summaryrefslogtreecommitdiffstats
path: root/playbooks
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks')
-rw-r--r--playbooks/adhoc/uninstall.yml11
-rw-r--r--playbooks/aws/openshift-cluster/tasks/launch_instances.yml19
-rw-r--r--playbooks/aws/openshift-cluster/templates/user_data.j211
-rw-r--r--playbooks/common/openshift-etcd/config.yml2
-rw-r--r--playbooks/common/openshift-master/config.yml62
-rw-r--r--playbooks/common/openshift-node/config.yml4
-rw-r--r--playbooks/gce/openshift-cluster/launch.yml4
-rw-r--r--playbooks/gce/openshift-cluster/tasks/launch_instances.yml4
-rw-r--r--playbooks/gce/openshift-cluster/vars.yml3
9 files changed, 85 insertions, 35 deletions
diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml
index 565bb20a8..538414508 100644
--- a/playbooks/adhoc/uninstall.yml
+++ b/playbooks/adhoc/uninstall.yml
@@ -111,12 +111,12 @@
- atomic-enterprise
- origin
- - shell: docker ps -a | grep Exited | grep "{{ item }}" | awk '{print $1}'
+ - shell: docker ps -a | grep Exited | egrep "{{ item }}" | awk '{print $1}'
changed_when: False
failed_when: False
register: exited_containers_to_delete
with_items:
- - aep3/aep
+ - aep3.*/aep
- openshift3/ose
- openshift/origin
@@ -125,13 +125,13 @@
failed_when: False
with_items: "{{ exited_containers_to_delete.results }}"
- - shell: docker images | grep {{ item }} | awk '{ print $3 }'
+ - shell: docker images | egrep {{ item }} | awk '{ print $3 }'
changed_when: False
failed_when: False
register: images_to_delete
with_items:
- - registry.access.redhat.com/openshift3
- - registry.access.redhat.com/aep3
+ - registry\.access\..*redhat\.com/openshift3
+ - registry\.access\..*redhat\.com/aep3
- docker.io/openshift
- shell: "docker rmi -f {{ item.stdout_lines | join(' ') }}"
@@ -161,6 +161,7 @@
- /etc/sysconfig/origin-master-api
- /etc/sysconfig/origin-master-controllers
- /etc/sysconfig/origin-node
+ - /etc/systemd/system/atomic-openshift-node.service.wants
- /root/.kube
- /run/openshift-sdn
- /usr/share/openshift/examples
diff --git a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml
index 9c699120b..22c617fea 100644
--- a/playbooks/aws/openshift-cluster/tasks/launch_instances.yml
+++ b/playbooks/aws/openshift-cluster/tasks/launch_instances.yml
@@ -20,10 +20,6 @@
| default(deployment_vars[deployment_type].image, true) }}"
when: ec2_image is not defined and not ec2_image_name
- set_fact:
- ec2_instance_type: "{{ lookup('env', 'ec2_instance_type')
- | default(deployment_vars[deployment_type].type, true) }}"
- when: ec2_instance_type is not defined
-- set_fact:
ec2_keypair: "{{ lookup('env', 'ec2_keypair')
| default(deployment_vars[deployment_type].keypair, true) }}"
when: ec2_keypair is not defined
@@ -37,25 +33,25 @@
when: ec2_assign_public_ip is not defined
- set_fact:
- ec2_instance_type: "{{ ec2_master_instance_type | default(deployment_vars[deployment_type].type, true) }}"
+ ec2_instance_type: "{{ ec2_master_instance_type | default(lookup('env', 'ec2_master_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}"
ec2_security_groups: "{{ ec2_master_security_groups
| default(deployment_vars[deployment_type].security_groups, true) }}"
when: host_type == "master" and sub_host_type == "default"
- set_fact:
- ec2_instance_type: "{{ ec2_etcd_instance_type | default(deployment_vars[deployment_type].type, true) }}"
+ ec2_instance_type: "{{ ec2_etcd_instance_type | default(lookup('env', 'ec2_etcd_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}"
ec2_security_groups: "{{ ec2_etcd_security_groups
| default(deployment_vars[deployment_type].security_groups, true)}}"
