From 03e6ae850ce718c008636bd8db093f453e62ccf3 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Thu, 12 Nov 2015 10:46:25 -0500 Subject: Refactor named certificates. --- roles/openshift_facts/library/openshift_facts.py | 34 +++++++++++++++++------- 1 file changed, 24 insertions(+), 10 deletions(-) (limited to 'roles/openshift_facts/library') diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 091ba4e2b..995d2c5fb 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -864,20 +864,29 @@ def apply_provider_facts(facts, provider_facts): return facts -def merge_facts(orig, new): +def merge_facts(orig, new, overwrite_additive_facts): """ Recursively merge facts dicts Args: orig (dict): existing facts new (dict): facts to update + overwrite_additive_facts (bool): overwrite additive facts Returns: dict: the merged facts """ + additive_facts = ['named_certificates'] facts = dict() for key, value in orig.iteritems(): if key in new: if isinstance(value, dict) and isinstance(new[key], dict): - facts[key] = merge_facts(value, new[key]) + facts[key] = merge_facts(value, new[key], overwrite_additive_facts) + elif key in additive_facts and not overwrite_additive_facts: + if isinstance(value, list) and isinstance(new[key], list): + new_fact = [] + for item in copy.deepcopy(value) + copy.copy(new[key]): + if item not in new_fact: + new_fact.append(item) + facts[key] = new_fact else: facts[key] = copy.copy(new[key]) else: @@ -961,13 +970,14 @@ class OpenShiftFacts(object): role (str): role for setting local facts filename (str): local facts file to use local_facts (dict): local facts to set + overwrite_additive_facts (bool): overwrite additive facts Raises: OpenShiftFactsUnsupportedRoleError: """ known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'dns', 'etcd'] - def __init__(self, role, filename, local_facts): + def __init__(self, role, filename, local_facts, overwrite_additive_facts=False): self.changed = False self.filename = filename if role not in self.known_roles: @@ -976,25 +986,26 @@ class OpenShiftFacts(object): ) self.role = role self.system_facts = ansible_facts(module) - self.facts = self.generate_facts(local_facts) + self.facts = self.generate_facts(local_facts, overwrite_additive_facts) - def generate_facts(self, local_facts): + def generate_facts(self, local_facts, overwrite_additive_facts): """ Generate facts Args: local_facts (dict): local_facts for overriding generated defaults + overwrite_additive_facts (dict): overwrite additive facts Returns: dict: The generated facts """ - local_facts = self.init_local_facts(local_facts) + local_facts = self.init_local_facts(local_facts, overwrite_additive_facts) roles = local_facts.keys() defaults = self.get_defaults(roles) provider_facts = self.init_provider_facts() facts = apply_provider_facts(defaults, provider_facts) - facts = merge_facts(facts, local_facts) + facts = merge_facts(facts, local_facts, overwrite_additive_facts) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) facts = set_project_cfg_facts_if_unset(facts) @@ -1132,11 +1143,12 @@ class OpenShiftFacts(object): ) return provider_facts - def init_local_facts(self, facts=None): + def init_local_facts(self, facts=None, overwrite_additive_facts=False): """ Initialize the provider facts Args: facts (dict): local facts to set + overwrite_additive_facts (bool): overwrite additive facts Returns: dict: The result of merging the provided facts with existing @@ -1154,7 +1166,7 @@ class OpenShiftFacts(object): basestring): facts_to_set[arg] = module.from_json(facts_to_set[arg]) - new_local_facts = merge_facts(local_facts, facts_to_set) + new_local_facts = merge_facts(local_facts, facts_to_set, overwrite_additive_facts) for facts in new_local_facts.values(): keys_to_delete = [] for fact, value in facts.iteritems(): @@ -1184,6 +1196,7 @@ def main(): role=dict(default='common', required=False, choices=OpenShiftFacts.known_roles), local_facts=dict(default=None, type='dict', required=False), + overwrite_additive_facts=dict(default=False, type='bool', required=False), ), supports_check_mode=True, add_file_common_args=True, @@ -1191,9 +1204,10 @@ def main(): role = module.params['role'] local_facts = module.params['local_facts'] + overwrite_additive_facts = module.params['overwrite_additive_facts'] fact_file = '/etc/ansible/facts.d/openshift.fact' - openshift_facts = OpenShiftFacts(role, fact_file, local_facts) + openshift_facts = OpenShiftFacts(role, fact_file, local_facts, overwrite_additive_facts) file_params = module.params.copy() file_params['path'] = fact_file -- cgit v1.2.3 From 