From 42d3824ba0d5a1e2cff3dc3a179cf02e735bc5da Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Tue, 12 Dec 2017 17:54:20 -0500 Subject: Remove openshift_node_facts part 1 This commit removes some items from openshift_facts for the openshit_node role. --- roles/openshift_node/defaults/main.yml | 51 ++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) (limited to 'roles/openshift_node/defaults/main.yml') diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index fff927944..906c76fba 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,6 +1,48 @@ --- openshift_node_debug_level: "{{ debug_level | default(2) }}" - +openshift_node_iptables_sync_period: '30s' +osn_storage_plugin_deps: +- ceph +- glusterfs +- iscsi +openshift_node_local_quota_per_fsgroup: "" +openshift_node_proxy_mode: iptables +openshift_set_node_ip: False +openshift_config_base: '/etc/origin' + +# Create list of 'k=v' pairs. +l_node_kubelet_node_labels: "{{ openshift_node_labels | default({}) | oo_dict_to_keqv_list }}" + +openshift_node_kubelet_args_dict: + aws: + cloud-provider: + - aws + cloud-config: + - "{{ openshift_config_base ~ '/aws.conf' }}" + node-labels: "{{ l_node_kubelet_node_labels }}" + openstack: + cloud-provider: + - openstack + cloud-config: + - "{{ openshift_config_base ~ '/openstack.conf' }}" + node-labels: "{{ l_node_kubelet_node_labels }}" + gce: + cloud-provider: + - gce + cloud-config: + - "{{ openshift_config_base ~ '/gce.conf' }}" + node-labels: "{{ l_node_kubelet_node_labels }}" + undefined: + node-labels: "{{ l_node_kubelet_node_labels }}" + +l_node_kubelet_args_default: "{{ openshift_node_kubelet_args_dict[openshift_cloudprovider_kind | default('undefined')] }}" + +l_openshift_node_kubelet_args: "{{ openshift_node_kubelet_args | default({}) }}" +# Combine the default kubelet_args dictionary (based on cloud provider, if provided) +# with user-supplied openshift_node_kubelet_args. +# openshift_node_kubelet_args will override the defaults, if keys and/or subkeys +# are present in both. +l2_openshift_node_kubelet_args: "{{ l_node_kubelet_args_default | combine(l_openshift_node_kubelet_args, recursive=True) }}" openshift_node_dnsmasq_install_network_manager_hook: true # lo must always be present in this list or dnsmasq will conflict with @@ -14,10 +56,15 @@ r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) } l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" openshift_deployment_type: "{{ openshift_deployment_type | default('origin') }}" + +openshift_node_image_dict: + origin: 'openshift/node' + openshift-enterprise: 'openshift3/node' +osn_image: "{{ openshift_node_image_dict[openshift_deployment_type] }}" + openshift_service_type_dict: origin: origin openshift-enterprise: atomic-openshift - openshift_service_type: "{{ openshift_service_type_dict[openshift_deployment_type] }}" system_images_registry_dict: -- cgit v1.2.3 From 23b283e22982c032db341b7b4d81a384f0ec0b71 Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Mon, 18 Dec 2017 14:33:43 -0500 Subject: Remove openshift_node_facts role This commit removes the remainder of openshift_node_facts role. --- DEPLOYMENT_TYPES.md | 2 +- roles/openshift_facts/library/openshift_facts.py | 44 ++++------------------ roles/openshift_node/defaults/main.yml | 16 ++++++++ roles/openshift_node/meta/main.yml | 2 - roles/openshift_node/tasks/config.yml | 2 +- roles/openshift_node/tasks/container_images.yml | 2 +- .../tasks/openvswitch_system_container.yml | 4 +- .../tasks/upgrade/containerized_upgrade_pull.yml | 2 +- roles/openshift_node/templates/node.yaml.v1.j2 | 6 +-- .../templates/openvswitch.docker.service | 2 +- .../filter_plugins/openshift_node_facts_filters.py | 32 ---------------- roles/openshift_node_facts/meta/main.yml | 15 -------- roles/openshift_node_facts/tasks/main.yml | 13 ------- roles/openshift_node_group/defaults/main.yml | 8 +++- 14 files changed, 39 insertions(+), 111 deletions(-) delete mode 100644 roles/openshift_node_facts/filter_plugins/openshift_node_facts_filters.py delete mode 100644 roles/openshift_node_facts/meta/main.yml delete mode 100644 roles/openshift_node_facts/tasks/main.yml (limited to 'roles/openshift_node/defaults/main.yml') diff --git a/DEPLOYMENT_TYPES.md b/DEPLOYMENT_TYPES.md index 3788e9bfb..3e93f3fc8 100644 --- a/DEPLOYMENT_TYPES.md +++ b/DEPLOYMENT_TYPES.md @@ -13,5 +13,5 @@ The table below outlines the defaults per `openshift_deployment_type`: | **openshift_service_type** (also used for package names) | origin | atomic-openshift | | **openshift.common.config_base** | /etc/origin | /etc/origin | | **openshift_data_dir** | /var/lib/origin | /var/lib/origin | -| **openshift.master.registry_url openshift.node.registry_url** | openshift/origin-${component}:${version} | openshift3/ose-${component}:${version} | +| **openshift.master.registry_url oreg_url_node** | openshift/origin-${component}:${version} | openshift3/ose-${component}:${version} | | **Image Streams** | centos | rhel | diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 58e64994f..1ac65100d 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -69,22 +69,6 @@ def migrate_common_facts(facts): return facts -def migrate_node_facts(facts): - """ Migrate facts from various roles into node """ - params = { - 'common': ('dns_ip'), - } - if 'node' not in facts: - facts['node'] = {} - # pylint: disable=consider-iterating-dictionary - for role in params.keys(): - if role in facts: - for param in params[role]: - if param in facts[role]: - facts['node'][param] = facts[role].pop(param) - return facts - - def migrate_admission_plugin_facts(facts): """ Apply migrations for admission plugin facts """ if 'master' in facts: @@ -104,7 +88,6 @@ def migrate_local_facts(facts): """ Apply migrations of local facts """ migrated_facts = copy.deepcopy(facts) migrated_facts = migrate_common_facts(migrated_facts) - migrated_facts = migrate_node_facts(migrated_facts) migrated_facts = migrate_admission_plugin_facts(migrated_facts) return migrated_facts @@ -536,7 +519,7 @@ def set_aggregate_facts(facts): def set_deployment_facts_if_unset(facts): """ Set Facts that vary based on deployment_type. This currently - includes master.registry_url, node.registry_url + includes master.registry_url Args: facts (dict): existing facts @@ -544,24 +527,17 @@ def set_deployment_facts_if_unset(facts): dict: the facts dict updated with the generated deployment_type facts """ - # disabled to avoid breaking up facts related to deployment type into - # multiple methods for now. - # pylint: disable=too-many-statements, too-many-branches - for role in ('master', 'node'): - if role in facts: - deployment_type = facts['common']['deployment_type'] - if 'registry_url' not in facts[role]: - registry_url = 'openshift/origin-${component}:${version}' - if deployment_type == 'openshift-enterprise': - registry_url = 'openshift3/ose-${component}:${version}' - facts[role]['registry_url'] = registry_url - if 'master' in facts: deployment_type = facts['common']['deployment_type'] openshift_features = ['Builder', 'S2IBuilder', 'WebConsole'] if 'disabled_features' not in facts['master']: if facts['common']['deployment_subtype'] == 'registry': facts['master']['disabled_features'] = openshift_features + if 'registry_url' not in facts['master']: + registry_url = 'openshift/origin-${component}:${version}' + if deployment_type == 'openshift-enterprise': + registry_url = 'openshift3/ose-${component}:${version}' + facts['master']['registry_url'] = registry_url return facts @@ -1305,14 +1281,12 @@ def set_container_facts_if_unset(facts): deployment_type = facts['common']['deployment_type'] if deployment_type == 'openshift-enterprise': master_image = 'openshift3/ose' - ovs_image = 'openshift3/openvswitch' pod_image = 'openshift3/ose-pod' router_image = 'openshift3/ose-haproxy-router' registry_image = 'openshift3/ose-docker-registry' deployer_image = 'openshift3/ose-deployer' else: master_image = 'openshift/origin' - ovs_image = 'openshift/openvswitch' pod_image = 'openshift/origin-pod' router_image = 'openshift/origin-haproxy-router' registry_image = 'openshift/origin-docker-registry' @@ -1333,10 +1307,6 @@ def set_container_facts_if_unset(facts): if 'master' in facts and 'master_image' not in facts['master']: facts['master']['master_image'] = master_image facts['master']['master_system_image'] = master_image - if 'node' in facts: - if 'ovs_image' not in facts['node']: - facts['node']['ovs_image'] = ovs_image - facts['node']['ovs_system_image'] = ovs_image if safe_get_bool(facts['common']['is_containerized']): facts['common']['client_binary'] = '/usr/local/bin/oc' @@ -1539,7 +1509,7 @@ class OpenShiftFacts(object): max_requests_inflight=500) if 'node' in roles: - defaults['node'] = dict(labels={}, annotations={}) + defaults['node'] = dict(labels={}) if 'cloudprovider' in roles: defaults['cloudprovider'] = dict(kind=None) diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 906c76fba..08e45dda1 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -10,6 +10,22 @@ openshift_node_proxy_mode: iptables openshift_set_node_ip: False openshift_config_base: '/etc/origin' +openshift_oreg_url_default_dict: + origin: "openshift/origin-${component}:${version}" + openshift-enterprise: "openshift3/ose-${component}:${version}" +openshift_oreg_url_default: "{{ openshift_oreg_url_default_dict[openshift_deployment_type] }}" +oreg_url_node: "{{ oreg_url | default(openshift_oreg_url_default) }}" + +osn_ovs_image_default_dict: + origin: "openshift/openvswitch" + openshift-enterprise: "openshift3/openvswitch" +osn_ovs_image_default: "{{ osn_ovs_image_default_dict[openshift_deployment_type] }}" +osn_ovs_image: "{{ osn_ovs_image_default }}" + +openshift_dns_ip: "{{ ansible_default_ipv4['address'] }}" + +openshift_node_env_vars: {} + # Create list of 'k=v' pairs. l_node_kubelet_node_labels: "{{ openshift_node_labels | default({}) | oo_dict_to_keqv_list }}" diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 70057c7f3..b531d2dfe 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -12,8 +12,6 @@ galaxy_info: categories: - cloud dependencies: -- role: openshift_node_facts - when: not (openshift_node_upgrade_in_progress | default(False)) - role: lib_openshift - role: lib_os_firewall when: not (openshift_node_upgrade_in_progress | default(False)) diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml index a96785d5c..8f38a47aa 100644 --- a/roles/openshift_node/tasks/config.yml +++ b/roles/openshift_node/tasks/config.yml @@ -46,7 +46,7 @@ regexp: "^{{ item.key }}=" line: "{{ item.key }}={{ item.value }}" create: true - with_dict: "{{ openshift.node.env_vars | default({}) }}" + with_dict: "{{ openshift_node_env_vars }}" notify: - restart node diff --git a/roles/openshift_node/tasks/container_images.yml b/roles/openshift_node/tasks/container_images.yml index 0b8c806ae..bb788e2f1 100644 --- a/roles/openshift_node/tasks/container_images.yml +++ b/roles/openshift_node/tasks/container_images.yml @@ -12,7 +12,7 @@ - name: Pre-pull openvswitch image command: > - docker pull {{ openshift.node.ovs_image }}:{{ openshift_image_tag }} + docker pull {{ osn_ovs_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" when: diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml index b61bc84c1..30ef9ef44 100644 --- a/roles/openshift_node/tasks/openvswitch_system_container.yml +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -9,14 +9,14 @@ - name: Pre-pull OpenVSwitch system container image command: > - atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} + atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ osn_ovs_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Install or Update OpenVSwitch system container oc_atomic_container: name: openvswitch - image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }}" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ osn_ovs_image }}:{{ openshift_image_tag }}" state: latest values: - "DOCKER_SERVICE={{ l_service_name }}" diff --git a/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml b/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml index 3e7455bbb..0a14e5174 100644 --- a/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml +++ b/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml @@ -7,7 +7,7 @@ - name: Pre-pull openvswitch image command: > - docker pull {{ openshift.node.ovs_image }}:{{ openshift_image_tag }} + docker pull {{ osn_ovs_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" when: openshift_use_openshift_sdn | bool diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index b673733df..76e75297a 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -5,14 +5,12 @@ dnsBindAddress: 127.0.0.1:53 dnsRecursiveResolvConf: /etc/origin/node/resolv.conf {% endif %} dnsDomain: {{ openshift.common.dns_domain }} -{% if 'dns_ip' in openshift.node %} -dnsIP: {{ openshift.node.dns_ip }} -{% endif %} +dnsIP: {{ openshift_dns_ip }} dockerConfig: execHandlerName: "" iptablesSyncPeriod: "{{ openshift_node_iptables_sync_period }}" imageConfig: - format: {{ openshift.node.registry_url }} + format: {{ oreg_url_node }} latest: {{ openshift_node_image_config_latest }} kind: NodeConfig kubeletArguments: {{ l2_openshift_node_kubelet_args | default(None) | to_padded_yaml(level=1) }} diff --git a/roles/openshift_node/templates/openvswitch.docker.service b/roles/openshift_node/templates/openvswitch.docker.service index 37f091c76..1fc9b6e72 100644 --- a/roles/openshift_node/templates/openvswitch.docker.service +++ b/roles/openshift_node/templates/openvswitch.docker.service @@ -6,7 +6,7 @@ PartOf={{ openshift_docker_service_name }}.service [Service] EnvironmentFile=/etc/sysconfig/openvswitch ExecStartPre=-/usr/bin/docker rm -f openvswitch -ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ openshift.node.ovs_image }}:${IMAGE_VERSION} +ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ osn_ovs_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 5 ExecStop=/usr/bin/docker stop openvswitch SyslogIdentifier=openvswitch diff --git a/roles/openshift_node_facts/filter_plugins/openshift_node_facts_filters.py b/roles/openshift_node_facts/filter_plugins/openshift_node_facts_filters.py deleted file mode 100644 index 69069f2dc..000000000 --- a/roles/openshift_node_facts/filter_plugins/openshift_node_facts_filters.py +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -''' -Custom filters for use in openshift-node -''' -from ansible import errors - - -class FilterModule(object): - ''' Custom ansible filters for use by openshift_node_facts role''' - - @staticmethod - def node_get_dns_ip(openshift_dns_ip, hostvars): - ''' Navigates the complicated logic of when to set dnsIP - - In all situations if they've set openshift_dns_ip use that - For 1.0/3.0 installs we use the openshift_master_cluster_vip, openshift_node_first_master_ip, else None - For 1.1/3.1 installs we use openshift_master_cluster_vip, else None (product will use kube svc ip) - For 1.2/3.2+ installs we set to the node's default interface ip - ''' - - if not issubclass(type(hostvars), dict): - raise errors.AnsibleFilterError("|failed expects hostvars is a dict") - - # We always use what they've specified if they've specified a value - if openshift_dns_ip is not None: - return openshift_dns_ip - return hostvars['ansible_default_ipv4']['address'] - - def filters(self): - ''' returns a mapping of filters to methods ''' - return {'node_get_dns_ip': self.node_get_dns_ip} diff --git a/roles/openshift_node_facts/meta/main.yml b/roles/openshift_node_facts/meta/main.yml deleted file mode 100644 index 59bf680ce..000000000 --- a/roles/openshift_node_facts/meta/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -galaxy_info: - author: Andrew Butcher - description: OpenShift Node Facts - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 1.9 - platforms: - - name: EL - versions: - - 7 - categories: - - cloud -dependencies: -- role: openshift_facts diff --git a/roles/openshift_node_facts/tasks/main.yml b/roles/openshift_node_facts/tasks/main.yml deleted file mode 100644 index 2ea7a4cec..000000000 --- a/roles/openshift_node_facts/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Set node facts - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: node - local_facts: - annotations: "{{ openshift_node_annotations | default(none) }}" - registry_url: "{{ oreg_url_node | default(oreg_url) | default(None) }}" - ovs_image: "{{ osn_ovs_image | default(None) }}" - dns_ip: "{{ openshift_dns_ip | default(none) | node_get_dns_ip(hostvars[inventory_hostname])}}" - env_vars: "{{ openshift_node_env_vars | default(None) }}" diff --git a/roles/openshift_node_group/defaults/main.yml b/roles/openshift_node_group/defaults/main.yml index 7c81409a5..cccdea66f 100644 --- a/roles/openshift_node_group/defaults/main.yml +++ b/roles/openshift_node_group/defaults/main.yml @@ -17,7 +17,13 @@ openshift_node_group_edits: [] openshift_node_group_namespace: openshift-node openshift_node_group_labels: [] -openshift_imageconfig_format: "{{ oreg_url if oreg_url is defined else openshift.node.registry_url }}" +openshift_oreg_url_default_dict: + origin: "openshift/origin-${component}:${version}" + openshift-enterprise: openshift3/ose-${component}:${version} +openshift_oreg_url_default: "{{ openshift_oreg_url_default_dict[openshift_deployment_type] }}" +oreg_url_node: "{{ oreg_url | default(openshift_oreg_url_default) }}" + +openshift_imageconfig_format: "{{ oreg_url_node }}" openshift_node_group_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}" openshift_node_group_network_plugin_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}" openshift_node_group_network_plugin: "{{ openshift_node_group_network_plugin_default }}" -- cgit v1.2.3 From 801779eeb6f6308f81ae7c48409de7686c04a0aa Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Wed, 13 Dec 2017 12:42:32 -0500 Subject: Relocate filter plugins to lib_utils This commit relocates filter_plugings to lib_utils, changes the namespacing to prevent unintended use of older versions that may be present in filter_plugins/ directory on existing installs. Add lib_utils to meta depends for roles Also consolidate some plugins into lib_utils from various other areas. Update rpm spec, obsolete plugin rpms. --- ansible.cfg | 4 - callback_plugins/aa_version_requirement.py | 60 -- callback_plugins/openshift_quick_installer.py | 360 -------- filter_plugins/oo_filters.py | 952 --------------------- filter_plugins/openshift_version.py | 69 -- library/kubeclient_ca.py | 88 -- library/modify_yaml.py | 117 --- library/rpm_q.py | 72 -- lookup_plugins/README.md | 1 - openshift-ansible.spec | 89 +- playbooks/aws/openshift-cluster/filter_plugins | 1 - playbooks/aws/openshift-cluster/lookup_plugins | 1 - playbooks/byo/filter_plugins | 1 - playbooks/byo/lookup_plugins | 1 - playbooks/byo/openshift-cluster/filter_plugins | 1 - playbooks/byo/openshift-cluster/lookup_plugins | 1 - playbooks/common/openshift-cluster/filter_plugins | 1 - playbooks/common/openshift-cluster/library | 1 - playbooks/common/openshift-cluster/lookup_plugins | 1 - .../openshift-cluster/upgrades/filter_plugins | 1 - .../openshift-cluster/upgrades/lookup_plugins | 1 - .../upgrades/post_control_plane.yml | 4 +- .../openshift-cluster/upgrades/pre/config.yml | 4 +- .../upgrades/upgrade_control_plane.yml | 8 +- .../openshift-cluster/upgrades/v3_6/filter_plugins | 1 - .../openshift-cluster/upgrades/v3_7/filter_plugins | 1 - .../openshift-cluster/upgrades/v3_8/filter_plugins | 1 - .../openshift-cluster/upgrades/v3_9/filter_plugins | 1 - playbooks/init/facts.yml | 4 +- playbooks/openshift-etcd/private/filter_plugins | 1 - playbooks/openshift-etcd/private/lookup_plugins | 1 - playbooks/openshift-etcd/private/migrate.yml | 8 +- playbooks/openshift-etcd/private/redeploy-ca.yml | 24 +- playbooks/openshift-etcd/private/scaleup.yml | 4 +- .../openshift-etcd/private/upgrade_backup.yml | 4 +- playbooks/openshift-etcd/redeploy-certificates.yml | 2 +- .../openshift-glusterfs/private/filter_plugins | 1 - .../openshift-glusterfs/private/lookup_plugins | 1 - .../private/redeploy-registry-certificates.yml | 6 +- .../private/redeploy-router-certificates.yml | 6 +- .../openshift-loadbalancer/private/config.yml | 4 +- .../openshift-loadbalancer/private/filter_plugins | 1 - .../openshift-loadbalancer/private/lookup_plugins | 1 - playbooks/openshift-logging/private/filter_plugins | 1 - playbooks/openshift-logging/private/library | 1 - playbooks/openshift-logging/private/lookup_plugins | 1 - .../openshift-management/private/filter_plugins | 1 - playbooks/openshift-management/private/library | 1 - .../openshift-master/private/certificates.yml | 4 +- playbooks/openshift-master/private/config.yml | 16 +- playbooks/openshift-master/private/filter_plugins | 1 - playbooks/openshift-master/private/library | 1 - playbooks/openshift-master/private/lookup_plugins | 1 - .../private/redeploy-openshift-ca.yml | 48 +- playbooks/openshift-metrics/private/library | 1 - playbooks/openshift-nfs/private/filter_plugins | 1 - playbooks/openshift-nfs/private/lookup_plugins | 1 - .../openshift-node/private/configure_nodes.yml | 4 +- .../openshift-node/private/containerized_nodes.yml | 4 +- playbooks/openshift-node/private/filter_plugins | 1 - playbooks/openshift-node/private/lookup_plugins | 1 - playbooks/redeploy-certificates.yml | 2 +- roles/ansible_service_broker/meta/main.yml | 1 + roles/calico/meta/main.yml | 1 + roles/calico_master/meta/main.yml | 1 + roles/cockpit-ui/meta/main.yml | 1 + roles/cockpit/meta/main.yml | 2 +- roles/container_runtime/defaults/main.yml | 2 +- roles/container_runtime/meta/main.yml | 1 - roles/container_runtime/tasks/package_docker.yml | 4 +- roles/contiv/meta/main.yml | 1 + roles/etcd/meta/main.yml | 1 - .../fetch_client_certificates_from_ca.yml | 2 +- .../fetch_server_certificates_from_ca.yml | 2 +- roles/flannel/meta/main.yml | 3 +- roles/flannel_register/meta/main.yml | 3 +- roles/kuryr/meta/main.yml | 5 +- roles/lib_os_firewall/README.md | 63 -- .../library/os_firewall_manage_iptables.py | 283 ------ .../callback_plugins/aa_version_requirement.py | 60 ++ .../callback_plugins/openshift_quick_installer.py | 360 ++++++++ roles/lib_utils/filter_plugins/oo_filters.py | 621 ++++++++++++++ roles/lib_utils/library/kubeclient_ca.py | 88 ++ roles/lib_utils/library/modify_yaml.py | 117 +++ .../library/os_firewall_manage_iptables.py | 283 ++++++ roles/lib_utils/library/rpm_q.py | 72 ++ roles/nuage_ca/meta/main.yml | 2 +- roles/nuage_master/meta/main.yml | 2 +- roles/nuage_node/meta/main.yml | 2 +- roles/openshift_builddefaults/meta/main.yml | 1 + roles/openshift_buildoverrides/meta/main.yml | 1 + roles/openshift_ca/meta/main.yml | 1 + roles/openshift_ca/tasks/main.yml | 12 +- roles/openshift_certificate_expiry/meta/main.yml | 3 +- roles/openshift_cli/meta/main.yml | 1 + roles/openshift_cloud_provider/meta/main.yml | 1 + roles/openshift_cluster_autoscaler/meta/main.yml | 1 + .../openshift_default_storage_class/meta/main.yml | 1 + roles/openshift_docker_gc/meta/main.yml | 1 + roles/openshift_etcd/meta/main.yml | 1 + .../meta/main.yml | 3 +- roles/openshift_etcd_facts/meta/main.yml | 1 + roles/openshift_examples/meta/main.yml | 3 +- roles/openshift_excluder/tasks/install.yml | 8 +- roles/openshift_health_checker/meta/main.yml | 1 + roles/openshift_hosted/meta/main.yml | 2 +- roles/openshift_hosted/tasks/router.yml | 8 +- roles/openshift_hosted/tasks/storage/glusterfs.yml | 2 +- roles/openshift_hosted_templates/meta/main.yml | 3 +- roles/openshift_loadbalancer/meta/main.yml | 2 +- roles/openshift_logging/meta/main.yaml | 1 + roles/openshift_logging/tasks/generate_certs.yaml | 4 +- roles/openshift_logging_curator/meta/main.yaml | 1 + .../openshift_logging_elasticsearch/meta/main.yaml | 1 + .../tasks/main.yaml | 2 +- .../templates/es.j2 | 2 +- roles/openshift_logging_eventrouter/meta/main.yaml | 17 + roles/openshift_logging_fluentd/meta/main.yaml | 1 + .../tasks/label_and_wait.yaml | 2 +- roles/openshift_logging_kibana/meta/main.yaml | 1 + roles/openshift_logging_kibana/tasks/main.yaml | 4 +- roles/openshift_logging_mux/meta/main.yaml | 1 + roles/openshift_manage_node/meta/main.yml | 1 + roles/openshift_manage_node/tasks/main.yml | 2 +- roles/openshift_manageiq/meta/main.yml | 1 + .../tasks/add_container_provider.yml | 2 +- roles/openshift_master/meta/main.yml | 1 - roles/openshift_master/tasks/main.yml | 2 +- roles/openshift_master/templates/master.yaml.v1.j2 | 22 +- roles/openshift_master_certificates/meta/main.yml | 3 +- roles/openshift_master_certificates/tasks/main.yml | 16 +- .../filter_plugins/oo_filters.py | 1 - roles/openshift_master_facts/meta/main.yml | 1 + roles/openshift_master_facts/tasks/main.yml | 2 +- roles/openshift_metrics/meta/main.yaml | 5 +- .../tasks/generate_hawkular_certificates.yaml | 2 +- .../openshift_metrics/tasks/setup_certificate.yaml | 4 +- .../templates/hawkular_metrics_rc.j2 | 2 +- roles/openshift_named_certificates/meta/main.yml | 1 + roles/openshift_named_certificates/tasks/main.yml | 4 +- roles/openshift_nfs/meta/main.yml | 2 +- roles/openshift_node/defaults/main.yml | 2 +- roles/openshift_node/meta/main.yml | 3 - roles/openshift_node/tasks/install.yml | 4 +- roles/openshift_node/templates/node.yaml.v1.j2 | 2 +- roles/openshift_node_certificates/meta/main.yml | 3 +- roles/openshift_node_certificates/tasks/main.yml | 14 +- roles/openshift_persistent_volumes/meta/main.yml | 1 + .../templates/persistent-volume-claim.yml.j2 | 2 +- .../templates/persistent-volume.yml.j2 | 4 +- roles/openshift_prometheus/meta/main.yaml | 5 +- .../tasks/install_prometheus.yaml | 4 +- roles/openshift_provisioners/meta/main.yaml | 1 + roles/openshift_sanitize_inventory/meta/main.yml | 3 +- roles/openshift_service_catalog/tasks/install.yml | 12 +- .../tasks/start_api_server.yml | 2 +- roles/openshift_storage_glusterfs/meta/main.yml | 2 +- .../tasks/gluster_s3_deploy.yml | 4 +- .../tasks/glusterblock_deploy.yml | 2 +- .../tasks/glusterfs_common.yml | 10 +- .../tasks/glusterfs_deploy.yml | 6 +- .../tasks/heketi_deploy_part2.yml | 6 +- roles/openshift_storage_nfs/meta/main.yml | 2 +- roles/openshift_storage_nfs_lvm/meta/main.yml | 1 + .../tasks/set_version_containerized.yml | 2 +- roles/template_service_broker/meta/main.yml | 2 + test/openshift_version_tests.py | 32 - 167 files changed, 1860 insertions(+), 2424 deletions(-) delete mode 100644 callback_plugins/aa_version_requirement.py delete mode 100644 callback_plugins/openshift_quick_installer.py delete mode 100644 filter_plugins/oo_filters.py delete mode 100644 filter_plugins/openshift_version.py delete mode 100644 library/kubeclient_ca.py delete mode 100755 library/modify_yaml.py delete mode 100644 library/rpm_q.py delete mode 100644 lookup_plugins/README.md delete mode 120000 playbooks/aws/openshift-cluster/filter_plugins delete mode 120000 playbooks/aws/openshift-cluster/lookup_plugins delete mode 120000 playbooks/byo/filter_plugins delete mode 120000 playbooks/byo/lookup_plugins delete mode 120000 playbooks/byo/openshift-cluster/filter_plugins delete mode 120000 playbooks/byo/openshift-cluster/lookup_plugins delete mode 120000 playbooks/common/openshift-cluster/filter_plugins delete mode 120000 playbooks/common/openshift-cluster/library delete mode 120000 playbooks/common/openshift-cluster/lookup_plugins delete mode 120000 playbooks/common/openshift-cluster/upgrades/filter_plugins delete mode 120000 playbooks/common/openshift-cluster/upgrades/lookup_plugins delete mode 120000 playbooks/common/openshift-cluster/upgrades/v3_6/filter_plugins delete mode 120000 playbooks/common/openshift-cluster/upgrades/v3_7/filter_plugins delete mode 120000 playbooks/common/openshift-cluster/upgrades/v3_8/filter_plugins delete mode 120000 playbooks/common/openshift-cluster/upgrades/v3_9/filter_plugins delete mode 120000 playbooks/openshift-etcd/private/filter_plugins delete mode 120000 playbooks/openshift-etcd/private/lookup_plugins delete mode 120000 playbooks/openshift-glusterfs/private/filter_plugins delete mode 120000 playbooks/openshift-glusterfs/private/lookup_plugins delete mode 120000 playbooks/openshift-loadbalancer/private/filter_plugins delete mode 120000 playbooks/openshift-loadbalancer/private/lookup_plugins delete mode 120000 playbooks/openshift-logging/private/filter_plugins delete mode 120000 playbooks/openshift-logging/private/library delete mode 120000 playbooks/openshift-logging/private/lookup_plugins delete mode 120000 playbooks/openshift-management/private/filter_plugins delete mode 120000 playbooks/openshift-management/private/library delete mode 120000 playbooks/openshift-master/private/filter_plugins delete mode 120000 playbooks/openshift-master/private/library delete mode 120000 playbooks/openshift-master/private/lookup_plugins delete mode 120000 playbooks/openshift-metrics/private/library delete mode 120000 playbooks/openshift-nfs/private/filter_plugins delete mode 120000 playbooks/openshift-nfs/private/lookup_plugins delete mode 120000 playbooks/openshift-node/private/filter_plugins delete mode 120000 playbooks/openshift-node/private/lookup_plugins delete mode 100644 roles/lib_os_firewall/README.md delete mode 100755 roles/lib_os_firewall/library/os_firewall_manage_iptables.py create mode 100644 roles/lib_utils/callback_plugins/aa_version_requirement.py create mode 100644 roles/lib_utils/callback_plugins/openshift_quick_installer.py create mode 100644 roles/lib_utils/filter_plugins/oo_filters.py create mode 100644 roles/lib_utils/library/kubeclient_ca.py create mode 100644 roles/lib_utils/library/modify_yaml.py create mode 100644 roles/lib_utils/library/os_firewall_manage_iptables.py create mode 100644 roles/lib_utils/library/rpm_q.py create mode 100644 roles/openshift_logging_eventrouter/meta/main.yaml delete mode 120000 roles/openshift_master_facts/filter_plugins/oo_filters.py delete mode 100644 test/openshift_version_tests.py (limited to 'roles/openshift_node/defaults/main.yml') diff --git a/ansible.cfg b/ansible.cfg index e4d72553e..c1c76a496 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -10,10 +10,6 @@ #log_path = /tmp/ansible.log # Additional default options for OpenShift Ansible -callback_plugins = callback_plugins/ -filter_plugins = filter_plugins/ -lookup_plugins = lookup_plugins/ -library = library/ forks = 20 host_key_checking = False retry_files_enabled = False diff --git a/callback_plugins/aa_version_requirement.py b/callback_plugins/aa_version_requirement.py deleted file mode 100644 index 1093acdae..000000000 --- a/callback_plugins/aa_version_requirement.py +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/python - -""" -This callback plugin verifies the required minimum version of Ansible -is installed for proper operation of the OpenShift Ansible Installer. -The plugin is named with leading `aa_` to ensure this plugin is loaded -first (alphanumerically) by Ansible. -""" -import sys -from ansible import __version__ - -if __version__ < '2.0': - # pylint: disable=import-error,no-name-in-module - # Disabled because pylint warns when Ansible v2 is installed - from ansible.callbacks import display as pre2_display - CallbackBase = object - - def display(*args, **kwargs): - """Set up display function for pre Ansible v2""" - pre2_display(*args, **kwargs) -else: - from ansible.plugins.callback import CallbackBase - from ansible.utils.display import Display - - def display(*args, **kwargs): - """Set up display function for Ansible v2""" - display_instance = Display() - display_instance.display(*args, **kwargs) - - -# Set to minimum required Ansible version -REQUIRED_VERSION = '2.4.1.0' -DESCRIPTION = "Supported versions: %s or newer" % REQUIRED_VERSION - - -def version_requirement(version): - """Test for minimum required version""" - return version >= REQUIRED_VERSION - - -class CallbackModule(CallbackBase): - """ - Ansible callback plugin - """ - - CALLBACK_VERSION = 1.0 - CALLBACK_NAME = 'version_requirement' - - def __init__(self): - """ - Version verification is performed in __init__ to catch the - requirement early in the execution of Ansible and fail gracefully - """ - super(CallbackModule, self).