From e18a06d2a14c5933243773f0aca7a891177f3e40 Mon Sep 17 00:00:00 2001
From: Michael Gugino <mgugino@redhat.com>
Date: Thu, 18 Jan 2018 13:12:33 -0500
Subject: Add ability to mount volumes into system container nodes

This commit adds the ability to mount volumes into
system containerized nodes.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1534933
---
 roles/openshift_node/defaults/main.yml               | 12 ++++++++++++
 roles/openshift_node/tasks/node_system_container.yml | 19 +++++++++++++++++++
 2 files changed, 31 insertions(+)

(limited to 'roles/openshift_node')

diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index c1fab4382..5d33e1323 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -71,6 +71,18 @@ r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }
 
 l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}"
 
+openshift_node_syscon_auth_mounts_l:
+- type: bind
+  source: "{{ oreg_auth_credentials_path }}"
+  destination: "/root/.docker"
+  options:
+  - ro
+
+# If we need to add new mounts in the future, or the user wants to mount data.
+# This should be in the same format as auth_mounts_l above.
+openshift_node_syscon_add_mounts_l: []
+
+
 openshift_deployment_type: "{{ openshift_deployment_type | default('origin') }}"
 
 openshift_node_image_dict:
diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml
index 06b879050..008f209d7 100644
--- a/roles/openshift_node/tasks/node_system_container.yml
+++ b/roles/openshift_node/tasks/node_system_container.yml
@@ -14,4 +14,23 @@
     - "DNS_DOMAIN={{ openshift.common.dns_domain }}"
     - "DOCKER_SERVICE={{ openshift_docker_service_name }}.service"
     - "MASTER_SERVICE={{ openshift_service_type }}.service"
+    - 'ADDTL_MOUNTS={{ l_node_syscon_add_mounts2 }}'
     state: latest
+  vars:
+    # We need to evaluate some variables here to ensure
+    # l_bind_docker_reg_auth is evaluated after registry_auth.yml has been
+    # processed.
+
+    # Determine if we want to include auth credentials mount.
+    l_node_syscon_auth_mounts_l: "{{ l_bind_docker_reg_auth | ternary(openshift_node_syscon_auth_mounts_l,[]) }}"
+
+    # Join any user-provided mounts and auth_mounts into a combined list.
+    l_node_syscon_add_mounts_l: "{{ openshift_node_syscon_add_mounts_l | union(l_node_syscon_auth_mounts_l) }}"
+
+    # We must prepend a ',' here to ensure the value is inserted properly into an
+    # existing json list in the container's config.json
+    # lib_utils_oo_l_of_d_to_csv is a custom filter plugin in roles/lib_utils/oo_filters.py
+    l_node_syscon_add_mounts: ",{{ l_node_syscon_add_mounts_l | lib_utils_oo_l_of_d_to_csv }}"
+    # if we have just a ',' then both mount lists were empty, we don't want to add
+    # anything to config.json
+    l_node_syscon_add_mounts2: "{{ (l_node_syscon_add_mounts != ',') | bool | ternary(l_node_syscon_add_mounts,'') }}"
-- 
cgit v1.2.3


From 80939af3ce9af44e5e5542fbb73f34ee0b0a686c Mon Sep 17 00:00:00 2001
From: Vadim Rutkovsky <vrutkovs@redhat.com>
Date: Tue, 23 Jan 2018 11:38:11 +0100
Subject: Lowercase node names when creating certificates

---
 roles/openshift_node/templates/node.yaml.v1.j2   |  2 +-
 roles/openshift_node_certificates/tasks/main.yml | 20 ++++++++++----------
 roles/openshift_node_certificates/vars/main.yml  |  2 +-
 3 files changed, 12 insertions(+), 12 deletions(-)

