diff options
22 files changed, 183 insertions, 87 deletions
| diff --git a/files/origin-components/console-config.yaml b/files/origin-components/console-config.yaml index 32a28775f..55c650fbe 100644 --- a/files/origin-components/console-config.yaml +++ b/files/origin-components/console-config.yaml @@ -12,6 +12,7 @@ extensions:    properties: null  features:    inactivityTimeoutMinutes: 0 +  clusterResourceOverridesEnabled: false  servingInfo:    bindAddress: 0.0.0.0:8443    bindNetwork: tcp4 diff --git a/images/installer/Dockerfile.rhel7 b/images/installer/Dockerfile.rhel7 index 05df6b43a..3b05c1aa6 100644 --- a/images/installer/Dockerfile.rhel7 +++ b/images/installer/Dockerfile.rhel7 @@ -5,7 +5,7 @@ MAINTAINER OpenShift Team <dev@lists.openshift.redhat.com>  USER root  # Playbooks, roles, and their dependencies are installed from packages. -RUN INSTALL_PKGS="atomic-openshift-utils atomic-openshift-clients python-boto openssl java-1.8.0-openjdk-headless httpd-tools google-cloud-sdk" \ +RUN INSTALL_PKGS="atomic-openshift-utils atomic-openshift-clients python-boto python2-boto3 openssl java-1.8.0-openjdk-headless httpd-tools google-cloud-sdk" \   && yum repolist > /dev/null \   && yum-config-manager --enable rhel-7-server-ose-3.7-rpms \   && yum-config-manager --enable rhel-7-server-rh-common-rpms \ diff --git a/inventory/hosts.example b/inventory/hosts.example index da60b63e6..f9f331880 100644 --- a/inventory/hosts.example +++ b/inventory/hosts.example @@ -845,12 +845,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',  # See: https://github.com/nickhammond/ansible-logrotate  #logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] -# openshift-ansible will wait indefinitely for your input when it detects that the +# The OpenShift-Ansible installer will fail when it detects that the  # value of openshift_hostname resolves to an IP address not bound to any local  # interfaces. This mis-configuration is problematic for any pod leveraging host  # networking and liveness or readiness probes. -# Setting this variable to true will override that check. -#openshift_override_hostname_check=true +# Setting this variable to false will override that check. +#openshift_hostname_check=true  # openshift_use_dnsmasq is deprecated.  This must be true, or installs will fail  # in versions >= 3.6 diff --git a/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml index fc1cbf32a..07be0b0d4 100644 --- a/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml @@ -31,7 +31,7 @@        with_items: " {{ groups['oo_nodes_to_config'] }}"        when:        - hostvars[item].openshift is defined -      - hostvars[item].openshift.common.hostname in nodes_to_upgrade.results.results[0]['items'] | map(attribute='metadata.name') | list +      - hostvars[item].openshift.common.hostname | lower in nodes_to_upgrade.results.results[0]['items'] | map(attribute='metadata.name') | list        changed_when: false    # Build up the oo_nodes_to_upgrade group, use the list filtered by label if diff --git a/playbooks/container-runtime/private/build_container_groups.yml b/playbooks/container-runtime/private/build_container_groups.yml index a2361d50c..8fb7b63e8 100644 --- a/playbooks/container-runtime/private/build_container_groups.yml +++ b/playbooks/container-runtime/private/build_container_groups.yml @@ -1,6 +1,8 @@  --- +# l_build_container_groups_hosts is passed in via prerequisites.yml during +# etcd scaleup plays.  - name: create oo_hosts_containerized_managed_true host group -  hosts: oo_all_hosts:!oo_nodes_to_config +  hosts: "{{ l_build_container_groups_hosts | default('oo_all_hosts:!oo_nodes_to_config') }}"    tasks:    - group_by:        key: oo_hosts_containerized_managed_{{ (openshift_is_containerized | default(False)) | ternary('true','false') }} diff --git a/playbooks/container-runtime/private/config.yml b/playbooks/container-runtime/private/config.yml index 817a8bf30..5396df20a 100644 --- a/playbooks/container-runtime/private/config.yml +++ b/playbooks/container-runtime/private/config.yml @@ -1,9 +1,11 @@  ---  # l_scale_up_hosts may be passed in via prerequisites.yml during scaleup plays. +# l_etcd_scale_up_hosts may be passed in via prerequisites.yml during etcd +# scaleup plays.  - import_playbook: build_container_groups.yml -- hosts: "{{ l_scale_up_hosts | default(l_default_container_runtime_hosts) }}" +- hosts: "{{ l_etcd_scale_up_hosts | default(l_scale_up_hosts) | default(l_default_container_runtime_hosts) }}"    vars:      l_default_container_runtime_hosts: "oo_nodes_to_config:oo_hosts_containerized_managed_true"    roles: diff --git a/playbooks/container-runtime/private/setup_storage.yml b/playbooks/container-runtime/private/setup_storage.yml index 65630be62..586149b1d 100644 --- a/playbooks/container-runtime/private/setup_storage.yml +++ b/playbooks/container-runtime/private/setup_storage.yml @@ -1,9 +1,11 @@  ---  # l_scale_up_hosts may be passed in via prerequisites.yml during scaleup plays. +# l_etcd_scale_up_hosts may be passed in via prerequisites.yml during etcd +# scaleup plays.  - import_playbook: build_container_groups.yml -- hosts: "{{ l_scale_up_hosts | default(l_default_container_storage_hosts) }}" +- hosts: "{{ l_etcd_scale_up_hosts | default(l_scale_up_hosts) | default(l_default_container_storage_hosts) }}"    vars:      l_default_container_storage_hosts: "oo_nodes_to_config:oo_hosts_containerized_managed_true"      l_chg_temp: "{{ hostvars[groups['oo_first_master'][0]]['openshift_containerized_host_groups'] | default([]) }}" diff --git a/playbooks/init/validate_hostnames.yml b/playbooks/init/validate_hostnames.yml index 86e0b2416..b49f7dd08 100644 --- a/playbooks/init/validate_hostnames.yml +++ b/playbooks/init/validate_hostnames.yml @@ -25,7 +25,7 @@      when:      - lookupip.stdout != '127.0.0.1'      - lookupip.stdout not in ansible_all_ipv4_addresses -    - openshift_hostname_check | default(true) +    - openshift_hostname_check | default(true) | bool    - name: Validate openshift_ip exists on node when defined      fail: @@ -40,4 +40,4 @@      when:      - openshift_ip is defined      - openshift_ip not in ansible_all_ipv4_addresses -    - openshift_ip_check | default(true) +    - openshift_ip_check | default(true) | bool diff --git a/playbooks/openshift-etcd/scaleup.yml b/playbooks/openshift-etcd/scaleup.yml index 7e9ab6834..656454fe3 100644 --- a/playbooks/openshift-etcd/scaleup.yml +++ b/playbooks/openshift-etcd/scaleup.yml @@ -1,4 +1,51 @@  --- +- import_playbook: ../init/evaluate_groups.yml + +- name: Ensure there are new_etcd +  hosts: localhost +  connection: local +  gather_facts: no +  tasks: +  - fail: +      msg: > +        Detected no new_etcd in inventory. Please add hosts to the +        new_etcd host group to add etcd hosts. +    when: +    - g_new_etcd_hosts | default([]) | length == 0 + +  - fail: +      msg: > +        Detected new_etcd host is member of new_masters or new_nodes.  