blob: 18f0ce064246fbe8ac30b5f19d828cabe0e3a737 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
---
# TODO: allow for overriding default ports where possible
- fail:
msg: This role requres that osn_cluster_dns_domain is set
when: osn_cluster_dns_domain is not defined or not osn_cluster_dns_domain
- fail:
msg: This role requres that osn_cluster_dns_ip is set
when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip
- fail:
msg: "SELinux is disabled, This deployment type requires that SELinux is enabled."
when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online']
- name: Install OpenShift Node package
yum: pkg=openshift-node state=present
register: node_install_result
- name: Install openshift-sdn-ovs
yum: pkg=openshift-sdn-ovs state=present
register: sdn_install_result
when: openshift.common.use_openshift_sdn
- name: Set node OpenShift facts
openshift_facts:
role: "{{ item.role }}"
local_facts: "{{ item.local_facts }}"
with_items:
- role: common
local_facts:
hostname: "{{ openshift_hostname | default(none) }}"
public_hostname: "{{ openshift_public_hostname | default(none) }}"
deployment_type: "{{ openshift_deployment_type }}"
- role: node
local_facts:
labels: "{{ openshift_node_labels | default(none) }}"
annotations: "{{ openshift_node_annotations | default(none) }}"
registry_url: "{{ oreg_url | default(none) }}"
debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}"
portal_net: "{{ openshift_master_portal_net | default(None) }}"
kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"
# TODO: add the validate parameter when there is a validation command to run
- name: Create the Node config
template:
dest: "{{ openshift_node_config_file }}"
src: node.yaml.v1.j2
notify:
- restart openshift-node
- name: Configure OpenShift Node settings
lineinfile:
dest: /etc/sysconfig/openshift-node
regexp: "{{ item.regex }}"
line: "{{ item.line }}"
with_items:
- regex: '^OPTIONS='
line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}"
- regex: '^CONFIG_FILE='
line: "CONFIG_FILE={{ openshift_node_config_file }}"
notify:
- restart openshift-node
- stat: path=/etc/sysconfig/docker
register: docker_check
# TODO: Enable secure registry when code available in origin
- name: Secure OpenShift Registry
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^OPTIONS=.*'
line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \
{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'"
when: docker_check.stat.isreg
notify:
- restart docker
- set_fact:
docker_additional_registries: "registry.access.redhat.com,{{ lookup('oo_option', 'docker_additional_registries') }}"
when: deployment_type == 'enterprise'
- set_fact:
docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}"
when: deployment_type != 'enterprise'
- name: Add personal registries
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^ADD_REGISTRY=.*'
line: "ADD_REGISTRY='{{ docker_additional_registries | oo_split()
| oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'"
when: docker_check.stat.isreg and
docker_additional_registries != ''
notify:
- restart docker
- name: Block registries
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^BLOCK_REGISTRY=.*'
line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split()
| oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'"
when: docker_check.stat.isreg and
lookup('oo_option', 'docker_blocked_registries') != ''
notify:
- restart docker
- name: Grant access to additional insecure registries
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^INSECURE_REGISTRY=.*'
line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split()
| oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'"
when: docker_check.stat.isreg and
lookup('oo_option', 'docker_insecure_registries') != ''
notify:
- restart docker
- name: Allow NFS access for VMs
seboolean: name=virt_use_nfs state=yes persistent=yes
when: ansible_selinux and ansible_selinux.status == "enabled"
- name: Start and enable openshift-node
service: name=openshift-node enabled=yes state=started
register: start_result
- name: pause to prevent service restart from interfering with bootstrapping
pause: seconds=30
when: start_result | changed
|