From fe9484a40c80de7ef93319dd842ce77b5b1eeef9 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 2 Dec 2015 13:06:55 -0500 Subject: Improve 3.1/1.1 upgrade check --- .../openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 00ebf4ce6..99008446d 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -27,6 +27,7 @@ hosts: oo_first_master vars: openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" + target_version: "{{ '1.1' if deployment_type == 'origin' else '3.1' }}" gather_facts: no tasks: # Pacemaker is currently the only supported upgrade path for multiple masters @@ -43,8 +44,8 @@ - fail: msg: > openshift_pkg_version is {{ openshift_pkg_version }} which is not a - valid version for a 3.1 upgrade - when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare('3.0.2.900','<') + valid version for a {{ target_version }} upgrade + when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(target_version ,'<') # If this script errors out ansible will show the default stdout/stderr # which contains details for the user: @@ -53,6 +54,8 @@ - name: Verify upgrade can proceed hosts: oo_masters_to_config:oo_nodes_to_config + vars: + target_version: "{{ '1.1' if deployment_type == 'origin' else '3.1' }}" tasks: - name: Clean yum cache command: yum clean all @@ -75,8 +78,8 @@ when: deployment_type == 'origin' and g_aos_versions.curr_version | version_compare('1.0.6','<') - fail: - msg: Atomic OpenShift 3.1 packages not found - when: g_aos_versions.curr_version | version_compare('3.0.2.900','<') and (g_aos_versions.avail_version is none or g_aos_versions.avail_version | version_compare('3.0.2.900','<')) + msg: Upgrade packages not found + when: (g_aos_versions.avail_version | default(g_aos_versions.curr_version, true) | version_compare(target_version, '<')) - set_fact: pre_upgrade_complete: True -- cgit v1.2.3 From a0b6fc7db1be2cf6190d982f90e96f4c39a4c699 Mon Sep 17 00:00:00 2001 From: Tobias Florek Date: Wed, 23 Sep 2015 13:51:41 +0200 Subject: Initial containerization work from @ibotty copied from https://github.com/eparis/kubernetes-ansible/blob/17f98edd7ff53e649b43e26822b8fbc0be42b233/roles/common/tasks/main.yml --- .../update_repos_and_packages.yml | 2 +- playbooks/common/openshift-etcd/config.yml | 2 +- playbooks/common/openshift-master/config.yml | 1 + playbooks/common/openshift-node/config.yml | 1 + roles/docker/tasks/main.yml | 2 +- roles/etcd/tasks/main.yml | 2 +- roles/fluentd_master/tasks/main.yml | 4 ++++ roles/fluentd_node/tasks/main.yml | 4 ++++ roles/kube_nfs_volumes/tasks/main.yml | 4 ++++ roles/openshift_examples/defaults/main.yml | 2 +- roles/openshift_expand_partition/tasks/main.yml | 9 +++++++- roles/openshift_facts/library/openshift_facts.py | 26 ++++++++++++++++++++- roles/openshift_facts/tasks/main.yml | 14 +++++++++++ roles/openshift_master/tasks/main.yml | 27 +++++++++++++++++++++- .../templates/openshift.docker.master.service | 11 +++++++++ roles/openshift_master/vars/main.yml | 2 ++ roles/openshift_master_ca/tasks/main.yml | 2 ++ roles/openshift_master_ca/vars/main.yml | 3 +++ roles/openshift_master_cluster/tasks/main.yml | 4 ++++ roles/openshift_node/tasks/main.yml | 8 ++++++- .../templates/openshift.docker.node.service | 11 +++++++++ roles/openshift_node/vars/main.yml | 3 +++ roles/openshift_node_certificates/tasks/main.yml | 8 +++---- roles/openshift_repos/tasks/main.yaml | 10 +++++--- roles/openshift_serviceaccounts/tasks/main.yml | 17 ++++++++++---- roles/openshift_storage_nfs_lvm/tasks/nfs.yml | 1 + roles/os_env_extras/tasks/main.yaml | 3 ++- roles/os_firewall/tasks/firewall/iptables.yml | 1 + roles/os_update_latest/tasks/main.yml | 7 +++++- roles/os_zabbix/tasks/main.yml | 4 ++++ roles/yum_repos/tasks/main.yml | 1 + 31 files changed, 173 insertions(+), 23 deletions(-) create mode 100644 roles/openshift_master/templates/openshift.docker.master.service create mode 100644 roles/openshift_node/templates/openshift.docker.node.service diff --git a/playbooks/common/openshift-cluster/update_repos_and_packages.yml b/playbooks/common/openshift-cluster/update_repos_and_packages.yml index 190e2d862..6e4ad7d3f 100644 --- a/playbooks/common/openshift-cluster/update_repos_and_packages.yml +++ b/playbooks/common/openshift-cluster/update_repos_and_packages.yml @@ -8,5 +8,5 @@ ansible_distribution == "RedHat" and lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | default('no', True) | lower in ['no', 'false'] - - openshift_repos + - {role: openshift_repos, when: not is_atomic} - os_update_latest diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 6dee196e3..a0dd330e7 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -87,7 +87,7 @@ when: etcd_server_certs_missing roles: - etcd - - role: nickhammond.logrotate + - { role: nickhammond.logrotate, when: not is_atomic } - name: Delete temporary directory on localhost hosts: localhost diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index dd638487a..453adb4ff 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -328,6 +328,7 @@ roles: - openshift_master - role: nickhammond.logrotate + when: not is_atomic - role: fluentd_master when: openshift.common.use_fluentd | bool post_tasks: diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 69ccb0cb8..6eee75064 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -181,6 +181,7 @@ - role: flannel when: openshift.common.use_flannel | bool - role: nickhammond.logrotate + when: not is_atomic - role: fluentd_node when: openshift.common.use_fluentd | bool tasks: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index e94ebe3e1..7939221a1 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for docker - name: Install docker - action: "{{ ansible_pkg_mgr }} name=docker state=present" + action: "{{ ansible_pkg_mgr }} name=docker state=present" and not is_atomic - name: enable and start the docker service service: name=docker enabled=yes state=started diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 61892fe06..d661ce437 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -8,7 +8,7 @@ when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4" - name: Install etcd - action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present" + action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present" and not is_atomic - name: Validate permissions on the config dir file: diff --git a/roles/fluentd_master/tasks/main.yml b/roles/fluentd_master/tasks/main.yml index 65c67fe8d..ddfa39284 100644 --- a/roles/fluentd_master/tasks/main.yml +++ b/roles/fluentd_master/tasks/main.yml @@ -1,4 +1,8 @@ --- +- fail: + msg: "fluentd master is not yet supported on atomic hosts" + when: is_atomic + # TODO: Update fluentd install and configuration when packaging is complete - name: download and install td-agent action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present" diff --git a/roles/fluentd_node/tasks/main.yml b/roles/fluentd_node/tasks/main.yml index 85488b55e..4a29d1270 100644 --- a/roles/fluentd_node/tasks/main.yml +++ b/roles/fluentd_node/tasks/main.yml @@ -1,4 +1,8 @@ --- +- fail: + msg: "fluentd node is not yet supported on atomic hosts" + when: is_atomic + # TODO: Update fluentd install and configuration when packaging is complete - name: download and install td-agent action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present" diff --git a/roles/kube_nfs_volumes/tasks/main.yml b/roles/kube_nfs_volumes/tasks/main.yml index 2cc35844c..85338cd84 100644 --- a/roles/kube_nfs_volumes/tasks/main.yml +++ b/roles/kube_nfs_volumes/tasks/main.yml @@ -1,4 +1,8 @@ --- +- fail: + msg: "That playbook is not yet supported on atomic hosts" + when: is_atomic + - name: Install pyparted (RedHat/Fedora) action: "{{ ansible_pkg_mgr }} name=pyparted,python-httplib2 state=present" diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index 0bc5d7750..ae642fae1 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -8,7 +8,7 @@ openshift_examples_load_quickstarts: true content_version: "{{ 'v1.1' if openshift.common.version_greater_than_3_1_or_1_1 else 'v1.0' }}" -examples_base: "/usr/share/openshift/examples" +examples_base: "{% if is_atomic %}{{ openshift.common.config_base }}{% else %}/usr/share/openshift{% endif %}/examples" image_streams_base: "{{ examples_base }}/image-streams" centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" rhel_image_streams: "{{ image_streams_base}}/image-streams-rhel7.json" diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml index 84d859553..b74d635d5 100644 --- a/roles/openshift_expand_partition/tasks/main.yml +++ b/roles/openshift_expand_partition/tasks/main.yml @@ -1,6 +1,13 @@ --- - name: Ensure growpart is installed - action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present" + action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present" and not is_atomic + +- name: Determine if growpart is installed + command: "rpm -q cloud-utils-growpart" + register: has_growpart + failed_when: "has_growpart.cr != 0 and 'package cloud-utils-growpart is not installed' not in has_growpart.stdout" + changed_when: false + when: is_atomic - name: Grow the partitions command: "growpart {{oep_drive}} {{oep_partition}}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index e557853b1..4278111c2 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -710,7 +710,8 @@ def set_sdn_facts_if_unset(facts, system_facts): if 'common' in facts: use_sdn = facts['common']['use_openshift_sdn'] if not (use_sdn == '' or isinstance(use_sdn, bool)): - facts['common']['use_openshift_sdn'] = bool(strtobool(str(use_sdn))) + use_sdn = bool(strtobool(str(use_sdn))) + facts['common']['use_openshift_sdn'] = use_sdn if 'sdn_network_plugin_name' not in facts['common']: plugin = 'redhat/openshift-ovs-subnet' if use_sdn else '' facts['common']['sdn_network_plugin_name'] = plugin @@ -1031,6 +1032,7 @@ class OpenShiftFacts(object): facts = set_version_facts_if_unset(facts) facts = set_aggregate_facts(facts) facts = set_etcd_facts_if_unset(facts) + facts = self.init_in_docker_facts(facts) return dict(openshift=facts) def get_defaults(self, roles): @@ -1197,6 +1199,28 @@ class OpenShiftFacts(object): self.changed = changed return new_local_facts + def init_in_docker_facts(self, facts): + facts['is_atomic'] = os.path.isfile('/run/ostree-booted') + + docker = dict() + docker['image_name'] = 'openshift/origin' + # TODO: figure out right way to set the version + docker['image_version'] = 'latest' + docker['image'] = "%s:%s" % (docker['image_name'], docker['image_version']) + + # shared /tmp/openshift vol is for file exchange with ansible + # --privileged is required to read the config dir + # --net host to access openshift from the container + # maybe -v /var/run/docker.sock:/var/run/docker.sock is required as well + docker['runner'] = "docker run --rm --privileged --net host -v /tmp/openshift:/tmp/openshift -v {datadir}:{datadir} -v {confdir}:{confdir} -e KUBECONFIG={confdir}/master/admin.kubeconfig {image}".format(confdir=facts['common']['config_base'], datadir=facts['common']['data_dir'], image=docker['image']) + + if facts['is_atomic']: + facts['common']['client_binary'] = '%s cli' % docker['runner'] + facts['common']['admin_binary'] = '%s admin' % docker['runner'] + + facts['docker'] = docker + return facts + def main(): """ main """ diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 832f7ad84..e98b7c591 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -6,6 +6,20 @@ - ansible_version | version_compare('1.9.0', 'ne') - ansible_version | version_compare('1.9.0.1', 'ne') +- name: Determine if Atomic + stat: path=/run/ostree-booted + register: s + changed_when: false + +- name: Init the is_atomic fact + set_fact: + is_atomic: false + +- name: Set the is_atomic fact + set_fact: + is_atomic: true + when: s.stat.exists + - name: Ensure PyYaml is installed action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 43647cc49..6844a16cc 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -21,6 +21,10 @@ msg: "openshift_master_cluster_password must be set for multi-master installations" when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password) +- fail: + msg: "openshift_master_ha is not yet supported on atomic hosts" + when: openshift_master_ha | bool and is_atomic + - name: Set master facts openshift_facts: role: master @@ -79,6 +83,25 @@ - name: Install Master package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version }} state=present" + when: not is_atomic + +# TODO: enable when ansible#1993 lands and is widespread enough +# - name: Docker image present +# docker: +# image: "{{ openshift.common.docker.image }}" +# state: image_present +# when: is_atomic + +- name: Install Master docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" + src: openshift.docker.master.service + register: install_result + when: is_atomic + +- name: Reload systemd units + command: systemctl daemon-reload + when: is_atomic and install_result | changed - name: Re-gather package dependent master facts openshift_facts: @@ -113,6 +136,7 @@ action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present" when: (item.kind == 'HTPasswdPasswordIdentityProvider') with_items: openshift.master.identity_providers + when: not is_atomic - name: Ensure htpasswd directory exists file: @@ -251,7 +275,7 @@ - name: Install cluster packages action: "{{ ansible_pkg_mgr }} name=pcs state=present" - when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' + when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' and not is_atomic register: install_result - name: Start and enable cluster service @@ -283,6 +307,7 @@ command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config args: creates: ~{{ item }}/.kube/config + when: not is_atomic with_items: - root - "{{ ansible_ssh_user }}" diff --git a/roles/openshift_master/templates/openshift.docker.master.service b/roles/openshift_master/templates/openshift.docker.master.service new file mode 100644 index 000000000..9e436f8eb --- /dev/null +++ b/roles/openshift_master/templates/openshift.docker.master.service @@ -0,0 +1,11 @@ +[Unit] +After=docker.service +Require=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start master --config=${CONFIG_FILE} ${OPTIONS} +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master + +[Install] +WantedBy=multi-user.target diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index 534465451..875d61a3b 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -5,6 +5,8 @@ openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.js openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" openshift_version: "{{ openshift_pkg_version | default('') }}" +openshift_docker_image_name: openshift/origin +openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}" openshift_master_valid_grant_methods: - auto diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 0db95a4eb..c179ceb61 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -1,9 +1,11 @@ --- - name: Install the base package for admin tooling action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version }} state=present" + when: not is_atomic - name: Reload generated facts openshift_facts: + when: install_result | changed - name: Create openshift_master_config_dir if it doesn't exist file: diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml index b35339b18..0f1f32a34 100644 --- a/roles/openshift_master_ca/vars/main.yml +++ b/roles/openshift_master_ca/vars/main.yml @@ -4,3 +4,6 @@ openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" openshift_version: "{{ openshift_pkg_version | default('') }}" + +openshift_docker_image_name: openshift/origin +openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}" diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml index 6303a6e46..978e2920d 100644 --- a/roles/openshift_master_cluster/tasks/main.yml +++ b/roles/openshift_master_cluster/tasks/main.yml @@ -1,4 +1,8 @@ --- +- fail: + msg: "Not possible on atomic hosts for now" + when: is_atomic + - name: Test if cluster is already configured command: pcs status register: pcs_status diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 38bffc2e5..8607aa3fb 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -4,6 +4,10 @@ msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] +- fail: + msg: "This playbook does not support using SDN on atomic hosts yet" + when: openshift.common.use_openshift_sdn and is_atomic + - name: Set node facts openshift_facts: role: "{{ item.role }}" @@ -38,10 +42,11 @@ # problems because the rpms don't pin the version properly. - name: Install Node package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present" + when: not is_atomic - name: Install sdn-ovs package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present" - when: openshift.common.use_openshift_sdn + when: openshift.common.use_openshift_sdn and not is_atomic # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -57,6 +62,7 @@ dest: /etc/sysconfig/{{ openshift.common.service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" + create: true with_items: - regex: '^OPTIONS=' line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}" diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service new file mode 100644 index 000000000..e9df34940 --- /dev/null +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -0,0 +1,11 @@ +[Unit] +After=docker.service +Require=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name "{{ openshift.common.service_type }}-node" -v /:/rootfs:ro -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start node --config=${CONFIG_FILE} ${OPTIONS} +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node + +[Install] +WantedBy=multi-user.target diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml index 43dc50ca8..c57d1bcca 100644 --- a/roles/openshift_node/vars/main.yml +++ b/roles/openshift_node/vars/main.yml @@ -2,3 +2,6 @@ openshift_node_config_dir: "{{ openshift.common.config_base }}/node" openshift_node_config_file: "{{ openshift_node_config_dir }}/node-config.yaml" openshift_version: "{{ openshift_pkg_version | default('') }}" + +openshift_docker_image_name: openshift/origin +openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}" diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 57f71887b..b54811414 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -17,19 +17,19 @@ --signer-serial={{ openshift_master_ca_serial }} --user=system:node:{{ item.openshift.common.hostname }} args: - chdir: "{{ openshift_generated_configs_dir }}" creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" with_items: nodes_needing_certs - name: Generate the node server certificate command: > - {{ openshift.common.admin_binary }} create-server-cert - --cert=server.crt --key=server.key --overwrite=true + {{ openshift.common.admin_binary }} ca create-server-cert + --cert={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt + --key={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.key + --overwrite=true --hostnames={{ item.openshift.common.all_hostnames |join(",") }} --signer-cert={{ openshift_master_ca_cert }} --signer-key={{ openshift_master_ca_key }} --signer-serial={{ openshift_master_ca_serial }} args: - chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt" with_items: nodes_needing_certs diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 9faf0dfd9..6d0d1d493 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -12,19 +12,20 @@ - name: Ensure libselinux-python is installed action: "{{ ansible_pkg_mgr }} name=libselinux-python state=present" + when: not is_atomic - name: Create any additional repos that are defined template: src: yum_repo.j2 dest: /etc/yum.repos.d/openshift_additional.repo - when: openshift_additional_repos | length > 0 + when: openshift_additional_repos | length > 0 and not is_atomic notify: refresh cache - name: Remove the additional repos if no longer defined file: dest: /etc/yum.repos.d/openshift_additional.repo state: absent - when: openshift_additional_repos | length == 0 + when: openshift_additional_repos | length == 0 and not is_atomic notify: refresh cache - name: Remove any yum repo files for other deployment types RHEL/CentOS @@ -35,6 +36,7 @@ - '*/repos/*' when: not (item | search("/files/" ~ openshift_deployment_type ~ "/repos")) and (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") + and not is_atomic notify: refresh cache - name: Remove any yum repo files for other deployment types Fedora @@ -45,6 +47,7 @@ - '*/repos/*' when: not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) and (ansible_distribution == "Fedora") + and not is_atomic notify: refresh cache - name: Configure gpg keys if needed @@ -59,10 +62,11 @@ - "{{ openshift_deployment_type }}/repos/*" notify: refresh cache when: (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") + and not is_atomic - name: Configure yum repositories Fedora copy: src={{ item }} dest=/etc/yum.repos.d/ with_fileglob: - "fedora-{{ openshift_deployment_type }}/repos/*" notify: refresh cache - when: (ansible_distribution == "Fedora") + when: (ansible_distribution == "Fedora") and not is_atomic diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index e558a83a2..eb9c9b2c9 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -1,12 +1,19 @@ +- name: tmp dir for openshift + file: + path: /tmp/openshift + state: directory + owner: root + mode: 700 + - name: Create service account configs template: src: serviceaccount.j2 - dest: "/tmp/{{ item }}-serviceaccount.yaml" + dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml" with_items: accounts - name: Create {{ item }} service account command: > - {{ openshift.common.client_binary }} create -f "/tmp/{{ item }}-serviceaccount.yaml" + {{ openshift.common.client_binary }} create -f "/tmp/openshift/{{ item }}-serviceaccount.yaml" with_items: accounts register: _sa_result failed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc != 0" @@ -15,14 +22,14 @@ - name: Get current security context constraints shell: > {{ openshift.common.client_binary }} get scc privileged -o yaml - --output-version=v1 > /tmp/scc.yaml + --output-version=v1 > /tmp/openshift/scc.yaml - name: Add security context constraint for {{ item }} lineinfile: - dest: /tmp/scc.yaml + dest: /tmp/openshift/scc.yaml line: "- system:serviceaccount:default:{{ item }}" insertafter: "^users:$" with_items: accounts - name: Apply new scc rules for service accounts - command: "{{ openshift.common.client_binary }} update -f /tmp/scc.yaml --api-version=v1" + command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1" diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml index cf1ba6f25..df7c0e57d 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml @@ -1,6 +1,7 @@ --- - name: Install NFS server action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" + when: not is_atomic - name: Start rpcbind service: name=rpcbind state=started enabled=yes diff --git a/roles/os_env_extras/tasks/main.yaml b/roles/os_env_extras/tasks/main.yaml index cbf5c37f5..d52795289 100644 --- a/roles/os_env_extras/tasks/main.yaml +++ b/roles/os_env_extras/tasks/main.yaml @@ -12,4 +12,5 @@ dest: /root/.vimrc - name: Bash Completion - action: "{{ ansible_pkg_mgr }} name=bash-completion state=present" \ No newline at end of file + action: "{{ ansible_pkg_mgr }} name=bash-completion state=present" + when: not is_atomic \ No newline at end of file diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index d3a5b1fa7..01b8263d5 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -5,6 +5,7 @@ - iptables - iptables-services register: install_result + when: not is_atomic - name: Check if firewalld is installed command: rpm -q firewalld diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml index 2532059c0..3c3e80979 100644 --- a/roles/os_update_latest/tasks/main.yml +++ b/roles/os_update_latest/tasks/main.yml @@ -1,3 +1,8 @@ --- +- fail: + msg: "Update is not yet supported by this playbook on atomic hosts" + when: is_atomic + - name: Update all packages - action: "{{ ansible_pkg_mgr }} name=* state=latest" \ No newline at end of file + action: "{{ ansible_pkg_mgr }} name=* state=latest" + when: not is_atomic \ No newline at end of file diff --git a/roles/os_zabbix/tasks/main.yml b/roles/os_zabbix/tasks/main.yml index 7552086d4..bd879c25f 100644 --- a/roles/os_zabbix/tasks/main.yml +++ b/roles/os_zabbix/tasks/main.yml @@ -1,4 +1,8 @@ --- +- fail: + msg: "Zabbix config is not yet supported on atomic hosts" + when: is_atomic + - name: Main List all templates zbx_template: zbx_server: "{{ ozb_server }}" diff --git a/roles/yum_repos/tasks/main.yml b/roles/yum_repos/tasks/main.yml index a9903c6c6..252dc71d5 100644 --- a/roles/yum_repos/tasks/main.yml +++ b/roles/yum_repos/tasks/main.yml @@ -45,3 +45,4 @@ src: yumrepo.j2 dest: /etc/yum.repos.d/{{ item.id }}.repo with_items: repo_files + when: not is_atomic -- cgit v1.2.3 From 8e7c5c970b8adc83fd6d5cad115f4edb06b36d98 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 5 Oct 2015 12:53:10 -0400 Subject: Containerization work by @sdodson --- README_CONTAINERIZED_INSTALLATION.md | 101 ++++++++++++++++++++ playbooks/adhoc/uninstall.yml | 32 ++++++- playbooks/common/openshift-cluster/config.yml | 2 + .../update_repos_and_packages.yml | 3 +- playbooks/common/openshift-docker/config.yml | 8 ++ playbooks/common/openshift-docker/filter_plugins | 1 + playbooks/common/openshift-docker/lookup_plugins | 1 + playbooks/common/openshift-docker/roles | 1 + playbooks/common/openshift-etcd/config.yml | 6 +- playbooks/common/openshift-master/config.yml | 4 +- playbooks/common/openshift-node/config.yml | 2 +- roles/docker/README.md | 2 +- roles/docker/tasks/main.yml | 12 ++- roles/etcd/defaults/main.yaml | 1 + roles/etcd/handlers/main.yml | 3 +- roles/etcd/tasks/main.yml | 38 +++++++- roles/etcd/templates/etcd.conf.j2 | 22 ++--- roles/etcd/templates/etcd.docker.service | 13 +++ roles/fluentd_master/tasks/main.yml | 2 +- roles/fluentd_node/tasks/main.yml | 2 +- roles/kube_nfs_volumes/tasks/main.yml | 4 +- roles/openshift_docker/meta/main.yml | 16 ++++ roles/openshift_docker/tasks/main.yml | 27 ++++++ roles/openshift_examples/defaults/main.yml | 2 +- roles/openshift_expand_partition/tasks/main.yml | 5 +- roles/openshift_facts/library/openshift_facts.py | 70 +++++++++++--- roles/openshift_facts/tasks/main.yml | 14 --- roles/openshift_master/tasks/main.yml | 61 ++++++++---- .../atomic-openshift-master-api.docker.service.j2 | 26 ++++++ ...-openshift-master-controllers.docker.service.j2 | 25 +++++ .../templates/master.docker.service.j2 | 16 ++++ .../templates/openshift.docker.master.service | 11 --- roles/openshift_master/vars/main.yml | 2 - roles/openshift_master_ca/tasks/main.yml | 7 +- roles/openshift_master_ca/vars/main.yml | 3 - roles/openshift_master_certificates/tasks/main.yml | 2 + roles/openshift_master_cluster/tasks/main.yml | 2 +- roles/openshift_node/tasks/main.yml | 102 ++++++++------------- .../openshift_node/tasks/storage_plugins/main.yml | 5 +- .../templates/openshift.docker.node.service | 13 ++- .../templates/openvswitch.docker.service | 13 +++ roles/openshift_node/vars/main.yml | 3 - roles/openshift_repos/tasks/main.yaml | 15 +-- roles/openshift_storage_nfs_lvm/tasks/main.yml | 5 + roles/openshift_storage_nfs_lvm/tasks/nfs.yml | 2 +- roles/os_env_extras/tasks/main.yaml | 2 +- roles/os_firewall/tasks/firewall/iptables.yml | 2 +- roles/os_update_latest/tasks/main.yml | 4 +- roles/os_zabbix/tasks/main.yml | 2 +- roles/yum_repos/tasks/main.yml | 2 +- 50 files changed, 536 insertions(+), 183 deletions(-) create mode 100644 README_CONTAINERIZED_INSTALLATION.md create mode 100644 playbooks/common/openshift-docker/config.yml create mode 120000 playbooks/common/openshift-docker/filter_plugins create mode 120000 playbooks/common/openshift-docker/lookup_plugins create mode 120000 playbooks/common/openshift-docker/roles create mode 100644 roles/etcd/templates/etcd.docker.service create mode 100644 roles/openshift_docker/meta/main.yml create mode 100644 roles/openshift_docker/tasks/main.yml create mode 100644 roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 create mode 100644 roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 create mode 100644 roles/openshift_master/templates/master.docker.service.j2 delete mode 100644 roles/openshift_master/templates/openshift.docker.master.service create mode 100644 roles/openshift_node/templates/openvswitch.docker.service diff --git a/README_CONTAINERIZED_INSTALLATION.md b/README_CONTAINERIZED_INSTALLATION.md new file mode 100644 index 000000000..5f51b9507 --- /dev/null +++ b/README_CONTAINERIZED_INSTALLATION.md @@ -0,0 +1,101 @@ +# Overview + +Users may now deploy containerized versions of OpenShift Origin, OpenShift +Enterprise, or Atomic Enterprise Platform on Atomic +Host[https://projectatomic.io] or RHEL, Centos, and Fedora. This includes +OpenvSwitch based SDN. + + +## Installing on Atomic Host + +When installing on Atomic Host you will automatically have containerized +installation methods selected for you based on detection of _/run/ostree-booted_ + +## Installing on RHEL, Centos, or Fedora + +Currently the default installation method for traditional operating systems is +via RPMs. If you wish to deploy using containerized installation you may set the +ansible variable 'containerized=true' on a per host basis. This means that you +may easily deploy environments mixing containerized and RPM based installs. At +this point we suggest deploying heterogeneous environments. + +## CLI Wrappers + +When using containerized installations openshift-ansible will deploy a wrapper +script on each master located in _/usr/local/bin/openshift_ and a set of +symbolic links _/usr/local/bin/oc_, _/usr/local/bin/oadm_, and +_/usr/local/bin/kubectl_ to ease administrative tasks. The wrapper script spawns +a new container on each invocation so you may notice it's slightly slower than +native clients. + +The wrapper scripts mount a limited subset of paths, _~/.kube_, _/etc/origin/_, +and _/tmp_. Be mindful of this when passing in files to be processed by `oc` or + `oadm`. You may find it easier to redirect input like this : + + `oc create -f - < my_file.json` + +## Technical Notes + +### Requisite Images + +Based on your deployment_type the installer will make use of the following +images. Because you may make use of a private repository we've moved the +configuration of docker additional, insecure, and blocked registries to the +beginning of the installation process ensuring that these settings are applied +before attempting to pull any of the following images. + + Origin + openshift/origin + openshift/node (node + openshift-sdn + openvswitch rpm for client tools) + openshift/openvswitch (centos7 + openvswitch rpm, runs ovsdb ovsctl processes) + registry.access.redhat.com/rhel7/etcd + OpenShift Enterprise + openshift3/ose + openshift3/node + openshift3/openvswitch + registry.access.redhat.com/rhel7/etcd + Atomic Enterprise Platform + aep3/aep + aep3/node + aep3/openvswitch + registry.access.redhat.com/rhel7/etcd + + * note openshift3/* and aep3/* images come from registry.access.redhat.com and +rely on the --additional-repository flag being set appropriately. + +### Starting and Stopping Containers + +The installer will create relevant systemd units which can be used to start, +stop, and poll services via normal systemctl commands. These unit names match +those of an RPM installation with the exception of the etcd service which will +be named 'etcd_container'. This change is necessary as currently Atomic Host +ships with etcd package installed as part of Atomic Host and we will instead use +a containerized version. The installer will disable the built in etcd service. +etcd is slated to be removed from os-tree in the future. + +### File Paths + +All configuration files are placed in the same locations as RPM based +installations and will survive os-tree upgrades. + +The examples are installed into _/etc/origin/examples_ rather than +_/usr/share/openshift/examples_ because that is read-only on Atomic Host. + + +### Storage Requirements + +Atomic Host installs normally have a very small root filesystem. However the +etcd, master, and node containers will persist data in /var/lib. Please ensure +that you have enough space on the root filesystem. + +### OpenvSwitch SDN Initialization + +OpenShift SDN initialization requires that the docker bridge be reconfigured and +docker is restarted. This complicates the situation when the node is running +within a container. When using the OVS SDN you'll see the node start, +reconfigure docker, restart docker which will restart all containers, and +finally start successfully. + +The node service may fail to start and be restarted a few times because the +master services are also restarted along with docker. We currently work around +this by relying on Restart=always in the docker based systemd units. diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 9161076e5..55df78a3f 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -19,15 +19,19 @@ failed_when: false register: ostree_output + # Since we're not calling openshift_facts we'll do this for now - set_fact: is_atomic: "{{ ostree_output.rc == 0 }}" + - set_fact: + is_containerized: "{{ is_atomic or containerized | default(false) | bool }}" - name: Remove br0 interface shell: ovs-vsctl del-br br0 changed_when: False failed_when: False - - service: name={{ item }} state=stopped + - name: Stop services + service: name={{ item }} state=stopped with_items: - atomic-enterprise-master - atomic-enterprise-node @@ -46,8 +50,10 @@ - origin-master-controllers - origin-node - pcsd + failed_when: false - - action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" + - name: Remove packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=absent" when: not is_atomic | bool with_items: - atomic-enterprise @@ -132,14 +138,26 @@ with_items: - registry\.access\..*redhat\.com/openshift3 - registry\.access\..*redhat\.com/aep3 + - registry\.access\..*redhat\.com/rhel7/etcd - docker.io/openshift - shell: "docker rmi -f {{ item.stdout_lines | join(' ') }}" changed_when: False failed_when: False with_items: "{{ images_to_delete.results }}" + + - name: Remove sdn drop files + file: + path: /run/openshift-sdn + state: absent + + - name: restart docker + service: + name: docker + state: restarted - - file: path={{ item }} state=absent + - name: Remove remaining files + file: path={{ item }} state=absent with_items: - "~{{ ansible_ssh_user }}/.kube" - /etc/ansible/facts.d/openshift.fact @@ -149,7 +167,15 @@ - /etc/openshift - /etc/openshift-sdn - /etc/origin + - /etc/systemd/system/atomic-openshift-master.service + - /etc/systemd/system/atomic-openshift-master-api.service + - /etc/systemd/system/atomic-openshift-master-controllers.service + - /etc/systemd/system/atomic-openshift-node.service + - /etc/systemd/system/etcd_container.service + - /etc/systemd/system/openvswitch.service - /etc/sysconfig/atomic-enterprise-master + - /etc/sysconfig/atomic-enterprise-master-api + - /etc/sysconfig/atomic-enterprise-master-controllers - /etc/sysconfig/atomic-enterprise-node - /etc/sysconfig/atomic-openshift-master - /etc/sysconfig/atomic-openshift-master-api diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 482fa8441..a62d60167 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,6 +1,8 @@ --- - include: evaluate_groups.yml +- include: ../openshift-docker/config.yml + - include: ../openshift-etcd/config.yml - include: ../openshift-master/config.yml diff --git a/playbooks/common/openshift-cluster/update_repos_and_packages.yml b/playbooks/common/openshift-cluster/update_repos_and_packages.yml index 6e4ad7d3f..9a303c62d 100644 --- a/playbooks/common/openshift-cluster/update_repos_and_packages.yml +++ b/playbooks/common/openshift-cluster/update_repos_and_packages.yml @@ -8,5 +8,6 @@ ansible_distribution == "RedHat" and lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | default('no', True) | lower in ['no', 'false'] - - {role: openshift_repos, when: not is_atomic} + and not openshift.common.is_atomic | bool + - openshift_repos - os_update_latest diff --git a/playbooks/common/openshift-docker/config.yml b/playbooks/common/openshift-docker/config.yml new file mode 100644 index 000000000..c3541e544 --- /dev/null +++ b/playbooks/common/openshift-docker/config.yml @@ -0,0 +1,8 @@ +- name: Configure docker hosts + hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config + vars: + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') | oo_split }}" + docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') | oo_split }}" + docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') | oo_split }}" + roles: + - openshift-docker diff --git a/playbooks/common/openshift-docker/filter_plugins b/playbooks/common/openshift-docker/filter_plugins new file mode 120000 index 000000000..99a95e4ca --- /dev/null +++ b/playbooks/common/openshift-docker/filter_plugins @@ -0,0 +1 @@ +../../../filter_plugins \ No newline at end of file diff --git a/playbooks/common/openshift-docker/lookup_plugins b/playbooks/common/openshift-docker/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/common/openshift-docker/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/common/openshift-docker/roles b/playbooks/common/openshift-docker/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/common/openshift-docker/roles @@ -0,0 +1 @@ +../../../roles \ No newline at end of file diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index a0dd330e7..9a5ae0e6b 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -14,7 +14,8 @@ public_hostname: "{{ openshift_public_hostname | default(None) }}" deployment_type: "{{ openshift_deployment_type }}" - role: etcd - local_facts: {} + local_facts: + etcd_image: "{{ osm_etcd_image | default(None) }}" - name: Check status of etcd certificates stat: path: "{{ item }}" @@ -87,7 +88,8 @@ when: etcd_server_certs_missing roles: - etcd - - { role: nickhammond.logrotate, when: not is_atomic } + - role: nickhammond.logrotate + when: not openshift.common.is_containerized | bool - name: Delete temporary directory on localhost hosts: localhost diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 453adb4ff..9c800af39 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -328,7 +328,7 @@ roles: - openshift_master - role: nickhammond.logrotate - when: not is_atomic + when: not openshift.common.is_containerized | bool - role: fluentd_master when: openshift.common.use_fluentd | bool post_tasks: @@ -357,7 +357,7 @@ cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}" roles: - role: cockpit - when: ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and + when: not openshift.common.is_containerized and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and (osm_use_cockpit | bool or osm_use_cockpit is undefined ) - name: Configure flannel diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 6eee75064..80098d240 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -181,7 +181,7 @@ - role: flannel when: openshift.common.use_flannel | bool - role: nickhammond.logrotate - when: not is_atomic + when: not openshift.common.is_containerized | bool - role: fluentd_node when: openshift.common.use_fluentd | bool tasks: diff --git a/roles/docker/README.md b/roles/docker/README.md index 46f259eb7..6b5ee4421 100644 --- a/roles/docker/README.md +++ b/roles/docker/README.md @@ -1,4 +1,4 @@ -Role Name +Docker ========= Ensures docker package is installed, and optionally raises timeout for systemd-udevd.service to 5 minutes. diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 7939221a1..4e24fd3b3 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,10 +1,18 @@ --- # tasks file for docker - name: Install docker - action: "{{ ansible_pkg_mgr }} name=docker state=present" and not is_atomic + action: "{{ ansible_pkg_mgr }} name=docker state=present" + when: not openshift.common.is_atomic | bool - name: enable and start the docker service - service: name=docker enabled=yes state=started + service: + name: docker + enabled: yes + state: started + register: start_result + +- set_fact: + docker_service_status_changed = start_result | changed - include: udev_workaround.yml when: docker_udev_workaround | default(False) diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index 0fd3de585..9e7fa59cf 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -1,4 +1,5 @@ --- +etcd_service: "{{ 'etcd' if not openshift.common.is_containerized else 'etcd_container' }}" etcd_interface: "{{ ansible_default_ipv4.interface }}" etcd_client_port: 2379 etcd_peer_port: 2380 diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml index 4c0efb97b..aeb26d6b2 100644 --- a/roles/etcd/handlers/main.yml +++ b/roles/etcd/handlers/main.yml @@ -1,4 +1,5 @@ --- + - name: restart etcd - service: name=etcd state=restarted + service: name={{ etcd_service }} state=restarted when: not etcd_service_status_changed | default(false) diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index d661ce437..aef52886b 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -7,8 +7,42 @@ msg: IPv4 address not found for {{ etcd_interface }} when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4" +- debug: var=openshift.common.is_containerized +- debug: var=openshift.common.is_atomic + - name: Install etcd - action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present" and not is_atomic + action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present" + when: not openshift.common.is_containerized | bool + +- name: Pull etcd container + command: > + docker pull {{ openshift.etcd.etcd_image }} + when: openshift.common.is_containerized | bool + +- name: Install etcd container service file + template: + dest: "/etc/systemd/system/etcd_container.service" + src: etcd.docker.service + register: install_etcd_result + when: openshift.common.is_containerized | bool + +- name: Ensure etcd datadir exists + when: openshift.common.is_containerized | bool + file: + path: "{{ etcd_data_dir }}" + state: directory + mode: 0700 + +- name: Disable system etcd when containerized + when: openshift.common.is_containerized | bool + service: + name: etcd + state: stopped + enabled: no + +- name: Reload systemd units + command: systemctl daemon-reload + when: openshift.common.is_containerized and ( install_etcd_result | changed ) - name: Validate permissions on the config dir file: @@ -52,7 +86,7 @@ - name: Enable etcd service: - name: etcd + name: "{{ etcd_service }}" state: started enabled: yes register: start_result diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2 index 32577c96c..28816fd87 100644 --- a/roles/etcd/templates/etcd.conf.j2 +++ b/roles/etcd/templates/etcd.conf.j2 @@ -15,13 +15,13 @@ ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }} ETCD_NAME=default {% endif %} ETCD_DATA_DIR={{ etcd_data_dir }} -#ETCD_SNAPSHOT_COUNTER="10000" -ETCD_HEARTBEAT_INTERVAL="500" -ETCD_ELECTION_TIMEOUT="2500" +#ETCD_SNAPSHOT_COUNTER=10000 +ETCD_HEARTBEAT_INTERVAL=500 +ETCD_ELECTION_TIMEOUT=2500 ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }} -#ETCD_MAX_SNAPSHOTS="5" -#ETCD_MAX_WALS="5" -#ETCD_CORS="" +#ETCD_MAX_SNAPSHOTS=5 +#ETCD_MAX_WALS=5 +#ETCD_CORS= {% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 1 %} #[cluster] @@ -29,15 +29,15 @@ ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }} ETCD_INITIAL_CLUSTER={{ initial_cluster() }} ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }} ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }} -#ETCD_DISCOVERY="" -#ETCD_DISCOVERY_SRV="" -#ETCD_DISCOVERY_FALLBACK="proxy" -#ETCD_DISCOVERY_PROXY="" +#ETCD_DISCOVERY= +#ETCD_DISCOVERY_SRV= +#ETCD_DISCOVERY_FALLBACK=proxy +#ETCD_DISCOVERY_PROXY= {% endif %} ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }} #[proxy] -#ETCD_PROXY="off" +#ETCD_PROXY=off #[security] {% if etcd_url_scheme == 'https' -%} diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service new file mode 100644 index 000000000..8058fa188 --- /dev/null +++ b/roles/etcd/templates/etcd.docker.service @@ -0,0 +1,13 @@ +[Unit] +Description=The Etcd Server container +After=docker.service + +[Service] +EnvironmentFile=/etc/etcd/etcd.conf +ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }} +ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:z --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} +ExecStop=/usr/bin/docker stop {{ etcd_service }} +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/roles/fluentd_master/tasks/main.yml b/roles/fluentd_master/tasks/main.yml index ddfa39284..a9531eecf 100644 --- a/roles/fluentd_master/tasks/main.yml +++ b/roles/fluentd_master/tasks/main.yml @@ -1,7 +1,7 @@ --- - fail: msg: "fluentd master is not yet supported on atomic hosts" - when: is_atomic + when: openshift.common.is_containerized | bool # TODO: Update fluentd install and configuration when packaging is complete - name: download and install td-agent diff --git a/roles/fluentd_node/tasks/main.yml b/roles/fluentd_node/tasks/main.yml index 4a29d1270..0c0dae973 100644 --- a/roles/fluentd_node/tasks/main.yml +++ b/roles/fluentd_node/tasks/main.yml @@ -1,7 +1,7 @@ --- - fail: msg: "fluentd node is not yet supported on atomic hosts" - when: is_atomic + when: openshift.common.is_containerized | bool # TODO: Update fluentd install and configuration when packaging is complete - name: download and install td-agent diff --git a/roles/kube_nfs_volumes/tasks/main.yml b/roles/kube_nfs_volumes/tasks/main.yml index 85338cd84..b3fe2f185 100644 --- a/roles/kube_nfs_volumes/tasks/main.yml +++ b/roles/kube_nfs_volumes/tasks/main.yml @@ -1,7 +1,7 @@ --- - fail: - msg: "That playbook is not yet supported on atomic hosts" - when: is_atomic + msg: "This role is not yet supported on atomic hosts" + when: openshift.common.is_atomic | bool - name: Install pyparted (RedHat/Fedora) action: "{{ ansible_pkg_mgr }} name=pyparted,python-httplib2 state=present" diff --git a/roles/openshift_docker/meta/main.yml b/roles/openshift_docker/meta/main.yml new file mode 100644 index 000000000..1e8f8b719 --- /dev/null +++ b/roles/openshift_docker/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift Docker + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- { role: openshift_common } +- { role: docker } diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml new file mode 100644 index 000000000..f63b3acd5 --- /dev/null +++ b/roles/openshift_docker/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- openshift_facts: + - role: common + local_facts: + deployment_type: "{{ openshift_deployment_type }}" + docker_additional_registries: "{{ docker_additional_registries | oo_split() }}" + docker_insecure_registries: "{{ docker_insecure_registries | oo_split() }}" + docker_blocked_registries: "{{ docker_blocked_registries | oo_split() }}" + +- name: Set registry params + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^{{ reg_conf_var }}=.