From a0b6fc7db1be2cf6190d982f90e96f4c39a4c699 Mon Sep 17 00:00:00 2001 From: Tobias Florek <tob@butter.sh> Date: Wed, 23 Sep 2015 13:51:41 +0200 Subject: Initial containerization work from @ibotty copied from https://github.com/eparis/kubernetes-ansible/blob/17f98edd7ff53e649b43e26822b8fbc0be42b233/roles/common/tasks/main.yml --- roles/openshift_node/tasks/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 38bffc2e5..8607aa3fb 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -4,6 +4,10 @@ msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] +- fail: + msg: "This playbook does not support using SDN on atomic hosts yet" + when: openshift.common.use_openshift_sdn and is_atomic + - name: Set node facts openshift_facts: role: "{{ item.role }}" @@ -38,10 +42,11 @@ # problems because the rpms don't pin the version properly. - name: Install Node package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present" + when: not is_atomic - name: Install sdn-ovs package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present" - when: openshift.common.use_openshift_sdn + when: openshift.common.use_openshift_sdn and not is_atomic # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -57,6 +62,7 @@ dest: /etc/sysconfig/{{ openshift.common.service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" + create: true with_items: - regex: '^OPTIONS=' line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}" -- cgit v1.2.3 From 8e7c5c970b8adc83fd6d5cad115f4edb06b36d98 Mon Sep 17 00:00:00 2001 From: Scott Dodson <sdodson@redhat.com> Date: Mon, 5 Oct 2015 12:53:10 -0400 Subject: Containerization work by @sdodson --- roles/openshift_node/tasks/main.yml | 102 ++++++++------------- .../openshift_node/tasks/storage_plugins/main.yml | 5 +- 2 files changed, 40 insertions(+), 67 deletions(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 8607aa3fb..67c6387a3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -4,10 +4,6 @@ msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] -- fail: - msg: "This playbook does not support using SDN on atomic hosts yet" - when: openshift.common.use_openshift_sdn and is_atomic - - name: Set node facts openshift_facts: role: "{{ item.role }}" @@ -37,16 +33,50 @@ sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" set_node_ip: "{{ openshift_set_node_ip | default(None) }}" + node_image: "{{ osn_image | default(None) }}" + ovs_image: "{{ osn_ovs_image | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving -# problems because the rpms don't pin the version properly. +# problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging. - name: Install Node package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present" - when: not is_atomic + when: not openshift.common.is_containerized | bool - name: Install sdn-ovs package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present" - when: openshift.common.use_openshift_sdn and not is_atomic + when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool + +- name: Install Node docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" + src: openshift.docker.node.service + register: install_node_result + when: openshift.common.is_containerized | bool + +- name: Create openshift.common.data_dir + file: + path: openshift.common.data_dir + state: directory + mode: 0755 + owner: root + group: root + when: openshift.common.is_containerized | bool + +- name: Install OpenvSwitch docker service file + template: + dest: "/etc/systemd/system/openvswitch.service" + src: openvswitch.docker.service + register: install_ovs_result + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool + +- name: Reload systemd units + command: systemctl daemon-reload + when: openshift.common.is_containerized and ( ( install_node_result | changed ) + or ( install_ovs_result | changed ) ) + +- name: Start and enable openvswitch docker service + service: name=openvswitch.service enabled=yes state=started + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -71,64 +101,6 @@ notify: - restart node -- stat: path=/etc/sysconfig/docker - register: docker_check - - # TODO: Enable secure registry when code available in origin -- name: Secure Registry and Logs Options - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^OPTIONS=.*$' - line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ -{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \ -{% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }} {% endif %} \ -{% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '" - when: docker_check.stat.isreg - notify: - - restart docker - -- set_fact: - docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') - | oo_split() | union(['registry.access.redhat.com']) - | difference(['']) }}" - when: openshift.common.deployment_type in ['enterprise', 'openshift-enterprise', 'atomic-enterprise'] -- set_fact: - docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') - | oo_split() | difference(['']) }}" - when: openshift.common.deployment_type not in ['enterprise', 'openshift-enterprise', 'atomic-enterprise'] - -- name: Add personal registries - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^ADD_REGISTRY=.*$' - line: "ADD_REGISTRY='{{ docker_additional_registries - | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'" - when: docker_check.stat.isreg and docker_additional_registries - notify: - - restart docker - -- name: Block registries - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^BLOCK_REGISTRY=.*$' - line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split() - | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'" - when: docker_check.stat.isreg and - lookup('oo_option', 'docker_blocked_registries') != '' - notify: - - restart docker - -- name: Grant access to additional insecure registries - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^INSECURE_REGISTRY=.