summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--files/origin-components/apiserver-config.yaml4
-rw-r--r--files/origin-components/apiserver-template.yaml122
-rw-r--r--files/origin-components/rbac-template.yaml92
-rw-r--r--filter_plugins/oo_filters.py316
-rw-r--r--inventory/byo/hosts.origin.example82
-rw-r--r--inventory/byo/hosts.ose.example82
-rw-r--r--playbooks/common/openshift-cluster/config.yml8
-rw-r--r--playbooks/common/openshift-cluster/initialize_facts.yml2
-rw-r--r--playbooks/common/openshift-cluster/openshift_hosted.yml28
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml15
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/etcd.yml20
-rw-r--r--playbooks/common/openshift-cluster/service_catalog.yml1
-rw-r--r--playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml8
-rw-r--r--playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml3
-rw-r--r--playbooks/common/openshift-master/config.yml5
-rw-r--r--playbooks/common/openshift-node/config.yml10
-rw-r--r--roles/ansible_service_broker/defaults/main.yml1
-rw-r--r--roles/ansible_service_broker/tasks/main.yml4
-rw-r--r--roles/calico/tasks/main.yml22
-rw-r--r--roles/docker/tasks/systemcontainer_crio.yml20
-rw-r--r--roles/etcd/meta/main.yml1
-rw-r--r--roles/etcd/tasks/ca.yml2
-rw-r--r--roles/etcd/tasks/ca/deploy.yml (renamed from roles/etcd_ca/tasks/main.yml)4
-rw-r--r--roles/etcd/tasks/client_certificates.yml2
-rw-r--r--roles/etcd/tasks/client_certificates/fetch_from_ca.yml (renamed from roles/etcd_client_certificates/tasks/main.yml)2
-rw-r--r--roles/etcd/tasks/main.yml2
-rw-r--r--roles/etcd/tasks/server_certificates.yml2
-rw-r--r--roles/etcd/tasks/server_certificates/fetch_from_ca.yml (renamed from roles/etcd_server_certificates/tasks/main.yml)8
-rw-r--r--roles/etcd/templates/openssl_append.j2 (renamed from roles/etcd_ca/templates/openssl_append.j2)0
-rw-r--r--roles/etcd_ca/README.md34
-rw-r--r--roles/etcd_client_certificates/README.md34
-rw-r--r--roles/etcd_client_certificates/meta/main.yml16
-rw-r--r--roles/etcd_server_certificates/README.md34
-rw-r--r--roles/etcd_server_certificates/meta/main.yml17
-rw-r--r--roles/flannel/README.md2
-rw-r--r--roles/flannel/meta/main.yml5
-rw-r--r--roles/lib_openshift/library/oc_adm_ca_server_cert.py2
-rw-r--r--roles/lib_openshift/library/oc_adm_csr.py2
-rw-r--r--roles/lib_openshift/library/oc_adm_manage_node.py2
-rw-r--r--roles/lib_openshift/library/oc_adm_policy_group.py2
-rw-r--r--roles/lib_openshift/library/oc_adm_policy_user.py2
-rw-r--r--roles/lib_openshift/library/oc_adm_registry.py2
-rw-r--r--roles/lib_openshift/library/oc_adm_router.py2
-rw-r--r--roles/lib_openshift/library/oc_clusterrole.py2
-rw-r--r--roles/lib_openshift/library/oc_configmap.py2
-rw-r--r--roles/lib_openshift/library/oc_edit.py2
-rw-r--r--roles/lib_openshift/library/oc_env.py2
-rw-r--r--roles/lib_openshift/library/oc_group.py2
-rw-r--r--roles/lib_openshift/library/oc_image.py2
-rw-r--r--roles/lib_openshift/library/oc_label.py2
-rw-r--r--roles/lib_openshift/library/oc_obj.py2
-rw-r--r--roles/lib_openshift/library/oc_objectvalidator.py2
-rw-r--r--roles/lib_openshift/library/oc_process.py2
-rw-r--r--roles/lib_openshift/library/oc_project.py2
-rw-r--r--roles/lib_openshift/library/oc_pvc.py2
-rw-r--r--roles/lib_openshift/library/oc_route.py2
-rw-r--r--roles/lib_openshift/library/oc_scale.py2
-rw-r--r--roles/lib_openshift/library/oc_secret.py2
-rw-r--r--roles/lib_openshift/library/oc_service.py2
-rw-r--r--roles/lib_openshift/library/oc_serviceaccount.py2
-rw-r--r--roles/lib_openshift/library/oc_serviceaccount_secret.py2
-rw-r--r--roles/lib_openshift/library/oc_storageclass.py2
-rw-r--r--roles/lib_openshift/library/oc_user.py2
-rw-r--r--roles/lib_openshift/library/oc_version.py2
-rw-r--r--roles/lib_openshift/library/oc_volume.py2
-rw-r--r--roles/lib_utils/library/yedit.py2
-rw-r--r--roles/lib_utils/src/class/yedit.py2
-rw-r--r--roles/nuage_master/meta/main.yml3
-rw-r--r--roles/openshift_etcd_ca/meta/main.yml18
-rw-r--r--roles/openshift_etcd_client_certificates/meta/main.yml4
-rw-r--r--roles/openshift_etcd_client_certificates/tasks/main.yml4
-rw-r--r--roles/openshift_etcd_server_certificates/meta/main.yml16
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py136
-rw-r--r--roles/openshift_hosted_facts/tasks/main.yml3
-rw-r--r--roles/openshift_logging/defaults/main.yml59
-rw-r--r--roles/openshift_metrics/defaults/main.yaml10
-rw-r--r--roles/openshift_metrics/vars/default_images.yml4
-rw-r--r--roles/openshift_metrics/vars/openshift-enterprise.yml4
-rwxr-xr-xroles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh2
-rw-r--r--roles/openshift_persistent_volumes/meta/main.yml3
-rw-r--r--roles/openshift_sanitize_inventory/filter_plugins/openshift_logging.py25
-rw-r--r--roles/openshift_sanitize_inventory/library/conditional_set_fact.py68
-rw-r--r--roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml48
-rw-r--r--roles/openshift_sanitize_inventory/tasks/__deprecations_metrics.yml17
-rw-r--r--roles/openshift_sanitize_inventory/tasks/deprecations.yml21
-rw-r--r--roles/openshift_sanitize_inventory/tasks/main.yml4
-rw-r--r--roles/openshift_sanitize_inventory/vars/main.yml74
-rw-r--r--roles/openshift_service_catalog/files/openshift-ansible-catalog-console.js3
-rw-r--r--roles/openshift_service_catalog/tasks/install.yml9
-rw-r--r--roles/openshift_storage_nfs/tasks/main.yml6
-rw-r--r--roles/openshift_storage_nfs/templates/exports.j26
-rw-r--r--roles/openshift_version/tasks/main.yml9
-rw-r--r--roles/template_service_broker/defaults/main.yml4
-rw-r--r--roles/template_service_broker/files/openshift-ansible-catalog-console.js1
-rw-r--r--roles/template_service_broker/files/remove-openshift-ansible-catalog-console.js2
-rw-r--r--roles/template_service_broker/meta/main.yml (renamed from roles/etcd_ca/meta/main.yml)7
-rw-r--r--roles/template_service_broker/tasks/install.yml47
-rw-r--r--roles/template_service_broker/tasks/main.yml8
-rw-r--r--roles/template_service_broker/tasks/remove.yml28
-rw-r--r--roles/template_service_broker/vars/default_images.yml2
-rw-r--r--roles/template_service_broker/vars/main.yml6
-rw-r--r--roles/template_service_broker/vars/openshift-enterprise.yml2
102 files changed, 1161 insertions, 574 deletions
diff --git a/files/origin-components/apiserver-config.yaml b/files/origin-components/apiserver-config.yaml
new file mode 100644
index 000000000..e4048d1da
--- /dev/null
+++ b/files/origin-components/apiserver-config.yaml
@@ -0,0 +1,4 @@
+kind: TemplateServiceBrokerConfig
+apiVersion: config.templateservicebroker.openshift.io/v1
+templateNamespaces:
+- openshift
diff --git a/files/origin-components/apiserver-template.yaml b/files/origin-components/apiserver-template.yaml
new file mode 100644
index 000000000..1b42597af
--- /dev/null
+++ b/files/origin-components/apiserver-template.yaml
@@ -0,0 +1,122 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+ name: template-service-broker-apiserver
+parameters:
+- name: IMAGE
+ value: openshift/origin:latest
+- name: NAMESPACE
+ value: openshift-template-service-broker
+- name: LOGLEVEL
+ value: "0"
+- name: API_SERVER_CONFIG
+ value: |
+ kind: TemplateServiceBrokerConfig
+ apiVersion: config.templateservicebroker.openshift.io/v1
+ templateNamespaces:
+ - openshift
+objects:
+
+# to create the tsb server
+- apiVersion: extensions/v1beta1
+ kind: DaemonSet
+ metadata:
+ namespace: ${NAMESPACE}
+ name: apiserver
+ labels:
+ apiserver: "true"
+ spec:
+ template:
+ metadata:
+ name: apiserver
+ labels:
+ apiserver: "true"
+ spec:
+ serviceAccountName: apiserver
+ containers:
+ - name: c
+ image: ${IMAGE}
+ imagePullPolicy: IfNotPresent
+ command:
+ - "/usr/bin/openshift"
+ - "start"
+ - "template-service-broker"
+ - "--secure-port=8443"
+ - "--audit-log-path=-"
+ - "--tls-cert-file=/var/serving-cert/tls.crt"
+ - "--tls-private-key-file=/var/serving-cert/tls.key"
+ - "--loglevel=${LOGLEVEL}"
+ - "--config=/var/apiserver-config/apiserver-config.yaml"
+ ports:
+ - containerPort: 8443
+ volumeMounts:
+ - mountPath: /var/serving-cert
+ name: serving-cert
+ - mountPath: /var/apiserver-config
+ name: apiserver-config
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: 8443
+ scheme: HTTPS
+ volumes:
+ - name: serving-cert
+ secret:
+ defaultMode: 420
+ secretName: apiserver-serving-cert
+ - name: apiserver-config
+ configMap:
+ defaultMode: 420
+ name: apiserver-config
+
+# to create the config for the TSB
+- apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ namespace: ${NAMESPACE}
+ name: apiserver-config
+ data:
+ apiserver-config.yaml: ${API_SERVER_CONFIG}
+
+# to be able to assign powers to the process
+- apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ namespace: ${NAMESPACE}
+ name: apiserver
+
+# to be able to expose TSB inside the cluster
+- apiVersion: v1
+ kind: Service
+ metadata:
+ namespace: ${NAMESPACE}
+ name: apiserver
+ annotations:
+ service.alpha.openshift.io/serving-cert-secret-name: apiserver-serving-cert
+ spec:
+ selector:
+ apiserver: "true"
+ ports:
+ - port: 443
+ targetPort: 8443
+
+# This service account will be granted permission to call the TSB.
+# The token for this SA will be provided to the service catalog for
+# use when calling the TSB.
+- apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ namespace: ${NAMESPACE}
+ name: templateservicebroker-client
+
+# This secret will be populated with a copy of the templateservicebroker-client SA's
+# auth token. Since this secret has a static name, it can be referenced more
+# easily than the auto-generated secret for the service account.
+- apiVersion: v1
+ kind: Secret
+ metadata:
+ namespace: ${NAMESPACE}
+ name: templateservicebroker-client
+ annotations:
+ kubernetes.io/service-account.name: templateservicebroker-client
+ type: kubernetes.io/service-account-token
diff --git a/files/origin-components/rbac-template.yaml b/files/origin-components/rbac-template.yaml
new file mode 100644
index 000000000..0937a9065
--- /dev/null
+++ b/files/origin-components/rbac-template.yaml
@@ -0,0 +1,92 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+ name: template-service-broker-rbac
+parameters:
+- name: NAMESPACE
+ value: openshift-template-service-broker
+- name: KUBE_SYSTEM
+ value: kube-system
+objects:
+
+# Grant the service account permission to call the TSB
+- apiVersion: rbac.authorization.k8s.io/v1beta1
+ kind: ClusterRoleBinding
+ metadata:
+ name: templateservicebroker-client
+ roleRef:
+ kind: ClusterRole
+ name: system:openshift:templateservicebroker-client
+ subjects:
+ - kind: ServiceAccount
+ namespace: ${NAMESPACE}
+ name: templateservicebroker-client
+
+# to delegate authentication and authorization
+- apiVersion: rbac.authorization.k8s.io/v1beta1
+ kind: ClusterRoleBinding
+ metadata:
+ name: auth-delegator-${NAMESPACE}
+ roleRef:
+ kind: ClusterRole
+ name: system:auth-delegator
+ subjects:
+ - kind: ServiceAccount
+ namespace: ${NAMESPACE}
+ name: apiserver
+
+# to have the template service broker powers
+- apiVersion: rbac.authorization.k8s.io/v1beta1
+ kind: ClusterRoleBinding
+ metadata:
+ name: tsb-${NAMESPACE}
+ roleRef:
+ kind: ClusterRole
+ name: system:openshift:controller:template-service-broker
+ subjects:
+ - kind: ServiceAccount
+ namespace: ${NAMESPACE}
+ name: apiserver
+
+# to read the config for terminating authentication
+- apiVersion: rbac.authorization.k8s.io/v1beta1
+ kind: RoleBinding
+ metadata:
+ namespace: ${KUBE_SYSTEM}
+ name: extension-apiserver-authentication-reader-${NAMESPACE}
+ roleRef:
+ kind: Role
+ name: extension-apiserver-authentication-reader
+ subjects:
+ - kind: ServiceAccount
+ namespace: ${NAMESPACE}
+ name: apiserver
+
+# allow the kube service catalog's SA to read the static secret defined
+# above, which will contain the token for the SA that can call the TSB.
+- apiVersion: rbac.authorization.k8s.io/v1beta1
+ kind: Role
+ metadata:
+ name: templateservicebroker-auth-reader
+ namespace: ${NAMESPACE}
+ rules:
+ - apiGroups:
+ - ""
+ resourceNames:
+ - templateservicebroker-client
+ resources:
+ - secrets
+ verbs:
+ - get
+- apiVersion: rbac.authorization.k8s.io/v1beta1
+ kind: RoleBinding
+ metadata:
+ namespace: ${NAMESPACE}
+ name: templateservicebroker-auth-reader
+ roleRef:
+ kind: Role
+ name: templateservicebroker-auth-reader
+ subjects:
+ - kind: ServiceAccount
+ namespace: kube-service-catalog
+ name: service-catalog-controller
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index 902436302..f0f250480 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -716,6 +716,100 @@ def oo_openshift_env(hostvars):
# pylint: disable=too-many-branches, too-many-nested-blocks, too-many-statements
+def oo_component_persistent_volumes(hostvars, groups, component):
+ """ Generate list of persistent volumes based on oo_openshift_env
+ storage options set in host variables for a specific component.