*$' + line: "{{ reg_conf_var }}='{{ reg_fact_val | oo_prepend_strings_in_list(reg_flag ~ ' ') | join(' ') }}'" + when: "'docker_additional_registries' in openshift.common" + with_items: + - reg_conf_var: ADD_REGISTRY + reg_fact_val: {{ openshift.common.docker_additional_registries }} + reg_flag: --add-registry + - reg_conf_var: BLOCK_REGISTRY + reg_fact_val: {{ openshift.common.docker_blocked_registries }} + reg_flag: --block-registry + - reg_conf_var: INSECURE_REGISTRY + reg_fact_val: {{ openshift.common.docker_insecure_registries }} + reg_flag: --insecure-registry + notify: + - restart docker diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index ae642fae1..d318d17e3 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -8,7 +8,7 @@ openshift_examples_load_quickstarts: true content_version: "{{ 'v1.1' if openshift.common.version_greater_than_3_1_or_1_1 else 'v1.0' }}" -examples_base: "{% if is_atomic %}{{ openshift.common.config_base }}{% else %}/usr/share/openshift{% endif %}/examples" +examples_base: "{% if openshift.common.is_atomic %}{{ openshift.common.config_base }}{% else %}/usr/share/openshift{% endif %}/examples" image_streams_base: "{{ examples_base }}/image-streams" centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" rhel_image_streams: "{{ image_streams_base}}/image-streams-rhel7.json" diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml index b74d635d5..cdd813e6a 100644 --- a/roles/openshift_expand_partition/tasks/main.yml +++ b/roles/openshift_expand_partition/tasks/main.yml @@ -1,13 +1,14 @@ --- - name: Ensure growpart is installed - action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present" and not is_atomic + action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present" + when: not openshift.common.is_containerized | bool - name: Determine if growpart is installed command: "rpm -q cloud-utils-growpart" register: has_growpart failed_when: "has_growpart.cr != 0 and 'package cloud-utils-growpart is not installed' not in has_growpart.stdout" changed_when: false - when: is_atomic + when: openshift.common.is_containerized | bool - name: Grow the partitions command: "growpart {{oep_drive}} {{oep_partition}}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 4278111c2..8e733a3a2 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -643,6 +643,20 @@ def set_deployment_facts_if_unset(facts): data_dir = '/var/lib/openshift' facts['common']['data_dir'] = data_dir + # remove duplicate and empty strings from registry lists + for cat in ['additional', 'blocked', 'insecure']: + key = 'docker_{0}_registries'.format(cat) + if key in facts['common']: + facts['common'][key] = set(facts['common'][key]) - set(['']) + + + if deployment_type in ['enterprise', 'atomic-enterprise', 'openshift-enterprise']: + addtl_regs = facts['common']['docker_additional_registries']: + ent_reg = 'registry.access.redhat.com' + if ent_reg not in addtl_regs + facts['common']['docker_additional_registries'].append(ent_reg) + + for role in ('master', 'node'): if role in facts: deployment_type = facts['common']['deployment_type'] @@ -1032,7 +1046,7 @@ class OpenShiftFacts(object): facts = set_version_facts_if_unset(facts) facts = set_aggregate_facts(facts) facts = set_etcd_facts_if_unset(facts) - facts = self.init_in_docker_facts(facts) + facts = self.set_containerized_facts_if_unset(facts) return dict(openshift=facts) def get_defaults(self, roles): @@ -1199,26 +1213,54 @@ class OpenShiftFacts(object): self.changed = changed return new_local_facts - def init_in_docker_facts(self, facts): - facts['is_atomic'] = os.path.isfile('/run/ostree-booted') - - docker = dict() - docker['image_name'] = 'openshift/origin' - # TODO: figure out right way to set the version - docker['image_version'] = 'latest' - docker['image'] = "%s:%s" % (docker['image_name'], docker['image_version']) + def set_containerized_facts_if_unset(self, facts): + deployment_type = facts['common']['deployment_type'] + if deployment_type in ['enterprise','openshift-enterprise']: + master_image = 'openshift3/ose' + cli_image = master_image + node_image = 'openshift3/node' + ovs_image = 'openshift3/openvswitch' + etcd_image = 'registry.access.redhat.com/rhel7/etcd' + elif deployment_type == 'atomic-enterprise': + master_image = 'aep3_beta/aep' + cli_image = master_image + node_image = 'aep3_beta/node' + ovs_image = 'aep3_beta/openvswitch' + etcd_image = 'registry.access.redhat.com/rhel7/etcd' + else: + master_image = 'openshift/origin' + cli_image = master_image + node_image = 'openshift/node' + ovs_image = 'openshift/openvswitch' + etcd_image = 'registry.access.redhat.com/rhel7/etcd' + + facts['common']['is_atomic'] = os.path.isfile('/run/ostree-booted') + if 'is_containerized' not in facts['common']: + facts['common']['is_containerized'] = facts['common']['is_atomic'] + if 'cli_image' not in facts['common']: + facts['common']['cli_image'] = cli_image + if 'master' in facts: + if 'master_image' not in facts['master']: + facts['master']['master_image'] = master_image + if 'node' in facts: + if 'node_image' not in facts ['node']: + facts['node']['node_image'] = node_image + if 'ovs_image' not in facts ['node']: + facts['node']['ovs_image'] = ovs_image + if 'etcd' in facts: + if 'etcd_image' not in facts['etcd']: + facts['etcd']['etcd_image'] = etcd_image # shared /tmp/openshift vol is for file exchange with ansible # --privileged is required to read the config dir # --net host to access openshift from the container # maybe -v /var/run/docker.sock:/var/run/docker.sock is required as well - docker['runner'] = "docker run --rm --privileged --net host -v /tmp/openshift:/tmp/openshift -v {datadir}:{datadir} -v {confdir}:{confdir} -e KUBECONFIG={confdir}/master/admin.kubeconfig {image}".format(confdir=facts['common']['config_base'], datadir=facts['common']['data_dir'], image=docker['image']) + runner = "docker run --rm --privileged --net host -v /tmp/openshift:/tmp/openshift -v {datadir}:{datadir} -v {confdir}:{confdir} -e KUBECONFIG={confdir}/master/admin.kubeconfig {image}".format(confdir=facts['common']['config_base'], datadir=facts['common']['data_dir'], image=facts['common']['cli_image']) - if facts['is_atomic']: - facts['common']['client_binary'] = '%s cli' % docker['runner'] - facts['common']['admin_binary'] = '%s admin' % docker['runner'] + if facts['common']['is_containerized']: + facts['common']['client_binary'] = '%s cli' % runner + facts['common']['admin_binary'] = '%s admin' % runner - facts['docker'] = docker return facts diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index e98b7c591..832f7ad84 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -6,20 +6,6 @@ - ansible_version | version_compare('1.9.0', 'ne') - ansible_version | version_compare('1.9.0.1', 'ne') -- name: Determine if Atomic - stat: path=/run/ostree-booted - register: s - changed_when: false - -- name: Init the is_atomic fact - set_fact: - is_atomic: false - -- name: Set the is_atomic fact - set_fact: - is_atomic: true - when: s.stat.exists - - name: Ensure PyYaml is installed action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 6844a16cc..e9e77d231 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -20,10 +20,9 @@ - fail: msg: "openshift_master_cluster_password must be set for multi-master installations" when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password) - - fail: - msg: "openshift_master_ha is not yet supported on atomic hosts" - when: openshift_master_ha | bool and is_atomic + msg: "Pacemaker based HA is not supported at this time when used with containerized installs" + when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and openshift.common.is_containerized | bool - name: Set master facts openshift_facts: @@ -80,28 +79,38 @@ disabled_features: "{{ osm_disabled_features | default(None) }}" master_count: "{{ openshift_master_count | default(None) }}" controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}" + master_image: "{{ osm_image | default(None) }}" - name: Install Master package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version }} state=present" - when: not is_atomic + when: not openshift.common.is_containerized | bool # TODO: enable when ansible#1993 lands and is widespread enough # - name: Docker image present # docker: # image: "{{ openshift.common.docker.image }}" # state: image_present -# when: is_atomic +# when: openshift.common.is_containerized | bool - name: Install Master docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" - src: openshift.docker.master.service - register: install_result - when: is_atomic + src: master.docker.service.j2 + register: install_result + when: openshift.common.is_containerized | bool and not openshift_master_ha | bool + +- name: Create openshift.common.data_dir + file: + path: "{{ openshift.common.data_dir }}" + state: directory + mode: 0755 + owner: root + group: root + when: openshift.common.is_containerized | bool -- name: Reload systemd units +- name: Reload systemd units command: systemctl daemon-reload - when: is_atomic and install_result | changed + when: openshift.common.is_containerized | bool and install_result | changed - name: Re-gather package dependent master facts openshift_facts: @@ -134,9 +143,9 @@ - name: Install httpd-tools if needed action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present" - when: (item.kind == 'HTPasswdPasswordIdentityProvider') + when: (item.kind == 'HTPasswdPasswordIdentityProvider') and + not openshift.common.is_containerized | bool with_items: openshift.master.identity_providers - when: not is_atomic - name: Ensure htpasswd directory exists file: @@ -154,16 +163,27 @@ when: item.kind == 'HTPasswdPasswordIdentityProvider' with_items: openshift.master.identity_providers +- name: Init HA Service Info + set_fact: + ha_suffix: "" + ha_svcdir: "/usr/lib/systemd/system" + +- name: Set HA Service Info for containerized installs + set_fact: + ha_suffix: ".docker" + ha_svcdir: "/etc/systemd/system" + when: openshift.common.is_containerized | bool + # workaround for missing systemd unit files for controllers/api - name: Create the api service file template: - src: atomic-openshift-master-api.service.j2 - dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-api.service + src: atomic-openshift-master-api{{ ha_suffix }}.service.j2 + dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-api.service" when: openshift_master_ha | bool and openshift_master_cluster_method == "native" - name: Create the controllers service file template: - src: atomic-openshift-master-controllers.service.j2 - dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-controllers.service + src: atomic-openshift-master-controllers{{ ha_suffix }}.service.j2 + dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-controllers.service" when: openshift_master_ha | bool and openshift_master_cluster_method == "native" - name: Create the api env file template: @@ -251,6 +271,10 @@ when: not openshift_master_ha | bool register: start_result +- name: Stop and disable non HA master when running HA + service: name={{ openshift.common.service_type }}-master enabled=no state=stopped + when: openshift_master_ha | bool + - set_fact: master_service_status_changed: start_result | changed when: not openshift_master_ha | bool @@ -275,12 +299,14 @@ - name: Install cluster packages action: "{{ ansible_pkg_mgr }} name=pcs state=present" - when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' and not is_atomic + when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' + and not openshift.common.is_containerized | bool register: install_result - name: Start and enable cluster service service: name=pcsd enabled=yes state=started when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' + and not openshift.common.is_containerized | bool - name: Set the cluster user password shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster @@ -307,7 +333,6 @@ command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config args: creates: ~{{ item }}/.kube/config - when: not is_atomic with_items: - root - "{{ ansible_ssh_user }}" diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 new file mode 100644 index 000000000..936c39edf --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 @@ -0,0 +1,26 @@ +[Unit] +Description=Atomic OpenShift Master API +Documentation=https://github.com/openshift/origin +After=network.target +After=etcd.service +Before={{ openshift.common.service_type }}-node.service +Requires=network.target +Requires=docker.service +PartOf=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api +Environment=GOTRACEBACK=crash +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master api --config=${CONFIG_FILE} $OPTIONS +ExecStartPost=/usr/bin/sleep 10 +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier=atomic-openshift-master-api +Restart=always + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service \ No newline at end of file diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 new file mode 100644 index 000000000..6ba7d6e2a --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 @@ -0,0 +1,25 @@ +[Unit] +Description=Atomic OpenShift Master Controllers +Documentation=https://github.com/openshift/origin +After=network.target +After={{ openshift.common.service_type }}-master-api.service +Before={{ openshift.common.service_type }}-node.service +Requires=docker.service +PartOf=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers +Environment=GOTRACEBACK=crash +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master controllers --config=${CONFIG_FILE} $OPTIONS +ExecStartPost=/usr/bin/sleep 10 +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier={{ openshift.common.service_type }}-master-controllers +Restart=on-failure + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/master.docker.service.j2 b/roles/openshift_master/templates/master.docker.service.j2 new file mode 100644 index 000000000..8b23d70b1 --- /dev/null +++ b/roles/openshift_master/templates/master.docker.service.j2 @@ -0,0 +1,16 @@ +[Unit] +After=docker.service +Before={{ openshift.common.service_type }}-node.service +Requires=docker.service +PartOf=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master --config=${CONFIG_FILE} $OPTIONS +ExecStartPost=/usr/bin/sleep 10 +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/roles/openshift_master/templates/openshift.docker.master.service b/roles/openshift_master/templates/openshift.docker.master.service deleted file mode 100644 index 9e436f8eb..000000000 --- a/roles/openshift_master/templates/openshift.docker.master.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -After=docker.service -Require=docker.service - -[Service] -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start master --config=${CONFIG_FILE} ${OPTIONS} -ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master - -[Install] -WantedBy=multi-user.target diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index 875d61a3b..534465451 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -5,8 +5,6 @@ openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.js openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" openshift_version: "{{ openshift_pkg_version | default('') }}" -openshift_docker_image_name: openshift/origin -openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}" openshift_master_valid_grant_methods: - auto diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index c179ceb61..17d832d26 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Install the base package for admin tooling action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version }} state=present" - when: not is_atomic + when: openshift.common.is_containerized | bool - name: Reload generated facts openshift_facts: @@ -12,6 +12,11 @@ path: "{{ openshift_master_config_dir }}" state: directory +- name: Pull required docker image + command: > + docker pull {{ openshift.common.cli_image }} + when: openshift.common.is_containerized | bool + - name: Create the master certificates if they do not already exist command: > {{ openshift.common.admin_binary }} create-master-certs diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml index 0f1f32a34..b35339b18 100644 --- a/roles/openshift_master_ca/vars/main.yml +++ b/roles/openshift_master_ca/vars/main.yml @@ -4,6 +4,3 @@ openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" openshift_version: "{{ openshift_pkg_version | default('') }}" - -openshift_docker_image_name: openshift/origin -openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}" diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index 13e5d7a4b..36d953111 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -16,6 +16,8 @@ - admin.kubeconfig - master.kubelet-client.crt - master.kubelet-client.key + - master.server.crt + - master.server.key - openshift-master.crt - openshift-master.key - openshift-master.kubeconfig diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml index 978e2920d..40705d357 100644 --- a/roles/openshift_master_cluster/tasks/main.yml +++ b/roles/openshift_master_cluster/tasks/main.yml @@ -1,7 +1,7 @@ --- - fail: msg: "Not possible on atomic hosts for now" - when: is_atomic + when: openshift.common.is_containerized | bool - name: Test if cluster is already configured command: pcs status diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 8607aa3fb..67c6387a3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -4,10 +4,6 @@ msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] -- fail: - msg: "This playbook does not support using SDN on atomic hosts yet" - when: openshift.common.use_openshift_sdn and is_atomic - - name: Set node facts openshift_facts: role: "{{ item.role }}" @@ -37,16 +33,50 @@ sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" set_node_ip: "{{ openshift_set_node_ip | default(None) }}" + node_image: "{{ osn_image | default(None) }}" + ovs_image: "{{ osn_ovs_image | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving -# problems because the rpms don't pin the version properly. +# problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging. - name: Install Node package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present" - when: not is_atomic + when: not openshift.common.is_containerized | bool - name: Install sdn-ovs package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present" - when: openshift.common.use_openshift_sdn and not is_atomic + when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool + +- name: Install Node docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" + src: openshift.docker.node.service + register: install_node_result + when: openshift.common.is_containerized | bool + +- name: Create openshift.common.data_dir + file: + path: openshift.common.data_dir + state: directory + mode: 0755 + owner: root + group: root + when: openshift.common.is_containerized | bool + +- name: Install OpenvSwitch docker service file + template: + dest: "/etc/systemd/system/openvswitch.service" + src: openvswitch.docker.service + register: install_ovs_result + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool + +- name: Reload systemd units + command: systemctl daemon-reload + when: openshift.common.is_containerized and ( ( install_node_result | changed ) + or ( install_ovs_result | changed ) ) + +- name: Start and enable openvswitch docker service + service: name=openvswitch.service enabled=yes state=started + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -71,64 +101,6 @@ notify: - restart node -- stat: path=/etc/sysconfig/docker - register: docker_check - - # TODO: Enable secure registry when code available in origin -- name: Secure Registry and Logs Options - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^OPTIONS=.*$' - line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ -{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \ -{% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }} {% endif %} \ -{% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '" - when: docker_check.stat.isreg - notify: - - restart docker - -- set_fact: - docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') - | oo_split() | union(['registry.access.redhat.com']) - | difference(['']) }}" - when: openshift.common.deployment_type in ['enterprise', 'openshift-enterprise', 'atomic-enterprise'] -- set_fact: - docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') - | oo_split() | difference(['']) }}" - when: openshift.common.deployment_type not in ['enterprise', 'openshift-enterprise', 'atomic-enterprise'] - -- name: Add personal registries - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^ADD_REGISTRY=.*$' - line: "ADD_REGISTRY='{{ docker_additional_registries - | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'" - when: docker_check.stat.isreg and docker_additional_registries - notify: - - restart docker - -- name: Block registries - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^BLOCK_REGISTRY=.*$' - line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split() - | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'" - when: docker_check.stat.isreg and - lookup('oo_option', 'docker_blocked_registries') != '' - notify: - - restart docker - -- name: Grant access to additional insecure registries - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^INSECURE_REGISTRY=.*' - line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split() - | oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'" - when: docker_check.stat.isreg and - lookup('oo_option', 'docker_insecure_registries') != '' - notify: - - restart docker - - name: Additional storage plugin configuration include: storage_plugins/main.yml diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml index 39c7b9390..d237c26ec 100644 --- a/roles/openshift_node/tasks/storage_plugins/main.yml +++ b/roles/openshift_node/tasks/storage_plugins/main.yml @@ -3,11 +3,12 @@ # additional package dependencies - name: NFS storage plugin configuration include: nfs.yml + when: not openshift.common.is_containerized | bool - name: GlusterFS storage plugin configuration include: glusterfs.yml - when: "'glusterfs' in openshift.node.storage_plugin_deps" + when: "'glusterfs' in openshift.node.storage_plugin_deps and not openshift.common.is_containerized | bool " - name: Ceph storage plugin configuration include: ceph.yml - when: "'ceph' in openshift.node.storage_plugin_deps" + when: "'ceph' in openshift.node.storage_plugin_deps and not openshift.common.is_containerized | bool" diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index e9df34940..7a11a10fa 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -1,11 +1,20 @@ [Unit] After=docker.service -Require=docker.service +After={{ openshift.common.service_type }}-master.service +After=openvswitch.service +{% if openshift.common.use_openshift_sdn %} +Requires=openvswitch.service +{% endif %} +Requires=docker.service +PartOf=docker.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name "{{ openshift.common.service_type }}-node" -v /:/rootfs:ro -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start node --config=${CONFIG_FILE} ${OPTIONS} +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node +ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system {{ openshift.node.node_image }} +ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node +Restart=always [Install] WantedBy=multi-user.target diff --git a/roles/openshift_node/templates/openvswitch.docker.service b/roles/openshift_node/templates/openvswitch.docker.service new file mode 100644 index 000000000..0b42ca6d5 --- /dev/null +++ b/roles/openshift_node/templates/openvswitch.docker.service @@ -0,0 +1,13 @@ +[Unit] +After=docker.service +Requires=docker.service +PartOf=docker.service + +[Service] +ExecStartPre=-/usr/bin/docker rm -f openvswitch +ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ openshift.node.ovs_image }} +ExecStop=/usr/bin/docker stop openvswitch +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml index c57d1bcca..43dc50ca8 100644 --- a/roles/openshift_node/vars/main.yml +++ b/roles/openshift_node/vars/main.yml @@ -2,6 +2,3 @@ openshift_node_config_dir: "{{ openshift.common.config_base }}/node" openshift_node_config_file: "{{ openshift_node_config_dir }}/node-config.yaml" openshift_version: "{{ openshift_pkg_version | default('') }}" - -openshift_docker_image_name: openshift/origin -openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}" diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 6d0d1d493..6d910a66e 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -12,20 +12,20 @@ - name: Ensure libselinux-python is installed action: "{{ ansible_pkg_mgr }} name=libselinux-python state=present" - when: not is_atomic + when: not openshift.common.is_containerized | bool - name: Create any additional repos that are defined template: src: yum_repo.j2 dest: /etc/yum.repos.d/openshift_additional.repo - when: openshift_additional_repos | length > 0 and not is_atomic + when: openshift_additional_repos | length > 0 and not openshift.common.is_containerized | bool notify: refresh cache - name: Remove the additional repos if no longer defined file: dest: /etc/yum.repos.d/openshift_additional.repo state: absent - when: openshift_additional_repos | length == 0 and not is_atomic + when: openshift_additional_repos | length == 0 and not openshift.common.is_containerized | bool notify: refresh cache - name: Remove any yum repo files for other deployment types RHEL/CentOS @@ -36,7 +36,7 @@ - '*/repos/*' when: not (item | search("/files/" ~ openshift_deployment_type ~ "/repos")) and (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") - and not is_atomic + and not openshift.common.is_containerized | bool notify: refresh cache - name: Remove any yum repo files for other deployment types Fedora @@ -47,7 +47,7 @@ - '*/repos/*' when: not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) and (ansible_distribution == "Fedora") - and not is_atomic + and not openshift.common.is_containerized | bool notify: refresh cache - name: Configure gpg keys if needed @@ -55,6 +55,7 @@ with_fileglob: - "{{ openshift_deployment_type }}/gpg_keys/*" notify: refresh cache + when: not openshift.common.is_containerized | bool - name: Configure yum repositories RHEL/CentOS copy: src={{ item }} dest=/etc/yum.repos.d/ @@ -62,11 +63,11 @@ - "{{ openshift_deployment_type }}/repos/*" notify: refresh cache when: (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") - and not is_atomic + and not openshift.common.is_containerized | bool - name: Configure yum repositories Fedora copy: src={{ item }} dest=/etc/yum.repos.d/ with_fileglob: - "fedora-{{ openshift_deployment_type }}/repos/*" notify: refresh cache - when: (ansible_distribution == "Fedora") and not is_atomic + when: (ansible_distribution == "Fedora") and not openshift.common.is_containerized | bool diff --git a/roles/openshift_storage_nfs_lvm/tasks/main.yml b/roles/openshift_storage_nfs_lvm/tasks/main.yml index ead81b876..ea0cc2a94 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/main.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/main.yml @@ -1,4 +1,9 @@ --- +# TODO -- this may actually work on atomic hosts +- fail: + msg: "openshift_storage_nfs_lvm is not compatible with atomic host" + when: openshift.common.is_atomic | true + - name: Create lvm volumes lvol: vg={{osnl_volume_group}} lv={{ item }} size={{osnl_volume_size}}G with_sequence: start={{osnl_volume_num_start}} count={{osnl_number_of_volumes}} format={{osnl_volume_prefix}}{{osnl_volume_size}}g%04d diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml index df7c0e57d..fc8de1cb5 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml @@ -1,7 +1,7 @@ --- - name: Install NFS server action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" - when: not is_atomic + when: not openshift.common.is_containerized | bool - name: Start rpcbind service: name=rpcbind state=started enabled=yes diff --git a/roles/os_env_extras/tasks/main.yaml b/roles/os_env_extras/tasks/main.yaml index d52795289..628df713a 100644 --- a/roles/os_env_extras/tasks/main.yaml +++ b/roles/os_env_extras/tasks/main.yaml @@ -13,4 +13,4 @@ - name: Bash Completion action: "{{ ansible_pkg_mgr }} name=bash-completion state=present" - when: not is_atomic \ No newline at end of file + when: not openshift.common.is_containerized | bool \ No newline at end of file diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 01b8263d5..d26ba7ee9 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -5,7 +5,7 @@ - iptables - iptables-services register: install_result - when: not is_atomic + when: not openshift.common.is_containerized | bool - name: Check if firewalld is installed command: rpm -q firewalld diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml index 3c3e80979..2400164fa 100644 --- a/roles/os_update_latest/tasks/main.yml +++ b/roles/os_update_latest/tasks/main.yml @@ -1,8 +1,8 @@ --- - fail: msg: "Update is not yet supported by this playbook on atomic hosts" - when: is_atomic + when: openshift.common.is_containerized | bool - name: Update all packages action: "{{ ansible_pkg_mgr }} name=* state=latest" - when: not is_atomic \ No newline at end of file + when: not openshift.common.is_containerized | bool \ No newline at end of file diff --git a/roles/os_zabbix/tasks/main.yml b/roles/os_zabbix/tasks/main.yml index bd879c25f..a8b65dd56 100644 --- a/roles/os_zabbix/tasks/main.yml +++ b/roles/os_zabbix/tasks/main.yml @@ -1,7 +1,7 @@ --- - fail: msg: "Zabbix config is not yet supported on atomic hosts" - when: is_atomic + when: openshift.common.is_containerized | bool - name: Main List all templates zbx_template: diff --git a/roles/yum_repos/tasks/main.yml b/roles/yum_repos/tasks/main.yml index 252dc71d5..46928a00b 100644 --- a/roles/yum_repos/tasks/main.yml +++ b/roles/yum_repos/tasks/main.yml @@ -45,4 +45,4 @@ src: yumrepo.j2 dest: /etc/yum.repos.d/{{ item.id }}.repo with_items: repo_files - when: not is_atomic + when: not openshift.common.is_containerized | bool -- cgit v1.2.3 From 043d6b3a7e3c6b799ddf4157ccdf2b2b67451d81 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 20 Nov 2015 15:45:39 -0500 Subject: fixes --- playbooks/common/openshift-docker/config.yml | 3 +- roles/docker/handlers/main.yml | 5 +- roles/etcd/tasks/main.yml | 17 ++- roles/openshift_docker/tasks/main.yml | 18 +-- roles/openshift_examples/defaults/main.yml | 8 +- roles/openshift_facts/library/openshift_facts.py | 126 ++++++++++++--------- roles/openshift_facts/tasks/main.yml | 5 +- roles/openshift_manage_node/tasks/main.yml | 1 + roles/openshift_master/tasks/main.yml | 1 + .../templates/master.docker.service.j2 | 2 +- roles/openshift_node/meta/main.yml | 1 - roles/openshift_serviceaccounts/tasks/main.yml | 1 + 12 files changed, 104 insertions(+), 84 deletions(-) diff --git a/playbooks/common/openshift-docker/config.yml b/playbooks/common/openshift-docker/config.yml index c3541e544..f838dd66c 100644 --- a/playbooks/common/openshift-docker/config.yml +++ b/playbooks/common/openshift-docker/config.yml @@ -5,4 +5,5 @@ docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') | oo_split }}" docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') | oo_split }}" roles: - - openshift-docker + - openshift_facts + - openshift_docker diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 7d60f1891..9f827417f 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -1,7 +1,10 @@ --- - name: restart docker - service: name=docker state=restarted + service: + name: docker + state: restarted + when: not docker_service_status_changed | default(false) - name: restart udev service: diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index aef52886b..6906244e9 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -7,9 +7,6 @@ msg: IPv4 address not found for {{ etcd_interface }} when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4" -- debug: var=openshift.common.is_containerized -- debug: var=openshift.common.is_atomic - - name: Install etcd action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present" when: not openshift.common.is_containerized | bool @@ -25,7 +22,7 @@ src: etcd.docker.service register: install_etcd_result when: openshift.common.is_containerized | bool - + - name: Ensure etcd datadir exists when: openshift.common.is_containerized | bool file: @@ -48,16 +45,16 @@ file: path: "{{ etcd_conf_dir }}" state: directory - owner: etcd - group: etcd + owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}" + group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}" mode: 0700 - name: Validate permissions on certificate files file: path: "{{ item }}" mode: 0600 - group: etcd - owner: etcd + owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}" + group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}" when: etcd_url_scheme == 'https' with_items: - "{{ etcd_ca_file }}" @@ -68,8 +65,8 @@ file: path: "{{ item }}" mode: 0600 - group: etcd - owner: etcd + owner: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}" + group: "{{ 'etcd' if not openshift.common.is_containerized | bool else omit }}" when: etcd_peer_url_scheme == 'https' with_items: - "{{ etcd_peer_ca_file }}" diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml index f63b3acd5..4f9fe1f97 100644 --- a/roles/openshift_docker/tasks/main.yml +++ b/roles/openshift_docker/tasks/main.yml @@ -1,27 +1,27 @@ --- - openshift_facts: - - role: common + role: common local_facts: deployment_type: "{{ openshift_deployment_type }}" - docker_additional_registries: "{{ docker_additional_registries | oo_split() }}" - docker_insecure_registries: "{{ docker_insecure_registries | oo_split() }}" - docker_blocked_registries: "{{ docker_blocked_registries | oo_split() }}" + docker_additional_registries: "{{ docker_additional_registries }}" + docker_insecure_registries: "{{ docker_insecure_registries }}" + docker_blocked_registries: "{{ docker_blocked_registries }}" - name: Set registry params lineinfile: dest: /etc/sysconfig/docker - regexp: '^{{ reg_conf_var }}=.*$' - line: "{{ reg_conf_var }}='{{ reg_fact_val | oo_prepend_strings_in_list(reg_flag ~ ' ') | join(' ') }}'" + regexp: '^{{ item.reg_conf_var }}=.*$' + line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'" when: "'docker_additional_registries' in openshift.common" with_items: - reg_conf_var: ADD_REGISTRY - reg_fact_val: {{ openshift.common.docker_additional_registries }} + reg_fact_val: "{{ openshift.common.docker_additional_registries }}" reg_flag: --add-registry - reg_conf_var: BLOCK_REGISTRY - reg_fact_val: {{ openshift.common.docker_blocked_registries }} + reg_fact_val: "{{ openshift.common.docker_blocked_registries }}" reg_flag: --block-registry - reg_conf_var: INSECURE_REGISTRY - reg_fact_val: {{ openshift.common.docker_insecure_registries }} + reg_fact_val: "{{ openshift.common.docker_insecure_registries }}" reg_flag: --insecure-registry notify: - restart docker diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index d318d17e3..e27f4e0a6 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -1,14 +1,14 @@ --- # By default install rhel and xpaas streams on enterprise installs -openshift_examples_load_centos: "{{ openshift_deployment_type not in ['enterprise','openshift-enterprise','atomic-enterprise','online'] }}" -openshift_examples_load_rhel: "{{ openshift_deployment_type in ['enterprise','openshift-enterprise','atomic-enterprise','online'] }}" +openshift_examples_load_centos: "{{ openshift_deployment_type == 'origin' }}" +openshift_examples_load_rhel: "{{ openshift_deployment_type != 'origin' }}" openshift_examples_load_db_templates: true -openshift_examples_load_xpaas: "{{ openshift_deployment_type in ['enterprise','openshift-enterprise','atomic-enterprise','online'] }}" +openshift_examples_load_xpaas: "{{ openshift_deployment_type != 'origin' }}" openshift_examples_load_quickstarts: true content_version: "{{ 'v1.1' if openshift.common.version_greater_than_3_1_or_1_1 else 'v1.0' }}" -examples_base: "{% if openshift.common.is_atomic %}{{ openshift.common.config_base }}{% else %}/usr/share/openshift{% endif %}/examples" +examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized else '/usr/share/openshift' }}/examples" image_streams_base: "{{ examples_base }}/image-streams" centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" rhel_image_streams: "{{ image_streams_base}}/image-streams-rhel7.json" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 8e733a3a2..b5454dd81 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -647,14 +647,14 @@ def set_deployment_facts_if_unset(facts): for cat in ['additional', 'blocked', 'insecure']: key = 'docker_{0}_registries'.format(cat) if key in facts['common']: - facts['common'][key] = set(facts['common'][key]) - set(['']) + facts['common'][key] = list(set(facts['common'][key]) - set([''])) if deployment_type in ['enterprise', 'atomic-enterprise', 'openshift-enterprise']: - addtl_regs = facts['common']['docker_additional_registries']: - ent_reg = 'registry.access.redhat.com' - if ent_reg not in addtl_regs - facts['common']['docker_additional_registries'].append(ent_reg) + addtl_regs = facts['common'].get('docker_additional_registries', []) + ent_reg = ['registry.access.redhat.com'] + if ent_reg not in addtl_regs: + facts['common']['docker_additional_registries'] = addtl_regs + ent_reg for role in ('master', 'node'): @@ -934,6 +934,7 @@ def save_local_facts(filename, facts): os.makedirs(fact_dir) with open(filename, 'w') as fact_file: fact_file.write(module.jsonify(facts)) + os.chmod(filename, 0o600) except (IOError, OSError) as ex: raise OpenShiftFactsFileWriteError( "Could not create fact file: %s, error: %s" % (filename, ex) @@ -969,6 +970,69 @@ def get_local_facts_from_file(filename): return local_facts +def set_container_facts_if_unset(facts): + """ Set containerized facts. + + Args: + facts (dict): existing facts + Returns: + dict: the facts dict updated with the generated containerization + facts + """ + deployment_type = facts['common']['deployment_type'] + if deployment_type in ['enterprise', 'openshift-enterprise']: + master_image = 'openshift3/ose' + cli_image = master_image + node_image = 'openshift3/node' + ovs_image = 'openshift3/openvswitch' + etcd_image = 'registry.access.redhat.com/rhel7/etcd' + elif deployment_type == 'atomic-enterprise': + master_image = 'aep3_beta/aep' + cli_image = master_image + node_image = 'aep3_beta/node' + ovs_image = 'aep3_beta/openvswitch' + etcd_image = 'registry.access.redhat.com/rhel7/etcd' + else: + master_image = 'openshift/origin' + cli_image = master_image + node_image = 'openshift/node' + ovs_image = 'openshift/openvswitch' + etcd_image = 'registry.access.redhat.com/rhel7/etcd' + + facts['common']['is_atomic'] = os.path.isfile('/run/ostree-booted') + if 'is_containerized' not in facts['common']: + facts['common']['is_containerized'] = facts['common']['is_atomic'] + if 'cli_image' not in facts['common']: + facts['common']['cli_image'] = cli_image + if 'etcd' in facts and 'etcd_image' not in facts['etcd']: + facts['etcd']['etcd_image'] = etcd_image + if 'master' in facts and 'master_image' not in facts['master']: + facts['master']['master_image'] = master_image + if 'node' in facts: + if 'node_image' not in facts['node']: + facts['node']['node_image'] = node_image + if 'ovs_image' not in facts['node']: + facts['node']['ovs_image'] = ovs_image + + # shared /tmp/openshift vol is for file exchange with ansible + # --privileged is required to read the config dir + # --net host to access openshift from the container + # maybe -v /var/run/docker.sock:/var/run/docker.sock is required as well + runner = ("docker run --rm --privileged --net host -v " + "/tmp/openshift:/tmp/openshift -v {datadir}:{datadir} " + "-v {confdir}:{confdir} " + "-e KUBECONFIG={confdir}/master/admin.kubeconfig " + "{image}").format(confdir=facts['common']['config_base'], + datadir=facts['common']['data_dir'], + image=facts['common']['cli_image']) + + if facts['common']['is_containerized']: + facts['common']['client_binary'] = '%s cli' % runner + facts['common']['admin_binary'] = '%s admin' % runner + + return facts + + class OpenShiftFactsUnsupportedRoleError(Exception): """Origin Facts Unsupported Role Error""" pass @@ -1046,7 +1110,7 @@ class OpenShiftFacts(object): facts = set_version_facts_if_unset(facts) facts = set_aggregate_facts(facts) facts = set_etcd_facts_if_unset(facts) - facts = self.set_containerized_facts_if_unset(facts) + facts = set_container_facts_if_unset(facts) return dict(openshift=facts) def get_defaults(self, roles): @@ -1213,56 +1277,6 @@ class OpenShiftFacts(object): self.changed = changed return new_local_facts - def set_containerized_facts_if_unset(self, facts): - deployment_type = facts['common']['deployment_type'] - if deployment_type in ['enterprise','openshift-enterprise']: - master_image = 'openshift3/ose' - cli_image = master_image - node_image = 'openshift3/node' - ovs_image = 'openshift3/openvswitch' - etcd_image = 'registry.access.redhat.com/rhel7/etcd' - elif deployment_type == 'atomic-enterprise': - master_image = 'aep3_beta/aep' - cli_image = master_image - node_image = 'aep3_beta/node' - ovs_image = 'aep3_beta/openvswitch' - etcd_image = 'registry.access.redhat.com/rhel7/etcd' - else: - master_image = 'openshift/origin' - cli_image = master_image - node_image = 'openshift/node' - ovs_image = 'openshift/openvswitch' - etcd_image = 'registry.access.redhat.com/rhel7/etcd' - - facts['common']['is_atomic'] = os.path.isfile('/run/ostree-booted') - if 'is_containerized' not in facts['common']: - facts['common']['is_containerized'] = facts['common']['is_atomic'] - if 'cli_image' not in facts['common']: - facts['common']['cli_image'] = cli_image - if 'master' in facts: - if 'master_image' not in facts['master']: - facts['master']['master_image'] = master_image - if 'node' in facts: - if 'node_image' not in facts ['node']: - facts['node']['node_image'] = node_image - if 'ovs_image' not in facts ['node']: - facts['node']['ovs_image'] = ovs_image - if 'etcd' in facts: - if 'etcd_image' not in facts['etcd']: - facts['etcd']['etcd_image'] = etcd_image - - # shared /tmp/openshift vol is for file exchange with ansible - # --privileged is required to read the config dir - # --net host to access openshift from the container - # maybe -v /var/run/docker.sock:/var/run/docker.sock is required as well - runner = "docker run --rm --privileged --net host -v /tmp/openshift:/tmp/openshift -v {datadir}:{datadir} -v {confdir}:{confdir} -e KUBECONFIG={confdir}/master/admin.kubeconfig {image}".format(confdir=facts['common']['config_base'], datadir=facts['common']['data_dir'], image=facts['common']['cli_image']) - - if facts['common']['is_containerized']: - facts['common']['client_binary'] = '%s cli' % runner - facts['common']['admin_binary'] = '%s admin' % runner - - return facts - def main(): """ main """ diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 832f7ad84..55071436f 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -9,5 +9,8 @@ - name: Ensure PyYaml is installed action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" -- name: Gather Cluster facts +- name: Gather Cluster facts and set is_containerized if needed openshift_facts: + role: common + local_facts: + is_containerized: "{{ openshift_containerized | default(None) }}" diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index 637e494ea..06f12053a 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -5,6 +5,7 @@ until: omd_get_node.rc == 0 retries: 20 delay: 5 + changed_when: false with_items: openshift_nodes - name: Set node schedulability diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index e9e77d231..0c7718299 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -314,6 +314,7 @@ - name: Lookup default group for ansible_ssh_user command: "/usr/bin/id -g {{ ansible_ssh_user }}" + changed_when: false register: _ansible_ssh_user_gid - name: Create the client config dir(s) diff --git a/roles/openshift_master/templates/master.docker.service.j2 b/roles/openshift_master/templates/master.docker.service.j2 index 8b23d70b1..23781a313 100644 --- a/roles/openshift_master/templates/master.docker.service.j2 +++ b/roles/openshift_master/templates/master.docker.service.j2 @@ -6,7 +6,7 @@ PartOf=docker.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master -ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 9d40ae3b3..c92008a77 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -13,4 +13,3 @@ galaxy_info: - cloud dependencies: - { role: openshift_common } -- { role: docker } diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index eb9c9b2c9..4c7faa6fe 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -23,6 +23,7 @@ shell: > {{ openshift.common.client_binary }} get scc privileged -o yaml --output-version=v1 > /tmp/openshift/scc.yaml + changed_when: false - name: Add security context constraint for {{ item }} lineinfile: -- cgit v1.2.3 From d3edce9c192c8d1eba572ba45ca25c06d0fbb830 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 20 Nov 2015 22:23:43 -0500 Subject: pull docker images only if not already present --- roles/etcd/tasks/main.yml | 11 ++++++++--- roles/openshift_master/tasks/main.yml | 16 ++++++++++------ roles/openshift_master_ca/tasks/main.yml | 8 +++++++- roles/openshift_node/tasks/main.yml | 16 ++++++++++++++++ 4 files changed, 41 insertions(+), 10 deletions(-) diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 6906244e9..a03c693d6 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -11,10 +11,15 @@ action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present" when: not openshift.common.is_containerized | bool -- name: Pull etcd container - command: > - docker pull {{ openshift.etcd.etcd_image }} +- name: Get docker images + command: docker images + changed_when: false when: openshift.common.is_containerized | bool + register: docker_images + +- name: Pull etcd container + command: docker pull {{ openshift.etcd.etcd_image }} + when: openshift.common.is_containerized | bool and openshift.etcd.etcd_image not in docker_images.stdout - name: Install etcd container service file template: diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 0c7718299..0695693ff 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -85,12 +85,16 @@ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version }} state=present" when: not openshift.common.is_containerized | bool -# TODO: enable when ansible#1993 lands and is widespread enough -# - name: Docker image present -# docker: -# image: "{{ openshift.common.docker.image }}" -# state: image_present -# when: openshift.common.is_containerized | bool +- name: Get docker images + command: docker images + changed_when: false + when: openshift.common.is_containerized | bool + register: docker_images + +- name: Pull required docker image + command: > + docker pull {{ openshift.master.master_image }} + when: openshift.common.is_containerized | bool and openshift.master.master_image not in docker_images.stdout - name: Install Master docker service file template: diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 17d832d26..3114c2464 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -12,10 +12,16 @@ path: "{{ openshift_master_config_dir }}" state: directory +- name: Get docker images + command: docker images + changed_when: false + when: openshift.common.is_containerized | bool + register: docker_images + - name: Pull required docker image command: > docker pull {{ openshift.common.cli_image }} - when: openshift.common.is_containerized | bool + when: openshift.common.is_containerized | bool and openshift.common.cli_image not in docker_images.stdout - name: Create the master certificates if they do not already exist command: > diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 67c6387a3..f77e0250d 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -46,6 +46,17 @@ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present" when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool +- name: Get docker images + command: docker images + changed_when: false + when: openshift.common.is_containerized | bool + register: docker_images + +- name: Pull required docker image + command: > + docker pull {{ openshift.node.node_image }} + when: openshift.common.is_containerized | bool and openshift.node.node_image not in docker_images.stdout + - name: Install Node docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" @@ -62,6 +73,11 @@ group: root when: openshift.common.is_containerized | bool +- name: Pull required docker image + command: > + docker pull {{ openshift.node.ovs_image }} + when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout + - name: Install OpenvSwitch docker service file template: dest: "/etc/systemd/system/openvswitch.service" -- cgit v1.2.3 From 7a2891780e827513859628c7703cc1e7be53683f Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 23 Nov 2015 15:21:23 -0500 Subject: Add openshift_cli role This role ensures that the clients package is installed or if it's a containerized install places a wrapper script in /usr/local/bin/openshift and symlinks for oc, oadm, and kubectl. --- roles/openshift_cli/meta/main.yml | 16 ++++++++++++ roles/openshift_cli/tasks/main.yml | 32 ++++++++++++++++++++++++ roles/openshift_cli/templates/openshift.j2 | 16 ++++++++++++ roles/openshift_facts/library/openshift_facts.py | 20 ++------------- roles/openshift_master/meta/main.yml | 1 + roles/openshift_master_ca/meta/main.yml | 1 + 6 files changed, 68 insertions(+), 18 deletions(-) create mode 100644 roles/openshift_cli/meta/main.yml create mode 100644 roles/openshift_cli/tasks/main.yml create mode 100644 roles/openshift_cli/templates/openshift.j2 diff --git a/roles/openshift_cli/meta/main.yml b/roles/openshift_cli/meta/main.yml new file mode 100644 index 000000000..1e8f8b719 --- /dev/null +++ b/roles/openshift_cli/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift Docker + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- { role: openshift_common } +- { role: docker } diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml new file mode 100644 index 000000000..c0ea66e70 --- /dev/null +++ b/roles/openshift_cli/tasks/main.yml @@ -0,0 +1,32 @@ +--- +- openshift_facts: + role: common + local_facts: + deployment_type: "{{ openshift_deployment_type }}" + +- name: Install clients + yum: pkg={{ openshift.common.service_type }}-clients state=installed + when: not openshift.common.is_containerized | bool + +- name: Pull CLI Image + command: > + docker pull {{ openshift.common.cli_image }} + when: openshift.common.is_containerized | bool + +- name: Create /usr/local/bin/openshift cli wrapper + template: + src: openshift.j2 + dest: /usr/local/bin/openshift + mode: 0755 + when: openshift.common.is_containerized | bool + +- name: Create client symlinks + file: + path: "{{ item }}" + state: link + src: /usr/local/bin/openshift + with_items: + - /usr/local/bin/oadm + - /usr/local/bin/oc + - /usr/local/bin/kubectl + when: openshift.common.is_containerized | bool \ No newline at end of file diff --git a/roles/openshift_cli/templates/openshift.j2 b/roles/openshift_cli/templates/openshift.j2 new file mode 100644 index 000000000..cade4d1a7 --- /dev/null +++ b/roles/openshift_cli/templates/openshift.j2 @@ -0,0 +1,16 @@ +#!