summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--filter_plugins/oo_filters.py2
-rw-r--r--inventory/byo/hosts.example53
-rw-r--r--playbooks/common/openshift-cluster/config.yml10
-rw-r--r--playbooks/common/openshift-cluster/evaluate_groups.yml8
-rw-r--r--playbooks/common/openshift-master/config.yml54
-rw-r--r--playbooks/gce/openshift-cluster/join_node.yml2
-rw-r--r--roles/openshift_common/vars/main.yml2
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py39
-rw-r--r--roles/openshift_master/handlers/main.yml4
-rw-r--r--roles/openshift_master/tasks/main.yml75
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master-api.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-api)2
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master-api.service.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-api.service)8
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master-controllers.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-controllers)2
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2 (renamed from roles/openshift_master/files/atomic-openshift-master-controllers.service)12
-rw-r--r--roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j27
-rw-r--r--roles/openshift_master/vars/main.yml1
-rw-r--r--roles/openshift_master_cluster/tasks/configure_deferred.yml8
-rw-r--r--roles/openshift_master_cluster/tasks/main.yml5
-rw-r--r--roles/openshift_node/meta/main.yml1
-rw-r--r--roles/openshift_node/tasks/main.yml1
-rw-r--r--roles/openshift_repos/tasks/main.yaml2
21 files changed, 196 insertions, 102 deletions
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index 4e4f7507c..f494c0ae5 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -422,6 +422,6 @@ class FilterModule(object):
"oo_split": self.oo_split,
"oo_filter_list": self.oo_filter_list,
"oo_parse_heat_stack_outputs": self.oo_parse_heat_stack_outputs,
- "oo_parse_certificate_names": self.oo_parse_certificate_names
+ "oo_parse_certificate_names": self.oo_parse_certificate_names,
"oo_haproxy_backend_masters": self.oo_haproxy_backend_masters
}
diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example
index d6c9c3ab6..11f076a8a 100644
--- a/inventory/byo/hosts.example
+++ b/inventory/byo/hosts.example
@@ -21,6 +21,9 @@ ansible_ssh_user=root
# deployment type valid values are origin, online and enterprise
deployment_type=atomic-enterprise
+# Enable cluster metrics
+#use_cluster_metrics=true
+
# Pre-release registry URL
#oreg_url=example.com/openshift3/ose-${component}:${version}
@@ -55,27 +58,27 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Set cockpit plugins
#osm_cockpit_plugins=['cockpit-kubernetes']
-# master cluster ha variables using pacemaker or RHEL HA
-#openshift_master_cluster_password=openshift_cluster
-#openshift_master_cluster_vip=192.168.133.25
-#openshift_master_cluster_public_vip=192.168.133.25
+# Native high availbility cluster method with optional load balancer.
+# If no lb group is defined installer assumes that a load balancer has
+# been preconfigured. For installation the value of
+# openshift_master_cluster_hostname must resolve to the load balancer
+# or to one or all of the masters defined in the inventory if no load
+# balancer is present.
+#openshift_master_cluster_method=native
#openshift_master_cluster_hostname=openshift-ansible.test.example.com
#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com
-# master cluster ha variables when using a different HA solution
-# For installation the value of openshift_master_cluster_hostname must resolve
-# to the first master defined in the inventory.
-# The HA solution must be manually configured after installation and must ensure
-# that the master is running on a single master host.
+# Pacemaker high availability cluster method.
+# Pacemaker HA environment must be able to self provision the
+# configured VIP. For installation openshift_master_cluster_hostname
+# must resolve to the configured VIP.
+#openshift_master_cluster_method=pacemaker
+#openshift_master_cluster_password=openshift_cluster
+#openshift_master_cluster_vip=192.168.133.25
+#openshift_master_cluster_public_vip=192.168.133.25
#openshift_master_cluster_hostname=openshift-ansible.test.example.com
#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com
-#openshift_master_cluster_defer_ha=True
-# Native clustering with haproxy as an optional load balancer
-#openshift_master_cluster_hostname=openshift-ansible.test.example.com
-#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com
-#openshift_master_cluster_vip=192.168.133.25
-#openshift_master_cluster_public_vip=192.168.133.25
# Override the default controller lease ttl
#osm_controller_lease_ttl=30
@@ -110,6 +113,22 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Detected names may be overridden by specifying the "names" key
#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"]}]
+# Session options
+#openshift_master_session_name=ssn
+#openshift_master_session_max_seconds=3600
+
+# An authentication and encryption secret will be generated if secrets
+# are not provided. If provided, openshift_master_session_auth_secrets
+# and openshift_master_encryption_secrets must be equal length.
