summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--inventory/byo/hosts.example8
-rw-r--r--playbooks/adhoc/uninstall.yml10
-rwxr-xr-xplaybooks/aws/openshift-cluster/accept.yml2
-rw-r--r--playbooks/byo/openshift-cluster/enable_dnsmasq.yml4
-rw-r--r--playbooks/common/openshift-cluster/enable_dnsmasq.yml55
-rw-r--r--playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/post_control_plane.yml3
-rw-r--r--playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml2
-rw-r--r--playbooks/init/facts.yml5
-rw-r--r--playbooks/openshift-etcd/private/ca.yml1
-rw-r--r--playbooks/openshift-etcd/private/config.yml1
-rw-r--r--playbooks/openshift-node/private/configure_nodes.yml1
-rw-r--r--playbooks/openshift-node/private/containerized_nodes.yml1
-rw-r--r--playbooks/openshift-node/private/manage_node.yml1
-rw-r--r--playbooks/openshift-node/private/network_manager.yml2
-rw-r--r--playbooks/openshift-service-catalog/config.yml4
-rw-r--r--playbooks/openstack/README.md44
-rw-r--r--playbooks/openstack/advanced-configuration.md56
-rw-r--r--playbooks/openstack/sample-inventory/group_vars/OSEv3.yml3
-rw-r--r--playbooks/openstack/sample-inventory/group_vars/all.yml9
-rwxr-xr-xplaybooks/openstack/sample-inventory/inventory.py11
-rw-r--r--roles/ansible_service_broker/tasks/install.yml6
-rw-r--r--roles/ansible_service_broker/tasks/main.yml4
-rw-r--r--roles/cockpit/tasks/main.yml2
-rw-r--r--roles/contiv/tasks/download_bins.yml2
-rw-r--r--roles/contiv/tasks/pkgMgrInstallers/centos-install.yml6
-rw-r--r--roles/contiv_facts/tasks/fedora-install.yml2
-rw-r--r--roles/docker/tasks/package_docker.yml2
-rw-r--r--roles/docker/tasks/systemcontainer_crio.yml6
-rw-r--r--roles/docker/tasks/systemcontainer_docker.yml8
-rw-r--r--roles/etcd/tasks/auxiliary/drop_etcdctl.yml2
-rw-r--r--roles/etcd/tasks/backup/backup.yml2
-rw-r--r--roles/etcd/tasks/certificates/deploy_ca.yml2
-rw-r--r--roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml2
-rw-r--r--roles/etcd/tasks/fetch_backup.yml8
-rw-r--r--roles/etcd/tasks/main.yml2
-rw-r--r--roles/etcd/tasks/migration/add_ttls.yml4
-rw-r--r--roles/etcd/tasks/upgrade/upgrade_image.yml2
-rw-r--r--roles/etcd/tasks/upgrade/upgrade_rpm.yml2
-rw-r--r--roles/flannel/tasks/main.yml2
-rw-r--r--roles/installer_checkpoint/callback_plugins/installer_checkpoint.py2
-rw-r--r--roles/lib_openshift/library/oc_adm_router.py6
-rw-r--r--roles/lib_openshift/src/ansible/oc_adm_router.py6
-rw-r--r--roles/nickhammond.logrotate/tasks/main.yml2
-rw-r--r--roles/nickhammond.logrotate/templates/logrotate.d.j22
-rw-r--r--roles/nuage_ca/tasks/main.yaml2
-rw-r--r--roles/openshift_ca/tasks/main.yml1
-rw-r--r--roles/openshift_cli/tasks/main.yml12
-rw-r--r--roles/openshift_clock/tasks/main.yaml2
-rw-r--r--roles/openshift_etcd/meta/main.yml1
-rw-r--r--roles/openshift_excluder/tasks/install.yml8
-rw-r--r--roles/openshift_expand_partition/tasks/main.yml2
-rw-r--r--roles/openshift_facts/defaults/main.yml6
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py94
-rw-r--r--roles/openshift_hosted/README.md22
-rw-r--r--roles/openshift_hosted/defaults/main.yml1
-rw-r--r--roles/openshift_hosted/tasks/registry.yml20
-rw-r--r--roles/openshift_hosted/tasks/storage/glusterfs.yml4
-rw-r--r--roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml16
-rw-r--r--roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j212
-rw-r--r--roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j210
-rw-r--r--roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j212
-rw-r--r--roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j210
-rw-r--r--roles/openshift_loadbalancer/tasks/main.yml2
-rw-r--r--roles/openshift_logging/tasks/generate_jks.yaml6
-rw-r--r--roles/openshift_logging_curator/templates/curator.j22
-rw-r--r--roles/openshift_logging_elasticsearch/templates/es.j22
-rw-r--r--roles/openshift_logging_elasticsearch/templates/pvc.j24
-rw-r--r--roles/openshift_logging_elasticsearch/templates/route_reencrypt.j22
-rw-r--r--roles/openshift_logging_eventrouter/templates/eventrouter-template.j22
-rw-r--r--roles/openshift_logging_kibana/templates/kibana.j22
-rw-r--r--roles/openshift_logging_kibana/templates/route_reencrypt.j22
-rw-r--r--roles/openshift_logging_mux/templates/mux.j22
-rw-r--r--roles/openshift_manage_node/defaults/main.yml6
-rw-r--r--roles/openshift_manage_node/tasks/main.yml2
-rw-r--r--roles/openshift_management/tasks/add_container_provider.yml4
-rw-r--r--roles/openshift_master/defaults/main.yml12
-rw-r--r--roles/openshift_master/tasks/main.yml5
-rw-r--r--roles/openshift_master/tasks/upgrade/rpm_upgrade.yml2
-rw-r--r--roles/openshift_master/templates/htpasswd.j22
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j214
-rw-r--r--roles/openshift_master_facts/tasks/main.yml8
-rw-r--r--roles/openshift_metrics/templates/hawkular_cassandra_rc.j22
-rw-r--r--roles/openshift_metrics/templates/hawkular_metrics_rc.j22
-rw-r--r--roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j22
-rw-r--r--roles/openshift_metrics/templates/heapster.j22
-rw-r--r--roles/openshift_metrics/templates/pvc.j26
-rw-r--r--roles/openshift_metrics/templates/rolebinding.j22
-rw-r--r--roles/openshift_metrics/templates/route.j22
-rw-r--r--roles/openshift_metrics/templates/secret.j26
-rw-r--r--roles/openshift_metrics/templates/service.j28
-rw-r--r--roles/openshift_metrics/templates/serviceaccount.j22
-rw-r--r--roles/openshift_nfs/tasks/setup.yml2
-rw-r--r--roles/openshift_node/defaults/main.yml7
-rwxr-xr-xroles/openshift_node/files/networkmanager/99-origin-dns.sh (renamed from roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh)0
-rw-r--r--roles/openshift_node/handlers/main.yml11
-rw-r--r--roles/openshift_node/meta/main.yml3
-rw-r--r--roles/openshift_node/tasks/bootstrap.yml2
-rw-r--r--roles/openshift_node/tasks/dnsmasq.yml (renamed from roles/openshift_node_dnsmasq/tasks/main.yml)6
-rw-r--r--roles/openshift_node/tasks/dnsmasq/network-manager.yml (renamed from roles/openshift_node_dnsmasq/tasks/network-manager.yml)0
-rw-r--r--roles/openshift_node/tasks/dnsmasq/no-network-manager.yml (renamed from roles/openshift_node_dnsmasq/tasks/no-network-manager.yml)2
-rw-r--r--roles/openshift_node/tasks/docker/upgrade.yml2
-rw-r--r--roles/openshift_node/tasks/install.yml6
-rw-r--r--roles/openshift_node/tasks/main.yml2
-rw-r--r--roles/openshift_node/tasks/storage_plugins/ceph.yml2
-rw-r--r--roles/openshift_node/tasks/storage_plugins/glusterfs.yml2
-rw-r--r--roles/openshift_node/tasks/storage_plugins/iscsi.yml2
-rw-r--r--roles/openshift_node/tasks/storage_plugins/nfs.yml2
-rw-r--r--roles/openshift_node/tasks/upgrade.yml5
-rw-r--r--roles/openshift_node/tasks/upgrade/rpm_upgrade.yml4
-rw-r--r--roles/openshift_node/templates/node-dnsmasq.conf.j2 (renamed from roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2)0
-rw-r--r--roles/openshift_node/templates/origin-dns.conf.j2 (renamed from roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2)0
-rw-r--r--roles/openshift_node_dnsmasq/README.md27
-rw-r--r--roles/openshift_node_dnsmasq/defaults/main.yml7
-rw-r--r--roles/openshift_node_dnsmasq/handlers/main.yml11
-rw-r--r--roles/openshift_node_dnsmasq/meta/main.yml15
-rw-r--r--roles/openshift_node_facts/tasks/main.yml1
-rw-r--r--roles/openshift_openstack/tasks/node-packages.yml4
-rw-r--r--roles/openshift_openstack/templates/heat_stack.yaml.j24
-rw-r--r--roles/openshift_persistent_volumes/templates/persistent-volume.yml.j22
-rw-r--r--roles/openshift_prometheus/templates/prometheus.j22
-rw-r--r--roles/openshift_prometheus/vars/default_images.yml2
-rw-r--r--roles/openshift_provisioners/templates/clusterrolebinding.j22
-rw-r--r--roles/openshift_provisioners/templates/efs.j22
-rw-r--r--roles/openshift_provisioners/templates/pv.j24
-rw-r--r--roles/openshift_provisioners/templates/pvc.j24
-rw-r--r--roles/openshift_provisioners/templates/secret.j22
-rw-r--r--roles/openshift_provisioners/templates/serviceaccount.j22
-rw-r--r--roles/openshift_repos/tasks/main.yaml2
-rw-r--r--roles/openshift_sanitize_inventory/tasks/unsupported.yml24
-rw-r--r--roles/openshift_service_catalog/tasks/install.yml4
-rw-r--r--roles/openshift_service_catalog/tasks/main.yml4
-rw-r--r--roles/openshift_service_catalog/templates/api_server.j22
-rw-r--r--roles/openshift_service_catalog/templates/controller_manager.j22
-rw-r--r--roles/openshift_storage_glusterfs/README.md3
-rw-r--r--roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml2
-rw-r--r--roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml2
-rw-r--r--roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml10
-rw-r--r--roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml41
-rw-r--r--roles/openshift_storage_nfs/tasks/main.yml2
-rw-r--r--roles/openshift_storage_nfs_lvm/tasks/nfs.yml2
-rw-r--r--roles/openshift_version/tasks/set_version_containerized.yml4
-rw-r--r--roles/os_firewall/tasks/firewalld.yml2
-rw-r--r--roles/os_firewall/tasks/iptables.yml2
-rw-r--r--roles/os_update_latest/tasks/main.yml2
-rw-r--r--roles/rhel_subscribe/tasks/main.yml2
-rw-r--r--roles/template_service_broker/tasks/main.yml4
149 files changed, 494 insertions, 436 deletions
diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example
index ccdec2da1..3a9944ba4 100644
--- a/inventory/byo/hosts.example
+++ b/inventory/byo/hosts.example
@@ -908,6 +908,14 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Enable template service broker (requires service catalog to be enabled, above)
#template_service_broker_install=true
+# Force a specific prefix (IE: registry) to use when pulling the service catalog image
+# NOTE: The registry all the way up to the start of the image name must be provided. Two examples
+# below are provided.
