diff options
29 files changed, 215 insertions, 1314 deletions
@@ -7,6 +7,15 @@ that it installs currently require a package that provides `docker`. Currently the RPMs provided from dockerproject.org do not provide this requirement, though they may in the future. +##Branches +The master branch tracks our current work and should be compatible with both +Origin master branch and the current Origin stable release, currently that's +v1.3 and v1.2. Enterprise branches exist where we coordinate with internal Red +Hat Quality Assurance teams. Fixes and backwards compatible feature improvements +are often backported to the more current enterprise branches. The enterprise +branches should also be compatible with the corresponding Origin release for +users who are looking for more conservative rate of change. + ##Setup - Install base dependencies: - Fedora: @@ -19,27 +28,27 @@ they may in the future. brew install ansible python ``` - Setup for a specific cloud: - - [AWS](README_AWS.md) - - [GCE](README_GCE.md) - - [local VMs](README_libvirt.md) + - [AWS](http://github.com/openshift/openshift-ansible/blob/master/README_AWS.md) + - [GCE](http://github.com/openshift/openshift-ansible/blob/master/README_GCE.md) + - [local VMs](http://github.com/openshift/openshift-ansible/blob/master/README_libvirt.md) - Bring your own host deployments: - [OpenShift Enterprise](https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html) - [OpenShift Origin](https://docs.openshift.org/latest/install_config/install/advanced_install.html) - - [Atomic Enterprise](README_AEP.md) + - [Atomic Enterprise](http://github.com/openshift/openshift-ansible/blob/master/README_AEP.md) - Build - [How to build the openshift-ansible rpms](BUILD.md) - Directory Structure: - - [bin/cluster](bin/cluster) - python script to easily create clusters - - [docs](docs) - Documentation for the project - - [filter_plugins/](filter_plugins) - custom filters used to manipulate data in Ansible - - [inventory/](inventory) - houses Ansible dynamic inventory scripts - - [playbooks/](playbooks) - houses host-type Ansible playbooks (launch, config, destroy, vars) - - [roles/](roles) - shareable Ansible tasks + - [bin/cluster](https://github.com/openshift/openshift-ansible/tree/master/bin/cluster) - python script to easily create clusters + - [docs](https://github.com/openshift/openshift-ansible/tree/master/docs) - Documentation for the project + - [filter_plugins/](https://github.com/openshift/openshift-ansible/tree/master/filter_plugins) - custom filters used to manipulate data in Ansible + - [inventory/](https://github.com/openshift/openshift-ansible/tree/master/inventory) - houses Ansible dynamic inventory scripts + - [playbooks/](https://github.com/openshift/openshift-ansible/tree/master/playbooks) - houses host-type Ansible playbooks (launch, config, destroy, vars) + - [roles/](https://github.com/openshift/openshift-ansible/tree/master/roles) - shareable Ansible tasks ##Contributing -- [Best Practices Guide](docs/best_practices_guide.adoc) -- [Core Concepts](docs/core_concepts_guide.adoc) -- [Style Guide](docs/style_guide.adoc) +- [Best Practices Guide](https://github.com/openshift/openshift-ansible/blob/master/docs/best_practices_guide.adoc) +- [Core Concepts](https://github.com/openshift/openshift-ansible/blob/master/docs/core_concepts_guide.adoc) +- [Style Guide](https://github.com/openshift/openshift-ansible/blob/master/docs/style_guide.adoc) diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 7b241e203..eeb04cb4e 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -529,9 +529,9 @@ class FilterModule(object): raise errors.AnsibleFilterError(("|failed to parse certificate '%s', " % certificate['certfile'] + "please specify certificate names in host inventory")) + certificate['names'] = list(set(certificate['names'])) if 'cafile' not in certificate: certificate['names'] = [name for name in certificate['names'] if name not in internal_hostnames] - certificate['names'] = list(set(certificate['names'])) if not certificate['names']: raise errors.AnsibleFilterError(("|failed to parse certificate '%s' or " % certificate['certfile'] + "detected a collision with internal hostname, please specify " + diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index b32eb5c18..41ed237f7 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -318,7 +318,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_registry_storage_s3_bucket=bucket_name #openshift_hosted_registry_storage_s3_region=bucket_region #openshift_hosted_registry_storage_s3_chunksize=26214400 +#openshift_hosted_registry_storage_s3_rootdirectory=/registry #openshift_hosted_registry_pullthrough=true +#openshift_hosted_registry_acceptschema2=true +#openshift_hosted_registry_enforcequota=true # Metrics deployment # See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 5aaf6695a..71e1ebb03 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -317,7 +317,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_registry_storage_s3_bucket=bucket_name #openshift_hosted_registry_storage_s3_region=bucket_region #openshift_hosted_registry_storage_s3_chunksize=26214400 +#openshift_hosted_registry_storage_s3_rootdirectory=/registry #openshift_hosted_registry_pullthrough=true +#openshift_hosted_registry_acceptschema2=true +#openshift_hosted_registry_enforcequota=true # Metrics deployment # See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 30e0f05fd..cd569937c 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -74,7 +74,7 @@ - name: Remove flannel package action: "{{ ansible_pkg_mgr }} name=flannel state=absent" - when: openshift_use_flannel | default(false) | bool + when: openshift_use_flannel | default(false) | bool and not is_atomic | bool - shell: systemctl reset-failed changed_when: False diff --git a/playbooks/common/openshift-cluster/redeploy-certificates.yml b/playbooks/common/openshift-cluster/redeploy-certificates.yml index b97906072..5b72c3450 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates.yml @@ -52,6 +52,14 @@ openshift_ca_host: "{{ groups.oo_first_master.0 }}" openshift_master_count: "{{ openshift.master.master_count | default(groups.oo_masters | length) }}" pre_tasks: + # set_fact task copied from playbooks/common/openshift-master/config.yml + # so that openshift_master_default_subdomain has a default value of "" + # (emptry string). openshift_master_default_subdomain must have a default + # value for openshift_master_facts to set metrics_public_url. + # TODO: clean this up. + - set_fact: + openshift_master_default_subdomain: "{{ lookup('oo_option', 'openshift_master_default_subdomain') | default(None, true) }}" + when: openshift_master_default_subdomain is not defined - stat: path: "{{ openshift_generated_configs_dir }}" register: openshift_generated_configs_dir_stat @@ -133,7 +141,9 @@ hosts: oo_etcd_to_config tasks: - name: restart etcd - service: name=etcd state=restarted + service: + name: "{{ 'etcd' if not openshift.common.is_containerized | bool else 'etcd_container' }}" + state: restarted - name: Stop master services hosts: oo_masters_to_config diff --git a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml new file mode 100644 index 000000000..e8a20aa2b --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml @@ -0,0 +1,69 @@ +--- +- name: Create local temp directory for syncing certs + hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX + register: local_cert_sync_tmpdir + changed_when: false + +- name: Create service signer certificate + hosts: oo_first_master + tasks: + - name: Create remote temp directory for creating certs + command: mktemp -d /tmp/openshift-ansible-XXXXXXX + register: remote_cert_create_tmpdir + changed_when: false + + - name: Create service signer certificate + command: > + {{ openshift.common.admin_binary }} ca create-signer-cert + --cert=service-signer.crt + --key=service-signer.key + --name=openshift-service-serving-signer + --serial=service-signer.serial.txt + args: + chdir: "{{ remote_cert_create_tmpdir.stdout }}/" + + - name: Retrieve service signer certificate + fetch: + src: "{{ remote_cert_create_tmpdir.stdout }}/{{ item }}" + dest: "{{ hostvars.localhost.local_cert_sync_tmpdir.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + with_items: + - "service-signer.crt" + - "service-signer.key" + + - name: Delete remote temp directory + file: + name: "{{ remote_cert_create_tmpdir.stdout }}" + state: absent + changed_when: false + +- name: Deploy service signer certificate + hosts: oo_masters_to_config + tasks: + - name: Deploy service signer certificate + copy: + src: "{{ hostvars.localhost.local_cert_sync_tmpdir.stdout }}/{{ item }}" + dest: "{{ openshift.common.config_base }}/master/" + with_items: + - "service-signer.crt" + - "service-signer.key" + +- name: Delete local temp directory + hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Delete local temp directory + file: + name: "{{ local_cert_sync_tmpdir.stdout }}" + state: absent + changed_when: false diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml index 06b3e244f..8002af4fc 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml @@ -28,7 +28,7 @@ - fail: msg: This playbook requires access to Docker 1.10 or later # Disable the 1.10 requirement if the user set a specific Docker version - when: avail_docker_version.stdout | version_compare('1.10','<') and docker_version is not defined + when: docker_version is not defined and (docker_upgrade is not defined or docker_upgrade | bool == True) and (avail_docker_version.stdout == "" or avail_docker_version.stdout | version_compare('1.10','<')) # Default l_docker_upgrade to False, we'll set to True if an upgrade is required: - set_fact: diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/upgrade.yml index cb5103e3a..ba4fc63be 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade.yml @@ -34,7 +34,7 @@ ############################################################################### # Upgrade Masters ############################################################################### -- name: Upgrade master +- name: Upgrade master packages hosts: oo_masters_to_config handlers: - include: ../../../../roles/openshift_master/handlers/main.yml @@ -45,6 +45,28 @@ - include: rpm_upgrade.yml component=master when: not openshift.common.is_containerized | bool +- name: Determine if service signer cert must be created + hosts: oo_first_master + tasks: + - name: Determine if service signer certificate must be created + stat: + path: "{{ openshift.common.config_base }}/master/service-signer.crt" + register: service_signer_cert_stat + changed_when: false + +# Create service signer cert when missing. Service signer certificate +# is added to master config in the master config hook for v3_3. +- include: create_service_signer_cert.yml + when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool) + +- name: Upgrade master config and systemd units + hosts: oo_masters_to_config + handlers: + - include: ../../../../roles/openshift_master/handlers/main.yml + static: yes + roles: + - openshift_facts + tasks: - include: "{{ master_config_hook }}" when: master_config_hook is defined @@ -211,6 +233,8 @@ - include: containerized_node_upgrade.yml when: inventory_hostname in groups.oo_nodes_to_config and openshift.common.is_containerized | bool + - meta: flush_handlers + - name: Set node schedulability command: > {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=true diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml index 641e7cafc..684eea343 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml @@ -38,3 +38,13 @@ dest: "{{ openshift.common.config_base}}/master/master-config.yaml" yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.qps' yaml_value: 300 + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.servicesServingCert.signer.certFile' + yaml_value: service-signer.crt + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.servicesServingCert.signer.keyFile' + yaml_value: service-signer.key diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 94c30e268..66eb293e5 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -156,9 +156,7 @@ - name: Set schedulability hosts: oo_first_master vars: - openshift_nodes: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_collect('openshift.common.hostname') }}" + openshift_nodes: "{{ groups.oo_nodes_to_config | default([]) }}" pre_tasks: # Necessary because when you're on a node that's also a master the master will be # restarted after the node restarts docker and it will take up to 60 seconds for diff --git a/roles/etcd_client_certificates/library b/roles/etcd_client_certificates/library deleted file mode 120000 index 494d3c39e..000000000 --- a/roles/etcd_client_certificates/library +++ /dev/null @@ -1 +0,0 @@ -../../library
\ No newline at end of file diff --git a/library/delegated_serial_command.py b/roles/etcd_common/library/delegated_serial_command.py index 3969edfdd..3969edfdd 100755 --- a/library/delegated_serial_command.py +++ b/roles/etcd_common/library/delegated_serial_command.py diff --git a/roles/etcd_server_certificates/library b/roles/etcd_server_certificates/library deleted file mode 120000 index 494d3c39e..000000000 --- a/roles/etcd_server_certificates/library +++ /dev/null @@ -1 +0,0 @@ -../../library
\ No newline at end of file diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml index 3f16dd819..fdead100c 100644 --- a/roles/nuage_master/meta/main.yml +++ b/roles/nuage_master/meta/main.yml @@ -13,4 +13,8 @@ galaxy_info: - cloud - system dependencies: -- { role: nuage_ca } +- role: nuage_ca +- role: os_firewall + os_firewall_allow: + - service: openshift-monitor + port: "{{ nuage_mon_rest_server_port }}/tcp" diff --git a/roles/nuage_node/meta/main.yml b/roles/nuage_node/meta/main.yml index 3f16dd819..9f84eacf6 100644 --- a/roles/nuage_node/meta/main.yml +++ b/roles/nuage_node/meta/main.yml @@ -13,4 +13,8 @@ galaxy_info: - cloud - system dependencies: -- { role: nuage_ca } +- role: nuage_ca +- role: os_firewall + os_firewall_allow: + - service: vxlan + port: 4789/udp diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index 1ad0d93a2..48da98017 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -14,27 +14,13 @@ TEMP=`mktemp -d` pushd $TEMP wget https://github.com/openshift/origin/archive/master.zip -O origin-master.zip -wget https://github.com/openshift/django-ex/archive/master.zip -O django-ex-master.zip -wget https://github.com/openshift/rails-ex/archive/master.zip -O rails-ex-master.zip -wget https://github.com/openshift/nodejs-ex/archive/master.zip -O nodejs-ex-master.zip -wget https://github.com/openshift/dancer-ex/archive/master.zip -O dancer-ex-master.zip -wget https://github.com/openshift/cakephp-ex/archive/master.zip -O cakephp-ex-master.zip wget https://github.com/jboss-openshift/application-templates/archive/${XPAAS_VERSION}.zip -O application-templates-master.zip unzip origin-master.zip -unzip django-ex-master.zip -unzip rails-ex-master.zip -unzip nodejs-ex-master.zip -unzip dancer-ex-master.zip -unzip cakephp-ex-master.zip unzip application-templates-master.zip cp origin-master/examples/db-templates/* ${EXAMPLES_BASE}/db-templates/ +cp origin-master/examples/quickstarts/* ${EXAMPLES_BASE}/quickstart-templates/ cp origin-master/examples/jenkins/jenkins-*template.json ${EXAMPLES_BASE}/quickstart-templates/ cp origin-master/examples/image-streams/* ${EXAMPLES_BASE}/image-streams/ -cp django-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ -cp rails-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ -cp nodejs-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ -cp dancer-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ -cp cakephp-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ mv application-templates-${XPAAS_VERSION}/jboss-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/ find application-templates-${XPAAS_VERSION}/ -name '*.json' ! -wholename '*secret*' ! -wholename '*demo*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \; wget https://raw.githubusercontent.com/jboss-fuse/application-templates/master/fis-image-streams.json -O ${EXAMPLES_BASE}/xpaas-streams/fis-image-streams.json diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp.json deleted file mode 100644 index dc6ecb5c7..000000000 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp.json +++ /dev/null @@ -1,343 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "cakephp-example", - "annotations": { - "description": "An example CakePHP application with no database", - "tags": "quickstart,php,cakephp", - "iconClass": "icon-php" - } - }, - "labels": { - "template": "cakephp-example" - }, - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Exposes and load balances the application pods" - } - }, - "spec": { - "ports": [ - { - "name": "web", - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "name": "${NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}" - }, - "spec": { - "host": "${APPLICATION_DOMAIN}", - "to": { - "kind": "Service", - "name": "${NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Keeps track of changes in the application image" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to build the application" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "from": { - "kind": "ImageStreamTag", - "namespace": "${NAMESPACE}", - "name": "php:5.6" - }, - "env": [ - { - "name": "COMPOSER_MIRROR", - "value": "${COMPOSER_MIRROR}" - } - ] - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - }, - "triggers": [ - { - "type": "ImageChange" - }, - { - "type": "ConfigChange" - }, - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to deploy the application server" - } - }, - "spec": { - "strategy": { - "type": "Rolling" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "cakephp-example" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${NAME}" - }, - "template": { - "metadata": { - "name": "${NAME}", - "labels": { - "name": "${NAME}" - } - }, - "spec": { - "containers": [ - { - "name": "cakephp-example", - "image": " ", - "ports": [ - { - "containerPort": 8080 - } - ], - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "env": [ - { - "name": "DATABASE_SERVICE_NAME", - "value": "${DATABASE_SERVICE_NAME}" - }, - { - "name": "DATABASE_ENGINE", - "value": "${DATABASE_ENGINE}" - }, - { - "name": "DATABASE_NAME", - "value": "${DATABASE_NAME}" - }, - { - "name": "DATABASE_USER", - "value": "${DATABASE_USER}" - }, - { - "name": "DATABASE_PASSWORD", - "value": "${DATABASE_PASSWORD}" - }, - { - "name": "CAKEPHP_SECRET_TOKEN", - "value": "${CAKEPHP_SECRET_TOKEN}" - }, - { - "name": "CAKEPHP_SECURITY_SALT", - "value": "${CAKEPHP_SECURITY_SALT}" - }, - { - "name": "CAKEPHP_SECURITY_CIPHER_SEED", - "value": "${CAKEPHP_SECURITY_CIPHER_SEED}" - }, - { - "name": "OPCACHE_REVALIDATE_FREQ", - "value": "${OPCACHE_REVALIDATE_FREQ}" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - } - } - ] - } - } - } - } - ], - "parameters": [ - { - "name": "NAME", - "displayName": "Name", - "description": "The name assigned to all of the frontend objects defined in this template.", - "required": true, - "value": "cakephp-example" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "required": true, - "value": "openshift" - }, - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "required": true, - "value": "512Mi" - }, - { - "name": "SOURCE_REPOSITORY_URL", - "displayName": "Git Repository URL", - "description": "The URL of the repository with your application source code.", - "required": true, - "value": "https://github.com/openshift/cakephp-ex.git" - }, - { - "name": "SOURCE_REPOSITORY_REF", - "displayName": "Git Reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." - }, - { - "name": "CONTEXT_DIR", - "displayName": "Context Directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - }, - { - "name": "APPLICATION_DOMAIN", - "displayName": "Application Hostname", - "description": "The exposed hostname that will route to the CakePHP service, if left blank a value will be defaulted.", - "value": "" - }, - { - "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub Webhook Secret", - "description": "A secret string used to configure the GitHub webhook.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "DATABASE_SERVICE_NAME", - "displayName": "Database Service Name" - }, - { - "name": "DATABASE_ENGINE", - "displayName": "Database Engine", - "description": "Database engine: postgresql, mysql or sqlite (default)." - }, - { - "name": "DATABASE_NAME", - "displayName": "Database Name" - }, - { - "name": "DATABASE_USER", - "displayName": "Database User" - }, - { - "name": "DATABASE_PASSWORD", - "displayName": "Database Password" - }, - { - "name": "CAKEPHP_SECRET_TOKEN", - "displayName": "CakePHP Secret Token", - "description": "Set this to a long random string.", - "generate": "expression", - "from": "[\\w]{50}" - }, - { - "name": "CAKEPHP_SECURITY_SALT", - "displayName": "CakePHP Security Salt", - "description": "Security salt for session hash.