summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/docker/tasks/main.yml2
-rw-r--r--roles/etcd/handlers/main.yml2
-rw-r--r--roles/etcd/tasks/main.yml2
-rw-r--r--roles/openshift_docker/handlers/main.yml6
-rw-r--r--roles/openshift_docker/tasks/main.yml6
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py10
-rw-r--r--roles/openshift_master/handlers/main.yml6
-rw-r--r--roles/openshift_master/tasks/main.yml6
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j24
-rw-r--r--roles/openshift_node/handlers/main.yml2
-rw-r--r--roles/openshift_node/tasks/main.yml2
-rw-r--r--roles/openshift_registry/tasks/main.yml18
-rw-r--r--roles/openshift_storage_nfs/README.md52
-rw-r--r--roles/openshift_storage_nfs/defaults/main.yml8
-rw-r--r--roles/openshift_storage_nfs/handlers/main.yml6
-rw-r--r--roles/openshift_storage_nfs/meta/main.yml15
-rw-r--r--roles/openshift_storage_nfs/tasks/main.yml49
-rw-r--r--roles/openshift_storage_nfs/templates/exports.j21
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml2
19 files changed, 178 insertions, 21 deletions
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 4e24fd3b3..a56f1f391 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -12,7 +12,7 @@
register: start_result
- set_fact:
- docker_service_status_changed = start_result | changed
+ docker_service_status_changed: start_result | changed
- include: udev_workaround.yml
when: docker_udev_workaround | default(False)
diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml
index aeb26d6b2..e00e1cac4 100644
--- a/roles/etcd/handlers/main.yml
+++ b/roles/etcd/handlers/main.yml
@@ -2,4 +2,4 @@
- name: restart etcd
service: name={{ etcd_service }} state=restarted
- when: not etcd_service_status_changed | default(false)
+ when: not (etcd_service_status_changed | default(false) | bool)
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 2160ed817..e83cfc33c 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -104,4 +104,4 @@
register: start_result
- set_fact:
- etcd_service_status_changed = start_result | changed
+ etcd_service_status_changed: "{{ start_result | changed }}"
diff --git a/roles/openshift_docker/handlers/main.yml b/roles/openshift_docker/handlers/main.yml
new file mode 100644
index 000000000..92a6c325f
--- /dev/null
+++ b/roles/openshift_docker/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: restart openshift_docker
+ service:
+ name: docker
+ state: restarted
diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml
index 75e782eef..5a285e773 100644
--- a/roles/openshift_docker/tasks/main.yml
+++ b/roles/openshift_docker/tasks/main.yml
@@ -18,7 +18,7 @@
- stat: path=/etc/sysconfig/docker
register: docker_check
-
+
- name: Set registry params
lineinfile:
dest: /etc/sysconfig/docker
@@ -36,7 +36,7 @@
reg_fact_val: "{{ openshift.common.docker_insecure_registries }}"
reg_flag: --insecure-registry
notify:
- - restart docker
+ - restart openshift_docker
# TODO: Enable secure registry when code available in origin
# TODO: perhaps move this to openshift_docker?
@@ -50,4 +50,4 @@
{% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '"
when: docker_check.stat.isreg
notify:
- - restart docker \ No newline at end of file
+ - restart openshift_docker
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index fed00132a..911a684fc 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -1052,7 +1052,7 @@ class OpenShiftFacts(object):
Raises:
OpenShiftFactsUnsupportedRoleError:
"""
- known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'etcd']
+ known_roles = ['common', 'master', 'node', 'master_sdn', 'node_sdn', 'etcd', 'nfs']
def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=False):
self.changed = False
@@ -1121,7 +1121,7 @@ class OpenShiftFacts(object):
common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr,
deployment_type='origin', hostname=hostname,
- public_hostname=hostname, use_manageiq=False)
+ public_hostname=hostname, use_manageiq=True)
common['client_binary'] = 'oc'
common['admin_binary'] = 'oadm'
common['dns_domain'] = 'cluster.local'
@@ -1146,6 +1146,12 @@ class OpenShiftFacts(object):
node = dict(labels={}, annotations={}, portal_net='172.30.0.0/16',
iptables_sync_period='5s', set_node_ip=False)
defaults['node'] = node
+
+ if 'nfs' in roles:
+ nfs = dict(exports_dir='/var/export', registry_volume='regvol',
+ export_options='*(rw,sync,all_squash)')
+ defaults['nfs'] = nfs
+
return defaults
def guess_host_provider(self):
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml
index d9c4ba1d7..e1b95eda4 100644
--- a/roles/openshift_master/handlers/main.yml
+++ b/roles/openshift_master/handlers/main.yml
@@ -1,12 +1,12 @@
---
- name: restart master
service: name={{ openshift.common.service_type }}-master state=restarted
- when: (not openshift_master_ha | bool) and (not master_service_status_changed | default(false))
+ when: (not openshift_master_ha | bool) and (not (master_service_status_changed | default(false) | bool))
