summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.tito/packages/openshift-ansible2
-rw-r--r--Vagrantfile4
-rw-r--r--filter_plugins/oo_filters.py28
-rw-r--r--filter_plugins/openshift_master.py27
-rw-r--r--inventory/byo/hosts.aep.example11
-rw-r--r--inventory/byo/hosts.origin.example11
-rw-r--r--inventory/byo/hosts.ose.example9
-rw-r--r--openshift-ansible.spec36
-rw-r--r--playbooks/adhoc/bootstrap-fedora.yml1
-rw-r--r--playbooks/aws/openshift-cluster/terminate.yml2
-rw-r--r--playbooks/byo/rhel_subscribe.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml39
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml27
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml1
-rw-r--r--playbooks/common/openshift-master/config.yml59
-rw-r--r--playbooks/common/openshift-node/config.yml3
-rw-r--r--playbooks/gce/openshift-cluster/terminate.yml2
-rw-r--r--playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml11
-rw-r--r--playbooks/libvirt/openshift-cluster/templates/user-data1
-rw-r--r--playbooks/libvirt/openshift-cluster/terminate.yml2
-rw-r--r--playbooks/openstack/openshift-cluster/launch.yml8
-rw-r--r--playbooks/openstack/openshift-cluster/terminate.yml2
-rw-r--r--roles/fluentd_master/meta/main.yml15
-rw-r--r--roles/fluentd_master/tasks/main.yml57
-rw-r--r--roles/fluentd_master/templates/kubernetes.conf.j29
-rw-r--r--roles/fluentd_node/tasks/main.yml57
-rw-r--r--roles/fluentd_node/templates/kubernetes.conf.j253
-rw-r--r--roles/fluentd_node/templates/td-agent.j22
-rw-r--r--roles/lib_dyn/library/dyn_record.py4
-rw-r--r--roles/lib_dyn/tasks/main.yml2
-rw-r--r--roles/lib_zabbix/library/zbx_action.py16
-rw-r--r--roles/nuage_master/handlers/main.yaml4
-rw-r--r--roles/nuage_master/tasks/main.yaml16
-rw-r--r--roles/nuage_master/templates/nuage-openshift-monitor.j2 (renamed from roles/nuage_master/templates/nuagekubemon.j2)4
-rw-r--r--roles/nuage_master/vars/main.yaml6
-rw-r--r--roles/nuage_node/tasks/main.yaml6
-rw-r--r--roles/nuage_node/templates/vsp-openshift.j2 (renamed from roles/nuage_node/templates/vsp-k8s.j2)0
-rw-r--r--roles/nuage_node/vars/main.yaml10
-rw-r--r--roles/openshift_common/tasks/main.yml5
-rw-r--r--roles/openshift_examples/defaults/main.yml2
-rw-r--r--roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/metrics-deployer.yaml2
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py53
-rw-r--r--roles/openshift_manageiq/tasks/main.yaml12
-rw-r--r--roles/openshift_master/tasks/main.yml36
-rw-r--r--roles/openshift_master/tasks/set_loopback_context.yml31
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j24
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j22
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml2
-rw-r--r--roles/openshift_node/tasks/main.yml3
-rw-r--r--roles/openshift_node/tasks/storage_plugins/iscsi.yml4
-rw-r--r--roles/openshift_node/tasks/storage_plugins/main.yml4
-rw-r--r--roles/openshift_node/templates/node.yaml.v1.j23
-rw-r--r--roles/openshift_persistent_volumes/templates/persistent-volume-claim.yml.j23
-rw-r--r--roles/openshift_persistent_volumes/templates/persistent-volume.yml.j23
-rw-r--r--roles/openshift_registry/README.md6
-rw-r--r--roles/openshift_registry/meta/main.yml4
-rw-r--r--roles/openshift_router/README.md5
-rw-r--r--roles/openshift_router/meta/main.yml4
-rw-r--r--roles/openshift_router/tasks/main.yml1
-rw-r--r--roles/openshift_serviceaccounts/meta/main.yml15
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml59
-rw-r--r--roles/openshift_serviceaccounts/templates/serviceaccount.j22
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml32
-rw-r--r--roles/os_zabbix/vars/template_openshift_master.yml36
-rw-r--r--roles/os_zabbix/vars/template_openshift_node.yml4
-rw-r--r--utils/src/ooinstall/cli_installer.py30
-rw-r--r--utils/src/ooinstall/openshift_ansible.py12
68 files changed, 464 insertions, 466 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible
index bfc9e0962..d176e08c5 100644
--- a/.tito/packages/openshift-ansible
+++ b/.tito/packages/openshift-ansible
@@ -1 +1 @@
-3.0.39-1 ./
+3.0.40-1 ./
diff --git a/Vagrantfile b/Vagrantfile
index 362e1ff48..a38378289 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -30,7 +30,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
libvirt.memory = 1024
libvirt.driver = 'kvm'
case deployment_type
- when "enterprise"
+ when "openshift-enterprise"
+ override.vm.box = "rhel-7"
+ when "atomic-enterprise"
override.vm.box = "rhel-7"
when "origin"
override.vm.box = "centos/7"
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index 450101785..dcda14c63 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -670,6 +670,33 @@ class FilterModule(object):
return rpms_31
+ @staticmethod
+ def oo_pods_match_component(pods, deployment_type, component):
+ """ Filters a list of Pods and returns the ones matching the deployment_type and component
+ """
+ if not isinstance(pods, list):
+ raise errors.AnsibleFilterError("failed expects to filter on a list")
+ if not isinstance(deployment_type, basestring):
+ raise errors.AnsibleFilterError("failed expects deployment_type to be a string")
+ if not isinstance(component, basestring):
+ raise errors.AnsibleFilterError("failed expects component to be a string")
+
+ image_prefix = 'openshift/origin-'
+ if deployment_type in ['enterprise', 'online', 'openshift-enterprise']:
+ image_prefix = 'openshift3/ose-'
+ elif deployment_type == 'atomic-enterprise':
+ image_prefix = 'aep3_beta/aep-'
+
+ matching_pods = []
+ image_regex = image_prefix + component + r'.*'
+ for pod in pods:
+ for container in pod['spec']['containers']:
+ if re.search(image_regex, container['image']):
+ matching_pods.append(pod)
+ break # stop here, don't add a pod more than once
+
+ return matching_pods
+
def filters(self):
""" returns a mapping of filters to methods """
return {
@@ -696,4 +723,5 @@ class FilterModule(object):
"oo_persistent_volumes": self.oo_persistent_volumes,
"oo_persistent_volume_claims": self.oo_persistent_volume_claims,
"oo_31_rpm_rename_conversion": self.oo_31_rpm_rename_conversion,
+ "oo_pods_match_component": self.oo_pods_match_component,
}
diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py
index 35a881a85..c41367f05 100644
--- a/filter_plugins/openshift_master.py
+++ b/filter_plugins/openshift_master.py
@@ -53,7 +53,20 @@ class IdentityProviderBase(object):
self.challenge = ansible_bool(self._idp.pop('challenge', False))
self.provider = dict(apiVersion=api_version, kind=self._idp.pop('kind'))
- self._required = [['mappingMethod', 'mapping_method']]
+ mm_keys = ('mappingMethod', 'mapping_method')
+ mapping_method = None
+ for key in mm_keys:
+ if key in self._idp:
+ mapping_method = self._idp[key]
+ if mapping_method is None:
+ mapping_method = self.get_default('mappingMethod')
+ self.mapping_method = mapping_method
+
+ valid_mapping_methods = ['add', 'claim', 'generate', 'lookup']
+ if self.mapping_method not in valid_mapping_methods:
+ raise errors.AnsibleFilterError("|failed unkown mapping method "
+ "for provider {0}".format(self.__class__.__name__))
+ self._required = []
self._optional = []
self._allow_additional = True
@@ -75,10 +88,7 @@ class IdentityProviderBase(object):
def validate(self):
''' validate an instance of this idp class '''
- valid_mapping_methods = ['add', 'claim', 'generate', 'lookup']
- if self.provider['mappingMethod'] not in valid_mapping_methods:
- raise errors.AnsibleFilterError("|failed unkown mapping method "
- "for provider {0}".format(self.__class__.__name__))
+ pass
@staticmethod
def get_default(key):
@@ -121,7 +131,8 @@ class IdentityProviderBase(object):
def to_dict(self):
''' translate this idp to a dictionary '''
return dict(name=self.name, challenge=self.challenge,
- login=self.login, provider=self.provider)
+ login=self.login, mappingMethod=self.mapping_method,
+ provider=self.provider)
class LDAPPasswordIdentityProvider(IdentityProviderBase):
@@ -436,7 +447,9 @@ class GitHubIdentityProvider(IdentityProviderOauthBase):
Raises:
AnsibleFilterError:
"""
- pass
+ def __init__(self, api_version, idp):
+ IdentityProviderOauthBase.__init__(self, api_version, idp)
+ self._optional += [['organizations']]
class FilterModule(object):
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example
index 7f4a1a9d2..a2e1708d4 100644
--- a/inventory/byo/hosts.aep.example
+++ b/inventory/byo/hosts.aep.example
@@ -89,17 +89,14 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#osm_mcs_labels_per_project=5
#osm_uid_allocator_range='1000000000-1999999999/10000'
-# Configure Fluentd
-#use_fluentd=true
-
# Enable cockpit
#osm_use_cockpit=true
#
# Set cockpit plugins
#osm_cockpit_plugins=['cockpit-kubernetes']
-# Native high availbility cluster method with optional load balancer.
-# If no lb group is defined installer assumes that a load balancer has
+# Native high availability cluster method with optional load balancer.