927e585bbeb049523313bacedc57efee2eacf232 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Mon, 16 Nov 2015 16:01:35 -0500 Subject: Add additive_facts_to_overwrite instead of overwriting all additive_facts --- playbooks/common/openshift-master/config.yml | 3 +- roles/openshift_facts/library/openshift_facts.py | 46 +++++++++++++++--------- 2 files changed, 31 insertions(+), 18 deletions(-) (limited to 'roles/openshift_facts/library') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 8719d080d..ff1579218 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -288,7 +288,8 @@ role: master local_facts: named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}" - overwrite_additive_facts: "{{ overwrite_named_certs }}" + additive_facts_to_overwrite: + - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}" - name: Clear named certificates file: path: "{{ named_certs_dir }}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 995d2c5fb..fc701d42b 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -864,13 +864,16 @@ def apply_provider_facts(facts, provider_facts): return facts -def merge_facts(orig, new, overwrite_additive_facts): +def merge_facts(orig, new, additive_facts_to_overwrite): """ Recursively merge facts dicts Args: orig (dict): existing facts new (dict): facts to update - overwrite_additive_facts (bool): overwrite additive facts + + additive_facts_to_overwrite (list): additive facts to overwrite in jinja + '.' notation ex: ['master.named_certificates'] + Returns: dict: the merged facts """ @@ -879,8 +882,14 @@ def merge_facts(orig, new, overwrite_additive_facts): for key, value in orig.iteritems(): if key in new: if isinstance(value, dict) and isinstance(new[key], dict): - facts[key] = merge_facts(value, new[key], overwrite_additive_facts) - elif key in additive_facts and not overwrite_additive_facts: + relevant_additive_facts = [] + # Keep additive_facts_to_overwrite if key matches + for item in additive_facts_to_overwrite: + if '.' in item and item.startswith(key + '.'): + relevant_additive_facts.append(item) + facts[key] = merge_facts(value, new[key], relevant_additive_facts) + elif key in additive_facts and key not in [x.split('.')[-1] for x in additive_facts_to_overwrite]: + # Fact is additive so we'll combine orig and new. if isinstance(value, list) and isinstance(new[key], list): new_fact = [] for item in copy.deepcopy(value) + copy.copy(new[key]): @@ -970,14 +979,15 @@ class OpenShiftFacts(object): role (str): role for setting local facts filename (str): local facts file to use local_facts (dict): local facts to set - overwrite_additive_facts (bool): overwrite additive facts + additive_facts_to_overwrite (list): additive facts to overwrite in jinja + '.' notation ex: ['master.named_certificates'] Raises: OpenShiftFactsUnsupportedRoleError: """ known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'dns', 'etcd'] - def __init__(self, role, filename, local_facts, overwrite_additive_facts=False): + def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=False): self.changed = False self.filename = filename if role not in self.known_roles: @@ -986,26 +996,27 @@ class OpenShiftFacts(object): ) self.role = role self.system_facts = ansible_facts(module) - self.facts = self.generate_facts(local_facts, overwrite_additive_facts) + self.facts = self.generate_facts(local_facts, additive_facts_to_overwrite) - def generate_facts(self, local_facts, overwrite_additive_facts): + def generate_facts(self, local_facts, additive_facts_to_overwrite): """ Generate facts Args: local_facts (dict): local_facts for overriding generated defaults - overwrite_additive_facts (dict): overwrite additive facts + additive_facts_to_overwrite (list): additive facts to overwrite in jinja + '.' notation ex: ['master.named_certificates'] Returns: dict: The generated facts """ - local_facts = self.init_local_facts(local_facts, overwrite_additive_facts) + local_facts = self.init_local_facts(local_facts, additive_facts_to_overwrite) roles = local_facts.keys() defaults = self.get_defaults(roles) provider_facts = self.init_provider_facts() facts = apply_provider_facts(defaults, provider_facts) - facts = merge_facts(facts, local_facts, overwrite_additive_facts) + facts = merge_facts(facts, local_facts, additive_facts_to_overwrite) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) facts = set_project_cfg_facts_if_unset(facts) @@ -1143,12 +1154,13 @@ class OpenShiftFacts(object): ) return provider_facts - def init_local_facts(self, facts=None, overwrite_additive_facts=False): + def