diff options
Diffstat (limited to 'roles')
32 files changed, 272 insertions, 68 deletions
diff --git a/roles/docker/README.md b/roles/docker/README.md index 6b5ee4421..1f0d94da0 100644 --- a/roles/docker/README.md +++ b/roles/docker/README.md @@ -17,7 +17,7 @@ docker_udev_workaround: raises udevd timeout to 5 minutes (https://bugzilla.redh Dependencies ------------ -None +Depends on the os_firewall role. Example Playbook ---------------- diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml index 6e2c98601..3d362158d 100644 --- a/roles/docker/meta/main.yml +++ b/roles/docker/meta/main.yml @@ -9,4 +9,6 @@ galaxy_info: - name: EL versions: - 7 -dependencies: [] +dependencies: + - role: os_firewall + os_firewall_use_firewalld: False diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 7147aa2d4..9b7ef0830 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,7 +1,4 @@ --- -- stat: path=/etc/sysconfig/docker-storage - register: docker_storage_check - - name: Get current installed Docker version command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" when: not openshift.common.is_atomic | bool @@ -46,15 +43,16 @@ action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present" when: not openshift.common.is_atomic | bool -- name: Start the Docker service - service: - name: docker - enabled: yes - state: started - register: start_result +- name: Ensure docker.service.d directory exists + file: + path: "{{ docker_systemd_dir }}" + state: directory -- set_fact: - docker_service_status_changed: start_result | changed +# Extend the default Docker service unit file +- name: Configure Docker service unit file + template: + dest: "{{ docker_systemd_dir }}/custom.conf" + src: custom.conf.j2 - include: udev_workaround.yml when: docker_udev_workaround | default(False) | bool @@ -113,4 +111,15 @@ notify: - restart docker +- name: Start the Docker service + systemd: + name: docker + enabled: yes + state: started + daemon_reload: yes + register: start_result + +- set_fact: + docker_service_status_changed: start_result | changed + - meta: flush_handlers diff --git a/roles/docker/templates/custom.conf.j2 b/roles/docker/templates/custom.conf.j2 new file mode 100644 index 000000000..53ed56abc --- /dev/null +++ b/roles/docker/templates/custom.conf.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +[Unit] +Requires=iptables.service +After=iptables.service diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml index f81f99e2b..5237ed8f2 100644 --- a/roles/docker/vars/main.yml +++ b/roles/docker/vars/main.yml @@ -1,2 +1,3 @@ --- udevw_udevd_dir: /etc/systemd/system/systemd-udevd.service.d +docker_systemd_dir: /etc/systemd/system/docker.service.d diff --git a/roles/etcd/etcdctl.sh b/roles/etcd/etcdctl.sh new file mode 100644 index 000000000..0e324a8a9 --- /dev/null +++ b/roles/etcd/etcdctl.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Sets up handy aliases for etcd, need etcdctl2 and etcdctl3 because +# command flags are different between the two. Should work on stand +# alone etcd hosts and master + etcd hosts too because we use the peer keys. +etcdctl2() { + /usr/bin/etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt -C https://`hostname`:2379 ${@} +} + +etcdctl3() { + ETCDCTL_API=3 /usr/bin/etcdctl --cert /etc/etcd/peer.crt --key /etc/etcd/peer.key --cacert /etc/etcd/ca.crt --endpoints https://`hostname`:2379 ${@} +} diff --git a/roles/etcd/files/etcdctl.sh b/roles/etcd/files/etcdctl.sh new file mode 100644 index 000000000..0e324a8a9 --- /dev/null +++ b/roles/etcd/files/etcdctl.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Sets up handy aliases for etcd, need etcdctl2 and etcdctl3 because +# command flags are different between the two. Should work on stand +# alone etcd hosts and master + etcd hosts too because we use the peer keys. +etcdctl2() { + /usr/bin/etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt -C https://`hostname`:2379 ${@} +} + +etcdctl3() { + ETCDCTL_API=3 /usr/bin/etcdctl --cert /etc/etcd/peer.crt --key /etc/etcd/peer.key --cacert /etc/etcd/ca.crt --endpoints https://`hostname`:2379 ${@} +} diff --git a/roles/etcd/tasks/etcdctl.yml b/roles/etcd/tasks/etcdctl.yml new file mode 100644 index 000000000..32c176449 --- /dev/null +++ b/roles/etcd/tasks/etcdctl.yml @@ -0,0 +1,11 @@ +- name: Install etcd for etcdctl + action: "{{ ansible_pkg_mgr }} name=etcd state=present" + when: not openshift.common.is_atomic | bool + +- name: Configure etcd profile.d alises + copy: + src: etcdctl.sh + dest: /etc/profile.d/etcdctl.sh + mode: 0755 + owner: root + group: root diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 2bc6a8678..790eb3c5a 