diff options
28 files changed, 366 insertions, 357 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 31f25b762..1d46a9380 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.3.15-1 ./ +3.3.16-1 ./ diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index d7db63383..f073a125d 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -65,10 +65,6 @@ openshift_release=v1.2 # See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files #openshift_master_oauth_template=/path/to/login-template.html -# Configure metricsPublicURL in the master config for cluster metrics -# See: https://docs.openshift.org/latest/install_config/cluster_metrics.html -#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics - # Configure loggingPublicURL in the master config for aggregate logging # See: https://docs.openshift.org/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com @@ -326,6 +322,49 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_registry_storage_s3_chunksize=26214400 #openshift_hosted_registry_pullthrough=true +# Metrics deployment +# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html +# +# By default metrics are not automatically deployed, set this to enable them +# openshift_hosted_metrics_deploy=true +# +# Storage Options +# If openshift_hosted_metrics_storage_kind is unset then metrics will be stored +# in an EmptyDir volume and will be deleted when the cassandra pod terminates. +# Storage options A & B currently support only one cassandra pod which is +# generally enough for up to 1000 pods. Additional volumes can be created +# manually after the fact and metrics scaled per the docs. +# +# Option A - NFS Host Group +# An NFS volume will be created with path "nfs_directory/volume_name" +# on the host within the [nfs] host group. For example, the volume +# path using these options would be "/exports/metrics" +#openshift_hosted_metrics_storage_kind=nfs +#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce'] +#openshift_hosted_metrics_storage_nfs_directory=/exports +#openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)' +#openshift_hosted_metrics_storage_volume_name=metrics +#openshift_hosted_metrics_storage_volume_size=10Gi +# +# Option B - External NFS Host +# NFS volume must already exist with path "nfs_directory/_volume_name" on +# the storage_host. For example, the remote volume path using these +# options would be "nfs.example.com:/exports/metrics" +#openshift_hosted_metrics_storage_kind=nfs +#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce'] +#openshift_hosted_metrics_storage_host=nfs.example.com +#openshift_hosted_metrics_storage_nfs_directory=/exports +#openshift_hosted_metrics_storage_volume_name=metrics +#openshift_hosted_metrics_storage_volume_size=10Gi +# +# Option C - Dynamic -- If openshift supports dynamic volume provisioning for +# your cloud platform use this. +#openshift_hosted_metrics_storage_kind=dynamic +# +# Override metricsPublicURL in the master config for cluster metrics +# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics +#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics + # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index cdcbae723..8899c1769 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -65,10 +65,6 @@ openshift_release=v3.2 # See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files #openshift_master_oauth_template=/path/to/login-template.html -# Configure metricsPublicURL in the master config for cluster metrics -# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html -#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics - # Configure loggingPublicURL in the master config for aggregate logging # See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com @@ -325,9 +321,20 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_registry_storage_s3_chunksize=26214400 #openshift_hosted_registry_pullthrough=true -# Metrics Storage Options +# Metrics deployment +# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html # -# NFS Host Group +# By default metrics are not automatically deployed, set this to enable them +# openshift_hosted_metrics_deploy=true +# +# Storage Options +# If openshift_hosted_metrics_storage_kind is unset then metrics will be stored +# in an EmptyDir volume and will be deleted when the cassandra pod terminates. +# Storage options A & B currently support only one cassandra pod which is +# generally enough for up to 1000 pods. Additional volumes can be created +# manually after the fact and metrics scaled per the docs. +# +# Option A - NFS Host Group # An NFS volume will be created with path "nfs_directory/volume_name" # on the host within the [nfs] host group. For example, the volume # path using these options would