__init__() - - if not version_requirement(__version__): - display( - 'FATAL: Current Ansible version (%s) is not supported. %s' - % (__version__, DESCRIPTION), color='red') - sys.exit(1) diff --git a/callback_plugins/openshift_quick_installer.py b/callback_plugins/openshift_quick_installer.py deleted file mode 100644 index c0fdbc650..000000000 --- a/callback_plugins/openshift_quick_installer.py +++ /dev/null @@ -1,360 +0,0 @@ -# pylint: disable=invalid-name,protected-access,import-error,line-too-long,attribute-defined-outside-init - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -"""This file is a stdout callback plugin for the OpenShift Quick -Installer. The purpose of this callback plugin is to reduce the amount -of produced output for customers and enable simpler progress checking. - -What's different: - -* Playbook progress is expressed as: Play / (Play Name) - Ex: Play 3/30 (Initialize Megafrobber) - -* The Tasks and Handlers in each play (and included roles) are printed - as a series of .'s following the play progress line. - -* Many of these methods include copy and paste code from the upstream - default.py callback. We do that to give us control over the stdout - output while allowing Ansible to handle the file logging - normally. The biggest changes here are that we are manually setting - `log_only` to True in the Display.display method and we redefine the - Display.banner method locally so we can set log_only on that call as - well. - -""" - -from __future__ import (absolute_import, print_function) -import sys -from ansible import constants as C -from ansible.plugins.callback import CallbackBase -from ansible.utils.color import colorize, hostcolor - - -class CallbackModule(CallbackBase): - - """ - Ansible callback plugin - """ - CALLBACK_VERSION = 2.2 - CALLBACK_TYPE = 'stdout' - CALLBACK_NAME = 'openshift_quick_installer' - CALLBACK_NEEDS_WHITELIST = False - plays_count = 0 - plays_total_ran = 0 - - def __init__(self): - """Constructor, ensure standard self.*s are set""" - self._play = None - self._last_task_banner = None - super(CallbackModule, self).__init__() - - def banner(self, msg, color=None): - '''Prints a header-looking line with stars taking up to 80 columns - of width (3 columns, minimum) - - Overrides the upstream banner method so that display is called - with log_only=True - ''' - msg = msg.strip() - star_len = (79 - len(msg)) - if star_len < 0: - star_len = 3 - stars = "*" * star_len - self._display.display("\n%s %s" % (msg, stars), color=color, log_only=True) - - def _print_task_banner(self, task): - """Imported from the upstream 'default' callback""" - # args can be specified as no_log in several places: in the task or in - # the argument spec. We can check whether the task is no_log but the - # argument spec can't be because that is only run on the target - # machine and we haven't run it thereyet at this time. - # - # So we give people a config option to affect display of the args so - # that they can secure this if they feel that their stdout is insecure - # (shoulder surfing, logging stdout straight to a file, etc). - args = '' - if not task.no_log and C.DISPLAY_ARGS_TO_STDOUT: - args = ', '.join('%s=%s' % a for a in task.args.items()) - args = ' %s' % args - - self.banner(u"TASK [%s%s]" % (task.get_name().strip(), args)) - if self._display.verbosity >= 2: - path = task.get_path() - if path: - self._display.display(u"task path: %s" % path, color=C.COLOR_DEBUG, log_only=True) - - self._last_task_banner = task._uuid - - def v2_playbook_on_start(self, playbook): - """This is basically the start of it all""" - self.plays_count = len(playbook.get_plays()) - self.plays_total_ran = 0 - - if self._display.verbosity > 1: - from os.path import basename - self.banner("PLAYBOOK: %s" % basename(playbook._file_name)) - - def v2_playbook_on_play_start(self, play): - """Each play calls this once before running any tasks - -We could print the number of tasks here as well by using -`play.get_tasks()` but that is not accurate when a play includes a -role. Only the tasks directly assigned to a play are exposed in the -`play` object. - """ - self.plays_total_ran += 1 - print("") - print("Play %s/%s (%s)" % (self.plays_total_ran, self.plays_count, play.get_name())) - - name = play.get_name().strip() - if not name: - msg = "PLAY" - else: - msg = "PLAY [%s]" % name - - self._play = play - - self.banner(msg) - - # pylint: disable=unused-argument,no-self-use - def v2_playbook_on_task_start(self, task, is_conditional): - """This prints out the task header. For example: - -TASK [openshift_facts : Ensure PyYaml is installed] ***... - -Rather than print out all that for every task, we print a dot -character to indicate a task has been started. - """ - sys.stdout.write('.') - - args = '' - # args can be specified as no_log in several places: in the task or in - # the argument spec. We can check whether the task is no_log but the - # argument spec can't be because that is only run on the target - # machine and we haven't run it thereyet at this time. - # - # So we give people a config option to affect display of the args so - # that they can secure this if they feel that their stdout is insecure - # (shoulder surfing, logging stdout straight to a file, etc). - if not task.no_log and C.DISPLAY_ARGS_TO_STDOUT: - args = ', '.join(('%s=%s' % a for a in task.args.items())) - args = ' %s' % args - self.banner("TASK [%s%s]" % (task.get_name().strip(), args)) - if self._display.verbosity >= 2: - path = task.get_path() - if path: - self._display.display("task path: %s" % path, color=C.COLOR_DEBUG, log_only=True) - - # pylint: disable=unused-argument,no-self-use - def v2_playbook_on_handler_task_start(self, task): - """Print out task header for handlers - -Rather than print out a header for every handler, we print a dot -character to indicate a handler task has been started. -""" - sys.stdout.write('.') - - self.banner("RUNNING HANDLER [%s]" % task.get_name().strip()) - - # pylint: disable=unused-argument,no-self-use - def v2_playbook_on_cleanup_task_start(self, task): - """Print out a task header for cleanup tasks - -Rather than print out a header for every handler, we print a dot -character to indicate a handler task has been started. -""" - sys.stdout.write('.') - - self.banner("CLEANUP TASK [%s]" % task.get_name().strip()) - - def v2_playbook_on_include(self, included_file): - """Print out paths to statically included files""" - msg = 'included: %s for %s' % (included_file._filename, ", ".join([h.name for h in included_file._hosts])) - self._display.display(msg, color=C.COLOR_SKIP, log_only=True) - - def v2_runner_on_ok(self, result): - """This prints out task results in a fancy format - -The only thing we change here is adding `log_only=True` to the -.display() call - """ - delegated_vars = result._result.get('_ansible_delegated_vars', None) - self._clean_results(result._result, result._task.action) - if result._task.action in ('include', 'include_role'): - return - elif result._result.get('changed', False): - if delegated_vars: - msg = "changed: [%s -> %s]" % (result._host.get_name(), delegated_vars['ansible_host']) - else: - msg = "changed: [%s]" % result._host.get_name() - color = C.COLOR_CHANGED - else: - if delegated_vars: - msg = "ok: [%s -> %s]" % (result._host.get_name(), delegated_vars['ansible_host']) - else: - msg = "ok: [%s]" % result._host.get_name() - color = C.COLOR_OK - - if result._task.loop and 'results' in result._result: - self._process_items(result) - else: - - if (self._display.verbosity > 0 or '_ansible_verbose_always' in result._result) and '_ansible_verbose_override' not in result._result: - msg += " => %s" % (self._dump_results(result._result),) - self._display.display(msg, color=color, log_only=True) - - self._handle_warnings(result._result) - - def v2_runner_item_on_ok(self, result): - """Print out task results for items you're iterating over""" - delegated_vars = result._result.get('_ansible_delegated_vars', None) - if result._task.action in ('include', 'include_role'): - return - elif result._result.get('changed', False): - msg = 'changed' - color = C.COLOR_CHANGED - else: - msg = 'ok' - color = C.COLOR_OK - - if delegated_vars: - msg += ": [%s -> %s]" % (result._host.get_name(), delegated_vars['ansible_host']) - else: - msg += ": [%s]" % result._host.get_name() - - msg += " => (item=%s)" % (self._get_item(result._result),) - - if (self._display.verbosity > 0 or '_ansible_verbose_always' in result._result) and '_ansible_verbose_override' not in result._result: - msg += " => %s" % self._dump_results(result._result) - self._display.display(msg, color=color, log_only=True) - - def v2_runner_item_on_skipped(self, result): - """Print out task results when an item is skipped""" - if C.DISPLAY_SKIPPED_HOSTS: - msg = "skipping: [%s] => (item=%s) " % (result._host.get_name(), self._get_item(result._result)) - if (self._display.verbosity > 0 or '_ansible_verbose_always' in result._result) and '_ansible_verbose_override' not in result._result: - msg += " => %s" % self._dump_results(result._result) - self._display.display(msg, color=C.COLOR_SKIP, log_only=True) - - def v2_runner_on_skipped(self, result): - """Print out task results when a task (or something else?) is skipped""" - if C.DISPLAY_SKIPPED_HOSTS: - if result._task.loop and 'results' in result._result: - self._process_items(result) - else: - msg = "skipping: [%s]" % result._host.get_name() - if (self._display.verbosity > 0 or '_ansible_verbose_always' in result._result) and '_ansible_verbose_override' not in result._result: - msg += " => %s" % self._dump_results(result._result) - self._display.display(msg, color=C.COLOR_SKIP, log_only=True) - - def v2_playbook_on_notify(self, res, handler): - """What happens when a task result is 'changed' and the task has a -'notify' list attached. - """ - self._display.display("skipping: no hosts matched", color=C.COLOR_SKIP, log_only=True) - - ###################################################################### - # So we can bubble up errors to the top - def v2_runner_on_failed(self, result, ignore_errors=False): - """I guess this is when an entire task has failed?""" - - if self._play.strategy == 'free' and self._last_task_banner != result._task._uuid: - self._print_task_banner(result._task) - - delegated_vars = result._result.get('_ansible_delegated_vars', None) - if 'exception' in result._result: - if self._display.verbosity < 3: - # extract just the actual error message from the exception text - error = result._result['exception'].strip().split('\n')[-1] - msg = "An exception occurred during task execution. To see the full traceback, use -vvv. The error was: %s" % error - else: - msg = "An exception occurred during task execution. The full traceback is:\n" + result._result['exception'] - - self._display.display(msg, color=C.COLOR_ERROR) - - if result._task.loop and 'results' in result._result: - self._process_items(result) - - else: - if delegated_vars: - self._display.display("fatal: [%s -> %s]: FAILED! => %s" % (result._host.get_name(), delegated_vars['ansible_host'], self._dump_results(result._result)), color=C.COLOR_ERROR) - else: - self._display.display("fatal: [%s]: FAILED! => %s" % (result._host.get_name(), self._dump_results(result._result)), color=C.COLOR_ERROR) - - if ignore_errors: - self._display.display("...ignoring", color=C.COLOR_SKIP) - - def v2_runner_item_on_failed(self, result): - """When an item in a task fails.""" - delegated_vars = result._result.get('_ansible_delegated_vars', None) - if 'exception' in result._result: - if self._display.verbosity < 3: - # extract just the actual error message from the exception text - error = result._result['exception'].strip().split('\n')[-1] - msg = "An exception occurred during task execution. To see the full traceback, use -vvv. The error was: %s" % error - else: - msg = "An exception occurred during task execution. The full traceback is:\n" + result._result['exception'] - - self._display.display(msg, color=C.COLOR_ERROR) - - msg = "failed: " - if delegated_vars: - msg += "[%s -> %s]" % (result._host.get_name(), delegated_vars['ansible_host']) - else: - msg += "[%s]" % (result._host.get_name()) - - self._display.display(msg + " (item=%s) => %s" % (self._get_item(result._result), self._dump_results(result._result)), color=C.COLOR_ERROR) - self._handle_warnings(result._result) - - ###################################################################### - def v2_playbook_on_stats(self, stats): - """Print the final playbook run stats""" - self._display.display("", screen_only=True) - self.banner("PLAY RECAP") - - hosts = sorted(stats.processed.keys()) - for h in hosts: - t = stats.summarize(h) - - self._display.display( - u"%s : %s %s %s %s" % ( - hostcolor(h, t), - colorize(u'ok', t['ok'], C.COLOR_OK), - colorize(u'changed', t['changed'], C.COLOR_CHANGED), - colorize(u'unreachable', t['unreachable'], C.COLOR_UNREACHABLE), - colorize(u'failed', t['failures'], C.COLOR_ERROR)), - screen_only=True - ) - - self._display.display( - u"%s : %s %s %s %s" % ( - hostcolor(h, t, False), - colorize(u'ok', t['ok'], None), - colorize(u'changed', t['changed'], None), - colorize(u'unreachable', t['unreachable'], None), - colorize(u'failed', t['failures'], None)), - log_only=True - ) - - self._display.display("", screen_only=True) - self._display.display("", screen_only=True) - - # Some plays are conditional and won't run (such as load - # balancers) if they aren't required. Sometimes plays are - # conditionally included later in the run. Let the user know - # about this to avoid potential confusion. - if self.plays_total_ran != self.plays_count: - print("Installation Complete: Note: Play count is only an estimate, some plays may have been skipped or dynamically added") - self._display.display("", screen_only=True) diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py deleted file mode 100644 index 07f0f4293..000000000 --- a/filter_plugins/oo_filters.py +++ /dev/null @@ -1,952 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# pylint: disable=too-many-lines -""" -Custom filters for use in openshift-ansible -""" -import json -import os -import pdb -import random -import re - -from base64 import b64encode -from collections import Mapping -# pylint no-name-in-module and import-error disabled here because pylint -# fails to properly detect the packages when installed in a virtualenv -from distutils.util import strtobool # pylint:disable=no-name-in-module,import-error -from distutils.version import LooseVersion # pylint:disable=no-name-in-module,import-error -from operator import itemgetter - -import pkg_resources -import yaml - -from ansible import errors -from ansible.parsing.yaml.dumper import AnsibleDumper - -# ansible.compat.six goes away with Ansible 2.4 -try: - from ansible.compat.six import string_types, u - from ansible.compat.six.moves.urllib.parse import urlparse -except ImportError: - from ansible.module_utils.six import string_types, u - from ansible.module_utils.six.moves.urllib.parse import urlparse - -HAS_OPENSSL = False -try: - import OpenSSL.crypto - HAS_OPENSSL = True -except ImportError: - pass - - -def oo_pdb(arg): - """ This pops you into a pdb instance where arg is the data passed in - from the filter. - Ex: "{{ hostvars | oo_pdb }}" - """ - pdb.set_trace() - return arg - - -def get_attr(data, attribute=None): - """ This looks up dictionary attributes of the form a.b.c and returns - the value. - - If the key isn't present, None is returned. - Ex: data = {'a': {'b': {'c': 5}}} - attribute = "a.b.c" - returns 5 - """ - if not attribute: - raise errors.AnsibleFilterError("|failed expects attribute to be set") - - ptr = data - for attr in attribute.split('.'): - if attr in ptr: - ptr = ptr[attr] - else: - ptr = None - break - - return ptr - - -def oo_flatten(data): - """ This filter plugin will flatten a list of lists - """ - if not isinstance(data, list): - raise errors.AnsibleFilterError("|failed expects to flatten a List") - - return [item for sublist in data for item in sublist] - - -def oo_merge_dicts(first_dict, second_dict): - """ Merge two dictionaries where second_dict values take precedence. - Ex: first_dict={'a': 1, 'b': 2} - second_dict={'b': 3, 'c': 4} - returns {'a': 1, 'b': 3, 'c': 4} - """ - if not isinstance(first_dict, dict) or not isinstance(second_dict, dict): - raise errors.AnsibleFilterError("|failed expects to merge two dicts") - merged = first_dict.copy() - merged.update(second_dict) - return merged - - -def oo_merge_hostvars(hostvars, variables, inventory_hostname): - """ Merge host and play variables. - - When ansible version is greater than or equal to 2.0.0, - merge hostvars[inventory_hostname] with variables (ansible vars) - otherwise merge hostvars with hostvars['inventory_hostname']. - - Ex: hostvars={'master1.example.com': {'openshift_variable': '3'}, - 'openshift_other_variable': '7'} - variables={'openshift_other_variable': '6'} - inventory_hostname='master1.example.com' - returns {'openshift_variable': '3', 'openshift_other_variable': '7'} - - hostvars= (Mapping) - variables={'openshift_other_variable': '6'} - inventory_hostname='master1.example.com' - returns {'openshift_variable': '3', 'openshift_other_variable': '6'} - """ - if not isinstance(hostvars, Mapping): - raise errors.AnsibleFilterError("|failed expects hostvars is dictionary or object") - if not isinstance(variables, dict): - raise errors.AnsibleFilterError("|failed expects variables is a dictionary") - if not isinstance(inventory_hostname, string_types): - raise errors.AnsibleFilterError("|failed expects inventory_hostname is a string") - ansible_version = pkg_resources.get_distribution("ansible").version # pylint: disable=maybe-no-member - merged_hostvars = {} - if LooseVersion(ansible_version) >= LooseVersion('2.0.0'): - merged_hostvars = oo_merge_dicts( - hostvars[inventory_hostname], variables) - else: - merged_hostvars = oo_merge_dicts( - hostvars[inventory_hostname], hostvars) - return merged_hostvars - - -def oo_collect(data_list, attribute=None, filters=None): - """ This takes a list of dict and collects all attributes specified into a - list. If filter is specified then we will include all items that - match _ALL_ of filters. If a dict entry is missing the key in a - filter it will be excluded from the match. - Ex: data_list = [ {'a':1, 'b':5, 'z': 'z'}, # True, return - {'a':2, 'z': 'z'}, # True, return - {'a':3, 'z': 'z'}, # True, return - {'a':4, 'z': 'b'}, # FAILED, obj['z'] != obj['z'] - ] - attribute = 'a' - filters = {'z': 'z'} - returns [1, 2, 3] - - This also deals with lists of lists with dict as elements. - Ex: data_list = [ - [ {'a':1, 'b':5, 'z': 'z'}, # True, return - {'a':2, 'b':6, 'z': 'z'} # True, return - ], - [ {'a':3, 'z': 'z'}, # True, return - {'a':4, 'z': 'b'} # FAILED, obj['z'] != obj['z'] - ], - {'a':5, 'z': 'z'}, # True, return - ] - attribute = 'a' - filters = {'z': 'z'} - returns [1, 2, 3, 5] - """ - if not isinstance(data_list, list): - raise errors.AnsibleFilterError("oo_collect expects to filter on a List") - - if not attribute: - raise errors.AnsibleFilterError("oo_collect expects attribute to be set") - - data = [] - retval = [] - - for item in data_list: - if isinstance(item, list): - retval.extend(oo_collect(item, attribute, filters)) - else: - data.append(item) - - if filters is not None: - if not isinstance(filters, dict): - raise errors.AnsibleFilterError( - "oo_collect expects filter to be a dict") - retval.extend([get_attr(d, attribute) for d in data if ( - all([d.get(key, None) == filters[key] for key in filters]))]) - else: - retval.extend([get_attr(d, attribute) for d in data]) - - retval = [val for val in retval if val is not None] - - return retval - - -def oo_select_keys_from_list(data, keys): - """ This returns a list, which contains the value portions for the keys - Ex: data = { 'a':1, 'b':2, 'c':3 } - keys = ['a', 'c'] - returns [1, 3] - """ - - if not isinstance(data, list): - raise errors.AnsibleFilterError("|oo_select_keys_from_list failed expects to filter on a list") - - if not isinstance(keys, list): - raise errors.AnsibleFilterError("|oo_select_keys_from_list failed expects first param is a list") - - # Gather up the values for the list of keys passed in - retval = [oo_select_keys(item, keys) for item in data] - - return oo_flatten(retval) - - -def oo_select_keys(data, keys): - """ This returns a list, which contains the value portions for the keys - Ex: data = { 'a':1, 'b':2, 'c':3 } - keys = ['a', 'c'] - returns [1, 3] - """ - - if not isinstance(data, Mapping): - raise errors.AnsibleFilterError("|oo_select_keys failed expects to filter on a dict or object") - - if not isinstance(keys, list): - raise errors.AnsibleFilterError("|oo_select_keys failed expects first param is a list") - - # Gather up the values for the list of keys passed in - retval = [data[key] for key in keys if key in data] - - return retval - - -def oo_prepend_strings_in_list(data, prepend): - """ This takes a list of strings and prepends a string to each item in the - list - Ex: data = ['cart', 'tree'] - prepend = 'apple-' - returns ['apple-cart', 'apple-tree'] - """ - if not isinstance(data, list): - raise errors.AnsibleFilterError("|failed expects first param is a list") - if not all(isinstance(x, string_types) for x in data): - raise errors.AnsibleFilterError("|failed expects first param is a list" - " of strings") - retval = [prepend + s for s in data] - return retval - - -def oo_combine_key_value(data, joiner='='): - """Take a list of dict in the form of { 'key': 'value'} and - arrange them as a list of strings ['key=value'] - """ - if not isinstance(data, list): - raise errors.AnsibleFilterError("|failed expects first param is a list") - - rval = [] - for item in data: - rval.append("%s%s%s" % (item['key'], joiner, item['value'])) - - return rval - - -def oo_combine_dict(data, in_joiner='=', out_joiner=' '): - """Take a dict in the form of { 'key': 'value', 'key': 'value' } and - arrange them as a string 'key=value key=value' - """ - if not isinstance(data, dict): - # pylint: disable=line-too-long - raise errors.AnsibleFilterError("|failed expects first param is a dict [oo_combine_dict]. Got %s. Type: %s" % (str(data), str(type(data)))) - - return out_joiner.join([in_joiner.join([k, str(v)]) for k, v in data.items()]) - - -def oo_dict_to_keqv_list(data): - """Take a dict and return a list of k=v pairs - - Input data: - {'a': 1, 'b': 2} - - Return data: - ['a=1', 'b=2'] - """ - return ['='.join(str(e) for e in x) for x in data.items()] - - -def oo_dict_to_list_of_dict(data, key_title='key', value_title='value'): - """Take a dict and arrange them as a list of dicts - - Input data: - {'region': 'infra', 'test_k': 'test_v'} - - Return data: - [{'key': 'region', 'value': 'infra'}, {'key': 'test_k', 'value': 'test_v'}] - - Written for use of the oc_label module - """ - if not isinstance(data, dict): - # pylint: disable=line-too-long - raise errors.AnsibleFilterError("|failed expects first param is a dict. Got %s. Type: %s" % (str(data), str(type(data)))) - - rval = [] - for label in data.items(): - rval.append({key_title: label[0], value_title: label[1]}) - - return rval - - -def oo_ami_selector(data, image_name): - """ This takes a list of amis and an image name and attempts to return - the latest ami. - """ - if not isinstance(data, list): - raise errors.AnsibleFilterError("|failed expects first param is a list") - - if not data: - return None - else: - if image_name is None or not image_name.endswith('_*'): - ami = sorted(data, key=itemgetter('name'), reverse=True)[0] - return ami['ami_id'] - else: - ami_info = [(ami, ami['name'].split('_')[-1]) for ami in data] - ami = sorted(ami_info, key=itemgetter(1), reverse=True)[0][0] - return ami['ami_id'] - - -def oo_ec2_volume_definition(data, host_type, docker_ephemeral=False): - """ This takes a dictionary of volume definitions and returns a valid ec2 - volume definition based on the host_type and the values in the - dictionary. - The dictionary should look similar to this: - { 'master': - { 'root': - { 'volume_size': 10, 'device_type': 'gp2', - 'iops': 500 - }, - 'docker': - { 'volume_size': 40, 'device_type': 'gp2', - 'iops': 500, 'ephemeral': 'true' - } - }, - 'node': - { 'root': - { 'volume_size': 10, 'device_type': 'io1', - 'iops': 1000 - }, - 'docker': - { 'volume_size': 40, 'device_type': 'gp2', - 'iops': 500, 'ephemeral': 'true' - } - } - } - """ - if not isinstance(data, dict): - # pylint: disable=line-too-long - raise errors.AnsibleFilterError("|failed expects first param is a dict [oo_ec2_volume_def]. Got %s. Type: %s" % (str(data), str(type(data)))) - if host_type not in ['master', 'node', 'etcd']: - raise errors.AnsibleFilterError("|failed expects etcd, master or node" - " as the host type") - - root_vol = data[host_type]['root'] - root_vol['device_name'] = '/dev/sda1' - root_vol['delete_on_termination'] = True - if root_vol['device_type'] != 'io1': - root_vol.pop('iops', None) - if host_type in ['master', 'node'] and 'docker' in data[host_type]: - docker_vol = data[host_type]['docker'] - docker_vol['device_name'] = '/dev/xvdb' - docker_vol['delete_on_termination'] = True - if docker_vol['device_type'] != 'io1': - docker_vol.pop('iops', None) - if docker_ephemeral: - docker_vol.pop('device_type', None) - docker_vol.pop('delete_on_termination', None) - docker_vol['ephemeral'] = 'ephemeral0' - return [root_vol, docker_vol] - elif host_type == 'etcd' and 'etcd' in data[host_type]: - etcd_vol = data[host_type]['etcd'] - etcd_vol['device_name'] = '/dev/xvdb' - etcd_vol['delete_on_termination'] = True - if etcd_vol['device_type'] != 'io1': - etcd_vol.pop('iops', None) - return [root_vol, etcd_vol] - return [root_vol] - - -def oo_split(string, separator=','): - """ This splits the input string into a list. If the input string is - already a list we will return it as is. - """ - if isinstance(string, list): - return string - return string.split(separator) - - -def oo_list_to_dict(lst, separator='='): - """ This converts a list of ["k=v"] to a dictionary {k: v}. - """ - kvs = [i.split(separator) for i in lst] - return {k: v for k, v in kvs} - - -def oo_haproxy_backend_masters(hosts, port): - """ This takes an array of dicts and returns an array of dicts - to be used as a backend for the haproxy role - """ - servers = [] - for idx, host_info in enumerate(hosts): - server = dict(name="master%s" % idx) - server_ip = host_info['openshift']['common']['ip'] - server['address'] = "%s:%s" % (server_ip, port) - server['opts'] = 'check' - servers.append(server) - return servers - - -def oo_filter_list(data, filter_attr=None): - """ This returns a list, which contains all items where filter_attr - evaluates to true - Ex: data = [ { a: 1, b: True }, - { a: 3, b: False }, - { a: 5, b: True } ] - filter_attr = 'b' - returns [ { a: 1, b: True }, - { a: 5, b: True } ] - """ - if not isinstance(data, list): - raise errors.AnsibleFilterError("|failed expects to filter on a list") - - if not isinstance(filter_attr, string_types): - raise errors.AnsibleFilterError("|failed expects filter_attr is a str or unicode") - - # Gather up the values for the list of keys passed in - return [x for x in data if filter_attr in x and x[filter_attr]] - - -def oo_parse_heat_stack_outputs(data): - """ Formats the HEAT stack output into a usable form - - The goal is to transform something like this: - - +---------------+-------------------------------------------------+ - | Property | Value | - +---------------+-------------------------------------------------+ - | capabilities | [] | | - | creation_time | 2015-06-26T12:26:26Z | | - | description | OpenShift cluster | | - | … | … | - | outputs | [ | - | | { | - | | "output_value": "value_A" | - | | "description": "This is the value of Key_A" | - | | "output_key": "Key_A" | - | | }, | - | | { | - | | "output_value": [ | - | | "value_B1", | - | | "value_B2" | - | | ], | - | | "description": "This is the value of Key_B" | - | | "output_key": "Key_B" | - | | }, | - | | ] | - | parameters | { | - | … | … | - +---------------+-------------------------------------------------+ - - into something like this: - - { - "Key_A": "value_A", - "Key_B": [ - "value_B1", - "value_B2" - ] - } - """ - - # Extract the “outputs” JSON snippet from the pretty-printed array - in_outputs = False - outputs = '' - - line_regex = re.compile(r'\|\s*(.*?)\s*\|\s*(.*?)