diff options
| author | Jason DeTiberus <jdetiber@redhat.com> | 2016-02-26 11:12:16 -0500 |
|---|---|---|
| committer | Jason DeTiberus <jdetiber@redhat.com> | 2016-03-14 11:38:13 -0400 |
| commit | 1565bc6e71bdda712d4cfdbf28754f00b38a4674 (patch) | |
| tree | 8e5774e28e5ea233f09ffdcc446b6f692ab0cf2f /roles | |
| parent | a0e7f19f9f7f423d8fe001a247ccf2c98d815d68 (diff) | |
| download | openshift-1565bc6e71bdda712d4cfdbf28754f00b38a4674.tar.gz openshift-1565bc6e71bdda712d4cfdbf28754f00b38a4674.tar.bz2 openshift-1565bc6e71bdda712d4cfdbf28754f00b38a4674.tar.xz openshift-1565bc6e71bdda712d4cfdbf28754f00b38a4674.zip | |
Docker role refactor
- refactors the docker role to push generic config into docker role and wrap
openshift specific variables into an openshift_docker role and it's
dependent openshift_docker_facts role
- adds support for setting --confirm-def-push flag (Resolves
https://github.com/openshift/openshift-ansible/issues/1014)
- moves docker related facts from common/node roles to a new docker role
- renames cli_docker_* role varialbes to openshift_docker-* (maintaining
backward compatibility)
- update role dependencies to pull in openshift_docker conditionally based on
is_containerized
- remove playbooks/common/openshift-docker since the docker role is now
conditionally included
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/docker/tasks/main.yml | 36 | ||||
| -rw-r--r-- | roles/openshift_cli/meta/main.yml | 5 | ||||
| -rw-r--r-- | roles/openshift_cli/tasks/main.yml | 8 | ||||
| -rw-r--r-- | roles/openshift_docker/handlers/main.yml | 6 | ||||
| -rw-r--r-- | roles/openshift_docker/meta/main.yml | 4 | ||||
| -rw-r--r-- | roles/openshift_docker/tasks/main.yml | 55 | ||||
| -rw-r--r-- | roles/openshift_docker_facts/meta/main.yml | 15 | ||||
| -rw-r--r-- | roles/openshift_docker_facts/tasks/main.yml | 35 | ||||
| -rw-r--r-- | roles/openshift_etcd/meta/main.yml | 18 | ||||
| -rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 134 | ||||
| -rw-r--r-- | roles/openshift_master/meta/main.yml | 3 | ||||
| -rw-r--r-- | roles/openshift_node/meta/main.yml | 3 |
12 files changed, 208 insertions, 114 deletions
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 74c8b22ff..4164a9ec0 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -16,3 +16,39 @@ - include: udev_workaround.yml when: docker_udev_workaround | default(False) | bool + +- stat: path=/etc/sysconfig/docker + register: docker_check + +- name: Set registry params + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^{{ item.reg_conf_var }}=.*$' + line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'" + when: item.reg_fact_val is defined and docker_check.stat.isreg + with_items: + - reg_conf_var: ADD_REGISTRY + reg_fact_val: "{{ docker_additional_registries }}" + reg_flag: --add-registry + - reg_conf_var: BLOCK_REGISTRY + reg_fact_val: "{{ docker_blocked_registries }}" + reg_flag: --block-registry + - reg_conf_var: INSECURE_REGISTRY + reg_fact_val: "{{ docker_insecure_registries }}" + reg_flag: --insecure-registry + notify: + - restart docker + +- name: Set various docker options + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^OPTIONS=.*$' + line: "OPTIONS='\ + {% if ansible_selinux and ansible_selinux.status == '''enabled''' %} --selinux-enabled{% endif %}\ + {% if docker_log_driver is defined %} --log-driver {{ docker_log_driver }}{% endif %}\ + {% if docker_log_options is defined %} {{ docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\ + {% if docker_options is defined %} {{ docker_options }}{% endif %}\ + {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %}'" + when: docker_check.stat.isreg + notify: + - restart docker diff --git a/roles/openshift_cli/meta/main.yml b/roles/openshift_cli/meta/main.yml index 1e8f8b719..4351e8f24 100644 --- a/roles/openshift_cli/meta/main.yml +++ b/roles/openshift_cli/meta/main.yml @@ -12,5 +12,6 @@ galaxy_info: categories: - cloud dependencies: -- { role: openshift_common } -- { role: docker } +- role: openshift_docker + when: openshift.common.is_containerized | bool +- role: openshift_common diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 3b224416e..62a4dd690 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -4,7 +4,7 @@ local_facts: deployment_type: "{{ openshift_deployment_type }}" cli_image: "{{ osm_image | default(None) }}" - + - name: Install clients