From 7b316631a2b988318b47d3a50a7b66e3ff3fdbd2 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 10 Jun 2015 10:31:39 -0400 Subject: Update for RC2 changes Remove openshift-deployer.kubeconfig from master template Sync config template Update enterprise image names Switch to node auto registration Add deployer to list of serviceAccountConfig.managedNames Move package installation before registering facts change default kubeconfig location Change system:openshift-client to system:openshift-master Rename node cert/key/kubeconfig per openshift/origin#3160 Update references to /var/lib/openshift/openshift.local.certificates --- roles/openshift_node/tasks/main.yml | 28 +++++++++++++------------- roles/openshift_node/templates/node.yaml.v1.j2 | 6 ++++-- 2 files changed, 18 insertions(+), 16 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 15d18f510..770b55351 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -1,6 +1,20 @@ --- # TODO: allow for overriding default ports where possible +- name: Install OpenShift Node package + yum: pkg=openshift-node state=present + register: node_install_result + +- name: Install openshift-sdn-ovs + yum: pkg=openshift-sdn-ovs state=present + register: sdn_install_result + when: openshift.common.use_openshift_sdn + +- name: Reload systemd units + command: systemctl daemon-reload + when: (node_install_result | changed or (openshift.common.use_openshift_sdn + and sdn_install_result | changed)) + - name: Set node OpenShift facts openshift_facts: role: "{{ item.role }}" @@ -22,20 +36,6 @@ debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" portal_net: "{{ openshift_master_portal_net | default(None) }}" -- name: Install OpenShift Node package - yum: pkg=openshift-node state=present - register: node_install_result - -- name: Install openshift-sdn-ovs - yum: pkg=openshift-sdn-ovs state=present - register: sdn_install_result - when: openshift.common.use_openshift_sdn - -- name: Reload systemd units - command: systemctl daemon-reload - when: (node_install_result | changed or (openshift.common.use_openshift_sdn - and sdn_install_result | changed)) - # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config template: diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index cab75cd49..f313f6a4b 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -2,14 +2,16 @@ allowDisabledDocker: false apiVersion: v1 dnsDomain: {{ hostvars[openshift_first_master].openshift.dns.domain }} dnsIP: {{ hostvars[openshift_first_master].openshift.dns.ip }} +dockerConfig: + execHandlerName: "" imageConfig: format: {{ openshift.node.registry_url }} latest: false kind: NodeConfig -masterKubeConfig: node.kubeconfig +masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig networkPluginName: {{ openshift.common.sdn_network_plugin_name }} nodeName: {{ openshift.common.hostname }} -podManifestConfig: null +podManifestConfig: servingInfo: bindAddress: 0.0.0.0:10250 certFile: server.crt -- cgit v1.2.3 From 66dd4499a7e17b985f6033370e5e8b5a9c8f04ac Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Mon, 22 Jun 2015 15:19:53 -0400 Subject: Adding support for labeling nodes as unscheduleable For idempotency it first checks the output of 'oc get node ' to see if any action needs to be taken. The trick was waiting to make sure that the node autoregistration had actually happened. If you set openshift_scheduleable=False in the inventory then the node will be marked as unscheduleable. Likewise setting it to True undoes the change. Having openshift_scheduleable undefined is the same as True since that is the default state of a Node. --- roles/openshift_node/tasks/main.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 770b55351..4789dec85 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -73,3 +73,24 @@ - name: Start and enable openshift-node service: name=openshift-node enabled=yes state=started + +- name: Check scheduleable state + delegate_to: "{{ openshift_first_master }}" + command: > + {{ openshift.common.client_binary }} get node {{ inventory_hostname }} + register: ond_get_node + until: ond_get_node.rc == 0 + retries: 10 + delay: 5 + +- name: Handle unscheduleable node + delegate_to: "{{ openshift_first_master }}" + command: > + {{ openshift.common.admin_binary }} manage-node {{ inventory_hostname }} --schedulable=false + when: openshift_scheduleable is defined and openshift_scheduleable == False and "SchedulingDisabled" not in ond_get_node.stdout + +- name: Handle scheduleable node + delegate_to: "{{ openshift_first_master }}" + command: > + {{ openshift.common.admin_binary }} manage-node {{ inventory_hostname }} --schedulable=true + when: (openshift_scheduleable is not defined or openshift_scheduleable == True) and "SchedulingDisabled" in ond_get_node.stdout -- cgit v1.2.3 From 631b4353978bab6430927619e46770a9684c6242 Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Tue, 23 Jun 2015 09:09:10 -0400 Subject: Bug 1234717 - oo-install-ose should use openshift_hostname as parameter when checking schedulable state --- roles/openshift_node/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 4789dec85..13f30a6f8 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -77,7 +77,7 @@ - name: Check scheduleable state delegate_to: "{{ openshift_first_master }}" command: > - {{ openshift.common.client_binary }} get node {{ inventory_hostname }} + {{ openshift.common.client_binary }} get node {{ openshift.common.hostname }} register: ond_get_node until: ond_get_node.rc == 0 retries: 10 @@ -86,11 +86,11 @@ - name: Handle unscheduleable node delegate_to: "{{ openshift_first_master }}" command: > - {{ openshift.common.admin_binary }} manage-node {{ inventory_hostname }} --schedulable=false + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname }} --schedulable=false when: openshift_scheduleable is defined and openshift_scheduleable == False and "SchedulingDisabled" not in ond_get_node.stdout - name: Handle scheduleable node delegate_to: "{{ openshift_first_master }}" command: > - {{ openshift.common.admin_binary }} manage-node {{ inventory_hostname }} --schedulable=true + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname }} --schedulable=true when: (openshift_scheduleable is not defined or openshift_scheduleable == True) and "SchedulingDisabled" in ond_get_node.stdout -- cgit v1.2.3 From df51a7dddad9e6f93a24c3ec07a07a661e6e168a Mon Sep 17 00:00:00 2001 From: Brenton Leanhardt Date: Fri, 26 Jun 2015 15:04:56 -0400 Subject: delegate_to doesn't appear to be thread safe --- roles/openshift_node/tasks/main.yml | 21 --------------------- 1 file changed, 21 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 13f30a6f8..770b55351 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -73,24 +73,3 @@ - name: Start and enable openshift-node service: name=openshift-node enabled=yes state=started - -- name: Check scheduleable state - delegate_to: "{{ openshift_first_master }}" - command: > - {{ openshift.common.client_binary }} get node {{ openshift.common.hostname }} - register: ond_get_node - until: ond_get_node.rc == 0 - retries: 10 - delay: 5 - -- name: Handle unscheduleable node - delegate_to: "{{ openshift_first_master }}" - command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname }} --schedulable=false - when: openshift_scheduleable is defined and openshift_scheduleable == False and "SchedulingDisabled" not in ond_get_node.stdout - -- name: Handle scheduleable node - delegate_to: "{{ openshift_first_master }}" - command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname }} --schedulable=true - when: (openshift_scheduleable is not defined or openshift_scheduleable == True) and "SchedulingDisabled" in ond_get_node.stdout -- cgit v1.2.3 From add3fbcce31e9db4ea8c76acb9c8579f20581912 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 10 Jul 2015 14:46:43 -0400 Subject: Etcd role updates and playbook updates - fix firewall conflict issues with co-located etcd and openshift hosts - added os_firewall dependency to etcd role - updated etcd template to better handle clustered and non-clustered installs - added etcd_ca role - generates a self-signed cert to manage etcd certificates, since etcd peer certificates are required to be client and server certs and the openshift ca will only generate client or server certs (not one authorized for both). - renamed openshift_etcd_certs role to etcd_certificates and updated it to manage certificates generated from the CA managed by the etcd_ca role - remove hard coded etcd_port in openshift_facts - updates for the openshift-etcd common playbook - removed etcd and openshift-etcd playbooks from the byo playbooks directory - added a common playbook for setting etcd launch facts - added an openshift-etcd common service playbook - removed unused variables - fixed tests for embedded_{etcd,dns,kube} in openshift_master - removed old workaround for reloading systemd units --- roles/openshift_node/tasks/main.yml | 8 -------- 1 file changed, 8 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 770b55351..53b325e4d 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -10,11 +10,6 @@ register: sdn_install_result when: openshift.common.use_openshift_sdn -- name: Reload systemd units - command: systemctl daemon-reload - when: (node_install_result | changed or (openshift.common.use_openshift_sdn - and sdn_install_result | changed)) - - name: Set node OpenShift facts openshift_facts: role: "{{ item.role }}" @@ -27,9 +22,6 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - resources_cpu: "{{ openshift_node_resources_cpu | default(none) }}" - resources_memory: "{{ openshift_node_resources_memory | default(none) }}" - pod_cidr: "{{ openshift_node_pod_cidr | default(none) }}" labels: "{{ openshift_node_labels | default(none) }}" annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" -- cgit v1.2.3 From f752eaccbb1a5f0e2c1d36502f755d022a21d073 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 10 Jul 2015 15:04:26 -0400 Subject: Playbook updates for clustered etcd - Add support to bin/cluster for specifying etcd hosts - defaults to 0, if no etcd hosts are selected, then configures embedded etcd - Updates for the byo inventory file for etcd and master as node by default - Consolidation of cluster logic more centrally into common playbook - Added etcd config support to playbooks - Restructured byo playbooks to leverage the common openshift-cluster playbook - Added support to common master playbook to generate and apply external etcd client certs from the etcd ca - start of refactor for better handling of master certs in a multi-master environment. - added the openshift_master_ca and openshift_master_certificates roles to manage master certs instead of generating them in the openshift_master role - added etcd host groups to the cluster update playbooks - aded better handling of host groups when they are either not present or are empty. - Update AWS readme --- roles/openshift_node/tasks/main.yml | 6 ++++++ roles/openshift_node/templates/node.yaml.v1.j2 | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 53b325e4d..e18846db8 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -1,5 +1,11 @@ --- # TODO: allow for overriding default ports where possible +- fail: + msg: This role requres that osn_cluster_dns_domain is set + when: osn_cluster_dns_domain is not defined or not osn_cluster_dns_domain +- fail: + msg: This role requres that osn_cluster_dns_ip is set + when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip - name: Install OpenShift Node package yum: pkg=openshift-node state=present diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index f313f6a4b..7778a2a61 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -1,7 +1,7 @@ allowDisabledDocker: false apiVersion: v1 -dnsDomain: {{ hostvars[openshift_first_master].openshift.dns.domain }} -dnsIP: {{ hostvars[openshift_first_master].openshift.dns.ip }} +dnsDomain: {{ osn_cluster_dns_domain }} +dnsIP: {{ osn_cluster_dns_ip }} dockerConfig: execHandlerName: "" imageConfig: -- cgit v1.2.3 From 96c33e1b6a38a21334abd29fe642a2085e2439cb Mon Sep 17 00:00:00 2001 From: Takayoshi Kimura Date: Fri, 17 Jul 2015 16:22:36 +0900 Subject: Replace outdated beta repo ids with 3.0 release --- roles/openshift_node/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/README.md b/roles/openshift_node/README.md index c3c17b848..5edb3b8dd 100644 --- a/roles/openshift_node/README.md +++ b/roles/openshift_node/README.md @@ -9,7 +9,7 @@ Requirements One or more OpenShift Master servers. A RHEL 7.1 host pre-configured with access to the rhel-7-server-rpms, -rhel-7-server-extras-rpms, and rhel-server-7-ose-beta-rpms repos. +rhel-7-server-extras-rpms, and rhel-7-server-ose-3.0-rpms repos. Role Variables -------------- -- cgit v1.2.3 From 8d80cf21e73a1015617c9ec8cd183602436e54fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Fri, 17 Jul 2015 16:46:13 +0200 Subject: Make the playbooks friendlier with SELinux disabled hosts --- roles/openshift_node/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e18846db8..5188df973 