(limited to 'roles/openshift_node')

diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index 5f2a94ea2..7d817463c 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -32,7 +32,7 @@ masterClientConnectionOverrides:
   contentType: application/vnd.kubernetes.protobuf
   burst: 200
   qps: 100
-masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig
+masterKubeConfig: system:node:{{ openshift.common.hostname | lower }}.kubeconfig
 {% if openshift_node_use_openshift_sdn | bool %}
 networkPluginName: {{ openshift_node_sdn_network_plugin_name }}
 {% endif %}
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
index 5f73f3bdc..13d9fd718 100644
--- a/roles/openshift_node_certificates/tasks/main.yml
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -18,9 +18,9 @@
   stat:
     path: "{{ openshift.common.config_base }}/node/{{ item }}"
   with_items:
-  - "system:node:{{ openshift.common.hostname }}.crt"
-  - "system:node:{{ openshift.common.hostname }}.key"
-  - "system:node:{{ openshift.common.hostname }}.kubeconfig"
+  - "system:node:{{ openshift.common.hostname | lower }}.crt"
+  - "system:node:{{ openshift.common.hostname | lower }}.key"
+  - "system:node:{{ openshift.common.hostname | lower }}.kubeconfig"
   - ca.crt
   - server.key
   - server.crt
@@ -59,16 +59,16 @@
     --certificate-authority {{ legacy_ca_certificate }}
     {% endfor %}
     --certificate-authority={{ openshift_ca_cert }}
-    --client-dir={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}
+    --client-dir={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}
     --groups=system:nodes
     --master={{ hostvars[openshift_ca_host].openshift.master.api_url }}
     --signer-cert={{ openshift_ca_cert }}
     --signer-key={{ openshift_ca_key }}
     --signer-serial={{ openshift_ca_serial }}
-    --user=system:node:{{ hostvars[item].openshift.common.hostname }}
+    --user=system:node:{{ hostvars[item].openshift.common.hostname | lower }}
     --expire-days={{ openshift_node_cert_expire_days }}
   args:
-    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}"
+    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}"
   with_items: "{{ hostvars
                   | lib_utils_oo_select_keys(groups['oo_nodes_to_config'])
                   | lib_utils_oo_collect(attribute='inventory_hostname', filters={'node_certs_missing':True}) }}"
@@ -78,16 +78,16 @@
 - name: Generate the node server certificate
   command: >
     {{ hostvars[openshift_ca_host]['first_master_client_binary'] }} adm ca create-server-cert
-    --cert={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.crt
-    --key={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.key
+    --cert={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}/server.crt
+    --key={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}/server.key
     --expire-days={{ openshift_node_cert_expire_days }}
     --overwrite=true
-    --hostnames={{ hostvars[item].openshift.common.hostname }},{{ hostvars[item].openshift.common.public_hostname }},{{ hostvars[item].openshift.common.ip }},{{ hostvars[item].openshift.common.public_ip }}
+    --hostnames={{ hostvars[item].openshift.common.hostname }},{{ hostvars[item].openshift.common.hostname | lower }},{{ hostvars[item].openshift.common.public_hostname }},{{ hostvars[item].openshift.common.public_hostname | lower }},{{ hostvars[item].openshift.common.ip }},{{ hostvars[item].openshift.common.public_ip }}
     --signer-cert={{ openshift_ca_cert }}
     --signer-key={{ openshift_ca_key }}
     --signer-serial={{ openshift_ca_serial }}
   args:
-    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.crt"
+    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}/server.crt"
   with_items: "{{ hostvars
                   | lib_utils_oo_select_keys(groups['oo_nodes_to_config'])
                   | lib_utils_oo_collect(attribute='inventory_hostname', filters={'node_certs_missing':True}) }}"
diff --git a/roles/openshift_node_certificates/vars/main.yml b/roles/openshift_node_certificates/vars/main.yml
index 17ad8106d..12a6d3f94 100644
--- a/roles/openshift_node_certificates/vars/main.yml
+++ b/roles/openshift_node_certificates/vars/main.yml
@@ -1,7 +1,7 @@
 ---
 openshift_generated_configs_dir: "{{ openshift.common.config_base }}/generated-configs"
 openshift_node_cert_dir: "{{ openshift.common.config_base }}/node"
-openshift_node_cert_subdir: "node-{{ openshift.common.hostname }}"
+openshift_node_cert_subdir: "node-{{ openshift.common.hostname | lower }}"
 openshift_node_config_dir: "{{ openshift.common.config_base }}/node"
 openshift_node_generated_config_dir: "{{ openshift_generated_configs_dir }}/{{ openshift_node_cert_subdir }}"
 
-- 
cgit v1.2.3