+# If no lb group is defined, the installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
@@ -142,7 +139,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# default storage plugin dependencies to install, by default the ceph and
# glusterfs plugin dependencies will be installed, if available.
-#osn_storage_plugin_deps=['ceph','glusterfs']
+#osn_storage_plugin_deps=['ceph','glusterfs','iscsi']
# default selectors for router and registry services
# openshift_router_selector='region=infra'
@@ -247,7 +244,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# openshift-ansible will wait indefinitely for your input when it detects that the
# value of openshift_hostname resolves to an IP address not bound to any local
# interfaces. This mis-configuration is problematic for any pod leveraging host
-# networking and liveness or readiness probes.
+# networking and liveness or readiness probes.
# Setting this variable to true will override that check.
#openshift_override_hostname_check=true
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index aae987796..de1d0f88b 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -94,17 +94,14 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#osm_mcs_labels_per_project=5
#osm_uid_allocator_range='1000000000-1999999999/10000'
-# Configure Fluentd
-#use_fluentd=true
-
# Enable cockpit
#osm_use_cockpit=true
#
# Set cockpit plugins
#osm_cockpit_plugins=['cockpit-kubernetes']
-# Native high availbility cluster method with optional load balancer.
-# If no lb group is defined installer assumes that a load balancer has
+# Native high availability cluster method with optional load balancer.
+# If no lb group is defined, the installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
@@ -147,7 +144,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# default storage plugin dependencies to install, by default the ceph and
# glusterfs plugin dependencies will be installed, if available.
-#osn_storage_plugin_deps=['ceph','glusterfs']
+#osn_storage_plugin_deps=['ceph','glusterfs','iscsi']
# default selectors for router and registry services
# openshift_router_selector='region=infra'
@@ -252,7 +249,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# openshift-ansible will wait indefinitely for your input when it detects that the
# value of openshift_hostname resolves to an IP address not bound to any local
# interfaces. This mis-configuration is problematic for any pod leveraging host
-# networking and liveness or readiness probes.
+# networking and liveness or readiness probes.
# Setting this variable to true will override that check.
#openshift_override_hostname_check=true
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index f017f9a6e..c80be574f 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -89,17 +89,14 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#osm_mcs_labels_per_project=5
#osm_uid_allocator_range='1000000000-1999999999/10000'
-# Configure Fluentd
-#use_fluentd=true
-
# Enable cockpit
#osm_use_cockpit=true
#
# Set cockpit plugins
#osm_cockpit_plugins=['cockpit-kubernetes']
-# Native high availbility cluster method with optional load balancer.
-# If no lb group is defined installer assumes that a load balancer has
+# Native high availability cluster method with optional load balancer.
+# If no lb group is defined, the installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
@@ -247,7 +244,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# openshift-ansible will wait indefinitely for your input when it detects that the
# value of openshift_hostname resolves to an IP address not bound to any local
# interfaces. This mis-configuration is problematic for any pod leveraging host
-# networking and liveness or readiness probes.
+# networking and liveness or readiness probes.
# Setting this variable to true will override that check.
#openshift_override_hostname_check=true
diff --git a/openshift-ansible.spec b/openshift-ansible.spec
index b6efaafdb..7c7fb399c 100644
--- a/openshift-ansible.spec
+++ b/openshift-ansible.spec
@@ -5,7 +5,7 @@
}
Name: openshift-ansible
-Version: 3.0.39
+Version: 3.0.40
Release: 1%{?dist}
Summary: Openshift and Atomic Enterprise Ansible
License: ASL 2.0
@@ -259,6 +259,40 @@ Atomic OpenShift Utilities includes
%changelog
+* Thu Feb 11 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.40-1
+- Bug 1306665 - [metrics] update metrics-deployer template to use latest image
+ versions (bleanhar@redhat.com)
+- Add organizations attribute to github identity provider (jdetiber@redhat.com)
+- use correct dict key (jdiaz@redhat.com)
+- handle being passed an empty group list (jdiaz@redhat.com)
+- fix default value (jdetiber@redhat.com)
+- removed notscheduleable trigger, it just makes noise in its current
+ incarnation (sten@redhat.com)
+- trigger on two successive bad pid counts (jdiaz@redhat.com)
+- added nodes not ready and nodes not schedulable triggers (sten@redhat.com)
+- Enable selection of kubeproxy mode (vishal.patil@nuagenetworks.net)
+- add default storage plugins to 'origin' deployment_type
+ (rvanveelen@tremorvideo.com)
+- added nodes not ready and nodes not schedulable triggers (sten@redhat.com)
+- Don't mask master service on atomic. (abutcher@redhat.com)
+- update defaults and examples w/ iscsi plugin (rvanveelen@tremorvideo.com)
+- add iscsi storage_plugin dependency (rvanveelen@tremorvideo.com)
+- Add gte check for 3.2, update version checks to gte (jdetiber@redhat.com)
+- Specify default namespace when creating router (pat2man@gmail.com)
+- add missing connection:local (jdetiber@redhat.com)
+- consolidate oo_first_master post-config a bit, fix some roles that use
+ openshift_facts without declaring a dependency (jdetiber@redhat.com)
+- openshift_serviceaccounts updates (jdetiber@redhat.com)
+- Fix infra_node deployment (jdetiber@redhat.com)
+- changed registry checks to alert based on number of registries with problems
+ (sten@redhat.com)
+- Fix a bug with existing CNAME records (rharriso@redhat.com)
+- Fix HA typo in example AEP/OSE/Origin inventories (adellape@redhat.com)
+- Updated the key for app create (kwoodson@redhat.com)
+- Add missing atomic- and openshift-enterprise (pep@redhat.com)
+- Fix enabling iptables for latest rhel versions (jdetiber@redhat.com)
+- Make pod_eviction_timeout configurable from cli (jawed.khelil@amadeus.com)
+
* Tue Feb 09 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.39-1
- Bug 1304150 - Can't upgrade atomic-openshift to specified version
(bleanhar@redhat.com)
diff --git a/playbooks/adhoc/bootstrap-fedora.yml b/playbooks/adhoc/bootstrap-fedora.yml
index 0df77e309..471c41f16 100644
--- a/playbooks/adhoc/bootstrap-fedora.yml
+++ b/playbooks/adhoc/bootstrap-fedora.yml
@@ -1,5 +1,4 @@
- hosts: OSEv3
- gather_facts: false
tasks:
- name: install python and deps for ansible modules
raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python
diff --git a/playbooks/aws/openshift-cluster/terminate.yml b/playbooks/aws/openshift-cluster/terminate.yml
index c20f370bf..6dd5d8b62 100644
--- a/playbooks/aws/openshift-cluster/terminate.yml
+++ b/playbooks/aws/openshift-cluster/terminate.yml
@@ -18,7 +18,7 @@
hosts: oo_hosts_to_terminate
roles:
- role: rhel_unsubscribe
- when: deployment_type == "enterprise" and
+ when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml
index f564905ea..990ddd2f2 100644
--- a/playbooks/byo/rhel_subscribe.yml
+++ b/playbooks/byo/rhel_subscribe.yml
@@ -4,7 +4,7 @@
openshift_deployment_type: "{{ deployment_type }}"
roles:
- role: rhel_subscribe
- when: deployment_type == "enterprise" and
+ when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
index 55c36810f..049ac997c 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
@@ -74,6 +74,11 @@
- set_fact:
g_new_version: "{{ g_aos_versions.curr_version.split('-', 1).0 if g_aos_versions.avail_version is none else g_aos_versions.avail_version.split('-', 1).0 }}"
+ when: openshift_pkg_version is not defined
+
+ - set_fact:
+ g_new_version: "{{ openshift_pkg_version | replace('-','') }}"
+ when: openshift_pkg_version is defined
- fail:
msg: This playbook requires Origin 1.0.6 or later
@@ -258,7 +263,7 @@
openshift_master_certs_no_etcd:
- admin.crt
- master.kubelet-client.crt
- - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
+ - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}"
- master.server.crt
- openshift-master.crt
- openshift-registry.crt
@@ -496,6 +501,7 @@
{{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
policy reconcile-cluster-role-bindings
--exclude-groups=system:authenticated
+ --exclude-groups=system:authenticated:oauth
--exclude-groups=system:unauthenticated
--exclude-users=system:anonymous
--additive-only=true --confirm
@@ -567,46 +573,55 @@
- role: openshift_examples
openshift_examples_import_command: replace
pre_tasks:
- - name: Check for default router
+ - name: Collect all routers
command: >
- {{ oc_cmd }} get -n default dc/router
- register: _default_router
+ {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json
+ register: all_routers
failed_when: false
changed_when: false
+ - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}"
+ when: all_routers.rc == 0
+
+ - set_fact: haproxy_routers=[]
+ when: all_routers.rc != 0
+
- name: Check for allowHostNetwork and allowHostPorts