\s*\|') - for line in data['stdout_lines']: - match = line_regex.match(line) - if match: - if match.group(1) == 'outputs': - in_outputs = True - elif match.group(1) != '': - in_outputs = False - if in_outputs: - outputs += match.group(2) - - outputs = json.loads(outputs) - - # Revamp the “outputs” to put it in the form of a “Key: value” map - revamped_outputs = {} - for output in outputs: - revamped_outputs[output['output_key']] = output['output_value'] - - return revamped_outputs - - -# pylint: disable=too-many-branches -def oo_parse_named_certificates(certificates, named_certs_dir, internal_hostnames): - """ Parses names from list of certificate hashes. - - Ex: certificates = [{ "certfile": "/root/custom1.crt", - "keyfile": "/root/custom1.key", - "cafile": "/root/custom-ca1.crt" }, - { "certfile": "custom2.crt", - "keyfile": "custom2.key", - "cafile": "custom-ca2.crt" }] - - returns [{ "certfile": "/etc/origin/master/named_certificates/custom1.crt", - "keyfile": "/etc/origin/master/named_certificates/custom1.key", - "cafile": "/etc/origin/master/named_certificates/custom-ca1.crt", - "names": [ "public-master-host.com", - "other-master-host.com" ] }, - { "certfile": "/etc/origin/master/named_certificates/custom2.crt", - "keyfile": "/etc/origin/master/named_certificates/custom2.key", - "cafile": "/etc/origin/master/named_certificates/custom-ca-2.crt", - "names": [ "some-hostname.com" ] }] - """ - if not isinstance(named_certs_dir, string_types): - raise errors.AnsibleFilterError("|failed expects named_certs_dir is str or unicode") - - if not isinstance(internal_hostnames, list): - raise errors.AnsibleFilterError("|failed expects internal_hostnames is list") - - if not HAS_OPENSSL: - raise errors.AnsibleFilterError("|missing OpenSSL python bindings") - - for certificate in certificates: - if 'names' in certificate.keys(): - continue - else: - certificate['names'] = [] - - if not os.path.isfile(certificate['certfile']) or not os.path.isfile(certificate['keyfile']): - raise errors.AnsibleFilterError("|certificate and/or key does not exist '%s', '%s'" % - (certificate['certfile'], certificate['keyfile'])) - - try: - st_cert = open(certificate['certfile'], 'rt').read() - cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, st_cert) - certificate['names'].append(str(cert.get_subject().commonName.decode())) - for i in range(cert.get_extension_count()): - if cert.get_extension(i).get_short_name() == 'subjectAltName': - for name in str(cert.get_extension(i)).replace('DNS:', '').split(', '): - certificate['names'].append(name) - except Exception: - raise errors.AnsibleFilterError(("|failed to parse certificate '%s', " % certificate['certfile'] + - "please specify certificate names in host inventory")) - - certificate['names'] = list(set(certificate['names'])) - if 'cafile' not in certificate: - certificate['names'] = [name for name in certificate['names'] if name not in internal_hostnames] - if not certificate['names']: - raise errors.AnsibleFilterError(("|failed to parse certificate '%s' or " % certificate['certfile'] + - "detected a collision with internal hostname, please specify " + - "certificate names in host inventory")) - - for certificate in certificates: - # Update paths for configuration - certificate['certfile'] = os.path.join(named_certs_dir, os.path.basename(certificate['certfile'])) - certificate['keyfile'] = os.path.join(named_certs_dir, os.path.basename(certificate['keyfile'])) - if 'cafile' in certificate: - certificate['cafile'] = os.path.join(named_certs_dir, os.path.basename(certificate['cafile'])) - return certificates - - -def oo_pretty_print_cluster(data, prefix='tag_'): - """ Read a subset of hostvars and build a summary of the cluster - in the following layout: - -"c_id": { -"master": { -"default": [ - { "name": "c_id-master-12345", "public IP": "172.16.0.1", "private IP": "192.168.0.1" } -] -"node": { -"infra": [ - { "name": "c_id-node-infra-23456", "public IP": "172.16.0.2", "private IP": "192.168.0.2" } -], -"compute": [ - { "name": "c_id-node-compute-23456", "public IP": "172.16.0.3", "private IP": "192.168.0.3" }, -... -] -} - """ - - def _get_tag_value(tags, key): - """ Extract values of a map implemented as a set. - Ex: tags = { 'tag_foo_value1', 'tag_bar_value2', 'tag_baz_value3' } - key = 'bar' - returns 'value2' - """ - for tag in tags: - if tag[:len(prefix) + len(key)] == prefix + key: - return tag[len(prefix) + len(key) + 1:] - raise KeyError(key) - - def _add_host(clusters, - clusterid, - host_type, - sub_host_type, - host): - """ Add a new host in the clusters data structure """ - if clusterid not in clusters: - clusters[clusterid] = {} - if host_type not in clusters[clusterid]: - clusters[clusterid][host_type] = {} - if sub_host_type not in clusters[clusterid][host_type]: - clusters[clusterid][host_type][sub_host_type] = [] - clusters[clusterid][host_type][sub_host_type].append(host) - - clusters = {} - for host in data: - try: - _add_host(clusters=clusters, - clusterid=_get_tag_value(host['group_names'], 'clusterid'), - host_type=_get_tag_value(host['group_names'], 'host-type'), - sub_host_type=_get_tag_value(host['group_names'], 'sub-host-type'), - host={'name': host['inventory_hostname'], - 'public IP': host['oo_public_ipv4'], - 'private IP': host['oo_private_ipv4']}) - except KeyError: - pass - return clusters - - -def oo_generate_secret(num_bytes): - """ generate a session secret """ - - if not isinstance(num_bytes, int): - raise errors.AnsibleFilterError("|failed expects num_bytes is int") - - return b64encode(os.urandom(num_bytes)).decode('utf-8') - - -def to_padded_yaml(data, level=0, indent=2, **kw): - """ returns a yaml snippet padded to match the indent level you specify """ - if data in [None, ""]: - return "" - - try: - transformed = u(yaml.dump(data, indent=indent, allow_unicode=True, - default_flow_style=False, - Dumper=AnsibleDumper, **kw)) - padded = "\n".join([" " * level * indent + line for line in transformed.splitlines()]) - return "\n{0}".format(padded) - except Exception as my_e: - raise errors.AnsibleFilterError('Failed to convert: %s' % my_e) - - -def oo_31_rpm_rename_conversion(rpms, openshift_version=None): - """ Filters a list of 3.0 rpms and return the corresponding 3.1 rpms - names with proper version (if provided) - - If 3.1 rpms are passed in they will only be augmented with the - correct version. This is important for hosts that are running both - Masters and Nodes. - """ - if not isinstance(rpms, list): - raise errors.AnsibleFilterError("failed expects to filter on a list") - if openshift_version is not None and not isinstance(openshift_version, string_types): - raise errors.AnsibleFilterError("failed expects openshift_version to be a string") - - rpms_31 = [] - for rpm in rpms: - if 'atomic' not in rpm: - rpm = rpm.replace("openshift", "atomic-openshift") - if openshift_version: - rpm = rpm + openshift_version - rpms_31.append(rpm) - - return rpms_31 - - -def oo_pods_match_component(pods, deployment_type, component): - """ Filters a list of Pods and returns the ones matching the deployment_type and component - """ - if not isinstance(pods, list): - raise errors.AnsibleFilterError("failed expects to filter on a list") - if not isinstance(deployment_type, string_types): - raise errors.AnsibleFilterError("failed expects deployment_type to be a string") - if not isinstance(component, string_types): - raise errors.AnsibleFilterError("failed expects component to be a string") - - image_prefix = 'openshift/origin-' - if deployment_type == 'openshift-enterprise': - image_prefix = 'openshift3/ose-' - - matching_pods = [] - image_regex = image_prefix + component + r'.*' - for pod in pods: - for container in pod['spec']['containers']: - if re.search(image_regex, container['image']): - matching_pods.append(pod) - break # stop here, don't add a pod more than once - - return matching_pods - - -def oo_get_hosts_from_hostvars(hostvars, hosts): - """ Return a list of hosts from hostvars """ - retval = [] - for host in hosts: - try: - retval.append(hostvars[host]) - except errors.AnsibleError: - # host does not exist - pass - - return retval - - -def oo_image_tag_to_rpm_version(version, include_dash=False): - """ Convert an image tag string to an RPM version if necessary - Empty strings and strings that are already in rpm version format - are ignored. Also remove non semantic version components. - - Ex. v3.2.0.10 -> -3.2.0.10 - v1.2.0-rc1 -> -1.2.0 - """ - if not isinstance(version, string_types): - raise errors.AnsibleFilterError("|failed expects a string or unicode") - if version.startswith("v"): - version = version[1:] - # Strip release from requested version, we no longer support this. - version = version.split('-')[0] - - if include_dash and version and not version.startswith("-"): - version = "-" + version - - return version - - -def oo_hostname_from_url(url): - """ Returns the hostname contained in a URL - - Ex: https://ose3-master.example.com/v1/api -> ose3-master.example.com - """ - if not isinstance(url, string_types): - raise errors.AnsibleFilterError("|failed expects a string or unicode") - parse_result = urlparse(url) - if parse_result.netloc != '': - return parse_result.netloc - else: - # netloc wasn't parsed, assume url was missing scheme and path - return parse_result.path - - -# pylint: disable=invalid-name, unused-argument -def oo_openshift_loadbalancer_frontends( - api_port, servers_hostvars, use_nuage=False, nuage_rest_port=None): - """TODO: Document me.""" - loadbalancer_frontends = [{'name': 'atomic-openshift-api', - 'mode': 'tcp', - 'options': ['tcplog'], - 'binds': ["*:{0}".format(api_port)], - 'default_backend': 'atomic-openshift-api'}] - if bool(strtobool(str(use_nuage))) and nuage_rest_port is not None: - loadbalancer_frontends.append({'name': 'nuage-monitor', - 'mode': 'tcp', - 'options': ['tcplog'], - 'binds': ["*:{0}".format(nuage_rest_port)], - 'default_backend': 'nuage-monitor'}) - return loadbalancer_frontends - - -# pylint: disable=invalid-name -def oo_openshift_loadbalancer_backends( - api_port, servers_hostvars, use_nuage=False, nuage_rest_port=None): - """TODO: Document me.""" - loadbalancer_backends = [{'name': 'atomic-openshift-api', - 'mode': 'tcp', - 'option': 'tcplog', - 'balance': 'source', - 'servers': oo_haproxy_backend_masters(servers_hostvars, api_port)}] - if bool(strtobool(str(use_nuage))) and nuage_rest_port is not None: - # pylint: disable=line-too-long - loadbalancer_backends.append({'name': 'nuage-monitor', - 'mode': 'tcp', - 'option': 'tcplog', - 'balance': 'source', - 'servers': oo_haproxy_backend_masters(servers_hostvars, nuage_rest_port)}) - return loadbalancer_backends - - -def oo_chomp_commit_offset(version): - """Chomp any "+git.foo" commit offset string from the given `version` - and return the modified version string. - -Ex: -- chomp_commit_offset(None) => None -- chomp_commit_offset(1337) => "1337" -- chomp_commit_offset("v3.4.0.15+git.derp") => "v3.4.0.15" -- chomp_commit_offset("v3.4.0.15") => "v3.4.0.15" -- chomp_commit_offset("v1.3.0+52492b4") => "v1.3.0" - """ - if version is None: - return version - else: - # Stringify, just in case it's a Number type. Split by '+' and - # return the first split. No concerns about strings without a - # '+', .split() returns an array of the original string. - return str(version).split('+')[0] - - -def oo_random_word(length, source='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'): - """Generates a random string of given length from a set of alphanumeric characters. - The default source uses [a-z][A-Z][0-9] - Ex: - - oo_random_word(3) => aB9 - - oo_random_word(4, source='012') => 0123 - """ - return ''.join(random.choice(source) for i in range(length)) - - -def oo_contains_rule(source, apiGroups, resources, verbs): - '''Return true if the specified rule is contained within the provided source''' - - rules = source['rules'] - - if rules: - for rule in rules: - if set(rule['apiGroups']) == set(apiGroups): - if set(rule['resources']) == set(resources): - if set(rule['verbs']) == set(verbs): - return True - - return False - - -def oo_selector_to_string_list(user_dict): - """Convert a dict of selectors to a key=value list of strings - -Given input of {'region': 'infra', 'zone': 'primary'} returns a list -of items as ['region=infra', 'zone=primary'] - """ - selectors = [] - for key in user_dict: - selectors.append("{}={}".format(key, user_dict[key])) - return selectors - - -def oo_filter_sa_secrets(sa_secrets, secret_hint='-token-'): - """Parse the Service Account Secrets list, `sa_secrets`, (as from -oc_serviceaccount_secret:state=list) and return the name of the secret -containing the `secret_hint` string. For example, by default this will -return the name of the secret holding the SA bearer token. - -Only provide the 'results' object to this filter. This filter expects -to receive a list like this: - - [ - { - "name": "management-admin-dockercfg-p31s2" - }, - { - "name": "management-admin-token-bnqsh" - } - ] - - -Returns: - -* `secret_name` [string] - The name of the secret matching the - `secret_hint` parameter. By default this is the secret holding the - SA's bearer token. - -Example playbook usage: - -Register a return value from oc_serviceaccount_secret with and pass -that result to this filter plugin. - - - name: Get all SA Secrets - oc_serviceaccount_secret: - state: list - service_account: management-admin - namespace: management-infra - register: sa - - - name: Save the SA bearer token secret name - set_fact: - management_token: "{{ sa.results | oo_filter_sa_secrets }}" - - - name: Get the SA bearer token value - oc_secret: - state: list - name: "{{ management_token }}" - namespace: management-infra - decode: true - register: sa_secret - - - name: Print the bearer token value - debug: - var: sa_secret.results.decoded.token - - """ - secret_name = None - - for secret in sa_secrets: - # each secret is a hash - if secret['name'].find(secret_hint) == -1: - continue - else: - secret_name = secret['name'] - break - - return secret_name - - -class FilterModule(object): - """ Custom ansible filter mapping """ - - # pylint: disable=no-self-use, too-few-public-methods - def filters(self): - """ returns a mapping of filters to methods """ - return { - "oo_select_keys": oo_select_keys, - "oo_select_keys_from_list": oo_select_keys_from_list, - "oo_chomp_commit_offset": oo_chomp_commit_offset, - "oo_collect": oo_collect, - "oo_flatten": oo_flatten, - "oo_pdb": oo_pdb, - "oo_prepend_strings_in_list": oo_prepend_strings_in_list, - "oo_ami_selector": oo_ami_selector, - "oo_ec2_volume_definition": oo_ec2_volume_definition, - "oo_combine_key_value": oo_combine_key_value, - "oo_combine_dict": oo_combine_dict, - "oo_dict_to_keqv_list": oo_dict_to_keqv_list, - "oo_dict_to_list_of_dict": oo_dict_to_list_of_dict, - "oo_split": oo_split, - "oo_list_to_dict": oo_list_to_dict, - "oo_filter_list": oo_filter_list, - "oo_parse_heat_stack_outputs": oo_parse_heat_stack_outputs, - "oo_parse_named_certificates": oo_parse_named_certificates, - "oo_haproxy_backend_masters": oo_haproxy_backend_masters, - "oo_pretty_print_cluster": oo_pretty_print_cluster, - "oo_generate_secret": oo_generate_secret, - "oo_31_rpm_rename_conversion": oo_31_rpm_rename_conversion, - "oo_pods_match_component": oo_pods_match_component, - "oo_get_hosts_from_hostvars": oo_get_hosts_from_hostvars, - "oo_image_tag_to_rpm_version": oo_image_tag_to_rpm_version, - "oo_merge_dicts": oo_merge_dicts, - "oo_hostname_from_url": oo_hostname_from_url, - "oo_merge_hostvars": oo_merge_hostvars, - "oo_openshift_loadbalancer_frontends": oo_openshift_loadbalancer_frontends, - "oo_openshift_loadbalancer_backends": oo_openshift_loadbalancer_backends, - "to_padded_yaml": to_padded_yaml, - "oo_random_word": oo_random_word, - "oo_contains_rule": oo_contains_rule, - "oo_selector_to_string_list": oo_selector_to_string_list, - "oo_filter_sa_secrets": oo_filter_sa_secrets, - } diff --git a/filter_plugins/openshift_version.py b/filter_plugins/openshift_version.py deleted file mode 100644 index 7a70b158b..000000000 --- a/filter_plugins/openshift_version.py +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -""" -Custom version comparison filters for use in openshift-ansible -""" - -# pylint can't locate distutils.version within virtualenv -# https://github.com/PyCQA/pylint/issues/73 -# pylint: disable=no-name-in-module, import-error -from distutils.version import LooseVersion - - -def gte_function_builder(name, gte_version): - """ - Build and return a version comparison function. - - Ex: name = 'oo_version_gte_3_6' - version = '3.6' - - returns oo_version_gte_3_6, a function which based on the - version will return true if the provided version is greater - than or equal to the function's version - """ - def _gte_function(version): - """ - Dynamic function created by gte_function_builder. - - Ex: version = '3.1' - returns True/False - """ - version_gte = False - if str(version) >= LooseVersion(gte_version): - version_gte = True - return version_gte - _gte_function.__name__ = name - return _gte_function - - -# pylint: disable=too-few-public-methods -class FilterModule(object): - """ - Filters for version checking. - """ - # Each element of versions is composed of (major, minor_start, minor_end) - # Origin began versioning 3.x with 3.6, so begin 3.x with 3.6. - versions = [(3, 6, 10)] - - def __init__(self): - """ - Creates a new FilterModule for ose version checking. - """ - self._filters = {} - - # For each set of (major, minor, minor_iterations) - for major, minor_start, minor_end in self.versions: - # For each minor version in the range - for minor in range(minor_start, minor_end): - # Create the function name - func_name = 'oo_version_gte_{}_{}'.format(major, minor) - # Create the function with the builder - func = gte_function_builder(func_name, "{}.{}.0".format(major, minor)) - # Add the function to the mapping - self._filters[func_name] = func - - def filters(self): - """ - Return the filters mapping. - """ - return self._filters diff --git a/library/kubeclient_ca.py b/library/kubeclient_ca.py deleted file mode 100644 index a89a5574f..000000000 --- a/library/kubeclient_ca.py +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -''' kubeclient_ca ansible module ''' - -import base64 -import yaml -from ansible.module_utils.basic import AnsibleModule - - -DOCUMENTATION = ''' ---- -module: kubeclient_ca -short_description: Modify kubeclient certificate-authority-data -author: Andrew Butcher -requirements: [ ] -''' -EXAMPLES = ''' -- kubeclient_ca: - client_path: /etc/origin/master/admin.kubeconfig - ca_path: /etc/origin/master/ca-bundle.crt - -- slurp: - src: /etc/origin/master/ca-bundle.crt - register: ca_data -- kubeclient_ca: - client_path: /etc/origin/master/admin.kubeconfig - ca_data: "{{ ca_data.content }}" -''' - - -def main(): - ''' Modify kubeconfig located at `client_path`, setting the - certificate authority data to specified `ca_data` or contents of - `ca_path`. - ''' - - module = AnsibleModule( # noqa: F405 - argument_spec=dict( - client_path=dict(required=True), - ca_data=dict(required=False, default=None), - ca_path=dict(required=False, default=None), - backup=dict(required=False, default=True, type='bool'), - ), - supports_check_mode=True, - mutually_exclusive=[['ca_data', 'ca_path']], - required_one_of=[['ca_data', 'ca_path']] - ) - - client_path = module.params['client_path'] - ca_data = module.params['ca_data'] - ca_path = module.params['ca_path'] - backup = module.params['backup'] - - try: - with open(client_path) as client_config_file: - client_config_data = yaml.safe_load(client_config_file.read()) - - if ca_data is None: - with open(ca_path) as ca_file: - ca_data = base64.standard_b64encode(ca_file.read()) - - changes = [] - # Naively update the CA information for each cluster in the - # kubeconfig. - for cluster in client_config_data['clusters']: - if cluster['cluster']['certificate-authority-data'] != ca_data: - cluster['cluster']['certificate-authority-data'] = ca_data - changes.append(cluster['name']) - - if not module.check_mode: - if len(changes) > 0 and backup: - module.backup_local(client_path) - - with open(client_path, 'w') as client_config_file: - client_config_string = yaml.dump(client_config_data, default_flow_style=False) - client_config_string = client_config_string.replace('\'\'', '""') - client_config_file.write(client_config_string) - - return module.exit_json(changed=(len(changes) > 0)) - - # ignore broad-except error to avoid stack trace to ansible user - # pylint: disable=broad-except - except Exception as error: - return module.fail_json(msg=str(error)) - - -if __name__ == '__main__': - main() diff --git a/library/modify_yaml.py b/library/modify_yaml.py deleted file mode 100755 index 9b8f9ba33..000000000 --- a/library/modify_yaml.py +++ /dev/null @@ -1,117 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -''' modify_yaml ansible module ''' - -import yaml - -# ignore pylint errors related to the module_utils import -# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import -from ansible.module_utils.basic import * # noqa: F402,F403 - - -DOCUMENTATION = ''' ---- -module: modify_yaml -short_description: Modify yaml key value pairs -author: Andrew Butcher -requirements: [ ] -''' -EXAMPLES = ''' -- modify_yaml: - dest: /etc/origin/master/master-config.yaml - yaml_key: 'kubernetesMasterConfig.masterCount' - yaml_value: 2 -''' - - -def set_key(yaml_data, yaml_key, yaml_value): - ''' Updates a parsed yaml structure setting a key to a value. - - :param yaml_data: yaml structure to modify. - :type yaml_data: dict - :param yaml_key: Key to modify. - :type yaml_key: mixed - :param yaml_value: Value use for yaml_key. - :type yaml_value: mixed - :returns: Changes to the yaml_data structure - :rtype: dict(tuple()) - ''' - changes = [] - ptr = yaml_data - final_key = yaml_key.split('.')[-1] - for key in yaml_key.split('.'): - # Key isn't present and we're not on the final key. Set to empty dictionary. - if key not in ptr and key != final_key: - ptr[key] = {} - ptr = ptr[key] - # Current key is the final key. Update value. - elif key == final_key: - if (key in ptr and module.safe_eval(ptr[key]) != yaml_value) or (key not in ptr): # noqa: F405 - ptr[key] = yaml_value - changes.append((yaml_key, yaml_value)) - else: - # Next value is None and we're not on the final key. - # Turn value into an empty dictionary. - if ptr[key] is None and key != final_key: - ptr[key] = {} - ptr = ptr[key] - return changes - - -def main(): - ''' Modify key (supplied in jinja2 dot notation) in yaml file, setting - the key to the desired value. - ''' - - # disabling pylint errors for global-variable-undefined and invalid-name - # for 'global module' usage, since it is required to use ansible_facts - # pylint: disable=global-variable-undefined, invalid-name, - # redefined-outer-name - global module - - module = AnsibleModule( # noqa: F405 - argument_spec=dict( - dest=dict(required=True), - yaml_key=dict(required=True), - yaml_value=dict(required=True), - backup=dict(required=False, default=True, type='bool'), - ), - supports_check_mode=True, - ) - - dest = module.params['dest'] - yaml_key = module.params['yaml_key'] - yaml_value = module.safe_eval(module.params['yaml_value']) - backup = module.params['backup'] - - # Represent null values as an empty string. - # pylint: disable=missing-docstring, unused-argument - def none_representer(dumper, data): - return yaml.ScalarNode(tag=u'tag:yaml.org,2002:null', value=u'') - - yaml.add_representer(type(None), none_representer) - - try: - with open(dest) as yaml_file: - yaml_data = yaml.safe_load(yaml_file.read()) - - changes = set_key(yaml_data, yaml_key, yaml_value) - - if len(changes) > 0: - if backup: - module.backup_local(dest) - with open(dest, 'w') as yaml_file: - yaml_string = yaml.dump(yaml_data, default_flow_style=False) - yaml_string = yaml_string.replace('\'\'', '""') - yaml_file.write(yaml_string) - - return module.exit_json(changed=(len(changes) > 0), changes=changes) - - # ignore broad-except error to avoid stack trace to ansible user - # pylint: disable=broad-except - except Exception as error: - return module.fail_json(msg=str(error)) - - -if __name__ == '__main__': - main() diff --git a/library/rpm_q.py b/library/rpm_q.py deleted file mode 100644 index 3dec50fc2..000000000 --- a/library/rpm_q.py +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -# (c) 2015, Tobias Florek -# Licensed under the terms of the MIT License -""" -An ansible module to query the RPM database. For use, when yum/dnf are not -available. -""" - -# pylint: disable=redefined-builtin,wildcard-import,unused-wildcard-import -from ansible.module_utils.basic import * # noqa: F403 - -DOCUMENTATION = """ ---- -module: rpm_q -short_description: Query the RPM database -author: Tobias Florek -options: - name: - description: - - The name of the package to query - required: true - state: - description: - - Whether the package is supposed to be installed or not - choices: [present, absent] - default: present -""" - -EXAMPLES = """ -- rpm_q: name=ansible state=present -- rpm_q: name=ansible state=absent -""" - -RPM_BINARY = '/bin/rpm' - - -def main(): - """ - Checks rpm -q for the named package and returns the installed packages - or None if not installed. - """ - module = AnsibleModule( # noqa: F405 - argument_spec=dict( - name=dict(required=True), - state=dict(default='present', choices=['present', 'absent']) - ), - supports_check_mode=True - ) - - name = module.params['name'] - state = module.params['state'] - - # pylint: disable=invalid-name - rc, out, err = module.run_command([RPM_BINARY, '-q', name]) - - installed = out.rstrip('\n').split('\n') - - if rc != 0: - if state == 'present': - module.fail_json(msg="%s is not installed" % name, stdout=out, stderr=err, rc=rc) - else: - module.exit_json(changed=False) - elif state == 'present': - module.exit_json(changed=False, installed_versions=installed) - else: - module.fail_json(msg="%s is installed", installed_versions=installed) - - -if __name__ == '__main__': - main() diff --git a/lookup_plugins/README.md b/lookup_plugins/README.md deleted file mode 100644 index f05d608e5..000000000 --- a/lookup_plugins/README.md +++ /dev/null @@ -1 +0,0 @@ -openshift-ansible lookup plugins. diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 0d5964dda..2be8ebd5b 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -24,9 +24,6 @@ Requires: tar Requires: %{name}-docs = %{version}-%{release} Requires: %{name}-playbooks = %{version}-%{release} Requires: %{name}-roles = %{version}-%{release} -Requires: %{name}-filter-plugins = %{version}-%{release} -Requires: %{name}-lookup-plugins = %{version}-%{release} -Requires: %{name}-callback-plugins = %{version}-%{release} Requires: java-1.8.0-openjdk-headless Requires: httpd-tools Requires: libselinux-python @@ -52,8 +49,6 @@ popd # Base openshift-ansible install mkdir -p %{buildroot}%{_datadir}/%{name} mkdir -p %{buildroot}%{_datadir}/ansible/%{name} -mkdir -p %{buildroot}%{_datadir}/ansible_plugins -cp -rp library %{buildroot}%{_datadir}/ansible/%{name}/ # openshift-ansible-bin install mkdir -p %{buildroot}%{_bindir} @@ -88,31 +83,6 @@ rm -rf %{buildroot}%{_datadir}/ansible/%{name}/roles/contiv/* # touch a file in contiv so that it can be added to SCM's touch %{buildroot}%{_datadir}/ansible/%{name}/roles/contiv/.empty_dir -# openshift_master_facts symlinks filter_plugins/oo_filters.py from ansible_plugins/filter_plugins -pushd %{buildroot}%{_datadir}/ansible/%{name}/roles/openshift_master_facts/filter_plugins -ln -sf ../../../../../ansible_plugins/filter_plugins/oo_filters.py oo_filters.py -popd - -# openshift-ansible-filter-plugins install -cp -rp filter_plugins %{buildroot}%{_datadir}/ansible_plugins/ - -# openshift-ansible-lookup-plugins install -cp -rp lookup_plugins %{buildroot}%{_datadir}/ansible_plugins/ - -# openshift-ansible-callback-plugins install -cp -rp callback_plugins %{buildroot}%{_datadir}/ansible_plugins/ - -# create symlinks from /usr/share/ansible/plugins/lookup -> -# /usr/share/ansible_plugins/lookup_plugins -pushd %{buildroot}%{_datadir} -mkdir -p ansible/plugins -pushd ansible/plugins -ln -s ../../ansible_plugins/lookup_plugins lookup -ln -s ../../ansible_plugins/filter_plugins filter -ln -s ../../ansible_plugins/callback_plugins callback -popd -popd - # atomic-openshift-utils install pushd utils %{__python} setup.py install --skip-build --root %{buildroot} @@ -131,7 +101,6 @@ popd %license LICENSE %dir %{_datadir}/ansible/%{name} %{_datadir}/ansible/%{name}/files -%{_datadir}/ansible/%{name}/library %ghost %{_datadir}/ansible/%{name}/playbooks/common/openshift-master/library.rpmmoved # ---------------------------------------------------------------------------------- @@ -155,9 +124,6 @@ BuildArch: noarch Summary: Openshift and Atomic Enterprise Ansible Playbooks Requires: %{name} = %{version}-%{release} Requires: %{name}-roles = %{version}-%{release} -Requires: %{name}-lookup-plugins = %{version}-%{release} -Requires: %{name}-filter-plugins = %{version}-%{release} -Requires: %{name}-callback-plugins = %{version}-%{release} BuildArch: noarch %description playbooks @@ -198,9 +164,9 @@ end # ---------------------------------------------------------------------------------- Summary: Openshift and Atomic Enterprise Ansible roles Requires: %{name} = %{version}-%{release} -Requires: %{name}-lookup-plugins = %{version}-%{release} -Requires: %{name}-filter-plugins = %{version}-%{release} -Requires: %{name}-callback-plugins = %{version}-%{release} +Obsoletes: %{name}-lookup-plugins +Obsoletes: %{name}-filter-plugins +Obsoletes: %{name}-callback-plugins BuildArch: noarch %description roles @@ -209,55 +175,6 @@ BuildArch: noarch %files roles %{_datadir}/ansible/%{name}/roles - -# ---------------------------------------------------------------------------------- -# openshift-ansible-filter-plugins subpackage -# ---------------------------------------------------------------------------------- -%package filter-plugins -Summary: Openshift and Atomic Enterprise Ansible filter plugins -Requires: %{name} = %{version}-%{release} -BuildArch: noarch -Requires: pyOpenSSL - -%description filter-plugins -%{summary}. - -%files filter-plugins -%{_datadir}/ansible_plugins/filter_plugins -%{_datadir}/ansible/plugins/filter - - -# ---------------------------------------------------------------------------------- -# openshift-ansible-lookup-plugins subpackage -# ---------------------------------------------------------------------------------- -%package lookup-plugins -Summary: Openshift and Atomic Enterprise Ansible lookup plugins -Requires: %{name} = %{version}-%{release} -BuildArch: noarch - -%description lookup-plugins -%{summary}. - -%files lookup-plugins -%{_datadir}/ansible_plugins/lookup_plugins -%{_datadir}/ansible/plugins/lookup - - -# ---------------------------------------------------------------------------------- -# openshift-ansible-callback-plugins subpackage -# ---------------------------------------------------------------------------------- -%package callback-plugins -Summary: Openshift and Atomic Enterprise Ansible callback plugins -Requires: %{name} = %{version}-%{release} -BuildArch: noarch - -%description callback-plugins -%{summary}. - -%files callback-plugins -%{_datadir}/ansible_plugins/callback_plugins -%{_datadir}/ansible/plugins/callback - # ---------------------------------------------------------------------------------- # atomic-openshift-utils subpackage # ---------------------------------------------------------------------------------- diff --git a/playbooks/aws/openshift-cluster/filter_plugins b/playbooks/aws/openshift-cluster/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/aws/openshift-cluster/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/aws/openshift-cluster/lookup_plugins b/playbooks/aws/openshift-cluster/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/aws/openshift-cluster/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/byo/filter_plugins b/playbooks/byo/filter_plugins deleted file mode 120000 index a4f518f07..000000000 --- a/playbooks/byo/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../filter_plugins \ No newline at end of file diff --git a/playbooks/byo/lookup_plugins b/playbooks/byo/lookup_plugins deleted file mode 120000 index c528bcd1d..000000000 --- a/playbooks/byo/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../lookup_plugins \ No newline at end of file diff --git a/playbooks/byo/openshift-cluster/filter_plugins b/playbooks/byo/openshift-cluster/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/byo/openshift-cluster/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/byo/openshift-cluster/lookup_plugins b/playbooks/byo/openshift-cluster/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/byo/openshift-cluster/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/common/openshift-cluster/filter_plugins b/playbooks/common/openshift-cluster/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/common/openshift-cluster/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/common/openshift-cluster/library b/playbooks/common/openshift-cluster/library deleted file mode 120000 index d0b7393d3..000000000 --- a/playbooks/common/openshift-cluster/library +++ /dev/null @@ -1 +0,0 @@ -../../../library/ \ No newline at end of file diff --git a/playbooks/common/openshift-cluster/lookup_plugins b/playbooks/common/openshift-cluster/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/common/openshift-cluster/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/filter_plugins b/playbooks/common/openshift-cluster/upgrades/filter_plugins deleted file mode 120000 index b1213dedb..000000000 --- a/playbooks/common/openshift-cluster/upgrades/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../filter_plugins \ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/lookup_plugins b/playbooks/common/openshift-cluster/upgrades/lookup_plugins deleted file mode 120000 index aff753026..000000000 --- a/playbooks/common/openshift-cluster/upgrades/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index 50df8a890..1b57521df 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -27,8 +27,8 @@ - set_fact: haproxy_routers: "{{ all_routers.results.results[0]['items'] | - oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | - oo_select_keys_from_list(['metadata']) }}" + lib_utils_oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | + lib_utils_oo_select_keys_from_list(['metadata']) }}" when: - all_routers.results.returncode == 0 diff --git a/playbooks/common/openshift-cluster/upgrades/pre/config.yml b/playbooks/common/openshift-cluster/upgrades/pre/config.yml index d5b82d9a0..de74c8ab8 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/config.