summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--playbooks/common/openshift-cluster/update_repos_and_packages.yml2
-rw-r--r--playbooks/common/openshift-etcd/config.yml2
-rw-r--r--playbooks/common/openshift-master/config.yml1
-rw-r--r--playbooks/common/openshift-node/config.yml1
-rw-r--r--roles/docker/tasks/main.yml2
-rw-r--r--roles/etcd/tasks/main.yml2
-rw-r--r--roles/fluentd_master/tasks/main.yml4
-rw-r--r--roles/fluentd_node/tasks/main.yml4
-rw-r--r--roles/kube_nfs_volumes/tasks/main.yml4
-rw-r--r--roles/openshift_examples/defaults/main.yml2
-rw-r--r--roles/openshift_expand_partition/tasks/main.yml9
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py26
-rw-r--r--roles/openshift_facts/tasks/main.yml14
-rw-r--r--roles/openshift_master/tasks/main.yml27
-rw-r--r--roles/openshift_master/templates/openshift.docker.master.service11
-rw-r--r--roles/openshift_master/vars/main.yml2
-rw-r--r--roles/openshift_master_ca/tasks/main.yml2
-rw-r--r--roles/openshift_master_ca/vars/main.yml3
-rw-r--r--roles/openshift_master_cluster/tasks/main.yml4
-rw-r--r--roles/openshift_node/tasks/main.yml8
-rw-r--r--roles/openshift_node/templates/openshift.docker.node.service11
-rw-r--r--roles/openshift_node/vars/main.yml3
-rw-r--r--roles/openshift_node_certificates/tasks/main.yml8
-rw-r--r--roles/openshift_repos/tasks/main.yaml10
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml17
-rw-r--r--roles/openshift_storage_nfs_lvm/tasks/nfs.yml1
-rw-r--r--roles/os_env_extras/tasks/main.yaml3
-rw-r--r--roles/os_firewall/tasks/firewall/iptables.yml1
-rw-r--r--roles/os_update_latest/tasks/main.yml7
-rw-r--r--roles/os_zabbix/tasks/main.yml4
-rw-r--r--roles/yum_repos/tasks/main.yml1
31 files changed, 173 insertions, 23 deletions
diff --git a/playbooks/common/openshift-cluster/update_repos_and_packages.yml b/playbooks/common/openshift-cluster/update_repos_and_packages.yml
index 190e2d862..6e4ad7d3f 100644
--- a/playbooks/common/openshift-cluster/update_repos_and_packages.yml
+++ b/playbooks/common/openshift-cluster/update_repos_and_packages.yml
@@ -8,5 +8,5 @@
ansible_distribution == "RedHat" and
lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) |
default('no', True) | lower in ['no', 'false']
- - openshift_repos
+ - {role: openshift_repos, when: not is_atomic}
- os_update_latest
diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml
index 6dee196e3..a0dd330e7 100644
--- a/playbooks/common/openshift-etcd/config.yml
+++ b/playbooks/common/openshift-etcd/config.yml
@@ -87,7 +87,7 @@
when: etcd_server_certs_missing
roles:
- etcd
- - role: nickhammond.logrotate
+ - { role: nickhammond.logrotate, when: not is_atomic }
- name: Delete temporary directory on localhost
hosts: localhost
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index dd638487a..453adb4ff 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -328,6 +328,7 @@
roles:
- openshift_master
- role: nickhammond.logrotate
+ when: not is_atomic
- role: fluentd_master
when: openshift.common.use_fluentd | bool
post_tasks:
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 69ccb0cb8..6eee75064 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -181,6 +181,7 @@
- role: flannel
when: openshift.common.use_flannel | bool
- role: nickhammond.logrotate
+ when: not is_atomic
- role: fluentd_node
when: openshift.common.use_fluentd | bool
tasks:
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index e94ebe3e1..7939221a1 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -1,7 +1,7 @@
---
# tasks file for docker
- name: Install docker
- action: "{{ ansible_pkg_mgr }} name=docker state=present"
+ action: "{{ ansible_pkg_mgr }} name=docker state=present" and not is_atomic