/bin/bash +if [ ! -d ~/.kube ]; then + mkdir -m 0700 ~/.kube +fi +cmd=`basename $0` +user=`id -u` +group=`id -g` + +# docker can only split stderr and stdin when run without -t +# https://github.com/docker/docker/issues/725 +# ansible checks various streams DO NOT CROSS THE STREAMS +if [ -z $TERM ]; then + $t = '-it' +fi + +docker run ${t} -a STDERR -a STDOUT -a STDIN --privileged --net=host --user=${user}:${group} -v ~/.kube:/root/.kube -v /tmp:/tmp -v {{ openshift.common.config_base}}:{{ openshift.common.config_base }} -e KUBECONFIG=/root/.kube/config --entrypoint ${cmd} --rm {{ openshift.common.cli_image }} ${@} \ No newline at end of file diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index b5454dd81..35ee18f4f 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1014,22 +1014,6 @@ def set_container_facts_if_unset(facts): if 'ovs_image' not in facts['node']: facts['node']['ovs_image'] = ovs_image - # shared /tmp/openshift vol is for file exchange with ansible - # --privileged is required to read the config dir - # --net host to access openshift from the container - # maybe -v /var/run/docker.sock:/var/run/docker.sock is required as well - runner = ("docker run --rm --privileged --net host -v " - "/tmp/openshift:/tmp/openshift -v {datadir}:{datadir} " - "-v {confdir}:{confdir} " - "-e KUBECONFIG={confdir}/master/admin.kubeconfig " - "{image}").format(confdir=facts['common']['config_base'], - datadir=facts['common']['data_dir'], - image=facts['common']['cli_image']) - - if facts['common']['is_containerized']: - facts['common']['client_binary'] = '%s cli' % runner - facts['common']['admin_binary'] = '%s admin' % runner - return facts @@ -1134,8 +1118,8 @@ class OpenShiftFacts(object): common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, deployment_type='origin', hostname=hostname, public_hostname=hostname, use_manageiq=False) - common['client_binary'] = 'oc' if os.path.isfile('/usr/bin/oc') else 'osc' - common['admin_binary'] = 'oadm' if os.path.isfile('/usr/bin/oadm') else 'osadm' + common['client_binary'] = 'oc' + common['admin_binary'] = 'oadm' common['dns_domain'] = 'cluster.local' common['install_examples'] = True defaults['common'] = common diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index c125cb5d0..8db99fc2a 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - { role: openshift_common } +- { role: openshift_cli } diff --git a/roles/openshift_master_ca/meta/main.yml b/roles/openshift_master_ca/meta/main.yml index 0c8881521..b5dd466c9 100644 --- a/roles/openshift_master_ca/meta/main.yml +++ b/roles/openshift_master_ca/meta/main.yml @@ -14,3 +14,4 @@ galaxy_info: - system dependencies: - { role: openshift_repos } +- { role: openshift_cli } -- cgit v1.2.3 From 0c18c742c60e5c4acd609d682caae7f7ce8840cd Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 18 Nov 2015 14:34:47 -0500 Subject: Create nfs host group with registry volume attachment. --- inventory/byo/hosts.origin.example | 6 +++ playbooks/aws/openshift-cluster/config.yml | 1 + playbooks/byo/openshift-cluster/config.yml | 1 + .../upgrades/v3_0_minor/upgrade.yml | 1 + .../upgrades/v3_0_to_v3_1/upgrade.yml | 1 + playbooks/common/openshift-cluster/config.yml | 2 + .../common/openshift-cluster/evaluate_groups.yml | 16 +++++++ playbooks/common/openshift-master/config.yml | 10 ++++- playbooks/common/openshift-nfs/config.yml | 5 +++ playbooks/common/openshift-nfs/filter_plugins | 1 + playbooks/common/openshift-nfs/lookup_plugins | 1 + playbooks/common/openshift-nfs/roles | 1 + playbooks/common/openshift-nfs/service.yml | 18 ++++++++ playbooks/gce/openshift-cluster/config.yml | 1 + playbooks/libvirt/openshift-cluster/config.yml | 1 + playbooks/openstack/openshift-cluster/config.yml | 1 + roles/openshift_facts/library/openshift_facts.py | 8 +++- roles/openshift_registry/tasks/main.yml | 18 +++++++- roles/openshift_storage_nfs/README.md | 52 ++++++++++++++++++++++ roles/openshift_storage_nfs/defaults/main.yml | 8 ++++ roles/openshift_storage_nfs/handlers/main.yml | 6 +++ roles/openshift_storage_nfs/meta/main.yml | 15 +++++++ roles/openshift_storage_nfs/tasks/main.yml | 49 ++++++++++++++++++++ roles/openshift_storage_nfs/templates/exports.j2 | 1 + 24 files changed, 220 insertions(+), 4 deletions(-) create mode 100644 playbooks/common/openshift-nfs/config.yml create mode 120000 playbooks/common/openshift-nfs/filter_plugins create mode 120000 playbooks/common/openshift-nfs/lookup_plugins create mode 120000 playbooks/common/openshift-nfs/roles create mode 100644 playbooks/common/openshift-nfs/service.yml create mode 100644 roles/openshift_storage_nfs/README.md create mode 100644 roles/openshift_storage_nfs/defaults/main.yml create mode 100644 roles/openshift_storage_nfs/handlers/main.yml create mode 100644 roles/openshift_storage_nfs/meta/main.yml create mode 100644 roles/openshift_storage_nfs/tasks/main.yml create mode 100644 roles/openshift_storage_nfs/templates/exports.j2 diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 6f015c404..e6e519d78 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -6,6 +6,7 @@ masters nodes etcd lb +nfs # Set variables common for all OSEv3 hosts [OSEv3:vars] @@ -167,6 +168,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure dnsIP in the node config #openshift_dns_ip=172.30.0.1 +# NFS Options +#openshift_nfs_exports_dir=/var/export +#openshift_nfs_registry_volume=regvol +#openshift_nfs_export_options='*(rw,sync,all_squash)' + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml index 50fe42d6c..f46988432 100644 --- a/playbooks/aws/openshift-cluster/config.yml +++ b/playbooks/aws/openshift-cluster/config.yml @@ -15,6 +15,7 @@ g_etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" g_lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" g_master_hosts: "{{ (groups['tag_host-type_master']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" + g_nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" g_node_hosts: "{{ (groups['tag_host-type_node']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index ba8fe0a52..eecf95994 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -3,6 +3,7 @@ vars: g_etcd_hosts: "{{ groups.etcd | default([]) }}" g_master_hosts: "{{ groups.masters | default([]) }}" + g_nfs_hosts: "{{ groups.nfs | default([]) }}" g_node_hosts: "{{ groups.nodes | default([]) }}" g_lb_hosts: "{{ groups.lb | default([]) }}" openshift_cluster_id: "{{ cluster_id | default('default') }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml index 56e79e8c2..c3358eb4b 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml @@ -3,6 +3,7 @@ vars: g_etcd_hosts: "{{ groups.etcd | default([]) }}" g_master_hosts: "{{ groups.masters | default([]) }}" + g_nfs_hosts: "{{ groups.nfs | default([]) }}" g_node_hosts: "{{ groups.nodes | default([]) }}" g_lb_hosts: "{{ groups.lb | default([]) }}" openshift_cluster_id: "{{ cluster_id | default('default') }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index b4b4f3ec0..960c00087 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -3,6 +3,7 @@ vars: g_etcd_hosts: "{{ groups.etcd | default([]) }}" g_master_hosts: "{{ groups.masters | default([]) }}" + g_nfs_hosts: "{{ groups.nfs | default([]) }}" g_node_hosts: "{{ groups.nodes | default([]) }}" g_lb_hosts: "{{ groups.lb | default([]) }}" openshift_cluster_id: "{{ cluster_id | default('default') }}" diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 482fa8441..a2a2629a7 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -3,6 +3,8 @@ - include: ../openshift-etcd/config.yml +- include: ../openshift-nfs/config.yml + - include: ../openshift-master/config.yml - include: ../openshift-node/config.yml diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index 6343a2567..db7105ed5 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -21,6 +21,14 @@ msg: This playbook requires g_lb_hosts to be set when: g_lb_hosts is not defined + - fail: + msg: This playbook requires g_nfs_hosts to be set + when: g_nfs_hosts is not defined + + - fail: + msg: The nfs group must be limited to one host + when: (groups[g_nfs_hosts] | default([])) | length > 1 + - name: Evaluate oo_etcd_to_config add_host: name: "{{ item }}" @@ -81,3 +89,11 @@ ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_sudo: "{{ g_sudo | default(omit) }}" with_items: "{{ g_lb_hosts | default([]) }}" + + - name: Evaluate oo_nfs_to_config + add_host: + name: "{{ item }}" + groups: oo_nfs_to_config + ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" + ansible_sudo: "{{ g_sudo | default(omit) }}" + with_items: "{{ g_nfs_hosts | default([]) }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index dd638487a..eff4337cb 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -394,7 +394,15 @@ - name: Create services hosts: oo_first_master + vars: + attach_registry_volume: "{{ groups.oo_nfs_to_config | length > 0 }}" + pre_tasks: + - set_fact: + nfs_host: "{{ groups.oo_nfs_to_config.0 }}" + registry_volume_path: "{{ hostvars[groups.oo_nfs_to_config.0].openshift.nfs.exports_dir + '/' + hostvars[groups.oo_nfs_to_config.0].openshift.nfs.registry_volume }}" + when: attach_registry_volume | bool roles: - role: openshift_router when: openshift.master.infra_nodes is defined - #- role: openshift_registry + - role: openshift_registry + when: openshift.master.infra_nodes is defined and attach_registry_volume | bool diff --git a/playbooks/common/openshift-nfs/config.yml b/playbooks/common/openshift-nfs/config.yml new file mode 100644 index 000000000..e3f5c17ca --- /dev/null +++ b/playbooks/common/openshift-nfs/config.yml @@ -0,0 +1,5 @@ +--- +- name: Configure nfs hosts + hosts: oo_nfs_to_config + roles: + - role: openshift_storage_nfs diff --git a/playbooks/common/openshift-nfs/filter_plugins b/playbooks/common/openshift-nfs/filter_plugins new file mode 120000 index 000000000..99a95e4ca --- /dev/null +++ b/playbooks/common/openshift-nfs/filter_plugins @@ -0,0 +1 @@ +../../../filter_plugins \ No newline at end of file diff --git a/playbooks/common/openshift-nfs/lookup_plugins b/playbooks/common/openshift-nfs/lookup_plugins new file mode 120000 index 000000000..ac79701db --- /dev/null +++ b/playbooks/common/openshift-nfs/lookup_plugins @@ -0,0 +1 @@ +../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/common/openshift-nfs/roles b/playbooks/common/openshift-nfs/roles new file mode 120000 index 000000000..e2b799b9d --- /dev/null +++ b/playbooks/common/openshift-nfs/roles @@ -0,0 +1 @@ +../../../roles/ \ No newline at end of file diff --git a/playbooks/common/openshift-nfs/service.yml b/playbooks/common/openshift-nfs/service.yml new file mode 100644 index 000000000..20c8ca248 --- /dev/null +++ b/playbooks/common/openshift-nfs/service.yml @@ -0,0 +1,18 @@ +--- +- name: Populate g_service_nfs host group if needed + hosts: localhost + gather_facts: no + tasks: + - fail: msg="new_cluster_state is required to be injected in this playbook" + when: new_cluster_state is not defined + + - name: Evaluate g_service_nfs + add_host: name={{ item }} groups=g_service_nfs + with_items: oo_host_group_exp | default([]) + +- name: Change state on nfs instance(s) + hosts: g_service_nfs + connection: ssh + gather_facts: no + tasks: + - service: name=nfs-server state="{{ new_cluster_state }}" diff --git a/playbooks/gce/openshift-cluster/config.yml b/playbooks/gce/openshift-cluster/config.yml index 5bf98c2d5..4a76e406a 100644 --- a/playbooks/gce/openshift-cluster/config.yml +++ b/playbooks/gce/openshift-cluster/config.yml @@ -20,6 +20,7 @@ g_etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" g_lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" g_master_hosts: "{{ (groups['tag_host-type-master']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" + g_nfs_hosts: "{{ (groups['tag_host-type-nfs']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" g_node_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" diff --git a/playbooks/libvirt/openshift-cluster/config.yml b/playbooks/libvirt/openshift-cluster/config.yml index b84bde084..dcaec3924 100644 --- a/playbooks/libvirt/openshift-cluster/config.yml +++ b/playbooks/libvirt/openshift-cluster/config.yml @@ -19,6 +19,7 @@ g_etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" g_lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" g_master_hosts: "{{ (groups['tag_host-type-master']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" + g_nfs_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" g_node_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml index da7b5cc49..07a9d9488 100644 --- a/playbooks/openstack/openshift-cluster/config.yml +++ b/playbooks/openstack/openshift-cluster/config.yml @@ -14,6 +14,7 @@ g_etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" g_lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" g_master_hosts: "{{ (groups['tag_host-type_master']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" + g_nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" g_node_hosts: "{{ (groups['tag_host-type_node']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index e557853b1..e52c2cbed 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -985,7 +985,7 @@ class OpenShiftFacts(object): Raises: OpenShiftFactsUnsupportedRoleError: """ - known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'etcd'] + known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'etcd', 'nfs'] def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=False): self.changed = False @@ -1078,6 +1078,12 @@ class OpenShiftFacts(object): node = dict(labels={}, annotations={}, portal_net='172.30.0.0/16', iptables_sync_period='5s', set_node_ip=False) defaults['node'] = node + + if 'nfs' in roles: + nfs = dict(exports_dir='/var/export', registry_volume='regvol', + export_options='*(rw,sync,all_squash)') + defaults['nfs'] = nfs + return defaults def guess_host_provider(self): diff --git a/roles/openshift_registry/tasks/main.yml b/roles/openshift_registry/tasks/main.yml index 749eea5c0..2804e8f2e 100644 --- a/roles/openshift_registry/tasks/main.yml +++ b/roles/openshift_registry/tasks/main.yml @@ -1,6 +1,4 @@ --- -# This role is unused until we add options for configuring the backend storage - - set_fact: _oreg_images="--images='{{ openshift.master.registry_url }}'" - set_fact: _oreg_selector="--selector='{{ openshift.master.registry_selector }}'" @@ -12,3 +10,19 @@ --credentials={{ openshift_master_config_dir }}/openshift-registry.kubeconfig {{ _oreg_images }} register: _oreg_results changed_when: "'service exists' not in _oreg_results.stdout" + +- name: Determine if nfs volume is already attached + command: "{{ openshift.common.client_binary }} get -o template dc/docker-registry --template=\\{\\{.spec.template.spec.volumes\\}\\}" + register: registry_volumes_output + when: attach_registry_volume | bool + +- set_fact: + volume_already_attached: "{{ 'server:' + nfs_host in registry_volumes_output.stdout and 'path:' + registry_volume_path in registry_volumes_output.stdout }}" + when: attach_registry_volume | bool + +- name: Add nfs volume to dc/docker-registry + command: > + {{ openshift.common.client_binary }} volume dc/docker-registry + --add --overwrite --name=registry-storage --mount-path=/registry + --source='{"nfs": {"server": "{{ nfs_host }}", "path": "{{ registry_volume_path }}"}}' + when: attach_registry_volume | bool and not volume_already_attached | bool diff --git a/roles/openshift_storage_nfs/README.md b/roles/openshift_storage_nfs/README.md new file mode 100644 index 000000000..548e146cb --- /dev/null +++ b/roles/openshift_storage_nfs/README.md @@ -0,0 +1,52 @@ +OpenShift NFS Server +==================== + +OpenShift NFS Server Installation + +Requirements +------------ + +This role is intended to be applied to the [nfs] host group which is +separate from OpenShift infrastructure components. + +Requires access to the 'nfs-utils' package. + +Role Variables +-------------- + +From this role: +| Name | Default value | | +|-------------------------------|-----------------------|--------------------------------------------------| +| openshift_nfs_exports_dir | /var/export | Root export directory. | +| openshift_nfs_registry_volume | regvol | Registry volume within openshift_nfs_exports_dir | +| openshift_nfs_export_options | *(rw,sync,all_squash) | NFS options for configured exports. | + + +From openshift_common: +| Name | Default Value | | +|-------------------------------|----------------|----------------------------------------| +| openshift_debug_level | 2 | Global openshift debug log verbosity | + + +Dependencies +------------ + + + +Example Playbook +---------------- + +- name: Configure nfs hosts + hosts: oo_nfs_to_config + roles: + - role: openshift_storage_nfs + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Andrew Butcher (abutcher@redhat.com) diff --git a/roles/openshift_storage_nfs/defaults/main.yml b/roles/openshift_storage_nfs/defaults/main.yml new file mode 100644 index 000000000..e25062c00 --- /dev/null +++ b/roles/openshift_storage_nfs/defaults/main.yml @@ -0,0 +1,8 @@ +--- +exports_dir: /var/export +registry_volume: regvol +export_options: '*(rw,sync,all_squash)' +os_firewall_use_firewalld: False +os_firewall_allow: +- service: nfs + port: "2049/tcp" diff --git a/roles/openshift_storage_nfs/handlers/main.yml b/roles/openshift_storage_nfs/handlers/main.yml new file mode 100644 index 000000000..a1377a203 --- /dev/null +++ b/roles/openshift_storage_nfs/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart nfs-server + service: + name: nfs-server + state: restarted + when: not (nfs_service_status_changed | default(false)) diff --git a/roles/openshift_storage_nfs/meta/main.yml b/roles/openshift_storage_nfs/meta/main.yml new file mode 100644 index 000000000..2975daf52 --- /dev/null +++ b/roles/openshift_storage_nfs/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Andrew Butcher + description: OpenShift NFS Server + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 +dependencies: +- { role: os_firewall } +- { role: openshift_common } +- { role: openshift_repos } diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml new file mode 100644 index 000000000..64b121ade --- /dev/null +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -0,0 +1,49 @@ +--- +- name: Set nfs facts + openshift_facts: + role: nfs + local_facts: + exports_dir: "{{ openshift_nfs_exports_dir | default(None) }}" + export_options: "{{ openshift_nfs_export_options | default(None) }}" + registry_volume: "{{ openshift_nfs_registry_volume | default(None) }}" + +- name: Install nfs-utils + yum: + pkg: nfs-utils + state: present + +- name: Ensure exports directory exists + file: + path: "{{ openshift.nfs.exports_dir }}" + state: directory + +- name: Ensure export directories exist + file: + path: "{{ openshift.nfs.exports_dir }}/{{ item }}" + state: directory + mode: 0777 + owner: nfsnobody + group: nfsnobody + with_items: + - "{{ openshift.nfs.registry_volume }}" + +- name: Configure exports + template: + dest: /etc/exports + src: exports.j2 + notify: + - restart nfs-server + +- name: Enable and start services + service: + name: "{{ item }}" + state: started + enabled: yes + register: start_result + with_items: + - nfs-server + +- set_fact: + nfs_service_status_changed: "{{ True in (start_result.results + | map(attribute='changed') + | list) }}" diff --git a/roles/openshift_storage_nfs/templates/exports.j2 b/roles/openshift_storage_nfs/templates/exports.j2 new file mode 100644 index 000000000..702473040 --- /dev/null +++ b/roles/openshift_storage_nfs/templates/exports.j2 @@ -0,0 +1 @@ +{{ openshift.nfs.exports_dir }}/{{ openshift.nfs.registry_volume }} {{ openshift.nfs.export_options }} -- cgit v1.2.3 From 3f2be7d987ccef8c4e157163dd9394ba6492a88c Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 2 Dec 2015 15:29:32 -0500 Subject: Move all docker config into openshift_docker to minimize docker restarts --- roles/openshift_docker/tasks/main.yml | 32 +++++++++++++++++++++--- roles/openshift_facts/library/openshift_facts.py | 5 ++-- roles/openshift_node/tasks/main.yml | 2 -- 3 files changed, 31 insertions(+), 8 deletions(-) diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml index 4f9fe1f97..75e782eef 100644 --- a/roles/openshift_docker/tasks/main.yml +++ b/roles/openshift_docker/tasks/main.yml @@ -1,18 +1,30 @@ --- -- openshift_facts: - role: common +- name: Set docker facts + openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common local_facts: deployment_type: "{{ openshift_deployment_type }}" docker_additional_registries: "{{ docker_additional_registries }}" docker_insecure_registries: "{{ docker_insecure_registries }}" docker_blocked_registries: "{{ docker_blocked_registries }}" + - role: node + local_facts: + portal_net: "{{ openshift_master_portal_net | default(None) }}" + docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" + docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" +- stat: path=/etc/sysconfig/docker + register: docker_check + - name: Set registry params lineinfile: dest: /etc/sysconfig/docker regexp: '^{{ item.reg_conf_var }}=.*$' line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'" - when: "'docker_additional_registries' in openshift.common" + when: "'docker_additional_registries' in openshift.common and docker_check.stat.isreg" with_items: - reg_conf_var: ADD_REGISTRY reg_fact_val: "{{ openshift.common.docker_additional_registries }}" @@ -25,3 +37,17 @@ reg_flag: --insecure-registry notify: - restart docker + +# TODO: Enable secure registry when code available in origin +# TODO: perhaps move this to openshift_docker? +- name: Secure Registry and Logs Options + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^OPTIONS=.*$' + line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ + {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \ + {% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }} {% endif %} \ + {% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '" + when: docker_check.stat.isreg + notify: + - restart docker \ No newline at end of file diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 35ee18f4f..c33e395a9 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -652,10 +652,9 @@ def set_deployment_facts_if_unset(facts): if deployment_type in ['enterprise', 'atomic-enterprise', 'openshift-enterprise']: addtl_regs = facts['common'].get('docker_additional_registries', []) - ent_reg = ['registry.access.redhat.com'] + ent_reg = 'registry.access.redhat.com' if ent_reg not in addtl_regs: - facts['common']['docker_additional_registries'] = addtl_regs + ent_reg - + facts['common']['docker_additional_registries'] = addtl_regs + [ent_reg] for role in ('master', 'node'): if role in facts: diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index f77e0250d..597d5566f 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -22,8 +22,6 @@ local_facts: annotations: "{{ openshift_node_annotations | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" - docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" - docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" -- cgit v1.2.3 From afe0064e01d3f6f33f323ffea7aae0eaf00b9ac2 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 7 Dec 2015 10:24:20 -0500 Subject: Skip yum/dnf ops when is_containerized --- .../openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml | 1 + playbooks/common/openshift-master/config.yml | 1 + roles/ansible/tasks/main.yml | 1 + roles/cockpit/tasks/main.yml | 1 + roles/copr_cli/tasks/main.yml | 1 + roles/flannel/tasks/main.yml | 1 + roles/fluentd_master/tasks/main.yml | 1 + roles/fluentd_node/tasks/main.yml | 1 + roles/haproxy/tasks/main.yml | 1 + roles/kube_nfs_volumes/tasks/main.yml | 1 + roles/kube_nfs_volumes/tasks/nfs.yml | 1 + roles/openshift_ansible_inventory/tasks/main.yml | 1 + roles/openshift_common/tasks/main.yml | 1 + roles/openshift_facts/tasks/main.yml | 13 +++++++++++++ roles/openshift_master_ca/tasks/main.yml | 3 ++- roles/openshift_node/tasks/main.yml | 13 ++----------- roles/openshift_node/tasks/storage_plugins/ceph.yml | 3 ++- roles/openshift_node/tasks/storage_plugins/glusterfs.yml | 1 + roles/openshift_repos/tasks/main.yaml | 4 ++-- roles/os_firewall/tasks/firewall/firewalld.yml | 1 + 20 files changed, 36 insertions(+), 15 deletions(-) diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index fc098b4ed..1f9c6afd3 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -235,6 +235,7 @@ - name: Ensure python-yaml present for config upgrade action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" + when: not openshift.common.is_atomic | bool - name: Upgrade master configuration openshift_upgrade_config: diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 9c800af39..3598bdad7 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -246,6 +246,7 @@ when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) - name: Install OpenSSL package action: "{{ ansible_pkg_mgr }} name=openssl state=present" + when: not openshift.common.is_atomic | bool - name: Generate session authentication key command: /usr/bin/openssl rand -base64 24 register: session_auth_output diff --git a/roles/ansible/tasks/main.yml b/roles/ansible/tasks/main.yml index 2a6ac7713..ea14fb39a 100644 --- a/roles/ansible/tasks/main.yml +++ b/roles/ansible/tasks/main.yml @@ -3,6 +3,7 @@ - name: Install Ansible action: "{{ ansible_pkg_mgr }} name=ansible state=present" + when: not openshift.common.is_containerized | bool - include: config.yml vars: diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml index b90e7dfd6..6e9f3a8bd 100644 --- a/roles/cockpit/tasks/main.yml +++ b/roles/cockpit/tasks/main.yml @@ -6,6 +6,7 @@ - cockpit-shell - cockpit-bridge - "{{ cockpit_plugins }}" + when: not openshift.common.is_containerized | bool - name: Enable cockpit-ws service: diff --git a/roles/copr_cli/tasks/main.yml b/roles/copr_cli/tasks/main.yml index 4bfd551d3..b732fb7a4 100644 --- a/roles/copr_cli/tasks/main.yml +++ b/roles/copr_cli/tasks/main.yml @@ -1,2 +1,3 @@ --- - action: "{{ ansible_pkg_mgr }} name=copr-cli state=present" + when: not openshift.common.is_containerized | bool diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index 1e86176ea..aa27b674e 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -2,6 +2,7 @@ - name: Install flannel sudo: true action: "{{ ansible_pkg_mgr }} name=flannel state=present" + when: not openshift.common.is_containerized | bool - name: Set flannel etcd url sudo: true diff --git a/roles/fluentd_master/tasks/main.yml b/roles/fluentd_master/tasks/main.yml index a9531eecf..1c87d562a 100644 --- a/roles/fluentd_master/tasks/main.yml +++ b/roles/fluentd_master/tasks/main.yml @@ -6,6 +6,7 @@ # TODO: Update fluentd install and configuration when packaging is complete - name: download and install td-agent action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present" + when: not openshift.common.is_containerized | bool - name: Verify fluentd plugin installed command: '/opt/td-agent/embedded/bin/gem query -i fluent-plugin-kubernetes' diff --git a/roles/fluentd_node/tasks/main.yml b/roles/fluentd_node/tasks/main.yml index 0c0dae973..8d34c0b19 100644 --- a/roles/fluentd_node/tasks/main.yml +++ b/roles/fluentd_node/tasks/main.yml @@ -6,6 +6,7 @@ # TODO: Update fluentd install and configuration when packaging is complete - name: download and install td-agent action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present" + when: not openshift.common.is_containerized | bool - name: Verify fluentd plugin installed command: '/opt/td-agent/embedded/bin/gem query -i fluent-plugin-kubernetes' diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 106ab8489..97f870829 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -1,6 +1,7 @@ --- - name: Install haproxy action: "{{ ansible_pkg_mgr }} name=haproxy state=present" + when: not openshift.common.is_containerized | bool - name: Configure haproxy template: diff --git a/roles/kube_nfs_volumes/tasks/main.yml b/roles/kube_nfs_volumes/tasks/main.yml index b3fe2f185..5432a5e2f 100644 --- a/roles/kube_nfs_volumes/tasks/main.yml +++ b/roles/kube_nfs_volumes/tasks/main.yml @@ -5,6 +5,7 @@ - name: Install pyparted (RedHat/Fedora) action: "{{ ansible_pkg_mgr }} name=pyparted,python-httplib2 state=present" + when: not openshift.common.is_containerized | bool - name: partition the drives partitionpool: disks={{ disks }} force={{ force }} sizes={{ sizes }} diff --git a/roles/kube_nfs_volumes/tasks/nfs.yml b/roles/kube_nfs_volumes/tasks/nfs.yml index eaec28544..9a68ceb8d 100644 --- a/roles/kube_nfs_volumes/tasks/nfs.yml +++ b/roles/kube_nfs_volumes/tasks/nfs.yml @@ -1,6 +1,7 @@ --- - name: Install NFS server action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" + when: not openshift.common.is_containerized | bool - name: Start rpcbind on Fedora/Red Hat service: name=rpcbind state=started enabled=yes diff --git a/roles/openshift_ansible_inventory/tasks/main.yml b/roles/openshift_ansible_inventory/tasks/main.yml index 4a0968686..05c7a5f93 100644 --- a/roles/openshift_ansible_inventory/tasks/main.yml +++ b/roles/openshift_ansible_inventory/tasks/main.yml @@ -4,6 +4,7 @@ - openshift-ansible-inventory - openshift-ansible-inventory-aws - openshift-ansible-inventory-gce + when: not openshift.common.is_containerized | bool - name: copy: diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index c34f42838..0ee873a2b 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -27,6 +27,7 @@ - name: Install the base package for versioning action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version | default('') }} state=present" + when: not openshift.common.is_containerized | bool - name: Set version facts openshift_facts: diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 55071436f..1d986f2e5 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -5,9 +5,22 @@ - ansible_version | version_compare('1.8.0', 'ge') - ansible_version | version_compare('1.9.0', 'ne') - ansible_version | version_compare('1.9.0.1', 'ne') + +- name: Detecting Operating System + shell: ls /run/ostree-booted + ignore_errors: yes + failed_when: false + register: ostree_output + +# Locally setup containerized facts for now +- set_fact: + l_is_atomic: "{{ ostree_output.rc == 0 }}" +- set_fact: + l_is_containerized: "{{ l_is_atomic or containerized | default(false) | bool }}" - name: Ensure PyYaml is installed action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" + when: not l_is_atomic | bool - name: Gather Cluster facts and set is_containerized if needed openshift_facts: diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 3114c2464..5b4c92f2b 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -1,7 +1,8 @@ --- - name: Install the base package for admin tooling action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version }} state=present" - when: openshift.common.is_containerized | bool + when: not openshift.common.is_containerized | bool + register: install_result - name: Reload generated facts openshift_facts: diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 597d5566f..11577dd8b 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -50,7 +50,7 @@ when: openshift.common.is_containerized | bool register: docker_images -- name: Pull required docker image +- name: Pull node image command: > docker pull {{ openshift.node.node_image }} when: openshift.common.is_containerized | bool and openshift.node.node_image not in docker_images.stdout @@ -61,17 +61,8 @@ src: openshift.docker.node.service register: install_node_result when: openshift.common.is_containerized | bool - -- name: Create openshift.common.data_dir - file: - path: openshift.common.data_dir - state: directory - mode: 0755 - owner: root - group: root - when: openshift.common.is_containerized | bool -- name: Pull required docker image +- name: Pull OpenvSwitch docker image command: > docker pull {{ openshift.node.ovs_image }} when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml index 10d0990a0..119ad62ef 100644 --- a/roles/openshift_node/tasks/storage_plugins/ceph.yml +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -1,3 +1,4 @@ --- - name: Install Ceph storage plugin dependencies - action: "{{ ansible_pkg_mgr }} name=ceph-common state=present" \ No newline at end of file + action: "{{ ansible_pkg_mgr }} name=ceph-common state=present" + when: not openshift.common.is_containerized | bool \ No newline at end of file diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index 1080646ee..91ee77e7e 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -1,6 +1,7 @@ --- - name: Install GlusterFS storage plugin dependencies action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present" + when: not openshift.common.is_containerized | bool - name: Set sebooleans to allow gluster storage plugin access from containers seboolean: diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 6d910a66e..8a75639c2 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -8,7 +8,7 @@ # proper repos correctly. - assert: - that: openshift.common.deployment_type in known_openshift_deployment_types + that: openshift_deployment_type in known_openshift_deployment_types - name: Ensure libselinux-python is installed action: "{{ ansible_pkg_mgr }} name=libselinux-python state=present" @@ -46,7 +46,7 @@ with_fileglob: - '*/repos/*' when: not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) and - (ansible_distribution == "Fedora") + (ansible_distribution == "Fedora") and not openshift.common.is_containerized | bool notify: refresh cache diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml index ba12c6b0c..ac4600f83 100644 --- a/roles/os_firewall/tasks/firewall/firewalld.yml +++ b/roles/os_firewall/tasks/firewall/firewalld.yml @@ -1,6 +1,7 @@ --- - name: Install firewalld packages action: "{{ ansible_pkg_mgr }} name=firewalld state=present" + when: not openshift.common.is_containerized | bool register: install_result - name: Check if iptables-services is installed -- cgit v1.2.3 From c1468c4cf82c553986af9cc7825a4009b0d53962 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 15 Dec 2015 17:34:37 -0500 Subject: Fix containerized variable --- roles/openshift_facts/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 1d986f2e5..87fa99a3b 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -26,4 +26,4 @@ openshift_facts: role: common local_facts: - is_containerized: "{{ openshift_containerized | default(None) }}" + is_containerized: "{{ containerized | default(None) }}" -- cgit v1.2.3 From c92c263aadf1346cb7e8f41e943b48ffd45e20f2 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Wed, 16 Dec 2015 09:32:30 +0100 Subject: Properly set use_flannel fact --- playbooks/common/openshift-node/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 952a9fd51..8a3f9c425 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -16,6 +16,7 @@ hostname: "{{ openshift_hostname | default(None) }}" public_hostname: "{{ openshift_public_hostname | default(None) }}" deployment_type: "{{ openshift_deployment_type }}" + use_flannel: "{{ openshift_use_flannel | default(None) }}" - role: node local_facts: labels: "{{ openshift_node_labels | default(None) }}" -- cgit v1.2.3 From 5e2e55e4aa09468a054ce7c9901c51d9563cc85a Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 16 Dec 2015 10:55:07 -0500 Subject: Install httpd-tools when not is_atomic --- roles/openshift_master/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 0695693ff..405183186 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -148,7 +148,7 @@ - name: Install httpd-tools if needed action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present" when: (item.kind == 'HTPasswdPasswordIdentityProvider') and - not openshift.common.is_containerized | bool + not openshift.common.is_atomic | bool with_items: openshift.master.identity_providers - name: Ensure htpasswd directory exists -- cgit v1.2.3 From 48778f29f265380a3e6fa2e882621ebc3781736b Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 16 Dec 2015 14:14:42 -0500 Subject: Add some guards to wait for images to be pulled before moving on --- roles/etcd/tasks/main.yml | 10 ++++++++++ roles/openshift_cli/tasks/main.yml | 16 ++++++++++++++++ roles/openshift_master/tasks/main.yml | 12 +++++++++++- roles/openshift_node/tasks/main.yml | 31 ++++++++++++++++++++++++++----- 4 files changed, 63 insertions(+), 6 deletions(-) diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index a03c693d6..2160ed817 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -20,6 +20,16 @@ - name: Pull etcd container command: docker pull {{ openshift.etcd.etcd_image }} when: openshift.common.is_containerized | bool and openshift.etcd.etcd_image not in docker_images.stdout + +- name: Wait for etcd image + command: > + docker images + register: docker_images + until: openshift.etcd.etcd_image in docker_images.stdout + retries: 30 + delay: 10 + changed_when: false + when: openshift.common.is_containerized | bool - name: Install etcd container service file template: diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index c0ea66e70..8d7686ffd 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -8,10 +8,26 @@ yum: pkg={{ openshift.common.service_type }}-clients state=installed when: not openshift.common.is_containerized | bool +- name: List Docker images + command: > + docker images + register: docker_images + - name: Pull CLI Image command: > docker pull {{ openshift.common.cli_image }} + when: openshift.common.is_containerized | bool and openshift.common.cli_image not in docker_images.stdout + +- name: Wait for CLI image + command: > + docker images + register: docker_images + until: openshift.common.cli_image in docker_images.stdout + retries: 30 + delay: 10 + changed_when: false when: openshift.common.is_containerized | bool + - name: Create /usr/local/bin/openshift cli wrapper template: diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 405183186..9caf15f9e 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -91,10 +91,20 @@ when: openshift.common.is_containerized | bool register: docker_images -- name: Pull required docker image +- name: Pull master image command: > docker pull {{ openshift.master.master_image }} when: openshift.common.is_containerized | bool and openshift.master.master_image not in docker_images.stdout + +- name: Wait for master image + command: > + docker images + register: docker_images + until: openshift.master.master_image in docker_images.stdout + retries: 30 + delay: 10 + changed_when: false + when: openshift.common.is_containerized | bool - name: Install Master docker service file template: diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 11577dd8b..96383439c 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -54,6 +54,32 @@ command: > docker pull {{ openshift.node.node_image }} when: openshift.common.is_containerized | bool and openshift.node.node_image not in docker_images.stdout + +- name: Wait for node image + command: > + docker images + register: docker_images + until: openshift.node.node_image in docker_images.stdout + retries: 30 + delay: 10 + changed_when: false + when: openshift.common.is_containerized | bool + +- name: Pull OpenVSwitch image + command: > + docker pull {{ openshift.node.ovs_image }} + when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout + and openshift.common.use_openshift_sdn | bool + +- name: Wait for OpenVSwitch image + command: > + docker images + register: docker_images + until: openshift.node.ovs_image in docker_images.stdout + retries: 30 + delay: 10 + changed_when: false + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool - name: Install Node docker service file template: @@ -62,11 +88,6 @@ register: install_node_result when: openshift.common.is_containerized | bool -- name: Pull OpenvSwitch docker image - command: > - docker pull {{ openshift.node.ovs_image }} - when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout - - name: Install OpenvSwitch docker service file template: dest: "/etc/systemd/system/openvswitch.service" -- cgit v1.2.3 From 92f6b68fffdc1f72ee8261aec6a03b4ccc909a3a Mon Sep 17 00:00:00 2001 From: Samuel Munilla Date: Mon, 14 Dec 2015 14:19:06 -0500 Subject: atomic-openshift-installer: Remove HA hint for 3.0 install Small update to remove the hint for multiple masters if we are doing a 3.0 installation. --- utils/src/ooinstall/cli_installer.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py index dc88cb1ad..cf57ecaec 100644 --- a/utils/src/ooinstall/cli_installer.py +++ b/utils/src/ooinstall/cli_installer.py @@ -72,7 +72,7 @@ def delete_hosts(hosts): click.echo("\"{}\" doesn't coorespond to any valid input.".format(del_idx)) return hosts, None -def collect_hosts(version=None, masters_set=False, print_summary=True): +def collect_hosts(oo_cfg, masters_set=False, print_summary=True): """ Collect host information from user. This will later be filled in using ansible. @@ -125,7 +125,7 @@ http://docs.openshift.com/enterprise/latest/architecture/infrastructure_componen host_props['master'] = True num_masters += 1 - if version == '3.0': + if oo_cfg.settings['variant_version'] == '3.0': masters_set = True host_props['node'] = True @@ -144,7 +144,7 @@ http://docs.openshift.com/enterprise/latest/architecture/infrastructure_componen hosts.append(host) if print_summary: - print_installation_summary(hosts) + print_installation_summary(hosts, oo_cfg.settings['variant_version']) # If we have one master, this is enough for an all-in-one deployment, # thus we can start asking if you wish to proceed. Otherwise we assume @@ -158,7 +158,7 @@ http://docs.openshift.com/enterprise/latest/architecture/infrastructure_componen return hosts -def print_installation_summary(hosts): +def print_installation_summary(hosts, version=None): """ Displays a summary of all hosts configured thus far, and what role each will play. @@ -179,7 +179,7 @@ def print_installation_summary(hosts): click.echo('Total OpenShift Masters: %s' % len(masters)) click.echo('Total OpenShift Nodes: %s' % len(nodes)) - if len(masters) == 1: + if len(masters) == 1 and version != '3.0': ha_hint_message = """ NOTE: Add a total of 3 or more Masters to perform an HA installation.""" click.echo(ha_hint_message) @@ -494,20 +494,20 @@ https://docs.openshift.com/enterprise/latest/admin_guide/install/prerequisites.h click.clear() if not oo_cfg.hosts: - oo_cfg.hosts = collect_hosts(version=oo_cfg.settings['variant_version']) + oo_cfg.hosts = collect_hosts(oo_cfg) click.clear() return oo_cfg -def collect_new_nodes(): +def collect_new_nodes(oo_cfg): click.clear() click.echo('*** New Node Configuration ***') message = """ Add new nodes here """ click.echo(message) - return collect_hosts(masters_set=True, print_summary=False) + return collect_hosts(oo_cfg, masters_set=True, print_summary=False) def get_installed_hosts(hosts, callback_facts): installed_hosts = [] @@ -577,7 +577,7 @@ def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force, verbose): sys.exit(1) else: if not force: - new_nodes = collect_new_nodes() + new_nodes = collect_new_nodes(oo_cfg) hosts_to_run_on.extend(new_nodes) oo_cfg.hosts.extend(new_nodes) @@ -752,7 +752,7 @@ def install(ctx, force): check_hosts_config(oo_cfg, ctx.obj['unattended']) - print_installation_summary(oo_cfg.hosts) + print_installation_summary(oo_cfg.hosts, oo_cfg.settings['variant_version']) click.echo('Gathering information from hosts...') callback_facts, error = openshift_ansible.default_facts(oo_cfg.hosts, verbose) -- cgit v1.2.3 From 0de78ee9fbbf29f58f5a0aa8f306d6a3ab421a6a Mon Sep 17 00:00:00 2001 From: Samuel Munilla Date: Wed, 16 Dec 2015 14:45:28 -0500 Subject: quick installer tests Add test for not displaying HA hints for 3.0 installs --- utils/test/cli_installer_tests.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/utils/test/cli_installer_tests.py b/utils/test/cli_installer_tests.py index 1da49c807..ea380d565 100644 --- a/utils/test/cli_installer_tests.py +++ b/utils/test/cli_installer_tests.py @@ -913,6 +913,25 @@ class AttendedCliTests(OOCliFixture): self.assertEquals('True', inventory.get('nodes', '10.0.0.1 openshift_schedulable')) + #interactive 3.0 install confirm no HA hints + @patch('ooinstall.openshift_ansible.run_main_playbook') + @patch('ooinstall.openshift_ansible.load_system_facts') + def test_ha_hint(self, load_facts_mock, run_playbook_mock): + load_facts_mock.return_value = (MOCK_FACTS, 0) + run_playbook_mock.return_value = 0 + + cli_input = build_input(hosts=[ + ('10.0.0.1', True)], + ssh_user='root', + variant_num=2, + confirm_facts='y') + self.cli_args.append("install") + result = self.runner.invoke(cli.cli, self.cli_args, + input=cli_input) + self.assert_result(result, 0) + self.assertTrue("NOTE: Add a total of 3 or more Masters to perform an HA installation." + not in result.output) + # TODO: test with config file, attended add node # TODO: test with config file, attended new node already in config file # TODO: test with config file, attended new node already in config file, plus manually added nodes -- cgit v1.2.3 From c487383314ac400e5ddbae5bcfd586748df6608d Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 16 Dec 2015 15:35:36 -0500 Subject: Clean up versions.sh --- playbooks/common/openshift-cluster/upgrades/files/versions.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/playbooks/common/openshift-cluster/upgrades/files/versions.sh b/playbooks/common/openshift-cluster/upgrades/files/versions.sh index c7c966b60..b46407ed7 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/versions.sh @@ -1,9 +1,8 @@ #!/bin/bash -yum_installed=$(yum list installed "$@" 2>&1 | tail -n +2 | grep -v 'Installed Packages' | grep -v 'Red Hat Subscription Management' | grep -v 'Error:' | awk '{ print $2 }' | tr '\n' ' ') - -yum_available=$(yum list available -q "$@" 2>&1 | tail -n +2 | grep -v 'Available Packages' | grep -v 'Red Hat Subscription Management' | grep -v 'el7ose' | grep -v 'Error:' | awk '{ print $2 }' | tr '\n' ' ') +yum_installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | tr '\n' ' ') +yum_available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | tr '\n' ' ') echo "---" echo "curr_version: ${yum_installed}" -- cgit v1.2.3 From 96b9ee33b8fc6dab2333782d995fd518b6810579 Mon Sep 17 00:00:00 2001 From: Joel Diaz Date: Thu, 17 Dec 2015 10:14:02 -0500 Subject: fix logic to tolerate occasional failures --- roles/os_zabbix/vars/template_docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/os_zabbix/vars/template_docker.yml b/roles/os_zabbix/vars/template_docker.yml index 91a2c400e..87779d2d2 100644 --- a/roles/os_zabbix/vars/template_docker.yml +++ b/roles/os_zabbix/vars/template_docker.yml @@ -68,7 +68,7 @@ g_template_docker: priority: high - name: 'docker.container.dns.resolution failed on {HOST.NAME}' - expression: '{Template Docker:docker.container.dns.resolution.max(#3)}>0' + expression: '{Template Docker:docker.container.dns.resolution.min(#3)}>0' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_docker_dns.asciidoc' priority: high -- cgit v1.2.3 From be978f250674d67a7109a3b45f050ffea5db8970 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 17 Dec 2015 11:08:25 -0500 Subject: Update from jboss-openshift/application-templates ose-v1.2.0-1 --- roles/openshift_examples/examples-sync.sh | 2 +- .../v1.1/xpaas-streams/jboss-image-streams.json | 94 +++ .../examples/v1.1/xpaas-templates/amq62-basic.json | 35 +- .../v1.1/xpaas-templates/amq62-persistent-ssl.json | 35 +- .../v1.1/xpaas-templates/amq62-persistent.json | 35 +- .../examples/v1.1/xpaas-templates/amq62-ssl.json | 35 +- .../v1.1/xpaas-templates/datagrid65-basic.json | 332 +++++++++ .../v1.1/xpaas-templates/datagrid65-https.json | 501 +++++++++++++ .../datagrid65-mysql-persistent.json | 779 +++++++++++++++++++++ .../v1.1/xpaas-templates/datagrid65-mysql.json | 739 +++++++++++++++++++ .../datagrid65-postgresql-persistent.json | 752 ++++++++++++++++++++ .../xpaas-templates/datagrid65-postgresql.json | 712 +++++++++++++++++++ .../xpaas-templates/decisionserver62-amq-s2i.json | 684 ++++++++++++++++++ .../decisionserver62-basic-s2i.json | 344 +++++++++ .../decisionserver62-https-s2i.json | 478 +++++++++++++ .../xpaas-templates/eap64-amq-persistent-s2i.json | 132 +++- .../v1.1/xpaas-templates/eap64-amq-s2i.json | 132 +++- .../v1.1/xpaas-templates/eap64-basic-s2i.json | 39 +- .../v1.1/xpaas-templates/eap64-https-s2i.json | 126 +++- .../eap64-mongodb-persistent-s2i.json | 128 +++- .../v1.1/xpaas-templates/eap64-mongodb-s2i.json | 128 +++- .../eap64-mysql-persistent-s2i.json | 128 +++- .../v1.1/xpaas-templates/eap64-mysql-s2i.json | 128 +++- .../eap64-postgresql-persistent-s2i.json | 128 +++- .../v1.1/xpaas-templates/eap64-postgresql-s2i.json | 128 +++- .../xpaas-templates/jws30-tomcat7-basic-s2i.json | 19 +- .../xpaas-templates/jws30-tomcat7-https-s2i.json | 27 +- .../jws30-tomcat7-mongodb-persistent-s2i.json | 29 +- .../xpaas-templates/jws30-tomcat7-mongodb-s2i.json | 29 +- .../jws30-tomcat7-mysql-persistent-s2i.json | 33 +- .../xpaas-templates/jws30-tomcat7-mysql-s2i.json | 33 +- .../jws30-tomcat7-postgresql-persistent-s2i.json | 33 +- .../jws30-tomcat7-postgresql-s2i.json | 33 +- .../xpaas-templates/jws30-tomcat8-basic-s2i.json | 19 +- .../xpaas-templates/jws30-tomcat8-https-s2i.json | 27 +- .../jws30-tomcat8-mongodb-persistent-s2i.json | 29 +- .../xpaas-templates/jws30-tomcat8-mongodb-s2i.json | 29 +- .../jws30-tomcat8-mysql-persistent-s2i.json | 33 +- .../xpaas-templates/jws30-tomcat8-mysql-s2i.json | 33 +- .../jws30-tomcat8-postgresql-persistent-s2i.json | 33 +- .../jws30-tomcat8-postgresql-s2i.json | 33 +- 41 files changed, 6768 insertions(+), 458 deletions(-) create mode 100644 roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-basic.json create mode 100644 roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-https.json create mode 100644 roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-mysql-persistent.json create mode 100644 roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-mysql.json create mode 100644 roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-postgresql-persistent.json create mode 100644 roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-postgresql.json create mode 100644 roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-amq-s2i.json create mode 100644 roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-basic-s2i.json create mode 100644 roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-https-s2i.json diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index 090fb9042..c46044917 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -5,7 +5,7 @@ # # This script should be run from openshift-ansible/roles/openshift_examples -XPAAS_VERSION=ose-v1.1.0 +XPAAS_VERSION=ose-v1.2.0-1 ORIGIN_VERSION=v1.1 EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION} find ${EXAMPLES_BASE} -name '*.json' -delete diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.1/xpaas-streams/jboss-image-streams.json index aaf5569ae..64b435205 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-streams/jboss-image-streams.json @@ -28,6 +28,18 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.1" } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss Web Server 3.0 Tomcat 7 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,tomcat,tomcat7,java,jboss,xpaas", + "supports":"tomcat7:3.0,tomcat:7,java:8,xpaas:1.2", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.2" + } } ] } @@ -52,6 +64,18 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.1" } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss Web Server 3.0 Tomcat 8 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,tomcat,tomcat8,java,jboss,xpaas", + "supports":"tomcat8:3.0,tomcat:8,java:8,xpaas:1.2", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.2" + } } ] } @@ -77,6 +101,66 @@ "sampleRef": "6.4.x", "version": "1.1" } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:6.4,javaee:6,java:8,xpaas:1.2", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.2" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-decisionserver62-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift", + "tags": [ + { + "name": "1.2", + "annotations": { + "description": "Decision Server 6.2 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,decisionserver,java,xpaas", + "supports":"decisionserver:6.2,java:8,xpaas:1.2", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "master", + "version": "1.2" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid65-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift", + "tags": [ + { + "name": "1.2", + "annotations": { + "description": "JBoss Data Grid 6.5 S2I images.", + "iconClass": "icon-jboss", + "tags": "datagrid,java,jboss,xpaas", + "supports":"datagrid:6.5,java:8,xpaas:1.2", + "version": "1.2" + } } ] } @@ -99,6 +183,16 @@ "supports":"amq:6.2,messaging,xpaas:1.1", "version": "1.1" } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "supports":"amq:6.2,messaging,xpaas:1.2", + "version": "1.2" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-basic.json index 3fd04c28c..2b1680755 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-basic.