From 7b316631a2b988318b47d3a50a7b66e3ff3fdbd2 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 10 Jun 2015 10:31:39 -0400 Subject: Update for RC2 changes Remove openshift-deployer.kubeconfig from master template Sync config template Update enterprise image names Switch to node auto registration Add deployer to list of serviceAccountConfig.managedNames Move package installation before registering facts change default kubeconfig location Change system:openshift-client to system:openshift-master Rename node cert/key/kubeconfig per openshift/origin#3160 Update references to /var/lib/openshift/openshift.local.certificates --- roles/openshift_master/tasks/main.yml | 25 ++++++++++--------- roles/openshift_master/templates/master.yaml.v1.j2 | 29 ++++++++++++++++++---- 2 files changed, 37 insertions(+), 17 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 23f8b4649..da0a663ec 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -8,6 +8,15 @@ - openshift_master_oauth_grant_method in openshift_master_valid_grant_methods when: openshift_master_oauth_grant_method is defined +- name: Install OpenShift Master package + yum: pkg=openshift-master state=present + register: install_result + +# TODO: Is this necessary or was this a workaround for an old bug in packaging? +- name: Reload systemd units + command: systemctl daemon-reload + when: install_result | changed + - name: Set master OpenShift facts openshift_facts: role: master @@ -51,14 +60,6 @@ domain: cluster.local when: openshift.master.embedded_dns -- name: Install OpenShift Master package - yum: pkg=openshift-master state=present - register: install_result - -- name: Reload systemd units - command: systemctl daemon-reload - when: install_result | changed - - name: Create config parent directory if it doesn't exist file: path: "{{ openshift_master_config_dir }}" @@ -130,7 +131,7 @@ - name: Create the OpenShift client config dir(s) file: - path: "~{{ item }}/.config/openshift" + path: "~{{ item }}/.kube" state: directory mode: 0700 owner: "{{ item }}" @@ -142,16 +143,16 @@ # TODO: Update this file if the contents of the source file are not present in # the dest file, will need to make sure to ignore things that could be added - name: Copy the OpenShift admin client config(s) - command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.config/openshift/.config + command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config args: - creates: ~{{ item }}/.config/openshift/.config + creates: ~{{ item }}/.kube/config with_items: - root - "{{ ansible_ssh_user }}" - name: Update the permissions on the OpenShift admin client config(s) file: - path: "~{{ item }}/.config/openshift/.config" + path: "~{{ item }}/.kube/config" state: file mode: 0700 owner: "{{ item }}" diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 1c2d37b63..9df07e925 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -1,3 +1,6 @@ +apiLevels: +- v1beta3 +- v1 apiVersion: v1 assetConfig: logoutURL: "" @@ -8,6 +11,8 @@ assetConfig: certFile: master.server.crt clientCA: "" keyFile: master.server.key + maxRequestsInFlight: 0 + requestTimeoutSeconds: 0 corsAllowedOrigins: {# TODO: add support for user specified corsAllowedOrigins #} {% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %} @@ -43,9 +48,9 @@ etcdConfig: {% endif %} etcdStorageConfig: kubernetesStoragePrefix: kubernetes.io - kubernetesStorageVersion: v1beta3 - kubernetesStoragePrefix: kubernetes.io - openShiftStorageVersion: v1beta3 + kubernetesStorageVersion: v1 + openShiftStoragePrefix: openshift.io + openShiftStorageVersion: v1 imageConfig: format: {{ openshift.master.registry_url }} latest: false @@ -58,18 +63,24 @@ kubeletClientInfo: port: 10250 {% if openshift.master.embedded_kube %} kubernetesMasterConfig: + apiLevels: + - v1beta3 + - v1 + apiServerArguments: null + controllerArguments: null {# TODO: support overriding masterCount #} masterCount: 1 masterIP: "" + podEvictionTimeout: "" schedulerConfigFile: {{ openshift_master_scheduler_conf }} + servicesNodePortRange: "" servicesSubnet: {{ openshift.master.portal_net }} staticNodeNames: {{ openshift_node_ips | default([], true) }} {% endif %} masterClients: {# TODO: allow user to set externalKubernetesKubeConfig #} - deployerKubeConfig: openshift-deployer.kubeconfig externalKubernetesKubeConfig: "" - openshiftLoopbackKubeConfig: openshift-client.kubeconfig + openshiftLoopbackKubeConfig: openshift-master.kubeconfig masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }} @@ -78,16 +89,22 @@ networkConfig: {% include 'v1_partials/oauthConfig.j2' %} policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} + openshiftInfrastructureNamespace: openshift-infra openshiftSharedResourcesNamespace: openshift {# TODO: Allow users to override projectConfig items #} projectConfig: defaultNodeSelector: "" projectRequestMessage: "" projectRequestTemplate: "" + securityAllocator: + mcsAllocatorRange: s0:/2 + mcsLabelsPerProject: 5 + uidAllocatorRange: 1000000000-1999999999/10000 serviceAccountConfig: managedNames: - default - builder + - deployer privateKeyFile: serviceaccounts.private.key publicKeyFiles: - serviceaccounts.public.key @@ -96,3 +113,5 @@ servingInfo: certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key + maxRequestsInFlight: 0 + requestTimeoutSeconds: 0 -- cgit v1.2.3 From 5e99c5791d48d42e67a1c92ff0c8f6a1b18e1208 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Fri, 19 Jun 2015 16:50:20 -0400 Subject: Changes related to latest openshift. --- roles/openshift_master/templates/master.yaml.v1.j2 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 9df07e925..3b8b18c39 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -100,6 +100,8 @@ projectConfig: mcsAllocatorRange: s0:/2 mcsLabelsPerProject: 5 uidAllocatorRange: 1000000000-1999999999/10000 +routingConfig: + subdomain: router.default.local serviceAccountConfig: managedNames: - default @@ -113,5 +115,5 @@ servingInfo: certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key - maxRequestsInFlight: 0 - requestTimeoutSeconds: 0 + maxRequestsInFlight: 500 + requestTimeoutSeconds: 3600 -- cgit v1.2.3 From e7082b9870bdf4cc0769645f4fae3bccc3efdee4 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Fri, 12 Jun 2015 14:52:03 -0400 Subject: Add etcd role that builds out basic etcd cluster - Add initial etcd role - Add etcd playbook to create etcd client certs - Hookup master to etcd --- roles/openshift_master/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index da0a663ec..f6bd2bf2e 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -31,6 +31,7 @@ console_url: "{{ openshift_master_console_url | default(None) }}" console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" public_console_url: "{{ openshift_master_public_console_url | default(None) }}" + etcd_hosts: "{{ groups['etcd'] | default(None)}}" etcd_port: "{{ openshift_master_etcd_port | default(None) }}" etcd_use_ssl: "{{ openshift_master_etcd_use_ssl | default(None) }}" etcd_urls: "{{ openshift_master_etcd_urls | default(None) }}" -- cgit v1.2.3 From add3fbcce31e9db4ea8c76acb9c8579f20581912 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 10 Jul 2015 14:46:43 -0400 Subject: Etcd role updates and playbook updates - fix firewall conflict issues with co-located etcd and openshift hosts - added os_firewall dependency to etcd role - updated etcd template to better handle clustered and non-clustered installs - added etcd_ca role - generates a self-signed cert to manage etcd certificates, since etcd peer certificates are required to be client and server certs and the openshift ca will only generate client or server certs (not one authorized for both). - renamed openshift_etcd_certs role to etcd_certificates and updated it to manage certificates generated from the CA managed by the etcd_ca role - remove hard coded etcd_port in openshift_facts - updates for the openshift-etcd common playbook - removed etcd and openshift-etcd playbooks from the byo playbooks directory - added a common playbook for setting etcd launch facts - added an openshift-etcd common service playbook - removed unused variables - fixed tests for embedded_{etcd,dns,kube} in openshift_master - removed old workaround for reloading systemd units --- roles/openshift_master/tasks/main.yml | 5 ----- roles/openshift_master/templates/master.yaml.v1.j2 | 8 ++++---- 2 files changed, 4 insertions(+), 9 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index f6bd2bf2e..95da2d6f4 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -12,11 +12,6 @@ yum: pkg=openshift-master state=present register: install_result -# TODO: Is this necessary or was this a workaround for an old bug in packaging? -- name: Reload systemd units - command: systemctl daemon-reload - when: install_result | changed - - name: Set master OpenShift facts openshift_facts: role: master diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 3b8b18c39..bc766ec9b 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -18,19 +18,19 @@ corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %} - {{ origin }} {% endfor %} -{% if openshift.master.embedded_dns %} +{% if openshift.master.embedded_dns | bool %} dnsConfig: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }} {% endif %} etcdClientInfo: - ca: ca.crt + ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} certFile: master.etcd-client.crt keyFile: master.etcd-client.key urls: {% for etcd_url in openshift.master.etcd_urls %} - {{ etcd_url }} {% endfor %} -{% if openshift.master.embedded_etcd %} +{% if openshift.master.embedded_etcd | bool %} etcdConfig: address: {{ openshift.common.hostname }}:{{ openshift.master.etcd_port }} peerAddress: {{ openshift.common.hostname }}:7001 @@ -61,7 +61,7 @@ kubeletClientInfo: certFile: master.kubelet-client.crt keyFile: master.kubelet-client.key port: 10250 -{% if openshift.master.embedded_kube %} +{% if openshift.master.embedded_kube | bool %} kubernetesMasterConfig: apiLevels: - v1beta3 -- cgit v1.2.3 From f752eaccbb1a5f0e2c1d36502f755d022a21d073 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 10 Jul 2015 15:04:26 -0400 Subject: Playbook updates for clustered etcd - Add support to bin/cluster for specifying etcd hosts - defaults to 0, if no etcd hosts are selected, then configures embedded etcd - Updates for the byo inventory file for etcd and master as node by default - Consolidation of cluster logic more centrally into common playbook - Added etcd config support to playbooks - Restructured byo playbooks to leverage the common openshift-cluster playbook - Added support to common master playbook to generate and apply external etcd client certs from the etcd ca - start of refactor for better handling of master certs in a multi-master environment. - added the openshift_master_ca and openshift_master_certificates roles to manage master certs instead of generating them in the openshift_master role - added etcd host groups to the cluster update playbooks - aded better handling of host groups when they are either not present or are empty. - Update AWS readme --- roles/openshift_master/tasks/main.yml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 95da2d6f4..b4d0ec0ad 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -26,7 +26,7 @@ console_url: "{{ openshift_master_console_url | default(None) }}" console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" public_console_url: "{{ openshift_master_public_console_url | default(None) }}" - etcd_hosts: "{{ groups['etcd'] | default(None)}}" + etcd_hosts: "{{ openshift_master_etcd_hosts | default(None)}}" etcd_port: "{{ openshift_master_etcd_port | default(None) }}" etcd_use_ssl: "{{ openshift_master_etcd_use_ssl | default(None) }}" etcd_urls: "{{ openshift_master_etcd_urls | default(None) }}" @@ -61,16 +61,6 @@ path: "{{ openshift_master_config_dir }}" state: directory -- name: Create the master certificates if they do not already exist - command: > - {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }} - --master={{ openshift.master.api_url }} - --public-master={{ openshift.master.public_api_url }} - --cert-dir={{ openshift_master_config_dir }} --overwrite=false - args: - creates: "{{ openshift_master_config_dir }}/master.server.key" - - name: Create the policy file if it does not already exist command: > {{ openshift.common.admin_binary }} create-bootstrap-policy-file -- cgit v1.2.3 From f831779404b0147d6a92935cd8b77de3e25f2bec Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 15 Jul 2015 17:04:11 -0400 Subject: add pauses to avoid service restarts from interfering with initial startup bootstrapping --- roles/openshift_master/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index b4d0ec0ad..02905f32d 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -114,6 +114,11 @@ - name: Start and enable openshift-master service: name=openshift-master enabled=yes state=started + register: start_result + +- name: pause to prevent service restart from interfering with bootstrapping + pause: seconds=30 + when: start_result | changed - name: Create the OpenShift client config dir(s) file: -- cgit v1.2.3 From 96c33e1b6a38a21334abd29fe642a2085e2439cb Mon Sep 17 00:00:00 2001 From: Takayoshi Kimura Date: Fri, 17 Jul 2015 16:22:36 +0900 Subject: Replace outdated beta repo ids with 3.0 release --- roles/openshift_master/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/README.md b/roles/openshift_master/README.md index 3178e318c..19f77d145 100644 --- a/roles/openshift_master/README.md +++ b/roles/openshift_master/README.md @@ -7,7 +7,7 @@ Requirements ------------ A RHEL 7.1 host pre-configured with access to the rhel-7-server-rpms, -rhel-7-server-extras-rpms, and rhel-server-7-ose-beta-rpms repos. +rhel-7-server-extras-rpms, and rhel-7-server-ose-3.0-rpms repos. Role Variables -------------- -- cgit v1.2.3 From 6b4282004a4331d9db0e0ab857c96d83a738d82c Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 14 Jul 2015 14:48:38 -0400 Subject: Initial HA master - Ability to specify multiple masters - configures the CA only a single time on the first master - creates and distributes additional certs for additional master hosts - Depending on the status of openshift_master_cluster_defer_ha (defaults to False) one of two actions are taken when multiple masters are defined 1. If openshift_master_cluster_defer_ha is true a. Certs/configs for all masters are deployed b. openshift-master service is only started and enabled on the master c. HA configuration is expected to be handled by the user manually after the completion of the playbook run. 2. If oepnshift_master_cluster_defer_ha is false or undefined a. Certs/configs for all masters are deployed b. a Pacemaker/RHEL HA cluster is configured i. VIPs are configured based on the values of openshift_master_cluster_vip and openshift_master_cluster_plublic_vip ii. The openshift-master service is configured as an active/passive cluster service --- roles/openshift_master/defaults/main.yml | 6 ++++++ roles/openshift_master/handlers/main.yml | 1 + roles/openshift_master/tasks/main.yml | 21 +++++++++++++++++++++ 3 files changed, 28 insertions(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 11195e83e..ca8860099 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -15,6 +15,12 @@ os_firewall_allow: port: 24224/tcp - service: Fluentd td-agent udp port: 24224/udp +- service: pcsd + port: 2224/tcp +- service: Corosync UDP + port: 5404/udp +- service: Corosync UDP + port: 5405/udp os_firewall_deny: - service: OpenShift api http port: 8080/tcp diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index 6fd4dfb51..d57f9a4ea 