diff options
Diffstat (limited to 'roles')
47 files changed, 115 insertions, 70 deletions
diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py index 05b2763d5..bfed58011 100644 --- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py @@ -1138,7 +1138,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_adm_csr.py b/roles/lib_openshift/library/oc_adm_csr.py index 324f52689..c78e379d5 100644 --- a/roles/lib_openshift/library/oc_adm_csr.py +++ b/roles/lib_openshift/library/oc_adm_csr.py @@ -1116,7 +1116,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_adm_manage_node.py b/roles/lib_openshift/library/oc_adm_manage_node.py index 152f270ab..b1b2cb5b5 100644 --- a/roles/lib_openshift/library/oc_adm_manage_node.py +++ b/roles/lib_openshift/library/oc_adm_manage_node.py @@ -1124,7 +1124,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_adm_policy_group.py b/roles/lib_openshift/library/oc_adm_policy_group.py index 3082f5890..2773201d7 100644 --- a/roles/lib_openshift/library/oc_adm_policy_group.py +++ b/roles/lib_openshift/library/oc_adm_policy_group.py @@ -1110,7 +1110,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_adm_policy_user.py b/roles/lib_openshift/library/oc_adm_policy_user.py index 92515889b..25cbed8b7 100644 --- a/roles/lib_openshift/library/oc_adm_policy_user.py +++ b/roles/lib_openshift/library/oc_adm_policy_user.py @@ -1124,7 +1124,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index fe565987c..e26214316 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -1228,7 +1228,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py index 44de29592..62fca19e5 100644 --- a/roles/lib_openshift/library/oc_adm_router.py +++ b/roles/lib_openshift/library/oc_adm_router.py @@ -1253,7 +1253,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_clusterrole.py b/roles/lib_openshift/library/oc_clusterrole.py index 9761b4b4e..0c4bfa01f 100644 --- a/roles/lib_openshift/library/oc_clusterrole.py +++ b/roles/lib_openshift/library/oc_clusterrole.py @@ -1102,7 +1102,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_configmap.py b/roles/lib_openshift/library/oc_configmap.py index 047edffbb..36e6111eb 100644 --- a/roles/lib_openshift/library/oc_configmap.py +++ b/roles/lib_openshift/library/oc_configmap.py @@ -1108,7 +1108,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_edit.py b/roles/lib_openshift/library/oc_edit.py index 0cea07256..ab4f153c7 100644 --- a/roles/lib_openshift/library/oc_edit.py +++ b/roles/lib_openshift/library/oc_edit.py @@ -1152,7 +1152,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_env.py b/roles/lib_openshift/library/oc_env.py index 1f52fba40..f334ddaa4 100644 --- a/roles/lib_openshift/library/oc_env.py +++ b/roles/lib_openshift/library/oc_env.py @@ -1119,7 +1119,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_group.py b/roles/lib_openshift/library/oc_group.py index 72023eaf7..7e9078339 100644 --- a/roles/lib_openshift/library/oc_group.py +++ b/roles/lib_openshift/library/oc_group.py @@ -1092,7 +1092,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_image.py b/roles/lib_openshift/library/oc_image.py index 94b08d9ce..e71e2eb5c 100644 --- a/roles/lib_openshift/library/oc_image.py +++ b/roles/lib_openshift/library/oc_image.py @@ -1111,7 +1111,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_label.py b/roles/lib_openshift/library/oc_label.py index ad837fdb5..ac3279ef8 100644 --- a/roles/lib_openshift/library/oc_label.py +++ b/roles/lib_openshift/library/oc_label.py @@ -1128,7 +1128,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_obj.py b/roles/lib_openshift/library/oc_obj.py index 892546e56..ca53c4c97 100644 --- a/roles/lib_openshift/library/oc_obj.py +++ b/roles/lib_openshift/library/oc_obj.py @@ -1131,7 +1131,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_objectvalidator.py b/roles/lib_openshift/library/oc_objectvalidator.py index 38df585f0..877c78d93 100644 --- a/roles/lib_openshift/library/oc_objectvalidator.py +++ b/roles/lib_openshift/library/oc_objectvalidator.py @@ -1063,7 +1063,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_process.py b/roles/lib_openshift/library/oc_process.py index 70632f86d..507170424 100644 --- a/roles/lib_openshift/library/oc_process.py +++ b/roles/lib_openshift/library/oc_process.py @@ -1120,7 +1120,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_project.py b/roles/lib_openshift/library/oc_project.py index 4eee748d7..347e879ca 100644 --- a/roles/lib_openshift/library/oc_project.py +++ b/roles/lib_openshift/library/oc_project.py @@ -1117,7 +1117,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_pvc.py b/roles/lib_openshift/library/oc_pvc.py index 2e73a7645..93c96b817 100644 --- a/roles/lib_openshift/library/oc_pvc.py +++ b/roles/lib_openshift/library/oc_pvc.py @@ -1124,7 +1124,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py index e003770d8..3369cf134 100644 --- a/roles/lib_openshift/library/oc_route.py +++ b/roles/lib_openshift/library/oc_route.py @@ -1168,7 +1168,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_scale.py b/roles/lib_openshift/library/oc_scale.py index c142f1f43..1b6202a26 100644 --- a/roles/lib_openshift/library/oc_scale.py +++ b/roles/lib_openshift/library/oc_scale.py @@ -1106,7 +1106,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py index 62bda33ad..732299e48 100644 --- a/roles/lib_openshift/library/oc_secret.py +++ b/roles/lib_openshift/library/oc_secret.py @@ -1164,7 +1164,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_service.py b/roles/lib_openshift/library/oc_service.py index c541e1bbd..a6cf764ff 100644 --- a/roles/lib_openshift/library/oc_service.py +++ b/roles/lib_openshift/library/oc_service.py @@ -1171,7 +1171,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_serviceaccount.py b/roles/lib_openshift/library/oc_serviceaccount.py index 646a39224..90d514292 100644 --- a/roles/lib_openshift/library/oc_serviceaccount.py +++ b/roles/lib_openshift/library/oc_serviceaccount.py @@ -1104,7 +1104,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_serviceaccount_secret.py b/roles/lib_openshift/library/oc_serviceaccount_secret.py index 99a8e8f3d..0d9acac0e 100644 --- a/roles/lib_openshift/library/oc_serviceaccount_secret.py +++ b/roles/lib_openshift/library/oc_serviceaccount_secret.py @@ -1104,7 +1104,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_storageclass.py b/roles/lib_openshift/library/oc_storageclass.py index 7e7d0fa60..6fb5a94e9 100644 --- a/roles/lib_openshift/library/oc_storageclass.py +++ b/roles/lib_openshift/library/oc_storageclass.py @@ -1122,7 +1122,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_user.py b/roles/lib_openshift/library/oc_user.py index 7bbe38819..feb69348b 100644 --- a/roles/lib_openshift/library/oc_user.py +++ b/roles/lib_openshift/library/oc_user.py @@ -1164,7 +1164,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_version.py b/roles/lib_openshift/library/oc_version.py index 63adbd6ac..0f024c048 100644 --- a/roles/lib_openshift/library/oc_version.py +++ b/roles/lib_openshift/library/oc_version.py @@ -1076,7 +1076,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/library/oc_volume.py b/roles/lib_openshift/library/oc_volume.py index 3c07f8d4b..6f409f979 100644 --- a/roles/lib_openshift/library/oc_volume.py +++ b/roles/lib_openshift/library/oc_volume.py @@ -1153,7 +1153,7 @@ class Utils(object): # pragma: no cover ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/lib_openshift/src/lib/base.py b/roles/lib_openshift/src/lib/base.py index 1fb32164e..9a4ce3509 100644 --- a/roles/lib_openshift/src/lib/base.py +++ b/roles/lib_openshift/src/lib/base.py @@ -314,7 +314,7 @@ class Utils(object): ''' Actually write the file contents to disk. This helps with mocking. ''' with open(filename, 'w') as sfd: - sfd.write(contents) + sfd.write(str(contents)) @staticmethod def create_tmp_file_from_contents(rname, data, ftype='yaml'): diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml index 7b55dda56..c0411d641 100644 --- a/roles/nuage_master/handlers/main.yaml +++ b/roles/nuage_master/handlers/main.yaml @@ -1,9 +1,7 @@ --- - name: restart master api systemd: name={{ openshift_service_type }}-master-api state=restarted - when: > - (openshift_master_ha | bool) and - (not master_api_service_status_changed | default(false)) + when: (not master_api_service_status_changed | default(false)) # TODO: need to fix up ignore_errors here # We retry the controllers because the API may not be 100% initialized yet. @@ -13,7 +11,5 @@ delay: 5 register: result until: result.rc == 0 - when: > - (openshift_master_ha | bool) and - (not master_controllers_service_status_changed | default(false)) + when: (not master_controllers_service_status_changed | default(false)) ignore_errors: yes diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml index 178e0849c..c8d385db5 100644 --- a/roles/openshift_aws/defaults/main.yml +++ b/roles/openshift_aws/defaults/main.yml @@ -44,6 +44,8 @@ openshift_aws_s3_bucket_name: "{{ openshift_aws_clusterid }}-docker-registry" openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}" +openshift_aws_elb_cert_arn: '' + openshift_aws_elb_dict: master: external: @@ -65,7 +67,7 @@ openshift_aws_elb_dict: load_balancer_port: "{{ openshift_master_api_port | default(8443) }}" instance_protocol: ssl instance_port: "{{ openshift_master_api_port | default(8443) }}" - ssl_certificate_id: '' + ssl_certificate_id: "{{ openshift_aws_elb_cert_arn }}" name: "{{ openshift_aws_elb_basename }}-master-external" tags: "{{ openshift_aws_kube_tags }}" internal: diff --git a/roles/openshift_default_storage_class/defaults/main.yml b/roles/openshift_default_storage_class/defaults/main.yml index 014c06641..687d60171 100644 --- a/roles/openshift_default_storage_class/defaults/main.yml +++ b/roles/openshift_default_storage_class/defaults/main.yml @@ -1,4 +1,7 @@ --- +# Must not be blank if you're using vsphere +openshift_cloudprovider_vsphere_datacenter: '' + openshift_storageclass_defaults: aws: provisioner: aws-ebs @@ -19,6 +22,12 @@ openshift_storageclass_defaults: parameters: fstype: xfs + vsphere: + provisioner: vsphere-volume + name: standard + parameters: + datastore: "{{ openshift_cloudprovider_vsphere_datacenter }}" + openshift_storageclass_default: "true" openshift_storageclass_name: "{{ openshift_storageclass_defaults[openshift_cloudprovider_kind]['name'] }}" openshift_storageclass_provisioner: "{{ openshift_storageclass_defaults[openshift_cloudprovider_kind]['provisioner'] }}" diff --git a/roles/openshift_logging/tasks/delete_logging.yaml b/roles/openshift_logging/tasks/delete_logging.yaml index ced7397b5..6be47b1f8 100644 --- a/roles/openshift_logging/tasks/delete_logging.yaml +++ b/roles/openshift_logging/tasks/delete_logging.yaml @@ -140,4 +140,6 @@ console_config_edits: - key: clusterInfo#loggingPublicURL value: "" - when: openshift_web_console_install | default(true) | bool + when: + - openshift_web_console_install | default(true) | bool + - openshift.common.version_gte_3_9 diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 1b4bdb11f..c905502ac 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -335,4 +335,6 @@ console_config_edits: - key: clusterInfo#loggingPublicURL value: "https://{{ openshift_logging_kibana_hostname }}" - when: openshift_web_console_install | default(true) | bool + when: + - openshift_web_console_install | default(true) | bool + - openshift.common.version_gte_3_9 diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index ff5ad1045..b731d93a0 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -137,6 +137,16 @@ - "prometheus_out.stderr | length > 0" - "'already exists' not in prometheus_out.stderr" +- set_fact: + _logging_metrics_proxy_passwd: "{{ 16 | lib_utils_oo_random_word | b64encode }}" + +- template: + src: passwd.j2 + dest: "{{mktemp.stdout}}/passwd.yml" + vars: + logging_user_name: "{{ openshift_logging_elasticsearch_prometheus_sa }}" + logging_user_passwd: "{{ _logging_metrics_proxy_passwd }}" + # View role and binding - name: Generate logging-elasticsearch-view-role template: @@ -255,6 +265,8 @@ path: "{{ generated_certs_dir }}/ca.crt" - name: admin.jks path: "{{ generated_certs_dir }}/system.admin.jks" + - name: passwd.yml + path: "{{mktemp.stdout}}/passwd.yml" # services - name: Set logging-{{ es_component }}-cluster service @@ -391,6 +403,7 @@ es_container_security_context: "{{ _es_containers.elasticsearch.securityContext if _es_containers is defined and 'elasticsearch' in _es_containers and 'securityContext' in _es_containers.elasticsearch else None }}" deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}" es_replicas: 1 + basic_auth_passwd: "{{ _logging_metrics_proxy_passwd | b64decode }}" - name: Set ES dc oc_obj: diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index 4b189f255..b1d6a4489 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -51,6 +51,7 @@ spec: - -client-id={{openshift_logging_elasticsearch_prometheus_sa}} - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - -cookie-secret={{ 16 | lib_utils_oo_random_word | b64encode }} + - -basic-auth-password={{ basic_auth_passwd }} - -upstream=https://localhost:9200 - '-openshift-sar={"namespace": "{{ openshift_logging_elasticsearch_namespace}}", "verb": "view", "resource": "prometheus", "group": "metrics.openshift.io"}' - '-openshift-delegate-urls={"/": {"resource": "prometheus", "verb": "view", "group": "metrics.openshift.io", "namespace": "{{ openshift_logging_elasticsearch_namespace}}"}}' diff --git a/roles/openshift_logging_elasticsearch/templates/passwd.j2 b/roles/openshift_logging_elasticsearch/templates/passwd.j2 new file mode 100644 index 000000000..a22151eef --- /dev/null +++ b/roles/openshift_logging_elasticsearch/templates/passwd.j2 @@ -0,0 +1,2 @@ +"{{logging_user_name}}": + passwd: "{{logging_user_passwd}}" diff --git a/roles/openshift_manage_node/defaults/main.yml b/roles/openshift_manage_node/defaults/main.yml index 00e04b9f2..b7a89a723 100644 --- a/roles/openshift_manage_node/defaults/main.yml +++ b/roles/openshift_manage_node/defaults/main.yml @@ -1,9 +1,5 @@ --- # openshift_manage_node_is_master is set at the play level. openshift_manage_node_is_master: False - -# Default is to be schedulable except for master nodes. -l_openshift_manage_schedulable: "{{ openshift_schedulable | default(not openshift_manage_node_is_master) }}" - openshift_master_node_labels: node-role.kubernetes.io/master: 'true' diff --git a/roles/openshift_manage_node/tasks/config.yml b/roles/openshift_manage_node/tasks/config.yml index 4f00351b5..e5753d185 100644 --- a/roles/openshift_manage_node/tasks/config.yml +++ b/roles/openshift_manage_node/tasks/config.yml @@ -2,7 +2,7 @@ - name: Set node schedulability oc_adm_manage_node: node: "{{ openshift.node.nodename | lower }}" - schedulable: "{{ 'true' if l_openshift_manage_schedulable | bool else 'false' }}" + schedulable: "{{ 'true' if openshift_schedulable | default(true) | bool else 'false' }}" retries: 10 delay: 5 register: node_schedulable @@ -23,5 +23,5 @@ delegate_to: "{{ openshift_master_host }}" vars: l_node_labels: "{{ openshift_node_labels | default({}) }}" - l_master_labels: "{{ ('oo_masters_to_config' in group_names) | ternary(openshift_master_node_labels, {}) }}" + l_master_labels: "{{ openshift_manage_node_is_master | ternary(openshift_master_node_labels, {}) }}" l_all_labels: "{{ l_node_labels | combine(l_master_labels) }}" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index b12a6b346..680e4a4ff 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -137,17 +137,8 @@ - item.clientCA | default('') != '' with_items: "{{ openshift.master.identity_providers }}" -# This is an ugly hack to verify settings are in a file without modifying them with lineinfile. -# The template file will stomp any other settings made. -- block: - - name: check whether our docker-registry setting exists in the env file - command: "awk '/^OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000/' /etc/sysconfig/{{ openshift_service_type }}-master" - failed_when: false - changed_when: false - register: l_already_set - - - set_fact: - openshift_push_via_dns: "{{ openshift.common.version_gte_3_6 or (l_already_set.stdout is defined and l_already_set.stdout is match('OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000')) }}" +- name: Include push_via_dns.yml + include_tasks: push_via_dns.yml - name: Set fact of all etcd host IPs openshift_facts: @@ -227,7 +218,7 @@ - pause: seconds: 15 when: - - openshift.master.ha | bool + - openshift_master_ha | bool - name: Start and enable master api all masters systemd: diff --git a/roles/openshift_master/tasks/push_via_dns.yml b/roles/openshift_master/tasks/push_via_dns.yml new file mode 100644 index 000000000..c5876130a --- /dev/null +++ b/roles/openshift_master/tasks/push_via_dns.yml @@ -0,0 +1,13 @@ +--- +# This is an ugly hack to verify settings are in a file without modifying them with lineinfile. +# The template file will stomp any other settings made. +- when: openshift_push_via_dns is not defined + block: + - name: check whether our docker-registry setting exists in the env file + shell: "awk '/^OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000/' /etc/sysconfig/{{ openshift_service_type }}-master*" + failed_when: false + changed_when: false + register: l_already_set + + - set_fact: + openshift_push_via_dns: "{{ openshift.common.version_gte_3_6 or (l_already_set.stdout is defined and l_already_set.stdout is match('OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000')) }}" diff --git a/roles/openshift_master/tasks/restart.yml b/roles/openshift_master/tasks/restart.yml index 715347101..f7697067a 100644 --- a/roles/openshift_master/tasks/restart.yml +++ b/roles/openshift_master/tasks/restart.yml @@ -3,7 +3,6 @@ service: name: "{{ openshift_service_type }}-master-api" state: restarted - when: openshift_master_ha | bool - name: Wait for master API to come back online wait_for: host: "{{ openshift.common.hostname }}" @@ -11,12 +10,10 @@ delay: 10 port: "{{ openshift.master.api_port }}" timeout: 600 - when: openshift_master_ha | bool -- name: Restart master controllers - service: - name: "{{ openshift_service_type }}-master-controllers" - state: restarted - # Ignore errrors since it is possible that type != simple for - # pre-3.1.1 installations. - ignore_errors: true - when: openshift_master_ha | bool +# We retry the controllers because the API may not be 100% initialized yet. +- name: restart master controllers + command: "systemctl restart {{ openshift_service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index 870ab7c57..aeff64983 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -1,6 +1,8 @@ --- # systemd_units.yml is included both in the openshift_master role and in the upgrade # playbooks. +- name: include push_via_dns.yml tasks + include_tasks: push_via_dns.yml - name: Set HA Service Info for containerized installs set_fact: @@ -9,7 +11,8 @@ when: - openshift_is_containerized | bool -- include_tasks: registry_auth.yml +- name: include registry_auth tasks + include_tasks: registry_auth.yml - name: Disable the legacy master service if it exists systemd: diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml index 6b6c21d71..f05c8968d 100644 --- a/roles/openshift_metrics/tasks/install_metrics.yaml +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -79,7 +79,9 @@ console_config_edits: - key: clusterInfo#metricsPublicURL value: "https://{{ openshift_metrics_hawkular_hostname}}/hawkular/metrics" - when: openshift_web_console_install | default(true) | bool + when: + - openshift_web_console_install | default(true) | bool + - openshift.common.version_gte_3_9 - command: > {{openshift_client_binary}} diff --git a/roles/openshift_metrics/tasks/uninstall_metrics.yaml b/roles/openshift_metrics/tasks/uninstall_metrics.yaml index 1664e9975..ed849916d 100644 --- a/roles/openshift_metrics/tasks/uninstall_metrics.yaml +++ b/roles/openshift_metrics/tasks/uninstall_metrics.yaml @@ -28,4 +28,6 @@ console_config_edits: - key: clusterInfo#metricsPublicURL value: "" - when: openshift_web_console_install | default(true) | bool + when: + - openshift_web_console_install | default(true) | bool + - openshift.common.version_gte_3_9 diff --git a/roles/openshift_sanitize_inventory/tasks/main.yml b/roles/openshift_sanitize_inventory/tasks/main.yml index 62d460272..08dfd8284 100644 --- a/roles/openshift_sanitize_inventory/tasks/main.yml +++ b/roles/openshift_sanitize_inventory/tasks/main.yml @@ -61,3 +61,17 @@ when: - template_service_broker_remove | default(false) | bool - template_service_broker_install | default(true) | bool + +- name: Ensure that all requires vsphere configuration variables are set + fail: + msg: > + When the vSphere cloud provider is configured you must define all of these variables: + openshift_cloudprovider_vsphere_username, openshift_cloudprovider_vsphere_password, + openshift_cloudprovider_vsphere_host, openshift_cloudprovider_vsphere_datacenter, + openshift_cloudprovider_vsphere_datastore + when: + - openshift_cloudprovider_kind is defined + - openshift_cloudprovider_kind == 'vsphere' + - ( openshift_cloudprovider_vsphere_username is undefined or openshift_cloudprovider_vsphere_password is undefined or + openshift_cloudprovider_vsphere_host is undefined or openshift_cloudprovider_vsphere_datacenter is undefined or + openshift_cloudprovider_vsphere_datastore is undefined ) |