From 82b4209c02c27ab0e9a6d9c016ff06d12f42a9c1 Mon Sep 17 00:00:00 2001
From: Brenton Leanhardt <bleanhar@redhat.com>
Date: Thu, 5 Nov 2015 08:41:51 -0500
Subject: Bug 1274201 - Fixing sudo non-interactive test

https://bugzilla.redhat.com/show_bug.cgi?id=1274201#c13
---
 utils/src/ooinstall/openshift_ansible.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'utils/src/ooinstall/openshift_ansible.py')

diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py
index e33330102..bdb9859a2 100644
--- a/utils/src/ooinstall/openshift_ansible.py
+++ b/utils/src/ooinstall/openshift_ansible.py
@@ -46,7 +46,7 @@ def generate_inventory(hosts):
 
     if any(host.hostname == installer_host or host.public_hostname == installer_host
             for host in hosts):
-        no_pwd_sudo = subprocess.call(['sudo', '-v', '--non-interactive'])
+        no_pwd_sudo = subprocess.call(['sudo', '-v', '-n'])
         if no_pwd_sudo == 1:
             print 'The atomic-openshift-installer requires sudo access without a password.'
             sys.exit(1)
-- 
cgit v1.2.3


From cfca7b9f7894e2b427ae0753477cd13cc537e348 Mon Sep 17 00:00:00 2001
From: Brenton Leanhardt <bleanhar@redhat.com>
Date: Thu, 5 Nov 2015 09:14:33 -0500
Subject: Bug 1274201 - Fixing non-root installations if using a local
 connection

Previously we were writing out a inventory like this:

~~~
[OSEv3:children]
masters
nodes

[OSEv3:vars]
ansible_ssh_user=root
deployment_type=openshift-enterprise
ansible_connection=local

[masters]
ose3-master.example.com  openshift_hostname=ose3-master.example.com

[nodes]
ose3-master.example.com  openshift_hostname=ose3-master.example.com
ose3-node1.example.com  openshift_hostname=ose3-node1.example.com
ose3-node2.example.com  openshift_hostname=ose3-node2.example.com
~~~

The problem with that is now all the hosts are consider local connections.  In
addition our sudo check wasn't working as expected.  We would check that we
have sudo, but the playbooks were not running with root privileges.  When
gathering facts you'd hit:

~~~
__main__.OpenShiftFactsFileWriteError: Could not create fact file: /etc/ansible/facts.d/openshift.fact, error: [Errno 13] Permission denied: '/etc/ansible/facts.d/openshift.fact'
~~~

Instead the test for locale connections needs to be per host.  Anytime we're not running as root we need `ansible_become` set:

~~~
ose3-master.example.com  openshift_hostname=ose3-master.example.com ansible_connection=local ansible_become=true
~~~
---
 utils/src/ooinstall/openshift_ansible.py | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

(limited to 'utils/src/ooinstall/openshift_ansible.py')

diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py
index bdb9859a2..4b37be278 100644
--- a/utils/src/ooinstall/openshift_ansible.py
+++ b/utils/src/ooinstall/openshift_ansible.py
@@ -18,7 +18,6 @@ def set_config(cfg):
 def generate_inventory(hosts):
     global CFG
 
-    installer_host = socket.gethostname()
     base_inventory_path = CFG.settings['ansible_inventory_path']
     base_inventory = open(base_inventory_path, 'w')
     base_inventory.write('\n[OSEv3:children]\nmasters\nnodes\n')
@@ -44,14 +43,6 @@ def generate_inventory(hosts):
     if 'OO_INSTALL_STAGE_REGISTRY' in os.environ:
         base_inventory.write('oreg_url=registry.access.stage.redhat.com/openshift3/ose-${component}:${version}\n')
 