+#
+# Signing secrets, used to authenticate sessions using
+# HMAC. Recommended to use secrets with 32 or 64 bytes.
+#openshift_master_session_auth_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO']
+#
+# Encrypting secrets, used to encrypt sessions. Must be 16, 24, or 32
+# characters long, to select AES-128, AES-192, or AES-256.
+#openshift_master_session_encryption_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO']
+
# host group for masters
[masters]
ose3-master[1:3]-ansible.test.example.com
@@ -120,7 +139,9 @@ ose3-etcd[1:3]-ansible.test.example.com
[lb]
ose3-lb-ansible.test.example.com
-# host group for nodes
+# NOTE: Currently we require that masters be part of the SDN which requires that they also be nodes
+# However, in order to ensure that your masters are not burdened with running pods you should
+# make them unschedulable by adding openshift_scheduleable=False any node that's also a master.
[nodes]
ose3-master[1:3]-ansible.test.example.com
ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}"
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index b66ca4709..a8bd634d3 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -1,14 +1,6 @@
---
- include: evaluate_groups.yml
- - name: Evaluate oo_lb_to_config
- add_host:
- name: "{{ item }}"
- groups: oo_lb_to_config
- ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
- ansible_sudo: "{{ g_sudo | default(omit) }}"
- with_items: groups[g_lb_group] | default(groups[g_masters_group]) | default([])
-
- include: ../openshift-etcd/config.yml
- include: ../openshift-master/config.yml
@@ -16,4 +8,4 @@
- include: ../openshift-node/config.yml
vars:
osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}"
- osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}"
+ osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].cluster_dns_ip }}"
diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml
index 1919660dd..a787ba0d3 100644
--- a/playbooks/common/openshift-cluster/evaluate_groups.yml
+++ b/playbooks/common/openshift-cluster/evaluate_groups.yml
@@ -62,3 +62,11 @@
ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
ansible_sudo: "{{ g_sudo | default(omit) }}"
when: g_masters_group in groups and (groups[g_masters_group] | length) > 0
+
+ - name: Evaluate oo_lb_to_config
+ add_host:
+ name: "{{ item }}"
+ groups: oo_lb_to_config
+ ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
+ ansible_sudo: "{{ g_sudo | default(omit) }}"
+ with_items: groups[g_lb_group] | default([])
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index d1aa9c85c..64376040f 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -46,7 +46,6 @@
public_api_url: "{{ openshift_master_public_api_url | default(None) }}"
cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"
- cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}"
console_path: "{{ openshift_master_console_path | default(None) }}"
console_port: "{{ openshift_master_console_port | default(None) }}"
console_url: "{{ openshift_master_console_url | default(None) }}"
@@ -244,6 +243,35 @@
- role: haproxy
when: groups.oo_masters_to_config | length > 1
+- name: Generate master session keys
+ hosts: oo_first_master
+ tasks:
+ - fail:
+ msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set"
+ when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined)
+ - fail:
+ msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length"
+ when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length)
+ - name: Generate session authentication key
+ command: /usr/bin/openssl rand -base64 24
+ register: session_auth_output
+ with_sequence: count=1
+ when: openshift_master_session_auth_secrets is undefined
+ - name: Generate session encryption key
+ command: /usr/bin/openssl rand -base64 24
+ register: session_encryption_output
+ with_sequence: count=1
+ when: openshift_master_session_encryption_secrets is undefined
+ - set_fact:
+ session_auth_secret: "{{ openshift_master_session_auth_secrets
+ | default(session_auth_output.results
+ | map(attribute='stdout')
+ | list) }}"
+ session_encryption_secret: "{{ openshift_master_session_encryption_secrets
+ | default(session_encryption_output.results
+ | map(attribute='stdout')
+ | list) }}"
+
- name: Configure master instances
hosts: oo_masters_to_config
serial: 1
@@ -252,6 +280,8 @@
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