- name: enable and start the docker service
service: name=docker enabled=yes state=started
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 61892fe06..d661ce437 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -8,7 +8,7 @@
when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4"
- name: Install etcd
- action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present"
+ action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present" and not is_atomic
- name: Validate permissions on the config dir
file:
diff --git a/roles/fluentd_master/tasks/main.yml b/roles/fluentd_master/tasks/main.yml
index 65c67fe8d..ddfa39284 100644
--- a/roles/fluentd_master/tasks/main.yml
+++ b/roles/fluentd_master/tasks/main.yml
@@ -1,4 +1,8 @@
---
+- fail:
+ msg: "fluentd master is not yet supported on atomic hosts"
+ when: is_atomic
+
# TODO: Update fluentd install and configuration when packaging is complete
- name: download and install td-agent
action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present"
diff --git a/roles/fluentd_node/tasks/main.yml b/roles/fluentd_node/tasks/main.yml
index 85488b55e..4a29d1270 100644
--- a/roles/fluentd_node/tasks/main.yml
+++ b/roles/fluentd_node/tasks/main.yml
@@ -1,4 +1,8 @@
---
+- fail:
+ msg: "fluentd node is not yet supported on atomic hosts"
+ when: is_atomic
+
# TODO: Update fluentd install and configuration when packaging is complete
- name: download and install td-agent
action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present"
diff --git a/roles/kube_nfs_volumes/tasks/main.yml b/roles/kube_nfs_volumes/tasks/main.yml
index 2cc35844c..85338cd84 100644
--- a/roles/kube_nfs_volumes/tasks/main.yml
+++ b/roles/kube_nfs_volumes/tasks/main.yml
@@ -1,4 +1,8 @@
---
+- fail:
+ msg: "That playbook is not yet supported on atomic hosts"
+ when: is_atomic
+
- name: Install pyparted (RedHat/Fedora)
action: "{{ ansible_pkg_mgr }} name=pyparted,python-httplib2 state=present"
diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml
index 0bc5d7750..ae642fae1 100644
--- a/roles/openshift_examples/defaults/main.yml
+++ b/roles/openshift_examples/defaults/main.yml
@@ -8,7 +8,7 @@ openshift_examples_load_quickstarts: true
content_version: "{{ 'v1.1' if openshift.common.version_greater_than_3_1_or_1_1 else 'v1.0' }}"
-examples_base: "/usr/share/openshift/examples"
+examples_base: "{% if is_atomic %}{{ openshift.common.config_base }}{% else %}/usr/share/openshift{% endif %}/examples"
image_streams_base: "{{ examples_base }}/image-streams"
centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json"
rhel_image_streams: "{{ image_streams_base}}/image-streams-rhel7.json"
diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml
index 84d859553..b74d635d5 100644
--- a/roles/openshift_expand_partition/tasks/main.yml
+++ b/roles/openshift_expand_partition/tasks/main.yml
@@ -1,6 +1,13 @@
---
- name: Ensure growpart is installed
- action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present"
+ action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present" and not is_atomic
+
+- name: Determine if growpart is installed
+ command: "rpm -q cloud-utils-growpart"
+ register: has_growpart
+ failed_when: "has_growpart.cr != 0 and 'package cloud-utils-growpart is not installed' not in has_growpart.stdout"
+ changed_when: false
+ when: is_atomic
- name: Grow the partitions
command: "growpart {{oep_drive}} {{oep_partition}}"
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index e557853b1..4278111c2 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -710,7 +710,8 @@ def set_sdn_facts_if_unset(facts, system_facts):
if 'common' in facts:
use_sdn = facts['common']['use_openshift_sdn']
