From 5a964c9cbd3c83d1dcfe50ce99e9dcd0a8120c9a Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 5 Jan 2016 16:10:32 -0500 Subject: Add ability to disable os_firewall --- roles/os_firewall/defaults/main.yml | 1 + roles/os_firewall/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/os_firewall/defaults/main.yml b/roles/os_firewall/defaults/main.yml index bcf1d9a34..e3176e611 100644 --- a/roles/os_firewall/defaults/main.yml +++ b/roles/os_firewall/defaults/main.yml @@ -1,2 +1,3 @@ --- +os_firewall_enabled: True os_firewall_use_firewalld: True diff --git a/roles/os_firewall/tasks/main.yml b/roles/os_firewall/tasks/main.yml index ad89ef97c..076e5e311 100644 --- a/roles/os_firewall/tasks/main.yml +++ b/roles/os_firewall/tasks/main.yml @@ -1,6 +1,6 @@ --- - include: firewall/firewalld.yml - when: os_firewall_use_firewalld + when: os_firewall_enabled | bool and os_firewall_use_firewalld | bool - include: firewall/iptables.yml - when: not os_firewall_use_firewalld + when: os_firewall_enabled | bool and not os_firewall_use_firewalld | bool -- cgit v1.2.3 From 98e46eda537fae3a7547f8a1ab1337dd7229252e Mon Sep 17 00:00:00 2001 From: Diego Castro Date: Wed, 16 Dec 2015 10:40:44 -0300 Subject: Fix bind address/port when isn't default --- roles/openshift_master/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 3b46a0df4..61b416f93 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -244,7 +244,7 @@ line: "{{ item.line }}" with_items: - regex: '^OPTIONS=' - line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8443 --master=https://{{ openshift.common.ip }}:8443" + line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master=https://{{ openshift.common.ip }}:{{ openshift.master.api_port }}" - regex: '^CONFIG_FILE=' line: "CONFIG_FILE={{ openshift_master_config_file }}" when: openshift_master_ha | bool and openshift_master_cluster_method == "native" -- cgit v1.2.3 From 22eb2be9a1131279f1057912c36eba9591450dac Mon Sep 17 00:00:00 2001 From: Diego Castro Date: Thu, 17 Dec 2015 08:58:12 -0300 Subject: Controllers_port and firewall rules --- playbooks/common/openshift-master/config.yml | 1 + roles/openshift_facts/library/openshift_facts.py | 3 ++- roles/openshift_master/defaults/main.yml | 6 +++--- roles/openshift_master/tasks/main.yml | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 4ecdf2a0c..543583642 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -43,6 +43,7 @@ api_port: "{{ openshift_master_api_port | default(None) }}" api_url: "{{ openshift_master_api_url | default(None) }}" api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}" + controllers_port: "{{ openshift_master_controllers_port | default(None) }}" public_api_url: "{{ openshift_master_public_api_url | default(None) }}" cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 2a3d4acbd..a148c1362 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -463,6 +463,7 @@ def set_url_facts_if_unset(facts): if 'master' in facts: api_use_ssl = facts['master']['api_use_ssl'] api_port = facts['master']['api_port'] + controllers_port = facts['master']['controllers_port'] console_use_ssl = facts['master']['console_use_ssl'] console_port = facts['master']['console_port'] console_path = facts['master']['console_path'] @@ -1156,7 +1157,7 @@ class OpenShiftFacts(object): defaults['common'] = common if 'master' in roles: - master = dict(api_use_ssl=True, api_port='8443', + master = dict(api_use_ssl=True, api_port='8443', controllers_port='8444', console_use_ssl=True, console_path='/console', console_port='8443', etcd_use_ssl=True, etcd_hosts='', etcd_port='4001', portal_net='172.30.0.0/16', diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 9766d01ae..1f74d851a 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -6,7 +6,9 @@ os_firewall_allow: - service: etcd embedded port: 4001/tcp - service: api server https - port: 8443/tcp + port: "{{ openshift.master.api_port }}/tcp" +- service: api controllers https + port: "{{ openshift.master.controllers_port }}/tcp" - service: dns tcp port: 53/tcp - service: dns udp @@ -24,7 +26,5 @@ os_firewall_allow: os_firewall_deny: - service: api server http port: 8080/tcp -- service: former web console port - port: 8444/tcp - service: former etcd peer port port: 7001/tcp diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 61b416f93..d749bce8d 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -258,7 +258,7 @@ line: "{{ item.line }}" with_items: - regex: '^OPTIONS=' - line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://0.0.0.0:8444" + line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }}" - regex: '^CONFIG_FILE=' line: "CONFIG_FILE={{ openshift_master_config_file }}" when: openshift_master_ha | bool and openshift_master_cluster_method == "native" -- cgit v1.2.3 From bb68821ae9a65beee135cb6a3ddfbfbdd39d8b4a Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 12 Jan 2016 16:42:01 -0500 Subject: consolidate steps and cleanup template dir --- roles/openshift_master/tasks/main.yml | 92 ++++++++-------------- .../atomic-openshift-master-api.docker.service.j2 | 26 ------ .../templates/atomic-openshift-master-api.j2 | 9 --- .../atomic-openshift-master-api.service.j2 | 21 ----- ...-openshift-master-controllers.docker.service.j2 | 25 ------ .../atomic-openshift-master-controllers.j2 | 9 --- .../atomic-openshift-master-controllers.service.j2 | 26 ------ .../templates/atomic-openshift-master.j2 | 9 +++ .../docker-cluster/atomic-openshift-master-api.j2 | 1 + .../atomic-openshift-master-api.service.j2 | 26 ++++++ .../atomic-openshift-master-controllers.j2 | 1 + .../atomic-openshift-master-controllers.service.j2 | 25 ++++++ .../templates/docker/master.docker.service.j2 | 16 ++++ .../templates/master.docker.service.j2 | 16 ---- .../native-cluster/atomic-openshift-master-api.j2 | 9 +++ .../atomic-openshift-master-api.service.j2 | 21 +++++ .../atomic-openshift-master-controllers.j2 | 9 +++ .../atomic-openshift-master-controllers.service.j2 | 26 ++++++ roles/openshift_master/vars/main.yml | 3 + 19 files changed, 178 insertions(+), 192 deletions(-) delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-api.j2 delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-api.service.j2 delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-controllers.j2 delete mode 100644 roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 create mode 100644 roles/openshift_master/templates/atomic-openshift-master.j2 create mode 120000 roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.j2 create mode 