+ """
+ if not issubclass(type(hostvars), dict):
+ raise errors.AnsibleFilterError("|failed expects hostvars is a dict")
+ if not issubclass(type(groups), dict):
+ raise errors.AnsibleFilterError("|failed expects groups is a dict")
+
+ persistent_volume = None
+
+ if component in hostvars['openshift']:
+ if 'storage' in hostvars['openshift'][component]:
+ params = hostvars['openshift'][component]['storage']
+ kind = params['kind']
+ create_pv = params['create_pv']
+ if kind is not None and create_pv:
+ if kind == 'nfs':
+ host = params['host']
+ if host is None:
+ if 'oo_nfs_to_config' in groups and len(groups['oo_nfs_to_config']) > 0:
+ host = groups['oo_nfs_to_config'][0]
+ else:
+ raise errors.AnsibleFilterError("|failed no storage host detected")
+ directory = params['nfs']['directory']
+ volume = params['volume']['name']
+ path = directory + '/' + volume
+ size = params['volume']['size']
+ if 'labels' in params:
+ labels = params['labels']
+ else:
+ labels = dict()
+ access_modes = params['access']['modes']
+ persistent_volume = dict(
+ name="{0}-volume".format(volume),
+ capacity=size,
+ labels=labels,
+ access_modes=access_modes,
+ storage=dict(
+ nfs=dict(
+ server=host,
+ path=path)))
+
+ elif kind == 'openstack':
+ volume = params['volume']['name']
+ size = params['volume']['size']
+ if 'labels' in params:
+ labels = params['labels']
+ else:
+ labels = dict()
+ access_modes = params['access']['modes']
+ filesystem = params['openstack']['filesystem']
+ volume_id = params['openstack']['volumeID']
+ persistent_volume = dict(
+ name="{0}-volume".format(volume),
+ capacity=size,
+ labels=labels,
+ access_modes=access_modes,
+ storage=dict(
+ cinder=dict(
+ fsType=filesystem,
+ volumeID=volume_id)))
+
+ elif kind == 'glusterfs':
+ volume = params['volume']['name']
+ size = params['volume']['size']
+ if 'labels' in params:
+ labels = params['labels']
+ else:
+ labels = dict()
+ access_modes = params['access']['modes']
+ endpoints = params['glusterfs']['endpoints']
+ path = params['glusterfs']['path']
+ read_only = params['glusterfs']['readOnly']
+ persistent_volume = dict(
+ name="{0}-volume".format(volume),
+ capacity=size,
+ labels=labels,
+ access_modes=access_modes,
+ storage=dict(
+ glusterfs=dict(
+ endpoints=endpoints,
+ path=path,
+ readOnly=read_only)))
+
+ elif not (kind == 'object' or kind == 'dynamic'):
+ msg = "|failed invalid storage kind '{0}' for component '{1}'".format(
+ kind,
+ component)
+ raise errors.AnsibleFilterError(msg)
+ return persistent_volume
+
+
+# pylint: disable=too-many-branches, too-many-nested-blocks, too-many-statements
def oo_persistent_volumes(hostvars, groups, persistent_volumes=None):
""" Generate list of persistent volumes based on oo_openshift_env
storage options set in host variables.
@@ -734,84 +828,122 @@ def oo_persistent_volumes(hostvars, groups, persistent_volumes=None):
if 'storage' in hostvars['openshift']['hosted'][component]:
params = hostvars['openshift']['hosted'][component]['storage']
kind = params['kind']
- create_pv = params['create_pv']
- if kind is not None and create_pv:
- if kind == 'nfs':
- host = params['host']
- if host is None:
- if 'oo_nfs_to_config' in groups and len(groups['oo_nfs_to_config']) > 0:
- host = groups['oo_nfs_to_config'][0]
+ if 'create_pv' in params:
+ create_pv = params['create_pv']
+ if kind is not None and create_pv:
+ if kind == 'nfs':
+ host = params['host']
+ if host is None:
+ if 'oo_nfs_to_config' in groups and len(groups['oo_nfs_to_config']) > 0:
+ host = groups['oo_nfs_to_config'][0]
+ else:
+ raise errors.AnsibleFilterError("|failed no storage host detected")
+ directory = params['nfs']['directory']
+ volume = params['volume']['name']
+ path = directory + '/' + volume
+ size = params['volume']['size']
+ if 'labels' in params:
+ labels = params['labels']
else:
- raise errors.AnsibleFilterError("|failed no storage host detected")
- directory = params['nfs']['directory']
- volume = params['volume']['name']
- path = directory + '/' + volume
- size = params['volume']['size']
- if 'labels' in params:
- labels = params['labels']
- else:
- labels = dict()
- access_modes = params['access']['modes']
- persistent_volume = dict(
- name="{0}-volume".format(volume),
- capacity=size,
- labels=labels,
- access_modes=access_modes,
- storage=dict(
- nfs=dict(
- server=host,
- path=path)))
- persistent_volumes.append(persistent_volume)
- elif kind == 'openstack':
- volume = params['volume']['name']
- size = params['volume']['size']
- if 'labels' in params:
- labels = params['labels']
- else:
- labels = dict()
- access_modes = params['access']['modes']
- filesystem = params['openstack']['filesystem']
- volume_id = params['openstack']['volumeID']
- persistent_volume = dict(
- name="{0}-volume".format(volume),
- capacity=size,
- labels=labels,
- access_modes=access_modes,
- storage=dict(
- cinder=dict(
- fsType=filesystem,
- volumeID=volume_id)))
- persistent_volumes.append(persistent_volume)
- elif kind == 'glusterfs':
- volume = params['volume']['name']
- size = params['volume']['size']
- if 'labels' in params:
- labels = params['labels']
- else:
- labels = dict()
- access_modes = params['access']['modes']
- endpoints = params['glusterfs']['endpoints']
- path = params['glusterfs']['path']
- read_only = params['glusterfs']['readOnly']
- persistent_volume = dict(
- name="{0}-volume".format(volume),
- capacity=size,
- labels=labels,
- access_modes=access_modes,
- storage=dict(
- glusterfs=dict(
- endpoints=endpoints,
- path=path,
- readOnly=read_only)))
- persistent_volumes.append(persistent_volume)
- elif not (kind == 'object' or kind == 'dynamic'):
- msg = "|failed invalid storage kind '{0}' for component '{1}'".format(
- kind,
- component)
- raise errors.AnsibleFilterError(msg)
+ labels = dict()
+ access_modes = params['access']['modes']
+ persistent_volume = dict(
+ name="{0}-volume".format(volume),
+ capacity=size,
+ labels=labels,
+ access_modes=access_modes,
+ storage=dict(
+ nfs=dict(
+ server=host,
+ path=path)))
+ persistent_volumes.append(persistent_volume)
+ elif kind == 'openstack':
+ volume = params['volume']['name']
+ size = params['volume']['size']
+ if 'labels' in params:
+ labels = params['labels']
+ else:
+ labels = dict()
+ access_modes = params['access']['modes']
+ filesystem = params['openstack']['filesystem']
+ volume_id = params['openstack']['volumeID']
+ persistent_volume = dict(
+ name="{0}-volume".format(volume),
+ capacity=size,
+ labels=labels,
+ access_modes=access_modes,
+ storage=dict(
+ cinder=dict(
+ fsType=filesystem,
+ volumeID=volume_id)))
+ persistent_volumes.append(persistent_volume)
+ elif kind == 'glusterfs':
+ volume = params['volume']['name']
+ size = params['volume']['size']
+ if 'labels' in params:
+ labels = params['labels']
+ else:
+ labels = dict()
+ access_modes = params['access']['modes']
+ endpoints = params['glusterfs']['endpoints']
+ path = params['glusterfs']['path']
+ read_only = params['glusterfs']['readOnly']
+ persistent_volume = dict(
+ name="{0}-volume".format(volume),
+ capacity=size,
+ labels=labels,
+ access_modes=access_modes,
+ storage=dict(
+ glusterfs=dict(
+ endpoints=endpoints,
+ path=path,
+ readOnly=read_only)))
+ persistent_volumes.append(persistent_volume)
+ elif not (kind == 'object' or kind == 'dynamic'):
+ msg = "|failed invalid storage kind '{0}' for component '{1}'".format(
+ kind,
+ component)
+ raise errors.AnsibleFilterError(msg)
+ if 'logging' in hostvars['openshift']:
+ persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'logging')
+ if persistent_volume is not None:
+ persistent_volumes.append(persistent_volume)
+ if 'loggingops' in hostvars['openshift']:
+ persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'loggingops')
+ if persistent_volume is not None:
+ persistent_volumes.append(persistent_volume)
+ if 'metrics' in hostvars['openshift']:
+ persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'metrics')
+ if persistent_volume is not None:
+ persistent_volumes.append(persistent_volume)
return persistent_volumes
+def oo_component_pv_claims(hostvars, component):
+ """ Generate list of persistent volume claims based on oo_openshift_env
+ storage options set in host variables for a speicific component.
+ """
+ if not issubclass(type(hostvars), dict):
+ raise errors.AnsibleFilterError("|failed expects hostvars is a dict")
+
+ if component in hostvars['openshift']:
+ if 'storage' in hostvars['openshift'][component]:
+ params = hostvars['openshift'][component]['storage']
+ kind = params['kind']
+ create_pv = params['create_pv']
+ create_pvc = params['create_pvc']
+ if kind not in [None, 'object'] and create_pv and create_pvc:
+ volume = params['volume']['name']
+ size = params['volume']['size']
+ access_modes = params['access']['modes']
+ persistent_volume_claim = dict(
+ name="{0}-claim".format(volume),
+ capacity=size,
+ access_modes=access_modes)
+ return persistent_volume_claim
+ return None
+
+
def oo_persistent_volume_claims(hostvars, persistent_volume_claims=None):
""" Generate list of persistent volume claims based on oo_openshift_env
storage options set in host variables.
@@ -828,17 +960,31 @@ def oo_persistent_volume_claims(hostvars, persistent_volume_claims=None):
if 'storage' in hostvars['openshift']['hosted'][component]:
params = hostvars['openshift']['hosted'][component]['storage']
kind = params['kind']
- create_pv = params['create_pv']
- create_pvc = params['create_pvc']
- if kind not in [None, 'object'] and create_pv and create_pvc:
- volume = params['volume']['name']
- size = params['volume']['size']
- access_modes = params['access']['modes']
- persistent_volume_claim = dict(
- name="{0}-claim".format(volume),
- capacity=size,
- access_modes=access_modes)
- persistent_volume_claims.append(persistent_volume_claim)
+ if 'create_pv' in params:
+ if 'create_pvc' in params:
+ create_pv = params['create_pv']
+ create_pvc = params['create_pvc']
+ if kind not in [None, 'object'] and create_pv and create_pvc:
+ volume = params['volume']['name']
+ size = params['volume']['size']
+ access_modes = params['access']['modes']
+ persistent_volume_claim = dict(
+ name="{0}-claim".format(volume),
+ capacity=size,
+ access_modes=access_modes)
+ persistent_volume_claims.append(persistent_volume_claim)
+ if 'logging' in hostvars['openshift']:
+ persistent_volume_claim = oo_component_pv_claims(hostvars, 'logging')
+ if persistent_volume_claim is not None:
+ persistent_volume_claims.append(persistent_volume_claim)
+ if 'loggingops' in hostvars['openshift']:
+ persistent_volume_claim = oo_component_pv_claims(hostvars, 'loggingops')
+ if persistent_volume_claim is not None:
+ persistent_volume_claims.append(persistent_volume_claim)
+ if 'metrics' in hostvars['openshift']:
+ persistent_volume_claim = oo_component_pv_claims(hostvars, 'metrics')
+ if persistent_volume_claim is not None:
+ persistent_volume_claims.append(persistent_volume_claim)
return persistent_volume_claims
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index 486fe56a0..9d811fcab 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -119,7 +119,7 @@ openshift_release=v3.7
# will be built off of the deployment type and ansible_distribution. Only
# use this option if you are sure you know what you are doing!
#openshift_docker_systemcontainer_image_override="registry.example.com/container-engine:latest"
-#openshift_crio_systemcontainer_image_registry_override="registry.example.com"
+#openshift_crio_systemcontainer_image_override="registry.example.com/cri-o:latest"
# Items added, as is, to end of /etc/sysconfig/docker OPTIONS
# Default value: "--log-driver=journald"
#openshift_docker_options="-l warn --ipv6=false"
@@ -491,10 +491,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html
#
# By default metrics are not automatically deployed, set this to enable them
-# openshift_hosted_metrics_deploy=true
+#openshift_metrics_install_metrics=true
#
# Storage Options
-# If openshift_hosted_metrics_storage_kind is unset then metrics will be stored
+# If openshift_metrics_storage_kind is unset then metrics will be stored
# in an EmptyDir volume and will be deleted when the cassandra pod terminates.
# Storage options A & B currently support only one cassandra pod which is
# generally enough for up to 1000 pods. Additional volumes can be created
@@ -504,29 +504,29 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# An NFS volume will be created with path "nfs_directory/volume_name"
# on the host within the [nfs] host group. For example, the volume
# path using these options would be "/exports/metrics"
-#openshift_hosted_metrics_storage_kind=nfs
-#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce']
-#openshift_hosted_metrics_storage_nfs_directory=/exports
-#openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)'
-#openshift_hosted_metrics_storage_volume_name=metrics
-#openshift_hosted_metrics_storage_volume_size=10Gi
-#openshift_hosted_metrics_storage_labels={'storage': 'metrics'}
+#openshift_metrics_storage_kind=nfs
+#openshift_metrics_storage_access_modes=['ReadWriteOnce']
+#openshift_metrics_storage_nfs_directory=/exports
+#openshift_metrics_storage_nfs_options='*(rw,root_squash)'
+#openshift_metrics_storage_volume_name=metrics
+#openshift_metrics_storage_volume_size=10Gi
+#openshift_metrics_storage_labels={'storage': 'metrics'}
#
# Option B - External NFS Host
# NFS volume must already exist with path "nfs_directory/_volume_name" on
# the storage_host. For example, the remote volume path using these
# options would be "nfs.example.com:/exports/metrics"
-#openshift_hosted_metrics_storage_kind=nfs
-#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce']
-#openshift_hosted_metrics_storage_host=nfs.example.com
-#openshift_hosted_metrics_storage_nfs_directory=/exports
-#openshift_hosted_metrics_storage_volume_name=metrics
-#openshift_hosted_metrics_storage_volume_size=10Gi
-#openshift_hosted_metrics_storage_labels={'storage': 'metrics'}
+#openshift_metrics_storage_kind=nfs
+#openshift_metrics_storage_access_modes=['ReadWriteOnce']