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -1,3 +1,4 @@ --- - name: restart openshift-master service: name=openshift-master state=restarted + when: not openshift_master_ha diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 02905f32d..2311568dd 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -8,6 +8,10 @@ - openshift_master_oauth_grant_method in openshift_master_valid_grant_methods when: openshift_master_oauth_grant_method is defined +- fail: + msg: "openshift_master_cluster_password must be set for multi-master installations" + when: openshift_master_ha and not openshift.master.cluster_defer_ha | bool and openshift_master_cluster_password is not defined + - name: Install OpenShift Master package yum: pkg=openshift-master state=present register: install_result @@ -16,6 +20,9 @@ openshift_facts: role: master local_facts: + cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" + cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" + cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}" debug_level: "{{ openshift_master_debug_level | default(openshift.common.debug_level) }}" api_port: "{{ openshift_master_api_port | default(None) }}" api_url: "{{ openshift_master_api_url | default(None) }}" @@ -114,12 +121,26 @@ - name: Start and enable openshift-master service: name=openshift-master enabled=yes state=started + when: not openshift_master_ha register: start_result - name: pause to prevent service restart from interfering with bootstrapping pause: seconds=30 when: start_result | changed +- name: Install cluster packagese + yum: pkg=pcs state=present + when: openshift_master_ha and not openshift.master.cluster_defer_ha | bool + register: install_result + +- name: Start and enable cluster service + service: name=pcsd enabled=yes state=started + when: openshift_master_ha and not openshift.master.cluster_defer_ha | bool + +- name: Set the cluster user password + shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster + when: install_result | changed + - name: Create the OpenShift client config dir(s) file: path: "~{{ item }}/.kube" -- cgit v1.2.3 From 0a021c047bfb3fe5710be1e7de8cd577455f53c2 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 17 Jul 2015 15:02:03 -0400 Subject: fix typo --- roles/openshift_master/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 2311568dd..bb1689e5f 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -128,7 +128,7 @@ pause: seconds=30 when: start_result | changed -- name: Install cluster packagese +- name: Install cluster packages yum: pkg=pcs state=present when: openshift_master_ha and not openshift.master.cluster_defer_ha | bool register: install_result -- cgit v1.2.3 From b5d8fabbc9780a050d004231e63ccb7c1a46d199 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Fri, 17 Jul 2015 15:39:06 -0400 Subject: Issue361 - MatchNodeSelector should be first --- roles/openshift_master/templates/scheduler.json.j2 | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/scheduler.json.j2 b/roles/openshift_master/templates/scheduler.json.j2 index 833e7f3e1..835f2383e 100644 --- a/roles/openshift_master/templates/scheduler.json.j2 +++ b/roles/openshift_master/templates/scheduler.json.j2 @@ -1,5 +1,6 @@ { "predicates": [ + {"name": "MatchNodeSelector"}, {"name": "PodFitsResources"}, {"name": "PodFitsPorts"}, {"name": "NoDiskConflict"}, -- cgit v1.2.3 From e60a11b97c83c29b8333d70cf4dcc86518cd150b Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Mon, 20 Jul 2015 11:01:37 -0400 Subject: properly test openshift_master_ha var --- roles/openshift_master/handlers/main.yml | 2 +- roles/openshift_master/tasks/main.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index d57f9a4ea..f1e7e1ab3 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -1,4 +1,4 @@ --- - name: restart openshift-master service: name=openshift-master state=restarted - when: not openshift_master_ha + when: not openshift_master_ha | bool diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index bb1689e5f..057daabf9 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -10,7 +10,7 @@ - fail: msg: "openshift_master_cluster_password must be set for multi-master installations" - when: openshift_master_ha and not openshift.master.cluster_defer_ha | bool and openshift_master_cluster_password is not defined + when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool and openshift_master_cluster_password is not defined - name: Install OpenShift Master package yum: pkg=openshift-master state=present @@ -121,7 +121,7 @@ - name: Start and enable openshift-master service: name=openshift-master enabled=yes state=started - when: not openshift_master_ha + when: not openshift_master_ha | bool register: start_result - name: pause to prevent service restart from interfering with bootstrapping @@ -130,12 +130,12 @@ - name: Install cluster packages yum: pkg=pcs state=present - when: openshift_master_ha and not openshift.master.cluster_defer_ha | bool + when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool register: install_result - name: Start and enable cluster service service: name=pcsd enabled=yes state=started - when: openshift_master_ha and not openshift.master.cluster_defer_ha | bool + when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool - name: Set the cluster user password shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster -- cgit v1.2.3 From c1641d686610f12f2590d2c1dbea5e3967d807f4 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 21 Jul 2015 15:38:55 -0400 Subject: Add masterCA to ServiceAccountConfig --- roles/openshift_master/templates/master.yaml.v1.j2 | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index bc766ec9b..5e46f8f69 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -107,6 +107,7 @@ serviceAccountConfig: - default - builder - deployer + masterCA: ca.crt privateKeyFile: serviceaccounts.private.key publicKeyFiles: - serviceaccounts.public.key -- cgit v1.2.3 From 3795fd4e38297ca00c7d67b8649ddbeec819d87d Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Mon, 27 Jul 2015 12:24:06 -0400 Subject: Bug 1246458 - dnsIP does not point to cluster IP https://bugzilla.redhat.com/show_bug.cgi?id=1246458 - Previously when configuring an HA cluster for multi-master the dns ip in the node config was pointing only to the first master instead of the cluster ip. --- roles/openshift_master/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 057daabf9..ec7cee33b 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -59,7 +59,7 @@ openshift_facts: role: dns local_facts: - ip: "{{ openshift.common.ip }}" + ip: "{{ openshift_master_cluster_vip | default(openshift.common.ip, true) | default(None) }}" domain: cluster.local when: openshift.master.embedded_dns -- cgit v1.2.3 From e944b14f3dd9ec0f97e74109a6dcbd019192c958 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 28 Jul 2015 23:06:07 -0400 Subject: Add support for setting routingConfig:subdomain --- roles/openshift_master/tasks/main.yml | 1 + roles/openshift_master/templates/master.yaml.v1.