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "CAKEPHP_SECURITY_CIPHER_SEED", - "displayName": "CakePHP Security Cipher Seed", - "description": "Security cipher seed for session hash.", - "generate": "expression", - "from": "[0-9]{30}" - }, - { - "name": "OPCACHE_REVALIDATE_FREQ", - "displayName": "OPcache Revalidation Frequency", - "description": "How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", - "value": "2" - }, - { - "name": "COMPOSER_MIRROR", - "displayName": "Custom Composer Mirror URL", - "description": "The custom Composer mirror URL", - "value": "" - } - ] -} diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/dancer.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/dancer.json deleted file mode 100644 index 46b8984e3..000000000 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/dancer.json +++ /dev/null @@ -1,276 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "dancer-example", - "annotations": { - "description": "An example Dancer application with no database", - "tags": "quickstart,perl,dancer", - "iconClass": "icon-perl" - } - }, - "labels": { - "template": "dancer-example" - }, - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Exposes and load balances the application pods" - } - }, - "spec": { - "ports": [ - { - "name": "web", - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "name": "${NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}" - }, - "spec": { - "host": "${APPLICATION_DOMAIN}", - "to": { - "kind": "Service", - "name": "${NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Keeps track of changes in the application image" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to build the application" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "from": { - "kind": "ImageStreamTag", - "namespace": "${NAMESPACE}", - "name": "perl:5.20" - }, - "env": [ - { - "name": "CPAN_MIRROR", - "value": "${CPAN_MIRROR}" - } - ] - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - }, - "triggers": [ - { - "type": "ImageChange" - }, - { - "type": "ConfigChange" - }, - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to deploy the application server" - } - }, - "spec": { - "strategy": { - "type": "Rolling" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "dancer-example" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${NAME}" - }, - "template": { - "metadata": { - "name": "${NAME}", - "labels": { - "name": "${NAME}" - } - }, - "spec": { - "containers": [ - { - "name": "dancer-example", - "image": " ", - "ports": [ - { - "containerPort": 8080 - } - ], - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "env": [ - { - "name": "PERL_APACHE2_RELOAD", - "value": "${PERL_APACHE2_RELOAD}" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - } - } - ] - } - } - } - } - ], - "parameters": [ - { - "name": "NAME", - "displayName": "Name", - "description": "The name assigned to all of the frontend objects defined in this template.", - "required": true, - "value": "dancer-example" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "required": true, - "value": "openshift" - }, - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "required": true, - "value": "512Mi" - }, - { - "name": "SOURCE_REPOSITORY_URL", - "displayName": "Git Repository URL", - "description": "The URL of the repository with your application source code.", - "required": true, - "value": "https://github.com/openshift/dancer-ex.git" - }, - { - "name": "SOURCE_REPOSITORY_REF", - "displayName": "Git Reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." - }, - { - "name": "CONTEXT_DIR", - "displayName": "Context Directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - }, - { - "name": "APPLICATION_DOMAIN", - "displayName": "Application Hostname", - "description": "The exposed hostname that will route to the Dancer service, if left blank a value will be defaulted.", - "value": "" - }, - { - "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub Webhook Secret", - "description": "A secret string used to configure the GitHub webhook.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "SECRET_KEY_BASE", - "displayName": "Secret Key", - "description": "Your secret key for verifying the integrity of signed cookies.", - "generate": "expression", - "from": "[a-z0-9]{127}" - }, - { - "name": "PERL_APACHE2_RELOAD", - "displayName": "Perl Module Reload", - "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules.", - "value": "" - }, - { - "name": "CPAN_MIRROR", - "displayName": "Custom CPAN Mirror URL", - "description": "The custom CPAN mirror URL", - "value": "" - } - ] -} diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/django.