diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/container_runtime/templates/crio.conf.j2 | 2 | ||||
| -rw-r--r-- | roles/contiv/tasks/pkgMgrInstallers/centos-install.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_master/defaults/main.yml | 42 | ||||
| -rw-r--r-- | roles/openshift_master/vars/main.yml | 41 | ||||
| -rw-r--r-- | roles/openshift_node/templates/node.yaml.v1.j2 | 4 | ||||
| -rw-r--r-- | roles/openshift_repos/tasks/main.yaml | 7 | ||||
| -rw-r--r-- | roles/openshift_repos/tasks/rhel_repos.yml | 34 | ||||
| -rw-r--r-- | roles/rhel_subscribe/tasks/enterprise.yml | 18 | ||||
| -rw-r--r-- | roles/rhel_subscribe/tasks/main.yml | 89 | ||||
| -rw-r--r-- | roles/rhel_subscribe/tasks/satellite.yml | 5 |
10 files changed, 143 insertions, 101 deletions
diff --git a/roles/container_runtime/templates/crio.conf.j2 b/roles/container_runtime/templates/crio.conf.j2 index 3f066a17f..0a1ff2e0a 100644 --- a/roles/container_runtime/templates/crio.conf.j2 +++ b/roles/container_runtime/templates/crio.conf.j2 @@ -27,7 +27,7 @@ storage_option = [ [crio.api] # listen is the path to the AF_LOCAL socket on which crio will listen. -listen = "/var/run/crio.sock" +listen = "/var/run/crio/crio.sock" # stream_address is the IP address on which the stream server will listen stream_address = "" diff --git a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml index 62b4716a3..a4d260279 100644 --- a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml +++ b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml @@ -27,7 +27,7 @@ - name: PkgMgr RHEL/CentOS | Install ovs yum: - pkg=openvswitch-2.5.0-2.el7.x86_64 + pkg=openvswitch state=present environment: http_proxy: "{{ http_proxy|default('') }}" diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 38b2fd8b8..efd119299 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -54,6 +54,48 @@ ha_svc_template_path: "native-cluster" openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}" +openshift_master_loopback_config: "{{ openshift_master_config_dir }}/openshift-master.kubeconfig" +loopback_context_string: "current-context: {{ openshift.master.loopback_context_name }}" +openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml" +openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" + +scheduler_config: + kind: Policy + apiVersion: v1 + predicates: "{{ openshift_master_scheduler_predicates + | default(openshift_master_scheduler_current_predicates + | default(openshift_master_scheduler_default_predicates)) }}" + priorities: "{{ openshift_master_scheduler_priorities + | default(openshift_master_scheduler_current_priorities + | default(openshift_master_scheduler_default_priorities)) }}" + +openshift_master_valid_grant_methods: +- auto +- prompt +- deny + +openshift_master_is_scaleup_host: False + +# These defaults assume forcing journald persistence, fsync to disk once +# a second, rate-limiting to 10,000 logs a second, no forwarding to +# syslog or wall, using 8GB of disk space maximum, using 10MB journal +# files, keeping only a days worth of logs per journal file, and +# retaining journal files no longer than a month. +journald_vars_to_replace: +- { var: Storage, val: persistent } +- { var: Compress, val: yes } +- { var: SyncIntervalSec, val: 1s } +- { var: RateLimitInterval, val: 1s } +- { var: RateLimitBurst, val: 10000 } +- { var: SystemMaxUse, val: 8G } +- { var: SystemKeepFree, val: 20% } +- { var: SystemMaxFileSize, val: 10M } +- { var: MaxRetentionSec, val: 1month } +- { var: MaxFileSec, val: 1day } +- { var: ForwardToSyslog, val: no } +- { var: ForwardToWall, val: no } + + # NOTE # r_openshift_master_*_default may be defined external to this role. # openshift_use_*, if defined, may affect other roles or play behavior. diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml deleted file mode 100644 index 0c681c764..000000000 --- a/roles/openshift_master/vars/main.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -openshift_master_loopback_config: "{{ openshift_master_config_dir }}/openshift-master.kubeconfig" -loopback_context_string: "current-context: {{ openshift.master.loopback_context_name }}" -openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml" -openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" - -scheduler_config: - kind: Policy - apiVersion: v1 - predicates: "{{ openshift_master_scheduler_predicates - | default(openshift_master_scheduler_current_predicates - | default(openshift_master_scheduler_default_predicates)) }}" - priorities: "{{ openshift_master_scheduler_priorities - | default(openshift_master_scheduler_current_priorities - | default(openshift_master_scheduler_default_priorities)) }}" - -openshift_master_valid_grant_methods: -- auto -- prompt -- deny - -openshift_master_is_scaleup_host: False - -# These