openshift_master_count: "{{ groups.oo_masters_to_config | length }}"
+ openshift_master_session_auth_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_auth_secret'] }}"
+ openshift_master_session_encryption_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_encryption_secret'] }}"
pre_tasks:
- name: Ensure certificate directory exists
file:
@@ -276,15 +306,29 @@
- name: Additional master configuration
hosts: oo_first_master
vars:
- #openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
- # omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}"
+ openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
+ omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}"
roles:
-# - role: openshift_master_cluster
-# when: openshift_master_ha | bool
+ - role: openshift_master_cluster
+ when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker"
- openshift_examples
- role: openshift_cluster_metrics
when: openshift.common.use_cluster_metrics | bool
+- name: Determine cluster dns ip
+ hosts: oo_first_master
+ tasks:
+ - name: Get master service ip
+ command: "{{ openshift.common.client_binary }} get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}"
+ register: master_service_ip_output
+ when: openshift.common.version_greater_than_3_1_or_1_1 | bool
+ - set_fact:
+ cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}"
+ when: not openshift.common.version_greater_than_3_1_or_1_1 | bool
+ - set_fact:
+ cluster_dns_ip: "{{ master_service_ip_output.stdout }}"
+ when: openshift.common.version_greater_than_3_1_or_1_1 | bool
+
- name: Enable cockpit
hosts: oo_first_master
vars:
diff --git a/playbooks/gce/openshift-cluster/join_node.yml b/playbooks/gce/openshift-cluster/join_node.yml
index 0dfa3e9d7..c8f6065cd 100644
--- a/playbooks/gce/openshift-cluster/join_node.yml
+++ b/playbooks/gce/openshift-cluster/join_node.yml
@@ -46,4 +46,4 @@
openshift_node_labels: "{{ lookup('oo_option', 'openshift_node_labels') }} "
os_sdn_network_plugin_name: "redhat/openshift-ovs-subnet"
osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}"
- osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}"
+ osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].cluster_dns_ip }}"
diff --git a/roles/openshift_common/vars/main.yml b/roles/openshift_common/vars/main.yml
index 817fe0a5f..50816d319 100644
--- a/roles/openshift_common/vars/main.yml
+++ b/roles/openshift_common/vars/main.yml
@@ -5,5 +5,3 @@
# chains with the public zone (or the zone associated with the correct
# interfaces)
os_firewall_use_firewalld: False
-
-openshift_data_dir: /var/lib/origin
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 41c7ff1de..ae5d99121 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -540,7 +540,7 @@ def set_deployment_facts_if_unset(facts):
if 'service_type' not in facts['common']:
service_type = 'atomic-openshift'
if deployment_type == 'origin':
- service_type = 'openshift'
+ service_type = 'origin'
elif deployment_type in ['enterprise', 'online']:
service_type = 'openshift'
facts['common']['service_type'] = service_type
@@ -548,23 +548,10 @@ def set_deployment_facts_if_unset(facts):
config_base = '/etc/origin'
if deployment_type in ['enterprise', 'online']:
config_base = '/etc/openshift'
- elif deployment_type == 'origin':
- config_base = '/etc/openshift'
facts['common']['config_base'] = config_base
if 'data_dir' not in facts['common']:
data_dir = '/var/lib/origin'
- if deployment_type in ['enterprise', 'online']:
- data_dir = '/var/lib/openshift'
facts['common']['data_dir'] = data_dir
- facts['common']['version'] = version = get_openshift_version()
- if version is not None:
- if deployment_type == 'origin':
- version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('1.0.6')
- else:
- version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('3.0.2.900')
- else:
- version_gt_3_1_or_1_1 = True
- facts['common']['version_greater_than_3_1_or_1_1'] = version_gt_3_1_or_1_1
for role in ('master', 'node'):
if role in facts:
@@ -598,6 +585,27 @@ def set_deployment_facts_if_unset(facts):
return facts
+def set_version_facts_if_unset(facts):
+ """ Set version facts. This currently includes common.version and
+ common.version_greater_than_3_1_or_1_1.
+
+ Args:
+ facts (dict): existing facts
+ Returns:
+ dict: the facts dict updated with version facts.
