diff options
| -rw-r--r-- | roles/dns/README.md | 45 | ||||
| -rw-r--r-- | roles/dns/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/dns/handlers/main.yml | 5 | ||||
| -rw-r--r-- | roles/dns/meta/main.yml | 9 | ||||
| -rw-r--r-- | roles/dns/tasks/main.yml | 46 | ||||
| -rw-r--r-- | roles/dns/templates/Dockerfile | 11 | ||||
| -rw-r--r-- | roles/dns/templates/named.conf | 23 | ||||
| -rw-r--r-- | roles/dns/templates/named.service.j2 | 15 | ||||
| -rw-r--r-- | roles/dns/templates/openshift-cluster.zone | 14 | ||||
| -rw-r--r-- | roles/openshift_clock/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_clock/meta/main.yml | 3 | ||||
| -rw-r--r-- | roles/openshift_clock/tasks/main.yaml | 17 | ||||
| -rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 8 | ||||
| -rw-r--r-- | roles/openshift_logging/tasks/annotate_ops_projects.yaml | 2 | ||||
| -rw-r--r-- | setup.py | 85 |
15 files changed, 73 insertions, 214 deletions
diff --git a/roles/dns/README.md b/roles/dns/README.md deleted file mode 100644 index 9a88ce97c..000000000 --- a/roles/dns/README.md +++ /dev/null @@ -1,45 +0,0 @@ -dns -=== - -Configure a DNS server serving IPs of all the nodes of the cluster - -Requirements ------------- - -Ansible 2.2 - -Role Variables --------------- - -| Name | Mandatory / Optional | Description | -|------|----------------------|-------------| -| `dns_zones` | Mandatory | DNS zones in which we must find the hosts | -| `dns_forwarders` | If not set, the DNS will be a recursive non-forwarding DNS server | DNS forwarders to delegate the requests for hosts outside of `dns_zones` | -| `dns_all_hosts` | Mandatory | Exhaustive list of hosts | -| `base_docker_image` | Optional | Base docker image to build Bind image from, used only in containerized deployments | - -Dependencies ------------- - -None - -Example Playbook ----------------- - - - hosts: dns_hosts - roles: - - role: dns - dns_forwarders: [ '8.8.8.8', '8.8.4.4' ] - dns_zones: [ novalocal, openstacklocal ] - dns_all_hosts: "{{ g_all_hosts }}" - base_docker_image: 'centos:centos7' - -License -------- - -ASL 2.0 - -Author Information ------------------- - -OpenShift operations, Red Hat, Inc diff --git a/roles/dns/defaults/main.yml b/roles/dns/defaults/main.yml deleted file mode 100644 index 82055c8cd..000000000 --- a/roles/dns/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -base_docker_image: "{{ 'centos:centos7' if openshift.common.deployment_type == 'origin' else 'rhel7' }}" diff --git a/roles/dns/handlers/main.yml b/roles/dns/handlers/main.yml deleted file mode 100644 index 61fd7a10e..000000000 --- a/roles/dns/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart bind - systemd: - name: named - state: restarted diff --git a/roles/dns/meta/main.yml b/roles/dns/meta/main.yml deleted file mode 100644 index 64d56114e..000000000 --- a/roles/dns/meta/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -galaxy_info: - author: Lénaïc Huard - description: Deploy and configure a DNS server - company: Amadeus SAS - license: ASL 2.0 - min_ansible_version: 2.2 -dependencies: -- { role: openshift_facts } diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml deleted file mode 100644 index c5ab53b4d..000000000 --- a/roles/dns/tasks/main.