+#openshift_service_catalog_image_prefix=docker.io/openshift/origin-
+#openshift_service_catalog_image_prefix=registry.access.redhat.com/openshift3/ose-
+# Force a specific image version to use when pulling the service catalog image
+#openshift_service_catalog_image_version=v3.7
+
# Configure one of more namespaces whose templates will be served by the TSB
#openshift_template_service_broker_namespaces=['openshift']
diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml
index 5ed55a817..0c2a2c7e8 100644
--- a/playbooks/adhoc/uninstall.yml
+++ b/playbooks/adhoc/uninstall.yml
@@ -126,10 +126,14 @@
- origin-sdn-ovs
- tuned-profiles-openshift-node
- tuned-profiles-origin-node
+ register: result
+ until: result | success
- name: Remove flannel package
package: name=flannel state=absent
when: openshift_use_flannel | default(false) | bool
+ register: result
+ until: result | success
when: not is_atomic | bool
- shell: systemctl reset-failed
@@ -382,6 +386,8 @@
- origin-master
- pacemaker
- pcs
+ register: result
+ until: result | success
- shell: systemctl reset-failed
changed_when: False
@@ -497,6 +503,8 @@
with_items:
- etcd
- etcd3
+ register: result
+ until: result | success
- shell: systemctl reset-failed
changed_when: False
@@ -554,6 +562,8 @@
when: not is_atomic | bool and openshift_remove_all | default(True) | bool
with_items:
- haproxy
+ register: result
+ until: result | success
- shell: systemctl reset-failed
changed_when: False
diff --git a/playbooks/aws/openshift-cluster/accept.yml b/playbooks/aws/openshift-cluster/accept.yml
index c2c8bea50..cab2f1e40 100755
--- a/playbooks/aws/openshift-cluster/accept.yml
+++ b/playbooks/aws/openshift-cluster/accept.yml
@@ -14,7 +14,7 @@
msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}"
- name: bring lib_openshift into scope
- include_role:
+ import_role:
name: lib_openshift
- name: fetch masters
diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml
deleted file mode 100644
index b429e84e5..000000000
--- a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-- include: ../../init/evaluate_groups.yml
-
-- include: ../../common/openshift-cluster/enable_dnsmasq.yml
diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml
deleted file mode 100644
index f91361b67..000000000
--- a/playbooks/common/openshift-cluster/enable_dnsmasq.yml
+++ /dev/null
@@ -1,55 +0,0 @@
----
-- name: Load openshift_facts
- hosts: oo_masters_to_config:oo_nodes_to_config
- roles:
- - openshift_facts
-
-- name: Reconfigure masters to listen on our new dns_port
- hosts: oo_masters_to_config
- handlers:
- - include: ../../../roles/openshift_master/handlers/main.yml
- static: yes
- vars:
- os_firewall_allow:
- - service: skydns tcp
- port: "{{ openshift.master.dns_port }}/tcp"
- - service: skydns udp
- port: "{{ openshift.master.dns_port }}/udp"
- roles:
- - os_firewall
- tasks:
- - openshift_facts:
- role: "{{ item.role }}"
- local_facts: "{{ item.local_facts }}"
- with_items:
- - role: master
- local_facts:
- dns_port: '8053'
- - modify_yaml:
- dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
- yaml_key: dnsConfig.bindAddress
- yaml_value: "{{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}"
- notify: restart master api
- - meta: flush_handlers
-
-- name: Configure nodes for dnsmasq
- hosts: oo_nodes_to_config
- handlers:
- - include: ../../../roles/openshift_node/handlers/main.yml
- static: yes
- pre_tasks:
- - openshift_facts:
- role: "{{ item.role }}"
- local_facts: "{{ item.local_facts }}"
- with_items:
- - role: node
- local_facts:
- dns_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
- roles:
- - openshift_node_dnsmasq
- post_tasks:
- - modify_yaml:
- dest: "{{ openshift.common.config_base }}/node/node-config.yaml"
- yaml_key: dnsIP
- yaml_value: "{{ openshift.node.dns_ip }}"
- notify: restart node
diff --git a/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml
index 808cc562c..83be290e6 100644
--- a/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml
@@ -41,6 +41,8 @@
- name: Upgrade Docker
package: name=docker{{ '-' + docker_version }} state=present
+ register: result
+ until: result | success
- include: restart.yml
when: not skip_docker_restart | default(False) | bool
diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
index 3aa9e0460..c458184c9 100644
--- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
@@ -14,8 +14,9 @@
pre_tasks:
- name: Load lib_openshift modules
- include_role:
+ import_role:
name: lib_openshift
+
- name: Collect all routers
oc_obj:
state: list
diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml
index 13fa37b09..446f315d6 100644
--- a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml
+++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml
@@ -12,7 +12,7 @@
- name: Verify containers are available for upgrade
command: >
- docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }}
+ docker pull {{ openshift_cli_image }}:{{ openshift_image_tag }}
register: pull_result
changed_when: "'Downloaded newer image' in pull_result.stdout"
when: openshift.common.is_containerized | bool
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index d08c6e940..d7a52707c 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -291,7 +291,7 @@
pre_tasks:
- name: Load lib_openshift modules
- include_role:
+ import_role:
name: lib_openshift
# TODO: To better handle re-trying failed upgrades, it would be nice to check if the node
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
index 5dc8193a7..75ffd3fe9 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -8,7 +8,7 @@
pre_tasks:
- name: Load lib_openshift modules
- include_role:
+ import_role:
name: lib_openshift
# TODO: To better handle re-trying failed upgrades, it would be nice to check if the node
diff --git a/playbooks/init/facts.yml b/playbooks/init/facts.yml
index 820561b2b..1166ac538 100644
--- a/playbooks/init/facts.yml
+++ b/playbooks/init/facts.yml
@@ -84,6 +84,8 @@
- "{{ 'python3-dbus' if ansible_distribution == 'Fedora' else 'dbus-python' }}"
- "{{ 'python3-PyYAML' if ansible_distribution == 'Fedora' else 'PyYAML' }}"
- yum-utils
+ register: result
+ until: result | success
- name: Ensure various deps for running system containers are installed
package:
@@ -100,6 +102,8 @@
or (openshift_use_openvswitch_system_container | default(False)) | bool
or (openshift_use_node_system_container | default(False)) | bool
or (openshift_use_master_system_container | default(False)) | bool
+ register: result
+ until: result | success
- name: Gather Cluster facts and set is_containerized if needed
openshift_facts:
@@ -107,7 +111,6 @@
local_facts:
deployment_type: "{{ openshift_deployment_type }}"
deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}"
- cli_image: "{{ osm_image | default(None) }}"
hostname: "{{ openshift_hostname | default(None) }}"
ip: "{{ openshift_ip | default(None) }}"
is_containerized: "{{ l_is_containerized | default(None) }}"
diff --git a/playbooks/openshift-etcd/private/ca.yml b/playbooks/openshift-etcd/private/ca.yml
index ac5543be9..c9f186e72 100644
--- a/playbooks/openshift-etcd/private/ca.yml
+++ b/playbooks/openshift-etcd/private/ca.yml
@@ -2,6 +2,7 @@
- name: Generate new etcd CA
hosts: oo_first_etcd
roles:
+ - role: openshift_clock
- role: openshift_etcd_facts
tasks:
- include_role:
diff --git a/playbooks/openshift-etcd/private/config.yml b/playbooks/openshift-etcd/private/config.yml
index f49a3ecaa..3d6c79834 100644
--- a/playbooks/openshift-etcd/private/config.yml
+++ b/playbooks/openshift-etcd/private/config.yml
@@ -20,6 +20,7 @@
any_errors_fatal: true
roles:
- role: os_firewall
+ - role: openshift_clock
- role: openshift_etcd
etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
diff --git a/playbooks/openshift-node/private/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml
index 17259422d..06f3df9fa 100644
--- a/playbooks/openshift-node/private/configure_nodes.yml
+++ b/playbooks/openshift-node/private/configure_nodes.yml
@@ -12,6 +12,7 @@
}}"
roles:
- role: os_firewall
+ - role: openshift_clock
- role: openshift_node
- role: tuned
- role: nickhammond.logrotate
diff --git a/playbooks/openshift-node/private/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml
index 6fac937e3..3c3ac3646 100644
--- a/playbooks/openshift-node/private/containerized_nodes.yml
+++ b/playbooks/openshift-node/private/containerized_nodes.yml
@@ -14,6 +14,7 @@
roles:
- role: os_firewall
+ - role: openshift_clock
- role: openshift_node
openshift_ca_host: "{{ groups.oo_first_master.0 }}"
- role: nickhammond.logrotate
diff --git a/playbooks/openshift-node/private/manage_node.yml b/playbooks/openshift-node/private/manage_node.yml
index f48a19a9c..121c54a3d 100644
--- a/playbooks/openshift-node/private/manage_node.yml
+++ b/playbooks/openshift-node/private/manage_node.yml
@@ -6,6 +6,7 @@
roles:
- role: openshift_manage_node
openshift_master_host: "{{ groups.oo_first_master.0 }}"
+ openshift_manage_node_is_master: "{{ ('oo_masters_to_config' in group_names) | bool }}"
tasks:
- name: Create group for deployment type
group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }}
diff --git a/playbooks/openshift-node/private/network_manager.yml b/playbooks/openshift-node/private/network_manager.yml
index fffed4dfb..7211787be 100644
--- a/playbooks/openshift-node/private/network_manager.yml
+++ b/playbooks/openshift-node/private/network_manager.yml
@@ -9,6 +9,8 @@
package:
name: 'NetworkManager'
state: present
+ register: result
+ until: result | success
- name: configure NetworkManager
lineinfile:
diff --git a/playbooks/openshift-service-catalog/config.yml b/playbooks/openshift-service-catalog/config.yml
index 8ee57ce8d..c7814207c 100644
--- a/playbooks/openshift-service-catalog/config.yml
+++ b/playbooks/openshift-service-catalog/config.yml
@@ -1,4 +1,4 @@
---
-- include: ../init/main.yml
+- import_playbook: ../init/main.yml
-- include: private/config.yml
+- import_playbook: private/config.yml
diff --git a/playbooks/openstack/README.md b/playbooks/openstack/README.md
index f3fe13530..c762169eb 100644
--- a/playbooks/openstack/README.md
+++ b/playbooks/openstack/README.md
@@ -6,7 +6,7 @@ etc.). The result is an environment ready for OpenShift installation
via [openshift-ansible].
We provide everything necessary to be able to install OpenShift on
-OpenStack (including the DNS and load balancer servers when
+OpenStack (including the load balancer servers when
necessary). In addition, we work on providing integration with the
OpenStack-native services (storage, lbaas, baremetal as a service,
dns, etc.).
@@ -38,18 +38,6 @@ Optional:
* External Neutron network with a floating IP address pool
-## DNS Requirements
-
-OpenShift requires DNS to operate properly. OpenStack supports DNS-as-a-service
-in the form of the Designate project, but the playbooks here don't support it
-yet. Until we do, you will need to provide a DNS solution yourself (or in case
-you are not running Designate when we do).
-
-If your server supports nsupdate, we will use it to add the necessary records.
-
-TODO(shadower): describe how to build a sample DNS server and how to configure
-our playbooks for nsupdate.
-
## Installation
@@ -57,14 +45,13 @@ There are four main parts to the installation:
1. [Preparing Ansible and dependencies](#1-preparing-ansible-and-dependencies)
2. [Configuring the desired OpenStack environment and OpenShift cluster](#2-configuring-the-openstack-environment-and-openshift-cluster)
-3. [Creating the OpenStack resources (VMs, networking, etc.)](#3-creating-the-openstack-resources-vms-networking-etc)
-4. [Installing OpenShift](#4-installing-openshift)
+3. [Creating the OpenStack Resources and Installing OpenShift](#3-creating-the-openstack-resources-and-installing-openshift)
This guide is going to install [OpenShift Origin][origin]
with [CentOS 7][centos7] images with minimal customisation.
-We will create the VMs for running OpenShift, in a new Neutron
-network, assign Floating IP addresses and configure DNS.
+We will create the VMs for running OpenShift, in a new Neutron network and
+assign Floating IP addresses.
The OpenShift cluster will have a single Master node that will run
`etcd`, a single Infra node and two App nodes.
@@ -156,14 +143,6 @@ $ vi inventory/group_vars/all.yml
4. Set the `openshift_openstack_default_flavor` to the flavor you want your
OpenShift VMs to use.
- See `openstack flavor list` for the list of available flavors.
-5. Set the `openshift_openstack_dns_nameservers` to the list of the IP addresses
- of the DNS servers used for the **private** address resolution.
-
-**NOTE ON DNS**: at minimum, the OpenShift nodes need to be able to access each
-other by their hostname. OpenStack doesn't provide this by default, so you
-need to provide a DNS server. Put the address of that DNS server in
-`openshift_openstack_dns_nameservers` variable.
-
@@ -191,7 +170,7 @@ the [Sample OpenShift Inventory][sample-openshift-inventory] and
the [advanced configuration][advanced-configuration].
-### 3. Creating the OpenStack resources (VMs, networking, etc.)
+### 3. Creating the OpenStack Resources and Installing OpenShift
We provide an `ansible.cfg` file which has some useful defaults -- you should
copy it to the directory you're going to run `ansible-playbook` from.
@@ -200,11 +179,11 @@ copy it to the directory you're going to run `ansible-playbook` from.
$ cp openshift-ansible/ansible.cfg ansible.cfg
```
-Then run the provisioning playbook -- this will create the OpenStack
+Then run the provision + install playbook -- this will create the OpenStack
resources:
```bash
-$ ansible-playbook --user openshift -i inventory openshift-ansible/playbooks/openstack/openshift-cluster/provision.yaml
+$ ansible-playbook --user openshift -i inventory openshift-ansible/playbooks/openstack/openshift-cluster/provision_install.yaml
```
If you're using multiple inventories, make sure you pass the path to
@@ -214,15 +193,6 @@ If your SSH private key is not in `~/.ssh/id_rsa` use the `--private-key`
option to specify the correct path.
-### 4. Installing OpenShift
-
-Run the `byo/config.yml` playbook on top of the OpenStack nodes we have
-prepared.
-
-```bash
-$ ansible-playbook -i inventory openshift-ansible/playbooks/byo/config.yml
-```
-
### Next Steps
diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md
index 90cc20b98..c0bdf5020 100644
--- a/playbooks/openstack/advanced-configuration.md
+++ b/playbooks/openstack/advanced-configuration.md
@@ -47,44 +47,42 @@ Otherwise, even if there are differences between the two versions, installation
## Accessing the OpenShift Cluster
-### Use the Cluster DNS
+### Configure DNS
-In addition to the OpenShift nodes, we created a DNS server with all
-the necessary entries. We will configure your *Ansible host* to use
-this new DNS and talk to the deployed OpenShift.
+OpenShift requires two DNS records to function fully. The first one points to
+the master/load balancer and provides the UI/API access. The other one is a
+wildcard domain that resolves app route requests to the infra node.
-First, get the DNS IP address:
+If you followed the default installation from the README section, there is no
+DNS configured. You should add two entries to the `/etc/hosts` file on the
+Ansible host (where you to do a quick validation. A real deployment will
+however require a DNS server with the following entries set.
-```bash
-$ openstack server show dns-0.openshift.example.com --format value --column addresses
-openshift-ansible-openshift.example.com-net=192.168.99.11, 10.40.128.129
-```
-
-Note the floating IP address (it's `10.40.128.129` in this case) -- if
-you're not sure, try pinging them both -- it's the one that responds
-to pings.
+First, run the `openstack server list` command and note the floating IP
+addresses of the *master* and *infra* nodes (we will use `10.40.128.130` for
+master and `10.40.128.134` for infra here).
-Next, edit your `/etc/resolv.conf` as root and put `nameserver DNS_IP` as your
-**first entry**.
-
-If your `/etc/resolv.conf` currently looks like this:
+Then add the following entries to your `/etc/hosts`:
```
-; generated by /usr/sbin/dhclient-script
-search openstacklocal
-nameserver 192.168.0.3
-nameserver 192.168.0.2
+10.40.128.130 console.openshift.example.com
+10.40.128.134 cakephp-mysql-example-test.apps.openshift.example.com
```
-Change it to this:
+This points the cluster domain (as defined in the
+`openshift_master_cluster_public_hostname` Ansible variable in `OSEv3`) to the
+master node and any routes for deployed apps to the infra node.
+
+If you deploy another app, it will end up with a different URL (e.g.
+myapp-test.apps.openshift.example.com) and you will need to add that too. This
+is why a real deployment should always run a DNS where the second entry will be
+a wildcard `*.apps.openshift.example.com).
+
+This will be sufficient to validate the cluster here.
+
+Take a look at the [External DNS](#dns-configuration-variables) section for
+configuring a DNS service.
