summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/etcd/tasks/main.yml2
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py113
-rw-r--r--roles/openshift_master_ca/tasks/main.yml2
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml34
-rw-r--r--roles/openshift_repos/tasks/main.yaml8
-rw-r--r--roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j26
6 files changed, 107 insertions, 58 deletions
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 1e97b047b..e72509c4d 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -8,7 +8,7 @@
when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4"
- name: Install etcd
- action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present"
+ action: "{{ ansible_pkg_mgr }} name=etcd state=present"
when: not openshift.common.is_containerized | bool
- name: Pull etcd container
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 34fbe1296..0f25881f1 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -916,41 +916,79 @@ def apply_provider_facts(facts, provider_facts):
facts['provider'] = provider_facts
return facts
-
-def merge_facts(orig, new, additive_facts_to_overwrite):
+# Disabling pylint too many branches. This function needs refactored
+# but is a very core part of openshift_facts.
+# pylint: disable=too-many-branches
+def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overwrite):
""" Recursively merge facts dicts
Args:
orig (dict): existing facts
new (dict): facts to update
-
additive_facts_to_overwrite (list): additive facts to overwrite in jinja
'.' notation ex: ['master.named_certificates']
+ protected_facts_to_overwrite (list): protected facts to overwrite in jinja
+ '.' notation ex: ['master.master_count']
Returns:
dict: the merged facts
"""
additive_facts = ['named_certificates']
+ protected_facts = ['ha', 'master_count']
facts = dict()
for key, value in orig.iteritems():
+ # Key exists in both old and new facts.
if key in new:
+ # Continue to recurse if old and new fact is a dictionary.
if isinstance(value, dict) and isinstance(new[key], dict):
+ # Collect the subset of additive facts to overwrite if
+ # key matches. These will be passed to the subsequent
+ # merge_facts call.
relevant_additive_facts = []
- # Keep additive_facts_to_overwrite if key matches
for item in additive_facts_to_overwrite:
if '.' in item and item.startswith(key + '.'):
relevant_additive_facts.append(item)
- facts[key] = merge_facts(value, new[key], relevant_additive_facts)
+
+ # Collect the subset of protected facts to overwrite
+ # if key matches. These will be passed to the
+ # subsequent merge_facts call.
+ relevant_protected_facts = []
+ for item in protected_facts_to_overwrite:
+ if '.' in item and item.startswith(key + '.'):
+ relevant_protected_facts.append(item)
+ facts[key] = merge_facts(value, new[key], relevant_additive_facts, relevant_protected_facts)
+ # Key matches an additive fact and we are not overwriting
+ # it so we will append the new value to the existing value.
elif key in additive_facts and key not in [x.split('.')[-1] for x in additive_facts_to_overwrite]:
- # Fact is additive so we'll combine orig and new.
if isinstance(value, list) and isinstance(new[key], list):
new_fact = []
for item in copy.deepcopy(value) + copy.deepcopy(new[key]):
if item not in new_fact:
new_fact.append(item)
facts[key] = new_fact
+ # Key matches a protected fact and we are not overwriting
+ # it so we will determine if it is okay to change this
+ # fact.
+ elif key in protected_facts and key not in [x.split('.')[-1] for x in protected_facts_to_overwrite]:
+ # The master count (int) can only increase unless it
+ # has been passed as a protected fact to overwrite.
+ if key == 'master_count':
+ if int(value) <= int(new[key]):
+ facts[key] = copy.deepcopy(new[key])
+ else:
+ module.fail_json(msg='openshift_facts received a lower value for openshift.master.master_count')
+ # ha (bool) can not change unless it has been passed
+ # as a protected fact to overwrite.
+ if key == 'ha':
+ if bool(value) != bool(new[key]):
+ module.fail_json(msg='openshift_facts received a different value for openshift.master.ha')
+ else:
+ facts[key] = value
+ # No other condition has been met. Overwrite the old fact
+ # with the new value.
else:
facts[key] = copy.deepcopy(new[key])
+ # Key isn't in new so add it to facts to keep it.
else:
facts[key] = copy.deepcopy(value)
new_keys = set(new.keys()) - set(orig.keys())
@@ -1114,6 +1152,8 @@ class OpenShiftFacts(object):
local_facts (dict): local facts to set
additive_facts_to_overwrite (list): additive facts to overwrite in jinja
'.' notation ex: ['master.named_certificates']
+ protected_facts_to_overwrite (list): protected facts to overwrite in jinja
+ '.' notation ex: ['master.master_count']
Raises:
OpenShiftFactsUnsupportedRoleError:
@@ -1122,7 +1162,10 @@ class OpenShiftFacts(object):