- when: _default_router.rc == 0
+ when: all_routers.rc == 0
shell: >
{{ oc_cmd }} get -o yaml scc/privileged | /usr/bin/grep -e allowHostPorts -e allowHostNetwork
register: _scc
- name: Grant allowHostNetwork and allowHostPorts
when:
- - _default_router.rc == 0
+ - all_routers.rc == 0
- "'false' in _scc.stdout"
command: >
{{ oc_cmd }} patch scc/privileged -p
'{"allowHostPorts":true,"allowHostNetwork":true}' --api-version=v1
- name: Update deployment config to 1.0.4/3.0.1 spec
- when: _default_router.rc == 0
+ when: all_routers.rc == 0
command: >
- {{ oc_cmd }} patch dc/router -p
+ {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p
'{"spec":{"strategy":{"rollingParams":{"updatePercent":-10},"spec":{"serviceAccount":"router","serviceAccountName":"router"}}}}'
--api-version=v1
+ with_items: haproxy_routers
- name: Switch to hostNetwork=true
- when: _default_router.rc == 0
+ when: all_routers.rc == 0
command: >
- {{ oc_cmd }} patch dc/router -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}'
+ {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}'
--api-version=v1
+ with_items: haproxy_routers
- name: Update router image to current version
- when: _default_router.rc == 0
+ when: all_routers.rc == 0
command: >
- {{ oc_cmd }} patch dc/router -p
+ {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p
'{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}'
--api-version=v1
+ with_items: haproxy_routers
- name: Check for default registry
command: >
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml
index d8336fcae..d7a2ac405 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml
@@ -20,13 +20,27 @@
- role: openshift_examples
openshift_examples_import_command: replace
pre_tasks:
- - name: Check for default router
+ - name: Collect all routers
command: >
- {{ oc_cmd }} get -n default dc/router
- register: _default_router
+ {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json
+ register: all_routers
failed_when: false
changed_when: false
+ - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}"
+ when: all_routers.rc == 0
+
+ - set_fact: haproxy_routers=[]
+ when: all_routers.rc != 0
+
+ - name: Update router image to current version
+ when: all_routers.rc == 0
+ command: >
+ {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p
+ '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}'
+ --api-version=v1
+ with_items: haproxy_routers
+
- name: Check for default registry
command: >
{{ oc_cmd }} get -n default dc/docker-registry
@@ -34,13 +48,6 @@
failed_when: false
changed_when: false
- - name: Update router image to current version
- when: _default_router.rc == 0
- command: >
- {{ oc_cmd }} patch dc/router -p
- '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}'
- --api-version=v1
-
- name: Update registry image to current version
when: _default_registry.rc == 0
command: >
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml
index 91780de09..12b9c84d3 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml
@@ -41,7 +41,7 @@
g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}"
- name: Determine available versions
- script: ../files/versions.sh {{ g_new_service_name }} openshift
+ script: ../files/versions.sh {{ g_new_service_name }}
register: g_versions_result
- set_fact:
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
index 81dbba1e3..dbf746f12 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
@@ -109,6 +109,7 @@
{{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
policy reconcile-cluster-role-bindings
--exclude-groups=system:authenticated
+ --exclude-groups=system:authenticated:oauth
--exclude-groups=system:unauthenticated
--exclude-users=system:anonymous
--additive-only=true --confirm
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 3d646be64..77edbd1a6 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -18,6 +18,10 @@
- .config_managed
- set_fact:
+ openshift_master_pod_eviction_timeout: "{{ lookup('oo_option', 'openshift_master_pod_eviction_timeout') | default(none, true) }}"
+ when: openshift_master_pod_eviction_timeout is not defined
+
+ - set_fact:
openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}"
openshift_master_etcd_hosts: "{{ hostvars
| oo_select_keys(groups['oo_etcd_to_config']
@@ -146,7 +150,7 @@
openshift_master_certs_no_etcd:
- admin.crt
- master.kubelet-client.crt
- - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
+ - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}"
- master.server.crt
- openshift-master.crt
- openshift-registry.crt
@@ -170,10 +174,10 @@
master_cert_subdir: master-{{ openshift.common.hostname }}
master_cert_config_dir: "{{ openshift.common.config_base }}/master"
- set_fact:
- openshift_infra_nodes: "{{ hostvars | oo_select_keys(groups['nodes'])
+ openshift_infra_nodes: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'])
| oo_nodes_with_label('region', 'infra')
| oo_collect('inventory_hostname') }}"
- when: openshift_infra_nodes is not defined
+ when: openshift_infra_nodes is not defined and groups.oo_nodes_to_config | default([]) | length > 0
- name: Configure master certificates
hosts: oo_first_master
@@ -348,8 +352,6 @@
roles:
- openshift_master
- role: nickhammond.logrotate
- - role: fluentd_master
- when: openshift.common.use_fluentd | bool
- role: nuage_master
when: openshift.common.use_nuage | bool
post_tasks:
@@ -360,6 +362,8 @@
- name: Additional master configuration
hosts: oo_first_master
vars:
+ cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}"
+ etcd_urls: "{{ openshift.master.etcd_urls }}"
openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}"
roles:
@@ -371,30 +375,16 @@
when: openshift.common.use_cluster_metrics | bool
- role: openshift_manageiq
when: openshift.common.use_manageiq | bool
-
-- name: Enable cockpit
- hosts: oo_first_master
- vars:
- cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}"
- roles:
- role: cockpit
when: not openshift.common.is_atomic and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and
(osm_use_cockpit | bool or osm_use_cockpit is undefined )
-
-- name: Configure flannel
- hosts: oo_first_master
- vars:
- etcd_urls: "{{ openshift.master.etcd_urls }}"
- roles:
- role: flannel_register
when: openshift.common.use_flannel | bool
+ - role: pods
+ when: openshift.common.deployment_type == 'online'
+ - role: os_env_extras
+ when: openshift.common.deployment_type == 'online'
-# Additional instance config for online deployments
-- name: Additional instance config
- hosts: oo_masters_deployment_type_online
- roles:
- - pods
- - os_env_extras
- name: Delete temporary directory on localhost
hosts: localhost
@@ -405,22 +395,25 @@
- file: name={{ g_master_mktemp.stdout }} state=absent
changed_when: False
-- name: Configure service accounts
- hosts: oo_first_master
- vars:
- accounts: ["router", "registry"]
- roles:
- - openshift_serviceaccounts
-
-- name: Create persistent volumes and services
+- name: Create persistent volumes and create hosted services
hosts: oo_first_master
vars:
+ attach_registry_volume: "{{ openshift.hosted.registry.storage.kind != None }}"
+ deploy_infra: "{{ openshift.master.infra_nodes | default([]) | length > 0 }}"
persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
roles:
- role: openshift_persistent_volumes
when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0
+ - role: openshift_serviceaccounts
+ openshift_serviceaccounts_names:
+ - router
+ - registry
+ openshift_serviceaccounts_namespace: default
+ openshift_serviceaccounts_sccs:
+ - privileged
- role: openshift_router
- when: openshift.master.infra_nodes is defined
+ when: deploy_infra | bool
- role: openshift_registry
- when: openshift.master.infra_nodes is defined and openshift.hosted.registry.storage.kind != None
+ when: deploy_infra | bool and attach_registry_volume | bool
+
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index e07de0e99..56d30e9b9 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -176,6 +176,7 @@
- name: Evaluate node groups
hosts: localhost
become: no
+ connection: local
tasks:
- name: Evaluate oo_containerized_master_nodes
add_host:
@@ -216,8 +217,6 @@
- role: nuage_node
when: openshift.common.use_nuage | bool
- role: nickhammond.logrotate
- - role: fluentd_node
- when: openshift.common.use_fluentd | bool
tasks:
- name: Create group for deployment type
group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }}
diff --git a/playbooks/gce/openshift-cluster/terminate.yml b/playbooks/gce/openshift-cluster/terminate.yml
index 94b4ab14b..d835c53ba 100644
--- a/playbooks/gce/openshift-cluster/terminate.yml
+++ b/playbooks/gce/openshift-cluster/terminate.yml
@@ -20,7 +20,7 @@
- vars.yml
roles:
- role: rhel_unsubscribe
- when: deployment_type == "enterprise" and
+ when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
index ebe9f0ad9..b00352539 100644
--- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
+++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
@@ -94,6 +94,16 @@
- set_fact:
ips: "{{ scratch_ip.results | default([]) | oo_collect('stdout') }}"
+- set_fact:
+ node_label:
+ type: "{{ g_sub_host_type }}"
+ when: instances | length > 0 and type == "node"
+
+- set_fact:
+ node_label:
+ type: "{{ type }}"
+ when: instances | length > 0 and type != "node"
+
- name: Add new instances
add_host:
hostname: '{{ item.0 }}'
@@ -101,6 +111,7 @@
ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
groups: "tag_environment-{{ cluster_env }}, tag_host-type-{{ type }}, tag_sub-host-type-{{ g_sub_host_type }}, tag_clusterid-{{ cluster_id }}"
+ openshift_node_labels: "{{ node_label }}"
with_together:
- instances
- ips
diff --git a/playbooks/libvirt/openshift-cluster/templates/user-data b/playbooks/libvirt/openshift-cluster/templates/user-data
index e0c966e45..ead881f78 100644
--- a/playbooks/libvirt/openshift-cluster/templates/user-data
+++ b/playbooks/libvirt/openshift-cluster/templates/user-data
@@ -3,7 +3,6 @@ disable_root: true
hostname: {{ item[0] }}
fqdn: {{ item[0] }}.example.com
-manage_etc_hosts: true
users:
- default
diff --git a/playbooks/libvirt/openshift-cluster/terminate.yml b/playbooks/libvirt/openshift-cluster/terminate.yml
index 8d845c8f2..f4749c28d 100644
--- a/playbooks/libvirt/openshift-cluster/terminate.yml
+++ b/playbooks/libvirt/openshift-cluster/terminate.yml
@@ -23,7 +23,7 @@
- vars.yml
roles:
- role: rhel_unsubscribe
- when: deployment_type == "enterprise" and
+ when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml
index 2187cefed..e9b9cf540 100644
--- a/playbooks/openstack/openshift-cluster/launch.yml
+++ b/playbooks/openstack/openshift-cluster/launch.yml
@@ -75,6 +75,8 @@
ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
groups: 'tag_environment_{{ cluster_env }}, tag_host-type_etcd, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}'
+ openshift_node_labels:
+ type: "etcd"
with_together:
- parsed_outputs.etcd_names
- parsed_outputs.etcd_ips
@@ -87,6 +89,8 @@
ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
groups: 'tag_environment_{{ cluster_env }}, tag_host-type_master, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}'
+ openshift_node_labels:
+ type: "master"
with_together:
- parsed_outputs.master_names
- parsed_outputs.master_ips
@@ -99,6 +103,8 @@
ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_compute, tag_clusterid_{{ cluster_id }}'
+ openshift_node_labels:
+ type: "compute"
with_together:
- parsed_outputs.node_names
- parsed_outputs.node_ips
@@ -111,6 +117,8 @@
ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}"
groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_infra, tag_clusterid_{{ cluster_id }}'
+ openshift_node_labels:
+ type: "infra"
with_together:
- parsed_outputs.infra_names
- parsed_outputs.infra_ips
diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml
index 7a86b78c5..a1fb41b53 100644
--- a/playbooks/openstack/openshift-cluster/terminate.yml
+++ b/playbooks/openstack/openshift-cluster/terminate.yml
@@ -19,7 +19,7 @@
- vars.yml
roles:
- role: rhel_unsubscribe
- when: deployment_type == "enterprise" and
+ when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
diff --git a/roles/fluentd_master/meta/main.yml b/roles/fluentd_master/meta/main.yml
new file mode 100644
index 000000000..148bc377e
--- /dev/null
+++ b/roles/fluentd_master/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: OpenShift Red Hat
+ description: Fluentd Master
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.9
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - monitoring
+ dependencies:
+ - openshift_facts
diff --git a/roles/fluentd_master/tasks/main.yml b/roles/fluentd_master/tasks/main.yml
deleted file mode 100644
index 32f972f0a..000000000
--- a/roles/fluentd_master/tasks/main.yml
+++ /dev/null
@@ -1,57 +0,0 @@
----
-- fail:
- msg: "fluentd master is not yet supported on atomic hosts"
- when: openshift.common.is_atomic | bool
-
-# TODO: Update fluentd install and configuration when packaging is complete
-- name: download and install td-agent
- action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present"
- when: not openshift.common.is_atomic | bool
-
-- name: Verify fluentd plugin installed
- command: '/opt/td-agent/embedded/bin/gem query -i fluent-plugin-kubernetes'
- register: _fluent_plugin_check
- failed_when: false
- changed_when: false
-
-- name: install Kubernetes fluentd plugin
- command: '/opt/td-agent/embedded/bin/gem install fluent-plugin-kubernetes'
- when: _fluent_plugin_check.rc == 1
-
-- name: Creates directories
- file:
- path: "{{ item }}"
- state: directory
- group: 'td-agent'
- owner: 'td-agent'
- mode: 0755
- with_items: ['/etc/td-agent/config.d']
-
-- name: Add include to td-agent configuration
- lineinfile:
- dest: '/etc/td-agent/td-agent.conf'
- regexp: '^@include config.d'
- line: '@include config.d/*.conf'
- state: present
-
-- name: install Kubernetes fluentd configuration file
- template:
- src: kubernetes.conf.j2
- dest: /etc/td-agent/config.d/kubernetes.conf
- group: 'td-agent'
- owner: 'td-agent'
- mode: 0444
-
-- name: wait for etcd to start up
- wait_for: port=4001 delay=10
- when: embedded_etcd | bool
-
-- name: wait for etcd peer to start up
- wait_for: port=7001 delay=10
- when: embedded_etcd | bool
-
-- name: ensure td-agent is running
- service:
- name: 'td-agent'
- state: started
- enabled: yes
diff --git a/roles/fluentd_master/templates/kubernetes.conf.j2 b/roles/fluentd_master/templates/kubernetes.conf.j2
deleted file mode 100644
index 7b5c86062..000000000
--- a/roles/fluentd_master/templates/kubernetes.conf.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-<match kubernetes.**>
- type file
- path /var/log/td-agent/containers.log
- time_slice_format %Y%m%d
- time_slice_wait 10m
- time_format %Y%m%dT%H%M%S%z
- compress gzip
- utc
-</match>
diff --git a/roles/fluentd_node/tasks/main.yml b/roles/fluentd_node/tasks/main.yml
deleted file mode 100644
index 9fd908687..000000000
--- a/roles/fluentd_node/tasks/main.yml
+++ /dev/null
@@ -1,57 +0,0 @@
----
-- fail:
- msg: "fluentd node is not yet supported on atomic hosts"
- when: openshift.common.is_atomic | bool
-
-# TODO: Update fluentd install and configuration when packaging is complete
-- name: download and install td-agent
- action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present"
- when: not openshift.common.is_atomic | bool
-
-- name: Verify fluentd plugin installed
- command: '/opt/td-agent/embedded/bin/gem query -i fluent-plugin-kubernetes'
- register: _fluent_plugin_check
- failed_when: false
- changed_when: false
-
-- name: install Kubernetes fluentd plugin
- command: '/opt/td-agent/embedded/bin/gem install fluent-plugin-kubernetes'
- when: _fluent_plugin_check.rc == 1
-
-- name: Override td-agent configuration file
- template:
- src: td-agent.j2
- dest: /etc/sysconfig/td-agent
- group: 'td-agent'
- owner: 'td-agent'
- mode: 0444
-
-- name: Creates directories
- file:
- path: "{{ item }}"
- state: directory
- group: 'td-agent'
- owner: 'td-agent'
- mode: 0755
- with_items: ['/etc/td-agent/config.d', '/var/log/td-agent/tmp']
-
-- name: Add include to td-agent configuration
- lineinfile:
- dest: '/etc/td-agent/td-agent.conf'
- regexp: '^@include config.d'
- line: '@include config.d/*.conf'
- state: present
-
-- name: install Kubernetes fluentd configuration file
- template:
- src: kubernetes.conf.j2
- dest: /etc/td-agent/config.d/kubernetes.conf
- group: 'td-agent'
- owner: 'td-agent'
- mode: 0444
-
-- name: ensure td-agent is running
- service:
- name: 'td-agent'
- state: started
- enabled: yes
diff --git a/roles/fluentd_node/templates/kubernetes.conf.j2 b/roles/fluentd_node/templates/kubernetes.conf.j2
deleted file mode 100644
index 5f1eecb20..000000000
--- a/roles/fluentd_node/templates/kubernetes.conf.j2
+++ /dev/null
@@ -1,53 +0,0 @@
-<source>
- type tail
- path /var/lib/docker/containers/*/*-json.log
- pos_file /var/log/td-agent/tmp/fluentd-docker.pos
- time_format %Y-%m-%dT%H:%M:%S
- tag docker.*
- format json
- read_from_head true
-</source>
-
-<match docker.var.lib.docker.containers.*.*.log>
- type kubernetes
- container_id ${tag_parts[5]}
- tag docker.${name}
-</match>
-
-<match kubernetes>
- type copy
-
- <store>
- type forward
- send_timeout 60s
- recover_wait 10s
- heartbeat_interval 1s
- phi_threshold 16
- hard_timeout 60s
- log_level trace
- require_ack_response true
- heartbeat_type tcp
-
- <server>
- name {{groups['oo_first_master'][0]}}
- host {{hostvars[groups['oo_first_master'][0]].openshift.common.hostname}}
- port 24224
- weight 60
- </server>
-
- <secondary>
- type file
- path /var/log/td-agent/forward-failed
- </secondary>
- </store>
-
- <store>
- type file
- path /var/log/td-agent/containers.log
- time_slice_format %Y%m%d
- time_slice_wait 10m
- time_format %Y%m%dT%H%M%S%z
- compress gzip
- utc
- </store>
-</match>
diff --git a/roles/fluentd_node/templates/td-agent.j2 b/roles/fluentd_node/templates/td-agent.j2
deleted file mode 100644
index 7245e11ec..000000000
--- a/roles/fluentd_node/templates/td-agent.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-DAEMON_ARGS=
-TD_AGENT_ARGS="/usr/sbin/td-agent --log /var/log/td-agent/td-agent.log --use-v1-config"
diff --git a/roles/lib_dyn/library/dyn_record.py b/roles/lib_dyn/library/dyn_record.py
index 5e088a674..f2796ccf2 100644
--- a/roles/lib_dyn/library/dyn_record.py
+++ b/roles/lib_dyn/library/dyn_record.py
@@ -224,11 +224,13 @@ def main():
# First get a list of existing records for the node
values = get_record_values(dyn_node_records)
value_key = get_record_key(module.params['record_type'])
+ param_value = module.params['record_value']
