1 files changed, 139 insertions, 97 deletions

diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index bd35008b8..4824eeef3 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -1,6 +1,12 @@
 ---
 - name: Gather and set facts for node hosts
   hosts: oo_nodes_to_config
+  vars:
+    t_oo_option_node_debug_level: "{{ lookup('oo_option', 'openshift_node_debug_level') }}"
+  pre_tasks:
+  - set_fact:
+      openshift_node_debug_level: "{{ t_oo_option_node_debug_level }}"
+    when: openshift_node_debug_level is not defined and t_oo_option_node_debug_level != ""
   roles:
   - openshift_facts
   tasks:
@@ -8,40 +14,16 @@
   # configured, we need to make sure to set the node properties beforehand if
   # we do not want the defaults
   - openshift_facts:
-      role: "{{ item.role }}"
-      local_facts: "{{ item.local_facts }}"
-    with_items:
-      - role: common
-        local_facts:
-          hostname: "{{ openshift_hostname | default(None) }}"
-          public_hostname: "{{ openshift_public_hostname | default(None) }}"
-          deployment_type: "{{ openshift_deployment_type }}"
-      - role: node
-        local_facts:
-          labels: "{{ openshift_node_labels | default(None) }}"
-          annotations: "{{ openshift_node_annotations | default(None) }}"
-  - name: Check status of node certificates
-    stat:
-      path: "/etc/openshift/node/{{ item }}"
-    with_items:
-    - "system:node:{{ openshift.common.hostname }}.crt"
-    - "system:node:{{ openshift.common.hostname }}.key"
-    - "system:node:{{ openshift.common.hostname }}.kubeconfig"
-    - ca.crt
-    - server.key
-    - server.crt
-    register: stat_result
-  - set_fact:
-      certs_missing: "{{ stat_result.results | map(attribute='stat.exists')
-                         | list | intersect([false])}}"
-      node_subdir: node-{{ openshift.common.hostname }}
-      config_dir: /etc/openshift/generated-configs/node-{{ openshift.common.hostname }}
-      node_cert_dir: /etc/openshift/node
+      role: node
+      local_facts:
+        labels: "{{ openshift_node_labels | default(None) }}"
+        annotations: "{{ openshift_node_annotations | default(None) }}"
+        schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}"
 
 - name: Create temp directory for syncing certs
   hosts: localhost
   connection: local
-  sudo: false
+  become: no
   gather_facts: no
   tasks:
   - name: Create local temp directory for syncing certs
@@ -49,58 +31,114 @@
     register: mktemp
     changed_when: False
 
-- name: Create node certificates
-  hosts: oo_first_master
+- name: Evaluate node groups
+  hosts: localhost
+  become: no
+  connection: local
+  tasks:
+  - name: Evaluate oo_containerized_master_nodes
+    add_host:
+      name: "{{ item }}"
+      groups: oo_containerized_master_nodes
+      ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
+      ansible_become: "{{ g_sudo | default(omit) }}"
+    with_items: "{{ groups.oo_nodes_to_config | default([]) }}"
+    when: hostvars[item].openshift.common is defined and hostvars[item].openshift.common.is_containerized | bool and (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config)
+
+- name: Configure containerized nodes
+  hosts: oo_containerized_master_nodes
+  serial: 1
   vars:
-    nodes_needing_certs: "{{ hostvars
-                             | oo_select_keys(groups['oo_nodes_to_config']
-                                              | default([]))
-                             | oo_filter_list(filter_attr='certs_missing') }}"
-    sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
+    openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
+    openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
+    openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
+    openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']
+                                                    | union(groups['oo_masters_to_config'])
+                                                    | union(groups['oo_etcd_to_config'] | default([])))
+                                                | oo_collect('openshift.common.hostname') | default([]) | join (',')
+                                                }}"
+    when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
+            openshift_generate_no_proxy_hosts | default(True) | bool }}"
   roles:
-  - openshift_node_certificates
-  post_tasks:
-  - name: Create a tarball of the node config directories
-    command: >
-      tar -czvf {{ item.config_dir }}.tgz
-        --transform 's|system:{{ item.node_subdir }}|node|'
-        -C {{ item.config_dir }} .
-    args:
-      creates: "{{ item.config_dir }}.tgz"
-    with_items: nodes_needing_certs
+  - role: openshift_common
+  - role: openshift_clock
+  - role: openshift_docker
+  - role: openshift_node_certificates
+    openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+  - role: openshift_cloud_provider
+  - role: openshift_node_dnsmasq
+    when: openshift.common.use_dnsmasq | bool
+  - role: os_firewall
+    os_firewall_allow:
+    - service: Kubernetes kubelet
+      port: 10250/tcp
+    - service: http
+      port: 80/tcp
+    - service: https
+      port: 443/tcp
+    - service: Openshift kubelet ReadOnlyPort
+      port: 10255/tcp
+    - service: Openshift kubelet ReadOnlyPort udp
+      port: 10255/udp
+    - service: OpenShift OVS sdn
+      port: 4789/udp
+      when: openshift.node.use_openshift_sdn | bool
+  - role: openshift_node
 