100644 roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 create mode 120000 roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.j2 create mode 100644 roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 create mode 100644 roles/openshift_master/templates/docker/master.docker.service.j2 delete mode 100644 roles/openshift_master/templates/master.docker.service.j2 create mode 100644 roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 create mode 100644 roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 create mode 100644 roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 create mode 100644 roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index d749bce8d..80a605c43 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -94,12 +94,12 @@ - name: Install Master docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" - src: master.docker.service.j2 + src: docker/master.docker.service.j2 register: install_result when: openshift.common.is_containerized | bool and not openshift_master_ha | bool - + - name: Create openshift.common.data_dir - file: + file: path: "{{ openshift.common.data_dir }}" state: directory mode: 0755 @@ -174,31 +174,45 @@ when: openshift.common.is_containerized | bool # workaround for missing systemd unit files for controllers/api -- name: Create the api service file +- name: Create the systemd unit files template: - src: atomic-openshift-master-api{{ ha_suffix }}.service.j2 - dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-api.service" + src: "{{ ha_svc_template_path }}/atomic-openshift-master-{{ item }}.service.j2" + dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-{{ item }}.service" when: openshift_master_ha | bool and openshift_master_cluster_method == "native" -- name: Create the controllers service file - template: - src: atomic-openshift-master-controllers{{ ha_suffix }}.service.j2 - dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-controllers.service" - when: openshift_master_ha | bool and openshift_master_cluster_method == "native" -- name: Create the api env file + with_items: + - api + - controllers + register: create_unit_files + +- command: systemctl daemon-reload + when: create_unit_files | changed +# end workaround for missing systemd unit files + +- name: Create the master api service env file template: - src: atomic-openshift-master-api.j2 + src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2" dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api force: no when: openshift_master_ha | bool and openshift_master_cluster_method == "native" -- name: Create the controllers env file + notify: + - restart master api + +- name: Create the master controllers service env file template: - src: atomic-openshift-master-controllers.j2 + src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2" dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers force: no when: openshift_master_ha | bool and openshift_master_cluster_method == "native" -- command: systemctl daemon-reload - when: openshift_master_ha | bool and openshift_master_cluster_method == "native" -# end workaround for missing systemd unit files + notify: + - restart master controllers + +- name: Create the master service env file + template: + src: "atomic-openshift-master.j2" + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master + force: no + notify: + - restart master - name: Create session secrets file template: @@ -223,48 +237,6 @@ - restart master api - restart master controllers -- name: Configure master settings - lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master - regexp: "{{ item.regex }}" - line: "{{ item.line }}" - create: yes - with_items: - - regex: '^OPTIONS=' - line: "OPTIONS=--loglevel={{ openshift.master.debug_level }}" - - regex: '^CONFIG_FILE=' - line: "CONFIG_FILE={{ openshift_master_config_file }}" - notify: - - restart master - -- name: Configure master api settings - lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api - regexp: "{{ item.regex }}" - line: "{{ item.line }}" - with_items: - - regex: '^OPTIONS=' - line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master=https://{{ openshift.common.ip }}:{{ openshift.master.api_port }}" - - regex: '^CONFIG_FILE=' - line: "CONFIG_FILE={{ openshift_master_config_file }}" - when: openshift_master_ha | bool and openshift_master_cluster_method == "native" - notify: - - restart master api - -- name: Configure master controller settings - lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers - regexp: "{{ item.regex }}" - line: "{{ item.line }}" - with_items: - - regex: '^OPTIONS=' - line: "OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen=https://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }}" - - regex: '^CONFIG_FILE=' - line: "CONFIG_FILE={{ openshift_master_config_file }}" - when: openshift_master_ha | bool and openshift_master_cluster_method == "native" - notify: - - restart master controllers - - name: Start and enable master service: name={{ openshift.common.service_type }}-master enabled=yes state=started when: not openshift_master_ha | bool diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 deleted file mode 100644 index 936c39edf..000000000 --- a/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 +++ /dev/null @@ -1,26 +0,0 @@ -[Unit] -Description=Atomic OpenShift Master API -Documentation=https://github.com/openshift/origin -After=network.target -After=etcd.service -Before={{ openshift.common.service_type }}-node.service -Requires=network.target -Requires=docker.service -PartOf=docker.service - -[Service] -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -Environment=GOTRACEBACK=crash -ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master api --config=${CONFIG_FILE} $OPTIONS -ExecStartPost=/usr/bin/sleep 10 -ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api -LimitNOFILE=131072 -LimitCORE=infinity -WorkingDirectory={{ openshift.common.data_dir }} -SyslogIdentifier=atomic-openshift-master-api -Restart=always - -[Install] -WantedBy=multi-user.target -WantedBy={{ openshift.common.service_type }}-node.service \ No newline at end of file diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.j2 deleted file mode 100644 index 205934248..000000000 --- a/roles/openshift_master/templates/atomic-openshift-master-api.j2 +++ /dev/null @@ -1,9 +0,0 @@ -OPTIONS= -CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml - -# Proxy configuration -# Origin uses standard HTTP_PROXY environment variables. Be sure to set -# NO_PROXY for your master -#NO_PROXY=master.example.com -#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT -#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 deleted file mode 100644 index ba19fb348..000000000 --- a/roles/openshift_master/templates/atomic-openshift-master-api.service.j2 +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Atomic OpenShift Master API -Documentation=https://github.com/openshift/origin -After=network.target -After=etcd.service -Before={{ openshift.common.service_type }}-node.service -Requires=network.target - -[Service] -Type=notify -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS -LimitNOFILE=131072 -LimitCORE=infinity -WorkingDirectory={{ openshift.common.data_dir }} -SyslogIdentifier=atomic-openshift-master-api - -[Install] -WantedBy=multi-user.target -WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 deleted file mode 100644 index 6ba7d6e2a..000000000 --- a/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Atomic OpenShift Master Controllers -Documentation=https://github.com/openshift/origin -After=network.target -After={{ openshift.common.service_type }}-master-api.service -Before={{ openshift.common.service_type }}-node.service -Requires=docker.service -PartOf=docker.service - -[Service] -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -Environment=GOTRACEBACK=crash -ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master controllers --config=${CONFIG_FILE} $OPTIONS -ExecStartPost=/usr/bin/sleep 10 -ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers -LimitNOFILE=131072 -LimitCORE=infinity -WorkingDirectory={{ openshift.common.data_dir }} -SyslogIdentifier={{ openshift.common.service_type }}-master-controllers -Restart=on-failure - -[Install] -WantedBy=multi-user.target -WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 deleted file mode 100644 index 205934248..000000000 --- a/roles/openshift_master/templates/atomic-openshift-master-controllers.j2 +++ /dev/null @@ -1,9 +0,0 @@ -OPTIONS= -CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml - -# Proxy configuration -# Origin uses standard HTTP_PROXY environment variables. Be sure to set -# NO_PROXY for your master -#NO_PROXY=master.example.com -#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT -#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 deleted file mode 100644 index e6e97b24f..000000000 --- a/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 +++ /dev/null @@ -1,26 +0,0 @@ -[Unit] -Description=Atomic OpenShift Master Controllers -Documentation=https://github.com/openshift/origin -After=network.target -After={{ openshift.common.service_type }}-master-api.service -Before={{ openshift.common.service_type }}-node.service -Requires=network.target - -[Service] -{% if openshift.common.version_greater_than_3_1_1_or_1_1_1 | bool %} -Type=notify -{% else %} -Type=simple -{% endif %} -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS -LimitNOFILE=131072 -LimitCORE=infinity -WorkingDirectory={{ openshift.common.data_dir }} -SyslogIdentifier={{ openshift.common.service_type }}-master-controllers -Restart=on-failure - -[Install] -WantedBy=multi-user.target -WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 new file mode 100644 index 000000000..81bae5470 --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -0,0 +1,9 @@ +OPTIONS=--loglevel={{ openshift.master.debug_level }} +CONFIG_FILE={{ openshift_master_config_file }} + +# Proxy configuration +# Origin uses standard HTTP_PROXY environment variables. Be sure to set +# NO_PROXY for your master +#NO_PROXY=master.example.com +#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT +#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.j2 new file mode 120000 index 000000000..4bb7095ee --- /dev/null +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.j2 @@ -0,0 +1 @@ +../native-cluster/atomic-openshift-master-api.j2 \ No newline at end of file diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 new file mode 100644 index 000000000..a935b82f6 --- /dev/null +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 @@ -0,0 +1,26 @@ +[Unit] +Description=Atomic OpenShift Master API +Documentation=https://github.com/openshift/origin +After=network.target +After=etcd.service +Before={{ openshift.common.service_type }}-node.service +Requires=network.target +Requires=docker.service +PartOf=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api +Environment=GOTRACEBACK=crash +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master api --config=${CONFIG_FILE} $OPTIONS +ExecStartPost=/usr/bin/sleep 10 +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier=atomic-openshift-master-api +Restart=always + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.j2 new file mode 120000 index 000000000..8714ebbae --- /dev/null +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.j2 @@ -0,0 +1 @@ +../native-cluster/atomic-openshift-master-controllers.j2 \ No newline at end of file diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 new file mode 100644 index 000000000..6ba7d6e2a --- /dev/null +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 @@ -0,0 +1,25 @@ +[Unit] +Description=Atomic OpenShift Master Controllers +Documentation=https://github.com/openshift/origin +After=network.target +After={{ openshift.common.service_type }}-master-api.service +Before={{ openshift.common.service_type }}-node.service +Requires=docker.service +PartOf=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers +Environment=GOTRACEBACK=crash +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master controllers --config=${CONFIG_FILE} $OPTIONS +ExecStartPost=/usr/bin/sleep 10 +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier={{ openshift.common.service_type }}-master-controllers +Restart=on-failure + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/docker/master.docker.service.j2 b/roles/openshift_master/templates/docker/master.docker.service.j2 new file mode 100644 index 000000000..23781a313 --- /dev/null +++ b/roles/openshift_master/templates/docker/master.docker.service.j2 @@ -0,0 +1,16 @@ +[Unit] +After=docker.service +Before={{ openshift.common.service_type }}-node.service +Requires=docker.service +PartOf=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master --config=${CONFIG_FILE} $OPTIONS +ExecStartPost=/usr/bin/sleep 10 +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/roles/openshift_master/templates/master.docker.service.j2 b/roles/openshift_master/templates/master.docker.service.j2 