From 7d74d1913274cba4c4732cbc5f0a573cb99e5248 Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Thu, 12 Feb 2015 11:26:56 -0700 Subject: - Rename minion to node - Update playbooks to support latest code --- roles/openshift_master/handlers/main.yml | 2 +- roles/openshift_master/tasks/main.yml | 11 +++++------ 2 files changed, 6 insertions(+), 7 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index 216af5dc9..5c30dccab 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -1,4 +1,4 @@ --- # handlers file for openshift_master - name: restart openshift-master - service: name=openshift state=restarted + service: name=openshift-master state=restarted diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 6826ef452..9f28a3469 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -1,20 +1,19 @@ --- # tasks file for openshift_master - name: Install Origin - yum: pkg=origin state=installed + yum: pkg=openshift-master state=installed - # fixme: Once openshift stops resolving hostnames for minion queries remove this... + # fixme: Once openshift stops resolving hostnames for node queries remove this... - name: Set hostname to IP Addr (WORKAROUND) command: /usr/bin/hostname {{ oo_bind_ip }} - name: Configure OpenShift Master settings lineinfile: - dest: /etc/sysconfig/openshift + dest: /etc/sysconfig/openshift-master regexp: "{{ item.regex }}" line: "{{ item.line }}" with_items: - - { regex: '^ROLE=', line: 'ROLE=\"master\"' } - - { regex: '^OPTIONS=', line: 'OPTIONS=\"--nodes={{ oo_minion_ips | join(",") }} --loglevel=5\"' } + - { regex: '^OPTIONS=', line: 'OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(",") }} --loglevel=5\"' } notify: - restart openshift-master @@ -31,4 +30,4 @@ firewalld: port=8080/tcp permanent=true state=enabled - name: Enable OpenShift - service: name=openshift enabled=yes state=started + service: name=openshift-master enabled=yes state=started -- cgit v1.2.3 From a1b6d03c256ff0065cb7a8772533a1b2c81410e1 Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Thu, 19 Feb 2015 14:52:33 -0700 Subject: Fix SSL support between master and node(s) --- roles/openshift_master/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 9f28a3469..c92ca9c8f 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -24,10 +24,10 @@ firewalld: port=4001/tcp permanent=true state=enabled - name: Open firewalld port for OpenShift - firewalld: port=8080/tcp permanent=false state=enabled + firewalld: port=8443/tcp permanent=false state=enabled - name: Save firewalld port for OpenShift - firewalld: port=8080/tcp permanent=true state=enabled + firewalld: port=8443/tcp permanent=true state=enabled - name: Enable OpenShift service: name=openshift-master enabled=yes state=started -- cgit v1.2.3 From 1932b8d007792e29c609099708224c6a4e29288e Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 20 Feb 2015 11:43:19 -0500 Subject: Set and export KUBECONFIG in root user .bash_profile - roles/base_os: Without this, the root user would need to manually configure this variable before attempting to run any osc commands - roles/base_os: Cleanup the firewall service definition and only pause when the service state changes. - roles/openshift_master: use Akram's suggestion of simplifying the firewall config - roles/openshift_master: explicitly disable previously exposed ports that are no longer exposed (8080/tcp I'm looking at you). --- roles/openshift_master/tasks/main.yml | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index c92ca9c8f..96b889804 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -13,21 +13,24 @@ regexp: "{{ item.regex }}" line: "{{ item.line }}" with_items: - - { regex: '^OPTIONS=', line: 'OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(",") }} --loglevel=5\"' } + - { regex: '^OPTIONS=', line: "OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(",") }} --loglevel=5\"" } notify: - restart openshift-master -- name: Open firewalld port for etcd embedded in OpenShift - firewalld: port=4001/tcp permanent=false state=enabled +# Open etcd embedded, etcd embedded peer, openshift api, and +# openshift client ports +- name: Open firewalld ports for openshift-master + firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled + with_nested: + - [ 4001/tcp, 7001/tcp, 8443/tcp, 8444/tcp ] + - [ true, false ] -- name: Save firewalld port for etcd embedded in - firewalld: port=4001/tcp permanent=true state=enabled - -- name: Open firewalld port for OpenShift - firewalld: port=8443/tcp permanent=false state=enabled - -- name: Save firewalld port for OpenShift - firewalld: port=8443/tcp permanent=true state=enabled +# Disable previously exposed ports that are no longer needed +- name: Close firewalld ports for openshift-master that are no longer needed + firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled + with_nested: + - [ 8080/tcp ] + - [ true, false ] - name: Enable OpenShift service: name=openshift-master enabled=yes state=started -- cgit v1.2.3 From de2fa14b28bf34207dcc21b698cea441d6e918bc Mon Sep 17 00:00:00 2001 From: Thomas Wiest Date: Mon, 23 Feb 2015 15:44:06 -0500 Subject: fixed bug when updating the openshift-master sysconfig file. Also, made it multi-line so we get better errors from ansible. --- roles/openshift_master/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 96b889804..6f96a6cdb 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -13,7 +13,8 @@ regexp: "{{ item.regex }}" line: "{{ item.line }}" with_items: - - { regex: '^OPTIONS=', line: "OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(",") }} --loglevel=5\"" } + - regex: '^OPTIONS=' + line: "OPTIONS=\"--public-master={{ oo_public_ip }} --nodes={{ oo_node_ips | join(',') }} --loglevel=5\"" notify: - restart openshift-master -- cgit v1.2.3 From 1b3be5f6c0d8b0c16dfb4c01744fe24ae830b3ce Mon Sep 17 00:00:00 2001 From: Thomas Wiest Date: Mon, 23 Feb 2015 15:48:15 -0500 Subject: removed kubernetes roles as they're just cruft at this point. --- roles/openshift_master/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index 1f5cb46d6..e5e5535e7 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -1,2 +1,2 @@ --- -# vars file for kubernetes_apiserver +# vars file for openshift_master -- cgit v1.2.3