diff options
Diffstat (limited to 'roles')
16 files changed, 62 insertions, 26 deletions
diff --git a/roles/etcd_common/defaults/main.yml b/roles/etcd_common/defaults/main.yml index 8cc7a9c20..b5b38c1e1 100644 --- a/roles/etcd_common/defaults/main.yml +++ b/roles/etcd_common/defaults/main.yml @@ -52,7 +52,7 @@ etcd_is_containerized: False etcd_is_thirdparty: False # etcd dir vars -etcd_data_dir: "{{ '/var/lib/origin/openshift.local.etcd' if r_etcd_common_embedded_etcd | bool else '/var/lib/etcd/' }}" +etcd_data_dir: "{{ '/var/lib/origin/openshift.local.etcd' if r_etcd_common_embedded_etcd | bool else '/var/lib/etcd/' if openshift.common.etcd_runtime != 'runc' else '/var/lib/etcd/etcd.etcd/' }}" # etcd ports and protocols etcd_client_port: 2379 diff --git a/roles/lib_openshift/library/oc_atomic_container.py b/roles/lib_openshift/library/oc_atomic_container.py index 1e017a576..91c0d752f 100644 --- a/roles/lib_openshift/library/oc_atomic_container.py +++ b/roles/lib_openshift/library/oc_atomic_container.py @@ -65,8 +65,11 @@ options: # -*- -*- -*- Begin included fragment: ansible/oc_atomic_container.py -*- -*- -*- -# pylint: disable=wrong-import-position,too-many-branches,invalid-name +# pylint: disable=wrong-import-position,too-many-branches,invalid-name,no-name-in-module, import-error import json + +from distutils.version import StrictVersion + from ansible.module_utils.basic import AnsibleModule @@ -191,9 +194,15 @@ def main(): ) # Verify that the platform supports atomic command - rc, _, err = module.run_command('atomic -v', check_rc=False) + rc, version_out, err = module.run_command('atomic -v', check_rc=False) if rc != 0: module.fail_json(msg="Error in running atomic command", err=err) + # This module requires atomic version 1.17.2 or later + atomic_version = StrictVersion(version_out.replace('\n', '')) + if atomic_version < StrictVersion('1.17.2'): + module.fail_json( + msg="atomic version 1.17.2+ is required", + err=str(atomic_version)) try: core(module) diff --git a/roles/lib_openshift/src/ansible/oc_atomic_container.py b/roles/lib_openshift/src/ansible/oc_atomic_container.py index 1a5ab6869..16848e9c6 100644 --- a/roles/lib_openshift/src/ansible/oc_atomic_container.py +++ b/roles/lib_openshift/src/ansible/oc_atomic_container.py @@ -1,8 +1,11 @@ # pylint: skip-file # flake8: noqa -# pylint: disable=wrong-import-position,too-many-branches,invalid-name +# pylint: disable=wrong-import-position,too-many-branches,invalid-name,no-name-in-module, import-error import json + +from distutils.version import StrictVersion + from ansible.module_utils.basic import AnsibleModule @@ -127,9 +130,15 @@ def main(): ) # Verify that the platform supports atomic command - rc, _, err = module.run_command('atomic -v', check_rc=False) + rc, version_out, err = module.run_command('atomic -v', check_rc=False) if rc != 0: module.fail_json(msg="Error in running atomic command", err=err) + # This module requires atomic version 1.17.2 or later + atomic_version = StrictVersion(version_out.replace('\n', '')) + if atomic_version < StrictVersion('1.17.2'): + module.fail_json( + msg="atomic version 1.17.2+ is required", + err=str(atomic_version)) try: core(module) diff --git a/roles/openshift_facts/defaults/main.yml b/roles/openshift_facts/defaults/main.yml index 28b388560..cc4dc9365 100644 --- a/roles/openshift_facts/defaults/main.yml +++ b/roles/openshift_facts/defaults/main.yml @@ -1,2 +1,2 @@ --- -use_system_containers: false +openshift_use_system_containers: false diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index cfe092a28..0788ddfb0 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1654,6 +1654,7 @@ def set_proxy_facts(facts): common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(',')) # We always add local dns domain and ourselves no matter what common['no_proxy'].append('.' + common['dns_domain']) + common['no_proxy'].append('.svc') common['no_proxy'].append(common['hostname']) common['no_proxy'] = ','.join(sort_unique(common['no_proxy'])) facts['common'] = common diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 50ed3e964..451386bf1 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -9,10 +9,10 @@ l_is_atomic: "{{ ostree_booted.stat.exists }}" - set_fact: l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}" - l_is_openvswitch_system_container: "{{ (use_openvswitch_system_container | default(use_system_containers) | bool) }}" - l_is_node_system_container: "{{ (use_node_system_container | default(use_system_containers) | bool) }}" - l_is_master_system_container: "{{ (use_master_system_container | default(use_system_containers) | bool) }}" - l_is_etcd_system_container: "{{ (use_etcd_system_container | default(use_system_containers) | bool) }}" + l_is_openvswitch_system_container: "{{ (openshift_use_openvswitch_system_container | default(openshift_use_system_containers) | bool) }}" + l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers) | bool) }}" + l_is_master_system_container: "{{ (openshift_use_master_system_container | default(openshift_use_system_containers) | bool) }}" + l_is_etcd_system_container: "{{ (openshift_use_etcd_system_container | default(openshift_use_system_containers) | bool) }}" - set_fact: l_any_system_container: "{{ l_is_etcd_system_container or l_is_openvswitch_system_container or l_is_node_system_container or l_is_master_system_container }}" - set_fact: diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py index 60aacf715..26bf4c09b 100644 --- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py +++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py @@ -169,7 +169,7 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): registries = [registry] for registry in registries: - args = {"_raw_params": "skopeo inspect docker://{}/{}".format(registry, image)} + args = {"_raw_params": "skopeo inspect --tls-verify=false docker://{}/{}".format(registry, image)} result = self.execute_module("command", args, task_vars=task_vars) if result.get("rc", 0) == 0 and not result.get("failed"): return True diff --git a/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 b/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 index 409e564c2..141967c33 100644 --- a/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 @@ -14,6 +14,7 @@ index: flush_threshold_period: 5m node: + name: ${DC_NAME} master: ${IS_MASTER} data: ${HAS_DATA} max_local_storage_nodes: 1 @@ -61,7 +62,7 @@ path: searchguard: authcz.admin_dn: - CN=system.admin,OU=OpenShift,O=Logging - config_index_name: ".searchguard.${HOSTNAME}" + config_index_name: ".searchguard.${DC_NAME}" ssl: transport: enabled: true diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index bd2289f0d..844dbc8c2 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -58,6 +58,9 @@ spec: name: "cluster" env: - + name: "DC_NAME" + value: "{{deploy_name}}" + - name: "NAMESPACE" valueFrom: fieldRef: diff --git a/roles/openshift_master/README.md b/roles/openshift_master/README.md index e5362105c..fbf69c270 100644 --- a/roles/openshift_master/README.md +++ b/roles/openshift_master/README.md @@ -15,18 +15,19 @@ Role Variables From this role: -| Name | Default value | | -|-------------------------------------|-----------------------|-------------------------------------------------------------------------------| -| openshift_master_debug_level | openshift_debug_level | Verbosity of the debug logs for master | -| openshift_node_ips | [] | List of the openshift node ip addresses to pre-register when master starts up | -| oreg_url | UNDEF | Default docker registry to use | -| oreg_url_master | UNDEF | Default docker registry to use, specifically on the master | -| openshift_master_api_port | UNDEF | | -| openshift_master_console_port | UNDEF | | -| openshift_master_api_url | UNDEF | | -| openshift_master_console_url | UNDEF | | -| openshift_master_public_api_url | UNDEF | | -| openshift_master_public_console_url | UNDEF | | +| Name | Default value | | +|---------------------------------------------------|-----------------------|-------------------------------------------------------------------------------| +| openshift_master_debug_level | openshift_debug_level | Verbosity of the debug logs for master | +| openshift_node_ips | [] | List of the openshift node ip addresses to pre-register when master starts up | +| oreg_url | UNDEF | Default docker registry to use | +| oreg_url_master | UNDEF | Default docker registry to use, specifically on the master | +| openshift_master_api_port | UNDEF | | +| openshift_master_console_port | UNDEF | | +| openshift_master_api_url | UNDEF | | +| openshift_master_console_url | UNDEF | | +| openshift_master_public_api_url | UNDEF | | +| openshift_master_public_console_url | UNDEF | | +| openshift_master_saconfig_limit_secret_references | false | | From openshift_common: diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index aed5598c0..86532cd0a 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -128,6 +128,9 @@ when: openshift.master.request_header_ca is defined and item.kind == 'RequestHeaderIdentityProvider' and item.clientCA | default('') != '' with_items: "{{ openshift.master.identity_providers }}" +- set_fact: + openshift_push_via_dns: "{{ openshift_use_dnsmasq | default(true) and openshift.common.version_gte_3_6 and r_openshift_master_clean_install }}" + - name: Install the systemd units include: systemd_units.yml diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 6e2439fd9..850fae0e4 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -1,5 +1,8 @@ OPTIONS=--loglevel={{ openshift.master.debug_level | default(2) }} CONFIG_FILE={{ openshift_master_config_file }} +{% if openshift_push_via_dns | default(false) %} +OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000 +{% endif %} {% if openshift.common.is_containerized | bool %} IMAGE_VERSION={{ openshift_image_tag }} {% endif %} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 6c26e5092..af3ebc6d2 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -235,7 +235,7 @@ projectConfig: routingConfig: subdomain: "{{ openshift_master_default_subdomain | default("") }}" serviceAccountConfig: - limitSecretReferences: false + limitSecretReferences: {{ openshift_master_saconfig_limitsecretreferences | default(false) }} managedNames: - default - builder diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml index ba50566e9..c34936930 100644 --- a/roles/openshift_metrics/defaults/main.yaml +++ b/roles/openshift_metrics/defaults/main.yaml @@ -16,7 +16,7 @@ openshift_metrics_hawkular_nodeselector: "" openshift_metrics_cassandra_replicas: 1 openshift_metrics_cassandra_storage_type: "{{ openshift_hosted_metrics_storage_kind | default('emptydir') }}" openshift_metrics_cassandra_pvc_size: "{{ openshift_hosted_metrics_storage_volume_size | default('10Gi') }}" -openshift_metrics_cassandra_pv_selector: "{{ openshift_hosted_metrics_storage_labels | default(null) }}" +openshift_metrics_cassandra_pv_selector: "{{ openshift_hosted_metrics_storage_labels | default('') }}" openshift_metrics_cassandra_limits_memory: 2G openshift_metrics_cassandra_limits_cpu: null openshift_metrics_cassandra_requests_memory: 1G diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index 24798d3d2..c68073a10 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -96,6 +96,9 @@ EOF if ! grep -q '99-origin-dns.sh' ${NEW_RESOLV_CONF}; then echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF} fi + if ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then + sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF} + fi cp -Z ${NEW_RESOLV_CONF} /etc/resolv.conf fi fi diff --git a/roles/openshift_node_upgrade/tasks/main.yml b/roles/openshift_node_upgrade/tasks/main.yml index d44839d69..8eaa68cc9 100644 --- a/roles/openshift_node_upgrade/tasks/main.yml +++ b/roles/openshift_node_upgrade/tasks/main.yml @@ -147,3 +147,6 @@ # Give the node two minutes to come back online. retries: 24 delay: 5 + +- include_role: + name: openshift_node_dnsmasq |