summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2015-04-30 17:04:15 -0400
committerJason DeTiberus <jdetiber@redhat.com>2015-06-10 11:29:23 -0400
commitb57392ddd54bbff225ba83dd5a5bf40ea99344a4 (patch)
tree28700b81ad52e4535604a4646baeea1c54b880c9
parentfe458e2c29bffdab7708b67539a36a08506560da (diff)
downloadopenshift-b57392ddd54bbff225ba83dd5a5bf40ea99344a4.tar.gz
openshift-b57392ddd54bbff225ba83dd5a5bf40ea99344a4.tar.bz2
openshift-b57392ddd54bbff225ba83dd5a5bf40ea99344a4.tar.xz
openshift-b57392ddd54bbff225ba83dd5a5bf40ea99344a4.zip
Accomodate upstream configuration change
- Master config and certificates are now in /etc/openshift/master - Node config is now in /etc/openshift/node - Several certificates have been renamed to accomodate a flattening of structure to accomodate secret storage - Add openshift_data_dir to ensure etcd and volumes are stored in /var/lib/openshift - Add openshift_generated_configs_dir
-rw-r--r--playbooks/common/openshift-node/config.yml2
-rw-r--r--roles/openshift_common/vars/main.yml4
-rw-r--r--roles/openshift_master/tasks/main.yml28
-rw-r--r--roles/openshift_master/vars/main.yml9
-rw-r--r--roles/openshift_node/tasks/main.yml7
-rw-r--r--roles/openshift_register_nodes/tasks/main.yml14
-rw-r--r--roles/openshift_register_nodes/vars/main.yml13
-rw-r--r--roles/openshift_sdn_master/tasks/main.yml6
-rw-r--r--roles/openshift_sdn_node/tasks/main.yml4
9 files changed, 47 insertions, 40 deletions
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 55abedfe7..feaeaab95 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -60,7 +60,7 @@
- name: Create a tarball of the node config directories
command: tar -czvf {{ sync_tmpdir }}/{{ item.openshift.common.hostname }}.tgz ./
args:
- chdir: "{{ openshift_cert_dir }}/node-{{ item.openshift.common.hostname }}"
+ chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
with_items: openshift_nodes
changed_when: False
diff --git a/roles/openshift_common/vars/main.yml b/roles/openshift_common/vars/main.yml
index 9f657a2c7..50816d319 100644
--- a/roles/openshift_common/vars/main.yml
+++ b/roles/openshift_common/vars/main.yml
@@ -5,7 +5,3 @@
# chains with the public zone (or the zone associated with the correct
# interfaces)
os_firewall_use_firewalld: False
-
-openshift_cert_parent_dir: /var/lib/openshift
-openshift_cert_relative_dir: openshift.local.certificates
-openshift_cert_dir: "{{ openshift_cert_parent_dir }}/{{ openshift_cert_relative_dir }}"
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index ac96e2b48..f243825b2 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -36,14 +36,9 @@
command: systemctl daemon-reload
when: install_result | changed
-- name: Create certificate parent directory if it doesn't exist
- file:
- path: "{{ openshift_cert_parent_dir }}"
- state: directory
-
- name: Create config parent directory if it doesn't exist
file:
- path: "{{ openshift_master_config | dirname }}"
+ path: "{{ openshift_master_config_dir }}"
state: directory
# TODO: should probably use a template lookup for this
@@ -59,25 +54,32 @@
oreg_url: "docker-registry.ops.rhcloud.com/openshift3_beta/ose-${component}:${version}"
when: openshift.common.deployment_type == 'online' and oreg_url is not defined
+# TODO: Need to get a flag added for volumes path, i think it'll get put in
- name: Create master config
command: >
- /usr/bin/openshift start master --write-config
- --config={{ openshift_master_config }}
+ /usr/bin/openshift start master
+ --write-config={{ openshift_master_config_dir }}
--portal-net={{ openshift.master.portal_net }}
+ --etcd-dir={{ openshift_data_dir }}/openshift.local.etcd
--master={{ openshift.master.api_url }}
--public-master={{ openshift.master.public_api_url }}
--listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://0.0.0.0:{{ openshift.master.api_port }}
{{ ('--images=' ~ oreg_url) if (oreg_url | default('', true) != '') else '' }}
{{ ('--nodes=' ~ openshift_node_ips | join(',')) if (openshift_node_ips | default('', true) != '') else '' }}
args:
- chdir: "{{ openshift_cert_parent_dir }}"
- creates: "{{ openshift_master_config }}"
+ chdir: "{{ openshift_master_config_dir }}"
+ creates: "{{ openshift_master_config_file }}"
- name: Configure OpenShift settings
lineinfile:
dest: /etc/sysconfig/openshift-master
- regexp: '^OPTIONS='
- line: "OPTIONS=\"--config={{ openshift_master_config }} --loglevel={{ openshift.master.debug_level }}\""
+ regexp: "{{ item.regex }}"
+ line: "{{ item.line }}"
+ with_items:
+ - regex: '^OPTIONS='
+ line: "OPTIONS=--loglevel={{ openshift.master.debug_level }}"
+ - regex: '^CONFIG_FILE='
+ line: "CONFIG_FILE={{ openshift_master_config_file}}"
notify:
- restart openshift-master
@@ -98,7 +100,7 @@
# TODO: Update this file if the contents of the source file are not present in
# the dest file, will need to make sure to ignore things that could be added
- name: Create the OpenShift client config(s)
- command: cp {{ openshift_cert_dir }}/openshift-client/.kubeconfig ~{{ item }}/.config/openshift/.config
+ command: cp {{ openshift_master_config_dir }}/openshift-client.kubeconfig ~{{ item }}/.config/openshift/.config
args:
creates: ~{{ item }}/.config/openshift/.config
with_items:
diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml
index c52d957ac..0739e2b44 100644
--- a/roles/openshift_master/vars/main.yml
+++ b/roles/openshift_master/vars/main.yml
@@ -1,5 +1,6 @@
---
-openshift_master_config: /etc/openshift/master.yaml
-openshift_master_ca_dir: "{{ openshift_cert_dir }}/ca"
-openshift_master_ca_cert: "{{ openshift_master_ca_dir }}/cert.crt"
-openshift_master_ca_key: "{{ openshift_master_ca_dir }}/key.key"
+openshift_data_dir: /var/lib/openshift
+openshift_master_config_dir: /etc/openshift/master
+openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml"
+openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
+openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 8af41b732..dc2b491aa 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -1,6 +1,7 @@
---
# TODO: allow for overriding default ports where possible
# TODO: trigger the external service when restart is needed
+# TODO: work with upstream to fix naming of 'master-client.crt/master-client.key'
- name: Set node OpenShift facts
openshift_facts:
@@ -15,9 +16,9 @@
with_items:
- "{{ openshift_node_cert_dir }}"
- "{{ openshift_node_cert_dir }}/ca.crt"
- - "{{ openshift_node_cert_dir }}/client.crt"
- - "{{ openshift_node_cert_dir }}/client.key"
- - "{{ openshift_node_cert_dir }}/.kubeconfig"
+ - "{{ openshift_node_cert_dir }}/master-client.crt"
+ - "{{ openshift_node_cert_dir }}/master-client.key"
+ - "{{ openshift_node_cert_dir }}/node.kubeconfig"
- "{{ openshift_node_cert_dir }}/node-config.yaml"
- "{{ openshift_node_cert_dir }}/server.crt"
- "{{ openshift_node_cert_dir }}/server.key"
diff --git a/roles/openshift_register_nodes/tasks/main.yml b/roles/openshift_register_nodes/tasks/main.yml
index dcb96bbf9..7a85f6624 100644
--- a/roles/openshift_register_nodes/tasks/main.yml
+++ b/roles/openshift_register_nodes/tasks/main.yml
@@ -16,10 +16,15 @@
oreg_url: "docker-registry.ops.rhcloud.com/openshift3_beta/ose-${component}:${version}"
when: openshift.common.deployment_type == 'online' and oreg_url is not defined
+- name: Create openshift_generated_configs_dir if it doesn't exist
+ file:
+ path: "{{ openshift_generated_configs_dir }}"
+ state: directory
+
- name: Create node config
command: >
/usr/bin/openshift admin create-node-config