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 057daabf9..8d6c02e7f 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -53,6 +53,7 @@ oauth_grant_method: "{{ openshift_master_oauth_grant_method | default(None) }}" sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}" sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" + default_subdomain: "{{ osm_default_subdomain | default(None) }}" # TODO: These values need to be configurable - name: Set dns OpenShift facts diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 5e46f8f69..01c0ea7e4 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -101,7 +101,7 @@ projectConfig: mcsLabelsPerProject: 5 uidAllocatorRange: 1000000000-1999999999/10000 routingConfig: - subdomain: router.default.local + subdomain: "{{ openshift.master.default_subdomain | default("") }}" serviceAccountConfig: managedNames: - default -- cgit v1.2.3 From 7aeadcf61aef6256962a4859f4753b69c8fccc0f Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 29 Jul 2015 16:46:00 -0400 Subject: Set loglevel=2 as our default across the board --- roles/openshift_master/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/README.md b/roles/openshift_master/README.md index 19f77d145..0e7ef3aab 100644 --- a/roles/openshift_master/README.md +++ b/roles/openshift_master/README.md @@ -28,7 +28,7 @@ From this role: From openshift_common: | Name | Default Value | | |-------------------------------|----------------|----------------------------------------| -| openshift_debug_level | 0 | Global openshift debug log verbosity | +| openshift_debug_level | 2 | Global openshift debug log verbosity | | openshift_public_ip | UNDEF | Public IP address to use for this host | | openshift_hostname | UNDEF | hostname to use for this instance | -- cgit v1.2.3 From a000874e90000f15ea7aed09344eb2c641d27008 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Fri, 31 Jul 2015 15:13:44 -0400 Subject: Add LDAPPasswordIdentityProvider bits to identity_provider_config macro. --- .../openshift_master/templates/v1_partials/oauthConfig.j2 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 index f6fd88c65..4ca644876 100644 --- a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 +++ b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 @@ -10,6 +10,20 @@ {{ key }}: {{ identity_provider[key] }}" {% endif %} {% endfor %} +{% elif identity_provider.kind == 'LDAPPasswordIdentityProvider' %} + attributes: +{% for attribute_key in identity_provider.attributes %} + {{ attribute_key }}: +{% for attribute_value in identity_provider.attributes[attribute_key] %} + - {{ attribute_value }} +{% endfor %} +{% endfor %} +{% for key in ('bindDN', 'bindPassword', 'ca') %} + {{ key }}: "{{ identity_provider[key] }}" +{% endfor %} +{% for key in ('insecure', 'url') %} + {{ key }}: {{ identity_provider[key] }} +{% endfor %} {% elif identity_provider.kind == 'RequestHeaderIdentityProvider' %} headers: {{ identity_provider.headers }} {% if 'clientCA' in identity_provider %} -- cgit v1.2.3 From 6a00818b03773feb76f5ec997431f975a517b69d Mon Sep 17 00:00:00 2001 From: Diego Castro Date: Wed, 12 Aug 2015 11:16:12 -0300 Subject: Fix Custom Cors --- roles/openshift_master/tasks/main.yml | 1 + roles/openshift_master/templates/master.yaml.v1.j2 | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 8d6c02e7f..151d0662f 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -54,6 +54,7 @@ sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}" sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" default_subdomain: "{{ osm_default_subdomain | default(None) }}" + custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" # TODO: These values need to be configurable - name: Set dns OpenShift facts diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 01c0ea7e4..c4d319c87 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -14,10 +14,12 @@ assetConfig: maxRequestsInFlight: 0 requestTimeoutSeconds: 0 corsAllowedOrigins: -{# TODO: add support for user specified corsAllowedOrigins #} {% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %} - {{ origin }} {% endfor %} +{% for custom_origin in openshift.master.custom_cors_origins | default("") %} + - {{ custom_origin }} +{% endfor %} {% if openshift.master.embedded_dns | bool %} dnsConfig: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }} -- cgit v1.2.3 From ec293f371046a99b0f737a59b4a9f3f001af3279 Mon Sep 17 00:00:00 2001 From: Diego Castro Date: Wed, 12 Aug 2015 20:02:05 -0300 Subject: Custom Project Config --- roles/openshift_master/tasks/main.yml | 2 ++ roles/openshift_master/templates/master.yaml.v1.j2 | 10 +--------- roles/openshift_master/templates/v1_partials/projectConfig.j2 | 1 + 3 files changed, 4 insertions(+), 9 deletions(-) create mode 100644 roles/openshift_master/templates/v1_partials/projectConfig.j2 (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 151d0662f..5975ae224 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -55,6 +55,8 @@ sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" default_subdomain: "{{ osm_default_subdomain | default(None) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" + project_config: "{{ openshift_master_project_config | default(None) }}" + # TODO: These values need to be configurable - name: Set dns OpenShift facts diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index c4d319c87..0a8f6c286 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -93,15 +93,7 @@ policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} openshiftInfrastructureNamespace: openshift-infra openshiftSharedResourcesNamespace: openshift -{# TODO: Allow users to override projectConfig items #} -projectConfig: - defaultNodeSelector: "" - projectRequestMessage: "" - projectRequestTemplate: "" - securityAllocator: - mcsAllocatorRange: s0:/2 - mcsLabelsPerProject: 5 - uidAllocatorRange: 1000000000-1999999999/10000 +{% include 'v1_partials/projectConfig.j2' %} routingConfig: subdomain: "{{ openshift.master.default_subdomain | default("") }}" serviceAccountConfig: diff --git a/roles/openshift_master/templates/v1_partials/projectConfig.j2 b/roles/openshift_master/templates/v1_partials/projectConfig.j2 new file mode 100644 index 000000000..55170e406 --- /dev/null +++ b/roles/openshift_master/templates/v1_partials/projectConfig.j2 @@ -0,0 +1 @@ +{{ openshift.master.project_config[0] | to_nice_yaml }} -- cgit v1.2.3 From dcdb74b61cd49bee70da5997b9990da86cc3b1c8 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 12 Aug 2015 09:33:02 -0400 Subject: Add support for setting default node selector --- roles/openshift_master/tasks/main.yml | 1 + roles/openshift_master/templates/master.yaml.v1.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 151d0662f..f90f526c9 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -55,6 +55,7 @@ sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" default_subdomain: "{{ osm_default_subdomain | default(None) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" + default_node_selector: "{{ osm_default_node_selector | default(None) }}" # TODO: These values need to be configurable - name: Set dns OpenShift facts diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index c4d319c87..b5e3d2f05 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -95,7 +95,7 @@ policyConfig: openshiftSharedResourcesNamespace: openshift {# TODO: Allow users to override projectConfig items #} projectConfig: - defaultNodeSelector: "" + defaultNodeSelector: "{{ openshift.master.default_node_selector | default("") }}" projectRequestMessage: "" projectRequestTemplate: "" securityAllocator: -- cgit v1.2.3 From 0bc39b7f4ad53344d19d0d783fd6eec4d3b424ef Mon Sep 17 00:00:00 2001 From: Diego Castro Date: Wed, 12 Aug 2015 22:53:10 -0300 Subject: Update PR #458 from comments --- roles/openshift_master/tasks/main.yml | 7 ++++++- roles/openshift_master/templates/master.yaml.v1.j2 | 9 ++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 5975ae224..019856f19 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -55,7 +55,12 @@ sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" default_subdomain: "{{ osm_default_subdomain | default(None) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" - project_config: "{{ openshift_master_project_config | default(None) }}" + default_node_selector: "{{ osm_default_node_selector | default(None) }}" + project_request_message: "{{ osm_project_request_message | default(None) }}" + project_request_template: "{{ osm_project_request_template | default(None) }}" + mcs_allocator_range: "{{ osm_mcs_allocator_range | default(None) }}" + mcs_labels_per_project: "{{ osm_mcs_labels_per_project | default(None) }}" + uid_allocator_range: "{{ osm_uid_allocator_range | default(None) }}" # TODO: These values need to be configurable diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 0a8f6c286..20dfe155a 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -93,7 +93,14 @@ policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} openshiftInfrastructureNamespace: openshift-infra openshiftSharedResourcesNamespace: openshift -{% include 'v1_partials/projectConfig.j2' %} +projectConfig: + defaultNodeSelector: "{{ openshift.master.default_node_selector | default("") }}" + projectRequestMessage: "{{ openshift.master.project_request_message | default("") }}" + projectRequestTemplate: "{{ openshift.master.project_request_template | default("") }}" + securityAllocator: + mcsAllocatorRange: "{{ openshift.master.project_request_template | default("s0:/2") }}" + mcsLabelsPerProject: "{{ openshift.master.mcs_labels_per_project | default("5") }}" + uidAllocatorRange: "{{ openshift.master.uid_allocator_range | default("1000000000-1999999999/10000") }}" routingConfig: subdomain: "{{ openshift.master.default_subdomain | default("") }}" serviceAccountConfig: -- cgit v1.2.3 From 800256e451b112d3cd7c2356615572c0de3c3840 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 12 Aug 2015 22:01:06 -0400 Subject: Add support for setting kubeletArguments, controllerArguments, and apiServerArguments --- roles/openshift_master/tasks/main.yml | 2 ++ roles/openshift_master/templates/master.yaml.v1.j2 | 6 ++++++ 2 files changed, 8 insertions(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index f90f526c9..3ee21b902 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -56,6 +56,8 @@ default_subdomain: "{{ osm_default_subdomain | default(None) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" default_node_selector: "{{ osm_default_node_selector | default(None) }}" + api_server_args: "{{ osm_api_server_args | default(None) }}" + controller_args: "{{ osm_controller_args | default(None) }}" # TODO: These values need to be configurable - name: Set dns OpenShift facts diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index b5e3d2f05..44567aa22 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -2,6 +2,9 @@ apiLevels: - v1beta3 - v1 apiVersion: v1 +{% if api_server_args is defined and api_server_args %} +apiServerArguments: {{ api_server_args }} +{% endif %} assetConfig: logoutURL: "" masterPublicURL: {{ openshift.master.public_api_url }} @@ -13,6 +16,9 @@ assetConfig: keyFile: master.server.key maxRequestsInFlight: 0 requestTimeoutSeconds: 0 +{% if controller_args is defined and controller_args %} +controllerArguments: {{ controller_args }} +{% endif %} corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %} - {{ origin }} -- cgit v1.2.3 From 7f740ff24b807f9f88209785a027056bfa146e2e Mon Sep 17 00:00:00 2001 From: Diego Castro Date: Mon, 17 Aug 2015 11:59:07 -0300 Subject: Cleanup --- roles/openshift_master/templates/v1_partials/projectConfig.j2 | 1 - 1 file changed, 1 deletion(-) delete mode 100644 roles/openshift_master/templates/v1_partials/projectConfig.j2 (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/v1_partials/projectConfig.j2 b/roles/openshift_master/templates/v1_partials/projectConfig.j2 deleted file mode 100644 index 55170e406..000000000 --- a/roles/openshift_master/templates/v1_partials/projectConfig.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ openshift.master.project_config[0] | to_nice_yaml }} -- cgit v1.2.3 From ad1e4f8ef38681ff64769fe5c9442496a44386e6 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Mon, 17 Aug 2015 12:15:33 -0400 Subject: Bug 1252337 - Fix for quote error in oauthConfig template https://bugzilla.redhat.com/show_bug.cgi?id=1252337 --- roles/openshift_master/templates/v1_partials/oauthConfig.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 index 4ca644876..72889bc29 100644 --- a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 +++ b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 @@ -7,7 +7,7 @@ url: {{ identity_provider.url }} {% for key in ('ca', 'certFile', 'keyFile') %} {% if key in identity_provider %} - {{ key }}: {{ identity_provider[key] }}" + {{ key }}: "{{ identity_provider[key] }}" {% endif %} {% endfor %} {% elif identity_provider.kind == 'LDAPPasswordIdentityProvider' %} -- cgit v1.2.3 From 8468d25fae71c80277c10ad975641cb1ba230fd8 Mon Sep 17 00:00:00 2001 From: Diego Castro Date: Mon, 17 Aug 2015 17:38:23 -0300 Subject: Get default values from openshift_facts --- roles/openshift_master/templates/master.yaml.v1.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index b738084c0..7a8ab5c00 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -100,13 +100,13 @@ policyConfig: openshiftInfrastructureNamespace: openshift-infra openshiftSharedResourcesNamespace: openshift projectConfig: - defaultNodeSelector: "{{ openshift.master.default_node_selector | default("") }}" - projectRequestMessage: "{{ openshift.master.project_request_message | default("") }}" - projectRequestTemplate: "{{ openshift.master.project_request_template | default("") }}" + defaultNodeSelector: {{ openshift.master.default_node_selector }} + projectRequestMessage: {{ openshift.master.project_request_message }} + projectRequestTemplate: {{ openshift.master.project_request_template }} securityAllocator: - mcsAllocatorRange: "{{ openshift.master.project_request_template | default("s0:/2") }}" - mcsLabelsPerProject: "{{ openshift.master.mcs_labels_per_project | default("5") }}" - uidAllocatorRange: "{{ openshift.master.uid_allocator_range | default("1000000000-1999999999/10000") }}" + mcsAllocatorRange: {{ openshift.master.mcs_allocator_range }} + mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }} + uidAllocatorRange: {{ openshift.master.uid_allocator_range }} routingConfig: subdomain: "{{ openshift.master.default_subdomain | default("") }}" serviceAccountConfig: -- cgit v1.2.3 From 3ea281da43514e5909256310a504820ff82dd401 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Sat, 22 Aug 2015 23:37:44 -0400 Subject: fix apiServerArguments and controllerServerArguments --- roles/openshift_master/templates/master.yaml.v1.j2 | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 44567aa22..7a8194d13 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -2,9 +2,6 @@ apiLevels: - v1beta3 - v1 apiVersion: v1 -{% if api_server_args is defined and api_server_args %} -apiServerArguments: {{ api_server_args }} -{% endif %} assetConfig: logoutURL: "" masterPublicURL: {{ openshift.master.public_api_url }} @@ -16,9 +13,6 @@ assetConfig: keyFile: master.server.key maxRequestsInFlight: 0 requestTimeoutSeconds: 0 -{% if controller_args is defined and controller_args %} -controllerArguments: {{ controller_args }} -{% endif %} corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %} - {{ origin }} @@ -74,8 +68,8 @@ kubernetesMasterConfig: apiLevels: - v1beta3 - v1 - apiServerArguments: null - controllerArguments: null + apiServerArguments: {{ api_server_args if api_server_args is defined else null }} + controllerArguments: {{ controller_args if controller_args is defined else null }} {# TODO: support overriding masterCount #} masterCount: 1 masterIP: "" -- cgit v1.2.3 From 0077c327fd5214a9b43f8d2fde18a6325002922d Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Sat, 22 Aug 2015 23:49:40 -0400 Subject: Fix quoting around null --- roles/openshift_master/templates/master.yaml.v1.