-```
-; generated by /usr/sbin/dhclient-script
-search openstacklocal
-nameserver 10.40.128.129
-nameserver 192.168.0.3
-nameserver 192.168.0.2
-```
### Get the `oc` Client
diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml
index 1e55adb9e..90608bbc0 100644
--- a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml
+++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml
@@ -5,8 +5,7 @@ openshift_deployment_type: origin
openshift_master_default_subdomain: "apps.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}"
openshift_master_cluster_method: native
-openshift_master_cluster_hostname: "console.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}"
-openshift_master_cluster_public_hostname: "{{ openshift_master_cluster_hostname }}"
+openshift_master_cluster_public_hostname: "console.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}"
osm_default_node_selector: 'region=primary'
diff --git a/playbooks/openstack/sample-inventory/group_vars/all.yml b/playbooks/openstack/sample-inventory/group_vars/all.yml
index 921edb867..ae1528123 100644
--- a/playbooks/openstack/sample-inventory/group_vars/all.yml
+++ b/playbooks/openstack/sample-inventory/group_vars/all.yml
@@ -10,7 +10,6 @@ openshift_openstack_dns_nameservers: []
#openshift_openstack_node_hostname: "app-node"
#openshift_openstack_lb_hostname: "lb"
#openshift_openstack_etcd_hostname: "etcd"
-#openshift_openstack_dns_hostname: "dns"
openshift_openstack_keypair_name: "openshift"
openshift_openstack_external_network_name: "public"
@@ -34,7 +33,6 @@ openshift_openstack_external_network_name: "public"
#openshift_openstack_node_image_name: "centos7"
#openshift_openstack_lb_image_name: "centos7"
#openshift_openstack_etcd_image_name: "centos7"
-#openshift_openstack_dns_image_name: "centos7"
openshift_openstack_default_image_name: "centos7"
openshift_openstack_num_masters: 1
@@ -49,7 +47,6 @@ openshift_openstack_num_nodes: 2
#openshift_openstack_node_flavor: "m1.medium"
#openshift_openstack_lb_flavor: "m1.medium"
#openshift_openstack_etcd_flavor: "m1.medium"
-#openshift_openstack_dns_flavor: "m1.medium"
openshift_openstack_default_flavor: "m1.medium"
# # Numerical index of nodes to remove
@@ -62,7 +59,6 @@ openshift_openstack_default_flavor: "m1.medium"
#openshift_openstack_docker_infra_volume_size: "15"
#openshift_openstack_docker_node_volume_size: "15"
#openshift_openstack_docker_etcd_volume_size: "2"
-#openshift_openstack_docker_dns_volume_size: "1"
#openshift_openstack_docker_lb_volume_size: "5"
openshift_openstack_docker_volume_size: "15"
@@ -110,7 +106,6 @@ openshift_openstack_subnet_prefix: "192.168.99"
# # Roll-your-own DNS
-#openshift_openstack_num_dns: 0
#openshift_openstack_external_nsupdate_keys:
# public:
# key_secret: 'SKqKNdpfk7llKxZ57bbxUnUDobaaJp9t8CjXLJPl+fRI5mPcSBuxTAyvJPa6Y9R7vUg9DwCy/6WTpgLNqnV4Hg=='
@@ -121,10 +116,6 @@ openshift_openstack_subnet_prefix: "192.168.99"
# key_algorithm: 'hmac-md5'
# server: '192.168.1.2'
-# # Customize DNS server security options
-#named_public_recursion: 'no'
-#named_private_recursion: 'yes'
-
# NOTE(shadower): Do not change this value. The Ansible user is currently
# hardcoded to `openshift`.
diff --git a/playbooks/openstack/sample-inventory/inventory.py b/playbooks/openstack/sample-inventory/inventory.py
index 47c56d94d..ad3fd936b 100755
--- a/playbooks/openstack/sample-inventory/inventory.py
+++ b/playbooks/openstack/sample-inventory/inventory.py
@@ -79,10 +79,19 @@ def build_inventory():
public_v4 = server.public_v4 or server.private_v4
if public_v4:
- hostvars['public_v4'] = public_v4
+ hostvars['public_v4'] = server.public_v4
+ hostvars['openshift_public_ip'] = server.public_v4
# TODO(shadower): what about multiple networks?
if server.private_v4:
hostvars['private_v4'] = server.private_v4
+ # NOTE(shadower): Yes, we set both hostname and IP to the private
+ # IP address for each node. OpenStack doesn't resolve nodes by
+ # name at all, so using a hostname here would require an internal
+ # DNS which would complicate the setup and potentially introduce
+ # performance issues.
+ hostvars['openshift_ip'] = server.private_v4
+ hostvars['openshift_hostname'] = server.private_v4
+ hostvars['openshift_public_hostname'] = server.name
node_labels = server.metadata.get('node_labels')
if node_labels:
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml
index 26ad7e217..4ca47d074 100644
--- a/roles/ansible_service_broker/tasks/install.yml
+++ b/roles/ansible_service_broker/tasks/install.yml
@@ -30,9 +30,9 @@
ansible_service_broker_image: "{{ ansible_service_broker_image_prefix }}ansible-service-broker:{{ ansible_service_broker_image_tag }}"
ansible_service_broker_etcd_image: "{{ ansible_service_broker_etcd_image_prefix }}etcd:{{ ansible_service_broker_etcd_image_tag }}"
-- include: validate_facts.yml
+- include_tasks: validate_facts.yml
-- include: generate_certs.yml
+- include_tasks: generate_certs.yml
# Deployment of ansible-service-broker starts here
- name: create openshift-ansible-service-broker project
@@ -337,7 +337,7 @@
- "{{ ansible_service_broker_etcd_image_etcd_path }}"
- "--data-dir=/data"
- "--listen-client-urls=https://0.0.0.0:2379"
- - "--advertise-client-urls=https://0.0.0.0:2379"
+ - "--advertise-client-urls=https://asb-etcd.openshift-ansible-service-broker.svc:2379"
- "--client-cert-auth"
- "--trusted-ca-file=/var/run/etcd-auth-secret/ca.crt"
- "--cert-file=/etc/tls/private/tls.crt"
diff --git a/roles/ansible_service_broker/tasks/main.yml b/roles/ansible_service_broker/tasks/main.yml
index f5e06d163..4a3c15d01 100644
--- a/roles/ansible_service_broker/tasks/main.yml
+++ b/roles/ansible_service_broker/tasks/main.yml
@@ -1,8 +1,8 @@
---
# do any asserts here
-- include: install.yml
+- include_tasks: install.yml
when: ansible_service_broker_install | bool
-- include: remove.yml
+- include_tasks: remove.yml
when: ansible_service_broker_remove | bool
diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml
index 34754502a..f63b3e49b 100644
--- a/roles/cockpit/tasks/main.yml
+++ b/roles/cockpit/tasks/main.yml
@@ -11,6 +11,8 @@
- cockpit-docker
- "{{ cockpit_plugins }}"
when: not openshift.common.is_containerized | bool
+ register: result
+ until: result | success
- name: Enable cockpit-ws
systemd:
diff --git a/roles/contiv/tasks/download_bins.yml b/roles/contiv/tasks/download_bins.yml
index 319fce46c..741c1d1da 100644
--- a/roles/contiv/tasks/download_bins.yml
+++ b/roles/contiv/tasks/download_bins.yml
@@ -8,6 +8,8 @@
yum:
name: bzip2
state: installed
+ register: result
+ until: result | success
- name: Download Bins | Download Contiv tar file
get_url:
diff --git a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml
index 91e6aadf3..62b4716a3 100644
--- a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml
+++ b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml
@@ -3,6 +3,8 @@
yum:
pkg=net-tools
state=latest
+ register: result
+ until: result | success
- name: PkgMgr RHEL/CentOS | Get openstack ocata rpm
get_url:
@@ -20,6 +22,8 @@
yum: name=/tmp/rdo-release-ocata-2.noarch.rpm state=present
tags:
- ovs_install
+ register: result
+ until: result | success
- name: PkgMgr RHEL/CentOS | Install ovs
yum:
@@ -31,3 +35,5 @@
no_proxy: "{{ no_proxy|default('') }}"
tags:
- ovs_install
+ register: result
+ until: result | success
diff --git a/roles/contiv_facts/tasks/fedora-install.yml b/roles/contiv_facts/tasks/fedora-install.yml
index db56a18c0..a57f6eb19 100644
--- a/roles/contiv_facts/tasks/fedora-install.yml
+++ b/roles/contiv_facts/tasks/fedora-install.yml
@@ -3,6 +3,8 @@
yum:
name: dnf
state: installed
+ register: result
+ until: result | success
- name: Update repo cache
command: dnf update -y
diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml
index 5437275a2..044b04478 100644
--- a/roles/docker/tasks/package_docker.yml
+++ b/roles/docker/tasks/package_docker.yml
@@ -37,6 +37,8 @@
- name: Install Docker
package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present
when: not openshift.common.is_atomic | bool and not curr_docker_version | skipped and not curr_docker_version.stdout != ''
+ register: result
+ until: result | success
- block:
# Extend the default Docker service unit file when using iptables-services
diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml
index 17800d4e5..3439aa353 100644
--- a/roles/docker/tasks/systemcontainer_crio.yml
+++ b/roles/docker/tasks/systemcontainer_crio.yml
@@ -29,6 +29,8 @@
name: container-selinux
state: present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
- name: Check we are not using node as a Docker container with CRI-O
fail: msg='Cannot use CRI-O with node configured as a Docker container'
@@ -42,6 +44,8 @@
name: atomic
state: present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
# At the time of writing the atomic command requires runc for it's own use. This
# task is here in the even that the atomic package ever removes the dependency.
@@ -50,6 +54,8 @@
name: runc
state: present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
- name: Check that overlay is in the kernel
diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml
index f69acb9a5..881d83f50 100644
--- a/roles/docker/tasks/systemcontainer_docker.yml
+++ b/roles/docker/tasks/systemcontainer_docker.yml
@@ -34,6 +34,8 @@
name: container-selinux
state: present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
# Used to pull and install the system container
- name: Ensure atomic is installed
@@ -41,6 +43,8 @@
name: atomic
state: present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
# At the time of writing the atomic command requires runc for it's own use. This
# task is here in the even that the atomic package ever removes the dependency.
@@ -49,11 +53,15 @@
name: runc
state: present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
# Make sure Docker is installed so we are able to use the client
- name: Install Docker so we can use the client
package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
# Make sure docker is disabled. Errors are ignored.
- name: Disable Docker
diff --git a/roles/etcd/tasks/auxiliary/drop_etcdctl.yml b/roles/etcd/tasks/auxiliary/drop_etcdctl.yml
index 11bd2310e..603f2531f 100644
--- a/roles/etcd/tasks/auxiliary/drop_etcdctl.yml
+++ b/roles/etcd/tasks/auxiliary/drop_etcdctl.yml
@@ -2,6 +2,8 @@
- name: Install etcd for etcdctl
package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
- name: Configure etcd profile.d aliases
template:
diff --git a/roles/etcd/tasks/backup/backup.yml b/roles/etcd/tasks/backup/backup.yml
index afb84eb58..9da023dbd 100644
--- a/roles/etcd/tasks/backup/backup.yml
+++ b/roles/etcd/tasks/backup/backup.yml
@@ -43,6 +43,8 @@
when:
- r_etcd_common_embedded_etcd | bool
- not l_ostree_booted.stat.exists | bool
+ register: result
+ until: result | success
- name: Check selinux label of '{{ etcd_data_dir }}'
command: >
diff --git a/roles/etcd/tasks/certificates/deploy_ca.yml b/roles/etcd/tasks/certificates/deploy_ca.yml
index 3d32290a2..bd4dafafd 100644
--- a/roles/etcd/tasks/certificates/deploy_ca.yml
+++ b/roles/etcd/tasks/certificates/deploy_ca.yml
@@ -6,6 +6,8 @@
when: not etcd_is_atomic | bool
delegate_to: "{{ etcd_ca_host }}"
run_once: true
+ register: result
+ until: result | success
- file:
path: "{{ item }}"
diff --git a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
index 00b8f4a0b..f4726940a 100644
--- a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
+++ b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
@@ -4,6 +4,8 @@
name: "etcd{{ '-' + etcd_version if etcd_version is defined else '' }}"
state: present
when: not etcd_is_containerized | bool
+ register: result
+ until: result | success
- name: Check status of etcd certificates
stat:
diff --git a/roles/etcd/tasks/fetch_backup.yml b/roles/etcd/tasks/fetch_backup.yml
deleted file mode 100644
index a28db3d66..000000000
--- a/roles/etcd/tasks/fetch_backup.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-- include_tasks: backup/vars.yml
-
-- include_tasks: backup/archive.yml
-
-- include_tasks: backup/sync_backup.yml
-
-- include_tasks: backup/
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 5ee9335f5..b2100801f 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -12,6 +12,8 @@
- name: Install etcd
package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present
when: not etcd_is_containerized | bool
+ register: result
+ until: result | success
- include_tasks: drop_etcdctl.yml
when:
diff --git a/roles/etcd/tasks/migration/add_ttls.yml b/roles/etcd/tasks/migration/add_ttls.yml
index 14625e49e..4bdc6bcc3 100644
--- a/roles/etcd/tasks/migration/add_ttls.yml
+++ b/roles/etcd/tasks/migration/add_ttls.yml
@@ -6,7 +6,7 @@
- set_fact:
accessTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.accessTokenMaxAgeSeconds | default(86400) }}"
- authroizeTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.authroizeTokenMaxAgeSeconds | default(500) }}"
+ authorizeTokenMaxAgeSeconds: "{{ (g_master_config_output.content|b64decode|from_yaml).oauthConfig.tokenConfig.authorizeTokenMaxAgeSeconds | default(500) }}"
controllerLeaseTTL: "{{ (g_master_config_output.content|b64decode|from_yaml).controllerLeaseTTL | default(30) }}"
- name: Re-introduce leases (as a replacement for key TTLs)
@@ -29,6 +29,6 @@
- keys: "/openshift.io/oauth/accesstokens"
ttl: "{{ accessTokenMaxAgeSeconds }}s"
- keys: "/openshift.io/oauth/authorizetokens"
- ttl: "{{ authroizeTokenMaxAgeSeconds }}s"
+ ttl: "{{ authorizeTokenMaxAgeSeconds }}s"
- keys: "/openshift.io/leases/controllers"
ttl: "{{ controllerLeaseTTL }}s"
diff --git a/roles/etcd/tasks/upgrade/upgrade_image.yml b/roles/etcd/tasks/upgrade/upgrade_image.yml
index 24071f9ad..6e712ba74 100644
--- a/roles/etcd/tasks/upgrade/upgrade_image.yml
+++ b/roles/etcd/tasks/upgrade/upgrade_image.yml
@@ -44,6 +44,8 @@
name: etcd
state: latest
when: not l_ostree_booted.stat.exists | bool
+ register: result
+ until: result | success
- name: Verify cluster is healthy
command: "{{ etcdctlv2 }} cluster-health"
diff --git a/roles/etcd/tasks/upgrade/upgrade_rpm.yml b/roles/etcd/tasks/upgrade/upgrade_rpm.yml
index 505e28afb..e98def46e 100644
--- a/roles/etcd/tasks/upgrade/upgrade_rpm.yml
+++ b/roles/etcd/tasks/upgrade/upgrade_rpm.yml
@@ -18,6 +18,8 @@
package:
name: "{{ l_etcd_target_package }}"
state: latest
+ register: result
+ until: result | success
- lineinfile:
destfile: "{{ etcd_conf_file }}"
diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml
index 3a8945a82..befe1b2e6 100644
--- a/roles/flannel/tasks/main.yml
+++ b/roles/flannel/tasks/main.yml
@@ -3,6 +3,8 @@
become: yes
package: name=flannel state=present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
- name: Set flannel etcd options
become: yes
diff --git a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py
index 57444a2a5..3cb1fa8d0 100644
--- a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py
+++ b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py
@@ -74,7 +74,7 @@ class CallbackModule(CallbackBase):
},
'installer_phase_glusterfs': {
'title': 'GlusterFS Install',
- 'playbook': 'playbooks/byo/openshift-glusterfs/config.yml'
+ 'playbook': 'playbooks/openshift-glusterfs/config.yml'
},
'installer_phase_hosted': {
'title': 'Hosted Install',
diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py
index 5550390e4..44de29592 100644
