1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
---
# TODO: allow for overriding default ports where possible
- fail:
msg: "SELinux is disabled, This deployment type requires that SELinux is enabled."
when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise']
- name: Set node facts
openshift_facts:
role: "{{ item.role }}"
local_facts: "{{ item.local_facts }}"
with_items:
- role: common
local_facts:
hostname: "{{ openshift_hostname | default(none) }}"
public_hostname: "{{ openshift_public_hostname | default(none) }}"
deployment_type: "{{ openshift_deployment_type }}"
# TODO: Replace this with a lookup or filter plugin.
dns_ip: "{{ openshift_dns_ip
| default(openshift_master_cluster_vip
| default(None if openshift.common.version_greater_than_3_1_or_1_1 | bool else openshift_node_first_master_ip | default(None, true), true), true) }}"
- role: node
local_facts:
annotations: "{{ openshift_node_annotations | default(none) }}"
debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}"
docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}"
docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}"
iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}"
kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"
labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}"
portal_net: "{{ openshift_master_portal_net | default(None) }}"
registry_url: "{{ oreg_url | default(none) }}"
schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}"
sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"
storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}"
set_node_ip: "{{ openshift_set_node_ip | default(None) }}"
# We have to add tuned-profiles in the same transaction otherwise we run into depsolving
# problems because the rpms don't pin the version properly.
- name: Install Node package
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present"
- name: Install sdn-ovs package
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present"
when: openshift.common.use_openshift_sdn
# TODO: add the validate parameter when there is a validation command to run
- name: Create the Node config
template:
dest: "{{ openshift_node_config_file }}"
src: node.yaml.v1.j2
backup: true
notify:
- restart node
- name: Configure Node settings
lineinfile:
dest: /etc/sysconfig/{{ openshift.common.service_type }}-node
regexp: "{{ item.regex }}"
line: "{{ item.line }}"
with_items:
- regex: '^OPTIONS='
line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}"
- regex: '^CONFIG_FILE='
line: "CONFIG_FILE={{ openshift_node_config_file }}"
notify:
- restart node
- stat: path=/etc/sysconfig/docker
register: docker_check
# TODO: Enable secure registry when code available in origin
- name: Secure Registry and Logs Options
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^OPTIONS=.*$'
line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \
{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \
{% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }} {% endif %} \
{% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '"
when: docker_check.stat.isreg
notify:
- restart docker
- set_fact:
docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries')
| oo_split() | union(['registry.access.redhat.com'])
| difference(['']) }}"
when: openshift.common.deployment_type == 'enterprise'
- set_fact:
docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries')
| oo_split() | difference(['']) }}"
when: openshift.common.deployment_type != 'enterprise'
- name: Add personal registries
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^ADD_REGISTRY=.*$'
line: "ADD_REGISTRY='{{ docker_additional_registries
| oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'"
when: docker_check.stat.isreg and docker_additional_registries
notify:
- restart docker
- name: Block registries
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^BLOCK_REGISTRY=.*$'
line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split()
| oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'"
when: docker_check.stat.isreg and
lookup('oo_option', 'docker_blocked_registries') != ''
notify:
- restart docker
- name: Grant access to additional insecure registries
lineinfile:
dest: /etc/sysconfig/docker
regexp: '^INSECURE_REGISTRY=.*'
line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split()
| oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'"
when: docker_check.stat.isreg and
lookup('oo_option', 'docker_insecure_registries') != ''
notify:
- restart docker
- name: Additional storage plugin configuration
include: storage_plugins/main.yml
- name: Start and enable node
service: name={{ openshift.common.service_type }}-node enabled=yes state=started
register: start_result
- set_fact:
node_service_status_changed = start_result | changed
|