*' - line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split() - | oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'" - when: docker_check.stat.isreg and - lookup('oo_option', 'docker_insecure_registries') != '' - notify: - - restart docker - - name: Additional storage plugin configuration include: storage_plugins/main.yml diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml index 39c7b9390..d237c26ec 100644 --- a/roles/openshift_node/tasks/storage_plugins/main.yml +++ b/roles/openshift_node/tasks/storage_plugins/main.yml @@ -3,11 +3,12 @@ # additional package dependencies - name: NFS storage plugin configuration include: nfs.yml + when: not openshift.common.is_containerized | bool - name: GlusterFS storage plugin configuration include: glusterfs.yml - when: "'glusterfs' in openshift.node.storage_plugin_deps" + when: "'glusterfs' in openshift.node.storage_plugin_deps and not openshift.common.is_containerized | bool " - name: Ceph storage plugin configuration include: ceph.yml - when: "'ceph' in openshift.node.storage_plugin_deps" + when: "'ceph' in openshift.node.storage_plugin_deps and not openshift.common.is_containerized | bool" -- cgit v1.2.3 From d3edce9c192c8d1eba572ba45ca25c06d0fbb830 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus <jdetiber@redhat.com> Date: Fri, 20 Nov 2015 22:23:43 -0500 Subject: pull docker images only if not already present --- roles/openshift_node/tasks/main.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 67c6387a3..f77e0250d 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -46,6 +46,17 @@ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present" when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool +- name: Get docker images + command: docker images + changed_when: false + when: openshift.common.is_containerized | bool + register: docker_images + +- name: Pull required docker image + command: > + docker pull {{ openshift.node.node_image }} + when: openshift.common.is_containerized | bool and openshift.node.node_image not in docker_images.stdout + - name: Install Node docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" @@ -62,6 +73,11 @@ group: root when: openshift.common.is_containerized | bool +- name: Pull required docker image + command: > + docker pull {{ openshift.node.ovs_image }} + when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout + - name: Install OpenvSwitch docker service file template: dest: "/etc/systemd/system/openvswitch.service" -- cgit v1.2.3 From 3f2be7d987ccef8c4e157163dd9394ba6492a88c Mon Sep 17 00:00:00 2001 From: Scott Dodson <sdodson@redhat.com> Date: Wed, 2 Dec 2015 15:29:32 -0500 Subject: Move all docker config into openshift_docker to minimize docker restarts --- roles/openshift_node/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index f77e0250d..597d5566f 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -22,8 +22,6 @@ local_facts: annotations: "{{ openshift_node_annotations | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" - docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" - docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" -- cgit v1.2.3 From afe0064e01d3f6f33f323ffea7aae0eaf00b9ac2 Mon Sep 17 00:00:00 2001 From: Scott Dodson <sdodson@redhat.com> Date: Mon, 7 Dec 2015 10:24:20 -0500 Subject: Skip yum/dnf ops when is_containerized --- roles/openshift_node/tasks/main.yml | 13 ++----------- roles/openshift_node/tasks/storage_plugins/ceph.yml | 3 ++- roles/openshift_node/tasks/storage_plugins/glusterfs.yml | 1 + 3 files changed, 5 insertions(+), 12 deletions(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 597d5566f..11577dd8b 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -50,7 +50,7 @@ when: openshift.common.is_containerized | bool register: docker_images -- name: Pull required docker image +- name: Pull node image command: > docker pull {{ openshift.node.node_image }} when: openshift.common.is_containerized | bool and openshift.node.node_image not in docker_images.stdout @@ -61,17 +61,8 @@ src: openshift.docker.node.service register: install_node_result when: openshift.common.is_containerized | bool - -- name: Create openshift.common.data_dir - file: - path: openshift.common.data_dir - state: directory - mode: 0755 - owner: root - group: root - when: openshift.common.is_containerized | bool -- name: Pull required docker image +- name: Pull OpenvSwitch docker image command: > docker pull {{ openshift.node.ovs_image }} when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml index 10d0990a0..119ad62ef 100644 --- a/roles/openshift_node/tasks/storage_plugins/ceph.yml +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -1,3 +1,4 @@ --- - name: Install Ceph storage plugin dependencies - action: "{{ ansible_pkg_mgr }} name=ceph-common state=present" \ No newline at end of file + action: "{{ ansible_pkg_mgr }} name=ceph-common state=present" + when: not openshift.common.is_containerized | bool \ No newline at end of file diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index 1080646ee..91ee77e7e 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -1,6 +1,7 @@ --- - name: Install GlusterFS storage plugin dependencies action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present" + when: not openshift.common.is_containerized | bool - name: Set sebooleans to allow gluster storage plugin access from containers seboolean: -- cgit v1.2.3 From 48778f29f265380a3e6fa2e882621ebc3781736b Mon Sep 17 00:00:00 2001 From: Scott Dodson <sdodson@redhat.com> Date: Wed, 16 Dec 2015 14:14:42 -0500 Subject: Add some guards to wait for images to be pulled before moving on --- roles/openshift_node/tasks/main.yml | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 11577dd8b..96383439c 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -54,6 +54,32 @@ command: > docker pull {{ openshift.node.node_image }} when: openshift.common.is_containerized | bool and openshift.node.node_image not in docker_images.stdout + +- name: Wait for node image + command: > + docker images + register: docker_images + until: openshift.node.node_image in docker_images.stdout + retries: 30 + delay: 10 + changed_when: false + when: openshift.common.is_containerized | bool + +- name: Pull OpenVSwitch image + command: > + docker pull {{ openshift.node.ovs_image }} + when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout + and openshift.common.use_openshift_sdn | bool + +- name: Wait for OpenVSwitch image + command: > + docker images + register: docker_images + until: openshift.node.ovs_image in docker_images.stdout + retries: 30 + delay: 10 + changed_when: false + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool - name: Install Node docker service file template: @@ -62,11 +88,6 @@ register: install_node_result when: openshift.common.is_containerized | bool -- name: Pull OpenvSwitch docker image - command: > - docker pull {{ openshift.node.ovs_image }} - when: openshift.common.is_containerized | bool and openshift.node.ovs_image not in docker_images.stdout - - name: Install OpenvSwitch docker service file template: dest: "/etc/systemd/system/openvswitch.service" -- cgit v1.2.3