summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml10
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates.yml8
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml10
-rw-r--r--playbooks/openstack/openshift-cluster/files/heat_stack.yaml163
-rw-r--r--playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml24
-rw-r--r--playbooks/openstack/openshift-cluster/files/user-data13
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py27
-rw-r--r--roles/openshift_manage_node/tasks/main.yml10
-rw-r--r--roles/openshift_node/templates/node.yaml.v1.j22
9 files changed, 66 insertions, 201 deletions
diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml
index 381e3ed8f..834461e14 100644
--- a/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/docker/docker_upgrade.yml
@@ -1,6 +1,6 @@
- name: Check for appropriate Docker versions
- hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config
+ hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config
roles:
- openshift_facts
tasks:
@@ -19,19 +19,19 @@
# don't want to carry on, potentially taking out every node. The playbook can safely be re-run
# and will not take any action on a node already running the requested docker version.
- name: Evacuate and upgrade nodes
- hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config
+ hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config
serial: 1
any_errors_fatal: true
tasks:
- name: Prepare for Node evacuation
command: >
- {{ openshift.common.client_binary }} adm manage-node {{ openshift.common.hostname | lower }} --schedulable=false
+ {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename }} --schedulable=false
delegate_to: "{{ groups.oo_first_master.0 }}"
when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_upgrade
- name: Evacuate Node for Kubelet upgrade
command: >
- {{ openshift.common.client_binary }} adm manage-node {{ openshift.common.hostname | lower }} --evacuate --force
+ {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename }} --evacuate --force
delegate_to: "{{ groups.oo_first_master.0 }}"
when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_upgrade
@@ -40,7 +40,7 @@
- name: Set node schedulability
command: >
- {{ openshift.common.client_binary }} adm manage-node {{ openshift.common.hostname | lower }} --schedulable=true
+ {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename }} --schedulable=true
delegate_to: "{{ groups.oo_first_master.0 }}"
when: openshift.node.schedulable | bool
when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_upgrade and openshift.node.schedulable | bool
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates.yml b/playbooks/common/openshift-cluster/redeploy-certificates.yml
index 74147fe01..5f008a045 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates.yml
@@ -212,7 +212,7 @@
- name: Determine if node is currently scheduleable
command: >
{{ openshift.common.client_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig
- get node {{ openshift.common.hostname | lower }} -o json
+ get node {{ openshift.node.nodename }} -o json
register: node_output
when: openshift_certificates_redeploy_ca | default(false) | bool
delegate_to: "{{ groups.oo_first_master.0 }}"
@@ -225,7 +225,7 @@
- name: Prepare for node evacuation
command: >
{{ openshift.common.client_binary }} adm --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig
- manage-node {{ openshift.common.hostname | lower }}
+ manage-node {{ openshift.node.nodename }}
--schedulable=false
delegate_to: "{{ groups.oo_first_master.0 }}"
when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool
@@ -233,7 +233,7 @@
- name: Evacuate node
command: >
{{ openshift.common.client_binary }} adm --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig
- manage-node {{ openshift.common.hostname | lower }}
+ manage-node {{ openshift.node.nodename }}
--evacuate --force
delegate_to: "{{ groups.oo_first_master.0 }}"
when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool
@@ -241,7 +241,7 @@
- name: Set node schedulability
command: >
{{ openshift.common.client_binary }} adm --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig
- manage-node {{ openshift.common.hostname | lower }} --schedulable=true
+ manage-node {{ openshift.node.nodename }} --schedulable=true
delegate_to: "{{ groups.oo_first_master.0 }}"
when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
index e66344f99..1f314c854 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -17,7 +17,7 @@