- --node-dir={{ openshift_cert_dir }}/node-{{ item.openshift.common.hostname }}
+ --node-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}
--node={{ item.openshift.common.hostname }}
--hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname]|unique|join(",") }}
--dns-domain={{ openshift.dns.domain }}
@@ -28,13 +33,14 @@
--signer-key={{ openshift_master_ca_key }}
--signer-cert={{ openshift_master_ca_cert }}
--certificate-authority={{ openshift_master_ca_cert }}
- --signer-serial={{ openshift_master_ca_dir }}/serial.txt
+ --signer-serial={{ openshift_master_ca_serial }}
--node-client-certificate-authority={{ openshift_master_ca_cert }}
{{ ('--images=' ~ oreg_url) if oreg_url is defined else '' }}
--listen=https://0.0.0.0:10250
+ --volume-dir={{ openshift_data_dir }}/openshift.local.volumes
args:
- chdir: "{{ openshift_cert_parent_dir }}"
- creates: "{{ openshift_cert_dir }}/node-{{ item.openshift.common.hostname }}"
+ chdir: "{{ openshift_generated_configs_dir }}"
+ creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
with_items: openshift_nodes
- name: Register unregistered nodes
diff --git a/roles/openshift_register_nodes/vars/main.yml b/roles/openshift_register_nodes/vars/main.yml
index bd497f08f..ebc0a0ef4 100644
--- a/roles/openshift_register_nodes/vars/main.yml
+++ b/roles/openshift_register_nodes/vars/main.yml
@@ -1,7 +1,8 @@
---
-openshift_cert_parent_dir: /var/lib/openshift
-openshift_cert_relative_dir: openshift.local.certificates
-openshift_cert_dir: "{{ openshift_cert_parent_dir }}/{{ openshift_cert_relative_dir }}"
-openshift_master_ca_dir: "{{ openshift_cert_dir }}/ca"
-openshift_master_ca_cert: "{{ openshift_master_ca_dir }}/cert.crt"
-openshift_master_ca_key: "{{ openshift_master_ca_dir }}/key.key"
+openshift_node_config_dir: /etc/openshift/node
+openshift_master_config_dir: /etc/openshift/master
+openshift_generated_configs_dir: /etc/openshift/generated-configs
+openshift_data_dir: /var/lib/openshift
+openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
+openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
+openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
diff --git a/roles/openshift_sdn_master/tasks/main.yml b/roles/openshift_sdn_master/tasks/main.yml
index 77e7a80ba..e64199b74 100644
--- a/roles/openshift_sdn_master/tasks/main.yml
+++ b/roles/openshift_sdn_master/tasks/main.yml
@@ -24,9 +24,9 @@
dest: /etc/sysconfig/openshift-sdn-master
regexp: '^OPTIONS='
line: "OPTIONS=\"-v={{ openshift.master_sdn.debug_level }} -etcd-endpoints={{ openshift_sdn_master_url}}
- -etcd-cafile={{ openshift_cert_dir }}/ca/ca.crt
- -etcd-certfile={{ openshift_cert_dir }}/openshift-client/cert.crt
- -etcd-keyfile={{ openshift_cert_dir }}/openshift-client/key.key\""
+ -etcd-cafile={{ openshift_master_config_dir }}/ca.crt
+ -etcd-certfile={{ openshift_master_config_dir }}/master.etcd-client.crt
+ -etcd-keyfile={{ openshift_master_config_dir }}/master.etcd-client.key\""
notify:
- restart openshift-sdn-master
diff --git a/roles/openshift_sdn_node/tasks/main.yml b/roles/openshift_sdn_node/tasks/main.yml
index 37a30d019..591839056 100644
--- a/roles/openshift_sdn_node/tasks/main.yml
+++ b/roles/openshift_sdn_node/tasks/main.yml
@@ -28,8 +28,8 @@
- regex: '^(OPTIONS=)'
line: '\1"-v={{ openshift.node_sdn.debug_level }} -hostname={{ openshift.common.hostname }}
-etcd-cafile={{ openshift_node_cert_dir }}/ca.crt
- -etcd-certfile={{ openshift_node_cert_dir }}/client.crt
- -etcd-keyfile={{ openshift_node_cert_dir }}/client.key\"'
+ -etcd-certfile={{ openshift_node_cert_dir }}/master-client.crt
+ -etcd-keyfile={{ openshift_node_cert_dir }}/master-client.key\"'
- regex: '^(MASTER_URL=)'
line: '\1"{{ openshift_sdn_master_url }}"'
- regex: '^(MINION_IP=)'