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -74,5 +74,8 @@ enabled: yes register: start_result +- include: etcdctl.yml + when: openshift_etcd_etcdctl_profile | default(true) | bool + - set_fact: etcd_service_status_changed: "{{ start_result | changed }}" diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index f5b16fb76..bf400cfe8 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -2,7 +2,7 @@ - name: Install flannel become: yes action: "{{ ansible_pkg_mgr }} name=flannel state=present" - when: not openshift.common.is_containerized | bool + when: not openshift.common.is_atomic | bool - name: Set flannel etcd options become: yes @@ -15,7 +15,7 @@ - { regexp: "^(FLANNEL_ETCD=)", line: '\1{{ etcd_hosts|join(",") }}' } - { regexp: "^(FLANNEL_ETCD_ENDPOINTS=)", line: '\1{{ etcd_hosts|join(",") }}' } - { regexp: "^(FLANNEL_ETCD_KEY=)", line: '\1{{ flannel_etcd_key }}' } - - { regexp: "^(FLANNEL_ETCD_KEY_PREFIX=)", line: '\1{{ flannel_etcd_key }}' } + - { regexp: "^(FLANNEL_ETCD_PREFIX=)", line: '\1{{ flannel_etcd_key }}' } - name: Set flannel options become: yes diff --git a/roles/openshift_cloud_provider/tasks/gce.yml b/roles/openshift_cloud_provider/tasks/gce.yml new file mode 100644 index 000000000..14ad8ba94 --- /dev/null +++ b/roles/openshift_cloud_provider/tasks/gce.yml @@ -0,0 +1,16 @@ +# Work around ini_file create option in 2.2 which defaults to no +- name: Create cloud config file + file: + dest: "{{ openshift.common.config_base }}/cloudprovider/gce.conf" + state: touch + mode: 0660 + owner: root + group: root + changed_when: false + +- name: Configure GCE cloud provider + ini_file: + dest: "{{ openshift.common.config_base }}/cloudprovider/gce.conf" + section: Global + option: multizone + value: "true" diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml index e217e37ea..ab3055c8b 100644 --- a/roles/openshift_cloud_provider/tasks/main.yml +++ b/roles/openshift_cloud_provider/tasks/main.yml @@ -16,3 +16,6 @@ - include: aws.yml when: cloudprovider_is_aws | bool + +- include: gce.yml + when: cloudprovider_is_gce | bool diff --git a/roles/openshift_cloud_provider/vars/main.yml b/roles/openshift_cloud_provider/vars/main.yml index 83bf6edc8..c9d953f58 100644 --- a/roles/openshift_cloud_provider/vars/main.yml +++ b/roles/openshift_cloud_provider/vars/main.yml @@ -2,3 +2,4 @@ has_cloudprovider: "{{ openshift_cloudprovider_kind | default(None) != None }}" cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'aws' }}" cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'openstack' }}" +cloudprovider_is_gce: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'gce' }}" diff --git a/roles/openshift_examples/files/examples/v1.4/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.4/image-streams/dotnet_imagestreams.json index 00b363c42..a65d35c2e 100644 --- a/roles/openshift_examples/files/examples/v1.4/image-streams/dotnet_imagestreams.json +++ b/roles/openshift_examples/files/examples/v1.4/image-streams/dotnet_imagestreams.json @@ -12,14 +12,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "dotnet" + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run .NET Core 1.0 applications", + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.0/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore", "supports":"dotnet", @@ -34,7 +38,8 @@ { "name": "1.0", "annotations": { - "description": "Build and run .NET Core 1.0 applications", + "openshift.io/display-name": ".NET Core 1.0", + "description": "Build and run .NET Core 1.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.0/README.md.", "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", "supports":"dotnet:1.0,dotnet", diff --git a/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-centos7.json index ef77bfcab..a645de7e2 100644 --- a/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-centos7.json @@ -95,7 +95,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Node.js (Latest)", - "description": "Build and run Node.js applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Build and run Node.js applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", "supports":"nodejs", @@ -156,7 +156,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Perl (Latest)", - "description": "Build and run Perl applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Build and run Perl applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", "iconClass": "icon-perl", "tags": "builder,perl", "supports":"perl", @@ -218,7 +218,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PHP (Latest)", - "description": "Build and run PHP applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Build and run PHP applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", "iconClass": "icon-php", "tags": "builder,php", "supports":"php", @@ -279,7 +279,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Python (Latest)", - "description": "Build and run Python applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Build and run Python applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", "iconClass": "icon-python", "tags": "builder,python", "supports":"python", @@ -372,7 +372,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "WildFly (Latest)", - "description": "Build and run WildFly applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Build and run WildFly applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of WildFly available on OpenShift, including major versions updates.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", "supports":"jee,java", @@ -465,7 +465,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MySQL (Latest)", - "description": "Provides a MySQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Provides a MySQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", "iconClass": "icon-mysql-database", "tags": "mysql" }, @@ -520,7 +520,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MariaDB (Latest)", - "description": "Provides a MariaDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Provides a MariaDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", "iconClass": "icon-mariadb", "tags": "mariadb" }, @@ -561,7 +561,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PostgreSQL (Latest)", - "description": "Provides a PostgreSQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Provides a PostgreSQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", "iconClass": "icon-postgresql", "tags": "postgresql" }, @@ -630,7 +630,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MongoDB (Latest)", - "description": "Provides a MongoDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Provides a MongoDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", "iconClass": "icon-mongodb", "tags": "mongodb" }, @@ -699,7 +699,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Jenkins (Latest)", - "description": "Provides a Jenkins server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Provides a Jenkins server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", "iconClass": "icon-jenkins", "tags": "jenkins" }, diff --git a/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-rhel7.json index 161227d2f..9b9cd236f 100644 --- a/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-rhel7.json +++ b/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-rhel7.json @@ -95,7 +95,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Node.js (Latest)", - "description": "Build and run Node.js applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Build and run Node.js applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", "supports":"nodejs", @@ -156,7 +156,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Perl (Latest)", - "description": "Build and run Perl applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Build and run Perl applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", "iconClass": "icon-perl", "tags": "builder,perl", "supports":"perl", @@ -218,7 +218,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PHP (Latest)", - "description": "Build and run PHP applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Build and run PHP applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", "iconClass": "icon-php", "tags": "builder,php", "supports":"php", @@ -279,7 +279,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Python (Latest)", - "description": "Build and run Python applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Build and run Python applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", "iconClass": "icon-python", "tags": "builder,python", "supports":"python", @@ -372,7 +372,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MySQL (Latest)", - "description": "Provides a MySQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Provides a MySQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", "iconClass": "icon-mysql-database", "tags": "mysql" }, @@ -427,7 +427,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MariaDB (Latest)", - "description": "Provides a MariaDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Provides a MariaDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", "iconClass": "icon-mariadb", "tags": "mariadb" }, @@ -468,7 +468,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PostgreSQL (Latest)", - "description": "Provides a PostgreSQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Provides a PostgreSQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", "iconClass": "icon-postgresql", "tags": "postgresql" }, @@ -537,7 +537,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MongoDB (Latest)", - "description": "Provides a MongoDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Provides a MongoDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", "iconClass": "icon-mongodb", "tags": "mongodb" }, @@ -606,7 +606,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Jenkins (Latest)", - "description": "Provides a Jenkins server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "description": "Provides a Jenkins server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", "iconClass": "icon-jenkins", "tags": "jenkins" }, diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 6c045e7ab..d797eb4d3 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -7,7 +7,13 @@ """Ansible module for retrieving and setting openshift related facts""" -import ConfigParser +try: + # python2 + import ConfigParser +except ImportError: + # python3 + import configparser as ConfigParser + import copy import io import os @@ -202,9 +208,9 @@ def query_metadata(metadata_url, headers=None, expect_json=False): if info['status'] != 200: raise OpenShiftFactsMetadataUnavailableError("Metadata unavailable") if expect_json: - return module.from_json(result.read()) + return module.from_json(to_native(result.read())) else: - return [line.strip() for line in result.readlines()] + return [to_native(line.strip()) for line in result.readlines()] def walk_metadata(metadata_url, headers=None, expect_json=False): @@ -312,7 +318,7 @@ def normalize_aws_facts(metadata, facts): ): int_info = dict() var_map = {'ips': 'local-ipv4s', 'public_ips': 'public-ipv4s'} - for ips_var, int_var in var_map.iteritems(): + for ips_var, int_var in iteritems(var_map): ips = interface.get(int_var) if isinstance(ips, basestring): int_info[ips_var] = [ips] @@ -832,23 +838,29 @@ def set_version_facts_if_unset(facts): version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('1.1.1') version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('1.2.0') version_gte_3_3_or_1_3 = LooseVersion(version) >= LooseVersion('1.3.0') + version_gte_3_4_or_1_4 = LooseVersion(version) >= LooseVersion('1.4.0') else: version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('3.0.2.905') version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('3.1.1') version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('3.1.1.901') version_gte_3_3_or_1_3 = LooseVersion(version) >= LooseVersion('3.3.0') + version_gte_3_4_or_1_4 = LooseVersion(version) >= LooseVersion('3.4.0') else: version_gte_3_1_or_1_1 = True version_gte_3_1_1_or_1_1_1 = True version_gte_3_2_or_1_2 = True - version_gte_3_3_or_1_3 = False + version_gte_3_3_or_1_3 = True + version_gte_3_4_or_1_4 = False facts['common']['version_gte_3_1_or_1_1'] = version_gte_3_1_or_1_1 facts['common']['version_gte_3_1_1_or_1_1_1'] = version_gte_3_1_1_or_1_1_1 facts['common']['version_gte_3_2_or_1_2'] = version_gte_3_2_or_1_2 facts['common']['version_gte_3_3_or_1_3'] = version_gte_3_3_or_1_3 + facts['common']['version_gte_3_4_or_1_4'] = version_gte_3_4_or_1_4 - if version_gte_3_3_or_1_3: + if version_gte_3_4_or_1_4: + examples_content_version = 'v1.4' + elif version_gte_3_3_or_1_3: examples_content_version = 'v1.3' elif version_gte_3_2_or_1_2: examples_content_version = 'v1.2' @@ -901,10 +913,29 @@ def set_sdn_facts_if_unset(facts, system_facts): facts['common']['sdn_network_plugin_name'] = plugin if 'master' in facts: + # set defaults for sdn_cluster_network_cidr and sdn_host_subnet_length + # these might be overridden if they exist in the master config file + sdn_cluster_network_cidr = '10.128.0.0/14' + sdn_host_subnet_length = '9' + + master_cfg_path = os.path.join(facts['common']['config_base'], + 'master/master-config.yaml') + if os.path.isfile(master_cfg_path): + with open(master_cfg_path, 'r') as master_cfg_f: + config = yaml.safe_load(master_cfg_f.read()) + + if 'networkConfig' in config: + if 'clusterNetworkCIDR' in config['networkConfig']: + sdn_cluster_network_cidr = \ + config['networkConfig']['clusterNetworkCIDR'] + if 'hostSubnetLength' in config['networkConfig']: + sdn_host_subnet_length = \ + config['networkConfig']['hostSubnetLength'] + if 'sdn_cluster_network_cidr' not in facts['master']: - facts['master']['sdn_cluster_network_cidr'] = '10.1.0.0/16' + facts['master']['sdn_cluster_network_cidr'] = sdn_cluster_network_cidr if 'sdn_host_subnet_length' not in facts['master']: - facts['master']['sdn_host_subnet_length'] = '8' + facts['master']['sdn_host_subnet_length'] = sdn_host_subnet_length