if not (use_sdn == '' or isinstance(use_sdn, bool)):
- facts['common']['use_openshift_sdn'] = bool(strtobool(str(use_sdn)))
+ use_sdn = bool(strtobool(str(use_sdn)))
+ facts['common']['use_openshift_sdn'] = use_sdn
if 'sdn_network_plugin_name' not in facts['common']:
plugin = 'redhat/openshift-ovs-subnet' if use_sdn else ''
facts['common']['sdn_network_plugin_name'] = plugin
@@ -1031,6 +1032,7 @@ class OpenShiftFacts(object):
facts = set_version_facts_if_unset(facts)
facts = set_aggregate_facts(facts)
facts = set_etcd_facts_if_unset(facts)
+ facts = self.init_in_docker_facts(facts)
return dict(openshift=facts)
def get_defaults(self, roles):
@@ -1197,6 +1199,28 @@ class OpenShiftFacts(object):
self.changed = changed
return new_local_facts
+ def init_in_docker_facts(self, facts):
+ facts['is_atomic'] = os.path.isfile('/run/ostree-booted')
+
+ docker = dict()
+ docker['image_name'] = 'openshift/origin'
+ # TODO: figure out right way to set the version
+ docker['image_version'] = 'latest'
+ docker['image'] = "%s:%s" % (docker['image_name'], docker['image_version'])
+
+ # shared /tmp/openshift vol is for file exchange with ansible
+ # --privileged is required to read the config dir
+ # --net host to access openshift from the container
+ # maybe -v /var/run/docker.sock:/var/run/docker.sock is required as well
+ docker['runner'] = "docker run --rm --privileged --net host -v /tmp/openshift:/tmp/openshift -v {datadir}:{datadir} -v {confdir}:{confdir} -e KUBECONFIG={confdir}/master/admin.kubeconfig {image}".format(confdir=facts['common']['config_base'], datadir=facts['common']['data_dir'], image=docker['image'])
+
+ if facts['is_atomic']:
+ facts['common']['client_binary'] = '%s cli' % docker['runner']
+ facts['common']['admin_binary'] = '%s admin' % docker['runner']
+
+ facts['docker'] = docker
+ return facts
+
def main():
""" main """
diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml
index 832f7ad84..e98b7c591 100644
--- a/roles/openshift_facts/tasks/main.yml
+++ b/roles/openshift_facts/tasks/main.yml
@@ -6,6 +6,20 @@
- ansible_version | version_compare('1.9.0', 'ne')
- ansible_version | version_compare('1.9.0.1', 'ne')
+- name: Determine if Atomic
+ stat: path=/run/ostree-booted
+ register: s
+ changed_when: false
+
+- name: Init the is_atomic fact
+ set_fact:
+ is_atomic: false
+
+- name: Set the is_atomic fact
+ set_fact:
+ is_atomic: true
+ when: s.stat.exists
+
- name: Ensure PyYaml is installed
action: "{{ ansible_pkg_mgr }} name=PyYAML state=present"
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 43647cc49..6844a16cc 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -21,6 +21,10 @@
msg: "openshift_master_cluster_password must be set for multi-master installations"
when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password)
+- fail:
+ msg: "openshift_master_ha is not yet supported on atomic hosts"
+ when: openshift_master_ha | bool and is_atomic
+
- name: Set master facts
openshift_facts:
role: master
@@ -79,6 +83,25 @@
- name: Install Master package
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version }} state=present"
+ when: not is_atomic
+
+# TODO: enable when ansible#1993 lands and is widespread enough
+# - name: Docker image present
+# docker:
+# image: "{{ openshift.common.docker.image }}"
+# state: image_present
+# when: is_atomic
+
+- name: Install Master docker service file
+ template:
+ dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service"
+ src: openshift.docker.master.service
+ register: install_result
+ when: is_atomic
+
+- name: Reload systemd units
+ command: systemctl daemon-reload
+ when: is_atomic and install_result | changed