Please +        run playbooks/openshift-master/scaleup.yml or +        playbooks/openshift-node/scaleup.yml before running this play. +    when: > +      inventory_hostname in (groups['new_masters'] | default([])) +      or inventory_hostname in (groups['new_nodes'] | default([])) + +# We only need to run this if etcd is being installed on a standalone host; +# If etcd is part of master or node group, there's no need to +# re-run prerequisites +- import_playbook: ../prerequisites.yml +  vars: +    # We need to ensure container_runtime is only processed for containerized +    # etcd hosts by setting l_build_container_groups_hosts and l_etcd_scale_up_hosts +    l_build_container_groups_hosts: "oo_new_etcd_to_config" +    l_etcd_scale_up_hosts: "oo_hosts_containerized_managed_true" +    l_scale_up_hosts: "oo_new_etcd_to_config" +    l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_new_etcd_to_config" +    l_sanity_check_hosts: "{{ groups['oo_new_etcd_to_config'] | union(groups['oo_masters_to_config']) | union(groups['oo_etcd_to_config']) }}" +  when: +  - inventory_hostname not in groups['oo_masters'] +  - inventory_hostname not in groups['oo_nodes_to_config'] + +# If this etcd host is part of a master or node, we don't need to run +# prerequisites, we can just init facts as normal.  - import_playbook: ../init/main.yml +  vars: +    skip_verison: True +    l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_new_etcd_to_config" +  when: +  - inventory_hostname in groups['oo_masters'] +  - inventory_hostname in groups['oo_nodes_to_config']  - import_playbook: private/scaleup.yml diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml index a8663f946..1287b25f3 100644 --- a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml +++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml @@ -43,7 +43,7 @@ openshift_hosted_registry_wait: True  # NOTE(shadower): the hostname check seems to always fail because the  # host's floating IP address doesn't match the address received from  # inside the host. -openshift_override_hostname_check: true +openshift_hostname_check: false  # For POCs or demo environments that are using smaller instances than  # the official recommended values for RAM and DISK, uncomment the line below. diff --git a/roles/container_runtime/defaults/main.yml b/roles/container_runtime/defaults/main.yml index d0e37e2f4..8203d15f5 100644 --- a/roles/container_runtime/defaults/main.yml +++ b/roles/container_runtime/defaults/main.yml @@ -101,45 +101,34 @@ l_crt_crio_image_tag_dict:    openshift-enterprise: "{{ l_openshift_image_tag }}"    origin: "{{ openshift_crio_image_tag | default(openshift_crio_image_tag_default) }}" -l_crt_crio_image_prepend_dict: -  openshift-enterprise: "registry.access.redhat.com/openshift3" -  origin: "docker.io/gscrivano" -  l_crt_crio_image_dict: -  Fedora: -    crio_image_name: "cri-o-fedora" -    crio_image_tag: "latest" -  CentOS: -    crio_image_name: "cri-o-centos" -    crio_image_tag: "latest" -  RedHat: -    crio_image_name: "cri-o" -    crio_image_tag: "{{ openshift_crio_image_tag | default(l_crt_crio_image_tag_dict[openshift_deployment_type]) }}" - -l_crio_image_prepend: "{{ l_crt_crio_image_prepend_dict[openshift_deployment_type] }}" -l_crio_image_name: "{{ l_crt_crio_image_dict[ansible_distribution]['crio_image_name'] }}" -l_crio_image_tag: "{{ l_crt_crio_image_dict[ansible_distribution] }}" - -l_crio_image_default: "{{ l_crio_image_prepend }}/{{ l_crio_image_name }}:{{ l_crio_image_tag }}" +  Fedora: "registry.fedoraproject.org/latest/cri-o" +  CentOS: "registry.centos.org/projectatomic/cri-o" +  RedHat: "registry.access.redhat.com/openshift3/cri-o" + +l_crio_image_name: "{{ l_crt_crio_image_dict[ansible_distribution] }}" +l_crio_image_tag: "{{ l_crt_crio_image_tag_dict[openshift_deployment_type] }}" + +l_crio_image_default: "{{ l_crio_image_name }}:{{ l_crio_image_tag }}"  l_crio_image: "{{ openshift_crio_systemcontainer_image_override | default(l_crio_image_default) }}"  # ----------------------- #  # systemcontainers_docker #  # ----------------------- # -l_crt_docker_image_prepend_dict: -  Fedora: "registry.fedoraproject.org/latest" -  Centos: "docker.io/gscrivano" -  RedHat: "registry.access.redhat.com/openshift3" +l_crt_docker_image_dict: +  Fedora: "registry.fedoraproject.org/latest/docker" +  Centos: "registry.centos.org/projectatomic/docker" +  RedHat: "registry.access.redhat.com/openshift3/container-engine"  openshift_docker_image_tag_default: "latest"  l_crt_docker_image_tag_dict:    openshift-enterprise: "{{ l_openshift_image_tag }}"    origin: "{{ openshift_docker_image_tag | default(openshift_docker_image_tag_default) }}" -l_docker_image_prepend: "{{ l_crt_docker_image_prepend_dict[ansible_distribution] }}" +l_docker_image_prepend: "{{ l_crt_docker_image_dict[ansible_distribution] }}"  l_docker_image_tag: "{{ l_crt_docker_image_tag_dict[openshift_deployment_type] }}" -l_docker_image_default: "{{ l_docker_image_prepend }}/{{ openshift_docker_service_name }}:{{ l_docker_image_tag }}" +l_docker_image_default: "{{ l_docker_image_prepend }}:{{ l_docker_image_tag }}"  l_docker_image: "{{ openshift_docker_systemcontainer_image_override | default(l_docker_image_default) }}"  l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" diff --git a/roles/flannel/meta/main.yml b/roles/flannel/meta/main.yml index 7634b8192..38d2f748b 100644 --- a/roles/flannel/meta/main.yml +++ b/roles/flannel/meta/main.yml @@ -14,3 +14,4 @@ galaxy_info:    - system  dependencies:  - role: lib_utils +- role: openshift_facts diff --git a/roles/lib_utils/filter_plugins/oo_filters.py b/roles/lib_utils/filter_plugins/oo_filters.py index 9f73510c4..ef996fefe 100644 --- a/roles/lib_utils/filter_plugins/oo_filters.py +++ b/roles/lib_utils/filter_plugins/oo_filters.py @@ -4,6 +4,7 @@  """  Custom filters for use in openshift-ansible  """ +import json  import os  import pdb  import random @@ -586,6 +587,18 @@ that result to this filter plugin.      return secret_name +def lib_utils_oo_l_of_d_to_csv(input_list): +    """Map a list of dictionaries, input_list, into a csv string +    of json values. + +    Example input: +    [{'var1': 'val1', 'var2': 'val2'}, {'var1': 'val3', 'var2': 'val4'}] +    Example output: +    u'{"var1": "val1", "var2": "val2"},{"var1": "val3", "var2": "val4"}' +    """ +    return ','.join(json.dumps(x) for x in input_list) + +  def map_from_pairs(source, delim="="):      ''' Returns a dict given the source and delim delimited '''      if source == '': @@ -623,5 +636,6 @@ class FilterModule(object):              "lib_utils_oo_contains_rule": lib_utils_oo_contains_rule,              "lib_utils_oo_selector_to_string_list": lib_utils_oo_selector_to_string_list,              "lib_utils_oo_filter_sa_secrets": lib_utils_oo_filter_sa_secrets, +            "lib_utils_oo_l_of_d_to_csv": lib_utils_oo_l_of_d_to_csv,              "map_from_pairs": map_from_pairs          } diff --git a/roles/lib_utils/library/docker_creds.py b/roles/lib_utils/library/docker_creds.py index d4674845e..b94c0b779 100644 --- a/roles/lib_utils/library/docker_creds.py +++ b/roles/lib_utils/library/docker_creds.py @@ -135,7 +135,7 @@ def update_config(docker_config, registry, username, password):          docker_config['auths'][registry] = {}      # base64 encode our username:password string -    encoded_data = base64.b64encode('{}:{}'.format(username, password)) +    encoded_data = base64.b64encode('{}:{}'.format(username, password).encode())      # check if the same value is already present for idempotency.      