when: host_type == "etcd" and sub_host_type == "default"
- set_fact:
- ec2_instance_type: "{{ ec2_infra_instance_type | default(deployment_vars[deployment_type].type, true) }}"
+ ec2_instance_type: "{{ ec2_infra_instance_type | default(lookup('env', 'ec2_infra_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}"
ec2_security_groups: "{{ ec2_infra_security_groups
| default(deployment_vars[deployment_type].security_groups, true) }}"
when: host_type == "node" and sub_host_type == "infra"
- set_fact:
- ec2_instance_type: "{{ ec2_node_instance_type | default(deployment_vars[deployment_type].type, true) }}"
+ ec2_instance_type: "{{ ec2_node_instance_type | default(lookup('env', 'ec2_node_instance_type') | default(lookup('env', 'ec2_instance_type') | default(deployment_vars[deployment_type].type))) }}"
ec2_security_groups: "{{ ec2_node_security_groups
| default(deployment_vars[deployment_type].security_groups, true) }}"
when: host_type == "node" and sub_host_type == "compute"
@@ -81,7 +77,6 @@
- set_fact:
latest_ami: "{{ ami_result.results | oo_ami_selector(ec2_image_name) }}"
- user_data: "{{ lookup('template', '../templates/user_data.j2') }}"
volume_defs:
etcd:
root:
@@ -97,6 +92,10 @@
volume_size: "{{ lookup('env', 'os_master_root_vol_size') | default(25, true) }}"
device_type: "{{ lookup('env', 'os_master_root_vol_type') | default('gp2', true) }}"
iops: "{{ lookup('env', 'os_master_root_vol_iops') | default(500, true) }}"
+ docker:
+ volume_size: "{{ lookup('env', 'os_docker_vol_size') | default(10, true) }}"
+ device_type: "{{ lookup('env', 'os_docker_vol_type') | default('gp2', true) }}"
+ iops: "{{ lookup('env', 'os_docker_vol_iops') | default(500, true) }}"
node:
root:
volume_size: "{{ lookup('env', 'os_node_root_vol_size') | default(85, true) }}"
@@ -121,7 +120,7 @@
count: "{{ instances | length }}"
vpc_subnet_id: "{{ ec2_vpc_subnet | default(omit, true) }}"
assign_public_ip: "{{ ec2_assign_public_ip | default(omit, true) }}"
- user_data: "{{ user_data }}"
+ user_data: "{{ lookup('template', '../templates/user_data.j2') }}"
wait: yes
instance_tags:
created-by: "{{ created_by }}"
diff --git a/playbooks/aws/openshift-cluster/templates/user_data.j2 b/playbooks/aws/openshift-cluster/templates/user_data.j2
index 82c2f4d57..3621a7d7d 100644
--- a/playbooks/aws/openshift-cluster/templates/user_data.j2
+++ b/playbooks/aws/openshift-cluster/templates/user_data.j2
@@ -1,5 +1,5 @@
#cloud-config
-{% if type =='etcd' %}
+{% if type == 'etcd' and 'etcd' in volume_defs[type] %}
cloud_config_modules:
- disk_setup
- mounts
@@ -19,7 +19,7 @@ fs_setup:
partition: auto
{% endif %}
-{% if type == 'node' %}
+{% if type in ['node', 'master'] and 'docker' in volume_defs[type] %}
mounts:
- [ xvdb ]
- [ ephemeral0 ]
@@ -43,3 +43,10 @@ growpart:
runcmd:
- xfs_growfs /var
{% endif %}
+
+{% if deployment_vars[deployment_type].sudo %}
+- path: /etc/sudoers.d/99-{{ deployment_vars[deployment_type].ssh_user }}-cloud-init-requiretty
+ permissions: 440
+ content: |
+ Defaults:{{ deployment_vars[deployment_type].ssh_user }} !requiretty
+{% endif %}
diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml
index ed23ada88..7d94ced2e 100644
--- a/playbooks/common/openshift-etcd/config.yml
+++ b/playbooks/common/openshift-etcd/config.yml
@@ -24,7 +24,7 @@
- /etc/etcd/ca.crt
register: g_etcd_server_cert_stat_result
- set_fact:
- etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | map(attribute='stat.exists')
+ etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | oo_collect(attribute='stat.exists')
