From 7f5c403e144e6ef4d39bf7b11adb4c4a8976521c Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 21 Oct 2015 16:17:39 -0400 Subject: Add proxy client certs to master config. --- playbooks/adhoc/upgrades/upgrade.yml | 10 ++++++++++ playbooks/common/openshift-master/config.yml | 2 ++ 2 files changed, 12 insertions(+) (limited to 'playbooks') diff --git a/playbooks/adhoc/upgrades/upgrade.yml b/playbooks/adhoc/upgrades/upgrade.yml index 56a1df860..ae1d0127c 100644 --- a/playbooks/adhoc/upgrades/upgrade.yml +++ b/playbooks/adhoc/upgrades/upgrade.yml @@ -1,4 +1,14 @@ --- +- name: Upgrade base package on masters + hosts: masters + roles: + - openshift_facts + vars: + openshift_version: "{{ openshift_pkg_version | default('') }}" + tasks: + - name: Upgrade base package + yum: pkg={{ openshift.common.service_type }}{{ openshift_version }} state=latest + - name: Re-Run cluster configuration to apply latest configuration changes include: ../../common/openshift-cluster/config.yml vars: diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 0a3fe90e1..ecea608b2 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -137,6 +137,7 @@ openshift_master_certs_no_etcd: - admin.crt - master.kubelet-client.crt + - master.proxy-client.crt - master.server.crt - openshift-master.crt - openshift-registry.crt @@ -144,6 +145,7 @@ - etcd.server.crt openshift_master_certs_etcd: - master.etcd-client.crt + - set_fact: openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd)) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else openshift_master_certs_no_etcd }}" -- cgit v1.2.3 From 5aff702d10b79822098ca68f9ee3184be45775d7 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Thu, 22 Oct 2015 13:12:22 -0400 Subject: Don't include proxy client cert when <3.1 or <1.1 --- playbooks/common/openshift-master/config.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index ecea608b2..47e568f06 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -133,11 +133,14 @@ - name: Determine if master certificates need to be generated hosts: oo_masters_to_config tasks: + - set_fact: + include_proxy_client_cert: "{{ (openshift.common.version | version_compare('1.0.6', '>')) if openshift.common.deployment_type == 'origin' else (openshift.common.version | version_compare('3.0.2', '>')) }}" + - set_fact: openshift_master_certs_no_etcd: - admin.crt - master.kubelet-client.crt - - master.proxy-client.crt + - "{{ 'master.proxy-client.crt' if include_proxy_client_cert else omit }}" - master.server.crt - openshift-master.crt - openshift-registry.crt @@ -155,9 +158,9 @@ with_items: openshift_master_certs register: g_master_cert_stat_result - set_fact: - master_certs_missing: "{{ g_master_cert_stat_result.results + master_certs_missing: "{{ False in (g_master_cert_stat_result.results | map(attribute='stat.exists') - | list | intersect([false])}}" + | list ) }}" master_cert_subdir: master-{{ openshift.common.hostname }} master_cert_config_dir: "{{ openshift.common.config_base }}/master" @@ -189,6 +192,7 @@ args: creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz" with_items: masters_needing_certs + - name: Retrieve the master cert tarball from the master fetch: src: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz" -- cgit v1.2.3 From 7eefcf8a04251da4d10deb936273847d47ccb609 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Thu, 22 Oct 2015 16:48:24 -0400 Subject: Move version greater_than_fact into openshift_facts --- playbooks/common/openshift-master/config.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'playbooks') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 47e568f06..1dec923fc 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -133,14 +133,11 @@ - name: Determine if master certificates need to be generated hosts: oo_masters_to_config tasks: - - set_fact: - include_proxy_client_cert: "{{ (openshift.common.version | version_compare('1.0.6', '>')) if openshift.common.deployment_type == 'origin' else (openshift.common.version | version_compare('3.0.2', '>')) }}" - - set_fact: openshift_master_certs_no_etcd: - admin.crt - master.kubelet-client.crt - - "{{ 'master.proxy-client.crt' if include_proxy_client_cert else omit }}" + - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}" - master.server.crt - openshift-master.crt - openshift-registry.crt -- cgit v1.2.3 From a6c34115d3e06f502846b271a2fc88eb202f767e Mon Sep 17 00:00:00 2001 From: Thomas Wiest Date: Sat, 24 Oct 2015 10:26:34 -0400 Subject: added docker info to the end of docker loop to direct lvm playbook. --- .../ops-docker-loopback-to-direct-lvm.yml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'playbooks') diff --git a/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml b/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml index 614b2537a..72fcd77b3 100755 --- a/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml +++ b/playbooks/adhoc/docker_loopback_to_lvm/ops-docker-loopback-to-direct-lvm.yml @@ -97,8 +97,19 @@ - debug: var=setup_output + - name: extend the vg + command: lvextend -l 90%VG /dev/docker_vg/docker-pool + register: extend_output + + - debug: var=extend_output + - name: start docker - command: systemctl start docker.service - register: dockerstart + service: + name: docker + state: restarted + + - name: docker info + command: docker info + register: dockerinfo - - debug: var=dockerstart + - debug: var=dockerinfo -- cgit v1.2.3 From 7558c4e35e076704624fdffa347a08cf7f3a804f Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Tue, 27 Oct 2015 13:42:11 -0400 Subject: Adding uninstall support for Atomic Host --- playbooks/adhoc/uninstall.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'playbooks') diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 40db668da..8cc5b9406 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -1,6 +1,6 @@ # This deletes *ALL* Origin, Atomic Enterprise Platform and OpenShift # Enterprise content installed by ansible. This includes: -# +# # configuration # containers # example templates and imagestreams @@ -13,6 +13,14 @@ sudo: yes tasks: + - name: Detecting Operating System + shell: ls /run/ostree-booted + ignore_errors: yes + register: ostree_output + + - set_fact: + is_atomic: ostree_output.rc == 0 + - service: name={{ item }} state=stopped with_items: - atomic-enterprise-master @@ -33,6 +41,7 @@ - origin-node - yum: name={{ item }} state=absent + when: not is_atomic with_items: - atomic-enterprise - atomic-enterprise-master -- cgit v1.2.3 From d753108350bfa8c41ba7c57bcb870a4e303c5659 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Wed, 28 Oct 2015 10:22:18 -0400 Subject: The uninstall playbook should remove the kubeconfig for non-root installs --- playbooks/adhoc/uninstall.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'playbooks') diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 8cc5b9406..af2108690 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -136,6 +136,7 @@ - /etc/sysconfig/origin-master - /etc/sysconfig/origin-node - /root/.kube + - "~{{ ansible_ssh_user }}/.kube" - /usr/share/openshift/examples - /var/lib/atomic-enterprise - /var/lib/etcd -- cgit v1.2.3 From e0bd8bfa45d85832e1f619fbf91934dff0706c9c Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Wed, 28 Oct 2015 13:40:27 -0400 Subject: Bug fixes for the uninstall playbook 1) is_atomic wasn't being evaluated properly 2) the way we were detecting it was resulting in a confusion error message being displayed to the user in the case of RHEL 7 Server --- playbooks/adhoc/uninstall.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'playbooks') diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index af2108690..7d1544be8 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -16,10 +16,11 @@ - name: Detecting Operating System shell: ls /run/ostree-booted ignore_errors: yes + failed_when: false register: ostree_output - set_fact: - is_atomic: ostree_output.rc == 0 + is_atomic: "{{ ostree_output.rc == 0 }}" - service: name={{ item }} state=stopped with_items: @@ -41,7 +42,7 @@ - origin-node - yum: name={{ item }} state=absent - when: not is_atomic + when: not is_atomic | bool with_items: - atomic-enterprise - atomic-enterprise-master -- cgit v1.2.3 From e0fd136c9ae77115cc80f487aac44f066492e494 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Fri, 30 Oct 2015 14:15:49 -0400 Subject: Attempt to remove the various interfaces left over from an install Removing br0 won't work if openvswitch has already been stopped. ovs-system will be left around but that is just a problem with openvswitch's packaging. That device is apparently not even used. In the worst case a manual reboot will remove all of these devices. --- playbooks/adhoc/uninstall.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'playbooks') diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 7d1544be8..0503b7cd4 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -22,6 +22,11 @@ - set_fact: is_atomic: "{{ ostree_output.rc == 0 }}" + - name: Remove br0 interface + shell: ovs-vsctl del-br br0 + changed_when: False + failed_when: False + - service: name={{ item }} state=stopped with_items: - atomic-enterprise-master @@ -69,6 +74,15 @@ - tuned-profiles-openshift-node - tuned-profiles-origin-node + - name: Remove linux interfaces + shell: ip link del "{{ item }}" + changed_when: False + failed_when: False + with_items: + - lbr0 + - vlinuxbr + - vovsbr + - shell: systemctl reset-failed changed_when: False -- cgit v1.2.3