From d17a583db7d1caef4a60a19f0379da8bce25754a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Tue, 25 Aug 2015 16:56:51 +0200 Subject: Add options to configure docker registries --- roles/openshift_node/tasks/main.yml | 42 +++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index adffca252..18f0ce064 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -70,6 +70,48 @@ line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" when: docker_check.stat.isreg + notify: + - restart docker + +- set_fact: + docker_additional_registries: "registry.access.redhat.com,{{ lookup('oo_option', 'docker_additional_registries') }}" + when: deployment_type == 'enterprise' +- set_fact: + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}" + when: deployment_type != 'enterprise' + +- name: Add personal registries + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^ADD_REGISTRY=.*' + line: "ADD_REGISTRY='{{ docker_additional_registries | oo_split() + | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'" + when: docker_check.stat.isreg and + docker_additional_registries != '' + notify: + - restart docker + +- name: Block registries + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^BLOCK_REGISTRY=.*' + line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split() + | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'" + when: docker_check.stat.isreg and + lookup('oo_option', 'docker_blocked_registries') != '' + notify: + - restart docker + +- name: Grant access to additional insecure registries + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^INSECURE_REGISTRY=.*' + line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split() + | oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'" + when: docker_check.stat.isreg and + lookup('oo_option', 'docker_insecure_registries') != '' + notify: + - restart docker - name: Allow NFS access for VMs seboolean: name=virt_use_nfs state=yes persistent=yes -- cgit v1.2.3 From 1b3fff6248fbd6788a26ee2b6c60f7731891c0f4 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Fri, 19 Jun 2015 14:41:10 -0400 Subject: Atomic Enterprise related changes. --- roles/openshift_node/tasks/main.yml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 18f0ce064..5ccb810cf 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -10,16 +10,7 @@ msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online'] -- name: Install OpenShift Node package - yum: pkg=openshift-node state=present - register: node_install_result - -- name: Install openshift-sdn-ovs - yum: pkg=openshift-sdn-ovs state=present - register: sdn_install_result - when: openshift.common.use_openshift_sdn - -- name: Set node OpenShift facts +- name: Set node facts openshift_facts: role: "{{ item.role }}" local_facts: "{{ item.local_facts }}" @@ -38,17 +29,26 @@ portal_net: "{{ openshift_master_portal_net | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" +- name: Install Node package + yum: pkg={{ openshift.common.service_type }}-node state=present + register: node_install_result + +- name: Install sdn-ovs package + yum: pkg={{ openshift.common.service_type }}-sdn-ovs state=present + register: sdn_install_result + when: openshift.common.use_openshift_sdn + # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config template: dest: "{{ openshift_node_config_file }}" src: node.yaml.v1.j2 notify: - - restart openshift-node + - restart node -- name: Configure OpenShift Node settings +- name: Configure Node settings lineinfile: - dest: /etc/sysconfig/openshift-node + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" with_items: @@ -57,13 +57,13 @@ - regex: '^CONFIG_FILE=' line: "CONFIG_FILE={{ openshift_node_config_file }}" notify: - - restart openshift-node + - restart node - stat: path=/etc/sysconfig/docker register: docker_check # TODO: Enable secure registry when code available in origin -- name: Secure OpenShift Registry +- name: Secure Registry lineinfile: dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*' @@ -117,8 +117,8 @@ seboolean: name=virt_use_nfs state=yes persistent=yes when: ansible_selinux and ansible_selinux.status == "enabled" -- name: Start and enable openshift-node - service: name=openshift-node enabled=yes state=started +- name: Start and enable node + service: name={{ openshift.common.service_type }}-node enabled=yes state=started register: start_result - name: pause to prevent service restart from interfering with bootstrapping -- cgit v1.2.3 From 886fab0967834d116bbba2e7d50feb2e13fff11f Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 26 Aug 2015 22:15:16 -0400 Subject: Bugfix for extra --add-registry in docker config --- roles/openshift_node/tasks/main.yml | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 18f0ce064..7679adbf3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -66,7 +66,7 @@ - name: Secure OpenShift Registry lineinfile: dest: /etc/sysconfig/docker - regexp: '^OPTIONS=.*' + regexp: '^OPTIONS=.*$' line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" when: docker_check.stat.isreg @@ -74,27 +74,29 @@ - restart docker - set_fact: - docker_additional_registries: "registry.access.redhat.com,{{ lookup('oo_option', 'docker_additional_registries') }}" - when: deployment_type == 'enterprise' + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') + | oo_split() | union(['registry.access.redhat.com']) + | difference(['']) }}" + when: openshift.common.deployment_type == 'enterprise' - set_fact: - docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}" - when: deployment_type != 'enterprise' + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') + | oo_split() | difference(['']) }}" + when: openshift.common.deployment_type != 'enterprise' - name: Add personal registries lineinfile: dest: /etc/sysconfig/docker - regexp: '^ADD_REGISTRY=.*' - line: "ADD_REGISTRY='{{ docker_additional_registries | oo_split() - | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'" - when: docker_check.stat.isreg and - docker_additional_registries != '' + regexp: '^ADD_REGISTRY=.*$' + line: "ADD_REGISTRY='{{ docker_additional_registries + | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'" + when: docker_check.stat.isreg and docker_additional_registries notify: - restart docker - name: Block registries lineinfile: dest: /etc/sysconfig/docker - regexp: '^BLOCK_REGISTRY=.*' + regexp: '^BLOCK_REGISTRY=.