blob: e8cc499c019027b60f4be7caf8945f6e912c3a55 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
---
# TODO: allow for overriding default ports where possible
- fail:
msg: This role requres that osn_cluster_dns_domain is set
when: osn_cluster_dns_domain is not defined or not osn_cluster_dns_domain
- fail:
msg: This role requres that osn_cluster_dns_ip is set
when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip
- fail:
msg: "SELinux is disabled, This deployment type requires that SELinux is enabled."
when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online']
- name: Set node facts
openshift_facts:
role: "{{ item.role }}"
local_facts: "{{ item.local_facts }}"
with_items:
- role: common
local_facts:
hostname: "{{ openshift_hostname | default(none) }}"
public_hostname: "{{ openshift_public_hostname | default(none) }}"
deployment_type: "{{ openshift_deployment_type }}"
- role: node
local_facts:
labels: "{{ openshift_node_labels | default(none) }}"
annotations: "{{ openshift_node_annotations | default(none) }}"
registry_url: "{{ oreg_url | default(none) }}"
debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}"
portal_net: "{{ openshift_master_portal_net | default(None) }}"
kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"
sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}"
# We have to add tuned-profiles in the same transaction otherwise we run into depsolving
# problems because the rpms don't pin the version properly.
- name: Install Node package
yum: pkg={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present
register: node_install_result
- name: Install sdn-ovs package
yum: pkg={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present
register: sdn_install_result
when: openshift.common.use_openshift_sdn
# TODO: add the validate parameter when there is a validation command to run
- name: Create the Node config
template:
dest: "{{ openshift_node_config_file }}"
src: node.yaml.v1.j2
backup: true
notify:
- restart node
- name: Configure Node settings
lineinfile:
dest: /etc/sysconfig/{{ openshift.common.service_type }}-node
regexp: "{{ item.regex }}"
line: "{{ item.line }}"
with_items:
- regex: '^OPTIONS='
line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}"
- regex: '^CONFIG_FILE='
line: "CONFIG_FILE={{ openshift_node_config_file }}"
notify:
- restart node
- stat: path=/etc/sysconfig/docker
register: docker_check
# TODO: Enable secure registry when code available in origin
- name: Secure Registry
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^OPTIONS=.*$'
line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \
{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'"
when: docker_check.stat.isreg
notify:
- restart docker
- set_fact:
docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries')
| oo_split() | union(['registry.access.redhat.com'])
| difference(['']) }}"
when: openshift.common.deployment_type == 'enterprise'
- set_fact:
docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries')
| oo_split() | difference(['']) }}"
when: openshift.common.deployment_type != 'enterprise'
- name: Add personal registries
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^ADD_REGISTRY=.*$'
line: "ADD_REGISTRY='{{ docker_additional_registries
| oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'"
when: docker_check.stat.isreg and docker_additional_registries
notify:
- restart docker
- name: Block registries
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^BLOCK_REGISTRY=.*$'
line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split()
| oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'"
when: docker_check.stat.isreg and
lookup('oo_option', 'docker_blocked_registries') != ''
notify:
- restart docker
- name: Grant access to additional insecure registries
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^INSECURE_REGISTRY=.*'
line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split()
| oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'"
when: docker_check.stat.isreg and
lookup('oo_option', 'docker_insecure_registries') != ''
notify:
- restart docker
- name: Allow NFS access for VMs
seboolean: name=virt_use_nfs state=yes persistent=yes
when: ansible_selinux and ansible_selinux.status == "enabled"
- name: Start and enable node
service: name={{ openshift.common.service_type }}-node enabled=yes state=started
register: start_result
- name: pause to prevent service restart from interfering with bootstrapping
pause: seconds=30
when: start_result | changed
|