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -63,11 +63,13 @@ lineinfile: dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*' - line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} --selinux-enabled'" + line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ +{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" when: docker_check.stat.isreg - name: Allow NFS access for VMs seboolean: name=virt_use_nfs state=yes persistent=yes + when: ansible_selinux and ansible_selinux.status == "enabled" - name: Start and enable openshift-node service: name=openshift-node enabled=yes state=started -- cgit v1.2.3 From 73551e320e0fd9f04e358fdba47d147eb425f48b Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 24 Jul 2015 14:05:56 -0400 Subject: Add a pause after node startup to prevent restart handler from interfering with sdn configuration --- roles/openshift_node/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e18846db8..e84e74b40 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -71,3 +71,8 @@ - name: Start and enable openshift-node service: name=openshift-node enabled=yes state=started + register: start_result + +- name: pause to prevent service restart from interfering with bootstrapping + pause: seconds=30 + when: start_result | changed -- cgit v1.2.3 From 7aeadcf61aef6256962a4859f4753b69c8fccc0f Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 29 Jul 2015 16:46:00 -0400 Subject: Set loglevel=2 as our default across the board --- roles/openshift_node/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/README.md b/roles/openshift_node/README.md index 5edb3b8dd..0ba1eca93 100644 --- a/roles/openshift_node/README.md +++ b/roles/openshift_node/README.md @@ -20,9 +20,9 @@ From this role: | oreg_url | UNDEF (Optional) | Default docker registry to use | From openshift_common: -| Name | Default Value | | +| Name | Default Value | | |-------------------------------|---------------------|---------------------| -| openshift_debug_level | 0 | Global openshift debug log verbosity | +| openshift_debug_level | 2 | Global openshift debug log verbosity | | openshift_public_ip | UNDEF (Required) | Public IP address to use for this host | | openshift_hostname | UNDEF (Required) | hostname to use for this instance | -- cgit v1.2.3 From 7a12b210856a2abefb2a7d70448975c7f2ce14af Mon Sep 17 00:00:00 2001 From: "Diego Castro (dscastro)" Date: Wed, 12 Aug 2015 11:44:34 -0300 Subject: Notes for schedule behavior. --- roles/openshift_node/README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/README.md b/roles/openshift_node/README.md index 5edb3b8dd..300e6b495 100644 --- a/roles/openshift_node/README.md +++ b/roles/openshift_node/README.md @@ -34,6 +34,18 @@ openshift_common Example Playbook ---------------- +Notes +----- + +Currently we support re-labeling nodes but we don't re-schedule running pods nor remove existing labels. That means you will have to trigger the re-schedulling manually. To re-schedule your pods, just follow the steps below: + +``` +oadm manage-node --schedulable=false ${NODE} +oadm manage-node --evacuate ${NODE} +oadm manage-node --schedulable=true ${NODE} +```` + + TODO License -- cgit v1.2.3 From db0078cd9631d841bef5c176aed18a7907871d1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Wed, 12 Aug 2015 15:26:12 +0200 Subject: Force SELinux on "enterprise" deployment type --- roles/openshift_node/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 5188df973..f9c3d10e9 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -6,6 +6,9 @@ - fail: msg: This role requres that osn_cluster_dns_ip is set when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip +- fail: + msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." + when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online'] - name: Install OpenShift Node package yum: pkg=openshift-node state=present -- cgit v1.2.3 From a2e27c5925954ce04fca9c891099a6146a418222 Mon Sep 17 00:00:00 2001 From: Diego Castro Date: Thu, 13 Aug 2015 12:19:20 -0300 Subject: Configure cluster metrics Playbook based on https://docs.openshift.org/latest/admin_guide/cluster_metrics.html. --- roles/openshift_node/defaults/main.yml | 4 ++++ roles/openshift_node/templates/node.yaml.v1.j2 | 1 + roles/openshift_node/templates/partials/kubeletArguments.j2 | 5 +++++ 3 files changed, 10 insertions(+) create mode 100644 roles/openshift_node/templates/partials/kubeletArguments.j2 (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index be51195f2..1dbcc4301 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -6,3 +6,7 @@ os_firewall_allow: port: 80/tcp - service: https port: 443/tcp +- service: Openshift kubelet ReadOnlyPort + port: 10255/tcp +- service: Openshift kubelet ReadOnlyPort udp + port: 10255/udp diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 7778a2a61..a0a7e5098 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -18,3 +18,4 @@ servingInfo: clientCA: ca.crt keyFile: server.key volumeDirectory: {{ openshift_data_dir }}/openshift.local.volumes +{% include 'partials/kubeletArguments.j2' %} \ No newline at end of file diff --git a/roles/openshift_node/templates/partials/kubeletArguments.j2 b/roles/openshift_node/templates/partials/kubeletArguments.j2 new file mode 100644 index 000000000..6c3bd04c5 --- /dev/null +++ b/roles/openshift_node/templates/partials/kubeletArguments.j2 @@ -0,0 +1,5 @@ +{% if openshift.common.use_cluster_metrics | bool %} +kubeletArguments: + "read-only-port": + - "10255" +{% endif %} \ No newline at end of file -- cgit v1.2.3 From 800256e451b112d3cd7c2356615572c0de3c3840 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 12 Aug 2015 22:01:06 -0400 Subject: Add support for setting kubeletArguments, controllerArguments, and apiServerArguments --- roles/openshift_node/tasks/main.yml | 1 + roles/openshift_node/templates/node.yaml.v1.j2 | 3 +++ 2 files changed, 4 insertions(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e84e74b40..3225645a2 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -33,6 +33,7 @@ registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" portal_net: "{{ openshift_master_portal_net | default(None) }}" + kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 7778a2a61..e6f75a4c0 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -8,6 +8,9 @@ imageConfig: format: {{ openshift.node.registry_url }} latest: false kind: NodeConfig +{% if openshift.common.kubelet_args is defined and openshift.common.kubelet_args %} +kubeletArguments: {{ kubelet_args }} +{% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig networkPluginName: {{ openshift.common.sdn_network_plugin_name }} nodeName: {{ openshift.common.hostname }} -- cgit v1.2.3 From 9c50ddfffc518185acfe01c3bcdd90d4bc4e4004 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 18 Aug 2015 10:09:32 -0400 Subject: Fix kubelet_args --- roles/openshift_node/templates/node.yaml.v1.