From e0090381732d43de74715b9d41480b3c43391783 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Fri, 24 Feb 2017 16:46:06 -0500 Subject: Adding support for a route with certs and reencrypt. --- roles/lib_openshift/library/oc_route.py | 8 +++++- roles/lib_openshift/src/class/oc_route.py | 8 +++++- roles/openshift_hosted/tasks/registry/registry.yml | 4 +++ roles/openshift_hosted/tasks/registry/secure.yml | 32 +++++++++++++++++++++- 4 files changed, 49 insertions(+), 3 deletions(-) diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py index 9d95fcdbb..e40e21e8f 100644 --- a/roles/lib_openshift/library/oc_route.py +++ b/roles/lib_openshift/library/oc_route.py @@ -1594,7 +1594,13 @@ class OCRoute(OpenShiftCLI): def update(self): '''update the object''' - # need to update the tls information and the service name + # when the host attribute is being updated, we need to delete and recreate + if self.config.host != self.route.host: + import time + self.delete() + time.sleep(3) + return self.create() + return self._replace_content(self.kind, self.config.name, self.config.data) def needs_update(self): diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py index 448457292..122cc5fe9 100644 --- a/roles/lib_openshift/src/class/oc_route.py +++ b/roles/lib_openshift/src/class/oc_route.py @@ -55,7 +55,13 @@ class OCRoute(OpenShiftCLI): def update(self): '''update the object''' - # need to update the tls information and the service name + # when the host attribute is being updated, we need to delete and recreate + if self.config.host != self.route.host: + import time + self.delete() + time.sleep(3) + return self.create() + return self._replace_content(self.kind, self.config.name, self.config.data) def needs_update(self): diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index 2369c4e2e..f9441dd57 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -40,6 +40,9 @@ openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}" openshift_hosted_registry_volumes: [] openshift_hosted_registry_env_vars: {} + openshift_hosted_registry_route_certificates: "{{ openshift.hosted.registry.route.certificates | default(false) }}" + openshift_hosted_registry_route_host: "{{ openshift.hosted.registry.route.host | default(false) }}" + openshift_hosted_registry_route_termination: "{{ openshift.hosted.registry.route.termination | default('passthrough') }}" openshift_hosted_registry_edits: # These edits are being specified only to prevent 'changed' on rerun - key: spec.strategy.rollingParams @@ -89,6 +92,7 @@ - name: Create OpenShift registry oc_adm_registry: +#debug: True name: "{{ openshift_hosted_registry_name }}" namespace: "{{ openshift_hosted_registry_namespace }}" selector: "{{ openshift_hosted_registry_selector }}" diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index e70d377c6..244979f2e 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -2,14 +2,43 @@ - name: Set fact docker_registry_route_hostname set_fact: docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" + run_once: true + +#- name: Create passthrough route for docker-registry +# oc_route: +# name: docker-registry +# namespace: "{{ openshift_hosted_registry_namespace }}" +# service_name: docker-registry +# tls_termination: passthrough +# host: "{{ docker_registry_route_hostname }}" +# run_once: true +- name: Get the certificate contents for registry + local_action: + module: slurp + src: "{{ item }}" + register: openshift_hosted_registry_certificate_content + with_items: + - "{{ (openshift_hosted_registry_route_certificates | default({'certfile':none})).certfile }}" + - "{{ (openshift_hosted_registry_route_certificates | default({'keyfile':none})).keyfile }}" + - "{{ (openshift_hosted_registry_route_certificates | default({'cafile':none})).cafile }}" + when: openshift_hosted_registry_route_certificates + +- debug: var=openshift_hosted_registry_certificate_content + when: openshift_hosted_registry_route_certificates - name: Create passthrough route for docker-registry oc_route: name: docker-registry namespace: "{{ openshift_hosted_registry_namespace }}" service_name: docker-registry - tls_termination: passthrough host: "{{ docker_registry_route_hostname }}" + tls_termination: "{{ openshift_hosted_registry_route_termination }}" + host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}" + cert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content,omit) }}" + key_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}" + cacert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}" + dest_cacert_path: "{{ openshift_hosted_registry_certificate_content is defined | ternary('/etc/origin/master/ca.crt', omit) }}" + run_once: true - name: Retrieve registry service IP oc_service: @@ -17,6 +46,7 @@ name: docker-registry state: list register: docker_registry_service_ip + run_once: true - name: Create registry certificates oc_adm_ca_server_cert: -- cgit v1.2.3 From 74e890482f2be933634286f8b4cf488287cf6d39 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Mon, 27 Feb 2017 19:01:32 -0500 Subject: Modified base debug statements. Fixed oc_secret debug/verbose flag. Added reencrypt for route. --- roles/lib_openshift/library/oadm_manage_node.py | 4 ++-- .../lib_openshift/library/oc_adm_ca_server_cert.py | 4 ++-- roles/lib_openshift/library/oc_adm_registry.py | 14 ++++++++++--- roles/lib_openshift/library/oc_adm_router.py | 9 ++++++-- roles/lib_openshift/library/oc_edit.py | 4 ++-- roles/lib_openshift/library/oc_env.py | 4 ++-- roles/lib_openshift/library/oc_label.py | 4 ++-- roles/lib_openshift/library/oc_obj.py | 4 ++-- roles/lib_openshift/library/oc_process.py | 4 ++-- roles/lib_openshift/library/oc_route.py | 6 +++--- roles/lib_openshift/library/oc_scale.py | 4 ++-- roles/lib_openshift/library/oc_secret.py | 4 ++-- roles/lib_openshift/library/oc_service.py | 15 ++++++++++---- roles/lib_openshift/library/oc_serviceaccount.py | 4 ++-- .../library/oc_serviceaccount_secret.py | 4 ++-- roles/lib_openshift/library/oc_version.py | 4 ++-- roles/lib_openshift/src/class/oc_adm_registry.py | 5 ++++- roles/lib_openshift/src/class/oc_route.py | 2 +- roles/lib_openshift/src/class/oc_service.py | 6 ++++-- roles/lib_openshift/src/lib/base.py | 4 ++-- roles/lib_openshift/src/lib/service.py | 5 +++++ roles/openshift_hosted/tasks/registry/registry.yml | 1 - roles/openshift_hosted/tasks/registry/secure.yml | 24 ++++++++-------------- roles/openshift_hosted/tasks/router/router.yml | 3 --- 24 files changed, 80 insertions(+), 62 deletions(-) diff --git a/roles/lib_openshift/library/oadm_manage_node.py b/roles/lib_openshift/library/oadm_manage_node.py index 6a3543742..0c29c1b91 100644 --- a/roles/lib_openshift/library/oadm_manage_node.py +++ b/roles/lib_openshift/library/oadm_manage_node.py @@ -1283,8 +1283,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1304,8 +1304,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py index 5b1f417b8..9390ea7c1 100644 --- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py @@ -1291,8 +1291,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1312,8 +1312,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index e404f0e0e..a2c4515aa 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -1387,8 +1387,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1408,8 +1408,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) @@ -1985,6 +1985,7 @@ class Service(Yedit): port_path = "spec.ports" portal_ip = "spec.portalIP" cluster_ip = "spec.clusterIP" + selector_path = 'spec.selector' kind = 'Service' def __init__(self, content): @@ -1995,6 +1996,10 @@ class Service(Yedit): ''' get a list of ports ''' return self.get(Service.port_path) or [] + def get_selector(self): + ''' get the service selector''' + return self.get(Service.selector_path) or {} + def add_ports(self, inc_ports): ''' add a port object to the ports list ''' if not isinstance(inc_ports, list): @@ -2243,7 +2248,7 @@ class Registry(OpenShiftCLI): if result['returncode'] == 0 and part['kind'] == 'dc': self.deploymentconfig = DeploymentConfig(result['results'][0]) elif result['returncode'] == 0 and part['kind'] == 'svc': - self.service = Yedit(content=result['results'][0]) + self.service = Service(result['results'][0]) if result['returncode'] != 0: rval = result['returncode'] @@ -2313,6 +2318,9 @@ class Registry(OpenShiftCLI): if self.portal_ip: service.put('spec.portalIP', self.portal_ip) + # the dry-run doesn't apply the selector correctly + service.put('spec.selector', self.service.get_selector()) + # need to create the service and the deploymentconfig service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict) deployment_file = Utils.create_tmp_file_from_contents('deploymentconfig', deploymentconfig.yaml_dict) diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py index 8bbe50ea3..344a339e4 100644 --- a/roles/lib_openshift/library/oc_adm_router.py +++ b/roles/lib_openshift/library/oc_adm_router.py @@ -1412,8 +1412,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1433,8 +1433,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) @@ -1558,6 +1558,7 @@ class Service(Yedit): port_path = "spec.ports" portal_ip = "spec.portalIP" cluster_ip = "spec.clusterIP" + selector_path = 'spec.selector' kind = 'Service' def __init__(self, content): @@ -1568,6 +1569,10 @@ class Service(Yedit): ''' get a list of ports ''' return self.get(Service.port_path) or [] + def get_selector(self): + ''' get the service selector''' + return self.get(Service.selector_path) or {} + def add_ports(self, inc_ports): ''' add a port object to the ports list ''' if not isinstance(inc_ports, list): diff --git a/roles/lib_openshift/library/oc_edit.py b/roles/lib_openshift/library/oc_edit.py index 36d9394e1..aec64202f 100644 --- a/roles/lib_openshift/library/oc_edit.py +++ b/roles/lib_openshift/library/oc_edit.py @@ -1311,8 +1311,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1332,8 +1332,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/library/oc_env.py b/roles/lib_openshift/library/oc_env.py index 65b2bf860..e164ecf95 100644 --- a/roles/lib_openshift/library/oc_env.py +++ b/roles/lib_openshift/library/oc_env.py @@ -1278,8 +1278,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1299,8 +1299,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/library/oc_label.py b/roles/lib_openshift/library/oc_label.py index ad2b5b5ed..fd6674d41 100644 --- a/roles/lib_openshift/library/oc_label.py +++ b/roles/lib_openshift/library/oc_label.py @@ -1287,8 +1287,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1308,8 +1308,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/library/oc_obj.py b/roles/lib_openshift/library/oc_obj.py index 68e882167..24397d725 100644 --- a/roles/lib_openshift/library/oc_obj.py +++ b/roles/lib_openshift/library/oc_obj.py @@ -1290,8 +1290,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1311,8 +1311,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/library/oc_process.py b/roles/lib_openshift/library/oc_process.py index bf4a08c52..0a4f2058a 100644 --- a/roles/lib_openshift/library/oc_process.py +++ b/roles/lib_openshift/library/oc_process.py @@ -1279,8 +1279,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1300,8 +1300,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py index e40e21e8f..741f608a2 100644 --- a/roles/lib_openshift/library/oc_route.py +++ b/roles/lib_openshift/library/oc_route.py @@ -1321,8 +1321,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1342,8 +1342,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) @@ -1595,7 +1595,7 @@ class OCRoute(OpenShiftCLI): def update(self): '''update the object''' # when the host attribute is being updated, we need to delete and recreate - if self.config.host != self.route.host: + if self.config.host != self.route.get_host(): import time self.delete() time.sleep(3) diff --git a/roles/lib_openshift/library/oc_scale.py b/roles/lib_openshift/library/oc_scale.py index 17e2d87c3..0c2d86a18 100644 --- a/roles/lib_openshift/library/oc_scale.py +++ b/roles/lib_openshift/library/oc_scale.py @@ -1265,8 +1265,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1286,8 +1286,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py index bf1f788eb..b6dcd9fff 100644 --- a/roles/lib_openshift/library/oc_secret.py +++ b/roles/lib_openshift/library/oc_secret.py @@ -1311,8 +1311,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1332,8 +1332,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/library/oc_service.py b/roles/lib_openshift/library/oc_service.py index c789bbdac..83d0579a5 100644 --- a/roles/lib_openshift/library/oc_service.py +++ b/roles/lib_openshift/library/oc_service.py @@ -1317,8 +1317,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1338,8 +1338,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) @@ -1463,6 +1463,7 @@ class Service(Yedit): port_path = "spec.ports" portal_ip = "spec.portalIP" cluster_ip = "spec.clusterIP" + selector_path = 'spec.selector' kind = 'Service' def __init__(self, content): @@ -1473,6 +1474,10 @@ class Service(Yedit): ''' get a list of ports ''' return self.get(Service.port_path) or [] + def get_selector(self): + ''' get the service selector''' + return self.get(Service.selector_path) or {} + def add_ports(self, inc_ports): ''' add a port object to the ports list ''' if not isinstance(inc_ports, list): @@ -1546,7 +1551,7 @@ class OCService(OpenShiftCLI): kubeconfig='/etc/origin/master/admin.kubeconfig', verbose=False): ''' Constructor for OCVolume ''' - super(OCService, self).