summaryrefslogtreecommitdiffstats
path: root/playbooks/common
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/common')
-rw-r--r--playbooks/common/openshift-cluster/config.yml3
-rw-r--r--playbooks/common/openshift-cluster/evaluate_groups.yml13
-rw-r--r--playbooks/common/openshift-cluster/scaleup.yml10
-rw-r--r--playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check17
-rw-r--r--playbooks/common/openshift-cluster/upgrades/files/versions.sh4
-rwxr-xr-xplaybooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py4
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml11
-rw-r--r--playbooks/common/openshift-etcd/config.yml2
-rw-r--r--playbooks/common/openshift-master/config.yml88
-rw-r--r--playbooks/common/openshift-node/config.yml6
10 files changed, 91 insertions, 67 deletions
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index a8bd634d3..482fa8441 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -6,6 +6,3 @@
- include: ../openshift-master/config.yml
- include: ../openshift-node/config.yml
- vars:
- osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}"
- osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].cluster_dns_ip }}"
diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml
index 2bb69614f..34da372a4 100644
--- a/playbooks/common/openshift-cluster/evaluate_groups.yml
+++ b/playbooks/common/openshift-cluster/evaluate_groups.yml
@@ -12,8 +12,8 @@
when: g_masters_group is not defined
- fail:
- msg: This playbook requires g_nodes_group to be set
- when: g_nodes_group is not defined
+ msg: This playbook requires g_nodes_group or g_new_nodes_group to be set
+ when: g_nodes_group is not defined and g_new_nodes_group is not defined
- fail:
msg: This playbook requires g_lb_group to be set
@@ -35,14 +35,19 @@
ansible_sudo: "{{ g_sudo | default(omit) }}"
with_items: groups[g_masters_group] | default([])
+ # Use g_new_nodes_group if it exists otherwise g_nodes_group
+ - set_fact:
+ g_nodes_to_config: "{{ g_new_nodes_group | default(g_nodes_group | default([])) }}"
+
- name: Evaluate oo_nodes_to_config
add_host:
name: "{{ item }}"
groups: oo_nodes_to_config
ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
ansible_sudo: "{{ g_sudo | default(omit) }}"
- with_items: groups[g_nodes_group] | default([])
+ with_items: groups[g_nodes_to_config] | default([])
+ # Skip adding the master to oo_nodes_to_config when g_new_nodes_group is
- name: Evaluate oo_nodes_to_config
add_host:
name: "{{ item }}"
@@ -50,7 +55,7 @@
ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
ansible_sudo: "{{ g_sudo | default(omit) }}"
with_items: groups[g_masters_group] | default([])
- when: g_nodeonmaster is defined and g_nodeonmaster == true
+ when: g_nodeonmaster | default(false) == true and g_new_nodes_group is not defined
- name: Evaluate oo_first_etcd
add_host:
diff --git a/playbooks/common/openshift-cluster/scaleup.yml b/playbooks/common/openshift-cluster/scaleup.yml
index 6d2777732..d2ba3fc7a 100644
--- a/playbooks/common/openshift-cluster/scaleup.yml
+++ b/playbooks/common/openshift-cluster/scaleup.yml
@@ -1,16 +1,6 @@
---
- include: evaluate_groups.yml
- vars:
- g_etcd_group: "{{ 'etcd' }}"
- g_masters_group: "{{ 'masters' }}"
- g_nodes_group: "{{ 'nodes' }}"
- g_lb_group: "{{ 'lb' }}"
- openshift_cluster_id: "{{ cluster_id | default('default') }}"
- openshift_debug_level: 2
- openshift_deployment_type: "{{ deployment_type }}"
- include: ../openshift-node/config.yml
vars:
- osn_cluster_dns_domain: "{{ hostvars[groups.oo_first_master.0].openshift.dns.domain }}"
- osn_cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}"
openshift_deployment_type: "{{ deployment_type }}"
diff --git a/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check b/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check
index b5459f312..e5c958ebb 100644
--- a/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check
+++ b/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check
@@ -111,13 +111,16 @@ def print_validation_header():
overwhelming the user.