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index e6f75a4c0..ff0a2fa7e 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -8,8 +8,8 @@ imageConfig: format: {{ openshift.node.registry_url }} latest: false kind: NodeConfig -{% if openshift.common.kubelet_args is defined and openshift.common.kubelet_args %} -kubeletArguments: {{ kubelet_args }} +{% if openshift.node.kubelet_args is defined and openshift.node.kubelet_args %} +kubeletArguments: {{ openshift.node.kubelet_args }} {% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig networkPluginName: {{ openshift.common.sdn_network_plugin_name }} -- cgit v1.2.3 From 4c2293c61088bdcf5f52bc598a443dad753b49f0 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 18 Aug 2015 14:33:38 -0400 Subject: another kubelet_args fix --- roles/openshift_node/templates/node.yaml.v1.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index ff0a2fa7e..7b1c0f808 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -9,7 +9,7 @@ imageConfig: latest: false kind: NodeConfig {% if openshift.node.kubelet_args is defined and openshift.node.kubelet_args %} -kubeletArguments: {{ openshift.node.kubelet_args }} +kubeletArguments: {{ openshift.node.kubelet_args | to_json }} {% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig networkPluginName: {{ openshift.common.sdn_network_plugin_name }} -- cgit v1.2.3 From d17a583db7d1caef4a60a19f0379da8bce25754a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Tue, 25 Aug 2015 16:56:51 +0200 Subject: Add options to configure docker registries --- roles/openshift_node/handlers/main.yml | 3 +++ roles/openshift_node/tasks/main.yml | 42 ++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 953a1421b..8b5acefbf 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,3 +1,6 @@ --- - name: restart openshift-node service: name=openshift-node state=restarted + +- name: restart docker + service: name=docker state=restarted diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index adffca252..18f0ce064 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -70,6 +70,48 @@ line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" when: docker_check.stat.isreg + notify: + - restart docker + +- set_fact: + docker_additional_registries: "registry.access.redhat.com,{{ lookup('oo_option', 'docker_additional_registries') }}" + when: deployment_type == 'enterprise' +- set_fact: + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}" + when: deployment_type != 'enterprise' + +- name: Add personal registries + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^ADD_REGISTRY=.*' + line: "ADD_REGISTRY='{{ docker_additional_registries | oo_split() + | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'" + when: docker_check.stat.isreg and + docker_additional_registries != '' + notify: + - restart docker + +- name: Block registries + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^BLOCK_REGISTRY=.*' + line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split() + | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'" + when: docker_check.stat.isreg and + lookup('oo_option', 'docker_blocked_registries') != '' + notify: + - restart docker + +- name: Grant access to additional insecure registries + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^INSECURE_REGISTRY=.*' + line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split() + | oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'" + when: docker_check.stat.isreg and + lookup('oo_option', 'docker_insecure_registries') != '' + notify: + - restart docker - name: Allow NFS access for VMs seboolean: name=virt_use_nfs state=yes persistent=yes -- cgit v1.2.3 From 1b3fff6248fbd6788a26ee2b6c60f7731891c0f4 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Fri, 19 Jun 2015 14:41:10 -0400 Subject: Atomic Enterprise related changes. --- roles/openshift_node/README.md | 16 ++++++++-------- roles/openshift_node/defaults/main.yml | 2 +- roles/openshift_node/handlers/main.yml | 4 ++-- roles/openshift_node/tasks/main.yml | 34 +++++++++++++++++----------------- roles/openshift_node/vars/main.yml | 2 +- 5 files changed, 29 insertions(+), 29 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/README.md b/roles/openshift_node/README.md index 427269931..3aff81274 100644 --- a/roles/openshift_node/README.md +++ b/roles/openshift_node/README.md @@ -1,12 +1,12 @@ -OpenShift Node -============== +OpenShift/Atomic Enterprise Node +================================ -OpenShift Node service installation +Node service installation Requirements ------------ -One or more OpenShift Master servers. +One or more Master servers. A RHEL 7.1 host pre-configured with access to the rhel-7-server-rpms, rhel-7-server-extras-rpms, and rhel-7-server-ose-3.0-rpms repos. @@ -14,10 +14,10 @@ rhel-7-server-extras-rpms, and rhel-7-server-ose-3.0-rpms repos. Role Variables -------------- From this role: -| Name | Default value | | -|------------------------------------------|-----------------------|----------------------------------------| -| openshift_node_debug_level | openshift_debug_level | Verbosity of the debug logs for openshift-node | -| oreg_url | UNDEF (Optional) | Default docker registry to use | +| Name | Default value | | +|------------------------------------------|-----------------------|--------------------------------------------------------| +| openshift_node_debug_level | openshift_debug_level | Verbosity of the debug logs for node | +| oreg_url | UNDEF (Optional) | Default docker registry to use | From openshift_common: | Name | Default Value | | diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 1dbcc4301..c4abf9d7c 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,6 +1,6 @@ --- os_firewall_allow: -- service: OpenShift kubelet +- service: Kubernetes kubelet port: 10250/tcp - service: http port: 80/tcp diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 8b5acefbf..633f3ed13 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,6 +1,6 @@ --- -- name: restart openshift-node - service: name=openshift-node state=restarted +- name: restart node + service: name={{ openshift.common.service_type }}-node state=restarted - name: restart docker service: name=docker state=restarted diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 18f0ce064..5ccb810cf 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -10,16 +10,7 @@ msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online'] -- name: Install OpenShift Node package - yum: pkg=openshift-node state=present - register: node_install_result - -- name: Install openshift-sdn-ovs - yum: pkg=openshift-sdn-ovs state=present - register: sdn_install_result - when: openshift.common.use_openshift_sdn - -- name: Set node OpenShift facts +- name: Set node facts openshift_facts: role: "{{ item.role }}" local_facts: "{{ item.local_facts }}" @@ -38,17 +29,26 @@ portal_net: "{{ openshift_master_portal_net | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" +- name: Install Node package + yum: pkg={{ openshift.common.service_type }}-node state=present + register: node_install_result + +- name: Install sdn-ovs package + yum: pkg={{ openshift.common.service_type }}-sdn-ovs state=present + register: sdn_install_result + when: openshift.common.use_openshift_sdn + # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config template: dest: "{{ openshift_node_config_file }}" src: node.yaml.v1.j2 notify: - - restart openshift-node + - restart node -- name: Configure OpenShift Node settings +- name: Configure Node settings lineinfile: - dest: /etc/sysconfig/openshift-node + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" with_items: @@ -57,13 +57,13 @@ - regex: '^CONFIG_FILE=' line: "CONFIG_FILE={{ openshift_node_config_file }}" notify: - - restart openshift-node + - restart node - stat: path=/etc/sysconfig/docker register: docker_check # TODO: Enable secure registry when code available in origin -- name: Secure OpenShift Registry +- name: Secure Registry lineinfile: dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*' @@ -117,8 +117,8 @@ seboolean: name=virt_use_nfs state=yes persistent=yes when: ansible_selinux and ansible_selinux.status == "enabled" -- name: Start and enable openshift-node - service: name=openshift-node enabled=yes state=started +- name: Start and enable node + service: name={{ openshift.common.service_type }}-node enabled=yes state=started register: start_result - name: pause to prevent service restart from interfering with bootstrapping diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml index cf47f8354..77a9694de 100644 --- a/roles/openshift_node/vars/main.yml +++ b/roles/openshift_node/vars/main.yml @@ -1,3 +1,3 @@ --- -openshift_node_config_dir: /etc/openshift/node +openshift_node_config_dir: "{{ openshift.common.config_base }}/node" openshift_node_config_file: "{{ openshift_node_config_dir }}/node-config.yaml" -- cgit v1.2.3 From 886fab0967834d116bbba2e7d50feb2e13fff11f Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 26 Aug 2015 22:15:16 -0400 Subject: Bugfix for extra --add-registry in docker config --- roles/openshift_node/tasks/main.yml | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 18f0ce064..7679adbf3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -66,7 +66,7 @@ - name: Secure OpenShift Registry lineinfile: dest: /etc/sysconfig/docker - regexp: '^OPTIONS=.*' + regexp: '^OPTIONS=.*$' line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" when: docker_check.stat.isreg @@ -74,27 +74,29 @@ - restart docker - set_fact: - docker_additional_registries: "registry.access.redhat.com,{{ lookup('oo_option', 'docker_additional_registries') }}" - when: deployment_type == 'enterprise' + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') + | oo_split() | union(['registry.access.redhat.com']) + | difference(['']) }}" + when: openshift.common.deployment_type == 'enterprise' - set_fact: - docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}" - when: deployment_type != 'enterprise' + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') + | oo_split() | difference(['']) }}" + when: openshift.common.deployment_type != 'enterprise' - name: Add personal registries lineinfile: dest: /etc/sysconfig/docker - regexp: '^ADD_REGISTRY=.*' - line: "ADD_REGISTRY='{{ docker_additional_registries | oo_split() - | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'" - when: docker_check.stat.isreg and - docker_additional_registries != '' + regexp: '^ADD_REGISTRY=.*$' + line: "ADD_REGISTRY='{{ docker_additional_registries + | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'" + when: docker_check.stat.isreg and docker_additional_registries notify: - restart docker - name: Block registries lineinfile: dest: /etc/sysconfig/docker - regexp: '^BLOCK_REGISTRY=.*' + regexp: '^BLOCK_REGISTRY=.*$' line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split() | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'" when: docker_check.stat.isreg and -- cgit v1.2.3 From c28aea2f19b6aea729f27b636e5318ac775addb6 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 1 Sep 2015 16:34:01 -0400 Subject: Add openshift_node_sdn_mtu configuration Sync's with Origin 1.0.6 and OSE 3.0.2 node-config.yaml networkConfig changes Fixes #534 --- roles/openshift_node/tasks/main.yml | 1 + roles/openshift_node/templates/node.yaml.v1.j2 | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index db1731d65..e56a666e9 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -28,6 +28,7 @@ debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" portal_net: "{{ openshift_master_portal_net | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" + sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" - name: Install Node package yum: pkg={{ openshift.common.service_type }}-node state=present diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index e176e7511..0f708fb55 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -13,6 +13,11 @@ kubeletArguments: {{ openshift.node.kubelet_args | to_json }} {% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig networkPluginName: {{ openshift.common.sdn_network_plugin_name }} +# networkConfig struct introduced in origin 1.0.6 and OSE 3.0.2 which +# deprecates networkPluginName above. The two should match. +networkConfig: + mtu: {{ openshift.node.sdn_mtu }} + networkPluginName: {{ openshift.common.sdn_network_plugin_name }} nodeName: {{ openshift.common.hostname }} podManifestConfig: servingInfo: @@ -21,4 +26,4 @@ servingInfo: clientCA: ca.crt keyFile: server.key volumeDirectory: {{ openshift_data_dir }}/openshift.local.volumes -{% include 'partials/kubeletArguments.j2' %} \ No newline at end of file +{% include 'partials/kubeletArguments.j2' %} -- cgit v1.2.3 From 8e3d2689c442762cdd5df08ca31721c5b17b2ee8 