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- name: Install Bind - package: name=bind state=present - when: not openshift.common.is_containerized | bool - -- name: Create docker build dir - file: path=/tmp/dockerbuild state=directory - when: openshift.common.is_containerized | bool - -- name: Install dockerfile - template: - dest: "/tmp/dockerbuild/Dockerfile" - src: Dockerfile - when: openshift.common.is_containerized | bool - -- name: Build Bind image - docker_image: path="/tmp/dockerbuild" name="bind" state=present - when: openshift.common.is_containerized | bool - -- name: Install bind service file - template: - dest: "/etc/systemd/system/named.service" - src: named.service.j2 - when: openshift.common.is_containerized | bool - -- name: Create bind zone dir - file: path=/var/named state=directory - when: openshift.common.is_containerized | bool - -- name: Configure Bind - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - src: openshift-cluster.zone - dest: /var/named/openshift-cluster.zone - - src: named.conf - dest: /etc/named.conf - notify: restart bind - -- name: Enable Bind - systemd: - name: named - state: started - enabled: yes - daemon_reload: yes diff --git a/roles/dns/templates/Dockerfile b/roles/dns/templates/Dockerfile deleted file mode 100644 index cdff0a228..000000000 --- a/roles/dns/templates/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM {{ base_docker_image }} -MAINTAINER Jan Provaznik <jprovazn@redhat.com> - -# install main packages: -RUN yum -y update; yum clean all; -RUN yum -y install bind-utils bind - -EXPOSE 53 - -# start services: -CMD ["/usr/sbin/named", "-f"] diff --git a/roles/dns/templates/named.conf b/roles/dns/templates/named.conf deleted file mode 100644 index 22c1ff935..000000000 --- a/roles/dns/templates/named.conf +++ /dev/null @@ -1,23 +0,0 @@ -options -{ - directory "/var/named"; - - allow-query { {{ ansible_default_ipv4.network }}/24; }; - - recursion yes; - -{% if dns_forwarders is defined %} - forwarders { - {% for dns in dns_forwarders %} - {{ dns }}; - {% endfor %} - }; -{% endif %} -}; -{% for zone in dns_zones %} - -zone "{{ zone }}" IN { - type master; - file "openshift-cluster.zone"; -}; -{% endfor %} diff --git a/roles/dns/templates/named.service.j2 b/roles/dns/templates/named.service.j2 deleted file mode 100644 index 6e0a7a640..000000000 --- a/roles/dns/templates/named.service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Requires={{ openshift.docker.service_name }}.service -After={{ openshift.docker.service_name }}.service -PartOf={{ openshift.docker.service_name }}.service - -[Service] -Type=simple -TimeoutStartSec=5m -ExecStartPre=/usr/bin/docker run --rm -v /etc/named.conf:/etc/named.conf -v /var/named:/var/named:z bind named-checkconf -z /etc/named.conf -ExecStartPre=-/usr/bin/docker rm -f bind -ExecStart=/usr/bin/docker run --name bind -p 53:53/udp -v /var/log:/var/log -v /etc/named.conf:/etc/named.conf -v /var/named:/var/named:z bind -ExecStop=/usr/bin/docker stop bind - -[Install] -WantedBy={{ openshift.docker.service_name }}.service diff --git a/roles/dns/templates/openshift-cluster.zone b/roles/dns/templates/openshift-cluster.zone deleted file mode 100644 index 03f5dc089..000000000 --- a/roles/dns/templates/openshift-cluster.zone +++ /dev/null @@ -1,14 +0,0 @@ -$TTL 1d -@ IN SOA {{ ansible_hostname }} openshift ( - {{ ansible_date_time.epoch }} ; Serial (To be fixed before 2039) - 12h ; Refresh - 3m ; Retry - 4w ; Expire - 3h ; TTL for negative replies - ) - - IN NS {{ ansible_hostname }} -{{ ansible_hostname }} IN A {{ ansible_default_ipv4.address }} -{% for host in dns_all_hosts %} -{{ hostvars[host].ansible_hostname }} IN A {{ hostvars[host]['ansible_default_ipv4'].address }} -{% endfor %} diff --git a/roles/openshift_clock/defaults/main.yml b/roles/openshift_clock/defaults/main.yml new file mode 100644 index 000000000..a94f67199 --- /dev/null +++ b/roles/openshift_clock/defaults/main.yml @@ -0,0 +1,2 @@ +--- +openshift_clock_enabled: True diff --git a/roles/openshift_clock/meta/main.yml b/roles/openshift_clock/meta/main.yml index 3e175beb0..d1e86d826 100644 --- a/roles/openshift_clock/meta/main.yml +++ b/roles/openshift_clock/meta/main.yml @@ -11,5 +11,4 @@ galaxy_info: - 7 categories: - cloud -dependencies: -- { role: openshift_facts } +dependencies: [] diff --git a/roles/openshift_clock/tasks/main.yaml b/roles/openshift_clock/tasks/main.yaml index 3911201ea..f8b02524a 100644 --- a/roles/openshift_clock/tasks/main.yaml +++ b/roles/openshift_clock/tasks/main.yaml @@ -1,14 +1,15 @@ --- -- name: Set clock facts - openshift_facts: - role: clock - local_facts: - enabled: "{{ openshift_clock_enabled | default(None) }}" +- name: Determine if chrony is installed + command: rpm -q chrony + failed_when: false + register: chrony_installed - name: Install ntp package package: name=ntp state=present - when: openshift.clock.enabled | bool and not openshift.clock.chrony_installed | bool + when: + - openshift_clock_enabled | bool + - chrony_installed.rc != 0 - name: Start and enable ntpd/chronyd - shell: timedatectl set-ntp true - when: openshift.clock.enabled | bool + command: timedatectl set-ntp true + when: openshift_clock_enabled | bool diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 251d1dfb4..cf78b4a75 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1909,7 +1909,6 @@ class OpenShiftFacts(object): """ known_roles = ['builddefaults', 'buildoverrides', - 'clock', 'cloudprovider', 'common', 'docker', @@ -2099,13 +2098,6 @@ class OpenShiftFacts(object): docker['service_name'] = 'docker' defaults['docker'] = docker - if 'clock' in roles: - exit_code, _, _ = module.run_command(['rpm', '-q', 'chrony']) # noqa: F405 - chrony_installed = bool(exit_code == 0) - defaults['clock'] = dict( - enabled=True, - chrony_installed=chrony_installed) - if 'cloudprovider' in roles: defaults['cloudprovider'] = dict(kind=None) diff --git a/roles/openshift_logging/tasks/annotate_ops_projects.yaml b/roles/openshift_logging/tasks/annotate_ops_projects.yaml index d4b33616a..fcb4c94d3 100644 --- a/roles/openshift_logging/tasks/annotate_ops_projects.yaml +++ b/roles/openshift_logging/tasks/annotate_ops_projects.yaml @@ -14,4 +14,4 @@ content: metadata#annotations#openshift.io/logging.ui.hostname: "{{ openshift_logging_kibana_ops_hostname }}" with_items: "{{ __logging_ops_projects.results }}" - when: "{{ item.results.stderr is not defined }}" + when: item.results.stderr is not defined @@ -29,6 +29,7 @@ def find_files(base_dir, exclude_dirs, include_dirs, file_regex): if exclude_dirs is not None: exclude_regex = r'|'.join([fnmatch.translate(x) for x in exclude_dirs]) or r'$.' + # Don't use include_dirs, it is broken if include_dirs is not None: include_regex = r'|'.join([fnmatch.translate(x) for x in include_dirs]) or r'$.' @@ -47,6 +48,36 @@ def find_files(base_dir, exclude_dirs, include_dirs, file_regex): return found +def find_entrypoint_playbooks(): + '''find entry point playbooks as defined by openshift-ansible''' + playbooks = set() + included_playbooks = set() + + exclude_dirs = ['adhoc', 'tasks'] + for yaml_file in find_files( + os.path.join(os.getcwd(), 'playbooks'), + exclude_dirs, None, r'\.ya?ml$'): + with open(yaml_file, 'r') as contents: + for task in yaml.safe_load(contents): + if not isinstance(task, dict): + # Skip yaml files which are not a dictionary of tasks + continue + if 'include' in task: + # Add the playbook and capture included playbooks + playbooks.add(yaml_file) + included_file_name = task['include'].split()[0] + included_file = os.path.normpath( + os.path.join(os.path.dirname(yaml_file), + included_file_name)) + included_playbooks.add(included_file) + elif 'hosts' in task: + playbooks.add(yaml_file) + # Evaluate the difference between all playbooks and included playbooks + entrypoint_playbooks = sorted(playbooks.difference(included_playbooks)) + print('Entry point playbook count: {}'.format(len(entrypoint_playbooks))) + return entrypoint_playbooks + + class OpenShiftAnsibleYamlLint(Command): ''' Command to run yamllint ''' description = "Run yamllint tests" @@ -206,7 +237,7 @@ class OpenShiftAnsibleSyntaxCheck(Command): user_options = [] # Colors - FAIL = '\033[91m' # Red + FAIL = '\033[31m' # Red ENDC = '\033[0m' # Reset def initialize_options(self): @@ -221,43 +252,46 @@ class OpenShiftAnsibleSyntaxCheck(Command): ''' run command ''' has_errors = False - playbooks = set() - included_playbooks = set() + print('Ansible Deprecation Checks') + exclude_dirs = ['adhoc', 'files', 'meta', 'test', 'tests', 'vars', '.tox'] for yaml_file in find_files( - os.path.join(os.getcwd(), 'playbooks'), - ['adhoc', 'tasks'], - None, r'\.ya?ml$'): + os.getcwd(), exclude_dirs, None, r'\.ya?ml$'): with open(yaml_file, 'r') as contents: - for task in yaml.safe_load(contents): + for task in yaml.safe_load(contents) or {}: if not isinstance(task, dict): - # Skip yaml files which do not contain plays or includes + # Skip yaml files which are not a dictionary of tasks continue - if 'include' in task: - # Add the playbook and capture included playbooks - playbooks.add(yaml_file) - included_file_name = task['include'].split()[0] - included_file = os.path.normpath( - os.path.join(os.path.dirname(yaml_file), - included_file_name)) - included_playbooks.add(included_file) - elif 'hosts' in task: - playbooks.add(yaml_file) - # Evaluate the difference between all playbooks and included playbooks - entrypoint_playbooks = sorted(playbooks.difference(included_playbooks)) - print('Entry point playbook count: {}'.format(len(entrypoint_playbooks))) - - for playbook in entrypoint_playbooks: + if 'when' in task: + if '{{' in task['when'] or '{%' in task['when']: + print('{}Error: Usage of Jinja2 templating delimiters ' + 'in when conditions is deprecated in Ansible 2.3.\n' + ' File: {}\n' + ' Found: "{}"{}'.format( + self.FAIL, yaml_file, + task['when'], self.ENDC)) + has_errors = True + # TODO (rteague): This test will be enabled once we move to Ansible 2.4 + # if 'include' in task: + # print('{}Error: The `include` directive is deprecated in Ansible 2.4.\n' + # 'https://github.com/ansible/ansible/blob/devel/CHANGELOG.md\n' + # ' File: {}\n' + # ' Found: "include: {}"{}'.format( + # self.FAIL, yaml_file, task['include'], self.ENDC)) + # has_errors = True + + print('Ansible Playbook Entry Point Syntax Checks') + for playbook in find_entrypoint_playbooks(): print('-' * 60) print('Syntax checking playbook: {}'.format(playbook)) + # Error on any entry points in 'common' if 'common' in playbook: - # Error on any entry points in 'common' print('{}Invalid entry point playbook. All playbooks must' ' start in playbooks/byo{}'.format(self.FAIL, self.ENDC)) has_errors = True + # --syntax-check each entry point playbook else: - # Syntax check each entry point playbook try: subprocess.check_output( ['ansible-playbook', '-i localhost,', @@ -267,6 +301,7 @@ class OpenShiftAnsibleSyntaxCheck(Command): print('{}Execution failed: {}{}'.format( self.FAIL, cpe, self.ENDC)) has_errors = True + if has_errors: raise SystemExit(1) |