- name: Re-gather package dependent master facts
openshift_facts:
@@ -113,6 +136,7 @@
action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present"
when: (item.kind == 'HTPasswdPasswordIdentityProvider')
with_items: openshift.master.identity_providers
+ when: not is_atomic
- name: Ensure htpasswd directory exists
file:
@@ -251,7 +275,7 @@
- name: Install cluster packages
action: "{{ ansible_pkg_mgr }} name=pcs state=present"
- when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker'
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' and not is_atomic
register: install_result
- name: Start and enable cluster service
@@ -283,6 +307,7 @@
command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config
args:
creates: ~{{ item }}/.kube/config
+ when: not is_atomic
with_items:
- root
- "{{ ansible_ssh_user }}"
diff --git a/roles/openshift_master/templates/openshift.docker.master.service b/roles/openshift_master/templates/openshift.docker.master.service
new file mode 100644
index 000000000..9e436f8eb
--- /dev/null
+++ b/roles/openshift_master/templates/openshift.docker.master.service
@@ -0,0 +1,11 @@
+[Unit]
+After=docker.service
+Require=docker.service
+
+[Service]
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start master --config=${CONFIG_FILE} ${OPTIONS}
+ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml
index 534465451..875d61a3b 100644
--- a/roles/openshift_master/vars/main.yml
+++ b/roles/openshift_master/vars/main.yml
@@ -5,6 +5,8 @@ openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.js
openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml"
openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json"
openshift_version: "{{ openshift_pkg_version | default('') }}"
+openshift_docker_image_name: openshift/origin
+openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}"
openshift_master_valid_grant_methods:
- auto
diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml
index 0db95a4eb..c179ceb61 100644
--- a/roles/openshift_master_ca/tasks/main.yml
+++ b/roles/openshift_master_ca/tasks/main.yml
@@ -1,9 +1,11 @@
---
- name: Install the base package for admin tooling
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version }} state=present"
+ when: not is_atomic
- name: Reload generated facts
openshift_facts:
+ when: install_result | changed
- name: Create openshift_master_config_dir if it doesn't exist
file:
diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml
index b35339b18..0f1f32a34 100644
--- a/roles/openshift_master_ca/vars/main.yml
+++ b/roles/openshift_master_ca/vars/main.yml
@@ -4,3 +4,6 @@ openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
openshift_version: "{{ openshift_pkg_version | default('') }}"
+
+openshift_docker_image_name: openshift/origin
+openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}"
diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml
index 6303a6e46..978e2920d 100644
--- a/roles/openshift_master_cluster/tasks/main.yml
+++ b/roles/openshift_master_cluster/tasks/main.yml
@@ -1,4 +1,8 @@
---
+- fail:
+ msg: "Not possible on atomic hosts for now"
+ when: is_atomic
+
- name: Test if cluster is already configured
command: pcs status
register: pcs_status
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 38bffc2e5..8607aa3fb 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -4,6 +4,10 @@
msg: "SELinux is disabled, This deployment type requires that SELinux is enabled."
when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise']
+- fail:
+ msg: "This playbook does not support using SDN on atomic hosts yet"
+ when: openshift.common.use_openshift_sdn and is_atomic
+
- name: Set node facts
openshift_facts:
role: "{{ item.role }}"
