From b57392ddd54bbff225ba83dd5a5bf40ea99344a4 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Thu, 30 Apr 2015 17:04:15 -0400
Subject: Accomodate upstream configuration change

 - Master config and certificates are now in /etc/openshift/master
 - Node config is now in /etc/openshift/node
 - Several certificates have been renamed to accomodate a flattening of
   structure to accomodate secret storage
 - Add openshift_data_dir to ensure etcd and volumes are stored in
   /var/lib/openshift
 - Add openshift_generated_configs_dir
---
 playbooks/common/openshift-node/config.yml    |  2 +-
 roles/openshift_common/vars/main.yml          |  4 ----
 roles/openshift_master/tasks/main.yml         | 28 ++++++++++++++-------------
 roles/openshift_master/vars/main.yml          |  9 +++++----
 roles/openshift_node/tasks/main.yml           |  7 ++++---
 roles/openshift_register_nodes/tasks/main.yml | 14 ++++++++++----
 roles/openshift_register_nodes/vars/main.yml  | 13 +++++++------
 roles/openshift_sdn_master/tasks/main.yml     |  6 +++---
 roles/openshift_sdn_node/tasks/main.yml       |  4 ++--
 9 files changed, 47 insertions(+), 40 deletions(-)

diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 55abedfe7..feaeaab95 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -60,7 +60,7 @@
   - name: Create a tarball of the node config directories
     command: tar -czvf {{ sync_tmpdir }}/{{ item.openshift.common.hostname }}.tgz ./
     args:
-      chdir: "{{ openshift_cert_dir }}/node-{{ item.openshift.common.hostname }}"
+      chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
     with_items: openshift_nodes
     changed_when: False
 
diff --git a/roles/openshift_common/vars/main.yml b/roles/openshift_common/vars/main.yml
index 9f657a2c7..50816d319 100644
--- a/roles/openshift_common/vars/main.yml
+++ b/roles/openshift_common/vars/main.yml
@@ -5,7 +5,3 @@
 # chains with the public zone (or the zone associated with the correct
 # interfaces)
 os_firewall_use_firewalld: False
-
-openshift_cert_parent_dir: /var/lib/openshift
-openshift_cert_relative_dir: openshift.local.certificates
-openshift_cert_dir: "{{ openshift_cert_parent_dir }}/{{ openshift_cert_relative_dir }}"
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index ac96e2b48..f243825b2 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -36,14 +36,9 @@
   command: systemctl daemon-reload
   when: install_result | changed
 
-- name: Create certificate parent directory if it doesn't exist
-  file:
-    path: "{{ openshift_cert_parent_dir }}"
-    state: directory
-
 - name: Create config parent directory if it doesn't exist
   file:
-    path: "{{ openshift_master_config | dirname }}"
+    path: "{{ openshift_master_config_dir }}"
     state: directory
 
 # TODO: should probably use a template lookup for this
@@ -59,25 +54,32 @@
     oreg_url: "docker-registry.ops.rhcloud.com/openshift3_beta/ose-${component}:${version}"
   when: openshift.common.deployment_type == 'online' and oreg_url is not defined
 
+# TODO: Need to get a flag added for volumes path, i think it'll get put in
 - name: Create master config
   command: >
-    /usr/bin/openshift start master --write-config
-    --config={{ openshift_master_config }}
+    /usr/bin/openshift start master
+    --write-config={{ openshift_master_config_dir }}
     --portal-net={{ openshift.master.portal_net }}
+    --etcd-dir={{ openshift_data_dir }}/openshift.local.etcd
     --master={{ openshift.master.api_url }}
     --public-master={{ openshift.master.public_api_url }}
     --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://0.0.0.0:{{ openshift.master.api_port }}
     {{ ('--images=' ~ oreg_url) if (oreg_url | default('', true) != '') else '' }}
     {{ ('--nodes=' ~ openshift_node_ips | join(',')) if (openshift_node_ips | default('', true) != '') else '' }}
   args:
-    chdir: "{{ openshift_cert_parent_dir }}"
-    creates: "{{ openshift_master_config }}"
+    chdir: "{{ openshift_master_config_dir }}"
+    creates: "{{ openshift_master_config_file }}"
 