-  - name: Retrieve the node config tarballs from the master
-    fetch:
-      src: "{{ item.config_dir }}.tgz"
-      dest: "{{ sync_tmpdir }}/"
-      flat: yes
-      fail_on_missing: yes
-      validate_checksum: yes
-    with_items: nodes_needing_certs
+- name: Configure nodes
+  hosts: oo_nodes_to_config:!oo_containerized_master_nodes
+  vars:
+    openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
+    openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
+    openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
+    openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']
+                                                    | union(groups['oo_masters_to_config'])
+                                                    | union(groups['oo_etcd_to_config'] | default([])))
+                                                | oo_collect('openshift.common.hostname') | default([]) | join (',')
+                                                }}"
+    when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
+            openshift_generate_no_proxy_hosts | default(True) | bool }}"
+  roles:
+  - role: openshift_common
+  - role: openshift_clock
+  - role: openshift_docker
+  - role: openshift_node_certificates
+    openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+  - role: openshift_cloud_provider
+  - role: openshift_node_dnsmasq
+    when: openshift.common.use_dnsmasq | bool
+  - role: os_firewall
+    os_firewall_allow:
+    - service: Kubernetes kubelet
+      port: 10250/tcp
+    - service: http
+      port: 80/tcp
+    - service: https
+      port: 443/tcp
+    - service: Openshift kubelet ReadOnlyPort
+      port: 10255/tcp
+    - service: Openshift kubelet ReadOnlyPort udp
+      port: 10255/udp
+    - service: OpenShift OVS sdn
+      port: 4789/udp
+      when: openshift.node.use_openshift_sdn | bool
+  - role: openshift_node
 
-- name: Configure node instances
+- name: Additional node config
   hosts: oo_nodes_to_config
   vars:
-    sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
     openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
-  pre_tasks:
-  - name: Ensure certificate directory exists
-    file:
-      path: "{{ node_cert_dir }}"
-      state: directory
-
-  # TODO: notify restart openshift-node
-  # possibly test service started time against certificate/config file
-  # timestamps in openshift-node to trigger notify
-  - name: Unarchive the tarball on the node
-    unarchive:
-      src: "{{ sync_tmpdir }}/{{ node_subdir }}.tgz"
-      dest: "{{ node_cert_dir }}"
-    when: certs_missing
   roles:
-  - openshift_node
-  - role: fluentd_node
-    when: openshift.common.use_fluentd | bool
+  - role: flannel
+    etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}"
+    embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
+    etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+    etcd_cert_subdir: "openshift-node-{{ openshift.common.hostname }}"
+    etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
+    when: openshift.common.use_flannel | bool
+  - role: nuage_node
+    when: openshift.common.use_nuage | bool
+  - role: nickhammond.logrotate
   tasks:
   - name: Create group for deployment type
     group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }}
@@ -109,36 +147,40 @@
 - name: Delete temporary directory on localhost
   hosts: localhost
   connection: local
-  sudo: false
+  become: no
   gather_facts: no
   tasks:
   - file: name={{ mktemp.stdout }} state=absent
     changed_when: False
 
-# Additional config for online type deployments
-- name: Additional instance config
-  hosts: oo_nodes_deployment_type_online
-  gather_facts: no
-  roles:
-  - os_env_extras
-  - os_env_extras_node
-
-- name: Set scheduleability
+- name: Set node schedulability
   hosts: oo_first_master
   vars:
-    openshift_nodes: "{{ hostvars
-                         | oo_select_keys(groups['oo_nodes_to_config'])
-                         | oo_collect('openshift.common.hostname') }}"
-    openshift_unscheduleable_nodes: "{{ hostvars
-                                        | oo_select_keys(groups['oo_nodes_to_config']
-                                                         | default([]))
-                                        | oo_collect('openshift.common.hostname', {'openshift_scheduleable': False}) }}"
+    openshift_nodes: "{{ groups.oo_nodes_to_config | default([]) }}"
   pre_tasks:
-  - set_fact:
-      openshift_scheduleable_nodes: "{{ hostvars
-                                      | oo_select_keys(groups['oo_nodes_to_config']
-                                                       | default([]))
-                                      | oo_collect('openshift.common.hostname')
-                                      | difference(openshift_unscheduleable_nodes) }}"
+  # Necessary because when you're on a node that's also a master the master will be
+  # restarted after the node restarts docker and it will take up to 60 seconds for
+  # systemd to start the master again
+  - name: Wait for master API to become available before proceeding
+    # Using curl here since the uri module requires python-httplib2 and
+    # wait_for port doesn't provide health information.
+    command: >
+      curl --silent --tlsv1.2
+      {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+      --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+      {% else %}
+      --cacert {{ openshift.common.config_base }}/master/ca.crt
+      {% endif %}
+      {{ openshift.master.api_url }}/healthz/ready
+    args:
+      # Disables the following warning:
+      # Consider using get_url or uri module rather than running curl
+      warn: no
+    register: api_available_output
+    until: api_available_output.stdout == 'ok'
+    retries: 120
+    delay: 1
+    changed_when: false
+    when: openshift.common.is_containerized | bool
   roles:
   - openshift_manage_node