Mon Sep 17 00:00:00 2001 From: Stefanie Forrester Date: Thu, 27 Aug 2015 12:45:06 -0700 Subject: added new node fact for schedulability --- roles/openshift_node/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e56a666e9..11190ab72 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -29,6 +29,7 @@ portal_net: "{{ openshift_master_portal_net | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" + schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" - name: Install Node package yum: pkg={{ openshift.common.service_type }}-node state=present -- cgit v1.2.3 From 633c651285b53ee154cd497513ded4a26c88d991 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 3 Sep 2015 15:30:03 -0400 Subject: Add openshift_version to set RPM versions Mostly necessary for debugging / testing upgrade paths --- roles/openshift_node/tasks/main.yml | 6 ++++-- roles/openshift_node/vars/main.yml | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e56a666e9..7a862c99f 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -30,12 +30,14 @@ kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" +# We have to add tuned-profiles in the same transaction otherwise we run into depsolving +# problems because the rpms don't pin the version properly. - name: Install Node package - yum: pkg={{ openshift.common.service_type }}-node state=present + yum: pkg={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present register: node_install_result - name: Install sdn-ovs package - yum: pkg={{ openshift.common.service_type }}-sdn-ovs state=present + yum: pkg={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present register: sdn_install_result when: openshift.common.use_openshift_sdn diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml index 77a9694de..db2c3e15a 100644 --- a/roles/openshift_node/vars/main.yml +++ b/roles/openshift_node/vars/main.yml @@ -1,3 +1,4 @@ --- openshift_node_config_dir: "{{ openshift.common.config_base }}/node" openshift_node_config_file: "{{ openshift_node_config_dir }}/node-config.yaml" +openshift_version: "{{ openshift_version | default('') }}" -- cgit v1.2.3 From 07c59ea91a8e87d1b7edbb88ae6012ac13643f52 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Fri, 4 Sep 2015 18:32:28 -0400 Subject: Avoid a recursive loop --- roles/openshift_node/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml index db2c3e15a..43dc50ca8 100644 --- a/roles/openshift_node/vars/main.yml +++ b/roles/openshift_node/vars/main.yml @@ -1,4 +1,4 @@ --- openshift_node_config_dir: "{{ openshift.common.config_base }}/node" openshift_node_config_file: "{{ openshift_node_config_dir }}/node-config.yaml" -openshift_version: "{{ openshift_version | default('') }}" +openshift_version: "{{ openshift_pkg_version | default('') }}" -- cgit v1.2.3 From 12b56e720a8221208fbc1c5dd8a7e5732aa4f04e Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 9 Sep 2015 12:03:09 -0400 Subject: Move openshift_data_dir to a fact based on deployment_type Previously this was being set to /var/lib/origin regardless of deployment_type which isn't correct given that existing 'enterprise' and 'online' deployments would have been deployed with /var/lib/openshift --- roles/openshift_node/templates/node.yaml.v1.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 0f708fb55..07d80f99b 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -25,5 +25,5 @@ servingInfo: certFile: server.crt clientCA: ca.crt keyFile: server.key -volumeDirectory: {{ openshift_data_dir }}/openshift.local.volumes +volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes {% include 'partials/kubeletArguments.j2' %} -- cgit v1.2.3 From 44f2904159c5a3e0045eb413287a9c1778f91adb Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 10 Sep 2015 10:27:35 -0400 Subject: Upgrades --- roles/openshift_node/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 1986b631e..e8cc499c0 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -47,6 +47,7 @@ template: dest: "{{ openshift_node_config_file }}" src: node.yaml.v1.j2 + backup: true notify: - restart node -- cgit v1.2.3 From a22fbd327ab9decda9543d47c1ba375b9faecffd Mon Sep 17 00:00:00 2001 From: Chengcheng Mu Date: Tue, 18 Aug 2015 10:46:23 +0200 Subject: GCE-support (more information in PR, README_GCE.md) --- roles/openshift_node/tasks/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e8cc499c0..7e5ac2b5b 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -22,7 +22,7 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - labels: "{{ openshift_node_labels | default(none) }}" + labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default() ) }}" annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" @@ -73,6 +73,12 @@ dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ +--insecure-registry=dockerhub.rnd.amadeus.net:5000 \ +--insecure-registry=dockerhub.rnd.amadeus.net:5001 \ +--insecure-registry=dockerhub.rnd.amadeus.net:5002 \ +--add-registry=dockerhub.rnd.amadeus.net:5000 \ +--add-registry=dockerhub.rnd.amadeus.net:5001 \ +--add-registry=dockerhub.rnd.amadeus.net:5002 \ {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" when: docker_check.stat.isreg notify: -- cgit v1.2.3 From b8dcab08624bfdc4e89a144b82caa68883d1f861 Mon Sep 17 00:00:00 2001 From: Chengcheng Mu Date: Thu, 1 Oct 2015 15:45:45 +0200 Subject: Removed some application specific code like insecure registries, heat template --- roles/openshift_node/tasks/main.yml | 6 ------ 1 file changed, 6 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 7e5ac2b5b..96cd96315 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -73,12 +73,6 @@ dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ ---insecure-registry=dockerhub.rnd.amadeus.net:5000 \ ---insecure-registry=dockerhub.rnd.amadeus.net:5001 \ ---insecure-registry=dockerhub.rnd.amadeus.net:5002 \ ---add-registry=dockerhub.rnd.amadeus.net:5000 \ ---add-registry=dockerhub.rnd.amadeus.net:5001 \ ---add-registry=dockerhub.rnd.amadeus.net:5002 \ {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" when: docker_check.stat.isreg notify: -- cgit v1.2.3 From 3073d1f729f9dcd202088f6b318b465567c6344b Mon Sep 17 00:00:00 2001 From: Thomas Wiest Date: Mon, 5 Oct 2015 13:48:41 -0400 Subject: Revert "GCE support" --- roles/openshift_node/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 96cd96315..e8cc499c0 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -22,7 +22,7 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default() ) }}" + labels: "{{ openshift_node_labels | default(none) }}" annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" -- cgit v1.2.3 From a3ba0278879075e14373a6872acc5f0c3cc3d9a2 Mon Sep 17 00:00:00 2001 From: Chengcheng Mu Date: Tue, 6 Oct 2015 16:59:00 +0200 Subject: Revert "Revert "GCE support"" This reverts commit 3073d1f729f9dcd202088f6b318b465567c6344b. --- roles/openshift_node/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e8cc499c0..96cd96315 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -22,7 +22,7 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - labels: "{{ openshift_node_labels | default(none) }}" + labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default() ) }}" annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" -- cgit v1.2.3 From ffc4ce40316acfccf1e36a9bca27c52819853e2a Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Wed, 30 Sep 2015 13:22:45 -0400 Subject: Use lower() filter for node hostname --- roles/openshift_node/templates/node.yaml.v1.