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/config.yml @@ -14,10 +14,10 @@ hosts: "{{ l_upgrade_no_proxy_hosts }}" tasks: - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + openshift_no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') + | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',') }}" when: - openshift_http_proxy is defined or openshift_https_proxy is defined diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index 44724e979..0ddccfa98 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -112,8 +112,8 @@ tasks: - set_fact: master_update_completed: "{{ hostvars - | oo_select_keys(groups.oo_masters_to_config) - | oo_collect('inventory_hostname', {'master_update_complete': true}) }}" + | lib_utils_oo_select_keys(groups.oo_masters_to_config) + | lib_utils_oo_collect('inventory_hostname', {'master_update_complete': true}) }}" - set_fact: master_update_failed: "{{ groups.oo_masters_to_config | difference(master_update_completed) | list }}" - fail: @@ -246,8 +246,8 @@ tasks: - set_fact: reconcile_completed: "{{ hostvars - | oo_select_keys(groups.oo_masters_to_config) - | oo_collect('inventory_hostname', {'reconcile_complete': true}) }}" + | lib_utils_oo_select_keys(groups.oo_masters_to_config) + | lib_utils_oo_collect('inventory_hostname', {'reconcile_complete': true}) }}" - set_fact: reconcile_failed: "{{ groups.oo_masters_to_config | difference(reconcile_completed) | list }}" - fail: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_6/filter_plugins deleted file mode 120000 index 7de3c1dd7..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins/ \ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_7/filter_plugins deleted file mode 120000 index 7de3c1dd7..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins/ \ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_8/filter_plugins deleted file mode 120000 index 7de3c1dd7..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins/ \ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_9/filter_plugins deleted file mode 120000 index 7de3c1dd7..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins/ \ No newline at end of file diff --git a/playbooks/init/facts.yml b/playbooks/init/facts.yml index 4d40e472c..9fec95b17 100644 --- a/playbooks/init/facts.yml +++ b/playbooks/init/facts.yml @@ -126,10 +126,10 @@ openshift_facts: role: common local_facts: - no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') + | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',') }}" when: - openshift_http_proxy is defined or openshift_https_proxy is defined diff --git a/playbooks/openshift-etcd/private/filter_plugins b/playbooks/openshift-etcd/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-etcd/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/openshift-etcd/private/lookup_plugins b/playbooks/openshift-etcd/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-etcd/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/openshift-etcd/private/migrate.yml b/playbooks/openshift-etcd/private/migrate.yml index 313ed8bec..cad0ebcaa 100644 --- a/playbooks/openshift-etcd/private/migrate.yml +++ b/playbooks/openshift-etcd/private/migrate.yml @@ -57,8 +57,8 @@ tasks: - set_fact: etcd_backup_completed: "{{ hostvars - | oo_select_keys(groups.oo_etcd_to_migrate) - | oo_collect('inventory_hostname', {'r_etcd_common_backup_complete': true}) }}" + | lib_utils_oo_select_keys(groups.oo_etcd_to_migrate) + | lib_utils_oo_collect('inventory_hostname', {'r_etcd_common_backup_complete': true}) }}" - set_fact: etcd_backup_failed: "{{ groups.oo_etcd_to_migrate | difference(etcd_backup_completed) | list }}" - fail: @@ -118,8 +118,8 @@ tasks: - set_fact: etcd_migration_completed: "{{ hostvars - | oo_select_keys(groups.oo_etcd_to_migrate) - | oo_collect('inventory_hostname', {'r_etcd_migrate_success': true}) }}" + | lib_utils_oo_select_keys(groups.oo_etcd_to_migrate) + | lib_utils_oo_collect('inventory_hostname', {'r_etcd_migrate_success': true}) }}" - set_fact: etcd_migration_failed: "{{ groups.oo_etcd_to_migrate | difference(etcd_migration_completed) | list }}" diff --git a/playbooks/openshift-etcd/private/redeploy-ca.yml b/playbooks/openshift-etcd/private/redeploy-ca.yml index 158bcb849..0995945cc 100644 --- a/playbooks/openshift-etcd/private/redeploy-ca.yml +++ b/playbooks/openshift-etcd/private/redeploy-ca.yml @@ -47,9 +47,9 @@ - import_playbook: restart.yml # Do not restart etcd when etcd certificates were previously expired. when: ('expired' not in (hostvars - | oo_select_keys(groups['etcd']) - | oo_collect('check_results.check_results.etcd') - | oo_collect('health'))) + | lib_utils_oo_select_keys(groups['etcd']) + | lib_utils_oo_collect('check_results.check_results.etcd') + | lib_utils_oo_collect('health'))) - name: Retrieve etcd CA certificate hosts: oo_first_etcd @@ -87,15 +87,15 @@ when: # masters - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) # etcd - ('expired' not in (hostvars - | oo_select_keys(groups['etcd']) - | oo_collect('check_results.check_results.etcd') - | oo_collect('health'))) + | lib_utils_oo_select_keys(groups['etcd']) + | lib_utils_oo_collect('check_results.check_results.etcd') + | lib_utils_oo_collect('health'))) diff --git a/playbooks/openshift-etcd/private/scaleup.yml b/playbooks/openshift-etcd/private/scaleup.yml index 3ef043ec8..dc667958f 100644 --- a/playbooks/openshift-etcd/private/scaleup.yml +++ b/playbooks/openshift-etcd/private/scaleup.yml @@ -69,8 +69,8 @@ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" openshift_ca_host: "{{ groups.oo_first_master.0 }}" openshift_master_etcd_hosts: "{{ hostvars - | oo_select_keys(groups['oo_etcd_to_config'] | union(groups['oo_new_etcd_to_config'] | default([]) )) - | oo_collect('openshift.common.hostname') + | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | union(groups['oo_new_etcd_to_config'] | default([]) )) + | lib_utils_oo_collect('openshift.common.hostname') | default(none, true) }}" openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}" roles: diff --git a/playbooks/openshift-etcd/private/upgrade_backup.yml b/playbooks/openshift-etcd/private/upgrade_backup.yml index 7dfea07f1..0d8943d93 100644 --- a/playbooks/openshift-etcd/private/upgrade_backup.yml +++ b/playbooks/openshift-etcd/private/upgrade_backup.yml @@ -18,8 +18,8 @@ tasks: - set_fact: etcd_backup_completed: "{{ hostvars - | oo_select_keys(groups.oo_etcd_hosts_to_backup) - | oo_collect('inventory_hostname', {'r_etcd_common_backup_complete': true}) }}" + | lib_utils_oo_select_keys(groups.oo_etcd_hosts_to_backup) + | lib_utils_oo_collect('inventory_hostname', {'r_etcd_common_backup_complete': true}) }}" - set_fact: etcd_backup_failed: "{{ groups.oo_etcd_hosts_to_backup | difference(etcd_backup_completed) | list }}" - fail: diff --git a/playbooks/openshift-etcd/redeploy-certificates.yml b/playbooks/openshift-etcd/redeploy-certificates.yml index 753878d70..8ea1994f7 100644 --- a/playbooks/openshift-etcd/redeploy-certificates.yml +++ b/playbooks/openshift-etcd/redeploy-certificates.yml @@ -5,6 +5,6 @@ - import_playbook: private/restart.yml vars: - g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}" + g_etcd_certificates_expired: "{{ ('expired' in (hostvars | lib_utils_oo_select_keys(groups['etcd']) | lib_utils_oo_collect('check_results.check_results.etcd') | lib_utils_oo_collect('health'))) | bool }}" - import_playbook: ../openshift-master/private/restart.yml diff --git a/playbooks/openshift-glusterfs/private/filter_plugins b/playbooks/openshift-glusterfs/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-glusterfs/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/openshift-glusterfs/private/lookup_plugins b/playbooks/openshift-glusterfs/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-glusterfs/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml b/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml index 7e9363c5f..3943720e3 100644 --- a/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml +++ b/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml @@ -26,11 +26,11 @@ - set_fact: docker_registry_env_vars: "{{ ((l_docker_registry_dc.stdout | from_json)['spec']['template']['spec']['containers'][0]['env'] - | oo_collect('name')) + | lib_utils_oo_collect('name')) | default([]) }}" docker_registry_secrets: "{{ ((l_docker_registry_dc.stdout | from_json)['spec']['template']['spec']['volumes'] - | oo_collect('secret') - | oo_collect('secretName')) + | lib_utils_oo_collect('secret') + | lib_utils_oo_collect('secretName')) | default([]) }}" changed_when: false when: l_docker_registry_dc.rc == 0 diff --git a/playbooks/openshift-hosted/private/redeploy-router-certificates.yml b/playbooks/openshift-hosted/private/redeploy-router-certificates.yml index 2116c745c..b1f60f1ae 100644 --- a/playbooks/openshift-hosted/private/redeploy-router-certificates.yml +++ b/playbooks/openshift-hosted/private/redeploy-router-certificates.yml @@ -36,11 +36,11 @@ - name: Collect router environment variables and secrets set_fact: router_env_vars: "{{ ((l_router_dc.stdout | from_json)['spec']['template']['spec']['containers'][0]['env'] - | oo_collect('name')) + | lib_utils_oo_collect('name')) | default([]) }}" router_secrets: "{{ ((l_router_dc.stdout | from_json)['spec']['template']['spec']['volumes'] - | oo_collect('secret') - | oo_collect('secretName')) + | lib_utils_oo_collect('secret') + | lib_utils_oo_collect('secretName')) | default([]) }}" changed_when: false when: l_router_dc.rc == 0 diff --git a/playbooks/openshift-loadbalancer/private/config.yml b/playbooks/openshift-loadbalancer/private/config.yml index 2636d857e..54c8483c8 100644 --- a/playbooks/openshift-loadbalancer/private/config.yml +++ b/playbooks/openshift-loadbalancer/private/config.yml @@ -15,12 +15,12 @@ hosts: oo_lb_to_config vars: openshift_loadbalancer_frontends: "{{ (openshift_master_api_port | default(8443) - | oo_openshift_loadbalancer_frontends(hostvars | oo_select_keys(groups['oo_masters']), + | lib_utils_oo_loadbalancer_frontends(hostvars | lib_utils_oo_select_keys(groups['oo_masters']), openshift_use_nuage | default(false), nuage_mon_rest_server_port | default(none))) + openshift_loadbalancer_additional_frontends | default([]) }}" openshift_loadbalancer_backends: "{{ (openshift_master_api_port | default(8443) - | oo_openshift_loadbalancer_backends(hostvars | oo_select_keys(groups['oo_masters']), + | lib_utils_oo_loadbalancer_backends(hostvars | lib_utils_oo_select_keys(groups['oo_masters']), openshift_use_nuage | default(false), nuage_mon_rest_server_port | default(none))) + openshift_loadbalancer_additional_backends | default([]) }}" diff --git a/playbooks/openshift-loadbalancer/private/filter_plugins b/playbooks/openshift-loadbalancer/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-loadbalancer/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/openshift-loadbalancer/private/lookup_plugins b/playbooks/openshift-loadbalancer/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-loadbalancer/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/openshift-logging/private/filter_plugins b/playbooks/openshift-logging/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-logging/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/openshift-logging/private/library b/playbooks/openshift-logging/private/library deleted file mode 120000 index ba40d2f56..000000000 --- a/playbooks/openshift-logging/private/library +++ /dev/null @@ -1 +0,0 @@ -../../../library \ No newline at end of file diff --git a/playbooks/openshift-logging/private/lookup_plugins b/playbooks/openshift-logging/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-logging/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/openshift-management/private/filter_plugins b/playbooks/openshift-management/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-management/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/openshift-management/private/library b/playbooks/openshift-management/private/library deleted file mode 120000 index ba40d2f56..000000000 --- a/playbooks/openshift-management/private/library +++ /dev/null @@ -1 +0,0 @@ -../../../library \ No newline at end of file diff --git a/playbooks/openshift-master/private/certificates.yml b/playbooks/openshift-master/private/certificates.yml index f6afbc36f..d42d4402b 100644 --- a/playbooks/openshift-master/private/certificates.yml +++ b/playbooks/openshift-master/private/certificates.yml @@ -9,6 +9,6 @@ - role: openshift_ca - role: openshift_master_certificates openshift_master_etcd_hosts: "{{ hostvars - | oo_select_keys(groups['oo_etcd_to_config'] | default([])) - | oo_collect('openshift.common.hostname') + | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | default([])) + | lib_utils_oo_collect('openshift.common.hostname') | default(none, true) }}" diff --git a/playbooks/openshift-master/private/config.yml b/playbooks/openshift-master/private/config.yml index 15d301ddb..3093444b4 100644 --- a/playbooks/openshift-master/private/config.yml +++ b/playbooks/openshift-master/private/config.yml @@ -56,9 +56,9 @@ - set_fact: openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}" openshift_master_etcd_hosts: "{{ hostvars - | oo_select_keys(groups['oo_etcd_to_config'] + | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | default([])) - | oo_collect('openshift.common.hostname') + | lib_utils_oo_collect('openshift.common.hostname') | default(none, true) }}" roles: - openshift_facts @@ -150,8 +150,8 @@ hosts: oo_first_master vars: g_session_secrets_present: "{{ (openshift.master.session_auth_secrets | default([])) | length > 0 and (openshift.master.session_encryption_secrets | default([])) | length > 0 }}" - g_session_auth_secrets: "{{ [ 24 | oo_generate_secret ] }}" - g_session_encryption_secrets: "{{ [ 24 | oo_generate_secret ] }}" + g_session_auth_secrets: "{{ [ 24 | lib_utils_oo_generate_secret ] }}" + g_session_encryption_secrets: "{{ [ 24 | lib_utils_oo_generate_secret ] }}" roles: - role: openshift_facts tasks: @@ -172,11 +172,11 @@ openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}" openshift_ca_host: "{{ groups.oo_first_master.0 }}" openshift_master_etcd_hosts: "{{ hostvars - | oo_select_keys(groups['oo_etcd_to_config'] | default([])) - | oo_collect('openshift.common.hostname') + | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | default([])) + | lib_utils_oo_collect('openshift.common.hostname') | default(none, true) }}" - openshift_no_proxy_etcd_host_ips: "{{ hostvars | oo_select_keys(groups['oo_etcd_to_config'] | default([])) - | oo_collect('openshift.common.ip') | default([]) | join(',') + openshift_no_proxy_etcd_host_ips: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | default([])) + | lib_utils_oo_collect('openshift.common.ip') | default([]) | join(',') }}" roles: - role: openshift_master_facts diff --git a/playbooks/openshift-master/private/filter_plugins b/playbooks/openshift-master/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-master/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/openshift-master/private/library b/playbooks/openshift-master/private/library deleted file mode 120000 index d0b7393d3..000000000 --- a/playbooks/openshift-master/private/library +++ /dev/null @@ -1 +0,0 @@ -../../../library/ \ No newline at end of file diff --git a/playbooks/openshift-master/private/lookup_plugins b/playbooks/openshift-master/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-master/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/openshift-master/private/redeploy-openshift-ca.yml b/playbooks/openshift-master/private/redeploy-openshift-ca.yml index 9f5502141..9d3c12ba1 100644 --- a/playbooks/openshift-master/private/redeploy-openshift-ca.yml +++ b/playbooks/openshift-master/private/redeploy-openshift-ca.yml @@ -212,18 +212,18 @@ when: # masters - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) # etcd - ('expired' not in (hostvars - | oo_select_keys(groups['etcd']) - | oo_collect('check_results.check_results.etcd') - | oo_collect('health'))) + | lib_utils_oo_select_keys(groups['etcd']) + | lib_utils_oo_collect('check_results.check_results.etcd') + | lib_utils_oo_collect('health'))) - name: Distribute OpenShift CA certificate to nodes hosts: oo_nodes_to_config @@ -277,24 +277,24 @@ when: # nodes - ('expired' not in hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_nodes_to_config.0].openshift.common.config_base ~ "/node/server.crt"})) + | lib_utils_oo_select_keys(groups['oo_nodes_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_nodes_to_config.0].openshift.common.config_base ~ "/node/server.crt"})) - ('expired' not in hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_nodes_to_config.0].openshift.common.config_base ~ "/node/ca.crt"})) + | lib_utils_oo_select_keys(groups['oo_nodes_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_nodes_to_config.0].openshift.common.config_base ~ "/node/ca.crt"})) # masters - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) # etcd - ('expired' not in (hostvars - | oo_select_keys(groups['etcd']) - | oo_collect('check_results.check_results.etcd') - | oo_collect('health'))) + | lib_utils_oo_select_keys(groups['etcd']) + | lib_utils_oo_collect('check_results.check_results.etcd') + | lib_utils_oo_collect('health'))) diff --git a/playbooks/openshift-metrics/private/library b/playbooks/openshift-metrics/private/library deleted file mode 120000 index ba40d2f56..000000000 --- a/playbooks/openshift-metrics/private/library +++ /dev/null @@ -1 +0,0 @@ -../../../library \ No newline at end of file diff --git a/playbooks/openshift-nfs/private/filter_plugins b/playbooks/openshift-nfs/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-nfs/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/openshift-nfs/private/lookup_plugins b/playbooks/openshift-nfs/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-nfs/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/openshift-node/private/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml index 32b288c8b..548ff7c4f 100644 --- a/playbooks/openshift-node/private/configure_nodes.yml +++ b/playbooks/openshift-node/private/configure_nodes.yml @@ -4,10 +4,10 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + openshift_no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') + | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',') }}" roles: - role: openshift_clock diff --git a/playbooks/openshift-node/private/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml index ef07669cb..dc68d7585 100644 --- a/playbooks/openshift-node/private/containerized_nodes.yml +++ b/playbooks/openshift-node/private/containerized_nodes.yml @@ -5,10 +5,10 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + openshift_no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') + | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',') }}" roles: diff --git a/playbooks/openshift-node/private/filter_plugins b/playbooks/openshift-node/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-node/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins \ No newline at end of file diff --git a/playbooks/openshift-node/private/lookup_plugins b/playbooks/openshift-node/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-node/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins \ No newline at end of file diff --git a/playbooks/redeploy-certificates.yml b/playbooks/redeploy-certificates.yml index b5fcb951d..4e6defd6e 100644 --- a/playbooks/redeploy-certificates.yml +++ b/playbooks/redeploy-certificates.yml @@ -9,7 +9,7 @@ - import_playbook: openshift-etcd/private/restart.yml vars: - g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}" + g_etcd_certificates_expired: "{{ ('expired' in (hostvars | lib_utils_oo_select_keys(groups['etcd']) | lib_utils_oo_collect('check_results.check_results.etcd') | lib_utils_oo_collect('health'))) | bool }}" - import_playbook: openshift-master/private/restart.yml diff --git a/roles/ansible_service_broker/meta/main.yml b/roles/ansible_service_broker/meta/main.yml index ec4aafb79..65b736500 100644 --- a/roles/ansible_service_broker/meta/main.yml +++ b/roles/ansible_service_broker/meta/main.yml @@ -12,4 +12,5 @@ galaxy_info: categories: - cloud dependencies: +- role: lib_utils - role: lib_openshift diff --git a/roles/calico/meta/main.yml b/roles/calico/meta/main.yml index 816c81369..e3997911b 100644 --- a/roles/calico/meta/main.yml +++ b/roles/calico/meta/main.yml @@ -13,5 +13,6 @@ galaxy_info: - cloud - system dependencies: +- role: lib_utils - role: openshift_facts - role: openshift_master_facts diff --git a/roles/calico_master/meta/main.yml b/roles/calico_master/meta/main.yml index 4d70c79cf..73c94db4e 100644 --- a/roles/calico_master/meta/main.yml +++ b/roles/calico_master/meta/main.yml @@ -13,5 +13,6 @@ galaxy_info: - cloud - system dependencies: +- role: lib_utils - role: calico - role: openshift_facts diff --git a/roles/cockpit-ui/meta/main.yml b/roles/cockpit-ui/meta/main.yml index 4d619fff6..2250fe4cb 100644 --- a/roles/cockpit-ui/meta/main.yml +++ b/roles/cockpit-ui/meta/main.yml @@ -12,4 +12,5 @@ galaxy_info: categories: - cloud dependencies: +- role: lib_utils - role: lib_openshift diff --git a/roles/cockpit/meta/main.yml b/roles/cockpit/meta/main.yml index 8c0ed3cb8..07e466f04 100644 --- a/roles/cockpit/meta/main.yml +++ b/roles/cockpit/meta/main.yml @@ -12,4 +12,4 @@ galaxy_info: categories: - cloud dependencies: -- role: lib_os_firewall +- role: lib_utils diff --git a/roles/container_runtime/defaults/main.yml b/roles/container_runtime/defaults/main.yml index dd185cb38..6ab0456bc 100644 --- a/roles/container_runtime/defaults/main.yml +++ b/roles/container_runtime/defaults/main.yml @@ -59,7 +59,7 @@ docker_default_storage_path: /var/lib/docker # Set local versions of facts that must be in json format for container-daemon.json # NOTE: When jinja2.9+ is used the container-daemon.json file can move to using tojson l_docker_log_options: "{{ l2_docker_log_options | to_json }}" -l_docker_log_options_dict: "{{ l2_docker_log_options | oo_list_to_dict | to_json }}" +l_docker_log_options_dict: "{{ l2_docker_log_options | lib_utils_oo_list_to_dict | to_json }}" l_docker_additional_registries: "{{ l2_docker_additional_registries | to_json }}" l_docker_blocked_registries: "{{ l2_docker_blocked_registries | to_json }}" l_docker_insecure_registries: "{{ l2_docker_insecure_registries | to_json }}" diff --git a/roles/container_runtime/meta/main.yml b/roles/container_runtime/meta/main.yml index 02fceb745..5c4c569de 100644 --- a/roles/container_runtime/meta/main.yml +++ b/roles/container_runtime/meta/main.yml @@ -11,5 +11,4 @@ galaxy_info: - 7 dependencies: - role: lib_openshift -- role: lib_os_firewall - role: lib_utils diff --git a/roles/container_runtime/tasks/package_docker.yml b/roles/container_runtime/tasks/package_docker.yml index d9d4037dd..6604e6ad5 100644 --- a/roles/container_runtime/tasks/package_docker.yml +++ b/roles/container_runtime/tasks/package_docker.yml @@ -48,7 +48,7 @@ lineinfile: dest: /etc/sysconfig/docker regexp: '^{{ item.reg_conf_var }}=.*$' - line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'" + line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | lib_utils_oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'" when: - item.reg_fact_val != [] - docker_check.stat.isreg is defined @@ -101,7 +101,7 @@ line: "OPTIONS='\ {% if ansible_selinux.status | default(None) == 'enabled' and openshift_docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %} \ {% if openshift_docker_log_driver | bool %} --log-driver {{ openshift_docker_log_driver }}{% endif %} \ - {% if l2_docker_log_options != [] %} {{ l2_docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \ + {% if l2_docker_log_options != [] %} {{ l2_docker_log_options | lib_utils_oo_split() | lib_utils_oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \ {% if openshift_docker_hosted_registry_insecure and (openshift_docker_hosted_registry_network | bool) %} --insecure-registry={{ openshift_docker_hosted_registry_network }} {% endif %} \ {% if docker_options is defined %} {{ docker_options }}{% endif %} \ {% if openshift_docker_options %} {{ openshift_docker_options }}{% endif %} \ diff --git a/roles/contiv/meta/main.yml b/roles/contiv/meta/main.yml index 52b9d09dd..67fb23db8 100644 --- a/roles/contiv/meta/main.yml +++ b/roles/contiv/meta/main.yml @@ -13,6 +13,7 @@ galaxy_info: - cloud - system dependencies: +- role: lib_utils - role: contiv_facts - role: etcd etcd_service: contiv-etcd diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml index f2e1fc310..af58eff62 100644 --- a/roles/etcd/meta/main.yml +++ b/roles/etcd/meta/main.yml @@ -17,6 +17,5 @@ galaxy_info: - system dependencies: - role: lib_openshift -- role: lib_os_firewall - role: lib_utils - role: openshift_facts diff --git a/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml index 119071a72..d4518554c 100644 --- a/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml +++ b/roles/etcd/tasks/certificates/fetch_client_certificates_from_ca.yml @@ -28,7 +28,7 @@ etcd_client_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool else (False in (g_external_etcd_cert_stat_result.results | default({}) - | oo_collect(attribute='stat.exists') + | lib_utils_oo_collect(attribute='stat.exists') | list)) }}" - name: Ensure generated_certs directory present diff --git a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml index deb2301d7..59a6b6590 100644 --- a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml +++ b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml @@ -21,7 +21,7 @@ etcd_server_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool else (False in (g_etcd_server_cert_stat_result.results | default({}) - | oo_collect(attribute='stat.exists') + | lib_utils_oo_collect(attribute='stat.exists') | list)) }}" - name: Ensure generated_certs directory present diff --git a/roles/flannel/meta/main.yml b/roles/flannel/meta/main.yml index 51128dba6..7634b8192 100644 --- a/roles/flannel/meta/main.yml +++ b/roles/flannel/meta/main.yml @@ -12,4 +12,5 @@ galaxy_info: categories: - cloud - system -dependencies: [] +dependencies: +- role: lib_utils diff --git a/roles/flannel_register/meta/main.yml b/roles/flannel_register/meta/main.yml index 73bddcca4..1e44ff5ba 100644 --- a/roles/flannel_register/meta/main.yml +++ b/roles/flannel_register/meta/main.yml @@ -13,4 +13,5 @@ galaxy_info: - cloud - system dependencies: -- { role: openshift_facts } +- role: openshift_facts +- role: lib_utils diff --git a/roles/kuryr/meta/main.yml b/roles/kuryr/meta/main.yml index 7fd5adf41..7eb8ed781 100644 --- a/roles/kuryr/meta/main.yml +++ b/roles/kuryr/meta/main.yml @@ -13,5 +13,6 @@ galaxy_info: - cloud - system dependencies: -- { role: lib_openshift } -- { role: openshift_facts } +- role: lib_utils +- role: lib_openshift +- role: openshift_facts diff --git a/roles/lib_os_firewall/README.md b/roles/lib_os_firewall/README.md deleted file mode 100644 index ba8c84865..000000000 --- a/roles/lib_os_firewall/README.md +++ /dev/null @@ -1,63 +0,0 @@ -lib_os_firewall -=========== - -lib_os_firewall manages iptables firewall settings for a minimal use -case (Adding/Removing rules based on protocol and port number). - -Note: firewalld is not supported on Atomic Host -https://bugzilla.redhat.com/show_bug.cgi?id=1403331 - -Requirements ------------- - -Ansible 2.2 - -Role Variables --------------- - -| Name | Default | | -|---------------------------|---------|----------------------------------------| -| os_firewall_allow | [] | List of service,port mappings to allow | -| os_firewall_deny | [] | List of service, port mappings to deny | - -Dependencies ------------- - -None. - -Example Playbook ----------------- - -Use iptables and open tcp ports 80 and 443: -``` ---- -- hosts: servers - vars: - os_firewall_use_firewalld: false - os_firewall_allow: - - service: httpd - port: 80/tcp - - service: https - port: 443/tcp - tasks: - - include_role: - name: lib_os_firewall - - - name: set allow rules - os_firewall_manage_iptables: - name: "{{ item.service }}" - action: add - protocol: "{{ item.port.split('/')[1] }}" - port: "{{ item.port.split('/')[0] }}" - with_items: "{{ os_firewall_allow }}" -``` - - -License -------- - -Apache License, Version 2.0 - -Author Information ------------------- -Jason DeTiberus - jdetiber@redhat.com diff --git a/roles/lib_os_firewall/library/os_firewall_manage_iptables.py b/roles/lib_os_firewall/library/os_firewall_manage_iptables.py deleted file mode 100755 index aeee3ede8..000000000 --- a/roles/lib_os_firewall/library/os_firewall_manage_iptables.py +++ /dev/null @@ -1,283 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# pylint: disable=fixme, missing-docstring -import subprocess - -DOCUMENTATION = ''' ---- -module: os_firewall_manage_iptables -short_description: This module manages iptables rules for a given chain -author: Jason DeTiberus -requirements: [ ] -''' -EXAMPLES = ''' -''' - - -class IpTablesError(Exception): - def __init__(self, msg, cmd, exit_code, output): - super(IpTablesError, self).__init__(msg) - self.msg = msg - self.cmd = cmd - self.exit_code = exit_code - self.output = output - - -class IpTablesAddRuleError(IpTablesError): - pass - - -class IpTablesRemoveRuleError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name - super(IpTablesRemoveRuleError, self).__init__(msg, cmd, exit_code, - output) - self.chain = chain - - -class IpTablesSaveError(IpTablesError): - pass - - -class IpTablesCreateChainError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name - super(IpTablesCreateChainError, self).__init__(msg, cmd, exit_code, - output) - self.chain = chain - - -class IpTablesCreateJumpRuleError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name - super(IpTablesCreateJumpRuleError, self).