+ """
+ if 'common' in facts:
+ deployment_type = facts['common']['deployment_type']
+ facts['common']['version'] = version = get_openshift_version()
+ if version is not None:
+ if deployment_type == 'origin':
+ version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('1.0.6')
+ else:
+ version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('3.0.2.900')
+ else:
+ version_gt_3_1_or_1_1 = True
+ facts['common']['version_greater_than_3_1_or_1_1'] = version_gt_3_1_or_1_1
+ return facts
def set_sdn_facts_if_unset(facts):
""" Set sdn facts if not already present in facts dict
@@ -897,6 +905,7 @@ class OpenShiftFacts(object):
facts = set_identity_providers_if_unset(facts)
facts = set_sdn_facts_if_unset(facts)
facts = set_deployment_facts_if_unset(facts)
+ facts = set_version_facts_if_unset(facts)
facts = set_aggregate_facts(facts)
return dict(openshift=facts)
@@ -936,7 +945,7 @@ class OpenShiftFacts(object):
session_name='ssn', session_secrets_file='',
access_token_max_seconds=86400,
auth_token_max_seconds=500,
- oauth_grant_method='auto', cluster_defer_ha=False)
+ oauth_grant_method='auto')
defaults['master'] = master
if 'node' in roles:
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml
index ad3ac5a9f..4b9500cbd 100644
--- a/roles/openshift_master/handlers/main.yml
+++ b/roles/openshift_master/handlers/main.yml
@@ -5,10 +5,10 @@
- name: restart master api
service: name={{ openshift.common.service_type }}-master-api state=restarted
- when: openshift_master_ha | bool
+ when: (openshift_master_ha | bool) and (not master_api_service_status_changed | default(false)) and openshift.master.cluster_method == 'native'
# TODO: need to fix up ignore_errors here
- name: restart master controllers
service: name={{ openshift.common.service_type }}-master-controllers state=restarted
- when: openshift_master_ha | bool
+ when: (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and openshift.master.cluster_method == 'native'
ignore_errors: yes
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 290f22358..be77fce4a 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -8,17 +8,23 @@
- openshift_master_oauth_grant_method in openshift_master_valid_grant_methods
when: openshift_master_oauth_grant_method is defined
-#- fail:
-# msg: "openshift_master_cluster_password must be set for multi-master installations"
-# when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool and openshift_master_cluster_password is not defined
+- fail:
+ msg: "openshift_master_cluster_method must be set to either 'native' or 'pacemaker' for multi-master installations"
+ when: openshift_master_ha | bool and ((openshift_master_cluster_method is not defined) or (openshift_master_cluster_method is defined and openshift_master_cluster_method not in ["native", "pacemaker"]))
+- fail:
+ msg: "'native' high availability is not supported for the requested OpenShift version"
+ when: openshift_master_ha | bool and openshift_master_cluster_method == "native" and not openshift.common.version_greater_than_3_1_or_1_1 | bool
+- fail:
+ msg: "openshift_master_cluster_password must be set for multi-master installations"
+ when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password)
- name: Set master facts
openshift_facts:
role: master
local_facts:
+ cluster_method: "{{ openshift_master_cluster_method | default(None) }}"
cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"
- cluster_defer_ha: "{{ openshift_master_cluster_defer_ha | default(None) }}"
debug_level: "{{ openshift_master_debug_level | default(openshift.common.debug_level) }}"
api_port: "{{ openshift_master_api_port | default(None) }}"
api_url: "{{ openshift_master_api_url | default(None) }}"
@@ -41,6 +47,8 @@
portal_net: "{{ openshift_master_portal_net | default(None) }}"
session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}"
session_name: "{{ openshift_master_session_name | default(None) }}"
+ session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(None) }}"
+ session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(None) }}"
session_secrets_file: "{{ openshift_master_session_secrets_file | default(None) }}"
access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}"
auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}"
@@ -67,7 +75,7 @@
controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}"
- name: Install Master package
- yum: pkg={{ openshift.common.service_type }}-master state=present
+ yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present
register: install_result
# TODO: These values need to be configurable
@@ -79,7 +87,7 @@
domain: cluster.local
when: openshift.master.embedded_dns
-- name: Create config parent directory if it doesn't exist
+- name: Create config parent directory if it does not exist
file:
path: "{{ openshift_master_config_dir }}"
state: directory
@@ -128,28 +136,37 @@
# workaround for missing systemd unit files for controllers/api
- name: Create the api service file
- copy:
- src: atomic-openshift-master-api.service
- dest: /usr/lib/systemd/system/atomic-openshift-master-api.service
+ template:
+ src: atomic-openshift-master-api.service.j2
+ dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-api.service
force: no
- name: Create the controllers service file
- copy:
- src: atomic-openshift-master-controllers.service
- dest: /usr/lib/systemd/system/atomic-openshift-master-controllers.service
+ template:
+ src: atomic-openshift-master-controllers.service.j2
+ dest: /usr/lib/systemd/system/{{ openshift.common.service_type }}-master-controllers.service
force: no
- name: Create the api env file
- copy:
- src: atomic-openshift-master-api
- dest: /etc/sysconfig/atomic-openshift-master-api
+ template:
+ src: atomic-openshift-master-api.j2
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
force: no
- name: Create the controllers env file
- copy:
- src: atomic-openshift-master-controllers
- dest: /etc/sysconfig/atomic-openshift-master-controllers
+ template:
+ src: atomic-openshift-master-controllers.j2
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
force: no
- command: systemctl daemon-reload
# end workaround for missing systemd unit files
+- name: Create session secrets file
+ template:
+ dest: "{{ openshift.master.session_secrets_file }}"
+ src: sessionSecretsFile.yaml.v1.j2
+ force: no
+ notify:
+ - restart master
+ - restart master api
+
# TODO: add the validate parameter when there is a validation command to run
- name: Create master config
template:
@@ -166,6 +183,7 @@
dest: /etc/sysconfig/{{ openshift.common.service_type }}-master
regexp: "{{ item.regex }}"
line: "{{ item.line }}"
+ create: yes
with_items:
- regex: '^OPTIONS='
line: "OPTIONS=--loglevel={{ openshift.master.debug_level }}"
@@ -205,34 +223,39 @@
when: not openshift_master_ha | bool
register: start_result
+- set_fact:
+ master_service_status_changed = start_result | changed
+ when: not openshift_master_ha | bool
+
- name: Start and enable master api
service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started
- when: openshift_master_ha | bool
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
register: start_result
-- name: pause to prevent service restart from interfering with bootstrapping
- pause: seconds=30
- when: openshift_master_ha | bool
+- set_fact:
+ master_api_service_status_changed = start_result | changed
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
# TODO: fix the ugly workaround of setting ignore_errors
# the controllers service tries to start even if it is already started
- name: Start and enable master controller
service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started
- when: openshift_master_ha | bool
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
register: start_result
ignore_errors: yes
- set_fact:
- master_service_status_changed = start_result | changed
+ master_controllers_service_status_changed = start_result | changed
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
- name: Install cluster packages
yum: pkg=pcs state=present
- when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker'
register: install_result
- name: Start and enable cluster service
service: name=pcsd enabled=yes state=started
- when: openshift_master_ha | bool and not openshift.master.cluster_defer_ha | bool
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker'
- name: Set the cluster user password
shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster
diff --git a/roles/openshift_master/files/atomic-openshift-master-api b/roles/openshift_master/templates/atomic-openshift-master-api.j2
index ea82468a0..205934248 100644
--- a/roles/openshift_master/files/atomic-openshift-master-api
+++ b/roles/openshift_master/templates/atomic-openshift-master-api.j2
@@ -1,5 +1,5 @@
OPTIONS=
-CONFIG_FILE=/etc/origin/master/master-config.yaml
+CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml
# Proxy configuration
# Origin uses standard HTTP_PROXY environment variables. Be sure to set
diff --git a/roles/openshift_master/files/atomic-openshift-master-api.service b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2
index 4663b77f2..ba19fb348 100644
--- a/roles/openshift_master/files/atomic-openshift-master-api.service
+++ b/roles/openshift_master/templates/atomic-openshift-master-api.service.j2
@@ -3,19 +3,19 @@ Description=Atomic OpenShift Master API
Documentation=https://github.com/openshift/origin
After=network.target
After=etcd.service
-Before=atomic-openshift-node.service
+Before={{ openshift.common.service_type }}-node.service
Requires=network.target
[Service]
Type=notify
-EnvironmentFile=/etc/sysconfig/atomic-openshift-master-api
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/openshift start master api --config=${CONFIG_FILE} $OPTIONS
LimitNOFILE=131072
LimitCORE=infinity
-WorkingDirectory=/var/lib/origin/
+WorkingDirectory={{ openshift.common.data_dir }}
SyslogIdentifier=atomic-openshift-master-api