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-basic.json @@ -6,13 +6,13 @@ "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template doesn't feature SSL support.", "iconClass": "icon-jboss", "tags": "messaging,amq,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "amq62-basic" }, "labels": { "template": "amq62-basic", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -53,20 +53,6 @@ "generate": "expression", "required": false }, - { - "description": "User name for admin user. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "description": "Password for admin user. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount::default' where is the project namespace.", "name": "AMQ_MESH_DISCOVERY_TYPE", @@ -207,7 +193,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.1" + "name": "jboss-amq-62:1.2" } } }, @@ -239,11 +225,16 @@ "command": [ "/bin/bash", "-c", - "curl -s -L -u ${AMQ_ADMIN_USERNAME}:${AMQ_ADMIN_PASSWORD} 'http://localhost:8161/hawtio/jolokia/read/org.apache.activemq:type=Broker,brokerName=*,service=Health/CurrentStatus' | grep -q '\"CurrentStatus\" *: *\"Good\"'" + "/opt/amq/bin/readinessProbe.sh" ] } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "amqp", "containerPort": 5672, @@ -286,14 +277,6 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" - }, { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-persistent-ssl.json index aa9e716cf..0755fef45 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-persistent-ssl.json @@ -6,13 +6,13 @@ "description": "Application template for JBoss A-MQ brokers. These are deployed as standalone and use persistent storage for saving messages. This template supports SSL and requires usage of OpenShift secrets.", "iconClass": "icon-jboss", "tags": "messaging,amq,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "amq62-persistent-ssl" }, "labels": { "template": "amq62-persistent-ssl", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -59,20 +59,6 @@ "generate": "expression", "required": false }, - { - "description": "User name for admin user. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "description": "Password for admin user. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "Name of a secret containing SSL related files", "name": "AMQ_SECRET", @@ -333,7 +319,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.1" + "name": "jboss-amq-62:1.2" } } }, @@ -377,11 +363,16 @@ "command": [ "/bin/bash", "-c", - "curl -s -L -u ${AMQ_ADMIN_USERNAME}:${AMQ_ADMIN_PASSWORD} 'http://localhost:8161/hawtio/jolokia/read/org.apache.activemq:type=Broker,brokerName=*,service=Health/CurrentStatus' | grep -q '\"CurrentStatus\" *: *\"Good\"'" + "/opt/amq/bin/readinessProbe.sh" ] } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "amqp", "containerPort": 5672, @@ -444,14 +435,6 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" - }, { "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", "value": "/etc/amq-secret-volume" diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-persistent.json index 3a2db3ce9..a8b3d5714 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-persistent.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone and use persistent storage for saving messages. This template doesn't feature SSL support.", "iconClass": "icon-jboss", "tags": "messaging,amq,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "amq62-persistent" }, "labels": { "template": "amq62-persistent", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -59,20 +59,6 @@ "generate": "expression", "required": false }, - { - "description": "User name for admin user. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "description": "Password for admin user. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "The A-MQ storage usage limit", "name": "AMQ_STORAGE_USAGE_LIMIT", @@ -207,7 +193,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.1" + "name": "jboss-amq-62:1.2" } } }, @@ -245,11 +231,16 @@ "command": [ "/bin/bash", "-c", - "curl -s -L -u ${AMQ_ADMIN_USERNAME}:${AMQ_ADMIN_PASSWORD} 'http://localhost:8161/hawtio/jolokia/read/org.apache.activemq:type=Broker,brokerName=*,service=Health/CurrentStatus' | grep -q '\"CurrentStatus\" *: *\"Good\"'" + "/opt/amq/bin/readinessProbe.sh" ] } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "amqp", "containerPort": 5672, @@ -292,14 +283,6 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" - }, { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-ssl.json index f61fb24c2..ced360b09 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-ssl.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/amq62-ssl.json @@ -6,13 +6,13 @@ "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template supports SSL and requires usage of OpenShift secrets.", "iconClass": "icon-jboss", "tags": "messaging,amq,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "amq62-ssl" }, "labels": { "template": "amq62-ssl", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -53,20 +53,6 @@ "generate": "expression", "required": false }, - { - "description": "User name for admin user. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "description": "Password for admin user. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "Name of a secret containing SSL related files", "name": "AMQ_SECRET", @@ -333,7 +319,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.1" + "name": "jboss-amq-62:1.2" } } }, @@ -373,11 +359,16 @@ "command": [ "/bin/bash", "-c", - "curl -s -L -u ${AMQ_ADMIN_USERNAME}:${AMQ_ADMIN_PASSWORD} 'http://localhost:8161/hawtio/jolokia/read/org.apache.activemq:type=Broker,brokerName=*,service=Health/CurrentStatus' | grep -q '\"CurrentStatus\" *: *\"Good\"'" + "/opt/amq/bin/readinessProbe.sh" ] } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "amqp", "containerPort": 5672, @@ -440,14 +431,6 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" - }, { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-basic.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-basic.json new file mode 100644 index 000000000..56e76016f --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-basic.json @@ -0,0 +1,332 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 applications.", + "tags": "datagrid,jboss,xpaas", + "version": "1.2.0" + }, + "name": "datagrid65-basic" + }, + "labels": { + "template": "datagrid65-basic", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-https.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-https.json new file mode 100644 index 000000000..033e70063 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-https.json @@ -0,0 +1,501 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 applications.", + "tags": "datagrid,jboss,xpaas", + "version": "1.2.0" + }, + "name": "datagrid65-https" + }, + "labels": { + "template": "datagrid65-https", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-mysql-persistent.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-mysql-persistent.json new file mode 100644 index 000000000..05bc7c236 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-mysql-persistent.json @@ -0,0 +1,779 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 and MySQL applications with persistent storage.", + "tags": "datagrid,jboss,xpaas", + "version": "1.2.0" + }, + "name": "datagrid65-mysql-persistent" + }, + "labels": { + "template": "datagrid65-mysql-persistent", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-mysql.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-mysql.json new file mode 100644 index 000000000..1856c8dc2 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-mysql.json @@ -0,0 +1,739 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 and MySQL applications.", + "tags": "datagrid,jboss,xpaas", + "version": "1.2.0" + }, + "name": "datagrid65-mysql" + }, + "labels": { + "template": "datagrid65-mysql", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-postgresql-persistent.json new file mode 100644 index 000000000..10d0f77ce --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-postgresql-persistent.json @@ -0,0 +1,752 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.", + "tags": "datagrid,jboss,xpaas", + "version": "1.2.0" + }, + "name": "datagrid65-postgresql-persistent" + }, + "labels": { + "template": "datagrid65-postgresql-persistent", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-postgresql.json new file mode 100644 index 000000000..9dd378f92 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/datagrid65-postgresql.json @@ -0,0 +1,712 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 and PostgreSQL applications built using.", + "tags": "datagrid,jboss,xpaas", + "version": "1.2.0" + }, + "name": "datagrid65-postgresql" + }, + "labels": { + "template": "datagrid65-postgresql", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configurd for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-amq-s2i.json new file mode 100644 index 000000000..0c82eaa61 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-amq-s2i.json @@ -0,0 +1,684 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for BRMS Realtime Decision Server 6 A-MQ applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,amq,java,messaging,jboss,xpaas", + "version": "1.2.0" + }, + "name": "decisionserver62-amq-s2i" + }, + "labels": { + "template": "decisionserver62-amq-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "User name for broker admin. If left empty, it will be generated.", + "name": "AMQ_ADMIN_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Password for broker admin. If left empty, it will be generated.", + "name": "AMQ_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver62-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "AMQ_ADMIN_USERNAME", + "value": "${AMQ_ADMIN_USERNAME}" + }, + { + "name": "AMQ_ADMIN_PASSWORD", + "value": "${AMQ_ADMIN_PASSWORD}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-basic-s2i.json new file mode 100644 index 000000000..097720375 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-basic-s2i.json @@ -0,0 +1,344 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for BRMS Realtime Decision Server 6 applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.2.0" + }, + "name": "decisionserver62-basic-s2i" + }, + "labels": { + "template": "decisionserver62-basic-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver62-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-https-s2i.json new file mode 100644 index 000000000..d0505fc5f --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/decisionserver62-https-s2i.json @@ -0,0 +1,478 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for BRMS Realtime Decision Server 6 HTTPS applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.2.0" + }, + "name": "decisionserver62-https-s2i" + }, + "labels": { + "template": "decisionserver62-https-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver62-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-amq-persistent-s2i.json index 2fc3b5b25..4b38dade3 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "eap64-amq-persistent-s2i" }, "labels": { "template": "eap64-amq-persistent-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,21 +22,27 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, { "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "required": true }, { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "6.4.x", "required": false }, { @@ -77,25 +83,25 @@ }, { "description": "The name of the secret containing the keystore file", - "name": "EAP_HTTPS_SECRET", + "name": "HTTPS_SECRET", "value": "eap-app-secret", "required": false }, { "description": "The name of the keystore file within the secret", - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "keystore.jks", "required": false }, { "description": "The name associated with the server certificate", - "name": "EAP_HTTPS_NAME", + "name": "HTTPS_NAME", "value": "", "required": false }, { "description": "The password for the keystore and certificate", - "name": "EAP_HTTPS_PASSWORD", + "name": "HTTPS_PASSWORD", "value": "", "required": false }, @@ -146,6 +152,37 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true } ], "objects": [ @@ -235,7 +272,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -255,7 +292,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -299,7 +336,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.1" + "name": "jboss-eap64-openshift:1.2" } } }, @@ -388,8 +425,22 @@ "name": "eap-keystore-volume", "mountPath": "/etc/eap-secret-volume", "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true } ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, "readinessProbe": { "exec": { "command": [ @@ -400,6 +451,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -458,20 +514,44 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${EAP_HTTPS_KEYSTORE}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" }, { - "name": "EAP_HTTPS_NAME", - "value": "${EAP_HTTPS_NAME}" + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${EAP_HTTPS_PASSWORD}" + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" } ] } @@ -480,7 +560,13 @@ { "name": "eap-keystore-volume", "secret": { - "secretName": "${EAP_HTTPS_SECRET}" + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" } } ] @@ -512,7 +598,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.1" + "name": "jboss-amq-62:1.2" } } }, @@ -544,7 +630,7 @@ "command": [ "/bin/bash", "-c", - "curl -s -L -u ${AMQ_ADMIN_USERNAME}:${AMQ_ADMIN_PASSWORD} 'http://localhost:8161/hawtio/jolokia/read/org.apache.activemq:type=Broker,brokerName=*,service=Health/CurrentStatus' | grep -q '\"CurrentStatus\" *: *\"Good\"'" + "/opt/amq/bin/readinessProbe.sh" ] } }, diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-amq-s2i.json index a420bb1ea..d321af9c9 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "eap64-amq-s2i" }, "labels": { "template": "eap64-amq-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,21 +22,27 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, { "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "required": true }, { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "6.4.x", "required": false }, { @@ -71,25 +77,25 @@ }, { "description": "The name of the secret containing the keystore file", - "name": "EAP_HTTPS_SECRET", + "name": "HTTPS_SECRET", "value": "eap-app-secret", "required": false }, { "description": "The name of the keystore file within the secret", - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "keystore.jks", "required": false }, { "description": "The name associated with the server certificate", - "name": "EAP_HTTPS_NAME", + "name": "HTTPS_NAME", "value": "", "required": false }, { "description": "The password for the keystore and certificate", - "name": "EAP_HTTPS_PASSWORD", + "name": "HTTPS_PASSWORD", "value": "", "required": false }, @@ -140,6 +146,37 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true } ], "objects": [ @@ -229,7 +266,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -249,7 +286,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -293,7 +330,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.1" + "name": "jboss-eap64-openshift:1.2" } } }, @@ -382,8 +419,22 @@ "name": "eap-keystore-volume", "mountPath": "/etc/eap-secret-volume", "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true } ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, "readinessProbe": { "exec": { "command": [ @@ -394,6 +445,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -452,20 +508,44 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${EAP_HTTPS_KEYSTORE}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" }, { - "name": "EAP_HTTPS_NAME", - "value": "${EAP_HTTPS_NAME}" + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${EAP_HTTPS_PASSWORD}" + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" } ] } @@ -474,7 +554,13 @@ { "name": "eap-keystore-volume", "secret": { - "secretName": "${EAP_HTTPS_SECRET}" + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" } } ] @@ -506,7 +592,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.1" + "name": "jboss-amq-62:1.2" } } }, @@ -538,7 +624,7 @@ "command": [ "/bin/bash", "-c", - "curl -s -L -u ${AMQ_ADMIN_USERNAME}:${AMQ_ADMIN_PASSWORD} 'http://localhost:8161/hawtio/jolokia/read/org.apache.activemq:type=Broker,brokerName=*,service=Health/CurrentStatus' | grep -q '\"CurrentStatus\" *: *\"Good\"'" + "/opt/amq/bin/readinessProbe.sh" ] } }, diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-basic-s2i.json index 3f90eb8be..2e3849e2a 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "eap64-basic-s2i" }, "labels": { "template": "eap64-basic-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,8 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", "value": "", "required": false }, @@ -83,6 +83,13 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true } ], "objects": [ @@ -124,7 +131,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -165,7 +172,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.1" + "name": "jboss-eap64-openshift:1.2" } } }, @@ -248,6 +255,15 @@ "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, "readinessProbe": { "exec": { "command": [ @@ -258,6 +274,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -293,6 +314,10 @@ { "name": "HORNETQ_TOPICS", "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" } ] } @@ -302,4 +327,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-https-s2i.json index 220d2f5b9..54514cb6b 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "eap64-https-s2i" }, "labels": { "template": "eap64-https-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -59,25 +65,25 @@ }, { "description": "The name of the secret containing the keystore file", - "name": "EAP_HTTPS_SECRET", + "name": "HTTPS_SECRET", "value": "eap-app-secret", "required": true }, { "description": "The name of the keystore file within the secret", - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "keystore.jks", "required": false }, { "description": "The name associated with the server certificate", - "name": "EAP_HTTPS_NAME", + "name": "HTTPS_NAME", "value": "", "required": false }, { "description": "The password for the keystore and certificate", - "name": "EAP_HTTPS_PASSWORD", + "name": "HTTPS_PASSWORD", "value": "", "required": false }, @@ -107,6 +113,37 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true } ], "objects": [ @@ -172,7 +209,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -192,7 +229,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -236,7 +273,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.1" + "name": "jboss-eap64-openshift:1.2" } } }, @@ -325,8 +362,22 @@ "name": "eap-keystore-volume", "mountPath": "/etc/eap-secret-volume", "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true } ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, "readinessProbe": { "exec": { "command": [ @@ -337,6 +388,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -367,20 +423,20 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${EAP_HTTPS_KEYSTORE}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${EAP_HTTPS_NAME}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${EAP_HTTPS_PASSWORD}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "HORNETQ_CLUSTER_PASSWORD", @@ -393,6 +449,30 @@ { "name": "HORNETQ_TOPICS", "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" } ] } @@ -401,7 +481,13 @@ { "name": "eap-keystore-volume", "secret": { - "secretName": "${EAP_HTTPS_SECRET}" + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" } } ] @@ -410,4 +496,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mongodb-persistent-s2i.json index a1a3a9f2c..2c0f21ae3 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "eap64-mongodb-persistent-s2i" }, "labels": { "template": "eap64-mongodb-persistent-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -77,25 +83,25 @@ }, { "description": "The name of the secret containing the keystore file", - "name": "EAP_HTTPS_SECRET", + "name": "HTTPS_SECRET", "value": "eap-app-secret", "required": false }, { "description": "The name of the keystore file within the secret", - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "keystore.jks", "required": false }, { "description": "The name associated with the server certificate", - "name": "EAP_HTTPS_NAME", + "name": "HTTPS_NAME", "value": "", "required": false }, { "description": "The password for the keystore and certificate", - "name": "EAP_HTTPS_PASSWORD", + "name": "HTTPS_PASSWORD", "value": "", "required": false }, @@ -176,6 +182,37 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true } ], "objects": [ @@ -265,7 +302,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -285,7 +322,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -329,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.1" + "name": "jboss-eap64-openshift:1.2" } } }, @@ -418,8 +455,22 @@ "name": "eap-keystore-volume", "mountPath": "/etc/eap-secret-volume", "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true } ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, "readinessProbe": { "exec": { "command": [ @@ -430,6 +481,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -496,20 +552,20 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${EAP_HTTPS_KEYSTORE}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${EAP_HTTPS_NAME}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${EAP_HTTPS_PASSWORD}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "HORNETQ_CLUSTER_PASSWORD", @@ -522,6 +578,30 @@ { "name": "HORNETQ_TOPICS", "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" } ] } @@ -530,7 +610,13 @@ { "name": "eap-keystore-volume", "secret": { - "secretName": "${EAP_HTTPS_SECRET}" + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" } } ] @@ -666,4 +752,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mongodb-s2i.json index dfd1443ed..6f604d29e 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "eap64-mongodb-s2i" }, "labels": { "template": "eap64-mongodb-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -71,25 +77,25 @@ }, { "description": "The name of the secret containing the keystore file", - "name": "EAP_HTTPS_SECRET", + "name": "HTTPS_SECRET", "value": "eap-app-secret", "required": false }, { "description": "The name of the keystore file within the secret", - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "keystore.jks", "required": false }, { "description": "The name associated with the server certificate", - "name": "EAP_HTTPS_NAME", + "name": "HTTPS_NAME", "value": "", "required": false }, { "description": "The password for the keystore and certificate", - "name": "EAP_HTTPS_PASSWORD", + "name": "HTTPS_PASSWORD", "value": "", "required": false }, @@ -170,6 +176,37 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true } ], "objects": [ @@ -259,7 +296,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -279,7 +316,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -323,7 +360,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.1" + "name": "jboss-eap64-openshift:1.2" } } }, @@ -412,8 +449,22 @@ "name": "eap-keystore-volume", "mountPath": "/etc/eap-secret-volume", "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true } ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, "readinessProbe": { "exec": { "command": [ @@ -424,6 +475,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -490,20 +546,20 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${EAP_HTTPS_KEYSTORE}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${EAP_HTTPS_NAME}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${EAP_HTTPS_PASSWORD}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "HORNETQ_CLUSTER_PASSWORD", @@ -516,6 +572,30 @@ { "name": "HORNETQ_TOPICS", "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" } ] } @@ -524,7 +604,13 @@ { "name": "eap-keystore-volume", "secret": { - "secretName": "${EAP_HTTPS_SECRET}" + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" } } ] @@ -626,4 +712,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mysql-persistent-s2i.json index fdd368a5f..d2631580b 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "eap64-mysql-persistent-s2i" }, "labels": { "template": "eap64-mysql-persistent-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -77,25 +83,25 @@ }, { "description": "The name of the secret containing the keystore file", - "name": "EAP_HTTPS_SECRET", + "name": "HTTPS_SECRET", "value": "eap-app-secret", "required": false }, { "description": "The name of the keystore file within the secret", - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "keystore.jks", "required": false }, { "description": "The name associated with the server certificate", - "name": "EAP_HTTPS_NAME", + "name": "HTTPS_NAME", "value": "", "required": false }, { "description": "The password for the keystore and certificate", - "name": "EAP_HTTPS_PASSWORD", + "name": "HTTPS_PASSWORD", "value": "", "required": false }, @@ -179,6 +185,37 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true } ], "objects": [ @@ -268,7 +305,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -288,7 +325,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -332,7 +369,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.1" + "name": "jboss-eap64-openshift:1.2" } } }, @@ -421,8 +458,22 @@ "name": "eap-keystore-volume", "mountPath": "/etc/eap-secret-volume", "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true } ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, "readinessProbe": { "exec": { "command": [ @@ -433,6 +484,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -499,20 +555,20 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${EAP_HTTPS_KEYSTORE}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${EAP_HTTPS_NAME}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${EAP_HTTPS_PASSWORD}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "HORNETQ_CLUSTER_PASSWORD", @@ -525,6 +581,30 @@ { "name": "HORNETQ_TOPICS", "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" } ] } @@ -533,7 +613,13 @@ { "name": "eap-keystore-volume", "secret": { - "secretName": "${EAP_HTTPS_SECRET}" + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" } } ] @@ -673,4 +759,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mysql-s2i.json index ff6bdc112..ba6a32fec 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "eap64-mysql-s2i" }, "labels": { "template": "eap64-mysql-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -71,25 +77,25 @@ }, { "description": "The name of the secret containing the keystore file", - "name": "EAP_HTTPS_SECRET", + "name": "HTTPS_SECRET", "value": "eap-app-secret", "required": false }, { "description": "The name of the keystore file within the secret", - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "keystore.jks", "required": false }, { "description": "The name associated with the server certificate", - "name": "EAP_HTTPS_NAME", + "name": "HTTPS_NAME", "value": "", "required": false }, { "description": "The password for the keystore and certificate", - "name": "EAP_HTTPS_PASSWORD", + "name": "HTTPS_PASSWORD", "value": "", "required": false }, @@ -173,6 +179,37 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true } ], "objects": [ @@ -262,7 +299,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -282,7 +319,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -326,7 +363,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.1" + "name": "jboss-eap64-openshift:1.2" } } }, @@ -415,8 +452,22 @@ "name": "eap-keystore-volume", "mountPath": "/etc/eap-secret-volume", "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true } ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, "readinessProbe": { "exec": { "command": [ @@ -427,6 +478,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -493,20 +549,20 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${EAP_HTTPS_KEYSTORE}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${EAP_HTTPS_NAME}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${EAP_HTTPS_PASSWORD}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "HORNETQ_CLUSTER_PASSWORD", @@ -519,6 +575,30 @@ { "name": "HORNETQ_TOPICS", "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" } ] } @@ -527,7 +607,13 @@ { "name": "eap-keystore-volume", "secret": { - "secretName": "${EAP_HTTPS_SECRET}" + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" } } ] @@ -633,4 +719,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-postgresql-persistent-s2i.json index 6443afdb0..670260769 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "eap64-postgresql-persistent-s2i" }, "labels": { "template": "eap64-postgresql-persistent-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -77,25 +83,25 @@ }, { "description": "The name of the secret containing the keystore file", - "name": "EAP_HTTPS_SECRET", + "name": "HTTPS_SECRET", "value": "eap-app-secret", "required": false }, { "description": "The name of the keystore file within the secret", - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "keystore.jks", "required": false }, { "description": "The name associated with the server certificate", - "name": "EAP_HTTPS_NAME", + "name": "HTTPS_NAME", "value": "", "required": false }, { "description": "The password for the keystore and certificate", - "name": "EAP_HTTPS_PASSWORD", + "name": "HTTPS_PASSWORD", "value": "", "required": false }, @@ -164,6 +170,37 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true } ], "objects": [ @@ -253,7 +290,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -273,7 +310,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -317,7 +354,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.1" + "name": "jboss-eap64-openshift:1.2" } } }, @@ -406,8 +443,22 @@ "name": "eap-keystore-volume", "mountPath": "/etc/eap-secret-volume", "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true } ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, "readinessProbe": { "exec": { "command": [ @@ -418,6 +469,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -484,20 +540,20 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${EAP_HTTPS_KEYSTORE}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${EAP_HTTPS_NAME}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${EAP_HTTPS_PASSWORD}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "HORNETQ_CLUSTER_PASSWORD", @@ -510,6 +566,30 @@ { "name": "HORNETQ_TOPICS", "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" } ] } @@ -518,7 +598,13 @@ { "name": "eap-keystore-volume", "secret": { - "secretName": "${EAP_HTTPS_SECRET}" + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" } } ] @@ -646,4 +732,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-postgresql-s2i.json index e879e51cf..822731335 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/eap64-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "eap64-postgresql-s2i" }, "labels": { "template": "eap64-postgresql-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -71,25 +77,25 @@ }, { "description": "The name of the secret containing the keystore file", - "name": "EAP_HTTPS_SECRET", + "name": "HTTPS_SECRET", "value": "eap-app-secret", "required": false }, { "description": "The name of the keystore file within the secret", - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "keystore.jks", "required": false }, { "description": "The name associated with the server certificate", - "name": "EAP_HTTPS_NAME", + "name": "HTTPS_NAME", "value": "", "required": false }, { "description": "The password for the keystore and certificate", - "name": "EAP_HTTPS_PASSWORD", + "name": "HTTPS_PASSWORD", "value": "", "required": false }, @@ -158,6 +164,37 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true } ], "objects": [ @@ -247,7 +284,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -267,7 +304,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -311,7 +348,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.1" + "name": "jboss-eap64-openshift:1.2" } } }, @@ -400,8 +437,22 @@ "name": "eap-keystore-volume", "mountPath": "/etc/eap-secret-volume", "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true } ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, "readinessProbe": { "exec": { "command": [ @@ -412,6 +463,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -478,20 +534,20 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${EAP_HTTPS_KEYSTORE}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${EAP_HTTPS_NAME}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${EAP_HTTPS_PASSWORD}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "HORNETQ_CLUSTER_PASSWORD", @@ -504,6 +560,30 @@ { "name": "HORNETQ_TOPICS", "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" } ] } @@ -512,7 +592,13 @@ { "name": "eap-keystore-volume", "secret": { - "secretName": "${EAP_HTTPS_SECRET}" + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" } } ] @@ -606,4 +692,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-basic-s2i.json index 729079130..376f2f61b 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS applications built using S2I.", "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat7-basic-s2i" }, "labels": { "template": "jws30-tomcat7-basic-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,8 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", "value": "", "required": false }, @@ -36,7 +36,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -119,7 +119,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -160,7 +160,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.1" + "name": "jboss-webserver30-tomcat7-openshift:1.2" } } }, @@ -253,6 +253,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-https-s2i.json index 7ce7e7fe2..e7bbd1154 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS applications built using S2I.", "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat7-https-s2i" }, "labels": { "template": "jws30-tomcat7-https-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -167,7 +173,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -187,7 +193,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -231,7 +237,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.1" + "name": "jboss-webserver30-tomcat7-openshift:1.2" } } }, @@ -332,6 +338,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json index 9a08ec0b0..3a3ca8e24 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", "tags": "tomcat,tomcat7,mongodb,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat7-mongodb-persistent-s2i" }, "labels": { "template": "jws30-tomcat7-mongodb-persistent-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -260,7 +266,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -280,7 +286,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -324,7 +330,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.1" + "name": "jboss-webserver30-tomcat7-openshift:1.2" } } }, @@ -425,6 +431,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -640,4 +651,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mongodb-s2i.json index b8dfb3ad3..b3fd295b9 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mongodb-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS MongoDB applications built using S2I.", "tags": "tomcat,tomcat7,mongodb,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat7-mongodb-s2i" }, "labels": { "template": "jws30-tomcat7-mongodb-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -254,7 +260,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -274,7 +280,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -318,7 +324,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.1" + "name": "jboss-webserver30-tomcat7-openshift:1.2" } } }, @@ -419,6 +425,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -600,4 +611,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json index d36e330d3..b0b2f5ec4 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat7,mysql,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat7-mysql-persistent-s2i" }, "labels": { "template": "jws30-tomcat7-mysql-persistent-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -46,9 +52,9 @@ "required": false }, { - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", "name": "DB_JNDI", - "value": "java:jboss/datasources/TodoListDS", + "value": "jboss/datasources/defaultDS", "required": false }, { @@ -263,7 +269,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -283,7 +289,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -327,7 +333,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.1" + "name": "jboss-webserver30-tomcat7-openshift:1.2" } } }, @@ -428,6 +434,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -642,4 +653,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mysql-s2i.json index f5309db60..e48276f1b 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-mysql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS MySQL applications built using S2I.", "tags": "tomcat,tomcat7,mysql,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat7-mysql-s2i" }, "labels": { "template": "jws30-tomcat7-mysql-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -46,9 +52,9 @@ "required": false }, { - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", "name": "DB_JNDI", - "value": "java:jboss/datasources/TodoListDS", + "value": "jboss/datasources/defaultDS", "required": false }, { @@ -257,7 +263,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -277,7 +283,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -321,7 +327,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.1" + "name": "jboss-webserver30-tomcat7-openshift:1.2" } } }, @@ -422,6 +428,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -602,4 +613,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json index ee88a4c69..d7876d066 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat7-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-persistent-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -46,9 +52,9 @@ "required": false }, { - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", "name": "DB_JNDI", - "value": "java:jboss/datasources/TodoListDS", + "value": "jboss/datasources/defaultDS", "required": false }, { @@ -248,7 +254,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -268,7 +274,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -312,7 +318,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.1" + "name": "jboss-webserver30-tomcat7-openshift:1.2" } } }, @@ -413,6 +419,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -615,4 +626,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-postgresql-s2i.json index f5940a7a1..5c1bdf6d5 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat7-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat7-postgresql-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -46,9 +52,9 @@ "required": false }, { - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", "name": "DB_JNDI", - "value": "java:jboss/datasources/TodoListDS", + "value": "jboss/datasources/defaultDS", "required": false }, { @@ -242,7 +248,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -262,7 +268,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -306,7 +312,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.1" + "name": "jboss-webserver30-tomcat7-openshift:1.2" } } }, @@ -407,6 +413,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -575,4 +586,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-basic-s2i.json index b24ce40ae..b425891c6 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS applications built using S2I.", "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat8-basic-s2i" }, "labels": { "template": "jws30-tomcat8-basic-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,8 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", "value": "", "required": false }, @@ -36,7 +36,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -119,7 +119,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -160,7 +160,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.1" + "name": "jboss-webserver30-tomcat8-openshift:1.2" } } }, @@ -253,6 +253,11 @@ } }, "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-https-s2i.json index 7e788d0db..a20518cbc 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS applications built using S2I.", "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat8-https-s2i" }, "labels": { "template": "jws30-tomcat8-https-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -167,7 +173,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -187,7 +193,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -231,7 +237,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.1" + "name": "jboss-webserver30-tomcat8-openshift:1.2" } } }, @@ -332,6 +338,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json index 2f1d69c75..46b99593d 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", "tags": "tomcat,tomcat8,mongodb,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat8-mongodb-persistent-s2i" }, "labels": { "template": "jws30-tomcat8-mongodb-persistent-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -260,7 +266,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -280,7 +286,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -324,7 +330,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.1" + "name": "jboss-webserver30-tomcat8-openshift:1.2" } } }, @@ -425,6 +431,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -640,4 +651,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mongodb-s2i.json index bad676f2e..c01b6888a 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mongodb-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS MongoDB applications built using S2I.", "tags": "tomcat,tomcat8,mongodb,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat8-mongodb-s2i" }, "labels": { "template": "jws30-tomcat8-mongodb-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -254,7 +260,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -274,7 +280,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -318,7 +324,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.1" + "name": "jboss-webserver30-tomcat8-openshift:1.2" } } }, @@ -419,6 +425,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -600,4 +611,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json index e20a45982..ebe1dc6af 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat8,mysql,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat8-mysql-persistent-s2i" }, "labels": { "template": "jws30-tomcat8-mysql-persistent-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -46,9 +52,9 @@ "required": false }, { - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", "name": "DB_JNDI", - "value": "java:jboss/datasources/TodoListDS", + "value": "jboss/datasources/defaultDS", "required": false }, { @@ -263,7 +269,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -283,7 +289,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -327,7 +333,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.1" + "name": "jboss-webserver30-tomcat8-openshift:1.2" } } }, @@ -428,6 +434,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -642,4 +653,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mysql-s2i.json index 1b9624756..fe068842a 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-mysql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS MySQL applications built using S2I.", "tags": "tomcat,tomcat8,mysql,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat8-mysql-s2i" }, "labels": { "template": "jws30-tomcat8-mysql-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -46,9 +52,9 @@ "required": false }, { - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", "name": "DB_JNDI", - "value": "java:jboss/datasources/TodoListDS", + "value": "jboss/datasources/defaultDS", "required": false }, { @@ -257,7 +263,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -277,7 +283,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -321,7 +327,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.1" + "name": "jboss-webserver30-tomcat8-openshift:1.2" } } }, @@ -422,6 +428,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -602,4 +613,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json index dc492a38e..302a55315 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat8-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-persistent-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -46,9 +52,9 @@ "required": false }, { - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", "name": "DB_JNDI", - "value": "java:jboss/datasources/TodoListDS", + "value": "jboss/datasources/defaultDS", "required": false }, { @@ -248,7 +254,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -268,7 +274,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -312,7 +318,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.1" + "name": "jboss-webserver30-tomcat8-openshift:1.2" } } }, @@ -413,6 +419,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -615,4 +626,4 @@ } } ] -} \ No newline at end of file +} diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-postgresql-s2i.json index 242b37a79..af2415905 100644 --- a/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-templates/jws30-tomcat8-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.1.0" + "version": "1.2.0" }, "name": "jws30-tomcat8-postgresql-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-s2i", - "xpaas": "1.1.0" + "xpaas": "1.2.0" }, "parameters": [ { @@ -22,8 +22,14 @@ "required": true }, { - "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: ..", - "name": "APPLICATION_DOMAIN", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "name": "HOSTNAME_HTTPS", "value": "", "required": false }, @@ -36,7 +42,7 @@ { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.1", + "value": "1.2", "required": false }, { @@ -46,9 +52,9 @@ "required": false }, { - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", "name": "DB_JNDI", - "value": "java:jboss/datasources/TodoListDS", + "value": "jboss/datasources/defaultDS", "required": false }, { @@ -242,7 +248,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTP}", "to": { "name": "${APPLICATION_NAME}" } @@ -262,7 +268,7 @@ } }, "spec": { - "host": "${APPLICATION_DOMAIN}", + "host": "${HOSTNAME_HTTPS}", "to": { "name": "secure-${APPLICATION_NAME}" }, @@ -306,7 +312,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.1" + "name": "jboss-webserver30-tomcat8-openshift:1.2" } } }, @@ -406,6 +412,11 @@ } ], "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, { "name": "http", "containerPort": 8080, @@ -573,4 +584,4 @@ } } ] -} \ No newline at end of file +} -- cgit v1.2.3 From 501d72b5007c058ad29fbbc849bc6a76a638dc58 Mon Sep 17 00:00:00 2001 From: Samuel Munilla Date: Thu, 17 Dec 2015 11:09:02 -0500 Subject: atomic-openshift-installer: Fix broken nosetest This is a fix for the failing test_fresh_install_with_config. --- utils/src/ooinstall/cli_installer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py index cf57ecaec..c86ba2f4f 100644 --- a/utils/src/ooinstall/cli_installer.py +++ b/utils/src/ooinstall/cli_installer.py @@ -752,7 +752,7 @@ def install(ctx, force): check_hosts_config(oo_cfg, ctx.obj['unattended']) - print_installation_summary(oo_cfg.hosts, oo_cfg.settings['variant_version']) + print_installation_summary(oo_cfg.hosts, oo_cfg.settings.get('variant_version', None)) click.echo('Gathering information from hosts...') callback_facts, error = openshift_ansible.default_facts(oo_cfg.hosts, verbose) -- cgit v1.2.3 From 4aed54937b7f30699b2a5476321ba4f52ebac983 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 17 Dec 2015 11:11:25 -0500 Subject: Add jboss-fuse/application-templates/fis-image-streams.json --- roles/openshift_examples/examples-sync.sh | 1 + .../v1.1/xpaas-streams/fis-image-streams.json | 56 ++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 roles/openshift_examples/files/examples/v1.1/xpaas-streams/fis-image-streams.json diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index c46044917..01ce6d819 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -37,6 +37,7 @@ cp dancer-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ cp cakephp-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ mv application-templates-${XPAAS_VERSION}/jboss-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/ find application-templates-${XPAAS_VERSION}/ -name '*.json' ! -wholename '*secret*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \; +wget https://raw.githubusercontent.com/jboss-fuse/application-templates/master/fis-image-streams.json -O ${EXAMPLES_BASE}/xpaas-streams/fis-image-streams.json wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/metrics-deployer.yaml cp ${EXAMPLES_BASE}/infrastructure-templates/origin/metrics-*.yaml ${EXAMPLES_BASE}/infrastructure-templates/enterprise/ diff --git a/roles/openshift_examples/files/examples/v1.1/xpaas-streams/fis-image-streams.json b/roles/openshift_examples/files/examples/v1.1/xpaas-streams/fis-image-streams.json new file mode 100644 index 000000000..ed0e94bed --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.1/xpaas-streams/fis-image-streams.json @@ -0,0 +1,56 @@ +{ + "kind": "List", + "apiVersion": "v1", + "metadata": { + "name": "fis-image-streams", + "annotations": { + "description": "ImageStream definitions for JBoss Fuse Integration Services." + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "fis-java-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-fuse-6/fis-java-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Fuse Integration Services 6.2.1 Java S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,xpaas", + "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", + "version": "1.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "fis-karaf-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-fuse-6/fis-karaf-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Fuse Integration Services 6.2.1 Karaf S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,karaf,xpaas", + "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", + "version": "1.0" + } + } + ] + } + } + ] +} -- cgit v1.2.3 From 5f44d90a1669ddb005797bbd2a24dd94626bc85e Mon Sep 17 00:00:00 2001 From: Joel Diaz Date: Thu, 17 Dec 2015 12:04:32 -0500 Subject: add item/trigger for dns tests on all currently running containers --- roles/os_zabbix/vars/template_docker.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/os_zabbix/vars/template_docker.yml b/roles/os_zabbix/vars/template_docker.yml index 87779d2d2..87fce1b81 100644 --- a/roles/os_zabbix/vars/template_docker.yml +++ b/roles/os_zabbix/vars/template_docker.yml @@ -17,6 +17,11 @@ g_template_docker: - Docker Daemon value_type: int + - key: docker.container.existing.dns.resolution.failed + applications: + - Docker Daemon + value_type: int + - key: docker.storage.is_loopback applications: - Docker Storage @@ -72,6 +77,11 @@ g_template_docker: url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_docker_dns.asciidoc' priority: high + - name: 'docker.container.existing.dns.resolution.failed on {HOST.NAME}' + expression: '{Template Docker:docker.container.existing.dns.resolution.failed.min(#3)}>0' + url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_docker_dns.asciidoc' + priority: high + - name: 'Docker storage is using LOOPBACK on {HOST.NAME}' expression: '{Template Docker:docker.storage.is_loopback.last()}<>0' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_docker_loopback.asciidoc' -- cgit v1.2.3 From 1a8a784c30711c837a3abcf5992dc6d8681f6759 Mon Sep 17 00:00:00 2001 From: Joel Diaz Date: Thu, 17 Dec 2015 15:39:53 -0500 Subject: change dns triggers to average --- roles/os_zabbix/vars/template_docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/os_zabbix/vars/template_docker.yml b/roles/os_zabbix/vars/template_docker.yml index 87fce1b81..a05e552e3 100644 --- a/roles/os_zabbix/vars/template_docker.yml +++ b/roles/os_zabbix/vars/template_docker.yml @@ -75,12 +75,12 @@ g_template_docker: - name: 'docker.container.dns.resolution failed on {HOST.NAME}' expression: '{Template Docker:docker.container.dns.resolution.min(#3)}>0' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_docker_dns.asciidoc' - priority: high + priority: average - name: 'docker.container.existing.dns.resolution.failed on {HOST.NAME}' expression: '{Template Docker:docker.container.existing.dns.resolution.failed.min(#3)}>0' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_docker_dns.asciidoc' - priority: high + priority: average - name: 'Docker storage is using LOOPBACK on {HOST.NAME}' expression: '{Template Docker:docker.storage.is_loopback.last()}<>0' -- cgit v1.2.3 From 0d6cc805ad7ada87c5c39eec518b42b99f1e31f0 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Fri, 18 Dec 2015 14:19:54 -0500 Subject: Use notify for workaround controllers unit. --- roles/openshift_master/handlers/main.yml | 2 -- .../templates/atomic-openshift-master-controllers.service.j2 | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index 4b9500cbd..d9c4ba1d7 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -7,8 +7,6 @@ service: name={{ openshift.common.service_type }}-master-api state=restarted when: (openshift_master_ha | bool) and (not master_api_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' -# TODO: need to fix up ignore_errors here - name: restart master controllers service: name={{ openshift.common.service_type }}-master-controllers state=restarted when: (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' - ignore_errors: yes diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 index ef0b57ef4..8952c86ef 100644 --- a/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 @@ -7,7 +7,7 @@ Before={{ openshift.common.service_type }}-node.service Requires=network.target [Service] -Type=simple +Type=notify EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers Environment=GOTRACEBACK=crash ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS -- cgit v1.2.3 From 6a8f686478b07666dfbf0ce10aac17b1de8902d5 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Fri, 18 Dec 2015 15:03:16 -0500 Subject: Conditionalize for 3.1.1/1.1.1 --- roles/openshift_facts/library/openshift_facts.py | 5 +++++ .../templates/atomic-openshift-master-controllers.service.j2 | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index e557853b1..c36cce750 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -690,11 +690,16 @@ def set_version_facts_if_unset(facts): if version is not None: if deployment_type == 'origin': version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('1.0.6') + version_gt_3_1_1_or_1_1_1 = LooseVersion(version) > LooseVersion('1.1.1') else: version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('3.0.2.900') + version_gt_3_1_1_or_1_1_1 = LooseVersion(version) > LooseVersion('3.1.1') else: version_gt_3_1_or_1_1 = True + version_gt_3_1_1_or_1_1_1 = True facts['common']['version_greater_than_3_1_or_1_1'] = version_gt_3_1_or_1_1 + facts['common']['version_greater_than_3_1_1_or_1_1_1'] = version_gt_3_1_1_or_1_1_1 + return facts def set_sdn_facts_if_unset(facts, system_facts): diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 index 8952c86ef..e6e97b24f 100644 --- a/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 @@ -7,7 +7,11 @@ Before={{ openshift.common.service_type }}-node.service Requires=network.target [Service] +{% if openshift.common.version_greater_than_3_1_1_or_1_1_1 | bool %} Type=notify +{% else %} +Type=simple +{% endif %} EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers Environment=GOTRACEBACK=crash ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS -- cgit v1.2.3 From f3e97d1137d2aed70228af8bb832fae3c5d9af2f Mon Sep 17 00:00:00 2001 From: David Lloyd Date: Tue, 22 Dec 2015 15:20:30 +1030 Subject: Link to Tito Home Page is Broken I've found the "most likely" link - the linked project describes itself as: "Tito is a tool for managing RPM based projects using git for their source code repository" ... which sounds like what this might have once linked to. The documentation examples in the link's README.md also looks very much like the above. --- BUILD.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BUILD.md b/BUILD.md index 0016c96a5..806630dbe 100644 --- a/BUILD.md +++ b/BUILD.md @@ -1,7 +1,7 @@ # openshift-ansible RPM Build instructions We use tito to make building and tracking revisions easy. -For more information on tito, please see the [Tito home page](http://rm-rf.ca/tito "Tito home page"). +For more information on tito, please see the [Tito home page](https://github.com/dgoodwin/tito "Tito home page"). ## Build openshift-ansible-bin -- cgit v1.2.3 From 6c1e495bcf0ba919c3ad8d4095db12fcda918b03 Mon Sep 17 00:00:00 2001 From: git001 Date: Mon, 21 Dec 2015 15:17:23 +0100 Subject: add the necessary URLs for logging and metrics add the necessary URLs for logging and metrics use the dict in the right way add the new variables into the hosts file add the new variables into the hosts file add the new variables into the hosts file Adopted the config text --- inventory/byo/hosts.aep.example | 8 ++++++++ inventory/byo/hosts.origin.example | 8 ++++++++ inventory/byo/hosts.ose.example | 8 ++++++++ roles/openshift_master/tasks/main.yml | 2 ++ roles/openshift_master/templates/master.yaml.v1.j2 | 6 ++++++ 5 files changed, 32 insertions(+) diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index 096d806a3..33d15c89b 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -27,6 +27,14 @@ deployment_type=atomic-enterprise # Enable cluster metrics #use_cluster_metrics=true +# Configure metricsPublicURL in the master config for cluster metrics +# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html +#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics + +# Configure loggingPublicURL in the master config for aggregate logging +# See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html +#openshift_master_logging_public_url=https://kibana.example.com + # Add additional, insecure, and blocked registries to global docker configuration # For enterprise deployment types we ensure that registry.access.redhat.com is # included if you do not include it diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 6f015c404..3dfc7c052 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -27,6 +27,14 @@ deployment_type=origin # Enable cluster metrics #use_cluster_metrics=true +# Configure metricsPublicURL in the master config for cluster metrics +# See: https://docs.openshift.org/latest/install_config/cluster_metrics.html +#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics + +# Configure loggingPublicURL in the master config for aggregate logging +# See: https://docs.openshift.org/latest/install_config/aggregate_logging.html +#openshift_master_logging_public_url=https://kibana.example.com + # Add additional, insecure, and blocked registries to global docker configuration # For enterprise deployment types we ensure that registry.access.redhat.com is # included if you do not include it diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 778bbfb3a..3e1ce8e2b 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -27,6 +27,14 @@ deployment_type=openshift-enterprise # Enable cluster metrics #use_cluster_metrics=true +# Configure metricsPublicURL in the master config for cluster metrics +# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html +#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics + +# Configure loggingPublicURL in the master config for aggregate logging +# See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html +#openshift_master_logging_public_url=https://kibana.example.com + # Add additional, insecure, and blocked registries to global docker configuration # For enterprise deployment types we ensure that registry.access.redhat.com is # included if you do not include it diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 43647cc49..e00dd0a9e 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -38,6 +38,8 @@ console_url: "{{ openshift_master_console_url | default(None) }}" console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" public_console_url: "{{ openshift_master_public_console_url | default(None) }}" + logging_public_url: "{{ openshift_master_logging_public_url | default(None) }}" + metrics_public_url: "{{ openshift_master_metrics_public_url | default(None) }}" etcd_hosts: "{{ openshift_master_etcd_hosts | default(None)}}" etcd_port: "{{ openshift_master_etcd_port | default(None) }}" etcd_use_ssl: "{{ openshift_master_etcd_use_ssl | default(None) }}" diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index cadb02fa3..5f73461d4 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -8,6 +8,12 @@ assetConfig: logoutURL: "" masterPublicURL: {{ openshift.master.public_api_url }} publicURL: {{ openshift.master.public_console_url }}/ +{% if 'logging_public_url' in openshift.master %} + loggingPublicURL: {{ openshift.master.logging_public_url }} +{% endif %} +{% if 'metrics_public_url' in openshift.master %} + metricsPublicURL: {{ openshift.master.metrics_public_url }} +{% endif %} servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }} bindNetwork: tcp4 -- cgit v1.2.3 From 8bd9e81076688316678cb70d368400edd4ac0dff Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 22 Dec 2015 16:00:01 -0500 Subject: Install all xpaas streams when enabled --- roles/openshift_examples/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index e27f4e0a6..6b9964aec 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -13,7 +13,7 @@ image_streams_base: "{{ examples_base }}/image-streams" centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" rhel_image_streams: "{{ image_streams_base}}/image-streams-rhel7.json" db_templates_base: "{{ examples_base }}/db-templates" -xpaas_image_streams: "{{ examples_base }}/xpaas-streams/jboss-image-streams.json" +xpaas_image_streams: "{{ examples_base }}/xpaas-streams/" xpaas_templates_base: "{{ examples_base }}/xpaas-templates" quickstarts_base: "{{ examples_base }}/quickstart-templates" infrastructure_origin_base: "{{ examples_base }}/infrastructure-templates/origin" -- cgit v1.2.3 From f8bac90b44fbb1453356adc9267998d374fec733 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 22 Dec 2015 16:10:52 -0500 Subject: Install iptables, iptables-services when not is_aotmic --- roles/os_firewall/tasks/firewall/iptables.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index d26ba7ee9..5cf4bf7af 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -5,7 +5,7 @@ - iptables - iptables-services register: install_result - when: not openshift.common.is_containerized | bool + when: not openshift.common.is_atomic | bool - name: Check if firewalld is installed command: rpm -q firewalld -- cgit v1.2.3 From 6a39578bb89ec2fe018b78a9cb2f5ee7de6e99c5 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 23 Dec 2015 10:43:48 -0500 Subject: Remove lb from docker hosts. --- playbooks/common/openshift-docker/config.yml | 2 +- playbooks/common/openshift-master/config.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/playbooks/common/openshift-docker/config.yml b/playbooks/common/openshift-docker/config.yml index f838dd66c..092d5533c 100644 --- a/playbooks/common/openshift-docker/config.yml +++ b/playbooks/common/openshift-docker/config.yml @@ -1,5 +1,5 @@ - name: Configure docker hosts - hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config + hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config vars: docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') | oo_split }}" docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') | oo_split }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 3598bdad7..fae37d70c 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -232,6 +232,7 @@ balance: source servers: "{{ hostvars.localhost.haproxy_backend_servers }}" roles: + - role: openshift_facts - role: haproxy when: groups.oo_masters_to_config | length > 1 -- cgit v1.2.3 From 3f85ca5e72538110a4962cdb4961fa9e9f122648 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Fri, 18 Dec 2015 17:16:17 -0500 Subject: Fix restart handlers. --- roles/etcd/handlers/main.yml | 2 +- roles/etcd/tasks/main.yml | 2 +- roles/openshift_master/handlers/main.yml | 6 +++--- roles/openshift_master/tasks/main.yml | 6 +++--- roles/openshift_node/handlers/main.yml | 2 +- roles/openshift_node/tasks/main.yml | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml index aeb26d6b2..e00e1cac4 100644 --- a/roles/etcd/handlers/main.yml +++ b/roles/etcd/handlers/main.yml @@ -2,4 +2,4 @@ - name: restart etcd service: name={{ etcd_service }} state=restarted - when: not etcd_service_status_changed | default(false) + when: not (etcd_service_status_changed | default(false) | bool) diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 2160ed817..663f6e537 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -104,4 +104,4 @@ register: start_result - set_fact: - etcd_service_status_changed = start_result | changed + etcd_service_status_changed = "{{ start_result | changed }}" diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index d9c4ba1d7..e1b95eda4 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -1,12 +1,12 @@ --- - name: restart master service: name={{ openshift.common.service_type }}-master state=restarted - when: (not openshift_master_ha | bool) and (not master_service_status_changed | default(false)) + when: (not openshift_master_ha | bool) and (not (master_service_status_changed | default(false) | bool)) - name: restart master api service: name={{ openshift.common.service_type }}-master-api state=restarted - when: (openshift_master_ha | bool) and (not master_api_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' + when: (openshift_master_ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: restart master controllers service: name={{ openshift.common.service_type }}-master-controllers state=restarted - when: (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' + when: (openshift_master_ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 46a8cea96..a22654678 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -292,7 +292,7 @@ when: openshift_master_ha | bool - set_fact: - master_service_status_changed: start_result | changed + master_service_status_changed: "{{ start_result | changed }}" when: not openshift_master_ha | bool - name: Start and enable master api @@ -301,7 +301,7 @@ register: start_result - set_fact: - master_api_service_status_changed: start_result | changed + master_api_service_status_changed: "{{ start_result | changed }}" when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' - name: Start and enable master controller @@ -310,7 +310,7 @@ register: start_result - set_fact: - master_controllers_service_status_changed: start_result | changed + master_controllers_service_status_changed: "{{ start_result | changed }}" when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' - name: Install cluster packages diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 447ca85f3..c288f4d05 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: restart node service: name={{ openshift.common.service_type }}-node state=restarted - when: not node_service_status_changed | default(false) + when: not (node_service_status_changed | default(false) | bool) - name: restart docker service: name=docker state=restarted diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 96383439c..33852d7f8 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -135,4 +135,4 @@ register: start_result - set_fact: - node_service_status_changed: start_result | changed + node_service_status_changed: "{{ start_result | changed }}" -- cgit v1.2.3 From efe65a4315b9bd3fdc37be7564fc2f1cb77e1817 Mon Sep 17 00:00:00 2001 From: Eric Mountain Date: Fri, 25 Dec 2015 11:08:25 +0100 Subject: Fixes typo assigning docker_service_status_changed which leads to misinterpretation in handler. Fixes Docker restart handling to ensure openshift_docker role does restart Docker on change. --- roles/docker/tasks/main.yml | 2 +- roles/openshift_docker/handlers/main.yml | 6 ++++++ roles/openshift_docker/tasks/main.yml | 6 +++--- 3 files changed, 10 insertions(+), 4 deletions(-) create mode 100644 roles/openshift_docker/handlers/main.yml diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 4e24fd3b3..a56f1f391 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -12,7 +12,7 @@ register: start_result - set_fact: - docker_service_status_changed = start_result | changed + docker_service_status_changed: start_result | changed - include: udev_workaround.yml when: docker_udev_workaround | default(False) diff --git a/roles/openshift_docker/handlers/main.yml b/roles/openshift_docker/handlers/main.yml new file mode 100644 index 000000000..92a6c325f --- /dev/null +++ b/roles/openshift_docker/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: restart openshift_docker + service: + name: docker + state: restarted diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml index 75e782eef..5a285e773 100644 --- a/roles/openshift_docker/tasks/main.yml +++ b/roles/openshift_docker/tasks/main.yml @@ -18,7 +18,7 @@ - stat: path=/etc/sysconfig/docker register: docker_check - + - name: Set registry params lineinfile: dest: /etc/sysconfig/docker @@ -36,7 +36,7 @@ reg_fact_val: "{{ openshift.common.docker_insecure_registries }}" reg_flag: --insecure-registry notify: - - restart docker + - restart openshift_docker # TODO: Enable secure registry when code available in origin # TODO: perhaps move this to openshift_docker? @@ -50,4 +50,4 @@ {% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '" when: docker_check.stat.isreg notify: - - restart docker \ No newline at end of file + - restart openshift_docker -- cgit v1.2.3 From 8753a3f52863a4c70105dddcc8cf1d6d99c22b95 Mon Sep 17 00:00:00 2001 From: enoodle Date: Thu, 10 Dec 2015 14:36:02 +0200 Subject: Adding ManageIQ service account by default Signed-off-by: enoodle --- roles/openshift_facts/library/openshift_facts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index fed00132a..a6a419bc7 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1121,7 +1121,7 @@ class OpenShiftFacts(object): common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, deployment_type='origin', hostname=hostname, - public_hostname=hostname, use_manageiq=False) + public_hostname=hostname, use_manageiq=True) common['client_binary'] = 'oc' common['admin_binary'] = 'oadm' common['dns_domain'] = 'cluster.local' -- cgit v1.2.3 From 9b760b0a89a77c5be0b3521a2c35b5afcb2a20d2 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Thu, 3 Dec 2015 14:09:42 -0500 Subject: Clean up idempotency issues with session secrets. --- filter_plugins/oo_filters.py | 19 ++++++--- playbooks/common/openshift-master/config.yml | 46 +++++++++++++--------- roles/openshift_master/tasks/main.yml | 11 +++++- roles/openshift_master/templates/master.yaml.v1.j2 | 2 + .../templates/sessionSecretsFile.yaml.v1.j2 | 6 +-- 5 files changed, 55 insertions(+), 29 deletions(-) diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 48e27a24a..326c36f6c 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -8,12 +8,11 @@ Custom filters for use in openshift-ansible from ansible import errors from operator import itemgetter import OpenSSL.crypto -import os.path +import os import pdb import re import json - class FilterModule(object): ''' Custom ansible filters ''' @@ -366,9 +365,6 @@ class FilterModule(object): "keyfile": "/etc/origin/master/named_certificates/custom2.key", "names": [ "some-hostname.com" ] }] ''' - if not issubclass(type(certificates), list): - raise errors.AnsibleFilterError("|failed expects certificates is a list") - if not issubclass(type(named_certs_dir), unicode): raise errors.AnsibleFilterError("|failed expects named_certs_dir is unicode") @@ -468,6 +464,16 @@ class FilterModule(object): pass return clusters + @staticmethod + def oo_generate_secret(num_bytes): + ''' generate a session secret ''' + + if not issubclass(type(num_bytes), int): + raise errors.AnsibleFilterError("|failed expects num_bytes is int") + + secret = os.urandom(num_bytes) + return secret.encode('base-64').strip() + def filters(self): ''' returns a mapping of filters to methods ''' return { @@ -486,5 +492,6 @@ class FilterModule(object): "oo_parse_heat_stack_outputs": self.oo_parse_heat_stack_outputs, "oo_parse_named_certificates": self.oo_parse_named_certificates, "oo_haproxy_backend_masters": self.oo_haproxy_backend_masters, - "oo_pretty_print_cluster": self.oo_pretty_print_cluster + "oo_pretty_print_cluster": self.oo_pretty_print_cluster, + "oo_generate_secret": self.oo_generate_secret } diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index fae37d70c..07ee4aca6 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -236,29 +236,39 @@ - role: haproxy when: groups.oo_masters_to_config | length > 1 -- name: Generate master session keys +- name: Check for cached session secrets hosts: oo_first_master - tasks: + pre_tasks: - fail: msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set" when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined) - fail: msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length" when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) - - name: Install OpenSSL package - action: "{{ ansible_pkg_mgr }} name=openssl state=present" - when: not openshift.common.is_atomic | bool - - name: Generate session authentication key - command: /usr/bin/openssl rand -base64 24 - register: session_auth_output - when: openshift_master_session_auth_secrets is undefined - - name: Generate session encryption key - command: /usr/bin/openssl rand -base64 24 - register: session_encryption_output - when: openshift_master_session_encryption_secrets is undefined - - set_fact: - session_auth_secret: "{{ openshift_master_session_auth_secrets | default([session_auth_output.stdout]) }}" - session_encryption_secret: "{{ openshift_master_session_encryption_secrets | default([session_encryption_output.stdout]) }}" + roles: + - role: openshift_facts + post_tasks: + - openshift_facts: + role: master + local_facts: + session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(openshift.master.session_auth_secrets | default(None)) }}" + session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(openshift.master.session_encryption_secrets | default(None)) }}" + +- name: Generate master session secrets + hosts: oo_first_master + vars: + g_session_secrets_present: "{{ (openshift.master.session_auth_secrets | default([]) and openshift.master.session_encryption_secrets | default([])) | length > 0 }}" + g_session_auth_secrets: "{{ [ 24 | oo_generate_secret ] }}" + g_session_encryption_secrets: "{{ [ 24 | oo_generate_secret ] }}" + roles: + - role: openshift_facts + tasks: + - openshift_facts: + role: master + local_facts: + session_auth_secrets: "{{ g_session_auth_secrets }}" + session_encryption_secrets: "{{ g_session_encryption_secrets }}" + when: not g_session_secrets_present | bool - name: Parse named certificates hosts: localhost @@ -314,8 +324,8 @@ sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" openshift_master_count: "{{ groups.oo_masters_to_config | length }}" - openshift_master_session_auth_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_auth_secret'] }}" - openshift_master_session_encryption_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_encryption_secret'] }}" + openshift_master_session_auth_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_auth_secrets }}" + openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}" pre_tasks: - name: Ensure certificate directory exists file: diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index a22654678..1c7fdfcf9 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -9,6 +9,13 @@ Invalid OAuth grant method: {{ openshift_master_oauth_grant_method }} when: openshift_master_oauth_grant_method is defined and openshift_master_oauth_grant_method not in openshift_master_valid_grant_methods +# Session Options Validation +- fail: + msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set" + when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined) +- fail: + msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length" + when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) # HA Variable Validation - fail: @@ -55,9 +62,9 @@ portal_net: "{{ openshift_master_portal_net | default(None) }}" session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}" session_name: "{{ openshift_master_session_name | default(None) }}" + session_secrets_file: "{{ openshift_master_session_secrets_file | default(None) }}" session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(None) }}" session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(None) }}" - session_secrets_file: "{{ openshift_master_session_secrets_file | default(None) }}" access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}" auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}" identity_providers: "{{ openshift_master_identity_providers | default(None) }}" @@ -221,7 +228,7 @@ template: dest: "{{ openshift.master.session_secrets_file }}" src: sessionSecretsFile.yaml.v1.j2 - force: no + when: openshift.master.session_auth_secrets is defined and openshift.master.session_encryption_secrets is defined notify: - restart master - restart master api diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 5f73461d4..da3209970 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -127,7 +127,9 @@ oauthConfig: sessionConfig: sessionMaxAgeSeconds: {{ openshift.master.session_max_seconds }} sessionName: {{ openshift.master.session_name }} +{% if openshift.master.session_auth_secrets is defined and openshift.master.session_encryption_secrets is defined %} sessionSecretsFile: {{ openshift.master.session_secrets_file }} +{% endif %} tokenConfig: accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }} authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }} diff --git a/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 index d12d9db90..3d4b573a9 100644 --- a/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 +++ b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 @@ -1,7 +1,7 @@ apiVersion: v1 kind: SessionSecrets secrets: -{% for secret in openshift_master_session_auth_secrets %} -- authentication: "{{ openshift_master_session_auth_secrets[loop.index0] }}" - encryption: "{{ openshift_master_session_encryption_secrets[loop.index0] }}" +{% for secret in openshift.master.session_auth_secrets %} +- authentication: "{{ openshift.master.session_auth_secrets[loop.index0] }}" + encryption: "{{ openshift.master.session_encryption_secrets[loop.index0] }}" {% endfor %} -- cgit v1.2.3 From ef014ae06a50c5f2050aa183638165895154db5f Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 16 Dec 2015 17:56:09 -0500 Subject: Secrets validation. --- filter_plugins/openshift_master.py | 29 +++++++++++++++++++++++++++- playbooks/common/openshift-master/config.yml | 14 ++++++++++++-- roles/openshift_master/tasks/main.yml | 14 ++++++++++++-- 3 files changed, 52 insertions(+), 5 deletions(-) diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index f12017967..40c1083e0 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -463,7 +463,34 @@ class FilterModule(object): IdentityProviderBase.validate_idp_list(idp_list) return yaml.safe_dump([idp.to_dict() for idp in idp_list], default_flow_style=False) + @staticmethod + def validate_auth_secrets(secrets): + ''' validate type and length ''' + + if not issubclass(type(secrets), list): + raise errors.AnsibleFilterError("|failed expects openshift_master_session_auth_secrets is a list") + + for secret in secrets: + if len(secret) < 32: + return False + return True + + @staticmethod + def validate_encryption_secrets(secrets): + ''' validate type and length ''' + + if not issubclass(type(secrets), list): + raise errors.AnsibleFilterError("|failed expects openshift_master_session_encryption_secrets is a list") + + for secret in secrets: + if len(secret) not in [16, 24, 32]: + return False + return True def filters(self): ''' returns a mapping of filters to methods ''' - return {"translate_idps": self.translate_idps} + return { + "translate_idps": self.translate_idps, + "validate_auth_secrets": self.validate_auth_secrets, + "validate_encryption_secrets": self.validate_encryption_secrets + } diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 07ee4aca6..b7e9362cd 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -240,11 +240,21 @@ hosts: oo_first_master pre_tasks: - fail: - msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set" + msg: > + Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined) - fail: - msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length" + msg: > + openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) + - fail: + msg: > + Invalid secret length in openshift_master_session_auth_secrets: secrets must be at least 32 characters + when: openshift_master_session_auth_secrets is defined and not openshift_master_session_auth_secrets | validate_auth_secrets | bool + - fail: + msg: > + Invalid secret length in openshift_master_session_encryption_secrets: secrets must be 16, 24, or 32 characters + when: openshift_master_session_encryption_secrets is defined and not openshift_master_session_encryption_secrets | validate_encryption_secrets | bool roles: - role: openshift_facts post_tasks: diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 1c7fdfcf9..e6ddd1c49 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -11,11 +11,21 @@ # Session Options Validation - fail: - msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set" + msg: > + Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined) - fail: - msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length" + msg: > + openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) +- fail: + msg: > + Invalid secret length in openshift_master_session_auth_secrets: secrets must be at least 32 characters + when: openshift_master_session_auth_secrets is defined and not openshift_master_session_auth_secrets | validate_auth_secrets | bool +- fail: + msg: > + Invalid secret length in openshift_master_session_encryption_secrets: secrets must be 16, 24, or 32 characters + when: openshift_master_session_encryption_secrets is defined and not openshift_master_session_encryption_secrets | validate_encryption_secrets | bool # HA Variable Validation - fail: -- cgit v1.2.3 From 62fcc9436db024d189f3ff8107aeb7e2a1ae812f Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Fri, 18 Dec 2015 11:02:52 -0500 Subject: openshift_facts validation --- filter_plugins/openshift_master.py | 30 +------------ playbooks/common/openshift-master/config.yml | 8 ---- roles/openshift_facts/library/openshift_facts.py | 55 +++++++++++++++++++++++- roles/openshift_master/tasks/main.yml | 8 ---- 4 files changed, 55 insertions(+), 46 deletions(-) diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index 40c1083e0..8d7c62ad1 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -463,34 +463,6 @@ class FilterModule(object): IdentityProviderBase.validate_idp_list(idp_list) return yaml.safe_dump([idp.to_dict() for idp in idp_list], default_flow_style=False) - @staticmethod - def validate_auth_secrets(secrets): - ''' validate type and length ''' - - if not issubclass(type(secrets), list): - raise errors.AnsibleFilterError("|failed expects openshift_master_session_auth_secrets is a list") - - for secret in secrets: - if len(secret) < 32: - return False - return True - - @staticmethod - def validate_encryption_secrets(secrets): - ''' validate type and length ''' - - if not issubclass(type(secrets), list): - raise errors.AnsibleFilterError("|failed expects openshift_master_session_encryption_secrets is a list") - - for secret in secrets: - if len(secret) not in [16, 24, 32]: - return False - return True - def filters(self): ''' returns a mapping of filters to methods ''' - return { - "translate_idps": self.translate_idps, - "validate_auth_secrets": self.validate_auth_secrets, - "validate_encryption_secrets": self.validate_encryption_secrets - } + return {"translate_idps": self.translate_idps} diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index b7e9362cd..0334a002e 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -247,14 +247,6 @@ msg: > openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) - - fail: - msg: > - Invalid secret length in openshift_master_session_auth_secrets: secrets must be at least 32 characters - when: openshift_master_session_auth_secrets is defined and not openshift_master_session_auth_secrets | validate_auth_secrets | bool - - fail: - msg: > - Invalid secret length in openshift_master_session_encryption_secrets: secrets must be 16, 24, or 32 characters - when: openshift_master_session_encryption_secrets is defined and not openshift_master_session_encryption_secrets | validate_encryption_secrets | bool roles: - role: openshift_facts post_tasks: diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index fed00132a..133de758f 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1043,6 +1043,7 @@ class OpenShiftFacts(object): facts (dict): facts for the host Args: + module (AnsibleModule): an AnsibleModule object role (str): role for setting local facts filename (str): local facts file to use local_facts (dict): local facts to set @@ -1257,14 +1258,66 @@ class OpenShiftFacts(object): del facts[key] if new_local_facts != local_facts: - changed = True + self.validate_local_facts(new_local_facts) if not module.check_mode: + changed = True save_local_facts(self.filename, new_local_facts) self.changed = changed return new_local_facts + def validate_local_facts(self, facts=None): + """ Validate local facts + + Args: + facts (dict): local facts to validate + """ + invalid_facts = dict() + invalid_facts = self.validate_master_facts(facts, invalid_facts) + if invalid_facts: + msg = 'Invalid facts detected:\n' + for key in invalid_facts.keys(): + msg += '{0}: {1}\n'.format(key, invalid_facts[key]) + module.fail_json(msg=msg, + changed=self.changed) + + # disabling pylint errors for line-too-long since we're dealing + # with best effort reduction of error messages here. + # pylint: disable=line-too-long + @staticmethod + def validate_master_facts(facts, invalid_facts): + """ Validate master facts + + Args: + facts (dict): local facts to validate + invalid_facts (dict): collected invalid_facts + + Returns: + dict: Invalid facts + """ + if 'master' in facts: + # openshift.master.session_auth_secrets + if 'session_auth_secrets' in facts['master']: + session_auth_secrets = facts['master']['session_auth_secrets'] + if not issubclass(type(session_auth_secrets), list): + invalid_facts['session_auth_secrets'] = 'Expects session_auth_secrets is a list.' + else: + for secret in session_auth_secrets: + if len(secret) < 32: + invalid_facts['session_auth_secrets'] = ('Invalid secret in session_auth_secrets. ' + 'Secrets must be at least 32 characters in length.') + # openshift.master.session_encryption_secrets + if 'session_encryption_secrets' in facts['master']: + session_encryption_secrets = facts['master']['session_encryption_secrets'] + if not issubclass(type(session_encryption_secrets), list): + invalid_facts['session_encryption_secrets'] = 'Expects session_encryption_secrets is a list.' + else: + for secret in session_encryption_secrets: + if len(secret) not in [16, 24, 32]: + invalid_facts['session_encryption_secrets'] = ('Invalid secret in session_encryption_secrets. ' + 'Secrets must be 16, 24, or 32 characters in length.') + return invalid_facts def main(): """ main """ diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index e6ddd1c49..a3cddfd63 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -18,14 +18,6 @@ msg: > openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) -- fail: - msg: > - Invalid secret length in openshift_master_session_auth_secrets: secrets must be at least 32 characters - when: openshift_master_session_auth_secrets is defined and not openshift_master_session_auth_secrets | validate_auth_secrets | bool -- fail: - msg: > - Invalid secret length in openshift_master_session_encryption_secrets: secrets must be 16, 24, or 32 characters - when: openshift_master_session_encryption_secrets is defined and not openshift_master_session_encryption_secrets | validate_encryption_secrets | bool # HA Variable Validation - fail: -- cgit v1.2.3 From f6565135e66071183dc2df519fbb5d5612862808 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Mon, 4 Jan 2016 09:40:41 -0500 Subject: Add node kubelet args to inventory examples. --- inventory/byo/hosts.aep.example | 3 +++ inventory/byo/hosts.origin.example | 3 +++ inventory/byo/hosts.ose.example | 3 +++ 3 files changed, 9 insertions(+) diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index 33d15c89b..e7e7aedfd 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -171,6 +171,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure dnsIP in the node config #openshift_dns_ip=172.30.0.1 +# Configure node kubelet arguments +#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} + # host group for masters [masters] aep3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 2dff2694c..ae9c94f04 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -181,6 +181,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_nfs_registry_volume=regvol #openshift_nfs_export_options='*(rw,sync,all_squash)' +# Configure node kubelet arguments +#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 3e1ce8e2b..54864d195 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -171,6 +171,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure dnsIP in the node config #openshift_dns_ip=172.30.0.1 +# Configure node kubelet arguments +#openshift_node_kubelet_args={'max-pods': ['40'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com -- cgit v1.2.3 From a21189c1f0611bff6935364c8c255a88060d882d Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Mon, 23 Nov 2015 11:53:27 -0500 Subject: Removing environment and env tags. --- bin/cluster | 106 ++++++++++++--------- bin/openshift_ansible/awsutil.py | 18 ++-- playbooks/adhoc/create_pv/create_pv.yaml | 9 +- .../docker_loopback_to_direct_lvm.yml | 2 +- playbooks/adhoc/grow_docker_vg/grow_docker_vg.yml | 2 +- playbooks/adhoc/s3_registry/s3_registry.yml | 2 +- playbooks/adhoc/setupnfs.yml | 21 ++++ playbooks/aws/openshift-cluster/cluster_hosts.yml | 20 ++++ playbooks/aws/openshift-cluster/config.yml | 16 +++- playbooks/aws/openshift-cluster/list.yml | 2 +- playbooks/aws/openshift-cluster/scaleup.yml | 17 +++- playbooks/aws/openshift-cluster/service.yml | 5 +- .../openshift-cluster/tasks/launch_instances.yml | 9 +- playbooks/aws/openshift-cluster/terminate.yml | 34 +++---- playbooks/aws/openshift-cluster/update.yml | 8 +- .../upgrades/v3_0_to_v3_1/upgrade.yml | 17 ++-- playbooks/byo/openshift-cluster/upgrades/README.md | 2 +- playbooks/gce/openshift-cluster/cluster_hosts.yml | 20 ++++ playbooks/gce/openshift-cluster/config.yml | 16 +++- playbooks/gce/openshift-cluster/join_node.yml | 11 +-- playbooks/gce/openshift-cluster/list.yml | 2 +- playbooks/gce/openshift-cluster/service.yml | 5 +- .../openshift-cluster/tasks/launch_instances.yml | 3 +- playbooks/gce/openshift-cluster/terminate.yml | 3 +- playbooks/gce/openshift-cluster/update.yml | 8 +- .../libvirt/openshift-cluster/cluster_hosts.yml | 20 ++++ playbooks/libvirt/openshift-cluster/config.yml | 16 +++- playbooks/libvirt/openshift-cluster/list.yml | 2 +- .../openshift-cluster/tasks/launch_instances.yml | 2 +- .../libvirt/openshift-cluster/templates/domain.xml | 3 +- playbooks/libvirt/openshift-cluster/terminate.yml | 2 +- playbooks/libvirt/openshift-cluster/update.yml | 9 +- .../openstack/openshift-cluster/cluster_hosts.yml | 20 ++++ playbooks/openstack/openshift-cluster/config.yml | 17 +++- playbooks/openstack/openshift-cluster/launch.yml | 8 +- playbooks/openstack/openshift-cluster/list.yml | 2 +- .../openstack/openshift-cluster/terminate.yml | 3 +- playbooks/openstack/openshift-cluster/update.yml | 9 +- 38 files changed, 301 insertions(+), 170 deletions(-) create mode 100644 playbooks/adhoc/setupnfs.yml create mode 100644 playbooks/aws/openshift-cluster/cluster_hosts.yml create mode 100644 playbooks/gce/openshift-cluster/cluster_hosts.yml create mode 100644 playbooks/libvirt/openshift-cluster/cluster_hosts.yml create mode 100644 playbooks/openstack/openshift-cluster/cluster_hosts.yml diff --git a/bin/cluster b/bin/cluster index 9b02b4347..3081ebd4a 100755 --- a/bin/cluster +++ b/bin/cluster @@ -55,94 +55,108 @@ class Cluster(object): Create an OpenShift cluster for given provider :param args: command line arguments provided by user """ - env = {'cluster_id': args.cluster_id, + cluster = {'cluster_id': args.cluster_id, 'deployment_type': self.get_deployment_type(args)} playbook = "playbooks/{0}/openshift-cluster/launch.yml".format(args.provider) inventory = self.setup_provider(args.provider) - env['num_masters'] = args.masters - env['num_nodes'] = args.nodes - env['num_infra'] = args.infra - env['num_etcd'] = args.etcd + cluster['num_masters'] = args.masters + cluster['num_nodes'] = args.nodes + cluster['num_infra'] = args.infra + cluster['num_etcd'] = args.etcd + cluster['cluster_env'] = args.env - self.action(args, inventory, env, playbook) + self.action(args, inventory, cluster, playbook) def addNodes(self, args): """ Add nodes to an existing cluster for given provider :param args: command line arguments provided by user """ - env = {'cluster_id': args.cluster_id, - 'deployment_type': self.get_deployment_type(args)} + cluster = {'cluster_id': args.cluster_id, + 'deployment_type': self.get_deployment_type(args), + } playbook = "playbooks/{0}/openshift-cluster/addNodes.yml".format(args.provider) inventory = self.setup_provider(args.provider) - env['num_nodes'] = args.nodes - env['num_infra'] = args.infra + cluster['num_nodes'] = args.nodes + cluster['num_infra'] = args.infra + cluster['cluster_env'] = args.env - self.action(args, inventory, env, playbook) + self.action(args, inventory, cluster, playbook) def terminate(self, args): """ Destroy OpenShift cluster :param args: command line arguments provided by user """ - env = {'cluster_id': args.cluster_id, - 'deployment_type': self.get_deployment_type(args)} + cluster = {'cluster_id': args.cluster_id, + 'deployment_type': self.get_deployment_type(args), + 'cluster_env': args.env, + } playbook = "playbooks/{0}/openshift-cluster/terminate.yml".format(args.provider) inventory = self.setup_provider(args.provider) - self.action(args, inventory, env, playbook) + self.action(args, inventory, cluster, playbook) def list(self, args): """ List VMs in cluster :param args: command line arguments provided by user """ - env = {'cluster_id': args.cluster_id, - 'deployment_type': self.get_deployment_type(args)} + cluster = {'cluster_id': args.cluster_id, + 'deployment_type': self.get_deployment_type(args), + 'cluster_env': args.env, + } playbook = "playbooks/{0}/openshift-cluster/list.yml".format(args.provider) inventory = self.setup_provider(args.provider) - self.action(args, inventory, env, playbook) + self.action(args, inventory, cluster, playbook) def config(self, args): """ Configure or reconfigure OpenShift across clustered VMs :param args: command line arguments provided by user """ - env = {'cluster_id': args.cluster_id, - 'deployment_type': self.get_deployment_type(args)} + cluster = {'cluster_id': args.cluster_id, + 'deployment_type': self.get_deployment_type(args), + 'cluster_env': args.env, + } playbook = "playbooks/{0}/openshift-cluster/config.yml".format(args.provider) inventory = self.setup_provider(args.provider) - self.action(args, inventory, env, playbook) + self.action(args, inventory, cluster, playbook) def update(self, args): """ Update to latest OpenShift across clustered VMs :param args: command line arguments provided by user """ - env = {'cluster_id': args.cluster_id, - 'deployment_type': self.get_deployment_type(args)} + cluster = {'cluster_id': args.cluster_id, + 'deployment_type': self.get_deployment_type(args), + 'cluster_env': args.env, + } + playbook = "playbooks/{0}/openshift-cluster/update.yml".format(args.provider) inventory = self.setup_provider(args.provider) - self.action(args, inventory, env, playbook) + self.action(args, inventory, cluster, playbook) def service(self, args): """ Make the same service call across all nodes in the cluster :param args: command line arguments provided by user """ - env = {'cluster_id': args.cluster_id, - 'deployment_type': self.get_deployment_type(args), - 'new_cluster_state': args.state} + cluster = {'cluster_id': args.cluster_id, + 'deployment_type': self.get_deployment_type(args), + 'new_cluster_state': args.state, + 'cluster_env': args.env, + } playbook = "playbooks/{0}/openshift-cluster/service.yml".format(args.provider) inventory = self.setup_provider(args.provider) - self.action(args, inventory, env, playbook) + self.action(args, inventory, cluster, playbook) def setup_provider(self, provider): """ @@ -152,10 +166,9 @@ class Cluster(object): """ config = ConfigParser.ConfigParser() if 'gce' == provider: - gce_ini_default_path = os.path.join( - 'inventory/gce/hosts/gce.ini') + gce_ini_default_path = os.path.join('inventory/gce/hosts/gce.ini') gce_ini_path = os.environ.get('GCE_INI_PATH', gce_ini_default_path) - if os.path.exists(gce_ini_path): + if os.path.exists(gce_ini_path): config.readfp(open(gce_ini_path)) for key in config.options('gce'): @@ -190,12 +203,12 @@ class Cluster(object): return inventory - def action(self, args, inventory, env, playbook): + def action(self, args, inventory, cluster, playbook): """ Build ansible-playbook command line and execute :param args: command line arguments provided by user :param inventory: derived provider library - :param env: environment variables for kubernetes + :param cluster: cluster variables for kubernetes :param playbook: ansible playbook to execute """ @@ -206,14 +219,14 @@ class Cluster(object): if args.option: for opt in args.option: k, v = opt.split('=', 1) - env['cli_' + k] = v + cluster['cli_' + k] = v - ansible_env = '-e \'{0}\''.format( - ' '.join(['%s=%s' % (key, value) for (key, value) in env.items()]) + ansible_extra_vars = '-e \'{0}\''.format( + ' '.join(['%s=%s' % (key, value) for (key, value) in cluster.items()]) ) command = 'ansible-playbook {0} {1} {2} {3}'.format( - verbose, inventory, ansible_env, playbook + verbose, inventory, ansible_extra_vars, playbook ) if args.profile: @@ -242,7 +255,7 @@ class ActionFailed(Exception): if __name__ == '__main__': """ - User command to invoke ansible playbooks in a "known" environment + User command to invoke ansible playbooks in a "known" configuration Reads ~/.openshift-ansible for default configuration items [DEFAULT] @@ -251,7 +264,7 @@ if __name__ == '__main__': providers = gce,aws,libvirt,openstack """ - environment = ConfigParser.SafeConfigParser({ + cluster_config = ConfigParser.SafeConfigParser({ 'cluster_ids': 'marketing,sales', 'validate_cluster_ids': 'False', 'providers': 'gce,aws,libvirt,openstack', @@ -259,23 +272,23 @@ if __name__ == '__main__': path = os.path.expanduser("~/.openshift-ansible") if os.path.isfile(path): - environment.read(path) + cluster_config.read(path) cluster = Cluster() parser = argparse.ArgumentParser( - description='Python wrapper to ensure proper environment for OpenShift ansible playbooks', + description='Python wrapper to ensure proper configuration for OpenShift ansible playbooks', ) parser.add_argument('-v', '--verbose', action='count', help='Multiple -v options increase the verbosity') parser.add_argument('--version', action='version', version='%(prog)s 0.3') meta_parser = argparse.ArgumentParser(add_help=False) - providers = environment.get('DEFAULT', 'providers').split(',') + providers = cluster_config.get('DEFAULT', 'providers').split(',') meta_parser.add_argument('provider', choices=providers, help='provider') - if environment.get('DEFAULT', 'validate_cluster_ids').lower() in ("yes", "true", "1"): - meta_parser.add_argument('cluster_id', choices=environment.get('DEFAULT', 'cluster_ids').split(','), + if cluster_config.get('DEFAULT', 'validate_cluster_ids').lower() in ("yes", "true", "1"): + meta_parser.add_argument('cluster_id', choices=cluster_config.get('DEFAULT', 'cluster_ids').split(','), help='prefix for cluster VM names') else: meta_parser.add_argument('cluster_id', help='prefix for cluster VM names') @@ -289,6 +302,9 @@ if __name__ == '__main__': meta_parser.add_argument('-o', '--option', action='append', help='options') + meta_parser.add_argument('--env', default='dev', type=str, + help='environment for the cluster. Defaults to \'dev\'.') + meta_parser.add_argument('-p', '--profile', action='store_true', help='Enable playbook profiling') @@ -350,14 +366,14 @@ if __name__ == '__main__': args = parser.parse_args() if 'terminate' == args.action and not args.force: - answer = raw_input("This will destroy the ENTIRE {0} environment. Are you sure? [y/N] ".format(args.cluster_id)) + answer = raw_input("This will destroy the ENTIRE {0} cluster. Are you sure? [y/N] ".format(args.cluster_id)) if answer not in ['y', 'Y']: sys.stderr.write('\nACTION [terminate] aborted by user!\n') exit(1) if 'update' == args.action and not args.force: answer = raw_input( - "This is destructive and could corrupt {0} environment. Continue? [y/N] ".format(args.cluster_id)) + "This is destructive and could corrupt {0} cluster. Continue? [y/N] ".format(args.cluster_id)) if answer not in ['y', 'Y']: sys.stderr.write('\nACTION [update] aborted by user!\n') exit(1) diff --git a/bin/openshift_ansible/awsutil.py b/bin/openshift_ansible/awsutil.py index 1ea2f914c..76b4f4f51 100644 --- a/bin/openshift_ansible/awsutil.py +++ b/bin/openshift_ansible/awsutil.py @@ -61,7 +61,7 @@ class AwsUtil(object): def get_environments(self): """Searches for env tags in the inventory and returns all of the envs found.""" - pattern = re.compile(r'^tag_env_(.*)') + pattern = re.compile(r'^tag_environment_(.*)') envs = [] inv = self.get_inventory() @@ -109,13 +109,13 @@ class AwsUtil(object): inst_by_env = {} for _, host in inv['_meta']['hostvars'].items(): # If you don't have an environment tag, we're going to ignore you - if 'ec2_tag_env' not in host: + if 'ec2_tag_environment' not in host: continue - if host['ec2_tag_env'] not in inst_by_env: - inst_by_env[host['ec2_tag_env']] = {} + if host['ec2_tag_environment'] not in inst_by_env: + inst_by_env[host['ec2_tag_environment']] = {} host_id = "%s:%s" % (host['ec2_tag_Name'], host['ec2_id']) - inst_by_env[host['ec2_tag_env']][host_id] = host + inst_by_env[host['ec2_tag_environment']][host_id] = host return inst_by_env @@ -157,7 +157,7 @@ class AwsUtil(object): def gen_env_tag(env): """Generate the environment tag """ - return "tag_env_%s" % env + return "tag_environment_%s" % env def gen_host_type_tag(self, host_type): """Generate the host type tag @@ -165,12 +165,6 @@ class AwsUtil(object): host_type = self.resolve_host_type(host_type) return "tag_host-type_%s" % host_type - def gen_env_host_type_tag(self, host_type, env): - """Generate the environment host type tag - """ - host_type = self.resolve_host_type(host_type) - return "tag_env-host-type_%s-%s" % (env, host_type) - def get_host_list(self, host_type=None, envs=None, version=None, cached=False): """Get the list of hosts from the inventory using host-type and environment """ diff --git a/playbooks/adhoc/create_pv/create_pv.yaml b/playbooks/adhoc/create_pv/create_pv.yaml index 0ca040ee1..347d9f574 100644 --- a/playbooks/adhoc/create_pv/create_pv.yaml +++ b/playbooks/adhoc/create_pv/create_pv.yaml @@ -3,9 +3,8 @@ # ansible-playbook -e "cli_volume_size=1" \ # -e "cli_device_name=/dev/xvdf" \ # -e "cli_hosttype=master" \ -# -e "cli_env=ops" \ +# -e "cli_clusterid=ops" \ # create_pv.yaml -# FIXME: we need to change "env" to "clusterid" as that's what it really is now. # - name: Create a volume and attach it to master hosts: localhost @@ -16,7 +15,7 @@ cli_volume_type: gp2 cli_volume_iops: '' oo_name: "{{ groups['tag_host-type_' ~ cli_hosttype] | - intersect(groups['tag_env_' ~ cli_env]) | + intersect(groups['oo_clusterid_' ~ cli_clusterid]) | first }}" pre_tasks: - fail: @@ -26,7 +25,7 @@ - cli_volume_size - cli_device_name - cli_hosttype - - cli_env + - cli_clusterid - name: set oo_name fact set_fact: @@ -57,7 +56,7 @@ args: tags: Name: "pv-{{ hostvars[oo_name]['ec2_tag_Name'] }}" - env: "{{cli_env}}" + clusterid: "{{cli_clusterid}}" register: voltags - debug: var=voltags diff --git a/playbooks/adhoc/docker_loopback_to_lvm/docker_loopback_to_direct_lvm.yml b/playbooks/adhoc/docker_loopback_to_lvm/docker_loopback_to_direct_lvm.yml index 89128dd3c..4d32fc40b 100644 --- a/playbooks/adhoc/docker_loopback_to_lvm/docker_loopback_to_direct_lvm.yml +++ b/playbooks/adhoc/docker_loopback_to_lvm/docker_loopback_to_direct_lvm.yml @@ -113,7 +113,7 @@ args: tags: Name: "{{ ec2_tag_Name }}" - env: "{{ ec2_tag_env}}" + clusterid: "{{ ec2_tag_clusterid }}" register: voltags - name: Wait for volume to attach diff --git a/playbooks/adhoc/grow_docker_vg/grow_docker_vg.yml b/playbooks/adhoc/grow_docker_vg/grow_docker_vg.yml index b4bcb25da..174cea460 100644 --- a/playbooks/adhoc/grow_docker_vg/grow_docker_vg.yml +++ b/playbooks/adhoc/grow_docker_vg/grow_docker_vg.yml @@ -151,7 +151,7 @@ args: tags: Name: "{{ ec2_tag_Name }}" - env: "{{ ec2_tag_env }}" + clusterid: "{{ ec2_tag_clusterid }}" register: voltags - name: check for attached drive diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml index 071c2cf46..d409b4086 100644 --- a/playbooks/adhoc/s3_registry/s3_registry.yml +++ b/playbooks/adhoc/s3_registry/s3_registry.yml @@ -6,7 +6,7 @@ # The AWS access/secret keys should be the keys of a separate user (not your main user), containing only the necessary S3 access role. # The 'clusterid' is the short name of your cluster. -- hosts: tag_env_{{ clusterid }}:&tag_host-type_openshift-master +- hosts: tag_clusterid_{{ clusterid }}:&tag_host-type_openshift-master remote_user: root gather_facts: False diff --git a/playbooks/adhoc/setupnfs.yml b/playbooks/adhoc/setupnfs.yml new file mode 100644 index 000000000..5f3631fcf --- /dev/null +++ b/playbooks/adhoc/setupnfs.yml @@ -0,0 +1,21 @@ +--- +### This playbook is old and we are currently not using NFS. +- hosts: tag_Name_nfs-v3-stg + sudo: no + remote_user: root + gather_facts: no + roles: + - role: openshift_storage_nfs_lvm + mount_dir: /exports/stg-black + volume_prefix: "kwoodsontest" + volume_size: 5 + volume_num_start: 222 + number_of_volumes: 3 + tasks: + - fetch: + dest: json/ + src: /root/"{{ item }}" + with_items: + - persistent-volume.kwoodsontest5g0222.json + - persistent-volume.kwoodsontest5g0223.json + - persistent-volume.kwoodsontest5g0224.json diff --git a/playbooks/aws/openshift-cluster/cluster_hosts.yml b/playbooks/aws/openshift-cluster/cluster_hosts.yml new file mode 100644 index 000000000..b7f8ac7b9 --- /dev/null +++ b/playbooks/aws/openshift-cluster/cluster_hosts.yml @@ -0,0 +1,20 @@ +--- +etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" + +lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" + +master_hosts: "{{ (groups['tag_host-type_master']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" + +node_hosts: "{{ (groups['tag_host-type_node']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" + +nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) + | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" + diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml index f46988432..04d9ac6c8 100644 --- a/playbooks/aws/openshift-cluster/config.yml +++ b/playbooks/aws/openshift-cluster/config.yml @@ -5,18 +5,24 @@ become: no vars_files: - vars.yml + - cluster_hosts.yml tasks: - set_fact: g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" + g_etcd_hosts: "{{ etcd_hosts }}" + g_master_hosts: "{{ master_hosts }}" + g_node_hosts: "{{ node_hosts }}" + g_lb_hosts: "{{ lb_hosts }}" + g_nfs_hosts: "{{ nfs_hosts }}" - include: ../../common/openshift-cluster/config.yml vars: - g_etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_master_hosts: "{{ (groups['tag_host-type_master']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_node_hosts: "{{ (groups['tag_host-type_node']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" + g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" + g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" + g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" + g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" + g_nfs_hosts: "{{ hostvars.localhost.g_nfs_hosts }}" g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" g_nodeonmaster: true diff --git a/playbooks/aws/openshift-cluster/list.yml b/playbooks/aws/openshift-cluster/list.yml index 8341ba9c1..8b41a355e 100644 --- a/playbooks/aws/openshift-cluster/list.yml +++ b/playbooks/aws/openshift-cluster/list.yml @@ -7,7 +7,7 @@ vars_files: - vars.yml tasks: - - set_fact: scratch_group=tag_env_{{ cluster_id }} + - set_fact: scratch_group=tag_clusterid_{{ cluster_id }} when: cluster_id != '' - set_fact: scratch_group=all when: cluster_id == '' diff --git a/playbooks/aws/openshift-cluster/scaleup.yml b/playbooks/aws/openshift-cluster/scaleup.yml index 9c9118286..feb5af9e6 100644 --- a/playbooks/aws/openshift-cluster/scaleup.yml +++ b/playbooks/aws/openshift-cluster/scaleup.yml @@ -6,10 +6,16 @@ become: no vars_files: - vars.yml + - cluster_hosts.yml tasks: - set_fact: g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" + g_etcd_hosts: "{{ etcd_hosts }}" + g_master_hosts: "{{ master_hosts }}" + g_node_hosts: "{{ node_hosts }}" + g_lb_hosts: "{{ lb_hosts }}" + - name: Evaluate oo_hosts_to_update add_host: name: "{{ item }}" @@ -22,9 +28,14 @@ - include: ../../common/openshift-cluster/scaleup.yml vars: - g_etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_master_hosts: "{{ (groups['tag_host-type_master']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" + g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" + g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" + g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" + g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" + g_etcd_hosts: "{{ etcd_hosts }}" + g_lb_hosts: "{{ lb_hosts }}" + g_master_hosts: "{{ master_hosts }}" + g_node_hosts: "{{ node_hosts }}" g_new_node_hosts: "{{ groups.nodes_to_add }}" g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" diff --git a/playbooks/aws/openshift-cluster/service.yml b/playbooks/aws/openshift-cluster/service.yml index ce0992a45..d5f7d6b19 100644 --- a/playbooks/aws/openshift-cluster/service.yml +++ b/playbooks/aws/openshift-cluster/service.yml @@ -6,6 +6,7 @@ gather_facts: no vars_files: - vars.yml + - cluster_hosts.yml tasks: - fail: msg="cluster_id is required to be injected in this playbook" when: cluster_id is not defined @@ -16,7 +17,7 @@ groups: g_service_masters ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ g_master_hosts | default([]) }}" + with_items: "{{ master_hosts | default([]) }}" - name: Evaluate g_service_nodes add_host: @@ -24,7 +25,7 @@ groups: g_service_nodes ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ g_node_hosts | default([]) }}" + with_items: "{{ node_hosts | default([]) }}" - include: ../../common/openshift-node/service.yml - include: ../../common/openshift-master/service.yml diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml index 1fbd71a75..6090ed6fe 100644 --- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml @@ -2,7 +2,8 @@ - set_fact: created_by: "{{ lookup('env', 'LOGNAME')|default(cluster, true) }}" docker_vol_ephemeral: "{{ lookup('env', 'os_docker_vol_ephemeral') | default(false, true) }}" - env: "{{ cluster }}" + cluster: "{{ cluster_id }}" + env: "{{ cluster_env }}" host_type: "{{ type }}" sub_host_type: "{{ g_sub_host_type }}" @@ -123,7 +124,8 @@ wait: yes instance_tags: created-by: "{{ created_by }}" - env: "{{ env }}" + clusterid: "{{ cluster }}" + environment: "{{ cluster_env }}" host-type: "{{ host_type }}" sub-host-type: "{{ sub_host_type }}" volumes: "{{ volumes }}" @@ -139,7 +141,8 @@ Name: "{{ item.0 }}" - set_fact: - instance_groups: "tag_created-by_{{ created_by }}, tag_env_{{ env }}, tag_host-type_{{ host_type }}, tag_sub-host-type_{{ sub_host_type }}" + instance_groups: "tag_created-by_{{ created_by }}, tag_clusterid_{{ cluster }}, tag_environment_{{ cluster_env }}, + tag_host-type_{{ host_type }}, tag_sub-host-type_{{ sub_host_type }}" - set_fact: node_label: diff --git a/playbooks/aws/openshift-cluster/terminate.yml b/playbooks/aws/openshift-cluster/terminate.yml index aafd40c43..4b9c80b14 100644 --- a/playbooks/aws/openshift-cluster/terminate.yml +++ b/playbooks/aws/openshift-cluster/terminate.yml @@ -7,13 +7,12 @@ vars_files: - vars.yml tasks: - - set_fact: scratch_group=tag_env_{{ cluster_id }} - add_host: name: "{{ item }}" groups: oo_hosts_to_terminate ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups[scratch_group] | default([]) | difference(['localhost']) + with_items: (groups['tag_clusterid_' ~ cluster_id] | default([])) | difference(['localhost']) - name: Unsubscribe VMs hosts: oo_hosts_to_terminate @@ -29,34 +28,35 @@ connection: local become: no gather_facts: no - vars: - host_vars: "{{ hostvars - | oo_select_keys(groups['oo_hosts_to_terminate']) }}" tasks: - name: Remove tags from instances - ec2_tag: resource={{ item.ec2_id }} region={{ item.ec2_region }} state=absent - args: + ec2_tag: + resource: "{{ hostvars[item]['ec2_id'] }}" + region: "{{ hostvars[item]['ec2_region'] }}" + state: absent tags: - env: "{{ item['ec2_tag_env'] }}" - host-type: "{{ item['ec2_tag_host-type'] }}" - sub_host_type: "{{ item['ec2_tag_sub-host-type'] }}" - with_items: host_vars + environment: "{{ hostvars[item]['ec2_tag_environment'] }}" + clusterid: "{{ hostvars[item]['ec2_tag_clusterid'] }}" + host-type: "{{ hostvars[item]['ec2_tag_host-type'] }}" + sub_host_type: "{{ hostvars[item]['ec2_tag_sub-host-type'] }}" + with_items: groups.oo_hosts_to_terminate when: "'oo_hosts_to_terminate' in groups" - name: Terminate instances ec2: state: absent - instance_ids: ["{{ item.ec2_id }}"] - region: "{{ item.ec2_region }}" + instance_ids: ["{{ hostvars[item].ec2_id }}"] + region: "{{ hostvars[item].ec2_region }}" ignore_errors: yes register: ec2_term - with_items: host_vars + with_items: groups.oo_hosts_to_terminate when: "'oo_hosts_to_terminate' in groups" # Fail if any of the instances failed to terminate with an error other # than 403 Forbidden - - fail: msg=Terminating instance {{ item.ec2_id }} failed with message {{ item.msg }} - when: "'oo_hosts_to_terminate' in groups and item.failed and not item.msg | search(\"error: EC2ResponseError: 403 Forbidden\")" + - fail: + msg: "Terminating instance {{ item.ec2_id }} failed with message {{ item.msg }}" + when: "'oo_hosts_to_terminate' in groups and item.has_key('failed') and item.failed" with_items: ec2_term.results - name: Stop instance if termination failed @@ -65,7 +65,7 @@ instance_ids: ["{{ item.item.ec2_id }}"] region: "{{ item.item.ec2_region }}" register: ec2_stop - when: "'oo_hosts_to_terminate' in groups and item.failed" + when: "'oo_hosts_to_terminate' in groups and item.has_key('failed') and item.failed" with_items: ec2_term.results - name: Rename stopped instances diff --git a/playbooks/aws/openshift-cluster/update.yml b/playbooks/aws/openshift-cluster/update.yml index 3df0c3f3a..caa0c1a2f 100644 --- a/playbooks/aws/openshift-cluster/update.yml +++ b/playbooks/aws/openshift-cluster/update.yml @@ -4,13 +4,9 @@ connection: local become: no gather_facts: no - vars: - g_etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) | intersect(groups['tag_env_' ~ cluster_id]) }}" - g_lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) | intersect(groups['tag_env_' ~ cluster_id]) }}" - g_master_hosts: "{{ (groups['tag_host-type_master']|default([])) | intersect(groups['tag_env_' ~ cluster_id]) }}" - g_node_hosts: "{{ (groups['tag_host-type_node']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" vars_files: - vars.yml + - cluster_hosts.yml tasks: - name: Update - Evaluate oo_hosts_to_update add_host: @@ -18,7 +14,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) | default([]) }}" + with_items: "{{ master_hosts | union(node_hosts) | union(etcd_hosts) | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 20cc97c8a..1534d9742 100644 --- a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -7,22 +7,23 @@ vars_files: - ../../vars.yml - "../../vars.{{ deployment_type }}.{{ cluster_id }}.yml" + - ../../cluster_hosts.yml tasks: - set_fact: g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" - - - set_fact: - tmp_nodes_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-node' }}" - when: deployment_type != 'online' + g_etcd_hosts: "{{ etcd_hosts }}" + g_master_hosts: "{{ master_hosts }}" + g_node_hosts: "{{ node_hosts }}" + g_lb_hosts: "{{ lb_hosts }}" - include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml vars: - g_etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_master_hosts: "{{ (groups['tag_host-type_master']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_node_hosts: "{{ (groups['tag_host-type_node']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" + g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" + g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" + g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" + g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" g_nodeonmaster: true diff --git a/playbooks/byo/openshift-cluster/upgrades/README.md b/playbooks/byo/openshift-cluster/upgrades/README.md index ce7aebf8e..ca01dbc9d 100644 --- a/playbooks/byo/openshift-cluster/upgrades/README.md +++ b/playbooks/byo/openshift-cluster/upgrades/README.md @@ -1,6 +1,6 @@ # Upgrade playbooks The playbooks provided in this directory can be used for upgrading an existing -environment. Additional notes for the associated upgrade playbooks are +cluster. Additional notes for the associated upgrade playbooks are provided in their respective directories. # Upgrades available diff --git a/playbooks/gce/openshift-cluster/cluster_hosts.yml b/playbooks/gce/openshift-cluster/cluster_hosts.yml new file mode 100644 index 000000000..6ccfe0e67 --- /dev/null +++ b/playbooks/gce/openshift-cluster/cluster_hosts.yml @@ -0,0 +1,20 @@ +--- +etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" + +lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" + +master_hosts: "{{ (groups['tag_host-type-master']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" + +node_hosts: "{{ (groups['tag_host-type-node']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" + +nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) + | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" + diff --git a/playbooks/gce/openshift-cluster/config.yml b/playbooks/gce/openshift-cluster/config.yml index 4a76e406a..43da60ccd 100644 --- a/playbooks/gce/openshift-cluster/config.yml +++ b/playbooks/gce/openshift-cluster/config.yml @@ -8,8 +8,14 @@ become: no vars_files: - vars.yml + - cluster_hosts.yml tasks: - set_fact: + g_etcd_hosts: "{{ etcd_hosts }}" + g_master_hosts: "{{ master_hosts }}" + g_node_hosts: "{{ node_hosts }}" + g_lb_hosts: "{{ lb_hosts }}" + g_nfs_hosts: "{{ nfs_hosts }}" g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" use_sdn: "{{ do_we_use_openshift_sdn }}" @@ -17,11 +23,11 @@ - include: ../../common/openshift-cluster/config.yml vars: - g_etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" - g_lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" - g_master_hosts: "{{ (groups['tag_host-type-master']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" - g_nfs_hosts: "{{ (groups['tag_host-type-nfs']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" - g_node_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" + g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" + g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" + g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" + g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" + g_nfs_hosts: "{{ hostvars.localhost.g_nfs_hosts }}" g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" g_nodeonmaster: true diff --git a/playbooks/gce/openshift-cluster/join_node.yml b/playbooks/gce/openshift-cluster/join_node.yml index ab593b897..acf5e5110 100644 --- a/playbooks/gce/openshift-cluster/join_node.yml +++ b/playbooks/gce/openshift-cluster/join_node.yml @@ -4,13 +4,9 @@ connection: local become: no gather_facts: no - vars: - g_etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) | intersect(groups['tag_env-' ~ cluster_id]) }}" - g_lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) | intersect(groups['tag_env-' ~ cluster_id]) }}" - g_master_hosts: "{{ (groups['tag_host-type-master']|default([])) | intersect(groups['tag_env-' ~ cluster_id]) }}" - g_node_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" vars_files: - vars.yml + - cluster_hosts.yml tasks: - name: Evaluate oo_hosts_to_update add_host: @@ -28,6 +24,7 @@ gather_facts: no vars_files: - vars.yml + - cluster_hosts.yml tasks: - name: Evaluate oo_nodes_to_config add_host: @@ -38,11 +35,11 @@ - name: Evaluate oo_first_master add_host: - name: "{{ g_master_hosts | first }}" + name: "{{ master_hosts | first }}" ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" groups: oo_first_master - when: g_master_hosts is defined and g_master_hosts|length > 0 + when: master_hosts is defined and master_hosts|length > 0 #- include: config.yml - include: ../../common/openshift-node/config.yml diff --git a/playbooks/gce/openshift-cluster/list.yml b/playbooks/gce/openshift-cluster/list.yml index b9ff89c79..e67685912 100644 --- a/playbooks/gce/openshift-cluster/list.yml +++ b/playbooks/gce/openshift-cluster/list.yml @@ -7,7 +7,7 @@ vars_files: - vars.yml tasks: - - set_fact: scratch_group=tag_env-{{ cluster_id }} + - set_fact: scratch_group=tag_clusterid-{{ cluster_id }} when: cluster_id != '' - set_fact: scratch_group=all when: cluster_id == '' diff --git a/playbooks/gce/openshift-cluster/service.yml b/playbooks/gce/openshift-cluster/service.yml index 337ba7e44..8925de4cb 100644 --- a/playbooks/gce/openshift-cluster/service.yml +++ b/playbooks/gce/openshift-cluster/service.yml @@ -6,6 +6,7 @@ gather_facts: no vars_files: - vars.yml + - cluster_hosts.yml tasks: - fail: msg="cluster_id is required to be injected in this playbook" when: cluster_id is not defined @@ -15,14 +16,14 @@ groups: g_service_nodes ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ g_node_hosts | default([]) | difference(['localhost']) | difference(groups.status_terminated) }}" + with_items: "{{ node_hosts | default([]) | difference(['localhost']) | difference(groups.status_terminated) }}" - add_host: name: "{{ item }}" groups: g_service_masters ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ g_master_hosts | default([]) | difference(['localhost']) | difference(groups.status_terminated) }}" + with_items: "{{ master_hosts | default([]) | difference(['localhost']) | difference(groups.status_terminated) }}" - include: ../../common/openshift-node/service.yml - include: ../../common/openshift-master/service.yml diff --git a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml index 2360a3263..488b62eb9 100644 --- a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml @@ -16,7 +16,8 @@ #service_account_permissions: "datastore,logging-write" tags: - created-by-{{ lookup('env', 'LOGNAME') |default(cluster, true) }} - - env-{{ cluster }} + - environment-{{ cluster_env }} + - clusterid-{{ cluster_id }} - host-type-{{ type }} - sub-host-type-{{ g_sub_host_type }} when: instances |length > 0 diff --git a/playbooks/gce/openshift-cluster/terminate.yml b/playbooks/gce/openshift-cluster/terminate.yml index f4e89983b..faa46c0d6 100644 --- a/playbooks/gce/openshift-cluster/terminate.yml +++ b/playbooks/gce/openshift-cluster/terminate.yml @@ -7,13 +7,12 @@ vars_files: - vars.yml tasks: - - set_fact: scratch_group=tag_env-{{ cluster_id }} - add_host: name: "{{ item }}" groups: oo_hosts_to_terminate ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups[scratch_group] | default([], true) | difference(['localhost']) | difference(groups.status_terminated | default([], true)) + with_items: (groups['tag_clusterid-' ~ cluster_id] | default([])) | difference(['localhost']) - name: Unsubscribe VMs hosts: oo_hosts_to_terminate diff --git a/playbooks/gce/openshift-cluster/update.yml b/playbooks/gce/openshift-cluster/update.yml index d60662397..6313d0b95 100644 --- a/playbooks/gce/openshift-cluster/update.yml +++ b/playbooks/gce/openshift-cluster/update.yml @@ -4,13 +4,9 @@ become: no connection: local gather_facts: no - vars: - g_etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) | intersect(groups['tag_env-' ~ cluster_id]) }}" - g_lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) | intersect(groups['tag_env-' ~ cluster_id]) }}" - g_master_hosts: "{{ (groups['tag_host-type-master']|default([])) | intersect(groups['tag_env-' ~ cluster_id]) }}" - g_node_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" vars_files: - vars.yml + - cluster_hosts.yml tasks: - name: Evaluate oo_hosts_to_update add_host: @@ -18,7 +14,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) | default([]) }}" + with_items: "{{ master_hosts | union(node_hosts) | union(etcd_hosts) | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/libvirt/openshift-cluster/cluster_hosts.yml b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml new file mode 100644 index 000000000..f87c222fb --- /dev/null +++ b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml @@ -0,0 +1,20 @@ +--- +etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" + +lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" + +master_hosts: "{{ (groups['tag_host-type-master']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" + +node_hosts: "{{ (groups['tag_host-type-node']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" + +nfs_hosts: "{{ (groups['tag_host-type-node']|default([])) + | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" + diff --git a/playbooks/libvirt/openshift-cluster/config.yml b/playbooks/libvirt/openshift-cluster/config.yml index dcaec3924..8a7320d2f 100644 --- a/playbooks/libvirt/openshift-cluster/config.yml +++ b/playbooks/libvirt/openshift-cluster/config.yml @@ -9,18 +9,24 @@ connection: local vars_files: - vars.yml + - cluster_hosts.yml tasks: - set_fact: g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" + g_etcd_hosts: "{{ etcd_hosts }}" + g_master_hosts: "{{ master_hosts }}" + g_node_hosts: "{{ node_hosts }}" + g_lb_hosts: "{{ lb_hosts }}" + g_nfs_hosts: "{{ nfs_hosts }}" - include: ../../common/openshift-cluster/config.yml vars: - g_etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" - g_lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" - g_master_hosts: "{{ (groups['tag_host-type-master']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" - g_nfs_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" - g_node_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" + g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" + g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" + g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" + g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" + g_nfs_hosts: "{{ hostvars.localhost.g_nfs_hosts }}" g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" openshift_cluster_id: "{{ cluster_id }}" diff --git a/playbooks/libvirt/openshift-cluster/list.yml b/playbooks/libvirt/openshift-cluster/list.yml index d89e699f2..6cb81ee79 100644 --- a/playbooks/libvirt/openshift-cluster/list.yml +++ b/playbooks/libvirt/openshift-cluster/list.yml @@ -7,7 +7,7 @@ vars_files: - vars.yml tasks: - - set_fact: scratch_group=tag_env-{{ cluster_id }} + - set_fact: scratch_group=tag_clusterid-{{ cluster_id }} when: cluster_id != '' - set_fact: scratch_group=all when: cluster_id == '' diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml index ae8275ef6..ff1cedc94 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml @@ -88,7 +88,7 @@ ansible_ssh_host: '{{ item.1 }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: 'tag_env-{{ cluster }}, tag_host-type-{{ type }}, tag_sub-host-type-{{ g_sub_host_type }}' + groups: "tag_environment-{{ cluster_env }}, tag_host-type-{{ type }}, tag_sub-host-type-{{ g_sub_host_type }}, tag_clusterid-{{ cluster_id }}" with_together: - instances - ips diff --git a/playbooks/libvirt/openshift-cluster/templates/domain.xml b/playbooks/libvirt/openshift-cluster/templates/domain.xml index c4ac6a434..0ca8e0974 100644 --- a/playbooks/libvirt/openshift-cluster/templates/domain.xml +++ b/playbooks/libvirt/openshift-cluster/templates/domain.xml @@ -3,7 +3,8 @@ 1 - env-{{ cluster }} + environment-{{ cluster_env }} + clusterid-{{ cluster }} host-type-{{ type }} sub-host-type-{{ g_sub_host_type }} diff --git a/playbooks/libvirt/openshift-cluster/terminate.yml b/playbooks/libvirt/openshift-cluster/terminate.yml index a6b963608..8d845c8f2 100644 --- a/playbooks/libvirt/openshift-cluster/terminate.yml +++ b/playbooks/libvirt/openshift-cluster/terminate.yml @@ -9,7 +9,7 @@ vars_files: - vars.yml tasks: - - set_fact: cluster_group=tag_env-{{ cluster_id }} + - set_fact: cluster_group=tag_clusterid-{{ cluster_id }} - add_host: name: "{{ item }}" groups: oo_hosts_to_terminate diff --git a/playbooks/libvirt/openshift-cluster/update.yml b/playbooks/libvirt/openshift-cluster/update.yml index 5e2bd3a3d..8876d32be 100644 --- a/playbooks/libvirt/openshift-cluster/update.yml +++ b/playbooks/libvirt/openshift-cluster/update.yml @@ -4,14 +4,9 @@ become: no connection: local gather_facts: no - vars: - g_etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) | intersect(groups['tag_env-' ~ cluster_id]) }}" - g_lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) | intersect(groups['tag_env-' ~ cluster_id]) }}" - g_master_hosts: "{{ (groups['tag_host-type-master']|default([])) | intersect(groups['tag_env-' ~ cluster_id]) }}" - g_node_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" - vars_files: - vars.yml + - cluster_hosts.yml tasks: - name: Evaluate oo_hosts_to_update add_host: @@ -19,7 +14,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) | default([]) }}" + with_items: "{{ master_hosts | union(node_hosts) | union(etcd_hosts) | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/openstack/openshift-cluster/cluster_hosts.yml b/playbooks/openstack/openshift-cluster/cluster_hosts.yml new file mode 100644 index 000000000..80c0e218f --- /dev/null +++ b/playbooks/openstack/openshift-cluster/cluster_hosts.yml @@ -0,0 +1,20 @@ +--- +etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([]) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" + +lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" + +master_hosts: "{{ (groups['tag_host-type_master']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" + +node_hosts: "{{ (groups['tag_host-type_node']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" + +nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) + | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" + diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml index 07a9d9488..0c3f28175 100644 --- a/playbooks/openstack/openshift-cluster/config.yml +++ b/playbooks/openstack/openshift-cluster/config.yml @@ -4,18 +4,25 @@ connection: local vars_files: - vars.yml + - cluster_hosts.yml tasks: - set_fact: g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" + g_etcd_hosts: "{{ etcd_hosts }}" + g_lb_hosts: "{{ lb_hosts }}" + g_master_hosts: "{{ master_hosts }}" + g_node_hosts: "{{ node_hosts }}" + g_nfs_hosts: "{{ nfs_hosts }}" + - include: ../../common/openshift-cluster/config.yml vars: - g_etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_master_hosts: "{{ (groups['tag_host-type_master']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - g_node_hosts: "{{ (groups['tag_host-type_node']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" + g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" + g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" + g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" + g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" + g_nfs_hosts: "{{ hostvars.localhost.g_nfs_hosts }}" g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" openshift_cluster_id: "{{ cluster_id }}" diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index 876ca595a..f07ca684f 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -71,7 +71,7 @@ ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: 'tag_env_{{ cluster_id }}, tag_host-type_etcd, tag_sub-host-type_default' + groups: 'tag_environment_{{ cluster_env }}, tag_host-type_etcd, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' with_together: - parsed_outputs.etcd_names - parsed_outputs.etcd_ips @@ -83,7 +83,7 @@ ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: 'tag_env_{{ cluster_id }}, tag_host-type_master, tag_sub-host-type_default' + groups: 'tag_environment_{{ cluster_env }}, tag_host-type_master, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' with_together: - parsed_outputs.master_names - parsed_outputs.master_ips @@ -95,7 +95,7 @@ ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: 'tag_env_{{ cluster_id }}, tag_host-type_node, tag_sub-host-type_compute' + groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_compute, tag_clusterid_{{ cluster_id }}' with_together: - parsed_outputs.node_names - parsed_outputs.node_ips @@ -107,7 +107,7 @@ ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - groups: 'tag_env_{{ cluster_id }}, tag_host-type_node, tag_sub-host-type_infra' + groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_infra, tag_clusterid_{{ cluster_id }}' with_together: - parsed_outputs.infra_names - parsed_outputs.infra_ips diff --git a/playbooks/openstack/openshift-cluster/list.yml b/playbooks/openstack/openshift-cluster/list.yml index 436d3e6f7..123ebd323 100644 --- a/playbooks/openstack/openshift-cluster/list.yml +++ b/playbooks/openstack/openshift-cluster/list.yml @@ -7,7 +7,7 @@ vars_files: - vars.yml tasks: - - set_fact: scratch_group=tag_env_{{ cluster_id }} + - set_fact: scratch_group=tag_clusterid_{{ cluster_id }} when: cluster_id != '' - set_fact: scratch_group=all when: cluster_id == '' diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml index 2a7f04505..d0abe9fa5 100644 --- a/playbooks/openstack/openshift-cluster/terminate.yml +++ b/playbooks/openstack/openshift-cluster/terminate.yml @@ -6,13 +6,12 @@ vars_files: - vars.yml tasks: - - set_fact: cluster_group=tag_env_{{ cluster_id }} - add_host: name: "{{ item }}" groups: oo_hosts_to_terminate ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: groups[cluster_group] | default([]) + with_items: (groups['tag_environment_' ~ cluster_env]|default([])) | groups['tag_clusterid_' ~ cluster_id ] | default([]) - name: Unsubscribe VMs hosts: oo_hosts_to_terminate diff --git a/playbooks/openstack/openshift-cluster/update.yml b/playbooks/openstack/openshift-cluster/update.yml index 4ecf75a5d..8f1aaf08a 100644 --- a/playbooks/openstack/openshift-cluster/update.yml +++ b/playbooks/openstack/openshift-cluster/update.yml @@ -4,14 +4,9 @@ become: no connection: local gather_facts: no - vars: - g_etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) | intersect(groups['tag_env_' ~ cluster_id]) }}" - g_lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) | intersect(groups['tag_env_' ~ cluster_id]) }}" - g_master_hosts: "{{ (groups['tag_host-type_master']|default([])) | intersect(groups['tag_env_' ~ cluster_id]) }}" - g_node_hosts: "{{ (groups['tag_host-type_node']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" - vars_files: - vars.yml + - cluster_hosts.yml tasks: - name: Evaluate oo_hosts_to_update add_host: @@ -19,7 +14,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) | default([]) }}" + with_items: "{{ master_hosts | union(node_hosts) | union(etcd_hosts) | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml -- cgit v1.2.3 From 6b7727a76a368a518f4b0e16de1a2612e3bde045 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Mon, 4 Jan 2016 10:19:08 -0500 Subject: Fix typo in etcd service status fact. --- roles/etcd/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 663f6e537..e83cfc33c 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -104,4 +104,4 @@ register: start_result - set_fact: - etcd_service_status_changed = "{{ start_result | changed }}" + etcd_service_status_changed: "{{ start_result | changed }}" -- cgit v1.2.3 From 67b3fff8257072095ebdebfdfe5c429efea3a8d8 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 18 Dec 2015 14:01:34 -0500 Subject: Cleanup and fixes for cluster_id change - Move debug_level into vars.yml and byo inventory - change variables in cluster_hosts.yml to be g_* and update playbooks to use those values directly instead of setting them indirectly - added a new g_all_hosts entry in cluster_hosts to use in the update playbook instead of unioning all host types within the playbook - added a cluster_hosts.yml for the byo playbook --- inventory/byo/hosts.aep.example | 3 ++ inventory/byo/hosts.aep_quickstart | 20 ++++++++++++ inventory/byo/hosts.openstack | 37 ++++++++++++++++++++++ inventory/byo/hosts.origin.example | 3 ++ inventory/byo/hosts.ose.example | 3 ++ playbooks/aws/openshift-cluster/cluster_hosts.yml | 28 ++++++++-------- playbooks/aws/openshift-cluster/config.yml | 31 ++++-------------- playbooks/aws/openshift-cluster/scaleup.yml | 26 ++++----------- playbooks/aws/openshift-cluster/update.yml | 2 +- .../upgrades/v3_0_to_v3_1/upgrade.yml | 29 ++++------------- playbooks/aws/openshift-cluster/vars.yml | 1 + playbooks/byo/openshift-cluster/cluster_hosts.yml | 11 +++++++ playbooks/byo/openshift-cluster/config.yml | 9 ++---- playbooks/byo/openshift-cluster/scaleup.yml | 8 ++--- .../upgrades/v3_0_minor/upgrade.yml | 2 ++ .../upgrades/v3_0_to_v3_1/upgrade.yml | 2 ++ playbooks/gce/openshift-cluster/cluster_hosts.yml | 29 ++++++++--------- playbooks/gce/openshift-cluster/config.yml | 37 ++++------------------ playbooks/gce/openshift-cluster/update.yml | 4 +-- playbooks/gce/openshift-cluster/vars.yml | 3 +- .../libvirt/openshift-cluster/cluster_hosts.yml | 24 +++++++------- playbooks/libvirt/openshift-cluster/config.yml | 33 ++++--------------- playbooks/libvirt/openshift-cluster/update.yml | 4 +-- playbooks/libvirt/openshift-cluster/vars.yml | 1 + .../openstack/openshift-cluster/cluster_hosts.yml | 24 +++++++------- playbooks/openstack/openshift-cluster/config.yml | 34 +++++--------------- playbooks/openstack/openshift-cluster/update.yml | 4 +-- playbooks/openstack/openshift-cluster/vars.yml | 1 + 28 files changed, 194 insertions(+), 219 deletions(-) create mode 100644 inventory/byo/hosts.aep_quickstart create mode 100644 inventory/byo/hosts.openstack create mode 100644 playbooks/byo/openshift-cluster/cluster_hosts.yml diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index 33d15c89b..ef826e50e 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -18,6 +18,9 @@ ansible_ssh_user=root # user must be configured for passwordless sudo #ansible_sudo=true +# Debug level for all Atomic Enterprise components (Defaults to 2) +debug_level=2 + # deployment type valid values are origin, online, atomic-enterprise, and openshift-enterprise deployment_type=atomic-enterprise diff --git a/inventory/byo/hosts.aep_quickstart b/inventory/byo/hosts.aep_quickstart new file mode 100644 index 000000000..46ea3a03f --- /dev/null +++ b/inventory/byo/hosts.aep_quickstart @@ -0,0 +1,20 @@ +[OSEv3:children] +masters +nodes +etcd +lb + +[OSEv3:vars] +ansible_ssh_user=root +deployment_type=atomic-enterprise +osm_use_cockpit=true + +[masters] +ose3-master.example.com + +[nodes] +ose3-master.example.com openshift_scheduleable=True + +[etcd] + +[lb] diff --git a/inventory/byo/hosts.openstack b/inventory/byo/hosts.openstack new file mode 100644 index 000000000..05df75c2f --- /dev/null +++ b/inventory/byo/hosts.openstack @@ -0,0 +1,37 @@ +# This is an example of a bring your own (byo) host inventory + +# Create an OSEv3 group that contains the masters and nodes groups +[OSEv3:children] +masters +nodes +etcd +lb + +# Set variables common for all OSEv3 hosts +[OSEv3:vars] +ansible_ssh_user=cloud-user +ansible_sudo=true + +# Debug level for all OpenShift components (Defaults to 2) +debug_level=2 + +deployment_type=openshift-enterprise + +openshift_additional_repos=[{'id': 'ose-3.1', 'name': 'ose-3.1', 'baseurl': 'http://pulp.dist.prod.ext.phx2.redhat.com/content/dist/rhel/server/7/7Server/x86_64/ose/3.1/os', 'enabled': 1, 'gpgcheck': 0}] + +openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '{{ openshift.common.config_base }}/htpasswd'}] + +#openshift_pkg_version=-3.0.0.0 + +[masters] +jdetiber-master.usersys.redhat.com openshift_public_hostname="{{ inventory_hostname }}" openshift_hostname="{{ ansible_default_ipv4.address }}" + +[etcd] +jdetiber-etcd.usersys.redhat.com + +[lb] +#ose3-lb-ansible.test.example.com + +[nodes] +jdetiber-master.usersys.redhat.com openshift_public_hostname="{{ inventory_hostname }}" openshift_hostname="{{ ansible_default_ipv4.address }}" +jdetiber-node[1:2].usersys.redhat.com openshift_public_hostname="{{ inventory_hostname }}" openshift_hostname="{{ ansible_default_ipv4.address }}" openshift_node_labels="{'region': 'primary', 'zone': 'default'}" diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 2dff2694c..a21594dcf 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -19,6 +19,9 @@ ansible_ssh_user=root # user must be configured for passwordless sudo #ansible_sudo=true +# Debug level for all OpenShift components (Defaults to 2) +debug_level=2 + # deployment type valid values are origin, online, atomic-enterprise and openshift-enterprise deployment_type=origin diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 3e1ce8e2b..0fe8c7965 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -18,6 +18,9 @@ ansible_ssh_user=root # user must be configured for passwordless sudo #ansible_sudo=true +# Debug level for all OpenShift components (Defaults to 2) +debug_level=2 + # deployment type valid values are origin, online, atomic-enterprise, and openshift-enterprise deployment_type=openshift-enterprise diff --git a/playbooks/aws/openshift-cluster/cluster_hosts.yml b/playbooks/aws/openshift-cluster/cluster_hosts.yml index b7f8ac7b9..455b43510 100644 --- a/playbooks/aws/openshift-cluster/cluster_hosts.yml +++ b/playbooks/aws/openshift-cluster/cluster_hosts.yml @@ -1,20 +1,22 @@ --- -etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) - | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" +g_etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" -lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) - | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" +g_lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" -master_hosts: "{{ (groups['tag_host-type_master']|default([])) - | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" +g_master_hosts: "{{ (groups['tag_host-type_master']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" -node_hosts: "{{ (groups['tag_host-type_node']|default([])) - | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" +g_node_hosts: "{{ (groups['tag_host-type_node']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" -nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) +g_nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" +g_all_hosts: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) + | union(g_lb_hosts) | default([]) }}" diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml index 04d9ac6c8..abdb23d78 100644 --- a/playbooks/aws/openshift-cluster/config.yml +++ b/playbooks/aws/openshift-cluster/config.yml @@ -1,33 +1,14 @@ --- -- hosts: localhost - gather_facts: no - connection: local - become: no - vars_files: - - vars.yml - - cluster_hosts.yml - tasks: - - set_fact: - g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" - g_etcd_hosts: "{{ etcd_hosts }}" - g_master_hosts: "{{ master_hosts }}" - g_node_hosts: "{{ node_hosts }}" - g_lb_hosts: "{{ lb_hosts }}" - g_nfs_hosts: "{{ nfs_hosts }}" - - include: ../../common/openshift-cluster/config.yml + vars_files: + - ../../aws/openshift-cluster/vars.yml + - ../../aws/openshift-cluster/cluster_hosts.yml vars: - g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" - g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" - g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" - g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" - g_nfs_hosts: "{{ hostvars.localhost.g_nfs_hosts }}" - g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" - g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" + g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo: "{{ deployment_vars[deployment_type].sudo }}" g_nodeonmaster: true openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: 2 + openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" openshift_hostname: "{{ ec2_private_ip_address }}" openshift_public_hostname: "{{ ec2_ip_address }}" diff --git a/playbooks/aws/openshift-cluster/scaleup.yml b/playbooks/aws/openshift-cluster/scaleup.yml index feb5af9e6..c2135cd03 100644 --- a/playbooks/aws/openshift-cluster/scaleup.yml +++ b/playbooks/aws/openshift-cluster/scaleup.yml @@ -6,16 +6,7 @@ become: no vars_files: - vars.yml - - cluster_hosts.yml tasks: - - set_fact: - g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" - g_etcd_hosts: "{{ etcd_hosts }}" - g_master_hosts: "{{ master_hosts }}" - g_node_hosts: "{{ node_hosts }}" - g_lb_hosts: "{{ lb_hosts }}" - - name: Evaluate oo_hosts_to_update add_host: name: "{{ item }}" @@ -27,21 +18,16 @@ - include: ../../common/openshift-cluster/update_repos_and_packages.yml - include: ../../common/openshift-cluster/scaleup.yml + vars_files: + - ../../aws/openshift-cluster/vars.yml + - ../../aws/openshift-cluster/cluster_hosts.yml vars: - g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" - g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" - g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" - g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" - g_etcd_hosts: "{{ etcd_hosts }}" - g_lb_hosts: "{{ lb_hosts }}" - g_master_hosts: "{{ master_hosts }}" - g_node_hosts: "{{ node_hosts }}" g_new_node_hosts: "{{ groups.nodes_to_add }}" - g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" - g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" + g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo: "{{ deployment_vars[deployment_type].sudo }}" g_nodeonmaster: true openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: 2 + openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" openshift_hostname: "{{ ec2_private_ip_address }}" openshift_public_hostname: "{{ ec2_ip_address }}" diff --git a/playbooks/aws/openshift-cluster/update.yml b/playbooks/aws/openshift-cluster/update.yml index caa0c1a2f..32bab76b5 100644 --- a/playbooks/aws/openshift-cluster/update.yml +++ b/playbooks/aws/openshift-cluster/update.yml @@ -14,7 +14,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ master_hosts | union(node_hosts) | union(etcd_hosts) | default([]) }}" + with_items: "{{ g_all_hosts | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 1534d9742..231356798 100644 --- a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -2,33 +2,16 @@ # This playbook upgrades an existing AWS cluster, leaving nodes untouched if used with an 'online' deployment type. # Usage: # ansible-playbook playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml -e deployment_type=online -e cluster_id= -- hosts: localhost - gather_facts: no - vars_files: - - ../../vars.yml - - "../../vars.{{ deployment_type }}.{{ cluster_id }}.yml" - - ../../cluster_hosts.yml - - tasks: - - set_fact: - g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" - g_etcd_hosts: "{{ etcd_hosts }}" - g_master_hosts: "{{ master_hosts }}" - g_node_hosts: "{{ node_hosts }}" - g_lb_hosts: "{{ lb_hosts }}" - - include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml + vars_files: + - ../../../../aws/openshift-cluster/vars.yml + - ../../../../aws/openshift-cluster/cluster_hosts.yml vars: - g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" - g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" - g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" - g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" - g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" - g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" + g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo: "{{ deployment_vars[deployment_type].sudo }}" g_nodeonmaster: true openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: 2 + openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" openshift_hostname: "{{ ec2_private_ip_address }}" openshift_public_hostname: "{{ ec2_ip_address }}" diff --git a/playbooks/aws/openshift-cluster/vars.yml b/playbooks/aws/openshift-cluster/vars.yml index 95bc4b3e2..452c90d6a 100644 --- a/playbooks/aws/openshift-cluster/vars.yml +++ b/playbooks/aws/openshift-cluster/vars.yml @@ -1,4 +1,5 @@ --- +debug_level: 2 deployment_vars: origin: # centos-7, requires marketplace diff --git a/playbooks/byo/openshift-cluster/cluster_hosts.yml b/playbooks/byo/openshift-cluster/cluster_hosts.yml new file mode 100644 index 000000000..1b2b7bff0 --- /dev/null +++ b/playbooks/byo/openshift-cluster/cluster_hosts.yml @@ -0,0 +1,11 @@ +--- +g_etcd_hosts: "{{ groups.etcd | default([]) }}" + +g_lb_hosts: "{{ groups.lb | default([]) }}" + +g_master_hosts: "{{ groups.master | default([]) }}" + +g_node_hosts: "{{ groups.node | default([]) }}" + +g_all_hosts: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) + | union(g_lb_hosts) | default([]) }}" diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index eecf95994..5887b3208 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -1,11 +1,8 @@ --- - include: ../../common/openshift-cluster/config.yml + vars_files: + - ../../byo/openshift-cluster/cluster_hosts.yml vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" - g_nfs_hosts: "{{ groups.nfs | default([]) }}" - g_node_hosts: "{{ groups.nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_debug_level: 2 + openshift_debug_level: "{{ debug_level | default(2) }}" openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-cluster/scaleup.yml b/playbooks/byo/openshift-cluster/scaleup.yml index 8f8ef6f21..1702690f6 100644 --- a/playbooks/byo/openshift-cluster/scaleup.yml +++ b/playbooks/byo/openshift-cluster/scaleup.yml @@ -1,10 +1,8 @@ --- - include: ../../common/openshift-cluster/scaleup.yml + vars_files: + - ../../byo/openshift-cluster/cluster_hosts.yml vars: - g_etcd_hosts: "{{ groups.etcd | default([]) }}" - g_master_hosts: "{{ groups.masters | default([]) }}" - g_new_node_hosts: "{{ groups.new_nodes | default([]) }}" - g_lb_hosts: "{{ groups.lb | default([]) }}" openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_debug_level: 2 + openshift_debug_level: "{{ debug_level | default(2) }}" openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml index c3358eb4b..58c04d41d 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml @@ -1,5 +1,7 @@ --- - include: ../../../../common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml + vars_files: + - ../../../../byo/openshift-cluster/cluster_hosts.yml vars: g_etcd_hosts: "{{ groups.etcd | default([]) }}" g_master_hosts: "{{ groups.masters | default([]) }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 960c00087..2f9e8dc7a 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -1,5 +1,7 @@ --- - include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml + vars_files: + - ../../../../byo/openshift-cluster/cluster_hosts.yml vars: g_etcd_hosts: "{{ groups.etcd | default([]) }}" g_master_hosts: "{{ groups.masters | default([]) }}" diff --git a/playbooks/gce/openshift-cluster/cluster_hosts.yml b/playbooks/gce/openshift-cluster/cluster_hosts.yml index 6ccfe0e67..bea3d0e55 100644 --- a/playbooks/gce/openshift-cluster/cluster_hosts.yml +++ b/playbooks/gce/openshift-cluster/cluster_hosts.yml @@ -1,20 +1,19 @@ --- -etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) - | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" +g_etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" -lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) - | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" +g_lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" -master_hosts: "{{ (groups['tag_host-type-master']|default([])) - | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" +g_master_hosts: "{{ (groups['tag_host-type-master']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" -node_hosts: "{{ (groups['tag_host-type-node']|default([])) - | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" - -nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) - | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" +g_node_hosts: "{{ (groups['tag_host-type-node']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" +g_all_hosts: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) + | union(g_lb_hosts) | default([]) }}" diff --git a/playbooks/gce/openshift-cluster/config.yml b/playbooks/gce/openshift-cluster/config.yml index 43da60ccd..3231ecc8e 100644 --- a/playbooks/gce/openshift-cluster/config.yml +++ b/playbooks/gce/openshift-cluster/config.yml @@ -1,39 +1,16 @@ --- # TODO: fix firewall related bug with GCE and origin, since GCE is overriding # /etc/sysconfig/iptables - -- hosts: localhost - gather_facts: no - connection: local - become: no - vars_files: - - vars.yml - - cluster_hosts.yml - tasks: - - set_fact: - g_etcd_hosts: "{{ etcd_hosts }}" - g_master_hosts: "{{ master_hosts }}" - g_node_hosts: "{{ node_hosts }}" - g_lb_hosts: "{{ lb_hosts }}" - g_nfs_hosts: "{{ nfs_hosts }}" - g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" - use_sdn: "{{ do_we_use_openshift_sdn }}" - sdn_plugin: "{{ sdn_network_plugin }}" - - include: ../../common/openshift-cluster/config.yml + vars_files: + - ../../gce/openshift-cluster/vars.yml + - ../../gce/openshift-cluster/cluster_hosts.yml vars: - g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" - g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" - g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" - g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" - g_nfs_hosts: "{{ hostvars.localhost.g_nfs_hosts }}" - g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" - g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" + g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo: "{{ deployment_vars[deployment_type].sudo }}" g_nodeonmaster: true openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: 2 + openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" openshift_hostname: "{{ gce_private_ip }}" - openshift_use_openshift_sdn: "{{ hostvars.localhost.use_sdn }}" - os_sdn_network_plugin_name: "{{ hostvars.localhost.sdn_plugin }}" + openshift_use_openshift_sdn: "{{ do_we_use_openshift_sdn }}" diff --git a/playbooks/gce/openshift-cluster/update.yml b/playbooks/gce/openshift-cluster/update.yml index 6313d0b95..dadceae58 100644 --- a/playbooks/gce/openshift-cluster/update.yml +++ b/playbooks/gce/openshift-cluster/update.yml @@ -1,8 +1,8 @@ --- - name: Populate oo_hosts_to_update group hosts: localhost - become: no connection: local + become: no gather_facts: no vars_files: - vars.yml @@ -14,7 +14,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user | default(ansible_ssh_user, true) }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ master_hosts | union(node_hosts) | union(etcd_hosts) | default([]) }}" + with_items: "{{ g_all_hosts | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/gce/openshift-cluster/vars.yml b/playbooks/gce/openshift-cluster/vars.yml index a8ce8eb22..bdb39923e 100644 --- a/playbooks/gce/openshift-cluster/vars.yml +++ b/playbooks/gce/openshift-cluster/vars.yml @@ -1,6 +1,7 @@ --- do_we_use_openshift_sdn: true -sdn_network_plugin: redhat/openshift-ovs-subnet +sdn_network_plugin: redhat/openshift-ovs-subnet +debug_level: 2 # os_sdn_network_plugin_name can be ovssubnet or multitenant, see https://docs.openshift.org/latest/architecture/additional_concepts/sdn.html#ovssubnet-plugin-operation deployment_vars: origin: diff --git a/playbooks/libvirt/openshift-cluster/cluster_hosts.yml b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml index f87c222fb..ddb872263 100644 --- a/playbooks/libvirt/openshift-cluster/cluster_hosts.yml +++ b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml @@ -1,20 +1,22 @@ --- -etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) - | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" +g_etcd_hosts: "{{ (groups['tag_host-type-etcd']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" -lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) - | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" +g_lb_hosts: "{{ (groups['tag_host-type-lb']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" -master_hosts: "{{ (groups['tag_host-type-master']|default([])) - | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" +g_master_hosts: "{{ (groups['tag_host-type-master']|default([])) + | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" -node_hosts: "{{ (groups['tag_host-type-node']|default([])) +g_node_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" -nfs_hosts: "{{ (groups['tag_host-type-node']|default([])) +g_nfs_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" +g_all_hosts: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) + | union(g_lb_hosts) | default([]) }}" diff --git a/playbooks/libvirt/openshift-cluster/config.yml b/playbooks/libvirt/openshift-cluster/config.yml index 8a7320d2f..be9cbbfaa 100644 --- a/playbooks/libvirt/openshift-cluster/config.yml +++ b/playbooks/libvirt/openshift-cluster/config.yml @@ -2,33 +2,14 @@ # TODO: need to figure out a plan for setting hostname, currently the default # is localhost, so no hostname value (or public_hostname) value is getting # assigned - -- hosts: localhost - gather_facts: no - become: no - connection: local - vars_files: - - vars.yml - - cluster_hosts.yml - tasks: - - set_fact: - g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" - g_etcd_hosts: "{{ etcd_hosts }}" - g_master_hosts: "{{ master_hosts }}" - g_node_hosts: "{{ node_hosts }}" - g_lb_hosts: "{{ lb_hosts }}" - g_nfs_hosts: "{{ nfs_hosts }}" - - include: ../../common/openshift-cluster/config.yml + vars_files: + - ../../libvirt/openshift-cluster/vars.yml + - ../../libvirt/openshift-cluster/cluster_hosts.yml vars: - g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" - g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" - g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" - g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" - g_nfs_hosts: "{{ hostvars.localhost.g_nfs_hosts }}" - g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" - g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" + g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo: "{{ deployment_vars[deployment_type].sudo }}" + g_nodeonmaster: true openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: 2 + openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/libvirt/openshift-cluster/update.yml b/playbooks/libvirt/openshift-cluster/update.yml index 8876d32be..2dc540978 100644 --- a/playbooks/libvirt/openshift-cluster/update.yml +++ b/playbooks/libvirt/openshift-cluster/update.yml @@ -1,8 +1,8 @@ --- - name: Populate oo_hosts_to_update group hosts: localhost - become: no connection: local + become: no gather_facts: no vars_files: - vars.yml @@ -14,7 +14,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ master_hosts | union(node_hosts) | union(etcd_hosts) | default([]) }}" + with_items: "{{ g_all_hosts | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/libvirt/openshift-cluster/vars.yml b/playbooks/libvirt/openshift-cluster/vars.yml index 67cfbcdb8..8b170f99e 100644 --- a/playbooks/libvirt/openshift-cluster/vars.yml +++ b/playbooks/libvirt/openshift-cluster/vars.yml @@ -3,6 +3,7 @@ libvirt_storage_pool_path: "{{ lookup('env','HOME') }}/libvirt-storage-pool-open libvirt_storage_pool: 'openshift-ansible' libvirt_network: openshift-ansible libvirt_uri: 'qemu:///system' +debug_level: 2 deployment_vars: origin: diff --git a/playbooks/openstack/openshift-cluster/cluster_hosts.yml b/playbooks/openstack/openshift-cluster/cluster_hosts.yml index 80c0e218f..15712bbde 100644 --- a/playbooks/openstack/openshift-cluster/cluster_hosts.yml +++ b/playbooks/openstack/openshift-cluster/cluster_hosts.yml @@ -1,20 +1,22 @@ --- -etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([]) - | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" +g_etcd_hosts: "{{ (groups['tag_host-type_etcd']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" -lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) - | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" +g_lb_hosts: "{{ (groups['tag_host-type_lb']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" -master_hosts: "{{ (groups['tag_host-type_master']|default([])) - | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) - | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" +g_master_hosts: "{{ (groups['tag_host-type_master']|default([])) + | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) + | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" -node_hosts: "{{ (groups['tag_host-type_node']|default([])) +g_node_hosts: "{{ (groups['tag_host-type_node']|default([])) | intersect((groups['tag_clusterid_' ~ cluster_id]|default([]))) | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" -nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) +g_nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" +g_all_hosts: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) + | union(g_lb_hosts) | default([]) }}" diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml index 0c3f28175..b338d2eb4 100644 --- a/playbooks/openstack/openshift-cluster/config.yml +++ b/playbooks/openstack/openshift-cluster/config.yml @@ -1,31 +1,13 @@ -- hosts: localhost - gather_facts: no - become: no - connection: local - vars_files: - - vars.yml - - cluster_hosts.yml - tasks: - - set_fact: - g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" - g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" - g_etcd_hosts: "{{ etcd_hosts }}" - g_lb_hosts: "{{ lb_hosts }}" - g_master_hosts: "{{ master_hosts }}" - g_node_hosts: "{{ node_hosts }}" - g_nfs_hosts: "{{ nfs_hosts }}" - - +--- - include: ../../common/openshift-cluster/config.yml + vars_files: + - ../../openstack/openshift-cluster/vars.yml + - ../../openstack/openshift-cluster/cluster_hosts.yml vars: - g_etcd_hosts: "{{ hostvars.localhost.g_etcd_hosts }}" - g_lb_hosts: "{{ hostvars.localhost.g_lb_hosts }}" - g_master_hosts: "{{ hostvars.localhost.g_master_hosts }}" - g_node_hosts: "{{ hostvars.localhost.g_node_hosts }}" - g_nfs_hosts: "{{ hostvars.localhost.g_nfs_hosts }}" - g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" - g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" + g_nodeonmaster: true + g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo: "{{ deployment_vars[deployment_type].sudo }}" openshift_cluster_id: "{{ cluster_id }}" - openshift_debug_level: 2 + openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" openshift_hostname: "{{ ansible_default_ipv4.address }}" diff --git a/playbooks/openstack/openshift-cluster/update.yml b/playbooks/openstack/openshift-cluster/update.yml index 8f1aaf08a..2dc540978 100644 --- a/playbooks/openstack/openshift-cluster/update.yml +++ b/playbooks/openstack/openshift-cluster/update.yml @@ -1,8 +1,8 @@ --- - name: Populate oo_hosts_to_update group hosts: localhost - become: no connection: local + become: no gather_facts: no vars_files: - vars.yml @@ -14,7 +14,7 @@ groups: oo_hosts_to_update ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: "{{ master_hosts | union(node_hosts) | union(etcd_hosts) | default([]) }}" + with_items: "{{ g_all_hosts | default([]) }}" - include: ../../common/openshift-cluster/update_repos_and_packages.yml diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml index e3796c91f..f8d15999e 100644 --- a/playbooks/openstack/openshift-cluster/vars.yml +++ b/playbooks/openstack/openshift-cluster/vars.yml @@ -1,4 +1,5 @@ --- +debug_level: 2 openstack_infra_heat_stack: "{{ lookup('oo_option', 'infra_heat_stack' ) | default('files/heat_stack.yaml', True) }}" openstack_network_cidr: "{{ lookup('oo_option', 'net_cidr' ) | -- cgit v1.2.3 From da8165469a43dc3bf43b2024a76edcd04be0bb81 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 18 Dec 2015 14:35:35 -0500 Subject: Fix error in byo cluster_hosts.yml --- playbooks/aws/openshift-cluster/cluster_hosts.yml | 2 +- playbooks/byo/openshift-cluster/cluster_hosts.yml | 6 ++++-- playbooks/gce/openshift-cluster/cluster_hosts.yml | 3 +++ playbooks/libvirt/openshift-cluster/cluster_hosts.yml | 2 +- playbooks/openstack/openshift-cluster/cluster_hosts.yml | 2 +- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/playbooks/aws/openshift-cluster/cluster_hosts.yml b/playbooks/aws/openshift-cluster/cluster_hosts.yml index 455b43510..d6b413c6f 100644 --- a/playbooks/aws/openshift-cluster/cluster_hosts.yml +++ b/playbooks/aws/openshift-cluster/cluster_hosts.yml @@ -16,7 +16,7 @@ g_node_hosts: "{{ (groups['tag_host-type_node']|default([])) | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" g_nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) - | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" + | intersect((groups['tag_environment_' ~ cluster_id]|default([]))) }}" g_all_hosts: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) | union(g_lb_hosts) | default([]) }}" diff --git a/playbooks/byo/openshift-cluster/cluster_hosts.yml b/playbooks/byo/openshift-cluster/cluster_hosts.yml index 1b2b7bff0..e093b2580 100644 --- a/playbooks/byo/openshift-cluster/cluster_hosts.yml +++ b/playbooks/byo/openshift-cluster/cluster_hosts.yml @@ -3,9 +3,11 @@ g_etcd_hosts: "{{ groups.etcd | default([]) }}" g_lb_hosts: "{{ groups.lb | default([]) }}" -g_master_hosts: "{{ groups.master | default([]) }}" +g_master_hosts: "{{ groups.masters | default([]) }}" -g_node_hosts: "{{ groups.node | default([]) }}" +g_node_hosts: "{{ groups.nodes | default([]) }}" + +g_nfs_hosts: "{{ groups.nfs | default([]) }}" g_all_hosts: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) | union(g_lb_hosts) | default([]) }}" diff --git a/playbooks/gce/openshift-cluster/cluster_hosts.yml b/playbooks/gce/openshift-cluster/cluster_hosts.yml index bea3d0e55..2bfcedfc9 100644 --- a/playbooks/gce/openshift-cluster/cluster_hosts.yml +++ b/playbooks/gce/openshift-cluster/cluster_hosts.yml @@ -15,5 +15,8 @@ g_node_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_clusterid-' ~ cluster_id]|default([]))) | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" +g_nfs_hosts: "{{ (groups['tag_host-type-nfs']|default([])) + | intersect((groups['tag_environment-' ~ cluster_id]|default([]))) }}" + g_all_hosts: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) | union(g_lb_hosts) | default([]) }}" diff --git a/playbooks/libvirt/openshift-cluster/cluster_hosts.yml b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml index ddb872263..198a3e4e2 100644 --- a/playbooks/libvirt/openshift-cluster/cluster_hosts.yml +++ b/playbooks/libvirt/openshift-cluster/cluster_hosts.yml @@ -16,7 +16,7 @@ g_node_hosts: "{{ (groups['tag_host-type-node']|default([])) | intersect((groups['tag_environment-' ~ cluster_env]|default([]))) }}" g_nfs_hosts: "{{ (groups['tag_host-type-node']|default([])) - | intersect((groups['tag_env-' ~ cluster_id]|default([]))) }}" + | intersect((groups['tag_environment-' ~ cluster_id]|default([]))) }}" g_all_hosts: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) | union(g_lb_hosts) | default([]) }}" diff --git a/playbooks/openstack/openshift-cluster/cluster_hosts.yml b/playbooks/openstack/openshift-cluster/cluster_hosts.yml index 15712bbde..bc586d983 100644 --- a/playbooks/openstack/openshift-cluster/cluster_hosts.yml +++ b/playbooks/openstack/openshift-cluster/cluster_hosts.yml @@ -16,7 +16,7 @@ g_node_hosts: "{{ (groups['tag_host-type_node']|default([])) | intersect((groups['tag_environment_' ~ cluster_env]|default([]))) }}" g_nfs_hosts: "{{ (groups['tag_host-type_nfs']|default([])) - | intersect((groups['tag_env_' ~ cluster_id]|default([]))) }}" + | intersect((groups['tag_environment_' ~ cluster_id]|default([]))) }}" g_all_hosts: "{{ g_master_hosts | union(g_node_hosts) | union(g_etcd_hosts) | union(g_lb_hosts) | default([]) }}" -- cgit v1.2.3 From 84df9c01fdcb08875aec32d01efde2a0f7983c64 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Mon, 4 Jan 2016 13:43:12 -0500 Subject: Fix osm_controller_args and osm_api_server_args settings. --- inventory/byo/hosts.aep.example | 6 ++++++ inventory/byo/hosts.origin.example | 6 ++++++ inventory/byo/hosts.ose.example | 6 ++++++ roles/openshift_master/templates/master.yaml.v1.j2 | 4 ++-- 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index e7e7aedfd..019984b83 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -99,6 +99,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default controller lease ttl #osm_controller_lease_ttl=30 +# Configure controller arguments +#osm_controller_args={'resource-quota-sync-period': ['10s']} + +# Configure api server arguments +#osm_api_server_args={'max-requests-inflight': ['400']} + # default subdomain to use for exposed routes #osm_default_subdomain=apps.test.example.com diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index ae9c94f04..b940523cf 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -104,6 +104,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default controller lease ttl #osm_controller_lease_ttl=30 +# Configure controller arguments +#osm_controller_args={'resource-quota-sync-period': ['10s']} + +# Configure api server arguments +#osm_api_server_args={'max-requests-inflight': ['400']} + # default subdomain to use for exposed routes #osm_default_subdomain=apps.test.example.com diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 54864d195..152a451bf 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -99,6 +99,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default controller lease ttl #osm_controller_lease_ttl=30 +# Configure controller arguments +#osm_controller_args={'resource-quota-sync-period': ['10s']} + +# Configure api server arguments +#osm_api_server_args={'max-requests-inflight': ['400']} + # default subdomain to use for exposed routes #osm_default_subdomain=apps.test.example.com diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 5f73461d4..317049c44 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -87,8 +87,8 @@ kubernetesMasterConfig: - v1beta3 - v1 {% endif %} - apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }} - controllerArguments: {{ controller_args if controller_args is defined else 'null' }} + apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_json }} + controllerArguments: {{ openshift.master.controller_args | default(None) | to_json }} masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }} masterIP: {{ openshift.common.ip }} podEvictionTimeout: "" -- cgit v1.2.3 From b647b5c07f3811e136f7e3bd8b4a7811c50e8a9e Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Mon, 4 Jan 2016 17:30:10 -0500 Subject: I believe the ami id changed since the initial documentation was created for AWS deployment --- playbooks/aws/openshift-cluster/vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/aws/openshift-cluster/vars.yml b/playbooks/aws/openshift-cluster/vars.yml index 452c90d6a..c8ee9bad4 100644 --- a/playbooks/aws/openshift-cluster/vars.yml +++ b/playbooks/aws/openshift-cluster/vars.yml @@ -3,7 +3,7 @@ debug_level: 2 deployment_vars: origin: # centos-7, requires marketplace - image: ami-96a818fe + image: ami-61bbf104 image_name: region: us-east-1 ssh_user: centos -- cgit v1.2.3 From 1aaebc8c5145590af1fd9c3b3a8ce268994b8d89 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Tue, 5 Jan 2016 08:41:51 -0500 Subject: Automatic commit of package [openshift-ansible] release [3.0.21-1]. --- .tito/packages/openshift-ansible | 2 +- openshift-ansible.spec | 77 +++++++++++++++++++++++++++++++++++++++- 2 files changed, 77 insertions(+), 2 deletions(-) diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 3cc7946d7..2f7416283 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.20-1 ./ +3.0.21-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 563ea3cae..59650bba9 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.20 +Version: 3.0.21 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -259,6 +259,81 @@ Atomic OpenShift Utilities includes %changelog +* Tue Jan 05 2016 Brenton Leanhardt 3.0.21-1 +- Fix osm_controller_args and osm_api_server_args settings. + (abutcher@redhat.com) +- Fix error in byo cluster_hosts.yml (jdetiber@redhat.com) +- Cleanup and fixes for cluster_id change (jdetiber@redhat.com) +- Fix typo in etcd service status fact. (abutcher@redhat.com) +- Removing environment and env tags. (kwoodson@redhat.com) +- Add node kubelet args to inventory examples. (abutcher@redhat.com) +- Adding ManageIQ service account by default (efreiber@redhat.com) +- Fixes typo assigning docker_service_status_changed which leads to + misinterpretation in handler. (eric.mountain@amadeus.com) +- Fix restart handlers. (abutcher@redhat.com) +- Remove lb from docker hosts. (abutcher@redhat.com) +- Install iptables, iptables-services when not is_aotmic (sdodson@redhat.com) +- Install all xpaas streams when enabled (sdodson@redhat.com) +- add the necessary URLs for logging and metrics + (git001@users.noreply.github.com) +- Link to Tito Home Page is Broken (lloy0076@adam.com.au) +- Conditionalize for 3.1.1/1.1.1 (abutcher@redhat.com) +- Use notify for workaround controllers unit. (abutcher@redhat.com) +- change dns triggers to average (jdiaz@redhat.com) +- add item/trigger for dns tests on all currently running containers + (jdiaz@redhat.com) +- Add jboss-fuse/application-templates/fis-image-streams.json + (sdodson@redhat.com) +- atomic-openshift-installer: Fix broken nosetest (smunilla@redhat.com) +- Update from jboss-openshift/application-templates ose-v1.2.0-1 + (sdodson@redhat.com) +- fix logic to tolerate occasional failures (jdiaz@redhat.com) +- Clean up versions.sh (sdodson@redhat.com) +- change ovs mount to /var/run/openvswitch will not require a container restart + if openvswitch service is restarted (jdiaz@redhat.com) +- split zagg.server.processor.errors into separate heartbeat and metrics error + items (needed since the scripts are split now). (twiest@redhat.com) +- quick installer tests (smunilla@redhat.com) +- atomic-openshift-installer: Remove HA hint for 3.0 install + (smunilla@redhat.com) +- Add some guards to wait for images to be pulled before moving on + (sdodson@redhat.com) +- Install httpd-tools when not is_atomic (sdodson@redhat.com) +- Properly set use_flannel fact (sbaubeau@redhat.com) +- Fix containerized variable (sdodson@redhat.com) +- Skip yum/dnf ops when is_containerized (sdodson@redhat.com) +- Move all docker config into openshift_docker to minimize docker restarts + (sdodson@redhat.com) +- Create nfs host group with registry volume attachment. (abutcher@redhat.com) +- Add openshift_cli role (sdodson@redhat.com) +- pull docker images only if not already present (jdetiber@redhat.com) +- fixes (jdetiber@redhat.com) +- Containerization work by @sdodson (sdodson@redhat.com) +- Initial containerization work from @ibotty (tob@butter.sh) +- Add zabbix values to track docker container DNS results (jdiaz@redhat.com) +- Fix registry modification for new deployment types. (dgoodwin@redhat.com) +- Updates to ohi to pull cache if specified. Also require version + (kwoodson@redhat.com) +- Zabbix: added trigger to monitor app create over the last hour + (mwoodson@redhat.com) +- added 'Template Zagg Server' (twiest@redhat.com) +- Fixes typo when setting facts to record whether master/node has been + restarted already, to decide whether notify handler should do so or not. + Currently, this causes random SDN network setup failures as openshift-node + gets restarted while the setup script is running, and the subsequent start + fails to configure the SDN because it thinks it's already done. + (eric.mountain@amadeus.com) +- Change controllers service type to simple. (abutcher@redhat.com) +- Updating env-host-type to host patterns (kwoodson@redhat.com) +- Add note that Fedora 23+ is acceptable deployment target for origin + (admiller@redhat.com) +- Enforce connection: local and become: no on all localhost plays + (jdetiber@redhat.com) +- Use join for the uncompress command. (jsteffan@fedoraproject.org) +- Update for latest CentOS-7-x86_64-GenericCloud. - Use xz compressed image - + Update sha256 for new image - Update docs to reflect new settings + (jsteffan@fedoraproject.org) + * Thu Dec 10 2015 Thomas Wiest 3.0.20-1 - Revert "Automatic commit of package [openshift-ansible] release [3.0.20-1]." (twiest@redhat.com) -- cgit v1.2.3 From 1fb688aff6dbd98e454e684f8c6735bd195ae360 Mon Sep 17 00:00:00 2001 From: Donovan Muller Date: Tue, 5 Jan 2016 13:11:40 +0200 Subject: Group name as per hosts.origin.example The example inventory file does not currently work and fails with: PLAY [Gather Cluster facts] *************************************************** skipping: no hosts matched PLAY RECAP ******************************************************************** this is because the group name is actually OSEv3 (inline with https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.origin.example#L4) and not OSv3. Also added references to inventory/byo/hosts.[origin,ose,aep].example for more complete examples. --- README_AEP.md | 2 ++ README_OSE.md | 2 ++ README_origin.md | 6 ++++-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/README_AEP.md b/README_AEP.md index 83e575ebe..584a7afff 100644 --- a/README_AEP.md +++ b/README_AEP.md @@ -98,6 +98,8 @@ aep3-node[1:2].example.com The hostnames above should resolve both from the hosts themselves and the host where ansible is running (if different). +A more complete example inventory file ([hosts.aep.example](https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.aep.example)) is available under the [`/inventory/byo`](https://github.com/openshift/openshift-ansible/tree/master/inventory/byo) directory. + ## Running the ansible playbooks From the openshift-ansible checkout run: ```sh diff --git a/README_OSE.md b/README_OSE.md index 524950d51..66fba33e5 100644 --- a/README_OSE.md +++ b/README_OSE.md @@ -105,6 +105,8 @@ ose3-node[1:2].example.com The hostnames above should resolve both from the hosts themselves and the host where ansible is running (if different). +A more complete example inventory file ([hosts.ose.example](https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.ose.example)) is available under the [`/inventory/byo`](https://github.com/openshift/openshift-ansible/tree/master/inventory/byo) directory. + ## Running the ansible playbooks From the openshift-ansible checkout run: ```sh diff --git a/README_origin.md b/README_origin.md index 12e79791e..0387e213f 100644 --- a/README_origin.md +++ b/README_origin.md @@ -59,12 +59,12 @@ option to ansible-playbook. # This is an example of a bring your own (byo) host inventory # Create an OSEv3 group that contains the masters and nodes groups -[OSv3:children] +[OSEv3:children] masters nodes # Set variables common for all OSEv3 hosts -[OSv3:vars] +[OSEv3:vars] # SSH user, this user should allow ssh based auth without requiring a password ansible_ssh_user=root @@ -95,6 +95,8 @@ osv3-lb.example.com The hostnames above should resolve both from the hosts themselves and the host where ansible is running (if different). +A more complete example inventory file ([hosts.origin.example](https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.origin.example)) is available under the [`/inventory/byo`](https://github.com/openshift/openshift-ansible/tree/master/inventory/byo) directory. + ## Running the ansible playbooks From the openshift-ansible checkout run: ```sh -- cgit v1.2.3 From 459496be79723160b2ae6568bff298529584f40f Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 5 Jan 2016 11:41:00 -0500 Subject: Stop haproxy and remove package during uninstall. --- playbooks/adhoc/uninstall.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 55df78a3f..ac20f5f9b 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -40,6 +40,7 @@ - atomic-openshift-master-controllers - atomic-openshift-node - etcd + - haproxy - openshift-master - openshift-master-api - openshift-master-controllers @@ -67,6 +68,7 @@ - atomic-openshift-sdn-ovs - corosync - etcd + - haproxy - openshift - openshift-master - openshift-node -- cgit v1.2.3 From f2f98cafd873dc8bb46d24631d043ddfc92812de Mon Sep 17 00:00:00 2001 From: Joel Diaz Date: Tue, 5 Jan 2016 16:41:17 -0500 Subject: playbook for restarting SDN --- playbooks/adhoc/sdn_restart/oo-sdn-restart.yml | 53 ++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100755 playbooks/adhoc/sdn_restart/oo-sdn-restart.yml diff --git a/playbooks/adhoc/sdn_restart/oo-sdn-restart.yml b/playbooks/adhoc/sdn_restart/oo-sdn-restart.yml new file mode 100755 index 000000000..0dc021fbc --- /dev/null +++ b/playbooks/adhoc/sdn_restart/oo-sdn-restart.yml @@ -0,0 +1,53 @@ +#!/usr/bin/ansible-playbook +--- +#example run: +# ansible-playbook -e "host=ops-node-compute-abcde" oo-sdn-restart.yml +# + +- name: Check vars + hosts: localhost + gather_facts: false + + pre_tasks: + - fail: + msg: "Playbook requires host to be set" + when: host is not defined or host == '' + +- name: Restart openshift/docker (and monitoring containers) + hosts: oo_version_3:&oo_name_{{ host }} + gather_facts: false + user: root + + tasks: + - name: stop openshift/docker + service: + name: "{{ item }}" + state: stopped + with_items: + - atomic-openshift-node + - docker + + - name: restart openvswitch + service: + name: openvswitch + state: restarted + + - name: wait 5 sec + pause: + seconds: 5 + + - name: start openshift/docker + service: + name: "{{ item }}" + state: started + with_items: + - atomic-openshift-node + - docker + + - name: start monitoring containers + service: + name: "{{ item }}" + state: restarted + with_items: + - oso-f22-host-monitoring + - oso-rhel7-zagg-client -- cgit v1.2.3 From 7b5228e668857f8efef5a2f8ee2c6cc2dc556577 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Tue, 5 Jan 2016 16:58:03 +0100 Subject: Fix RHN subscription by explicitly attaching to the right pool --- roles/rhel_subscribe/tasks/main.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml index 30c0920a1..c160ea4e9 100644 --- a/roles/rhel_subscribe/tasks/main.yml +++ b/roles/rhel_subscribe/tasks/main.yml @@ -4,6 +4,7 @@ # to make it able to enable repositories - set_fact: + rhel_subscription_pool: "{{ lookup('oo_option', 'rhel_subscription_pool') | default(rhsub_pool, True) | default('OpenShift Enterprise, Premium*', True) }}" rhel_subscription_user: "{{ lookup('oo_option', 'rhel_subscription_user') | default(rhsub_user, True) | default(omit, True) }}" rhel_subscription_pass: "{{ lookup('oo_option', 'rhel_subscription_pass') | default(rhsub_pass, True) | default(omit, True) }}" rhel_subscription_server: "{{ lookup('oo_option', 'rhel_subscription_server') | default(rhsub_server) }}" @@ -30,7 +31,14 @@ redhat_subscription: username: "{{ rhel_subscription_user }}" password: "{{ rhel_subscription_pass }}" - autosubscribe: yes + +- name: Retrieve the OpenShift Pool ID + command: subscription-manager list --available --matches="{{ rhel_subscription_pool }}" --pool-only + register: openshift_pool_id + changed_when: False + +- name: Attach to OpenShift Pool + command: subscription-manager subscribe --pool {{ openshift_pool_id.stdout_lines[0] }} - include: enterprise.yml when: deployment_type == 'enterprise' -- cgit v1.2.3 From fdb1b0c6b600e3fe91e48c812b66658e3d9dad68 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 5 Jan 2016 11:31:52 -0500 Subject: Fix multi-word arguments & cli wrapper stdin plumbing Fixes https://bugzilla.redhat.com/1295677 Fixes `echo "foo" | oc create -f -` --- roles/openshift_cli/templates/openshift.j2 | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/roles/openshift_cli/templates/openshift.j2 b/roles/openshift_cli/templates/openshift.j2 index cade4d1a7..d773e9b1c 100644 --- a/roles/openshift_cli/templates/openshift.j2 +++ b/roles/openshift_cli/templates/openshift.j2 @@ -6,11 +6,4 @@ cmd=`basename $0` user=`id -u` group=`id -g` -# docker can only split stderr and stdin when run without -t -# https://github.com/docker/docker/issues/725 -# ansible checks various streams DO NOT CROSS THE STREAMS -if [ -z $TERM ]; then - $t = '-it' -fi - -docker run ${t} -a STDERR -a STDOUT -a STDIN --privileged --net=host --user=${user}:${group} -v ~/.kube:/root/.kube -v /tmp:/tmp -v {{ openshift.common.config_base}}:{{ openshift.common.config_base }} -e KUBECONFIG=/root/.kube/config --entrypoint ${cmd} --rm {{ openshift.common.cli_image }} ${@} \ No newline at end of file +docker run -i -a STDERR -a STDOUT -a STDIN --privileged --net=host --user=${user}:${group} -v ~/.kube:/root/.kube -v /tmp:/tmp -v {{ openshift.common.config_base}}:{{ openshift.common.config_base }} -e KUBECONFIG=/root/.kube/config --entrypoint ${cmd} --rm {{ openshift.common.cli_image }} "${@}" -- cgit v1.2.3 From 220982cf741faebccfb066e822626c7a951735c3 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Wed, 6 Jan 2016 10:18:44 -0500 Subject: We can't enable manageiq for installations less than OSE 3.1 or Origin 1.1 This is because 'oadmn policy add-scc-to-user' didn't exist in 3.0 --- roles/openshift_facts/library/openshift_facts.py | 28 +++++++++++++++++++++++- roles/openshift_manageiq/tasks/main.yaml | 4 ++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 911a684fc..e7c1dca7c 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -715,6 +715,26 @@ def set_version_facts_if_unset(facts): return facts +def set_manageiq_facts_if_unset(facts): + """ Set manageiq facts. This currently includes common.use_manageiq. + + Args: + facts (dict): existing facts + Returns: + dict: the facts dict updated with version facts. + Raises: + OpenShiftFactsInternalError: + """ + if 'common' not in facts: + if 'version_greater_than_3_1_or_1_1' not in facts['common']: + raise OpenShiftFactsInternalError( + "Invalid invocation: The required facts are not set" + ) + + facts['common']['use_manageiq'] = facts['common']['version_greater_than_3_1_or_1_1'] + + return facts + def set_sdn_facts_if_unset(facts, system_facts): """ Set sdn facts if not already present in facts dict @@ -1021,6 +1041,11 @@ def set_container_facts_if_unset(facts): return facts +class OpenShiftFactsInternalError(Exception): + """Origin Facts Error""" + pass + + class OpenShiftFactsUnsupportedRoleError(Exception): """Origin Facts Unsupported Role Error""" pass @@ -1096,6 +1121,7 @@ class OpenShiftFacts(object): facts = set_sdn_facts_if_unset(facts, self.system_facts) facts = set_deployment_facts_if_unset(facts) facts = set_version_facts_if_unset(facts) + facts = set_manageiq_facts_if_unset(facts) facts = set_aggregate_facts(facts) facts = set_etcd_facts_if_unset(facts) facts = set_container_facts_if_unset(facts) @@ -1121,7 +1147,7 @@ class OpenShiftFacts(object): common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, deployment_type='origin', hostname=hostname, - public_hostname=hostname, use_manageiq=True) + public_hostname=hostname) common['client_binary'] = 'oc' common['admin_binary'] = 'oadm' common['dns_domain'] = 'cluster.local' diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index 2d3187e21..0357fc85a 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -1,4 +1,8 @@ --- +- fail: + msg: "The openshift_manageiq role requires OpenShift Enterprise 3.1 or Origin 1.1." + when: not openshift.common.version_greater_than_3_1_or_1_1 | bool + - name: Copy Configuration to temporary conf command: > cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{manage_iq_tmp_conf}} -- cgit v1.2.3 From 5b0543bda842f022289cae88a02498fa90d6a9a1 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 6 Jan 2016 09:54:44 -0500 Subject: Remove not is_containerized restriction on storage plugin includes. --- roles/openshift_node/tasks/storage_plugins/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml index d237c26ec..39c7b9390 100644 --- a/roles/openshift_node/tasks/storage_plugins/main.yml +++ b/roles/openshift_node/tasks/storage_plugins/main.yml @@ -3,12 +3,11 @@ # additional package dependencies - name: NFS storage plugin configuration include: nfs.yml - when: not openshift.common.is_containerized | bool - name: GlusterFS storage plugin configuration include: glusterfs.yml - when: "'glusterfs' in openshift.node.storage_plugin_deps and not openshift.common.is_containerized | bool " + when: "'glusterfs' in openshift.node.storage_plugin_deps" - name: Ceph storage plugin configuration include: ceph.yml - when: "'ceph' in openshift.node.storage_plugin_deps and not openshift.common.is_containerized | bool" + when: "'ceph' in openshift.node.storage_plugin_deps" -- cgit v1.2.3 From 1841c856a3f35c4ecf34c9fa6d7dce2cbeb411ce Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 6 Jan 2016 11:58:32 -0500 Subject: Automatic commit of package [openshift-ansible] release [3.0.22-1]. --- .tito/packages/openshift-ansible | 2 +- openshift-ansible.spec | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 2f7416283..082d9df3f 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.21-1 ./ +3.0.22-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 59650bba9..2678ffd56 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.21 +Version: 3.0.22 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -259,6 +259,13 @@ Atomic OpenShift Utilities includes %changelog +* Wed Jan 06 2016 Kenny Woodson 3.0.22-1 +- playbook for restarting SDN (jdiaz@redhat.com) +- Stop haproxy and remove package during uninstall. (abutcher@redhat.com) +- Group name as per hosts.origin.example (donovan.muller@gmail.com) +- I believe the ami id changed since the initial documentation was created for + AWS deployment (rcook@redhat.com) + * Tue Jan 05 2016 Brenton Leanhardt 3.0.21-1 - Fix osm_controller_args and osm_api_server_args settings. (abutcher@redhat.com) -- cgit v1.2.3 From 82db6897085a1278e6b982a403875ed8671190bb Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 6 Jan 2016 13:01:25 -0500 Subject: Move extra secret validations into openshift_facts. --- playbooks/common/openshift-master/config.yml | 9 --------- roles/openshift_facts/library/openshift_facts.py | 18 +++++++++++++++--- roles/openshift_master/tasks/main.yml | 10 ---------- 3 files changed, 15 insertions(+), 22 deletions(-) diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 0334a002e..a41f489ea 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -238,15 +238,6 @@ - name: Check for cached session secrets hosts: oo_first_master - pre_tasks: - - fail: - msg: > - Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set - when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined) - - fail: - msg: > - openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length - when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) roles: - role: openshift_facts post_tasks: diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 133de758f..9cebbcce1 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1259,9 +1259,8 @@ class OpenShiftFacts(object): if new_local_facts != local_facts: self.validate_local_facts(new_local_facts) - + changed = True if not module.check_mode: - changed = True save_local_facts(self.filename, new_local_facts) self.changed = changed @@ -1284,7 +1283,9 @@ class OpenShiftFacts(object): # disabling pylint errors for line-too-long since we're dealing # with best effort reduction of error messages here. - # pylint: disable=line-too-long + # disabling errors for too-many-branches since we require checking + # many conditions. + # pylint: disable=line-too-long, too-many-branches @staticmethod def validate_master_facts(facts, invalid_facts): """ Validate master facts @@ -1302,6 +1303,13 @@ class OpenShiftFacts(object): session_auth_secrets = facts['master']['session_auth_secrets'] if not issubclass(type(session_auth_secrets), list): invalid_facts['session_auth_secrets'] = 'Expects session_auth_secrets is a list.' + elif 'session_encryption_secrets' not in facts['master']: + invalid_facts['session_auth_secrets'] = ('openshift_master_session_encryption secrets must be set ' + 'if openshift_master_session_auth_secrets is provided.') + elif len(session_auth_secrets) != len(facts['master']['session_encryption_secrets']): + invalid_facts['session_auth_secrets'] = ('openshift_master_session_auth_secrets and ' + 'openshift_master_session_encryption_secrets must be ' + 'equal length.') else: for secret in session_auth_secrets: if len(secret) < 32: @@ -1312,6 +1320,10 @@ class OpenShiftFacts(object): session_encryption_secrets = facts['master']['session_encryption_secrets'] if not issubclass(type(session_encryption_secrets), list): invalid_facts['session_encryption_secrets'] = 'Expects session_encryption_secrets is a list.' + elif 'session_auth_secrets' not in facts['master']: + invalid_facts['session_encryption_secrets'] = ('openshift_master_session_auth_secrets must be ' + 'set if openshift_master_session_encryption_secrets ' + 'is provided.') else: for secret in session_encryption_secrets: if len(secret) not in [16, 24, 32]: diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index a3cddfd63..397122631 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -9,16 +9,6 @@ Invalid OAuth grant method: {{ openshift_master_oauth_grant_method }} when: openshift_master_oauth_grant_method is defined and openshift_master_oauth_grant_method not in openshift_master_valid_grant_methods -# Session Options Validation -- fail: - msg: > - Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set - when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined) -- fail: - msg: > - openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length - when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) - # HA Variable Validation - fail: msg: "openshift_master_cluster_method must be set to either 'native' or 'pacemaker' for multi-master installations" -- cgit v1.2.3 From 611159cc3ce834f546880e3bc65de2e708697598 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Wed, 6 Jan 2016 14:57:49 -0500 Subject: Setting relative paths in the upgrade playbooks wasn't working --- playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml | 4 ++-- playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml | 2 +- playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 231356798..11026e38d 100644 --- a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -4,8 +4,8 @@ # ansible-playbook playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml -e deployment_type=online -e cluster_id= - include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml vars_files: - - ../../../../aws/openshift-cluster/vars.yml - - ../../../../aws/openshift-cluster/cluster_hosts.yml + - "{{lookup('file', '../../../../aws/openshift-cluster/vars.yml')}}" + - "{{lookup('file', '../../../../aws/openshift-cluster/cluster_hosts.yml')}}" vars: g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" g_sudo: "{{ deployment_vars[deployment_type].sudo }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml index 58c04d41d..b52456dcd 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml @@ -1,7 +1,7 @@ --- - include: ../../../../common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml vars_files: - - ../../../../byo/openshift-cluster/cluster_hosts.yml + - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}" vars: g_etcd_hosts: "{{ groups.etcd | default([]) }}" g_master_hosts: "{{ groups.masters | default([]) }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 2f9e8dc7a..e07e2b88e 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -1,7 +1,7 @@ --- - include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml vars_files: - - ../../../../byo/openshift-cluster/cluster_hosts.yml + - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}" vars: g_etcd_hosts: "{{ groups.etcd | default([]) }}" g_master_hosts: "{{ groups.masters | default([]) }}" -- cgit v1.2.3 From fa6be30725aedec230f0fbb9ece657befa87e3a9 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Wed, 6 Jan 2016 16:49:23 -0500 Subject: Automatic commit of package [openshift-ansible] release [3.0.23-1]. --- .tito/packages/openshift-ansible | 2 +- openshift-ansible.spec | 14 +++++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 082d9df3f..6c26d815b 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.22-1 ./ +3.0.23-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 2678ffd56..66b7cfd2c 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.22 +Version: 3.0.23 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -259,6 +259,18 @@ Atomic OpenShift Utilities includes %changelog +* Wed Jan 06 2016 Brenton Leanhardt 3.0.23-1 +- Move extra secret validations into openshift_facts. (abutcher@redhat.com) +- Remove not is_containerized restriction on storage plugin includes. + (abutcher@redhat.com) +- We can't enable manageiq for installations less than OSE 3.1 or Origin 1.1 + (bleanhar@redhat.com) +- Fix RHN subscription by explicitly attaching to the right pool + (lhuard@amadeus.com) +- openshift_facts validation (abutcher@redhat.com) +- Secrets validation. (abutcher@redhat.com) +- Clean up idempotency issues with session secrets. (abutcher@redhat.com) + * Wed Jan 06 2016 Kenny Woodson 3.0.22-1 - playbook for restarting SDN (jdiaz@redhat.com) - Stop haproxy and remove package during uninstall. (abutcher@redhat.com) -- cgit v1.2.3 From e3e4f985a28f0c9ad175b671674b3b1e185479c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Wed, 6 Jan 2016 15:39:31 +0100 Subject: Fix VM drive cleanup during terminate on libvirt --- .../openshift-cluster/tasks/configure_libvirt_storage_pool.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml index 8a67d713f..397158b9e 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml @@ -4,13 +4,17 @@ dest: "{{ libvirt_storage_pool_path }}" state: directory +# We need to set permissions on the directory and any items created under the directory, so we need to call the acl module with and without default set. - acl: - default: yes + default: "{{ item }}" entity: kvm etype: group name: "{{ libvirt_storage_pool_path }}" permissions: rwx state: present + with_items: + - no + - yes - name: Test if libvirt storage pool for openshift already exists command: "virsh -c {{ libvirt_uri }} pool-info {{ libvirt_storage_pool }}" -- cgit v1.2.3 From 003610cd859ed3714079a804db5a4329c96ac09d Mon Sep 17 00:00:00 2001 From: Wesley Hearn Date: Thu, 7 Jan 2016 08:52:13 -0500 Subject: Update openshift_facts config_base for Online deployments --- roles/openshift_facts/library/openshift_facts.