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/django.json deleted file mode 100644 index 1c2e40d70..000000000 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/django.json +++ /dev/null @@ -1,323 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "django-example", - "annotations": { - "description": "An example Django application with no database", - "tags": "quickstart,python,django", - "iconClass": "icon-python" - } - }, - "labels": { - "template": "django-example" - }, - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Exposes and load balances the application pods" - } - }, - "spec": { - "ports": [ - { - "name": "web", - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "name": "${NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}" - }, - "spec": { - "host": "${APPLICATION_DOMAIN}", - "to": { - "kind": "Service", - "name": "${NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Keeps track of changes in the application image" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to build the application" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "from": { - "kind": "ImageStreamTag", - "namespace": "${NAMESPACE}", - "name": "python:3.5" - }, - "env": [ - { - "name": "PIP_INDEX_URL", - "value": "${PIP_INDEX_URL}" - } - ] - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - }, - "triggers": [ - { - "type": "ImageChange" - }, - { - "type": "ConfigChange" - }, - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - } - ], - "postCommit": { - "script": "./manage.py test" - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to deploy the application server" - } - }, - "spec": { - "strategy": { - "type": "Rolling" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "django-example" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${NAME}" - }, - "template": { - "metadata": { - "name": "${NAME}", - "labels": { - "name": "${NAME}" - } - }, - "spec": { - "containers": [ - { - "name": "django-example", - "image": " ", - "ports": [ - { - "containerPort": 8080 - } - ], - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "env": [ - { - "name": "DATABASE_SERVICE_NAME", - "value": "${DATABASE_SERVICE_NAME}" - }, - { - "name": "DATABASE_ENGINE", - "value": "${DATABASE_ENGINE}" - }, - { - "name": "DATABASE_NAME", - "value": "${DATABASE_NAME}" - }, - { - "name": "DATABASE_USER", - "value": "${DATABASE_USER}" - }, - { - "name": "DATABASE_PASSWORD", - "value": "${DATABASE_PASSWORD}" - }, - { - "name": "APP_CONFIG", - "value": "${APP_CONFIG}" - }, - { - "name": "DJANGO_SECRET_KEY", - "value": "${DJANGO_SECRET_KEY}" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - } - } - ] - } - } - } - } - ], - "parameters": [ - { - "name": "NAME", - "displayName": "Name", - "description": "The name assigned to all of the frontend objects defined in this template.", - "required": true, - "value": "django-example" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "required": true, - "description": "The OpenShift Namespace where the ImageStream resides.", - "value": "openshift" - }, - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "required": true, - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "SOURCE_REPOSITORY_URL", - "displayName": "Git Repository URL", - "required": true, - "description": "The URL of the repository with your application source code.", - "value": "https://github.com/openshift/django-ex.git" - }, - { - "name": "SOURCE_REPOSITORY_REF", - "displayName": "Git Reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." - }, - { - "name": "CONTEXT_DIR", - "displayName": "Context Directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - }, - { - "name": "APPLICATION_DOMAIN", - "displayName": "Application Hostname", - "description": "The exposed hostname that will route to the Django service, if left blank a value will be defaulted.", - "value": "" - }, - { - "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub Webhook Secret", - "description": "A secret string used to configure the GitHub webhook.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "DATABASE_SERVICE_NAME", - "displayName": "Database Service Name" - }, - { - "name": "DATABASE_ENGINE", - "displayName": "Database Engine", - "description": "Database engine: postgresql, mysql or sqlite (default)." - }, - { - "name": "DATABASE_NAME", - "displayName": "Database Name" - }, - { - "name": "DATABASE_USER", - "displayName": "Database Username" - }, - { - "name": "DATABASE_PASSWORD", - "displayName": "Database User Password" - }, - { - "name": "APP_CONFIG", - "displayName": "Application Configuration File Path", - "description": "Relative path to Gunicorn configuration file (optional)." - }, - { - "name": "DJANGO_SECRET_KEY", - "displayName": "Django Secret Key", - "description": "Set this to a long random string.", - "generate": "expression", - "from": "[\\w]{50}" - }, - { - "name": "PIP_INDEX_URL", - "displayName": "Custom PyPi Index URL", - "description": "The custom PyPi index URL", - "value": "" - } - ] -} diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/nodejs.json deleted file mode 100644 index ec262e4e8..000000000 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/nodejs.json +++ /dev/null @@ -1,323 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "nodejs-example", - "annotations": { - "description": "An example Node.js application with no database", - "tags": "quickstart,nodejs", - "iconClass": "icon-nodejs" - } - }, - "labels": { - "template": "nodejs-example" - }, - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Exposes and load balances the application pods" - } - }, - "spec": { - "ports": [ - { - "name": "web", - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "name": "${NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}" - }, - "spec": { - "host": "${APPLICATION_DOMAIN}", - "to": { - "kind": "Service", - "name": "${NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Keeps