@@ -38,10 +42,11 @@
# problems because the rpms don't pin the version properly.
- name: Install Node package
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present"
+ when: not is_atomic
- name: Install sdn-ovs package
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present"
- when: openshift.common.use_openshift_sdn
+ when: openshift.common.use_openshift_sdn and not is_atomic
# TODO: add the validate parameter when there is a validation command to run
- name: Create the Node config
@@ -57,6 +62,7 @@
dest: /etc/sysconfig/{{ openshift.common.service_type }}-node
regexp: "{{ item.regex }}"
line: "{{ item.line }}"
+ create: true
with_items:
- regex: '^OPTIONS='
line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}"
diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service
new file mode 100644
index 000000000..e9df34940
--- /dev/null
+++ b/roles/openshift_node/templates/openshift.docker.node.service
@@ -0,0 +1,11 @@
+[Unit]
+After=docker.service
+Require=docker.service
+
+[Service]
+EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name "{{ openshift.common.service_type }}-node" -v /:/rootfs:ro -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start node --config=${CONFIG_FILE} ${OPTIONS}
+ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml
index 43dc50ca8..c57d1bcca 100644
--- a/roles/openshift_node/vars/main.yml
+++ b/roles/openshift_node/vars/main.yml
@@ -2,3 +2,6 @@
openshift_node_config_dir: "{{ openshift.common.config_base }}/node"
openshift_node_config_file: "{{ openshift_node_config_dir }}/node-config.yaml"
openshift_version: "{{ openshift_pkg_version | default('') }}"
+
+openshift_docker_image_name: openshift/origin
+openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}"
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
index 57f71887b..b54811414 100644
--- a/roles/openshift_node_certificates/tasks/main.yml
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -17,19 +17,19 @@
--signer-serial={{ openshift_master_ca_serial }}
--user=system:node:{{ item.openshift.common.hostname }}
args:
- chdir: "{{ openshift_generated_configs_dir }}"
creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
with_items: nodes_needing_certs
- name: Generate the node server certificate
command: >
- {{ openshift.common.admin_binary }} create-server-cert
- --cert=server.crt --key=server.key --overwrite=true
+ {{ openshift.common.admin_binary }} ca create-server-cert
+ --cert={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt
+ --key={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.key
+ --overwrite=true
--hostnames={{ item.openshift.common.all_hostnames |join(",") }}
--signer-cert={{ openshift_master_ca_cert }}
--signer-key={{ openshift_master_ca_key }}
--signer-serial={{ openshift_master_ca_serial }}
args:
- chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt"
with_items: nodes_needing_certs
diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml
index 9faf0dfd9..6d0d1d493 100644
--- a/roles/openshift_repos/tasks/main.yaml
+++ b/roles/openshift_repos/tasks/main.yaml
@@ -12,19 +12,20 @@
- name: Ensure libselinux-python is installed
action: "{{ ansible_pkg_mgr }} name=libselinux-python state=present"
+ when: not is_atomic
- name: Create any additional repos that are defined
template:
src: yum_repo.j2
dest: /etc/yum.repos.d/openshift_additional.repo
- when: openshift_additional_repos | length > 0
+ when: openshift_additional_repos | length > 0 and not is_atomic
notify: refresh cache
- name: Remove the additional repos if no longer defined
file:
dest: /etc/yum.repos.d/openshift_additional.repo
state: absent
- when: openshift_additional_repos | length == 0
+ when: openshift_additional_repos | length == 0 and not is_atomic
notify: refresh cache
- name: Remove any yum repo files for other deployment types RHEL/CentOS
@@ -35,6 +36,7 @@
- '*/repos/*'
when: not (item | search("/files/" ~ openshift_deployment_type ~ "/repos")) and
(ansible_os_family == "RedHat" and ansible_distribution != "Fedora")
+ and not is_atomic
notify: refresh cache
- name: Remove any yum repo files for other deployment types Fedora
@@ -45,6 +47,7 @@
- '*/repos/*'
when: not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) and
(ansible_distribution == "Fedora")
+ and not is_atomic
notify: refresh cache
- name: Configure gpg keys if needed
@@ -59,10 +62,11 @@
- "{{ openshift_deployment_type }}/repos/*"
notify: refresh cache
when: (ansible_os_family == "RedHat" and ansible_distribution != "Fedora")
+ and not is_atomic
- name: Configure yum repositories Fedora
copy: src={{ item }} dest=/etc/yum.repos.d/
with_fileglob:
- "fedora-{{ openshift_deployment_type }}/repos/*"
notify: refresh cache
- when: (ansible_distribution == "Fedora")
+ when: (ansible_distribution == "Fedora") and not is_atomic
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
index e558a83a2..eb9c9b2c9 100644
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ b/roles/openshift_serviceaccounts/tasks/main.yml
@@ -1,12 +1,19 @@
+- name: tmp dir for openshift
+ file:
+ path: /tmp/openshift
+ state: directory
+ owner: root
+ mode: 700
+
- name: Create service account configs
template:
src: serviceaccount.j2
- dest: "/tmp/{{ item }}-serviceaccount.yaml"
+ dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
with_items: accounts
- name: Create {{ item }} service account
command: >
- {{ openshift.common.client_binary }} create -f "/tmp/{{ item }}-serviceaccount.yaml"
+ {{ openshift.common.client_binary }} create -f "/tmp/openshift/{{ item }}-serviceaccount.yaml"
with_items: accounts
register: _sa_result
failed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc != 0"
@@ -15,14 +22,14 @@
- name: Get current security context constraints
shell: >
{{ openshift.common.client_binary }} get scc privileged -o yaml
- --output-version=v1 > /tmp/scc.yaml
+ --output-version=v1 > /tmp/openshift/scc.yaml
- name: Add security context constraint for {{ item }}
lineinfile:
- dest: /tmp/scc.yaml
+ dest: /tmp/openshift/scc.yaml
line: "- system:serviceaccount:default:{{ item }}"
insertafter: "^users:$"
with_items: accounts
- name: Apply new scc rules for service accounts
- command: "{{ openshift.common.client_binary }} update -f /tmp/scc.yaml --api-version=v1"
+ command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
index cf1ba6f25..df7c0e57d 100644
--- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
+++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
@@ -1,6 +1,7 @@
---
- name: Install NFS server
action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present"
+ when: not is_atomic
- name: Start rpcbind
service: name=rpcbind state=started enabled=yes
diff --git a/roles/os_env_extras/tasks/main.yaml b/roles/os_env_extras/tasks/main.yaml
index cbf5c37f5..d52795289 100644
--- a/roles/os_env_extras/tasks/main.yaml
+++ b/roles/os_env_extras/tasks/main.yaml
@@ -12,4 +12,5 @@
dest: /root/.vimrc
- name: Bash Completion
- action: "{{ ansible_pkg_mgr }} name=bash-completion state=present" \ No newline at end of file
+ action: "{{ ansible_pkg_mgr }} name=bash-completion state=present"
+ when: not is_atomic \ No newline at end of file
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml
index d3a5b1fa7..01b8263d5 100644
--- a/roles/os_firewall/tasks/firewall/iptables.yml
+++ b/roles/os_firewall/tasks/firewall/iptables.yml
@@ -5,6 +5,7 @@
- iptables
- iptables-services
register: install_result
+ when: not is_atomic
- name: Check if firewalld is installed
command: rpm -q firewalld
diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml
index 2532059c0..3c3e80979 100644
--- a/roles/os_update_latest/tasks/main.yml
+++ b/roles/os_update_latest/tasks/main.yml
@@ -1,3 +1,8 @@
---
+- fail:
+ msg: "Update is not yet supported by this playbook on atomic hosts"
+ when: is_atomic
+
- name: Update all packages
- action: "{{ ansible_pkg_mgr }} name=* state=latest" \ No newline at end of file
+ action: "{{ ansible_pkg_mgr }} name=* state=latest"
+ when: not is_atomic \ No newline at end of file
diff --git a/roles/os_zabbix/tasks/main.yml b/roles/os_zabbix/tasks/main.yml
index 7552086d4..bd879c25f 100644
--- a/roles/os_zabbix/tasks/main.yml
+++ b/roles/os_zabbix/tasks/main.yml
@@ -1,4 +1,8 @@
---
+- fail:
+ msg: "Zabbix config is not yet supported on atomic hosts"
+ when: is_atomic
+
- name: Main List all templates
zbx_template:
zbx_server: "{{ ozb_server }}"
diff --git a/roles/yum_repos/tasks/main.yml b/roles/yum_repos/tasks/main.yml
index a9903c6c6..252dc71d5 100644
--- a/roles/yum_repos/tasks/main.yml
+++ b/roles/yum_repos/tasks/main.yml
@@ -45,3 +45,4 @@
src: yumrepo.j2
dest: /etc/yum.repos.d/{{ item.id }}.repo
with_items: repo_files
+ when: not is_atomic