be "/exports/metrics" @@ -338,7 +345,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_metrics_storage_volume_name=metrics #openshift_hosted_metrics_storage_volume_size=10Gi # -# External NFS Host +# Option B - External NFS Host # NFS volume must already exist with path "nfs_directory/_volume_name" on # the storage_host. For example, the remote volume path using these # options would be "nfs.example.com:/exports/metrics" @@ -348,6 +355,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_metrics_storage_nfs_directory=/exports #openshift_hosted_metrics_storage_volume_name=metrics #openshift_hosted_metrics_storage_volume_size=10Gi +# +# Option C - Dynamic -- If openshift supports dynamic volume provisioning for +# your cloud platform use this. +#openshift_hosted_metrics_storage_kind=dynamic +# +# Override metricsPublicURL in the master config for cluster metrics +# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics +#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics + # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 5144c4920..a615279ab 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.3.15 +Version: 3.3.16 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -221,6 +221,48 @@ Atomic OpenShift Utilities includes %changelog +* Sat Aug 27 2016 Scott Dodson <sdodson@redhat.com> 3.3.16-1 +- Sync image stream data (sdodson@redhat.com) +- Update metrics example inventories (sdodson@redhat.com) +- Preserve AWS options in sysconfig files. (dgoodwin@redhat.com) +- Fix metrics for containerized installs (sdodson@redhat.com) +- Cleanup items botched during rebase (sdodson@redhat.com) +- add check for server and account already exist (mangirdas@judeikis.lt) +- add run_once to repeatable actions (mangirdas@judeikis.lt) +- Remove atomic check and cockpit.socket (smunilla@redhat.com) +- Re-organize registry-console deployment. (abutcher@redhat.com) +- Add registry console template (aweiteka@redhat.com) +- Add support for Atomic Registry Installs (smunilla@redhat.com) +- Apply indentation changes to some other lines (tbielawa@redhat.com) +- Don't use openshift_env for cloud provider facts. (abutcher@redhat.com) +- Enable PEP8 tests by default in the 'make ci' target now + (tbielawa@redhat.com) +- Fix PEP8 errors in cli_installer.py (tbielawa@redhat.com) +- Fix PEP8 in openshift_ansible.py (tbielawa@redhat.com) +- Fix PEP8 in oo_config.py (tbielawa@redhat.com) +- Fix PEP8 in variants.py (tbielawa@redhat.com) +- Fix PEP8 in facts_callback.py (tbielawa@redhat.com) +- fix duplicate src field (jdetiber@redhat.com) +- Refactor volume directory creation (sdodson@redhat.com) +- Rely on IMAGE_PREFIX and IMAGE_VERSION defaults from the templates themselves + (sdodson@redhat.com) +- Add metrics exports to nfs role, move exports to /etc/exports.d/openshift- + ansible.exports (sdodson@redhat.com) +- Add ability to disable pvc creation (sdodson@redhat.com) +- Fix registry volume (sdodson@redhat.com) +- add selectors for metrics and logging (sdodson@redhat.com) +- Add logic to detect existing installs (sdodson@redhat.com) +- Deploy metrics after our router (sdodson@redhat.com) +- Add Enterprise 3.3 template (sdodson@redhat.com) +- Pull in keynote demo changes (sdodson@redhat.com) +- [tags] add some support for running a subset of config via tags + (jdetiber@redhat.com) +- [metrics] add filter to clean up hostname for use in metrics deployment + (jdetiber@redhat.com) +- enable service-serving-cert-signer by default (abutcher@redhat.com) +- Fix review comments (mkumatag@in.ibm.com) +- Remove duplicate flannel registration (mkumatag@in.ibm.com) + * Wed Aug 24 2016 Scott Dodson <sdodson@redhat.com> 3.3.15-1 - simplify repo configuration (jdetiber@redhat.com) - don't set virt_sandbox_use_nfs on Fedora, it was replaced by virt_use_nfs diff --git a/playbooks/adhoc/metrics_setup/playbooks/install.yml b/playbooks/adhoc/metrics_setup/playbooks/install.yml index 235f775ef..a9ec3c1ef 100644 --- a/playbooks/adhoc/metrics_setup/playbooks/install.yml +++ b/playbooks/adhoc/metrics_setup/playbooks/install.yml @@ -16,21 +16,30 @@ - name: "Add metrics-deployer" command: "{{item}}" + run_once: true + register: output + failed_when: ('already exists' not in output.stderr) and (output.rc != 0) with_items: - oc project openshift-infra - oc create -f /tmp/metrics-deployer-setup.yaml - name: "Give metrics-deployer SA permissions" command: "oadm policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer" + run_once: true - name: "Give heapster SA permissions" command: "oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:openshift-infra:heapster" + run_once: true - name: "Create metrics-deployer secret" command: "oc secrets new metrics-deployer nothing=/dev/null" + register: output + failed_when: ('already exists' not in output.stderr) and (output.rc != 0) + run_once: true - name: "Copy metrics.yaml to remote" copy: "src=../files/metrics.yaml dest=/tmp/metrics.yaml force=yes" - name: "Process yml template" shell: "oc process -f /tmp/metrics.yaml -v MASTER_URL={{ masterPublicURL }},REDEPLOY=true,HAWKULAR_METRICS_HOSTNAME={{ metrics_external_service }},IMAGE_PREFIX={{ metrics_image_prefix }},IMAGE_VERSION={{ metrics_image_version }},USE_PERSISTENT_STORAGE=false | oc create -f -" + run_once: true
