diff options
Diffstat (limited to 'playbooks')
8 files changed, 87 insertions, 29 deletions
| diff --git a/playbooks/adhoc/sdn_restart/oo-sdn-restart.yml b/playbooks/adhoc/sdn_restart/oo-sdn-restart.yml new file mode 100755 index 000000000..0dc021fbc --- /dev/null +++ b/playbooks/adhoc/sdn_restart/oo-sdn-restart.yml @@ -0,0 +1,53 @@ +#!/usr/bin/ansible-playbook +--- +#example run: +# ansible-playbook -e "host=ops-node-compute-abcde" oo-sdn-restart.yml +# + +- name: Check vars +  hosts: localhost +  gather_facts: false +  +  pre_tasks: +  - fail: +      msg: "Playbook requires host to be set" +    when: host is not defined or host == '' + +- name: Restart openshift/docker (and monitoring containers) +  hosts: oo_version_3:&oo_name_{{ host }} +  gather_facts: false +  user: root + +  tasks: +  - name: stop openshift/docker +    service: +      name: "{{ item }}" +      state: stopped +    with_items: +    - atomic-openshift-node +    - docker + +  - name: restart openvswitch +    service: +      name: openvswitch +      state: restarted + +  - name: wait 5 sec +    pause: +      seconds: 5 + +  - name: start openshift/docker +    service: +      name: "{{ item }}" +      state: started +    with_items: +    - atomic-openshift-node +    - docker + +  - name: start monitoring containers +    service: +      name: "{{ item }}" +      state: restarted +    with_items: +    - oso-f22-host-monitoring +    - oso-rhel7-zagg-client diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 55df78a3f..ac20f5f9b 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -40,6 +40,7 @@          - atomic-openshift-master-controllers          - atomic-openshift-node          - etcd +        - haproxy          - openshift-master          - openshift-master-api          - openshift-master-controllers @@ -67,6 +68,7 @@          - atomic-openshift-sdn-ovs          - corosync          - etcd +        - haproxy          - openshift          - openshift-master          - openshift-node diff --git a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 231356798..11026e38d 100644 --- a/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -4,8 +4,8 @@  #  ansible-playbook playbooks/aws/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml -e deployment_type=online -e cluster_id=<cluster_id>  - include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml    vars_files: -  - ../../../../aws/openshift-cluster/vars.yml -  - ../../../../aws/openshift-cluster/cluster_hosts.yml +  - "{{lookup('file', '../../../../aws/openshift-cluster/vars.yml')}}" +  - "{{lookup('file', '../../../../aws/openshift-cluster/cluster_hosts.yml')}}"    vars:      g_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"      g_sudo: "{{ deployment_vars[deployment_type].sudo }}" diff --git a/playbooks/aws/openshift-cluster/vars.yml b/playbooks/aws/openshift-cluster/vars.yml index 452c90d6a..c8ee9bad4 100644 --- a/playbooks/aws/openshift-cluster/vars.yml +++ b/playbooks/aws/openshift-cluster/vars.yml @@ -3,7 +3,7 @@ debug_level: 2  deployment_vars:    origin:      # centos-7, requires marketplace -    image: ami-96a818fe +    image: ami-61bbf104      image_name:      region: us-east-1      ssh_user: centos diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml index 58c04d41d..b52456dcd 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_minor/upgrade.yml @@ -1,7 +1,7 @@  ---  - include: ../../../../common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml    vars_files: -  - ../../../../byo/openshift-cluster/cluster_hosts.yml +  - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}"    vars:      g_etcd_hosts: "{{ groups.etcd | default([]) }}"      g_master_hosts: "{{ groups.masters | default([]) }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 2f9e8dc7a..e07e2b88e 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -1,7 +1,7 @@  ---  - include: ../../../../common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml    vars_files: -  - ../../../../byo/openshift-cluster/cluster_hosts.yml +  - "{{lookup('file', '../../../../byo/openshift-cluster/cluster_hosts.yml')}}"    vars:      g_etcd_hosts: "{{ groups.etcd | default([]) }}"      g_master_hosts: "{{ groups.masters | default([]) }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 