.key - openshift_hosted_logging_fluentd_replicas: (defaults to 1) 3 - openshift_hosted_logging_cleanup: (defaults to no) Set this to 'yes' in order to cleanup logging components instead of deploying. +- openshift_hosted_logging_elasticsearch_instance_ram: Amount of RAM to reserve per ElasticSearch instance (e.g. 1024M, 2G). Defaults to 8GiB; must be at least 512M (Ref.: [ElasticSearch documentation](https://www.elastic.co/guide/en/elasticsearch/guide/current/hardware.html\#\_memory). +- openshift_hosted_logging_elasticsearch_pvc_size: Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead. +- openshift_hosted_logging_elasticsearch_pvc_prefix: Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size `openshift_hosted_logging_elasticsearch_pvc_size`. +- openshift_hosted_logging_elasticsearch_pvc_dynamic: Set to `true` to have created PersistentVolumeClaims annotated such that their backing storage can be dynamically provisioned (if that is available for your cluster). +- openshift_hosted_logging_elasticsearch_storage_group: Number of a supplemental group ID for access to Elasticsearch storage volumes; backing volumes should allow access by this group ID (defaults to 65534). +- openshift_hosted_logging_elasticsearch_nodeselector: Specify the nodeSelector that Elasticsearch should be use (label=value) +- openshift_hosted_logging_fluentd_nodeselector: The nodeSelector to use for the Fluentd DaemonSet. Defaults to "logging-infra-fluentd=true". +- openshift_hosted_logging_kibana_nodeselector: Specify the nodeSelector that Kibana should be use (label=value) +- openshift_hosted_logging_curator_nodeselector: Specify the nodeSelector that Curator should be use (label=value) +- openshift_hosted_logging_enable_ops_cluster: If "true", configure a second ES cluster and Kibana for ops logs. +- openshift_hosted_logging_use_journal: If this is unset or empty, logging will try to figure out from docker which log driver it is using (json-file or journald). You can set this param to "true" or "false" to force logging to use journal or not (but make sure you are sure which one docker is using). +- openshift_hosted_logging_journal_source: By default, if this param is unset or empty, logging will use `/var/log/journal` if it exists, or `/run/log/journal` if not. You can use this param to force logging to use a different location. +- openshift_hosted_logging_journal_read_from_head: Set to `true` to have fluentd read from the beginning of the journal, to get historical log data. Default is `false`. *WARNING* Using `true` may take several minutes or even hours, depending on the size of the journal, until any new records show up in Elasticsearch, and will cause fluentd to consume a lot of CPU and RAM resources. + +When `openshift_hosted_logging_enable_ops_cluster` is `True`, there are some +additional vars. These work the same as above for their non-ops counterparts, +but apply to the OPS cluster instance: +- openshift_hosted_logging_ops_hostname: kibana-ops.example.com +- openshift_hosted_logging_elasticsearch_ops_cluster_size +- openshift_hosted_logging_elasticsearch_ops_instance_ram +- openshift_hosted_logging_elasticsearch_ops_pvc_size +- openshift_hosted_logging_elasticsearch_ops_pvc_prefix +- openshift_hosted_logging_elasticsearch_ops_pvc_dynamic +- openshift_hosted_logging_elasticsearch_ops_nodeselector +- openshift_hosted_logging_kibana_ops_nodeselector +- openshift_hosted_logging_curator_ops_nodeselector diff --git a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml index f19ce3e2b..082bb6ea2 100644 --- a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml +++ b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml @@ -1,4 +1,7 @@ --- + - debug: msg="WARNING target_registry is deprecated, use openshift_hosted_logging_image_prefix instead" + when: target_registry is defined and target_registry + - fail: msg="This role requires the following vars to be defined. openshift_hosted_logging_master_public_url, openshift_hosted_logging_hostname, openshift_hosted_logging_elasticsearch_cluster_size" when: "openshift_hosted_logging_hostname is not defined or openshift_hosted_logging_elasticsearch_cluster_size is not defined or @@ -35,21 +38,20 @@ register: secret_output failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr" - - name: "Copy serviceAccount file" - copy: - dest: /tmp/logging-deployer-sa.yaml - src: "{{role_path}}/files/logging-deployer-sa.yaml" - force: yes - - - name: "Create logging-deployer service account" + - name: "Create templates for logging accounts and the deployer" command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /tmp/logging-deployer-sa.yaml - register: deployer_output - failed_when: "deployer_output.rc == 1 and 'exists' not in deployer_output.stderr" + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml + register: template_output + failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr" + + - name: "Process the logging accounts template" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-deployer-account-template | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -" + register: process_deployer_accounts + failed_when: process_deployer_accounts.rc == 1 and 'already exists' not in process_deployer_accounts.stderr - name: "Set permissions for logging-deployer service account" command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-role-to-user edit system:serviceaccount:logging:logging-deployer + {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-cluster-role-to-user oauth-editor system:serviceaccount:logging:logging-deployer register: permiss_output failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr" @@ -65,14 +67,14 @@ register: fluentd2_output failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr" - - name: "Create deployer template" + - name: "Create ConfigMap for deployer parameters" command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml - register: template_output - failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr" + {{ openshift.common.client_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-deployer {{ deployer_cmap_params }} + register: deployer_configmap_output + failed_when: "deployer_configmap_output.rc == 1 and 'exists' not in deployer_configmap_output.stderr" - name: "Process the deployer template" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-deployer-template -v {{ oc_process_values }} | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-app logging-deployer-template {{ oc_new_app_values }}" register: process_deployer failed_when: process_deployer.rc == 1 and 'already exists' not in process_deployer.stderr @@ -83,39 +85,71 @@ retries: 15 delay: 10 - - name: "Process support template" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-support-template | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -" - register: process_support - failed_when: process_support.rc == 1 and 'already exists' not in process_support.stderr + - name: "Process imagestream template" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-app logging-imagestream-template {{ oc_new_app_values }}" + when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry + register: process_is + failed_when: process_is.rc == 1 and 'already exists' not in process_is.stderr - name: "Set insecured registry" command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig annotate is --all openshift.io/image.insecureRepository=true --overwrite" - when: "target_registry is defined and insecure_registry == 'true'" + when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry - name: "Wait for imagestreams to become available" shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get is | grep logging-fluentd" + when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry register: result until: result.rc == 0 failed_when: result.rc == 1 and 'not found' not in result.stderr retries: 20 delay: 10 - - name: "Wait for replication controllers to become available" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get rc | grep logging-fluentd-1" + - name: "Wait for component pods to be running" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component={{ item }} | grep Running" + with_items: + - es + - kibana + - curator register: result until: result.rc == 0 - failed_when: result.rc == 1 and 'not found' not in result.stderr + failed_when: result.rc == 1 or 'Error' in result.stderr + retries: 20 + delay: 10 + + - name: "Wait for ops component pods to be running" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component={{ item }} | grep Running" + with_items: + - es-ops + - kibana-ops + - curator-ops + when: openshift_hosted_logging_enable_ops_cluster is defined and openshift_hosted_logging_enable_ops_cluster + register: result + until: result.rc == 0 + failed_when: result.rc == 1 or 'Error' in result.stderr retries: 20 delay: 10 + - name: "Wait for fluentd DaemonSet to exist" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get daemonset logging-fluentd" + register: result + until: result.rc == 0 + failed_when: result.rc == 1 or 'Error' in result.stderr + retries: 20 + delay: 10 - - name: "Scale fluentd deployment config" - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }} + - name: "Deploy fluentd by labeling the node" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig label node {{ openshift_hostname }} {{ openshift_hosted_logging_fluentd_nodeselector if openshift_hosted_logging_fluentd_nodeselector is defined else 'logging-infra-fluentd=true' }}" + - name: "Wait for fluentd to be running" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component=fluentd | grep Running" + register: result + until: result.rc == 0 + failed_when: result.rc == 1 or 'Error' in result.stderr + retries: 20 + delay: 10 - debug: - msg: "Logging components deployed. Note persistant volume for elasticsearch must be setup manually" + msg: "Logging components deployed. Note persistent volume for elasticsearch must be setup manually" - name: Delete temp directory file: diff --git a/roles/openshift_hosted_logging/vars/main.yaml b/roles/openshift_hosted_logging/vars/main.yaml index 88d112209..2ef3164e1 100644 --- a/roles/openshift_hosted_logging/vars/main.yaml +++ b/roles/openshift_hosted_logging/vars/main.yaml @@ -1,6 +1,32 @@ -kh_kv: "KIBANA_HOSTNAME={{ openshift_hosted_logging_hostname | quote }}" -es_cs_kv: "ES_CLUSTER_SIZE={{ openshift_hosted_logging_elasticsearch_cluster_size | string | quote }}" -pmu_kv: "PUBLIC_MASTER_URL={{ openshift_hosted_logging_master_public_url | quote }}" -ip_kv: "{{ 'IMAGE_PREFIX=' ~ target_registry | quote if target_registry is defined else '' }}" -oc_process_values: "{{ kh_kv }},{{ es_cs_kv }},{{ pmu_kv }},{{ ip_kv }}" +tr_or_ohlip: "{{ openshift_hosted_logging_image_prefix or target_registry or none }}" +ip_kv: "{{ '-p IMAGE_PREFIX=' ~ tr_or_ohlip | quote if tr_or_ohlip is defined else '' }}" +iv_kv: "{{ '-p IMAGE_VERSION=' ~ openshift_hosted_logging_image_version | quote if openshift_hosted_logging_image_version is defined else '' }}" +oc_new_app_values: "{{ ip_kv }} {{ iv_kv }}" openshift_master_config_dir: "{{ openshift.common.config_base }}/master" +kh_cmap_param: "{{ '--from-literal kibana-hostname=' ~ openshift_hosted_logging_hostname | quote if openshift_hosted_logging_hostname is defined else '' }}" +kh_ops_cmap_param: "{{ '--from-literal kibana-ops-hostname=' ~ openshift_hosted_logging_ops_hostname | quote if openshift_hosted_logging_ops_hostname is defined else '' }}" +pmu_cmap_param: "{{ '--from-literal public-master-url=' ~ openshift_hosted_logging_master_public_url | quote if openshift_hosted_logging_master_public_url is defined else '' }}" +es_cs_cmap_param: "{{ '--from-literal es-cluster-size=' ~ openshift_hosted_logging_elasticsearch_cluster_size | string | quote if openshift_hosted_logging_elasticsearch_cluster_size is defined else '' }}" +es_ops_cs_cmap_param: "{{ '--from-literal es-ops-cluster-size=' ~ openshift_hosted_logging_elasticsearch_ops_cluster_size | string | quote if openshift_hosted_logging_elasticsearch_ops_cluster_size is defined else '' }}" +es_ir_cmap_param: "{{ '--from-literal es-instance-ram=' ~ openshift_hosted_logging_elasticsearch_instance_ram | quote if openshift_hosted_logging_elasticsearch_instance_ram is defined else '' }}" +es_ops_ir_cmap_param: "{{ '--from-literal es-ops-instance-ram=' ~ openshift_hosted_logging_elasticsearch_ops_instance_ram | quote if openshift_hosted_logging_elasticsearch_ops_instance_ram is defined else '' }}" +es_pvcs_cmap_param: "{{ '--from-literal es-pvc-size=' ~ openshift_hosted_logging_elasticsearch_pvc_size | quote if openshift_hosted_logging_elasticsearch_pvc_size is defined else '' }}" +es_ops_pvcs_cmap_param: "{{ '--from-literal es-ops-pvc-size=' ~ openshift_hosted_logging_elasticsearch_ops_pvc_size | quote if openshift_hosted_logging_elasticsearch_ops_pvc_size is defined else '' }}" +es_pvcp_cmap_param: "{{ '--from-literal es-pvc-prefix=' ~ openshift_hosted_logging_elasticsearch_pvc_prefix | quote if openshift_hosted_logging_elasticsearch_pvc_prefix is defined else '' }}" +es_ops_pvcp_cmap_param: "{{ '--from-literal es-ops-pvc-prefix=' ~ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | quote if openshift_hosted_logging_elasticsearch_ops_pvc_prefix is defined else '' }}" +es_pvcd_cmap_param: "{{ '--from-literal es-pvc-dynamic=' ~ openshift_hosted_logging_elasticsearch_pvc_dynamic | quote if openshift_hosted_logging_elasticsearch_pvc_dynamic is defined else '' }}" +es_ops_pvcd_cmap_param: "{{ '--from-literal es-ops-pvc-dynamic=' ~ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic | quote if openshift_hosted_logging_elasticsearch_ops_pvc_dynamic is defined else '' }}" +es_sg_cmap_param: "{{ '--from-literal storage-group=' ~ openshift_hosted_logging_elasticsearch_storage_group | string | quote if openshift_hosted_logging_elasticsearch_storage_group is defined else '' }}" +es_ns_cmap_param: "{{ '--from-literal es-nodeselector=' ~ openshift_hosted_logging_elasticsearch_nodeselector | quote if openshift_hosted_logging_elasticsearch_nodeselector is defined else '' }}" +es_ops_ns_cmap_param: "{{ '--from-literal es-ops-nodeselector=' ~ openshift_hosted_logging_elasticsearch_ops_nodeselector | quote if openshift_hosted_logging_elasticsearch_ops_nodeselector is defined else '' }}" +fd_ns_cmap_param: "{{ '--from-literal fluentd-nodeselector=' ~ openshift_hosted_logging_fluentd_nodeselector | quote if openshift_hosted_logging_fluentd_nodeselector is defined else 'logging-infra-fluentd=true' }}" +kb_ns_cmap_param: "{{ '--from-literal kibana-nodeselector=' ~ openshift_hosted_logging_kibana_nodeselector | quote if openshift_hosted_logging_kibana_nodeselector is defined else '' }}" +kb_ops_ns_cmap_param: "{{ '--from-literal kibana-ops-nodeselector=' ~ openshift_hosted_logging_kibana_ops_nodeselector | quote if openshift_hosted_logging_kibana_ops_nodeselector is defined else '' }}" +cr_ns_cmap_param: "{{ '--from-literal curator-nodeselector=' ~ openshift_hosted_logging_curator_nodeselector | quote if openshift_hosted_logging_curator_nodeselector is defined else '' }}" +cr_ops_ns_cmap_param: "{{ '--from-literal curator-ops-nodeselector=' ~ openshift_hosted_logging_curator_ops_nodeselector | quote if openshift_hosted_logging_curator_ops_nodeselector is defined else '' }}" +ops_cmap_param: "{{ '--from-literal enable-ops-cluster=' ~ openshift_hosted_logging_enable_ops_cluster | string | lower | quote if openshift_hosted_logging_enable_ops_cluster is defined else '' }}" +use_journal_cmap_param: "{{ '--from-literal use-journal=' ~ openshift_hosted_logging_use_journal | string | lower | quote if openshift_hosted_logging_use_journal is defined else '' }}" +journal_source_cmap_param: "{{ '--from-literal journal-source=' ~ openshift_hosted_logging_journal_source | quote if openshift_hosted_logging_journal_source is defined else '' }}" +journal_read_from_head_cmap_param: "{{ '--from-literal journal-read-from-head=' ~ openshift_hosted_logging_journal_read_from_head | string | lower | quote if openshift_hosted_logging_journal_read_from_head is defined else '' }}" +ips_cmap_param: "{{ '--from-literal image-pull-secret=' ~ openshift_hosted_logging_image_pull_secret | quote if openshift_hosted_logging_image_pull_secret is defined else '' }}" +deployer_cmap_params: "{{ kh_cmap_param }} {{ kh_ops_cmap_param }} {{ pmu_cmap_param }} {{ es_cs_cmap_param }} {{ es_ir_cmap_param }} {{ es_pvcs_cmap_param }} {{ es_pvcp_cmap_param }} {{ es_pvcd_cmap_param }} {{ es_ops_cs_cmap_param }} {{ es_ops_ir_cmap_param }} {{ es_ops_pvcs_cmap_param }} {{ es_ops_pvcp_cmap_param }} {{ es_ops_pvcd_cmap_param }} {{ es_sg_cmap_param }} {{ es_ns_cmap_param }} {{ es_ops_ns_cmap_param }} {{ fd_ns_cmap_param }} {{ kb_ns_cmap_param }} {{ kb_ops_ns_cmap_param }} {{ cr_ns_cmap_param }} {{ cr_ops_ns_cmap_param }} {{ ops_cmap_param }} {{ use_journal_cmap_param }} {{ journal_source_cmap_param }} {{ journal_read_from_head_cmap_param }} {{ ips_cmap_param }}" diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index 5abac32cd..f999092cc 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -1,6 +1,22 @@ +--- +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + +- set_fact: + openshift_manage_node_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + +- name: Copy the admin client config(s) + command: > + cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_manage_node_kubeconfig }} + changed_when: False + - name: Wait for Node Registration command: > - {{ openshift.common.client_binary }} get node {{ item | lower }} + {{ openshift.common.client_binary }} get node {{ item | lower }} + --config={{ openshift_manage_node_kubeconfig }} + -n default register: omd_get_node until: omd_get_node.rc == 0 retries: 50 @@ -10,14 +26,24 @@ - name: Set node schedulability command: > - {{ openshift.common.admin_binary }} manage-node {{ item.openshift.common.hostname | lower }} --schedulable={{ 'true' if item.openshift.node.schedulable | bool else 'false' }} + {{ openshift.common.admin_binary }} manage-node {{ hostvars[item].openshift.common.hostname | lower }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }} + --config={{ openshift_manage_node_kubeconfig }} + -n default with_items: - - "{{ openshift_node_vars }}" - when: item.openshift.common.hostname is defined + - "{{ openshift_nodes }}" + when: hostvars[item].openshift.common.hostname is defined - name: Label nodes command: > - {{ openshift.common.client_binary }} label --overwrite node {{ item.openshift.common.hostname | lower }} {{ item.openshift.node.labels | oo_combine_dict }} + {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.common.hostname | lower }} {{ hostvars[item].openshift.node.labels | oo_combine_dict }} + --config={{ openshift_manage_node_kubeconfig }} + -n default with_items: - - "{{ openshift_node_vars }}" - when: item.openshift.common.hostname is defined and 'labels' in item.openshift.node and item.openshift.node.labels != {} + - "{{ openshift_nodes }}" + when: hostvars[item].openshift.common.hostname is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {} + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False |