--- a/roles/lib_openshift/library/oc_adm_router.py
+++ b/roles/lib_openshift/library/oc_adm_router.py
@@ -3159,14 +3159,14 @@ def main():
external_host_insecure=dict(default=False, type='bool'),
external_host_partition_path=dict(default=None, type='str'),
external_host_username=dict(default=None, type='str'),
- external_host_password=dict(default=None, type='str'),
- external_host_private_key=dict(default=None, type='str'),
+ external_host_password=dict(default=None, type='str', no_log=True),
+ external_host_private_key=dict(default=None, type='str', no_log=True),
# Metrics
expose_metrics=dict(default=False, type='bool'),
metrics_image=dict(default=None, type='str'),
# Stats
stats_user=dict(default=None, type='str'),
- stats_password=dict(default=None, type='str'),
+ stats_password=dict(default=None, type='str', no_log=True),
stats_port=dict(default=1936, type='int'),
# extra
cacert_file=dict(default=None, type='str'),
diff --git a/roles/lib_openshift/src/ansible/oc_adm_router.py b/roles/lib_openshift/src/ansible/oc_adm_router.py
index c6563cc2f..52499b273 100644
--- a/roles/lib_openshift/src/ansible/oc_adm_router.py
+++ b/roles/lib_openshift/src/ansible/oc_adm_router.py
@@ -34,14 +34,14 @@ def main():
external_host_insecure=dict(default=False, type='bool'),
external_host_partition_path=dict(default=None, type='str'),
external_host_username=dict(default=None, type='str'),
- external_host_password=dict(default=None, type='str'),
- external_host_private_key=dict(default=None, type='str'),
+ external_host_password=dict(default=None, type='str', no_log=True),
+ external_host_private_key=dict(default=None, type='str', no_log=True),
# Metrics
expose_metrics=dict(default=False, type='bool'),
metrics_image=dict(default=None, type='str'),
# Stats
stats_user=dict(default=None, type='str'),
- stats_password=dict(default=None, type='str'),
+ stats_password=dict(default=None, type='str', no_log=True),
stats_port=dict(default=1936, type='int'),
# extra
cacert_file=dict(default=None, type='str'),
diff --git a/roles/nickhammond.logrotate/tasks/main.yml b/roles/nickhammond.logrotate/tasks/main.yml
index 657cb10ec..32d3acb86 100644
--- a/roles/nickhammond.logrotate/tasks/main.yml
+++ b/roles/nickhammond.logrotate/tasks/main.yml
@@ -2,6 +2,8 @@
- name: nickhammond.logrotate | Install logrotate
package: name=logrotate state=present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
- name: nickhammond.logrotate | Setup logrotate.d scripts
template:
diff --git a/roles/nickhammond.logrotate/templates/logrotate.d.j2 b/roles/nickhammond.logrotate/templates/logrotate.d.j2
index 6453be6b2..1ad1c595c 100644
--- a/roles/nickhammond.logrotate/templates/logrotate.d.j2
+++ b/roles/nickhammond.logrotate/templates/logrotate.d.j2
@@ -7,7 +7,7 @@
{% endfor -%}
{% endif %}
{%- if item.scripts is defined -%}
- {%- for name, script in item.scripts.iteritems() -%}
+ {%- for name, script in item.scripts.items() -%}
{{ name }}
{{ script }}
endscript
diff --git a/roles/nuage_ca/tasks/main.yaml b/roles/nuage_ca/tasks/main.yaml
index 8d73e6840..46929fa1f 100644
--- a/roles/nuage_ca/tasks/main.yaml
+++ b/roles/nuage_ca/tasks/main.yaml
@@ -2,6 +2,8 @@
- name: Install openssl
package: name=openssl state=present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
- name: Create CA directory
file: path="{{ nuage_ca_dir }}" state=directory
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
index 31f0f8e7a..05e0a1352 100644
--- a/roles/openshift_ca/tasks/main.yml
+++ b/roles/openshift_ca/tasks/main.yml
@@ -13,6 +13,7 @@
state: present
when: not openshift.common.is_containerized | bool
register: install_result
+ until: install_result | success
delegate_to: "{{ openshift_ca_host }}"
run_once: true
diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml
index 06dc5d14b..7b046b2c4 100644
--- a/roles/openshift_cli/tasks/main.yml
+++ b/roles/openshift_cli/tasks/main.yml
@@ -8,17 +8,19 @@
- name: Install clients
package: name={{ openshift.common.service_type }}-clients state=present
when: not openshift.common.is_containerized | bool
+ register: result
+ until: result | success
- block:
- name: Pull CLI Image
command: >
- docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }}
+ docker pull {{ openshift_cli_image }}:{{ openshift_image_tag }}
register: pull_result
changed_when: "'Downloaded newer image' in pull_result.stdout"
- name: Copy client binaries/symlinks out of CLI image for use on the host
openshift_container_binary_sync:
- image: "{{ openshift.common.cli_image }}"
+ image: "{{ openshift_cli_image }}"
tag: "{{ openshift_image_tag }}"
backend: "docker"
when:
@@ -28,13 +30,13 @@
- block:
- name: Pull CLI Image
command: >
- atomic pull --storage ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.common.cli_image }}:{{ openshift_image_tag }}
+ atomic pull --storage ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift_cli_image }}:{{ openshift_image_tag }}
register: pull_result
changed_when: "'Pulling layer' in pull_result.stdout"
- name: Copy client binaries/symlinks out of CLI image for use on the host
openshift_container_binary_sync:
- image: "{{ '' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.common.cli_image }}"
+ image: "{{ '' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift_cli_image }}"
tag: "{{ openshift_image_tag }}"
backend: "atomic"
when:
@@ -47,3 +49,5 @@
- name: Install bash completion for oc tools
package: name=bash-completion state=present
when: not openshift.common.is_containerized | bool
+ register: result
+ until: result | success
diff --git a/roles/openshift_clock/tasks/main.yaml b/roles/openshift_clock/tasks/main.yaml
index f8b02524a..82c73b583 100644
--- a/roles/openshift_clock/tasks/main.yaml
+++ b/roles/openshift_clock/tasks/main.yaml
@@ -9,6 +9,8 @@
when:
- openshift_clock_enabled | bool
- chrony_installed.rc != 0
+ register: result
+ until: result | success
- name: Start and enable ntpd/chronyd
command: timedatectl set-ntp true
diff --git a/roles/openshift_etcd/meta/main.yml b/roles/openshift_etcd/meta/main.yml
index de36b201b..7cc548f69 100644
--- a/roles/openshift_etcd/meta/main.yml
+++ b/roles/openshift_etcd/meta/main.yml
@@ -13,7 +13,6 @@ galaxy_info:
- cloud
dependencies:
- role: openshift_etcd_facts
-- role: openshift_clock
- role: openshift_docker
when: openshift.common.is_containerized | bool
- role: etcd
diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml
index 7a5bebf6f..3ac55894f 100644
--- a/roles/openshift_excluder/tasks/install.yml
+++ b/roles/openshift_excluder/tasks/install.yml
@@ -13,6 +13,8 @@
when:
- r_openshift_excluder_enable_docker_excluder | bool
- ansible_pkg_mgr == "yum"
+ register: result
+ until: result | success
# For DNF we do not need the "*" and if we add it, it causes an error because
@@ -26,6 +28,8 @@
when:
- r_openshift_excluder_enable_docker_excluder | bool
- ansible_pkg_mgr == "dnf"
+ register: result
+ until: result | success
- name: Install openshift excluder - yum
package:
@@ -34,6 +38,8 @@
when:
- r_openshift_excluder_enable_openshift_excluder | bool
- ansible_pkg_mgr == "yum"
+ register: result
+ until: result | success
# For DNF we do not need the "*" and if we add it, it causes an error because
# it's not a valid pkg_spec
@@ -46,6 +52,8 @@
when:
- r_openshift_excluder_enable_openshift_excluder | bool
- ansible_pkg_mgr == "dnf"
+ register: result
+ until: result | success
- set_fact:
r_openshift_excluder_install_ran: True
diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml
index 4cb5418c6..b7acb0c5a 100644
--- a/roles/openshift_expand_partition/tasks/main.yml
+++ b/roles/openshift_expand_partition/tasks/main.yml
@@ -2,6 +2,8 @@
- name: Ensure growpart is installed
package: name=cloud-utils-growpart state=present
when: not openshift.common.is_containerized | bool
+ register: result
+ until: result | success
- name: Determine if growpart is installed
command: "rpm -q cloud-utils-growpart"
diff --git a/roles/openshift_facts/defaults/main.yml b/roles/openshift_facts/defaults/main.yml
new file mode 100644
index 000000000..7064d727a
--- /dev/null
+++ b/roles/openshift_facts/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+openshift_cli_image_dict:
+ origin: 'openshift/origin'
+ openshift-enterprise: 'openshift3/ose'
+
+openshift_cli_image: "{{ osm_image | default(openshift_cli_image_dict[openshift_deployment_type]) }}"
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index f94e0e097..bbcdbadd8 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -446,24 +446,6 @@ def normalize_provider_facts(provider, metadata):
return facts
-def set_node_schedulability(facts):
- """ Set schedulable facts if not already present in facts dict
- Args:
- facts (dict): existing facts
- Returns:
- dict: the facts dict updated with the generated schedulable
- facts if they were not already present
-
- """
- if 'node' in facts:
- if 'schedulable' not in facts['node']:
- if 'master' in facts:
- facts['node']['schedulable'] = False
- else:
- facts['node']['schedulable'] = True
- return facts
-
-
# pylint: disable=too-many-branches
def set_selectors(facts):
""" Set selectors facts if not already present in facts dict
@@ -516,49 +498,6 @@ def set_selectors(facts):
return facts
-def set_dnsmasq_facts_if_unset(facts):
- """ Set dnsmasq facts if not already present in facts
- Args:
- facts (dict) existing facts
- Returns:
- facts (dict) updated facts with values set if not previously set
- """
-
- if 'common' in facts:
- if 'master' in facts and 'dns_port' not in facts['master']:
- facts['master']['dns_port'] = 8053
-
- return facts
-
-
-def set_project_cfg_facts_if_unset(facts):
- """ Set Project Configuration facts if not already present in facts dict
- dict:
- Args:
- facts (dict): existing facts
- Returns:
- dict: the facts dict updated with the generated Project Configuration
- facts if they were not already present
-
- """
-
- config = {
- 'default_node_selector': '',
- 'project_request_message': '',
- 'project_request_template': '',
- 'mcs_allocator_range': 's0:/2',
- 'mcs_labels_per_project': 5,
- 'uid_allocator_range': '1000000000-1999999999/10000'
- }
-
- if 'master' in facts:
- for key, value in config.items():
- if key not in facts['master']:
- facts['master'][key] = value
-
- return facts
-
-
def set_identity_providers_if_unset(facts):
""" Set identity_providers fact if not already present in facts dict
@@ -1628,7 +1567,6 @@ def set_container_facts_if_unset(facts):
deployment_type = facts['common']['deployment_type']
if deployment_type == 'openshift-enterprise':
master_image = 'openshift3/ose'
- cli_image = master_image
node_image = 'openshift3/node'
ovs_image = 'openshift3/openvswitch'
pod_image = 'openshift3/ose-pod'
@@ -1637,7 +1575,6 @@ def set_container_facts_if_unset(facts):
deployer_image = 'openshift3/ose-deployer'
else:
master_image = 'openshift/origin'
- cli_image = master_image
node_image = 'openshift/node'
ovs_image = 'openshift/openvswitch'
pod_image = 'openshift/origin-pod'
@@ -1656,8 +1593,6 @@ def set_container_facts_if_unset(facts):
if 'is_containerized' not in facts['common']:
facts['common']['is_containerized'] = facts['common']['is_atomic']
- if 'cli_image' not in facts['common']:
- facts['common']['cli_image'] = cli_image
if 'pod_image' not in facts['common']:
facts['common']['pod_image'] = pod_image
if 'router_image' not in facts['common']:
@@ -1837,8 +1772,6 @@ class OpenShiftFacts(object):
facts = migrate_oauth_template_facts(facts)
facts['current_config'] = get_current_config(facts)
facts = set_url_facts_if_unset(facts)
- facts = set_project_cfg_facts_if_unset(facts)
- facts = set_node_schedulability(facts)
facts = set_selectors(facts)
facts = set_identity_providers_if_unset(facts)
facts = set_deployment_facts_if_unset(facts)
@@ -1848,7 +1781,6 @@ class OpenShiftFacts(object):
facts = build_controller_args(facts)
facts = build_api_server_args(facts)
facts = set_version_facts_if_unset(facts)
- facts = set_dnsmasq_facts_if_unset(facts)
facts = set_aggregate_facts(facts)
facts = set_etcd_facts_if_unset(facts)
facts = set_proxy_facts(facts)
@@ -1969,6 +1901,7 @@ class OpenShiftFacts(object):
glusterfs=dict(
endpoints='glusterfs-registry-endpoints',
path='glusterfs-registry-volume',
+ ips=[],
readOnly=False,
swap=False,
swapcopy=True),
@@ -2253,14 +2186,27 @@ class OpenShiftFacts(object):
oo_env_facts = dict()
current_level = oo_env_facts
keys = self.split_openshift_env_fact_keys(fact, openshift_env_structures)[1:]
+
if len(keys) > 0 and keys[0] != self.role:
continue
- for key in keys:
- if key == keys[-1]:
- current_level[key] = value
- elif key not in current_level:
- current_level[key] = dict()
- current_level = current_level[key]
+
+ # Build a dictionary from the split fact keys.
+ # After this loop oo_env_facts is the resultant dictionary.
+ # For example:
+ # fact = "openshift_metrics_install_metrics"
+ # value = 'true'
+ # keys = ['metrics', 'install', 'metrics']
+ # result = {'metrics': {'install': {'metrics': 'true'}}}
+ for i, _ in enumerate(keys):
+ # This is the last key. Set the value.
+ if i == (len(keys) - 1):
+ current_level[keys[i]] = value
+ # This is a key other than the last key. Set as
+ # dictionary and continue.
+ else:
+ current_level[keys[i]] = dict()
+ current_level = current_level[keys[i]]
+
facts_to_set = merge_facts(orig=facts_to_set,
new=oo_env_facts,
additive_facts_to_overwrite=[],
diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md
index d6f6e3e09..a1c2c3956 100644
--- a/roles/openshift_hosted/README.md
+++ b/roles/openshift_hosted/README.md
@@ -34,13 +34,27 @@ variables also control configuration behavior:
| Name | Default value | Description |
|----------------------------------------------|---------------|------------------------------------------------------------------------------|
-| openshift_hosted_registry_glusterfs_swap | False | Whether to swap an existing registry's storage volume for a GlusterFS volume |
-| openshift_hosted_registry_glusterfs_swapcopy | True | If swapping, also copy the current contents of the registry volume |
+| openshift_hosted_registry_storage_glusterfs_endpoints | glusterfs-registry-endpoints | The name for the Endpoints resource that will point the registry to the GlusterFS nodes
+| openshift_hosted_registry_storage_glusterfs_path | glusterfs-registry-volume | The name for the GlusterFS volume that will provide registry storage
+| openshift_hosted_registry_storage_glusterfs_readonly | False | Whether the GlusterFS volume should be read-only
+| openshift_hosted_registry_storage_glusterfs_swap | False | Whether to swap an existing registry's storage volume for a GlusterFS volume
+| openshift_hosted_registry_storage_glusterfs_swapcopy | True | If swapping, copy the contents of the pre-existing registry storage to the new GlusterFS volume
+| openshift_hosted_registry_storage_glusterfs_ips | `[]` | A list of IP addresses of the nodes of the GlusterFS cluster to use for hosted registry storage
+
+**NOTE:** Configuring a value for
+`openshift_hosted_registry_storage_glusterfs_ips` with a `glusterfs_registry`
+host group is not allowed. Specifying a `glusterfs_registry` host group
+indicates that a new GlusterFS cluster should be configured, whereas
+specifying `openshift_hosted_registry_storage_glusterfs_ips` indicates wanting
+to use a pre-configured GlusterFS cluster for the registry storage.
