From ac0f4cb56e1469e9033e3a218265bc70f774624d Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 25 Aug 2015 14:40:08 -0400 Subject: more tweaks --- roles/haproxy/defaults/main.yml | 7 +++++++ roles/haproxy/meta/main.yml | 4 +++- roles/haproxy/templates/haproxy.cfg.j2 | 9 +++++++-- .../files/atomic-openshift-master-api | 9 +++++++++ .../files/atomic-openshift-master-api.service | 21 +++++++++++++++++++++ .../files/atomic-openshift-master-controllers | 9 +++++++++ .../atomic-openshift-master-controllers.service | 22 ++++++++++++++++++++++ roles/openshift_master/tasks/main.yml | 21 +++++---------------- roles/openshift_master_ca/tasks/main.yml | 2 +- 9 files changed, 84 insertions(+), 20 deletions(-) create mode 100644 roles/openshift_master/files/atomic-openshift-master-api create mode 100644 roles/openshift_master/files/atomic-openshift-master-api.service create mode 100644 roles/openshift_master/files/atomic-openshift-master-controllers create mode 100644 roles/openshift_master/files/atomic-openshift-master-controllers.service (limited to 'roles') diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml index 16e9af4d1..7ba5bd485 100644 --- a/roles/haproxy/defaults/main.yml +++ b/roles/haproxy/defaults/main.yml @@ -12,3 +12,10 @@ haproxy_backends: - name: web01 address: 127.0.0.1:9000 opts: check + +os_firewall_use_firewalld: False +os_firewall_allow: +- service: haproxy stats + port: "9000/tcp" +- service: haproxy balance + port: "8443/tcp" diff --git a/roles/haproxy/meta/main.yml b/roles/haproxy/meta/main.yml index e02d8f53c..0fad106a9 100644 --- a/roles/haproxy/meta/main.yml +++ b/roles/haproxy/meta/main.yml @@ -9,4 +9,6 @@ galaxy_info: - name: EL versions: - 7 -dependencies: [] +dependencies: +- { role: os_firewall } +- { role: openshift_repos } diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 index fddf0ede1..c932af72f 100644 --- a/roles/haproxy/templates/haproxy.cfg.j2 +++ b/roles/haproxy/templates/haproxy.cfg.j2 @@ -27,12 +27,17 @@ defaults timeout http-request 10s timeout queue 1m timeout connect 10s - timeout client 1m - timeout server 1m + timeout client 300s + timeout server 300s timeout http-keep-alive 10s timeout check 10s maxconn 3000 +listen stats :9000 + mode http + stats enable + stats uri / + {% for frontend in haproxy_frontends %} frontend {{ frontend.name }} {% for bind in frontend.binds %} diff --git a/roles/openshift_master/files/atomic-openshift-master-api b/roles/openshift_master/files/atomic-openshift-master-api new file mode 100644 index 000000000..ea82468a0 --- /dev/null +++ b/roles/openshift_master/files/atomic-openshift-master-api @@ -0,0 +1,9 @@ +OPTIONS= +CONFIG_FILE=/etc/origin/master/master-config.yaml + +# Proxy configuration +# Origin uses standard HTTP_PROXY environment variables. Be sure to set +# NO_PROXY for your master +#NO_PROXY=master.example.com +#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT +#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/files/atomic-openshift-master-api.service b/roles/openshift_master/files/atomic-openshift-master-api.service new file mode 100644 index 000000000..b24b9809e --- /dev/null +++ b/roles/openshift_master/files/atomic-openshift-master-api.service @@ -0,0 +1,21 @@ +[Unit] +Description=Atomic OpenShift Master API +Documentation=https://github.com/openshift/origin +After=network.target +After=etcd.service +Before=atomic-openshift-node.service +Requires=network.target + +[Service] +Type=notify +EnvironmentFile=/etc/sysconfig/atomic-openshift-master-api +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/atomic-enterprise start master api --config=${CONFIG_FILE} $OPTIONS +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory=/var/lib/origin/ +SyslogIdentifier=atomic-openshift-master-api + +[Install] +WantedBy=multi-user.target +WantedBy=atomic-openshift-node.service diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers b/roles/openshift_master/files/atomic-openshift-master-controllers new file mode 100644 index 000000000..ea82468a0 --- /dev/null +++ b/roles/openshift_master/files/atomic-openshift-master-controllers @@ -0,0 +1,9 @@ +OPTIONS= +CONFIG_FILE=/etc/origin/master/master-config.yaml + +# Proxy configuration +# Origin uses standard HTTP_PROXY environment variables. Be sure to set +# NO_PROXY for your master +#NO_PROXY=master.example.com +#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT +#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers.service b/roles/openshift_master/files/atomic-openshift-master-controllers.service new file mode 100644 index 000000000..e84160e5a --- /dev/null +++ b/roles/openshift_master/files/atomic-openshift-master-controllers.service @@ -0,0 +1,22 @@ +[Unit] +Description=Atomic OpenShift Master Controllers +Documentation=https://github.com/openshift/origin +After=network.target +After=atomic-openshift-master-api.service +Before=atomic-openshift-node.service +Requires=network.target + +[Service] +Type=notify +EnvironmentFile=/etc/sysconfig/atomic-openshift-master-controllers +Environment=GOTRACEBACK=crash +ExecStart=/usr/bin/atomic-enterprise start master controllers --config=${CONFIG_FILE} $OPTIONS +LimitNOFILE=131072 +LimitCORE=infinity +WorkingDirectory=/var/lib/origin/ +SyslogIdentifier=atomic-openshift-master-controllers +Restart=on-failure + +[Install] +WantedBy=multi-user.target +WantedBy=atomic-openshift-node.service diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index b23c19d37..00aaa2e57 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -204,27 +204,16 @@ when: not openshift_master_ha | bool register: start_result -# workaround for start bug when configuring ha -- name: Start master for ha workaround - service: name={{ openshift.common.service_type }}-master state=started - when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master - -- name: pause for 30 seconds to let master finish starting up for ha workaround - pause: seconds=30 - when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master - -- name: Stop master for ha workaround - service: name={{ openshift.common.service_type }}-master state=stopped - when: openshift_master_ha | bool and inventory_hostname in groups.oo_first_master -# end workaround for start bug when configuring ha - -- fail: - - name: Start and enable master api service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started when: openshift_master_ha | bool register: start_result +# TODO: work to eliminate this workaround +- name: pause a random interval to avoid startup errors for controller + pause: seconds={{ 60 | random(step=5) }} + when: openshift_master_ha | bool + - name: Start and enable master controller service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started when: openshift_master_ha | bool diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index abb0f8252..0738048d3 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -14,7 +14,7 @@ - name: Create the master certificates if they do not already exist command: > {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ openshift.common.all_hostnames | join(',') }} + --hostnames={{ master_hostnames | join(',') }} --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_master_config_dir }} --overwrite=false -- cgit v1.2.3