+#openshift_metrics_storage_host=nfs.example.com
+#openshift_metrics_storage_nfs_directory=/exports
+#openshift_metrics_storage_volume_name=metrics
+#openshift_metrics_storage_volume_size=10Gi
+#openshift_metrics_storage_labels={'storage': 'metrics'}
#
# Option C - Dynamic -- If openshift supports dynamic volume provisioning for
# your cloud platform use this.
-#openshift_hosted_metrics_storage_kind=dynamic
+#openshift_metrics_storage_kind=dynamic
#
# Other Metrics Options -- Common items you may wish to reconfigure, for the complete
# list of options please see roles/openshift_metrics/README.md
@@ -535,10 +535,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics
# Currently, you may only alter the hostname portion of the url, alterting the
# `/hawkular/metrics` path will break installation of metrics.
-#openshift_hosted_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics
+#openshift_metrics_hawkular_hostname=https://hawkular-metrics.example.com/hawkular/metrics
# Configure the prefix and version for the component images
-#openshift_hosted_metrics_deployer_prefix=docker.io/openshift/origin-
-#openshift_hosted_metrics_deployer_version=v3.7.0
+#openshift_metrics_image_prefix=docker.io/openshift/origin-
+#openshift_metrics_image_version=v3.7.0
#
# StorageClass
# openshift_storageclass_name=gp2
@@ -548,36 +548,36 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Logging deployment
#
# Currently logging deployment is disabled by default, enable it by setting this
-#openshift_hosted_logging_deploy=true
+#openshift_logging_install_logging=true
#
# Logging storage config
# Option A - NFS Host Group
# An NFS volume will be created with path "nfs_directory/volume_name"
# on the host within the [nfs] host group. For example, the volume
# path using these options would be "/exports/logging"
-#openshift_hosted_logging_storage_kind=nfs
-#openshift_hosted_logging_storage_access_modes=['ReadWriteOnce']
-#openshift_hosted_logging_storage_nfs_directory=/exports
-#openshift_hosted_logging_storage_nfs_options='*(rw,root_squash)'
-#openshift_hosted_logging_storage_volume_name=logging
-#openshift_hosted_logging_storage_volume_size=10Gi
-#openshift_hosted_logging_storage_labels={'storage': 'logging'}
+#openshift_logging_storage_kind=nfs
+#openshift_logging_storage_access_modes=['ReadWriteOnce']
+#openshift_logging_storage_nfs_directory=/exports
+#openshift_logging_storage_nfs_options='*(rw,root_squash)'
+#openshift_logging_storage_volume_name=logging
+#openshift_logging_storage_volume_size=10Gi
+#openshift_logging_storage_labels={'storage': 'logging'}
#
# Option B - External NFS Host
# NFS volume must already exist with path "nfs_directory/_volume_name" on
# the storage_host. For example, the remote volume path using these
# options would be "nfs.example.com:/exports/logging"
-#openshift_hosted_logging_storage_kind=nfs
-#openshift_hosted_logging_storage_access_modes=['ReadWriteOnce']
-#openshift_hosted_logging_storage_host=nfs.example.com
-#openshift_hosted_logging_storage_nfs_directory=/exports
-#openshift_hosted_logging_storage_volume_name=logging
-#openshift_hosted_logging_storage_volume_size=10Gi
-#openshift_hosted_logging_storage_labels={'storage': 'logging'}
+#openshift_logging_storage_kind=nfs
+#openshift_logging_storage_access_modes=['ReadWriteOnce']
+#openshift_logging_storage_host=nfs.example.com
+#openshift_logging_storage_nfs_directory=/exports
+#openshift_logging_storage_volume_name=logging
+#openshift_logging_storage_volume_size=10Gi
+#openshift_logging_storage_labels={'storage': 'logging'}
#
# Option C - Dynamic -- If openshift supports dynamic volume provisioning for
# your cloud platform use this.
-#openshift_hosted_logging_storage_kind=dynamic
+#openshift_logging_storage_kind=dynamic
#
# Option D - none -- Logging will use emptydir volumes which are destroyed when
# pods are deleted
@@ -587,13 +587,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#
# Configure loggingPublicURL in the master config for aggregate logging, defaults
# to kibana.{{ openshift_master_default_subdomain }}
-#openshift_hosted_logging_hostname=logging.apps.example.com
+#openshift_logging_kibana_hostname=logging.apps.example.com
# Configure the number of elastic search nodes, unless you're using dynamic provisioning
# this value must be 1
-#openshift_hosted_logging_elasticsearch_cluster_size=1
+#openshift_logging_es_cluster_size=1
# Configure the prefix and version for the component images
-#openshift_hosted_logging_deployer_prefix=docker.io/openshift/origin-
-#openshift_hosted_logging_deployer_version=v3.7.0
+#openshift_logging_image_prefix=docker.io/openshift/origin-
+#openshift_logging_image_version=v3.7.0
# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index 92a0927e5..e6deda4ac 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -119,7 +119,7 @@ openshift_release=v3.7
# will be built off of the deployment type and ansible_distribution. Only
# use this option if you are sure you know what you are doing!
#openshift_docker_systemcontainer_image_override="registry.example.com/container-engine:latest"
-#openshift_crio_systemcontainer_image_registry_override="registry.example.com"
+#openshift_crio_systemcontainer_image_override="registry.example.com/cri-o:latest"
# Items added, as is, to end of /etc/sysconfig/docker OPTIONS
# Default value: "--log-driver=journald"
#openshift_docker_options="-l warn --ipv6=false"
@@ -499,10 +499,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html
#
# By default metrics are not automatically deployed, set this to enable them
-# openshift_hosted_metrics_deploy=true
+#openshift_metrics_install_metrics=true
#
# Storage Options
-# If openshift_hosted_metrics_storage_kind is unset then metrics will be stored
+# If openshift_metrics_storage_kind is unset then metrics will be stored
# in an EmptyDir volume and will be deleted when the cassandra pod terminates.
# Storage options A & B currently support only one cassandra pod which is
# generally enough for up to 1000 pods. Additional volumes can be created
@@ -512,29 +512,29 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# An NFS volume will be created with path "nfs_directory/volume_name"
# on the host within the [nfs] host group. For example, the volume
# path using these options would be "/exports/metrics"
-#openshift_hosted_metrics_storage_kind=nfs
-#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce']
-#openshift_hosted_metrics_storage_nfs_directory=/exports
-#openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)'
-#openshift_hosted_metrics_storage_volume_name=metrics
-#openshift_hosted_metrics_storage_volume_size=10Gi
-#openshift_hosted_metrics_storage_labels={'storage': 'metrics'}
+#openshift_metrics_storage_kind=nfs
+#openshift_metrics_storage_access_modes=['ReadWriteOnce']
+#openshift_metrics_storage_nfs_directory=/exports
+#openshift_metrics_storage_nfs_options='*(rw,root_squash)'
+#openshift_metrics_storage_volume_name=metrics
+#openshift_metrics_storage_volume_size=10Gi
+#openshift_metrics_storage_labels={'storage': 'metrics'}
#
# Option B - External NFS Host
# NFS volume must already exist with path "nfs_directory/_volume_name" on
# the storage_host. For example, the remote volume path using these
# options would be "nfs.example.com:/exports/metrics"
-#openshift_hosted_metrics_storage_kind=nfs
-#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce']
-#openshift_hosted_metrics_storage_host=nfs.example.com
-#openshift_hosted_metrics_storage_nfs_directory=/exports
-#openshift_hosted_metrics_storage_volume_name=metrics
-#openshift_hosted_metrics_storage_volume_size=10Gi
-#openshift_hosted_metrics_storage_labels={'storage': 'metrics'}
+#openshift_metrics_storage_kind=nfs
+#openshift_metrics_storage_access_modes=['ReadWriteOnce']
+#openshift_metrics_storage_host=nfs.example.com
+#openshift_metrics_storage_nfs_directory=/exports
+#openshift_metrics_storage_volume_name=metrics
+#openshift_metrics_storage_volume_size=10Gi
+#openshift_metrics_storage_labels={'storage': 'metrics'}
#
# Option C - Dynamic -- If openshift supports dynamic volume provisioning for
# your cloud platform use this.
-#openshift_hosted_metrics_storage_kind=dynamic
+#openshift_metrics_storage_kind=dynamic
#
# Other Metrics Options -- Common items you may wish to reconfigure, for the complete
# list of options please see roles/openshift_metrics/README.md
@@ -543,10 +543,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics
# Currently, you may only alter the hostname portion of the url, alterting the
# `/hawkular/metrics` path will break installation of metrics.
-#openshift_hosted_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics
+#openshift_metrics_hawkular_hostname=https://hawkular-metrics.example.com/hawkular/metrics
# Configure the prefix and version for the component images
-#openshift_hosted_metrics_deployer_prefix=registry.example.com:8888/openshift3/
-#openshift_hosted_metrics_deployer_version=3.7.0
+#openshift_metrics_image_prefix=registry.example.com:8888/openshift3/
+#openshift_metrics_image_version=3.7.0
#
# StorageClass
# openshift_storageclass_name=gp2
@@ -556,36 +556,36 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Logging deployment
#
# Currently logging deployment is disabled by default, enable it by setting this
-#openshift_hosted_logging_deploy=true
+#openshift_logging_install_logging=true
#
# Logging storage config
# Option A - NFS Host Group
# An NFS volume will be created with path "nfs_directory/volume_name"
# on the host within the [nfs] host group. For example, the volume
# path using these options would be "/exports/logging"
-#openshift_hosted_logging_storage_kind=nfs
-#openshift_hosted_logging_storage_access_modes=['ReadWriteOnce']
-#openshift_hosted_logging_storage_nfs_directory=/exports
-#openshift_hosted_logging_storage_nfs_options='*(rw,root_squash)'
-#openshift_hosted_logging_storage_volume_name=logging
-#openshift_hosted_logging_storage_volume_size=10Gi
-#openshift_hosted_logging_storage_labels={'storage': 'logging'}
+#openshift_logging_storage_kind=nfs
+#openshift_logging_storage_access_modes=['ReadWriteOnce']
+#openshift_logging_storage_nfs_directory=/exports
+#openshift_logging_storage_nfs_options='*(rw,root_squash)'
+#openshift_logging_storage_volume_name=logging
+#openshift_logging_storage_volume_size=10Gi
+#openshift_logging_storage_labels={'storage': 'logging'}
#
# Option B - External NFS Host
# NFS volume must already exist with path "nfs_directory/_volume_name" on
# the storage_host. For example, the remote volume path using these
# options would be "nfs.example.com:/exports/logging"
-#openshift_hosted_logging_storage_kind=nfs
-#openshift_hosted_logging_storage_access_modes=['ReadWriteOnce']
-#openshift_hosted_logging_storage_host=nfs.example.com
-#openshift_hosted_logging_storage_nfs_directory=/exports
-#openshift_hosted_logging_storage_volume_name=logging
-#openshift_hosted_logging_storage_volume_size=10Gi
-#openshift_hosted_logging_storage_labels={'storage': 'logging'}
+#openshift_logging_storage_kind=nfs
+#openshift_logging_storage_access_modes=['ReadWriteOnce']