\ No newline at end of file diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml index 00a7da4a9..c752bcff1 100644 --- a/roles/cockpit-ui/tasks/main.yml +++ b/roles/cockpit-ui/tasks/main.yml @@ -36,7 +36,7 @@ {{ openshift.common.client_binary }} new-app --template=registry-console {{ cockpit_image_prefix }} -p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}" - -p REGISTRY_HOST="{{ docker_registry_route.stdout }}" + -p REGISTRY_HOST="{{ docker_registry_route.stdout }}:80" -p COCKPIT_KUBE_URL="{{ registry_console_cockpit_kube_url.stdout }}" -n default register: deploy_registry_console diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml index 6111d1207..e217e37ea 100644 --- a/roles/openshift_cloud_provider/tasks/main.yml +++ b/roles/openshift_cloud_provider/tasks/main.yml @@ -2,12 +2,8 @@ - name: Set cloud provider facts openshift_facts: role: cloudprovider - openshift_env: "{{ hostvars - | oo_merge_hostvars(vars, inventory_hostname) - | oo_openshift_env }}" - openshift_env_structures: - - 'openshift.cloudprovider.aws.*' - - 'openshift.cloudprovider.openstack.*' + local_facts: + kind: "{{ openshift_cloudprovider_kind | default(None) }}" - name: Create cloudprovider config dir file: diff --git a/roles/openshift_cloud_provider/tasks/openstack.yml b/roles/openshift_cloud_provider/tasks/openstack.yml index c501121e5..f22dd4520 100644 --- a/roles/openshift_cloud_provider/tasks/openstack.yml +++ b/roles/openshift_cloud_provider/tasks/openstack.yml @@ -7,4 +7,4 @@ template: dest: "{{ openshift.common.config_base }}/cloudprovider/openstack.conf" src: openstack.conf.j2 - when: "'auth_url' in openshift.cloudprovider.openstack and 'username' in openshift.cloudprovider.openstack and 'password' in openshift.cloudprovider.openstack and ('tenant_id' in openshift.cloudprovider.openstack or 'tenant_name' in openshift.cloudprovider.openstack)" + when: "openshift_cloudprovider_openstack_auth_url is defined and openshift_cloudprovider_openstack_username is defined and openshift_cloudprovider_openstack_password is defined and (openshift_cloudprovider_openstack_tenant_id is defined or openshift_cloudprovider_openstack_tenant_name is defined)" diff --git a/roles/openshift_cloud_provider/templates/openstack.conf.j2 b/roles/openshift_cloud_provider/templates/openstack.conf.j2 index 8a06b3a08..ce452db24 100644 --- a/roles/openshift_cloud_provider/templates/openstack.conf.j2 +++ b/roles/openshift_cloud_provider/templates/openstack.conf.j2 @@ -1,16 +1,16 @@ [Global] -auth-url = {{ openshift.cloudprovider.openstack.auth_url }} -username = {{ openshift.cloudprovider.openstack.username }} -password = {{ openshift.cloudprovider.openstack.password }} -{% if 'tenant_id' in openshift.cloudprovider.openstack %} -tenant-id = {{ openshift.cloudprovider.openstack.tenant_id }} +auth-url = {{ openshift_cloudprovider_openstack_auth_url }} +username = {{ openshift_cloudprovider_openstack_username }} +password = {{ openshift_cloudprovider_openstack_password }} +{% if openshift_cloudprovider_openstack_tenant_id is defined %} +tenant-id = {{ openshift_cloudprovider_openstack_tenant_id }} {% else %} -tenant-name = {{ openshift.cloudprovider.openstack.tenant_name }} +tenant-name = {{ openshift_cloudprovider_openstack_tenant_name }} {% endif %} -{% if 'region' in openshift.cloudprovider.openstack %} -region = {{ openshift.cloudprovider.openstack.region }} +{% if openshift_cloudprovider_openstack_region is defined %} +region = {{ openshift_cloudprovider_openstack_region }} {% endif %} -{% if 'lb_subnet_id' in openshift.cloudprovider.openstack %} +{% if openshift_cloudprovider_openstack_lb_subnet_id is defined %} [LoadBalancer] -subnet-id = {{ openshift.cloudprovider.openstack.lb_subnet_id }} +subnet-id = {{ openshift_cloudprovider_openstack_lb_subnet_id }} {% endif %} diff --git a/roles/openshift_cloud_provider/vars/main.yml b/roles/openshift_cloud_provider/vars/main.yml index c608e9b54..83bf6edc8 100644 --- a/roles/openshift_cloud_provider/vars/main.yml +++ b/roles/openshift_cloud_provider/vars/main.yml @@ -1,4 +1,4 @@ --- -has_cloudprovider: "{{ 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != None }}" -cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'aws' }}" -cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'openstack' }}" +has_cloudprovider: "{{ openshift_cloudprovider_kind | default(None) != None }}" +cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'aws' }}" +cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'openstack' }}" diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index ece335fbf..6dae98f9f 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -1,7 +1,7 @@ --- - fail: - msg: Flannel can not be used with openshift sdn - when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_flannel | default(false) | bool + msg: Flannel can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use flannel + when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_flannel | default(false) | bool - fail: msg: Nuage sdn can not be used with openshift sdn diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index f598cf8f2..1ad0d93a2 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -9,7 +9,7 @@ XPAAS_VERSION=ose-v1.3.3 ORIGIN_VERSION=${1:-v1.3} EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION} find ${EXAMPLES_BASE} -name '*.json' -delete -find ${EXAMPLES_BASE} -name '*.yaml' -delete +find ${EXAMPLES_BASE} -name '*.yaml' -delete -exclude registry-console.json TEMP=`mktemp -d` pushd $TEMP @@ -29,7 +29,6 @@ unzip cakephp-ex-master.zip unzip application-templates-master.zip cp origin-master/examples/db-templates/* ${EXAMPLES_BASE}/db-templates/ cp origin-master/examples/jenkins/jenkins-*template.json ${EXAMPLES_BASE}/quickstart-templates/ -cp origin-master/examples/jenkins/pipeline/jenkinstemplate.json ${EXAMPLES_BASE}/quickstart-templates/ cp origin-master/examples/image-streams/* ${EXAMPLES_BASE}/image-streams/ cp django-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ cp rails-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/README.md b/roles/openshift_examples/files/examples/v1.3/db-templates/README.md index 609f4dec9..c66bdb8bf 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/README.md +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/README.md @@ -38,35 +38,11 @@ Replace `/path/to/template.json` with an appropriate path, that can be either a local path or an URL. Example: $ oc new-app https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json - --> Deploying template mongodb-ephemeral for "https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json" - With parameters: - DATABASE_SERVICE_NAME=mongodb - MONGODB_USER=userJNX # generated - MONGODB_PASSWORD=tnEDilMVrgjp5AI2 # generated - MONGODB_DATABASE=sampledb - MONGODB_ADMIN_PASSWORD=8bYEs8OlNYhVyMBs # generated - --> Creating resources ... - Service "mongodb" created - DeploymentConfig "mongodb" created - --> Success - Run 'oc status' to view your app. The parameters listed in the output above can be tweaked by specifying values in the command line with the `-p` option: $ oc new-app examples/db-templates/mongodb-ephemeral-template.json -p DATABASE_SERVICE_NAME=mydb -p MONGODB_USER=default - --> Deploying template mongodb-ephemeral for "examples/db-templates/mongodb-ephemeral-template.json" - With parameters: - DATABASE_SERVICE_NAME=mydb - MONGODB_USER=default - MONGODB_PASSWORD=RPvMbWlQFOevSowQ # generated - MONGODB_DATABASE=sampledb - MONGODB_ADMIN_PASSWORD=K7tIjDxDHHYCvFrJ # generated - --> Creating resources ... - Service "mydb" created - DeploymentConfig "mydb" created - --> Success - Run 'oc status' to view your app. Note that the persistent template requires an existing persistent volume, otherwise the deployment won't ever succeed. diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json index f85e7e537..ab4982690 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json @@ -126,9 +126,9 @@ }, "spec": { "strategy": { - "type": "Rolling", + "type": "Recreate", "recreateParams": { - "pre": { + "pre": { "failurePolicy": "Retry", "execNewPod": { "command": [ diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json index 4f565206f..e8e361415 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json @@ -5,12 +5,12 @@ "name": "jenkins-ephemeral", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, without persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "description": "Jenkins service, without persistent storage.