# we merge upgrade functionality into the base roles and a normal config.yml playbook run.
- name: Determine if node is currently scheduleable
command: >
- {{ openshift.common.client_binary }} get node {{ openshift.common.hostname | lower }} -o json
+ {{ openshift.common.client_binary }} get node {{ openshift.node.nodename | lower }} -o json
register: node_output
delegate_to: "{{ groups.oo_first_master.0 }}"
changed_when: false
@@ -29,7 +29,7 @@
- name: Mark unschedulable if host is a node
command: >
- {{ openshift.common.client_binary }} adm manage-node {{ openshift.common.hostname | lower }} --schedulable=false
+ {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=false
delegate_to: "{{ groups.oo_first_master.0 }}"
when: inventory_hostname in groups.oo_nodes_to_upgrade
# NOTE: There is a transient "object has been modified" error here, allow a couple
@@ -41,7 +41,7 @@
- name: Evacuate Node for Kubelet upgrade
command: >
- {{ openshift.common.client_binary }} adm manage-node {{ openshift.common.hostname | lower }} --evacuate --force
+ {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --evacuate --force
delegate_to: "{{ groups.oo_first_master.0 }}"
when: inventory_hostname in groups.oo_nodes_to_upgrade
tasks:
@@ -64,10 +64,12 @@
- name: Set node schedulability
command: >
- {{ openshift.common.client_binary }} adm manage-node {{ openshift.common.hostname | lower }} --schedulable=true
+ {{ openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=true
delegate_to: "{{ groups.oo_first_master.0 }}"
when: inventory_hostname in groups.oo_nodes_to_upgrade and was_schedulable | bool
register: node_sched
until: node_sched.rc == 0
retries: 3
delay: 1
+
+
diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
index 458cf5ac7..20ce47c07 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
@@ -45,7 +45,7 @@ parameters:
node_port_incoming:
type: string
label: Source of node port connections
- description: Authorized sources targetting node ports
+ description: Authorized sources targeting node ports
default: 0.0.0.0/0
num_etcd:
@@ -88,11 +88,6 @@ parameters:
label: Infra image
description: Name of the image for the infra node servers
- dns_image:
- type: string
- label: DNS image
- description: Name of the image for the DNS server
-
etcd_flavor:
type: string
label: Etcd flavor
@@ -113,11 +108,6 @@ parameters:
label: Infra flavor
description: Flavor of the infra node servers
- dns_flavor:
- type: string
- label: DNS flavor
- description: Flavor of the DNS server
-
outputs:
etcd_names:
@@ -168,26 +158,6 @@ outputs:
description: Floating IPs of the nodes
value: { get_attr: [ infra_nodes, floating_ip ] }
- dns_name:
- description: Name of the DNS
- value:
- get_attr:
- - dns
- - name
-
- dns_floating_ip:
- description: Floating IP of the DNS
- value:
- get_attr:
- - dns
- - addresses
- - str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: { get_param: cluster_id }
- - 1
- - addr
-
resources:
net:
@@ -213,22 +183,7 @@ resources:
template: subnet_24_prefix.0/24
params:
subnet_24_prefix: { get_param: subnet_24_prefix }
- allocation_pools:
- - start:
- str_replace:
- template: subnet_24_prefix.3
- params:
- subnet_24_prefix: { get_param: subnet_24_prefix }
- end:
- str_replace:
- template: subnet_24_prefix.254
- params:
- subnet_24_prefix: { get_param: subnet_24_prefix }
- dns_nameservers:
- - str_replace:
- template: subnet_24_prefix.2
- params:
- subnet_24_prefix: { get_param: subnet_24_prefix }
+ dns_nameservers: { get_param: dns_nameservers }
router:
type: OS::Neutron::Router
@@ -428,44 +383,6 @@ resources:
port_range_min: 443
port_range_max: 443
- dns-secgrp:
- type: OS::Neutron::SecurityGroup
- properties:
- name:
- str_replace:
- template: openshift-ansible-cluster_id-dns-secgrp
- params:
- cluster_id: { get_param: cluster_id }
- description:
- str_replace:
- template: Security group for cluster_id cluster DNS
- params:
- cluster_id: { get_param: cluster_id }
- rules:
- - direction: ingress
- protocol: tcp
- port_range_min: 22
- port_range_max: 22
- remote_ip_prefix: { get_param: ssh_incoming }
- - direction: ingress
- protocol: udp