+#openshift_logging_storage_host=nfs.example.com
+#openshift_logging_storage_nfs_directory=/exports
+#openshift_logging_storage_volume_name=logging
+#openshift_logging_storage_volume_size=10Gi
+#openshift_logging_storage_labels={'storage': 'logging'}
#
# Option C - Dynamic -- If openshift supports dynamic volume provisioning for
# your cloud platform use this.
-#openshift_hosted_logging_storage_kind=dynamic
+#openshift_logging_storage_kind=dynamic
#
# Option D - none -- Logging will use emptydir volumes which are destroyed when
# pods are deleted
@@ -595,13 +595,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#
# Configure loggingPublicURL in the master config for aggregate logging, defaults
# to kibana.{{ openshift_master_default_subdomain }}
-#openshift_hosted_logging_hostname=logging.apps.example.com
+#openshift_logging_kibana_hostname=logging.apps.example.com
# Configure the number of elastic search nodes, unless you're using dynamic provisioning
# this value must be 1
-#openshift_hosted_logging_elasticsearch_cluster_size=1
+#openshift_logging_es_cluster_size=1
# Configure the prefix and version for the component images
-#openshift_hosted_logging_deployer_prefix=registry.example.com:8888/openshift3/
-#openshift_hosted_logging_deployer_version=3.7.0
+#openshift_logging_image_prefix=registry.example.com:8888/openshift3/
+#openshift_logging_image_version=3.7.0
# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index fcceb37b7..804ea8eb8 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -73,3 +73,11 @@
- openshift_enable_service_catalog | default(false) | bool
tags:
- servicecatalog
+
+- name: Print deprecated variable warning message if necessary
+ hosts: oo_first_master
+ gather_facts: no
+ tasks:
+ - debug: msg="{{__deprecation_message}}"
+ when:
+ - __deprecation_message | default ('') | length > 0
diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml
index 0723575c2..517023ba1 100644
--- a/playbooks/common/openshift-cluster/initialize_facts.yml
+++ b/playbooks/common/openshift-cluster/initialize_facts.yml
@@ -94,7 +94,7 @@
with_items:
- iproute
- "{{ 'python3-dbus' if ansible_distribution == 'Fedora' else 'python-dbus' }}"
- - PyYAML
+ - "{{ 'python3-PyYAML' if ansible_distribution == 'Fedora' else 'PyYAML' }}"
- yum-utils
- name: Ensure various deps for running system containers are installed
diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml
index 75339f6df..0e970f376 100644
--- a/playbooks/common/openshift-cluster/openshift_hosted.yml
+++ b/playbooks/common/openshift-cluster/openshift_hosted.yml
@@ -19,31 +19,15 @@
openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master"
- - set_fact:
- logging_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}"
- logging_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}"
- logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default(openshift.master.public_api_url) }}"
- logging_elasticsearch_cluster_size: "{{ openshift_hosted_logging_elasticsearch_cluster_size | default(1) }}"
- logging_elasticsearch_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}"
+
roles:
- role: openshift_default_storage_class
when: openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce')
- role: openshift_hosted
- role: openshift_metrics
- when: openshift_hosted_metrics_deploy | default(false) | bool
+ when: openshift_metrics_install_metrics | default(false) | bool
- role: openshift_logging
- when: openshift_hosted_logging_deploy | default(false) | bool
- openshift_hosted_logging_hostname: "{{ logging_hostname }}"
- openshift_hosted_logging_ops_hostname: "{{ logging_ops_hostname }}"
- openshift_hosted_logging_master_public_url: "{{ logging_master_public_url }}"
- openshift_hosted_logging_elasticsearch_cluster_size: "{{ logging_elasticsearch_cluster_size }}"
- openshift_hosted_logging_elasticsearch_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}"
- openshift_hosted_logging_elasticsearch_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs'] else '' }}"
- openshift_hosted_logging_elasticsearch_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}"
- openshift_hosted_logging_elasticsearch_ops_cluster_size: "{{ logging_elasticsearch_ops_cluster_size }}"
- openshift_hosted_logging_elasticsearch_ops_pvc_dynamic: "{{ 'true' if openshift_hosted_loggingops_storage_kind | default(none) == 'dynamic' else '' }}"
- openshift_hosted_logging_elasticsearch_ops_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs' ] else '' }}"
- openshift_hosted_logging_elasticsearch_ops_pvc_prefix: "{{ 'logging-es-ops' if openshift_hosted_loggingops_storage_kind | default(none) =='dynamic' else '' }}"
+ when: openshift_logging_install_logging | default(false) | bool
- role: cockpit-ui
when: ( openshift.common.version_gte_3_3_or_1_3 | bool ) and ( openshift_hosted_manage_registry | default(true) | bool ) and not (openshift.docker.hosted_registry_insecure | default(false) | bool)
@@ -57,8 +41,6 @@
- hosted
pre_tasks:
- set_fact:
- openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}"
- - set_fact:
openshift_metrics_hawkular_hostname: "{{ g_metrics_hostname | default('hawkular-metrics.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}"
tasks:
@@ -66,10 +48,10 @@
- include_role:
name: openshift_logging
tasks_from: update_master_config
- when: openshift_hosted_logging_deploy | default(false) | bool
+ when: openshift_logging_install_logging | default(false) | bool
- block:
- include_role:
name: openshift_metrics
tasks_from: update_master_config
- when: openshift_hosted_metrics_deploy | default(false) | bool
+ when: openshift_metrics_install_metrics | default(false) | bool
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml
index 6964e8567..58bbcc658 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/etcd-ca.yml
@@ -37,10 +37,17 @@
- name: Generate new etcd CA
hosts: oo_first_etcd
roles:
- - role: openshift_etcd_ca
- etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
- etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
- etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
+ - role: openshift_etcd_facts
+ tasks:
+ - include_role:
+ name: etcd
+ tasks_from: ca
+ vars:
+ etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
+ when:
+ - etcd_ca_setup | default(True) | bool
- name: Create temp directory for syncing certs
hosts: localhost
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/etcd.yml b/playbooks/common/openshift-cluster/redeploy-certificates/etcd.yml
index 6b5c805e6..16f0edb06 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/etcd.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/etcd.yml
@@ -45,19 +45,23 @@
- name: Redeploy etcd certificates
hosts: oo_etcd_to_config
any_errors_fatal: true
- roles:
- - role: openshift_etcd_server_certificates
- etcd_certificates_redeploy: true
- etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
- etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
- etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
- openshift_ca_host: "{{ groups.oo_first_master.0 }}"
- r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
+ tasks:
+ - include_role:
+ name: etcd
+ tasks_from: server_certificates
+ vars:
+ etcd_certificates_redeploy: true
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
+ etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
+ openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"
- name: Redeploy etcd client certificates for masters
hosts: oo_masters_to_config
any_errors_fatal: true
roles:
+ - role: openshift_etcd_facts
- role: openshift_etcd_client_certificates
etcd_certificates_redeploy: true
etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
diff --git a/playbooks/common/openshift-cluster/service_catalog.yml b/playbooks/common/openshift-cluster/service_catalog.yml
index 7bae70de1..529ee99be 100644
--- a/playbooks/common/openshift-cluster/service_catalog.yml
+++ b/playbooks/common/openshift-cluster/service_catalog.yml
@@ -4,5 +4,6 @@
roles:
- openshift_service_catalog
- ansible_service_broker
+ - template_service_broker
vars:
first_master: "{{ groups.oo_first_master[0] }}"
diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml
index 9b4a8e413..142ce5f3d 100644
--- a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml
+++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml
@@ -27,13 +27,17 @@
- name: Set fact avail_openshift_version
set_fact:
- avail_openshift_version: "{{ repoquery_out.results.versions.available_versions.0 }}"
+ avail_openshift_version: "{{ repoquery_out.results.versions.available_versions_full.0 }}"
+ - name: Set openshift_pkg_version when not specified
+ set_fact:
+ openshift_pkg_version: "-{{ repoquery_out.results.versions.available_versions_full.0 }}"
+ when: openshift_pkg_version | default('') == ''
- name: Verify OpenShift RPMs are available for upgrade
fail:
msg: "OpenShift {{ avail_openshift_version }} is available, but {{ openshift_upgrade_target }} or greater is required"
when:
- - avail_openshift_version | default('0.0', True) | version_compare(openshift_release, '<')
+ - openshift_pkg_version | default('0.0', True) | version_compare(openshift_release, '<')
- name: Fail when openshift version does not meet minium requirement for Origin upgrade
fail:
diff --git a/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml
index 164baca81..8cc46ab68 100644
--- a/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml
@@ -8,7 +8,6 @@
# TODO: If the sdn package isn't already installed this will install it, we
# should fix that
-
- name: Upgrade master packages
package: name={{ master_pkgs | join(',') }} state=present
vars:
@@ -16,7 +15,7 @@
- "{{ openshift.common.service_type }}{{ openshift_pkg_version }}"
- "{{ openshift.common.service_type }}-master{{ openshift_pkg_version }}"
- "{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}"
- - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version}}"
+ - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}"
- "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}"
- "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}"
- PyYAML
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 3decbd973..2e7646372 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -194,6 +194,7 @@
- role: openshift_master_facts
- role: openshift_hosted_facts
- role: openshift_master_certificates
+ - role: openshift_etcd_facts
- role: openshift_etcd_client_certificates
etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}"
etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
@@ -217,6 +218,10 @@
openshift_master_default_registry_value: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value }}"
openshift_master_default_registry_value_api: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value_api }}"
openshift_master_default_registry_value_controllers: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value_controllers }}"
+ - role: nuage_ca
+ when: openshift_use_nuage | default(false) | bool
+ - role: nuage_common
+ when: openshift_use_nuage | default(false) | bool
- role: nuage_master
when: openshift_use_nuage | default(false) | bool
- role: calico_master
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 0801c41ff..5207ca9c8 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -65,12 +65,16 @@
vars:
openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
roles:
- - role: flannel
- etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}"
- embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
+ - role: openshift_facts
+ - role: openshift_etcd_facts
+ - role: openshift_etcd_client_certificates
+ etcd_cert_prefix: flannel.etcd-
etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
etcd_cert_subdir: "openshift-node-{{ openshift.common.hostname }}"
etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
+ - role: flannel
+ etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}"
+ embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
when: openshift_use_flannel | default(false) | bool
- role: calico
when: openshift_use_calico | default(false) | bool
diff --git a/roles/ansible_service_broker/defaults/main.yml b/roles/ansible_service_broker/defaults/main.yml
index 12929b354..9eb9db316 100644
--- a/roles/ansible_service_broker/defaults/main.yml
+++ b/roles/ansible_service_broker/defaults/main.yml
@@ -1,6 +1,7 @@
---
ansible_service_broker_remove: false
+ansible_service_broker_install: false
ansible_service_broker_log_level: info
ansible_service_broker_output_request: false
ansible_service_broker_recovery: true
diff --git a/roles/ansible_service_broker/tasks/main.yml b/roles/ansible_service_broker/tasks/main.yml
index b46ce8233..d8695bd3a 100644
--- a/roles/ansible_service_broker/tasks/main.yml
+++ b/roles/ansible_service_broker/tasks/main.yml
@@ -2,7 +2,7 @@
# do any asserts here
- include: install.yml
- when: not ansible_service_broker_remove|default(false) | bool
+ when: ansible_service_broker_install | default(false) | bool
- include: remove.yml
- when: ansible_service_broker_remove|default(false) | bool
+ when: ansible_service_broker_remove | default(false) | bool
diff --git a/roles/calico/tasks/main.yml b/roles/calico/tasks/main.yml
index 39f730462..0e3863304 100644
--- a/roles/calico/tasks/main.yml
+++ b/roles/calico/tasks/main.yml
@@ -2,10 +2,14 @@
- name: Calico Node | Error if invalid cert arguments
fail:
msg: "Must provide all or none for the following etcd params: calico_etcd_cert_dir, calico_etcd_ca_cert_file, calico_etcd_cert_file, calico_etcd_key_file, calico_etcd_endpoints"
- when: (calico_etcd_cert_dir is defined or calico_etcd_ca_cert_file is defined or calico_etcd_cert_file is defined or calico_etcd_key_file is defined or calico_etcd_endpoints is defined) and not (calico_etcd_cert_dir is defined and calico_etcd_ca_cert_file is defined and calico_etcd_cert_file is defined and calico_etcd_key_file is defined and calico_etcd_endpoints is defined)
+ when:
+ - calico_etcd_cert_dir is defined or calico_etcd_ca_cert_file is defined or calico_etcd_cert_file is defined or calico_etcd_key_file is defined or calico_etcd_endpoints is defined
+ - not (calico_etcd_cert_dir is defined and calico_etcd_ca_cert_file is defined and calico_etcd_cert_file is defined and calico_etcd_key_file is defined and calico_etcd_endpoints is defined)
- name: Calico Node | Generate OpenShift-etcd certs
- include: ../../../roles/etcd_client_certificates/tasks/main.yml
+ include_role:
+ name: etcd
+ tasks_from: client_certificates
when: calico_etcd_ca_cert_file is not defined or calico_etcd_cert_file is not defined or calico_etcd_key_file is not defined or calico_etcd_endpoints is not defined or calico_etcd_cert_dir is not defined
vars:
etcd_cert_prefix: calico.etcd-
@@ -28,18 +32,18 @@
msg: "Invalid etcd configuration for calico."
when: item is not defined or item == ''
with_items:
- - calico_etcd_ca_cert_file
- - calico_etcd_cert_file
- - calico_etcd_key_file
- - calico_etcd_endpoints
+ - calico_etcd_ca_cert_file
+ - calico_etcd_cert_file
+ - calico_etcd_key_file
+ - calico_etcd_endpoints
- name: Calico Node | Assure the calico certs are present
stat:
path: "{{ item }}"
with_items:
- - "{{ calico_etcd_ca_cert_file }}"
- - "{{ calico_etcd_cert_file }}"
- - "{{ calico_etcd_key_file }}"
+ - "{{ calico_etcd_ca_cert_file }}"
+ - "{{ calico_etcd_cert_file }}"
+ - "{{ calico_etcd_key_file }}"
- name: Calico Node | Configure Calico service unit file
template:
diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml
index 8208fa68d..e6fc2db06 100644
--- a/roles/docker/tasks/systemcontainer_crio.yml
+++ b/roles/docker/tasks/systemcontainer_crio.yml
@@ -108,18 +108,22 @@
l_crio_image_name: "cri-o"
when: ansible_distribution == "RedHat"
- # For https://github.com/openshift/openshift-ansible/pull/4049#discussion_r114478504
- - name: Use a testing registry if requested
- set_fact:
- l_crio_image_prepend: "{{ openshift_crio_systemcontainer_image_registry_override }}"
- when:
- - openshift_crio_systemcontainer_image_registry_override is defined
- - openshift_crio_systemcontainer_image_registry_override != ""
-
- name: Set the full image name
set_fact:
l_crio_image: "{{ l_crio_image_prepend }}/{{ l_crio_image_name }}:latest"
+ # For https://github.com/openshift/aos-cd-jobs/pull/624#pullrequestreview-61816548
+ - name: Use a specific image if requested
+ set_fact:
+ l_crio_image: "{{ openshift_crio_systemcontainer_image_override }}"
+ when:
+ - openshift_crio_systemcontainer_image_override is defined
+ - openshift_crio_systemcontainer_image_override != ""
+
+ # Be nice and let the user see the variable result
+ - debug:
+ var: l_crio_image
+
# NOTE: no_proxy added as a workaround until https://github.com/projectatomic/atomic/pull/999 is released
- name: Pre-pull CRI-O System Container image
command: "atomic pull --storage ostree {{ l_crio_image }}"
diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml
index 9a955c822..d69366a39 100644
--- a/roles/etcd/meta/main.yml
+++ b/roles/etcd/meta/main.yml
@@ -18,5 +18,4 @@ galaxy_info:
dependencies:
- role: lib_openshift
- role: lib_os_firewall
-- role: etcd_server_certificates
- role: etcd_common
diff --git a/roles/etcd/tasks/ca.yml b/roles/etcd/tasks/ca.yml
new file mode 100644
index 000000000..7cda49069
--- /dev/null
+++ b/roles/etcd/tasks/ca.yml
@@ -0,0 +1,2 @@
+---
+- include: ca/deploy.yml
diff --git a/roles/etcd_ca/tasks/main.yml b/roles/etcd/tasks/ca/deploy.yml
index b4dea4a07..3d32290a2 100644
--- a/roles/etcd_ca/tasks/main.yml
+++ b/roles/etcd/tasks/ca/deploy.yml
@@ -1,6 +1,8 @@
---
- name: Install openssl
- package: name=openssl state=present
+ package:
+ name: openssl
+ state: present
when: not etcd_is_atomic | bool
delegate_to: "{{ etcd_ca_host }}"
run_once: true
diff --git a/roles/etcd/tasks/client_certificates.yml b/roles/etcd/tasks/client_certificates.yml
new file mode 100644
index 000000000..2e9c078b9
--- /dev/null
+++ b/roles/etcd/tasks/client_certificates.yml
@@ -0,0 +1,2 @@
+---
+- include: client_certificates/fetch_from_ca.yml
diff --git a/roles/etcd_client_certificates/tasks/main.yml b/roles/etcd/tasks/client_certificates/fetch_from_ca.yml
index bbd29ece1..119071a72 100644
--- a/roles/etcd_client_certificates/tasks/main.yml
+++ b/roles/etcd/tasks/client_certificates/fetch_from_ca.yml
@@ -9,7 +9,7 @@
- fail:
msg: >
CA certificate {{ etcd_ca_cert }} doesn't exist on CA host
- {{ etcd_ca_host }}. Apply 'etcd_ca' role to
+ {{ etcd_ca_host }}. Apply 'etcd_ca' action from `etcd` role to
{{ etcd_ca_host }}.
when: not g_ca_cert_stat_result.stat.exists | bool
run_once: true
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 78e543ef1..870c11ad4 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -1,4 +1,6 @@
---
+- include: server_certificates.yml
+
- name: Set hostname and ip facts
set_fact:
# Store etcd_hostname and etcd_ip such that they will be available
diff --git a/roles/etcd/tasks/server_certificates.yml b/roles/etcd/tasks/server_certificates.yml
new file mode 100644
index 000000000..f0ba58b6e
--- /dev/null
+++ b/roles/etcd/tasks/server_certificates.yml
@@ -0,0 +1,2 @@
+---
+- include: server_certificates/fetch_from_ca.yml
diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd/tasks/server_certificates/fetch_from_ca.yml
index 4795188a6..064fe1952 100644
--- a/roles/etcd_server_certificates/tasks/main.yml
+++ b/roles/etcd/tasks/server_certificates/fetch_from_ca.yml
@@ -1,6 +1,12 @@
---
+- include: ../ca/deploy.yml
+ when:
+ - etcd_ca_setup | default(True) | bool
+
- name: Install etcd
- package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present
+ package:
+ name: "etcd{{ '-' + etcd_version if etcd_version is defined else '' }}"
+ state: present
when: not etcd_is_containerized | bool
- name: Check status of etcd certificates
diff --git a/roles/etcd_ca/templates/openssl_append.j2 b/roles/etcd/templates/openssl_append.j2
index f28316fc2..f28316fc2 100644
--- a/roles/etcd_ca/templates/openssl_append.j2
+++ b/roles/etcd/templates/openssl_append.j2
diff --git a/roles/etcd_ca/README.md b/roles/etcd_ca/README.md
deleted file mode 100644
index 60a880e30..000000000
--- a/roles/etcd_ca/README.md
+++ /dev/null
@@ -1,34 +0,0 @@
-etcd_ca
-========================
-
-TODO
-
-Requirements
-------------
-
-TODO
-
-Role Variables
---------------
-
-TODO
-
-Dependencies
-------------
-
-TODO
-
-Example Playbook
-----------------
-
-TODO
-
-License
--------
-
-Apache License Version 2.0
-
-Author Information
-------------------
-
-Scott Dodson (sdodson@redhat.com)
diff --git a/roles/etcd_client_certificates/README.md b/roles/etcd_client_certificates/README.md
deleted file mode 100644
index 269d5296d..000000000
--- a/roles/etcd_client_certificates/README.md
+++ /dev/null
@@ -1,34 +0,0 @@
-OpenShift Etcd Certificates
-===========================
-
-TODO
-
-Requirements
-------------
-
-TODO
-
-Role Variables
---------------
-
-TODO
-
-Dependencies
-------------
-
-TODO
-
-Example Playbook
-----------------
-
-TODO
-
-License
--------
-
-Apache License Version 2.0
-
-Author Information
-------------------
-
-Scott Dodson (sdodson@redhat.com)
diff --git a/roles/etcd_client_certificates/meta/main.yml b/roles/etcd_client_certificates/meta/main.yml
deleted file mode 100644
index efebdb599..000000000
--- a/roles/etcd_client_certificates/meta/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-galaxy_info:
- author: Jason DeTiberus
- description: Etcd Client Certificates
- company: Red Hat, Inc.