759656e63..677c274c4 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -236,29 +236,32 @@    - role: haproxy      when: groups.oo_masters_to_config | length > 1 -- name: Generate master session keys +- name: Check for cached session secrets    hosts: oo_first_master +  roles: +  - role: openshift_facts +  post_tasks: +  - openshift_facts: +      role: master +      local_facts: +          session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(openshift.master.session_auth_secrets | default(None)) }}" +          session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(openshift.master.session_encryption_secrets | default(None)) }}" + +- name: Generate master session secrets +  hosts: oo_first_master +  vars: +    g_session_secrets_present: "{{ (openshift.master.session_auth_secrets | default([]) and openshift.master.session_encryption_secrets | default([])) | length > 0 }}" +    g_session_auth_secrets: "{{ [ 24 | oo_generate_secret ] }}" +    g_session_encryption_secrets: "{{ [ 24 | oo_generate_secret ] }}" +  roles: +  - role: openshift_facts    tasks: -  - fail: -      msg: "Both openshift_master_session_auth_secrets and openshift_master_session_encryption_secrets must be provided if either variable is set" -    when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is not defined) or (openshift_master_session_encryption_secrets is defined and openshift_master_session_auth_secrets is not defined) -  - fail: -      msg: "openshift_master_session_auth_secrets and openshift_master_encryption_secrets must be equal length" -    when: (openshift_master_session_auth_secrets is defined and openshift_master_session_encryption_secrets is defined) and (openshift_master_session_auth_secrets | length != openshift_master_session_encryption_secrets | length) -  - name: Install OpenSSL package -    action: "{{ ansible_pkg_mgr }} name=openssl state=present" -    when: not openshift.common.is_atomic | bool -  - name: Generate session authentication key -    command: /usr/bin/openssl rand -base64 24 -    register: session_auth_output -    when: openshift_master_session_auth_secrets is undefined -  - name: Generate session encryption key -    command: /usr/bin/openssl rand -base64 24 -    register: session_encryption_output -    when: openshift_master_session_encryption_secrets is undefined -  - set_fact: -      session_auth_secret: "{{ openshift_master_session_auth_secrets | default([session_auth_output.stdout]) }}" -      session_encryption_secret: "{{ openshift_master_session_encryption_secrets | default([session_encryption_output.stdout]) }}" +  - openshift_facts: +      role: master +      local_facts: +        session_auth_secrets: "{{ g_session_auth_secrets }}" +        session_encryption_secrets: "{{ g_session_encryption_secrets }}" +    when: not g_session_secrets_present | bool  - name: Parse named certificates    hosts: localhost @@ -314,8 +317,8 @@      sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"      openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"      openshift_master_count: "{{ groups.oo_masters_to_config | length }}" -    openshift_master_session_auth_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_auth_secret'] }}" -    openshift_master_session_encryption_secrets: "{{ hostvars[groups['oo_first_master'][0]]['session_encryption_secret'] }}" +    openshift_master_session_auth_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_auth_secrets }}" +    openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}"    pre_tasks:    - name: Ensure certificate directory exists      file: diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml index d0abe9fa5..d4ab51fa7 100644 --- a/playbooks/openstack/openshift-cluster/terminate.yml +++ b/playbooks/openstack/openshift-cluster/terminate.yml @@ -11,7 +11,7 @@        groups: oo_hosts_to_terminate        ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"        ansible_sudo: "{{ deployment_vars[deployment_type].sudo }}" -    with_items: (groups['tag_environment_' ~ cluster_env]|default([])) | groups['tag_clusterid_' ~ cluster_id ] | default([]) +    with_items: (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([]))  - name: Unsubscribe VMs    hosts: oo_hosts_to_terminate | 