if 'node' in facts and 'sdn_mtu' not in facts['node']: node_ip = facts['common']['ip'] @@ -912,7 +943,7 @@ def set_sdn_facts_if_unset(facts, system_facts): # default MTU if interface MTU cannot be detected facts['node']['sdn_mtu'] = '1450' - for val in system_facts.itervalues(): + for val in itervalues(system_facts): if isinstance(val, dict) and 'mtu' in val: mtu = val['mtu'] @@ -1060,6 +1091,7 @@ values provided as a list. Hence the gratuitous use of ['foo'] below. kubelet_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] if facts['cloudprovider']['kind'] == 'gce': kubelet_args['cloud-provider'] = ['gce'] + kubelet_args['cloud-config'] = [cloud_cfg_path + '/gce.conf'] # Automatically add node-labels to the kubeletArguments # parameter. See BZ1359848 for additional details. @@ -1102,6 +1134,7 @@ def build_controller_args(facts): controller_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] if facts['cloudprovider']['kind'] == 'gce': controller_args['cloud-provider'] = ['gce'] + controller_args['cloud-config'] = [cloud_cfg_path + '/gce.conf'] if controller_args != {}: facts = merge_facts({'master': {'controller_args': controller_args}}, facts, [], []) return facts @@ -1122,6 +1155,7 @@ def build_api_server_args(facts): api_server_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] if facts['cloudprovider']['kind'] == 'gce': api_server_args['cloud-provider'] = ['gce'] + api_server_args['cloud-config'] = [cloud_cfg_path + '/gce.conf'] if api_server_args != {}: facts = merge_facts({'master': {'api_server_args': api_server_args}}, facts, [], []) return facts @@ -1336,7 +1370,7 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw 'image_policy_config'] facts = dict() - for key, value in orig.iteritems(): + for key, value in iteritems(orig): # Key exists in both old and new facts. if key in new: if key in inventory_json_facts: @@ -1510,8 +1544,8 @@ def set_proxy_facts(facts): safe_get_bool(common['generate_no_proxy_hosts']): if 'no_proxy_internal_hostnames' in common: common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(',')) - common['no_proxy'].append('.' + common['dns_domain']) - # We always add ourselves no matter what + # We always add local dns domain and ourselves no matter what + common['no_proxy'].append('.' + common['dns_domain']) common['no_proxy'].append(common['hostname']) common['no_proxy'] = sort_unique(common['no_proxy']) facts['common'] = common @@ -1561,7 +1595,7 @@ def set_container_facts_if_unset(facts): cli_image = master_image node_image = 'openshift3/node' ovs_image = 'openshift3/openvswitch' - etcd_image = 'registry.access.redhat.com/rhel7/etcd' + etcd_image = 'registry.access.redhat.com/rhel7/etcd3' pod_image = 'openshift3/ose-pod' router_image = 'openshift3/ose-haproxy-router' registry_image = 'openshift3/ose-docker-registry' @@ -1571,7 +1605,7 @@ def set_container_facts_if_unset(facts): cli_image = master_image node_image = 'aep3_beta/node' ovs_image = 'aep3_beta/openvswitch' - etcd_image = 'registry.access.redhat.com/rhel7/etcd' + etcd_image = 'registry.access.redhat.com/rhel7/etcd3' pod_image = 'aep3_beta/aep-pod' router_image = 'aep3_beta/aep-haproxy-router' registry_image = 'aep3_beta/aep-docker-registry' @@ -1581,7 +1615,7 @@ def set_container_facts_if_unset(facts): cli_image = master_image node_image = 'openshift/node' ovs_image = 'openshift/openvswitch' - etcd_image = 'registry.access.redhat.com/rhel7/etcd' + etcd_image = 'registry.access.redhat.com/rhel7/etcd3' pod_image = 'openshift/origin-pod' router_image = 'openshift/origin-haproxy-router' registry_image = 'openshift/origin-docker-registry' @@ -1771,8 +1805,8 @@ class OpenShiftFacts(object): facts = set_node_schedulability(facts) facts = set_selectors(facts) facts = set_identity_providers_if_unset(facts) - facts = set_sdn_facts_if_unset(facts, self.system_facts) facts = set_deployment_facts_if_unset(facts) + facts = set_sdn_facts_if_unset(facts, self.system_facts) facts = set_container_facts_if_unset(facts) facts = build_kubelet_args(facts) facts = build_controller_args(facts) @@ -2090,7 +2124,7 @@ class OpenShiftFacts(object): facts_to_set[self.role] = facts if openshift_env != {} and openshift_env != None: - for fact, value in openshift_env.iteritems(): + for fact, value in iteritems(openshift_env): oo_env_facts = dict() current_level = oo_env_facts keys = self.split_openshift_env_fact_keys(fact, openshift_env_structures)[1:] @@ -2148,7 +2182,7 @@ class OpenShiftFacts(object): facts (dict): facts to clean """ facts_to_remove = [] - for fact, value in facts.iteritems(): + for fact, value in iteritems(facts): if