 - name: Configure OpenShift settings
   lineinfile:
     dest: /etc/sysconfig/openshift-master
-    regexp: '^OPTIONS='
-    line: "OPTIONS=\"--config={{ openshift_master_config }} --loglevel={{ openshift.master.debug_level }}\""
+    regexp: "{{ item.regex }}"
+    line: "{{ item.line }}"
+  with_items:
+    - regex: '^OPTIONS='
+      line: "OPTIONS=--loglevel={{ openshift.master.debug_level }}"
+    - regex: '^CONFIG_FILE='
+      line: "CONFIG_FILE={{ openshift_master_config_file}}"
   notify:
   - restart openshift-master
 
@@ -98,7 +100,7 @@
 # TODO: Update this file if the contents of the source file are not present in
 # the dest file, will need to make sure to ignore things that could be added
 - name: Create the OpenShift client config(s)
-  command: cp {{ openshift_cert_dir }}/openshift-client/.kubeconfig ~{{ item }}/.config/openshift/.config
+  command: cp {{ openshift_master_config_dir }}/openshift-client.kubeconfig ~{{ item }}/.config/openshift/.config
   args:
     creates: ~{{ item }}/.config/openshift/.config
   with_items:
diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml
index c52d957ac..0739e2b44 100644
--- a/roles/openshift_master/vars/main.yml
+++ b/roles/openshift_master/vars/main.yml
@@ -1,5 +1,6 @@
 ---
-openshift_master_config: /etc/openshift/master.yaml
-openshift_master_ca_dir: "{{ openshift_cert_dir }}/ca"
-openshift_master_ca_cert: "{{ openshift_master_ca_dir }}/cert.crt"
-openshift_master_ca_key: "{{ openshift_master_ca_dir }}/key.key"
+openshift_data_dir: /var/lib/openshift
+openshift_master_config_dir: /etc/openshift/master
+openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml"
+openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
+openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 8af41b732..dc2b491aa 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 # TODO: allow for overriding default ports where possible
 # TODO: trigger the external service when restart is needed
+# TODO: work with upstream to fix naming of 'master-client.crt/master-client.key'
 
 - name: Set node OpenShift facts
   openshift_facts:
@@ -15,9 +16,9 @@
   with_items:
   - "{{ openshift_node_cert_dir }}"
   - "{{ openshift_node_cert_dir }}/ca.crt"
-  - "{{ openshift_node_cert_dir }}/client.crt"
-  - "{{ openshift_node_cert_dir }}/client.key"
-  - "{{ openshift_node_cert_dir }}/.kubeconfig"
+  - "{{ openshift_node_cert_dir }}/master-client.crt"
+  - "{{ openshift_node_cert_dir }}/master-client.key"
+  - "{{ openshift_node_cert_dir }}/node.kubeconfig"
   - "{{ openshift_node_cert_dir }}/node-config.yaml"
   - "{{ openshift_node_cert_dir }}/server.crt"
   - "{{ openshift_node_cert_dir }}/server.key"
diff --git a/roles/openshift_register_nodes/tasks/main.yml b/roles/openshift_register_nodes/tasks/main.yml
index dcb96bbf9..7a85f6624 100644
--- a/roles/openshift_register_nodes/tasks/main.yml
+++ b/roles/openshift_register_nodes/tasks/main.yml
@@ -16,10 +16,15 @@
     oreg_url: "docker-registry.ops.rhcloud.com/openshift3_beta/ose-${component}:${version}"
   when: openshift.common.deployment_type == 'online' and oreg_url is not defined
 