# Check to see if the record is already in place before doing anything.
if (dyn_node_records and
dyn_node_records[value_key][0].ttl == module.params['record_ttl'] and
- module.params['record_value'] in values[value_key]):
+ (param_value in values[value_key] or
+ param_value + '.' in values[value_key])):
module.exit_json(changed=False)
diff --git a/roles/lib_dyn/tasks/main.yml b/roles/lib_dyn/tasks/main.yml
index 9b3b1b0b9..965962928 100644
--- a/roles/lib_dyn/tasks/main.yml
+++ b/roles/lib_dyn/tasks/main.yml
@@ -3,3 +3,5 @@
- name: Make sure python-dyn is installed
yum: name=python-dyn state=present
+ tags:
+ - lib_dyn
diff --git a/roles/lib_zabbix/library/zbx_action.py b/roles/lib_zabbix/library/zbx_action.py
index 2f9524556..e7edcde2f 100644
--- a/roles/lib_zabbix/library/zbx_action.py
+++ b/roles/lib_zabbix/library/zbx_action.py
@@ -120,8 +120,8 @@ def opmessage_usr_diff(zab_val, user_val):
''' Report whether there are differences between opmessage_usr
on zabbix and opmessage_usr supplied by user '''
- zab_usr_ids = set([usr['usrid'] for usr in zab_val])
- usr_ids = set([usr['usrid'] for usr in user_val])
+ zab_usr_ids = set([usr['userid'] for usr in zab_val])
+ usr_ids = set([usr['userid'] for usr in user_val])
if usr_ids != zab_usr_ids:
return True
@@ -228,12 +228,12 @@ def get_user_groups(zapi, groups):
'''get the mediatype id from the mediatype name'''
user_groups = []
- content = zapi.get_content('usergroup',
- 'get',
- {'search': {'name': groups}})
-
- for usr_grp in content['result']:
- user_groups.append({'usrgrpid': usr_grp['usrgrpid']})
+ for group in groups:
+ content = zapi.get_content('usergroup',
+ 'get',
+ {'search': {'name': group}})
+ for result in content['result']:
+ user_groups.append({'usrgrpid': result['usrgrpid']})
return user_groups
diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml
index 635d8a419..5d133cf16 100644
--- a/roles/nuage_master/handlers/main.yaml
+++ b/roles/nuage_master/handlers/main.yaml
@@ -1,7 +1,7 @@
---
-- name: restart nuagekubemon
+- name: restart nuage-openshift-monitor
sudo: true
- service: name=nuagekubemon state=restarted
+ service: name=nuage-openshift-monitor state=restarted
- name: restart master
service: name={{ openshift.common.service_type }}-master state=restarted
diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml
index a7baadc76..20d105b9e 100644
--- a/roles/nuage_master/tasks/main.yaml
+++ b/roles/nuage_master/tasks/main.yaml
@@ -1,15 +1,15 @@
---
-- name: Create directory /usr/share/nuagekubemon
+- name: Create directory /usr/share/nuage-openshift-monitor
sudo: true
- file: path=/usr/share/nuagekubemon state=directory
+ file: path=/usr/share/nuage-openshift-monitor state=directory
- name: Create the log directory
sudo: true
- file: path={{ nuagekubemon_log_dir }} state=directory
+ file: path={{ nuage_openshift_monitor_log_dir }} state=directory
-- name: Install Nuage Kubemon
+- name: Install Nuage Openshift Monitor
sudo: true
- yum: name={{ nuage_kubemon_rpm }} state=present
+ yum: name={{ nuage_openshift_rpm }} state=present
- name: Run the service account creation script
sudo: true
@@ -24,11 +24,11 @@
- nuage.key
- nuage.kubeconfig
-- name: Create nuagekubemon.yaml
+- name: Create nuage-openshift-monitor.yaml
sudo: true
- template: src=nuagekubemon.j2 dest=/usr/share/nuagekubemon/nuagekubemon.yaml owner=root mode=0644
+ template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644
notify:
- restart master
- restart master api
- restart master controllers
- - restart nuagekubemon
+ - restart nuage-openshift-monitor
diff --git a/roles/nuage_master/templates/nuagekubemon.j2 b/roles/nuage_master/templates/nuage-openshift-monitor.j2
index fb586bcee..db8c3d85e 100644
--- a/roles/nuage_master/templates/nuagekubemon.j2
+++ b/roles/nuage_master/templates/nuage-openshift-monitor.j2
@@ -3,7 +3,7 @@ kubeConfig: {{ kube_config }}
# name of the nuage service account, or another account with 'cluster-reader'
# permissions
# Openshift master config file
-openshiftMasterConfig: {{ master_config_yaml }}
+masterConfig: {{ master_config_yaml }}
# URL of the VSD Architect
vsdApiUrl: {{ vsd_api_url }}
# API version to query against. Usually "v3_2"
@@ -16,4 +16,4 @@ enterpriseName: {{ enterprise }}
# Name of the domain in which pods will reside
domainName: {{ domain }}
# Location where logs should be saved
-log_dir: {{ nuagekubemon_log_dir }}
+log_dir: {{ nuage_openshift_monitor_log_dir }}
diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml
index db901fea6..c489feabe 100644
--- a/roles/nuage_master/vars/main.yaml
+++ b/roles/nuage_master/vars/main.yaml
@@ -1,7 +1,7 @@
openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig"
-cert_output_dir: /usr/share/nuagekubemon
-kube_config: /usr/share/nuagekubemon/nuage.kubeconfig
-kubemon_yaml: /usr/share/nuagekubemon/nuagekubemon.yaml
+cert_output_dir: /usr/share/nuage-openshift-monitor
+kube_config: /usr/share/nuage-openshift-monitor/nuage.kubeconfig
+kubemon_yaml: /usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml
master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml"
diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml
index e0117bf71..c1e49902d 100644
--- a/roles/nuage_node/tasks/main.yaml
+++ b/roles/nuage_node/tasks/main.yaml
@@ -22,16 +22,16 @@
- name: Copy the certificates and keys
sudo: true
- copy: src="/tmp/{{ item }}" dest="{{ vsp_k8s_dir }}/{{ item }}"
+ copy: src="/tmp/{{ item }}" dest="{{ vsp_openshift_dir }}/{{ item }}"
with_items:
- ca.crt
- nuage.crt
- nuage.key
- nuage.kubeconfig
-- name: Set the vsp-k8s.yaml
+- name: Set the vsp-openshift.yaml
sudo: true
- template: src=vsp-k8s.j2 dest={{ vsp_k8s_yaml }} owner=root mode=0644
+ template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644
notify:
- restart vrs
- restart node
diff --git a/roles/nuage_node/templates/vsp-k8s.j2 b/roles/nuage_node/templates/vsp-openshift.j2
index 98d6c3a9c..98d6c3a9c 100644
--- a/roles/nuage_node/templates/vsp-k8s.j2
+++ b/roles/nuage_node/templates/vsp-openshift.j2
diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml
index a6b7cf997..4975d17ed 100644
--- a/roles/nuage_node/vars/main.yaml
+++ b/roles/nuage_node/vars/main.yaml
@@ -1,9 +1,9 @@
---
vrs_config: /etc/default/openvswitch
-vsp_k8s_dir: /usr/share/vsp-k8s
-vsp_k8s_yaml: "{{ vsp_k8s_dir }}/vsp-k8s.yaml"
-client_cert: "{{ vsp_k8s_dir }}/nuage.crt"
-client_key: "{{ vsp_k8s_dir }}/nuage.key"
-ca_cert: "{{ vsp_k8s_dir }}/ca.crt"
+vsp_openshift_dir: /usr/share/vsp-openshift
+vsp_openshift_yaml: "{{ vsp_openshift_dir }}/vsp-openshift.yaml"
+client_cert: "{{ vsp_openshift_dir }}/nuage.crt"
+client_key: "{{ vsp_openshift_dir }}/nuage.key"
+ca_cert: "{{ vsp_openshift_dir }}/ca.crt"
api_server: "{{ openshift_node_master_api_url }}"
docker_bridge: "docker0"
diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml
index 98b0b11ea..a2fcff507 100644
--- a/roles/openshift_common/tasks/main.yml
+++ b/roles/openshift_common/tasks/main.yml
@@ -8,7 +8,7 @@
when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_nuage | default(false) | bool
- fail:
- msg: Nuage sdn can not be used with flannel
+ msg: Nuage sdn can not be used with flannel
when: openshift_use_flannel | default(false) | bool and openshift_use_nuage | default(false) | bool
- fail:
@@ -29,7 +29,6 @@
use_openshift_sdn: "{{ openshift_use_openshift_sdn | default(None) }}"
sdn_network_plugin_name: "{{ os_sdn_network_plugin_name | default(None) }}"
deployment_type: "{{ openshift_deployment_type }}"
- use_fluentd: "{{ openshift_use_fluentd | default(None) }}"
use_flannel: "{{ openshift_use_flannel | default(None) }}"
use_nuage: "{{ openshift_use_nuage | default(None) }}"
use_manageiq: "{{ openshift_use_manageiq | default(None) }}"
@@ -49,7 +48,7 @@
# For enterprise versions < 3.1 and origin versions < 1.1 we want to set the
# hostname by default.
- set_fact:
- set_hostname_default: "{{ not openshift.common.version_greater_than_3_1_or_1_1 }}"
+ set_hostname_default: "{{ not openshift.common.version_gte_3_1_or_1_1 }}"
- name: Set hostname
command: >
diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml
index 6b9964aec..5e955590e 100644
--- a/roles/openshift_examples/defaults/main.yml
+++ b/roles/openshift_examples/defaults/main.yml
@@ -6,7 +6,7 @@ openshift_examples_load_db_templates: true
openshift_examples_load_xpaas: "{{ openshift_deployment_type != 'origin' }}"
openshift_examples_load_quickstarts: true
-content_version: "{{ 'v1.1' if openshift.common.version_greater_than_3_1_or_1_1 else 'v1.0' }}"
+content_version: "{{ 'v1.1' if openshift.common.version_gte_3_1_or_1_1 else 'v1.0' }}"
examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized else '/usr/share/openshift' }}/examples"
image_streams_base: "{{ examples_base }}/image-streams"
diff --git a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/metrics-deployer.yaml
index ddd9f2f75..be999bd1a 100644
--- a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/metrics-deployer.yaml
+++ b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/metrics-deployer.yaml
@@ -85,7 +85,7 @@ parameters:
-
description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:v1.1", set version "v1.1"'
name: IMAGE_VERSION
- value: "3.1.0"
+ value: "3.1.1"
-
description: "Internal URL for the master, for authentication retrieval"
name: MASTER_URL
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index d11af307b..25b9534dd 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -304,23 +304,6 @@ def normalize_provider_facts(provider, metadata):
facts = normalize_openstack_facts(metadata, facts)
return facts
-def set_fluentd_facts_if_unset(facts):
- """ Set fluentd facts if not already present in facts dict
- dict: the facts dict updated with the generated fluentd facts if
- missing
- Args:
- facts (dict): existing facts
- Returns:
- dict: the facts dict updated with the generated fluentd
- facts if they were not already present
-
- """
- if 'common' in facts:
- if 'use_fluentd' not in facts['common']:
- use_fluentd = False
- facts['common']['use_fluentd'] = use_fluentd
- return facts
-
def set_flannel_facts_if_unset(facts):
""" Set flannel facts if not already present in facts dict
dict: the facts dict updated with the flannel facts if
@@ -525,10 +508,11 @@ def set_url_facts_if_unset(facts):
ports[prefix]))
- r_lhn = "{0}:{1}".format(api_hostname, ports['api']).replace('.', '-')
+ r_lhn = "{0}:{1}".format(hostname, ports['api']).replace('.', '-')
+ r_lhu = "system:openshift-master/{0}:{1}".format(api_hostname, ports['api']).replace('.', '-')
facts['master'].setdefault('loopback_cluster_name', r_lhn)
facts['master'].setdefault('loopback_context_name', "default/{0}/system:openshift-master".format(r_lhn))
- facts['master'].setdefault('loopback_user', "system:openshift-master/{0}".format(r_lhn))
+ facts['master'].setdefault('loopback_user', r_lhu)
prefix_hosts = [('console', api_hostname), ('public_console', api_public_hostname)]
for prefix, host in prefix_hosts:
@@ -711,8 +695,8 @@ def set_deployment_facts_if_unset(facts):
if 'node' in facts:
deployment_type = facts['common']['deployment_type']
if 'storage_plugin_deps' not in facts['node']:
- if deployment_type in ['openshift-enterprise', 'atomic-enterprise']:
- facts['node']['storage_plugin_deps'] = ['ceph', 'glusterfs']
+ if deployment_type in ['openshift-enterprise', 'atomic-enterprise', 'origin']:
+ facts['node']['storage_plugin_deps'] = ['ceph', 'glusterfs', 'iscsi']
else:
facts['node']['storage_plugin_deps'] = []
@@ -720,7 +704,7 @@ def set_deployment_facts_if_unset(facts):
def set_version_facts_if_unset(facts):
""" Set version facts. This currently includes common.version and
- common.version_greater_than_3_1_or_1_1.
