From a0b6fc7db1be2cf6190d982f90e96f4c39a4c699 Mon Sep 17 00:00:00 2001
From: Tobias Florek <tob@butter.sh>
Date: Wed, 23 Sep 2015 13:51:41 +0200
Subject: Initial containerization work from @ibotty

copied from https://github.com/eparis/kubernetes-ansible/blob/17f98edd7ff53e649b43e26822b8fbc0be42b233/roles/common/tasks/main.yml
---
 roles/openshift_node/tasks/main.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'roles/openshift_node/tasks')

diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 38bffc2e5..8607aa3fb 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -4,6 +4,10 @@
     msg: "SELinux is disabled, This deployment type requires that SELinux is enabled."
   when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise']
 
+- fail:
+    msg: "This playbook does not support using SDN on atomic hosts yet"
+  when: openshift.common.use_openshift_sdn and is_atomic
+
 - name: Set node facts
   openshift_facts:
     role: "{{ item.role }}"
@@ -38,10 +42,11 @@
 # problems because the rpms don't pin the version properly.
 - name: Install Node package
   action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version  }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version  }} state=present"
+  when: not is_atomic
 
 - name: Install sdn-ovs package
   action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present"
-  when: openshift.common.use_openshift_sdn
+  when: openshift.common.use_openshift_sdn and not is_atomic
 
 # TODO: add the validate parameter when there is a validation command to run
 - name: Create the Node config
@@ -57,6 +62,7 @@
     dest: /etc/sysconfig/{{ openshift.common.service_type }}-node
     regexp: "{{ item.regex }}"
     line: "{{ item.line }}"
+    create: true
   with_items:
     - regex: '^OPTIONS='
       line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}"
-- 
cgit v1.2.3


From 8e7c5c970b8adc83fd6d5cad115f4edb06b36d98 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Mon, 5 Oct 2015 12:53:10 -0400
Subject: Containerization work by @sdodson

---
 roles/openshift_node/tasks/main.yml                | 102 ++++++++-------------
 .../openshift_node/tasks/storage_plugins/main.yml  |   5 +-
 2 files changed, 40 insertions(+), 67 deletions(-)

(limited to 'roles/openshift_node/tasks')

diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 8607aa3fb..67c6387a3 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -4,10 +4,6 @@
     msg: "SELinux is disabled, This deployment type requires that SELinux is enabled."
   when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise']
 
-- fail:
-    msg: "This playbook does not support using SDN on atomic hosts yet"
-  when: openshift.common.use_openshift_sdn and is_atomic
-
 - name: Set node facts
   openshift_facts:
     role: "{{ item.role }}"
@@ -37,16 +33,50 @@
       sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
       storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}"
       set_node_ip: "{{ openshift_set_node_ip | default(None) }}"
+      node_image: "{{ osn_image | default(None) }}"
+      ovs_image: "{{ osn_ovs_image | default(None) }}"
 
 # We have to add tuned-profiles in the same transaction otherwise we run into depsolving
-# problems because the rpms don't pin the version properly.
+# problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging.
 - name: Install Node package
   action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version  }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version  }} state=present"
-  when: not is_atomic
+  when: not openshift.common.is_containerized | bool
 
 - name: Install sdn-ovs package
   action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present"
-  when: openshift.common.use_openshift_sdn and not is_atomic
+  when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool
+
+- name: Install Node docker service file
+  template:
+    dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service"
+    src: openshift.docker.node.service
+  register: install_node_result
+  when: openshift.common.is_containerized | bool
+  
+- name: Create openshift.common.data_dir
+  file: 
+    path: openshift.common.data_dir
+    state: directory
+    mode: 0755
+    owner: root
+    group: root
+  when: openshift.common.is_containerized | bool
+
+- name: Install OpenvSwitch docker service file
+  template:
+    dest: "/etc/systemd/system/openvswitch.service"
+    src: openvswitch.docker.service
+  register: install_ovs_result
+  when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool
+
+- name: Reload systemd units
+  command: systemctl daemon-reload
+  when: openshift.common.is_containerized and ( ( install_node_result  | changed )
+    or ( install_ovs_result | changed ) )
+
+- name: Start and enable openvswitch docker service
+  service: name=openvswitch.service enabled=yes state=started
+  when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool
 
 # TODO: add the validate parameter when there is a validation command to run
 - name: Create the Node config
@@ -71,64 +101,6 @@
   notify:
   - restart node
 