defaults assume forcing journald persistence, fsync to disk once -# a second, rate-limiting to 10,000 logs a second, no forwarding to -# syslog or wall, using 8GB of disk space maximum, using 10MB journal -# files, keeping only a days worth of logs per journal file, and -# retaining journal files no longer than a month. -journald_vars_to_replace: -- { var: Storage, val: persistent } -- { var: Compress, val: yes } -- { var: SyncIntervalSec, val: 1s } -- { var: RateLimitInterval, val: 1s } -- { var: RateLimitBurst, val: 10000 } -- { var: SystemMaxUse, val: 8G } -- { var: SystemKeepFree, val: 20% } -- { var: SystemMaxFileSize, val: 10M } -- { var: MaxRetentionSec, val: 1month } -- { var: MaxFileSec, val: 1day } -- { var: ForwardToSyslog, val: no } -- { var: ForwardToWall, val: no } diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 16fdde02e..261cac6f1 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -20,9 +20,9 @@ kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yam container-runtime: - remote container-runtime-endpoint: - - /var/run/crio.sock + - /var/run/crio/crio.sock image-service-endpoint: - - /var/run/crio.sock + - /var/run/crio/crio.sock node-labels: - router=true - registry=true diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 5e7bde1e1..83954eaf8 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -37,6 +37,13 @@ - when: r_openshift_repos_has_run is not defined block: + - include_tasks: rhel_repos.yml + when: + - ansible_distribution == 'RedHat' + - deployment_type == 'openshift-enterprise' + - (rhel_subscription_user or rhsub_user) is defined + - (rhel_subscription_password or rhsub_pass) is defined + - include_tasks: centos_repos.yml when: - ansible_os_family == "RedHat" diff --git a/roles/openshift_repos/tasks/rhel_repos.yml b/roles/openshift_repos/tasks/rhel_repos.yml new file mode 100644 index 000000000..c384cbe9a --- /dev/null +++ b/roles/openshift_repos/tasks/rhel_repos.yml @@ -0,0 +1,34 @@ +--- +- name: Ensure RHEL rhui repositories are disabled + command: bash -c "yum -q --noplugins repolist | grep -v 'repo id' | grep 'rhui'" + register: repo_rhui + changed_when: "repo_rhui.rc != 1" + failed_when: repo_rhui.rc == 11 + +- name: Disable RHEL rhui repositories + command: bash -c "yum-config-manager \ + --disable 'rhui-REGION-client-config-server-7' \ + --disable 'rhui-REGION-rhel-server-rh-common' \ + --disable 'rhui-REGION-rhel-server-releases' \ + --disable 'rhui-REGION-client-config-server-7'" + when: repo_rhui.changed + +- name: Ensure RHEL repositories are enabled + command: bash -c "yum -q --noplugins repolist | grep -v 'repo id' | grep 'Red Hat' | wc -l" + register: repo_rhel + changed_when: "'4' not in repo_rhel.stdout" + failed_when: repo_rhel.rc == 11 + +- name: Disable all repositories + command: bash -c "subscription-manager repos --disable='*'" + when: repo_rhel.changed + +- name: Enable RHEL repositories + command: subscription-manager repos \ + --enable="rhel-7-server-rpms" \ + --enable="rhel-7-server-extras-rpms" \ + --enable="rhel-7-server-ose-{{ (openshift_release | default('')).split('.')[0:2] | join('.') }}-rpms" \ + --enable="rhel-7-fast-datapath-rpms" + register: subscribe_repos + until: subscribe_repos | succeeded + when: repo_rhel.changed diff --git a/roles/rhel_subscribe/tasks/enterprise.yml b/roles/rhel_subscribe/tasks/enterprise.yml deleted file mode 100644 index 8acdfb969..000000000 --- a/roles/rhel_subscribe/tasks/enterprise.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- set_fact: - openshift_release: "{{ openshift_release[1:] }}" - when: - - openshift_release is defined - - openshift_release[0] == 'v' - -- name: Disable all repositories - command: subscription-manager repos --disable="*" - -- name: Enable RHEL repositories - command: subscription-manager repos \ - --enable="rhel-7-server-rpms" \ - --enable="rhel-7-server-extras-rpms" \ - --enable="rhel-7-server-ose-{{ (openshift_release | default('')).split('.')[0:2] | join('.') }}-rpms" \ - --enable="rhel-7-fast-datapath-rpms" - register: subscribe_repos - until: subscribe_repos | succeeded diff --git a/roles/rhel_subscribe/tasks/main.yml b/roles/rhel_subscribe/tasks/main.yml index 3466b7e44..74ee8bbfe 100644 --- a/roles/rhel_subscribe/tasks/main.yml +++ b/roles/rhel_subscribe/tasks/main.yml @@ -1,30 +1,21 @@ --- -# TODO: Enhance redhat_subscription module -# to make it able to attach to a pool -# to make it able to enable repositories +- set_fact: + rhel_subscription_pass: "{{ lookup('env', 'rhel_subscription_pass') | default(rhsub_pass | default(omit, True)) }}" + rhel_subscription_pool: "{{ lookup('env', 'rhel_subscription_pool') | default(rhsub_pool | default('Red Hat OpenShift Container Platform, Premium*')) }}" + rhel_subscription_user: "{{ lookup('env', 