From a0b6fc7db1be2cf6190d982f90e96f4c39a4c699 Mon Sep 17 00:00:00 2001 From: Tobias Florek Date: Wed, 23 Sep 2015 13:51:41 +0200 Subject: Initial containerization work from @ibotty copied from https://github.com/eparis/kubernetes-ansible/blob/17f98edd7ff53e649b43e26822b8fbc0be42b233/roles/common/tasks/main.yml --- roles/openshift_master/tasks/main.yml | 27 +++++++++++++++++++++- .../templates/openshift.docker.master.service | 11 +++++++++ roles/openshift_master/vars/main.yml | 2 ++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 roles/openshift_master/templates/openshift.docker.master.service (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 43647cc49..6844a16cc 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -21,6 +21,10 @@ msg: "openshift_master_cluster_password must be set for multi-master installations" when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password) +- fail: + msg: "openshift_master_ha is not yet supported on atomic hosts" + when: openshift_master_ha | bool and is_atomic + - name: Set master facts openshift_facts: role: master @@ -79,6 +83,25 @@ - name: Install Master package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version }} state=present" + when: not is_atomic + +# TODO: enable when ansible#1993 lands and is widespread enough +# - name: Docker image present +# docker: +# image: "{{ openshift.common.docker.image }}" +# state: image_present +# when: is_atomic + +- name: Install Master docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" + src: openshift.docker.master.service + register: install_result + when: is_atomic + +- name: Reload systemd units + command: systemctl daemon-reload + when: is_atomic and install_result | changed - name: Re-gather package dependent master facts openshift_facts: @@ -113,6 +136,7 @@ action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present" when: (item.kind == 'HTPasswdPasswordIdentityProvider') with_items: openshift.master.identity_providers + when: not is_atomic - name: Ensure htpasswd directory exists file: @@ -251,7 +275,7 @@ - name: Install cluster packages action: "{{ ansible_pkg_mgr }} name=pcs state=present" - when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' + when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' and not is_atomic register: install_result - name: Start and enable cluster service @@ -283,6 +307,7 @@ command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config args: creates: ~{{ item }}/.kube/config + when: not is_atomic with_items: - root - "{{ ansible_ssh_user }}" diff --git a/roles/openshift_master/templates/openshift.docker.master.service b/roles/openshift_master/templates/openshift.docker.master.service new file mode 100644 index 000000000..9e436f8eb --- /dev/null +++ b/roles/openshift_master/templates/openshift.docker.master.service @@ -0,0 +1,11 @@ +[Unit] +After=docker.service +Require=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start master --config=${CONFIG_FILE} ${OPTIONS} +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master + +[Install] +WantedBy=multi-user.target diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index 534465451..875d61a3b 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -5,6 +5,8 @@ openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.js openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" openshift_version: "{{ openshift_pkg_version | default('') }}" +openshift_docker_image_name: openshift/origin +openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}" openshift_master_valid_grant_methods: - auto -- cgit v1.2.3 From 8e7c5c970b8adc83fd6d5cad115f4edb06b36d98 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 5 Oct 2015 12:53:10 -0400 Subject: Containerization work by @sdodson --- roles/openshift_master/tasks/main.yml | 61 +++++++++++++++------- .../atomic-openshift-master-api.docker.service.j2 | 26 +++++++++ ...-openshift-master-controllers.docker.service.j2 | 25 +++++++++ .../templates/master.docker.service.j2 | 16 ++++++ .../templates/openshift.docker.master.service | 11 ---- roles/openshift_master/vars/main.yml | 2 - 6 files changed, 110 insertions(+), 31 deletions(-) create mode 100644 roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 create mode 100644 roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 create mode 100644 roles/openshift_master/templates/master.docker.service.j2 delete mode 100644 roles/openshift_master/templates/openshift.docker.master.service (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 6844a16cc..e9e77d231 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -20,10 +20,9 @@ - fail: msg: "openshift_master_cluster_password must be set for multi-master installations" when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password) - - fail: - msg: "openshift_master_ha is not yet supported on atomic hosts" - when: openshift_master_ha | bool and is_atomic + msg: "Pacemaker based HA is not supported at this time when used with containerized installs" + when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and openshift.common.is_containerized | bool - name: Set master facts openshift_facts: @@ -80,28 +79,38 @@ disabled_features: "{{ osm_disabled_features | default(None) }}" master_count: "{{ openshift_master_count | default(None) }}" controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}" + master_image: "{{ osm_image | default(None) }}" - name: Install Master package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version }} state=present" - when: not is_atomic + when: not openshift.common.is_containerized | bool # TODO: enable when ansible#1993 lands and is widespread enough # - name: Docker image present # docker: # image: "{{ openshift.common.docker.image }}" # state: image_present -# when: is_atomic +# when: openshift.common.is_containerized | bool - name: Install Master docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" - src: openshift.docker.master.service - register: install_result - when: is_atomic + src: master.docker.service.j2 + register: install_result + when: openshift.common.is_containerized | bool and not openshift_master_ha | bool + +- name: Create openshift.common.data_dir + file: + path: "{{ openshift.common.data_dir }}" + state: directory + mode: 0755 + owner: root + group: root + when: openshift.common.is_containerized | bool -- name: Reload systemd units +- name: Reload systemd units command: systemctl daemon-reload - when: is_atomic and install_result | changed + when: openshift.common.is_containerized | bool and install_result | changed - name: Re-gather package dependent master facts openshift_facts: @@ -134,9 +143,9 @@ - name: Install httpd-tools if needed action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present" - when: (item.kind == 'HTPasswdPasswordIdentityProvider') + when: (item.kind == 'HTPasswdPasswordIdentityProvider') and + not openshift.common.is_containerized | bool with_items: openshift.master.identity_providers - when: not is_atomic - name: Ensure htpasswd directory exists file: @@ -154,16 +163,27 @@ when: item.kind == 'HTPasswdPasswordIdentityProvider' with_items: openshift.master.identity_providers +- name: Init HA Service Info + set_fact: + ha_suffix: "" + ha_svcdir: "/usr/lib/systemd/system" + +- name: Set HA Service Info for containerized installs + set_fact: + ha_suffix: ".docker" + ha_svcdir: "/etc/systemd/system" + when: openshift.common.is_containerized | bool + # workaround for missing systemd unit files for controllers/api - name: Create the api service file template: - src: atomic-openshift-master-api.service.j2 - dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-api.service + src: atomic-openshift-master-api{{ ha_suffix }}.service.j2 + dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-api.service" when: openshift_master_ha | bool and openshift_master_cluster_method == "native" - name: Create the controllers service file template: - src: atomic-openshift-master-controllers.service.j2 - dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-controllers.service + src: atomic-openshift-master-controllers{{ ha_suffix }}.service.j2 + dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-controllers.service" when: openshift_master_ha | bool and openshift_master_cluster_method == "native" - name: Create the api env file template: @@ -251,6 +271,10 @@ when: not openshift_master_ha | bool register: start_result +- name: Stop and disable non HA master when running HA + service: name={{ openshift.common.service_type }}-master enabled=no state=stopped + when: openshift_master_ha | bool + - set_fact: master_service_status_changed: start_result | changed when: not openshift_master_ha | bool @@ -275,12 +299,14 @@ - name: Install cluster packages action: "{{ ansible_pkg_mgr }} name=pcs state=present" - when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' and not is_atomic + when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' + and not openshift.common.is_containerized | bool register: install_result - name: Start and enable cluster service service: name=pcsd enabled=yes state=started when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' + and not openshift.common.is_containerized | bool - name: Set the cluster user password shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster @@ -307,7 +333,6 @@ command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config args: creates: ~{{ item }}/.kube/config - when: not is_atomic with_items: - root - "{{ ansible_ssh_user }}" diff --git a/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 new file mode 100644 index 000000000..936c39edf --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-api.docker.service.j2 @@ -0,0 +1,26 @@ +[Unit] +Description=Atomic OpenShift Master API +Documentation=https://github.com/openshift/origin +After=network.target +After=etcd.service +Before={{ openshift.common.service_type }}-node.service +Requires=network.target +Requires=docker.service +PartOf=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api +Environment=GOTRACEBACK=crash +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master api --config=${CONFIG_FILE} $OPTIONS +ExecStartPost=/usr/bin/sleep 10 +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier=atomic-openshift-master-api +Restart=always + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service \ No newline at end of file diff --git a/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 b/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 new file mode 100644 index 000000000..6ba7d6e2a --- /dev/null +++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.docker.service.j2 @@ -0,0 +1,25 @@ +[Unit] +Description=Atomic OpenShift Master Controllers +Documentation=https://github.com/openshift/origin +After=network.target +After={{ openshift.common.service_type }}-master-api.service +Before={{ openshift.common.service_type }}-node.service +Requires=docker.service +PartOf=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers +Environment=GOTRACEBACK=crash +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master controllers --config=${CONFIG_FILE} $OPTIONS +ExecStartPost=/usr/bin/sleep 10 +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory={{ openshift.common.data_dir }} +SyslogIdentifier={{ openshift.common.service_type }}-master-controllers +Restart=on-failure + +[Install] +WantedBy=multi-user.target +WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/master.docker.service.j2 b/roles/openshift_master/templates/master.docker.service.j2 new file mode 100644 index 000000000..8b23d70b1 --- /dev/null +++ b/roles/openshift_master/templates/master.docker.service.j2 @@ -0,0 +1,16 @@ +[Unit] +After=docker.service +Before={{ openshift.common.service_type }}-node.service +Requires=docker.service +PartOf=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master --config=${CONFIG_FILE} $OPTIONS +ExecStartPost=/usr/bin/sleep 10 +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/roles/openshift_master/templates/openshift.docker.master.service b/roles/openshift_master/templates/openshift.docker.master.service deleted file mode 100644 index 9e436f8eb..000000000 --- a/roles/openshift_master/templates/openshift.docker.master.