__init__(namespace, kubeconfig) + super(OCService, self).__init__(namespace, kubeconfig, verbose) self.namespace = namespace self.config = ServiceConfig(sname, namespace, ports, selector, labels, cluster_ip, portal_ip, session_affinity, service_type) @@ -1617,7 +1622,9 @@ class OCService(OpenShiftCLI): params['portalip'], params['ports'], params['session_affinity'], - params['service_type']) + params['service_type'], + params['kubeconfig'], + params['debug']) state = params['state'] diff --git a/roles/lib_openshift/library/oc_serviceaccount.py b/roles/lib_openshift/library/oc_serviceaccount.py index 2d485aec2..9b0a6e060 100644 --- a/roles/lib_openshift/library/oc_serviceaccount.py +++ b/roles/lib_openshift/library/oc_serviceaccount.py @@ -1263,8 +1263,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1284,8 +1284,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/library/oc_serviceaccount_secret.py b/roles/lib_openshift/library/oc_serviceaccount_secret.py index 0aa4d9017..413b8e358 100644 --- a/roles/lib_openshift/library/oc_serviceaccount_secret.py +++ b/roles/lib_openshift/library/oc_serviceaccount_secret.py @@ -1263,8 +1263,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1284,8 +1284,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/library/oc_version.py b/roles/lib_openshift/library/oc_version.py index 13b4504c7..1aae7a8ea 100644 --- a/roles/lib_openshift/library/oc_version.py +++ b/roles/lib_openshift/library/oc_version.py @@ -1235,8 +1235,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1256,8 +1256,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py index 35b417059..06de2ba12 100644 --- a/roles/lib_openshift/src/class/oc_adm_registry.py +++ b/roles/lib_openshift/src/class/oc_adm_registry.py @@ -109,7 +109,7 @@ class Registry(OpenShiftCLI): if result['returncode'] == 0 and part['kind'] == 'dc': self.deploymentconfig = DeploymentConfig(result['results'][0]) elif result['returncode'] == 0 and part['kind'] == 'svc': - self.service = Yedit(content=result['results'][0]) + self.service = Service(result['results'][0]) if result['returncode'] != 0: rval = result['returncode'] @@ -179,6 +179,9 @@ class Registry(OpenShiftCLI): if self.portal_ip: service.put('spec.portalIP', self.portal_ip) + # the dry-run doesn't apply the selector correctly + service.put('spec.selector', self.service.get_selector()) + # need to create the service and the deploymentconfig service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict) deployment_file = Utils.create_tmp_file_from_contents('deploymentconfig', deploymentconfig.yaml_dict) diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py index 122cc5fe9..33ffdcb66 100644 --- a/roles/lib_openshift/src/class/oc_route.py +++ b/roles/lib_openshift/src/class/oc_route.py @@ -56,7 +56,7 @@ class OCRoute(OpenShiftCLI): def update(self): '''update the object''' # when the host attribute is being updated, we need to delete and recreate - if self.config.host != self.route.host: + if self.config.host != self.route.get_host(): import time self.delete() time.sleep(3) diff --git a/roles/lib_openshift/src/class/oc_service.py b/roles/lib_openshift/src/class/oc_service.py index d4cc83a59..20cf23df5 100644 --- a/roles/lib_openshift/src/class/oc_service.py +++ b/roles/lib_openshift/src/class/oc_service.py @@ -22,7 +22,7 @@ class OCService(OpenShiftCLI): kubeconfig='/etc/origin/master/admin.kubeconfig', verbose=False): ''' Constructor for OCVolume ''' - super(OCService, self).__init__(namespace, kubeconfig) + super(OCService, self).__init__(namespace, kubeconfig, verbose) self.namespace = namespace self.config = ServiceConfig(sname, namespace, ports, selector, labels, cluster_ip, portal_ip, session_affinity, service_type) @@ -93,7 +93,9 @@ class OCService(OpenShiftCLI): params['portalip'], params['ports'], params['session_affinity'], - params['service_type']) + params['service_type'], + params['kubeconfig'], + params['debug']) state = params['state'] diff --git a/roles/lib_openshift/src/lib/base.py b/roles/lib_openshift/src/lib/base.py index 53b9f9947..d037074a5 100644 --- a/roles/lib_openshift/src/lib/base.py +++ b/roles/lib_openshift/src/lib/base.py @@ -523,8 +523,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -544,8 +544,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/src/lib/service.py b/roles/lib_openshift/src/lib/service.py index ffe27da47..eef568779 100644 --- a/roles/lib_openshift/src/lib/service.py +++ b/roles/lib_openshift/src/lib/service.py @@ -67,6 +67,7 @@ class Service(Yedit): port_path = "spec.ports" portal_ip = "spec.portalIP" cluster_ip = "spec.clusterIP" + selector_path = 'spec.selector' kind = 'Service' def __init__(self, content): @@ -77,6 +78,10 @@ class Service(Yedit): ''' get a list of ports ''' return self.get(Service.port_path) or [] + def get_selector(self): + ''' get the service selector''' + return self.get(Service.selector_path) or {} + def add_ports(self, inc_ports): ''' add a port object to the ports list ''' if not isinstance(inc_ports, list): diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index f9441dd57..5e9d5d06a 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -92,7 +92,6 @@ - name: Create OpenShift registry oc_adm_registry: -#debug: True name: "{{ openshift_hosted_registry_name }}" namespace: "{{ openshift_hosted_registry_namespace }}" selector: "{{ openshift_hosted_registry_selector }}" diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index 244979f2e..4692892f8 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -4,17 +4,10 @@ docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" run_once: true -#- name: Create passthrough route for docker-registry -# oc_route: -# name: docker-registry -# namespace: "{{ openshift_hosted_registry_namespace }}" -# service_name: docker-registry -# tls_termination: passthrough -# host: "{{ docker_registry_route_hostname }}" -# run_once: true - name: Get the certificate contents for registry - local_action: - module: slurp + copy: + backup: True + dest: "/etc/origin/master/named_certificates/{{ item | basename }}" src: "{{ item }}" register: openshift_hosted_registry_certificate_content with_items: @@ -23,8 +16,7 @@ - "{{ (openshift_hosted_registry_route_certificates | default({'cafile':none})).cafile }}" when: openshift_hosted_registry_route_certificates -- debug: var=openshift_hosted_registry_certificate_content - when: openshift_hosted_registry_route_certificates +- debug: var=openshift_hosted_registry_route_termination - name: Create passthrough route for docker-registry oc_route: @@ -34,10 +26,10 @@ host: "{{ docker_registry_route_hostname }}" tls_termination: "{{ openshift_hosted_registry_route_termination }}" host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}" - cert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content,omit) }}" - key_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}" - cacert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}" - dest_cacert_path: "{{ openshift_hosted_registry_certificate_content is defined | ternary('/etc/origin/master/ca.crt', omit) }}" + cert_path: "{{ ('certfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.certfile | basename), omit) }}" + key_path: "{{ ('keyfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.keyfile | basename), omit) }}" + cacert_path: "{{ ('cafile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.cafile | basename), omit) }}" + dest_cacert_path: "{{ (openshift_hosted_registry_route_termination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}" run_once: true - name: Retrieve registry service IP diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index 607ace7f9..71ceff93a 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -71,9 +71,6 @@ - key: spec.strategy.rollingParams.updatePeriodSeconds value: 1 action: put - - key: spec.strategy.activeDeadlineSeconds - value: 21600 - action: put register: routerout # This should probably move to module -- cgit v1.2.3 From 05cad0edaf365e5080b54d48ceb3f75396b78e4e Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Mon, 27 Feb 2017 19:28:26 -0500 Subject: Fixed logic error. Ensure both svc and dc exist. --- roles/lib_openshift/library/oc_adm_registry.py | 2 +- roles/lib_openshift/src/class/oc_adm_registry.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index a2c4515aa..338d25351 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -2259,7 +2259,7 @@ class Registry(OpenShiftCLI): def exists(self): '''does the object exist?''' self.get() - if self.deploymentconfig or self.service: + if self.deploymentconfig and self.service: return True return False diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py index 06de2ba12..92ebda235 100644 --- a/roles/lib_openshift/src/class/oc_adm_registry.py +++ b/roles/lib_openshift/src/class/oc_adm_registry.py @@ -120,7 +120,7 @@ class Registry(OpenShiftCLI): def exists(self): '''does the object exist?''' self.get() - if self.deploymentconfig or self.service: + if self.deploymentconfig and self.service: return True return False -- cgit v1.2.3 From eca2d2496bc35a77fccceda71d449bcde056841f Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Tue, 28 Feb 2017 09:49:39 -0500 Subject: Updating delete/recreate with replace --force. --- roles/lib_openshift/library/oc_route.py | 12 ++++-------- roles/lib_openshift/library/oc_sdnvalidator.py | 4 ++-- roles/lib_openshift/src/class/oc_route.py | 12 ++++-------- 3 files changed, 10 insertions(+), 18 deletions(-) diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py index 741f608a2..21e7e175b 100644 --- a/roles/lib_openshift/library/oc_route.py +++ b/roles/lib_openshift/library/oc_route.py @@ -1594,14 +1594,10 @@ class OCRoute(OpenShiftCLI): def update(self): '''update the object''' - # when the host attribute is being updated, we need to delete and recreate - if self.config.host != self.route.get_host(): - import time - self.delete() - time.sleep(3) - return self.create() - - return self._replace_content(self.kind, self.config.name, self.config.data) + return self._replace_content(self.kind, + self.config.name, + self.config.data, + force=(self.config.host != self.route.get_host())) def needs_update(self): ''' verify an update is needed ''' diff --git a/roles/lib_openshift/library/oc_sdnvalidator.py b/roles/lib_openshift/library/oc_sdnvalidator.py index 770be29d4..795b775f3 100644 --- a/roles/lib_openshift/library/oc_sdnvalidator.py +++ b/roles/lib_openshift/library/oc_sdnvalidator.py @@ -1222,8 +1222,8 @@ class Utils(object): elif value != user_def[key]: if debug: print('value should be identical') - print(value) print(user_def[key]) + print(value) return False # recurse on a dictionary @@ -1243,8 +1243,8 @@ class Utils(object): if api_values != user_values: if debug: print("keys are not equal in dict") - print(api_values) print(user_values) + print(api_values) return False result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py index 33ffdcb66..3935525f1 100644 --- a/roles/lib_openshift/src/class/oc_route.py +++ b/roles/lib_openshift/src/class/oc_route.py @@ -55,14 +55,10 @@ class OCRoute(OpenShiftCLI): def update(self): '''update the object''' - # when the host attribute is being updated, we need to delete and recreate - if self.config.host != self.route.get_host(): - import time - self.delete() - time.sleep(3) - return self.create() - - return self._replace_content(self.kind, self.config.name, self.config.data) + return self._replace_content(self.kind, + self.config.name, + self.config.data, + force=(self.config.host != self.route.get_host())) def needs_update(self): ''' verify an update is needed ''' -- cgit v1.2.3 From 2fe8c26ff7c2b6c26da83c4aec40bc64c4b67a9f Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Tue, 28 Feb 2017 17:35:41 -0500 Subject: Fixed failures on create when objects exist. --- roles/lib_openshift/library/oc_adm_registry.py | 39 ++++++---- roles/lib_openshift/library/oc_adm_router.py | 89 ++++++++++++++--------- roles/lib_openshift/src/class/oc_adm_registry.py | 39 ++++++---- roles/lib_openshift/src/class/oc_adm_router.py | 91 +++++++++++++++--------- 4 files changed, 163 insertions(+), 95 deletions(-) diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index 338d25351..b6b1f4a04 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -2335,8 +2335,20 @@ class Registry(OpenShiftCLI): def create(self): '''Create a registry''' results = [] - for config_file in ['deployment_file', 'service_file']: - results.append(self._create(self.prepared_registry[config_file])) + self.needs_update() + # if the object is none, then we need to create it + # if the object needs an update, then we should call replace + # Handle the deploymentconfig + if self.deploymentconfig is None: + results.append(self._create(self.prepared_registry['deployment_file'])) + elif self.prepared_registry['deployment_update']: + results.append(self._replace(self.prepared_registry['deployment_file'])) + + # Handle the service + if self.service is None: + results.append(self._create(self.prepared_registry['service_file'])) + elif self.prepared_registry['service_update']: + results.append(self._replace(self.prepared_registry['service_file'])) # Clean