- license: Apache License, Version 2.0
- min_ansible_version: 2.1
- platforms:
- - name: EL
- versions:
- - 7
- categories:
- - cloud
- - system
-dependencies:
-- role: etcd_common
diff --git a/roles/etcd_server_certificates/README.md b/roles/etcd_server_certificates/README.md
deleted file mode 100644
index 269d5296d..000000000
--- a/roles/etcd_server_certificates/README.md
+++ /dev/null
@@ -1,34 +0,0 @@
-OpenShift Etcd Certificates
-===========================
-
-TODO
-
-Requirements
-------------
-
-TODO
-
-Role Variables
---------------
-
-TODO
-
-Dependencies
-------------
-
-TODO
-
-Example Playbook
-----------------
-
-TODO
-
-License
--------
-
-Apache License Version 2.0
-
-Author Information
-------------------
-
-Scott Dodson (sdodson@redhat.com)
diff --git a/roles/etcd_server_certificates/meta/main.yml b/roles/etcd_server_certificates/meta/main.yml
deleted file mode 100644
index 4b6013a49..000000000
--- a/roles/etcd_server_certificates/meta/main.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-galaxy_info:
- author: Jason DeTiberus
- description: Etcd Server Certificates
- company: Red Hat, Inc.
- license: Apache License, Version 2.0
- min_ansible_version: 2.1
- platforms:
- - name: EL
- versions:
- - 7
- categories:
- - cloud
- - system
-dependencies:
-- role: etcd_ca
- when: (etcd_ca_setup | default(True) | bool)
diff --git a/roles/flannel/README.md b/roles/flannel/README.md
index 0c7347603..b9e15e6e0 100644
--- a/roles/flannel/README.md
+++ b/roles/flannel/README.md
@@ -27,8 +27,6 @@ Role Variables
Dependencies
------------
-openshift_facts
-
Example Playbook
----------------
diff --git a/roles/flannel/meta/main.yml b/roles/flannel/meta/main.yml
index 35f825586..51128dba6 100644
--- a/roles/flannel/meta/main.yml
+++ b/roles/flannel/meta/main.yml
@@ -12,7 +12,4 @@ galaxy_info:
categories:
- cloud
- system
-dependencies:
-- role: openshift_facts
-- role: openshift_etcd_client_certificates
- etcd_cert_prefix: flannel.etcd-
+dependencies: []
diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
index 45d7444a4..1e6eb2386 100644
--- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
@@ -745,7 +745,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_adm_csr.py b/roles/lib_openshift/library/oc_adm_csr.py
index 231857cca..8c6a81cc8 100644
--- a/roles/lib_openshift/library/oc_adm_csr.py
+++ b/roles/lib_openshift/library/oc_adm_csr.py
@@ -723,7 +723,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_adm_manage_node.py b/roles/lib_openshift/library/oc_adm_manage_node.py
index 44f3f57d8..4a7847e88 100644
--- a/roles/lib_openshift/library/oc_adm_manage_node.py
+++ b/roles/lib_openshift/library/oc_adm_manage_node.py
@@ -731,7 +731,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_adm_policy_group.py b/roles/lib_openshift/library/oc_adm_policy_group.py
index 687cff579..b8af5cad9 100644
--- a/roles/lib_openshift/library/oc_adm_policy_group.py
+++ b/roles/lib_openshift/library/oc_adm_policy_group.py
@@ -717,7 +717,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_adm_policy_user.py b/roles/lib_openshift/library/oc_adm_policy_user.py
index ddf5d90b7..3364f8de3 100644
--- a/roles/lib_openshift/library/oc_adm_policy_user.py
+++ b/roles/lib_openshift/library/oc_adm_policy_user.py
@@ -717,7 +717,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py
index c00eee381..c64d7ffd2 100644
--- a/roles/lib_openshift/library/oc_adm_registry.py
+++ b/roles/lib_openshift/library/oc_adm_registry.py
@@ -835,7 +835,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py
index 0c925ab0b..492494bda 100644
--- a/roles/lib_openshift/library/oc_adm_router.py
+++ b/roles/lib_openshift/library/oc_adm_router.py
@@ -860,7 +860,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_clusterrole.py b/roles/lib_openshift/library/oc_clusterrole.py
index 567ecfd4e..b412ca8af 100644
--- a/roles/lib_openshift/library/oc_clusterrole.py
+++ b/roles/lib_openshift/library/oc_clusterrole.py
@@ -709,7 +709,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_configmap.py b/roles/lib_openshift/library/oc_configmap.py
index 9515de569..8bbc22c49 100644
--- a/roles/lib_openshift/library/oc_configmap.py
+++ b/roles/lib_openshift/library/oc_configmap.py
@@ -715,7 +715,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_edit.py b/roles/lib_openshift/library/oc_edit.py
index d461e5ae9..ad17051cb 100644
--- a/roles/lib_openshift/library/oc_edit.py
+++ b/roles/lib_openshift/library/oc_edit.py
@@ -759,7 +759,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_env.py b/roles/lib_openshift/library/oc_env.py
index 22ad58725..74a84ac89 100644
--- a/roles/lib_openshift/library/oc_env.py
+++ b/roles/lib_openshift/library/oc_env.py
@@ -726,7 +726,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_group.py b/roles/lib_openshift/library/oc_group.py
index b6c6e47d9..eea1516ae 100644
--- a/roles/lib_openshift/library/oc_group.py
+++ b/roles/lib_openshift/library/oc_group.py
@@ -699,7 +699,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_image.py b/roles/lib_openshift/library/oc_image.py
index f7fc286e0..dc33d3b8a 100644
--- a/roles/lib_openshift/library/oc_image.py
+++ b/roles/lib_openshift/library/oc_image.py
@@ -718,7 +718,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_label.py b/roles/lib_openshift/library/oc_label.py
index 2206878a4..88fd9554d 100644
--- a/roles/lib_openshift/library/oc_label.py
+++ b/roles/lib_openshift/library/oc_label.py
@@ -735,7 +735,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_obj.py b/roles/lib_openshift/library/oc_obj.py
index 126d7a617..8408f9ebc 100644
--- a/roles/lib_openshift/library/oc_obj.py
+++ b/roles/lib_openshift/library/oc_obj.py
@@ -738,7 +738,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_objectvalidator.py b/roles/lib_openshift/library/oc_objectvalidator.py
index d20904d0d..d1be0b534 100644
--- a/roles/lib_openshift/library/oc_objectvalidator.py
+++ b/roles/lib_openshift/library/oc_objectvalidator.py
@@ -670,7 +670,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_process.py b/roles/lib_openshift/library/oc_process.py
index 91199d093..9a281e6cd 100644
--- a/roles/lib_openshift/library/oc_process.py
+++ b/roles/lib_openshift/library/oc_process.py
@@ -727,7 +727,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_project.py b/roles/lib_openshift/library/oc_project.py
index f9b2d81fa..b503c330b 100644
--- a/roles/lib_openshift/library/oc_project.py
+++ b/roles/lib_openshift/library/oc_project.py
@@ -724,7 +724,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_pvc.py b/roles/lib_openshift/library/oc_pvc.py
index 895322ba5..7a9e3bf89 100644
--- a/roles/lib_openshift/library/oc_pvc.py
+++ b/roles/lib_openshift/library/oc_pvc.py
@@ -731,7 +731,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py
index 8f8e46e1e..875e473ad 100644
--- a/roles/lib_openshift/library/oc_route.py
+++ b/roles/lib_openshift/library/oc_route.py
@@ -769,7 +769,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_scale.py b/roles/lib_openshift/library/oc_scale.py
index 7130cc5fc..ec3635753 100644
--- a/roles/lib_openshift/library/oc_scale.py
+++ b/roles/lib_openshift/library/oc_scale.py
@@ -713,7 +713,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py
index 0c4b99e30..c010607e8 100644
--- a/roles/lib_openshift/library/oc_secret.py
+++ b/roles/lib_openshift/library/oc_secret.py
@@ -765,7 +765,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_service.py b/roles/lib_openshift/library/oc_service.py
index 7ab139e85..e83a6e26d 100644
--- a/roles/lib_openshift/library/oc_service.py
+++ b/roles/lib_openshift/library/oc_service.py
@@ -772,7 +772,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_serviceaccount.py b/roles/lib_openshift/library/oc_serviceaccount.py
index 5d539ced4..0d46bbf96 100644
--- a/roles/lib_openshift/library/oc_serviceaccount.py
+++ b/roles/lib_openshift/library/oc_serviceaccount.py
@@ -711,7 +711,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_serviceaccount_secret.py b/roles/lib_openshift/library/oc_serviceaccount_secret.py
index 97e213f46..662d77ec1 100644
--- a/roles/lib_openshift/library/oc_serviceaccount_secret.py
+++ b/roles/lib_openshift/library/oc_serviceaccount_secret.py
@@ -711,7 +711,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_storageclass.py b/roles/lib_openshift/library/oc_storageclass.py
index 9339a85e5..574f109e4 100644
--- a/roles/lib_openshift/library/oc_storageclass.py
+++ b/roles/lib_openshift/library/oc_storageclass.py
@@ -729,7 +729,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_user.py b/roles/lib_openshift/library/oc_user.py
index 2fa349547..e430546ee 100644
--- a/roles/lib_openshift/library/oc_user.py
+++ b/roles/lib_openshift/library/oc_user.py
@@ -771,7 +771,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_version.py b/roles/lib_openshift/library/oc_version.py
index 55e1054e7..a12620968 100644
--- a/roles/lib_openshift/library/oc_version.py
+++ b/roles/lib_openshift/library/oc_version.py
@@ -683,7 +683,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_openshift/library/oc_volume.py b/roles/lib_openshift/library/oc_volume.py
index 63bad57b4..134b2ad19 100644
--- a/roles/lib_openshift/library/oc_volume.py
+++ b/roles/lib_openshift/library/oc_volume.py
@@ -760,7 +760,7 @@ class Yedit(object): # pragma: no cover
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_utils/library/yedit.py b/roles/lib_utils/library/yedit.py
index 921bca074..cf5c2e423 100644
--- a/roles/lib_utils/library/yedit.py
+++ b/roles/lib_utils/library/yedit.py
@@ -793,7 +793,7 @@ class Yedit(object):
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/lib_utils/src/class/yedit.py b/roles/lib_utils/src/class/yedit.py
index 957c35a06..0a4fbe07a 100644
--- a/roles/lib_utils/src/class/yedit.py
+++ b/roles/lib_utils/src/class/yedit.py
@@ -590,7 +590,7 @@ class Yedit(object):
yamlfile.yaml_dict = content
if params['key']:
- rval = yamlfile.get(params['key']) or {}
+ rval = yamlfile.get(params['key'])
return {'changed': False, 'result': rval, 'state': state}
diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml
index 3da340c85..e2f7af5ad 100644
--- a/roles/nuage_master/meta/main.yml
+++ b/roles/nuage_master/meta/main.yml
@@ -13,8 +13,5 @@ galaxy_info:
- cloud
- system
dependencies:
-- role: nuage_ca
-- role: nuage_common
-- role: openshift_etcd_client_certificates
- role: lib_openshift
- role: lib_os_firewall
diff --git a/roles/openshift_etcd_ca/meta/main.yml b/roles/openshift_etcd_ca/meta/main.yml
deleted file mode 100644
index f1d669d6b..000000000
--- a/roles/openshift_etcd_ca/meta/main.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-galaxy_info:
- author: Tim Bielawa
- description: Meta role around the etcd_ca role
- company: Red Hat, Inc.
- license: Apache License, Version 2.0
- min_ansible_version: 2.2
- platforms:
- - name: EL
- versions:
- - 7
- categories:
- - cloud
- - system
-dependencies:
-- role: openshift_etcd_facts
-- role: etcd_ca
- when: (etcd_ca_setup | default(True) | bool)
diff --git a/roles/openshift_etcd_client_certificates/meta/main.yml b/roles/openshift_etcd_client_certificates/meta/main.yml
index 3268c390f..fbc72c8a3 100644
--- a/roles/openshift_etcd_client_certificates/meta/main.yml
+++ b/roles/openshift_etcd_client_certificates/meta/main.yml
@@ -11,6 +11,4 @@ galaxy_info:
- 7
categories:
- cloud
-dependencies:
-- role: openshift_etcd_facts
-- role: etcd_client_certificates
+dependencies: []
diff --git a/roles/openshift_etcd_client_certificates/tasks/main.yml b/roles/openshift_etcd_client_certificates/tasks/main.yml
new file mode 100644
index 000000000..7f8b667f0
--- /dev/null
+++ b/roles/openshift_etcd_client_certificates/tasks/main.yml
@@ -0,0 +1,4 @@
+---
+- include_role:
+ name: etcd
+ tasks_from: client_certificates
diff --git a/roles/openshift_etcd_server_certificates/meta/main.yml b/roles/openshift_etcd_server_certificates/meta/main.yml
deleted file mode 100644
index 7750f14af..000000000
--- a/roles/openshift_etcd_server_certificates/meta/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-galaxy_info:
- author: Jason DeTiberus
- description: OpenShift Etcd Server Certificates
- company: Red Hat, Inc.