__init__(msg, cmd, exit_code, - output) - self.chain = chain - - -# TODO: implement rollbacks for any events that were successful and an -# exception was thrown later. For example, when the chain is created -# successfully, but the add/remove rule fails. -class IpTablesManager(object): # pylint: disable=too-many-instance-attributes - def __init__(self, module): - self.module = module - self.ip_version = module.params['ip_version'] - self.check_mode = module.check_mode - self.chain = module.params['chain'] - self.create_jump_rule = module.params['create_jump_rule'] - self.jump_rule_chain = module.params['jump_rule_chain'] - self.cmd = self.gen_cmd() - self.save_cmd = self.gen_save_cmd() - self.output = [] - self.changed = False - - def save(self): - try: - self.output.append(subprocess.check_output(self.save_cmd, stderr=subprocess.STDOUT)) - except subprocess.CalledProcessError as ex: - raise IpTablesSaveError( - msg="Failed to save iptables rules", - cmd=ex.cmd, exit_code=ex.returncode, output=ex.output) - - def verify_chain(self): - if not self.chain_exists(): - self.create_chain() - if self.create_jump_rule and not self.jump_rule_exists(): - self.create_jump() - - def add_rule(self, port, proto): - rule = self.gen_rule(port, proto) - if not self.rule_exists(rule): - self.verify_chain() - - if self.check_mode: - self.changed = True - self.output.append("Create rule for %s %s" % (proto, port)) - else: - cmd = self.cmd + ['-A'] + rule - try: - self.output.append(subprocess.check_output(cmd)) - self.changed = True - self.save() - except subprocess.CalledProcessError as ex: - raise IpTablesCreateChainError( - chain=self.chain, - msg="Failed to create rule for " - "%s %s" % (proto, port), - cmd=ex.cmd, exit_code=ex.returncode, - output=ex.output) - - def remove_rule(self, port, proto): - rule = self.gen_rule(port, proto) - if self.rule_exists(rule): - if self.check_mode: - self.changed = True - self.output.append("Remove rule for %s %s" % (proto, port)) - else: - cmd = self.cmd + ['-D'] + rule - try: - self.output.append(subprocess.check_output(cmd)) - self.changed = True - self.save() - except subprocess.CalledProcessError as ex: - raise IpTablesRemoveRuleError( - chain=self.chain, - msg="Failed to remove rule for %s %s" % (proto, port), - cmd=ex.cmd, exit_code=ex.returncode, output=ex.output) - - def rule_exists(self, rule): - check_cmd = self.cmd + ['-C'] + rule - return True if subprocess.call(check_cmd) == 0 else False - - @staticmethod - def port_as_argument(port): - if isinstance(port, int): - return str(port) - if isinstance(port, basestring): # noqa: F405 - return port.replace('-', ":") - return port - - def gen_rule(self, port, proto): - return [self.chain, '-p', proto, '-m', 'state', '--state', 'NEW', - '-m', proto, '--dport', IpTablesManager.port_as_argument(port), '-j', 'ACCEPT'] - - def create_jump(self): - if self.check_mode: - self.changed = True - self.output.append("Create jump rule for chain %s" % self.chain) - else: - try: - cmd = self.cmd + ['-L', self.jump_rule_chain, '--line-numbers'] - output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) - - # break the input rules into rows and columns - input_rules = [s.split() for s in to_native(output).split('\n')] - - # Find the last numbered rule - last_rule_num = None - last_rule_target = None - for rule in input_rules[:-1]: - if rule: - try: - last_rule_num = int(rule[0]) - except ValueError: - continue - last_rule_target = rule[1] - - # Naively assume that if the last row is a REJECT or DROP rule, - # then we can insert our rule right before it, otherwise we - # assume that we can just append the rule. - if (last_rule_num and last_rule_target and last_rule_target in ['REJECT', 'DROP']): - # insert rule - cmd = self.cmd + ['-I', self.jump_rule_chain, - str(last_rule_num)] - else: - # append rule - cmd = self.cmd + ['-A', self.jump_rule_chain] - cmd += ['-j', self.chain] - output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) - self.changed = True - self.output.append(output) - self.save() - except subprocess.CalledProcessError as ex: - if '--line-numbers' in ex.cmd: - raise IpTablesCreateJumpRuleError( - chain=self.chain, - msg=("Failed to query existing " + - self.jump_rule_chain + - " rules to determine jump rule location"), - cmd=ex.cmd, exit_code=ex.returncode, - output=ex.output) - else: - raise IpTablesCreateJumpRuleError( - chain=self.chain, - msg=("Failed to create jump rule for chain " + - self.chain), - cmd=ex.cmd, exit_code=ex.returncode, - output=ex.output) - - def create_chain(self): - if self.check_mode: - self.changed = True - self.output.append("Create chain %s" % self.chain) - else: - try: - cmd = self.cmd + ['-N', self.chain] - self.output.append(subprocess.check_output(cmd, stderr=subprocess.STDOUT)) - self.changed = True - self.output.append("Successfully created chain %s" % - self.chain) - self.save() - except subprocess.CalledProcessError as ex: - raise IpTablesCreateChainError( - chain=self.chain, - msg="Failed to create chain: %s" % self.chain, - cmd=ex.cmd, exit_code=ex.returncode, output=ex.output - ) - - def jump_rule_exists(self): - cmd = self.cmd + ['-C', self.jump_rule_chain, '-j', self.chain] - return True if subprocess.call(cmd) == 0 else False - - def chain_exists(self): - cmd = self.cmd + ['-L', self.chain] - return True if subprocess.call(cmd) == 0 else False - - def gen_cmd(self): - cmd = 'iptables' if self.ip_version == 'ipv4' else 'ip6tables' - # Include -w (wait for xtables lock) in default arguments. - default_args = ['-w'] - return ["/usr/sbin/%s" % cmd] + default_args - - def gen_save_cmd(self): # pylint: disable=no-self-use - return ['/usr/libexec/iptables/iptables.init', 'save'] - - -def main(): - module = AnsibleModule( # noqa: F405 - argument_spec=dict( - name=dict(required=True), - action=dict(required=True, choices=['add', 'remove', - 'verify_chain']), - chain=dict(required=False, default='OS_FIREWALL_ALLOW'), - create_jump_rule=dict(required=False, type='bool', default=True), - jump_rule_chain=dict(required=False, default='INPUT'), - protocol=dict(required=False, choices=['tcp', 'udp']), - port=dict(required=False, type='str'), - ip_version=dict(required=False, default='ipv4', - choices=['ipv4', 'ipv6']), - ), - supports_check_mode=True - ) - - action = module.params['action'] - protocol = module.params['protocol'] - port = module.params['port'] - - if action in ['add', 'remove']: - if not protocol: - error = "protocol is required when action is %s" % action - module.fail_json(msg=error) - if not port: - error = "port is required when action is %s" % action - module.fail_json(msg=error) - - iptables_manager = IpTablesManager(module) - - try: - if action == 'add': - iptables_manager.add_rule(port, protocol) - elif action == 'remove': - iptables_manager.remove_rule(port, protocol) - elif action == 'verify_chain': - iptables_manager.verify_chain() - except IpTablesError as ex: - module.fail_json(msg=ex.msg) - - return module.exit_json(changed=iptables_manager.changed, - output=iptables_manager.output) - - -# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, wrong-import-position -# import module snippets -from ansible.module_utils.basic import * # noqa: F403,E402 -from ansible.module_utils._text import to_native # noqa: E402 -if __name__ == '__main__': - main() diff --git a/roles/lib_utils/callback_plugins/aa_version_requirement.py b/roles/lib_utils/callback_plugins/aa_version_requirement.py new file mode 100644 index 000000000..1093acdae --- /dev/null +++ b/roles/lib_utils/callback_plugins/aa_version_requirement.py @@ -0,0 +1,60 @@ +#!/usr/bin/python + +""" +This callback plugin verifies the required minimum version of Ansible +is installed for proper operation of the OpenShift Ansible Installer. +The plugin is named with leading `aa_` to ensure this plugin is loaded +first (alphanumerically) by Ansible. +""" +import sys +from ansible import __version__ + +if __version__ < '2.0': + # pylint: disable=import-error,no-name-in-module + # Disabled because pylint warns when Ansible v2 is installed + from ansible.callbacks import display as pre2_display + CallbackBase = object + + def display(*args, **kwargs): + """Set up display function for pre Ansible v2""" + pre2_display(*args, **kwargs) +else: + from ansible.plugins.callback import CallbackBase + from ansible.utils.display import Display + + def display(*args, **kwargs): + """Set up display function for Ansible v2""" + display_instance = Display() + display_instance.display(*args, **kwargs) + + +# Set to minimum required Ansible version +REQUIRED_VERSION = '2.4.1.0' +DESCRIPTION = "Supported versions: %s or newer" % REQUIRED_VERSION + + +def version_requirement(version): + """Test for minimum required version""" + return version >= REQUIRED_VERSION + + +class CallbackModule(CallbackBase): + """ + Ansible callback plugin + """ + + CALLBACK_VERSION = 1.0 + CALLBACK_NAME = 'version_requirement' + + def __init__(self): + """ + Version verification is performed in __init__ to catch the + requirement early in the execution of Ansible and fail gracefully + """ + super(CallbackModule, self).__init__() + + if not version_requirement(__version__): + display( + 'FATAL: Current Ansible version (%s) is not supported. %s' + % (__version__, DESCRIPTION), color='red') + sys.exit(1) diff --git a/roles/lib_utils/callback_plugins/openshift_quick_installer.py b/roles/lib_utils/callback_plugins/openshift_quick_installer.py new file mode 100644 index 000000000..c0fdbc650 --- /dev/null +++ b/roles/lib_utils/callback_plugins/openshift_quick_installer.py @@ -0,0 +1,360 @@ +# pylint: disable=invalid-name,protected-access,import-error,line-too-long,attribute-defined-outside-init + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +"""This file is a stdout callback plugin for the OpenShift Quick +Installer. The purpose of this callback plugin is to reduce the amount +of produced output for customers and enable simpler progress checking. + +What's different: + +* Playbook progress is expressed as: Play / (Play Name) + Ex: Play 3/30 (Initialize Megafrobber) + +* The Tasks and Handlers in each play (and included roles) are printed + as a series of .'s following the play progress line. + +* Many of these methods include copy and paste code from the upstream + default.py callback. We do that to give us control over the stdout + output while allowing Ansible to handle the file logging + normally. The biggest changes here are that we are manually setting + `log_only` to True in the Display.display method and we redefine the + Display.banner method locally so we can set log_only on that call as + well. + +""" + +from __future__ import (absolute_import, print_function) +import sys +from ansible import constants as C +from ansible.plugins.callback import CallbackBase +from ansible.utils.color import colorize, hostcolor + + +class CallbackModule(CallbackBase): + + """ + Ansible callback plugin + """ + CALLBACK_VERSION = 2.2 + CALLBACK_TYPE = 'stdout' + CALLBACK_NAME = 'openshift_quick_installer' + CALLBACK_NEEDS_WHITELIST = False + plays_count = 0 + plays_total_ran = 0 + + def __init__(self): + """Constructor, ensure standard self.*s are set""" + self._play = None + self._last_task_banner = None + super(CallbackModule, self).__init__() + + def banner(self, msg, color=None): + '''Prints a header-looking line with stars taking up to 80 columns + of width (3 columns, minimum) + + Overrides the upstream banner method so that display is called + with log_only=True + ''' + msg = msg.strip() + star_len = (79 - len(msg)) + if star_len < 0: + star_len = 3 + stars = "*" * star_len + self._display.display("\n%s %s" % (msg, stars), color=color, log_only=True) + + def _print_task_banner(self, task): + """Imported from the upstream 'default' callback""" + # args can be specified as no_log in several places: in the task or in + # the argument spec. We can check whether the task is no_log but the + # argument spec can't be because that is only run on the target + # machine and we haven't run it thereyet at this time. + # + # So we give people a config option to affect display of the args so + # that they can secure this if they feel that their stdout is insecure + # (shoulder surfing, logging stdout straight to a file, etc). + args = '' + if not task.no_log and C.DISPLAY_ARGS_TO_STDOUT: + args = ', '.join('%s=%s' % a for a in task.args.items()) + args = ' %s' % args + + self.banner(u"TASK [%s%s]" % (task.get_name().strip(), args)) + if self._display.verbosity >= 2: + path = task.get_path() + if path: + self._display.display(u"task path: %s" % path, color=C.COLOR_DEBUG, log_only=True) + + self._last_task_banner = task._uuid + + def v2_playbook_on_start(self, playbook): + """This is basically the start of it all""" + self.plays_count = len(playbook.get_plays()) + self.plays_total_ran = 0 + + if self._display.verbosity > 1: + from os.path import basename + self.banner("PLAYBOOK: %s" % basename(playbook._file_name)) + + def v2_playbook_on_play_start(self, play): + """Each play calls this once before running any tasks + +We could print the number of tasks here as well by using +`play.get_tasks()` but that is not accurate when a play includes a +role. Only the tasks directly assigned to a play are exposed in the +`play` object. + """ + self.plays_total_ran += 1 + print("") + print("Play %s/%s (%s)" % (self.plays_total_ran, self.plays_count, play.get_name())) + + name = play.get_name().strip() + if not name: + msg = "PLAY" + else: + msg = "PLAY [%s]" % name + + self._play = play + + self.banner(msg) + + # pylint: disable=unused-argument,no-self-use + def v2_playbook_on_task_start(self, task, is_conditional): + """This prints out the task header. For example: + +TASK [openshift_facts : Ensure PyYaml is installed] ***... + +Rather than print out all that for every task, we print a dot +character to indicate a task has been started. + """ + sys.stdout.write('.') + + args = '' + # args can be specified as no_log in several places: in the task or in + # the argument spec. We can check whether the task is no_log but the + # argument spec can't be because that is only run on the target + # machine and we haven't run it thereyet at this time. + # + # So we give people a config option to affect display of the args so + # that they can secure this if they feel that their stdout is insecure + # (shoulder surfing, logging stdout straight to a file, etc). + if not task.no_log and C.DISPLAY_ARGS_TO_STDOUT: + args = ', '.join(('%s=%s' % a for a in task.args.items())) + args = ' %s' % args + self.banner("TASK [%s%s]" % (task.get_name().strip(), args)) + if self._display.verbosity >= 2: + path = task.get_path() + if path: + self._display.display("task path: %s" % path, color=C.COLOR_DEBUG, log_only=True) + + # pylint: disable=unused-argument,no-self-use + def v2_playbook_on_handler_task_start(self, task): + """Print out task header for handlers + +Rather than print out a header for every handler, we print a dot +character to indicate a handler task has been started. +""" + sys.stdout.write('.') + + self.banner("RUNNING HANDLER [%s]" % task.get_name().strip()) + + # pylint: disable=unused-argument,no-self-use + def v2_playbook_on_cleanup_task_start(self, task): + """Print out a task header for cleanup tasks + +Rather than print out a header for every handler, we print a dot +character to indicate a handler task has been started. +""" + sys.stdout.write('.') + + self.banner("CLEANUP TASK [%s]" % task.get_name().strip()) + + def v2_playbook_on_include(self, included_file): + """Print out paths to statically included files""" + msg = 'included: %s for %s' % (included_file._filename, ", ".join([h.name for h in included_file._hosts])) + self._display.display(msg, color=C.COLOR_SKIP, log_only=True) + + def v2_runner_on_ok(self, result): + """This prints out task results in a fancy format + +The only thing we change here is adding `log_only=True` to the +.display() call + """ + delegated_vars = result._result.get('_ansible_delegated_vars', None) + self._clean_results(result._result, result._task.action) + if result._task.action in ('include', 'include_role'): + return + elif result._result.get('changed', False): + if delegated_vars: + msg = "changed: [%s -> %s]" % (result._host.get_name(), delegated_vars['ansible_host']) + else: + msg = "changed: [%s]" % result._host.get_name() + color = C.COLOR_CHANGED + else: + if delegated_vars: + msg = "ok: [%s -> %s]" % (result._host.get_name(), delegated_vars['ansible_host']) + else: + msg = "ok: [%s]" % result._host.get_name() + color = C.COLOR_OK + + if result._task.loop and 'results' in result._result: + self._process_items(result) + else: + + if (self._display.verbosity > 0 or '_ansible_verbose_always' in result._result) and '_ansible_verbose_override' not in result._result: + msg += " => %s" % (self._dump_results(result._result),) + self._display.display(msg, color=color, log_only=True) + + self._handle_warnings(result._result) + + def v2_runner_item_on_ok(self, result): + """Print out task results for items you're iterating over""" + delegated_vars = result._result.get('_ansible_delegated_vars', None) + if result._task.action in ('include', 'include_role'): + return + elif result._result.get('changed', False): + msg = 'changed' + color = C.COLOR_CHANGED + else: + msg = 'ok' + color = C.COLOR_OK + + if delegated_vars: + msg += ": [%s -> %s]" % (result._host.get_name(), delegated_vars['ansible_host']) + else: + msg += ": [%s]" % result._host.get_name() + + msg += " => (item=%s)" % (self._get_item(result._result),) + + if (self._display.verbosity > 0 or '_ansible_verbose_always' in result._result) and '_ansible_verbose_override' not in result._result: + msg += " => %s" % self._dump_results(result._result) + self._display.display(msg, color=color, log_only=True) + + def v2_runner_item_on_skipped(self, result): + """Print out task results when an item is skipped""" + if C.DISPLAY_SKIPPED_HOSTS: + msg = "skipping: [%s] => (item=%s) " % (result._host.get_name(), self._get_item(result._result)) + if (self._display.verbosity > 0 or '_ansible_verbose_always' in result._result) and '_ansible_verbose_override' not in result._result: + msg += " => %s" % self._dump_results(result._result) + self._display.display(msg, color=C.COLOR_SKIP, log_only=True) + + def v2_runner_on_skipped(self, result): + """Print out task results when a task (or something else?) is skipped""" + if C.DISPLAY_SKIPPED_HOSTS: + if result._task.loop and 'results' in result._result: + self._process_items(result) + else: + msg = "skipping: [%s]" % result._host.get_name() + if (self._display.verbosity > 0 or '_ansible_verbose_always' in result._result) and '_ansible_verbose_override' not in result._result: + msg += " => %s" % self._dump_results(result._result) + self._display.display(msg, color=C.COLOR_SKIP, log_only=True) + + def v2_playbook_on_notify(self, res, handler): + """What happens when a task result is 'changed' and the task has a +'notify' list attached. + """ + self._display.display("skipping: no hosts matched", color=C.COLOR_SKIP, log_only=True) + + ###################################################################### + # So we can bubble up errors to the top + def v2_runner_on_failed(self, result, ignore_errors=False): + """I guess this is when an entire task has failed?""" + + if self._play.strategy == 'free' and self._last_task_banner != result._task._uuid: + self._print_task_banner(result._task) + + delegated_vars = result._result.get('_ansible_delegated_vars', None) + if 'exception' in result._result: + if self._display.verbosity < 3: + # extract just the actual error message from the exception text + error = result._result['exception'].strip().split('\n')[-1] + msg = "An exception occurred during task execution. To see the full traceback, use -vvv. The error was: %s" % error + else: + msg = "An exception occurred during task execution. The full traceback is:\n" + result._result['exception'] + + self._display.display(msg, color=C.COLOR_ERROR) + + if result._task.loop and 'results' in result._result: + self._process_items(result) + + else: + if delegated_vars: + self._display.display("fatal: [%s -> %s]: FAILED! => %s" % (result._host.get_name(), delegated_vars['ansible_host'], self._dump_results(result._result)), color=C.COLOR_ERROR) + else: + self._display.display("fatal: [%s]: FAILED! => %s" % (result._host.get_name(), self._dump_results(result._result)), color=C.COLOR_ERROR) + + if ignore_errors: + self._display.display("...ignoring", color=C.COLOR_SKIP) + + def v2_runner_item_on_failed(self, result): + """When an item in a task fails.""" + delegated_vars = result._result.get('_ansible_delegated_vars', None) + if 'exception' in result._result: + if self._display.verbosity < 3: + # extract just the actual error message from the exception text + error = result._result['exception'].strip().split('\n')[-1] + msg = "An exception occurred during task execution. To see the full traceback, use -vvv. The error was: %s" % error + else: + msg = "An exception occurred during task execution. The full traceback is:\n" + result._result['exception'] + + self._display.display(msg, color=C.COLOR_ERROR) + + msg = "failed: " + if delegated_vars: + msg += "[%s -> %s]" % (result._host.get_name(), delegated_vars['ansible_host']) + else: + msg += "[%s]" % (result._host.get_name()) + + self._display.display(msg + " (item=%s) => %s" % (self._get_item(result._result), self._dump_results(result._result)), color=C.COLOR_ERROR) + self._handle_warnings(result._result) + + ###################################################################### + def v2_playbook_on_stats(self, stats): + """Print the final playbook run stats""" + self._display.display("", screen_only=True) + self.banner("PLAY RECAP") + + hosts = sorted(stats.processed.keys()) + for h in hosts: + t = stats.summarize(h) + + self._display.display( + u"%s : %s %s %s %s" % ( + hostcolor(h, t), + colorize(u'ok', t['ok'], C.COLOR_OK), + colorize(u'changed', t['changed'], C.COLOR_CHANGED), + colorize(u'unreachable', t['unreachable'], C.COLOR_UNREACHABLE), + colorize(u'failed', t['failures'], C.COLOR_ERROR)), + screen_only=True + ) + + self._display.display( + u"%s : %s %s %s %s" % ( + hostcolor(h, t, False), + colorize(u'ok', t['ok'], None), + colorize(u'changed', t['changed'], None), + colorize(u'unreachable', t['unreachable'], None), + colorize(u'failed', t['failures'], None)), + log_only=True + ) + + self._display.display("", screen_only=True) + self._display.display("", screen_only=True) + + # Some plays are conditional and won't run (such as load + # balancers) if they aren't required. Sometimes plays are + # conditionally included later in the run. Let the user know + # about this to avoid potential confusion. + if self.plays_total_ran != self.plays_count: + print("Installation Complete: Note: Play count is only an estimate, some plays may have been skipped or dynamically added") + self._display.display("", screen_only=True) diff --git a/roles/lib_utils/filter_plugins/oo_filters.py b/roles/lib_utils/filter_plugins/oo_filters.py new file mode 100644 index 000000000..a2ea287cf --- /dev/null +++ b/roles/lib_utils/filter_plugins/oo_filters.py @@ -0,0 +1,621 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# pylint: disable=too-many-lines +""" +Custom filters for use in openshift-ansible +""" +import os +import pdb +import random +import re + +from base64 import b64encode +from collections import Mapping +# pylint no-name-in-module and import-error disabled here because pylint +# fails to properly detect the packages when installed in a virtualenv +from distutils.util import strtobool # pylint:disable=no-name-in-module,import-error +from operator import itemgetter + +import yaml + +from ansible import errors +from ansible.parsing.yaml.dumper import AnsibleDumper + +# ansible.compat.six goes away with Ansible 2.4 +try: + from ansible.compat.six import string_types, u + from ansible.compat.six.moves.urllib.parse import urlparse +except ImportError: + from ansible.module_utils.six import string_types, u + from ansible.module_utils.six.moves.urllib.parse import urlparse + +HAS_OPENSSL = False +try: + import OpenSSL.crypto + HAS_OPENSSL = True +except ImportError: + pass + + +# pylint: disable=C0103 + +def lib_utils_oo_pdb(arg): + """ This pops you into a pdb instance where arg is the data passed in + from the filter. + Ex: "{{ hostvars | lib_utils_oo_pdb }}" + """ + pdb.set_trace() + return arg + + +def get_attr(data, attribute=None): + """ This looks up dictionary attributes of the form a.b.c and returns + the value. + + If the key isn't present, None is returned. + Ex: data = {'a': {'b': {'c': 5}}} + attribute = "a.b.c" + returns 5 + """ + if not attribute: + raise errors.AnsibleFilterError("|failed expects attribute to be set") + + ptr = data + for attr in attribute.split('.'): + if attr in ptr: + ptr = ptr[attr] + else: + ptr = None + break + + return ptr + + +def oo_flatten(data): + """ This filter plugin will flatten a list of lists + """ + if not isinstance(data, list): + raise errors.AnsibleFilterError("|failed expects to flatten a List") + + return [item for sublist in data for item in sublist] + + +def lib_utils_oo_collect(data_list, attribute=None, filters=None): + """ This takes a list of dict and collects all attributes specified into a + list. If filter is specified then we will include all items that + match _ALL_ of filters. If a dict entry is missing the key in a + filter it will be excluded from the match. + Ex: data_list = [ {'a':1, 'b':5, 'z': 'z'}, # True, return + {'a':2, 'z': 'z'}, # True, return + {'a':3, 'z': 'z'}, # True, return + {'a':4, 'z': 'b'}, # FAILED, obj['z'] != obj['z'] + ] + attribute = 'a' + filters = {'z': 'z'} + returns [1, 2, 3] + + This also deals with lists of lists with dict as elements. + Ex: data_list = [ + [ {'a':1, 'b':5, 'z': 'z'}, # True, return + {'a':2, 'b':6, 'z': 'z'} # True, return + ], + [ {'a':3, 'z': 'z'}, # True, return + {'a':4, 'z': 'b'} # FAILED, obj['z'] != obj['z'] + ], + {'a':5, 'z': 'z'}, # True, return + ] + attribute = 'a' + filters = {'z': 'z'} + returns [1, 2, 3, 5] + """ + if not isinstance(data_list, list): + raise errors.AnsibleFilterError("lib_utils_oo_collect expects to filter on a List") + + if not attribute: + raise errors.AnsibleFilterError("lib_utils_oo_collect expects attribute to be set") + + data = [] + retval = [] + + for item in data_list: + if isinstance(item, list): + retval.extend(lib_utils_oo_collect(item, attribute, filters)) + else: + data.append(item) + + if filters is not None: + if not isinstance(filters, dict): + raise errors.AnsibleFilterError( + "lib_utils_oo_collect expects filter to be a dict") + retval.extend([get_attr(d, attribute) for d in data if ( + all([d.get(key, None) == filters[key] for key in filters]))]) + else: + retval.extend([get_attr(d, attribute) for d in data]) + + retval = [val for val in retval if val is not None] + + return retval + + +def lib_utils_oo_select_keys_from_list(data, keys): + """ This returns a list, which contains the value portions for the keys + Ex: data = { 'a':1, 'b':2, 'c':3 } + keys = ['a', 'c'] + returns [1, 3] + """ + + if not isinstance(data, list): + raise errors.AnsibleFilterError("|lib_utils_oo_select_keys_from_list failed expects to filter on a list") + + if not isinstance(keys, list): + raise errors.AnsibleFilterError("|lib_utils_oo_select_keys_from_list failed expects first param is a list") + + # Gather up the values for the list of keys passed in + retval = [lib_utils_oo_select_keys(item, keys) for item in data] + + return oo_flatten(retval) + + +def lib_utils_oo_select_keys(data, keys): + """ This returns a list, which contains the value portions for the keys + Ex: data = { 'a':1, 'b':2, 'c':3 } + keys = ['a', 'c'] + returns [1, 3] + """ + + if not isinstance(data, Mapping): + raise errors.AnsibleFilterError("|lib_utils_oo_select_keys failed expects to filter on a dict or object") + + if not isinstance(keys, list): + raise errors.AnsibleFilterError("|lib_utils_oo_select_keys failed expects first param is a list") + + # Gather up the values for the list of keys passed in + retval = [data[key] for key in keys if key in data] + + return retval + + +def lib_utils_oo_prepend_strings_in_list(data, prepend): + """ This takes a list of strings and prepends a string to each item in the + list + Ex: data = ['cart', 'tree'] + prepend = 'apple-' + returns ['apple-cart', 'apple-tree'] + """ + if not isinstance(data, list): + raise errors.AnsibleFilterError("|failed expects first param is a list") + if not all(isinstance(x, string_types) for x in data): + raise errors.AnsibleFilterError("|failed expects first param is a list" + " of strings") + retval = [prepend + s for s in data] + return retval + + +def lib_utils_oo_dict_to_list_of_dict(data, key_title='key', value_title='value'): + """Take a dict and arrange them as a list of dicts + + Input data: + {'region': 'infra', 'test_k': 'test_v'} + + Return data: + [{'key': 'region', 'value': 'infra'}, {'key': 'test_k', 'value': 'test_v'}] + + Written for use of the oc_label module + """ + if not isinstance(data, dict): + # pylint: disable=line-too-long + raise errors.AnsibleFilterError("|failed expects first param is a dict. Got %s. Type: %s" % (str(data), str(type(data)))) + + rval = [] + for label in data.items(): + rval.append({key_title: label[0], value_title: label[1]}) + + return rval + + +def oo_ami_selector(data, image_name): + """ This takes a list of amis and an image name and attempts to return + the latest ami. + """ + if not isinstance(data, list): + raise errors.AnsibleFilterError("|failed expects first param is a list") + + if not data: + return None + else: + if image_name is None or not image_name.endswith('_*'): + ami = sorted(data, key=itemgetter('name'), reverse=True)[0] + return ami['ami_id'] + else: + ami_info = [(ami, ami['name'].split('_')[-1]) for ami in data] + ami = sorted(ami_info, key=itemgetter(1), reverse=True)[0][0] + return ami['ami_id'] + + +def lib_utils_oo_split(string, separator=','): + """ This splits the input string into a list. If the input string is + already a list we will return it as is. + """ + if isinstance(string, list): + return string + return string.split(separator) + + +def lib_utils_oo_dict_to_keqv_list(data): + """Take a dict and return a list of k=v pairs + + Input data: + {'a': 1, 'b': 2} + + Return data: + ['a=1', 'b=2'] + """ + return ['='.join(str(e) for e in x) for x in data.items()] + + +def lib_utils_oo_list_to_dict(lst, separator='='): + """ This converts a list of ["k=v"] to a dictionary {k: v}. + """ + kvs = [i.split(separator) for i in lst] + return {k: v for k, v in kvs} + + +def haproxy_backend_masters(hosts, port): + """ This takes an array of dicts and returns an array of dicts + to be used as a backend for the haproxy role + """ + servers = [] + for idx, host_info in enumerate(hosts): + server = dict(name="master%s" % idx) + server_ip = host_info['openshift']['common']['ip'] + server['address'] = "%s:%s" % (server_ip, port) + server['opts'] = 'check' + servers.append(server) + return servers + + +# pylint: disable=too-many-branches +def lib_utils_oo_parse_named_certificates(certificates, named_certs_dir, internal_hostnames): + """ Parses names from list of certificate hashes. + + Ex: certificates = [{ "certfile": "/root/custom1.crt", + "keyfile": "/root/custom1.key", + "cafile": "/root/custom-ca1.crt" }, + { "certfile": "custom2.crt", + "keyfile": "custom2.key", + "cafile": "custom-ca2.crt" }] + + returns [{ "certfile": "/etc/origin/master/named_certificates/custom1.crt", + "keyfile": "/etc/origin/master/named_certificates/custom1.key", + "cafile": "/etc/origin/master/named_certificates/custom-ca1.crt", + "names": [ "public-master-host.com", + "other-master-host.com" ] }, + { "certfile": "/etc/origin/master/named_certificates/custom2.crt", + "keyfile": "/etc/origin/master/named_certificates/custom2.key", + "cafile": "/etc/origin/master/named_certificates/custom-ca-2.crt", + "names": [ "some-hostname.com" ] }] + """ + if not isinstance(named_certs_dir, string_types): + raise errors.AnsibleFilterError("|failed expects named_certs_dir is str or unicode") + + if not isinstance(internal_hostnames, list): + raise errors.AnsibleFilterError("|failed expects internal_hostnames is list") + + if not HAS_OPENSSL: + raise errors.AnsibleFilterError("|missing OpenSSL python bindings") + + for certificate in certificates: + if 'names' in certificate.keys(): + continue + else: + certificate['names'] = [] + + if not os.path.isfile(certificate['certfile']) or not os.path.isfile(certificate['keyfile']): + raise errors.AnsibleFilterError("|certificate and/or key does not exist '%s', '%s'" % + (certificate['certfile'], certificate['keyfile'])) + + try: + st_cert = open(certificate['certfile'], 'rt').read() + cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, st_cert) + certificate['names'].append(str(cert.get_subject().commonName.decode())) + for i in range(cert.get_extension_count()): + if cert.get_extension(i).get_short_name() == 'subjectAltName': + for name in str(cert.get_extension(i)).replace('DNS:', '').split(', '): + certificate['names'].append(name) + except Exception: + raise errors.AnsibleFilterError(("|failed to parse certificate '%s', " % certificate['certfile'] + + "please specify certificate names in host inventory")) + + certificate['names'] = list(set(certificate['names'])) + if 'cafile' not in certificate: + certificate['names'] = [name for name in certificate['names'] if name not in internal_hostnames] + if not certificate['names']: + raise errors.AnsibleFilterError(("|failed to parse certificate '%s' or " % certificate['certfile'] + + "detected a collision with internal hostname, please specify " + + "certificate names in host inventory")) + + for certificate in certificates: + # Update paths for configuration + certificate['certfile'] = os.path.join(named_certs_dir, os.path.basename(certificate['certfile'])) + certificate['keyfile'] = os.path.join(named_certs_dir, os.path.basename(certificate['keyfile'])) + if 'cafile' in certificate: + certificate['cafile'] = os.path.join(named_certs_dir, os.path.basename(certificate['cafile'])) + return certificates + + +def lib_utils_oo_generate_secret(num_bytes): + """ generate a session secret """ + + if not isinstance(num_bytes, int): + raise errors.AnsibleFilterError("|failed expects num_bytes is int") + + return b64encode(os.urandom(num_bytes)).decode('utf-8') + + +def lib_utils_to_padded_yaml(data, level=0, indent=2, **kw): + """ returns a yaml snippet padded to match the indent level you specify """ + if data in [None, ""]: + return "" + + try: + transformed = u(yaml.dump(data, indent=indent, allow_unicode=True, + default_flow_style=False, + Dumper=AnsibleDumper, **kw)) + padded = "\n".join([" " * level * indent + line for line in transformed.splitlines()]) + return "\n{0}".format(padded) + except Exception as my_e: + raise errors.AnsibleFilterError('Failed to convert: %s' % my_e) + + +def lib_utils_oo_pods_match_component(pods, deployment_type, component): + """ Filters a list of Pods and returns the ones matching the deployment_type and component + """ + if not isinstance(pods, list): + raise errors.AnsibleFilterError("failed expects to filter on a list") + if not isinstance(deployment_type, string_types): + raise errors.AnsibleFilterError("failed expects deployment_type to be a string") + if not isinstance(component, string_types): + raise errors.AnsibleFilterError("failed expects component to be a string") + + image_prefix = 'openshift/origin-' + if deployment_type == 'openshift-enterprise': + image_prefix = 'openshift3/ose-' + + matching_pods = [] + image_regex = image_prefix + component + r'.