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 07d80f99b..946c0b655 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -18,7 +18,7 @@ networkPluginName: {{ openshift.common.sdn_network_plugin_name }} networkConfig: mtu: {{ openshift.node.sdn_mtu }} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} -nodeName: {{ openshift.common.hostname }} +nodeName: {{ openshift.common.hostname | lower }} podManifestConfig: servingInfo: bindAddress: 0.0.0.0:10250 -- cgit v1.2.3 From 46f10c87930747d7e10cfc2c3b71ea68da647135 Mon Sep 17 00:00:00 2001 From: Chengcheng Mu Date: Fri, 9 Oct 2015 09:35:40 +0200 Subject: fix : (node) labels defaults correctly to the variable openshift_node_labels when oo_option returns an empty list --- roles/openshift_node/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 96cd96315..d45dd8073 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -22,7 +22,7 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default() ) }}" + labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" -- cgit v1.2.3 From 972ce1f574673eea333a0cc412e37a0902cc83e7 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 19 Oct 2015 13:21:15 -0400 Subject: Open 4789/udp when using the SDN --- roles/openshift_node/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index c4abf9d7c..fffbf2994 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -10,3 +10,6 @@ os_firewall_allow: port: 10255/tcp - service: Openshift kubelet ReadOnlyPort udp port: 10255/udp +- service: OpenShift OVS sdn + port: 4789/udp + when: openshift.node.use_openshift_sdn | bool -- cgit v1.2.3 From 2b465af8ecc2ab2da13d60707e3383f809ea9924 Mon Sep 17 00:00:00 2001 From: Tomas Sedovic Date: Tue, 6 Oct 2015 11:10:55 +0200 Subject: Allow disabling the network plugin configuration This is useful when we want to use a different networking solution without having any networking plugin code run when the services start up. --- roles/openshift_node/templates/node.yaml.v1.j2 | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 946c0b655..4931d127e 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -12,12 +12,16 @@ kind: NodeConfig kubeletArguments: {{ openshift.node.kubelet_args | to_json }} {% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig +{% if openshift.common.use_openshift_sdn %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} +{% endif %} # networkConfig struct introduced in origin 1.0.6 and OSE 3.0.2 which # deprecates networkPluginName above. The two should match. networkConfig: mtu: {{ openshift.node.sdn_mtu }} +{% if openshift.common.use_openshift_sdn %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} +{% endif %} nodeName: {{ openshift.common.hostname | lower }} podManifestConfig: servingInfo: -- cgit v1.2.3 From 28060809e10c54bf2edd2f9bf2dd22ce5acfff0a Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Wed, 21 Oct 2015 16:00:06 -0400 Subject: Avoid hardcoded 30s pauses - refactor node and master restart handlers to avoid 30s pauses --- roles/openshift_node/handlers/main.yml | 1 + roles/openshift_node/tasks/main.yml | 5 ++--- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 633f3ed13..5638a23c1 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,6 +1,7 @@ --- - name: restart node service: name={{ openshift.common.service_type }}-node state=restarted + when: not skip_node_restart | default(false) - name: restart docker service: name=docker state=restarted diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index d45dd8073..a6e8747a3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -128,6 +128,5 @@ service: name={{ openshift.common.service_type }}-node enabled=yes state=started register: start_result -- name: pause to prevent service restart from interfering with bootstrapping - pause: seconds=30 - when: start_result | changed +- set_fact: + skip_node_restart = start_result | changed -- cgit v1.2.3 From b274f486d1b92e382ce40344bfbe4903c7452954 Mon Sep 17 00:00:00 2001 From: ejemba Date: Thu, 22 Oct 2015 19:55:20 +0200 Subject: Adding Docker Log Options capabilities In regard of issue https://github.com/openshift/openshift-ansible/issues/696 added options (docker_log_dirver and docker_log_options) to bin/cluster: bin/cluster -o docker_log_driver=json-file -o docker_log_options="max-size=5m,max-files=5" will be added to OPTION in /etc/sysconfig/docker in all nodes of the cluster: "--log-driver json-file --log-opt max-size=5m --log-opt max-files=5" --- roles/openshift_node/tasks/main.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index d45dd8073..4ebb007f6 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -30,6 +30,8 @@ kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" + docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" + docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. @@ -68,12 +70,14 @@ register: docker_check # TODO: Enable secure registry when code available in origin -- name: Secure Registry +- name: Secure Registry and Logs Options lineinfile: dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ -{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" +{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \ +{% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }} {% endif %} \ +{% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '" when: docker_check.stat.isreg notify: - restart docker -- cgit v1.2.3 From 48889b8ed74abfd070fb5ecad082c4f540f7a3fe Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 23 Oct 2015 11:00:33 -0400 Subject: cleanup naming for skipping master and node restart handlers --- roles/openshift_node/handlers/main.yml | 2 +- roles/openshift_node/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 5638a23c1..447ca85f3 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: restart node service: name={{ openshift.common.service_type }}-node state=restarted - when: not skip_node_restart | default(false) + when: not node_service_status_changed | default(false) - name: restart docker service: name=docker state=restarted diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index a6e8747a3..a7d63befa 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -129,4 +129,4 @@ register: start_result - set_fact: - skip_node_restart = start_result | changed + node_service_status_changed = start_result | changed -- cgit v1.2.3 From db570ca4fa92560e0ec1b90e1eabe6192f332c61 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 16 Oct 2015 11:33:28 -0400 Subject: Install storage plugin dependencies --- roles/openshift_node/tasks/main.