*$' line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split() | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'" when: docker_check.stat.isreg and -- cgit v1.2.3 From c28aea2f19b6aea729f27b636e5318ac775addb6 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 1 Sep 2015 16:34:01 -0400 Subject: Add openshift_node_sdn_mtu configuration Sync's with Origin 1.0.6 and OSE 3.0.2 node-config.yaml networkConfig changes Fixes #534 --- roles/openshift_node/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index db1731d65..e56a666e9 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -28,6 +28,7 @@ debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" portal_net: "{{ openshift_master_portal_net | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" + sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" - name: Install Node package yum: pkg={{ openshift.common.service_type }}-node state=present -- cgit v1.2.3 From 8e3d2689c442762cdd5df08ca31721c5b17b2ee8 Mon Sep 17 00:00:00 2001 From: Stefanie Forrester Date: Thu, 27 Aug 2015 12:45:06 -0700 Subject: added new node fact for schedulability --- roles/openshift_node/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e56a666e9..11190ab72 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -29,6 +29,7 @@ portal_net: "{{ openshift_master_portal_net | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" + schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" - name: Install Node package yum: pkg={{ openshift.common.service_type }}-node state=present -- cgit v1.2.3 From 633c651285b53ee154cd497513ded4a26c88d991 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 3 Sep 2015 15:30:03 -0400 Subject: Add openshift_version to set RPM versions Mostly necessary for debugging / testing upgrade paths --- roles/openshift_node/tasks/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e56a666e9..7a862c99f 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -30,12 +30,14 @@ kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" +# We have to add tuned-profiles in the same transaction otherwise we run into depsolving +# problems because the rpms don't pin the version properly. - name: Install Node package - yum: pkg={{ openshift.common.service_type }}-node state=present + yum: pkg={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present register: node_install_result - name: Install sdn-ovs package - yum: pkg={{ openshift.common.service_type }}-sdn-ovs state=present + yum: pkg={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present register: sdn_install_result when: openshift.common.use_openshift_sdn -- cgit v1.2.3 From 44f2904159c5a3e0045eb413287a9c1778f91adb Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 10 Sep 2015 10:27:35 -0400 Subject: Upgrades --- roles/openshift_node/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 1986b631e..e8cc499c0 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -47,6 +47,7 @@ template: dest: "{{ openshift_node_config_file }}" src: node.yaml.v1.j2 + backup: true notify: - restart node -- cgit v1.2.3 From a22fbd327ab9decda9543d47c1ba375b9faecffd Mon Sep 17 00:00:00 2001 From: Chengcheng Mu Date: Tue, 18 Aug 2015 10:46:23 +0200 Subject: GCE-support (more information in PR, README_GCE.md) --- roles/openshift_node/tasks/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e8cc499c0..7e5ac2b5b 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -22,7 +22,7 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - labels: "{{ openshift_node_labels | default(none) }}" + labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default() ) }}" annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" @@ -73,6 +73,12 @@ dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ +--insecure-registry=dockerhub.rnd.amadeus.net:5000 \ +--insecure-registry=dockerhub.rnd.amadeus.net:5001 \ +--insecure-registry=dockerhub.rnd.amadeus.net:5002 \ +--add-registry=dockerhub.rnd.amadeus.net:5000 \ +--add-registry=dockerhub.rnd.amadeus.net:5001 \ +--add-registry=dockerhub.rnd.amadeus.net:5002 \ {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" when: docker_check.stat.isreg notify: -- cgit v1.2.3 From b8dcab08624bfdc4e89a144b82caa68883d1f861 Mon Sep 17 00:00:00 2001 From: Chengcheng Mu Date: Thu, 1 Oct 2015 15:45:45 +0200 Subject: Removed some application specific code like insecure registries, heat template --- roles/openshift_node/tasks/main.yml | 6 ------ 1 file changed, 6 deletions(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 7e5ac2b5b..96cd96315 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -73,12 +73,6 @@ dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ ---insecure-registry=dockerhub.rnd.amadeus.net:5000 \ ---insecure-registry=dockerhub.rnd.amadeus.net:5001 \ ---insecure-registry=dockerhub.rnd.amadeus.net:5002 \ ---add-registry=dockerhub.rnd.amadeus.net:5000 \ ---add-registry=dockerhub.rnd.amadeus.net:5001 \ ---add-registry=dockerhub.rnd.amadeus.net:5002 \ {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" when: docker_check.stat.isreg notify: -- cgit v1.2.3 From 3073d1f729f9dcd202088f6b318b465567c6344b Mon Sep 17 00:00:00 2001 From: Thomas Wiest Date: Mon, 5 Oct 2015 13:48:41 -0400 Subject: Revert "GCE support" --- roles/openshift_node/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 96cd96315..e8cc499c0 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -22,7 +22,7 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default() ) }}" + labels: "{{ openshift_node_labels | default(none) }}" annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" -- cgit v1.2.3 From a3ba0278879075e14373a6872acc5f0c3cc3d9a2 Mon Sep 17 00:00:00 2001 From: Chengcheng Mu Date: Tue, 6 Oct 2015 16:59:00 +0200 Subject: Revert "Revert "GCE support"" This reverts commit 3073d1f729f9dcd202088f6b318b465567c6344b. --- roles/openshift_node/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e8cc499c0..96cd96315 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -22,7 +22,7 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - labels: "{{ openshift_node_labels | default(none) }}" + labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default() ) }}" annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" -- cgit v1.2.3 From 46f10c87930747d7e10cfc2c3b71ea68da647135 Mon Sep 17 00:00:00 2001 From: Chengcheng Mu Date: Fri, 9 Oct 2015 09:35:40 +0200 Subject: fix : (node) labels defaults correctly to the variable openshift_node_labels when oo_option returns an empty list --- roles/openshift_node/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 96cd96315..d45dd8073 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -22,7 +22,7 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default() ) }}" + labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" -- cgit v1.2.3