- port_range_min: 53
- port_range_max: 53
- remote_mode: remote_group_id
- remote_group_id: { get_resource: etcd-secgrp }
- - direction: ingress
- protocol: udp
- port_range_min: 53
- port_range_max: 53
- remote_mode: remote_group_id
- remote_group_id: { get_resource: master-secgrp }
- - direction: ingress
- protocol: udp
- port_range_min: 53
- port_range_max: 53
- remote_mode: remote_group_id
- remote_group_id: { get_resource: node-secgrp }
-
etcd:
type: OS::Heat::ResourceGroup
properties:
@@ -599,79 +516,3 @@ resources:
cluster_id: { get_param: cluster_id }
depends_on:
- interface
-
- dns:
- type: OS::Nova::Server
- properties:
- name:
- str_replace:
- template: cluster_id-dns
- params:
- cluster_id: { get_param: cluster_id }
- key_name: { get_resource: keypair }
- image: { get_param: dns_image }
- flavor: { get_param: dns_flavor }
- networks:
- - port: { get_resource: dns-port }
- user_data: { get_resource: dns-config }
- user_data_format: RAW
-
- dns-port:
- type: OS::Neutron::Port
- properties:
- network: { get_resource: net }
- fixed_ips:
- - subnet: { get_resource: subnet }
- ip_address:
- str_replace:
- template: subnet_24_prefix.2
- params:
- subnet_24_prefix: { get_param: subnet_24_prefix }
- security_groups:
- - { get_resource: dns-secgrp }
-
- dns-floating-ip:
- type: OS::Neutron::FloatingIP
- properties:
- floating_network: { get_param: external_net }
- port_id: { get_resource: dns-port }
-
- dns-config:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config:
- str_replace:
- template: |
- #cloud-config
- disable_root: true
-
- system_info:
- default_user:
- name: openshift
- sudo: ["ALL=(ALL) NOPASSWD: ALL"]
-
- write_files:
- - path: /etc/sudoers.d/00-openshift-no-requiretty
- permissions: 440
- content: |
- Defaults:openshift !requiretty
- - path: /etc/sysconfig/network-scripts/ifcfg-eth0
- content: |
- DEVICE="eth0"
- BOOTPROTO="dhcp"
- DNS1="$dns1"
- DNS2="$dns2"
- PEERDNS="no"
- ONBOOT="yes"
- runcmd:
- - [ "/usr/bin/systemctl", "restart", "network" ]
- params:
- $dns1:
- get_param:
- - dns_nameservers
- - 0
- $dns2:
- get_param:
- - dns_nameservers
- - 1
diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml
index f83f2c984..435139849 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack_server.yaml
@@ -107,7 +107,7 @@ resources:
flavor: { get_param: flavor }
networks:
- port: { get_resource: port }
- user_data: { get_file: user-data }
+ user_data: { get_resource: config }
user_data_format: RAW
metadata:
environment: { get_param: cluster_env }
@@ -128,3 +128,25 @@ resources:
properties:
floating_network: { get_param: floating_network }
port_id: { get_resource: port }
+
+ config:
+ type: OS::Heat::CloudConfig
+ properties:
+ cloud_config:
+ disable_root: true
+
+ hostname: { get_param: name }
+
+ system_info:
+ default_user:
+ name: openshift
+ sudo: ["ALL=(ALL) NOPASSWD: ALL"]
+
+ write_files:
+ - path: /etc/sudoers.d/00-openshift-no-requiretty
+ permissions: 440
+ # content: Defaults:openshift !requiretty
+ # Encoded in base64 to be sure that we do not forget the trailing newline or
+ # sudo will not be able to parse that file
+ encoding: b64
+ content: RGVmYXVsdHM6b3BlbnNoaWZ0ICFyZXF1aXJldHR5Cg==
diff --git a/playbooks/openstack/openshift-cluster/files/user-data b/playbooks/openstack/openshift-cluster/files/user-data
deleted file mode 100644
index eb65f7cec..000000000
--- a/playbooks/openstack/openshift-cluster/files/user-data
+++ /dev/null
@@ -1,13 +0,0 @@
-#cloud-config
-disable_root: true
-
-system_info:
- default_user:
- name: openshift
- sudo: ["ALL=(ALL) NOPASSWD: ALL"]
-
-write_files:
- - path: /etc/sudoers.d/00-openshift-no-requiretty
- permissions: 440
- content: |
- Defaults:openshift !requiretty
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 537b6c60f..6d2b81c1f 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -148,6 +148,7 @@ def hostname_valid(hostname):
if (not hostname or
hostname.startswith('localhost') or
hostname.endswith('localdomain') or
+ hostname.endswith('novalocal') or
len(hostname.split('.')) < 2):
return False
@@ -362,12 +363,15 @@ def normalize_openstack_facts(metadata, facts):