-- stat: path=/etc/sysconfig/docker
-  register: docker_check
-
-  # TODO: Enable secure registry when code available in origin
-- name: Secure Registry and Logs Options
-  lineinfile:
-    dest: /etc/sysconfig/docker
-    regexp: '^OPTIONS=.*$'
-    line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \
-{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \
-{% if openshift.node.docker_log_driver is defined  %} --log-driver {{ openshift.node.docker_log_driver }}  {% endif %} \
-{% if openshift.node.docker_log_options is defined %}   {{ openshift.node.docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}  {% endif %} '"
-  when: docker_check.stat.isreg
-  notify:
-    - restart docker
-
-- set_fact:
-    docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries')
-                                      | oo_split() | union(['registry.access.redhat.com'])
-                                      | difference(['']) }}"
-  when: openshift.common.deployment_type in ['enterprise', 'openshift-enterprise', 'atomic-enterprise']
-- set_fact:
-    docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries')
-                                      | oo_split() | difference(['']) }}"
-  when: openshift.common.deployment_type not in ['enterprise', 'openshift-enterprise', 'atomic-enterprise']
-
-- name: Add personal registries
-  lineinfile:
-    dest: /etc/sysconfig/docker
-    regexp: '^ADD_REGISTRY=.*$'
-    line: "ADD_REGISTRY='{{ docker_additional_registries
-                            | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'"
-  when: docker_check.stat.isreg and docker_additional_registries
-  notify:
-    - restart docker
-
-- name: Block registries
-  lineinfile:
-    dest: /etc/sysconfig/docker
-    regexp: '^BLOCK_REGISTRY=.*$'
-    line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split()
-                              | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'"
-  when: docker_check.stat.isreg and
-        lookup('oo_option', 'docker_blocked_registries') != ''
-  notify:
-    - restart docker
-
-- name: Grant access to additional insecure registries
-  lineinfile:
-    dest: /etc/sysconfig/docker
-    regexp: '^INSECURE_REGISTRY=.*'
-    line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split()
-                              | oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'"
-  when: docker_check.stat.isreg and
-        lookup('oo_option', 'docker_insecure_registries') != ''
-  notify:
-    - restart docker
-
 - name: Additional storage plugin configuration
   include: storage_plugins/main.yml
 
diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml
index 39c7b9390..d237c26ec 100644
--- a/roles/openshift_node/tasks/storage_plugins/main.yml
+++ b/roles/openshift_node/tasks/storage_plugins/main.yml
@@ -3,11 +3,12 @@
 # additional package dependencies
 - name: NFS storage plugin configuration
   include: nfs.yml
+  when: not openshift.common.is_containerized | bool
 
 - name: GlusterFS storage plugin configuration
   include: glusterfs.yml
-  when: "'glusterfs' in openshift.node.storage_plugin_deps"
+  when: "'glusterfs' in openshift.node.storage_plugin_deps and not openshift.common.is_containerized | bool "
 
 - name: Ceph storage plugin configuration
   include: ceph.yml
-  when: "'ceph' in openshift.node.storage_plugin_deps"
+  when: "'ceph' in openshift.node.storage_plugin_deps and not openshift.common.is_containerized | bool"
-- 
cgit v1.2.3


From d3edce9c192c8d1eba572ba45ca25c06d0fbb830 Mon Sep 17 00:00:00 2001
From: Jason DeTiberus <jdetiber@redhat.com>
Date: Fri, 20 Nov 2015 22:23:43 -0500
Subject: pull docker images only if not already present

---
 roles/openshift_node/tasks/main.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'roles/openshift_node/tasks')

diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 67c6387a3..f77e0250d 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -46,6 +46,17 @@
   action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present"
   when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool
 
+- name: Get docker images
+  command: docker images
+  changed_when: false
+  when: openshift.common.is_containerized | bool
+  register: docker_images
+
+- name: Pull required docker image
+  command: >
+    docker pull {{ openshift.node.node_image }}
+  when: openshift.common.is_containerized | bool and openshift.node.node_image not in docker_images.stdout
+
 - name: Install Node docker service file
   template:
     dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service"
@@ -62,6 +73,11 @@
     group: root
   when: openshift.common.is_containerized | bool
 
+- name: Pull required docker image
+  command: >
+    docker pull {{ openshift.node.ovs_image }}
+  when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout
+
 - name: Install OpenvSwitch docker service file
   template:
     dest: "/etc/systemd/system/openvswitch.service"
-- 
cgit v1.2.3


From 3f2be7d987ccef8c4e157163dd9394ba6492a88c Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Wed, 2 Dec 2015 15:29:32 -0500
Subject: Move all docker config into openshift_docker to minimize docker
 restarts