if 'auth' in docker_config['auths'][registry]: @@ -151,7 +151,7 @@ def write_config(module, docker_config, dest):      conf_file_path = os.path.join(dest, 'config.json')      try:          with open(conf_file_path, 'w') as conf_file: -            json.dump(docker_config, conf_file, indent=8) +            json.dump(docker_config.decode(), conf_file, indent=8)      except IOError as ioerror:          result = {'failed': True,                    'changed': False, diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 0b10413c5..5864d3c03 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -77,6 +77,18 @@ r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }  l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" +openshift_node_syscon_auth_mounts_l: +- type: bind +  source: "{{ oreg_auth_credentials_path }}" +  destination: "/root/.docker" +  options: +  - ro + +# If we need to add new mounts in the future, or the user wants to mount data. +# This should be in the same format as auth_mounts_l above. +openshift_node_syscon_add_mounts_l: [] + +  openshift_deployment_type: "{{ openshift_deployment_type | default('origin') }}"  openshift_node_image_dict: diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml index 06b879050..008f209d7 100644 --- a/roles/openshift_node/tasks/node_system_container.yml +++ b/roles/openshift_node/tasks/node_system_container.yml @@ -14,4 +14,23 @@      - "DNS_DOMAIN={{ openshift.common.dns_domain }}"      - "DOCKER_SERVICE={{ openshift_docker_service_name }}.service"      - "MASTER_SERVICE={{ openshift_service_type }}.service" +    - 'ADDTL_MOUNTS={{ l_node_syscon_add_mounts2 }}'      state: latest +  vars: +    # We need to evaluate some variables here to ensure +    # l_bind_docker_reg_auth is evaluated after registry_auth.yml has been +    # processed. + +    # Determine if we want to include auth credentials mount. +    l_node_syscon_auth_mounts_l: "{{ l_bind_docker_reg_auth | ternary(openshift_node_syscon_auth_mounts_l,[]) }}" + +    # Join any user-provided mounts and auth_mounts into a combined list. +    l_node_syscon_add_mounts_l: "{{ openshift_node_syscon_add_mounts_l | union(l_node_syscon_auth_mounts_l) }}" + +    # We must prepend a ',' here to ensure the value is inserted properly into an +    # existing json list in the container's config.json +    # lib_utils_oo_l_of_d_to_csv is a custom filter plugin in roles/lib_utils/oo_filters.py +    l_node_syscon_add_mounts: ",{{ l_node_syscon_add_mounts_l | lib_utils_oo_l_of_d_to_csv }}" +    # if we have just a ',' then both mount lists were empty, we don't want to add +    # anything to config.json +    l_node_syscon_add_mounts2: "{{ (l_node_syscon_add_mounts != ',') | bool | ternary(l_node_syscon_add_mounts,'') }}" diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 5f2a94ea2..7d817463c 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -32,7 +32,7 @@ masterClientConnectionOverrides:    contentType: application/vnd.kubernetes.protobuf    burst: 200    qps: 100 -masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig +masterKubeConfig: system:node:{{ openshift.common.hostname | lower }}.kubeconfig  {% if openshift_node_use_openshift_sdn | bool %}  networkPluginName: {{ openshift_node_sdn_network_plugin_name }}  {% endif %} diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 5f73f3bdc..13d9fd718 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -18,9 +18,9 @@    stat:      path: "{{ openshift.common.config_base }}/node/{{ item }}"    with_items: -  - "system:node:{{ openshift.common.hostname }}.crt" -  - "system:node:{{ openshift.common.hostname }}.key" -  - "system:node:{{ openshift.common.hostname }}.kubeconfig" +  - "system:node:{{ openshift.common.hostname | lower }}.crt" +  - "system:node:{{ openshift.common.hostname | lower }}.key" +  - "system:node:{{ openshift.common.hostname | lower }}.kubeconfig"    - ca.crt    - server.key    - server.crt @@ -59,16 +59,16 @@      --certificate-authority {{ legacy_ca_certificate }}      {% endfor %}      --certificate-authority={{ openshift_ca_cert }} -    --client-dir={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }} +    --client-dir={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}      --groups=system:nodes      --master={{ hostvars[openshift_ca_host].openshift.master.api_url }}      --signer-cert={{ openshift_ca_cert }}      --signer-key={{ openshift_ca_key }}      --signer-serial={{ openshift_ca_serial }} -    --user=system:node:{{ hostvars[item].openshift.common.hostname }} +    --user=system:node:{{ hostvars[item].openshift.common.hostname | lower }}      --expire-days={{ openshift_node_cert_expire_days }}    args: -    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}" +    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}"    with_items: "{{ hostvars                    | lib_utils_oo_select_keys(groups['oo_nodes_to_config'])                    | lib_utils_oo_collect(attribute='inventory_hostname', filters={'node_certs_missing':True}) }}" @@ -78,16 +78,16 @@  - name: Generate the node server certificate    command: >      {{ hostvars[openshift_ca_host]['first_master_client_binary'] }} adm ca create-server-cert -    --cert={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.crt -    --key={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.key +    --cert={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}/server.crt +    --key={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}/server.key      --expire-days={{ openshift_node_cert_expire_days }}      --overwrite=true -    --hostnames={{ hostvars[item].openshift.common.hostname }},{{ hostvars[item].openshift.common.public_hostname }},{{ hostvars[item].openshift.common.ip }},{{ hostvars[item].openshift.common.public_ip }} +    --hostnames={{ hostvars[item].openshift.common.hostname }},{{ hostvars[item].openshift.common.hostname | lower }},{{ hostvars[item].openshift.common.public_hostname }},{{ hostvars[item].openshift.common.public_hostname | lower }},{{ hostvars[item].openshift.common.ip }},{{ hostvars[item].openshift.common.public_ip }}      --signer-cert={{ openshift_ca_cert }}      --signer-key={{ openshift_ca_key }}      --signer-serial={{ openshift_ca_serial }}    args: -    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.crt" +    creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname | lower }}/server.crt"    with_items: "{{ hostvars                    | lib_utils_oo_select_keys(groups['oo_nodes_to_config'])                    | lib_utils_oo_collect(attribute='inventory_hostname', filters={'node_certs_missing':True}) }}" diff --git a/roles/openshift_node_certificates/vars/main.yml b/roles/openshift_node_certificates/vars/main.yml index 17ad8106d..12a6d3f94 100644 --- a/roles/openshift_node_certificates/vars/main.yml +++ b/roles/openshift_node_certificates/vars/main.yml @@ -1,7 +1,7 @@  ---  openshift_generated_configs_dir: "{{ openshift.common.config_base }}/generated-configs"  openshift_node_cert_dir: "{{ openshift.common.config_base }}/node" -openshift_node_cert_subdir: "node-{{ openshift.common.hostname }}" +openshift_node_cert_subdir: "node-{{ openshift.common.hostname | lower }}"  openshift_node_config_dir: "{{ openshift.common.config_base }}/node"  openshift_node_generated_config_dir: "{{ openshift_generated_configs_dir }}/{{ openshift_node_cert_subdir }}" diff --git a/roles/openshift_web_console/tasks/install.yml b/roles/openshift_web_console/tasks/install.yml index ead62799a..cc5eef47d 100644 --- a/roles/openshift_web_console/tasks/install.yml +++ b/roles/openshift_web_console/tasks/install.yml @@ -86,6 +86,8 @@              value: "{{ openshift.master.logout_url | default('') }}"            - key: features#inactivityTimeoutMinutes              value: "{{ openshift_web_console_inactivity_timeout_minutes | default(0) }}" +          - key: features#clusterResourceOverridesEnabled +            value: "{{ openshift_web_console_cluster_resource_overrides_enabled | default(false) }}"            - key: extensions#scriptURLs              value: "{{ openshift_web_console_extension_script_urls | default([]) }}"            - key: extensions#stylesheetURLs diff --git a/roles/openshift_web_console/tasks/update_console_config.yml b/roles/openshift_web_console/tasks/update_console_config.yml index 4d2957977..41da2c16a 100644 --- a/roles/openshift_web_console/tasks/update_console_config.yml +++ b/roles/openshift_web_console/tasks/update_console_config.yml @@ -19,43 +19,48 @@  #         value: "https://{{ openshift_logging_kibana_hostname }}"  #   when: openshift_web_console_install | default(true) | bool -- name: Read web console config map +- name: Read the existing web console config map    oc_configmap:      namespace: openshift-web-console      name: webconsole-config      state: list -  register: webconsole_config - -- name: Make temp directory -  command: mktemp -d /tmp/console-ansible-XXXXXX -  register: mktemp_console -  changed_when: False - -- name: Copy web console config to temp file -  copy: -    content: "{{webconsole_config.results.results[0].data['webconsole-config.yaml']}}" -    dest: "{{ mktemp_console.stdout }}/webconsole-config.yaml" - -- name: Change web console config properties -  yedit: -    src: "{{ mktemp_console.stdout }}/webconsole-config.yaml" -    edits: "{{console_config_edits}}" -    separator: '#' -    state: present - -- name: Update web console config map -  oc_configmap: -    namespace: openshift-web-console -    name: webconsole-config -    state: present -    from_file: -      webconsole-config.yaml: "{{ mktemp_console.stdout }}/webconsole-config.yaml" - -- name: Remove temp directory -  file: -    state: absent -    name: "{{ mktemp_console.stdout }}" -  changed_when: False - -# TODO: Only rollout if config has changed. -- include_tasks: rollout_console.yml +  register: webconsole_config_map + +- set_fact: +    existing_config_map_data: "{{ webconsole_config_map.results.results[0].data | default({}) }}" + +- when: existing_config_map_data['webconsole-config.yaml'] is defined +  block: +  - name: Make temp directory +    command: mktemp -d /tmp/console-ansible-XXXXXX +    register: mktemp_console +    changed_when: False + +  - name: Copy the existing web console config to temp directory +    copy: +      content: "{{ existing_config_map_data['webconsole-config.yaml'] }}" +      dest: "{{ mktemp_console.stdout }}/webconsole-config.yaml" + +  - name: Change web console config properties +    yedit: +      src: "{{ mktemp_console.stdout }}/webconsole-config.yaml" +      edits: "{{console_config_edits}}" +      separator: '#' +      state: present + +  - name: Update web console config map +    oc_configmap: +      namespace: openshift-web-console +      name: webconsole-config +      state: present +      from_file: +        webconsole-config.yaml: "{{ mktemp_console.stdout }}/webconsole-config.yaml" + +  - name: Remove temp directory +    file: +      state: absent +      name: "{{ mktemp_console.stdout }}" +    changed_when: False + +  # TODO: Only rollout if config has changed. +  - include_tasks: rollout_console.yml diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py index 216664cd0..84a76fa53 100644 --- a/utils/src/ooinstall/openshift_ansible.py +++ b/utils/src/ooinstall/openshift_ansible.py @@ -122,7 +122,7 @@ def write_inventory_vars(base_inventory, lb):      if CFG.deployment.variables['ansible_ssh_user'] != 'root':          base_inventory.write('ansible_become=yes\n') -    base_inventory.write('openshift_override_hostname_check=true\n') +    base_inventory.write('openshift_hostname_check=false\n')      if lb is not None:          base_inventory.write("openshift_master_cluster_hostname={}\n".format(lb.hostname)) | 