up returned results rval = 0 @@ -2348,7 +2360,7 @@ class Registry(OpenShiftCLI): return {'returncode': rval, 'results': results} def update(self): - '''run update for the registry. This performs a delete and then create ''' + '''run update for the registry. This performs a replace if required''' # Store the current service IP if self.service: svcip = self.service.get('spec.clusterIP') @@ -2422,14 +2434,12 @@ class Registry(OpenShiftCLI): def needs_update(self): ''' check to see if we need to update ''' - if not self.service or not self.deploymentconfig: - return True - exclude_list = ['clusterIP', 'portalIP', 'type', 'protocol'] - if not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict, - self.service.yaml_dict, - exclude_list, - debug=self.verbose): + if self.service is None or \ + not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict, + self.service.yaml_dict, + exclude_list, + debug=self.verbose): self.prepared_registry['service_update'] = True exclude_list = ['dnsPolicy', @@ -2445,10 +2455,11 @@ class Registry(OpenShiftCLI): 'activeDeadlineSeconds', # added in 1.5 for timeouts ] - if not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict, - self.deploymentconfig.yaml_dict, - exclude_list, - debug=self.verbose): + if self.deploymentconfig is None or \ + not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict, + self.deploymentconfig.yaml_dict, + exclude_list, + debug=self.verbose): self.prepared_registry['deployment_update'] = True return self.prepared_registry['deployment_update'] or self.prepared_registry['service_update'] or False diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py index 344a339e4..bb4ce5e70 100644 --- a/roles/lib_openshift/library/oc_adm_router.py +++ b/roles/lib_openshift/library/oc_adm_router.py @@ -2611,6 +2611,21 @@ class Router(OpenShiftCLI): ''' setter for property rolebinding ''' self._rolebinding = config + def get_object_by_kind(self, kind): + '''return the current object kind by name''' + if re.match("^(dc|deploymentconfig)$", kind, flags=re.IGNORECASE): + return self.deploymentconfig + elif re.match("^(svc|service)$", kind, flags=re.IGNORECASE): + return self.service + elif re.match("^(sa|serviceaccount)$", kind, flags=re.IGNORECASE): + return self.serviceaccount + elif re.match("secret", kind, flags=re.IGNORECASE): + return self.secret + elif re.match("clusterrolebinding", kind, flags=re.IGNORECASE): + return self.rolebinding + + return None + def get(self): ''' return the self.router_parts ''' self.service = None @@ -2761,13 +2776,19 @@ class Router(OpenShiftCLI): - clusterrolebinding ''' results = [] + self.needs_update() import time # pylint: disable=maybe-no-member - for _, oc_data in self.prepared_router.items(): + for kind, oc_data in self.prepared_router.items(): if oc_data['obj'] is not None: time.sleep(1) - results.append(self._create(oc_data['path'])) + if self.get_object_by_kind(kind) is None: + results.append(self._create(oc_data['path'])) + + elif oc_data['update']: + results.append(self._replace(oc_data['path'])) + rval = 0 for result in results: @@ -2795,17 +2816,15 @@ class Router(OpenShiftCLI): # pylint: disable=too-many-return-statements,too-many-branches def needs_update(self): ''' check to see if we need to update ''' - if not self.deploymentconfig or not self.service or not self.serviceaccount or not self.secret: - return True - # ServiceAccount: # Need to determine changes from the pregenerated ones from the original # Since these are auto generated, we can skip skip = ['secrets', 'imagePullSecrets'] - if not Utils.check_def_equal(self.prepared_router['ServiceAccount']['obj'].yaml_dict, - self.serviceaccount.yaml_dict, - skip_keys=skip, - debug=self.verbose): + if self.serviceaccount is None or \ + not Utils.check_def_equal(self.prepared_router['ServiceAccount']['obj'].yaml_dict, + self.serviceaccount.yaml_dict, + skip_keys=skip, + debug=self.verbose): self.prepared_router['ServiceAccount']['update'] = True # Secret: @@ -2814,10 +2833,11 @@ class Router(OpenShiftCLI): if not self.secret: self.prepared_router['Secret']['update'] = True - if not Utils.check_def_equal(self.prepared_router['Secret']['obj'].yaml_dict, - self.secret.yaml_dict, - skip_keys=skip, - debug=self.verbose): + if self.secret is None or \ + not Utils.check_def_equal(self.prepared_router['Secret']['obj'].yaml_dict, + self.secret.yaml_dict, + skip_keys=skip, + debug=self.verbose): self.prepared_router['Secret']['update'] = True # Service: @@ -2826,28 +2846,30 @@ class Router(OpenShiftCLI): port['protocol'] = 'TCP' skip = ['portalIP', 'clusterIP', 'sessionAffinity', 'type'] - if not Utils.check_def_equal(self.prepared_router['Service']['obj'].yaml_dict, - self.service.yaml_dict, - skip_keys=skip, - debug=self.verbose): + if self.service is None or \ + not Utils.check_def_equal(self.prepared_router['Service']['obj'].yaml_dict, + self.service.yaml_dict, + skip_keys=skip, + debug=self.verbose): self.prepared_router['Service']['update'] = True # DeploymentConfig: # Router needs some exceptions. # We do not want to check the autogenerated password for stats admin - if not self.config.config_options['stats_password']['value']: - for idx, env_var in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\ - 'spec.template.spec.containers[0].env') or []): - if env_var['name'] == 'STATS_PASSWORD': - env_var['value'] = \ - self.deploymentconfig.get('spec.template.spec.containers[0].env[%s].value' % idx) - break + if self.deploymentconfig is not None: + if not self.config.config_options['stats_password']['value']: + for idx, env_var in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\ + 'spec.template.spec.containers[0].env') or []): + if env_var['name'] == 'STATS_PASSWORD': + env_var['value'] = \ + self.deploymentconfig.get('spec.template.spec.containers[0].env[%s].value' % idx) + break - # dry-run doesn't add the protocol to the ports section. We will manually do that. - for idx, port in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\ - 'spec.template.spec.containers[0].ports') or []): - if not 'protocol' in port: - port['protocol'] = 'TCP' + # dry-run doesn't add the protocol to the ports section. We will manually do that. + for idx, port in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\ + 'spec.template.spec.containers[0].ports') or []): + if not 'protocol' in port: + port['protocol'] = 'TCP' # These are different when generating skip = ['dnsPolicy', @@ -2858,10 +2880,11 @@ class Router(OpenShiftCLI): 'defaultMode', ] - if not Utils.check_def_equal(self.prepared_router['DeploymentConfig']['obj'].yaml_dict, - self.deploymentconfig.yaml_dict, - skip_keys=skip, - debug=self.verbose): + if