- name: restart master api
service: name={{ openshift.common.service_type }}-master-api state=restarted
- when: (openshift_master_ha | bool) and (not master_api_service_status_changed | default(false)) and openshift.master.cluster_method == 'native'
+ when: (openshift_master_ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
- name: restart master controllers
service: name={{ openshift.common.service_type }}-master-controllers state=restarted
- when: (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and openshift.master.cluster_method == 'native'
+ when: (openshift_master_ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 46a8cea96..a22654678 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -292,7 +292,7 @@
when: openshift_master_ha | bool
- set_fact:
- master_service_status_changed: start_result | changed
+ master_service_status_changed: "{{ start_result | changed }}"
when: not openshift_master_ha | bool
- name: Start and enable master api
@@ -301,7 +301,7 @@
register: start_result
- set_fact:
- master_api_service_status_changed: start_result | changed
+ master_api_service_status_changed: "{{ start_result | changed }}"
when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
- name: Start and enable master controller
@@ -310,7 +310,7 @@
register: start_result
- set_fact:
- master_controllers_service_status_changed: start_result | changed
+ master_controllers_service_status_changed: "{{ start_result | changed }}"
when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
- name: Install cluster packages
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 5f73461d4..317049c44 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -87,8 +87,8 @@ kubernetesMasterConfig:
- v1beta3
- v1
{% endif %}
- apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }}
- controllerArguments: {{ controller_args if controller_args is defined else 'null' }}
+ apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_json }}
+ controllerArguments: {{ openshift.master.controller_args | default(None) | to_json }}
masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }}
masterIP: {{ openshift.common.ip }}
podEvictionTimeout: ""
diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml
index 447ca85f3..c288f4d05 100644
--- a/roles/openshift_node/handlers/main.yml
+++ b/roles/openshift_node/handlers/main.yml
@@ -1,7 +1,7 @@
---
- name: restart node
service: name={{ openshift.common.service_type }}-node state=restarted
- when: not node_service_status_changed | default(false)
+ when: not (node_service_status_changed | default(false) | bool)
- name: restart docker
service: name=docker state=restarted
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 96383439c..33852d7f8 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -135,4 +135,4 @@
register: start_result
- set_fact:
- node_service_status_changed: start_result | changed
+ node_service_status_changed: "{{ start_result | changed }}"
diff --git a/roles/openshift_registry/tasks/main.yml b/roles/openshift_registry/tasks/main.yml
index 749eea5c0..2804e8f2e 100644
--- a/roles/openshift_registry/tasks/main.yml
+++ b/roles/openshift_registry/tasks/main.yml
@@ -1,6 +1,4 @@
---
-# This role is unused until we add options for configuring the backend storage
-
- set_fact: _oreg_images="--images='{{ openshift.master.registry_url }}'"
- set_fact: _oreg_selector="--selector='{{ openshift.master.registry_selector }}'"
@@ -12,3 +10,19 @@
--credentials={{ openshift_master_config_dir }}/openshift-registry.kubeconfig {{ _oreg_images }}
register: _oreg_results
changed_when: "'service exists' not in _oreg_results.stdout"
+
+- name: Determine if nfs volume is already attached
+ command: "{{ openshift.common.client_binary }} get -o template dc/docker-registry --template=\\{\\{.spec.template.spec.volumes\\}\\}"
+ register: registry_volumes_output
+ when: attach_registry_volume | bool
+
+- set_fact:
+ volume_already_attached: "{{ 'server:' + nfs_host in registry_volumes_output.stdout and 'path:' + registry_volume_path in registry_volumes_output.stdout }}"
+ when: attach_registry_volume | bool
+
+- name: Add nfs volume to dc/docker-registry
+ command: >
+ {{ openshift.common.client_binary }} volume dc/docker-registry
+ --add --overwrite --name=registry-storage --mount-path=/registry
+ --source='{"nfs": {"server": "{{ nfs_host }}", "path": "{{ registry_volume_path }}"}}'
+ when: attach_registry_volume | bool and not volume_already_attached | bool
diff --git a/roles/openshift_storage_nfs/README.md b/roles/openshift_storage_nfs/README.md
new file mode 100644
index 000000000..548e146cb
--- /dev/null
+++ b/roles/openshift_storage_nfs/README.md
@@ -0,0 +1,52 @@
+OpenShift NFS Server
+====================
+
+OpenShift NFS Server Installation
+
+Requirements
+------------
+
+This role is intended to be applied to the [nfs] host group which is
+separate from OpenShift infrastructure components.