facts['network']['ip'] = local_ipv4
facts['network']['public_ip'] = metadata['ec2_compat']['public-ipv4']
- # TODO: verify local hostname makes sense and is resolvable
- facts['network']['hostname'] = metadata['hostname']
-
- # TODO: verify that public hostname makes sense and is resolvable
- pub_h = metadata['ec2_compat']['public-hostname']
- facts['network']['public_hostname'] = pub_h
+ for f_var, h_var, ip_var in [('hostname', 'hostname', 'local-ipv4'),
+ ('public_hostname', 'public-hostname', 'public-ipv4')]:
+ try:
+ if socket.gethostbyname(metadata['ec2_compat'][h_var]) == metadata['ec2_compat'][ip_var]:
+ facts['network'][f_var] = metadata['ec2_compat'][h_var]
+ else:
+ facts['network'][f_var] = metadata['ec2_compat'][ip_var]
+ except socket.gaierror:
+ facts['network'][f_var] = metadata['ec2_compat'][ip_var]
return facts
@@ -936,6 +940,14 @@ def set_sdn_facts_if_unset(facts, system_facts):
return facts
+def set_nodename(facts):
+ if 'node' in facts and 'common' in facts:
+ if 'cloudprovider' in facts and facts['cloudprovider']['kind'] == 'openstack':
+ facts['node']['nodename'] = facts['provider']['metadata']['hostname'].replace('.novalocal', '')
+ else:
+ facts['node']['nodename'] = facts['common']['hostname'].lower()
+ return facts
+
def migrate_oauth_template_facts(facts):
"""
Migrate an old oauth template fact to a newer format if it's present.
@@ -1312,7 +1324,7 @@ def apply_provider_facts(facts, provider_facts):
facts['common'][h_var] = choose_hostname(
[provider_facts['network'].get(h_var)],
- facts['common'][ip_var]
+ facts['common'][h_var]
)
facts['provider'] = provider_facts
@@ -1795,6 +1807,7 @@ class OpenShiftFacts(object):
facts = set_proxy_facts(facts)
if not safe_get_bool(facts['common']['is_containerized']):
facts = set_installed_variant_rpm_facts(facts)
+ facts = set_nodename(facts)
return dict(openshift=facts)
def get_defaults(self, roles, deployment_type, deployment_subtype):
diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml
index a1f42f8c4..28e4e46e9 100644
--- a/roles/openshift_manage_node/tasks/main.yml
+++ b/roles/openshift_manage_node/tasks/main.yml
@@ -14,7 +14,7 @@
- name: Wait for Node Registration
command: >
- {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.common.hostname }}
+ {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.node.nodename }}
--config={{ openshift_manage_node_kubeconfig }}
-n default
register: omd_get_node
@@ -26,19 +26,19 @@
- name: Set node schedulability
command: >
- {{ openshift.common.client_binary }} adm manage-node {{ hostvars[item].openshift.common.hostname | lower }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }}
+ {{ openshift.common.client_binary }} adm manage-node {{ hostvars[item].openshift.node.nodename }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }}
--config={{ openshift_manage_node_kubeconfig }}
-n default
with_items: "{{ openshift_nodes }}"
- when: hostvars[item].openshift.common.hostname is defined
+ when: hostvars[item].openshift.node.nodename is defined
- name: Label nodes
command: >
- {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.common.hostname | lower }} {{ hostvars[item].openshift.node.labels | oo_combine_dict }}
+ {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.node.nodename }} {{ hostvars[item].openshift.node.labels | oo_combine_dict }}
--config={{ openshift_manage_node_kubeconfig }}
-n default
with_items: "{{ openshift_nodes }}"
- when: hostvars[item].openshift.common.hostname is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {}
+ when: hostvars[item].openshift.node.nodename is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {}
- name: Delete temp directory
file:
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index 68d153052..9bcaf4d84 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -33,7 +33,7 @@ networkConfig:
{% if openshift.node.set_node_ip | bool %}
nodeIP: {{ openshift.common.ip }}
{% endif %}
-nodeName: {{ openshift.common.hostname | lower }}
+nodeName: {{ openshift.node.nodename }}
podManifestConfig:
servingInfo:
bindAddress: 0.0.0.0:10250