+- name: Create openshift_generated_configs_dir if it doesn't exist
+  file:
+    path: "{{ openshift_generated_configs_dir }}"
+    state: directory
+
 - name: Create node config
   command: >
     /usr/bin/openshift admin create-node-config
-      --node-dir={{ openshift_cert_dir }}/node-{{ item.openshift.common.hostname }}
+      --node-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}
       --node={{ item.openshift.common.hostname }}
       --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname]|unique|join(",") }}
       --dns-domain={{ openshift.dns.domain }}
@@ -28,13 +33,14 @@
       --signer-key={{ openshift_master_ca_key }}
       --signer-cert={{ openshift_master_ca_cert }}
       --certificate-authority={{ openshift_master_ca_cert }}
-      --signer-serial={{ openshift_master_ca_dir }}/serial.txt
+      --signer-serial={{ openshift_master_ca_serial }}
       --node-client-certificate-authority={{ openshift_master_ca_cert }}
       {{ ('--images=' ~ oreg_url) if oreg_url is defined else '' }}
       --listen=https://0.0.0.0:10250
+      --volume-dir={{ openshift_data_dir }}/openshift.local.volumes
   args:
-    chdir: "{{ openshift_cert_parent_dir }}"
-    creates: "{{ openshift_cert_dir }}/node-{{ item.openshift.common.hostname }}"
+    chdir: "{{ openshift_generated_configs_dir }}"
+    creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
   with_items: openshift_nodes
 
 - name: Register unregistered nodes
diff --git a/roles/openshift_register_nodes/vars/main.yml b/roles/openshift_register_nodes/vars/main.yml
index bd497f08f..ebc0a0ef4 100644
--- a/roles/openshift_register_nodes/vars/main.yml
+++ b/roles/openshift_register_nodes/vars/main.yml
@@ -1,7 +1,8 @@
 ---
-openshift_cert_parent_dir: /var/lib/openshift
-openshift_cert_relative_dir: openshift.local.certificates
-openshift_cert_dir: "{{ openshift_cert_parent_dir }}/{{ openshift_cert_relative_dir }}"
-openshift_master_ca_dir: "{{ openshift_cert_dir }}/ca"
-openshift_master_ca_cert: "{{ openshift_master_ca_dir }}/cert.crt"
-openshift_master_ca_key: "{{ openshift_master_ca_dir }}/key.key"
+openshift_node_config_dir: /etc/openshift/node
+openshift_master_config_dir: /etc/openshift/master
+openshift_generated_configs_dir: /etc/openshift/generated-configs
+openshift_data_dir: /var/lib/openshift
+openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
+openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
+openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
diff --git a/roles/openshift_sdn_master/tasks/main.yml b/roles/openshift_sdn_master/tasks/main.yml
index 77e7a80ba..e64199b74 100644
--- a/roles/openshift_sdn_master/tasks/main.yml
+++ b/roles/openshift_sdn_master/tasks/main.yml
@@ -24,9 +24,9 @@
     dest: /etc/sysconfig/openshift-sdn-master
     regexp: '^OPTIONS='
     line: "OPTIONS=\"-v={{ openshift.master_sdn.debug_level }} -etcd-endpoints={{ openshift_sdn_master_url}}
-      -etcd-cafile={{ openshift_cert_dir }}/ca/ca.crt
-      -etcd-certfile={{ openshift_cert_dir }}/openshift-client/cert.crt
-      -etcd-keyfile={{ openshift_cert_dir }}/openshift-client/key.key\""
+      -etcd-cafile={{ openshift_master_config_dir }}/ca.crt
+      -etcd-certfile={{ openshift_master_config_dir }}/master.etcd-client.crt
+      -etcd-keyfile={{ openshift_master_config_dir }}/master.etcd-client.key\""
   notify:
   - restart openshift-sdn-master
 
diff --git a/roles/openshift_sdn_node/tasks/main.yml b/roles/openshift_sdn_node/tasks/main.yml
index 37a30d019..591839056 100644
--- a/roles/openshift_sdn_node/tasks/main.yml
+++ b/roles/openshift_sdn_node/tasks/main.yml
@@ -28,8 +28,8 @@
     - regex: '^(OPTIONS=)'
       line: '\1"-v={{ openshift.node_sdn.debug_level }} -hostname={{ openshift.common.hostname }}
         -etcd-cafile={{ openshift_node_cert_dir }}/ca.crt
-        -etcd-certfile={{ openshift_node_cert_dir }}/client.crt
-        -etcd-keyfile={{ openshift_node_cert_dir }}/client.key\"'
+        -etcd-certfile={{ openshift_node_cert_dir }}/master-client.crt
+        -etcd-keyfile={{ openshift_node_cert_dir }}/master-client.key\"'
     - regex: '^(MASTER_URL=)'
       line: '\1"{{ openshift_sdn_master_url }}"'
     - regex: '^(MINION_IP=)'
-- 
cgit v1.2.3