+
+_
Dependencies
------------
* openshift_hosted_facts
+* openshift_persistent_volumes
Example Playbook
----------------
@@ -56,6 +70,10 @@ Example Playbook
cafile: /path/to/my-router-ca.crt
openshift_hosted_router_registryurl: 'registry.access.redhat.com/openshift3/ose-haproxy-router:v3.0.2.0'
openshift_hosted_router_selector: 'type=infra'
+ openshift_hosted_registry_storage_kind=glusterfs
+ openshift_hosted_registry_storage_glusterfs_path=external_glusterfs_volume_name
+ openshift_hosted_registry_storage_glusterfs_ips=['192.168.20.239','192.168.20.96','192.168.20.114']
+
```
License
diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml
index 2af42fba4..e70c0c420 100644
--- a/roles/openshift_hosted/defaults/main.yml
+++ b/roles/openshift_hosted/defaults/main.yml
@@ -70,7 +70,6 @@ r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | defau
openshift_hosted_registry_name: docker-registry
openshift_hosted_registry_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}"
openshift_hosted_registry_cert_expire_days: 730
-
r_openshift_hosted_registry_os_firewall_deny: []
r_openshift_hosted_registry_os_firewall_allow:
- service: Docker Registry Port
diff --git a/roles/openshift_hosted/tasks/registry.yml b/roles/openshift_hosted/tasks/registry.yml
index eaaac9da2..9f2ef4e40 100644
--- a/roles/openshift_hosted/tasks/registry.yml
+++ b/roles/openshift_hosted/tasks/registry.yml
@@ -1,4 +1,10 @@
---
+- name: Create temp directory for doing work in
+ command: mktemp -d /tmp/openshift-hosted-ansible-XXXXXX
+ register: mktempHosted
+ changed_when: False
+ check_mode: no
+
- name: setup firewall
include: firewall.yml
vars:
@@ -36,13 +42,13 @@
l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}"
when: l_node_count | int > 0
-
- name: set openshift_hosted facts
set_fact:
openshift_hosted_registry_replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}"
openshift_hosted_registry_namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
openshift_hosted_registry_selector: "{{ openshift.hosted.registry.selector }}"
openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
+ openshift_hosted_registry_storage_glusterfs_ips: "{%- set gluster_ips = [] %}{% if groups.glusterfs_registry is defined %}{% for node in groups.glusterfs_registry %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% elif groups.glusterfs is defined %}{% for node in groups.glusterfs %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% else %}{{ openshift.hosted.registry.storage.glusterfs.ips }}{% endif %}"
- name: Update registry environment variables when pushing via dns
set_fact:
@@ -113,6 +119,11 @@
when:
- openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack', 'glusterfs']
+- include: storage/glusterfs_endpoints.yml
+ when:
+ - openshift_hosted_registry_storage_glusterfs_ips|length > 0
+ - openshift.hosted.registry.storage.kind | default(none) in ['glusterfs']
+
- name: Create OpenShift registry
oc_adm_registry:
name: "{{ openshift_hosted_registry_name }}"
@@ -141,3 +152,10 @@
- include: storage/glusterfs.yml
when:
- openshift.hosted.registry.storage.kind | default(none) == 'glusterfs' or openshift.hosted.registry.storage.glusterfs.swap
+
+- name: Delete temp directory
+ file:
+ name: "{{ mktempHosted.stdout }}"
+ state: absent
+ changed_when: False
+ check_mode: no
diff --git a/roles/openshift_hosted/tasks/storage/glusterfs.yml b/roles/openshift_hosted/tasks/storage/glusterfs.yml
index 9b998142a..7cae67baa 100644
--- a/roles/openshift_hosted/tasks/storage/glusterfs.yml
+++ b/roles/openshift_hosted/tasks/storage/glusterfs.yml
@@ -12,7 +12,7 @@
namespace: "{{ openshift_hosted_registry_namespace }}"
state: list
kind: pod
- selector: "{% for label, value in registry_dc.results.results[0].spec.selector.iteritems() %}{{ label }}={{ value }}{% if not loop.last %},{% endif %}{% endfor %}"
+ selector: "{% for label, value in registry_dc.results.results[0].spec.selector.items() %}{{ label }}={{ value }}{% if not loop.last %},{% endif %}{% endfor %}"
register: registry_pods
until:
- "registry_pods.results.results[0]['items'] | count > 0"
@@ -35,7 +35,7 @@
mount:
state: mounted
fstype: glusterfs
- src: "{% if 'glusterfs_registry' in groups %}{% set node = groups.glusterfs_registry[0] %}{% else %}{% set node = groups.glusterfs[0] %}{% endif %}{% if 'glusterfs_hostname' in hostvars[node] %}{{ hostvars[node].glusterfs_hostname }}{% elif 'openshift' in hostvars[node] %}{{ hostvars[node].openshift.node.nodename }}{% else %}{{ node }}{% endif %}:/{{ openshift.hosted.registry.storage.glusterfs.path }}"
+ src: "{% if 'glusterfs_registry' in groups %}{% set node = groups.glusterfs_registry[0] %}{% elif 'glusterfs' in groups %}{% set node = groups.glusterfs[0] %}{% endif %}{% if openshift_hosted_registry_storage_glusterfs_ips is defined and openshift_hosted_registry_storage_glusterfs_ips|length > 0 %}{{ openshift_hosted_registry_storage_glusterfs_ips[0] }}{% elif 'glusterfs_hostname' in hostvars[node] %}{{ hostvars[node].glusterfs_hostname }}{% elif 'openshift' in hostvars[node] %}{{ hostvars[node].openshift.node.nodename }}{% else %}{{ node }}{% endif %}:/{{ openshift.hosted.registry.storage.glusterfs.path }}"
name: "{{ mktemp.stdout }}"
- name: Set registry volume permissions
diff --git a/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml b/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml
new file mode 100644
index 000000000..0f4381748
--- /dev/null
+++ b/roles/openshift_hosted/tasks/storage/glusterfs_endpoints.yml
@@ -0,0 +1,16 @@
+---
+- name: Generate GlusterFS registry endpoints
+ template:
+ src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-endpoints.yml.j2"
+ dest: "{{ mktempHosted.stdout }}/glusterfs-registry-endpoints.yml"
+
+- name: Generate GlusterFS registry service
+ template:
+ src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-service.yml.j2"
+ dest: "{{ mktempHosted.stdout }}/glusterfs-registry-service.yml"
+
+- name: Create GlusterFS registry service and endpoint
+ command: "{{ openshift.common.client_binary }} apply -f {{ item }} -n {{ openshift.hosted.registry.namespace | default('default') }}"
+ with_items:
+ - "{{ mktempHosted.stdout }}/glusterfs-registry-service.yml"
+ - "{{ mktempHosted.stdout }}/glusterfs-registry-endpoints.yml"
diff --git a/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2
new file mode 100644
index 000000000..607d25533
--- /dev/null
+++ b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-endpoints.yml.j2
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+ name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }}
+subsets:
+- addresses:
+{% for ip in openshift_hosted_registry_storage_glusterfs_ips %}
+ - ip: {{ ip }}
+{% endfor %}
+ ports:
+ - port: 1
diff --git a/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2 b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2
new file mode 100644
index 000000000..452c7c3e1
--- /dev/null
+++ b/roles/openshift_hosted/templates/v3.6/glusterfs-registry-service.yml.j2
@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }}
+spec:
+ ports:
+ - port: 1
+status:
+ loadBalancer: {}
diff --git a/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2
new file mode 100644
index 000000000..607d25533
--- /dev/null
+++ b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-endpoints.yml.j2
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+ name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }}
+subsets:
+- addresses:
+{% for ip in openshift_hosted_registry_storage_glusterfs_ips %}
+ - ip: {{ ip }}
+{% endfor %}
+ ports:
+ - port: 1
diff --git a/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2 b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2
new file mode 100644
index 000000000..452c7c3e1
--- /dev/null
+++ b/roles/openshift_hosted/templates/v3.7/glusterfs-registry-service.yml.j2
@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ openshift.hosted.registry.storage.glusterfs.endpoints }}
+spec:
+ ports:
+ - port: 1
+status:
+ loadBalancer: {}
diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml
index c87a327a4..79c5793d9 100644
--- a/roles/openshift_loadbalancer/tasks/main.yml
+++ b/roles/openshift_loadbalancer/tasks/main.yml
@@ -5,6 +5,8 @@
- name: Install haproxy
package: name=haproxy state=present
when: not openshift.common.is_containerized | bool
+ register: result
+ until: result | success
- name: Pull haproxy image
command: >
diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml
index 6e3204589..d6ac88dcc 100644
--- a/roles/openshift_logging/tasks/generate_jks.yaml
+++ b/roles/openshift_logging/tasks/generate_jks.yaml
@@ -24,21 +24,25 @@
local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r"
when: elasticsearch_jks.stat.exists
changed_when: False
+ become: no
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/logging-es.jks" state=touch mode="u=rw,g=r,o=r"
when: logging_es_jks.stat.exists
changed_when: False
+ become: no
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/system.admin.jks" state=touch mode="u=rw,g=r,o=r"
when: system_admin_jks.stat.exists
changed_when: False
+ become: no
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/truststore.jks" state=touch mode="u=rw,g=r,o=r"
when: truststore_jks.stat.exists
changed_when: False
+ become: no
- name: pulling down signing items from host
fetch:
@@ -57,10 +61,12 @@
vars:
- top_dir: "{{local_tmp.stdout}}"
when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
+ become: no
- name: Run JKS generation script
local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}}
check_mode: no
+ become: no
when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
- name: Pushing locally generated JKS certs to remote host...
diff --git a/roles/openshift_logging_curator/templates/curator.j2 b/roles/openshift_logging_curator/templates/curator.j2
index 462128366..8acff8141 100644
--- a/roles/openshift_logging_curator/templates/curator.j2
+++ b/roles/openshift_logging_curator/templates/curator.j2
@@ -30,7 +30,7 @@ spec:
serviceAccountName: aggregated-logging-curator
{% if curator_node_selector is iterable and curator_node_selector | length > 0 %}
nodeSelector:
-{% for key, value in curator_node_selector.iteritems() %}
+{% for key, value in curator_node_selector.items() %}
{{key}}: "{{value}}"
{% endfor %}
{% endif %}
diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2
index 0c7d8b46e..0bfa9e85b 100644
--- a/roles/openshift_logging_elasticsearch/templates/es.j2
+++ b/roles/openshift_logging_elasticsearch/templates/es.j2
@@ -34,7 +34,7 @@ spec:
{% endfor %}
{% if es_node_selector is iterable and es_node_selector | length > 0 %}
nodeSelector:
-{% for key, value in es_node_selector.iteritems() %}
+{% for key, value in es_node_selector.items() %}
{{key}}: "{{value}}"
{% endfor %}
{% endif %}
diff --git a/roles/openshift_logging_elasticsearch/templates/pvc.j2 b/roles/openshift_logging_elasticsearch/templates/pvc.j2
index 063f9c5ae..3c6896df4 100644
--- a/roles/openshift_logging_elasticsearch/templates/pvc.j2
+++ b/roles/openshift_logging_elasticsearch/templates/pvc.j2
@@ -6,7 +6,7 @@ metadata:
logging-infra: support
{% if annotations is defined %}
annotations:
-{% for key,value in annotations.iteritems() %}
+{% for key,value in annotations.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
@@ -14,7 +14,7 @@ spec:
{% if pv_selector is defined and pv_selector is mapping %}
selector:
matchLabels:
-{% for key,value in pv_selector.iteritems() %}
+{% for key,value in pv_selector.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2 b/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2
index cf8a9e65f..d2e8b8bcb 100644
--- a/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2
+++ b/roles/openshift_logging_elasticsearch/templates/route_reencrypt.j2
@@ -4,7 +4,7 @@ metadata:
name: "{{obj_name}}"
{% if labels is defined%}
labels:
-{% for key, value in labels.iteritems() %}
+{% for key, value in labels.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2
index 8529b61d5..3bd29163b 100644
--- a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2
+++ b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2
@@ -55,7 +55,7 @@ objects:
serviceAccountName: aggregated-logging-eventrouter
{% if node_selector is iterable and node_selector | length > 0 %}
nodeSelector:
-{% for key, value in node_selector.iteritems() %}
+{% for key, value in node_selector.items() %}
{{ key }}: "{{ value }}"
{% endfor %}
{% endif %}
diff --git a/roles/openshift_logging_kibana/templates/kibana.j2 b/roles/openshift_logging_kibana/templates/kibana.j2
index 4ff86729a..57d216373 100644
--- a/roles/openshift_logging_kibana/templates/kibana.j2
+++ b/roles/openshift_logging_kibana/templates/kibana.j2
@@ -29,7 +29,7 @@ spec:
serviceAccountName: aggregated-logging-kibana
{% if kibana_node_selector is iterable and kibana_node_selector | length > 0 %}
nodeSelector:
-{% for key, value in kibana_node_selector.iteritems() %}
+{% for key, value in kibana_node_selector.items() %}
{{ key }}: "{{ value }}"
{% endfor %}
{% endif %}
diff --git a/roles/openshift_logging_kibana/templates/route_reencrypt.j2 b/roles/openshift_logging_kibana/templates/route_reencrypt.j2
index cf8a9e65f..d2e8b8bcb 100644
--- a/roles/openshift_logging_kibana/templates/route_reencrypt.j2
+++ b/roles/openshift_logging_kibana/templates/route_reencrypt.j2
@@ -4,7 +4,7 @@ metadata:
name: "{{obj_name}}"
{% if labels is defined%}
labels:
-{% for key, value in labels.iteritems() %}
+{% for key, value in labels.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_logging_mux/templates/mux.j2 b/roles/openshift_logging_mux/templates/mux.j2
index 79e449b73..2337c33d5 100644
--- a/roles/openshift_logging_mux/templates/mux.j2
+++ b/roles/openshift_logging_mux/templates/mux.j2
@@ -29,7 +29,7 @@ spec:
serviceAccountName: aggregated-logging-mux
{% if mux_node_selector is iterable and mux_node_selector | length > 0 %}
nodeSelector:
-{% for key, value in mux_node_selector.iteritems() %}
+{% for key, value in mux_node_selector.items() %}
{{key}}: "{{value}}"
{% endfor %}
{% endif %}
diff --git a/roles/openshift_manage_node/defaults/main.yml b/roles/openshift_manage_node/defaults/main.yml
new file mode 100644
index 000000000..f0e728a3f
--- /dev/null
+++ b/roles/openshift_manage_node/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+# openshift_manage_node_is_master is set at the play level.