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, - "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.", + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -26,6 +26,7 @@ }, "tls": { "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" @@ -75,6 +76,7 @@ } }, "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", "containers": [ { "name": "jenkins", @@ -89,7 +91,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 60, + "initialDelaySeconds": 120, "httpGet": { "path": "/login", "port": 8080 @@ -99,6 +101,18 @@ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" } ], "resources": { @@ -136,19 +150,42 @@ } }, { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null + "name": "${JNLP_SERVICE_NAME}" }, "spec": { "ports": [ { - "name": "web", + "name": "agent", "protocol": "TCP", - "port": 8080, - "targetPort": 8080, + "port": 50000, + "targetPort": 50000, "nodePort": 0 } ], @@ -159,6 +196,35 @@ "type": "ClusterIP", "sessionAffinity": "None" } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ @@ -169,6 +235,12 @@ "value": "jenkins" }, { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json index eda826a5b..e4a18961e 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json @@ -5,12 +5,12 @@ "name": "jenkins-persistent", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, with persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nYou must have persistent volumes available in your cluster to use this template.", + "description": "Jenkins service, with persistent storage.\nYou must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, - "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.", + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -26,6 +26,7 @@ }, "tls": { "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" @@ -92,6 +93,7 @@ } }, "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", "containers": [ { "name": "jenkins", @@ -106,7 +108,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 60, + "initialDelaySeconds": 120, "httpGet": { "path": "/login", "port": 8080 @@ -116,6 +118,18 @@ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" } ], "resources": { @@ -153,19 +167,42 @@ } }, { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null + "name": "${JNLP_SERVICE_NAME}" }, "spec": { "ports": [ { - "name": "web", + "name": "agent", "protocol": "TCP", - "port": 8080, - "targetPort": 8080, + "port": 50000, + "targetPort": 50000, "nodePort": 0 } ], @@ -176,6 +213,35 @@ "type": "ClusterIP", "sessionAffinity": "None" } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ @@ -186,6 +252,12 @@ "value": "jenkins" }, { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkinstemplate.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkinstemplate.json deleted file mode 100644 index fc409f709..000000000 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkinstemplate.json +++ /dev/null @@ -1,256 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "jenkins", - "creationTimestamp": null, - "annotations": { - "description": "Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", - "iconClass": "icon-jenkins", - "tags": "instant-app,jenkins" - } - }, - "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.", - "objects": [ - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "jenkins", - "creationTimestamp": null - }, - "spec": { - "to": { - "kind": "Service", - "name": "${JENKINS_SERVICE_NAME}" - }, - "tls": { - "termination": "edge", - "insecureEdgeTerminationPolicy": "Redirect", - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", - "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", - "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "jenkins" - ], - "from": { - "kind": "ImageStreamTag", - "name": "jenkins:1", - "namespace": "openshift" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "name": "${JENKINS_SERVICE_NAME}" - } - }, - "spec": { - "serviceAccountName": "${JENKINS_SERVICE_NAME}", - "containers": [ - { - "name": "jenkins", - "image": " ", - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/login", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 120, - "httpGet": { - "path": "/login", - "port": 8080 - } - }, - "env": [ - { - "name": "JENKINS_PASSWORD", - "value": "${JENKINS_PASSWORD}" - }, - { - "name": "KUBERNETES_MASTER", - "value": "https://kubernetes.default:443" - }, - { - "name": "KUBERNETES_TRUST_CERTIFICATES", - "value": "true" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, - "volumeMounts": [ - { - "name": "${JENKINS_SERVICE_NAME}-data", - "mountPath": "/var/lib/jenkins" - } - ], - "terminationMessagePath": "/dev/termination-log", - "imagePullPolicy": "IfNotPresent", - "capabilities": {}, - "securityContext": { - "capabilities": {}, - "privileged": false - } - } - ], - "volumes": [ - { - "name": "${JENKINS_SERVICE_NAME}-data", - "emptyDir": { - "medium": "" - } - } - ], - "restartPolicy": "Always", - "dnsPolicy": "ClusterFirst" - } - } - } - }, - { - "kind": "ServiceAccount", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}" - } - }, - { - "kind": "RoleBinding", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}_edit" - }, - "groupNames": null, - "subjects": [ - { - "kind": "ServiceAccount", - "name": "${JENKINS_SERVICE_NAME}" - } - ], - "roleRef": { - "name": "edit" - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "jenkins-jnlp" - }, - "spec": { - "ports": [ - { - "name": "agent", - "protocol": "TCP", - "port": 50000, - "targetPort": 50000, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "annotations": { - "service.alpha.openshift.io/dependencies": "[{\"name\": \"jenkins-jnlp\", \"namespace\": \"\", \"kind\": \"Service\"}]", - "service.openshift.io/infrastructure": "true" - }, - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "web", - "protocol": "TCP", - "port": 80, - "targetPort": 8080, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - } - ], - "parameters": [ - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "value": "openshift" - }, - { - "name": "JENKINS_SERVICE_NAME", - "displayName": "Jenkins Service Name", - "description": "The name of the OpenShift Service exposed for the Jenkins container.", - "value": "jenkins" - }, - { - "name": "JENKINS_PASSWORD", - "displayName": "Jenkins Password", - "description": "Password for the Jenkins 'admin' user.", - "generate": "expression", - "from": "[a-zA-Z0-9]{16}", - "required": true - } - ], - "labels": { - "template": "jenkins-pipeline-template" - } -} diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index 0c0c7e61e..56110c28f 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -45,6 +45,13 @@ failed_when: false changed_when: false +- name: Preserve Master API AWS options + command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-api + register: master_api_aws + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + failed_when: false + changed_when: false + - name: Create the master api service env file template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2" @@ -62,13 +69,29 @@ line: "{{ item }}" with_items: "{{ master_api_proxy.stdout_lines | default([]) }}" +- name: Restore Master API AWS Options + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + and master_api_aws.rc == 0 and + not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api + line: "{{ item }}" + with_items: "{{ master_api_aws.stdout_lines | default([]) }}" + - name: Preserve Master Controllers Proxy Config options - command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api + command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers register: master_controllers_proxy when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" failed_when: false changed_when: false +- name: Preserve Master Controllers AWS options + command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + register: master_controllers_aws + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + failed_when: false + changed_when: false + - name: Create the master controllers service env file template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2" @@ -86,6 +109,15 @@ when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" and master_controllers_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common +- name: Restore Master Controllers AWS Options + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + line: "{{ item }}" + with_items: "{{ master_controllers_aws.stdout_lines | default([]) }}" + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + and master_controllers_aws.rc == 0 and + not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) + - name: Install Master docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" @@ -99,6 +131,12 @@ failed_when: false changed_when: false +- name: Preserve Master AWS options + command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master + register: master_aws + failed_when: false + changed_when: false + - name: Create the master service env file template: src: "atomic-openshift-master.j2" @@ -113,3 +151,10 @@ line: "{{ item }}" with_items: "{{ master_proxy.stdout_lines | default([]) }}" when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common + +- name: Restore Master AWS Options + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master + line: "{{ item }}" + with_items: "{{ master_aws.stdout_lines | default([]) }}" + when: master_aws.rc == 0 and not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 75d44d308..10eaeb401 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_image_tag }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} -AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} -AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined %} +AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} {% if 'api_env_vars' in openshift.master or 'controllers_env_vars' in openshift.master -%} diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 index df1dbb85e..eef0f414e 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 @@ -12,7 +12,7 @@ Requires=docker.