self.deploymentconfig is None or \ + not Utils.check_def_equal(self.prepared_router['DeploymentConfig']['obj'].yaml_dict, + self.deploymentconfig.yaml_dict, + skip_keys=skip, + debug=self.verbose): self.prepared_router['DeploymentConfig']['update'] = True # Check if any of the parts need updating, if so, return True diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py index 92ebda235..37904c43f 100644 --- a/roles/lib_openshift/src/class/oc_adm_registry.py +++ b/roles/lib_openshift/src/class/oc_adm_registry.py @@ -196,8 +196,20 @@ class Registry(OpenShiftCLI): def create(self): '''Create a registry''' results = [] - for config_file in ['deployment_file', 'service_file']: - results.append(self._create(self.prepared_registry[config_file])) + self.needs_update() + # if the object is none, then we need to create it + # if the object needs an update, then we should call replace + # Handle the deploymentconfig + if self.deploymentconfig is None: + results.append(self._create(self.prepared_registry['deployment_file'])) + elif self.prepared_registry['deployment_update']: + results.append(self._replace(self.prepared_registry['deployment_file'])) + + # Handle the service + if self.service is None: + results.append(self._create(self.prepared_registry['service_file'])) + elif self.prepared_registry['service_update']: + results.append(self._replace(self.prepared_registry['service_file'])) # Clean up returned results rval = 0 @@ -209,7 +221,7 @@ class Registry(OpenShiftCLI): return {'returncode': rval, 'results': results} def update(self): - '''run update for the registry. This performs a delete and then create ''' + '''run update for the registry. This performs a replace if required''' # Store the current service IP if self.service: svcip = self.service.get('spec.clusterIP') @@ -283,14 +295,12 @@ class Registry(OpenShiftCLI): def needs_update(self): ''' check to see if we need to update ''' - if not self.service or not self.deploymentconfig: - return True - exclude_list = ['clusterIP', 'portalIP', 'type', 'protocol'] - if not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict, - self.service.yaml_dict, - exclude_list, - debug=self.verbose): + if self.service is None or \ + not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict, + self.service.yaml_dict, + exclude_list, + debug=self.verbose): self.prepared_registry['service_update'] = True exclude_list = ['dnsPolicy', @@ -306,10 +316,11 @@ class Registry(OpenShiftCLI): 'activeDeadlineSeconds', # added in 1.5 for timeouts ] - if not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict, - self.deploymentconfig.yaml_dict, - exclude_list, - debug=self.verbose): + if self.deploymentconfig is None or \ + not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict, + self.deploymentconfig.yaml_dict, + exclude_list, + debug=self.verbose): self.prepared_registry['deployment_update'] = True return self.prepared_registry['deployment_update'] or self.prepared_registry['service_update'] or False diff --git a/roles/lib_openshift/src/class/oc_adm_router.py b/roles/lib_openshift/src/class/oc_adm_router.py index 66769e73b..7b163b120 100644 --- a/roles/lib_openshift/src/class/oc_adm_router.py +++ b/roles/lib_openshift/src/class/oc_adm_router.py @@ -113,6 +113,21 @@ class Router(OpenShiftCLI): ''' setter for property rolebinding ''' self._rolebinding = config + def get_object_by_kind(self, kind): + '''return the current object kind by name''' + if re.match("^(dc|deploymentconfig)$", kind, flags=re.IGNORECASE): + return self.deploymentconfig + elif re.match("^(svc|service)$", kind, flags=re.IGNORECASE): + return self.service + elif re.match("^(sa|serviceaccount)$", kind, flags=re.IGNORECASE): + return self.serviceaccount + elif re.match("secret", kind, flags=re.IGNORECASE): + return self.secret + elif re.match("clusterrolebinding", kind, flags=re.IGNORECASE): + return self.rolebinding + + return None + def get(self): ''' return the self.router_parts ''' self.service = None @@ -263,13 +278,19 @@ class Router(OpenShiftCLI): - clusterrolebinding ''' results = [] + self.needs_update() import time # pylint: disable=maybe-no-member - for _, oc_data in self.prepared_router.items(): + for kind, oc_data in self.prepared_router.items(): if oc_data['obj'] is not None: time.sleep(1) - results.append(self._create(oc_data['path'])) + if self.get_object_by_kind(kind) is None: + results.append(self._create(oc_data['path'])) + + elif oc_data['update']: + results.append(self._replace(oc_data['path'])) + rval = 0 for result in results: @@ -297,17 +318,15 @@ class Router(OpenShiftCLI): # pylint: disable=too-many-return-statements,too-many-branches def needs_update(self): ''' check to see if we need to update ''' - if not self.deploymentconfig or not self.service or not self.serviceaccount or not self.secret: - return True - # ServiceAccount: # Need to determine changes from the pregenerated ones from the original # Since these are auto generated, we can skip skip = ['secrets', 'imagePullSecrets'] - if not Utils.check_def_equal(self.prepared_router['ServiceAccount']['obj'].yaml_dict, - self.serviceaccount.yaml_dict, - skip_keys=skip, - debug=self.verbose): + if self.serviceaccount is None or \ + not Utils.check_def_equal(self.prepared_router['ServiceAccount']['obj'].yaml_dict, + self.serviceaccount.yaml_dict, + skip_keys=skip, + debug=self.verbose): self.prepared_router['ServiceAccount']['update'] = True # Secret: @@ -316,10 +335,11 @@ class Router(OpenShiftCLI): if not self.secret: self.prepared_router['Secret']['update'] = True - if not Utils.check_def_equal(self.prepared_router['Secret']['obj'].yaml_dict, - self.secret.yaml_dict, - skip_keys=skip, - debug=self.verbose): + if self.secret is None or \ + not Utils.check_def_equal(self.prepared_router['Secret']['obj'].yaml_dict, + self.secret.yaml_dict, + skip_keys=skip, + debug=self.verbose): self.prepared_router['Secret']['update'] = True # Service: @@ -328,28 +348,30 @@ class Router(OpenShiftCLI): port['protocol'] = 'TCP' skip = ['portalIP', 'clusterIP', 'sessionAffinity', 'type'] - if not Utils.check_def_equal(self.prepared_router['Service']['obj'].yaml_dict, - self.service.yaml_dict, - skip_keys=skip, - debug=self.verbose): + if self.service is None or \ + not Utils.check_def_equal(self.prepared_router['Service']['obj'].yaml_dict, + self.service.yaml_dict, + skip_keys=skip, + debug=self.verbose): self.prepared_router['Service']['update'] = True # DeploymentConfig: # Router needs some exceptions. # We do not want to check the autogenerated password for stats admin - if not