+openshift_manage_node_is_master: False
+
+# Default is to be schedulable except for master nodes.
+l_openshift_manage_schedulable: "{{ openshift_schedulable | default(not openshift_manage_node_is_master) }}"
diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml
index fbbac1176..247757ca9 100644
--- a/roles/openshift_manage_node/tasks/main.yml
+++ b/roles/openshift_manage_node/tasks/main.yml
@@ -37,7 +37,7 @@
- name: Set node schedulability
oc_adm_manage_node:
node: "{{ openshift.node.nodename | lower }}"
- schedulable: "{{ 'true' if openshift.node.schedulable | bool else 'false' }}"
+ schedulable: "{{ 'true' if l_openshift_manage_schedulable | bool else 'false' }}"
retries: 10
delay: 5
register: node_schedulable
diff --git a/roles/openshift_management/tasks/add_container_provider.yml b/roles/openshift_management/tasks/add_container_provider.yml
index 50a5252cc..24b2ce6ac 100644
--- a/roles/openshift_management/tasks/add_container_provider.yml
+++ b/roles/openshift_management/tasks/add_container_provider.yml
@@ -1,8 +1,4 @@
---
-- name: Ensure lib_openshift modules are available
- include_role:
- role: lib_openshift
-
- name: Ensure OpenShift facts module is available
include_role:
role: openshift_facts
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index e9a51e55b..8e4a46ebb 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -15,6 +15,14 @@ system_images_registry: "{{ system_images_registry_dict[openshift_deployment_typ
l_is_master_system_container: "{{ (openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool) }}"
+openshift_master_dns_port: 8053
+osm_default_node_selector: ''
+osm_project_request_template: ''
+osm_mcs_allocator_range: 's0:/2'
+osm_mcs_labels_per_project: 5
+osm_uid_allocator_range: '1000000000-1999999999/10000'
+osm_project_request_message: ''
+
openshift_node_ips: []
r_openshift_master_clean_install: false
r_openshift_master_etcd3_storage: false
@@ -26,9 +34,9 @@ default_r_openshift_master_os_firewall_allow:
- service: api controllers https
port: "{{ openshift.master.controllers_port }}/tcp"
- service: skydns tcp
- port: "{{ openshift.master.dns_port }}/tcp"
+ port: "{{ openshift_master_dns_port }}/tcp"
- service: skydns udp
- port: "{{ openshift.master.dns_port }}/udp"
+ port: "{{ openshift_master_dns_port }}/udp"
- service: etcd embedded
port: 4001/tcp
cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index d570a1c7f..e52cd6231 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -39,6 +39,8 @@
state: present
when:
- not openshift.common.is_containerized | bool
+ register: result
+ until: result | success
- name: Create r_openshift_master_data_dir
file:
@@ -88,6 +90,8 @@
- item.kind == 'HTPasswdPasswordIdentityProvider'
- not openshift.common.is_atomic | bool
with_items: "{{ openshift.master.identity_providers }}"
+ register: result
+ until: result | success
- name: Ensure htpasswd directory exists
file:
@@ -306,6 +310,7 @@
- openshift.master.cluster_method == 'pacemaker'
- not openshift.common.is_containerized | bool
register: l_install_result
+ until: l_install_result | success
- name: Start and enable cluster service
systemd:
diff --git a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
index f914a9978..caab3045a 100644
--- a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
+++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
@@ -18,3 +18,5 @@
- "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}"
- "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}"
- "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}"
+ register: result
+ until: result | success
diff --git a/roles/openshift_master/templates/htpasswd.j2 b/roles/openshift_master/templates/htpasswd.j2
index ba2c02e20..7e2e05076 100644
--- a/roles/openshift_master/templates/htpasswd.j2
+++ b/roles/openshift_master/templates/htpasswd.j2
@@ -1,5 +1,5 @@
{% if 'htpasswd_users' in openshift.master %}
-{% for user,pass in openshift.master.htpasswd_users.iteritems() %}
+{% for user,pass in openshift.master.htpasswd_users.items() %}
{{ user ~ ':' ~ pass }}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 629fe3286..a0f00e545 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -65,7 +65,7 @@ disabledFeatures: {{ openshift.master.disabled_features | to_json }}
{% endif %}
{% if openshift.master.embedded_dns | bool %}
dnsConfig:
- bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}
+ bindAddress: {{ openshift.master.bind_addr }}:{{ openshift_master_dns_port }}
bindNetwork: tcp4
{% endif %}
etcdClientInfo:
@@ -196,13 +196,13 @@ policyConfig:
openshiftInfrastructureNamespace: openshift-infra
openshiftSharedResourcesNamespace: openshift
projectConfig:
- defaultNodeSelector: "{{ openshift.master.default_node_selector }}"
- projectRequestMessage: "{{ openshift.master.project_request_message }}"
- projectRequestTemplate: "{{ openshift.master.project_request_template }}"
+ defaultNodeSelector: "{{ osm_default_node_selector }}"
+ projectRequestMessage: "{{ osm_project_request_message }}"
+ projectRequestTemplate: "{{ osm_project_request_template }}"
securityAllocator:
- mcsAllocatorRange: "{{ openshift.master.mcs_allocator_range }}"
- mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }}
- uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}"
+ mcsAllocatorRange: "{{ osm_mcs_allocator_range }}"
+ mcsLabelsPerProject: {{ osm_mcs_labels_per_project }}
+ uidAllocatorRange: "{{ osm_uid_allocator_range }}"
routingConfig:
subdomain: "{{ openshift_master_default_subdomain | default("") }}"
serviceAccountConfig:
diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml
index cf0be3bef..20cc5358e 100644
--- a/roles/openshift_master_facts/tasks/main.yml
+++ b/roles/openshift_master_facts/tasks/main.yml
@@ -55,8 +55,6 @@
embedded_etcd: "{{ openshift_master_embedded_etcd | default(None) }}"
embedded_kube: "{{ openshift_master_embedded_kube | default(None) }}"
embedded_dns: "{{ openshift_master_embedded_dns | default(None) }}"
- # defaults to 8053 when using dnsmasq in 1.2/3.2
- dns_port: "{{ openshift_master_dns_port | default(None) }}"
bind_addr: "{{ openshift_master_bind_addr | default(None) }}"
pod_eviction_timeout: "{{ openshift_master_pod_eviction_timeout | default(None) }}"
session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}"
@@ -77,12 +75,6 @@
sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}"
sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}"
custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}"
- default_node_selector: "{{ osm_default_node_selector | default(None) }}"
- project_request_message: "{{ osm_project_request_message | default(None) }}"
- project_request_template: "{{ osm_project_request_template | default(None) }}"
- mcs_allocator_range: "{{ osm_mcs_allocator_range | default(None) }}"
- mcs_labels_per_project: "{{ osm_mcs_labels_per_project | default(None) }}"
- uid_allocator_range: "{{ osm_uid_allocator_range | default(None) }}"
registry_selector: "{{ openshift_registry_selector | default(None) }}"
api_server_args: "{{ osm_api_server_args | default(None) }}"
controller_args: "{{ osm_controller_args | default(None) }}"
diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
index 6a3811598..11476bf75 100644
--- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
+++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
@@ -24,7 +24,7 @@ spec:
- {{openshift_metrics_cassandra_storage_group}}
{% if node_selector is iterable and node_selector | length > 0 %}
nodeSelector:
-{% for key, value in node_selector.iteritems() %}
+{% for key, value in node_selector.items() %}
{{key}}: "{{value}}"
{% endfor %}
{% endif %}
diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
index 0662bea53..e976bc222 100644
--- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
+++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
@@ -19,7 +19,7 @@ spec:
serviceAccount: hawkular
{% if node_selector is iterable and node_selector | length > 0 %}
nodeSelector:
-{% for key, value in node_selector.iteritems() %}
+{% for key, value in node_selector.items() %}
{{key}}: "{{value}}"
{% endfor %}
{% endif %}
diff --git a/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2
index 40d09e9fa..04e2b2937 100644
--- a/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2
+++ b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2
@@ -19,7 +19,7 @@ spec:
serviceAccount: hawkular-openshift-agent
{% if node_selector is iterable and node_selector | length > 0 %}
nodeSelector:
-{% for key, value in node_selector.iteritems() %}
+{% for key, value in node_selector.items() %}
{{key}}: "{{value}}"
{% endfor %}
{% endif %}
diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2
index e732c1eee..0d4dd0e2b 100644
--- a/roles/openshift_metrics/templates/heapster.j2
+++ b/roles/openshift_metrics/templates/heapster.j2
@@ -20,7 +20,7 @@ spec:
serviceAccountName: heapster
{% if node_selector is iterable and node_selector | length > 0 %}
nodeSelector:
-{% for key, value in node_selector.iteritems() %}
+{% for key, value in node_selector.items() %}
{{key}}: "{{value}}"
{% endfor %}
{% endif %}
diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2
index b4e6a1503..9a4b428ec 100644
--- a/roles/openshift_metrics/templates/pvc.j2
+++ b/roles/openshift_metrics/templates/pvc.j2
@@ -7,13 +7,13 @@ metadata:
metrics-infra: support
{% elif labels %}
labels:
-{% for key, value in labels.iteritems() %}
+{% for key, value in labels.items() %}
{{ key }}: {{ value }}
{% endfor %}
{% endif %}
{% if annotations is defined and annotations %}
annotations:
-{% for key,value in annotations.iteritems() %}
+{% for key,value in annotations.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
@@ -21,7 +21,7 @@ spec:
{% if pv_selector is defined and pv_selector is mapping %}
selector:
matchLabels:
-{% for key,value in pv_selector.iteritems() %}
+{% for key,value in pv_selector.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_metrics/templates/rolebinding.j2 b/roles/openshift_metrics/templates/rolebinding.j2
index 5230f0780..a9a24c157 100644
--- a/roles/openshift_metrics/templates/rolebinding.j2
+++ b/roles/openshift_metrics/templates/rolebinding.j2
@@ -4,7 +4,7 @@ metadata:
name: {{obj_name}}
{% if labels is defined %}
labels:
-{% for k, v in labels.iteritems() %}
+{% for k, v in labels.items() %}
{{ k }}: {{ v }}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_metrics/templates/route.j2 b/roles/openshift_metrics/templates/route.j2
index 253d6ecf5..9d628b666 100644
--- a/roles/openshift_metrics/templates/route.j2
+++ b/roles/openshift_metrics/templates/route.j2
@@ -7,7 +7,7 @@ metadata:
{% endif %}
{% if labels is defined and labels %}
labels:
-{% for k, v in labels.iteritems() %}
+{% for k, v in labels.items() %}
{{ k }}: {{ v }}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_metrics/templates/secret.j2 b/roles/openshift_metrics/templates/secret.j2
index 5b9dba122..b788be04e 100644
--- a/roles/openshift_metrics/templates/secret.j2
+++ b/roles/openshift_metrics/templates/secret.j2
@@ -4,15 +4,15 @@ metadata:
name: "{{ name }}"
{% if annotations is defined%}
annotations:
-{% for key, value in annotations.iteritems() %}
+{% for key, value in annotations.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
labels:
-{% for k, v in labels.iteritems() %}
+{% for k, v in labels.items() %}
{{ k }}: {{ v }}
{% endfor %}
data:
-{% for k, v in data.iteritems() %}
+{% for k, v in data.items() %}
{{ k }}: {{ v }}
{% endfor %}
diff --git a/roles/openshift_metrics/templates/service.j2 b/roles/openshift_metrics/templates/service.j2
index ce0bc2eec..4d23982f1 100644
--- a/roles/openshift_metrics/templates/service.j2
+++ b/roles/openshift_metrics/templates/service.j2
@@ -4,13 +4,13 @@ metadata:
name: "{{obj_name}}"
{% if annotations is defined%}
annotations:
-{% for key, value in annotations.iteritems() %}
+{% for key, value in annotations.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
{% if labels is defined%}
labels:
-{% for key, value in labels.iteritems() %}
+{% for key, value in labels.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
@@ -22,7 +22,7 @@ spec:
ports:
{% for port in ports %}
-
-{% for key, value in port.iteritems() %}
+{% for key, value in port.items() %}
{{key}}: {{value}}
{% endfor %}
{% if port.targetPort is undefined %}
@@ -33,6 +33,6 @@ spec:
targetPort: {{service_targetPort}}
{% endif %}
selector:
- {% for key, value in selector.iteritems() %}
+ {% for key, value in selector.items() %}
{{key}}: {{value}}
{% endfor %}
diff --git a/roles/openshift_metrics/templates/serviceaccount.j2 b/roles/openshift_metrics/templates/serviceaccount.j2
index b22acc594..ea19f17d7 100644
--- a/roles/openshift_metrics/templates/serviceaccount.j2
+++ b/roles/openshift_metrics/templates/serviceaccount.j2
@@ -4,7 +4,7 @@ metadata:
name: {{obj_name}}
{% if labels is defined%}
labels:
-{% for key, value in labels.iteritems() %}
+{% for key, value in labels.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_nfs/tasks/setup.yml b/roles/openshift_nfs/tasks/setup.yml
index 3070de495..edb854467 100644
--- a/roles/openshift_nfs/tasks/setup.yml
+++ b/roles/openshift_nfs/tasks/setup.yml
@@ -5,6 +5,8 @@
- name: Install nfs-utils
package: name=nfs-utils state=present
+ register: result
+ until: result | success
- name: Configure NFS
lineinfile:
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml
index 62208c155..5a0c09f5c 100644
--- a/roles/openshift_node/defaults/main.yml
+++ b/roles/openshift_node/defaults/main.yml
@@ -1,6 +1,13 @@
---
openshift_node_debug_level: "{{ debug_level | default(2) }}"
+openshift_node_dnsmasq_install_network_manager_hook: true
+
+# lo must always be present in this list or dnsmasq will conflict with
+# the node's dns service.