"""
print """\
-At least one port name does not validate. Valid port names:
+At least one port name is invalid and must be corrected before upgrading.
+Please update or remove any resources with invalid port names.
- * must be less that 16 chars
+ Valid port names must:
+
+ * be less that 16 characters
* have at least one letter
- * only a-z0-9-
- * do not start or end with -
- * Dashes may not be next to eachother ('--')
+ * contain only a-z0-9-
+ * not start or end with -
+ * not contain dashes next to each other ('--')
"""
@@ -142,9 +145,9 @@ def main():
# Where the magic happens
first_error = True
for kind, path in [
+ ('deploymentconfigs', ("spec", "template", "spec", "containers")),
('replicationcontrollers', ("spec", "template", "spec", "containers")),
- ('pods', ("spec", "containers")),
- ('deploymentconfigs', ("spec", "template", "spec", "containers"))]:
+ ('pods', ("spec", "containers"))]:
for item in list_items(kind):
namespace = item["metadata"]["namespace"]
item_name = item["metadata"]["name"]
diff --git a/playbooks/common/openshift-cluster/upgrades/files/versions.sh b/playbooks/common/openshift-cluster/upgrades/files/versions.sh
index f90719cab..c7c966b60 100644
--- a/playbooks/common/openshift-cluster/upgrades/files/versions.sh
+++ b/playbooks/common/openshift-cluster/upgrades/files/versions.sh
@@ -2,9 +2,9 @@
yum_installed=$(yum list installed "$@" 2>&1 | tail -n +2 | grep -v 'Installed Packages' | grep -v 'Red Hat Subscription Management' | grep -v 'Error:' | awk '{ print $2 }' | tr '\n' ' ')
-yum_available=$(yum list available "$@" 2>&1 | tail -n +2 | grep -v 'Available Packages' | grep -v 'Red Hat Subscription Management' | grep -v 'el7ose' | grep -v 'Error:' | awk '{ print $2 }' | tr '\n' ' ')
+yum_available=$(yum list available -q "$@" 2>&1 | tail -n +2 | grep -v 'Available Packages' | grep -v 'Red Hat Subscription Management' | grep -v 'el7ose' | grep -v 'Error:' | awk '{ print $2 }' | tr '\n' ' ')
echo "---"
-echo "curr_version: ${yum_installed}"
+echo "curr_version: ${yum_installed}"
echo "avail_version: ${yum_available}"
diff --git a/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py b/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py
index a6721bb92..9a065fd1c 100755
--- a/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py
+++ b/playbooks/common/openshift-cluster/upgrades/library/openshift_upgrade_config.py
@@ -78,6 +78,10 @@ def upgrade_master_3_0_to_3_1(ansible_module, config_base, backup):
config['kubernetesMasterConfig'].pop('apiLevels')
changes.append('master-config.yaml: removed kubernetesMasterConfig.apiLevels')
+ # Add masterCA to serviceAccountConfig
+ if 'serviceAccountConfig' in config and 'masterCA' not in config['serviceAccountConfig']:
+ config['serviceAccountConfig']['masterCA'] = config['oauthConfig'].get('masterCA', 'ca.crt')
+
# Add proxyClientInfo to master-config
if 'proxyClientInfo' not in config['kubernetesMasterConfig']:
config['kubernetesMasterConfig']['proxyClientInfo'] = {
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
index eea147229..0309e8a77 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
@@ -36,9 +36,9 @@
- fail:
msg: >
- This upgrade is only supported for origin and openshift-enterprise
+ This upgrade is only supported for origin, openshift-enterprise, and online
deployment types
- when: deployment_type not in ['origin','openshift-enterprise']
+ when: deployment_type not in ['origin','openshift-enterprise', 'online']
- fail:
msg: >
@@ -517,24 +517,28 @@
- _default_router.rc == 0
- "'false' in _scc.stdout"
command: >
- {{ oc_cmd }} patch scc/privileged -p '{"allowHostPorts":true,"allowHostNetwork":true}' --loglevel=9
+ {{ oc_cmd }} patch scc/privileged -p
+ '{"allowHostPorts":true,"allowHostNetwork":true}' --api-version=v1
- name: Update deployment config to 1.0.4/3.0.1 spec
when: _default_router.rc == 0
command: >
{{ oc_cmd }} patch dc/router -p