track of changes in the application image" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to build the application" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "from": { - "kind": "ImageStreamTag", - "namespace": "${NAMESPACE}", - "name": "nodejs:4" - }, - "env": [ - { - "name": "NPM_MIRROR", - "value": "${NPM_MIRROR}" - } - ] - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - }, - "triggers": [ - { - "type": "ImageChange" - }, - { - "type": "ConfigChange" - }, - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - } - ], - "postCommit": { - "script": "npm test" - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to deploy the application server" - } - }, - "spec": { - "strategy": { - "type": "Rolling" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "nodejs-example" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${NAME}" - }, - "template": { - "metadata": { - "name": "${NAME}", - "labels": { - "name": "${NAME}" - } - }, - "spec": { - "containers": [ - { - "name": "nodejs-example", - "image": " ", - "ports": [ - { - "containerPort": 8080 - } - ], - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, - "env": [ - { - "name": "DATABASE_SERVICE_NAME", - "value": "${DATABASE_SERVICE_NAME}" - }, - { - "name": "MONGODB_USER", - "value": "${MONGODB_USER}" - }, - { - "name": "MONGODB_PASSWORD", - "value": "${MONGODB_PASSWORD}" - }, - { - "name": "MONGODB_DATABASE", - "value": "${MONGODB_DATABASE}" - }, - { - "name": "MONGODB_ADMIN_PASSWORD", - "value": "${MONGODB_ADMIN_PASSWORD}" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - } - } - ] - } - } - } - } - ], - "parameters": [ - { - "name": "NAME", - "displayName": "Name", - "description": "The name assigned to all of the frontend objects defined in this template.", - "required": true, - "value": "nodejs-example" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "required": true, - "value": "openshift" - }, - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "required": true, - "value": "512Mi" - }, - { - "name": "SOURCE_REPOSITORY_URL", - "displayName": "Git Repository URL", - "description": "The URL of the repository with your application source code.", - "required": true, - "value": "https://github.com/openshift/nodejs-ex.git" - }, - { - "name": "SOURCE_REPOSITORY_REF", - "displayName": "Git Reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." - }, - { - "name": "CONTEXT_DIR", - "displayName": "Context Directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - }, - { - "name": "APPLICATION_DOMAIN", - "displayName": "Application Hostname", - "description": "The exposed hostname that will route to the Node.js service, if left blank a value will be defaulted.", - "value": "" - }, - { - "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub Webhook Secret", - "description": "A secret string used to configure the GitHub webhook.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "GENERIC_WEBHOOK_SECRET", - "displayName": "Generic Webhook Secret", - "description": "A secret string used to configure the Generic webhook.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "DATABASE_SERVICE_NAME", - "displayName": "Database Service Name" - }, - { - "name": "MONGODB_USER", - "displayName": "MongoDB Username", - "description": "Username for MongoDB user that will be used for accessing the database." - }, - { - "name": "MONGODB_PASSWORD", - "displayName": "MongoDB Password", - "description": "Password for the MongoDB user." - }, - { - "name": "MONGODB_DATABASE", - "displayName": "Database Name" - }, - { - "name": "MONGODB_ADMIN_PASSWORD", - "displayName": "Database Administrator Password", - "description": "Password for the database admin user." - }, - { - "name": "NPM_MIRROR", - "displayName": "Custom NPM Mirror URL", - "description": "The custom NPM mirror URL", - "value": "" - } - ] -} diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index 4150fabec..058ad8888 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -73,6 +73,27 @@ failed_when: "'already exists' not in oex_import_db_templates.stderr and oex_import_db_templates.rc != 0" changed_when: false +- name: Remove defunct quickstart template files + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ quickstarts_base }}/nodejs.json" + - "{{ quickstarts_base }}/cakephp.json" + - "{{ quickstarts_base }}/dancer.json" + - "{{ quickstarts_base }}/django.json" + +- name: Remove defunct quickstart templates from openshift namespace + command: "{{ openshift.common.client_binary }} -n openshift delete templates/{{ item }}" + with_items: + - nodejs-example + - cakephp-example + - dancer-example + - django-example + register: oex_delete_defunct_quickstart_templates + failed_when: "'not found' not in oex_delete_defunct_quickstart_templates.stderr and oex_delete_defunct_quickstart_templates.rc != 0" + changed_when: false + - name: Import quickstart-templates command: > {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ quickstarts_base }} diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index ebd799466..e5cb0db15 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1730,6 +1730,7 @@ class OpenShiftFacts(object): {"name": "PodFitsPorts"}, {"name": "NoDiskConflict"}, {"name": "NoVolumeZoneConflict"}, + {"name": "MaxEBSVolumeCount"}, {"name": "Region", "argument": {"serviceAffinity" : {"labels" : ["region"]}}} ] scheduler_priorities = [ diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index ef1c7c5bc..4cb85df04 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -13,6 +13,8 @@ command: > {{ openshift.common.client_binary }} get service docker-registry --template='{{ '{{' }} .spec.clusterIP {{ '}}' }}' + --config={{ openshift_hosted_kubeconfig }} + -n default register: docker_registry_service_ip changed_when: false @@ -74,6 +76,8 @@ {{ openshift.common.client_binary }} env dc/docker-registry REGISTRY_HTTP_TLS_CERTIFICATE=/etc/secrets/registry.crt REGISTRY_HTTP_TLS_KEY=/etc/secrets/registry.key + --config={{ openshift_hosted_kubeconfig }} + -n default # These commands are on a single line to preserve patch json. - name: Update registry liveness probe from HTTP to HTTPS diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2 index b70ec500e..092b0fb35 100644 --- a/roles/openshift_hosted/templates/registry_config.j2 +++ b/roles/openshift_hosted/templates/registry_config.j2 @@ -15,7 +15,7 @@ storage: encrypt: false secure: true v4auth: true - rootdirectory: /registry + rootdirectory: {{ openshift.hosted.registry.storage.s3.rootdirectory | default('/registry') }} chunksize: "{{ openshift.hosted.registry.storage.s3.chunksize | default(26214400) }}" {% elif openshift.hosted.registry.storage.provider == 'azure_blob' %} azure: @@ -66,6 +66,8 @@ middleware: - name: openshift options: pullthrough: {{ openshift.hosted.registry.pullthrough | default(true) }} + acceptschema2: {{ openshift.hosted.registry.acceptschema2 | default(false) }} + enforcequota: {{ openshift.hosted.registry.enforcequota | default(false) }} {% if openshift.hosted.registry.storage.provider == 's3' and 'cloudfront' in openshift.hosted.registry.storage.s3 %} storage: - name: cloudfront diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index f999092cc..f45ade751 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -14,7 +14,7 @@ - name: Wait for Node Registration command: > - {{ openshift.common.client_binary }} get node {{ item | lower }} + {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.common.hostname | lower }} --config={{ openshift_manage_node_kubeconfig }} -n default register: omd_get_node @@ -29,8 +29,7 @@ {{ openshift.common.admin_binary }} manage-node {{ hostvars[item].openshift.common.hostname | lower }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }} --config={{ openshift_manage_node_kubeconfig }} -n default - with_items: - - "{{ openshift_nodes }}" + with_items: "{{ openshift_nodes }}" when: hostvars[item].openshift.common.hostname is defined - name: Label nodes @@ -38,8 +37,7 @@ {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.common.hostname | lower }} {{ hostvars[item].openshift.node.labels | oo_combine_dict }} --config={{ openshift_manage_node_kubeconfig }} -n default - with_items: - - "{{ openshift_nodes }}" + with_items: "{{ openshift_nodes }}" when: hostvars[item].openshift.common.hostname is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {} - name: Delete temp directory diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index df3f6ee65..34071964a 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,9 +1,14 @@ --- - name: restart openvswitch service: name=openvswitch state=restarted - when: not (ovs_service_status_changed | default(false) | bool) + when: not (ovs_service_status_changed | default(false) | bool) and openshift.common.use_openshift_sdn | bool + notify: + - restart openvswitch pause + +- name: restart openvswitch pause + pause: seconds=15 + when: openshift.common.is_containerized | bool - name: restart node service: name={{ openshift.common.service_type }}-node state=restarted when: not (node_service_status_changed | default(false) | bool) - diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 025cb567e..38dc98c07 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -48,6 +48,23 @@ notify: - restart node +- name: Configure Proxy Settings + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + create: true + with_items: + - regex: '^HTTP_PROXY=' + line: "HTTP_PROXY={{ openshift.common.http_proxy }}" + - regex: '^HTTPS_PROXY=' + line: "HTTPS_PROXY={{ openshift.common.https_proxy }}" + - regex: '^NO_PROXY=' + line: "NO_PROXY={{ openshift.common.no_proxy | join(',') }}" + when: "{{ openshift.common.http_proxy is defined and openshift.common.http_proxy != '' }}" + notify: + - restart node + - name: Reload systemd units command: systemctl daemon-reload when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed) diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py index aa552e820..85b4d29cb 100644 --- a/utils/src/ooinstall/cli_installer.py +++ b/utils/src/ooinstall/cli_installer.py @@ -790,7 +790,7 @@ def set_infra_nodes(hosts): if all(host.is_master() for host in hosts): infra_list = hosts else: - nodes_list = [host for host in hosts if host.is_node()] + nodes_list = [host for host in hosts if host.is_schedulable_node(hosts)] infra_list = nodes_list[:2] for host in infra_list: |