-    if any(host.hostname == installer_host or host.public_hostname == installer_host
-            for host in hosts):
-        no_pwd_sudo = subprocess.call(['sudo', '-v', '-n'])
-        if no_pwd_sudo == 1:
-            print 'The atomic-openshift-installer requires sudo access without a password.'
-            sys.exit(1)
-        base_inventory.write("ansible_connection=local\n")
-
     base_inventory.write('\n[masters]\n')
     masters = (host for host in hosts if host.master)
     for master in masters:
@@ -72,6 +63,7 @@ def generate_inventory(hosts):
 
 def write_host(host, inventory, scheduleable=True):
     global CFG
+
     facts = ''
     if host.ip:
         facts += ' openshift_ip={}'.format(host.ip)
@@ -85,6 +77,16 @@ def write_host(host, inventory, scheduleable=True):
     # Technically only nodes will ever need this.
     if not scheduleable:
         facts += ' openshift_scheduleable=False'
+    installer_host = socket.gethostname()
+    if host.hostname == installer_host or host.public_hostname == installer_host:
+        facts += ' ansible_connection=local'
+        if os.geteuid() != 0:
+            no_pwd_sudo = subprocess.call(['sudo', '-v', '-n'])
+            if no_pwd_sudo == 1:
+                print 'The atomic-openshift-installer requires sudo access without a password.'
+                sys.exit(1)
+            facts += ' ansible_become=true'
+
     inventory.write('{} {}\n'.format(host, facts))
 
 
-- 
cgit v1.2.3


From dcd2fb0558c58fb79f9e3dd9ecd5f6687d8bed5d Mon Sep 17 00:00:00 2001
From: Brenton Leanhardt <bleanhar@redhat.com>
Date: Thu, 5 Nov 2015 09:47:50 -0500
Subject: Making it easier to use pre-release content

---
 utils/src/ooinstall/openshift_ansible.py | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

(limited to 'utils/src/ooinstall/openshift_ansible.py')

diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py
index 4b37be278..0648df0fa 100644
--- a/utils/src/ooinstall/openshift_ansible.py
+++ b/utils/src/ooinstall/openshift_ansible.py
@@ -31,17 +31,18 @@ def generate_inventory(hosts):
         version=CFG.settings.get('variant_version', None))[1]
     base_inventory.write('deployment_type={}\n'.format(ver.ansible_key))
 
-    if 'OO_INSTALL_DEVEL_REGISTRY' in os.environ:
-        base_inventory.write('oreg_url=rcm-img-docker01.build.eng.bos.redhat.com:'
-            '5001/openshift3/ose-${component}:${version}\n')
-    if 'OO_INSTALL_PUDDLE_REPO_ENABLE' in os.environ:
-        base_inventory.write("openshift_additional_repos=[{'id': 'ose-devel', "
+    if 'OO_INSTALL_ADDITIONAL_REGISTRIES' in os.environ:
+        base_inventory.write('cli_docker_additional_registries={}\n'
+          .format(os.environ['OO_INSTALL_ADDITIONAL_REGISTRIES']))
+    if 'OO_INSTALL_INSECURE_REGISTRIES' in os.environ:
+        base_inventory.write('cli_docker_insecure_registries={}\n'
+          .format(os.environ['OO_INSTALL_INSECURE_REGISTRIES']))
+    if 'OO_INSTALL_PUDDLE_REPO' in os.environ:
+        # We have to double the '{' here for literals
+        base_inventory.write("openshift_additional_repos=[{{'id': 'ose-devel', "
             "'name': 'ose-devel', "
-            "'baseurl': 'http://buildvm-devops.usersys.redhat.com"
-            "/puddle/build/AtomicOpenShift/3.1/latest/RH7-RHAOS-3.1/$basearch/os', "
-            "'enabled': 1, 'gpgcheck': 0}]\n")
-    if 'OO_INSTALL_STAGE_REGISTRY' in os.environ:
-        base_inventory.write('oreg_url=registry.access.stage.redhat.com/openshift3/ose-${component}:${version}\n')
+            "'baseurl': '{}', "
+            "'enabled': 1, 'gpgcheck': 0}}]\n".format(os.environ['OO_INSTALL_PUDDLE_REPO']))
 
     base_inventory.write('\n[masters]\n')
     masters = (host for host in hosts if host.master)
-- 
cgit v1.2.3