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api Environment=GOTRACEBACK=crash ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api LimitNOFILE=131072 diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 index 5ff2edae4..a8f5d7351 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 @@ -11,7 +11,7 @@ PartOf=docker.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers Environment=GOTRACEBACK=crash ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers LimitNOFILE=131072 diff --git a/roles/openshift_master/templates/master_docker/master.docker.service.j2 b/roles/openshift_master/templates/master_docker/master.docker.service.j2 index 97f698b68..be7644710 100644 --- a/roles/openshift_master/templates/master_docker/master.docker.service.j2 +++ b/roles/openshift_master/templates/master_docker/master.docker.service.j2 @@ -8,7 +8,7 @@ Wants=etcd_container.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master Restart=always diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 41308bd81..43fb3cafa 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_image_tag }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} -AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} -AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined %} +AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} {% if 'api_env_vars' in openshift.master -%} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 37a5d75f2..6d26a69eb 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_image_tag }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} -AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} -AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_access_key is defined %} +AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} {% if 'controllers_env_vars' in openshift.master -%} diff --git a/roles/openshift_metrics/tasks/install.yml b/roles/openshift_metrics/tasks/install.yml index 2fbb7d606..ea4f61ccd 100644 --- a/roles/openshift_metrics/tasks/install.yml +++ b/roles/openshift_metrics/tasks/install.yml @@ -74,7 +74,7 @@ HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }}{{ image_prefix }}{{ image_version }},MODE={{ deployment_mode }} \ | {{ openshift.common.client_binary }} --namespace openshift-infra \ --config={{ openshift_metrics_kubeconfig }} \ - create -f -" + create -o name -f -" - name: Deploy Metrics shell: "{{ deployer_cmd }}" diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 8a6712468..ad04bc355 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -33,10 +33,9 @@ | default('hawkular-metrics.' ~ (openshift.master.default_subdomain | default(openshift_master_default_subdomain ))) | oo_hostname_from_url }}" - metrics_persistence: True - #"{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}" + metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}" metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}" - metrics_template_dir: "/usr/share/openshift/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" + metrics_template_dir: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" cassandra_nodes: "{{ ',CASSANDRA_NODES=' ~ openshift.hosted.metrics.cassandra_nodes if 'cassandra' in openshift.hosted.metrics else '' }}" cassandra_pv_size: "{{ ',CASSANDRA_PV_SIZE=' ~ openshift.hosted.metrics.storage_volume_size if openshift.hosted.metrics.storage_volume_size | default(none) is not none else '' }}" image_prefix: "{{ ',IMAGE_PREFIX=' ~ openshift.hosted.metrics.deployer_prefix if 'deployer_prefix' in openshift.hosted.metrics else '' }}" diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 228c29b6c..dc36b542d 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -83,10 +83,10 @@ create: true with_items: - regex: '^AWS_ACCESS_KEY_ID=' - line: "AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}" + line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }}" - regex: '^AWS_SECRET_ACCESS_KEY=' - line: "AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}" - when: "'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws" + line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }}" + when: "openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined" notify: - restart node diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index e33b665ca..3b5865a50 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -15,7 +15,7 @@ After={{ openshift.common.service_type }}-node-dep.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node -ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION} +ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node SyslogIdentifier={{ openshift.common.service_type }}-node |