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 7a8194d13..fff123d0d 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -68,8 +68,8 @@ kubernetesMasterConfig: apiLevels: - v1beta3 - v1 - apiServerArguments: {{ api_server_args if api_server_args is defined else null }} - controllerArguments: {{ controller_args if controller_args is defined else null }} + apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }} + controllerArguments: {{ controller_args if controller_args is defined else 'null' }} {# TODO: support overriding masterCount #} masterCount: 1 masterIP: "" -- cgit v1.2.3 From 1b3fff6248fbd6788a26ee2b6c60f7731891c0f4 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Fri, 19 Jun 2015 14:41:10 -0400 Subject: Atomic Enterprise related changes. --- roles/openshift_master/README.md | 10 +++--- roles/openshift_master/defaults/main.yml | 10 +++--- roles/openshift_master/handlers/main.yml | 4 +-- roles/openshift_master/meta/main.yml | 2 +- roles/openshift_master/tasks/main.yml | 55 ++++++++++++++++++++++---------- roles/openshift_master/vars/main.yml | 2 +- 6 files changed, 52 insertions(+), 31 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/README.md b/roles/openshift_master/README.md index 0e7ef3aab..155bdb58b 100644 --- a/roles/openshift_master/README.md +++ b/roles/openshift_master/README.md @@ -1,7 +1,7 @@ -OpenShift Master -================ +OpenShift/Atomic Enterprise Master +================================== -OpenShift Master service installation +Master service installation Requirements ------------ @@ -15,8 +15,8 @@ Role Variables From this role: | Name | Default value | | |-------------------------------------|-----------------------|--------------------------------------------------| -| openshift_master_debug_level | openshift_debug_level | Verbosity of the debug logs for openshift-master | -| openshift_node_ips | [] | List of the openshift node ip addresses to pre-register when openshift-master starts up | +| openshift_master_debug_level | openshift_debug_level | Verbosity of the debug logs for master | +| openshift_node_ips | [] | List of the openshift node ip addresses to pre-register when master starts up | | oreg_url | UNDEF | Default docker registry to use | | openshift_master_api_port | UNDEF | | | openshift_master_console_port | UNDEF | | diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index ca8860099..9766d01ae 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -5,11 +5,11 @@ openshift_node_ips: [] os_firewall_allow: - service: etcd embedded port: 4001/tcp -- service: OpenShift api https +- service: api server https port: 8443/tcp -- service: OpenShift dns tcp +- service: dns tcp port: 53/tcp -- service: OpenShift dns udp +- service: dns udp port: 53/udp - service: Fluentd td-agent tcp port: 24224/tcp @@ -22,9 +22,9 @@ os_firewall_allow: - service: Corosync UDP port: 5405/udp os_firewall_deny: -- service: OpenShift api http +- service: api server http port: 8080/tcp -- service: former OpenShift web console port +- service: former web console port port: 8444/tcp - service: former etcd peer port port: 7001/tcp diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index f1e7e1ab3..2981979e0 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -1,4 +1,4 @@ --- -- name: restart openshift-master - service: name=openshift-master state=restarted +- name: restart master + service: name={{ openshift.common.service_type }}-master state=restarted when: not openshift_master_ha | bool diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index 41a183c3b..c125cb5d0 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: author: Jhon Honce - description: OpenShift Master + description: Master company: Red Hat, Inc. license: Apache License, Version 2.0 min_ansible_version: 1.7 diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 9204d25ce..4dad9b62f 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -12,11 +12,7 @@ msg: "openshift_master_cluster_password must be set for multi-master installations" when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool and openshift_master_cluster_password is not defined -- name: Install OpenShift Master package - yum: pkg=openshift-master state=present - register: install_result - -- name: Set master OpenShift facts +- name: Set master facts openshift_facts: role: master local_facts: @@ -59,8 +55,26 @@ api_server_args: "{{ osm_api_server_args | default(None) }}" controller_args: "{{ osm_controller_args | default(None) }}" +- name: Install Master package + yum: pkg={{ openshift.common.service_type }}-master state=present + register: install_result + +- name: Check for RPM generated config marker file /etc/origin/.config_managed + stat: path=/etc/origin/.rpmgenerated + register: rpmgenerated_config + +- name: Remove RPM generated config files + file: + path: "{{ item }}" + state: absent + when: openshift.common.service_type in ['atomic-enterprise','openshift-enterprise'] and rpmgenerated_config.stat.exists == true + with_items: + - "{{ openshift.common.config_base }}/master" + - "{{ openshift.common.config_base }}/node" + - "{{ openshift.common.config_base }}/.rpmgenerated" + # TODO: These values need to be configurable -- name: Set dns OpenShift facts +- name: Set dns facts openshift_facts: role: dns local_facts: @@ -80,20 +94,27 @@ args: creates: "{{ openshift_master_policy }}" notify: - - restart openshift-master + - restart master - name: Create the scheduler config template: dest: "{{ openshift_master_scheduler_conf }}" src: scheduler.json.j2 notify: - - restart openshift-master + - restart master - name: Install httpd-tools if needed yum: pkg=httpd-tools state=present when: item.kind == 'HTPasswdPasswordIdentityProvider' with_items: openshift.master.identity_providers +- name: Ensure htpasswd directory exists + file: + path: "{{ item.filename | dirname }}" + state: directory + when: item.kind == 'HTPasswdPasswordIdentityProvider' + with_items: openshift.master.identity_providers + - name: Create the htpasswd file if needed copy: dest: "{{ item.filename }}" @@ -109,11 +130,11 @@ dest: "{{ openshift_master_config_file }}" src: master.yaml.v1.j2 notify: - - restart openshift-master + - restart master -- name: Configure OpenShift settings +- name: Configure master settings lineinfile: - dest: /etc/sysconfig/openshift-master + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master regexp: "{{ item.regex }}" line: "{{ item.line }}" with_items: @@ -122,10 +143,10 @@ - regex: '^CONFIG_FILE=' line: "CONFIG_FILE={{ openshift_master_config_file }}" notify: - - restart openshift-master + - restart master -- name: Start and enable openshift-master - service: name=openshift-master enabled=yes state=started +- name: Start and enable master + service: name={{ openshift.common.service_type }}-master enabled=yes state=started when: not openshift_master_ha | bool register: start_result @@ -146,7 +167,7 @@ shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster when: install_result | changed -- name: Create the OpenShift client config dir(s) +- name: Create the client config dir(s) file: path: "~{{ item }}/.kube" state: directory @@ -159,7 +180,7 @@ # TODO: Update this file if the contents of the source file are not present in # the dest file, will need to make sure to ignore things that could be added -- name: Copy the OpenShift admin client config(s) +- name: Copy the admin client config(s) command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config args: creates: ~{{ item }}/.kube/config @@ -167,7 +188,7 @@ - root - "{{ ansible_ssh_user }}" -- name: Update the permissions on the OpenShift admin client config(s) +- name: Update the permissions on the admin client config(s) file: path: "~{{ item }}/.kube/config" state: file diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index f6f69966a..a61ba0397 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -1,5 +1,5 @@ --- -openshift_master_config_dir: /etc/openshift/master +openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml" openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" -- cgit v1.2.3 From 32578c30f370d05dd472d07d07d7b934fd9c1510 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 31 Aug 2015 16:28:23 -0400 Subject: Add serviceNetworkCIDR to network config Required by OSE 3.0.2 and Origin 1.0.6 --- roles/openshift_master/templates/master.yaml.v1.j2 | 2 ++ 1 file changed, 2 insertions(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index fff123d0d..7aa4ce9b6 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -88,6 +88,8 @@ networkConfig: clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }} hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} +# serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet + serviceNetworkCIDR: {{ openshift.master.portal_net }} {% include 'v1_partials/oauthConfig.j2' %} policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} -- cgit v1.2.3 From 633c651285b53ee154cd497513ded4a26c88d991 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 3 Sep 2015 15:30:03 -0400 Subject: Add openshift_version to set RPM versions Mostly necessary for debugging / testing upgrade paths --- roles/openshift_master/tasks/main.yml | 2 +- roles/openshift_master/vars/main.