*' + for pod in pods: + for container in pod['spec']['containers']: + if re.search(image_regex, container['image']): + matching_pods.append(pod) + break # stop here, don't add a pod more than once + + return matching_pods + + +def lib_utils_oo_image_tag_to_rpm_version(version, include_dash=False): + """ Convert an image tag string to an RPM version if necessary + Empty strings and strings that are already in rpm version format + are ignored. Also remove non semantic version components. + + Ex. v3.2.0.10 -> -3.2.0.10 + v1.2.0-rc1 -> -1.2.0 + """ + if not isinstance(version, string_types): + raise errors.AnsibleFilterError("|failed expects a string or unicode") + if version.startswith("v"): + version = version[1:] + # Strip release from requested version, we no longer support this. + version = version.split('-')[0] + + if include_dash and version and not version.startswith("-"): + version = "-" + version + + return version + + +def lib_utils_oo_hostname_from_url(url): + """ Returns the hostname contained in a URL + + Ex: https://ose3-master.example.com/v1/api -> ose3-master.example.com + """ + if not isinstance(url, string_types): + raise errors.AnsibleFilterError("|failed expects a string or unicode") + parse_result = urlparse(url) + if parse_result.netloc != '': + return parse_result.netloc + else: + # netloc wasn't parsed, assume url was missing scheme and path + return parse_result.path + + +# pylint: disable=invalid-name, unused-argument +def lib_utils_oo_loadbalancer_frontends( + api_port, servers_hostvars, use_nuage=False, nuage_rest_port=None): + """TODO: Document me.""" + loadbalancer_frontends = [{'name': 'atomic-openshift-api', + 'mode': 'tcp', + 'options': ['tcplog'], + 'binds': ["*:{0}".format(api_port)], + 'default_backend': 'atomic-openshift-api'}] + if bool(strtobool(str(use_nuage))) and nuage_rest_port is not None: + loadbalancer_frontends.append({'name': 'nuage-monitor', + 'mode': 'tcp', + 'options': ['tcplog'], + 'binds': ["*:{0}".format(nuage_rest_port)], + 'default_backend': 'nuage-monitor'}) + return loadbalancer_frontends + + +# pylint: disable=invalid-name +def lib_utils_oo_loadbalancer_backends( + api_port, servers_hostvars, use_nuage=False, nuage_rest_port=None): + """TODO: Document me.""" + loadbalancer_backends = [{'name': 'atomic-openshift-api', + 'mode': 'tcp', + 'option': 'tcplog', + 'balance': 'source', + 'servers': haproxy_backend_masters(servers_hostvars, api_port)}] + if bool(strtobool(str(use_nuage))) and nuage_rest_port is not None: + # pylint: disable=line-too-long + loadbalancer_backends.append({'name': 'nuage-monitor', + 'mode': 'tcp', + 'option': 'tcplog', + 'balance': 'source', + 'servers': haproxy_backend_masters(servers_hostvars, nuage_rest_port)}) + return loadbalancer_backends + + +def lib_utils_oo_chomp_commit_offset(version): + """Chomp any "+git.foo" commit offset string from the given `version` + and return the modified version string. + +Ex: +- chomp_commit_offset(None) => None +- chomp_commit_offset(1337) => "1337" +- chomp_commit_offset("v3.4.0.15+git.derp") => "v3.4.0.15" +- chomp_commit_offset("v3.4.0.15") => "v3.4.0.15" +- chomp_commit_offset("v1.3.0+52492b4") => "v1.3.0" + """ + if version is None: + return version + else: + # Stringify, just in case it's a Number type. Split by '+' and + # return the first split. No concerns about strings without a + # '+', .split() returns an array of the original string. + return str(version).split('+')[0] + + +def lib_utils_oo_random_word(length, source='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'): + """Generates a random string of given length from a set of alphanumeric characters. + The default source uses [a-z][A-Z][0-9] + Ex: + - lib_utils_oo_random_word(3) => aB9 + - lib_utils_oo_random_word(4, source='012') => 0123 + """ + return ''.join(random.choice(source) for i in range(length)) + + +def lib_utils_oo_contains_rule(source, apiGroups, resources, verbs): + '''Return true if the specified rule is contained within the provided source''' + + rules = source['rules'] + + if rules: + for rule in rules: + if set(rule['apiGroups']) == set(apiGroups): + if set(rule['resources']) == set(resources): + if set(rule['verbs']) == set(verbs): + return True + + return False + + +def lib_utils_oo_selector_to_string_list(user_dict): + """Convert a dict of selectors to a key=value list of strings + +Given input of {'region': 'infra', 'zone': 'primary'} returns a list +of items as ['region=infra', 'zone=primary'] + """ + selectors = [] + for key in user_dict: + selectors.append("{}={}".format(key, user_dict[key])) + return selectors + + +def lib_utils_oo_filter_sa_secrets(sa_secrets, secret_hint='-token-'): + """Parse the Service Account Secrets list, `sa_secrets`, (as from +oc_serviceaccount_secret:state=list) and return the name of the secret +containing the `secret_hint` string. For example, by default this will +return the name of the secret holding the SA bearer token. + +Only provide the 'results' object to this filter. This filter expects +to receive a list like this: + + [ + { + "name": "management-admin-dockercfg-p31s2" + }, + { + "name": "management-admin-token-bnqsh" + } + ] + + +Returns: + +* `secret_name` [string] - The name of the secret matching the + `secret_hint` parameter. By default this is the secret holding the + SA's bearer token. + +Example playbook usage: + +Register a return value from oc_serviceaccount_secret with and pass +that result to this filter plugin. + + - name: Get all SA Secrets + oc_serviceaccount_secret: + state: list + service_account: management-admin + namespace: management-infra + register: sa + + - name: Save the SA bearer token secret name + set_fact: + management_token: "{{ sa.results | lib_utils_oo_filter_sa_secrets }}" + + - name: Get the SA bearer token value + oc_secret: + state: list + name: "{{ management_token }}" + namespace: management-infra + decode: true + register: sa_secret + + - name: Print the bearer token value + debug: + var: sa_secret.results.decoded.token + + """ + secret_name = None + + for secret in sa_secrets: + # each secret is a hash + if secret['name'].find(secret_hint) == -1: + continue + else: + secret_name = secret['name'] + break + + return secret_name + + +class FilterModule(object): + """ Custom ansible filter mapping """ + + # pylint: disable=no-self-use, too-few-public-methods + def filters(self): + """ returns a mapping of filters to methods """ + return { + "lib_utils_oo_select_keys": lib_utils_oo_select_keys, + "lib_utils_oo_select_keys_from_list": lib_utils_oo_select_keys_from_list, + "lib_utils_oo_chomp_commit_offset": lib_utils_oo_chomp_commit_offset, + "lib_utils_oo_collect": lib_utils_oo_collect, + "lib_utils_oo_pdb": lib_utils_oo_pdb, + "lib_utils_oo_prepend_strings_in_list": lib_utils_oo_prepend_strings_in_list, + "lib_utils_oo_dict_to_list_of_dict": lib_utils_oo_dict_to_list_of_dict, + "lib_utils_oo_split": lib_utils_oo_split, + "lib_utils_oo_dict_to_keqv_list": lib_utils_oo_dict_to_keqv_list, + "lib_utils_oo_list_to_dict": lib_utils_oo_list_to_dict, + "lib_utils_oo_parse_named_certificates": lib_utils_oo_parse_named_certificates, + "lib_utils_oo_generate_secret": lib_utils_oo_generate_secret, + "lib_utils_oo_pods_match_component": lib_utils_oo_pods_match_component, + "lib_utils_oo_image_tag_to_rpm_version": lib_utils_oo_image_tag_to_rpm_version, + "lib_utils_oo_hostname_from_url": lib_utils_oo_hostname_from_url, + "lib_utils_oo_loadbalancer_frontends": lib_utils_oo_loadbalancer_frontends, + "lib_utils_oo_loadbalancer_backends": lib_utils_oo_loadbalancer_backends, + "lib_utils_to_padded_yaml": lib_utils_to_padded_yaml, + "lib_utils_oo_random_word": lib_utils_oo_random_word, + "lib_utils_oo_contains_rule": lib_utils_oo_contains_rule, + "lib_utils_oo_selector_to_string_list": lib_utils_oo_selector_to_string_list, + "lib_utils_oo_filter_sa_secrets": lib_utils_oo_filter_sa_secrets, + } diff --git a/roles/lib_utils/library/kubeclient_ca.py b/roles/lib_utils/library/kubeclient_ca.py new file mode 100644 index 000000000..a89a5574f --- /dev/null +++ b/roles/lib_utils/library/kubeclient_ca.py @@ -0,0 +1,88 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +''' kubeclient_ca ansible module ''' + +import base64 +import yaml +from ansible.module_utils.basic import AnsibleModule + + +DOCUMENTATION = ''' +--- +module: kubeclient_ca +short_description: Modify kubeclient certificate-authority-data +author: Andrew Butcher +requirements: [ ] +''' +EXAMPLES = ''' +- kubeclient_ca: + client_path: /etc/origin/master/admin.kubeconfig + ca_path: /etc/origin/master/ca-bundle.crt + +- slurp: + src: /etc/origin/master/ca-bundle.crt + register: ca_data +- kubeclient_ca: + client_path: /etc/origin/master/admin.kubeconfig + ca_data: "{{ ca_data.content }}" +''' + + +def main(): + ''' Modify kubeconfig located at `client_path`, setting the + certificate authority data to specified `ca_data` or contents of + `ca_path`. + ''' + + module = AnsibleModule( # noqa: F405 + argument_spec=dict( + client_path=dict(required=True), + ca_data=dict(required=False, default=None), + ca_path=dict(required=False, default=None), + backup=dict(required=False, default=True, type='bool'), + ), + supports_check_mode=True, + mutually_exclusive=[['ca_data', 'ca_path']], + required_one_of=[['ca_data', 'ca_path']] + ) + + client_path = module.params['client_path'] + ca_data = module.params['ca_data'] + ca_path = module.params['ca_path'] + backup = module.params['backup'] + + try: + with open(client_path) as client_config_file: + client_config_data = yaml.safe_load(client_config_file.read()) + + if ca_data is None: + with open(ca_path) as ca_file: + ca_data = base64.standard_b64encode(ca_file.read()) + + changes = [] + # Naively update the CA information for each cluster in the + # kubeconfig. + for cluster in client_config_data['clusters']: + if cluster['cluster']['certificate-authority-data'] != ca_data: + cluster['cluster']['certificate-authority-data'] = ca_data + changes.append(cluster['name']) + + if not module.check_mode: + if len(changes) > 0 and backup: + module.backup_local(client_path) + + with open(client_path, 'w') as client_config_file: + client_config_string = yaml.dump(client_config_data, default_flow_style=False) + client_config_string = client_config_string.replace('\'\'', '""') + client_config_file.write(client_config_string) + + return module.exit_json(changed=(len(changes) > 0)) + + # ignore broad-except error to avoid stack trace to ansible user + # pylint: disable=broad-except + except Exception as error: + return module.fail_json(msg=str(error)) + + +if __name__ == '__main__': + main() diff --git a/roles/lib_utils/library/modify_yaml.py b/roles/lib_utils/library/modify_yaml.py new file mode 100644 index 000000000..9b8f9ba33 --- /dev/null +++ b/roles/lib_utils/library/modify_yaml.py @@ -0,0 +1,117 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +''' modify_yaml ansible module ''' + +import yaml + +# ignore pylint errors related to the module_utils import +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import +from ansible.module_utils.basic import * # noqa: F402,F403 + + +DOCUMENTATION = ''' +--- +module: modify_yaml +short_description: Modify yaml key value pairs +author: Andrew Butcher +requirements: [ ] +''' +EXAMPLES = ''' +- modify_yaml: + dest: /etc/origin/master/master-config.yaml + yaml_key: 'kubernetesMasterConfig.masterCount' + yaml_value: 2 +''' + + +def set_key(yaml_data, yaml_key, yaml_value): + ''' Updates a parsed yaml structure setting a key to a value. + + :param yaml_data: yaml structure to modify. + :type yaml_data: dict + :param yaml_key: Key to modify. + :type yaml_key: mixed + :param yaml_value: Value use for yaml_key. + :type yaml_value: mixed + :returns: Changes to the yaml_data structure + :rtype: dict(tuple()) + ''' + changes = [] + ptr = yaml_data + final_key = yaml_key.split('.')[-1] + for key in yaml_key.split('.'): + # Key isn't present and we're not on the final key. Set to empty dictionary. + if key not in ptr and key != final_key: + ptr[key] = {} + ptr = ptr[key] + # Current key is the final key. Update value. + elif key == final_key: + if (key in ptr and module.safe_eval(ptr[key]) != yaml_value) or (key not in ptr): # noqa: F405 + ptr[key] = yaml_value + changes.append((yaml_key, yaml_value)) + else: + # Next value is None and we're not on the final key. + # Turn value into an empty dictionary. + if ptr[key] is None and key != final_key: + ptr[key] = {} + ptr = ptr[key] + return changes + + +def main(): + ''' Modify key (supplied in jinja2 dot notation) in yaml file, setting + the key to the desired value. + ''' + + # disabling pylint errors for global-variable-undefined and invalid-name + # for 'global module' usage, since it is required to use ansible_facts + # pylint: disable=global-variable-undefined, invalid-name, + # redefined-outer-name + global module + + module = AnsibleModule( # noqa: F405 + argument_spec=dict( + dest=dict(required=True), + yaml_key=dict(required=True), + yaml_value=dict(required=True), + backup=dict(required=False, default=True, type='bool'), + ), + supports_check_mode=True, + ) + + dest = module.params['dest'] + yaml_key = module.params['yaml_key'] + yaml_value = module.safe_eval(module.params['yaml_value']) + backup = module.params['backup'] + + # Represent null values as an empty string. + # pylint: disable=missing-docstring, unused-argument + def none_representer(dumper, data): + return yaml.ScalarNode(tag=u'tag:yaml.org,2002:null', value=u'') + + yaml.add_representer(type(None), none_representer) + + try: + with open(dest) as yaml_file: + yaml_data = yaml.safe_load(yaml_file.read()) + + changes = set_key(yaml_data, yaml_key, yaml_value) + + if len(changes) > 0: + if backup: + module.backup_local(dest) + with open(dest, 'w') as yaml_file: + yaml_string = yaml.dump(yaml_data, default_flow_style=False) + yaml_string = yaml_string.replace('\'\'', '""') + yaml_file.write(yaml_string) + + return module.exit_json(changed=(len(changes) > 0), changes=changes) + + # ignore broad-except error to avoid stack trace to ansible user + # pylint: disable=broad-except + except Exception as error: + return module.fail_json(msg=str(error)) + + +if __name__ == '__main__': + main() diff --git a/roles/lib_utils/library/os_firewall_manage_iptables.py b/roles/lib_utils/library/os_firewall_manage_iptables.py new file mode 100644 index 000000000..aeee3ede8 --- /dev/null +++ b/roles/lib_utils/library/os_firewall_manage_iptables.py @@ -0,0 +1,283 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# pylint: disable=fixme, missing-docstring +import subprocess + +DOCUMENTATION = ''' +--- +module: os_firewall_manage_iptables +short_description: This module manages iptables rules for a given chain +author: Jason DeTiberus +requirements: [ ] +''' +EXAMPLES = ''' +''' + + +class IpTablesError(Exception): + def __init__(self, msg, cmd, exit_code, output): + super(IpTablesError, self).__init__(msg) + self.msg = msg + self.cmd = cmd + self.exit_code = exit_code + self.output = output + + +class IpTablesAddRuleError(IpTablesError): + pass + + +class IpTablesRemoveRuleError(IpTablesError): + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name + super(IpTablesRemoveRuleError, self).__init__(msg, cmd, exit_code, + output) + self.chain = chain + + +class IpTablesSaveError(IpTablesError): + pass + + +class IpTablesCreateChainError(IpTablesError): + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name + super(IpTablesCreateChainError, self).__init__(msg, cmd, exit_code, + output) + self.chain = chain + + +class IpTablesCreateJumpRuleError(IpTablesError): + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name + super(IpTablesCreateJumpRuleError, self).__init__(msg, cmd, exit_code, + output) + self.chain = chain + + +# TODO: implement rollbacks for any events that were successful and an +# exception was thrown later. For example, when the chain is created +# successfully, but the add/remove rule fails. +class IpTablesManager(object): # pylint: disable=too-many-instance-attributes + def __init__(self, module): + self.module = module + self.ip_version = module.params['ip_version'] + self.check_mode = module.check_mode + self.chain = module.params['chain'] + self.create_jump_rule = module.params['create_jump_rule'] + self.jump_rule_chain = module.params['jump_rule_chain'] + self.cmd = self.gen_cmd() + self.save_cmd = self.gen_save_cmd() + self.output = [] + self.changed = False + + def save(self): + try: + self.output.append(subprocess.check_output(self.save_cmd, stderr=subprocess.STDOUT)) + except subprocess.CalledProcessError as ex: + raise IpTablesSaveError( + msg="Failed to save iptables rules", + cmd=ex.cmd, exit_code=ex.returncode, output=ex.output) + + def verify_chain(self): + if not self.chain_exists(): + self.create_chain() + if self.create_jump_rule and not self.jump_rule_exists(): + self.create_jump() + + def add_rule(self, port, proto): + rule = self.gen_rule(port, proto) + if not self.rule_exists(rule): + self.verify_chain() + + if self.check_mode: + self.changed = True + self.output.append("Create rule for %s %s" % (proto, port)) + else: + cmd = self.cmd + ['-A'] + rule + try: + self.output.append(subprocess.check_output(cmd)) + self.changed = True + self.save() + except subprocess.CalledProcessError as ex: + raise IpTablesCreateChainError( + chain=self.chain, + msg="Failed to create rule for " + "%s %s" % (proto, port), + cmd=ex.cmd, exit_code=ex.returncode, + output=ex.output) + + def remove_rule(self, port, proto): + rule = self.gen_rule(port, proto) + if self.rule_exists(rule): + if self.check_mode: + self.changed = True + self.output.append("Remove rule for %s %s" % (proto, port)) + else: + cmd = self.cmd + ['-D'] + rule + try: + self.output.append(subprocess.check_output(cmd)) + self.changed = True + self.save() + except subprocess.CalledProcessError as ex: + raise IpTablesRemoveRuleError( + chain=self.chain, + msg="Failed to remove rule for %s %s" % (proto, port), + cmd=ex.cmd, exit_code=ex.returncode, output=ex.output) + + def rule_exists(self, rule): + check_cmd = self.cmd + ['-C'] + rule + return True if subprocess.call(check_cmd) == 0 else False + + @staticmethod + def port_as_argument(port): + if isinstance(port, int): + return str(port) + if isinstance(port, basestring): # noqa: F405 + return port.replace('-', ":") + return port + + def gen_rule(self, port, proto): + return [self.chain, '-p', proto, '-m', 'state', '--state', 'NEW', + '-m', proto, '--dport', IpTablesManager.port_as_argument(port), '-j', 'ACCEPT'] + + def create_jump(self): + if self.check_mode: + self.changed = True + self.output.append("Create jump rule for chain %s" % self.chain) + else: + try: + cmd = self.cmd + ['-L', self.jump_rule_chain, '--line-numbers'] + output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) + + # break the input rules into rows and columns + input_rules = [s.split() for s in to_native(output).split('\n')] + + # Find the last numbered rule + last_rule_num = None + last_rule_target = None + for rule in input_rules[:-1]: + if rule: + try: + last_rule_num = int(rule[0]) + except ValueError: + continue + last_rule_target = rule[1] + + # Naively assume that if the last row is a REJECT or DROP rule, + # then we can insert our rule right before it, otherwise we + # assume that we can just append the rule. + if (last_rule_num and last_rule_target and last_rule_target in ['REJECT', 'DROP']): + # insert rule + cmd = self.cmd + ['-I', self.jump_rule_chain, + str(last_rule_num)] + else: + # append rule + cmd = self.cmd + ['-A', self.jump_rule_chain] + cmd += ['-j', self.chain] + output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) + self.changed = True + self.output.append(output) + self.save() + except subprocess.CalledProcessError as ex: + if '--line-numbers' in ex.cmd: + raise IpTablesCreateJumpRuleError( + chain=self.chain, + msg=("Failed to query existing " + + self.jump_rule_chain + + " rules to determine jump rule location"), + cmd=ex.cmd, exit_code=ex.returncode, + output=ex.output) + else: + raise IpTablesCreateJumpRuleError( + chain=self.chain, + msg=("Failed to create jump rule for chain " + + self.chain), + cmd=ex.cmd, exit_code=ex.returncode, + output=ex.output) + + def create_chain(self): + if self.check_mode: + self.changed = True + self.output.append("Create chain %s" % self.chain) + else: + try: + cmd = self.cmd + ['-N', self.chain] + self.output.append(subprocess.check_output(cmd, stderr=subprocess.STDOUT)) + self.changed = True + self.output.append("Successfully created chain %s" % + self.chain) + self.save() + except subprocess.CalledProcessError as ex: + raise IpTablesCreateChainError( + chain=self.chain, + msg="Failed to create chain: %s" % self.chain, + cmd=ex.cmd, exit_code=ex.returncode, output=ex.output + ) + + def jump_rule_exists(self): + cmd = self.cmd + ['-C', self.jump_rule_chain, '-j', self.chain] + return True if subprocess.call(cmd) == 0 else False + + def chain_exists(self): + cmd = self.cmd + ['-L', self.chain] + return True if subprocess.call(cmd) == 0 else False + + def gen_cmd(self): + cmd = 'iptables' if self.ip_version == 'ipv4' else 'ip6tables' + # Include -w (wait for xtables lock) in default arguments. + default_args = ['-w'] + return ["/usr/sbin/%s" % cmd] + default_args + + def gen_save_cmd(self): # pylint: disable=no-self-use + return ['/usr/libexec/iptables/iptables.init', 'save'] + + +def main(): + module = AnsibleModule( # noqa: F405 + argument_spec=dict( + name=dict(required=True), + action=dict(required=True, choices=['add', 'remove', + 'verify_chain']), + chain=dict(required=False, default='OS_FIREWALL_ALLOW'), + create_jump_rule=dict(required=False, type='bool', default=True), + jump_rule_chain=dict(required=False, default='INPUT'), + protocol=dict(required=False, choices=['tcp', 'udp']), + port=dict(required=False, type='str'), + ip_version=dict(required=False, default='ipv4', + choices=['ipv4', 'ipv6']), + ), + supports_check_mode=True + ) + + action = module.params['action'] + protocol = module.params['protocol'] + port = module.params['port'] + + if action in ['add', 'remove']: + if not protocol: + error = "protocol is required when action is %s" % action + module.fail_json(msg=error) + if not port: + error = "port is required when action is %s" % action + module.fail_json(msg=error) + + iptables_manager = IpTablesManager(module) + + try: + if action == 'add': + iptables_manager.add_rule(port, protocol) + elif action == 'remove': + iptables_manager.remove_rule(port, protocol) + elif action == 'verify_chain': + iptables_manager.verify_chain() + except IpTablesError as ex: + module.fail_json(msg=ex.msg) + + return module.exit_json(changed=iptables_manager.changed, + output=iptables_manager.output) + + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, wrong-import-position +# import module snippets +from ansible.module_utils.basic import * # noqa: F403,E402 +from ansible.module_utils._text import to_native # noqa: E402 +if __name__ == '__main__': + main() diff --git a/roles/lib_utils/library/rpm_q.py b/roles/lib_utils/library/rpm_q.py new file mode 100644 index 000000000..3dec50fc2 --- /dev/null +++ b/roles/lib_utils/library/rpm_q.py @@ -0,0 +1,72 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# (c) 2015, Tobias Florek +# Licensed under the terms of the MIT License +""" +An ansible module to query the RPM database. For use, when yum/dnf are not +available. +""" + +# pylint: disable=redefined-builtin,wildcard-import,unused-wildcard-import +from ansible.module_utils.basic import * # noqa: F403 + +DOCUMENTATION = """ +--- +module: rpm_q +short_description: Query the RPM database +author: Tobias Florek +options: + name: + description: + - The name of the package to query + required: true + state: + description: + - Whether the package is supposed to be installed or not + choices: [present, absent] + default: present +""" + +EXAMPLES = """ +- rpm_q: name=ansible state=present +- rpm_q: name=ansible state=absent +""" + +RPM_BINARY = '/bin/rpm' + + +def main(): + """ + Checks rpm -q for the named package and returns the installed packages + or None if not installed. + """ + module = AnsibleModule( # noqa: F405 + argument_spec=dict( + name=dict(required=True), + state=dict(default='present', choices=['present', 'absent']) + ), + supports_check_mode=True + ) + + name = module.params['name'] + state = module.params['state'] + + # pylint: disable=invalid-name + rc, out, err = module.run_command([RPM_BINARY, '-q', name]) + + installed = out.rstrip('\n').split('\n') + + if rc != 0: + if state == 'present': + module.fail_json(msg="%s is not installed" % name, stdout=out, stderr=err, rc=rc) + else: + module.exit_json(changed=False) + elif state == 'present': + module.exit_json(changed=False, installed_versions=installed) + else: + module.fail_json(msg="%s is installed", installed_versions=installed) + + +if __name__ == '__main__': + main() diff --git a/roles/nuage_ca/meta/main.yml b/roles/nuage_ca/meta/main.yml index 36838debc..0d0b8d1a5 100644 --- a/roles/nuage_ca/meta/main.yml +++ b/roles/nuage_ca/meta/main.yml @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- { role: nuage_common } +- role: nuage_common diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml index e2f7af5ad..643800680 100644 --- a/roles/nuage_master/meta/main.yml +++ b/roles/nuage_master/meta/main.yml @@ -14,4 +14,4 @@ galaxy_info: - system dependencies: - role: lib_openshift -- role: lib_os_firewall +- role: lib_utils diff --git a/roles/nuage_node/meta/main.yml b/roles/nuage_node/meta/main.yml index 9b0315054..0480502b7 100644 --- a/roles/nuage_node/meta/main.yml +++ b/roles/nuage_node/meta/main.yml @@ -15,4 +15,4 @@ galaxy_info: dependencies: - role: nuage_common - role: nuage_ca -- role: lib_os_firewall +- role: lib_utils diff --git a/roles/openshift_builddefaults/meta/main.yml b/roles/openshift_builddefaults/meta/main.yml index 422d08400..60ac189a8 100644 --- a/roles/openshift_builddefaults/meta/main.yml +++ b/roles/openshift_builddefaults/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_buildoverrides/meta/main.yml b/roles/openshift_buildoverrides/meta/main.yml index e9d2e8712..edca92e6f 100644 --- a/roles/openshift_buildoverrides/meta/main.yml +++ b/roles/openshift_buildoverrides/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_ca/meta/main.yml b/roles/openshift_ca/meta/main.yml index 81b49ce60..b2081efc6 100644 --- a/roles/openshift_ca/meta/main.yml +++ b/roles/openshift_ca/meta/main.yml @@ -15,3 +15,4 @@ galaxy_info: dependencies: - role: openshift_cli - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index ea4702248..358b8528f 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -9,7 +9,7 @@ - name: Install the base package for admin tooling package: - name: "{{ openshift_service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift_service_type }}{{ openshift_pkg_version | default('') | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}" state: present when: not openshift.common.is_containerized | bool register: install_result @@ -41,7 +41,7 @@ - set_fact: master_ca_missing: "{{ False in (g_master_ca_stat_result.results - | oo_collect(attribute='stat.exists') + | lib_utils_oo_collect(attribute='stat.exists') | list) }}" run_once: true @@ -88,10 +88,10 @@ - name: Create the master certificates if they do not already exist command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-master-certs - {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + {% for named_ca_certificate in openshift.master.named_certificates | default([]) | lib_utils_oo_collect('cafile') %} --certificate-authority {{ named_ca_certificate }} {% endfor %} - {% for legacy_ca_certificate in g_master_legacy_ca_result.files | default([]) | oo_collect('path') %} + {% for legacy_ca_certificate in g_master_legacy_ca_result.files | default([]) | lib_utils_oo_collect('path') %} --certificate-authority {{ legacy_ca_certificate }} {% endfor %} --hostnames={{ hostvars[openshift_ca_host].openshift.common.all_hostnames | join(',') }} @@ -117,7 +117,7 @@ src: "{{ item }}" dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/" remote_src: true - with_items: "{{ g_master_legacy_ca_result.files | default([]) | oo_collect('path') }}" + with_items: "{{ g_master_legacy_ca_result.files | default([]) | lib_utils_oo_collect('path') }}" delegate_to: "{{ openshift_ca_host }}" run_once: true - copy: @@ -156,7 +156,7 @@ command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-api-client-config --certificate-authority={{ openshift_ca_cert }} - {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + {% for named_ca_certificate in openshift.master.named_certificates | default([]) | lib_utils_oo_collect('cafile') %} --certificate-authority {{ named_ca_certificate }} {% endfor %} --client-dir={{ openshift_ca_loopback_tmpdir.stdout }} diff --git a/roles/openshift_certificate_expiry/meta/main.yml b/roles/openshift_certificate_expiry/meta/main.yml index c13b29ba5..6758f5b36 100644 --- a/roles/openshift_certificate_expiry/meta/main.yml +++ b/roles/openshift_certificate_expiry/meta/main.yml @@ -13,4 +13,5 @@ galaxy_info: categories: - cloud - system -dependencies: [] +dependencies: +- role: lib_utils diff --git a/roles/openshift_cli/meta/main.yml b/roles/openshift_cli/meta/main.yml index 5d2b6abed..e531543b9 100644 --- a/roles/openshift_cli/meta/main.yml +++ b/roles/openshift_cli/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_cloud_provider/meta/main.yml b/roles/openshift_cloud_provider/meta/main.yml index 8ab95bf5a..e49cc4430 100644 --- a/roles/openshift_cloud_provider/meta/main.yml +++ b/roles/openshift_cloud_provider/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_cluster_autoscaler/meta/main.yml b/roles/openshift_cluster_autoscaler/meta/main.yml index d2bbd2576..543eb6fed 100644 --- a/roles/openshift_cluster_autoscaler/meta/main.yml +++ b/roles/openshift_cluster_autoscaler/meta/main.yml @@ -1,3 +1,4 @@ --- dependencies: - lib_openshift +- role: lib_utils diff --git a/roles/openshift_default_storage_class/meta/main.yml b/roles/openshift_default_storage_class/meta/main.yml index d7d57fe39..30671a59a 100644 --- a/roles/openshift_default_storage_class/meta/main.yml +++ b/roles/openshift_default_storage_class/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: lib_openshift +- role: lib_utils diff --git a/roles/openshift_docker_gc/meta/main.yml b/roles/openshift_docker_gc/meta/main.yml index f88a7c533..c8472d8bc 100644 --- a/roles/openshift_docker_gc/meta/main.yml +++ b/roles/openshift_docker_gc/meta/main.yml @@ -11,3 +11,4 @@ galaxy_info: - 7 dependencies: - role: lib_openshift +- role: lib_utils diff --git a/roles/openshift_etcd/meta/main.yml b/roles/openshift_etcd/meta/main.yml index 0e28fec03..25ae6a936 100644 --- a/roles/openshift_etcd/meta/main.yml +++ b/roles/openshift_etcd/meta/main.yml @@ -14,3 +14,4 @@ galaxy_info: dependencies: - role: openshift_etcd_facts - role: etcd +- role: lib_utils diff --git a/roles/openshift_etcd_client_certificates/meta/main.yml b/roles/openshift_etcd_client_certificates/meta/main.yml index fbc72c8a3..6c79d345c 100644 --- a/roles/openshift_etcd_client_certificates/meta/main.yml +++ b/roles/openshift_etcd_client_certificates/meta/main.yml @@ -11,4 +11,5 @@ galaxy_info: - 7 categories: - cloud -dependencies: [] +dependencies: +- role: lib_utils diff --git a/roles/openshift_etcd_facts/meta/main.yml b/roles/openshift_etcd_facts/meta/main.yml index 925aa9f92..5e64a8596 100644 --- a/roles/openshift_etcd_facts/meta/main.yml +++ b/roles/openshift_etcd_facts/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_examples/meta/main.yml b/roles/openshift_examples/meta/main.yml index f3fe2dcbe..1a34c85fc 100644 --- a/roles/openshift_examples/meta/main.yml +++ b/roles/openshift_examples/meta/main.yml @@ -11,4 +11,5 @@ galaxy_info: - 7 categories: - cloud -dependencies: [] +dependencies: +- role: lib_utils diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml index ad7c00d14..12fecaff5 100644 --- a/roles/openshift_excluder/tasks/install.yml +++ b/roles/openshift_excluder/tasks/install.yml @@ -8,7 +8,7 @@ - name: Install docker excluder - yum package: - name: "{{ r_openshift_excluder_service_type }}-docker-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" + name: "{{ r_openshift_excluder_service_type }}-docker-excluder{{ openshift_pkg_version | default('') | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" state: "{{ r_openshift_excluder_docker_package_state }}" when: - r_openshift_excluder_enable_docker_excluder | bool @@ -23,7 +23,7 @@ # https://bugzilla.redhat.com/show_bug.cgi?id=1199432 - name: Install docker excluder - dnf package: - name: "{{ r_openshift_excluder_service_type }}-docker-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ r_openshift_excluder_service_type }}-docker-excluder{{ openshift_pkg_version | default('') | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}" state: "{{ r_openshift_excluder_docker_package_state }}" when: - r_openshift_excluder_enable_docker_excluder | bool @@ -33,7 +33,7 @@ - name: Install openshift excluder - yum package: - name: "{{ r_openshift_excluder_service_type }}-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" + name: "{{ r_openshift_excluder_service_type }}-excluder{{ openshift_pkg_version | default('') | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" state: "{{ r_openshift_excluder_package_state }}" when: - r_openshift_excluder_enable_openshift_excluder | bool @@ -47,7 +47,7 @@ # https://bugzilla.redhat.com/show_bug.cgi?id=1199432 - name: Install openshift excluder - dnf package: - name: "{{ r_openshift_excluder_service_type }}-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ r_openshift_excluder_service_type }}-excluder{{ openshift_pkg_version | default('') | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}" state: "{{ r_openshift_excluder_package_state }}" when: - r_openshift_excluder_enable_openshift_excluder | bool diff --git a/roles/openshift_health_checker/meta/main.yml b/roles/openshift_health_checker/meta/main.yml index bc8e7bdcf..b8a59ee14 100644 --- a/roles/openshift_health_checker/meta/main.yml +++ b/roles/openshift_health_checker/meta/main.yml @@ -1,3 +1,4 @@ --- dependencies: - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml index ac9e241a5..ace2d15b0 100644 --- a/roles/openshift_hosted/meta/main.yml +++ b/roles/openshift_hosted/meta/main.yml @@ -14,4 +14,4 @@ galaxy_info: dependencies: - role: openshift_facts - role: lib_openshift -- role: lib_os_firewall +- role: lib_utils diff --git a/roles/openshift_hosted/tasks/router.yml b/roles/openshift_hosted/tasks/router.yml index 4e9219477..8ecaacb4a 100644 --- a/roles/openshift_hosted/tasks/router.yml +++ b/roles/openshift_hosted/tasks/router.yml @@ -25,10 +25,10 @@ backup: True dest: "/etc/origin/master/{{ item | basename }}" src: "{{ item }}" - with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') | - oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" + with_items: "{{ openshift_hosted_routers | lib_utils_oo_collect(attribute='certificate') | + lib_utils_oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} or - ( openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length > 0 ) + ( openshift_hosted_routers | lib_utils_oo_collect(attribute='certificate') | lib_utils_oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length > 0 ) # This is for when we desire a cluster signed cert @@ -55,7 +55,7 @@ when: - openshift_hosted_router_create_certificate | bool - openshift_hosted_router_certificate == {} - - openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length == 0 + - openshift_hosted_routers | lib_utils_oo_collect(attribute='certificate') | lib_utils_oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length == 0 - name: Create the router service account(s) oc_serviceaccount: diff --git a/roles/openshift_hosted/tasks/storage/glusterfs.yml b/roles/openshift_hosted/tasks/storage/glusterfs.yml index 18b2edcc6..b39c44b01 100644 --- a/roles/openshift_hosted/tasks/storage/glusterfs.yml +++ b/roles/openshift_hosted/tasks/storage/glusterfs.yml @@ -17,7 +17,7 @@ until: - "registry_pods.results.results[0]['items'] | count > 0" # There must be as many matching pods with 'Ready' status True as there are expected replicas - - "registry_pods.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == openshift_hosted_registry_replicas | default(l_default_replicas) | int" + - "registry_pods.results.results[0]['items'] | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == openshift_hosted_registry_replicas | default(l_default_replicas) | int" delay: 10 retries: "{{ (600 / 10) | int }}" diff --git a/roles/openshift_hosted_templates/meta/main.yml b/roles/openshift_hosted_templates/meta/main.yml index 4027f524b..fca3485fd 100644 --- a/roles/openshift_hosted_templates/meta/main.yml +++ b/roles/openshift_hosted_templates/meta/main.yml @@ -11,4 +11,5 @@ galaxy_info: - 7 categories: - cloud -dependencies: [] +dependencies: +- role: lib_utils diff --git a/roles/openshift_loadbalancer/meta/main.yml b/roles/openshift_loadbalancer/meta/main.yml index 72298b599..3b5b45c5f 100644 --- a/roles/openshift_loadbalancer/meta/main.yml +++ b/roles/openshift_loadbalancer/meta/main.yml @@ -10,5 +10,5 @@ galaxy_info: versions: - 7 dependencies: -- role: lib_os_firewall +- role: lib_utils - role: openshift_facts diff --git a/roles/openshift_logging/meta/main.yaml b/roles/openshift_logging/meta/main.yaml index 9c480f73a..01ed4918f 100644 --- a/roles/openshift_logging/meta/main.yaml +++ b/roles/openshift_logging/meta/main.yaml @@ -14,3 +14,4 @@ galaxy_info: dependencies: - role: lib_openshift - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml index 082c0128f..d5cfacae3 100644 --- a/roles/openshift_logging/tasks/generate_certs.yaml +++ b/roles/openshift_logging/tasks/generate_certs.yaml @@ -139,10 +139,10 @@ # TODO: make idempotent - name: Generate proxy session - set_fact: session_secret={{ 200 | oo_random_word}} + set_fact: session_secret={{ 200 | lib_utils_oo_random_word}} check_mode: no # TODO: make idempotent - name: Generate oauth client secret - set_fact: oauth_secret={{ 64 | oo_random_word}} + set_fact: oauth_secret={{ 64 | lib_utils_oo_random_word}} check_mode: no diff --git a/roles/openshift_logging_curator/meta/main.yaml b/roles/openshift_logging_curator/meta/main.yaml index d4635aab0..9f7c6341c 100644 --- a/roles/openshift_logging_curator/meta/main.yaml +++ b/roles/openshift_logging_curator/meta/main.yaml @@ -14,3 +14,4 @@ galaxy_info: dependencies: - role: lib_openshift - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_logging_elasticsearch/meta/main.yaml b/roles/openshift_logging_elasticsearch/meta/main.yaml index 6a9a6539c..e93d6b73e 100644 --- a/roles/openshift_logging_elasticsearch/meta/main.yaml +++ b/roles/openshift_logging_elasticsearch/meta/main.yaml @@ -14,3 +14,4 @@ galaxy_info: dependencies: - role: lib_openshift - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index 5fe683ae5..e91248d08 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -352,7 +352,7 @@ delete_after: true - set_fact: - es_deploy_name: "logging-{{ es_component }}-{{ openshift_logging_elasticsearch_deployment_type }}-{{ 8 | oo_random_word('abcdefghijklmnopqrstuvwxyz0123456789') }}" + es_deploy_name: "logging-{{ es_component }}-{{ openshift_logging_elasticsearch_deployment_type }}-{{ 8 | lib_utils_oo_random_word('abcdefghijklmnopqrstuvwxyz0123456789') }}" when: openshift_logging_elasticsearch_deployment_name == "" - set_fact: diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index cf6ee36bb..4b189f255 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -50,7 +50,7 @@ spec: - -provider=openshift - -client-id={{openshift_logging_elasticsearch_prometheus_sa}} - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - - -cookie-secret={{ 16 | oo_random_word | b64encode }} + - -cookie-secret={{ 16 | lib_utils_oo_random_word | b64encode }} - -upstream=https://localhost:9200 - '-openshift-sar={"namespace": "{{ openshift_logging_elasticsearch_namespace}}", "verb": "view", "resource": "prometheus", "group": "metrics.openshift.io"}' - '-openshift-delegate-urls={"/": {"resource": "prometheus", "verb": "view", "group": "metrics.openshift.io", "namespace": "{{ openshift_logging_elasticsearch_namespace}}"}}' diff --git a/roles/openshift_logging_eventrouter/meta/main.yaml b/roles/openshift_logging_eventrouter/meta/main.yaml new file mode 100644 index 000000000..711bb8f22 --- /dev/null +++ b/roles/openshift_logging_eventrouter/meta/main.yaml @@ -0,0 +1,17 @@ +--- +galaxy_info: + author: OpenShift Red Hat + description: OpenShift Aggregated Logging Eventrouter + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: lib_openshift +- role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_logging_fluentd/meta/main.yaml b/roles/openshift_logging_fluentd/meta/main.yaml index 89c98204f..62f076780 100644 --- a/roles/openshift_logging_fluentd/meta/main.yaml +++ b/roles/openshift_logging_fluentd/meta/main.yaml @@ -14,3 +14,4 @@ galaxy_info: dependencies: - role: lib_openshift - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_logging_fluentd/tasks/label_and_wait.yaml b/roles/openshift_logging_fluentd/tasks/label_and_wait.yaml index 12b4f5bfd..1cef6c25e 100644 --- a/roles/openshift_logging_fluentd/tasks/label_and_wait.yaml +++ b/roles/openshift_logging_fluentd/tasks/label_and_wait.yaml @@ -4,7 +4,7 @@ name: "{{ node }}" kind: node state: add - labels: "{{ openshift_logging_fluentd_nodeselector | oo_dict_to_list_of_dict }}" + labels: "{{ openshift_logging_fluentd_nodeselector | lib_utils_oo_dict_to_list_of_dict }}" # wait half a second between labels - local_action: command sleep {{ openshift_logging_fluentd_label_delay | default('.5') }} diff --git a/roles/openshift_logging_kibana/meta/main.yaml b/roles/openshift_logging_kibana/meta/main.yaml index d97586a37..d9d76dfe0 100644 --- a/roles/openshift_logging_kibana/meta/main.yaml +++ b/roles/openshift_logging_kibana/meta/main.yaml @@ -14,3 +14,4 @@ galaxy_info: dependencies: - role: lib_openshift - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_logging_kibana/tasks/main.yaml b/roles/openshift_logging_kibana/tasks/main.yaml index 77bf8042a..a00248d11 100644 --- a/roles/openshift_logging_kibana/tasks/main.yaml +++ b/roles/openshift_logging_kibana/tasks/main.yaml @@ -69,7 +69,7 @@ # gen session_secret if necessary - name: Generate session secret copy: - content: "{{ 200 | oo_random_word }}" + content: "{{ 200 | lib_utils_oo_random_word }}" dest: "{{ generated_certs_dir }}/session_secret" when: - not session_secret_file.stat.exists @@ -77,7 +77,7 @@ # gen oauth_secret if necessary - name: Generate oauth secret copy: - content: "{{ 64 | oo_random_word }}" + content: "{{ 64 | lib_utils_oo_random_word }}" dest: "{{ generated_certs_dir }}/oauth_secret" when: - not oauth_secret_file.stat.exists diff --git a/roles/openshift_logging_mux/meta/main.yaml b/roles/openshift_logging_mux/meta/main.yaml index f271d8d7d..969752f15 100644 --- a/roles/openshift_logging_mux/meta/main.yaml +++ b/roles/openshift_logging_mux/meta/main.yaml @@ -14,3 +14,4 @@ galaxy_info: dependencies: - role: lib_openshift - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_manage_node/meta/main.yml b/roles/openshift_manage_node/meta/main.yml index d90cd28cf..a09808a39 100644 --- a/roles/openshift_manage_node/meta/main.yml +++ b/roles/openshift_manage_node/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: lib_openshift +- role: lib_utils diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index af22a1a03..9f315b9af 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -50,7 +50,7 @@ name: "{{ openshift.node.nodename }}" kind: node state: add - labels: "{{ openshift_node_labels | oo_dict_to_list_of_dict }}" + labels: "{{ openshift_node_labels | lib_utils_oo_dict_to_list_of_dict }}" namespace: default when: - "'nodename' in openshift.node" diff --git a/roles/openshift_manageiq/meta/main.yml b/roles/openshift_manageiq/meta/main.yml index 6c96a91bf..5c9481430 100644 --- a/roles/openshift_manageiq/meta/main.yml +++ b/roles/openshift_manageiq/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: lib_openshift +- role: lib_utils diff --git a/roles/openshift_management/tasks/add_container_provider.yml b/roles/openshift_management/tasks/add_container_provider.yml index 24b2ce6ac..ca381b105 100644 --- a/roles/openshift_management/tasks/add_container_provider.yml +++ b/roles/openshift_management/tasks/add_container_provider.yml @@ -27,7 +27,7 @@ - name: Ensure the management SA bearer token is identified set_fact: - management_token: "{{ sa.results | oo_filter_sa_secrets }}" + management_token: "{{ sa.results | lib_utils_oo_filter_sa_secrets }}" - name: Ensure the SA bearer token value is read oc_secret: diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index bf0cbbf18..3460efec9 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -14,5 +14,4 @@ galaxy_info: dependencies: - role: lib_openshift - role: lib_utils -- role: lib_os_firewall - role: openshift_facts diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 7bfc870d5..1c43d335f 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -16,7 +16,7 @@ - name: Install Master package package: - name: "{{ openshift_service_type }}-master{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift_service_type }}-master{{ openshift_pkg_version | default('') | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}" state: present when: - not openshift.common.is_containerized | bool diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index f1a76e5f5..c224ad714 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -1,6 +1,6 @@ admissionConfig: {% if 'admission_plugin_config' in openshift.master %} - pluginConfig:{{ openshift.master.admission_plugin_config | to_padded_yaml(level=2) }} + pluginConfig:{{ openshift.master.admission_plugin_config | lib_utils_to_padded_yaml(level=2) }} {% endif %} apiLevels: - v1 @@ -16,13 +16,13 @@ assetConfig: metricsPublicURL: {{ openshift_hosted_metrics_deploy_url }} {% endif %} {% if 'extension_scripts' in openshift.master %} - extensionScripts: {{ openshift.master.extension_scripts | to_padded_yaml(1, 2) }} + extensionScripts: {{ openshift.master.extension_scripts | lib_utils_to_padded_yaml(1, 2) }} {% endif %} {% if 'extension_stylesheets' in openshift.master %} - extensionStylesheets: {{ openshift.master.extension_stylesheets | to_padded_yaml(1, 2) }} + extensionStylesheets: {{ openshift.master.extension_stylesheets | lib_utils_to_padded_yaml(1, 2) }} {% endif %} {% if 'extensions' in openshift.master %} - extensions: {{ openshift.master.extensions | to_padded_yaml(1, 2) }} + extensions: {{ openshift.master.extensions | lib_utils_to_padded_yaml(1, 2) }} {% endif %} servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }} @@ -42,7 +42,7 @@ assetConfig: {% endfor %} {% endif %} {% if openshift.master.audit_config | default(none) is not none %} -auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }} +auditConfig:{{ openshift.master.audit_config | lib_utils_to_padded_yaml(level=1) }} {% endif %} controllerConfig: election: @@ -85,7 +85,7 @@ imageConfig: format: {{ openshift.master.registry_url }} latest: {{ openshift_master_image_config_latest }} {% if 'image_policy_config' in openshift.master %} -imagePolicyConfig:{{ openshift.master.image_policy_config | to_padded_yaml(level=1) }} +imagePolicyConfig:{{ openshift.master.image_policy_config | lib_utils_to_padded_yaml(level=1) }} {% endif %} kind: MasterConfig kubeletClientInfo: @@ -96,21 +96,21 @@ kubeletClientInfo: port: 10250 {% if openshift.master.embedded_kube | bool %} kubernetesMasterConfig: - apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }} + apiServerArguments: {{ openshift.master.api_server_args | default(None) | lib_utils_to_padded_yaml( level=2 ) }} {% if r_openshift_master_etcd3_storage or ( r_openshift_master_clean_install and openshift.common.version_gte_3_6 ) %} storage-backend: - etcd3 storage-media-type: - application/vnd.kubernetes.protobuf {% endif %} - controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }} + controllerArguments: {{ openshift.master.controller_args | default(None) | lib_utils_to_padded_yaml( level=2 ) }} masterCount: {{ openshift.master.master_count }} masterIP: {{ openshift.common.ip }} podEvictionTimeout: {{ openshift.master.pod_eviction_timeout | default("") }} proxyClientInfo: certFile: master.proxy-client.crt keyFile: master.proxy-client.key - schedulerArguments: {{ openshift_master_scheduler_args | default(None) | to_padded_yaml( level=3 ) }} + schedulerArguments: {{ openshift_master_scheduler_args | default(None) | lib_utils_to_padded_yaml( level=3 ) }} schedulerConfigFile: {{ openshift_master_scheduler_conf }} servicesNodePortRange: "{{ openshift_node_port_range | default("") }}" servicesSubnet: {{ openshift.common.portal_net }} @@ -144,7 +144,7 @@ networkConfig: {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.common.portal_net }} - externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | to_padded_yaml(1,2) }} + externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | lib_utils_to_padded_yaml(1,2) }} {% if openshift_master_ingress_ip_network_cidr is defined %} ingressIPNetworkCIDR: {{ openshift_master_ingress_ip_network_cidr }} {% endif %} @@ -153,7 +153,7 @@ oauthConfig: alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }} {% endif %} {% if 'oauth_templates' in openshift.master %} - templates:{{ openshift.master.oauth_templates | to_padded_yaml(level=2) }} + templates:{{ openshift.master.oauth_templates | lib_utils_to_padded_yaml(level=2) }} {% endif %} assetPublicURL: {{ openshift.master.public_console_url }}/ grantConfig: diff --git a/roles/openshift_master_certificates/meta/main.yml b/roles/openshift_master_certificates/meta/main.yml index 300b2cbff..e7d9f5bba 100644 --- a/roles/openshift_master_certificates/meta/main.yml +++ b/roles/openshift_master_certificates/meta/main.yml @@ -12,4 +12,5 @@ galaxy_info: categories: - cloud - system -dependencies: [] +dependencies: +- role: lib_utils diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index ec1fbb1ee..273414f8d 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -27,7 +27,7 @@ master_certs_missing: "{{ true if openshift_certificates_redeploy | default(false) | bool else (False in (g_master_cert_stat_result.results | default({}) - | oo_collect(attribute='stat.exists') + | lib_utils_oo_collect(attribute='stat.exists') | list)) }}" - name: Ensure the generated_configs directory present @@ -48,10 +48,10 @@ - name: Create the master server certificate command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-server-cert - {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + {% for named_ca_certificate in openshift.master.named_certificates | default([]) | lib_utils_oo_collect('cafile') %} --certificate-authority {{ named_ca_certificate }} {% endfor %} - {% for legacy_ca_certificate in g_master_legacy_ca_result.files | default([]) | oo_collect('path') %} + {% for legacy_ca_certificate in g_master_legacy_ca_result.files | default([]) | lib_utils_oo_collect('path') %} --certificate-authority {{ legacy_ca_certificate }} {% endfor %} --hostnames={{ hostvars[item].openshift.common.all_hostnames | join(',') }} @@ -64,8 +64,8 @@ --overwrite=false when: item != openshift_ca_host with_items: "{{ hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect(attribute='inventory_hostname', filters={'master_certs_missing':True}) }}" + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect(attribute='inventory_hostname', filters={'master_certs_missing':True}) }}" delegate_to: "{{ openshift_ca_host }}" run_once: true @@ -73,7 +73,7 @@ command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-api-client-config --certificate-authority={{ openshift_ca_cert }} - {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + {% for named_ca_certificate in openshift.master.named_certificates | default([]) | lib_utils_oo_collect('cafile') %} --certificate-authority {{ named_ca_certificate }} {% endfor %} --client-dir={{ openshift_generated_configs_dir }}/master-{{ hostvars[item].openshift.common.hostname }} @@ -89,8 +89,8 @@ args: creates: "{{ openshift_generated_configs_dir }}/master-{{ hostvars[item].openshift.common.hostname }}/openshift-master.kubeconfig" with_items: "{{ hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect(attribute='inventory_hostname', filters={'master_certs_missing':True}) }}" + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect(attribute='inventory_hostname', filters={'master_certs_missing':True}) }}" when: item != openshift_ca_host delegate_to: "{{ openshift_ca_host }}" run_once: true diff --git a/roles/openshift_master_facts/filter_plugins/oo_filters.py b/roles/openshift_master_facts/filter_plugins/oo_filters.py deleted file mode 120000 index 6f9bc47c1..000000000 --- a/roles/openshift_master_facts/filter_plugins/oo_filters.py +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins/oo_filters.py \ No newline at end of file diff --git a/roles/openshift_master_facts/meta/main.yml b/roles/openshift_master_facts/meta/main.yml index 9dbf719f8..0ab2311d3 100644 --- a/roles/openshift_master_facts/meta/main.yml +++ b/roles/openshift_master_facts/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 418dcba67..4e925813b 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -15,7 +15,7 @@ set_fact: g_metrics_hostname: "{{ openshift_hosted_metrics_public_url | default('hawkular-metrics.' ~ openshift_master_default_subdomain) - | oo_hostname_from_url }}" + | lib_utils_oo_hostname_from_url }}" - set_fact: openshift_hosted_metrics_deploy_url: "https://{{ g_metrics_hostname }}/hawkular/metrics" diff --git a/roles/openshift_metrics/meta/main.yaml b/roles/openshift_metrics/meta/main.yaml index 50214135c..675ec112f 100644 --- a/roles/openshift_metrics/meta/main.yaml +++ b/roles/openshift_metrics/meta/main.yaml @@ -15,5 +15,6 @@ galaxy_info: categories: - openshift dependencies: -- { role: lib_openshift } -- { role: openshift_facts } +- role: lib_openshift +- role: lib_utils +- role: openshift_facts diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index 0fd19c9f8..9395fceca 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -14,7 +14,7 @@ changed_when: no - name: generate password for hawkular metrics - local_action: copy dest="{{ local_tmp.stdout }}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}" + local_action: copy dest="{{ local_tmp.stdout }}/{{ item }}.pwd" content="{{ 15 | lib_utils_oo_random_word }}" with_items: - hawkular-metrics become: false diff --git a/roles/openshift_metrics/tasks/setup_certificate.yaml b/roles/openshift_metrics/tasks/setup_certificate.yaml index 2d880f4d6..e6081c0d3 100644 --- a/roles/openshift_metrics/tasks/setup_certificate.yaml +++ b/roles/openshift_metrics/tasks/setup_certificate.yaml @@ -23,7 +23,7 @@ - name: generate random password for the {{ component }} keystore copy: - content: "{{ 15 | oo_random_word }}" + content: "{{ 15 | lib_utils_oo_random_word }}" dest: '{{ mktemp.stdout }}/{{ component }}-keystore.pwd' - slurp: src={{ mktemp.stdout | quote }}/{{ component|quote }}-keystore.pwd @@ -39,5 +39,5 @@ - name: generate random password for the {{ component }} truststore copy: - content: "{{ 15 | oo_random_word }}" + content: "{{ 15 | lib_utils_oo_random_word }}" dest: '{{ mktemp.stdout | quote }}/{{ component|quote }}-truststore.pwd' diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index e976bc222..7c75b2f97 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -64,7 +64,7 @@ spec: - name: MASTER_URL value: "{{ openshift_metrics_master_url }}" - name: JGROUPS_PASSWORD - value: "{{ 17 | oo_random_word }}" + value: "{{ 17 | lib_utils_oo_random_word }}" - name: TRUSTSTORE_AUTHORITIES value: "/hawkular-metrics-certs/tls.truststore.crt" - name: ENABLE_PROMETHEUS_ENDPOINT diff --git a/roles/openshift_named_certificates/meta/main.yml b/roles/openshift_named_certificates/meta/main.yml index 2c6e12494..e7d81df53 100644 --- a/roles/openshift_named_certificates/meta/main.yml +++ b/roles/openshift_named_certificates/meta/main.yml @@ -14,3 +14,4 @@ galaxy_info: - system dependencies: - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_named_certificates/tasks/main.yml b/roles/openshift_named_certificates/tasks/main.yml index 1bcf9ef67..ad5472445 100644 --- a/roles/openshift_named_certificates/tasks/main.yml +++ b/roles/openshift_named_certificates/tasks/main.yml @@ -1,6 +1,6 @@ --- - set_fact: - parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certs_dir, internal_hostnames) }}" + parsed_named_certificates: "{{ named_certificates | lib_utils_oo_parse_named_certificates(named_certs_dir, internal_hostnames) }}" when: named_certificates | length > 0 delegate_to: localhost become: no @@ -43,4 +43,4 @@ src: "{{ item }}" dest: "{{ named_certs_dir }}/{{ item | basename }}" mode: 0600 - with_items: "{{ named_certificates | oo_collect('cafile') }}" + with_items: "{{ named_certificates | lib_utils_oo_collect('cafile') }}" diff --git a/roles/openshift_nfs/meta/main.yml b/roles/openshift_nfs/meta/main.yml index d7b5910f2..17c0cf33f 100644 --- a/roles/openshift_nfs/meta/main.yml +++ b/roles/openshift_nfs/meta/main.yml @@ -13,4 +13,4 @@ galaxy_info: - cloud dependencies: - role: lib_utils -- role: lib_os_firewall +- role: lib_utils diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 08e45dda1..a90aad532 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -27,7 +27,7 @@ openshift_dns_ip: "{{ ansible_default_ipv4['address'] }}" openshift_node_env_vars: {} # Create list of 'k=v' pairs. -l_node_kubelet_node_labels: "{{ openshift_node_labels | default({}) | oo_dict_to_keqv_list }}" +l_node_kubelet_node_labels: "{{ openshift_node_labels | default({}) | lib_utils_oo_dict_to_keqv_list }}" openshift_node_kubelet_args_dict: aws: diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index b531d2dfe..86a2ca16f 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -13,9 +13,6 @@ galaxy_info: - cloud dependencies: - role: lib_openshift -- role: lib_os_firewall - when: not (openshift_node_upgrade_in_progress | default(False)) - role: openshift_cloud_provider when: not (openshift_node_upgrade_in_progress | default(False)) - role: lib_utils - when: openshift_node_upgrade_in_progress | default(False) diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml index 9f004e8dd..fb98b7550 100644 --- a/roles/openshift_node/tasks/install.yml +++ b/roles/openshift_node/tasks/install.yml @@ -3,14 +3,14 @@ block: - name: Install Node package package: - name: "{{ openshift_service_type }}-node{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift_service_type }}-node{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}" state: present register: result until: result is succeeded - name: Install sdn-ovs package package: - name: "{{ openshift_service_type }}-sdn-ovs{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift_service_type }}-sdn-ovs{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}" state: present when: - openshift_node_use_openshift_sdn | bool diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 76e75297a..f091263f5 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -13,7 +13,7 @@ imageConfig: format: {{ oreg_url_node }} latest: {{ openshift_node_image_config_latest }} kind: NodeConfig -kubeletArguments: {{ l2_openshift_node_kubelet_args | default(None) | to_padded_yaml(level=1) }} +kubeletArguments: {{ l2_openshift_node_kubelet_args | default(None) | lib_utils_to_padded_yaml(level=1) }} {% if openshift_use_crio %} container-runtime: - remote diff --git a/roles/openshift_node_certificates/meta/main.yml b/roles/openshift_node_certificates/meta/main.yml index 0440bf11a..4362c644a 100644 --- a/roles/openshift_node_certificates/meta/main.yml +++ b/roles/openshift_node_certificates/meta/main.yml @@ -12,4 +12,5 @@ galaxy_info: categories: - cloud - system -dependencies: [] +dependencies: +- role: lib_utils diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 97f1fbbdd..1e5ebe98e 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -31,7 +31,7 @@ node_certs_missing: "{{ true if openshift_certificates_redeploy | default(false) | bool else (False in (g_node_cert_stat_result.results | default({}) - | oo_collect(attribute='stat.exists') + | lib_utils_oo_collect(attribute='stat.exists') | list)) }}" - name: Create openshift_generated_configs_dir if it does not exist @@ -52,10 +52,10 @@ - name: Generate the node client config command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-api-client-config - {% for named_ca_certificate in hostvars[openshift_ca_host].openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + {% for named_ca_certificate in hostvars[openshift_ca_host].openshift.master.named_certificates | default([]) | lib_utils_oo_collect('cafile') %} --certificate-authority {{ named_ca_certificate }} {% endfor %} - {% for legacy_ca_certificate in g_master_legacy_ca_result.files | default([]) | oo_collect('path') %} + {% for legacy_ca_certificate in g_master_legacy_ca_result.files | default([]) | lib_utils_oo_collect('path') %} --certificate-authority {{ legacy_ca_certificate }} {% endfor %} --certificate-authority={{ openshift_ca_cert }} @@ -70,8 +70,8 @@ args: creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}" with_items: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_collect(attribute='inventory_hostname', filters={'node_certs_missing':True}) }}" + | lib_utils_oo_select_keys(groups['oo_nodes_to_config']) + | lib_utils_oo_collect(attribute='inventory_hostname', filters={'node_certs_missing':True}) }}" delegate_to: "{{ openshift_ca_host }}" run_once: true @@ -89,8 +89,8 @@ args: creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.crt" with_items: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_collect(attribute='inventory_hostname', filters={'node_certs_missing':True}) }}" + | lib_utils_oo_select_keys(groups['oo_nodes_to_config']) + | lib_utils_oo_collect(attribute='inventory_hostname', filters={'node_certs_missing':True}) }}" delegate_to: "{{ openshift_ca_host }}" run_once: true diff --git a/roles/openshift_persistent_volumes/meta/main.yml b/roles/openshift_persistent_volumes/meta/main.yml index 48b0699ab..aea7616bf 100644 --- a/roles/openshift_persistent_volumes/meta/main.yml +++ b/roles/openshift_persistent_volumes/meta/main.yml @@ -11,3 +11,4 @@ galaxy_info: - 7 dependencies: - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_persistent_volumes/templates/persistent-volume-claim.yml.j2 b/roles/openshift_persistent_volumes/templates/persistent-volume-claim.yml.j2 index d40417a9a..fac589a92 100644 --- a/roles/openshift_persistent_volumes/templates/persistent-volume-claim.yml.j2 +++ b/roles/openshift_persistent_volumes/templates/persistent-volume-claim.yml.j2 @@ -8,7 +8,7 @@ items: metadata: name: "{{ claim.name }}" spec: - accessModes: {{ claim.access_modes | to_padded_yaml(2, 2) }} + accessModes: {{ claim.access_modes | lib_utils_to_padded_yaml(2, 2) }} resources: requests: storage: "{{ claim.capacity }}" diff --git a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 index 9ec14208b..354561432 100644 --- a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 +++ b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 @@ -16,6 +16,6 @@ items: spec: capacity: storage: "{{ volume.capacity }}" - accessModes: {{ volume.access_modes | to_padded_yaml(2, 2) }} - {{ (volume.storage.keys() | list)[0] }}: {{ volume.storage[(volume.storage.keys() | list)[0]] | to_padded_yaml(3, 2) }} + accessModes: {{ volume.access_modes | lib_utils_to_padded_yaml(2, 2) }} + {{ (volume.storage.keys() | list)[0] }}: {{ volume.storage[(volume.storage.keys() | list)[0]] | lib_utils_to_padded_yaml(3, 2) }} {% endfor %} diff --git a/roles/openshift_prometheus/meta/main.yaml b/roles/openshift_prometheus/meta/main.yaml index 33188bb7e..69c5e0ee2 100644 --- a/roles/openshift_prometheus/meta/main.yaml +++ b/roles/openshift_prometheus/meta/main.yaml @@ -15,5 +15,6 @@ galaxy_info: categories: - openshift dependencies: -- { role: lib_openshift } -- { role: openshift_facts } +- role: lib_openshift +- role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_prometheus/tasks/install_prometheus.yaml b/roles/openshift_prometheus/tasks/install_prometheus.yaml index abc5dd476..2fb1c08e5 100644 --- a/roles/openshift_prometheus/tasks/install_prometheus.yaml +++ b/roles/openshift_prometheus/tasks/install_prometheus.yaml @@ -5,7 +5,7 @@ oc_project: state: present name: "{{ openshift_prometheus_namespace }}" - node_selector: "{{ openshift_prometheus_node_selector | oo_selector_to_string_list() }}" + node_selector: "{{ openshift_prometheus_node_selector | lib_utils_oo_selector_to_string_list() }}" description: Prometheus # secrets @@ -16,7 +16,7 @@ namespace: "{{ openshift_prometheus_namespace }}" contents: - path: session_secret - data: "{{ 43 | oo_random_word }}=" + data: "{{ 43 | lib_utils_oo_random_word }}=" with_items: - prometheus - alerts diff --git a/roles/openshift_provisioners/meta/main.yaml b/roles/openshift_provisioners/meta/main.yaml index cb9278eb7..5ef352bcd 100644 --- a/roles/openshift_provisioners/meta/main.yaml +++ b/roles/openshift_provisioners/meta/main.yaml @@ -14,3 +14,4 @@ galaxy_info: dependencies: - role: lib_openshift - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_sanitize_inventory/meta/main.yml b/roles/openshift_sanitize_inventory/meta/main.yml index f5b37186e..324ba06d8 100644 --- a/roles/openshift_sanitize_inventory/meta/main.yml +++ b/roles/openshift_sanitize_inventory/meta/main.yml @@ -12,4 +12,5 @@ galaxy_info: categories: - cloud - system -dependencies: [] +dependencies: +- role: lib_utils diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml index 41a6691c9..4b842c166 100644 --- a/roles/openshift_service_catalog/tasks/install.yml +++ b/roles/openshift_service_catalog/tasks/install.yml @@ -88,14 +88,14 @@ vars: original_content: "{{ edit_yaml.results.results[0] | to_yaml }}" when: - - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not edit_yaml.results.results[0] | lib_utils_oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | lib_utils_oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) # only do this if we don't already have the updated role info - name: update edit role for service catalog and pod preset access command: > {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/edit_sc_patch.yml when: - - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not edit_yaml.results.results[0] | lib_utils_oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | lib_utils_oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) - oc_obj: name: admin @@ -111,14 +111,14 @@ vars: original_content: "{{ admin_yaml.results.results[0] | to_yaml }}" when: - - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not admin_yaml.results.results[0] | lib_utils_oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | lib_utils_oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) # only do this if we don't already have the updated role info - name: update admin role for service catalog and pod preset access command: > {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/admin_sc_patch.yml when: - - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not admin_yaml.results.results[0] | lib_utils_oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | lib_utils_oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) - oc_obj: name: view @@ -134,14 +134,14 @@ vars: original_content: "{{ view_yaml.results.results[0] | to_yaml }}" when: - - not view_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch']) + - not view_yaml.results.results[0] | lib_utils_oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch']) # only do this if we don't already have the updated role info - name: update view role for service catalog access command: > {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/view_sc_patch.yml when: - - not view_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch']) + - not view_yaml.results.results[0] | lib_utils_oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch']) - oc_adm_policy_user: namespace: kube-service-catalog diff --git a/roles/openshift_service_catalog/tasks/start_api_server.yml b/roles/openshift_service_catalog/tasks/start_api_server.yml index b143292b6..84e542eaf 100644 --- a/roles/openshift_service_catalog/tasks/start_api_server.yml +++ b/roles/openshift_service_catalog/tasks/start_api_server.yml @@ -5,7 +5,7 @@ name: "{{ openshift.node.nodename }}" kind: node state: add - labels: "{{ openshift_service_catalog_nodeselector | default ({'openshift-infra': 'apiserver'}) | oo_dict_to_list_of_dict }}" + labels: "{{ openshift_service_catalog_nodeselector | default ({'openshift-infra': 'apiserver'}) | lib_utils_oo_dict_to_list_of_dict }}" # wait to see that the apiserver is available - name: wait for api server to be ready diff --git a/roles/openshift_storage_glusterfs/meta/main.yml b/roles/openshift_storage_glusterfs/meta/main.yml index 6a4ef942b..aa20245d5 100644 --- a/roles/openshift_storage_glusterfs/meta/main.yml +++ b/roles/openshift_storage_glusterfs/meta/main.yml @@ -12,4 +12,4 @@ galaxy_info: dependencies: - role: openshift_facts - role: lib_openshift -- role: lib_os_firewall +- role: lib_utils diff --git a/roles/openshift_storage_glusterfs/tasks/gluster_s3_deploy.yml b/roles/openshift_storage_glusterfs/tasks/gluster_s3_deploy.yml index 1664ecc1e..5b4c16740 100644 --- a/roles/openshift_storage_glusterfs/tasks/gluster_s3_deploy.yml +++ b/roles/openshift_storage_glusterfs/tasks/gluster_s3_deploy.yml @@ -63,7 +63,7 @@ until: - "gluster_s3_pvcs.results.results[0]['items'] | count > 0" # Pod's 'Bound' status must be True - - "gluster_s3_pvcs.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Bound'}) | map('bool') | select | list | count == 2" + - "gluster_s3_pvcs.results.results[0]['items'] | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Bound'}) | map('bool') | select | list | count == 2" delay: 10 retries: "{{ (glusterfs_timeout | int / 10) | int }}" @@ -108,6 +108,6 @@ until: - "gluster_s3_pod.results.results[0]['items'] | count > 0" # Pod's 'Ready' status must be True - - "gluster_s3_pod.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == 1" + - "gluster_s3_pod.results.results[0]['items'] | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == 1" delay: 10 retries: "{{ (glusterfs_timeout | int / 10) | int }}" diff --git a/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml index d6be8c726..e5dcdcab7 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml @@ -61,6 +61,6 @@ until: - "glusterblock_pod.results.results[0]['items'] | count > 0" # Pod's 'Ready' status must be True - - "glusterblock_pod.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == 1" + - "glusterblock_pod.results.results[0]['items'] | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == 1" delay: 10 retries: "{{ (glusterfs_timeout | int / 10) | int }}" diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index d11023a39..9307cb957 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -126,7 +126,7 @@ - "glusterfs_heketi_is_native" - "deploy_heketi_pod.results.results[0]['items'] | count > 0" # deploy-heketi is not missing when there are one or more pods with matching labels whose 'Ready' status is True - - "deploy_heketi_pod.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count > 0" + - "deploy_heketi_pod.results.results[0]['items'] | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count > 0" - name: Check for existing heketi pod oc_obj: @@ -144,7 +144,7 @@ - "glusterfs_heketi_is_native" - "heketi_pod.results.results[0]['items'] | count > 0" # heketi is not missing when there are one or more pods with matching labels whose 'Ready' status is True - - "heketi_pod.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count > 0" + - "heketi_pod.results.results[0]['items'] | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count > 0" - name: Generate topology file template: @@ -177,14 +177,14 @@ - name: Generate heketi admin key set_fact: - glusterfs_heketi_admin_key: "{{ 32 | oo_generate_secret }}" + glusterfs_heketi_admin_key: "{{ 32 | lib_utils_oo_generate_secret }}" when: - glusterfs_heketi_is_native - glusterfs_heketi_admin_key is undefined - name: Generate heketi user key set_fact: - glusterfs_heketi_user_key: "{{ 32 | oo_generate_secret }}" + glusterfs_heketi_user_key: "{{ 32 | lib_utils_oo_generate_secret }}" until: "glusterfs_heketi_user_key != glusterfs_heketi_admin_key" delay: 1 retries: 10 @@ -228,7 +228,7 @@ until: - "deploy_heketi_pod.results.results[0]['items'] | count > 0" # Pod's 'Ready' status must be True - - "deploy_heketi_pod.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == 1" + - "deploy_heketi_pod.results.results[0]['items'] | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == 1" delay: 10 retries: "{{ (glusterfs_timeout | int / 10) | int }}" when: diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml index 0c2fcb2c5..4cc82f1ad 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml @@ -21,7 +21,7 @@ name: "{{ hostvars[item].openshift.node.nodename }}" kind: node state: absent - labels: "{{ glusterfs_nodeselector | oo_dict_to_list_of_dict }}" + labels: "{{ glusterfs_nodeselector | lib_utils_oo_dict_to_list_of_dict }}" with_items: "{{ groups.all }}" when: "'openshift' in hostvars[item] and glusterfs_wipe" @@ -60,7 +60,7 @@ name: "{{ hostvars[item].openshift.node.nodename }}" kind: node state: add - labels: "{{ glusterfs_nodeselector | oo_dict_to_list_of_dict }}" + labels: "{{ glusterfs_nodeselector | lib_utils_oo_dict_to_list_of_dict }}" with_items: "{{ glusterfs_nodes | default([]) }}" - name: Copy GlusterFS DaemonSet template @@ -109,6 +109,6 @@ until: - "glusterfs_pods.results.results[0]['items'] | count > 0" # There must be as many pods with 'Ready' staus True as there are nodes expecting those pods - - "glusterfs_pods.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == glusterfs_nodes | count" + - "glusterfs_pods.results.results[0]['items'] | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == glusterfs_nodes | count" delay: 10 retries: "{{ (glusterfs_timeout | int / 10) | int }}" diff --git a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml index d23bd42b9..60b9ca497 100644 --- a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml +++ b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml @@ -28,14 +28,14 @@ until: - "'results' in heketi_job.results and heketi_job.results.results | count > 0" # Pod's 'Complete' status must be True - - "heketi_job.results.results | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Complete'}) | map('bool') | select | list | count == 1" + - "heketi_job.results.results | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Complete'}) | map('bool') | select | list | count == 1" delay: 10 retries: "{{ (glusterfs_timeout | int / 10) | int }}" failed_when: - "'results' in heketi_job.results" - "heketi_job.results.results | count > 0" # Fail when pod's 'Failed' status is True - - "heketi_job.results.results | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Failed'}) | map('bool') | select | list | count == 1" + - "heketi_job.results.results | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Failed'}) | map('bool') | select | list | count == 1" when: setup_storage.rc == 0 - name: Delete deploy resources @@ -120,7 +120,7 @@ until: - "heketi_pod.results.results[0]['items'] | count > 0" # Pod's 'Ready' status must be True - - "heketi_pod.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == 1" + - "heketi_pod.results.results[0]['items'] | lib_utils_oo_collect(attribute='status.conditions') | lib_utils_oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == 1" delay: 10 retries: "{{ (glusterfs_timeout | int / 10) | int }}" diff --git a/roles/openshift_storage_nfs/meta/main.yml b/roles/openshift_storage_nfs/meta/main.yml index d61e6873a..3ae04e59f 100644 --- a/roles/openshift_storage_nfs/meta/main.yml +++ b/roles/openshift_storage_nfs/meta/main.yml @@ -10,5 +10,5 @@ galaxy_info: versions: - 7 dependencies: -- role: lib_os_firewall +- role: lib_utils - role: openshift_facts diff --git a/roles/openshift_storage_nfs_lvm/meta/main.yml b/roles/openshift_storage_nfs_lvm/meta/main.yml index 50d94f6a3..de47708a5 100644 --- a/roles/openshift_storage_nfs_lvm/meta/main.yml +++ b/roles/openshift_storage_nfs_lvm/meta/main.yml @@ -16,3 +16,4 @@ galaxy_info: - openshift dependencies: - role: openshift_facts +- role: lib_utils diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml index 71f957b78..e02a75eab 100644 --- a/roles/openshift_version/tasks/set_version_containerized.yml +++ b/roles/openshift_version/tasks/set_version_containerized.yml @@ -62,4 +62,4 @@ # dangly +c0mm1t-offset tags in the version. See also, # openshift_facts.py - set_fact: - openshift_version: "{{ openshift_version | oo_chomp_commit_offset }}" + openshift_version: "{{ openshift_version | lib_utils_oo_chomp_commit_offset }}" diff --git a/roles/template_service_broker/meta/main.yml b/roles/template_service_broker/meta/main.yml index ab5a0cf08..f1b56b771 100644 --- a/roles/template_service_broker/meta/main.yml +++ b/roles/template_service_broker/meta/main.yml @@ -11,3 +11,5 @@ galaxy_info: - 7 categories: - cloud +dependencies: +- role: lib_utils diff --git a/test/openshift_version_tests.py b/test/openshift_version_tests.py deleted file mode 100644 index 36b8263bb..000000000 --- a/test/openshift_version_tests.py +++ /dev/null @@ -1,32 +0,0 @@ -""" Tests for the openshift_version Ansible filter module. """ -# pylint: disable=missing-docstring,invalid-name - -import os -import sys -import unittest - -sys.path = [os.path.abspath(os.path.dirname(__file__) + "/../filter_plugins/")] + sys.path - -# pylint: disable=import-error -import openshift_version # noqa: E402 - - -class OpenShiftVersionTests(unittest.TestCase): - - openshift_version_filters = openshift_version.FilterModule() - - def test_gte_filters(self): - for major, minor_start, minor_end in self.openshift_version_filters.versions: - for minor in range(minor_start, minor_end): - # Test positive case - self.assertTrue( - self.openshift_version_filters._filters["oo_version_gte_{}_{}".format(major, minor)]( - "{}.{}".format(major, minor + 1))) - # Test negative case - self.assertFalse( - self.openshift_version_filters._filters["oo_version_gte_{}_{}".format(major, minor)]( - "{}.{}".format(major, minor))) - - def test_get_filters(self): - self.assertTrue( - self.openshift_version_filters.filters() == self.openshift_version_filters._filters) -- cgit v1.2.3 From 46b5705f220022b9eee20f682a330558f9e60258 Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Tue, 2 Jan 2018 12:11:36 -0500 Subject: Correct kublet_args cloud-provider directories This commit updates kublet_args to correct cloudprovider configuration file locaitons. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1527203 --- roles/openshift_node/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'roles/openshift_node/defaults/main.yml') diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index a90aad532..5eb9cef15 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -34,19 +34,19 @@ openshift_node_kubelet_args_dict: cloud-provider: - aws cloud-config: - - "{{ openshift_config_base ~ '/aws.conf' }}" + - "{{ openshift_config_base ~ '/cloudprovider/aws.conf' }}" node-labels: "{{ l_node_kubelet_node_labels }}" openstack: cloud-provider: - openstack cloud-config: - - "{{ openshift_config_base ~ '/openstack.conf' }}" + - "{{ openshift_config_base ~ '/cloudprovider/openstack.conf' }}" node-labels: "{{ l_node_kubelet_node_labels }}" gce: cloud-provider: - gce cloud-config: - - "{{ openshift_config_base ~ '/gce.conf' }}" + - "{{ openshift_config_base ~ '/cloudprovider/gce.conf' }}" node-labels: "{{ l_node_kubelet_node_labels }}" undefined: node-labels: "{{ l_node_kubelet_node_labels }}" -- cgit v1.2.3 From 1a99f2ee9fac6dfe02e56e227874371b40a0b4fe Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Tue, 2 Jan 2018 14:21:36 -0500 Subject: Cast openshift_docker_use_system_container to bool openshift_docker_use_system_container might be passed in via ini inventory as 'openshift_docker_use_system_container=false' This condition will be interpreted as a string type, instead of boolean. Casting openshift_docker_use_system_container as bool will achieve the users desired intent. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1528943 --- roles/container_runtime/defaults/main.yml | 2 +- roles/contiv/defaults/main.yml | 2 +- roles/etcd/defaults/main.yaml | 2 +- roles/flannel/defaults/main.yaml | 2 +- roles/openshift_loadbalancer/defaults/main.yml | 2 +- roles/openshift_master/defaults/main.yml | 4 ++-- roles/openshift_node/defaults/main.yml | 4 ++-- roles/openshift_node_certificates/defaults/main.yml | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) (limited to 'roles/openshift_node/defaults/main.yml') diff --git a/roles/container_runtime/defaults/main.yml b/roles/container_runtime/defaults/main.yml index f4e249792..d0e37e2f4 100644 --- a/roles/container_runtime/defaults/main.yml +++ b/roles/container_runtime/defaults/main.yml @@ -11,7 +11,7 @@ oreg_auth_credentials_replace: False openshift_docker_use_system_container: False openshift_docker_disable_push_dockerhub: False # bool openshift_docker_selinux_enabled: True -openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}" openshift_docker_hosted_registry_insecure: False # bool diff --git a/roles/contiv/defaults/main.yml b/roles/contiv/defaults/main.yml index 8d06a5e96..0825af8a5 100644 --- a/roles/contiv/defaults/main.yml +++ b/roles/contiv/defaults/main.yml @@ -119,4 +119,4 @@ contiv_h1_gw_default: "10.129.0.1" # contiv default private subnet for ext access contiv_private_ext_subnet: "10.130.0.0/16" -openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}" diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index 337727e47..87e249642 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -98,4 +98,4 @@ r_etcd_os_firewall_allow: # set the backend quota to 4GB by default etcd_quota_backend_bytes: 4294967296 -openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}" diff --git a/roles/flannel/defaults/main.yaml b/roles/flannel/defaults/main.yaml index 2e4a0dc39..d9e4d2354 100644 --- a/roles/flannel/defaults/main.yaml +++ b/roles/flannel/defaults/main.yaml @@ -6,4 +6,4 @@ etcd_peer_ca_file: "{{ openshift.common.config_base }}/node/flannel.etcd-ca.crt" etcd_peer_cert_file: "{{ openshift.common.config_base }}/node/flannel.etcd-client.crt" etcd_peer_key_file: "{{ openshift.common.config_base }}/node/flannel.etcd-client.key" -openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}" diff --git a/roles/openshift_loadbalancer/defaults/main.yml b/roles/openshift_loadbalancer/defaults/main.yml index 6ffe3f11e..d8c45fb33 100644 --- a/roles/openshift_loadbalancer/defaults/main.yml +++ b/roles/openshift_loadbalancer/defaults/main.yml @@ -32,7 +32,7 @@ r_openshift_loadbalancer_os_firewall_allow: port: "{{ nuage_mon_rest_server_port | default(9443) }}/tcp" cond: "{{ r_openshift_lb_use_nuage | bool }}" -openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}" # NOTE # r_openshift_lb_use_nuage_default may be defined external to this role. diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 5d292ffd0..caf60b966 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -53,12 +53,12 @@ oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_ur oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker" oreg_auth_credentials_replace: False l_bind_docker_reg_auth: False -openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False)) or (openshift_use_crio_only | default(False)) }}" +openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False)) }}" containerized_svc_dir: "/usr/lib/systemd/system" ha_svc_template_path: "native-cluster" -openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}" openshift_master_loopback_config: "{{ openshift_master_config_dir }}/openshift-master.kubeconfig" loopback_context_string: "current-context: {{ openshift.master.loopback_context_name }}" diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index a90aad532..59a3618f1 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -169,9 +169,9 @@ oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker" oreg_auth_credentials_replace: False l_bind_docker_reg_auth: False openshift_use_crio: False -openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False)) or (openshift_use_crio_only | default(False)) }}" +openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False)) }}" -openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}" # NOTE # r_openshift_node_*_default may be defined external to this role. diff --git a/roles/openshift_node_certificates/defaults/main.yml b/roles/openshift_node_certificates/defaults/main.yml index b42b75be9..da1570528 100644 --- a/roles/openshift_node_certificates/defaults/main.yml +++ b/roles/openshift_node_certificates/defaults/main.yml @@ -2,4 +2,4 @@ openshift_node_cert_expire_days: 730 openshift_ca_host: '' -openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" +openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}" -- cgit v1.2.3 From 7819056aa716356416f421b3916954c040f2824f Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Mon, 8 Jan 2018 14:12:52 -0500 Subject: Properly cast crio boolean variables to bool Variables that are specifically booleans should be cast to bool. This is because users may sometimes pass them as string values. This is particularly prevalent when using ini-style inventories. Affected-by: https://github.com/ansible/ansible/issues/34591 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1531592 --- roles/container_runtime/tasks/common/post.yml | 2 +- roles/container_runtime/tasks/systemcontainer_crio.yml | 2 +- roles/openshift_cli/defaults/main.yml | 2 +- roles/openshift_node/defaults/main.yml | 2 +- roles/openshift_node/tasks/main.yml | 4 ++-- roles/openshift_node/tasks/openvswitch_system_container.yml | 4 ++-- roles/openshift_node/templates/node.service.j2 | 2 +- roles/openshift_node/templates/node.yaml.v1.j2 | 2 +- roles/openshift_node/templates/openshift.docker.node.dep.service | 2 +- roles/openshift_version/tasks/set_version_containerized.yml | 8 ++++---- 10 files changed, 15 insertions(+), 15 deletions(-) (limited to 'roles/openshift_node/defaults/main.yml') diff --git a/roles/container_runtime/tasks/common/post.yml b/roles/container_runtime/tasks/common/post.yml index b90190ebf..23fd8528a 100644 --- a/roles/container_runtime/tasks/common/post.yml +++ b/roles/container_runtime/tasks/common/post.yml @@ -22,5 +22,5 @@ - include_tasks: setup_docker_symlink.yml when: - - openshift_use_crio + - openshift_use_crio | bool - dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool) diff --git a/roles/container_runtime/tasks/systemcontainer_crio.yml b/roles/container_runtime/tasks/systemcontainer_crio.yml index eedb18604..d588f2618 100644 --- a/roles/container_runtime/tasks/systemcontainer_crio.yml +++ b/roles/container_runtime/tasks/systemcontainer_crio.yml @@ -104,4 +104,4 @@ # 'docker login' - include_tasks: common/post.yml vars: - openshift_docker_alternative_creds: "{{ openshift_use_crio_only }}" + openshift_docker_alternative_creds: "{{ openshift_use_crio_only | bool }}" diff --git a/roles/openshift_cli/defaults/main.yml b/roles/openshift_cli/defaults/main.yml index 631a0455e..9faec639f 100644 --- a/roles/openshift_cli/defaults/main.yml +++ b/roles/openshift_cli/defaults/main.yml @@ -8,4 +8,4 @@ system_images_registry: "{{ system_images_registry_dict[openshift_deployment_typ openshift_use_crio_only: False l_is_system_container_image: "{{ openshift_use_master_system_container | default(openshift_use_system_containers | default(False)) | bool }}" -l_use_cli_atomic_image: "{{ openshift_use_crio_only or l_is_system_container_image }}" +l_use_cli_atomic_image: "{{ (openshift_use_crio_only | bool) or (l_is_system_container_image | bool) }}" diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 27fe2f5c0..c1fab4382 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -169,7 +169,7 @@ oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker" oreg_auth_credentials_replace: False l_bind_docker_reg_auth: False openshift_use_crio: False -openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False)) }}" +openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False) | bool) }}" openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}" diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 103572291..754ecacaf 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -4,7 +4,7 @@ when: - (not ansible_selinux or ansible_selinux.status != 'enabled') - openshift_deployment_type == 'openshift-enterprise' - - not openshift_use_crio + - not openshift_use_crio | bool - include_tasks: dnsmasq_install.yml - include_tasks: dnsmasq.yml @@ -50,7 +50,7 @@ name: cri-o enabled: yes state: restarted - when: openshift_use_crio + when: openshift_use_crio | bool register: task_result failed_when: - task_result is failed diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml index 30ef9ef44..d7dce6969 100644 --- a/roles/openshift_node/tasks/openvswitch_system_container.yml +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -1,11 +1,11 @@ --- - set_fact: l_service_name: "cri-o" - when: openshift_use_crio + when: openshift_use_crio | bool - set_fact: l_service_name: "{{ openshift_docker_service_name }}" - when: not openshift_use_crio + when: not openshift_use_crio | bool - name: Pre-pull OpenVSwitch system container image command: > diff --git a/roles/openshift_node/templates/node.service.j2 b/roles/openshift_node/templates/node.service.j2 index da751bd65..777f4a449 100644 --- a/roles/openshift_node/templates/node.service.j2 +++ b/roles/openshift_node/templates/node.service.j2 @@ -8,7 +8,7 @@ Wants={{ openshift_docker_service_name }}.service Documentation=https://github.com/openshift/origin Requires=dnsmasq.service After=dnsmasq.service -{% if openshift_use_crio %}Wants=cri-o.service{% endif %} +{% if openshift_use_crio | bool %}Wants=cri-o.service{% endif %} [Service] Type=notify diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index f091263f5..5f2a94ea2 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -14,7 +14,7 @@ imageConfig: latest: {{ openshift_node_image_config_latest }} kind: NodeConfig kubeletArguments: {{ l2_openshift_node_kubelet_args | default(None) | lib_utils_to_padded_yaml(level=1) }} -{% if openshift_use_crio %} +{% if openshift_use_crio | bool %} container-runtime: - remote container-runtime-endpoint: diff --git a/roles/openshift_node/templates/openshift.docker.node.dep.service b/roles/openshift_node/templates/openshift.docker.node.dep.service index 873744f34..9fe779057 100644 --- a/roles/openshift_node/templates/openshift.docker.node.dep.service +++ b/roles/openshift_node/templates/openshift.docker.node.dep.service @@ -3,7 +3,7 @@ Requires={{ openshift_docker_service_name }}.service After={{ openshift_docker_service_name }}.service PartOf={{ openshift_service_type }}-node.service Before={{ openshift_service_type }}-node.service -{% if openshift_use_crio %}Wants=cri-o.service{% endif %} +{% if openshift_use_crio | bool %}Wants=cri-o.service{% endif %} [Service] ExecStart=/bin/bash -c 'if [[ -f /usr/bin/docker-current ]]; \ diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml index e02a75eab..a808f050e 100644 --- a/roles/openshift_version/tasks/set_version_containerized.yml +++ b/roles/openshift_version/tasks/set_version_containerized.yml @@ -21,7 +21,7 @@ register: cli_image_version when: - openshift_version is not defined - - not openshift_use_crio_only + - not openshift_use_crio_only | bool # Origin latest = pre-release version (i.e. v1.3.0-alpha.1-321-gb095e3a) - set_fact: @@ -30,7 +30,7 @@ - openshift_version is not defined - openshift.common.deployment_type == 'origin' - cli_image_version.stdout_lines[0].split('-') | length > 1 - - not openshift_use_crio_only + - not openshift_use_crio_only | bool - set_fact: openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" @@ -45,14 +45,14 @@ when: - openshift_version is defined - openshift_version.split('.') | length == 2 - - not openshift_use_crio_only + - not openshift_use_crio_only | bool - set_fact: openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" when: - openshift_version is defined - openshift_version.split('.') | length == 2 - - not openshift_use_crio_only + - not openshift_use_crio_only | bool # TODO: figure out a way to check for the openshift_version when using CRI-O. # We should do that using the images in the ostree storage so we don't have -- cgit v1.2.3 From ac68e9821fd38da3525772c3bc7713ba80ecd10b Mon Sep 17 00:00:00 2001 From: weherdh Date: Thu, 18 Jan 2018 11:31:02 +0800 Subject: Add Azure to support openshift_cloudprovider_kind --- roles/openshift_node/defaults/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'roles/openshift_node/defaults/main.yml') diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index c1fab4382..0b10413c5 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -48,6 +48,12 @@ openshift_node_kubelet_args_dict: cloud-config: - "{{ openshift_config_base ~ '/cloudprovider/gce.conf' }}" node-labels: "{{ l_node_kubelet_node_labels }}" + azure: + cloud-provider: + - azure + cloud-config: + - "{{ openshift_config_base ~ '/cloudprovider/azure.conf' }}" + node-labels: "{{ l_node_kubelet_node_labels }}" undefined: node-labels: "{{ l_node_kubelet_node_labels }}" -- cgit v1.2.3