+ common.version_gte_3_1_or_1_1.
Args:
facts (dict): existing facts
@@ -732,16 +716,20 @@ def set_version_facts_if_unset(facts):
facts['common']['version'] = version = get_openshift_version()
if version is not None:
if deployment_type == 'origin':
- version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('1.0.6')
- version_gt_3_1_1_or_1_1_1 = LooseVersion(version) > LooseVersion('1.1.1')
+ version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('1.1.0')
+ version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('1.1.1')
+ version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('1.1.2')
else:
- version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('3.0.2.900')
- version_gt_3_1_1_or_1_1_1 = LooseVersion(version) > LooseVersion('3.1.1')
+ version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('3.0.2.905')
+ version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('3.1.1')
+ version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('3.1.1.901')
else:
- version_gt_3_1_or_1_1 = True
- version_gt_3_1_1_or_1_1_1 = True
- facts['common']['version_greater_than_3_1_or_1_1'] = version_gt_3_1_or_1_1
- facts['common']['version_greater_than_3_1_1_or_1_1_1'] = version_gt_3_1_1_or_1_1_1
+ version_gte_3_1_or_1_1 = True
+ version_gte_3_1_1_or_1_1_1 = True
+ version_gte_3_2_or_1_2 = True
+ facts['common']['version_gte_3_1_or_1_1'] = version_gte_3_1_or_1_1
+ facts['common']['version_gte_3_1_1_or_1_1_1'] = version_gte_3_1_1_or_1_1_1
+ facts['common']['version_gte_3_2_or_1_2'] = version_gte_3_2_or_1_2
return facts
@@ -756,12 +744,12 @@ def set_manageiq_facts_if_unset(facts):
OpenShiftFactsInternalError:
"""
if 'common' not in facts:
- if 'version_greater_than_3_1_or_1_1' not in facts['common']:
+ if 'version_gte_3_1_or_1_1' not in facts['common']:
raise OpenShiftFactsInternalError(
"Invalid invocation: The required facts are not set"
)
if 'use_manageiq' not in facts['common']:
- facts['common']['use_manageiq'] = facts['common']['version_greater_than_3_1_or_1_1']
+ facts['common']['use_manageiq'] = facts['common']['version_gte_3_1_or_1_1']
return facts
@@ -1167,7 +1155,6 @@ class OpenShiftFacts(object):
facts['current_config'] = get_current_config(facts)
facts = set_url_facts_if_unset(facts)
facts = set_project_cfg_facts_if_unset(facts)
- facts = set_fluentd_facts_if_unset(facts)
facts = set_flannel_facts_if_unset(facts)
facts = set_nuage_facts_if_unset(facts)
facts = set_node_schedulability(facts)
diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
index 0357fc85a..d2ff1b4b7 100644
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -1,7 +1,7 @@
---
- fail:
msg: "The openshift_manageiq role requires OpenShift Enterprise 3.1 or Origin 1.1."
- when: not openshift.common.version_greater_than_3_1_or_1_1 | bool
+ when: not openshift.common.version_gte_3_1_or_1_1 | bool
- name: Copy Configuration to temporary conf
command: >
@@ -9,7 +9,7 @@
changed_when: false
- name: Add Managment Infrastructure project
- command: >
+ command: >
{{ openshift.common.admin_binary }} new-project
management-infra
--description="Management Infrastructure"
@@ -20,9 +20,9 @@
- name: Create Service Account
shell: >
- echo {{ manageiq_service_account | to_json | quote }} |
- {{ openshift.common.client_binary }} create
- -n management-infra
+ echo {{ manageiq_service_account | to_json | quote }} |
+ {{ openshift.common.client_binary }} create
+ -n management-infra
--config={{manage_iq_tmp_conf}}
-f -
register: osmiq_create_service_account
@@ -32,7 +32,7 @@
- name: Create Cluster Role
shell: >
echo {{ manageiq_cluster_role | to_json | quote }} |
- {{ openshift.common.client_binary }} create
+ {{ openshift.common.client_binary }} create
--config={{manage_iq_tmp_conf}}
-f -
register: osmiq_create_cluster_role
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 83f6f7542..4aede31f6 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -15,7 +15,7 @@
when: openshift_master_ha | bool and ((openshift_master_cluster_method is not defined) or (openshift_master_cluster_method is defined and openshift_master_cluster_method not in ["native", "pacemaker"]))
- fail:
msg: "'native' high availability is not supported for the requested OpenShift version"
- when: openshift_master_ha | bool and openshift_master_cluster_method == "native" and not openshift.common.version_greater_than_3_1_or_1_1 | bool
+ when: openshift_master_ha | bool and openshift_master_cluster_method == "native" and not openshift.common.version_gte_3_1_or_1_1 | bool
- fail:
msg: "openshift_master_cluster_password must be set for multi-master installations"
when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password)
@@ -240,36 +240,8 @@
- restart master api
- restart master controllers
-- name: Test local loopback context
- command: >
- {{ openshift.common.client_binary }} config view
- --config={{ openshift_master_loopback_config }}
- changed_when: false
- register: loopback_config
-
-- command: >
- {{ openshift.common.client_binary }} config set-cluster
- --certificate-authority={{ openshift_master_config_dir }}/ca.crt
- --embed-certs=true --server={{ openshift.master.loopback_api_url }}
- {{ openshift.master.loopback_cluster_name }}
- --config={{ openshift_master_loopback_config }}
- when: loopback_context_string not in loopback_config.stdout
- register: set_loopback_cluster
-
-- command: >
- {{ openshift.common.client_binary }} config set-context
- --cluster={{ openshift.master.loopback_cluster_name }}
- --namespace=default --user={{ openshift.master.loopback_user }}
- {{ openshift.master.loopback_context_name }}
- --config={{ openshift_master_loopback_config }}
- when: set_loopback_cluster | changed
- register: set_loopback_context
-
-- command: >
- {{ openshift.common.client_binary }} config use-context {{ openshift.master.loopback_context_name }}
- --config={{ openshift_master_loopback_config }}
- when: set_loopback_context | changed
- register: set_current_context
+- include: set_loopback_context.yml
+ when: openshift.common.version_gte_3_2_or_1_2
- name: Start and enable master
service: name={{ openshift.common.service_type }}-master enabled=yes state=started
@@ -287,7 +259,7 @@
- name: Mask master service
command: systemctl mask {{ openshift.common.service_type }}-master
- when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and not openshift.common.is_atomic | bool
- name: Start and enable master api
service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started
diff --git a/roles/openshift_master/tasks/set_loopback_context.yml b/roles/openshift_master/tasks/set_loopback_context.yml
new file mode 100644
index 000000000..9c3fb31dc
--- /dev/null
+++ b/roles/openshift_master/tasks/set_loopback_context.yml
@@ -0,0 +1,31 @@
+---
+- name: Test local loopback context
+ command: >
+ {{ openshift.common.client_binary }} config view
+ --config={{ openshift_master_loopback_config }}
+ changed_when: false
+ register: loopback_config
+
+- command: >
+ {{ openshift.common.client_binary }} config set-cluster
+ --certificate-authority={{ openshift_master_config_dir }}/ca.crt
+ --embed-certs=true --server={{ openshift.master.loopback_api_url }}
+ {{ openshift.master.loopback_cluster_name }}
+ --config={{ openshift_master_loopback_config }}
+ when: loopback_context_string not in loopback_config.stdout
+ register: set_loopback_cluster
+
+- command: >
+ {{ openshift.common.client_binary }} config set-context
+ --cluster={{ openshift.master.loopback_cluster_name }}
+ --namespace=default --user={{ openshift.master.loopback_user }}
+ {{ openshift.master.loopback_context_name }}
+ --config={{ openshift_master_loopback_config }}
+ when: set_loopback_cluster | changed
+ register: set_loopback_context
+
+- command: >
+ {{ openshift.common.client_binary }} config use-context {{ openshift.master.loopback_context_name }}
+ --config={{ openshift_master_loopback_config }}
+ when: set_loopback_context | changed
+ register: set_current_context
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 1eeab46fe..813a58d60 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -1,5 +1,5 @@
apiLevels:
-{% if not openshift.common.version_greater_than_3_1_or_1_1 | bool %}
+{% if not openshift.common.version_gte_3_1_or_1_1 | bool %}
- v1beta3
{% endif %}
- v1
@@ -91,7 +91,7 @@ kubeletClientInfo:
port: 10250
{% if openshift.master.embedded_kube | bool %}
kubernetesMasterConfig:
-{% if not openshift.common.version_greater_than_3_1_or_1_1 | bool %}
+{% if not openshift.common.version_gte_3_1_or_1_1 | bool %}
apiLevels:
- v1beta3
- v1
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2
index e6e97b24f..b393bb9ff 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2
@@ -7,7 +7,7 @@ Before={{ openshift.common.service_type }}-node.service
Requires=network.target
[Service]
-{% if openshift.common.version_greater_than_3_1_1_or_1_1_1 | bool %}
+{% if openshift.common.version_gte_3_1_1_or_1_1_1 | bool %}
Type=notify
{% else %}
Type=simple
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 36d953111..7c58e943a 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -39,7 +39,7 @@
state: hard
with_nested:
- masters_needing_certs
- - "{{ master_certificates | union(master_31_certificates) if openshift.common.version_greater_than_3_1_or_1_1 | bool else master_certificates }}"
+ - "{{ master_certificates | union(master_31_certificates) if openshift.common.version_gte_3_1_or_1_1 | bool else master_certificates }}"
- name: Create the master certificates if they do not already exist
command: >
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 9035248f9..acf2f74e3 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -17,7 +17,7 @@