deleted file mode 100644 index 23781a313..000000000 --- a/roles/openshift_master/templates/master.docker.service.j2 +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -After=docker.service -Before={{ openshift.common.service_type }}-node.service -Requires=docker.service -PartOf=docker.service - -[Service] -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master -ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master --config=${CONFIG_FILE} $OPTIONS -ExecStartPost=/usr/bin/sleep 10 -ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 new file mode 100644 index 000000000..6e5783f9d --- /dev/null +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -0,0 +1,9 @@ +OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master=https://{{ openshift.common.ip }}:{{ openshift.master.api_port }} +CONFIG_FILE={{ openshift_master_config_file }} + +# Proxy configuration +# Origin uses standard HTTP_PROXY environment variables. Be sure to set +# NO_PROXY for your master +#NO_PROXY=master.example.com +#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT +#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 new file mode 100644 index 000000000..ba19fb348 --- /dev/null +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 @@ -0,0 +1,21 @@ +[Unit] +Description=Atomic OpenShift Master API +Documentation=https://github.com/openshift/origin +After=network.target +After=etcd.service +Before={{ openshift.common.service_type }}-node.service +Requires=network.target + +[Service] +Type=notify +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier=atomic-openshift-master-api + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 new file mode 100644 index 000000000..cdc56eece --- /dev/null +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -0,0 +1,9 @@ +OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }} +CONFIG_FILE={{ openshift_master_config_file }} + +# Proxy configuration +# Origin uses standard HTTP_PROXY environment variables. Be sure to set +# NO_PROXY for your master +#NO_PROXY=master.example.com +#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT +#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 new file mode 100644 index 000000000..e6e97b24f --- /dev/null +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 @@ -0,0 +1,26 @@ +[Unit] +Description=Atomic OpenShift Master Controllers +Documentation=https://github.com/openshift/origin +After=network.target +After={{ openshift.common.service_type }}-master-api.service +Before={{ openshift.common.service_type }}-node.service +Requires=network.target + +[Service] +{% if openshift.common.version_greater_than_3_1_1_or_1_1_1 | bool %} +Type=notify +{% else %} +Type=simple +{% endif %} +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier={{ openshift.common.service_type }}-master-controllers +Restart=on-failure + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index 534465451..48b5940f9 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -6,6 +6,9 @@ openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/sessio openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" openshift_version: "{{ openshift_pkg_version | default('') }}" +ha_svc_template_path: "{{ 'docker-cluster' if openshift.common.is_containerized | bool else 'native-cluster' }}" +ha_svc_svc_dir: "{{ '/etc/systemd/system' if openshift.common.is_containerized | bool else '/usr/lib/systemd/system' }}" + openshift_master_valid_grant_methods: - auto - prompt -- cgit v1.2.3 From 57b7434b1e34c8bcdfbc2db7f1261d63bcf39128 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 12 Jan 2016 16:24:44 -0500 Subject: Use local address for loopback kubeconfig --- roles/openshift_facts/library/openshift_facts.py | 101 ++++++++++++--------- roles/openshift_master/tasks/main.yml | 34 ++++++- .../native-cluster/atomic-openshift-master-api.j2 | 2 +- roles/openshift_master/vars/main.yml | 2 + 4 files changed, 92 insertions(+), 47 deletions(-) diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index a148c1362..9096f7ebf 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -461,53 +461,68 @@ def set_url_facts_if_unset(facts): were not already present """ if 'master' in facts: - api_use_ssl = facts['master']['api_use_ssl'] - api_port = facts['master']['api_port'] - controllers_port = facts['master']['controllers_port'] - console_use_ssl = facts['master']['console_use_ssl'] - console_port = facts['master']['console_port'] - console_path = facts['master']['console_path'] - etcd_use_ssl = facts['master']['etcd_use_ssl'] - etcd_hosts = facts['master']['etcd_hosts'] - etcd_port = facts['master']['etcd_port'] hostname = facts['common']['hostname'] - public_hostname = facts['common']['public_hostname'] cluster_hostname = facts['master'].get('cluster_hostname') cluster_public_hostname = facts['master'].get('cluster_public_hostname') + public_hostname = facts['common']['public_hostname'] + api_hostname = cluster_hostname if cluster_hostname else hostname + api_public_hostname = cluster_public_hostname if cluster_public_hostname else public_hostname + console_path = facts['master']['console_path'] + etcd_hosts = facts['master']['etcd_hosts'] + + use_ssl = dict( + api=facts['master']['api_use_ssl'], + public_api=facts['master']['api_use_ssl'], + loopback_api=facts['master']['api_use_ssl'], + console=facts['master']['console_use_ssl'], + public_console=facts['master']['console_use_ssl'], + etcd=facts['master']['etcd_use_ssl'] + ) + + ports = dict( + api=facts['master']['api_port'], + public_api=facts['master']['api_port'], + loopback_api=facts['master']['api_port'], + console=facts['master']['console_port'], + public_console=facts['master']['console_port'], + etcd=facts['master']['etcd_port'], + ) + + etcd_urls = [] + if etcd_hosts != '': + facts['master']['etcd_port'] = ports['etcd'] + facts['master']['embedded_etcd'] = False + for host in etcd_hosts: + etcd_urls.append(format_url(use_ssl['etcd'], host, + ports['etcd'])) + else: + etcd_urls = [format_url(use_ssl['etcd'], hostname, + ports['etcd'])] + + facts['master'].setdefault('etcd_urls', etcd_urls) + + prefix_hosts = [('api', api_hostname), + ('public_api', api_public_hostname), + ('loopback_api', hostname)] + + for prefix, host in prefix_hosts: + facts['master'].setdefault(prefix + '_url', format_url(use_ssl[prefix], + host, + ports[prefix])) + + + r_lhn = "{0}:{1}".format(api_hostname, ports['api']).replace('.', '-') + facts['master'].setdefault('loopback_cluster_name', r_lhn) + facts['master'].setdefault('loopback_context_name', "default/{0}/system:openshift-master".format(r_lhn)) + facts['master'].setdefault('loopback_user', "system:openshift-master/{0}".format(r_lhn)) + + prefix_hosts = [('console', api_hostname), ('public_console', api_public_hostname)] + for prefix, host in prefix_hosts: + facts['master'].setdefault(prefix + '_url', format_url(use_ssl[prefix], + host, + ports[prefix], + console_path)) - if 'etcd_urls' not in facts['master']: - etcd_urls = [] - if etcd_hosts != '': - facts['master']['etcd_port'] = etcd_port - facts['master']['embedded_etcd'] = False - for host in etcd_hosts: - etcd_urls.append(format_url(etcd_use_ssl, host, - etcd_port)) - else: - etcd_urls = [format_url(etcd_use_ssl, hostname, - etcd_port)] - facts['master']['etcd_urls'] = etcd_urls - if 'api_url' not in facts['master']: - api_hostname = cluster_hostname if cluster_hostname else hostname - facts['master']['api_url'] = format_url(api_use_ssl, api_hostname, - api_port) - if 'public_api_url' not in facts['master']: - api_public_hostname = cluster_public_hostname if cluster_public_hostname else public_hostname - facts['master']['public_api_url'] = format_url(api_use_ssl, - api_public_hostname, - api_port) - if 'console_url' not in facts['master']: - console_hostname = cluster_hostname if cluster_hostname else hostname - facts['master']['console_url'] = format_url(console_use_ssl, - console_hostname, - console_port, - console_path) - if 'public_console_url' not in facts['master']: - console_public_hostname = cluster_public_hostname if cluster_public_hostname else public_hostname - facts['master']['public_console_url'] = format_url(console_use_ssl, - console_public_hostname, - console_port, - console_path) return facts def set_aggregate_facts(facts): diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 80a605c43..462a7ab58 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -192,7 +192,6 @@ template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2" dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api - force: no when: openshift_master_ha | bool and openshift_master_cluster_method == "native" notify: - restart master api @@ -201,7 +200,6 @@ template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2" dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers - force: no when: openshift_master_ha | bool and openshift_master_cluster_method == "native" notify: - restart master controllers @@ -210,7 +208,6 @@ template: src: "atomic-openshift-master.j2" dest: /etc/sysconfig/{{ openshift.common.service_type }}-master - force: no notify: - restart master @@ -237,6 +234,37 @@ - restart master api - restart master controllers +- name: Test local loopback context + command: > + {{ openshift.common.client_binary }} config view + --config={{ openshift_master_loopback_config }} + changed_when: false + register: loopback_config + +- command: > + {{ openshift.common.client_binary }} config set-cluster + --certificate-authority={{ openshift_master_config_dir }}/ca.crt + --embed-certs=true --server={{ openshift.master.loopback_api_url }} + {{ openshift.master.loopback_cluster_name }} + --config={{ openshift_master_loopback_config }} + when: loopback_context_string not in loopback_config.stdout + register: set_loopback_cluster + +- command: > + {{ openshift.common.client_binary }} config set-context + --cluster={{ openshift.master.loopback_cluster_name }} + --namespace=default --user={{ openshift.master.loopback_user }} + {{ openshift.master.loopback_context_name }} + --config={{ openshift_master_loopback_config }} + when: set_loopback_cluster | changed + register: set_loopback_context + +- command: > + {{ openshift.common.client_binary }} config use-context {{ openshift.master.loopback_context_name }} + --config={{ openshift_master_loopback_config }} + when: set_loopback_context | changed + register: set_current_context + - name: Start and enable master service: name={{ openshift.common.service_type }}-master enabled=yes state=started when: not openshift_master_ha | bool diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 6e5783f9d..c9aa15b41 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -1,4 +1,4 @@ -OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master=https://{{ openshift.common.ip }}:{{ openshift.master.api_port }} +OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }}:{{ openshift.master.api_port }} CONFIG_FILE={{ openshift_master_config_file }} # Proxy configuration diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index 48b5940f9..fe88c3c16 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -1,6 +1,8 @@ --- openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml" +openshift_master_loopback_config: "{{ openshift_master_config_dir }}/openshift-master.kubeconfig" +loopback_context_string: "current-context: {{ openshift.master.loopback_context_name }}" openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json" openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" -- cgit v1.2.3 From f97c972fb9848327e9d66678d81d296928deb520 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Thu, 14 Jan 2016 14:57:28 -0500 Subject: Fix hardcoded api_port in openshift_master_cluster --- roles/openshift_master_cluster/tasks/configure.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/openshift_master_cluster/tasks/configure.yml b/roles/openshift_master_cluster/tasks/configure.yml index 7ab9afb51..1b94598dd 100644 --- a/roles/openshift_master_cluster/tasks/configure.yml +++ b/roles/openshift_master_cluster/tasks/configure.yml @@ -34,11 +34,10 @@ - name: Disable stonith command: pcs property set stonith-enabled=false -# TODO: handle case where api port is not 8443 - name: Wait for the clustered master service to be available wait_for: host: "{{ openshift_master_cluster_vip }}" - port: 8443 + port: "{{ openshift.master.api_port }}" state: started timeout: 180 delay: 90 -- cgit v1.2.3 From 7d7de31659bb15e9690df082d4129c73c4c413cf Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 8 Jan 2016 12:28:35 -0500 Subject: Remove default disable of SDN for GCE - Update openshift_facts to no longer default use_openshift_sdn for GCE installs - Remove workarounds in the GCE playbooks that were forcing SDN configuration --- playbooks/gce/openshift-cluster/config.yml | 1 - playbooks/gce/openshift-cluster/join_node.yml | 2 -- playbooks/gce/openshift-cluster/vars.yml | 3 --- roles/openshift_facts/library/openshift_facts.py | 9 +-------- 4 files changed, 1 insertion(+), 14 deletions(-) diff --git a/playbooks/gce/openshift-cluster/config.yml b/playbooks/gce/openshift-cluster/config.yml index 3231ecc8e..84a3f84d4 100644 --- a/playbooks/gce/openshift-cluster/config.yml +++ b/playbooks/gce/openshift-cluster/config.yml @@ -13,4 +13,3 @@ openshift_debug_level: "{{ debug_level }}" openshift_deployment_type: "{{ deployment_type }}" openshift_hostname: "{{ gce_private_ip }}" - openshift_use_openshift_sdn: "{{ do_we_use_openshift_sdn }}" diff --git a/playbooks/gce/openshift-cluster/join_node.yml b/playbooks/gce/openshift-cluster/join_node.yml index acf5e5110..75343dffa 100644 --- a/playbooks/gce/openshift-cluster/join_node.yml +++ b/playbooks/gce/openshift-cluster/join_node.yml @@ -48,6 +48,4 @@ openshift_debug_level: 4 openshift_deployment_type: "{{ deployment_type }}" openshift_hostname: "{{ ansible_default_ipv4.address }}" - openshift_use_openshift_sdn: true openshift_node_labels: "{{ lookup('oo_option', 'openshift_node_labels') }} " - os_sdn_network_plugin_name: "redhat/openshift-ovs-subnet" diff --git a/playbooks/gce/openshift-cluster/vars.yml b/playbooks/gce/openshift-cluster/vars.yml index 7fb13c7a6..f004a9e6b 100644 --- a/playbooks/gce/openshift-cluster/vars.yml +++ b/playbooks/gce/openshift-cluster/vars.yml @@ -1,8 +1,5 @@ --- -do_we_use_openshift_sdn: true -sdn_network_plugin: redhat/openshift-ovs-subnet debug_level: 2 -# os_sdn_network_plugin_name can be ovssubnet or multitenant, see https://docs.openshift.org/latest/architecture/additional_concepts/sdn.html#ovssubnet-plugin-operation deployment_rhel7_ent_base: image: rhel-7 diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 2a3d4acbd..831d78b83 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -188,9 +188,6 @@ def normalize_gce_facts(metadata, facts): _, _, zone = metadata['instance']['zone'].rpartition('/') facts['zone'] = zone - # Default to no sdn for GCE deployments - facts['use_openshift_sdn'] = False - # GCE currently only supports a single interface facts['network']['ip'] = facts['network']['interfaces'][0]['ips'][0] pub_ip = facts['network']['interfaces'][0]['public_ips'][0] @@ -884,10 +881,6 @@ def apply_provider_facts(facts, provider_facts): if not provider_facts: return facts - use_openshift_sdn = provider_facts.get('use_openshift_sdn') - if isinstance(use_openshift_sdn, bool): - facts['common']['use_openshift_sdn'] = use_openshift_sdn - common_vars = [('hostname', 'ip'), ('public_hostname', 'public_ip')] for h_var, ip_var in common_vars: ip_value = provider_facts['network'].get(ip_var) @@ -1078,7 +1071,7 @@ class OpenShiftFacts(object): Raises: OpenShiftFactsUnsupportedRoleError: """ - known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'etcd', 'nfs'] + known_roles = ['common', 'master', 'node', 'etcd', 'nfs'] def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=False): self.changed = False -- cgit v1.2.3 From 01ba7f730b9af8a81f88a5b12fb8a7031e624829 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Tue, 19 Jan 2016 14:30:06 -0500 Subject: Fixing yaml validation in python. Inputs behave differently as does glob --- git/yaml_validate.py | 63 ----------------------------------------------- git/yaml_validation.py | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 63 deletions(-) delete mode 100755 git/yaml_validate.py create mode 100755 git/yaml_validation.py diff --git a/git/yaml_validate.py b/git/yaml_validate.py deleted file mode 100755 index 7e0a08a4b..000000000 --- a/git/yaml_validate.py +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/env python -# -# python yaml validator for a git commit -# -''' -python yaml validator for a git commit -''' -import shutil -import sys -import os -import glob -import tempfile -import subprocess -import yaml - -def get_changes(oldrev, newrev, tempdir): - '''Get a list of git changes from oldrev to newrev''' - proc = subprocess.Popen(['/usr/bin/git', 'diff', '--name-only', oldrev, - newrev, '--diff-filter=ACM'], stdout=subprocess.PIPE) - proc.wait() - files = proc.stdout.read().strip().split('\n') - - # No file changes - if not files: - return [] - - cmd = '/usr/bin/git archive %s %s | /bin/tar x -C %s' % (newrev, " ".join(files), tempdir) - proc = subprocess.Popen(cmd, shell=True) - proc.wait() - - return [fmod for fmod in glob.glob('%s/**/*' % tempdir) if not os.path.isdir(fmod)] - -def main(): - ''' - Perform yaml validation - ''' - results = [] - try: - tmpdir = tempfile.mkdtemp(prefix='jenkins-git-') - old, new, _ = sys.argv[1:] - - for file_mod in get_changes(old, new, tmpdir): - - print "+++++++ Received: %s" % file_mod - - if not file_mod.endswith('.yml') or not file_mod.endswith('.yaml'): - continue - - try: - yaml.load(file_mod) - results.append(True) - - except yaml.scanner.ScannerError as yerr: - print yerr.message - results.append(False) - finally: - shutil.rmtree(tmpdir) - - if not all(results): - sys.exit(1) - -if __name__ == "__main__": - main() diff --git a/git/yaml_validation.py b/git/yaml_validation.py new file mode 100755 index 000000000..aa909b584 --- /dev/null +++ b/git/yaml_validation.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python +# +# python yaml validator for a git commit +# +''' +python yaml validator for a git commit +''' +import shutil +import sys +import os +import tempfile +import subprocess +import yaml + +def get_changes(oldrev, newrev, tempdir): + '''Get a list of git changes from oldrev to newrev''' + proc = subprocess.Popen(['/usr/bin/git', 'diff', '--name-only', oldrev, + newrev, '--diff-filter=ACM'], stdout=subprocess.PIPE) + stdout, _ = proc.communicate() + files = stdout.split('\n') + + # No file changes + if not files: + return [] + + cmd = '/usr/bin/git archive %s %s | /bin/tar x -C %s' % (newrev, " ".join(files), tempdir) + proc = subprocess.Popen(cmd, shell=True) + _, _ = proc.communicate() + + rfiles = [] + for dirpath, _, fnames in os.walk(tempdir): + for fname in fnames: + rfiles.append(os.path.join(dirpath, fname)) + + return rfiles + +def main(): + ''' + Perform yaml validation + ''' + results = [] + try: + tmpdir = tempfile.mkdtemp(prefix='jenkins-git-') + old, new, _ = sys.argv[1:] + + for file_mod in get_changes(old, new, tmpdir): + + print "+++++++ Received: %s" % file_mod + + if not file_mod.endswith('.yml') or not file_mod.endswith('.yaml'): + continue + + try: + yaml.load(file_mod) + results.append(True) + + except yaml.scanner.ScannerError as yerr: + print yerr.message + results.append(False) + finally: + shutil.rmtree(tmpdir) + + if not all(results): + sys.exit(1) + +if __name__ == "__main__": + main() -- cgit v1.2.3 From 952858ca62acf92879662339353ab819f8e0e30d Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Tue, 19 Jan 2016 14:53:02 -0500 Subject: Fixed a logic bug and yaml load --- git/yaml_validation.