+openshift_node_dnsmasq_except_interfaces:
+- lo
+
r_openshift_node_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node/files/networkmanager/99-origin-dns.sh
index f4e48b5b7..f4e48b5b7 100755
--- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh
+++ b/roles/openshift_node/files/networkmanager/99-origin-dns.sh
diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml
index b102c1b18..229c6bbed 100644
--- a/roles/openshift_node/handlers/main.yml
+++ b/roles/openshift_node/handlers/main.yml
@@ -1,4 +1,15 @@
---
+- name: restart NetworkManager
+ systemd:
+ name: NetworkManager
+ state: restarted
+ enabled: True
+
+- name: restart dnsmasq
+ systemd:
+ name: dnsmasq
+ state: restarted
+
- name: restart openvswitch
systemd:
name: openvswitch
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index c32aa1600..927d107c6 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -17,11 +17,8 @@ dependencies:
- role: lib_openshift
- role: lib_os_firewall
when: not (openshift_node_upgrade_in_progress | default(False))
-- role: openshift_clock
- when: not (openshift_node_upgrade_in_progress | default(False))
- role: openshift_docker
- role: openshift_cloud_provider
when: not (openshift_node_upgrade_in_progress | default(False))
-- role: openshift_node_dnsmasq
- role: lib_utils
when: openshift_node_upgrade_in_progress | default(False)
diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml
index ac43ef039..a042bc01b 100644
--- a/roles/openshift_node/tasks/bootstrap.yml
+++ b/roles/openshift_node/tasks/bootstrap.yml
@@ -4,6 +4,8 @@
name: "{{ item }}"
state: present
with_items: "{{ r_openshift_node_image_prep_packages }}"
+ register: result
+ until: result | success
- name: create the directory for node
file:
diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node/tasks/dnsmasq.yml
index a33b78780..f210a3a21 100644
--- a/roles/openshift_node_dnsmasq/tasks/main.yml
+++ b/roles/openshift_node/tasks/dnsmasq.yml
@@ -13,6 +13,8 @@
- name: Install dnsmasq
package: name=dnsmasq state=installed
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
- name: ensure origin/node directory exists
file:
@@ -59,9 +61,9 @@
state: started
# Dynamic NetworkManager based dispatcher
-- include_tasks: ./network-manager.yml
+- include_tasks: dnsmasq/network-manager.yml
when: network_manager_active | bool
# Relies on ansible in order to configure static config
-- include_tasks: ./no-network-manager.yml
+- include_tasks: dnsmasq/no-network-manager.yml
when: not network_manager_active | bool
diff --git a/roles/openshift_node_dnsmasq/tasks/network-manager.yml b/roles/openshift_node/tasks/dnsmasq/network-manager.yml
index e5a92a630..e5a92a630 100644
--- a/roles/openshift_node_dnsmasq/tasks/network-manager.yml
+++ b/roles/openshift_node/tasks/dnsmasq/network-manager.yml
diff --git a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml
index dede2fb8f..541c8115a 100644
--- a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml
+++ b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml
@@ -7,5 +7,7 @@
name: NetworkManager
state: present
notify: restart NetworkManager
+ register: result
+ until: result | success
- include_tasks: network-manager.yml
diff --git a/roles/openshift_node/tasks/docker/upgrade.yml b/roles/openshift_node/tasks/docker/upgrade.yml
index ebe87d6fd..d743d2188 100644
--- a/roles/openshift_node/tasks/docker/upgrade.yml
+++ b/roles/openshift_node/tasks/docker/upgrade.yml
@@ -36,5 +36,7 @@
- name: Upgrade Docker
package: name=docker{{ '-' + docker_version }} state=present
+ register: result
+ until: result | success
# starting docker happens back in ../main.yml where it calls ../restart.yml
diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml
index 9a91e2fb6..1ed4a05c1 100644
--- a/roles/openshift_node/tasks/install.yml
+++ b/roles/openshift_node/tasks/install.yml
@@ -5,6 +5,8 @@
package:
name: "{{ openshift.common.service_type }}-node{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}"
state: present
+ register: result
+ until: result | success
- name: Install sdn-ovs package
package:
@@ -12,11 +14,15 @@
state: present
when:
- openshift_node_use_openshift_sdn | bool
+ register: result
+ until: result | success
- name: Install conntrack-tools package
package:
name: "conntrack-tools"
state: present
+ register: result
+ until: result | success
- when:
- openshift.common.is_containerized | bool
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 8e9d1d1b5..d46b1f9c3 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -6,6 +6,8 @@
- deployment_type == 'openshift-enterprise'
- not openshift_use_crio | default(false)
+- include: dnsmasq.yml
+
- name: setup firewall
import_tasks: firewall.yml
diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml
index 037efe81a..72a3b837f 100644
--- a/roles/openshift_node/tasks/storage_plugins/ceph.yml
+++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml
@@ -2,3 +2,5 @@
- name: Install Ceph storage plugin dependencies
package: name=ceph-common state=present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
index 1b8a7ad50..08ea71a0c 100644
--- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
@@ -2,6 +2,8 @@
- name: Install GlusterFS storage plugin dependencies
package: name=glusterfs-fuse state=present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
- name: Check for existence of fusefs sebooleans
command: getsebool {{ item }}
diff --git a/roles/openshift_node/tasks/storage_plugins/iscsi.yml b/roles/openshift_node/tasks/storage_plugins/iscsi.yml
index 1c5478c55..ece68dc71 100644
--- a/roles/openshift_node/tasks/storage_plugins/iscsi.yml
+++ b/roles/openshift_node/tasks/storage_plugins/iscsi.yml
@@ -2,3 +2,5 @@
- name: Install iSCSI storage plugin dependencies
package: name=iscsi-initiator-utils state=present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml
index 7e1035893..5eacf42e8 100644
--- a/roles/openshift_node/tasks/storage_plugins/nfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml
@@ -2,6 +2,8 @@
- name: Install NFS storage plugin dependencies
package: name=nfs-utils state=present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
- name: Check for existence of nfs sebooleans
command: getsebool {{ item }}
diff --git a/roles/openshift_node/tasks/upgrade.yml b/roles/openshift_node/tasks/upgrade.yml
index fb21b39a1..561b56918 100644
--- a/roles/openshift_node/tasks/upgrade.yml
+++ b/roles/openshift_node/tasks/upgrade.yml
@@ -107,6 +107,8 @@
name: openvswitch
state: latest
when: not openshift.common.is_containerized | bool
+ register: result
+ until: result | success
- name: Update oreg value
yedit:
@@ -179,5 +181,4 @@
retries: 24
delay: 5
-- include_role:
- name: openshift_node_dnsmasq
+- include_tasks: dnsmasq.yml
diff --git a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml
index a998acf21..fcbe1a598 100644
--- a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml
+++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml
@@ -8,10 +8,14 @@
# We verified latest rpm available is suitable, so just yum update.
- name: Upgrade packages
package: "name={{ openshift.common.service_type }}-{{ component }}{{ openshift_pkg_version }} state=present"
+ register: result
+ until: result | success
- name: Ensure python-yaml present for config upgrade
package: name=PyYAML state=present
when: not openshift.common.is_atomic | bool
+ register: result
+ until: result | success
- name: Install Node service file
template:
diff --git a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2 b/roles/openshift_node/templates/node-dnsmasq.conf.j2
index 3caa3bd4a..3caa3bd4a 100644
--- a/roles/openshift_node_dnsmasq/templates/node-dnsmasq.conf.j2
+++ b/roles/openshift_node/templates/node-dnsmasq.conf.j2
diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node/templates/origin-dns.conf.j2
index 6543c7c3e..6543c7c3e 100644
--- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2
+++ b/roles/openshift_node/templates/origin-dns.conf.j2
diff --git a/roles/openshift_node_dnsmasq/README.md b/roles/openshift_node_dnsmasq/README.md
deleted file mode 100644
index 4596190d7..000000000
--- a/roles/openshift_node_dnsmasq/README.md
+++ /dev/null
@@ -1,27 +0,0 @@
-OpenShift Node DNS resolver
-===========================
-
-Configure dnsmasq to act as a DNS resolver for an OpenShift node.
-
-Requirements
-------------
-
-Role Variables
---------------
-
-From this role:
-
-| Name | Default value | Description |
-|-----------------------------------------------------|---------------|-----------------------------------------------------------------------------------|
-| openshift_node_dnsmasq_install_network_manager_hook | true | Install NetworkManager hook updating /etc/resolv.conf with local dnsmasq instance |
-
-Dependencies
-------------
-
-* openshift_common
-* openshift_node_facts
-
-License
--------
-
-Apache License Version 2.0
diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml
deleted file mode 100644
index ebcff46b5..000000000
--- a/roles/openshift_node_dnsmasq/defaults/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-openshift_node_dnsmasq_install_network_manager_hook: true
-
-# lo must always be present in this list or dnsmasq will conflict with
-# the node's dns service.
-openshift_node_dnsmasq_except_interfaces:
-- lo
diff --git a/roles/openshift_node_dnsmasq/handlers/main.yml b/roles/openshift_node_dnsmasq/handlers/main.yml
deleted file mode 100644
index 9f98126a0..000000000
--- a/roles/openshift_node_dnsmasq/handlers/main.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-- name: restart NetworkManager
- systemd:
- name: NetworkManager
- state: restarted
- enabled: True
-
-- name: restart dnsmasq
- systemd:
- name: dnsmasq
- state: restarted
diff --git a/roles/openshift_node_dnsmasq/meta/main.yml b/roles/openshift_node_dnsmasq/meta/main.yml
deleted file mode 100644
index d80ed1b72..000000000
--- a/roles/openshift_node_dnsmasq/meta/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-galaxy_info:
- author: Scott Dodson
- description: OpenShift Node DNSMasq support
- company: Red Hat, Inc.
- license: Apache License, Version 2.0
- min_ansible_version: 2.2
- platforms:
- - name: EL
- versions:
- - 7
- categories:
- - cloud
-dependencies:
-- role: openshift_node_facts
diff --git a/roles/openshift_node_facts/tasks/main.yml b/roles/openshift_node_facts/tasks/main.yml
index b45130400..d33d09980 100644
--- a/roles/openshift_node_facts/tasks/main.yml
+++ b/roles/openshift_node_facts/tasks/main.yml
@@ -15,7 +15,6 @@
kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"
labels: "{{ openshift_node_labels | default(None) }}"
registry_url: "{{ oreg_url_node | default(oreg_url) | default(None) }}"
- schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}"
sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}"
set_node_ip: "{{ openshift_set_node_ip | default(None) }}"
diff --git a/roles/openshift_openstack/tasks/node-packages.yml b/roles/openshift_openstack/tasks/node-packages.yml
index 7864f5269..e41104af1 100644
--- a/roles/openshift_openstack/tasks/node-packages.yml
+++ b/roles/openshift_openstack/tasks/node-packages.yml
@@ -6,6 +6,8 @@
name: "{{ item }}"
state: latest
with_items: "{{ openshift_openstack_required_packages }}"
+ register: result
+ until: result | success
- name: Install debug packages (optional)
yum:
@@ -13,3 +15,5 @@
state: latest
with_items: "{{ openshift_openstack_debug_packages }}"
when: openshift_openstack_install_debug_packages|bool
+ register: result
+ until: result | success
diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2
index bfa65b460..0e7538629 100644
--- a/roles/openshift_openstack/templates/heat_stack.yaml.j2
+++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2
@@ -724,7 +724,7 @@ resources:
type: node
subtype: app
node_labels:
-{% for k, v in openshift_openstack_cluster_node_labels.app.iteritems() %}
+{% for k, v in openshift_openstack_cluster_node_labels.app.items() %}
{{ k|e }}: {{ v|e }}
{% endfor %}
image: {{ openshift_openstack_node_image }}
@@ -788,7 +788,7 @@ resources:
type: node
subtype: infra
node_labels:
-{% for k, v in openshift_openstack_cluster_node_labels.infra.iteritems() %}
+{% for k, v in openshift_openstack_cluster_node_labels.infra.items() %}
{{ k|e }}: {{ v|e }}
{% endfor %}
image: {{ openshift_openstack_infra_image }}
diff --git a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2 b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2
index 9c5103597..ee9dac7cb 100644
--- a/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2
+++ b/roles/openshift_persistent_volumes/templates/persistent-volume.yml.j2
@@ -9,7 +9,7 @@ items:
name: "{{ volume.name }}"
{% if volume.labels is defined and volume.labels is mapping %}
labels:
-{% for key,value in volume.labels.iteritems() %}
+{% for key,value in volume.labels.items() %}
{{ key }}: {{ value }}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_prometheus/templates/prometheus.j2 b/roles/openshift_prometheus/templates/prometheus.j2
index e73a94eee..d780550b8 100644
--- a/roles/openshift_prometheus/templates/prometheus.j2
+++ b/roles/openshift_prometheus/templates/prometheus.j2
@@ -22,7 +22,7 @@ spec:
serviceAccountName: prometheus
{% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %}
nodeSelector:
-{% for key, value in openshift_prometheus_node_selector.iteritems() %}
+{% for key, value in openshift_prometheus_node_selector.items() %}
{{ key }}: "{{ value }}"
{% endfor %}
{% endif %}
diff --git a/roles/openshift_prometheus/vars/default_images.yml b/roles/openshift_prometheus/vars/default_images.yml
index ad52a3125..31f6c1bb1 100644
--- a/roles/openshift_prometheus/vars/default_images.yml
+++ b/roles/openshift_prometheus/vars/default_images.yml
@@ -6,7 +6,7 @@ l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_alter
l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}"
# image version defaults
-l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v2.0.0-dev.3') }}"
+l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v2.0.0') }}"
l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v1.0.0') }}"
l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v0.9.1') }}"
l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v0.0.2') }}"
diff --git a/roles/openshift_provisioners/templates/clusterrolebinding.j2 b/roles/openshift_provisioners/templates/clusterrolebinding.j2
index 994afa32d..1f26c93a4 100644
--- a/roles/openshift_provisioners/templates/clusterrolebinding.j2
+++ b/roles/openshift_provisioners/templates/clusterrolebinding.j2
@@ -4,7 +4,7 @@ metadata:
name: {{obj_name}}
{% if labels is defined%}
labels:
-{% for key, value in labels.iteritems() %}
+{% for key, value in labels.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_provisioners/templates/efs.j2 b/roles/openshift_provisioners/templates/efs.j2
index 81b9ccca5..37fd02977 100644
--- a/roles/openshift_provisioners/templates/efs.j2
+++ b/roles/openshift_provisioners/templates/efs.j2
@@ -22,7 +22,7 @@ spec:
serviceAccountName: "{{deploy_serviceAccount}}"
{% if node_selector is iterable and node_selector | length > 0 %}
nodeSelector:
-{% for key, value in node_selector.iteritems() %}
+{% for key, value in node_selector.items() %}
{{key}}: "{{value}}"
{% endfor %}
{% endif %}
diff --git a/roles/openshift_provisioners/templates/pv.j2 b/roles/openshift_provisioners/templates/pv.j2
index f81b1617a..b648cd15e 100644
--- a/roles/openshift_provisioners/templates/pv.j2
+++ b/roles/openshift_provisioners/templates/pv.j2
@@ -4,13 +4,13 @@ metadata:
name: {{obj_name}}
{% if annotations is defined %}
annotations:
-{% for key,value in annotations.iteritems() %}
+{% for key,value in annotations.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
{% if labels is defined%}
labels:
-{% for key, value in labels.iteritems() %}
+{% for key, value in labels.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_provisioners/templates/pvc.j2 b/roles/openshift_provisioners/templates/pvc.j2
index 0dd8772eb..0a88b7c88 100644
--- a/roles/openshift_provisioners/templates/pvc.j2
+++ b/roles/openshift_provisioners/templates/pvc.j2
@@ -4,7 +4,7 @@ metadata:
name: {{obj_name}}
{% if annotations is defined %}
annotations:
-{% for key,value in annotations.iteritems() %}
+{% for key,value in annotations.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
@@ -12,7 +12,7 @@ spec:
{% if pv_selector is defined and pv_selector is mapping %}
selector:
matchLabels:
-{% for key,value in pv_selector.iteritems() %}
+{% for key,value in pv_selector.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_provisioners/templates/secret.j2 b/roles/openshift_provisioners/templates/secret.j2
index 78824095b..2fbb28829 100644
--- a/roles/openshift_provisioners/templates/secret.j2
+++ b/roles/openshift_provisioners/templates/secret.j2
@@ -4,7 +4,7 @@ metadata:
name: {{obj_name}}
{% if labels is defined%}
labels:
-{% for key, value in labels.iteritems() %}
+{% for key, value in labels.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_provisioners/templates/serviceaccount.j2 b/roles/openshift_provisioners/templates/serviceaccount.j2
index b22acc594..ea19f17d7 100644
--- a/roles/openshift_provisioners/templates/serviceaccount.j2
+++ b/roles/openshift_provisioners/templates/serviceaccount.j2
@@ -4,7 +4,7 @@ metadata:
name: {{obj_name}}
{% if labels is defined%}
labels:
-{% for key, value in labels.iteritems() %}
+{% for key, value in labels.items() %}
{{key}}: {{value}}
{% endfor %}
{% endif %}
diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml
index 552a22a0f..5e7bde1e1 100644
--- a/roles/openshift_repos/tasks/main.yaml
+++ b/roles/openshift_repos/tasks/main.yaml
@@ -9,6 +9,8 @@
# TODO: This needs to be removed and placed into a role
- name: Ensure libselinux-python is installed
package: name=libselinux-python state=present
+ register: result
+ until: result | success
- name: Remove openshift_additional.repo file
file:
diff --git a/roles/openshift_sanitize_inventory/tasks/unsupported.yml b/roles/openshift_sanitize_inventory/tasks/unsupported.yml
index b70ab90a1..1c4984467 100644
--- a/roles/openshift_sanitize_inventory/tasks/unsupported.yml
+++ b/roles/openshift_sanitize_inventory/tasks/unsupported.yml
@@ -40,3 +40,27 @@
openshift_master_dynamic_provisioning_enabled to True and set an
openshift_cloudprovider_kind. You can disable this check with
'dynamic_volumes_check=False'.