| list | intersect([false])}}"
etcd_cert_subdir: etcd-{{ openshift.common.hostname }}
etcd_cert_config_dir: /etc/etcd
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index b1da85d5d..902fde956 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -60,7 +60,7 @@
register: g_external_etcd_cert_stat_result
- set_fact:
etcd_client_certs_missing: "{{ g_external_etcd_cert_stat_result.results
- | map(attribute='stat.exists')
+ | oo_collect(attribute='stat.exists')
| list | intersect([false])}}"
etcd_cert_subdir: openshift-master-{{ openshift.common.hostname }}
etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
@@ -157,7 +157,7 @@
register: g_master_cert_stat_result
- set_fact:
master_certs_missing: "{{ False in (g_master_cert_stat_result.results
- | map(attribute='stat.exists')
+ | oo_collect(attribute='stat.exists')
| list ) }}"
master_cert_subdir: master-{{ openshift.common.hostname }}
master_cert_config_dir: "{{ openshift.common.config_base }}/master"
@@ -204,14 +204,6 @@
validate_checksum: yes
with_items: masters_needing_certs
-- name: Inspect named certificates
- hosts: oo_first_master
- tasks:
- - name: Collect certificate names
- set_fact:
- parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}"
- when: openshift_master_named_certificates is defined
-
- name: Compute haproxy_backend_servers
hosts: localhost
connection: local
@@ -265,18 +257,62 @@
- set_fact:
session_auth_secret: "{{ openshift_master_session_auth_secrets
| default(session_auth_output.results
- | map(attribute='stdout')
+ | oo_collect(attribute='stdout')
| list) }}"
session_encryption_secret: "{{ openshift_master_session_encryption_secrets
| default(session_encryption_output.results
- | map(attribute='stdout')
+ | oo_collect(attribute='stdout')
| list) }}"
+- name: Parse named certificates
+ hosts: localhost
+ vars:
+ internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}"
+ named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}"
+ named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].master_cert_config_dir }}/named_certificates/"
+ tasks:
+ - set_fact:
+ parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}"
+ when: named_certificates | length > 0
+
+- name: Deploy named certificates
+ hosts: oo_masters_to_config
+ vars:
+ named_certs_dir: "{{ master_cert_config_dir }}/named_certificates/"
+ named_certs_specified: "{{ openshift_master_named_certificates is defined }}"
+ overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}"
+ roles:
+ - role: openshift_facts
+ post_tasks:
+ - openshift_facts:
+ role: master
+ local_facts:
+ named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}"
+ additive_facts_to_overwrite:
+ - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}"
+ - name: Clear named certificates
+ file:
+ path: "{{ named_certs_dir }}"
+ state: absent
+ when: overwrite_named_certs | bool
+ - name: Ensure named certificate directory exists
+ file:
+ path: "{{ named_certs_dir }}"
+ state: directory
+ when: named_certs_specified | bool
+ - name: Land named certificates
+ copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}"
+ with_items: openshift_master_named_certificates
+ when: named_certs_specified | bool
+ - name: Land named certificate keys
+ copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}"
+ with_items: openshift_master_named_certificates
+ when: named_certs_specified | bool
+
- name: Configure master instances
hosts: oo_masters_to_config
serial: 1
vars:
- named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}"
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