action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-clients state=present" when: not openshift.common.is_containerized | bool @@ -13,16 +13,16 @@ command: > docker pull {{ openshift.common.cli_image }}:{{ openshift_version }} when: openshift.common.is_containerized | bool - + - name: Create /usr/local/bin/openshift cli wrapper template: src: openshift.j2 dest: /usr/local/bin/openshift mode: 0755 when: openshift.common.is_containerized | bool - + - name: Create client symlinks - file: + file: path: "{{ item }}" state: link src: /usr/local/bin/openshift diff --git a/roles/openshift_docker/handlers/main.yml b/roles/openshift_docker/handlers/main.yml deleted file mode 100644 index 92a6c325f..000000000 --- a/roles/openshift_docker/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -- name: restart openshift_docker - service: - name: docker - state: restarted diff --git a/roles/openshift_docker/meta/main.yml b/roles/openshift_docker/meta/main.yml index 1e8f8b719..60efd4e45 100644 --- a/roles/openshift_docker/meta/main.yml +++ b/roles/openshift_docker/meta/main.yml @@ -12,5 +12,5 @@ galaxy_info: categories: - cloud dependencies: -- { role: openshift_common } -- { role: docker } +- role: openshift_docker_facts +- role: docker diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml deleted file mode 100644 index a57cf815e..000000000 --- a/roles/openshift_docker/tasks/main.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Set docker facts - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: common - local_facts: - deployment_type: "{{ openshift_deployment_type }}" - docker_additional_registries: "{{ docker_additional_registries }}" - docker_insecure_registries: "{{ docker_insecure_registries }}" - docker_blocked_registries: "{{ docker_blocked_registries }}" - docker_options: "{{ openshift_docker_options | default('',True) }}" - - role: node - local_facts: - portal_net: "{{ openshift_master_portal_net | default(None) }}" - docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" - docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" - -- stat: path=/etc/sysconfig/docker - register: docker_check - -- name: Set registry params - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^{{ item.reg_conf_var }}=.*$' - line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'" - when: "'docker_additional_registries' in openshift.common and docker_check.stat.isreg" - with_items: - - reg_conf_var: ADD_REGISTRY - reg_fact_val: "{{ openshift.common.docker_additional_registries }}" - reg_flag: --add-registry - - reg_conf_var: BLOCK_REGISTRY - reg_fact_val: "{{ openshift.common.docker_blocked_registries }}" - reg_flag: --block-registry - - reg_conf_var: INSECURE_REGISTRY - reg_fact_val: "{{ openshift.common.docker_insecure_registries }}" - reg_flag: --insecure-registry - notify: - - restart openshift_docker - -# TODO: Enable secure registry when code available in origin -# TODO: perhaps move this to openshift_docker? -- name: Secure Registry and Logs Options - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^OPTIONS=.*$' - line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }}\ - {% if ansible_selinux and ansible_selinux.status == '''enabled''' %} --selinux-enabled{% endif %}\ - {% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }}{% endif %}\ - {% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\ - {% if openshift.common.docker_options is defined %} {{ openshift.common.docker_options }}{% endif %}'" - when: docker_check.stat.isreg - notify: - - restart openshift_docker diff --git a/roles/openshift_docker_facts/meta/main.yml b/roles/openshift_docker_facts/meta/main.yml new file mode 100644 index 000000000..5b1be7a8d --- /dev/null +++ b/roles/openshift_docker_facts/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift Docker Facts + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- { role: openshift_facts } diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml new file mode 100644 index 000000000..3fb2cd34b --- /dev/null +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: Set docker facts + openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + deployment_type: "{{ openshift_deployment_type }}" + - role: docker + local_facts: + additional_registries: "{{ openshift_docker_additional_registries | default(None) }}" + blocked_registries: "{{ openshift_docker_blocked_registries | default(None) }}" + insecure_registries: "{{ openshift_docker_insecure_registries | default(None) }}" + log_driver: "{{ openshift_docker_log_driver | default(None) }}" + log_options: "{{ openshift_docker_log_options | default(None) }}" + options: "{{ openshift_docker_options | default(None) }}" + disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}" + - role: node + local_facts: + portal_net: "{{ openshift_master_portal_net | default(None) }}" + +# TODO: append openshift.node.portal_net to docker_insecure_registries +- set_fact: + docker_additional_registries: "{{ openshift.docker.additional_registries + | default(omit) }}" + docker_blocked_registries: "{{ openshift.docker.blocked_registries + | default(omit) }}" + docker_insecure_registries: "{{ openshift.docker.insecure_registries + | default(omit) }}" + docker_log_driver: "{{ openshift.docker.log_driver | default(omit) }}" + docker_log_options: "{{ openshift.docker.log_options | default(omit) }}" + docker_options: "{{ openshift.docker.options | default(omit) }}" + docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub + | default(omit) }}" diff --git a/roles/openshift_etcd/meta/main.yml b/roles/openshift_etcd/meta/main.yml new file mode 100644 index 000000000..5e5f96d44 --- /dev/null +++ b/roles/openshift_etcd/meta/main.yml @@ -0,0 +1,18 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift etcd + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_facts +- role: openshift_docker + when: openshift.common.is_containerized | bool +- role: etcd diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index eb3a89035..b3df46892 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -27,6 +27,38 @@ from distutils.version import LooseVersion import struct import socket + +def migrate_docker_facts(facts): + """ Apply migrations for docker facts """ + params = { + 'common': ( + 'additional_registries', + 'insecure_registries', + 'blocked_registries', + 'options' + ), + 'node': ( + 'log_driver', + 'log_options' + ) + } + if 'docker' not in facts: + facts['docker'] = {} + for role in params.keys(): + if role in facts: + for param in params[role]: + old_param = 'docker_' + param + if old_param in facts[role]: + facts['docker'][param] = facts[role].pop(old_param) + return facts + +def migrate_local_facts(facts): + """ Apply migrations of local facts """ + migrated_facts = copy.deepcopy(facts) + return migrate_docker_facts(migrated_facts) + + + def first_ip(network): """ Return the first IPv4 address in network @@ -657,18 +689,13 @@ def set_deployment_facts_if_unset(facts): data_dir = '/var/lib/openshift' facts['common']['data_dir'] = data_dir - # remove duplicate and empty strings from registry lists - for cat in ['additional', 'blocked', 'insecure']: - key = 'docker_{0}_registries'.format(cat) - if key in facts['common']: - facts['common'][key] = list(set(facts['common'][key]) - set([''])) - - + if 'docker' in facts: + deployment_type = facts['common']['deployment_type'] if deployment_type in ['enterprise', 'atomic-enterprise', 'openshift-enterprise']: - addtl_regs = facts['common'].get('docker_additional_registries', []) + addtl_regs = facts['docker'].get('additional_registries', []) ent_reg = 'registry.access.redhat.com' if ent_reg not in addtl_regs: - facts['common']['docker_additional_registries'] = addtl_regs + [ent_reg] + facts['docker']['additional_registries'] = addtl_regs + [ent_reg] for role in ('master', 'node'): if role in facts: @@ -1221,7 +1248,7 @@ class OpenShiftFacts(object): Raises: OpenShiftFactsUnsupportedRoleError: """ - known_roles = ['common', 'master', 'node', 'etcd', 'hosted'] + known_roles = ['common', 'master', 'node', 'etcd', 'hosted', 'docker'] # Disabling too-many-arguments, this should be cleaned up as a TODO item. # pylint: disable=too-many-arguments @@ -1265,7 +1292,13 @@ class OpenShiftFacts(object): protected_facts_to_overwrite) roles = local_facts.keys() - defaults = self.get_defaults(roles) + + if 'common' in local_facts and 'deployment_type' in local_facts['common']: + deployment_type = local_facts['common']['deployment_type'] + else: + deployment_type = 'origin' + + defaults = self.get_defaults(roles, deployment_type) provider_facts = self.init_provider_facts() facts = apply_provider_facts(defaults, provider_facts) facts = merge_facts(facts, @@ -1292,7 +1325,7 @@ class OpenShiftFacts(object): facts = set_installed_variant_rpm_facts(facts) return dict(openshift=facts) - def get_defaults(self, roles): + def get_defaults(self, roles, deployment_type): """ Get default fact values Args: @@ -1301,8 +1334,7 @@ class OpenShiftFacts(object): Returns: dict: The generated default facts """ - defaults = dict() - + defaults = {} ip_addr = self.system_facts['default_ipv4']['address'] exit_code, output, _ = module.run_command(['hostname', '-f']) hostname_f = output.strip() if exit_code == 0 else '' @@ -1310,33 +1342,42 @@ class OpenShiftFacts(object): self.system_facts['fqdn']] hostname = choose_hostname(hostname_values, ip_addr) - common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, - deployment_type='origin', hostname=hostname, - public_hostname=hostname) - common['client_binary'] = 'oc' - common['admin_binary'] = 'oadm' - common['dns_domain'] = 'cluster.local' - common['install_examples'] = True - defaults['common'] = common + defaults['common'] = dict(use_openshift_sdn=True, ip=ip_addr, + public_ip=ip_addr, + deployment_type=deployment_type, + hostname=hostname, + public_hostname=hostname, + client_binary='oc', admin_binary='oadm', + dns_domain='cluster.local', + install_examples=True, + debug_level=2) if 'master' in roles: - master = dict(api_use_ssl=True, api_port='8443', controllers_port='8444', - console_use_ssl=True, console_path='/console', - console_port='8443', etcd_use_ssl=True, etcd_hosts='', - etcd_port='4001', portal_net='172.30.0.0/16', - embedded_etcd=True, embedded_kube=True, - embedded_dns=True, dns_port='53', - bind_addr='0.0.0.0', session_max_seconds=3600, - session_name='ssn', session_secrets_file='', - access_token_max_seconds=86400, - auth_token_max_seconds=500, - oauth_grant_method='auto') - defaults['master'] = master + defaults['master'] = dict(api_use_ssl=True, api_port='8443', + controllers_port='8444', + console_use_ssl=True, + console_path='/console', + console_port='8443', etcd_use_ssl=True, + etcd_hosts='', etcd_port='4001', + portal_net='172.30.0.0/16', + embedded_etcd=True, embedded_kube=True, + embedded_dns=True, dns_port='53', + bind_addr='0.0.0.0', + session_max_seconds=3600, + session_name='ssn', + session_secrets_file='', + access_token_max_seconds=86400, + auth_token_max_seconds=500, + oauth_grant_method='auto') if 'node' in roles: - node = dict(labels={}, annotations={}, portal_net='172.30.0.0/16', - iptables_sync_period='5s', set_node_ip=False) - defaults['node'] = node + defaults['node'] = dict(labels={}, annotations={}, + portal_net='172.30.0.0/16', + iptables_sync_period='5s', + set_node_ip=False) + + if 'docker' in roles: + defaults['docker'] = dict(disable_push_dockerhub=False) defaults['hosted'] = dict( registry=dict( @@ -1356,6 +1397,7 @@ class OpenShiftFacts(object): ) ) + return defaults def guess_host_provider(self): @@ -1481,15 +1523,23 @@ class OpenShiftFacts(object): local_facts = get_local_facts_from_file(self.filename) - for arg in ['labels', 'annotations']: - if arg in facts_to_set and isinstance(facts_to_set[arg], - basestring): - facts_to_set[arg] = module.from_json(facts_to_set[arg]) + migrated_facts = migrate_local_facts(local_facts) - new_local_facts = merge_facts(local_facts, + new_local_facts = merge_facts(migrated_facts, facts_to_set, additive_facts_to_overwrite, protected_facts_to_overwrite) + + if 'docker' in new_local_facts: + # remove duplicate and empty strings from registry lists + for cat in ['additional', 'blocked', 'insecure']: + key = '{0}_registries'.format(cat) + if key in new_local_facts['docker']: + val = new_local_facts['docker'][key] + if isinstance(val, basestring): + val = [x.strip() for x in val.split(',')] + new_local_facts['docker'][key] = list(set(val) - set([''])) + for facts in new_local_facts.values(): keys_to_delete = [] if isinstance(facts, dict): diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index 8db99fc2a..4eda4a8e2 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -12,5 +12,4 @@ galaxy_info: categories: - cloud dependencies: -- { role: openshift_common } -- { role: openshift_cli } +- role: openshift_cli diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index c92008a77..702012489 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -12,4 +12,5 @@ galaxy_info: categories: - cloud dependencies: -- { role: openshift_common } +- role: openshift_common +- role: openshift_docker |