- license: Apache License, Version 2.0
- min_ansible_version: 2.1
- platforms:
- - name: EL
- versions:
- - 7
- categories:
- - cloud
-dependencies:
-- role: openshift_etcd_facts
-- role: etcd_server_certificates
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index a76751e81..b6e7507ff 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -493,10 +493,10 @@ def set_selectors(facts):
facts['hosted']['metrics'] = {}
if 'selector' not in facts['hosted']['metrics'] or facts['hosted']['metrics']['selector'] in [None, 'None']:
facts['hosted']['metrics']['selector'] = None
- if 'logging' not in facts['hosted']:
- facts['hosted']['logging'] = {}
- if 'selector' not in facts['hosted']['logging'] or facts['hosted']['logging']['selector'] in [None, 'None']:
- facts['hosted']['logging']['selector'] = None
+ if 'logging' not in facts:
+ facts['logging'] = {}
+ if 'selector' not in facts['logging'] or facts['logging']['selector'] in [None, 'None']:
+ facts['logging']['selector'] = None
if 'etcd' not in facts['hosted']:
facts['hosted']['etcd'] = {}
if 'selector' not in facts['hosted']['etcd'] or facts['hosted']['etcd']['selector'] in [None, 'None']:
@@ -1785,7 +1785,10 @@ class OpenShiftFacts(object):
'etcd',
'hosted',
'master',
- 'node']
+ 'node',
+ 'logging',
+ 'loggingops',
+ 'metrics']
# Disabling too-many-arguments, this should be cleaned up as a TODO item.
# pylint: disable=too-many-arguments,no-value-for-parameter
@@ -1966,66 +1969,6 @@ class OpenShiftFacts(object):
if 'hosted' in roles or self.role == 'hosted':
defaults['hosted'] = dict(
- metrics=dict(
- deploy=False,
- duration=7,
- resolution='10s',
- storage=dict(
- kind=None,
- volume=dict(
- name='metrics',
- size='10Gi'
- ),
- nfs=dict(
- directory='/exports',
- options='*(rw,root_squash)'
- ),
- host=None,
- access=dict(
- modes=['ReadWriteOnce']
- ),
- create_pv=True,
- create_pvc=False
- )
- ),
- loggingops=dict(
- storage=dict(
- kind=None,
- volume=dict(
- name='logging-es-ops',
- size='10Gi'
- ),
- nfs=dict(
- directory='/exports',
- options='*(rw,root_squash)'
- ),
- host=None,
- access=dict(
- modes=['ReadWriteOnce']
- ),
- create_pv=True,
- create_pvc=False
- )
- ),
- logging=dict(
- storage=dict(
- kind=None,
- volume=dict(
- name='logging-es',
- size='10Gi'
- ),
- nfs=dict(
- directory='/exports',
- options='*(rw,root_squash)'
- ),
- host=None,
- access=dict(
- modes=['ReadWriteOnce']
- ),
- create_pv=True,
- create_pvc=False
- )
- ),
etcd=dict(
storage=dict(
kind=None,
@@ -2072,6 +2015,69 @@ class OpenShiftFacts(object):
router=dict()
)
+ defaults['logging'] = dict(
+ storage=dict(
+ kind=None,
+ volume=dict(
+ name='logging-es',
+ size='10Gi'
+ ),
+ nfs=dict(
+ directory='/exports',
+ options='*(rw,root_squash)'
+ ),
+ host=None,
+ access=dict(
+ modes=['ReadWriteOnce']
+ ),
+ create_pv=True,
+ create_pvc=False
+ )
+ )
+
+ defaults['loggingops'] = dict(
+ storage=dict(
+ kind=None,
+ volume=dict(
+ name='logging-es-ops',
+ size='10Gi'
+ ),
+ nfs=dict(
+ directory='/exports',
+ options='*(rw,root_squash)'
+ ),
+ host=None,
+ access=dict(
+ modes=['ReadWriteOnce']
+ ),
+ create_pv=True,
+ create_pvc=False
+ )
+ )
+
+ defaults['metrics'] = dict(
+ deploy=False,
+ duration=7,
+ resolution='10s',
+ storage=dict(
+ kind=None,
+ volume=dict(
+ name='metrics',
+ size='10Gi'
+ ),
+ nfs=dict(
+ directory='/exports',
+ options='*(rw,root_squash)'
+ ),
+ host=None,
+ access=dict(
+ modes=['ReadWriteOnce']
+ ),
+ create_pv=True,
+ create_pvc=False
+ )
+ )
+
return defaults
def guess_host_provider(self):
diff --git a/roles/openshift_hosted_facts/tasks/main.yml b/roles/openshift_hosted_facts/tasks/main.yml
index 631bf3e2a..53d1a8bc7 100644
--- a/roles/openshift_hosted_facts/tasks/main.yml
+++ b/roles/openshift_hosted_facts/tasks/main.yml
@@ -8,9 +8,10 @@
- name: Set hosted facts
openshift_facts:
- role: hosted
+ role: "{{ item }}"
openshift_env: "{{ hostvars
| oo_merge_hostvars(vars, inventory_hostname)
| oo_openshift_env }}"
openshift_env_structures:
- 'openshift.hosted.router.*'
+ with_items: [hosted, logging, loggingops, metrics]
diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml
index 716f0e002..06bbbc60e 100644
--- a/roles/openshift_logging/defaults/main.yml
+++ b/roles/openshift_logging/defaults/main.yml
@@ -1,15 +1,16 @@
---
-openshift_logging_use_ops: "{{ openshift_hosted_logging_enable_ops_cluster | default('false') | bool }}"
+openshift_logging_use_ops: False
openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}"
-openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true))) }}"
+openshift_logging_master_public_url: "{{ 'https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true)) }}"
openshift_logging_namespace: logging
openshift_logging_nodeselector: null
openshift_logging_labels: {}
openshift_logging_label_key: ""
openshift_logging_label_value: ""
openshift_logging_install_logging: True
+
openshift_logging_purge_logging: False
-openshift_logging_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}"
+openshift_logging_image_pull_secret: ""
openshift_logging_curator_default_days: 30
openshift_logging_curator_run_hour: 0
@@ -19,13 +20,13 @@ openshift_logging_curator_script_log_level: INFO
openshift_logging_curator_log_level: ERROR
openshift_logging_curator_cpu_limit: 100m
openshift_logging_curator_memory_limit: null
-openshift_logging_curator_nodeselector: "{{ openshift_hosted_logging_curator_nodeselector | default('') | map_from_pairs }}"
+openshift_logging_curator_nodeselector: {}
openshift_logging_curator_ops_cpu_limit: 100m
openshift_logging_curator_ops_memory_limit: null
-openshift_logging_curator_ops_nodeselector: "{{ openshift_hosted_logging_curator_ops_nodeselector | default('') | map_from_pairs }}"
+openshift_logging_curator_ops_nodeselector: {}
-openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}"
+openshift_logging_kibana_hostname: "{{ 'kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
openshift_logging_kibana_cpu_limit: null
openshift_logging_kibana_memory_limit: 736Mi
openshift_logging_kibana_proxy_debug: false
@@ -34,8 +35,8 @@ openshift_logging_kibana_proxy_memory_limit: 96Mi
openshift_logging_kibana_replica_count: 1
openshift_logging_kibana_edge_term_policy: Redirect
-openshift_logging_kibana_nodeselector: "{{ openshift_hosted_logging_kibana_nodeselector | default('') | map_from_pairs }}"
-openshift_logging_kibana_ops_nodeselector: "{{ openshift_hosted_logging_kibana_ops_nodeselector | default('') | map_from_pairs }}"
+openshift_logging_kibana_nodeselector: {}
+openshift_logging_kibana_ops_nodeselector: {}
#The absolute path on the control node to the cert file to use
#for the public facing kibana certs
@@ -49,7 +50,7 @@ openshift_logging_kibana_key: ""
#for the public facing kibana certs
openshift_logging_kibana_ca: ""
-openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}"
+openshift_logging_kibana_ops_hostname: "{{ 'kibana-ops.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
openshift_logging_kibana_ops_cpu_limit: null
openshift_logging_kibana_ops_memory_limit: 736Mi
openshift_logging_kibana_ops_proxy_debug: false
@@ -69,12 +70,12 @@ openshift_logging_kibana_ops_key: ""
#for the public facing ops kibana certs
openshift_logging_kibana_ops_ca: ""
-openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}"
+openshift_logging_fluentd_nodeselector: {'logging-infra-fluentd': 'true'}
openshift_logging_fluentd_cpu_limit: 100m
openshift_logging_fluentd_memory_limit: 512Mi
openshift_logging_fluentd_es_copy: false
-openshift_logging_fluentd_journal_source: "{{ openshift_hosted_logging_journal_source | default('') }}"
-openshift_logging_fluentd_journal_read_from_head: "{{ openshift_hosted_logging_journal_read_from_head | default('') }}"
+openshift_logging_fluentd_journal_source: ""
+openshift_logging_fluentd_journal_read_from_head: ""
openshift_logging_fluentd_hosts: ['--all']
openshift_logging_fluentd_buffer_queue_limit: 1024
openshift_logging_fluentd_buffer_size_limit: 1m
@@ -84,18 +85,18 @@ openshift_logging_es_port: 9200
openshift_logging_es_ca: /etc/fluent/keys/ca
openshift_logging_es_client_cert: /etc/fluent/keys/cert
openshift_logging_es_client_key: /etc/fluent/keys/key
-openshift_logging_es_cluster_size: "{{ openshift_hosted_logging_elasticsearch_cluster_size | default(1) }}"
+openshift_logging_es_cluster_size: 1
openshift_logging_es_cpu_limit: 1000m
# the logging appenders for the root loggers to write ES logs. Valid values: 'file', 'console'
openshift_logging_es_log_appenders: ['file']
-openshift_logging_es_memory_limit: "{{ openshift_hosted_logging_elasticsearch_instance_ram | default('8Gi') }}"
-openshift_logging_es_pv_selector: "{{ openshift_hosted_logging_storage_labels | default('') }}"
-openshift_logging_es_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_pvc_dynamic | default(False) }}"
-openshift_logging_es_pvc_size: "{{ openshift_hosted_logging_elasticsearch_pvc_size | default('') }}"
-openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default('logging-es') }}"
+openshift_logging_es_memory_limit: "8Gi"
+openshift_logging_es_pv_selector: "{{ openshift_logging_storage_labels | default('') }}"
+openshift_logging_es_pvc_dynamic: "{{ openshift_logging_elasticsearch_pvc_dynamic | default(False) }}"
+openshift_logging_es_pvc_size: "{{ openshift_logging_elasticsearch_pvc_size | default('') }}"
+openshift_logging_es_pvc_prefix: "{{ openshift_logging_elasticsearch_pvc_prefix | default('logging-es') }}"
openshift_logging_es_recover_after_time: 5m
-openshift_logging_es_storage_group: "{{ openshift_hosted_logging_elasticsearch_storage_group | default('65534') }}"
-openshift_logging_es_nodeselector: "{{ openshift_hosted_logging_elasticsearch_nodeselector | default('') | map_from_pairs }}"
+openshift_logging_es_storage_group: "{{ openshift_logging_elasticsearch_storage_group | default('65534') }}"
+openshift_logging_es_nodeselector: {}
# openshift_logging_es_config is a hash to be merged into the defaults for the elasticsearch.yaml
openshift_logging_es_config: {}
openshift_logging_es_number_of_shards: 1
@@ -125,16 +126,16 @@ openshift_logging_es_ops_port: 9200
openshift_logging_es_ops_ca: /etc/fluent/keys/ca
openshift_logging_es_ops_client_cert: /etc/fluent/keys/cert
openshift_logging_es_ops_client_key: /etc/fluent/keys/key
-openshift_logging_es_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}"
+openshift_logging_es_ops_cluster_size: "{{ openshift_logging_elasticsearch_ops_cluster_size | default(1) }}"
openshift_logging_es_ops_cpu_limit: 1000m
-openshift_logging_es_ops_memory_limit: "{{ openshift_hosted_logging_elasticsearch_ops_instance_ram | default('8Gi') }}"
-openshift_logging_es_ops_pv_selector: "{{ openshift_hosted_loggingops_storage_labels | default('') }}"
-openshift_logging_es_ops_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic | default(False) }}"
-openshift_logging_es_ops_pvc_size: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_size | default('') }}"
-openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | default('logging-es-ops') }}"
+openshift_logging_es_ops_memory_limit: "8Gi"
+openshift_logging_es_ops_pv_selector: "{{ openshift_loggingops_storage_labels | default('') }}"
+openshift_logging_es_ops_pvc_dynamic: "{{ openshift_logging_elasticsearch_ops_pvc_dynamic | default(False) }}"
+openshift_logging_es_ops_pvc_size: "{{ openshift_logging_elasticsearch_ops_pvc_size | default('') }}"
+openshift_logging_es_ops_pvc_prefix: "{{ openshift_logging_elasticsearch_ops_pvc_prefix | default('logging-es-ops') }}"
openshift_logging_es_ops_recover_after_time: 5m
-openshift_logging_es_ops_storage_group: "{{ openshift_hosted_logging_elasticsearch_storage_group | default('65534') }}"
-openshift_logging_es_ops_nodeselector: "{{ openshift_hosted_logging_elasticsearch_ops_nodeselector | default('') | map_from_pairs }}"
+openshift_logging_es_ops_storage_group: "{{ openshift_logging_elasticsearch_storage_group | default('65534') }}"
+openshift_logging_es_ops_nodeselector: {}
# for exposing es-ops to external (outside of the cluster) clients
openshift_logging_es_ops_allow_external: False
@@ -153,7 +154,7 @@ openshift_logging_es_ops_key: ""
openshift_logging_es_ops_ca_ext: ""
# storage related defaults
-openshift_logging_storage_access_modes: "{{ openshift_hosted_logging_storage_access_modes | default(['ReadWriteOnce']) }}"
+openshift_logging_storage_access_modes: ['ReadWriteOnce']
# mux - secure_forward listener service
openshift_logging_mux_allow_external: False
diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml
index f45100be3..354008206 100644
--- a/roles/openshift_metrics/defaults/main.yaml
+++ b/roles/openshift_metrics/defaults/main.yaml
@@ -15,9 +15,9 @@ openshift_metrics_hawkular_nodeselector: ""
openshift_metrics_hawkular_route_annotations: {}
openshift_metrics_cassandra_replicas: 1
-openshift_metrics_cassandra_storage_type: "{{ openshift_hosted_metrics_storage_kind | default('emptydir') }}"
-openshift_metrics_cassandra_pvc_size: "{{ openshift_hosted_metrics_storage_volume_size | default('10Gi') }}"
-openshift_metrics_cassandra_pv_selector: "{{ openshift_hosted_metrics_storage_labels | default('') }}"
+openshift_metrics_cassandra_storage_type: "{{ openshift_metrics_storage_kind | default('emptydir') }}"
+openshift_metrics_cassandra_pvc_size: "{{ openshift_metrics_storage_volume_size | default('10Gi') }}"
+openshift_metrics_cassandra_pv_selector: "{{ openshift_metrics_storage_labels | default('') }}"
openshift_metrics_cassandra_limits_memory: 2G
openshift_metrics_cassandra_limits_cpu: null
openshift_metrics_cassandra_requests_memory: 1G
@@ -54,8 +54,8 @@ openshift_metrics_master_url: https://kubernetes.default.svc
openshift_metrics_node_id: nodename
openshift_metrics_project: openshift-infra
-openshift_metrics_cassandra_pvc_prefix: "{{ openshift_hosted_metrics_storage_volume_name | default('metrics-cassandra') }}"
-openshift_metrics_cassandra_pvc_access: "{{ openshift_hosted_metrics_storage_access_modes | default(['ReadWriteOnce']) }}"
+openshift_metrics_cassandra_pvc_prefix: "{{ openshift_metrics_storage_volume_name | default('metrics-cassandra') }}"
+openshift_metrics_cassandra_pvc_access: "{{ openshift_metrics_storage_access_modes | default(['ReadWriteOnce']) }}"
openshift_metrics_hawkular_user_write_access: False
diff --git a/roles/openshift_metrics/vars/default_images.yml b/roles/openshift_metrics/vars/default_images.yml
index 678c4104c..8704ddfa0 100644
--- a/roles/openshift_metrics/vars/default_images.yml
+++ b/roles/openshift_metrics/vars/default_images.yml
@@ -1,3 +1,3 @@
---
-__openshift_metrics_image_prefix: "{{ openshift_hosted_metrics_deployer_prefix | default('docker.io/openshift/origin-') }}"
-__openshift_metrics_image_version: "{{ openshift_hosted_metrics_deployer_version | default('latest') }}"
+__openshift_metrics_image_prefix: "docker.io/openshift/origin-"
+__openshift_metrics_image_version: "latest"
diff --git a/roles/openshift_metrics/vars/openshift-enterprise.yml b/roles/openshift_metrics/vars/openshift-enterprise.yml
index f0bdac7d2..68cdf06fe 100644
--- a/roles/openshift_metrics/vars/openshift-enterprise.yml
+++ b/roles/openshift_metrics/vars/openshift-enterprise.yml
@@ -1,3 +1,3 @@
---
-__openshift_metrics_image_prefix: "{{ openshift_hosted_metrics_deployer_prefix | default('registry.access.redhat.com/openshift3/') }}"
-__openshift_metrics_image_version: "{{ openshift_hosted_metrics_deployer_version | default ('v3.6') }}"
+__openshift_metrics_image_prefix: "registry.access.redhat.com/openshift3/"
+__openshift_metrics_image_version: "v3.6"
diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
index 61d2a5b51..df02bcf0e 100755
--- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
+++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
@@ -114,6 +114,8 @@ EOF
echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF}
if ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then
sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF}
+ elif ! grep -qw search ${NEW_RESOLV_CONF}; then
+ echo 'search cluster.local' >> ${NEW_RESOLV_CONF}
fi
cp -Z ${NEW_RESOLV_CONF} /etc/resolv.conf
fi
diff --git a/roles/openshift_persistent_volumes/meta/main.yml b/roles/openshift_persistent_volumes/meta/main.yml
index 8d3d010e4..19e9a56b7 100644
--- a/roles/openshift_persistent_volumes/meta/main.yml
+++ b/roles/openshift_persistent_volumes/meta/main.yml
@@ -9,5 +9,4 @@ galaxy_info:
- name: EL
versions:
- 7
-dependencies:
-- role: openshift_hosted_facts
+dependencies: {}
diff --git a/roles/openshift_sanitize_inventory/filter_plugins/openshift_logging.py b/roles/openshift_sanitize_inventory/filter_plugins/openshift_logging.py
new file mode 100644
index 000000000..d42c9bdb9
--- /dev/null
+++ b/roles/openshift_sanitize_inventory/filter_plugins/openshift_logging.py
@@ -0,0 +1,25 @@
+'''
+ Openshift Logging class that provides useful filters used in Logging.