# TODO: Replace this with a lookup or filter plugin.
dns_ip: "{{ openshift_dns_ip
| default(openshift_master_cluster_vip
- | default(None if openshift.common.version_greater_than_3_1_or_1_1 | bool else openshift_node_first_master_ip | default(None, true), true), true) }}"
+ | default(None if openshift.common.version_gte_3_1_or_1_1 | bool else openshift_node_first_master_ip | default(None, true), true), true) }}"
- role: node
local_facts:
annotations: "{{ openshift_node_annotations | default(none) }}"
@@ -33,6 +33,7 @@
set_node_ip: "{{ openshift_set_node_ip | default(None) }}"
node_image: "{{ osn_image | default(None) }}"
ovs_image: "{{ osn_ovs_image | default(None) }}"
+ proxy_mode: "{{ openshift_node_proxy_mode | default('iptables') }}"
# We have to add tuned-profiles in the same transaction otherwise we run into depsolving
# problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging.
diff --git a/roles/openshift_node/tasks/storage_plugins/iscsi.yml b/roles/openshift_node/tasks/storage_plugins/iscsi.yml
new file mode 100644
index 000000000..d6684b34a
--- /dev/null
+++ b/roles/openshift_node/tasks/storage_plugins/iscsi.yml
@@ -0,0 +1,4 @@
+---
+- name: Install iSCSI storage plugin dependencies
+ action: "{{ ansible_pkg_mgr }} name=iscsi-initiator-utils state=present"
+ when: not openshift.common.is_atomic | bool
diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml
index 39c7b9390..fe638718d 100644
--- a/roles/openshift_node/tasks/storage_plugins/main.yml
+++ b/roles/openshift_node/tasks/storage_plugins/main.yml
@@ -11,3 +11,7 @@
- name: Ceph storage plugin configuration
include: ceph.yml
when: "'ceph' in openshift.node.storage_plugin_deps"
+
+- name: iSCSI storage plugin configuration
+ include: iscsi.yml
+ when: "'iscsi' in openshift.node.storage_plugin_deps"
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index 44065f4bd..67975d372 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -35,3 +35,6 @@ servingInfo:
keyFile: server.key
volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes
{% include 'partials/kubeletArguments.j2' %}
+proxyArguments:
+ proxy-mode:
+ - {{ openshift.node.proxy_mode }}
diff --git a/roles/openshift_persistent_volumes/templates/persistent-volume-claim.yml.j2 b/roles/openshift_persistent_volumes/templates/persistent-volume-claim.yml.j2
index 58b3e1c67..d40417a9a 100644
--- a/roles/openshift_persistent_volumes/templates/persistent-volume-claim.yml.j2
+++ b/roles/openshift_persistent_volumes/templates/persistent-volume-claim.yml.j2
@@ -3,7 +3,8 @@ apiVersion: "v1"
kind: "List"
items:
{% for claim in persistent_volume_claims %}
-- kind: "PersistentVolumeClaim"
+- apiVersion: "v1"
+ kind: "PersistentVolumeClaim"
metadata:
name: "{{ claim.name }}"
spec:
diff --git a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2
index 5714b6b0d..877e88002 100644
--- a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2
+++ b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2
@@ -3,7 +3,8 @@ apiVersion: v1
kind: List
items:
{% for volume in persistent_volumes %}
-- kind: PersistentVolume
+- apiVersion: v1
+ kind: PersistentVolume
metadata:
name: "{{ volume.name }}"
spec:
diff --git a/roles/openshift_registry/README.md b/roles/openshift_registry/README.md
index 8e66c483b..247272668 100644
--- a/roles/openshift_registry/README.md
+++ b/roles/openshift_registry/README.md
@@ -17,12 +17,6 @@ From this role:
|--------------------|-------------------------------------------------------|---------------------|
| | | |
-From openshift_common:
-
-| Name | Default value | |
-|-----------------------|---------------|--------------------------------------|
-| openshift_debug_level | 2 | Global openshift debug log verbosity |
-
Dependencies
------------
diff --git a/roles/openshift_registry/meta/main.yml b/roles/openshift_registry/meta/main.yml
index 93b6797d1..b220a020e 100644
--- a/roles/openshift_registry/meta/main.yml
+++ b/roles/openshift_registry/meta/main.yml
@@ -4,10 +4,12 @@ galaxy_info:
description: OpenShift Embedded Docker Registry
company: Red Hat, Inc.
license: Apache License, Version 2.0
- min_ansible_version: 1.7
+ min_ansible_version: 1.9
platforms:
- name: EL
versions:
- 7
categories:
- cloud
+ dependencies:
+ - openshift_facts
diff --git a/roles/openshift_router/README.md b/roles/openshift_router/README.md
index 836efc443..d490e1038 100644
--- a/roles/openshift_router/README.md
+++ b/roles/openshift_router/README.md
@@ -16,11 +16,6 @@ From this role:
|--------------------|-------------------------------------------------------|---------------------|
| | | |
-From openshift_common:
-| Name | Default value | |
-|-----------------------|---------------|--------------------------------------|
-| openshift_debug_level | 2 | Global openshift debug log verbosity |
-
Dependencies
------------
diff --git a/roles/openshift_router/meta/main.yml b/roles/openshift_router/meta/main.yml
index 0471e5e14..c2b0777b5 100644
--- a/roles/openshift_router/meta/main.yml
+++ b/roles/openshift_router/meta/main.yml
@@ -4,10 +4,12 @@ galaxy_info:
description: OpenShift Embedded Router
company: Red Hat, Inc.
