diff options
| -rw-r--r-- | .tito/packages/openshift-ansible | 2 | ||||
| -rw-r--r-- | openshift-ansible.spec | 19 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml | 2 | ||||
| -rw-r--r-- | roles/etcd/templates/etcd.docker.service | 2 | ||||
| -rw-r--r-- | roles/etcd_common/tasks/backup.yml | 29 | ||||
| -rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 12 | ||||
| -rw-r--r-- | roles/openshift_logging/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_logging/tasks/install_logging.yaml | 22 | ||||
| -rw-r--r-- | roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml | 3 | ||||
| -rw-r--r-- | roles/openshift_metrics/tasks/install_hosa.yaml | 2 | ||||
| -rw-r--r-- | roles/openshift_metrics/tasks/install_support.yaml | 2 | ||||
| -rw-r--r-- | roles/openshift_metrics/tasks/main.yaml | 2 | ||||
| -rw-r--r-- | roles/rhel_subscribe/meta/main.yml | 3 | ||||
| -rw-r--r-- | roles/rhel_subscribe/tasks/main.yml | 10 |
14 files changed, 79 insertions, 33 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 65e17d2d9..b331c69ef 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.6.128-1 ./ +3.6.129-1 ./ diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 97e17412f..3e999a774 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -9,7 +9,7 @@ %global __requires_exclude ^/usr/bin/ansible-playbook$ Name: openshift-ansible -Version: 3.6.128 +Version: 3.6.129 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -280,6 +280,23 @@ Atomic OpenShift Utilities includes %changelog +* Fri Jun 30 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.6.129-1 +- Fix generate role binding destination for the HOSA service account + (steveteuber@users.noreply.github.com) +- Correct version comparisons to ensure proper evaluation (rteague@redhat.com) +- Adding become: false to local_action tasks (ewolinet@redhat.com) +- upgrade: fix name for the etcd system container (gscrivan@redhat.com) +- fix backup and working directory for etcd run as a system container + (jchaloup@redhat.com) +- etcd_migrate: Add /var/usrlocal/bin to path for oadm (smilner@redhat.com) +- etcd_migrate: Add /usr/local/bin to path for oadm (smilner@redhat.com) +- Sync environment variables FLUENTD/MUX_CPU_LIMIT FLUENTD/MUX_MEMORY_LIMIT + with the resource limit values. (nhosoi@redhat.com) +- Update master configuration for named certificates during master cert + redeploy. (abutcher@redhat.com) +- Get rid of openshift_facts dep in rhel_subscribe (sdodson@redhat.com) +- logging: write ES heap dump to persistent storage (jwozniak@redhat.com) + * Thu Jun 29 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.6.128-1 - parameterize etcd binary path (fabian@fabianism.us) - attach leases via the first master only and only once (jchaloup@redhat.com) diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml index 0431c1ce0..39e82498d 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/upgrade.yml @@ -36,7 +36,7 @@ - not openshift.common.is_etcd_system_container | bool - name: Record containerized etcd version (runc) - command: runc exec etcd_container rpm -qa --qf '%{version}' etcd\* + command: runc exec etcd rpm -qa --qf '%{version}' etcd\* register: etcd_container_version_runc failed_when: false # AUDIT:changed_when: `false` because we are only inspecting diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service index adeca7a91..d9327f433 100644 --- a/roles/etcd/templates/etcd.docker.service +++ b/roles/etcd/templates/etcd.docker.service @@ -7,7 +7,7 @@ PartOf={{ openshift.docker.service_name }}.service [Service] EnvironmentFile={{ etcd_conf_file }} ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }} -ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v {{ etcd_data_dir }}:{{ etcd_data_dir }}:z -v {{ etcd_conf_dir }}:{{ etcd_conf_dir }}:ro --env-file={{ etcd_conf_file }} --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} +ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v {{ etcd_data_dir }}:{{ etcd_data_dir }}:z -v {{ etcd_conf_dir }}:{{ etcd_conf_dir }}:ro --env-file={{ etcd_conf_file }} --net=host --security-opt label=type:spc_t --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} ExecStop=/usr/bin/docker stop {{ etcd_service }} SyslogIdentifier=etcd_container Restart=always diff --git a/roles/etcd_common/tasks/backup.yml b/roles/etcd_common/tasks/backup.yml index 4a4832275..1a0b857f1 100644 --- a/roles/etcd_common/tasks/backup.yml +++ b/roles/etcd_common/tasks/backup.yml @@ -1,10 +1,25 @@ --- +# set the etcd backup directory name here in case the tag or sufix consists of dynamic value that changes over time +# e.g. openshift-backup-{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }} value will change every second so if the date changes +# right after setting l_etcd_incontainer_backup_dir and before l_etcd_backup_dir facts, the backup directory name is different - set_fact: - l_etcd_backup_dir: "{{ etcd_data_dir }}/openshift-backup-{{ r_etcd_common_backup_tag }}{{ r_etcd_common_backup_sufix_name }}" + l_backup_dir_name: "openshift-backup-{{ r_etcd_common_backup_tag }}{{ r_etcd_common_backup_sufix_name }}" + +- set_fact: + l_etcd_data_dir: "{{ etcd_data_dir }}{{ '/etcd.etcd' if r_etcd_common_etcd_runtime == 'runc' else '' }}" + +- set_fact: + l_etcd_incontainer_data_dir: "{{ etcd_data_dir }}" + +- set_fact: + l_etcd_incontainer_backup_dir: "{{ l_etcd_incontainer_data_dir }}/{{ l_backup_dir_name }}" + +- set_fact: + l_etcd_backup_dir: "{{ l_etcd_data_dir }}/{{ l_backup_dir_name }}" # TODO: replace shell module with command and update later checks - name: Check available disk space for etcd backup - shell: df --output=avail -k {{ etcd_data_dir }} | tail -n 1 + shell: df --output=avail -k {{ l_etcd_data_dir }} | tail -n 1 register: l_avail_disk # AUDIT:changed_when: `false` because we are only inspecting # state, not manipulating anything @@ -12,7 +27,7 @@ # TODO: replace shell module with command and update later checks - name: Check current etcd disk usage - shell: du --exclude='*openshift-backup*' -k {{ etcd_data_dir }} | tail -n 1 | cut -f1 + shell: du --exclude='*openshift-backup*' -k {{ l_etcd_data_dir }} | tail -n 1 | cut -f1 register: l_etcd_disk_usage when: r_etcd_common_embedded_etcd | bool # AUDIT:changed_when: `false` because we are only inspecting @@ -48,19 +63,19 @@ - name: Generate etcd backup command: > - {{ r_etcd_common_etcdctl_command }} backup --data-dir={{ etcd_data_dir }} - --backup-dir={{ l_etcd_backup_dir }} + {{ r_etcd_common_etcdctl_command }} backup --data-dir={{ l_etcd_incontainer_data_dir }} + --backup-dir={{ l_etcd_incontainer_backup_dir }} # According to the docs change you can simply copy snap/db # https://github.com/openshift/openshift-docs/commit/b38042de02d9780842dce95cfa0ef45d53b58bc6 - name: Check for v3 data store stat: - path: "{{ etcd_data_dir }}/member/snap/db" + path: "{{ l_etcd_data_dir }}/member/snap/db" register: l_v3_db - name: Copy etcd v3 data store command: > - cp -a {{ etcd_data_dir }}/member/snap/db + cp -a {{ l_etcd_data_dir }}/member/snap/db {{ l_etcd_backup_dir }}/member/snap/ when: l_v3_db.stat.exists diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 663423061..cc2a1d2eb 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -912,17 +912,17 @@ def set_version_facts_if_unset(facts): version_gte_3_1_1_or_1_1_1 = version >= LooseVersion('1.1.1') version_gte_3_2_or_1_2 = version >= LooseVersion('1.2.0') version_gte_3_3_or_1_3 = version >= LooseVersion('1.3.0') - version_gte_3_4_or_1_4 = version >= LooseVersion('1.4.0') - version_gte_3_5_or_1_5 = version >= LooseVersion('1.5.0') - version_gte_3_6 = version >= LooseVersion('3.6.0') + version_gte_3_4_or_1_4 = version >= LooseVersion('1.4') + version_gte_3_5_or_1_5 = version >= LooseVersion('1.5') + version_gte_3_6 = version >= LooseVersion('3.6') else: version_gte_3_1_or_1_1 = version >= LooseVersion('3.0.2.905') version_gte_3_1_1_or_1_1_1 = version >= LooseVersion('3.1.1') version_gte_3_2_or_1_2 = version >= LooseVersion('3.1.1.901') version_gte_3_3_or_1_3 = version >= LooseVersion('3.3.0') - version_gte_3_4_or_1_4 = version >= LooseVersion('3.4.0') - version_gte_3_5_or_1_5 = version >= LooseVersion('3.5.0') - version_gte_3_6 = version >= LooseVersion('3.6.0') + version_gte_3_4_or_1_4 = version >= LooseVersion('3.4') + version_gte_3_5_or_1_5 = version >= LooseVersion('3.5') + version_gte_3_6 = version >= LooseVersion('3.6') else: # 'Latest' version is set to True, 'Next' versions set to False version_gte_3_1_or_1_1 = True diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 9b7767ccd..c243a6e4a 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -128,7 +128,7 @@ openshift_logging_es_ops_client_key: /etc/fluent/keys/key openshift_logging_es_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}" openshift_logging_es_ops_cpu_limit: null openshift_logging_es_ops_memory_limit: "{{ openshift_hosted_logging_elasticsearch_ops_instance_ram | default('8Gi') }}" -openshift_logging_es_ops_pv_selector: "{{ openshift_hosted_loggingops_storage_labels | default(null) }}" +openshift_logging_es_ops_pv_selector: "{{ openshift_hosted_loggingops_storage_labels | default('') }}" openshift_logging_es_ops_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic | default(False) }}" openshift_logging_es_ops_pvc_size: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_size | default('') }}" openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | default('logging-es-ops') }}" diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 66dc0e096..221a81340 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -105,20 +105,22 @@ - set_fact: es_ops_indices=[] when: openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count == 0 +- set_fact: openshift_logging_es_ops_pvc_prefix="logging-es-ops" + when: openshift_logging_es_ops_pvc_prefix == "" - include_role: name: openshift_logging_elasticsearch vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" openshift_logging_elasticsearch_deployment_name: "{{ item.0 }}" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix ~ '-' ~ item.2 if item.1 is none else item.1 }}" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix ~ '-' ~ item.2 if item.1 is none else item.1 }}" openshift_logging_elasticsearch_ops_deployment: true openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_ops_cluster_size | int }}" - openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" - openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" - openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_pvc_dynamic }}" - openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" + openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_ops_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" + openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic }}" + openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}" openshift_logging_es_cert: "{{ openshift_logging_es_ops_cert }}" openshift_logging_es_ca_ext: "{{ openshift_logging_es_ops_ca_ext }}" @@ -139,14 +141,14 @@ name: openshift_logging_elasticsearch vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix }}-{{ item | int + openshift_logging_facts.elasticsearch_ops.deploymentconfigs | count - 1 }}" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix }}-{{ item | int + openshift_logging_facts.elasticsearch_ops.deploymentconfigs | count - 1 }}" openshift_logging_elasticsearch_ops_deployment: true openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_ops_cluster_size | int }}" - openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" - openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" - openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_pvc_dynamic }}" - openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" + openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_ops_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" + openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic }}" + openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}" openshift_logging_es_cert: "{{ openshift_logging_es_ops_cert }}" openshift_logging_es_ca_ext: "{{ openshift_logging_es_ops_ca_ext }}" diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index 7b81b3c10..8d7ee00ed 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -17,14 +17,17 @@ local_action: copy dest="{{ local_tmp.stdout }}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}" with_items: - hawkular-metrics + become: false - local_action: slurp src="{{ local_tmp.stdout }}/hawkular-metrics.pwd" register: hawkular_metrics_pwd no_log: true + become: false - name: generate htpasswd file for hawkular metrics local_action: htpasswd path="{{ local_tmp.stdout }}/hawkular-metrics.htpasswd" name=hawkular password="{{ hawkular_metrics_pwd.content | b64decode }}" no_log: true + become: false - name: copy local generated passwords to target copy: diff --git a/roles/openshift_metrics/tasks/install_hosa.yaml b/roles/openshift_metrics/tasks/install_hosa.yaml index cc533a68b..7c9bc26d0 100644 --- a/roles/openshift_metrics/tasks/install_hosa.yaml +++ b/roles/openshift_metrics/tasks/install_hosa.yaml @@ -28,7 +28,7 @@ - name: Generate role binding for the hawkular-openshift-agent service account template: src: rolebinding.j2 - dest: "{{ mktemp.stdout }}/templates/metrics-hawkular-agent-rolebinding.yaml" + dest: "{{ mktemp.stdout }}/templates/metrics-hawkular-openshift-agent-rolebinding.yaml" vars: cluster: True obj_name: hawkular-openshift-agent-rb diff --git a/roles/openshift_metrics/tasks/install_support.yaml b/roles/openshift_metrics/tasks/install_support.yaml index 5cefb273d..584e3be05 100644 --- a/roles/openshift_metrics/tasks/install_support.yaml +++ b/roles/openshift_metrics/tasks/install_support.yaml @@ -4,6 +4,7 @@ register: htpasswd_check failed_when: no changed_when: no + become: false - fail: msg="'htpasswd' is unavailable. Please install httpd-tools on the control node" when: htpasswd_check.rc == 1 @@ -13,6 +14,7 @@ register: keytool_check failed_when: no changed_when: no + become: false - fail: msg="'keytool' is unavailable. Please install java-1.8.0-openjdk-headless on the control node" when: keytool_check.rc == 1 diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 0b5f23c24..eaabdd20f 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -1,6 +1,7 @@ --- - local_action: shell python -c 'import passlib' 2>/dev/null || echo not installed register: passlib_result + become: false - name: Check that python-passlib is available on the control host assert: @@ -52,3 +53,4 @@ tags: metrics_cleanup changed_when: False check_mode: no + become: false diff --git a/roles/rhel_subscribe/meta/main.yml b/roles/rhel_subscribe/meta/main.yml index 0bbeadd34..23d65c7ef 100644 --- a/roles/rhel_subscribe/meta/main.yml +++ b/roles/rhel_subscribe/meta/main.yml @@ -1,3 +1,2 @@ --- -dependencies: - - role: openshift_facts +dependencies: [] diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml index 28c3c7080..453044a6e 100644 --- a/roles/rhel_subscribe/tasks/main.yml +++ b/roles/rhel_subscribe/tasks/main.yml @@ -21,6 +21,11 @@ msg: Either rhsub_pass or the rhel_subscription_pass env variable are required for this role. when: rhel_subscription_pass is not defined +- name: Detecting Atomic Host Operating System + stat: + path: /run/ostree-booted + register: ostree_booted + - name: Satellite preparation command: "rpm -Uvh http://{{ rhel_subscription_server }}/pub/katello-ca-consumer-latest.noarch.rpm" args: @@ -57,5 +62,6 @@ when: openshift_pool_id.stdout != '' - include: enterprise.yml - when: deployment_type in [ 'enterprise', 'atomic-enterprise', 'openshift-enterprise' ] and - not openshift.common.is_atomic | bool + when: + - deployment_type in [ 'enterprise', 'atomic-enterprise', 'openshift-enterprise' ] + - not ostree_booted.stat.exists | bool |