# Disabling too-many-arguments, this should be cleaned up as a TODO item.
# pylint: disable=too-many-arguments
- def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=False, openshift_env=None):
+ def __init__(self, role, filename, local_facts,
+ additive_facts_to_overwrite=None,
+ openshift_env=None,
+ protected_facts_to_overwrite=None):
self.changed = False
self.filename = filename
if role not in self.known_roles:
@@ -1131,27 +1174,41 @@ class OpenShiftFacts(object):
)
self.role = role
self.system_facts = ansible_facts(module)
- self.facts = self.generate_facts(local_facts, additive_facts_to_overwrite, openshift_env)
-
- def generate_facts(self, local_facts, additive_facts_to_overwrite, openshift_env):
+ self.facts = self.generate_facts(local_facts,
+ additive_facts_to_overwrite,
+ openshift_env,
+ protected_facts_to_overwrite)
+
+ def generate_facts(self,
+ local_facts,
+ additive_facts_to_overwrite,
+ openshift_env,
+ protected_facts_to_overwrite):
""" Generate facts
Args:
- local_facts (dict): local_facts for overriding generated
- defaults
+ local_facts (dict): local_facts for overriding generated defaults
additive_facts_to_overwrite (list): additive facts to overwrite in jinja
'.' notation ex: ['master.named_certificates']
-
+ openshift_env (dict): openshift_env facts for overriding generated defaults
+ protected_facts_to_overwrite (list): protected facts to overwrite in jinja
+ '.' notation ex: ['master.master_count']
Returns:
dict: The generated facts
"""
- local_facts = self.init_local_facts(local_facts, additive_facts_to_overwrite, openshift_env)
+ local_facts = self.init_local_facts(local_facts,
+ additive_facts_to_overwrite,
+ openshift_env,
+ protected_facts_to_overwrite)
roles = local_facts.keys()
defaults = self.get_defaults(roles)
provider_facts = self.init_provider_facts()
facts = apply_provider_facts(defaults, provider_facts)
- facts = merge_facts(facts, local_facts, additive_facts_to_overwrite)
+ facts = merge_facts(facts,
+ local_facts,
+ additive_facts_to_overwrite,
+ protected_facts_to_overwrite)
facts['current_config'] = get_current_config(facts)
facts = set_url_facts_if_unset(facts)
facts = set_project_cfg_facts_if_unset(facts)
@@ -1315,13 +1372,20 @@ class OpenShiftFacts(object):
# Disabling too-many-branches. This should be cleaned up as a TODO item.
#pylint: disable=too-many-branches
- def init_local_facts(self, facts=None, additive_facts_to_overwrite=False, openshift_env=None):
+ def init_local_facts(self, facts=None,
+ additive_facts_to_overwrite=None,
+ openshift_env=None,
+ protected_facts_to_overwrite=None):
""" Initialize the provider facts
Args:
facts (dict): local facts to set
additive_facts_to_overwrite (list): additive facts to overwrite in jinja
'.' notation ex: ['master.named_certificates']
+ openshift_env (dict): openshift env facts to set
+ protected_facts_to_overwrite (list): protected facts to overwrite in jinja
+ '.' notation ex: ['master.master_count']
+
Returns:
dict: The result of merging the provided facts with existing
@@ -1347,7 +1411,10 @@ class OpenShiftFacts(object):
elif key not in current_level:
current_level[key] = dict()
current_level = current_level[key]
- facts_to_set = merge_facts(facts_to_set, oo_env_facts, [])
+ facts_to_set = merge_facts(orig=facts_to_set,
+ new=oo_env_facts,
+ additive_facts_to_overwrite=[],
+ protected_facts_to_overwrite=[])
local_facts = get_local_facts_from_file(self.filename)
@@ -1356,7 +1423,10 @@ class OpenShiftFacts(object):
basestring):
facts_to_set[arg] = module.from_json(facts_to_set[arg])
- new_local_facts = merge_facts(local_facts, facts_to_set, additive_facts_to_overwrite)
+ new_local_facts = merge_facts(local_facts,
+ facts_to_set,
+ additive_facts_to_overwrite,
+ protected_facts_to_overwrite)
for facts in new_local_facts.values():
keys_to_delete = []
if isinstance(facts, dict):
@@ -1452,7 +1522,8 @@ def main():
choices=OpenShiftFacts.known_roles),
local_facts=dict(default=None, type='dict', required=False),
additive_facts_to_overwrite=dict(default=[], type='list', required=False),
- openshift_env=dict(default={}, type='dict', required=False)
+ openshift_env=dict(default={}, type='dict', required=False),
+ protected_facts_to_overwrite=dict(default=[], type='list', required=False),
),
supports_check_mode=True,
add_file_common_args=True,
@@ -1462,6 +1533,7 @@ def main():
local_facts = module.params['local_facts']
additive_facts_to_overwrite = module.params['additive_facts_to_overwrite']
openshift_env = module.params['openshift_env']
+ protected_facts_to_overwrite = module.params['protected_facts_to_overwrite']