init_local_facts(self, facts=None, additive_facts_to_overwrite=False): """ Initialize the provider facts Args: facts (dict): local facts to set - overwrite_additive_facts (bool): overwrite additive facts + additive_facts_to_overwrite (list): additive facts to overwrite in jinja + '.' notation ex: ['master.named_certificates'] Returns: dict: The result of merging the provided facts with existing @@ -1166,7 +1178,7 @@ class OpenShiftFacts(object): basestring): facts_to_set[arg] = module.from_json(facts_to_set[arg]) - new_local_facts = merge_facts(local_facts, facts_to_set, overwrite_additive_facts) + new_local_facts = merge_facts(local_facts, facts_to_set, additive_facts_to_overwrite) for facts in new_local_facts.values(): keys_to_delete = [] for fact, value in facts.iteritems(): @@ -1196,7 +1208,7 @@ def main(): role=dict(default='common', required=False, choices=OpenShiftFacts.known_roles), local_facts=dict(default=None, type='dict', required=False), - overwrite_additive_facts=dict(default=False, type='bool', required=False), + additive_facts_to_overwrite=dict(default=[], type='list', required=False), ), supports_check_mode=True, add_file_common_args=True, @@ -1204,10 +1216,10 @@ def main(): role = module.params['role'] local_facts = module.params['local_facts'] - overwrite_additive_facts = module.params['overwrite_additive_facts'] + additive_facts_to_overwrite = module.params['additive_facts_to_overwrite'] fact_file = '/etc/ansible/facts.d/openshift.fact' - openshift_facts = OpenShiftFacts(role, fact_file, local_facts, overwrite_additive_facts) + openshift_facts = OpenShiftFacts(role, fact_file, local_facts, additive_facts_to_overwrite) file_params = module.params.copy() file_params['path'] = fact_file -- cgit v1.2.3 From f05e8d345ea4eba75574347c969e8552df8b6c17 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Tue, 17 Nov 2015 14:10:34 -0500 Subject: The aep3 images changed locations. --- roles/openshift_facts/library/openshift_facts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_facts/library') diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 2e1075aca..828ddc49b 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -625,7 +625,7 @@ def set_deployment_facts_if_unset(facts): if deployment_type in ['enterprise', 'online', 'openshift-enterprise']: registry_url = 'openshift3/ose-${component}:${version}' elif deployment_type == 'atomic-enterprise': - registry_url = 'aep3/aep-${component}:${version}' + registry_url = 'aep3_beta/aep-${component}:${version}' facts[role]['registry_url'] = registry_url if 'master' in facts: -- cgit v1.2.3 From 42232eb59cc3c6ae5d4733b6655add0aff23217b Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 24 Nov 2015 14:06:12 -0500 Subject: Conditionally set the nodeIP --- inventory/byo/hosts.example | 5 +++++ roles/openshift_facts/library/openshift_facts.py | 2 +- roles/openshift_node/tasks/main.yml | 1 + roles/openshift_node/templates/node.yaml.v1.j2 | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-) (limited to 'roles/openshift_facts/library') diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index 423581281..50a683cfc 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -144,6 +144,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # configure how often node iptables rules are refreshed #openshift_node_iptables_sync_period=5s +# Configure nodeIP in the node config +# This is needed in cases where node traffic is desired to go over an +# interface other than the default network interface. +#openshift_node_set_node_ip=True + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 6006bfa9d..b60e42c71 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1074,7 +1074,7 @@ class OpenShiftFacts(object): if 'node' in roles: node = dict(labels={}, annotations={}, portal_net='172.30.0.0/16', - iptables_sync_period='5s') + iptables_sync_period='5s', set_node_ip=False) defaults['node'] = node return defaults diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index d11bc5123..42d984a09 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -34,6 +34,7 @@ schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" + set_node_ip: "{{ openshift_set_node_ip | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 7d2f506e3..41a303dee 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -23,7 +23,9 @@ networkConfig: {% if openshift.common.use_openshift_sdn %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} +{% if openshift.node.set_node_ip | bool %} nodeIP: {{ openshift.common.ip }} +{% endif %} nodeName: {{ openshift.common.hostname | lower }} podManifestConfig: servingInfo: -- cgit v1.2.3 From 91411addfbaec7db5a039358d9fac8736f064b57 Mon Sep 17 00:00:00 2001 From: Stefanie Forrester Date: Wed, 25 Nov 2015 13:03:58 -0500 Subject: added upgrade playbook for online --- .../upgrades/v3_0_to_v3_1/upgrade.yml | 33 ++++++++++++++++++++++ .../upgrades/v3_0_to_v3_1/upgrade.yml | 4 +-- roles/openshift_facts/library/openshift_facts.py | 2 +- 3 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml (limited to 'roles/openshift_facts/library') diff --git a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml new file mode 100644 index 000000000..8cad51b5e --- /dev/null +++ b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -0,0 +1,33 @@ +--- +# This playbook upgrades an existing AWS cluster, leaving nodes untouched if used with an 'online' deployment type. +# Usage: +# ansible-playbook playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml -e deployment_type=online -e cluster_id= +- hosts: localhost + gather_facts: no + vars_files: + - ../../vars.yml + - "../../vars.{{ deployment_type }}.{{ cluster_id }}.yml" + + tasks: + - set_fact: + g_ssh_user_tmp: "{{ deployment_vars[deployment_type].ssh_user }}" + g_sudo_tmp: "{{ deployment_vars[deployment_type].sudo }}" + + - set_fact: + tmp_nodes_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-node' }}" + when: deployment_type != 'online' + +- include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml + vars: + g_etcd_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-etcd' }}" + g_lb_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-lb' }}" + g_masters_group: "{{ 'tag_env-host-type_' ~ cluster_id ~ '-openshift-master' }}" + g_nodes_group: "{{ tmp_nodes_group | default('') }}" + g_ssh_user: "{{ hostvars.localhost.g_ssh_user_tmp }}" + g_sudo: "{{ hostvars.localhost.g_sudo_tmp }}" + g_nodeonmaster: true + openshift_cluster_id: "{{ cluster_id }}" + openshift_debug_level: 2 + openshift_deployment_type: "{{ deployment_type }}" + openshift_hostname: "{{ ec2_private_ip_address }}" + openshift_public_hostname: "{{ ec2_ip_address }}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 00ebf4ce6..0309e8a77 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -36,9 +36,9 @@ - fail: msg: > - This upgrade is only supported for origin and openshift-enterprise + This upgrade is only supported for origin, openshift-enterprise, and online deployment types - when: deployment_type not in ['origin','openshift-enterprise'] + when: deployment_type not in ['origin','openshift-enterprise', 'online'] - fail: msg: > diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index b60e42c71..2fd7be07c 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -623,7 +623,7 @@ def set_deployment_facts_if_unset(facts): service_type = 'atomic-openshift' if deployment_type == 'origin': service_type = 'origin' - elif deployment_type in ['enterprise', 'online']: + elif deployment_type in ['enterprise']: service_type = 'openshift' facts['common']['service_type'] = service_type if 'config_base' not in facts['common']: -- cgit v1.2.3 From 192ccc8e6e6f465351828f32e9dc43b840897b67 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 1 Dec 2015 16:30:05 -0500 Subject: Refactor dns options and facts. --- inventory/byo/hosts.example | 3 +++ playbooks/common/openshift-cluster/config.yml | 3 --- playbooks/common/openshift-master/config.yml | 16 ---------------- roles/openshift_facts/library/openshift_facts.py | 8 ++++---- roles/openshift_master/tasks/main.yml | 8 +------- roles/openshift_node/tasks/main.yml | 7 +------ roles/openshift_node/templates/node.yaml.v1.j2 | 6 ++++-- 7 files changed, 13 insertions(+), 38 deletions(-) (limited to 'roles/openshift_facts/library') diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index 1a67cc290..dd8d8f855 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -154,6 +154,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # entries for the interfaces attached to the host. #openshift_set_hostname=True +# Configure dnsIP in the node config +#openshift_dns_ip=172.30.0.1 + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index a8bd634d3..482fa8441 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -6,6 +6,3 @@ - include: ../openshift-master/config.yml - include: ../openshift-node/config.yml - vars: - osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}" - osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].cluster_dns_ip }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 1c8a92122..785a78497 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -353,22 +353,6 @@ - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool - # TODO: Setting the cluster dns ip should be pushed into openshift-facts -- name: Determine cluster dns ip - hosts: oo_first_master - tasks: - - name: Get master service ip - # This command has to be on a single line. - command: "{{ openshift.common.client_binary }} -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\} --output-version=v1" - register: master_service_ip_output - when: openshift.common.version_greater_than_3_1_or_1_1 | bool - - set_fact: - cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}" - when: not openshift.common.version_greater_than_3_1_or_1_1 | bool - - set_fact: - cluster_dns_ip: "{{ master_service_ip_output.stdout }}" - when: openshift.common.version_greater_than_3_1_or_1_1 | bool - - name: Enable cockpit hosts: oo_first_master vars: diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index b60e42c71..e937b742e 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -528,9 +528,9 @@ def set_aggregate_facts(facts): internal_hostnames.add(facts['common']['hostname']) internal_hostnames.add(facts['common']['ip']) + cluster_domain = facts['common']['dns_domain'] + if 'master' in facts: - # FIXME: not sure why but facts['dns']['domain'] fails - cluster_domain = 'cluster.local' if 'cluster_hostname' in facts['master']: all_hostnames.add(facts['master']['cluster_hostname']) if 'cluster_public_hostname' in facts['master']: @@ -985,7 +985,7 @@ class OpenShiftFacts(object): Raises: OpenShiftFactsUnsupportedRoleError: """ - known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'dns', 'etcd'] + known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'etcd'] def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=False): self.changed = False @@ -1056,6 +1056,7 @@ class OpenShiftFacts(object): public_hostname=hostname) common['client_binary'] = 'oc' if os.path.isfile('/usr/bin/oc') else 'osc' common['admin_binary'] = 'oadm' if os.path.isfile('/usr/bin/oadm') else 'osadm' + common['dns_domain'] = 'cluster.local' defaults['common'] = common if 'master' in roles: @@ -1076,7 +1077,6 @@ class OpenShiftFacts(object): node = dict(labels={}, annotations={}, portal_net='172.30.0.0/16', iptables_sync_period='5s', set_node_ip=False) defaults['node'] = node - return defaults def guess_host_provider(self): diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 2cf2a53c4..5d4ddfca0 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -81,14 +81,8 @@ yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present register: install_result -# TODO: These values need to be configurable -- name: Set dns facts +- name: Re-gather package dependent master facts openshift_facts: - role: dns - local_facts: - ip: "{{ openshift_master_cluster_vip | default(openshift.common.ip, true) | default(None) }}" - domain: cluster.local - when: openshift.master.embedded_dns - name: Create config parent directory if it does not exist file: diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 42d984a09..1d3ac7c09 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -1,11 +1,5 @@ --- # TODO: allow for overriding default ports where possible -- fail: - msg: This role requres that osn_cluster_dns_domain is set - when: osn_cluster_dns_domain is not defined or not osn_cluster_dns_domain -- fail: - msg: This role requres that osn_cluster_dns_ip is set - when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip - fail: msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] @@ -20,6 +14,7 @@ hostname: "{{ openshift_hostname | default(none) }}" public_hostname: "{{ openshift_public_hostname | default(none) }}" deployment_type: "{{ openshift_deployment_type }}" + dns_ip: "{{ openshift_dns_ip | default(openshift_master_cluster_vip | default(None, true), true) }}" - role: node local_facts: annotations: "{{ openshift_node_annotations | default(none) }}" diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 41a303dee..23bd81f91 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -1,7 +1,9 @@ allowDisabledDocker: false apiVersion: v1 -dnsDomain: {{ osn_cluster_dns_domain }} -dnsIP: {{ osn_cluster_dns_ip }} +dnsDomain: {{ openshift.common.dns_domain }} +{% if 'dns_ip' in openshift.common %} +dnsIP: {{ openshift.common.dns_ip }} +{% endif %} dockerConfig: execHandlerName: "" iptablesSyncPeriod: "{{ openshift.node.iptables_sync_period }}" -- cgit v1.2.3 From 04ce758d35666c9f887a9bb1b44ccae1d20ee908 Mon Sep 17 00:00:00 2001 From: enoodle Date: Mon, 23 Nov 2015 17:46:27 +0200 Subject: ManageIQ Service Account: added role for ManageIQ service account Signed-off-by: enoodle --- playbooks/common/openshift-master/config.yml | 2 + roles/openshift_common/tasks/main.yml | 1 + roles/openshift_facts/library/openshift_facts.py | 2 +- roles/openshift_manageiq/tasks/main.yaml | 50 ++++++++++++++++++++++++ roles/openshift_manageiq/vars/main.yml | 24 ++++++++++++ 5 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 roles/openshift_manageiq/tasks/main.yaml create mode 100644 roles/openshift_manageiq/vars/main.yml (limited to 'roles/openshift_facts/library') diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 902fde956..7bdaca2c9 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -350,6 +350,8 @@ - openshift_examples - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool + - role: openshift_manageiq + when: openshift.common.use_manageiq | bool - name: Determine cluster dns ip hosts: oo_first_master diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index 55065b3de..c0982290d 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -22,6 +22,7 @@ deployment_type: "{{ openshift_deployment_type }}" use_fluentd: "{{ openshift_use_fluentd | default(None) }}" use_flannel: "{{ openshift_use_flannel | default(None) }}" + use_manageiq: "{{ openshift_use_manageiq | default(None) }}" # For enterprise versions < 3.1 and origin versions < 1.1 we want to set the # hostname by default. diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index b60e42c71..0100aa54f 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1053,7 +1053,7 @@ class OpenShiftFacts(object): common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, deployment_type='origin', hostname=hostname, - public_hostname=hostname) + public_hostname=hostname, use_manageiq=False) common['client_binary'] = 'oc' if os.path.isfile('/usr/bin/oc') else 'osc' common['admin_binary'] = 'oadm' if os.path.isfile('/usr/bin/oadm') else 'osadm' defaults['common'] = common diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml new file mode 100644 index 000000000..2d3187e21 --- /dev/null +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -0,0 +1,50 @@ +--- +- name: Copy Configuration to temporary conf + command: > + cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{manage_iq_tmp_conf}} + changed_when: false + +- name: Add Managment Infrastructure project + command: > + {{ openshift.common.admin_binary }} new-project + management-infra + --description="Management Infrastructure" + --config={{manage_iq_tmp_conf}} + register: osmiq_create_mi_project + failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0" + changed_when: osmiq_create_mi_project.rc == 0 + +- name: Create Service Account + shell: > + echo {{ manageiq_service_account | to_json | quote }} | + {{ openshift.common.client_binary }} create + -n management-infra + --config={{manage_iq_tmp_conf}} + -f - + register: osmiq_create_service_account + failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0" + changed_when: osmiq_create_service_account.rc == 0 + +- name: Create Cluster Role + shell: > + echo {{ manageiq_cluster_role | to_json | quote }} | + {{ openshift.common.client_binary }} create + --config={{manage_iq_tmp_conf}} + -f - + register: osmiq_create_cluster_role + failed_when: "'already exists' not in osmiq_create_cluster_role.stderr and osmiq_create_cluster_role.rc != 0" + changed_when: osmiq_create_cluster_role.rc == 0 + +- name: Configure role/user permissions + command: > + {{ openshift.common.admin_binary }} {{item}} + --config={{manage_iq_tmp_conf}} + with_items: "{{manage_iq_tasks}}" + register: osmiq_perm_task + failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0" + changed_when: osmiq_perm_task.rc == 0 + +- name: Clean temporary configuration file + command: > + rm -f {{manage_iq_tmp_conf}} + changed_when: false diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml new file mode 100644 index 000000000..77e1c304b --- /dev/null +++ b/roles/openshift_manageiq/vars/main.yml @@ -0,0 +1,24 @@ +manageiq_cluster_role: + apiVersion: v1 + kind: ClusterRole + metadata: + name: management-infra-admin + rules: + - resources: + - pods/proxy + verbs: + - '*' + +manageiq_service_account: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: management-admin + +manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig + +manage_iq_tasks: + - policy add-role-to-user -n management-infra admin -z management-admin + - policy add-role-to-user -n management-infra management-infra-admin -z management-admin + - policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin + - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin -- cgit v1.2.3