'{"spec":{"strategy":{"rollingParams":{"updatePercent":-10},"spec":{"serviceAccount":"router","serviceAccountName":"router"}}}}'
+ --api-version=v1
- name: Switch to hostNetwork=true
when: _default_router.rc == 0
command: >
{{ oc_cmd }} patch dc/router -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}'
+ --api-version=v1
- name: Update router image to current version
when: _default_router.rc == 0
command: >
{{ oc_cmd }} patch dc/router -p
'{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}'
+ --api-version=v1
- name: Check for default registry
command: >
@@ -548,3 +552,4 @@
command: >
{{ oc_cmd }} patch dc/docker-registry -p
'{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}'
+ --api-version=v1
diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml
index ed23ada88..7d94ced2e 100644
--- a/playbooks/common/openshift-etcd/config.yml
+++ b/playbooks/common/openshift-etcd/config.yml
@@ -24,7 +24,7 @@
- /etc/etcd/ca.crt
register: g_etcd_server_cert_stat_result
- set_fact:
- etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | map(attribute='stat.exists')
+ etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | oo_collect(attribute='stat.exists')
| list | intersect([false])}}"
etcd_cert_subdir: etcd-{{ openshift.common.hostname }}
etcd_cert_config_dir: /etc/etcd
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index b1da85d5d..196cdc8fe 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -60,7 +60,7 @@
register: g_external_etcd_cert_stat_result
- set_fact:
etcd_client_certs_missing: "{{ g_external_etcd_cert_stat_result.results
- | map(attribute='stat.exists')
+ | oo_collect(attribute='stat.exists')
| list | intersect([false])}}"
etcd_cert_subdir: openshift-master-{{ openshift.common.hostname }}
etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
@@ -157,7 +157,7 @@
register: g_master_cert_stat_result
- set_fact:
master_certs_missing: "{{ False in (g_master_cert_stat_result.results
- | map(attribute='stat.exists')
+ | oo_collect(attribute='stat.exists')
| list ) }}"
master_cert_subdir: master-{{ openshift.common.hostname }}
master_cert_config_dir: "{{ openshift.common.config_base }}/master"
@@ -204,14 +204,6 @@
validate_checksum: yes
with_items: masters_needing_certs
-- name: Inspect named certificates
- hosts: oo_first_master
- tasks:
- - name: Collect certificate names
- set_fact:
- parsed_named_certificates: "{{ openshift_master_named_certificates | oo_parse_certificate_names(master_cert_config_dir, openshift.common.internal_hostnames) }}"
- when: openshift_master_named_certificates is defined
-
- name: Compute haproxy_backend_servers
hosts: localhost
connection: local
@@ -252,31 +244,69 @@
- fail:
msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length"
when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length)
+ - name: Install OpenSSL package
+ action: "{{ansible_pkg_mgr}} pkg=openssl state=present"
- name: Generate session authentication key
command: /usr/bin/openssl rand -base64 24
register: session_auth_output
- with_sequence: count=1
when: openshift_master_session_auth_secrets is undefined
- name: Generate session encryption key
command: /usr/bin/openssl rand -base64 24
register: session_encryption_output
- with_sequence: count=1
when: openshift_master_session_encryption_secrets is undefined
- set_fact:
- session_auth_secret: "{{ openshift_master_session_auth_secrets
- | default(session_auth_output.results
- | map(attribute='stdout')
- | list) }}"
- session_encryption_secret: "{{ openshift_master_session_encryption_secrets
- | default(session_encryption_output.results
- | map(attribute='stdout')
- | list) }}"
+ session_auth_secret: "{{ openshift_master_session_auth_secrets | default([session_auth_output.stdout]) }}"
+ session_encryption_secret: "{{ openshift_master_session_encryption_secrets | default([session_encryption_output.stdout]) }}"
+
+- name: Parse named certificates
+ hosts: localhost
+ vars:
+ internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}"
+ named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}"