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 4dad9b62f..b57711b58 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -56,7 +56,7 @@ controller_args: "{{ osm_controller_args | default(None) }}" - name: Install Master package - yum: pkg={{ openshift.common.service_type }}-master state=present + yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present register: install_result - name: Check for RPM generated config marker file /etc/origin/.config_managed diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index a61ba0397..cce118cf1 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -3,6 +3,7 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml" openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" +openshift_version: "{{ openshift_version | default('') }}" openshift_master_valid_grant_methods: - auto -- cgit v1.2.3 From 07c59ea91a8e87d1b7edbb88ae6012ac13643f52 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Fri, 4 Sep 2015 18:32:28 -0400 Subject: Avoid a recursive loop --- roles/openshift_master/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index cce118cf1..ecdb4f883 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -3,7 +3,7 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml" openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" -openshift_version: "{{ openshift_version | default('') }}" +openshift_version: "{{ openshift_pkg_version | default('') }}" openshift_master_valid_grant_methods: - auto -- cgit v1.2.3 From 12b56e720a8221208fbc1c5dd8a7e5732aa4f04e Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 9 Sep 2015 12:03:09 -0400 Subject: Move openshift_data_dir to a fact based on deployment_type Previously this was being set to /var/lib/origin regardless of deployment_type which isn't correct given that existing 'enterprise' and 'online' deployments would have been deployed with /var/lib/openshift --- roles/openshift_master/templates/master.yaml.v1.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 7aa4ce9b6..500690523 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -46,7 +46,7 @@ etcdConfig: certFile: etcd.server.crt clientCA: ca.crt keyFile: etcd.server.key - storageDirectory: {{ openshift_data_dir }}/openshift.local.etcd + storageDirectory: {{ openshift.common.data_dir }}/openshift.local.etcd {% endif %} etcdStorageConfig: kubernetesStoragePrefix: kubernetes.io -- cgit v1.2.3 From 44f2904159c5a3e0045eb413287a9c1778f91adb Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 10 Sep 2015 10:27:35 -0400 Subject: Upgrades --- roles/openshift_master/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index b57711b58..fa12005ab 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -100,6 +100,7 @@ template: dest: "{{ openshift_master_scheduler_conf }}" src: scheduler.json.j2 + backup: true notify: - restart master @@ -129,6 +130,7 @@ template: dest: "{{ openshift_master_config_file }}" src: master.yaml.v1.j2 + backup: true notify: - restart master -- cgit v1.2.3 From 6f211046e6f344756eb10b0103b92d08d40ea178 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Mon, 5 Oct 2015 22:59:56 -0400 Subject: Add kind/apiVersion to scheduler.json template --- roles/openshift_master/templates/scheduler.json.j2 | 2 ++ 1 file changed, 2 insertions(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/scheduler.json.j2 b/roles/openshift_master/templates/scheduler.json.j2 index 835f2383e..cb5f43bb2 100644 --- a/roles/openshift_master/templates/scheduler.json.j2 +++ b/roles/openshift_master/templates/scheduler.json.j2 @@ -1,4 +1,6 @@ { + "kind": "Policy", + "apiVersion": "v1", "predicates": [ {"name": "MatchNodeSelector"}, {"name": "PodFitsResources"}, -- cgit v1.2.3 From 8c21fffe2e97154d4938bd823098b0814f989001 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Fri, 9 Oct 2015 21:14:08 -0400 Subject: Add masterCA to oauth template --- roles/openshift_master/templates/v1_partials/oauthConfig.j2 | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 index 72889bc29..8a4f5a746 100644 --- a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 +++ b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 @@ -80,6 +80,7 @@ oauthConfig: provider: {{ identity_provider_config(identity_provider) }} {%- endfor %} + masterCA: ca.crt masterPublicURL: {{ openshift.master.public_api_url }} masterURL: {{ openshift.master.api_url }} sessionConfig: -- cgit v1.2.3 From ed4f46169befecbbcbd646b5333d77add80e133f Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 17 Sep 2015 15:56:44 -0400 Subject: Lookup ansible_ssh_user group for kubeconfig perms Fixes #585 --- roles/openshift_master/tasks/main.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index b57711b58..29b56656f 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -167,13 +167,17 @@ shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster when: install_result | changed +- name: Lookup default group for ansible_ssh_user + command: "/usr/bin/id -g {{ ansible_ssh_user }}" + register: _ansible_ssh_user_gid + - name: Create the client config dir(s) file: path: "~{{ item }}/.kube" state: directory mode: 0700 owner: "{{ item }}" - group: "{{ item }}" + group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" with_items: - root - "{{ ansible_ssh_user }}" @@ -194,7 +198,7 @@ state: file mode: 0700 owner: "{{ item }}" - group: "{{ item }}" + group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" with_items: - root - "{{ ansible_ssh_user }}" -- cgit v1.2.3 From 2b465af8ecc2ab2da13d60707e3383f809ea9924 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Tue, 6 Oct 2015 11:10:55 +0200 Subject: Allow disabling the network plugin configuration This is useful when we want to use a different networking solution without having any networking plugin code run when the services start up. --- roles/openshift_master/templates/master.yaml.v1.j2 | 2 ++ 1 file changed, 2 insertions(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 500690523..cc1dee13d 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -87,7 +87,9 @@ masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }} hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }} + {% if openshift.common.use_openshift_sdn %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} + {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.master.portal_net }} {% include 'v1_partials/oauthConfig.j2' %} -- cgit v1.2.3 From bced0615a4edf4f2a42073a365dc756009ccc250 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 20 Oct 2015 12:34:51 -0400 Subject: Fix yaml indentation from use_openshift_sdn conditional --- roles/openshift_master/templates/master.yaml.v1.