summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master
diff options
context:
space:
mode:
authorKenny Woodson <kwoodson@redhat.com>2017-10-28 20:46:44 -0400
committerMichael Gugino <mgugino@redhat.com>2017-11-03 15:12:09 -0400
commit983fdade31c57654854cce3c5340e8bf5a7838e7 (patch)
tree5c94d39c8e802a0b88451bd36efd8947be858588 /roles/openshift_master
parentadb5c51666dfe7c6b93c7bd7c87b339ef2a27f5b (diff)
downloadopenshift-983fdade31c57654854cce3c5340e8bf5a7838e7.tar.gz
openshift-983fdade31c57654854cce3c5340e8bf5a7838e7.tar.bz2
openshift-983fdade31c57654854cce3c5340e8bf5a7838e7.tar.xz
openshift-983fdade31c57654854cce3c5340e8bf5a7838e7.zip
Bootstrap enhancements.
Diffstat (limited to 'roles/openshift_master')
-rw-r--r--roles/openshift_master/defaults/main.yml7
-rw-r--r--roles/openshift_master/tasks/bootstrap.yml67
-rw-r--r--roles/openshift_master/tasks/bootstrap_settings.yml14
-rw-r--r--roles/openshift_master/tasks/main.yml13
4 files changed, 20 insertions, 81 deletions
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index fe78dea66..4acac7923 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -26,7 +26,6 @@ default_r_openshift_master_os_firewall_allow:
cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}"
-
# oreg_url is defined by user input
oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker"
@@ -60,7 +59,7 @@ r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_p
openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}"
openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}"
-openshift_master_config_dir_default: "{{ (openshift.common.config_base | default('/etc/origin/master')) ~ '/master' }}"
+openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}"
openshift_master_config_dir: "{{ openshift_master_config_dir_default }}"
openshift_master_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}"
@@ -71,8 +70,6 @@ openshift_master_node_config_kubeletargs_mem: 512M
openshift_master_bootstrap_enabled: False
-openshift_master_client_binary: "{{ openshift.common.client_binary if openshift is defined else 'oc' }}"
-
openshift_master_config_imageconfig_format: "{{ openshift.node.registry_url }}"
# these are for the default settings in a generated node-config.yaml
@@ -144,3 +141,5 @@ openshift_master_node_configs:
- "{{ openshift_master_node_config_compute }}"
openshift_master_bootstrap_namespace: openshift-node
+openshift_master_csr_sa: node-bootstrapper
+openshift_master_csr_namespace: openshift-infra
diff --git a/roles/openshift_master/tasks/bootstrap.yml b/roles/openshift_master/tasks/bootstrap.yml
index f837a8bae..ce55e7d0c 100644
--- a/roles/openshift_master/tasks/bootstrap.yml
+++ b/roles/openshift_master/tasks/bootstrap.yml
@@ -2,7 +2,8 @@
# TODO: create a module for this command.
# oc_serviceaccounts_kubeconfig
- name: create service account kubeconfig with csr rights
- command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra"
+ command: >
+ oc serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }}
register: kubeconfig_out
until: kubeconfig_out.rc == 0
retries: 24
@@ -12,67 +13,3 @@
copy:
content: "{{ kubeconfig_out.stdout }}"
dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"
-
-- name: create a temp dir for this work
- command: mktemp -d /tmp/openshift_node_config-XXXXXX
- register: mktempout
- run_once: true
-
-# This generate is so that we do not have to maintain
-# our own copy of the template. This is generated by
-# the product and the following settings will be
-# generated by the master
-- name: generate a node-config dynamically
- command: >
- {{ openshift_master_client_binary }} adm create-node-config
- --node-dir={{ mktempout.stdout }}/
- --node=CONFIGMAP
- --hostnames=test
- --dns-ip=0.0.0.0
- --certificate-authority={{ openshift_master_config_dir }}/ca.crt
- --signer-cert={{ openshift_master_config_dir }}/ca.crt
- --signer-key={{ openshift_master_config_dir }}/ca.key
- --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt
- --node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt
- register: configgen
- run_once: true
-
-- name: remove the default settings
- yedit:
- state: "{{ item.state | default('present') }}"
- src: "{{ mktempout.stdout }}/node-config.yaml"
- key: "{{ item.key }}"
- value: "{{ item.value | default(omit) }}"
- with_items: "{{ openshift_master_node_config_default_edits }}"
- run_once: true
-
-- name: copy the generated config into each group
- copy:
- src: "{{ mktempout.stdout }}/node-config.yaml"
- remote_src: true
- dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
- with_items: "{{ openshift_master_node_configs }}"
- run_once: true
-
-- name: "specialize the generated configs for node-config-{{ item.type }}"
- yedit:
- src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
- edits: "{{ item.edits }}"
- with_items: "{{ openshift_master_node_configs }}"
- run_once: true
-
-- name: create node-config.yaml configmap
- oc_configmap:
- name: "node-config-{{ item.type }}"
- namespace: "{{ openshift_master_bootstrap_namespace }}"
- from_file:
- node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
- with_items: "{{ openshift_master_node_configs }}"
- run_once: true
-
-- name: remove templated files
- file:
- dest: "{{ mktempout.stdout }}/"
- state: absent
- with_items: "{{ openshift_master_node_configs }}"
- run_once: true
diff --git a/roles/openshift_master/tasks/bootstrap_settings.yml b/roles/openshift_master/tasks/bootstrap_settings.yml
new file mode 100644
index 000000000..cbd7f587b
--- /dev/null
+++ b/roles/openshift_master/tasks/bootstrap_settings.yml
@@ -0,0 +1,14 @@
+---
+- name: modify controller args
+ yedit:
+ src: /etc/origin/master/master-config.yaml
+ edits:
+ - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file
+ value:
+ - /etc/origin/master/ca.crt
+ - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file
+ value:
+ - /etc/origin/master/ca.key
+ notify:
+ - restart master controllers
+ when: openshift_master_bootstrap_enabled | default(False)
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 48b34c578..c7c02d49b 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -218,18 +218,7 @@
- restart master api
- restart master controllers
-- name: modify controller args
- yedit:
- src: /etc/origin/master/master-config.yaml
- edits:
- - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file
- value:
- - /etc/origin/master/ca.crt
- - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file
- value:
- - /etc/origin/master/ca.key
- notify:
- - restart master controllers
+- include: bootstrap_settings.yml
when: openshift_master_bootstrap_enabled | default(False)
- include: set_loopback_context.yml