+ named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].master_cert_config_dir }}/named_certificates/"
+ tasks:
+ - set_fact:
+ parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}"
+ when: named_certificates | length > 0
+
+- name: Deploy named certificates
+ hosts: oo_masters_to_config
+ vars:
+ named_certs_dir: "{{ master_cert_config_dir }}/named_certificates/"
+ named_certs_specified: "{{ openshift_master_named_certificates is defined }}"
+ overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}"
+ roles:
+ - role: openshift_facts
+ post_tasks:
+ - openshift_facts:
+ role: master
+ local_facts:
+ named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}"
+ additive_facts_to_overwrite:
+ - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}"
+ - name: Clear named certificates
+ file:
+ path: "{{ named_certs_dir }}"
+ state: absent
+ when: overwrite_named_certs | bool
+ - name: Ensure named certificate directory exists
+ file:
+ path: "{{ named_certs_dir }}"
+ state: directory
+ when: named_certs_specified | bool
+ - name: Land named certificates
+ copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}"
+ with_items: openshift_master_named_certificates
+ when: named_certs_specified | bool
+ - name: Land named certificate keys
+ copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}"
+ with_items: openshift_master_named_certificates
+ when: named_certs_specified | bool
- name: Configure master instances
hosts: oo_masters_to_config
serial: 1
vars:
- named_certificates: "{{ hostvars[groups['oo_first_master'][0]]['parsed_named_certificates'] | default([])}}"
sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
openshift_master_count: "{{ groups.oo_masters_to_config | length }}"
@@ -314,20 +344,8 @@
- openshift_examples
- role: openshift_cluster_metrics
when: openshift.common.use_cluster_metrics | bool
-
-- name: Determine cluster dns ip
- hosts: oo_first_master
- tasks:
- - name: Get master service ip
- command: "{{ openshift.common.client_binary }} get -o template svc kubernetes --template=\\{\\{.spec.clusterIP\\}\\}"
- register: master_service_ip_output
- when: openshift.common.version_greater_than_3_1_or_1_1 | bool
- - set_fact:
- cluster_dns_ip: "{{ hostvars[groups.oo_first_master.0].openshift.dns.ip }}"
- when: not openshift.common.version_greater_than_3_1_or_1_1 | bool
- - set_fact:
- cluster_dns_ip: "{{ master_service_ip_output.stdout }}"
- when: openshift.common.version_greater_than_3_1_or_1_1 | bool
+ - role: openshift_manageiq
+ when: openshift.common.use_manageiq | bool
- name: Enable cockpit
hosts: oo_first_master
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 8da9e231f..952a9fd51 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -33,7 +33,7 @@
- server.crt
register: stat_result
- set_fact:
- certs_missing: "{{ stat_result.results | map(attribute='stat.exists')
+ certs_missing: "{{ stat_result.results | oo_collect(attribute='stat.exists')
| list | intersect([false])}}"
node_subdir: node-{{ openshift.common.hostname }}
config_dir: "{{ openshift.common.config_base }}/generated-configs/node-{{ openshift.common.hostname }}"
@@ -48,7 +48,7 @@
when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
- set_fact:
etcd_client_flannel_certs_missing: "{{ g_external_etcd_flannel_cert_stat_result.results
- | map(attribute='stat.exists')
+ | oo_collect(attribute='stat.exists')
| list | intersect([false])}}"
etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }}
etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
@@ -158,8 +158,10 @@
vars:
sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
+ # TODO: Prefix flannel role variables.
etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}"
embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
+ openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
pre_tasks:
- name: Ensure certificate directory exists
file:
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-30 17:56:29 +0000