openshift_master_count: "{{ groups.oo_masters_to_config | length }}"
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 8da9e231f..2b6171cb3 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -33,7 +33,7 @@
- server.crt
register: stat_result
- set_fact:
- certs_missing: "{{ stat_result.results | map(attribute='stat.exists')
+ certs_missing: "{{ stat_result.results | oo_collect(attribute='stat.exists')
| list | intersect([false])}}"
node_subdir: node-{{ openshift.common.hostname }}
config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}"
@@ -48,7 +48,7 @@
when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
- set_fact:
etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results
- | map(attribute='stat.exists')
+ | oo_collect(attribute='stat.exists')
| list | intersect([false])}}"
etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }}
etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
diff --git a/playbooks/gce/openshift-cluster/launch.yml b/playbooks/gce/openshift-cluster/launch.yml
index 8be5d53e7..d6ef57c45 100644
--- a/playbooks/gce/openshift-cluster/launch.yml
+++ b/playbooks/gce/openshift-cluster/launch.yml
@@ -16,6 +16,8 @@
cluster: "{{ cluster_id }}"
type: "{{ k8s_type }}"
g_sub_host_type: "default"
+ gce_machine_type: "{{ lookup('env', 'gce_machine_master_type') | default(lookup('env', 'gce_machine_type'), true) }}"
+ gce_machine_image: "{{ lookup('env', 'gce_machine_master_image') | default(lookup('env', 'gce_machine_image'), true) }}"
- include: ../../common/openshift-cluster/tasks/set_node_launch_facts.yml
vars:
@@ -27,6 +29,8 @@
cluster: "{{ cluster_id }}"
type: "{{ k8s_type }}"
g_sub_host_type: "{{ sub_host_type }}"
+ gce_machine_type: "{{ lookup('env', 'gce_machine_node_type') | default(lookup('env', 'gce_machine_type'), true) }}"
+ gce_machine_image: "{{ lookup('env', 'gce_machine_node_image') | default(lookup('env', 'gce_machine_image'), true) }}"
- include: ../../common/openshift-cluster/tasks/set_node_launch_facts.yml
vars:
diff --git a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml
index c428cb465..de8a75b18 100644
--- a/playbooks/gce/openshift-cluster/tasks/launch_instances.yml
+++ b/playbooks/gce/openshift-cluster/tasks/launch_instances.yml
@@ -5,8 +5,8 @@
- name: Launch instance(s)
gce:
instance_names: "{{ instances }}"
- machine_type: "{{ lookup('env', 'gce_machine_type') | default('n1-standard-1', true) }}"
- image: "{{ lookup('env', 'gce_machine_image') | default(deployment_vars[deployment_type].image, true) }}"
+ machine_type: "{{ gce_machine_type | default(deployment_vars[deployment_type].machine_type, true) }}"
+ image: "{{ gce_machine_image | default(deployment_vars[deployment_type].image, true) }}"
service_account_email: "{{ lookup('env', 'gce_service_account_email_address') }}"
pem_file: "{{ lookup('env', 'gce_service_account_pem_file_path') }}"
project_id: "{{ lookup('env', 'gce_project_id') }}"
diff --git a/playbooks/gce/openshift-cluster/vars.yml b/playbooks/gce/openshift-cluster/vars.yml
index 6de007807..a8ce8eb22 100644
--- a/playbooks/gce/openshift-cluster/vars.yml
+++ b/playbooks/gce/openshift-cluster/vars.yml
@@ -5,13 +5,16 @@ sdn_network_plugin: redhat/openshift-ovs-subnet
deployment_vars:
origin:
image: preinstalled-slave-50g-v5
+ machine_type: n1-standard-1
ssh_user: root
sudo: yes
online:
image: libra-rhel7
+ machine_type: n1-standard-1
ssh_user: root
sudo: no
enterprise:
image: rhel-7
+ machine_type: n1-standard-1
ssh_user:
sudo: yes
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 13:28:52 +0000