+
+Requires access to the 'nfs-utils' package.
+
+Role Variables
+--------------
+
+From this role:
+| Name | Default value | |
+|-------------------------------|-----------------------|--------------------------------------------------|
+| openshift_nfs_exports_dir | /var/export | Root export directory. |
+| openshift_nfs_registry_volume | regvol | Registry volume within openshift_nfs_exports_dir |
+| openshift_nfs_export_options | *(rw,sync,all_squash) | NFS options for configured exports. |
+
+
+From openshift_common:
+| Name | Default Value | |
+|-------------------------------|----------------|----------------------------------------|
+| openshift_debug_level | 2 | Global openshift debug log verbosity |
+
+
+Dependencies
+------------
+
+
+
+Example Playbook
+----------------
+
+- name: Configure nfs hosts
+ hosts: oo_nfs_to_config
+ roles:
+ - role: openshift_storage_nfs
+
+License
+-------
+
+Apache License, Version 2.0
+
+Author Information
+------------------
+
+Andrew Butcher (abutcher@redhat.com)
diff --git a/roles/openshift_storage_nfs/defaults/main.yml b/roles/openshift_storage_nfs/defaults/main.yml
new file mode 100644
index 000000000..e25062c00
--- /dev/null
+++ b/roles/openshift_storage_nfs/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+exports_dir: /var/export
+registry_volume: regvol
+export_options: '*(rw,sync,all_squash)'
+os_firewall_use_firewalld: False
+os_firewall_allow:
+- service: nfs
+ port: "2049/tcp"
diff --git a/roles/openshift_storage_nfs/handlers/main.yml b/roles/openshift_storage_nfs/handlers/main.yml
new file mode 100644
index 000000000..a1377a203
--- /dev/null
+++ b/roles/openshift_storage_nfs/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart nfs-server
+ service:
+ name: nfs-server
+ state: restarted
+ when: not (nfs_service_status_changed | default(false))
diff --git a/roles/openshift_storage_nfs/meta/main.yml b/roles/openshift_storage_nfs/meta/main.yml
new file mode 100644
index 000000000..2975daf52
--- /dev/null
+++ b/roles/openshift_storage_nfs/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: Andrew Butcher
+ description: OpenShift NFS Server
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.9
+ platforms:
+ - name: EL
+ versions:
+ - 7
+dependencies:
+- { role: os_firewall }
+- { role: openshift_common }
+- { role: openshift_repos }
diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml
new file mode 100644
index 000000000..64b121ade
--- /dev/null
+++ b/roles/openshift_storage_nfs/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+- name: Set nfs facts
+ openshift_facts:
+ role: nfs
+ local_facts:
+ exports_dir: "{{ openshift_nfs_exports_dir | default(None) }}"
+ export_options: "{{ openshift_nfs_export_options | default(None) }}"
+ registry_volume: "{{ openshift_nfs_registry_volume | default(None) }}"
+
+- name: Install nfs-utils
+ yum:
+ pkg: nfs-utils
+ state: present
+
+- name: Ensure exports directory exists
+ file:
+ path: "{{ openshift.nfs.exports_dir }}"
+ state: directory
+
+- name: Ensure export directories exist
+ file:
+ path: "{{ openshift.nfs.exports_dir }}/{{ item }}"
+ state: directory
+ mode: 0777
+ owner: nfsnobody
+ group: nfsnobody
+ with_items:
+ - "{{ openshift.nfs.registry_volume }}"
+
+- name: Configure exports
+ template:
+ dest: /etc/exports
+ src: exports.j2
+ notify:
+ - restart nfs-server
+
+- name: Enable and start services
+ service:
+ name: "{{ item }}"
+ state: started
+ enabled: yes
+ register: start_result
+ with_items:
+ - nfs-server
+
+- set_fact:
+ nfs_service_status_changed: "{{ True in (start_result.results
+ | map(attribute='changed')
+ | list) }}"
diff --git a/roles/openshift_storage_nfs/templates/exports.j2 b/roles/openshift_storage_nfs/templates/exports.j2
new file mode 100644
index 000000000..702473040
--- /dev/null
+++ b/roles/openshift_storage_nfs/templates/exports.j2
@@ -0,0 +1 @@
+{{ openshift.nfs.exports_dir }}/{{ openshift.nfs.registry_volume }} {{ openshift.nfs.export_options }}
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index d26ba7ee9..5cf4bf7af 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -5,7 +5,7 @@
- iptables
- iptables-services
register: install_result
- when: not openshift.common.is_containerized | bool
+ when: not openshift.common.is_atomic | bool
- name: Check if firewalld is installed
command: rpm -q firewalld
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-30 03:14:07 +0000