---
 roles/openshift_node/tasks/main.yml | 2 --
 1 file changed, 2 deletions(-)

(limited to 'roles/openshift_node/tasks')

diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index f77e0250d..597d5566f 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -22,8 +22,6 @@
     local_facts:
       annotations: "{{ openshift_node_annotations | default(none) }}"
       debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}"
-      docker_log_driver:  "{{ lookup( 'oo_option' , 'docker_log_driver'  )  | default('',True) }}"
-      docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' )  | default('',True) }}"
       iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}"
       kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"
       labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}"
-- 
cgit v1.2.3


From afe0064e01d3f6f33f323ffea7aae0eaf00b9ac2 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Mon, 7 Dec 2015 10:24:20 -0500
Subject: Skip yum/dnf ops when is_containerized

---
 roles/openshift_node/tasks/main.yml                      | 13 ++-----------
 roles/openshift_node/tasks/storage_plugins/ceph.yml      |  3 ++-
 roles/openshift_node/tasks/storage_plugins/glusterfs.yml |  1 +
 3 files changed, 5 insertions(+), 12 deletions(-)

(limited to 'roles/openshift_node/tasks')

diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 597d5566f..11577dd8b 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -50,7 +50,7 @@
   when: openshift.common.is_containerized | bool
   register: docker_images
 
-- name: Pull required docker image
+- name: Pull node image
   command: >
     docker pull {{ openshift.node.node_image }}
   when: openshift.common.is_containerized | bool and openshift.node.node_image not in docker_images.stdout
@@ -61,17 +61,8 @@
     src: openshift.docker.node.service
   register: install_node_result
   when: openshift.common.is_containerized | bool
-  
-- name: Create openshift.common.data_dir
-  file: 
-    path: openshift.common.data_dir
-    state: directory
-    mode: 0755
-    owner: root
-    group: root
-  when: openshift.common.is_containerized | bool
 
-- name: Pull required docker image
+- name: Pull OpenvSwitch docker image
   command: >
     docker pull {{ openshift.node.ovs_image }}
   when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout
diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml
index 10d0990a0..119ad62ef 100644
--- a/roles/openshift_node/tasks/storage_plugins/ceph.yml
+++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml
@@ -1,3 +1,4 @@
 ---
 - name: Install Ceph storage plugin dependencies
-  action: "{{ ansible_pkg_mgr }} name=ceph-common state=present"
\ No newline at end of file
+  action: "{{ ansible_pkg_mgr }} name=ceph-common state=present"
+  when: not openshift.common.is_containerized | bool
\ No newline at end of file
diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
index 1080646ee..91ee77e7e 100644
--- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
@@ -1,6 +1,7 @@
 ---
 - name: Install GlusterFS storage plugin dependencies
   action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present"
+  when: not openshift.common.is_containerized | bool
 
 - name: Set sebooleans to allow gluster storage plugin access from containers
   seboolean:
-- 
cgit v1.2.3


From 48778f29f265380a3e6fa2e882621ebc3781736b Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Wed, 16 Dec 2015 14:14:42 -0500
Subject: Add some guards to wait for images to be pulled before moving on

---
 roles/openshift_node/tasks/main.yml | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

(limited to 'roles/openshift_node/tasks')

diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 11577dd8b..96383439c 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -54,6 +54,32 @@
   command: >
     docker pull {{ openshift.node.node_image }}
   when: openshift.common.is_containerized | bool and openshift.node.node_image not in docker_images.stdout
+  
+- name: Wait for node image
+  command: >
+      docker images
+  register: docker_images
+  until: openshift.node.node_image in docker_images.stdout
+  retries: 30
+  delay: 10
+  changed_when: false
+  when: openshift.common.is_containerized | bool
+    
+- name: Pull OpenVSwitch image
+  command: >
+    docker pull {{ openshift.node.ovs_image }}
+  when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout
+    and openshift.common.use_openshift_sdn | bool
+  
+- name: Wait for OpenVSwitch image
+  command: >
+      docker images
+  register: docker_images
+  until: openshift.node.ovs_image in docker_images.stdout
+  retries: 30
+  delay: 10
+  changed_when: false
+  when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool
 
 - name: Install Node docker service file
   template:
@@ -62,11 +88,6 @@
   register: install_node_result
   when: openshift.common.is_containerized | bool
 
-- name: Pull OpenvSwitch docker image
-  command: >
-    docker pull {{ openshift.node.ovs_image }}
-  when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout
-
 - name: Install OpenvSwitch docker service file
   template:
     dest: "/etc/systemd/system/openvswitch.service"
-- 
cgit v1.2.3