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 98271c8b3..036196d5e 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -39,6 +39,15 @@ yum: pkg={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present register: node_install_result +# TODO: allow for storage pre-requisites to be optional +- name: Install storage plugin pre-requisites + yum: + pkg: "{{ item }}" + state: installed + with_items: + - glusterfs-fuse + - ceph-common + - name: Install sdn-ovs package yum: pkg={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present register: sdn_install_result @@ -124,9 +133,15 @@ notify: - restart docker -- name: Allow NFS access for VMs - seboolean: name=virt_use_nfs state=yes persistent=yes +- name: Set sebooleans to allow storage plugin access from containers + seboolean: + name: "{{ item }}" + state: yes + persistent: yes when: ansible_selinux and ansible_selinux.status == "enabled" + with_items: + - virt_use_nfs + - virt_use_fusefs - name: Start and enable node service: name={{ openshift.common.service_type }}-node enabled=yes state=started -- cgit v1.2.3 From aff1356306adf8d02efe06ccbb322b68bef0995d Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Fri, 23 Oct 2015 14:08:40 -0400 Subject: make storage plugin dependency installation more flexible --- roles/openshift_node/tasks/main.yml | 21 +++------------------ roles/openshift_node/tasks/storage_plugins/ceph.yml | 5 +++++ .../tasks/storage_plugins/glusterfs.yml | 12 ++++++++++++ roles/openshift_node/tasks/storage_plugins/main.yml | 17 +++++++++++++++++ roles/openshift_node/tasks/storage_plugins/nfs.yml | 7 +++++++ 5 files changed, 44 insertions(+), 18 deletions(-) create mode 100644 roles/openshift_node/tasks/storage_plugins/ceph.yml create mode 100644 roles/openshift_node/tasks/storage_plugins/glusterfs.yml create mode 100644 roles/openshift_node/tasks/storage_plugins/main.yml create mode 100644 roles/openshift_node/tasks/storage_plugins/nfs.yml (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 036196d5e..aea60b75c 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -32,6 +32,7 @@ schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" + storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. @@ -39,15 +40,6 @@ yum: pkg={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present register: node_install_result -# TODO: allow for storage pre-requisites to be optional -- name: Install storage plugin pre-requisites - yum: - pkg: "{{ item }}" - state: installed - with_items: - - glusterfs-fuse - - ceph-common - - name: Install sdn-ovs package yum: pkg={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present register: sdn_install_result @@ -133,15 +125,8 @@ notify: - restart docker -- name: Set sebooleans to allow storage plugin access from containers - seboolean: - name: "{{ item }}" - state: yes - persistent: yes - when: ansible_selinux and ansible_selinux.status == "enabled" - with_items: - - virt_use_nfs - - virt_use_fusefs +- name: Additional storage plugin configuration + include: storage_plugins/main.yml - name: Start and enable node service: name={{ openshift.common.service_type }}-node enabled=yes state=started diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml new file mode 100644 index 000000000..b6936618a --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -0,0 +1,5 @@ +--- +- name: Install Ceph storage plugin dependencies + yum: + pkg: ceph-common + state: installed diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml new file mode 100644 index 000000000..b812e81df --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -0,0 +1,12 @@ +--- +- name: Install GlusterFS storage plugin dependencies + yum: + pkg: glusterfs-fuse + state: installed + +- name: Set seboolean to allow gluster storage plugin access from containers + seboolean: + name: virt_use_fusefs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml new file mode 100644 index 000000000..042b38cd3 --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/main.yml @@ -0,0 +1,17 @@ +--- +- pause: + +# The NFS storage plugin is always enabled since it doesn't require any +# additional package dependencies +- name: NFS storage plugin configuration + include: nfs.yml + +- name: GlusterFS storage plugin configuration + include: glusterfs.yml + when: "'glusterfs' in openshift.node.storage_plugin_deps" + +- name: Ceph storage plugin configuration + include: ceph.yml + when: "'ceph' in openshift.node.storage_plugin_deps" + +- pause: diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml new file mode 100644 index 000000000..1edf21d9b --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -0,0 +1,7 @@ +--- +- name: Set seboolean to allow nfs storage plugin access from containers + seboolean: + name: virt_use_nfs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" -- cgit v1.2.3 From 56660d50f1480d6c7ba7b83c4b172084614e6226 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Mon, 26 Oct 2015 22:42:27 -0400 Subject: remove debugging pauses --- roles/openshift_node/tasks/storage_plugins/main.yml | 4 ---- 1 file changed, 4 deletions(-) (limited to 'roles/openshift_node') diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml index 042b38cd3..39c7b9390 100644 --- a/roles/openshift_node/tasks/storage_plugins/main.yml +++ b/roles/openshift_node/tasks/storage_plugins/main.yml @@ -1,6 +1,4 @@ --- -- pause: - # The NFS storage plugin is always enabled since it doesn't require any # additional package dependencies - name: NFS storage plugin configuration @@ -13,5 +11,3 @@ - name: Ceph storage plugin configuration include: ceph.yml when: "'ceph' in openshift.node.storage_plugin_deps" - -- pause: -- cgit v1.2.3