fact_file = '/etc/ansible/facts.d/openshift.fact'
@@ -1469,7 +1541,8 @@ def main():
fact_file,
local_facts,
additive_facts_to_overwrite,
- openshift_env)
+ openshift_env,
+ protected_facts_to_overwrite)
file_params = module.params.copy()
file_params['path'] = fact_file
diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml
index 6d9be81c0..66960e73e 100644
--- a/roles/openshift_master_ca/tasks/main.yml
+++ b/roles/openshift_master_ca/tasks/main.yml
@@ -25,4 +25,4 @@
--master={{ openshift.master.api_url }}
--public-master={{ openshift.master.public_api_url }}
--cert-dir={{ openshift_master_config_dir }} --overwrite=false
- when: master_certs_missing
+ when: master_certs_missing | bool
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 7c58e943a..72869a592 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -6,40 +6,16 @@
mode: 0700
with_items: masters_needing_certs
-- set_fact:
- master_certificates:
- - ca.crt
- - ca.key
- - ca.serial.txt
- - admin.crt
- - admin.key
- - admin.kubeconfig
- - master.kubelet-client.crt
- - master.kubelet-client.key
- - master.server.crt
- - master.server.key
- - openshift-master.crt
- - openshift-master.key
- - openshift-master.kubeconfig
- - openshift-registry.crt
- - openshift-registry.key
- - openshift-registry.kubeconfig
- - openshift-router.crt
- - openshift-router.key
- - openshift-router.kubeconfig
- - serviceaccounts.private.key
- - serviceaccounts.public.key
- master_31_certificates:
- - master.proxy-client.crt
- - master.proxy-client.key
-
- file:
src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
state: hard
with_nested:
- masters_needing_certs
- - "{{ master_certificates | union(master_31_certificates) if openshift.common.version_gte_3_1_or_1_1 | bool else master_certificates }}"
+ -
+ - ca.crt
+ - ca.key
+ - ca.serial.txt
- name: Create the master certificates if they do not already exist
command: >
@@ -49,5 +25,5 @@
--public-master={{ item.openshift.master.public_api_url }}
--cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
--overwrite=false
- when: master_certs_missing
+ when: item.master_certs_missing | bool
with_items: masters_needing_certs
diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml
index 8a75639c2..6143805ca 100644
--- a/roles/openshift_repos/tasks/main.yaml
+++ b/roles/openshift_repos/tasks/main.yaml
@@ -46,19 +46,19 @@
with_fileglob:
- '*/repos/*'
when: not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) and
- (ansible_distribution == "Fedora")
+ (ansible_distribution == "Fedora")
and not openshift.common.is_containerized | bool
notify: refresh cache
- name: Configure gpg keys if needed
- copy: src={{ item }} dest=/etc/pki/rpm-gpg/
+ copy: src="{{ item }}" dest=/etc/pki/rpm-gpg/
with_fileglob:
- "{{ openshift_deployment_type }}/gpg_keys/*"
notify: refresh cache
when: not openshift.common.is_containerized | bool
- name: Configure yum repositories RHEL/CentOS
- copy: src={{ item }} dest=/etc/yum.repos.d/
+ copy: src="{{ item }}" dest=/etc/yum.repos.d/
with_fileglob:
- "{{ openshift_deployment_type }}/repos/*"
notify: refresh cache
@@ -66,7 +66,7 @@
and not openshift.common.is_containerized | bool
- name: Configure yum repositories Fedora
- copy: src={{ item }} dest=/etc/yum.repos.d/
+ copy: src="{{ item }}" dest=/etc/yum.repos.d/
with_fileglob:
- "fedora-{{ openshift_deployment_type }}/repos/*"
notify: refresh cache
diff --git a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
index d85d8b94e..e17092202 100644
--- a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
+++ b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
@@ -43,13 +43,13 @@ ExecStart=/usr/bin/docker run --name {{ osohm_host_monitoring }}
-e ZAGG_URL={{ osohm_zagg_web_url }} \
-e ZAGG_USER={{ osohm_default_zagg_server_user }} \
-e ZAGG_PASSWORD={{ osohm_default_zagg_server_password }} \
- -e ZAGG_CLIENT_HOSTNAME={{ ec2_tag_Name }} \
+ -e ZAGG_CLIENT_HOSTNAME={{ oo_name }} \
-e ZAGG_SSL_VERIFY={{ osohm_zagg_verify_ssl }} \
-e OSO_CLUSTER_GROUP={{ cluster_group }} \
-e OSO_CLUSTER_ID={{ oo_clusterid }} \
-e OSO_ENVIRONMENT={{ oo_environment }} \
- -e OSO_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_host-type'] }} \
- -e OSO_SUB_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] }} \
+ -e OSO_HOST_TYPE={{ hostvars[inventory_hostname]['oo_hosttype'] }} \
+ -e OSO_SUB_HOST_TYPE={{ hostvars[inventory_hostname]['oo_subhosttype'] }} \
-e OSO_MASTER_HA={{ osohm_master_ha }} \
-v /etc/localtime:/etc/localtime \
-v /sys:/sys:ro \
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 02:55:10 +0000