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 0b57439e7..8dc16f5e4 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -628,7 +628,7 @@ def set_deployment_facts_if_unset(facts): facts['common']['service_type'] = service_type if 'config_base' not in facts['common']: config_base = '/etc/origin' - if deployment_type in ['enterprise', 'online']: + if deployment_type in ['enterprise']: config_base = '/etc/openshift' # Handle upgrade scenarios when symlinks don't yet exist: if not os.path.exists(config_base) and os.path.exists('/etc/openshift'): @@ -636,7 +636,7 @@ def set_deployment_facts_if_unset(facts): facts['common']['config_base'] = config_base if 'data_dir' not in facts['common']: data_dir = '/var/lib/origin' - if deployment_type in ['enterprise', 'online']: + if deployment_type in ['enterprise']: data_dir = '/var/lib/openshift' # Handle upgrade scenarios when symlinks don't yet exist: if not os.path.exists(data_dir) and os.path.exists('/var/lib/openshift'): -- cgit v1.2.3 From 42b0745b1d7a6727fa7df62afb452c67f7c8c8e6 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Thu, 7 Jan 2016 08:58:50 -0500 Subject: Automatic commit of package [openshift-ansible] release [3.0.24-1]. --- .tito/packages/openshift-ansible | 2 +- openshift-ansible.spec | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 6c26d815b..f95b607a9 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.23-1 ./ +3.0.24-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 66b7cfd2c..eef619ede 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.23 +Version: 3.0.24 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -259,6 +259,10 @@ Atomic OpenShift Utilities includes %changelog +* Thu Jan 07 2016 Brenton Leanhardt 3.0.24-1 +- Setting relative paths in the upgrade playbooks wasn't working + (bleanhar@redhat.com) + * Wed Jan 06 2016 Brenton Leanhardt 3.0.23-1 - Move extra secret validations into openshift_facts. (abutcher@redhat.com) - Remove not is_containerized restriction on storage plugin includes. -- cgit v1.2.3 From edbe2cff2d5c5d2a0df678e690278b4dfd78b29d Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 7 Jan 2016 10:46:54 -0500 Subject: Install gluster and ceph packages when containerized but not atomic Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1296022 --- roles/openshift_node/tasks/storage_plugins/ceph.yml | 2 +- roles/openshift_node/tasks/storage_plugins/glusterfs.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml index 119ad62ef..eed3c99a3 100644 --- a/roles/openshift_node/tasks/storage_plugins/ceph.yml +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -1,4 +1,4 @@ --- - name: Install Ceph storage plugin dependencies action: "{{ ansible_pkg_mgr }} name=ceph-common state=present" - when: not openshift.common.is_containerized | bool \ No newline at end of file + when: not openshift.common.is_atomic | bool \ No newline at end of file diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index 91ee77e7e..8fc8497fa 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -1,7 +1,7 @@ --- - name: Install GlusterFS storage plugin dependencies action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present" - when: not openshift.common.is_containerized | bool + when: not openshift.common.is_atomic | bool - name: Set sebooleans to allow gluster storage plugin access from containers seboolean: -- cgit v1.2.3 From 01f85460ce96905eb8fc6e66b9d800e46df54772 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Thu, 7 Jan 2016 17:36:53 +0100 Subject: Fix terminate.yml on OpenStack --- playbooks/openstack/openshift-cluster/terminate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml index d0abe9fa5..d4ab51fa7 100644 --- a/playbooks/openstack/openshift-cluster/terminate.yml +++ b/playbooks/openstack/openshift-cluster/terminate.yml @@ -11,7 +11,7 @@ groups: oo_hosts_to_terminate ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" - with_items: (groups['tag_environment_' ~ cluster_env]|default([])) | groups['tag_clusterid_' ~ cluster_id ] | default([]) + with_items: (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([])) - name: Unsubscribe VMs hosts: oo_hosts_to_terminate -- cgit v1.2.3 From 8d9e02549d5a393d6646d8ded017c0fcf7f05732 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Thu, 7 Jan 2016 17:54:00 +0100 Subject: Rename env into clusterid and add environment in the OpenStack VMs tags --- .../openshift-cluster/files/heat_stack.yaml | 69 ++++++++++++---------- .../openshift-cluster/files/heat_stack_server.yaml | 8 ++- playbooks/openstack/openshift-cluster/launch.yml | 1 + 3 files changed, 47 insertions(+), 31 deletions(-) diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml index bfd73c777..4f6a59a30 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml @@ -4,6 +4,11 @@ description: OpenShift cluster parameters: + cluster_env: + type: string + label: Cluster environment + description: Environment of the cluster + cluster_id: type: string label: Cluster ID @@ -345,13 +350,14 @@ resources: params: cluster_id: { get_param: cluster_id } k8s_type: etcd - cluster_id: { get_param: cluster_id } - type: etcd - image: { get_param: etcd_image } - flavor: { get_param: etcd_flavor } - key_name: { get_resource: keypair } - net: { get_resource: net } - subnet: { get_resource: subnet } + cluster_env: { get_param: cluster_env } + cluster_id: { get_param: cluster_id } + type: etcd + image: { get_param: etcd_image } + flavor: { get_param: etcd_flavor } + key_name: { get_resource: keypair } + net: { get_resource: net } + subnet: { get_resource: subnet } secgrp: - { get_resource: etcd-secgrp } floating_network: { get_param: floating_ip_pool } @@ -375,13 +381,14 @@ resources: params: cluster_id: { get_param: cluster_id } k8s_type: master - cluster_id: { get_param: cluster_id } - type: master - image: { get_param: master_image } - flavor: { get_param: master_flavor } - key_name: { get_resource: keypair } - net: { get_resource: net } - subnet: { get_resource: subnet } + cluster_env: { get_param: cluster_env } + cluster_id: { get_param: cluster_id } + type: master + image: { get_param: master_image } + flavor: { get_param: master_flavor } + key_name: { get_resource: keypair } + net: { get_resource: net } + subnet: { get_resource: subnet } secgrp: - { get_resource: master-secgrp } floating_network: { get_param: floating_ip_pool } @@ -406,14 +413,15 @@ resources: cluster_id: { get_param: cluster_id } k8s_type: node sub_host_type: compute - cluster_id: { get_param: cluster_id } - type: node - subtype: compute - image: { get_param: node_image } - flavor: { get_param: node_flavor } - key_name: { get_resource: keypair } - net: { get_resource: net } - subnet: { get_resource: subnet } + cluster_env: { get_param: cluster_env } + cluster_id: { get_param: cluster_id } + type: node + subtype: compute + image: { get_param: node_image } + flavor: { get_param: node_flavor } + key_name: { get_resource: keypair } + net: { get_resource: net } + subnet: { get_resource: subnet } secgrp: - { get_resource: node-secgrp } floating_network: { get_param: floating_ip_pool } @@ -438,14 +446,15 @@ resources: cluster_id: { get_param: cluster_id } k8s_type: node sub_host_type: infra - cluster_id: { get_param: cluster_id } - type: node - subtype: infra - image: { get_param: infra_image } - flavor: { get_param: infra_flavor } - key_name: { get_resource: keypair } - net: { get_resource: net } - subnet: { get_resource: subnet } + cluster_env: { get_param: cluster_env } + cluster_id: { get_param: cluster_id } + type: node + subtype: infra + image: { get_param: infra_image } + flavor: { get_param: infra_flavor } + key_name: { get_resource: keypair } + net: { get_resource: net } + subnet: { get_resource: subnet } secgrp: - { get_resource: node-secgrp } - { get_resource: infra-secgrp } diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml index 3f24a3e45..f83f2c984 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml @@ -9,6 +9,11 @@ parameters: label: Name description: Name + cluster_env: + type: string + label: Cluster environment + description: Environment of the cluster + cluster_id: type: string label: Cluster ID @@ -105,7 +110,8 @@ resources: user_data: { get_file: user-data } user_data_format: RAW metadata: - env: { get_param: cluster_id } + environment: { get_param: cluster_env } + clusterid: { get_param: cluster_id } host-type: { get_param: type } sub-host-type: { get_param: subtype } diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index f07ca684f..fdcb77acc 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -29,6 +29,7 @@ - name: Create or Update OpenStack Stack command: 'heat {{ heat_stack_action }} -f {{ openstack_infra_heat_stack }} + -P cluster_env={{ cluster_env }} -P cluster_id={{ cluster_id }} -P cidr={{ openstack_network_cidr }} -P dns_nameservers={{ openstack_network_dns | join(",") }} -- cgit v1.2.3 From 635df52db7ed51593135f53feae1cf7d48ad2a71 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 7 Jan 2016 13:16:38 -0500 Subject: Add a banner to CLI wrapper instructing users that it's only for bootstrapping Also remove -a STDIN,STDOUT,STDERR that's the default --- roles/openshift_cli/templates/openshift.j2 | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/roles/openshift_cli/templates/openshift.j2 b/roles/openshift_cli/templates/openshift.j2 index d773e9b1c..a7c148a22 100644 --- a/roles/openshift_cli/templates/openshift.j2 +++ b/roles/openshift_cli/templates/openshift.j2 @@ -6,4 +6,18 @@ cmd=`basename $0` user=`id -u` group=`id -g` -docker run -i -a STDERR -a STDOUT -a STDIN --privileged --net=host --user=${user}:${group} -v ~/.kube:/root/.kube -v /tmp:/tmp -v {{ openshift.common.config_base}}:{{ openshift.common.config_base }} -e KUBECONFIG=/root/.kube/config --entrypoint ${cmd} --rm {{ openshift.common.cli_image }} "${@}" +>&2 echo """ +================================================================================ +ATTENTION: You are running ${cmd} via a wrapper around 'docker run {{ openshift.common.cli_image }}'. +This wrapper is intended only to be used to bootstrap an environment. Please +install client tools on another host once you have granted cluster-admin +privileges to a user. +{% if openshift.common.deployment_type in ['openshift-enterprise','atomic-enterprise'] %} +See https://docs.openshift.com/enterprise/latest/cli_reference/get_started_cli.html +{% else %} +See https://docs.openshift.org/latest/cli_reference/get_started_cli.html +{% endif %} +================================================================================= +""" + +docker run -i --privileged --net=host --user=${user}:${group} -v ~/.kube:/root/.kube -v /tmp:/tmp -v {{ openshift.common.config_base}}:{{ openshift.common.config_base }} -e KUBECONFIG=/root/.kube/config --entrypoint ${cmd} --rm {{ openshift.common.cli_image }} "${@}" -- cgit v1.2.3 From 0097ce2b4c8c751cfa10b61d7e34dcf785755951 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Thu, 7 Jan 2016 09:15:46 -0500 Subject: Bug 1296388 - The playbook still configure ManageIQ when openshift_use_manageiq is false --- roles/openshift_facts/library/openshift_facts.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 8dc16f5e4..be2818dce 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -730,8 +730,8 @@ def set_manageiq_facts_if_unset(facts): raise OpenShiftFactsInternalError( "Invalid invocation: The required facts are not set" ) - - facts['common']['use_manageiq'] = facts['common']['version_greater_than_3_1_or_1_1'] + if 'use_mangeiq' not in facts['common']: + facts['common']['use_manageiq'] = facts['common']['version_greater_than_3_1_or_1_1'] return facts -- cgit v1.2.3 From eda483f89b21e216f46d8d19b5cc5bc341e9782c Mon Sep 17 00:00:00 2001 From: Matt Woodson Date: Thu, 7 Jan 2016 16:08:55 -0500 Subject: oso_host_monitoring role: removed the f22 and zagg client, replaced it with oso-rhel7-host-monitoring container --- roles/oso_host_monitoring/handlers/main.yml | 6 --- roles/oso_host_monitoring/tasks/main.yml | 20 +------ .../templates/oso-f22-host-monitoring.service.j2 | 43 --------------- .../templates/oso-rhel7-zagg-client.service.j2 | 62 ---------------------- 4 files changed, 1 insertion(+), 130 deletions(-) delete mode 100644 roles/oso_host_monitoring/templates/oso-f22-host-monitoring.service.j2 delete mode 100644 roles/oso_host_monitoring/templates/oso-rhel7-zagg-client.service.j2 diff --git a/roles/oso_host_monitoring/handlers/main.yml b/roles/oso_host_monitoring/handlers/main.yml index 7863ad15b..3a5d8024c 100644 --- a/roles/oso_host_monitoring/handlers/main.yml +++ b/roles/oso_host_monitoring/handlers/main.yml @@ -4,9 +4,3 @@ name: "{{ osohm_host_monitoring }}" state: restarted enabled: yes - -- name: "Restart the {{ osohm_zagg_client }} service" - service: - name: "{{ osohm_zagg_client }}" - state: restarted - enabled: yes diff --git a/roles/oso_host_monitoring/tasks/main.yml b/roles/oso_host_monitoring/tasks/main.yml index 6ddfa3dcb..a0a453416 100644 --- a/roles/oso_host_monitoring/tasks/main.yml +++ b/roles/oso_host_monitoring/tasks/main.yml @@ -5,7 +5,6 @@ with_items: - osohm_zagg_web_url - osohm_host_monitoring - - osohm_zagg_client - osohm_docker_registry_url - osohm_default_zagg_server_user - osohm_default_zagg_server_password @@ -37,29 +36,12 @@ - "Restart the {{ osohm_host_monitoring }} service" register: systemd_host_monitoring -- name: "Copy {{ osohm_zagg_client }} systemd file" - template: - src: "{{ osohm_zagg_client }}.service.j2" - dest: "/etc/systemd/system/{{ osohm_zagg_client }}.service" - owner: root - group: root - mode: 0644 - notify: - - "Restart the {{ osohm_zagg_client }} service" - register: zagg_systemd - - name: reload systemd command: /usr/bin/systemctl --system daemon-reload - when: systemd_host_monitoring | changed or zagg_systemd | changed + when: systemd_host_monitoring | changed - name: "Start the {{ osohm_host_monitoring }} service" service: name: "{{ osohm_host_monitoring }}" state: started enabled: yes - -- name: "Start the {{ osohm_zagg_client }} service" - service: - name: "{{ osohm_zagg_client }}" - state: started - enabled: yes diff --git a/roles/oso_host_monitoring/templates/oso-f22-host-monitoring.service.j2 b/roles/oso_host_monitoring/templates/oso-f22-host-monitoring.service.j2 deleted file mode 100644 index d18ad90fe..000000000 --- a/roles/oso_host_monitoring/templates/oso-f22-host-monitoring.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -# This is a systemd file to run this docker container under systemd. -# To make this work: -# * pull the image (probably from ops docker registry) -# * place this file in /etc/systemd/system without the .systemd extension -# * run the commands: -# systemctl daemon-reload -# systemctl enable pcp-docker -# systemctl start pcp-docker -# -# -[Unit] -Description=PCP Collector Contatainer -Requires=docker.service -After=docker.service - - -[Service] -Type=simple -TimeoutStartSec=5m -Environment=HOME=/etc/docker/ops -#Slice=container-small.slice - -# systemd syntax '=-' ignore errors from return codes. -ExecStartPre=-/usr/bin/docker kill "{{ osohm_host_monitoring }}" -ExecStartPre=-/usr/bin/docker rm "{{ osohm_host_monitoring }}" -ExecStartPre=-/usr/bin/docker pull "{{ osohm_docker_registry_url }}{{ osohm_host_monitoring }}" - - -ExecStart=/usr/bin/docker run --rm --name="{{ osohm_host_monitoring }}" \ - --privileged --net=host --pid=host --ipc=host \ - -v /sys:/sys:ro -v /etc/localtime:/etc/localtime:ro \ - -v /var/lib/docker:/var/lib/docker:ro -v /run:/run \ - -v /var/log:/var/log \ - {{ osohm_docker_registry_url }}{{ osohm_host_monitoring }} - -ExecReload=-/usr/bin/docker stop "{{ osohm_host_monitoring }}" -ExecReload=-/usr/bin/docker rm "{{ osohm_host_monitoring }}" -ExecStop=-/usr/bin/docker stop "{{ osohm_host_monitoring }}" -Restart=always -RestartSec=30 - -[Install] -WantedBy=default.target diff --git a/roles/oso_host_monitoring/templates/oso-rhel7-zagg-client.service.j2 b/roles/oso_host_monitoring/templates/oso-rhel7-zagg-client.service.j2 deleted file mode 100644 index bcc8a5e03..000000000 --- a/roles/oso_host_monitoring/templates/oso-rhel7-zagg-client.service.j2 +++ /dev/null @@ -1,62 +0,0 @@ -# This is a systemd file to run this docker container under systemd. -# To make this work: -# * pull the image (probably from ops docker registry) -# * place this file in /etc/systemd/system without the .systemd extension -# * run the commands: -# systemctl daemon-reload -# systemctl enable zagg-client-docker -# systemctl start zagg-client-docker -# -# -[Unit] -Description=Zagg Client Contatainer -Requires=docker.service -After=docker.service - - -[Service] -Type=simple -TimeoutStartSec=5m -Environment=HOME=/etc/docker/ops -#Slice=container-small.slice - -# systemd syntax '=-' ignore errors from return codes. -ExecStartPre=-/usr/bin/docker kill "{{ osohm_zagg_client }}" -ExecStartPre=-/usr/bin/docker rm "{{ osohm_zagg_client }}" -ExecStartPre=-/usr/bin/docker pull "{{ osohm_docker_registry_url }}{{ osohm_zagg_client }}" - - -ExecStart=/usr/bin/docker run --name {{ osohm_zagg_client }} \ - --privileged \ - --pid=host \ - --net=host \ - -e ZAGG_URL={{ osohm_zagg_web_url }} \ - -e ZAGG_USER={{ osohm_default_zagg_server_user }} \ - -e ZAGG_PASSWORD={{ osohm_default_zagg_server_password }} \ - -e ZAGG_CLIENT_HOSTNAME={{ ec2_tag_Name }} \ - -e ZAGG_SSL_VERIFY={{ osohm_zagg_verify_ssl }} \ - -e OSO_CLUSTER_GROUP={{ cluster_group }} \ - -e OSO_CLUSTER_ID={{ oo_clusterid }} \ - -e OSO_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_host-type'] }} \ - -e OSO_SUB_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] }} \ - -v /etc/localtime:/etc/localtime \ - -v /run/pcp:/run/pcp \ - -v /var/run/docker.sock:/var/run/docker.sock \ - -v /var/run/openvswitch:/var/run/openvswitch \ -{% if hostvars[inventory_hostname]['ec2_tag_host-type'] == 'master' %} - -v /etc/openshift/master/admin.kubeconfig:/etc/openshift/master/admin.kubeconfig \ - -v /etc/openshift/master/master.etcd-client.crt:/etc/openshift/master/master.etcd-client.crt \ - -v /etc/openshift/master/master.etcd-client.key:/etc/openshift/master/master.etcd-client.key \ - -v /etc/openshift/master/master-config.yaml:/etc/openshift/master/master-config.yaml \ -{% endif %} - {{ osohm_docker_registry_url }}{{ osohm_zagg_client }} - - -ExecReload=-/usr/bin/docker stop "{{ osohm_zagg_client }}" -ExecReload=-/usr/bin/docker rm "{{ osohm_zagg_client }}" -ExecStop=-/usr/bin/docker stop "{{ osohm_zagg_client }}" -Restart=always -RestartSec=30 - -[Install] -WantedBy=default.target -- cgit v1.2.3 From 25b2f5acaf140c386aff1c860b706778eba251a6 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Thu, 7 Jan 2016 16:25:57 -0500 Subject: Automatic commit of package [openshift-ansible] release [3.0.25-1]. --- .tito/packages/openshift-ansible | 2 +- openshift-ansible.spec | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index f95b607a9..1ba85f29b 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.24-1 ./ +3.0.25-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index eef619ede..5061834dc 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.24 +Version: 3.0.25 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -259,6 +259,20 @@ Atomic OpenShift Utilities includes %changelog +* Thu Jan 07 2016 Brenton Leanhardt 3.0.25-1 +- Bug 1296388 - The playbook still configure ManageIQ when + openshift_use_manageiq is false (bleanhar@redhat.com) +- Add a banner to CLI wrapper instructing users that it's only for + bootstrapping (sdodson@redhat.com) +- Rename env into clusterid and add environment in the OpenStack VMs tags + (lhuard@amadeus.com) +- Fix terminate.yml on OpenStack (lhuard@amadeus.com) +- Install gluster and ceph packages when containerized but not atomic + (sdodson@redhat.com) +- Update openshift_facts config_base for Online deployments (whearn@redhat.com) +- Fix multi-word arguments & cli wrapper stdin plumbing (sdodson@redhat.com) +- Improve 3.1/1.1 upgrade check (jdetiber@redhat.com) + * Thu Jan 07 2016 Brenton Leanhardt 3.0.24-1 - Setting relative paths in the upgrade playbooks wasn't working (bleanhar@redhat.com) -- cgit v1.2.3 From a1a187916540748859cbc2c6c618f1a406c7db62 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Fri, 8 Jan 2016 09:10:26 -0500 Subject: Bug 1296388 - fixing typo --- roles/openshift_facts/library/openshift_facts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index be2818dce..2a3d4acbd 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -730,7 +730,7 @@ def set_manageiq_facts_if_unset(facts): raise OpenShiftFactsInternalError( "Invalid invocation: The required facts are not set" ) - if 'use_mangeiq' not in facts['common']: + if 'use_manageiq' not in facts['common']: facts['common']['use_manageiq'] = facts['common']['version_greater_than_3_1_or_1_1'] return facts -- cgit v1.2.3 From 98b8a3a39dbe0bd9f1d7ffda6952459bc8856f3a Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Fri, 8 Jan 2016 09:11:31 -0500 Subject: Automatic commit of package [openshift-ansible] release [3.0.26-1]. --- .tito/packages/openshift-ansible | 2 +- openshift-ansible.spec | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 1ba85f29b..caa4ded81 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.25-1 ./ +3.0.26-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 5061834dc..7c260ff21 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.25 +Version: 3.0.26 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -259,6 +259,9 @@ Atomic OpenShift Utilities includes %changelog +* Fri Jan 08 2016 Brenton Leanhardt 3.0.26-1 +- Bug 1296388 - fixing typo (bleanhar@redhat.com) + * Thu Jan 07 2016 Brenton Leanhardt 3.0.25-1 - Bug 1296388 - The playbook still configure ManageIQ when openshift_use_manageiq is false (bleanhar@redhat.com) -- cgit v1.2.3 From 0c056112112886e0d5683a10eec3368695c96e88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Thu, 7 Jan 2016 15:09:46 +0100 Subject: Make bin/cluster able to spawn OSE 3.1 clusters --- bin/cluster | 5 +--- playbooks/aws/openshift-cluster/vars.yml | 29 +++++++++++--------- .../update_repos_and_packages.yml | 2 +- playbooks/gce/openshift-cluster/vars.yml | 15 +++++++---- playbooks/libvirt/openshift-cluster/vars.yml | 31 +++++++++++----------- playbooks/openstack/openshift-cluster/vars.yml | 12 ++++++--- roles/rhel_subscribe/tasks/enterprise.yml | 18 ++++++++++++- roles/rhel_subscribe/tasks/main.yml | 2 +- 8 files changed, 71 insertions(+), 43 deletions(-) diff --git a/bin/cluster b/bin/cluster index 3081ebd4a..c2765ff92 100755 --- a/bin/cluster +++ b/bin/cluster @@ -294,11 +294,8 @@ if __name__ == '__main__': meta_parser.add_argument('cluster_id', help='prefix for cluster VM names') meta_parser.add_argument('-t', '--deployment-type', - choices=['origin', 'online', 'enterprise'], + choices=['origin', 'online', 'enterprise', 'atomic-enterprise', 'openshift-enterprise'], help='Deployment type. (default: origin)') - meta_parser.add_argument('-T', '--product-type', - choices=['openshift', 'atomic-enterprise'], - help='Product type. (default: openshift)') meta_parser.add_argument('-o', '--option', action='append', help='options') diff --git a/playbooks/aws/openshift-cluster/vars.yml b/playbooks/aws/openshift-cluster/vars.yml index 452c90d6a..846c92577 100644 --- a/playbooks/aws/openshift-cluster/vars.yml +++ b/playbooks/aws/openshift-cluster/vars.yml @@ -1,5 +1,19 @@ --- debug_level: 2 + +deployment_rhel7_ent_base: + # rhel-7.1, requires cloud access subscription + image: ami-10663b78 + image_name: + region: us-east-1 + ssh_user: ec2-user + sudo: yes + keypair: libra + type: m4.large + security_groups: [ 'public' ] + vpc_subnet: + assign_public_ip: + deployment_vars: origin: # centos-7, requires marketplace @@ -25,15 +39,6 @@ deployment_vars: security_groups: [ 'public' ] vpc_subnet: assign_public_ip: - enterprise: - # rhel-7.1, requires cloud access subscription - image: ami-10663b78 - image_name: - region: us-east-1 - ssh_user: ec2-user - sudo: yes - keypair: libra - type: m4.large - security_groups: [ 'public' ] - vpc_subnet: - assign_public_ip: + enterprise: "{{ deployment_rhel7_ent_base }}" + openshift-enterprise: "{{ deployment_rhel7_ent_base }}" + atomic-enterprise: "{{ deployment_rhel7_ent_base }}" diff --git a/playbooks/common/openshift-cluster/update_repos_and_packages.yml b/playbooks/common/openshift-cluster/update_repos_and_packages.yml index 9a303c62d..88736ee03 100644 --- a/playbooks/common/openshift-cluster/update_repos_and_packages.yml +++ b/playbooks/common/openshift-cluster/update_repos_and_packages.yml @@ -4,7 +4,7 @@ openshift_deployment_type: "{{ deployment_type }}" roles: - role: rhel_subscribe - when: deployment_type == "enterprise" and + when: deployment_type in ["enterprise", "atomic-enterprise", "openshift-enterprise"] and ansible_distribution == "RedHat" and lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | default('no', True) | lower in ['no', 'false'] diff --git a/playbooks/gce/openshift-cluster/vars.yml b/playbooks/gce/openshift-cluster/vars.yml index bdb39923e..7fb13c7a6 100644 --- a/playbooks/gce/openshift-cluster/vars.yml +++ b/playbooks/gce/openshift-cluster/vars.yml @@ -3,6 +3,13 @@ do_we_use_openshift_sdn: true sdn_network_plugin: redhat/openshift-ovs-subnet debug_level: 2 # os_sdn_network_plugin_name can be ovssubnet or multitenant, see https://docs.openshift.org/latest/architecture/additional_concepts/sdn.html#ovssubnet-plugin-operation + +deployment_rhel7_ent_base: + image: rhel-7 + machine_type: n1-standard-1 + ssh_user: + sudo: yes + deployment_vars: origin: image: preinstalled-slave-50g-v5 @@ -14,8 +21,6 @@ deployment_vars: machine_type: n1-standard-1 ssh_user: root sudo: no - enterprise: - image: rhel-7 - machine_type: n1-standard-1 - ssh_user: - sudo: yes + enterprise: "{{ deployment_rhel7_ent_base }}" + openshift-enterprise: "{{ deployment_rhel7_ent_base }}" + atomic-enterprise: "{{ deployment_rhel7_ent_base }}" diff --git a/playbooks/libvirt/openshift-cluster/vars.yml b/playbooks/libvirt/openshift-cluster/vars.yml index 8b170f99e..da628786b 100644 --- a/playbooks/libvirt/openshift-cluster/vars.yml +++ b/playbooks/libvirt/openshift-cluster/vars.yml @@ -5,6 +5,19 @@ libvirt_network: openshift-ansible libvirt_uri: 'qemu:///system' debug_level: 2 +# Automatic download of the qcow2 image for RHEL cannot be done directly from the RedHat portal because it requires authentication. +# The default value of image_url for enterprise and openshift-enterprise deployment types below won't work. +deployment_rhel7_ent_base: + image: + url: "{{ lookup('oo_option', 'image_url') | + default('https://access.cdn.redhat.com//content/origin/files/sha256/25/25f880767ec6bf71beb532e17f1c45231640bbfdfbbb1dffb79d2c1b328388e0/rhel-guest-image-7.2-20151102.0.x86_64.qcow2', True) }}" + name: "{{ lookup('oo_option', 'image_name') | + default('rhel-guest-image-7.2-20151102.0.x86_64.qcow2', True) }}" + sha256: "{{ lookup('oo_option', 'image_sha256') | + default('25f880767ec6bf71beb532e17f1c45231640bbfdfbbb1dffb79d2c1b328388e0', True) }}" + ssh_user: openshift + sudo: yes + deployment_vars: origin: image: @@ -25,18 +38,6 @@ deployment_vars: sha256: ssh_user: root sudo: no - enterprise: - image: - url: "{{ lookup('oo_option', 'image_url') | - default('https://access.cdn.redhat.com//content/origin/files/sha256/ff/ff8198653cfd9c39411fc57077451ac291b3a605d305e905932fd6d5b1890bf3/rhel-guest-image-7.1-20150224.0.x86_64.qcow2', True) }}" - name: "{{ lookup('oo_option', 'image_name') | - default('rhel-guest-image-7.1-20150224.0.x86_64.qcow2', True) }}" - sha256: "{{ lookup('oo_option', 'image_sha256') | - default('ff8198653cfd9c39411fc57077451ac291b3a605d305e905932fd6d5b1890bf3', True) }}" - ssh_user: openshift - sudo: yes -# origin: -# fedora: -# url: "http://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.qcow2" -# name: Fedora-Cloud-Base-20141203-21.x86_64.qcow2 -# sha256: 3a99bb89f33e3d4ee826c8160053cdb8a72c80cd23350b776ce73cd244467d86 + enterprise: "{{ deployment_rhel7_ent_base }}" + openshift-enterprise: "{{ deployment_rhel7_ent_base }}" + atomic-enterprise: "{{ deployment_rhel7_ent_base }}" diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml index f8d15999e..76cde1706 100644 --- a/playbooks/openstack/openshift-cluster/vars.yml +++ b/playbooks/openstack/openshift-cluster/vars.yml @@ -20,6 +20,11 @@ openstack_flavor: infra: "{{ lookup('oo_option', 'infra_flavor' ) | default('m1.small', True) }}" node: "{{ lookup('oo_option', 'node_flavor' ) | default('m1.medium', True) }}" +deployment_rhel7_ent_base: + image: "{{ lookup('oo_option', 'image_name') | default('rhel-guest-image-7.2-20151102.0.x86_64', True) }}" + ssh_user: openshift + sudo: yes + deployment_vars: origin: image: "{{ lookup('oo_option', 'image_name') | default('centos-70-raw', True) }}" @@ -29,7 +34,6 @@ deployment_vars: image: ssh_user: root sudo: no - enterprise: - image: "{{ lookup('oo_option', 'image_name') | default('rhel-guest-image-7.1-20150224.0.x86_64', True) }}" - ssh_user: openshift - sudo: yes + enterprise: "{{ deployment_rhel7_ent_base }}" + openshift-enterprise: "{{ deployment_rhel7_ent_base }}" + atomic-enterprise: "{{ deployment_rhel7_ent_base }}" diff --git a/roles/rhel_subscribe/tasks/enterprise.yml b/roles/rhel_subscribe/tasks/enterprise.yml index e9e6e4bd4..08540f440 100644 --- a/roles/rhel_subscribe/tasks/enterprise.yml +++ b/roles/rhel_subscribe/tasks/enterprise.yml @@ -2,8 +2,24 @@ - name: Disable all repositories command: subscription-manager repos --disable="*" +- set_fact: + default_ose_version: '3.0' + when: deployment_type == 'enterprise' + +- set_fact: + default_ose_version: '3.1' + when: deployment_type in ['atomic-enterprise', 'openshift-enterprise'] + +- set_fact: + ose_version: "{{ lookup('oo_option', 'ose_version') | default(default_ose_version, True) }}" + +- fail: + msg: "{{ ose_version }} is not a valid version for {{ deployment_type }} deployment type" + when: ( deployment_type == 'enterprise' and ose_version not in ['3.0'] ) or + ( deployment_type in ['atomic-enterprise', 'openshift-enterprise'] and ose_version not in ['3.1'] ) + - name: Enable RHEL repositories command: subscription-manager repos \ --enable="rhel-7-server-rpms" \ --enable="rhel-7-server-extras-rpms" \ - --enable="rhel-7-server-ose-3.0-rpms" + --enable="rhel-7-server-ose-{{ ose_version }}-rpms" diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml index 30c0920a1..1f905ed5a 100644 --- a/roles/rhel_subscribe/tasks/main.yml +++ b/roles/rhel_subscribe/tasks/main.yml @@ -33,4 +33,4 @@ autosubscribe: yes - include: enterprise.yml - when: deployment_type == 'enterprise' + when: deployment_type in [ 'enterprise', 'atomic-enterprise', 'openshift-enterprise' ] -- cgit v1.2.3 From 029abcad0ab431ac53b680fae2938541dbaed3ce Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Fri, 8 Jan 2016 13:28:06 -0500 Subject: Update to metadata tooling. --- bin/ohi | 47 +++++++++++----------- bin/openshift_ansible/awsutil.py | 85 +++++++++++++++++++++++++++------------- bin/opssh | 49 ++++++++++++++++------- bin/oscp | 19 ++++----- bin/ossh | 30 ++++++-------- 5 files changed, 134 insertions(+), 96 deletions(-) diff --git a/bin/ohi b/bin/ohi index be9c53ec0..d71a4c4b1 100755 --- a/bin/ohi +++ b/bin/ohi @@ -48,28 +48,18 @@ class Ohi(object): self.aws.print_host_types() return 0 - hosts = None - if self.args.host_type is not None and \ - self.args.env is not None: - # Both env and host-type specified - hosts = self.aws.get_host_list(host_type=self.args.host_type, - envs=self.args.env, - version=self.args.openshift_version, - cached=self.args.cache_only) - - if self.args.host_type is None and \ - self.args.env is not None: - # Only env specified - hosts = self.aws.get_host_list(envs=self.args.env, - version=self.args.openshift_version, - cached=self.args.cache_only) - - if self.args.host_type is not None and \ - self.args.env is None: - # Only host-type specified - hosts = self.aws.get_host_list(host_type=self.args.host_type, - version=self.args.openshift_version, - cached=self.args.cache_only) + if self.args.v3: + version = '3' + elif self.args.all_versions: + version = 'all' + else: + version = '2' + + hosts = self.aws.get_host_list(clusters=self.args.cluster, + host_type=self.args.host_type, + envs=self.args.env, + version=version, + cached=self.args.cache_only) if hosts is None: # We weren't able to determine what they wanted to do @@ -104,19 +94,26 @@ class Ohi(object): parser = argparse.ArgumentParser(description='OpenShift Host Inventory') parser.add_argument('--list-host-types', default=False, action='store_true', help='List all of the host types') + parser.add_argument('--list', default=False, action='store_true', help='List all hosts') - parser.add_argument('-e', '--env', action="store", help="Which environment to use") + parser.add_argument('-c', '--cluster', action="append", help="Which clusterid to use") + parser.add_argument('-e', '--env', action="append", help="Which environment to use") parser.add_argument('-t', '--host-type', action="store", help="Which host type to use") parser.add_argument('-l', '--user', action='store', default=None, help='username') - parser.add_argument('-c', '--cache-only', action='store_true', default=False, + parser.add_argument('--cache-only', action='store_true', default=False, help='Retrieve the host inventory by cache only. Default is false.') - parser.add_argument('-o', '--openshift-version', action='store', default='2', + parser.add_argument('--v2', action='store_true', default=True, help='Specify the openshift version. Default is 2') + parser.add_argument('--v3', action='store_true', default=False, + help='Specify the openshift version.') + + parser.add_argument('--all-versions', action='store_true', default=False, + help='Specify the openshift version. Return all versions') self.args = parser.parse_args() diff --git a/bin/openshift_ansible/awsutil.py b/bin/openshift_ansible/awsutil.py index 76b4f4f51..e03c0ab15 100644 --- a/bin/openshift_ansible/awsutil.py +++ b/bin/openshift_ansible/awsutil.py @@ -59,9 +59,23 @@ class AwsUtil(object): minv.run() return minv.result + def get_clusters(self): + """Searches for cluster tags in the inventory and returns all of the clusters found.""" + pattern = re.compile(r'^oo_clusterid_(.*)') + + clusters = [] + inv = self.get_inventory() + for key in inv.keys(): + matched = pattern.match(key) + if matched: + clusters.append(matched.group(1)) + + clusters.sort() + return clusters + def get_environments(self): """Searches for env tags in the inventory and returns all of the envs found.""" - pattern = re.compile(r'^tag_environment_(.*)') + pattern = re.compile(r'^oo_environment_(.*)') envs = [] inv = self.get_inventory() @@ -75,7 +89,7 @@ class AwsUtil(object): def get_host_types(self): """Searches for host-type tags in the inventory and returns all host-types found.""" - pattern = re.compile(r'^tag_host-type_(.*)') + pattern = re.compile(r'^oo_host-type_(.*)') host_types = [] inv = self.get_inventory() @@ -153,6 +167,18 @@ class AwsUtil(object): return self.alias_lookup[host_type] return host_type + @staticmethod + def gen_version_tag(ver): + """Generate the version tag + """ + return "oo_version_%s" % ver + + @staticmethod + def gen_clusterid_tag(clu): + """Generate the clusterid tag + """ + return "tag_clusterid_%s" % clu + @staticmethod def gen_env_tag(env): """Generate the environment tag @@ -165,41 +191,44 @@ class AwsUtil(object): host_type = self.resolve_host_type(host_type) return "tag_host-type_%s" % host_type - def get_host_list(self, host_type=None, envs=None, version=None, cached=False): + # This function uses all of these params to perform a filters on our host inventory. + # pylint: disable=too-many-arguments + def get_host_list(self, clusters=None, host_type=None, envs=None, version=None, cached=False): """Get the list of hosts from the inventory using host-type and environment """ retval = set([]) envs = envs or [] + inv = self.get_inventory(cached=cached) - # We prefer to deal with a list of environments - if issubclass(type(envs), basestring): - if envs == 'all': - envs = self.get_environments() + retval.update(inv.get('all_hosts', [])) + + if clusters: + cluster_hosts = set([]) + if len(clusters) > 1: + for cluster in clusters: + clu_tag = AwsUtil.gen_clusterid_tag(cluster) + cluster_hosts.update(inv.get(clu_tag, [])) else: - envs = [envs] + cluster_hosts.update(inv.get(AwsUtil.gen_clusterid_tag(clusters[0]), [])) + + retval.intersection_update(cluster_hosts) + + if envs: + env_hosts = set([]) + if len(envs) > 1: + for env in envs: + env_tag = AwsUtil.gen_env_tag(env) + env_hosts.update(inv.get(env_tag, [])) + else: + env_hosts.update(inv.get(AwsUtil.gen_env_tag(envs[0]), [])) + + retval.intersection_update(env_hosts) - if host_type and envs: - # Both host type and environment were specified - for env in envs: - retval.update(inv.get('tag_environment_%s' % env, [])) + if host_type: retval.intersection_update(inv.get(self.gen_host_type_tag(host_type), [])) - elif envs and not host_type: - # Just environment was specified - for env in envs: - env_tag = AwsUtil.gen_env_tag(env) - if env_tag in inv.keys(): - retval.update(inv.get(env_tag, [])) - - elif host_type and not envs: - # Just host-type was specified - host_type_tag = self.gen_host_type_tag(host_type) - if host_type_tag in inv.keys(): - retval.update(inv.get(host_type_tag, [])) - - # If version is specified then return only hosts in that version - if version: - retval.intersection_update(inv.get('oo_version_%s' % version, [])) + if version != 'all': + retval.intersection_update(inv.get(AwsUtil.gen_version_tag(version), [])) return retval diff --git a/bin/opssh b/bin/opssh index 8ac526049..3747bc993 100755 --- a/bin/opssh +++ b/bin/opssh @@ -13,6 +13,8 @@ Options: -p PAR, --par=PAR max number of parallel threads (OPTIONAL) --outdir=OUTDIR output directory for stdout files (OPTIONAL) --errdir=ERRDIR output directory for stderr files (OPTIONAL) + -c CLUSTER, --cluster CLUSTER + which cluster to use -e ENV, --env ENV which environment to use -t HOST_TYPE, --host-type HOST_TYPE which host type to use @@ -45,9 +47,9 @@ fi # See if ohi is installed if ! which ohi &>/dev/null ; then - echo "ERROR: can't find ohi (OpenShift Host Inventory) on your system, please either install the openshift-ansible-bin package, or add openshift-ansible/bin to your path." + echo "ERROR: can't find ohi (OpenShift Host Inventory) on your system, please either install the openshift-ansible-bin package, or add openshift-ansible/bin to your path." - exit 10 + exit 10 fi PAR=200 @@ -64,12 +66,23 @@ while [ $# -gt 0 ] ; do shift # get past the value of the option ;; + -c) + shift # get past the option + CLUSTER=$1 + shift # get past the value of the option + ;; + -e) shift # get past the option ENV=$1 shift # get past the value of the option ;; + --v3) + OPENSHIFT_VERSION="--v3" + shift # get past the value of the option + ;; + --timeout) shift # get past the option TIMEOUT=$1 @@ -106,20 +119,26 @@ while [ $# -gt 0 ] ; do done # Get host list from ohi -if [ -n "$ENV" -a -n "$HOST_TYPE" ] ; then - HOSTS="$(ohi -t "$HOST_TYPE" -e "$ENV" 2>/dev/null)" - OHI_ECODE=$? -elif [ -n "$ENV" ] ; then - HOSTS="$(ohi -e "$ENV" 2>/dev/null)" - OHI_ECODE=$? -elif [ -n "$HOST_TYPE" ] ; then - HOSTS="$(ohi -t "$HOST_TYPE" 2>/dev/null)" +CMD="" +if [ -n "$CLUSTER" ] ; then + CMD="$CMD -c $CLUSTER" +fi + +if [ -n "$ENV" ] ; then + CMD="$CMD -e $ENV" +fi + +if [ -n "$HOST_TYPE" ] ; then + CMD="$CMD -t $HOST_TYPE" +fi + +if [ -n "$OPENSHIFT_VERSION" ] ; then + CMD="$CMD $OPENSHIFT_VERSION" +fi + +if [ -n "$CMD" ] ; then + HOSTS="$(ohi $CMD 2>/dev/null)" OHI_ECODE=$? -else - echo - echo "Error: either -e or -t must be specified" - echo - exit 10 fi if [ $OHI_ECODE -ne 0 ] ; then diff --git a/bin/oscp b/bin/oscp index c79fc8785..b15133642 100755 --- a/bin/oscp +++ b/bin/oscp @@ -138,7 +138,7 @@ class Oscp(object): # attempt to select the correct environment if specified if self.env: - results = filter(lambda result: result[1]['ec2_tag_env'] == self.env, results) + results = filter(lambda result: result[1]['oo_environment'] == self.env, results) if results: return results @@ -164,10 +164,8 @@ class Oscp(object): print '{0:<35} {1}'.format(key, server_info[key]) else: for host_id, server_info in results[:limit]: - name = server_info['ec2_tag_Name'] - ec2_id = server_info['ec2_id'] - ip = server_info['ec2_ip_address'] - print '{ec2_tag_Name:<35} {ec2_tag_env:<8} {ec2_id:<15} {ec2_ip_address:<18} {ec2_private_ip_address}'.format(**server_info) + print '{oo_name:<35} {oo_clusterid:<10} {oo_environment:<8} ' \ + '{oo_id:<15} {oo_public_ip:<18} {oo_private_ip:<18}'.format(**server_info) if limit: print @@ -177,10 +175,9 @@ class Oscp(object): else: for env, host_ids in self.host_inventory.items(): for host_id, server_info in host_ids.items(): - name = server_info['ec2_tag_Name'] - ec2_id = server_info['ec2_id'] - ip = server_info['ec2_ip_address'] - print '{ec2_tag_Name:<35} {ec2_tag_env:<8} {ec2_id:<15} {ec2_ip_address:<18} {ec2_private_ip_address}'.format(**server_info) + print '{oo_name:<35} {oo_clusterid:<10} {oo_environment:<8} ' \ + '{oo_id:<15} {oo_public_ip:<18} {oo_private_ip:<18}'.format(**server_info) + def scp(self): '''scp files to or from a specified host @@ -209,12 +206,12 @@ class Oscp(object): if len(results) > 1: print "Multiple results found for %s." % self.host for result in results: - print "{ec2_tag_Name:<35} {ec2_tag_env:<5} {ec2_id:<10}".format(**result[1]) + print "{oo_name:<35} {oo_clusterid:<5} {oo_environment:<5} {oo_id:<10}".format(**result[1]) return # early exit, too many results # Assume we have one and only one. hostname, server_info = results[0] - dns = server_info['ec2_public_dns_name'] + dns = server_info['oo_pulic_ip'] host_str = "%s%s%s" % (self.user, dns, self.path) diff --git a/bin/ossh b/bin/ossh index 50fa996c3..6519e4e08 100755 --- a/bin/ossh +++ b/bin/ossh @@ -55,15 +55,15 @@ class Ossh(object): def parse_cli_args(self): parser = argparse.ArgumentParser(description='OpenShift Online SSH Tool.') parser.add_argument('-e', '--env', action="store", - help="Which environment to search for the host ") + help="Which environment to search for the host ") parser.add_argument('-d', '--debug', default=False, - action="store_true", help="debug mode") + action="store_true", help="debug mode") parser.add_argument('-v', '--verbose', default=False, - action="store_true", help="Verbose?") + action="store_true", help="Verbose?") parser.add_argument('--refresh-cache', default=False, - action="store_true", help="Force a refresh on the host cache.") + action="store_true", help="Force a refresh on the host cache.") parser.add_argument('--list', default=False, - action="store_true", help="list out hosts") + action="store_true", help="list out hosts") parser.add_argument('-c', '--command', action='store', help='Command to run on remote host') parser.add_argument('-l', '--login_name', action='store', @@ -127,7 +127,7 @@ class Ossh(object): # attempt to select the correct environment if specified if self.env: - results = filter(lambda result: result[1]['ec2_tag_env'] == self.env, results) + results = filter(lambda result: result[1]['oo_environment'] == self.env, results) if results: return results @@ -153,10 +153,8 @@ class Ossh(object): print '{0:<35} {1}'.format(key, server_info[key]) else: for host_id, server_info in results[:limit]: - name = server_info['ec2_tag_Name'] - ec2_id = server_info['ec2_id'] - ip = server_info['ec2_ip_address'] - print '{ec2_tag_Name:<35} {ec2_tag_env:<8} {ec2_id:<15} {ec2_ip_address:<18} {ec2_private_ip_address}'.format(**server_info) + print '{oo_name:<35} {oo_clusterid:<10} {oo_environment:<8} ' \ + '{oo_id:<15} {oo_public_ip:<18} {oo_private_ip:<18}'.format(**server_info) if limit: print @@ -166,10 +164,8 @@ class Ossh(object): else: for env, host_ids in self.host_inventory.items(): for host_id, server_info in host_ids.items(): - name = server_info['ec2_tag_Name'] - ec2_id = server_info['ec2_id'] - ip = server_info['ec2_ip_address'] - print '{ec2_tag_Name:<35} {ec2_tag_env:<8} {ec2_id:<15} {ec2_ip_address:<18} {ec2_private_ip_address}'.format(**server_info) + print '{oo_name:<35} {oo_clusterid:<10} {oo_environment:<8} ' \ + '{oo_id:<15} {oo_public_ip:<18} {oo_private_ip:<18}'.format(**server_info) def ssh(self): '''SSH to a specified host @@ -195,12 +191,12 @@ class Ossh(object): if len(results) > 1: print "Multiple results found for %s." % self.host for result in results: - print "{ec2_tag_Name:<35} {ec2_tag_env:<5} {ec2_id:<10}".format(**result[1]) + print "{oo_name:<35} {oo_clusterid:<5} {oo_environment:<5} {oo_id:<10}".format(**result[1]) return # early exit, too many results # Assume we have one and only one. - hostname, server_info = results[0] - dns = server_info['ec2_public_dns_name'] + _, server_info = results[0] + dns = server_info['oo_public_ip'] ssh_args.append(dns) -- cgit v1.2.3 From 6fa4515290d2a44dfc263f70e862b204a72bb5cd Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Fri, 8 Jan 2016 15:26:30 -0500 Subject: Automatic commit of package [openshift-ansible] release [3.0.27-1]. --- .tito/packages/openshift-ansible | 2 +- openshift-ansible.spec | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index caa4ded81..6c9176ad0 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.26-1 ./ +3.0.27-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 7c260ff21..d6f04adde 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.26 +Version: 3.0.27 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -259,6 +259,10 @@ Atomic OpenShift Utilities includes %changelog +* Fri Jan 08 2016 Kenny Woodson 3.0.27-1 +- Update to metadata tooling. (kwoodson@redhat.com) +- Fix VM drive cleanup during terminate on libvirt (lhuard@amadeus.com) + * Fri Jan 08 2016 Brenton Leanhardt 3.0.26-1 - Bug 1296388 - fixing typo (bleanhar@redhat.com) -- cgit v1.2.3 From 0c2575ab8a407f74d3c5cddcd36aca47831eb86d Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Mon, 11 Jan 2016 09:45:24 -0500 Subject: Removing some internal hostnames --- README_AEP.md | 4 ++-- README_OSE.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README_AEP.md b/README_AEP.md index 584a7afff..7cdb1c5d5 100644 --- a/README_AEP.md +++ b/README_AEP.md @@ -81,10 +81,10 @@ deployment_type=atomic-enterprise # Pre-release registry URL; note that in the future these images # may have an atomicenterprise/aep- prefix or so. -oreg_url=rcm-img-docker01.build.eng.bos.redhat.com:5001/openshift3/ose-${component}:${version} +oreg_url=rcm-img-docker:5001/openshift3/ose-${component}:${version} # Pre-release additional repo -openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm-devops.usersys.redhat.com/puddle/build/AtomicOpenShift/3.1/2015-10-27.1', 'enabled': 1, 'gpgcheck': 0}] +openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://buildvm/puddle/build/AtomicOpenShift/3.1/2015-10-27.1', 'enabled': 1, 'gpgcheck': 0}] # host group for masters [masters] diff --git a/README_OSE.md b/README_OSE.md index 66fba33e5..fdb6a75b8 100644 --- a/README_OSE.md +++ b/README_OSE.md @@ -82,7 +82,7 @@ deployment_type=enterprise # Pre-release additional repo openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': -'http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterprise/3.0/latest/RH7-RHOSE-3.0/$basearch/os', +'http://buildvm/puddle/build/OpenShiftEnterprise/3.0/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}] # Origin copr repo -- cgit v1.2.3 From 76ea445e6480e72512e6ddb9916f05e4978f95c9 Mon Sep 17 00:00:00 2001 From: Matt Woodson Date: Mon, 11 Jan 2016 10:33:02 -0500 Subject: added the rhe7-host-monitoring service file --- .../templates/oso-rhel7-host-monitoring.service.j2 | 74 ++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 diff --git a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 new file mode 100644 index 000000000..753cad69f --- /dev/null +++ b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 @@ -0,0 +1,74 @@ +# This is a systemd file to run this docker container under systemd. +# To make this work: +# * pull the image (probably from ops docker registry) +# * place this file in /etc/systemd/system without the .systemd extension +# * run the commands: +# systemctl daemon-reload +# systemctl enable oso-rhel7-host-monitoring +# systemctl start oso-rhel7-host-monitoring +# +# +[Unit] +Description=Openshift Host Monitoring Container +Requires=docker.service +After=docker.service + + +[Service] +Type=simple +TimeoutStartSec=5m +Environment=HOME=/etc/docker/ops +#Slice=container-small.slice + +# systemd syntax '=-' ignore errors from return codes. +ExecStartPre=-/usr/bin/docker kill "{{ osohm_host_monitoring }}" +ExecStartPre=-/usr/bin/docker rm "{{ osohm_host_monitoring }}" +ExecStartPre=-/usr/bin/docker pull "{{ osohm_docker_registry_url }}{{ osohm_host_monitoring }}" + +# mwoodson note 1-7-16: +# pcp recommends mounting /run in their Dockerfile +# /run conflicts with cron which also runs in this container. +# I am leaving /run out for now. the guys in #pcp said that they mounted /run +# to shared the pcp socket that is created in /run. We are not using this, +# as far as I know. +# This problem goes away with systemd being run in the containers and not using +# cron but using systemd timers +# -v /run:/run \ + +ExecStart=/usr/bin/docker run --name {{ osohm_host_monitoring }} \ + --privileged \ + --pid=host \ + --net=host \ + --ipc=host \ + -e ZAGG_URL={{ osohm_zagg_web_url }} \ + -e ZAGG_USER={{ osohm_default_zagg_server_user }} \ + -e ZAGG_PASSWORD={{ osohm_default_zagg_server_password }} \ + -e ZAGG_CLIENT_HOSTNAME={{ ec2_tag_Name }} \ + -e ZAGG_SSL_VERIFY={{ osohm_zagg_verify_ssl }} \ + -e OSO_CLUSTER_GROUP={{ cluster_group }} \ + -e OSO_CLUSTER_ID={{ oo_clusterid }} \ + -e OSO_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_host-type'] }} \ + -e OSO_SUB_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] }} \ + -v /etc/localtime:/etc/localtime \ + -v /sys:/sys:ro \ + -v /sys/fs/selinux \ + -v /var/lib/docker:/var/lib/docker:ro \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /var/run/openvswitch:/var/run/openvswitch \ +{% if hostvars[inventory_hostname]['ec2_tag_host-type'] == 'master' %} + -v /etc/openshift/master/admin.kubeconfig:/etc/openshift/master/admin.kubeconfig \ + -v /etc/openshift/master/master.etcd-client.crt:/etc/openshift/master/master.etcd-client.crt \ + -v /etc/openshift/master/master.etcd-client.key:/etc/openshift/master/master.etcd-client.key \ + -v /etc/openshift/master/master-config.yaml:/etc/openshift/master/master-config.yaml \ +{% endif %} + {{ osohm_docker_registry_url }}{{ osohm_host_monitoring }} + + +ExecReload=-/usr/bin/docker stop "{{ osohm_host_monitoring }}" +ExecReload=-/usr/bin/docker rm "{{ osohm_host_monitoring }}" +ExecStop=-/usr/bin/docker stop "{{ osohm_host_monitoring }}" +Restart=always +RestartSec=30 + +[Install] +WantedBy=default.target -- cgit v1.2.3