diff options
31 files changed, 152 insertions, 59 deletions
| diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 98e277c19..406099fb7 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.6.117-1 ./ +3.6.122-1 ./ diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 962a01a91..324271d00 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -798,7 +798,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',  # use this line.  # The directory in "auditFilePath" will be created if it's not  # exist -#openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5}} +#openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5}  # Enable origin repos that point at Centos PAAS SIG, defaults to true, only used  # by deployment_type=origin diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 63f1f00d2..2c3f011e2 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -798,7 +798,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',  # use this line.  # The directory in "auditFilePath" will be created if it's not  # exist -#openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5}} +#openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5}  # Validity of the auto-generated OpenShift certificates in days.  # See also openshift_hosted_registry_cert_expire_days above. diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 7b5587294..b3e097018 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -9,7 +9,7 @@  %global __requires_exclude ^/usr/bin/ansible-playbook$  Name:           openshift-ansible -Version:        3.6.117 +Version:        3.6.122.0  Release:        1%{?dist}  Summary:        Openshift and Atomic Enterprise Ansible  License:        ASL 2.0 @@ -280,6 +280,34 @@ Atomic OpenShift Utilities includes  %changelog +* Wed Jun 21 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.6.122-1 +-  + +* Tue Jun 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.6.121-1 +- Updating default from null to "" (ewolinet@redhat.com) + +* Tue Jun 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.6.120-1 +- Update atomic-openshift-master.j2 (sdodson@redhat.com) +- Enable push to registry via dns only on clean 3.6 installs +  (sdodson@redhat.com) +- Disable actually pushing to the registry via dns for now (sdodson@redhat.com) +- Add openshift_node_dnsmasq role to upgrade (sdodson@redhat.com) +- Push to the registry via dns (sdodson@redhat.com) + +* Tue Jun 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.6.119-1 +- Temporarilly only migrate jobs as we were before (sdodson@redhat.com) +- Disable TLS verification in skopeo inspect (rhcarvalho@gmail.com) +- Preserve etcd3 storage if it's already in use (sdodson@redhat.com) +- GlusterFS: Generate better secret keys (jarrpa@redhat.com) +- GlusterFS: Fix error when groups.glusterfs_registry is undefined. +  (jarrpa@redhat.com) +- GlusterFS: Use proper identity in heketi secret (jarrpa@redhat.com) +- GlusterFS: Allow configuration of heketi port (jarrpa@redhat.com) +- GlusterFS: Fix variable typo (jarrpa@redhat.com) +- GlusterFS: Minor template fixes (jarrpa@redhat.com) +- registry: mount GlusterFS storage volume from correct host +  (jarrpa@redhat.com) +  * Mon Jun 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.6.117-1  - Run storage upgrade pre and post master upgrade (rteague@redhat.com)  - Introduce etcd migrate role (jchaloup@redhat.com) diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 27c3a9edd..ddd2ecebd 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -317,6 +317,7 @@    - name: restart NetworkManager      service: name=NetworkManager state=restarted +    when: openshift_use_dnsmasq | default(true) | bool  - hosts: masters    become: yes diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index 2372a5322..9c5948552 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -16,7 +16,6 @@        - disk_availability        - memory_availability        - package_availability -      - package_update        - package_version        - docker_image_availability        - docker_storage diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index 5c19df4c5..6738ce11f 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -296,6 +296,7 @@    - openshift_facts    - docker    - openshift_node_upgrade +  - openshift_node_dnsmasq    post_tasks:    - name: Set node schedulability diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml index 91dbc2cd4..35a50cf4e 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml @@ -34,6 +34,7 @@    - openshift_facts    - docker    - openshift_node_upgrade +  - openshift_node_dnsmasq    - role: openshift_excluder      r_openshift_excluder_action: enable      r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 429460b2c..70108fb7a 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -27,7 +27,17 @@    - name: Set clean install fact      set_fact: -      l_clean_install: "{{ not master_config_stat.stat.exists }}" +      l_clean_install: "{{ not master_config_stat.stat.exists | bool }}" + +  - name: Determine if etcd3 storage is in use +    command: grep  -Pzo  "storage-backend:\n.*etcd3" /etc/origin/master/master-config.yaml -q +    register: etcd3_grep +    failed_when: false +    changed_when: false + +  - name: Set etcd3 fact +    set_fact: +      l_etcd3_enabled: "{{ etcd3_grep.rc == 0 | bool }}"    - set_fact:        openshift_master_pod_eviction_timeout: "{{ lookup('oo_option', 'openshift_master_pod_eviction_timeout') | default(none, true) }}" @@ -131,7 +141,8 @@      etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}"      etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"      etcd_cert_prefix: "master.etcd-" -    r_openshift_master_clean_install: hostvars[groups.oo_first_master.0].l_clean_install +    r_openshift_master_clean_install: "{{ hostvars[groups.oo_first_master.0].l_clean_install }}" +    r_openshift_master_etcd3_storage: "{{ hostvars[groups.oo_first_master.0].l_etcd3_enabled }}"    - role: nuage_master      when: openshift.common.use_nuage | bool    - role: calico_master diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index cfe092a28..0788ddfb0 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1654,6 +1654,7 @@ def set_proxy_facts(facts):                      common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(','))              # We always add local dns domain and ourselves no matter what              common['no_proxy'].append('.' + common['dns_domain']) +            common['no_proxy'].append('.svc')              common['no_proxy'].append(common['hostname'])              common['no_proxy'] = ','.join(sort_unique(common['no_proxy']))          facts['common'] = common diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py index 60aacf715..26bf4c09b 100644 --- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py +++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py @@ -169,7 +169,7 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck):              registries = [registry]          for registry in registries: -            args = {"_raw_params": "skopeo inspect docker://{}/{}".format(registry, image)} +            args = {"_raw_params": "skopeo inspect --tls-verify=false docker://{}/{}".format(registry, image)}              result = self.execute_module("command", args, task_vars=task_vars)              if result.get("rc", 0) == 0 and not result.get("failed"):                  return True diff --git a/roles/openshift_hosted/tasks/registry/storage/glusterfs.yml b/roles/openshift_hosted/tasks/registry/storage/glusterfs.yml index e6bb196b8..c504bfb80 100644 --- a/roles/openshift_hosted/tasks/registry/storage/glusterfs.yml +++ b/roles/openshift_hosted/tasks/registry/storage/glusterfs.yml @@ -35,7 +35,7 @@    mount:      state: mounted      fstype: glusterfs -    src: "{{ groups.oo_glusterfs_to_config[0] }}:/{{ openshift.hosted.registry.storage.glusterfs.path }}" +    src: "{% if 'glusterfs_registry' in groups %}{{ groups.glusterfs_registry[0] }}{% else %}{{ groups.glusterfs[0] }}{% endif %}:/{{ openshift.hosted.registry.storage.glusterfs.path }}"      name: "{{ mktemp.stdout }}"  - name: Set registry volume permissions diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 6a082d71a..2d3ce5bcd 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -1,3 +1,4 @@  ---  openshift_node_ips: []  r_openshift_master_clean_install: false +r_openshift_master_etcd3_storage: false diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 035c15fef..86532cd0a 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -128,6 +128,9 @@    when: openshift.master.request_header_ca is defined and item.kind == 'RequestHeaderIdentityProvider' and item.clientCA | default('') != ''    with_items: "{{ openshift.master.identity_providers }}" +- set_fact: +    openshift_push_via_dns: "{{ openshift_use_dnsmasq | default(true) and openshift.common.version_gte_3_6 and r_openshift_master_clean_install }}" +  - name: Install the systemd units    include: systemd_units.yml @@ -164,26 +167,6 @@      - restart master api      - restart master controllers -- name: Configure master to use etcd3 storage backend on 3.6 clean installs -  yedit: -    src: /etc/origin/master/master-config.yaml -    key: "{{ item.key }}" -    value: "{{ item.value }}" -  with_items: -    - key: kubernetesMasterConfig.apiServerArguments.storage-backend -      value: -        - etcd3 -    - key: kubernetesMasterConfig.apiServerArguments.storage-media-type -      value: -        - application/vnd.kubernetes.protobuf -  when: -    - r_openshift_master_clean_install -    - openshift.common.version_gte_3_6 -  notify: -    - restart master -    - restart master api -    - restart master controllers -  - include: set_loopback_context.yml    when: openshift.common.version_gte_3_2_or_1_2 diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 6e2439fd9..850fae0e4 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -1,5 +1,8 @@  OPTIONS=--loglevel={{ openshift.master.debug_level | default(2) }}  CONFIG_FILE={{ openshift_master_config_file }} +{% if openshift_push_via_dns | default(false) %} +OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000 +{% endif %}  {% if openshift.common.is_containerized | bool %}  IMAGE_VERSION={{ openshift_image_tag }}  {% endif %} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 1935d9592..6c26e5092 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -139,6 +139,12 @@ kubernetesMasterConfig:    - v1  {% endif %}    apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }} +{% if r_openshift_master_etcd3_storage or ( r_openshift_master_clean_install and openshift.common.version_gte_3_6 ) %} +    storage-backend: +    - etcd3 +    storage-media-type: +    - application/vnd.kubernetes.protobuf +{% endif %}    controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }}    masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }}    masterIP: {{ openshift.common.ip }} diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml index ba50566e9..c34936930 100644 --- a/roles/openshift_metrics/defaults/main.yaml +++ b/roles/openshift_metrics/defaults/main.yaml @@ -16,7 +16,7 @@ openshift_metrics_hawkular_nodeselector: ""  openshift_metrics_cassandra_replicas: 1  openshift_metrics_cassandra_storage_type: "{{ openshift_hosted_metrics_storage_kind | default('emptydir') }}"  openshift_metrics_cassandra_pvc_size: "{{ openshift_hosted_metrics_storage_volume_size | default('10Gi') }}" -openshift_metrics_cassandra_pv_selector: "{{ openshift_hosted_metrics_storage_labels | default(null) }}" +openshift_metrics_cassandra_pv_selector: "{{ openshift_hosted_metrics_storage_labels | default('') }}"  openshift_metrics_cassandra_limits_memory: 2G  openshift_metrics_cassandra_limits_cpu: null  openshift_metrics_cassandra_requests_memory: 1G diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index 24798d3d2..c68073a10 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -96,6 +96,9 @@ EOF        if ! grep -q '99-origin-dns.sh' ${NEW_RESOLV_CONF}; then            echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF}        fi +      if ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then +        sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF} +      fi        cp -Z ${NEW_RESOLV_CONF} /etc/resolv.conf      fi    fi diff --git a/roles/openshift_node_upgrade/tasks/main.yml b/roles/openshift_node_upgrade/tasks/main.yml index d44839d69..8eaa68cc9 100644 --- a/roles/openshift_node_upgrade/tasks/main.yml +++ b/roles/openshift_node_upgrade/tasks/main.yml @@ -147,3 +147,6 @@    # Give the node two minutes to come back online.    retries: 24    delay: 5 + +- include_role: +    name: openshift_node_dnsmasq diff --git a/roles/openshift_storage_glusterfs/README.md b/roles/openshift_storage_glusterfs/README.md index 62fc35299..da4e348b4 100644 --- a/roles/openshift_storage_glusterfs/README.md +++ b/roles/openshift_storage_glusterfs/README.md @@ -90,7 +90,8 @@ GlusterFS cluster into a new or existing OpenShift cluster:  | openshift_storage_glusterfs_heketi_admin_key     | auto-generated          | String to use as secret key for performing heketi commands as admin  | openshift_storage_glusterfs_heketi_user_key      | auto-generated          | String to use as secret key for performing heketi commands as user that can only view or modify volumes  | openshift_storage_glusterfs_heketi_topology_load | True                    | Load the GlusterFS topology information into heketi -| openshift_storage_glusterfs_heketi_url           | Undefined               | URL for the heketi REST API, dynamically determined in native mode +| openshift_storage_glusterfs_heketi_url           | Undefined               | When heketi is native, this sets the hostname portion of the final heketi route URL. When heketi is external, this is the full URL to the heketi service. +| openshift_storage_glusterfs_heketi_port          | 8080                    | TCP port for external heketi service **NOTE:** This has no effect in native mode  | openshift_storage_glusterfs_heketi_wipe          | False                   | Destroy any existing heketi resources, defaults to the value of `openshift_storage_glusterfs_wipe`  Each role variable also has a corresponding variable to optionally configure a diff --git a/roles/openshift_storage_glusterfs/defaults/main.yml b/roles/openshift_storage_glusterfs/defaults/main.yml index 468877e57..4ff56af9e 100644 --- a/roles/openshift_storage_glusterfs/defaults/main.yml +++ b/roles/openshift_storage_glusterfs/defaults/main.yml @@ -13,11 +13,12 @@ openshift_storage_glusterfs_heketi_is_missing: True  openshift_storage_glusterfs_heketi_deploy_is_missing: True  openshift_storage_glusterfs_heketi_image: "{{ 'rhgs3/rhgs-volmanager-rhel7' | quote if deployment_type == 'openshift-enterprise' else 'heketi/heketi' | quote }}"  openshift_storage_glusterfs_heketi_version: 'latest' -openshift_storage_glusterfs_heketi_admin_key: "{{ 32 | oo_generate_secret }}" -openshift_storage_glusterfs_heketi_user_key: "{{ 32 | oo_generate_secret }}" +openshift_storage_glusterfs_heketi_admin_key: "{{ omit }}" +openshift_storage_glusterfs_heketi_user_key: "{{ omit }}"  openshift_storage_glusterfs_heketi_topology_load: True  openshift_storage_glusterfs_heketi_wipe: "{{ openshift_storage_glusterfs_wipe }}"  openshift_storage_glusterfs_heketi_url: "{{ omit }}" +openshift_storage_glusterfs_heketi_port: 8080  openshift_storage_glusterfs_registry_timeout: "{{ openshift_storage_glusterfs_timeout }}"  openshift_storage_glusterfs_registry_namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" @@ -33,8 +34,9 @@ openshift_storage_glusterfs_registry_heketi_is_missing: "{{ openshift_storage_gl  openshift_storage_glusterfs_registry_heketi_deploy_is_missing: "{{ openshift_storage_glusterfs_heketi_deploy_is_missing }}"  openshift_storage_glusterfs_registry_heketi_image: "{{ openshift_storage_glusterfs_heketi_image }}"  openshift_storage_glusterfs_registry_heketi_version: "{{ openshift_storage_glusterfs_heketi_version }}" -openshift_storage_glusterfs_registry_heketi_admin_key: "{{ 32 | oo_generate_secret }}" -openshift_storage_glusterfs_registry_heketi_user_key: "{{ 32 | oo_generate_secret }}" +openshift_storage_glusterfs_registry_heketi_admin_key: "{{ omit }}" +openshift_storage_glusterfs_registry_heketi_user_key: "{{ omit }}"  openshift_storage_glusterfs_registry_heketi_topology_load: "{{ openshift_storage_glusterfs_heketi_topology_load }}"  openshift_storage_glusterfs_registry_heketi_wipe: "{{ openshift_storage_glusterfs_heketi_wipe }}"  openshift_storage_glusterfs_registry_heketi_url: "{{ openshift_storage_glusterfs_heketi_url | default(omit) }}" +openshift_storage_glusterfs_registry_heketi_port: 8080 diff --git a/roles/openshift_storage_glusterfs/files/v3.6/deploy-heketi-template.yml b/roles/openshift_storage_glusterfs/files/v3.6/deploy-heketi-template.yml index 81b4fa5dc..4434f750c 100644 --- a/roles/openshift_storage_glusterfs/files/v3.6/deploy-heketi-template.yml +++ b/roles/openshift_storage_glusterfs/files/v3.6/deploy-heketi-template.yml @@ -29,7 +29,7 @@ objects:  - kind: Route    apiVersion: v1    metadata: -    name: deploy-heketi-${CLUSTER_NAME} +    name: ${HEKETI_ROUTE}      labels:        glusterfs: deploy-heketi-${CLUSTER_NAME}-route        deploy-heketi: support @@ -115,14 +115,19 @@ parameters:    displayName: Namespace    description: Set the namespace where the GlusterFS pods reside    value: default +- name: HEKETI_ROUTE +  displayName: heketi route name +  description: Set the hostname for the route URL +  value: "heketi-glusterfs"  - name: IMAGE_NAME -  displayName: heketi container name +  displayName: heketi container image name    required: True  - name: IMAGE_VERSION -  displayName: heketi container versiona +  displayName: heketi container image version    required: True  - name: CLUSTER_NAME    displayName: GlusterFS cluster name +  description: A unique name to identify this heketi service, useful for running multiple heketi instances    value: glusterfs  - name: TOPOLOGY_PATH    displayName: heketi topology file location diff --git a/roles/openshift_storage_glusterfs/files/v3.6/glusterfs-template.yml b/roles/openshift_storage_glusterfs/files/v3.6/glusterfs-template.yml index dc3d2250a..8c5e1ded3 100644 --- a/roles/openshift_storage_glusterfs/files/v3.6/glusterfs-template.yml +++ b/roles/openshift_storage_glusterfs/files/v3.6/glusterfs-template.yml @@ -125,11 +125,12 @@ parameters:    description: Labels which define the daemonset node selector. Must contain at least one label of the format \'glusterfs=<CLUSTER_NAME>-host\'    value: '{ "glusterfs": "storage-host" }'  - name: IMAGE_NAME -  displayName: GlusterFS container name +  displayName: GlusterFS container image name    required: True  - name: IMAGE_VERSION -  displayName: GlusterFS container versiona +  displayName: GlusterFS container image version    required: True  - name: CLUSTER_NAME    displayName: GlusterFS cluster name +  description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances    value: storage diff --git a/roles/openshift_storage_glusterfs/files/v3.6/heketi-template.yml b/roles/openshift_storage_glusterfs/files/v3.6/heketi-template.yml index 1d8f1abdf..e3fa0a9fb 100644 --- a/roles/openshift_storage_glusterfs/files/v3.6/heketi-template.yml +++ b/roles/openshift_storage_glusterfs/files/v3.6/heketi-template.yml @@ -27,7 +27,7 @@ objects:  - kind: Route    apiVersion: v1    metadata: -    name: heketi-${CLUSTER_NAME} +    name: ${HEKETI_ROUTE}      labels:        glusterfs: heketi-${CLUSTER_NAME}-route    spec: @@ -109,12 +109,17 @@ parameters:    displayName: Namespace    description: Set the namespace where the GlusterFS pods reside    value: default +- name: HEKETI_ROUTE +  displayName: heketi route name +  description: Set the hostname for the route URL +  value: "heketi-glusterfs"  - name: IMAGE_NAME -  displayName: heketi container name +  displayName: heketi container image name    required: True  - name: IMAGE_VERSION -  displayName: heketi container versiona +  displayName: heketi container image version    required: True  - name: CLUSTER_NAME    displayName: GlusterFS cluster name +  description: A unique name to identify this heketi service, useful for running multiple heketi instances    value: glusterfs diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index 829c1f51b..4406ef28b 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -123,21 +123,32 @@    when:    - glusterfs_heketi_topology_load -- include: heketi_deploy_part1.yml +- name: Generate heketi admin key +  set_fact: +    glusterfs_heketi_admin_key: "{{ 32 | oo_generate_secret }}"    when:    - glusterfs_heketi_is_native -  - glusterfs_heketi_deploy_is_missing -  - glusterfs_heketi_is_missing +  - glusterfs_heketi_admin_key is undefined -- name: Set heketi URL +- name: Generate heketi user key    set_fact: -    glusterfs_heketi_url: "localhost:8080" +    glusterfs_heketi_user_key: "{{ 32 | oo_generate_secret }}" +  until: "glusterfs_heketi_user_key != glusterfs_heketi_admin_key" +  delay: 1 +  retries: 10 +  when: +  - glusterfs_heketi_is_native +  - glusterfs_heketi_user_key is undefined + +- include: heketi_deploy_part1.yml    when:    - glusterfs_heketi_is_native +  - glusterfs_heketi_deploy_is_missing +  - glusterfs_heketi_is_missing  - name: Set heketi-cli command    set_fact: -    glusterfs_heketi_client: "{% if glusterfs_heketi_is_native %}oc rsh {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} {% endif %}heketi-cli -s http://{{ glusterfs_heketi_url }} --user admin --secret '{{ glusterfs_heketi_admin_key }}'" +    glusterfs_heketi_client: "{% if glusterfs_heketi_is_native %}oc rsh {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} {% endif %}heketi-cli -s http://{% if glusterfs_heketi_is_native %}localhost:8080{% else %}{{ glusterfs_heketi_url }}:{{ glusterfs_heketi_port }}{% endif %} --user admin --secret '{{ glusterfs_heketi_admin_key }}'"  - name: Verify heketi service    command: "{{ glusterfs_heketi_client }} cluster list" @@ -155,21 +166,43 @@    - glusterfs_heketi_is_native    - glusterfs_heketi_is_missing -- name: Create heketi user secret +- name: Create heketi secret    oc_secret:      namespace: "{{ glusterfs_namespace }}"      state: present -    name: "heketi-{{ glusterfs_name }}-user-secret" +    name: "heketi-{{ glusterfs_name }}-secret"      type: "kubernetes.io/glusterfs"      force: True      contents:      - path: key -      data: "{{ glusterfs_heketi_user_key }}" +      data: "{{ glusterfs_heketi_admin_key }}" +  when: +  - glusterfs_storageclass + +- name: Get heketi route +  oc_obj: +    namespace: "{{ glusterfs_namespace }}" +    kind: route +    state: list +    name: "heketi-{{ glusterfs_name }}" +  register: heketi_route +  when: +  - glusterfs_storageclass +  - glusterfs_heketi_is_native + +- name: Determine StorageClass heketi URL +  set_fact: +    glusterfs_heketi_route: "{{ heketi_route.results.results[0]['spec']['host'] }}" +  when: +  - glusterfs_storageclass +  - glusterfs_heketi_is_native  - name: Generate GlusterFS StorageClass file    template:      src: "{{ openshift.common.examples_content_version }}/glusterfs-storageclass.yml.j2"      dest: "{{ mktemp.stdout }}/glusterfs-storageclass.yml" +  when: +  - glusterfs_storageclass  - name: Create GlusterFS StorageClass    oc_obj: diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml index aa303d126..dbfe126a4 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml @@ -19,6 +19,7 @@      glusterfs_heketi_topology_load: "{{ openshift_storage_glusterfs_heketi_topology_load }}"      glusterfs_heketi_wipe: "{{ openshift_storage_glusterfs_heketi_wipe }}"      glusterfs_heketi_url: "{{ openshift_storage_glusterfs_heketi_url }}" +    glusterfs_heketi_port: "{{ openshift_storage_glusterfs_heketi_port }}"      glusterfs_nodes: "{{ groups.glusterfs }}"  - include: glusterfs_common.yml diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml index 4c6891eeb..0849f2a2e 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml @@ -19,12 +19,13 @@      glusterfs_heketi_topology_load: "{{ openshift_storage_glusterfs_registry_heketi_topology_load }}"      glusterfs_heketi_wipe: "{{ openshift_storage_glusterfs_registry_heketi_wipe }}"      glusterfs_heketi_url: "{{ openshift_storage_glusterfs_registry_heketi_url }}" -    glusterfs_nodes: "{{ groups.glusterfs_registry }}" +    glusterfs_heketi_port: "{{ openshift_storage_glusterfs_registry_heketi_port }}" +    glusterfs_nodes: "{{ groups.glusterfs_registry | default(groups.glusterfs) }}"  - include: glusterfs_common.yml    when: -  - groups.glusterfs_registry | default([]) | count > 0 -  - "'glusterfs' not in groups or groups.glusterfs_registry != groups.glusterfs" +  - glusterfs_nodes | default([]) | count > 0 +  - "'glusterfs' not in groups or glusterfs_nodes != groups.glusterfs"  - name: Delete pre-existing GlusterFS registry resources    oc_obj: diff --git a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part1.yml b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part1.yml index 318d34b5d..ea9b1fe1f 100644 --- a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part1.yml +++ b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part1.yml @@ -33,6 +33,7 @@      params:        IMAGE_NAME: "{{ glusterfs_heketi_image }}"        IMAGE_VERSION: "{{ glusterfs_heketi_version }}" +      HEKETI_ROUTE: "{{ glusterfs_heketi_url | default(['heketi-',glusterfs_name]|join) }}"        HEKETI_USER_KEY: "{{ glusterfs_heketi_user_key }}"        HEKETI_ADMIN_KEY: "{{ glusterfs_heketi_admin_key }}"        HEKETI_KUBE_NAMESPACE: "{{ glusterfs_namespace }}" diff --git a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml index 3a9619d9d..26343b909 100644 --- a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml +++ b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml @@ -103,6 +103,7 @@      params:        IMAGE_NAME: "{{ glusterfs_heketi_image }}"        IMAGE_VERSION: "{{ glusterfs_heketi_version }}" +      HEKETI_ROUTE: "{{ glusterfs_heketi_url | default(['heketi-',glusterfs_name]|join) }}"        HEKETI_USER_KEY: "{{ glusterfs_heketi_user_key }}"        HEKETI_ADMIN_KEY: "{{ glusterfs_heketi_admin_key }}"        HEKETI_KUBE_NAMESPACE: "{{ glusterfs_namespace }}" @@ -124,7 +125,7 @@  - name: Set heketi-cli command    set_fact: -    glusterfs_heketi_client: "{% if glusterfs_heketi_is_native %}oc rsh {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} {% endif %}heketi-cli -s http://localhost:8080 --user admin --secret '{{ glusterfs_heketi_admin_key }}'" +    glusterfs_heketi_client: "oc rsh {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} heketi-cli -s http://localhost:8080 --user admin --secret '{{ glusterfs_heketi_admin_key }}'"  - name: Verify heketi service    command: "{{ glusterfs_heketi_client }} cluster list" diff --git a/roles/openshift_storage_glusterfs/tasks/main.yml b/roles/openshift_storage_glusterfs/tasks/main.yml index c9bfdd1cd..d2d8c6c10 100644 --- a/roles/openshift_storage_glusterfs/tasks/main.yml +++ b/roles/openshift_storage_glusterfs/tasks/main.yml @@ -11,7 +11,7 @@  - include: glusterfs_registry.yml    when: -  - "groups.glusterfs_registry | default([]) | count > 0 or openshift.hosted.registry.storage.kind == 'glusterfs' or openshift.hosted.registry.glusterfs.swap" +  - "groups.glusterfs_registry | default([]) | count > 0 or openshift.hosted.registry.storage.kind == 'glusterfs' or openshift.hosted.registry.storage.glusterfs.swap"  - name: Delete temp directory    file: diff --git a/roles/openshift_storage_glusterfs/templates/v3.6/glusterfs-storageclass.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.6/glusterfs-storageclass.yml.j2 index 9b8fae310..5ea801e60 100644 --- a/roles/openshift_storage_glusterfs/templates/v3.6/glusterfs-storageclass.yml.j2 +++ b/roles/openshift_storage_glusterfs/templates/v3.6/glusterfs-storageclass.yml.j2 @@ -5,6 +5,7 @@ metadata:    name: glusterfs-{{ glusterfs_name }}  provisioner: kubernetes.io/glusterfs  parameters: -  resturl: "http://{{ glusterfs_heketi_url }}:8081" +  resturl: "http://{% if glusterfs_heketi_is_native %}{{ glusterfs_heketi_route }}{% else %}{{ glusterfs_heketi_url }}:{{ glusterfs_heketi_port }}{% endif %}" +  restuser: "admin"    secretNamespace: "{{ glusterfs_namespace }}" -  secretName: "heketi-{{ glusterfs_name }}-user-secret" +  secretName: "heketi-{{ glusterfs_name }}-secret" | 