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -After=docker.service -Require=docker.service - -[Service] -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start master --config=${CONFIG_FILE} ${OPTIONS} -ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master - -[Install] -WantedBy=multi-user.target diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index 875d61a3b..534465451 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -5,8 +5,6 @@ openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.js openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" openshift_version: "{{ openshift_pkg_version | default('') }}" -openshift_docker_image_name: openshift/origin -openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}" openshift_master_valid_grant_methods: - auto -- cgit v1.2.3 From 043d6b3a7e3c6b799ddf4157ccdf2b2b67451d81 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 20 Nov 2015 15:45:39 -0500 Subject: fixes --- roles/openshift_master/tasks/main.yml | 1 + roles/openshift_master/templates/master.docker.service.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index e9e77d231..0c7718299 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -314,6 +314,7 @@ - name: Lookup default group for ansible_ssh_user command: "/usr/bin/id -g {{ ansible_ssh_user }}" + changed_when: false register: _ansible_ssh_user_gid - name: Create the client config dir(s) diff --git a/roles/openshift_master/templates/master.docker.service.j2 b/roles/openshift_master/templates/master.docker.service.j2 index 8b23d70b1..23781a313 100644 --- a/roles/openshift_master/templates/master.docker.service.j2 +++ b/roles/openshift_master/templates/master.docker.service.j2 @@ -6,7 +6,7 @@ PartOf=docker.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master -ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master +ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master -- cgit v1.2.3 From d3edce9c192c8d1eba572ba45ca25c06d0fbb830 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 20 Nov 2015 22:23:43 -0500 Subject: pull docker images only if not already present --- roles/openshift_master/tasks/main.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 0c7718299..0695693ff 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -85,12 +85,16 @@ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version }} state=present" when: not openshift.common.is_containerized | bool -# TODO: enable when ansible#1993 lands and is widespread enough -# - name: Docker image present -# docker: -# image: "{{ openshift.common.docker.image }}" -# state: image_present -# when: openshift.common.is_containerized | bool +- name: Get docker images + command: docker images + changed_when: false + when: openshift.common.is_containerized | bool + register: docker_images + +- name: Pull required docker image + command: > + docker pull {{ openshift.master.master_image }} + when: openshift.common.is_containerized | bool and openshift.master.master_image not in docker_images.stdout - name: Install Master docker service file template: -- cgit v1.2.3 From 7a2891780e827513859628c7703cc1e7be53683f Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 23 Nov 2015 15:21:23 -0500 Subject: Add openshift_cli role This role ensures that the clients package is installed or if it's a containerized install places a wrapper script in /usr/local/bin/openshift and symlinks for oc, oadm, and kubectl. --- roles/openshift_master/meta/main.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index c125cb5d0..8db99fc2a 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - { role: openshift_common } +- { role: openshift_cli } -- cgit v1.2.3 From 5e2e55e4aa09468a054ce7c9901c51d9563cc85a Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 16 Dec 2015 10:55:07 -0500 Subject: Install httpd-tools when not is_atomic --- roles/openshift_master/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 0695693ff..405183186 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -148,7 +148,7 @@ - name: Install httpd-tools if needed action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present" when: (item.kind == 'HTPasswdPasswordIdentityProvider') and - not openshift.common.is_containerized | bool + not openshift.common.is_atomic | bool with_items: openshift.master.identity_providers - name: Ensure htpasswd directory exists -- cgit v1.2.3 From 48778f29f265380a3e6fa2e882621ebc3781736b Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 16 Dec 2015 14:14:42 -0500 Subject: Add some guards to wait for images to be pulled before moving on --- roles/openshift_master/tasks/main.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 405183186..9caf15f9e 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -91,10 +91,20 @@ when: openshift.common.is_containerized | bool register: docker_images -- name: Pull required docker image +- name: Pull master image command: > docker pull {{ openshift.master.master_image }} when: openshift.common.is_containerized | bool and openshift.master.master_image not in docker_images.stdout + +- name: Wait for master image + command: > + docker images + register: docker_images + until: openshift.master.master_image in docker_images.stdout + retries: 30 + delay: 10 + changed_when: false + when: openshift.common.is_containerized | bool - name: Install Master docker service file template: -- cgit v1.2.3