From 801779eeb6f6308f81ae7c48409de7686c04a0aa Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Wed, 13 Dec 2017 12:42:32 -0500 Subject: Relocate filter plugins to lib_utils This commit relocates filter_plugings to lib_utils, changes the namespacing to prevent unintended use of older versions that may be present in filter_plugins/ directory on existing installs. Add lib_utils to meta depends for roles Also consolidate some plugins into lib_utils from various other areas. Update rpm spec, obsolete plugin rpms. --- playbooks/openshift-node/private/configure_nodes.yml | 4 ++-- playbooks/openshift-node/private/containerized_nodes.yml | 4 ++-- playbooks/openshift-node/private/filter_plugins | 1 - playbooks/openshift-node/private/lookup_plugins | 1 - 4 files changed, 4 insertions(+), 6 deletions(-) delete mode 120000 playbooks/openshift-node/private/filter_plugins delete mode 120000 playbooks/openshift-node/private/lookup_plugins (limited to 'playbooks/openshift-node') diff --git a/playbooks/openshift-node/private/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml index 32b288c8b..548ff7c4f 100644 --- a/playbooks/openshift-node/private/configure_nodes.yml +++ b/playbooks/openshift-node/private/configure_nodes.yml @@ -4,10 +4,10 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + openshift_no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') + | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',') }}" roles: - role: openshift_clock diff --git a/playbooks/openshift-node/private/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml index ef07669cb..dc68d7585 100644 --- a/playbooks/openshift-node/private/containerized_nodes.yml +++ b/playbooks/openshift-node/private/containerized_nodes.yml @@ -5,10 +5,10 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + openshift_no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') + | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',') }}" roles: diff --git a/playbooks/openshift-node/private/filter_plugins b/playbooks/openshift-node/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-node/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/openshift-node/private/lookup_plugins b/playbooks/openshift-node/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-node/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins \ No newline at end of file -- cgit v1.2.3 From e6c159afb4ba39a7266c750d43d6a5e911cc8f21 Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Mon, 18 Dec 2017 16:13:36 -0500 Subject: Remove openshift.common.{is_atomic|is_containerized} We set these variables using facts in init, no need to duplicate the logic all around the codebase. --- playbooks/openshift-node/private/restart.yml | 2 +- playbooks/openshift-node/private/setup.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'playbooks/openshift-node') diff --git a/playbooks/openshift-node/private/restart.yml b/playbooks/openshift-node/private/restart.yml index c2092b23c..7249ced70 100644 --- a/playbooks/openshift-node/private/restart.yml +++ b/playbooks/openshift-node/private/restart.yml @@ -28,7 +28,7 @@ - "{{ openshift_service_type }}-master-controllers" - "{{ openshift_service_type }}-node" failed_when: false - when: openshift.common.is_containerized | bool + when: openshift_is_containerized | bool - name: Wait for master API to come back online wait_for: diff --git a/playbooks/openshift-node/private/setup.yml b/playbooks/openshift-node/private/setup.yml index 541913aef..802dce37e 100644 --- a/playbooks/openshift-node/private/setup.yml +++ b/playbooks/openshift-node/private/setup.yml @@ -21,6 +21,6 @@ when: - hostvars[item].openshift is defined - hostvars[item].openshift.common is defined - - hostvars[item].openshift.common.is_containerized | bool + - hostvars[item].openshift_is_containerized | bool - (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config) changed_when: False -- cgit v1.2.3 From 6f1a7e75e89796a4a0378ceae419eb9e7ffb1fe5 Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Thu, 21 Dec 2017 16:50:53 -0500 Subject: Remove bootstrap.yml from main.yml in openshift_node role This commit utilizes include_role for bootstrapping the node instead of conditional include of tasks now that the node role has no meta includes that have tasks. --- playbooks/openshift-node/private/image_prep.yml | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'playbooks/openshift-node') diff --git a/playbooks/openshift-node/private/image_prep.yml b/playbooks/openshift-node/private/image_prep.yml index 6b517197d..c0ddcd926 100644 --- a/playbooks/openshift-node/private/image_prep.yml +++ b/playbooks/openshift-node/private/image_prep.yml @@ -12,6 +12,13 @@ - name: run node config import_playbook: configure_nodes.yml +- name: node bootstrap config + hosts: oo_nodes_to_config:!oo_containerized_master_nodes + tasks: + - include_role: + name: openshift_node + tasks_from: bootstrap.yml + - name: Re-enable excluders import_playbook: enable_excluders.yml -- cgit v1.2.3 From 8f5b8292e5a645820e83dc2537e4d36c696b67ce Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Thu, 21 Dec 2017 13:33:20 -0500 Subject: Remove last of openshift_node role meta-depends Remove last non-taskless meta-depends from openshift_node role. Remove variable 'openshift_node_upgrade_in_progress' as it is no longer used. --- playbooks/openshift-node/private/configure_nodes.yml | 1 + playbooks/openshift-node/private/containerized_nodes.yml | 1 + 2 files changed, 2 insertions(+) (limited to 'playbooks/openshift-node') diff --git a/playbooks/openshift-node/private/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml index 548ff7c4f..a13173e63 100644 --- a/playbooks/openshift-node/private/configure_nodes.yml +++ b/playbooks/openshift-node/private/configure_nodes.yml @@ -11,6 +11,7 @@ }}" roles: - role: openshift_clock + - role: openshift_cloud_provider - role: openshift_node - role: tuned - role: nickhammond.logrotate diff --git a/playbooks/openshift-node/private/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml index dc68d7585..644e6a69c 100644 --- a/playbooks/openshift-node/private/containerized_nodes.yml +++ b/playbooks/openshift-node/private/containerized_nodes.yml @@ -13,6 +13,7 @@ roles: - role: openshift_clock + - role: openshift_cloud_provider - role: openshift_node openshift_ca_host: "{{ groups.oo_first_master.0 }}" - role: nickhammond.logrotate -- cgit v1.2.3 From eacc12897ca86a255f89b8a4537ce2b7004cf319 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Fri, 5 Jan 2018 12:44:56 -0500 Subject: Migrate to import_role for static role inclusion In Ansible 2.2, the include_role directive came into existence as a Tech Preview. It is still a Tech Preview through Ansible 2.4 (and in current devel branch), but with a noteable change. The default behavior switched from static: true to static: false because that functionality moved to the newly introduced import_role directive (in order to stay consistent with include* being dynamic in nature and `import* being static in nature). The dynamic include is considerably more memory intensive as it will dynamically create a role import for every host in the inventory list to be used. (Also worth noting, there is at the time of this writing an object allocation inefficiency in the dynamic include that can in certain situations amplify this effect considerably) This change is meant to mitigate the pressure on memory for the Ansible control host. We need to evaluate where it makes sense to dynamically include roles and revert back to dynamic inclusion if and where it makes sense to do so. --- playbooks/openshift-node/private/additional_config.yml | 2 +- playbooks/openshift-node/private/image_prep.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'playbooks/openshift-node') diff --git a/playbooks/openshift-node/private/additional_config.yml b/playbooks/openshift-node/private/additional_config.yml index b86cb3cc2..54ed1927d 100644 --- a/playbooks/openshift-node/private/additional_config.yml +++ b/playbooks/openshift-node/private/additional_config.yml @@ -57,7 +57,7 @@ - name: Configure Kuryr node hosts: oo_nodes_use_kuryr tasks: - - include_role: + - import_role: name: kuryr tasks_from: node when: openshift_use_kuryr | default(false) | bool diff --git a/playbooks/openshift-node/private/image_prep.yml b/playbooks/openshift-node/private/image_prep.yml index c0ddcd926..adcbb0fdb 100644 --- a/playbooks/openshift-node/private/image_prep.yml +++ b/playbooks/openshift-node/private/image_prep.yml @@ -15,7 +15,7 @@ - name: node bootstrap config hosts: oo_nodes_to_config:!oo_containerized_master_nodes tasks: - - include_role: + - import_role: name: openshift_node tasks_from: bootstrap.yml -- cgit v1.2.3 From 6daf71565fd69e9ddb2ac20e787d49f74cf7a9d7 Mon Sep 17 00:00:00 2001 From: Nick Bartos Date: Tue, 5 Dec 2017 15:02:52 +1100 Subject: Contiv multi-master and other fixes Contiv's etcd was not being deployed correctly when using more than one master. To make it easier to manage, it has been moved into a k8s container. The api proxy was hardcoded to an old version (1.1.1), and in some environments would run into a docker error. This has been moved into a k8s container for easier management. The firewall was too permissive on several ports. Many were open to the world when they should have only been accessible inside the cluster. Many of the contiv role variables were not prefixed with 'contiv', which may end up clobbering variables from another role. Now all the contiv specific role variables start with 'contiv_'. The api proxy's default self-signed certificate was bundled with the role. This means someone with read-only MITM access and this key could decrypt traffic. Granted a user defined certificate from a trusted CA should be used in a production environment, it is still better to generate one in each environment when one is not provided. --- playbooks/openshift-node/private/additional_config.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'playbooks/openshift-node') diff --git a/playbooks/openshift-node/private/additional_config.yml b/playbooks/openshift-node/private/additional_config.yml index 54ed1927d..0881121c9 100644 --- a/playbooks/openshift-node/private/additional_config.yml +++ b/playbooks/openshift-node/private/additional_config.yml @@ -47,11 +47,17 @@ - role: nuage_node when: openshift_use_nuage | default(false) | bool -- name: Additional node config - hosts: oo_nodes_use_contiv +- name: Configure Contiv masters + hosts: oo_masters_to_config + roles: + - role: contiv + contiv_master: true + when: openshift_use_contiv | default(false) | bool + +- name: Configure rest of Contiv nodes + hosts: "{{ groups.oo_nodes_use_contiv | default([]) | difference(groups.oo_masters_to_config) }}" roles: - role: contiv - contiv_role: netplugin when: openshift_use_contiv | default(false) | bool - name: Configure Kuryr node -- cgit v1.2.3 From 3b07acdcd41e215dedc4d4c7c7303b807e59333d Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Tue, 9 Jan 2018 14:11:16 -0500 Subject: Remove become statements This commit removes become:no statements that break the installer in various ways. --- playbooks/openshift-node/private/setup.yml | 1 - playbooks/openshift-node/scaleup.yml | 1 - 2 files changed, 2 deletions(-) (limited to 'playbooks/openshift-node') diff --git a/playbooks/openshift-node/private/setup.yml b/playbooks/openshift-node/private/setup.yml index 802dce37e..41c323f2b 100644 --- a/playbooks/openshift-node/private/setup.yml +++ b/playbooks/openshift-node/private/setup.yml @@ -8,7 +8,6 @@ - name: Evaluate node groups hosts: localhost - become: no connection: local tasks: - name: Evaluate oo_containerized_master_nodes diff --git a/playbooks/openshift-node/scaleup.yml b/playbooks/openshift-node/scaleup.yml index bdfd3d3e6..cf13692ae 100644 --- a/playbooks/openshift-node/scaleup.yml +++ b/playbooks/openshift-node/scaleup.yml @@ -4,7 +4,6 @@ - name: Ensure there are new_nodes hosts: localhost connection: local - become: no gather_facts: no tasks: - fail: -- cgit v1.2.3