+
+ This should be removed after map_from_pairs is no longer used in __deprecations_logging.yml
+'''
+
+
+def map_from_pairs(source, delim="="):
+ ''' Returns a dict given the source and delim delimited '''
+ if source == '':
+ return dict()
+
+ return dict(item.split(delim) for item in source.split(","))
+
+
+# pylint: disable=too-few-public-methods
+class FilterModule(object):
+ ''' OpenShift Logging Filters '''
+
+ # pylint: disable=no-self-use, too-few-public-methods
+ def filters(self):
+ ''' Returns the names of the filters provided by this class '''
+ return {
+ 'map_from_pairs': map_from_pairs
+ }
diff --git a/roles/openshift_sanitize_inventory/library/conditional_set_fact.py b/roles/openshift_sanitize_inventory/library/conditional_set_fact.py
new file mode 100644
index 000000000..f61801714
--- /dev/null
+++ b/roles/openshift_sanitize_inventory/library/conditional_set_fact.py
@@ -0,0 +1,68 @@
+#!/usr/bin/python
+
+""" Ansible module to help with setting facts conditionally based on other facts """
+
+from ansible.module_utils.basic import AnsibleModule
+
+
+DOCUMENTATION = '''
+---
+module: conditional_set_fact
+
+short_description: This will set a fact if the value is defined
+
+description:
+ - "To avoid constant set_fact & when conditions for each var we can use this"
+
+author:
+ - Eric Wolinetz ewolinet@redhat.com
+'''
+
+
+EXAMPLES = '''
+- name: Conditionally set fact
+ conditional_set_fact:
+ fact1: not_defined_variable
+
+- name: Conditionally set fact
+ conditional_set_fact:
+ fact1: not_defined_variable
+ fact2: defined_variable
+
+'''
+
+
+def run_module():
+ """ The body of the module, we check if the variable name specified as the value
+ for the key is defined. If it is then we use that value as for the original key """
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ facts=dict(type='dict', required=True),
+ vars=dict(required=False, type='dict', default=[])
+ ),
+ supports_check_mode=True
+ )
+
+ local_facts = dict()
+ is_changed = False
+
+ for param in module.params['vars']:
+ other_var = module.params['vars'][param]
+
+ if other_var in module.params['facts']:
+ local_facts[param] = module.params['facts'][other_var]
+ if not is_changed:
+ is_changed = True
+
+ return module.exit_json(changed=is_changed, # noqa: F405
+ ansible_facts=local_facts)
+
+
+def main():
+ """ main """
+ run_module()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml b/roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml
new file mode 100644
index 000000000..e52ab5f6d
--- /dev/null
+++ b/roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml
@@ -0,0 +1,48 @@
+---
+# this is used to set the logging variables from deprecated values to the current variables names
+# this file should be deleted once variables are no longer honored
+
+- conditional_set_fact:
+ facts: "{{ hostvars[inventory_hostname] }}"
+ vars:
+ logging_hostname: openshift_hosted_logging_hostname
+ logging_ops_hostname: openshift_hosted_logging_ops_hostname
+ logging_elasticsearch_cluster_size: openshift_hosted_logging_elasticsearch_cluster_size
+ logging_elasticsearch_ops_cluster_size: openshift_hosted_logging_elasticsearch_ops_cluster_size
+ openshift_logging_storage_kind: openshift_hosted_logging_storage_kind
+ openshift_logging_storage_host: openshift_hosted_logging_storage_host
+ openshift_logging_storage_labels: openshift_hosted_logging_storage_labels
+ openshift_logging_storage_volume_size: openshift_hosted_logging_storage_volume_size
+ openshift_loggingops_storage_kind: openshift_hosted_loggingops_storage_kind
+ openshift_loggingops_storage_host: openshift_hosted_loggingops_storage_host
+ openshift_loggingops_storage_labels: openshift_hosted_loggingops_storage_labels
+ openshift_loggingops_storage_volume_size: openshift_hosted_loggingops_storage_volume_size
+ openshift_logging_use_ops: openshift_hosted_logging_enable_ops_cluster
+ openshift_logging_image_pull_secret: openshift_hosted_logging_image_pull_secret
+ openshift_logging_kibana_hostname: openshift_hosted_logging_hostname
+ openshift_logging_kibana_ops_hostname: openshift_hosted_logging_ops_hostname
+ openshift_logging_fluentd_journal_source: openshift_hosted_logging_journal_source
+ openshift_logging_fluentd_journal_read_from_head: openshift_hosted_logging_journal_read_from_head
+ openshift_logging_es_memory_limit: openshift_hosted_logging_elasticsearch_instance_ram
+ openshift_logging_es_nodeselector: openshift_hosted_logging_elasticsearch_nodeselector
+ openshift_logging_es_ops_memory_limit: openshift_hosted_logging_elasticsearch_ops_instance_ram
+ openshift_logging_storage_access_modes: openshift_hosted_logging_storage_access_modes
+ openshift_logging_master_public_url: openshift_hosted_logging_master_public_url
+ openshift_logging_image_prefix: openshift_hosted_logging_deployer_prefix
+ openshift_logging_image_version: openshift_hosted_logging_deployer_version
+ openshift_logging_install_logging: openshift_hosted_logging_deploy
+
+
+- set_fact:
+ openshift_logging_elasticsearch_pvc_dynamic: "{{ 'true' if openshift_logging_storage_kind | default(none) == 'dynamic' else '' }}"
+ openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_storage_volume_size if openshift_logging_storage_kind | default(none) in ['dynamic','nfs'] else '' }}"
+ openshift_logging_elasticsearch_pvc_prefix: "{{ 'logging-es' if openshift_logging_storage_kind | default(none) == 'dynamic' else '' }}"
+ openshift_logging_elasticsearch_ops_pvc_dynamic: "{{ 'true' if openshift_loggingops_storage_kind | default(none) == 'dynamic' else '' }}"
+ openshift_logging_elasticsearch_ops_pvc_size: "{{ openshift_loggingops_storage_volume_size if openshift_loggingops_storage_kind | default(none) in ['dynamic','nfs'] else '' }}"
+ openshift_logging_elasticsearch_ops_pvc_prefix: "{{ 'logging-es-ops' if openshift_loggingops_storage_kind | default(none) == 'dynamic' else '' }}"
+ openshift_logging_curator_nodeselector: "{{ openshift_hosted_logging_curator_nodeselector | default('') | map_from_pairs }}"
+ openshift_logging_curator_ops_nodeselector: "{{ openshift_hosted_logging_curator_ops_nodeselector | default('') | map_from_pairs }}"
+ openshift_logging_kibana_nodeselector: "{{ openshift_hosted_logging_kibana_nodeselector | default('') | map_from_pairs }}"
+ openshift_logging_kibana_ops_nodeselector: "{{ openshift_hosted_logging_kibana_ops_nodeselector | default('') | map_from_pairs }}"
+ openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}"
+ openshift_logging_es_ops_nodeselector: "{{ openshift_hosted_logging_elasticsearch_ops_nodeselector | default('') | map_from_pairs }}"
diff --git a/roles/openshift_sanitize_inventory/tasks/__deprecations_metrics.yml b/roles/openshift_sanitize_inventory/tasks/__deprecations_metrics.yml
new file mode 100644
index 000000000..279646981
--- /dev/null
+++ b/roles/openshift_sanitize_inventory/tasks/__deprecations_metrics.yml
@@ -0,0 +1,17 @@
+---
+# this is used to set the metrics variables from deprecated values to the current variables names
+# this file should be deleted once variables are no longer honored
+
+- conditional_set_fact:
+ facts: "{{ hostvars[inventory_hostname] }}"
+ vars:
+ openshift_metrics_storage_access_modes: openshift_hosted_metrics_storage_access_modes
+ openshift_metrics_storage_host: openshift_hosted_metrics_storage_host
+ openshift_metrics_storage_nfs_directory: openshift_hosted_metrics_storage_nfs_directory
+ openshift_metrics_storage_volume_name: openshift_hosted_metrics_storage_volume_name
+ openshift_metrics_storage_volume_size: openshift_hosted_metrics_storage_volume_size
+ openshift_metrics_storage_labels: openshift_hosted_metrics_storage_labels
+ openshift_metrics_image_prefix: openshift_hosted_metrics_deployer_prefix
+ openshift_metrics_image_version: openshift_hosted_metrics_deployer_version
+ openshift_metrics_install_metrics: openshift_hosted_metrics_deploy
+ openshift_metrics_storage_kind: openshift_hosted_metrics_storage_kind
diff --git a/roles/openshift_sanitize_inventory/tasks/deprecations.yml b/roles/openshift_sanitize_inventory/tasks/deprecations.yml
new file mode 100644
index 000000000..94d3acffc
--- /dev/null
+++ b/roles/openshift_sanitize_inventory/tasks/deprecations.yml
@@ -0,0 +1,21 @@
+---
+
+- name: Check for usage of deprecated variables
+ set_fact:
+ __deprecation_message: "{{ __deprecation_message | default([]) }} + ['{{ __deprecation_header }} {{ item }} is a deprecated variable and will be no longer be used in the next minor release. Please update your inventory accordingly.']"