license: Apache License, Version 2.0
- min_ansible_version: 1.7
+ min_ansible_version: 1.9
platforms:
- name: EL
versions:
- 7
categories:
- cloud
+ dependencies:
+ - openshift_facts
diff --git a/roles/openshift_router/tasks/main.yml b/roles/openshift_router/tasks/main.yml
index 355cbf84b..40365d04d 100644
--- a/roles/openshift_router/tasks/main.yml
+++ b/roles/openshift_router/tasks/main.yml
@@ -3,6 +3,7 @@
command: >
{{ openshift.common.admin_binary }} router
--create --replicas={{ openshift.master.infra_nodes | length }}
+ --namespace=default
--service-account=router {{ ortr_selector }}
--credentials={{ openshift_master_config_dir }}/openshift-router.kubeconfig {{ ortr_images }}
register: ortr_results
diff --git a/roles/openshift_serviceaccounts/meta/main.yml b/roles/openshift_serviceaccounts/meta/main.yml
new file mode 100644
index 000000000..a2c9fee70
--- /dev/null
+++ b/roles/openshift_serviceaccounts/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: OpenShift Operations
+ description: OpenShift Service Accounts
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.9
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- { role: openshift_facts }
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
index 4c7faa6fe..5fe7d28f3 100644
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ b/roles/openshift_serviceaccounts/tasks/main.yml
@@ -1,36 +1,33 @@
-- name: tmp dir for openshift
- file:
- path: /tmp/openshift
- state: directory
- owner: root
- mode: 700
-
-- name: Create service account configs
- template:
- src: serviceaccount.j2
- dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
- with_items: accounts
-
-- name: Create {{ item }} service account
+- name: test if service accounts exists
command: >
- {{ openshift.common.client_binary }} create -f "/tmp/openshift/{{ item }}-serviceaccount.yaml"
- with_items: accounts
- register: _sa_result
- failed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc != 0"
- changed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc == 0"
+ {{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }}
+ with_items: openshift_serviceaccounts_names
+ failed_when: false
+ changed_when: false
+ register: account_test
-- name: Get current security context constraints
+- name: create the service account
shell: >
- {{ openshift.common.client_binary }} get scc privileged -o yaml
- --output-version=v1 > /tmp/openshift/scc.yaml
- changed_when: false
+ echo {{ lookup('template', '../templates/serviceaccount.j2')
+ | from_yaml | to_json | quote }} | {{ openshift.common.client_binary }} create -f -
+ when: item.1.rc != 0
+ with_together:
+ - openshift_serviceaccounts_names
+ - account_test.results
-- name: Add security context constraint for {{ item }}
- lineinfile:
- dest: /tmp/openshift/scc.yaml
- line: "- system:serviceaccount:default:{{ item }}"
- insertafter: "^users:$"
- with_items: accounts
+- name: test if scc needs to be updated
+ command: >
+ {{ openshift.common.client_binary }} get scc {{ item }} -o yaml
+ changed_when: false
+ failed_when: false
+ register: scc_test
+ with_items: openshift_serviceaccounts_sccs
-- name: Apply new scc rules for service accounts
- command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
+- name: Grant the user access to the privileged scc
+ command: >
+ {{ openshift.common.admin_binary }} policy add-scc-to-user
+ privileged system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}
+ when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
+ with_nested:
+ - openshift_serviceaccounts_names
+ - scc_test.results
diff --git a/roles/openshift_serviceaccounts/templates/serviceaccount.j2 b/roles/openshift_serviceaccounts/templates/serviceaccount.j2
index 931e249f9..c5f12421f 100644
--- a/roles/openshift_serviceaccounts/templates/serviceaccount.j2
+++ b/roles/openshift_serviceaccounts/templates/serviceaccount.j2
@@ -1,4 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
- name: {{ item }}
+ name: {{ item.0 }}
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index 5cf4bf7af..3b584f8eb 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -1,12 +1,4 @@
---
-- name: Install iptables packages
- action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
- with_items:
- - iptables
- - iptables-services
- register: install_result
- when: not openshift.common.is_atomic | bool
-
- name: Check if firewalld is installed
command: rpm -q firewalld
register: pkg_check
@@ -20,6 +12,22 @@
enabled: no
when: pkg_check.rc == 0
+# TODO: submit PR upstream to add mask/unmask to service module
+- name: Mask firewalld service
+ command: systemctl mask firewalld
+ register: result
+ changed_when: "'firewalld' in result.stdout"
+ when: pkg_check.rc == 0
+ ignore_errors: yes
+
+- name: Install iptables packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items:
+ - iptables
+ - iptables-services
+ register: install_result
+ when: not openshift.common.is_atomic | bool
+
- name: Reload systemd units
command: systemctl daemon-reload
when: install_result | changed
@@ -35,14 +43,6 @@
pause: seconds=10
when: result | changed
-# TODO: submit PR upstream to add mask/unmask to service module
-- name: Mask firewalld service
- command: systemctl mask firewalld
- register: result
- changed_when: "'firewalld' in result.stdout"
- when: pkg_check.rc == 0
- ignore_errors: yes
-
- name: Add iptables allow rules
os_firewall_manage_iptables:
name: "{{ item.service }}"
diff --git a/roles/os_zabbix/vars/template_openshift_master.yml b/roles/os_zabbix/vars/template_openshift_master.yml
index ccbf6a6ec..1824d7881 100644
--- a/roles/os_zabbix/vars/template_openshift_master.yml
+++ b/roles/os_zabbix/vars/template_openshift_master.yml
@@ -7,8 +7,8 @@ g_template_openshift_master:
- Openshift Master
key: openshift.master.app.create
- - key: openshift.master.registry.healthz
- description: "Shows the health status of the cluster's docker registry"
+ - key: openshift.master.registry.healthy_pct
+ description: "Shows the percentage of healthy registries in the cluster"
type: int
applications:
- Openshift Master
@@ -201,6 +201,18 @@ g_template_openshift_master:
applications:
- Openshift Master Metrics
+ - key: openshift.master.nodesnotready.count
+ description: "This check shows how many nodes in a cluster are in NotReady state."
+ type: int
+ applications:
+ - Openshift Master
+
+ - key: openshift.master.nodesnotschedulable.count
+ description: "This check shows how many nodes in a cluster are not schedulable."
+ type: int
+ applications:
+ - Openshift Master
+
- key: openshift.master.apiserver.latency.summary.pods.quantile.list.5
description: "Value from https://master/metrics. This is the time, in miliseconds, that 50% of the pod operations have taken to completed."
type: int
@@ -333,9 +345,16 @@ g_template_openshift_master:
- 'Openshift Master process not running on {HOST.NAME}'
priority: avg
- - name: 'Docker Registry check failed on {HOST.NAME}'
- expression: '{Template Openshift Master:openshift.master.registry.healthz.max(#2)}<1'
- url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_master.asciidoc'
+ - name: 'One or more Docker Registries is unhealthy according to {HOST.NAME}'
+ expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<100 and {Template Openshift Master:openshift.master.registry.healthy_pct.max(#2)}>50'
+ url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc'
+ dependencies:
+ - 'Openshift Master process not running on {HOST.NAME}'
+ priority: avg
+
+ - name: 'Multiple Docker Registries are unhealthy according to {HOST.NAME}'
+ expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<51'
+ url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc'
dependencies:
- 'Openshift Master process not running on {HOST.NAME}'
priority: high
@@ -354,6 +373,13 @@ g_template_openshift_master:
- 'Openshift Master API health check is failing on {HOST.NAME}'
priority: high
+ - name: 'Hosts not ready according to {HOST.NAME}'
+ expression: '{Template Openshift Master:openshift.master.nodesnotready.count.last(#2)}>0'
+ url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_node.asciidoc'
+ dependencies:
+ - 'Openshift Master process not running on {HOST.NAME}'
+ priority: high
+
zgraphs:
- name: Openshift Master API Server Latency Pods LIST Quantiles
width: 900
diff --git a/roles/os_zabbix/vars/template_openshift_node.yml b/roles/os_zabbix/vars/template_openshift_node.yml
index ff65ef158..b0488656d 100644
--- a/roles/os_zabbix/vars/template_openshift_node.yml
+++ b/roles/os_zabbix/vars/template_openshift_node.yml
@@ -37,8 +37,8 @@ g_template_openshift_node:
url: 'https://github.com/openshift/ops-sop/blob/node/V3/Alerts/openshift_node.asciidoc'
priority: high
- - name: 'OVS may not be running on {HOST.NAME}'
- expression: '{Template Openshift Node:openshift.node.ovs.pids.count.last()}<>4'
+ - name: '[HEAL] OVS may not be running on {HOST.NAME}'
+ expression: '{Template Openshift Node:openshift.node.ovs.pids.count.last(#1)}<>4 and {Template Openshift Node:openshift.node.ovs.pids.count.last(#2)}<>4'
url: 'https://github.com/openshift/ops-sop/blob/node/V3/Alerts/openshift_node.asciidoc'
priority: high
diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py
index 3046d4d58..e1047e700 100644
--- a/utils/src/ooinstall/cli_installer.py
+++ b/utils/src/ooinstall/cli_installer.py
@@ -722,14 +722,30 @@ def upgrade(ctx):
click.echo("No hosts defined in: %s" % oo_cfg.config_path)
sys.exit(1)
- # Update config to reflect the version we're targetting, we'll write
- # to disk once ansible completes successfully, not before.
old_variant = oo_cfg.settings['variant']
old_version = oo_cfg.settings['variant_version']
- if oo_cfg.settings['variant'] == 'enterprise':
- oo_cfg.settings['variant'] = 'openshift-enterprise'
- version = find_variant(oo_cfg.settings['variant'])[1]
- oo_cfg.settings['variant_version'] = version.name
+
+
+ message = """
+ This tool will help you upgrade your existing OpenShift installation.
+"""
+ click.echo(message)
+ click.echo("Version {} found. Do you want to update to the latest version of {} " \
+ "or migrate to the next major release?".format(old_version, old_version))
+ resp = click.prompt("(1) Update to latest {} (2) Migrate to next relese".format(old_version))
+
+ if resp == "2":
+ # TODO: Make this a lot more flexible
+ new_version = "3.1"
+ # Update config to reflect the version we're targetting, we'll write
+ # to disk once ansible completes successfully, not before.
+ if oo_cfg.settings['variant'] == 'enterprise':
+ oo_cfg.settings['variant'] = 'openshift-enterprise'
+ version = find_variant(oo_cfg.settings['variant'])[1]
+ oo_cfg.settings['variant_version'] = version.name
+ else:
+ new_version = old_version
+
click.echo("Openshift will be upgraded from %s %s to %s %s on the following hosts:\n" % (
old_variant, old_version, oo_cfg.settings['variant'],
oo_cfg.settings['variant_version']))
@@ -743,7 +759,7 @@ def upgrade(ctx):
click.echo("Upgrade cancelled.")
sys.exit(0)
- retcode = openshift_ansible.run_upgrade_playbook(verbose)
+ retcode = openshift_ansible.run_upgrade_playbook(old_version, new_version, verbose)
if retcode > 0:
click.echo("Errors encountered during upgrade, please check %s." %
oo_cfg.settings['ansible_log_path'])
diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py
index 042ce1023..ec49c9601 100644
--- a/utils/src/ooinstall/openshift_ansible.py
+++ b/utils/src/ooinstall/openshift_ansible.py
@@ -237,11 +237,17 @@ def run_uninstall_playbook(verbose=False):
return run_ansible(playbook, inventory_file, facts_env, verbose)
-def run_upgrade_playbook(verbose=False):
+def run_upgrade_playbook(old_version, new_version, verbose=False):
# TODO: do not hardcode the upgrade playbook, add ability to select the
# right playbook depending on the type of upgrade.
- playbook = os.path.join(CFG.settings['ansible_playbook_directory'],
- 'playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml')
+ old_version = old_version.replace('.', '_')
+ new_version = old_version.replace('.', '_')
+ if old_version == new_version:
+ playbook = os.path.join(CFG.settings['ansible_playbook_directory'],
+ 'playbooks/byo/openshift-cluster/upgrades/v{}_minor/upgrade.yml'.format(new_version))
+ else:
+ playbook = os.path.join(CFG.settings['ansible_playbook_directory'],
+ 'playbooks/byo/openshift-cluster/upgrades/v{}_to_v{}/upgrade.yml'.format(old_version, new_version))
# TODO: Upgrade inventory for upgrade?
inventory_file = generate_inventory(CFG.hosts)
facts_env = os.environ.copy()