'rhel_subscription_user') | default(rhsub_user | default(omit, True)) }}" + rhel_subscription_server: "{{ lookup('env', 'rhel_subscription_server') | default(rhsub_server | default(omit, True)) }}" - fail: msg: "This role is only supported for Red Hat hosts" when: ansible_distribution != 'RedHat' - fail: - msg: The rhsub_user variable is required for this role. - when: rhsub_user is not defined or not rhsub_user + msg: The rhel_subscription_user variable is required for this role. + when: rhel_subscription_user is not defined or not rhsub_user is not defined - fail: - msg: The rhsub_pass variable is required for this role. - when: rhsub_pass is not defined or not rhsub_pass - -- name: Detecting Atomic Host Operating System - stat: - path: /run/ostree-booted - register: ostree_booted - -- name: Satellite preparation - command: "rpm -Uvh http://{{ rhsub_server }}/pub/katello-ca-consumer-latest.noarch.rpm" - args: - creates: /etc/rhsm/ca/katello-server-ca.pem - when: rhsub_server is defined and rhsub_server + msg: The rhel_subscription_pass variable is required for this role. + when: rhel_subscription_pass is not defined or not rhsub_pass is not defined - name: Install Red Hat Subscription manager yum: @@ -33,36 +24,58 @@ register: result until: result | success -- name: RedHat subscriptions +- name: Is host already registered? + command: bash -c "subscription-manager version" + register: rh_subscribed + changed_when: "'not registered' in rh_subscribed.stdout" + ignore_errors: yes + +- name: Register host redhat_subscription: - username: "{{ rhsub_user }}" - password: "{{ rhsub_pass }}" + username: "{{ rhel_subscription_user }}" + password: "{{ rhel_subscription_pass }}" register: rh_subscription until: rh_subscription | succeeded + when: + - "'not registered' in rh_subscribed.stdout" + - rhel_subscription_user is defined + - rhel_subscription_pass is defined -- name: Retrieve the OpenShift Pool ID - command: subscription-manager list --available --matches="{{ rhsub_pool }}" --pool-only - register: openshift_pool_id - until: openshift_pool_id | succeeded - changed_when: False +- fail: + msg: 'Unable to register host with Red Hat Subscription Manager' + when: + - "'not registered' in rh_subscribed.stdout" + - rh_subscription.failed - name: Determine if OpenShift Pool Already Attached - command: subscription-manager list --consumed --matches="{{ rhsub_pool }}" --pool-only + command: bash -c "subscription-manager list --consumed --pool-only --matches '*OpenShift*' | grep {{ rhel_subscription_pool }}" register: openshift_pool_attached - until: openshift_pool_attached | succeeded - changed_when: False - when: openshift_pool_id.stdout == '' + changed_when: rhel_subscription_pool not in openshift_pool_attached.stdout + failed_when: openshift_pool_attached.rc == 2 + ignore_errors: yes + +- name: Retrieve the OpenShift Pool ID + command: bash -c "subscription-manager list --available --pool-only --matches '*OpenShift*' | grep {{ rhel_subscription_pool }}" + register: openshift_pool_retrieve + changed_when: rhel_subscription_pool in openshift_pool_retrieve.stdout + when: rhel_subscription_pool not in openshift_pool_attached.stdout + ignore_errors: yes - fail: - msg: "Unable to find pool matching {{ rhsub_pool }} in available or consumed pools" - when: openshift_pool_id.stdout == '' and openshift_pool_attached is defined and openshift_pool_attached.stdout == '' + msg: "Unable to find pool matching {{ rhel_subscription_pool }} in available pools" + when: + - rhel_subscription_pool not in openshift_pool_attached.stdout + - rhel_subscription_pool not in openshift_pool_retrieve.stdout - name: Attach to OpenShift Pool - command: subscription-manager attach --pool {{ openshift_pool_id.stdout_lines[0] }} - register: subscribe_pool - until: subscribe_pool | succeeded - when: openshift_pool_id.stdout != '' + command: bash -c "subscription-manager attach --pool {{ rhel_subscription_pool }}" + register: openshift_pool_attached + changed_when: "'Successfully attached a subscription' in openshift_pool_attached.stdout" + when: rhel_subscription_pool not in openshift_pool_attached.stdout -- include_tasks: enterprise.yml +- include_role: + role: rhel_subscribe + tasks_from: satellite when: - - not ostree_booted.stat.exists | bool + - (rhel_subscription_server or rhsub_server) is defined + - (rhel_subscription_server or rhsub_server) diff --git a/roles/rhel_subscribe/tasks/satellite.yml b/roles/rhel_subscribe/tasks/satellite.yml new file mode 100644 index 000000000..b2b2a621d --- /dev/null +++ b/roles/rhel_subscribe/tasks/satellite.yml @@ -0,0 +1,5 @@ +--- +- name: Satellite preparation + command: "rpm -Uvh http://{{ rhel_subscription_server }}/pub/katello-ca-consumer-latest.noarch.rpm" + args: + creates: /etc/rhsm/ca/katello-server-ca.pem |