+
+#if we have registry backend as glusterfs, and we have clashing configuration.
+- name: Ensure the hosted registry's GlusterFS storage is configured correctly
+ when:
+ - openshift_hosted_registry_storage_kind | default(none) in ['glusterfs']
+ - openshift_hosted_registry_storage_glusterfs_ips is defined and openshift_hosted_registry_storage_glusterfs_ips != ''
+ - "'glusterfs_registry' in groups | default([])"
+ fail:
+ msg: |-
+ Configuring a value for openshift_hosted_registry_storage_glusterfs_ips and with a glusterfs_registry host group is not allowed.
+ Specifying a glusterfs_registry host group indicates that a new GlusterFS cluster should be configured, whereas
+ specifying openshift_hosted_registry_storage_glusterfs_ips indicates wanting to use a pre-configured GlusterFS cluster for the registry storage.
+
+#if we have registry backend as glusterfs and no gluster specified.
+- name: Ensure the hosted registry's GlusterFS storage is configured correctly
+ when:
+ - openshift_hosted_registry_storage_kind | default(none) in ['glusterfs']
+ - not openshift_hosted_registry_storage_glusterfs_ips is defined
+ - not 'glusterfs_registry' in groups | default([])
+ - not 'glusterfs' in groups | default([])
+ fail:
+ msg: |-
+ Configuring a value for openshift_hosted_registry_storage_kind=glusterfs without a any glusterfs option is not allowed.
+ Specify either openshift_hosted_registry_storage_glusterfs_ips variable or glusterfs, glusterfs_registry host groups.
diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml
index 3507330e3..41a6691c9 100644
--- a/roles/openshift_service_catalog/tasks/install.yml
+++ b/roles/openshift_service_catalog/tasks/install.yml
@@ -40,7 +40,7 @@
command: >
{{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig adm pod-network make-projects-global kube-service-catalog
-- include: generate_certs.yml
+- include_tasks: generate_certs.yml
- copy:
src: kubeservicecatalog_roles_bindings.yml
@@ -252,7 +252,7 @@
session_affinity: None
service_type: ClusterIP
-- include: start_api_server.yml
+- include_tasks: start_api_server.yml
- name: Delete temp directory
file:
diff --git a/roles/openshift_service_catalog/tasks/main.yml b/roles/openshift_service_catalog/tasks/main.yml
index dc0d6a370..ffdbe2b11 100644
--- a/roles/openshift_service_catalog/tasks/main.yml
+++ b/roles/openshift_service_catalog/tasks/main.yml
@@ -1,8 +1,8 @@
---
# do any asserts here
-- include: install.yml
+- include_tasks: install.yml
when: not openshift_service_catalog_remove | default(false) | bool
-- include: remove.yml
+- include_tasks: remove.yml
when: openshift_service_catalog_remove | default(false) | bool
diff --git a/roles/openshift_service_catalog/templates/api_server.j2 b/roles/openshift_service_catalog/templates/api_server.j2
index 0e5bb7230..4f51b8c3c 100644
--- a/roles/openshift_service_catalog/templates/api_server.j2
+++ b/roles/openshift_service_catalog/templates/api_server.j2
@@ -19,7 +19,7 @@ spec:
spec:
serviceAccountName: service-catalog-apiserver
nodeSelector:
-{% for key, value in node_selector.iteritems() %}
+{% for key, value in node_selector.items() %}
{{key}}: "{{value}}"
{% endfor %}
containers:
diff --git a/roles/openshift_service_catalog/templates/controller_manager.j2 b/roles/openshift_service_catalog/templates/controller_manager.j2
index e5e5f6b50..137222f04 100644
--- a/roles/openshift_service_catalog/templates/controller_manager.j2
+++ b/roles/openshift_service_catalog/templates/controller_manager.j2
@@ -19,7 +19,7 @@ spec:
spec:
serviceAccountName: service-catalog-controller
nodeSelector:
-{% for key, value in node_selector.iteritems() %}
+{% for key, value in node_selector.items() %}
{{key}}: "{{value}}"
{% endfor %}
containers:
diff --git a/roles/openshift_storage_glusterfs/README.md b/roles/openshift_storage_glusterfs/README.md
index 54adcf78d..be749a2e1 100644
--- a/roles/openshift_storage_glusterfs/README.md
+++ b/roles/openshift_storage_glusterfs/README.md
@@ -133,8 +133,7 @@ are an exception:
| openshift_storage_glusterfs_registry_heketi_admin_key | auto-generated | Separate from the above
| openshift_storage_glusterfs_registry_heketi_user_key | auto-generated | Separate from the above
-Additionally, this role's behavior responds to the following registry-specific
-variables:
+Additionally, this role's behavior responds to several registry-specific variables in the [openshift_hosted role](../openshift_hosted/README.md):
| Name | Default value | Description |
|-------------------------------------------------------|------------------------------|-----------------------------------------|
diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
index 2a678af57..4b33e91b4 100644
--- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
+++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml
@@ -4,6 +4,8 @@
when:
- not openshift.common.is_atomic | bool
- not glusterfs_heketi_is_native | bool
+ register: result
+ until: result | success
- name: Verify heketi-cli is installed
shell: "command -v {{ glusterfs_heketi_cli }} >/dev/null 2>&1 || { echo >&2 'ERROR: Make sure heketi-cli is available, then re-run the installer'; exit 1; }"
diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml
index 1ede0ae94..71c1311cd 100644
--- a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml
+++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml
@@ -44,6 +44,6 @@
glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_heketi_ssh_sudo | bool }}"
glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_heketi_ssh_keyfile }}"
glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_heketi_fstab }}"
- glusterfs_nodes: "{{ groups.glusterfs }}"
+ glusterfs_nodes: "{{ groups.glusterfs | default([]) }}"
- include: glusterfs_common.yml
diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml
index ef37762f9..30e83e79b 100644
--- a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml
+++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml
@@ -77,6 +77,14 @@
files:
- "{{ mktemp.stdout }}/glusterfs-template.yml"
+- name: Check GlusterFS DaemonSet status
+ oc_obj:
+ namespace: "{{ glusterfs_namespace }}"
+ kind: daemonset
+ name: glusterfs-{{ glusterfs_name }}
+ state: list
+ register: glusterfs_ds
+
- name: Deploy GlusterFS pods
oc_process:
namespace: "{{ glusterfs_namespace }}"
@@ -88,6 +96,8 @@
NODE_LABELS: "{{ glusterfs_nodeselector }}"
CLUSTER_NAME: "{{ glusterfs_name }}"
GB_GLFS_LRU_COUNT: "{{ glusterfs_block_host_vol_max }}"
+ when: (glusterfs_ds.results.results[0].status is not defined) or
+ (glusterfs_ds.results.results[0].status.numberReady | default(0) < glusterfs_ds.results.results[0].status.desiredNumberScheduled | default(glusterfs_nodes | count))
- name: Wait for GlusterFS pods
oc_obj:
diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml
index 1fa42efa7..d3cba61cf 100644
--- a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml
+++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml
@@ -44,52 +44,13 @@
glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_registry_heketi_ssh_sudo | bool }}"
glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_registry_heketi_ssh_keyfile }}"
glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_registry_heketi_fstab }}"
- glusterfs_nodes: "{{ groups.glusterfs_registry | default(groups.glusterfs) }}"
+ glusterfs_nodes: "{% if groups.glusterfs_registry is defined %}{% set nodes = groups.glusterfs_registry %}{% elif 'groups.glusterfs' is defined %}{% set nodes = groups.glusterfs %}{% else %}{% set nodes = '[]' %}{% endif %}{{ nodes }}"
- include: glusterfs_common.yml
when:
- glusterfs_nodes | default([]) | count > 0
- "'glusterfs' not in groups or glusterfs_nodes != groups.glusterfs"
-- name: Delete pre-existing GlusterFS registry resources
- oc_obj:
- namespace: "{{ glusterfs_namespace }}"
- kind: "{{ item.kind }}"
- name: "{{ item.name }}"
- state: absent
- with_items:
- - kind: "svc"
- name: "glusterfs-{{ glusterfs_name | default }}-endpoints"
- failed_when: False
-
-- name: Generate GlusterFS registry endpoints
- template:
- src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-endpoints.yml.j2"
- dest: "{{ mktemp.stdout }}/glusterfs-registry-endpoints.yml"
-
-- name: Copy GlusterFS registry service
- template:
- src: "{{ openshift.common.examples_content_version }}/glusterfs-registry-service.yml.j2"
- dest: "{{ mktemp.stdout }}/glusterfs-registry-service.yml"
-
-- name: Create GlusterFS registry endpoints
- oc_obj:
- namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
- state: present
- kind: endpoints
- name: "glusterfs-{{ glusterfs_name }}-endpoints"
- files:
- - "{{ mktemp.stdout }}/glusterfs-registry-endpoints.yml"
-
-- name: Create GlusterFS registry service
- oc_obj:
- namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
- state: present
- kind: service
- name: "glusterfs-{{ glusterfs_name }}-endpoints"
- files:
- - "{{ mktemp.stdout }}/glusterfs-registry-service.yml"
-
- name: Check if GlusterFS registry volume exists
command: "{{ glusterfs_heketi_client }} volume list"
register: registry_volume
diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml
index 24264fa43..c25cad74c 100644
--- a/roles/openshift_storage_nfs/tasks/main.yml
+++ b/roles/openshift_storage_nfs/tasks/main.yml
@@ -4,6 +4,8 @@
- name: Install nfs-utils
package: name=nfs-utils state=present
+ register: result
+ until: result | success
- name: Configure NFS
lineinfile:
diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
index 03f4fcec0..bee786a90 100644
--- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
+++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml
@@ -2,6 +2,8 @@
- name: Install NFS server
package: name=nfs-utils state=present
when: not openshift.common.is_containerized | bool
+ register: result
+ until: result | success
- name: Start rpcbind
systemd:
diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml
index b727eb74d..574e89899 100644
--- a/roles/openshift_version/tasks/set_version_containerized.yml
+++ b/roles/openshift_version/tasks/set_version_containerized.yml
@@ -20,7 +20,7 @@
- name: Lookup latest containerized version if no version specified
command: >
- docker run --rm {{ openshift.common.cli_image }}:latest version
+ docker run --rm {{ openshift_cli_image }}:latest version
register: cli_image_version
when:
- openshift_version is not defined
@@ -43,7 +43,7 @@
# and use that value instead.
- name: Set precise containerized version to configure if openshift_release specified
command: >
- docker run --rm {{ openshift.common.cli_image }}:v{{ openshift_version }} version
+ docker run --rm {{ openshift_cli_image }}:v{{ openshift_version }} version
register: cli_image_version
when:
- openshift_version is defined
diff --git a/roles/os_firewall/tasks/firewalld.yml b/roles/os_firewall/tasks/firewalld.yml
index 54430f402..1e27ebaf9 100644
--- a/roles/os_firewall/tasks/firewalld.yml
+++ b/roles/os_firewall/tasks/firewalld.yml
@@ -8,6 +8,8 @@
package:
name: firewalld
state: present
+ register: result
+ until: result | success
- name: Ensure iptables services are not enabled
systemd:
diff --git a/roles/os_firewall/tasks/iptables.yml b/roles/os_firewall/tasks/iptables.yml
index 2d74f2e48..a7c13e487 100644
--- a/roles/os_firewall/tasks/iptables.yml
+++ b/roles/os_firewall/tasks/iptables.yml
@@ -22,6 +22,8 @@
- iptables
- iptables-services
when: not r_os_firewall_is_atomic | bool
+ register: result
+ until: result | success
- name: Start and enable iptables service
systemd:
diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml
index 6b5fd0106..60d665587 100644
--- a/roles/os_update_latest/tasks/main.yml
+++ b/roles/os_update_latest/tasks/main.yml
@@ -1,3 +1,5 @@
---
- name: Update all packages
package: name=* state=latest
+ register: result
+ until: result | success
diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml
index b06f51908..9ca49b569 100644
--- a/roles/rhel_subscribe/tasks/main.yml
+++ b/roles/rhel_subscribe/tasks/main.yml
@@ -36,6 +36,8 @@
yum:
name: subscription-manager
state: present
+ register: result
+ until: result | success
- name: RedHat subscriptions
redhat_subscription:
diff --git a/roles/template_service_broker/tasks/main.yml b/roles/template_service_broker/tasks/main.yml
index 6a4d89a46..71c8ca470 100644
--- a/roles/template_service_broker/tasks/main.yml
+++ b/roles/template_service_broker/tasks/main.yml
@@ -1,8 +1,8 @@
---
# do any asserts here
-- include: install.yml
+- include_tasks: install.yml
when: template_service_broker_install | bool
-- include: remove.yml
+- include_tasks: remove.yml
when: template_service_broker_remove | bool