isinstance(facts[fact], dict): facts[fact] = self.remove_empty_facts(facts[fact]) else: @@ -2279,6 +2313,9 @@ def main(): from ansible.module_utils.basic import * from ansible.module_utils.facts import * from ansible.module_utils.urls import * +from ansible.module_utils.six import iteritems, itervalues +from ansible.module_utils._text import to_native +from ansible.module_utils.six import b if __name__ == '__main__': main() diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index b0785a9e4..4d4a232cc 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -38,6 +38,8 @@ no_proxy: "{{ openshift_no_proxy | default(None) }}" generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}" + sdn_network_plugin_name: "{{ os_sdn_network_plugin_name | default(None) }}" + use_openshift_sdn: "{{ openshift_use_openshift_sdn | default(None) }}" - name: Set repoquery command set_fact: diff --git a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml index 0162d1fb0..625af9acd 100644 --- a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml +++ b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml @@ -40,7 +40,7 @@ - name: "Create templates for logging accounts and the deployer" command: > - {{ openshift.common.client_binary }} create + {{ openshift.common.client_binary }} create --config={{ mktemp.stdout }}/admin.kubeconfig -f {{ hosted_base }}/logging-deployer.yaml --config={{ mktemp.stdout }}/admin.kubeconfig -n logging @@ -49,28 +49,41 @@ changed_when: "'created' in logging_import_template.stdout" - name: "Process the logging accounts template" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-deployer-account-template | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -" + shell: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig + process logging-deployer-account-template | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f - register: process_deployer_accounts failed_when: process_deployer_accounts.rc == 1 and 'already exists' not in process_deployer_accounts.stderr - name: "Set permissions for logging-deployer service account" command: > - {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig policy add-cluster-role-to-user oauth-editor system:serviceaccount:logging:logging-deployer + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig + policy add-cluster-role-to-user oauth-editor system:serviceaccount:logging:logging-deployer register: permiss_output failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr" - name: "Set permissions for fluentd" command: > - {{ openshift.common.client_binary }} adm policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig + policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd register: fluentd_output failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr" - name: "Set additional permissions for fluentd" command: > - {{ openshift.common.client_binary }} adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd + {{ openshift.common.client_binary }} adm policy --config={{ mktemp.stdout }}/admin.kubeconfig + add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd register: fluentd2_output failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr" + - name: "Add rolebinding-reader to aggregated-logging-elasticsearch" + command: > + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig + policy add-cluster-role-to-user rolebinding-reader \ + system:serviceaccount:logging:aggregated-logging-elasticsearch + register: rolebinding_reader_output + failed_when: "rolebinding_reader_output == 1 and 'exists' not in rolebinding_reader_output.stderr" + - name: "Create ConfigMap for deployer parameters" command: > {{ openshift.common.client_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-deployer {{ deployer_cmap_params }} diff --git a/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml index 9cff9daca..ddfda1272 100644 --- a/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml +++ b/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml @@ -66,6 +66,15 @@ items: - watch - delete - update + - apiVersion: v1 + kind: ClusterRole + metadata: + name: rolebinding-reader + rules: + - resources: + - clusterrolebindings + verbs: + - get - apiVersion: v1 kind: RoleBinding @@ -88,6 +97,17 @@ items: subjects: - kind: ServiceAccount name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-elasticsearch-view-role + roleRef: + kind: ClusterRole + name: view + subjects: + - kind: ServiceAccount + name: aggregated-logging-elasticsearch - apiVersion: "v1" kind: "Template" diff --git a/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml index 97a86c11d..66051755c 100644 --- a/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml +++ b/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml @@ -86,6 +86,8 @@ objects: value: ${HEAPSTER_NODE_ID} - name: METRIC_RESOLUTION value: ${METRIC_RESOLUTION} + - name: STARTUP_TIMEOUT + value: ${STARTUP_TIMEOUT} dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: metrics-deployer @@ -160,3 +162,7 @@ parameters: description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" name: METRIC_RESOLUTION value: "15s" +- + description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart" + name: STARTUP_TIMEOUT + value: "500" diff --git a/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml index 5f2290419..54691572a 100644 --- a/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml +++ b/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml @@ -86,6 +86,8 @@ objects: value: ${HEAPSTER_NODE_ID} - name: METRIC_RESOLUTION value: ${METRIC_RESOLUTION} + - name: STARTUP_TIMEOUT + value: ${STARTUP_TIMEOUT} dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: metrics-deployer @@ -160,3 +162,7 @@ parameters: description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" name: METRIC_RESOLUTION value: "15s" +- + description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart" + name: STARTUP_TIMEOUT + value: "500" diff --git a/roles/openshift_loadbalancer/meta/main.yml b/roles/openshift_loadbalancer/meta/main.yml index e1d78cfd0..0b29df2a0 100644 --- a/roles/openshift_loadbalancer/meta/main.yml +++ b/roles/openshift_loadbalancer/meta/main.yml @@ -17,4 +17,9 @@ dependencies: port: "9000/tcp" - service: haproxy balance port: "{{ openshift_master_api_port | default(8443) }}/tcp" +- role: os_firewall + os_firewall_allow: + - service: nuage mon + port: "{{ nuage_mon_rest_server_port | default(9443) }}/tcp" + when: openshift_use_nuage | default(false) | bool - role: openshift_repos diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 4d45e8591..a52ae578c 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -131,6 +131,7 @@ kubernetesMasterConfig: proxyClientInfo: certFile: master.proxy-client.crt keyFile: master.proxy-client.key + schedulerArguments: {{ openshift_master_scheduler_args | default(None) | to_padded_yaml( level=3 ) }} schedulerConfigFile: {{ openshift_master_scheduler_conf }} servicesNodePortRange: "" servicesSubnet: {{ openshift.common.portal_net }} @@ -158,7 +159,7 @@ masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }} hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }} -{% if openshift.common.use_openshift_sdn or openshift.common.use_nuage %} +{% if openshift.common.use_openshift_sdn or openshift.common.use_nuage or openshift.common.sdn_network_plugin_name == 'cni' %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index e0c0fc644..62ac1aef5 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -80,3 +80,4 @@ controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}" audit_config: "{{ openshift_master_audit_config | default(None) }}" metrics_public_url: "{% if openshift_hosted_metrics_deploy | default(false) %}https://{{ metrics_hostname }}/hawkular/metrics{% endif %}" + scheduler_args: "{{ openshift_master_scheduler_args | default(None) }}" diff --git a/roles/openshift_metrics/tasks/install.yml b/roles/openshift_metrics/tasks/install.yml index 4976c7153..98e21375a 100644 --- a/roles/openshift_metrics/tasks/install.yml +++ b/roles/openshift_metrics/tasks/install.yml @@ -37,6 +37,24 @@ system:serviceaccount:openshift-infra:metrics-deployer when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout" +- name: Test hawkular view permissions + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get rolebindings -o jsonpath='{.items[?(@.metadata.name == "view")].userNames}' + register: view_rolebindings + changed_when: false + +- name: Add view permissions to hawkular SA + command: > + {{ openshift.common.client_binary }} adm + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + policy add-role-to-user view + system:serviceaccount:openshift-infra:hawkular + when: "'system:serviceaccount:openshift-infra:hawkular' not in view_rolebindings" + - name: Test cluster-reader permissions command: > {{ openshift.common.client_binary }} @@ -71,7 +89,14 @@ set_fact: deployer_cmd: "{{ openshift.common.client_binary }} process -f \ {{ hosted_base }}/metrics-deployer.yaml -v \ - HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},DYNAMICALLY_PROVISION_STORAGE={{metrics_dynamic_vol | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }}{{ image_prefix }}{{ image_version }},MODE={{ deployment_mode }} \ + HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }} \ + -v USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }} \ + -v DYNAMICALLY_PROVISION_STORAGE={{metrics_dynamic_vol | string | lower }} \ + -v METRIC_DURATION={{ openshift.hosted.metrics.duration }} \ + -v METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} + {{ image_prefix }} \ + {{ image_version }} \ + -v MODE={{ deployment_mode }} \ | {{ openshift.common.client_binary }} --namespace openshift-infra \ --config={{ openshift_metrics_kubeconfig }} \ create -o name -f -" diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 88432a9f8..26af279b1 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -36,10 +36,8 @@ metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}" metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}" metrics_template_dir: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" - cassandra_nodes: "{{ ',CASSANDRA_NODES=' ~ openshift.hosted.metrics.cassandra_nodes if 'cassandra' in openshift.hosted.metrics else '' }}" - cassandra_pv_size: "{{ ',CASSANDRA_PV_SIZE=' ~ openshift.hosted.metrics.storage_volume_size if openshift.hosted.metrics.storage_volume_size | default(none) is not none else '' }}" - image_prefix: "{{ ',IMAGE_PREFIX=' ~ openshift.hosted.metrics.deployer_prefix if 'deployer_prefix' in openshift.hosted.metrics else '' }}" - image_version: "{{ ',IMAGE_VERSION=' ~ openshift.hosted.metrics.deployer_version if 'deployer_version' in openshift.hosted.metrics else '' }}" + image_prefix: "{{ '-v IMAGE_PREFIX=' ~ openshift.hosted.metrics.deployer.prefix if 'prefix' in openshift.hosted.metrics.deployer else '' }}" + image_version: "{{ '-v IMAGE_VERSION=' ~ openshift.hosted.metrics.deployer.version if 'version' in openshift.hosted.metrics.deployer else '' }}" - name: Check for existing metrics pods diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 8b3145785..6022694bc 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -77,6 +77,11 @@ - set_fact: ovs_service_status_changed: "{{ ovs_start_result | changed }}" +- file: + dest: "{{ (openshift_node_kubelet_args|default({'config':None})).config}}" + state: directory + when: openshift_node_kubelet_args is defined and 'config' in openshift_node_kubelet_args + # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config template: @@ -100,6 +105,7 @@ line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key | default('') }}" - regex: '^AWS_SECRET_ACCESS_KEY=' line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key | default('') }}" + no_log: True when: "openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined" notify: - restart node diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 9bcaf4d84..55ae4bf54 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -27,7 +27,7 @@ networkPluginName: {{ openshift.common.sdn_network_plugin_name }} # deprecates networkPluginName above. The two should match. networkConfig: mtu: {{ openshift.node.sdn_mtu }} -{% if openshift.common.use_openshift_sdn | bool or openshift.common.use_nuage | bool %} +{% if openshift.common.use_openshift_sdn | bool or openshift.common.use_nuage | bool or openshift.common.sdn_network_plugin_name == 'cni' %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} {% if openshift.node.set_node_ip | bool %} diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml index 8e2702391..718537287 100644 --- a/roles/openshift_version/tasks/set_version_containerized.yml +++ b/roles/openshift_version/tasks/set_version_containerized.yml @@ -37,3 +37,8 @@ openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" when: openshift_version is defined and openshift_version.split('.') | length == 2 +# We finally have the specific version. Now we clean up any strange +# dangly +c0mm1t-offset tags in the version. See also, +# openshift_facts.py +- set_fact: + openshift_version: "{{ openshift_version | oo_chomp_commit_offset }}" diff --git a/roles/os_firewall/README.md b/roles/os_firewall/README.md index 187d74b06..c6c70b81d 100644 --- a/roles/os_firewall/README.md +++ b/roles/os_firewall/README.md @@ -14,7 +14,7 @@ Role Variables | Name | Default | | |---------------------------|---------|----------------------------------------| -| os_firewall_use_firewalld | True | If false, use iptables | +| os_firewall_use_firewalld | False | If false, use iptables | | os_firewall_allow | [] | List of service,port mappings to allow | | os_firewall_deny | [] | List of service, port mappings to deny | diff --git a/roles/os_firewall/meta/main.yml b/roles/os_firewall/meta/main.yml index c93335b7b..6df7c9f2b 100644 --- a/roles/os_firewall/meta/main.yml +++ b/roles/os_firewall/meta/main.yml @@ -11,5 +11,6 @@ galaxy_info: - 7 categories: - system +allow_duplicates: yes dependencies: - { role: openshift_facts } |