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index cc1dee13d..6e45eaad7 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -87,9 +87,9 @@ masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }} hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }} - {% if openshift.common.use_openshift_sdn %} +{% if openshift.common.use_openshift_sdn %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} - {% endif %} +{% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.master.portal_net }} {% include 'v1_partials/oauthConfig.j2' %} -- cgit v1.2.3 From 8691cd2947146a24237fadc443eb02acf805a606 Mon Sep 17 00:00:00 2001 From: Stefanie Forrester Date: Fri, 11 Sep 2015 13:13:17 -0700 Subject: Support HA or single router, and start work on registry --- roles/openshift_master/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 73c04cb08..4dcab31d1 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -52,8 +52,11 @@ default_subdomain: "{{ osm_default_subdomain | default(None) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" default_node_selector: "{{ osm_default_node_selector | default(None) }}" + router_selector: "{{ openshift_router_selector | default(None) }}" + registry_selector: "{{ openshift_registry_selector | default(None) }}" api_server_args: "{{ osm_api_server_args | default(None) }}" controller_args: "{{ osm_controller_args | default(None) }}" + infra_nodes: "{{ num_infra | default(None) }}" - name: Install Master package yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present -- cgit v1.2.3 From 28060809e10c54bf2edd2f9bf2dd22ce5acfff0a Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 21 Oct 2015 16:00:06 -0400 Subject: Avoid hardcoded 30s pauses - refactor node and master restart handlers to avoid 30s pauses --- roles/openshift_master/handlers/main.yml | 2 +- roles/openshift_master/tasks/main.yml | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index 2981979e0..f00e56908 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -1,4 +1,4 @@ --- - name: restart master service: name={{ openshift.common.service_type }}-master state=restarted - when: not openshift_master_ha | bool + when: not (openshift_master_ha | bool or skip_master_restart | default(false)) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 4dcab31d1..90e77e7c2 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -155,9 +155,8 @@ when: not openshift_master_ha | bool register: start_result -- name: pause to prevent service restart from interfering with bootstrapping - pause: seconds=30 - when: start_result | changed +- set_fact: + skip_master_restart = start_result | changed - name: Install cluster packages yum: pkg=pcs state=present -- cgit v1.2.3 From 3e44d3aa6d35c62c57c102f5a8fec4bf86d2a1b5 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 21 Oct 2015 13:41:56 -0400 Subject: Fix test and workaround for rpm generated configs - fixed inconcistency in naming for rpm generated config test - refactoring to fix logic after the ha master refactoring had broken the previous steps --- roles/openshift_master/tasks/main.yml | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 4dcab31d1..a5c1a805c 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -62,20 +62,6 @@ yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present register: install_result -- name: Check for RPM generated config marker file /etc/origin/.config_managed - stat: path=/etc/origin/.rpmgenerated - register: rpmgenerated_config - -- name: Remove RPM generated config files - file: - path: "{{ item }}" - state: absent - when: openshift.common.service_type in ['atomic-enterprise','openshift-enterprise'] and rpmgenerated_config.stat.exists == true - with_items: - - "{{ openshift.common.config_base }}/master" - - "{{ openshift.common.config_base }}/node" - - "{{ openshift.common.config_base }}/.rpmgenerated" - # TODO: These values need to be configurable - name: Set dns facts openshift_facts: -- cgit v1.2.3 From 7f5c403e144e6ef4d39bf7b11adb4c4a8976521c Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 21 Oct 2015 16:17:39 -0400 Subject: Add proxy client certs to master config. --- roles/openshift_master/templates/master.yaml.v1.j2 | 3 +++ 1 file changed, 3 insertions(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 6e45eaad7..72fdcf88d 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -74,6 +74,9 @@ kubernetesMasterConfig: masterCount: 1 masterIP: "" podEvictionTimeout: "" + proxyClientInfo: + certFile: master.proxy-client.crt + keyFile: master.proxy-client.key schedulerConfigFile: {{ openshift_master_scheduler_conf }} servicesNodePortRange: "" servicesSubnet: {{ openshift.master.portal_net }} -- cgit v1.2.3 From 48889b8ed74abfd070fb5ecad082c4f540f7a3fe Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 23 Oct 2015 11:00:33 -0400 Subject: cleanup naming for skipping master and node restart handlers --- roles/openshift_master/handlers/main.yml | 2 +- roles/openshift_master/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index f00e56908..37028e0f6 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -1,4 +1,4 @@ --- - name: restart master service: name={{ openshift.common.service_type }}-master state=restarted - when: not (openshift_master_ha | bool or skip_master_restart | default(false)) + when: (not openshift_master_ha | bool) and (not master_service_status_changed | default(false)) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 90e77e7c2..0b20e054b 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -156,7 +156,7 @@ register: start_result - set_fact: - skip_master_restart = start_result | changed + master_service_status_changed = start_result | changed - name: Install cluster packages yum: pkg=pcs state=present -- cgit v1.2.3 From 2f55e2d69f8c9e28ccf73065ddc9db62a2aa4ad9 Mon Sep 17 00:00:00 2001 From: Diego Castro Date: Fri, 23 Oct 2015 21:23:55 -0300 Subject: Add missing quotes --- roles/openshift_master/templates/master.yaml.v1.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index d66f9e15d..011b43df6 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -98,13 +98,13 @@ policyConfig: openshiftInfrastructureNamespace: openshift-infra openshiftSharedResourcesNamespace: openshift projectConfig: - defaultNodeSelector: {{ openshift.master.default_node_selector }} - projectRequestMessage: {{ openshift.master.project_request_message }} - projectRequestTemplate: {{ openshift.master.project_request_template }} + defaultNodeSelector: "{{ openshift.master.default_node_selector }}" + projectRequestMessage: "{{ openshift.master.project_request_message }}" + projectRequestTemplate: "{{ openshift.master.project_request_template }}" securityAllocator: - mcsAllocatorRange: {{ openshift.master.mcs_allocator_range }} - mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }} - uidAllocatorRange: {{ openshift.master.uid_allocator_range }} + mcsAllocatorRange: "{{ openshift.master.mcs_allocator_range }}" + mcsLabelsPerProject: "{{ openshift.master.mcs_labels_per_project }}" + uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}" routingConfig: subdomain: "{{ openshift.master.default_subdomain | default("") }}" serviceAccountConfig: -- cgit v1.2.3 From e87883d2be647edbcd564cefbf09a40120f1832d Mon Sep 17 00:00:00 2001 From: Diego Castro Date: Mon, 26 Oct 2015 16:19:53 -0300 Subject: Fix quotes --- roles/openshift_master/templates/master.yaml.v1.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 011b43df6..90234bacc 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -103,7 +103,7 @@ projectConfig: projectRequestTemplate: "{{ openshift.master.project_request_template }}" securityAllocator: mcsAllocatorRange: "{{ openshift.master.mcs_allocator_range }}" - mcsLabelsPerProject: "{{ openshift.master.mcs_labels_per_project }}" + mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }} uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}" routingConfig: subdomain: "{{ openshift.master.default_subdomain | default("") }}" -- cgit v1.2.3