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/git/yaml_validation.py b/git/yaml_validation.py index aa909b584..94b8b0435 100755 --- a/git/yaml_validation.py +++ b/git/yaml_validation.py @@ -47,15 +47,15 @@ def main(): print "+++++++ Received: %s" % file_mod - if not file_mod.endswith('.yml') or not file_mod.endswith('.yaml'): + if not file_mod.endswith('.yml') and not file_mod.endswith('.yaml'): continue try: - yaml.load(file_mod) + yaml.load(open(file_mod)) results.append(True) except yaml.scanner.ScannerError as yerr: - print yerr.message + print yerr results.append(False) finally: shutil.rmtree(tmpdir) @@ -65,3 +65,4 @@ def main(): if __name__ == "__main__": main() + -- cgit v1.2.3 From 3f9c84336fb3b1cfdfb0872af1cd6ed7c5daa2b2 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Tue, 19 Jan 2016 15:08:52 -0500 Subject: Removing ruby scripts and replacing with python. --- git/parent.rb | 45 ------------------------------- git/yaml_validation.rb | 72 -------------------------------------------------- 2 files changed, 117 deletions(-) delete mode 100755 git/parent.rb delete mode 100755 git/yaml_validation.rb diff --git a/git/parent.rb b/git/parent.rb deleted file mode 100755 index 2acb127c4..000000000 --- a/git/parent.rb +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env ruby -# -# -# - -if __FILE__ == $0 - # If we aren't on master we don't need to parent check - branch = 'prod' - exit(0) if ARGV[0] !~ /#{branch}/ - commit_id = ARGV[1] - %x[/usr/bin/git checkout #{branch}] - %x[/usr/bin/git merge #{commit_id}] - - count = 0 - #lines = %x[/usr/bin/git rev-list --left-right stg...master].split("\n") - lines = %x[/usr/bin/git rev-list --left-right remotes/origin/stg...#{branch}].split("\n") - lines.each do |commit| - # next if they are in stage - next if commit =~ /^' - commit = commit[1..-1] - # check if any remote branches contain $commit - results = %x[/usr/bin/git branch -q -r --contains #{commit} 2>/dev/null ] - # if this comes back empty, nothing contains it, we can skip it as - # we have probably created the merge commit here locally - next if results.empty? - - # The results generally contain origin/pr/246/merge and origin/pr/246/head - # this is the pull request which would contain the commit in question. - # - # If the results do not contain origin/stg then stage does not contain - # the commit in question. Therefore we need to alert! - unless results =~ /origin\/stg/ - puts "\nFAILED: (These commits are not in stage.)\n" - puts "\t#{commit}" - count += 1 - end - end - - # Exit with count of commits in #{branch} but not stg - exit(count) -end - -__END__ - diff --git a/git/yaml_validation.rb b/git/yaml_validation.rb deleted file mode 100755 index f5ded7a78..000000000 --- a/git/yaml_validation.rb +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/env ruby -# -# -# -require 'yaml' -require 'tmpdir' - -class YamlValidate - def self.yaml_file?(filename) - return filename.end_with?('.yaml') || filename.end_with?('.yml') - end - - def self.short_yaml_ext?(filename) - return filename.end_with?(".yml") - end - - def self.valid_yaml?(filename) - YAML::load_file(filename) - - return true - end -end - -class GitCommit - attr_accessor :oldrev, :newrev, :refname, :tmp - def initialize(oldrev, newrev, refname) - @oldrev = oldrev - @newrev = newrev - @refname = refname - @tmp = Dir.mktmpdir(@newrev) - end - - def get_file_changes() - files = %x[/usr/bin/git diff --name-only #{@oldrev} #{@newrev} --diff-filter=ACM].split("\n") - - # if files is empty we will get a full checkout. This happens on - # a git rm file. If there are no changes then we need to skip the archive - return [] if files.empty? - - # We only want to take the files that changed. Archive will do that when passed - # the filenames. It will export these to a tmp dir - system("/usr/bin/git archive #{@newrev} #{files.join(" ")} | tar x -C #{@tmp}") - return Dir.glob("#{@tmp}/**/*").delete_if { |file| File.directory?(file) } - end -end - -if __FILE__ == $0 - while data = STDIN.gets - oldrev, newrev, refname = data.split - gc = GitCommit.new(oldrev, newrev, refname) - - results = [] - gc.get_file_changes().each do |file| - begin - puts "++++++ Received: #{file}" - - #raise "Yaml file extensions must be .yaml not .yml" if YamlValidate.short_yaml_ext? file - - # skip readme, other files, etc - next unless YamlValidate.yaml_file?(file) - - results << YamlValidate.valid_yaml?(file) - rescue Exception => ex - puts "\n#{ex.message}\n\n" - results << false - end - end - - #puts "RESULTS\n#{results.inspect}\n" - exit 1 if results.include?(false) - end -end -- cgit v1.2.3 From e3a406f47cb32bb9fb858ac56cb63951a3573742 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 19 Jan 2016 16:32:54 -0500 Subject: Fix wrapper pathing for non-root user install. --- roles/openshift_facts/library/openshift_facts.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 831d78b83..8216be7b2 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1031,6 +1031,10 @@ def set_container_facts_if_unset(facts): if 'ovs_image' not in facts['node']: facts['node']['ovs_image'] = ovs_image + if facts['common']['is_containerized']: + facts['common']['admin_binary'] = '/usr/local/bin/oadm' + facts['common']['client_binary'] = '/usr/local/bin/oc' + return facts -- cgit v1.2.3 From 24c97766aed6286e1c3636db1deae576a343d351 Mon Sep 17 00:00:00 2001 From: Jeremiah Stuever Date: Tue, 19 Jan 2016 21:00:32 -0500 Subject: Enable kubernetes master config of podEvictionTimeout from ansible --- inventory/byo/hosts.aep.example | 3 +++ inventory/byo/hosts.origin.example | 3 +++ inventory/byo/hosts.ose.example | 3 +++ roles/openshift_master/tasks/main.yml | 1 + roles/openshift_master/templates/master.yaml.v1.j2 | 2 +- 5 files changed, 11 insertions(+), 1 deletion(-) diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index a92b8e0fc..fd23dddb1 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -117,6 +117,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # default project node selector #osm_default_node_selector='region=primary' +# Override the default pod eviction timeout +#openshift_master_pod_eviction_timeout=5m + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs'] diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index