+ when:
+ - hostvars[inventory_hostname][item] is defined
+ with_items: "{{ __warn_deprecated_vars }}"
+
+- block:
+ - debug: msg="{{__deprecation_message}}"
+ - pause:
+ seconds: "{{ 10 }}"
+ when:
+ - __deprecation_message | default ('') | length > 0
+
+# for with_fileglob Ansible resolves the path relative to the roles/<rolename>/files directory
+- name: Assign deprecated variables to correct counterparts
+ include: "{{ item }}"
+ with_fileglob:
+ - "../tasks/__deprecations_*.yml"
diff --git a/roles/openshift_sanitize_inventory/tasks/main.yml b/roles/openshift_sanitize_inventory/tasks/main.yml
index 59ce505d3..e327ee9f5 100644
--- a/roles/openshift_sanitize_inventory/tasks/main.yml
+++ b/roles/openshift_sanitize_inventory/tasks/main.yml
@@ -1,4 +1,8 @@
---
+# We should print out deprecations prior to any failures so that if a play does fail for other reasons
+# the user would also be aware of any deprecated variables they should note to adjust
+- include: deprecations.yml
+
- name: Abort when conflicting deployment type variables are set
when:
- deployment_type is defined
diff --git a/roles/openshift_sanitize_inventory/vars/main.yml b/roles/openshift_sanitize_inventory/vars/main.yml
index 37e88758d..0fc2372d2 100644
--- a/roles/openshift_sanitize_inventory/vars/main.yml
+++ b/roles/openshift_sanitize_inventory/vars/main.yml
@@ -2,3 +2,77 @@
# origin uses community packages named 'origin'
# openshift-enterprise uses Red Hat packages named 'atomic-openshift'
known_openshift_deployment_types: ['origin', 'openshift-enterprise']
+
+__deprecation_header: "[DEPRECATION WARNING]:"
+
+# this is a list of variables that we will be deprecating within the next minor release, this list should be expected to change from release to release
+__warn_deprecated_vars:
+ # logging
+ - 'openshift_hosted_logging_deploy'
+ - 'openshift_hosted_logging_hostname'
+ - 'openshift_hosted_logging_ops_hostname'
+ - 'openshift_hosted_logging_master_public_url'
+ - 'openshift_hosted_logging_elasticsearch_cluster_size'
+ - 'openshift_hosted_logging_elasticsearch_ops_cluster_size'
+ - 'openshift_hosted_logging_image_pull_secret'
+ - 'openshift_hosted_logging_enable_ops_cluster'
+ - 'openshift_hosted_logging_curator_nodeselector'
+ - 'openshift_hosted_logging_curator_ops_nodeselector'
+ - 'openshift_hosted_logging_kibana_nodeselector'
+ - 'openshift_hosted_logging_kibana_ops_nodeselector'
+ - 'openshift_hosted_logging_fluentd_nodeselector_label'
+ - 'openshift_hosted_logging_journal_source'
+ - 'openshift_hosted_logging_journal_read_from_head'
+ - 'openshift_hosted_logging_elasticsearch_instance_ram'
+ - 'openshift_hosted_logging_storage_labels'
+ - 'openshift_hosted_logging_elasticsearch_pvc_dynamic'
+ - 'openshift_hosted_logging_elasticsearch_pvc_size'
+ - 'openshift_hosted_logging_elasticsearch_pvc_prefix'
+ - 'openshift_hosted_logging_elasticsearch_storage_group'
+ - 'openshift_hosted_logging_elasticsearch_nodeselector'
+ - 'openshift_hosted_logging_elasticsearch_ops_instance_ram'
+ - 'openshift_hosted_loggingops_storage_labels'
+ - 'openshift_hosted_logging_elasticsearch_ops_pvc_dynamic'
+ - 'openshift_hosted_logging_elasticsearch_ops_pvc_size'
+ - 'openshift_hosted_logging_elasticsearch_ops_pvc_prefix'
+ - 'openshift_hosted_logging_elasticsearch_storage_group'
+ - 'openshift_hosted_logging_elasticsearch_ops_nodeselector'
+ - 'openshift_hosted_logging_storage_access_modes'
+ - 'openshift_hosted_logging_storage_kind'
+ - 'openshift_hosted_loggingops_storage_kind'
+ - 'openshift_hosted_logging_storage_host'
+ - 'openshift_hosted_loggingops_storage_host'
+ - 'openshift_hosted_logging_storage_nfs_directory'
+ - 'openshift_hosted_loggingops_storage_nfs_directory'
+ - 'openshift_hosted_logging_storage_volume_name'
+ - 'openshift_hosted_loggingops_storage_volume_name'
+ - 'openshift_hosted_logging_storage_volume_size'
+ - 'openshift_hosted_loggingops_storage_volume_size'
+ - 'openshift_hosted_logging_enable_ops_cluster'
+ - 'openshift_hosted_logging_image_pull_secret'
+ - 'openshift_hosted_logging_curator_nodeselector'
+ - 'openshift_hosted_logging_curator_ops_nodeselector'
+ - 'openshift_hosted_logging_kibana_nodeselector'
+ - 'openshift_hosted_logging_kibana_ops_nodeselector'
+ - 'openshift_hosted_logging_ops_hostname'
+ - 'openshift_hosted_logging_fluentd_nodeselector_label'
+ - 'openshift_hosted_logging_journal_source'
+ - 'openshift_hosted_logging_journal_read_from_head'
+ - 'openshift_hosted_logging_elasticsearch_instance_ram'
+ - 'openshift_hosted_logging_elasticsearch_nodeselector'
+ - 'openshift_hosted_logging_elasticsearch_ops_instance_ram'
+ - 'openshift_hosted_logging_elasticsearch_ops_nodeselector'
+ - 'openshift_hosted_logging_storage_access_modes'
+ - 'openshift_hosted_logging_deployer_prefix'
+ - 'openshift_hosted_logging_deployer_version'
+ # metrics
+ - 'openshift_hosted_metrics_deploy'
+ - 'openshift_hosted_metrics_storage_kind'
+ - 'openshift_hosted_metrics_storage_access_modes'
+ - 'openshift_hosted_metrics_storage_host'
+ - 'openshift_hosted_metrics_storage_nfs_directory'
+ - 'openshift_hosted_metrics_storage_volume_name'
+ - 'openshift_hosted_metrics_storage_volume_size'
+ - 'openshift_hosted_metrics_storage_labels'
+ - 'openshift_hosted_metrics_deployer_prefix'
+ - 'openshift_hosted_metrics_deployer_version'
diff --git a/roles/openshift_service_catalog/files/openshift-ansible-catalog-console.js b/roles/openshift_service_catalog/files/openshift-ansible-catalog-console.js
index 16a307c06..d0a9f11dc 100644
--- a/roles/openshift_service_catalog/files/openshift-ansible-catalog-console.js
+++ b/roles/openshift_service_catalog/files/openshift-ansible-catalog-console.js
@@ -1 +1,2 @@
-window.OPENSHIFT_CONSTANTS.ENABLE_TECH_PREVIEW_FEATURE.service_catalog_landing_page = true;
+// empty file so that the master-config can still point to a file that exists
+// this file will be replaced by the template service broker role if enabled
diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml
index d134867bd..faf1aea97 100644
--- a/roles/openshift_service_catalog/tasks/install.yml
+++ b/roles/openshift_service_catalog/tasks/install.yml
@@ -110,15 +110,6 @@
when:
- not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch'])
-- shell: >
- oc get policybindings/kube-system:default -n kube-system || echo "not found"
- register: get_kube_system
- changed_when: no
-
-- command: >
- oc create policybinding kube-system -n kube-system
- when: "'not found' in get_kube_system.stdout"
-
- oc_adm_policy_user:
namespace: kube-service-catalog
resource_kind: scc
diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml
index 51f8f4e0e..3047fbaf9 100644
--- a/roles/openshift_storage_nfs/tasks/main.yml
+++ b/roles/openshift_storage_nfs/tasks/main.yml
@@ -31,9 +31,9 @@
group: nfsnobody
with_items:
- "{{ openshift.hosted.registry }}"
- - "{{ openshift.hosted.metrics }}"
- - "{{ openshift.hosted.logging }}"
- - "{{ openshift.hosted.loggingops }}"
+ - "{{ openshift.metrics }}"
+ - "{{ openshift.logging }}"
+ - "{{ openshift.loggingops }}"
- "{{ openshift.hosted.etcd }}"
- name: Configure exports
diff --git a/roles/openshift_storage_nfs/templates/exports.j2 b/roles/openshift_storage_nfs/templates/exports.j2
index 7e8f70b23..0141e0d25 100644
--- a/roles/openshift_storage_nfs/templates/exports.j2
+++ b/roles/openshift_storage_nfs/templates/exports.j2
@@ -1,5 +1,5 @@
{{ openshift.hosted.registry.storage.nfs.directory }}/{{ openshift.hosted.registry.storage.volume.name }} {{ openshift.hosted.registry.storage.nfs.options }}
-{{ openshift.hosted.metrics.storage.nfs.directory }}/{{ openshift.hosted.metrics.storage.volume.name }} {{ openshift.hosted.metrics.storage.nfs.options }}
-{{ openshift.hosted.logging.storage.nfs.directory }}/{{ openshift.hosted.logging.storage.volume.name }} {{ openshift.hosted.logging.storage.nfs.options }}
-{{ openshift.hosted.loggingops.storage.nfs.directory }}/{{ openshift.hosted.loggingops.storage.volume.name }} {{ openshift.hosted.loggingops.storage.nfs.options }}
+{{ openshift.metrics.storage.nfs.directory }}/{{ openshift.metrics.storage.volume.name }} {{ openshift.metrics.storage.nfs.options }}
+{{ openshift.logging.storage.nfs.directory }}/{{ openshift.logging.storage.volume.name }} {{ openshift.logging.storage.nfs.options }}
+{{ openshift.loggingops.storage.nfs.directory }}/{{ openshift.loggingops.storage.volume.name }} {{ openshift.loggingops.storage.nfs.options }}
{{ openshift.hosted.etcd.storage.nfs.directory }}/{{ openshift.hosted.etcd.storage.volume.name }} {{ openshift.hosted.etcd.storage.nfs.options }}
diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml
index 1ff99adf8..f4e9ff43a 100644
--- a/roles/openshift_version/tasks/main.yml
+++ b/roles/openshift_version/tasks/main.yml
@@ -166,7 +166,9 @@
- set_fact:
openshift_pkg_version: -{{ openshift_version }}
- when: openshift_pkg_version is not defined
+ when:
+ - openshift_pkg_version is not defined
+ - openshift_upgrade_target is not defined
- fail:
msg: openshift_version role was unable to set openshift_version
@@ -181,7 +183,10 @@
- fail:
msg: openshift_version role was unable to set openshift_pkg_version
name: Abort if openshift_pkg_version was not set
- when: openshift_pkg_version is not defined
+ when:
+ - openshift_pkg_version is not defined
+ - openshift_upgrade_target is not defined
+
- fail:
msg: "No OpenShift version available; please ensure your systems are fully registered and have access to appropriate yum repositories."
diff --git a/roles/template_service_broker/defaults/main.yml b/roles/template_service_broker/defaults/main.yml
new file mode 100644
index 000000000..fb407c4a2
--- /dev/null
+++ b/roles/template_service_broker/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+# placeholder file?
+template_service_broker_remove: False
+template_service_broker_install: False
diff --git a/roles/template_service_broker/files/openshift-ansible-catalog-console.js b/roles/template_service_broker/files/openshift-ansible-catalog-console.js
new file mode 100644
index 000000000..b3a3d3428
--- /dev/null
+++ b/roles/template_service_broker/files/openshift-ansible-catalog-console.js
@@ -0,0 +1 @@
+window.OPENSHIFT_CONSTANTS.ENABLE_TECH_PREVIEW_FEATURE.template_service_broker = true;
diff --git a/roles/template_service_broker/files/remove-openshift-ansible-catalog-console.js b/roles/template_service_broker/files/remove-openshift-ansible-catalog-console.js
new file mode 100644
index 000000000..d0a9f11dc
--- /dev/null
+++ b/roles/template_service_broker/files/remove-openshift-ansible-catalog-console.js
@@ -0,0 +1,2 @@
+// empty file so that the master-config can still point to a file that exists
+// this file will be replaced by the template service broker role if enabled
diff --git a/roles/etcd_ca/meta/main.yml b/roles/template_service_broker/meta/main.yml
index e3e2f7781..ab5a0cf08 100644
--- a/roles/etcd_ca/meta/main.yml
+++ b/roles/template_service_broker/meta/main.yml
@@ -1,7 +1,7 @@
---
galaxy_info:
- author: Jason DeTiberus
- description: Etcd CA
+ author: OpenShift Red Hat
+ description: OpenShift Template Service Broker
company: Red Hat, Inc.
license: Apache License, Version 2.0
min_ansible_version: 2.1
@@ -11,6 +11,3 @@ galaxy_info:
- 7
categories:
- cloud
- - system
-dependencies:
-- role: etcd_common
diff --git a/roles/template_service_broker/tasks/install.yml b/roles/template_service_broker/tasks/install.yml
new file mode 100644
index 000000000..199df83c2
--- /dev/null
+++ b/roles/template_service_broker/tasks/install.yml
@@ -0,0 +1,47 @@
+---
+# Fact setting
+- name: Set default image variables based on deployment type
+ include_vars: "{{ item }}"
+ with_first_found:
+ - "{{ openshift_deployment_type | default(deployment_type) }}.yml"
+ - "default_images.yml"
+
+- name: set ansible_service_broker facts
+ set_fact:
+ template_service_broker_image: "{{ template_service_broker_image | default(__template_service_broker_image) }}"
+
+- oc_project:
+ name: openshift-template-service-broker
+ state: present
+
+- command: mktemp -d /tmp/tsb-ansible-XXXXXX
+ register: mktemp
+ changed_when: False
+ become: no
+
+- copy:
+ src: "{{ __tsb_files_location }}/{{ item }}"
+ dest: "{{ mktemp.stdout }}/{{ item }}"
+ with_items:
+ - "{{ __tsb_template_file }}"
+ - "{{ __tsb_rbac_file }}"
+
+- name: Apply template file
+ shell: >
+ oc process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" --param API_SERVER_CONFIG="{{ lookup('file', __tsb_files_location ~ '/' ~ __tsb_config_file) }}" | kubectl apply -f -
+
+# reconcile with rbac
+- name: Reconcile with RBAC file
+ shell: >
+ oc process -f "{{ mktemp.stdout }}/{{ __tsb_rbac_file }}" | oc auth reconcile -f -
+
+- name: copy tech preview extension file for service console UI
+ copy:
+ src: openshift-ansible-catalog-console.js
+ dest: /etc/origin/master/openshift-ansible-catalog-console.js
+
+- file:
+ state: absent
+ name: "{{ mktemp.stdout }}"
+ changed_when: False
+ become: no
diff --git a/roles/template_service_broker/tasks/main.yml b/roles/template_service_broker/tasks/main.yml
new file mode 100644
index 000000000..d7ca970c7
--- /dev/null
+++ b/roles/template_service_broker/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+# do any asserts here
+
+- include: install.yml
+ when: template_service_broker_install | default(false) | bool
+
+- include: remove.yml
+ when: template_service_broker_remove | default(false) | bool
diff --git a/roles/template_service_broker/tasks/remove.yml b/roles/template_service_broker/tasks/remove.yml
new file mode 100644
index 000000000..207dd9bdb
--- /dev/null
+++ b/roles/template_service_broker/tasks/remove.yml
@@ -0,0 +1,28 @@
+---
+- command: mktemp -d /tmp/tsb-ansible-XXXXXX
+ register: mktemp
+ changed_when: False
+ become: no
+
+- copy:
+ src: "{{ __tsb_files_location }}/{{ item }}"
+ dest: "{{ mktemp.stdout }}/{{ __tsb_template_file }}"
+
+- name: Delete TSB objects
+ shell: >
+ oc process -f "{{ __tsb_files_location }}/{{ __tsb_template_file }}" | kubectl delete -f -
+
+- name: empty out tech preview extension file for service console UI
+ copy:
+ src: remove-openshift-ansible-catalog-console.js
+ dest: /etc/origin/master/openshift-ansible-catalog-console.js
+
+- oc_project:
+ name: openshift-template-service-broker
+ state: absent
+
+- file:
+ state: absent
+ name: "{{ mktemp.stdout }}"
+ changed_when: False
+ become: no
diff --git a/roles/template_service_broker/vars/default_images.yml b/roles/template_service_broker/vars/default_images.yml
new file mode 100644
index 000000000..807f2822c
--- /dev/null
+++ b/roles/template_service_broker/vars/default_images.yml
@@ -0,0 +1,2 @@
+---
+__template_service_broker_image: ""
diff --git a/roles/template_service_broker/vars/main.yml b/roles/template_service_broker/vars/main.yml
new file mode 100644
index 000000000..372ab8f6f
--- /dev/null
+++ b/roles/template_service_broker/vars/main.yml
@@ -0,0 +1,6 @@
+---
+__tsb_files_location: "../../../files/origin-components/"
+
+__tsb_template_file: "apiserver-template.yaml"
+__tsb_config_file: "apiserver-config.yaml"
+__tsb_rbac_file: "rbac-template.yaml"
diff --git a/roles/template_service_broker/vars/openshift-enterprise.yml b/roles/template_service_broker/vars/openshift-enterprise.yml
new file mode 100644
index 000000000..807f2822c
--- /dev/null
+++ b/roles/template_service_broker/vars/openshift-enterprise.yml
@@ -0,0 +1,2 @@
+---
+__template_service_broker_image: ""