self.config.config_options['stats_password']['value']: - for idx, env_var in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\ - 'spec.template.spec.containers[0].env') or []): - if env_var['name'] == 'STATS_PASSWORD': - env_var['value'] = \ - self.deploymentconfig.get('spec.template.spec.containers[0].env[%s].value' % idx) - break - - # dry-run doesn't add the protocol to the ports section. We will manually do that. - for idx, port in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\ - 'spec.template.spec.containers[0].ports') or []): - if not 'protocol' in port: - port['protocol'] = 'TCP' + if self.deploymentconfig is not None: + if not self.config.config_options['stats_password']['value']: + for idx, env_var in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\ + 'spec.template.spec.containers[0].env') or []): + if env_var['name'] == 'STATS_PASSWORD': + env_var['value'] = \ + self.deploymentconfig.get('spec.template.spec.containers[0].env[%s].value' % idx) + break + + # dry-run doesn't add the protocol to the ports section. We will manually do that. + for idx, port in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\ + 'spec.template.spec.containers[0].ports') or []): + if not 'protocol' in port: + port['protocol'] = 'TCP' # These are different when generating skip = ['dnsPolicy', @@ -360,10 +382,11 @@ class Router(OpenShiftCLI): 'defaultMode', ] - if not Utils.check_def_equal(self.prepared_router['DeploymentConfig']['obj'].yaml_dict, - self.deploymentconfig.yaml_dict, - skip_keys=skip, - debug=self.verbose): + if self.deploymentconfig is None or \ + not Utils.check_def_equal(self.prepared_router['DeploymentConfig']['obj'].yaml_dict, + self.deploymentconfig.yaml_dict, + skip_keys=skip, + debug=self.verbose): self.prepared_router['DeploymentConfig']['update'] = True # Check if any of the parts need updating, if so, return True -- cgit v1.2.3 From 5ae098b9da053c972a4d12b1a634fab07a6276d0 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Tue, 28 Feb 2017 17:54:16 -0500 Subject: Removed duplicate host param. --- roles/openshift_hosted/tasks/registry/secure.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index 4692892f8..7b85c1076 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -23,7 +23,6 @@ name: docker-registry namespace: "{{ openshift_hosted_registry_namespace }}" service_name: docker-registry - host: "{{ docker_registry_route_hostname }}" tls_termination: "{{ openshift_hosted_registry_route_termination }}" host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}" cert_path: "{{ ('certfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.certfile | basename), omit) }}" -- cgit v1.2.3 From df2024ea268e93bf00ccc44b00f95ca0cb128219 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 1 Mar 2017 13:39:27 -0500 Subject: Defaulting variables properly to avoid undefined route in dict error. --- roles/openshift_hosted/tasks/registry/registry.yml | 6 ++--- roles/openshift_hosted/tasks/registry/secure.yml | 27 +++++++++++----------- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index 5e9d5d06a..d49967837 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -40,9 +40,9 @@ openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}" openshift_hosted_registry_volumes: [] openshift_hosted_registry_env_vars: {} - openshift_hosted_registry_route_certificates: "{{ openshift.hosted.registry.route.certificates | default(false) }}" - openshift_hosted_registry_route_host: "{{ openshift.hosted.registry.route.host | default(false) }}" - openshift_hosted_registry_route_termination: "{{ openshift.hosted.registry.route.termination | default('passthrough') }}" + openshift_hosted_registry_routecertificates: "{{ ('routecertificates' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routecertificates, {}) }}" + openshift_hosted_registry_routehost: "{{ ('routehost' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routehost, False) }}" + openshift_hosted_registry_routetermination: "{{ ('routetermination' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routetermination, 'passthrough') }}" openshift_hosted_registry_edits: # These edits are being specified only to prevent 'changed' on rerun - key: spec.strategy.rollingParams diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index 7b85c1076..9a0108a93 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -4,17 +4,16 @@ docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" run_once: true +- debug: var=openshift_hosted_registry_routecertificates + - name: Get the certificate contents for registry copy: backup: True - dest: "/etc/origin/master/named_certificates/{{ item | basename }}" - src: "{{ item }}" - register: openshift_hosted_registry_certificate_content - with_items: - - "{{ (openshift_hosted_registry_route_certificates | default({'certfile':none})).certfile }}" - - "{{ (openshift_hosted_registry_route_certificates | default({'keyfile':none})).keyfile }}" - - "{{ (openshift_hosted_registry_route_certificates | default({'cafile':none})).cafile }}" - when: openshift_hosted_registry_route_certificates + dest: "/etc/origin/master/named_certificates/{{ item.value | basename }}" + src: "{{ item.value }}" + when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value is not None + with_dict: "{{ openshift_hosted_registry_routecertificates }}" + when: openshift_hosted_registry_routecertificates - debug: var=openshift_hosted_registry_route_termination @@ -23,12 +22,12 @@ name: docker-registry namespace: "{{ openshift_hosted_registry_namespace }}" service_name: docker-registry - tls_termination: "{{ openshift_hosted_registry_route_termination }}" - host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}" - cert_path: "{{ ('certfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.certfile | basename), omit) }}" - key_path: "{{ ('keyfile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.keyfile | basename), omit) }}" - cacert_path: "{{ ('cafile' in openshift_hosted_registry_route_certificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_route_certificates.cafile | basename), omit) }}" - dest_cacert_path: "{{ (openshift_hosted_registry_route_termination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}" + tls_termination: "{{ openshift_hosted_registry_routetermination }}" + host: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}" + cert_path: "{{ ('certfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.certfile | basename), omit) }}" + key_path: "{{ ('keyfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.keyfile | basename), omit) }}" + cacert_path: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.cafile | basename), omit) }}" + dest_cacert_path: "{{ (openshift_hosted_registry_routetermination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}" run_once: true - name: Retrieve registry service IP -- cgit v1.2.3 From 5ada5e9bcad7a8d361b47bb471c681964490be5f Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 1 Mar 2017 14:44:54 -0500 Subject: Separating routes so logic is simpler. --- roles/openshift_hosted/tasks/registry/secure.yml | 36 ++++++++++++++++++++---- 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index 9a0108a93..a082a075a 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -6,6 +6,12 @@ - debug: var=openshift_hosted_registry_routecertificates +- debug: + msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) }}" + +- debug: + msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('THIS IS TRUE', 'THIS IS FALSE') }}" + - name: Get the certificate contents for registry copy: backup: True @@ -15,20 +21,38 @@ with_dict: "{{ openshift_hosted_registry_routecertificates }}" when: openshift_hosted_registry_routecertificates -- debug: var=openshift_hosted_registry_route_termination +# When certificates are defined we will create the reencrypt +# docker-registry route +- name: Create a reencrypt route for docker-registry + run_once: true + oc_route: + name: docker-registry + namespace: "{{ openshift_hosted_registry_namespace }}" + service_name: docker-registry + tls_termination: "{{ openshift_hosted_registry_routetermination }}" + host: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}" + cert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}" + key_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}" + cacert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}" + dest_cacert_path: /etc/origin/master/ca.crt + when: + - "'cafile' in openshift_hosted_registry_routecertificates" + - "'certfile' in openshift_hosted_registry_routecertificates" + - "'keyfile' in openshift_hosted_registry_routecertificates" +- debug: + msg: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}" + +# When routetermination is passthrough we will create the route - name: Create passthrough route for docker-registry oc_route: name: docker-registry namespace: "{{ openshift_hosted_registry_namespace }}" service_name: docker-registry tls_termination: "{{ openshift_hosted_registry_routetermination }}" - host: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}" - cert_path: "{{ ('certfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.certfile | basename), omit) }}" - key_path: "{{ ('keyfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.keyfile | basename), omit) }}" - cacert_path: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.cafile | basename), omit) }}" - dest_cacert_path: "{{ (openshift_hosted_registry_routetermination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}" + host: "{{ openshift_hosted_registry_routehost | ternary(openshift_hosted_registry_routehost, docker_registry_route_hostname) }}" run_once: true + when: openshift_hosted_registry_routetermination == 'passthrough' - name: Retrieve registry service IP oc_service: -- cgit v1.2.3 From efd4350d9147dc1ed3331edbd338661eac271032 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 1 Mar 2017 14:55:31 -0500 Subject: Adding the activeDeadlineSeconds. Removed debug. --- roles/openshift_hosted/tasks/registry/secure.yml | 11 ----------- roles/openshift_hosted/tasks/router/router.yml | 3 +++ 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index a082a075a..927c9aa03 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -4,14 +4,6 @@ docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" run_once: true -- debug: var=openshift_hosted_registry_routecertificates - -- debug: - msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) }}" - -- debug: - msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('THIS IS TRUE', 'THIS IS FALSE') }}" - - name: Get the certificate contents for registry copy: backup: True @@ -40,9 +32,6 @@ - "'certfile' in openshift_hosted_registry_routecertificates" - "'keyfile' in openshift_hosted_registry_routecertificates" -- debug: - msg: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}" - # When routetermination is passthrough we will create the route - name: Create passthrough route for docker-registry oc_route: diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index 71ceff93a..607ace7f9 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -71,6 +71,9 @@ - key: spec.strategy.rollingParams.updatePeriodSeconds value: 1 action: put + - key: spec.strategy.activeDeadlineSeconds + value: 21600 + action: put register: routerout # This should probably move to module -- cgit v1.2.3 From 2a0f716a79829292d61096a0f93c5add1445be68 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 1 Mar 2017 15:04:34 -0500 Subject: Removing run_once. --- roles/openshift_hosted/tasks/registry/secure.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index 927c9aa03..90b11f438 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -2,7 +2,6 @@ - name: Set fact docker_registry_route_hostname set_fact: docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" - run_once: true - name: Get the certificate contents for registry copy: @@ -16,7 +15,6 @@ # When certificates are defined we will create the reencrypt # docker-registry route - name: Create a reencrypt route for docker-registry - run_once: true oc_route: name: docker-registry namespace: "{{ openshift_hosted_registry_namespace }}" @@ -40,7 +38,6 @@ service_name: docker-registry tls_termination: "{{ openshift_hosted_registry_routetermination }}" host: "{{ openshift_hosted_registry_routehost | ternary(openshift_hosted_registry_routehost, docker_registry_route_hostname) }}" - run_once: true when: openshift_hosted_registry_routetermination == 'passthrough' - name: Retrieve registry service IP @@ -49,7 +46,6 @@ name: docker-registry state: list register: docker_registry_service_ip - run_once: true - name: Create registry certificates oc_adm_ca_server_cert: -- cgit v1.2.3 From e62a4bf341637bc26503a9ba5246afb9b016ea36 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 1 Mar 2017 15:52:53 -0500 Subject: removing extra when condition --- roles/openshift_hosted/tasks/registry/secure.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index 90b11f438..bd513b943 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -10,7 +10,6 @@ src: "{{ item.value }}" when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value is not None with_dict: "{{ openshift_hosted_registry_routecertificates }}" - when: openshift_hosted_registry_routecertificates # When certificates are defined we will create the reencrypt # docker-registry route -- cgit v1.2.3