c8a9918ac..5dbe77305 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -122,6 +122,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # default project node selector #osm_default_node_selector='region=primary' +# Override the default pod eviction timeout +#openshift_master_pod_eviction_timeout=5m + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs'] diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 2619c2416..a567321b7 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -117,6 +117,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # default project node selector #osm_default_node_selector='region=primary' +# Override the default pod eviction timeout +#openshift_master_pod_eviction_timeout=5m + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs'] diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 44e7e3178..bc5269b3d 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -51,6 +51,7 @@ embedded_dns: "{{ openshift_master_embedded_dns | default(None) }}" dns_port: "{{ openshift_master_dns_port | default(None) }}" bind_addr: "{{ openshift_master_bind_addr | default(None) }}" + pod_eviction_timeout: "{{ openshift_master_pod_eviction_timeout | default(None) }}" portal_net: "{{ openshift_master_portal_net | default(None) }}" session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}" session_name: "{{ openshift_master_session_name | default(None) }}" diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index dfcaf1953..768ebb2b3 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -91,7 +91,7 @@ kubernetesMasterConfig: controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }} masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }} masterIP: {{ openshift.common.ip }} - podEvictionTimeout: "" + podEvictionTimeout: {{ openshift.master.pod_eviction_timeout | default("") }} proxyClientInfo: certFile: master.proxy-client.crt keyFile: master.proxy-client.key -- cgit v1.2.3 From 4030e9ae829db084d5182b80d1d35b909ebe448a Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 20 Jan 2016 10:55:39 -0500 Subject: Fix native master api sysconfig. --- .../templates/native-cluster/atomic-openshift-master-api.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index c9aa15b41..48bfa5f04 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -1,4 +1,4 @@ -OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }}:{{ openshift.master.api_port }} +OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }} CONFIG_FILE={{ openshift_master_config_file }} # Proxy configuration -- cgit v1.2.3 From 670fc1cff44bd0ad82c0dd2748c5c028f0f304ed Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 20 Jan 2016 11:14:26 -0500 Subject: Use haproxy frontend port for os_firewall. --- playbooks/common/openshift-master/config.yml | 1 + roles/haproxy/defaults/main.yml | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 296176e49..9f8443599 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -219,6 +219,7 @@ hosts: oo_lb_to_config vars: sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" + haproxy_frontend_port: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_port }}" haproxy_frontends: - name: atomic-openshift-api mode: tcp diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml index 7ba5bd485..937d94209 100644 --- a/roles/haproxy/defaults/main.yml +++ b/roles/haproxy/defaults/main.yml @@ -1,4 +1,6 @@ --- +haproxy_frontend_port: 80 + haproxy_frontends: - name: main binds: @@ -18,4 +20,4 @@ os_firewall_allow: - service: haproxy stats port: "9000/tcp" - service: haproxy balance - port: "8443/tcp" + port: "{{ haproxy_frontend_port }}/tcp" -- cgit v1.2.3 From da807dddde807754fb535facebf63608f7d466e9 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 20 Jan 2016 13:56:37 -0500 Subject: Check master certificates during upgrade. --- .../upgrades/v3_0_to_v3_1/upgrade.yml | 30 +++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 68df2153d..2a4eecad9 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -248,7 +248,31 @@ config_base: "{{ hostvars[inventory_hostname].openshift.common.config_base }}" - set_fact: - master_certs_missing: True + openshift_master_certs_no_etcd: + - admin.crt + - master.kubelet-client.crt + - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}" + - master.server.crt + - openshift-master.crt + - openshift-registry.crt + - openshift-router.crt + - etcd.server.crt + openshift_master_certs_etcd: + - master.etcd-client.crt + + - set_fact: + openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd)) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else openshift_master_certs_no_etcd }}" + + - name: Check status of master certificates + stat: + path: "{{ openshift.common.config_base }}/master/{{ item }}" + with_items: openshift_master_certs + register: g_master_cert_stat_result + + - set_fact: + master_certs_missing: "{{ False in (g_master_cert_stat_result.results + | oo_collect(attribute='stat.exists') + | list ) }}" master_cert_subdir: master-{{ openshift.common.hostname }} master_cert_config_dir: "{{ openshift.common.config_base }}/master" @@ -262,8 +286,8 @@ | oo_flatten | unique }}" master_generated_certs_dir: "{{ openshift.common.config_base }}/generated-configs" masters_needing_certs: "{{ hostvars - | oo_select_keys(groups.oo_masters_to_config) - | difference([groups.oo_first_master.0]) }}" + | oo_select_keys(groups['oo_masters_to_config'] | difference(groups['oo_first_master'])) + | oo_filter_list(filter_attr='master_certs_missing') }}" sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}" openshift_deployment_type: "{{ deployment_type }}" roles: -- cgit v1.2.3 From d59f6d9a9890187090b51bc675496f98a09c2dac Mon Sep 17 00:00:00 2001 From: Matt Woodson Date: Wed, 20 Jan 2016 14:56:01 -0500 Subject: oso_host_monitoring: added environment as a var to the host monitoring systemd script --- roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 index 753cad69f..31f7d4caa 100644 --- a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 +++ b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 @@ -47,6 +47,7 @@ ExecStart=/usr/bin/docker run --name {{ osohm_host_monitoring }} -e ZAGG_SSL_VERIFY={{ osohm_zagg_verify_ssl }} \ -e OSO_CLUSTER_GROUP={{ cluster_group }} \ -e OSO_CLUSTER_ID={{ oo_clusterid }} \ + -e OSO_ENVIRONMENT={{ oo_environment }} \ -e OSO_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_host-type'] }} \ -e OSO_SUB_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] }} \ -v /etc/localtime:/etc/localtime \ -- cgit v1.2.3