[Install]
WantedBy=multi-user.target
-WantedBy=atomic-openshift-node.service
+WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2
index ea82468a0..205934248 100644
--- a/roles/openshift_master/files/atomic-openshift-master-controllers
+++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.j2
@@ -1,5 +1,5 @@
OPTIONS=
-CONFIG_FILE=/etc/origin/master/master-config.yaml
+CONFIG_FILE={{ openshift_master_config_dir }}/master-config.yaml
# Proxy configuration
# Origin uses standard HTTP_PROXY environment variables. Be sure to set
diff --git a/roles/openshift_master/files/atomic-openshift-master-controllers.service b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2
index 517f9c908..8952c86ef 100644
--- a/roles/openshift_master/files/atomic-openshift-master-controllers.service
+++ b/roles/openshift_master/templates/atomic-openshift-master-controllers.service.j2
@@ -2,21 +2,21 @@
Description=Atomic OpenShift Master Controllers
Documentation=https://github.com/openshift/origin
After=network.target
-After=atomic-openshift-master-api.service
-Before=atomic-openshift-node.service
+After={{ openshift.common.service_type }}-master-api.service
+Before={{ openshift.common.service_type }}-node.service
Requires=network.target
[Service]
Type=notify
-EnvironmentFile=/etc/sysconfig/atomic-openshift-master-controllers
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS
LimitNOFILE=131072
LimitCORE=infinity
-WorkingDirectory=/var/lib/origin/
-SyslogIdentifier=atomic-openshift-master-controllers
+WorkingDirectory={{ openshift.common.data_dir }}
+SyslogIdentifier={{ openshift.common.service_type }}-master-controllers
Restart=on-failure
[Install]
WantedBy=multi-user.target
-WantedBy=atomic-openshift-node.service
+WantedBy={{ openshift.common.service_type }}-node.service
diff --git a/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2 b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2
new file mode 100644
index 000000000..d12d9db90
--- /dev/null
+++ b/roles/openshift_master/templates/sessionSecretsFile.yaml.v1.j2
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: SessionSecrets
+secrets:
+{% for secret in openshift_master_session_auth_secrets %}
+- authentication: "{{ openshift_master_session_auth_secrets[loop.index0] }}"
+ encryption: "{{ openshift_master_session_encryption_secrets[loop.index0] }}"
+{% endfor %}
diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml
index ecdb4f883..534465451 100644
--- a/roles/openshift_master/vars/main.yml
+++ b/roles/openshift_master/vars/main.yml
@@ -2,6 +2,7 @@
openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml"
openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json"
+openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml"
openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json"
openshift_version: "{{ openshift_pkg_version | default('') }}"
diff --git a/roles/openshift_master_cluster/tasks/configure_deferred.yml b/roles/openshift_master_cluster/tasks/configure_deferred.yml
deleted file mode 100644
index 3b416005b..000000000
--- a/roles/openshift_master_cluster/tasks/configure_deferred.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-- debug: msg="Deferring config"
-
-- name: Start and enable the master
- service:
- name: "{{ openshift.common.service_type }}-master"
- state: started
- enabled: yes
diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml
index 315947183..6303a6e46 100644
--- a/roles/openshift_master_cluster/tasks/main.yml
+++ b/roles/openshift_master_cluster/tasks/main.yml
@@ -4,10 +4,7 @@
register: pcs_status
changed_when: false
failed_when: false
- when: not openshift.master.cluster_defer_ha | bool
+ when: openshift.master.cluster_method == "pacemaker"
- include: configure.yml
when: "pcs_status | failed and 'Error: cluster is not currently running on this node' in pcs_status.stderr"
-
-- include: configure_deferred.yml
- when: openshift.master.cluster_defer_ha | bool
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index c92008a77..9d40ae3b3 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -13,3 +13,4 @@ galaxy_info:
- cloud
dependencies:
- { role: openshift_common }
+- { role: docker }
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index c455a09f1..6f163f541 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -68,6 +68,7 @@
dest: /etc/sysconfig/{{ openshift.common.service_type }}-node
regexp: "{{ item.regex }}"
line: "{{ item.line }}"
+ create: yes
with_items:
- regex: '^OPTIONS='
line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}"
diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml
index 12e98b7a1..aa696ae12 100644
--- a/roles/openshift_repos/tasks/main.yaml
+++ b/roles/openshift_repos/tasks/main.yaml
@@ -8,7 +8,7 @@
# proper repos correctly.
- assert:
- that: openshift_deployment_type in known_openshift_deployment_types
+ that: openshift.common.deployment_type in known_openshift_deployment_types
- name: Ensure libselinux-python is installed
yum: