diff options
46 files changed, 190 insertions, 363 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 259ab3192..a7076c210 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.7.0-0.123.0 ./ +3.7.0-0.125.0 ./ @@ -55,7 +55,7 @@ you are not running a stable release. *** Requirements: - - Ansible >= 2.2.2.0 + - Ansible >= 2.3.0.0 - Jinja >= 2.7 - pyOpenSSL - python-lxml diff --git a/callback_plugins/aa_version_requirement.py b/callback_plugins/aa_version_requirement.py index 20bdd9056..9562adb28 100644 --- a/callback_plugins/aa_version_requirement.py +++ b/callback_plugins/aa_version_requirement.py @@ -29,7 +29,7 @@ else: # Set to minimum required Ansible version -REQUIRED_VERSION = '2.2.2.0' +REQUIRED_VERSION = '2.3.0.0' DESCRIPTION = "Supported versions: %s or newer" % REQUIRED_VERSION diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 0692114d3..095f43dd8 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -10,14 +10,14 @@ Name: openshift-ansible Version: 3.7.0 -Release: 0.123.0%{?dist} +Release: 0.125.0%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible Source0: https://github.com/openshift/openshift-ansible/archive/%{commit}/%{name}-%{version}.tar.gz BuildArch: noarch -Requires: ansible >= 2.2.2.0 +Requires: ansible >= 2.3 Requires: python2 Requires: python-six Requires: tar @@ -280,6 +280,33 @@ Atomic OpenShift Utilities includes %changelog +* Tue Sep 05 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.125.0 +- + +* Tue Sep 05 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.124.0 +- Fix ansible_syntax check (rteague@redhat.com) +- Standardize etcd entry point playbooks (rteague@redhat.com) +- Adding deprecation checks to ansible_syntax (rteague@redhat.com) +- Break out master config into stand-alone playbook (rteague@redhat.com) +- Move all-in-one fail check to evaluate_groups.yml (rteague@redhat.com) +- Break out node config into stand-alone playbook (rteague@redhat.com) +- Adding another default to protect against missing name/desc + (kwoodson@redhat.com) +- Removed dns role (mgugino@redhat.com) +- Fix typo in variable names for glusterfs firewall configuration + (bacek@bacek.com) +- disk_availability: fix bug where msg is overwritten (lmeyer@redhat.com) +- Added firwall defaults to etcd role. (kwoodson@redhat.com) +- Remove meta depends from clock (mgugino@redhat.com) +- Only run migrate auth for < 3.7 (rteague@redhat.com) +- Fix openshift_master upgrade (mgugino@redhat.com) +- Merging openshift_node with openshift bootstrap. (kwoodson@redhat.com) +- Test: Fail on entry point playbooks in common (rteague@redhat.com) +- Bug 1467265 - logging: add 'purge' option with uninstall + (jwozniak@redhat.com) +- openshift_checks: ignore hidden files in checks dir + (miciah.masters@gmail.com) + * Wed Aug 30 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.123.0 - diff --git a/playbooks/byo/openshift-etcd/config.yml b/playbooks/byo/openshift-etcd/config.yml index dd3f47a4d..1342bd60c 100644 --- a/playbooks/byo/openshift-etcd/config.yml +++ b/playbooks/byo/openshift-etcd/config.yml @@ -1,14 +1,6 @@ --- - include: ../openshift-cluster/initialize_groups.yml - tags: - - always - include: ../../common/openshift-cluster/std_include.yml - tags: - - always - include: ../../common/openshift-etcd/config.yml - vars: - openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_debug_level: "{{ debug_level | default(2) }}" - openshift_deployment_subtype: "{{ deployment_subtype | default(none) }}" diff --git a/playbooks/byo/openshift-etcd/migrate.yml b/playbooks/byo/openshift-etcd/migrate.yml index 143016159..2dec2bef6 100644 --- a/playbooks/byo/openshift-etcd/migrate.yml +++ b/playbooks/byo/openshift-etcd/migrate.yml @@ -1,8 +1,6 @@ --- - include: ../openshift-cluster/initialize_groups.yml - tags: - - always + +- include: ../../common/openshift-cluster/std_include.yml - include: ../../common/openshift-etcd/migrate.yml - tags: - - always diff --git a/playbooks/byo/openshift-etcd/restart.yml b/playbooks/byo/openshift-etcd/restart.yml index d43533641..034bba4b4 100644 --- a/playbooks/byo/openshift-etcd/restart.yml +++ b/playbooks/byo/openshift-etcd/restart.yml @@ -1,10 +1,6 @@ --- - include: ../openshift-cluster/initialize_groups.yml - tags: - - always - include: ../../common/openshift-cluster/std_include.yml - tags: - - always - include: ../../common/openshift-etcd/restart.yml diff --git a/playbooks/byo/openshift-etcd/scaleup.yml b/playbooks/byo/openshift-etcd/scaleup.yml index c35fd9f37..a2a5856a9 100644 --- a/playbooks/byo/openshift-etcd/scaleup.yml +++ b/playbooks/byo/openshift-etcd/scaleup.yml @@ -1,8 +1,6 @@ --- - include: ../openshift-cluster/initialize_groups.yml -- include: ../../common/openshift-cluster/evaluate_groups.yml +- include: ../../common/openshift-cluster/std_include.yml + - include: ../../common/openshift-etcd/scaleup.yml - vars: - openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-master/config.yml b/playbooks/byo/openshift-master/config.yml new file mode 100644 index 000000000..98be0c448 --- /dev/null +++ b/playbooks/byo/openshift-master/config.yml @@ -0,0 +1,6 @@ +--- +- include: ../openshift-cluster/initialize_groups.yml + +- include: ../../common/openshift-cluster/std_include.yml + +- include: ../../common/openshift-master/config.yml diff --git a/playbooks/byo/openshift-master/restart.yml b/playbooks/byo/openshift-master/restart.yml index 7988863f3..8950efd00 100644 --- a/playbooks/byo/openshift-master/restart.yml +++ b/playbooks/byo/openshift-master/restart.yml @@ -1,10 +1,6 @@ --- - include: ../openshift-cluster/initialize_groups.yml - tags: - - always - include: ../../common/openshift-cluster/std_include.yml - tags: - - always - include: ../../common/openshift-master/restart.yml diff --git a/playbooks/byo/openshift-node/config.yml b/playbooks/byo/openshift-node/config.yml new file mode 100644 index 000000000..839dc36ff --- /dev/null +++ b/playbooks/byo/openshift-node/config.yml @@ -0,0 +1,6 @@ +--- +- include: ../openshift-cluster/initialize_groups.yml + +- include: ../../common/openshift-cluster/std_include.yml + +- include: ../../common/openshift-node/config.yml diff --git a/playbooks/byo/openshift-node/restart.yml b/playbooks/byo/openshift-node/restart.yml index 92665d71d..ccf9e82da 100644 --- a/playbooks/byo/openshift-node/restart.yml +++ b/playbooks/byo/openshift-node/restart.yml @@ -1,10 +1,6 @@ --- - include: ../openshift-cluster/initialize_groups.yml - tags: - - always - include: ../../common/openshift-cluster/std_include.yml - tags: - - always - include: ../../common/openshift-node/restart.yml diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml index 0225623c6..e0c36fb69 100644 --- a/playbooks/byo/openshift-node/scaleup.yml +++ b/playbooks/byo/openshift-node/scaleup.yml @@ -16,9 +16,4 @@ - include: ../../common/openshift-cluster/std_include.yml -- include: ../../common/openshift-node/scaleup.yml - vars: - openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_debug_level: "{{ debug_level | default(2) }}" - openshift_master_etcd_hosts: "{{ groups.etcd | default([]) }}" - openshift_master_etcd_port: 2379 +- include: ../../common/openshift-node/config.yml diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 26b27ba39..5f420a76c 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -18,29 +18,11 @@ - docker_image_availability - docker_storage -- hosts: localhost - tasks: - - fail: - msg: No etcd hosts defined. Running an all-in-one master is deprecated and will no longer be supported in a future upgrade. - when: groups.oo_etcd_to_config | default([]) | length == 0 and not openshift_master_unsupported_all_in_one | default(False) - - include: initialize_oo_option_facts.yml tags: - always -- name: Disable excluders - hosts: oo_masters_to_config:oo_nodes_to_config - tags: - - always - gather_facts: no - roles: - - role: openshift_excluder - r_openshift_excluder_action: disable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - - include: ../openshift-etcd/config.yml - tags: - - etcd - include: ../openshift-nfs/config.yml tags: @@ -51,12 +33,6 @@ - loadbalancer - include: ../openshift-master/config.yml - tags: - - master - -- include: additional_config.yml - tags: - - master - include: ../openshift-node/config.yml tags: @@ -75,13 +51,3 @@ - openshift_enable_service_catalog | default(false) | bool tags: - servicecatalog - -- name: Re-enable excluder if it was previously enabled - hosts: oo_masters_to_config:oo_nodes_to_config - tags: - - always - gather_facts: no - roles: - - role: openshift_excluder - r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index a1ae14a1f..c9f37109b 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -33,13 +33,22 @@ - name: Evaluate groups - g_nfs_hosts is single host fail: msg: The nfs group must be limited to one host - when: (groups[g_nfs_hosts] | default([])) | length > 1 + when: g_nfs_hosts | default([]) | length > 1 - name: Evaluate groups - g_glusterfs_hosts required fail: msg: This playbook requires g_glusterfs_hosts to be set when: g_glusterfs_hosts is not defined + - name: Evaluate groups - Fail if no etcd hosts group is defined + fail: + msg: > + No etcd hosts defined. Running an all-in-one master is deprecated and + will no longer be supported in a future upgrade. + when: + - g_etcd_hosts | default([]) | length == 0 + - not openshift_master_unsupported_all_in_one | default(False) + - name: Evaluate oo_all_hosts add_host: name: "{{ item }}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml index 136ad5362..f76fc68d1 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml @@ -15,6 +15,7 @@ - name: Confirm OpenShift authorization objects are in sync command: > {{ openshift.common.client_binary }} adm migrate authorization + when: not openshift.common.version_gte_3_7 | bool changed_when: false register: l_oc_result until: l_oc_result.rc == 0 diff --git a/playbooks/common/openshift-etcd/migrate.yml b/playbooks/common/openshift-etcd/migrate.yml index 311ff84b6..a2af7bb21 100644 --- a/playbooks/common/openshift-etcd/migrate.yml +++ b/playbooks/common/openshift-etcd/migrate.yml @@ -1,22 +1,12 @@ --- -- include: ../openshift-cluster/evaluate_groups.yml - tags: - - always - - name: Run pre-checks hosts: oo_etcd_to_migrate - tags: - - always roles: - role: etcd_migrate r_etcd_migrate_action: check r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" etcd_peer: "{{ ansible_default_ipv4.address }}" -- include: ../openshift-cluster/initialize_facts.yml - tags: - - always - # TODO: This will be different for release-3.6 branch - name: Prepare masters for etcd data migration hosts: oo_masters_to_config @@ -36,8 +26,6 @@ - name: Backup v2 data hosts: oo_etcd_to_migrate gather_facts: no - tags: - - always roles: - role: openshift_facts - role: etcd_common @@ -66,8 +54,6 @@ - name: Stop etcd hosts: oo_etcd_to_migrate gather_facts: no - tags: - - always pre_tasks: - set_fact: l_etcd_service: "{{ 'etcd_container' if openshift.common.is_containerized else 'etcd' }}" @@ -79,8 +65,6 @@ - name: Migrate data on first etcd hosts: oo_etcd_to_migrate[0] gather_facts: no - tags: - - always roles: - role: etcd_migrate r_etcd_migrate_action: migrate @@ -92,8 +76,6 @@ - name: Clean data stores on remaining etcd hosts hosts: oo_etcd_to_migrate[1:] gather_facts: no - tags: - - always roles: - role: etcd_migrate r_etcd_migrate_action: clean_data diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-master/additional_config.yml index c0ea93d2c..c0ea93d2c 100644 --- a/playbooks/common/openshift-cluster/additional_config.yml +++ b/playbooks/common/openshift-master/additional_config.yml diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index cd25dd211..b29b9ef4f 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -1,4 +1,12 @@ --- +- name: Disable excluders + hosts: oo_masters_to_config + gather_facts: no + roles: + - role: openshift_excluder + r_openshift_excluder_action: disable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" + - name: Gather and set facts for master hosts hosts: oo_masters_to_config vars: @@ -208,3 +216,14 @@ - name: Create group for deployment type group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }} changed_when: False + +- include: additional_config.yml + when: not g_openshift_master_is_scaleup + +- name: Re-enable excluder if it was previously enabled + hosts: oo_masters_to_config + gather_facts: no + roles: + - role: openshift_excluder + r_openshift_excluder_action: enable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index 6ad4cde65..17f9ef4bc 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -43,28 +43,8 @@ delay: 1 changed_when: false -- name: Disable excluders - hosts: oo_masters_to_config - tags: - - always - gather_facts: no - roles: - - role: openshift_excluder - r_openshift_excluder_action: disable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - - include: ../openshift-master/config.yml - include: ../openshift-loadbalancer/config.yml - include: ../openshift-node/config.yml - -- name: Re-enable excluder if it was previously enabled - hosts: oo_masters_to_config - tags: - - always - gather_facts: no - roles: - - role: openshift_excluder - r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 04c811c22..c13417714 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -1,4 +1,12 @@ --- +- name: Disable excluders + hosts: oo_nodes_to_config + gather_facts: no + roles: + - role: openshift_excluder + r_openshift_excluder_action: disable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" + - name: Evaluate node groups hosts: localhost become: no @@ -78,3 +86,11 @@ - name: Create group for deployment type group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }} changed_when: False + +- name: Re-enable excluder if it was previously enabled + hosts: oo_nodes_to_config + gather_facts: no + roles: + - role: openshift_excluder + r_openshift_excluder_action: enable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" diff --git a/playbooks/common/openshift-node/scaleup.yml b/playbooks/common/openshift-node/scaleup.yml deleted file mode 100644 index b1bbbb14c..000000000 --- a/playbooks/common/openshift-node/scaleup.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Disable excluders - hosts: oo_nodes_to_config - tags: - - always - gather_facts: no - roles: - - role: openshift_excluder - r_openshift_excluder_action: disable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - -- include: ../openshift-node/config.yml - -- name: Re-enable excluder if it was previously enabled - hosts: oo_nodes_to_config - tags: - - always - gather_facts: no - roles: - - role: openshift_excluder - r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" diff --git a/roles/dns/README.md b/roles/dns/README.md deleted file mode 100644 index 9a88ce97c..000000000 --- a/roles/dns/README.md +++ /dev/null @@ -1,45 +0,0 @@ -dns -=== - -Configure a DNS server serving IPs of all the nodes of the cluster - -Requirements ------------- - -Ansible 2.2 - -Role Variables --------------- - -| Name | Mandatory / Optional | Description | -|------|----------------------|-------------| -| `dns_zones` | Mandatory | DNS zones in which we must find the hosts | -| `dns_forwarders` | If not set, the DNS will be a recursive non-forwarding DNS server | DNS forwarders to delegate the requests for hosts outside of `dns_zones` | -| `dns_all_hosts` | Mandatory | Exhaustive list of hosts | -| `base_docker_image` | Optional | Base docker image to build Bind image from, used only in containerized deployments | - -Dependencies ------------- - -None - -Example Playbook ----------------- - - - hosts: dns_hosts - roles: - - role: dns - dns_forwarders: [ '8.8.8.8', '8.8.4.4' ] - dns_zones: [ novalocal, openstacklocal ] - dns_all_hosts: "{{ g_all_hosts }}" - base_docker_image: 'centos:centos7' - -License -------- - -ASL 2.0 - -Author Information ------------------- - -OpenShift operations, Red Hat, Inc diff --git a/roles/dns/defaults/main.yml b/roles/dns/defaults/main.yml deleted file mode 100644 index 82055c8cd..000000000 --- a/roles/dns/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -base_docker_image: "{{ 'centos:centos7' if openshift.common.deployment_type == 'origin' else 'rhel7' }}" diff --git a/roles/dns/handlers/main.yml b/roles/dns/handlers/main.yml deleted file mode 100644 index 61fd7a10e..000000000 --- a/roles/dns/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart bind - systemd: - name: named - state: restarted diff --git a/roles/dns/meta/main.yml b/roles/dns/meta/main.yml deleted file mode 100644 index 64d56114e..000000000 --- a/roles/dns/meta/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -galaxy_info: - author: Lénaïc Huard - description: Deploy and configure a DNS server - company: Amadeus SAS - license: ASL 2.0 - min_ansible_version: 2.2 -dependencies: -- { role: openshift_facts } diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml deleted file mode 100644 index c5ab53b4d..000000000 --- a/roles/dns/tasks/main.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- name: Install Bind - package: name=bind state=present - when: not openshift.common.is_containerized | bool - -- name: Create docker build dir - file: path=/tmp/dockerbuild state=directory - when: openshift.common.is_containerized | bool - -- name: Install dockerfile - template: - dest: "/tmp/dockerbuild/Dockerfile" - src: Dockerfile - when: openshift.common.is_containerized | bool - -- name: Build Bind image - docker_image: path="/tmp/dockerbuild" name="bind" state=present - when: openshift.common.is_containerized | bool - -- name: Install bind service file - template: - dest: "/etc/systemd/system/named.service" - src: named.service.j2 - when: openshift.common.is_containerized | bool - -- name: Create bind zone dir - file: path=/var/named state=directory - when: openshift.common.is_containerized | bool - -- name: Configure Bind - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - src: openshift-cluster.zone - dest: /var/named/openshift-cluster.zone - - src: named.conf - dest: /etc/named.conf - notify: restart bind - -- name: Enable Bind - systemd: - name: named - state: started - enabled: yes - daemon_reload: yes diff --git a/roles/dns/templates/Dockerfile b/roles/dns/templates/Dockerfile deleted file mode 100644 index cdff0a228..000000000 --- a/roles/dns/templates/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM {{ base_docker_image }} -MAINTAINER Jan Provaznik <jprovazn@redhat.com> - -# install main packages: -RUN yum -y update; yum clean all; -RUN yum -y install bind-utils bind - -EXPOSE 53 - -# start services: -CMD ["/usr/sbin/named", "-f"] diff --git a/roles/dns/templates/named.conf b/roles/dns/templates/named.conf deleted file mode 100644 index 22c1ff935..000000000 --- a/roles/dns/templates/named.conf +++ /dev/null @@ -1,23 +0,0 @@ -options -{ - directory "/var/named"; - - allow-query { {{ ansible_default_ipv4.network }}/24; }; - - recursion yes; - -{% if dns_forwarders is defined %} - forwarders { - {% for dns in dns_forwarders %} - {{ dns }}; - {% endfor %} - }; -{% endif %} -}; -{% for zone in dns_zones %} - -zone "{{ zone }}" IN { - type master; - file "openshift-cluster.zone"; -}; -{% endfor %} diff --git a/roles/dns/templates/named.service.j2 b/roles/dns/templates/named.service.j2 deleted file mode 100644 index 6e0a7a640..000000000 --- a/roles/dns/templates/named.service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Requires={{ openshift.docker.service_name }}.service -After={{ openshift.docker.service_name }}.service -PartOf={{ openshift.docker.service_name }}.service - -[Service] -Type=simple -TimeoutStartSec=5m -ExecStartPre=/usr/bin/docker run --rm -v /etc/named.conf:/etc/named.conf -v /var/named:/var/named:z bind named-checkconf -z /etc/named.conf -ExecStartPre=-/usr/bin/docker rm -f bind -ExecStart=/usr/bin/docker run --name bind -p 53:53/udp -v /var/log:/var/log -v /etc/named.conf:/etc/named.conf -v /var/named:/var/named:z bind -ExecStop=/usr/bin/docker stop bind - -[Install] -WantedBy={{ openshift.docker.service_name }}.service diff --git a/roles/dns/templates/openshift-cluster.zone b/roles/dns/templates/openshift-cluster.zone deleted file mode 100644 index 03f5dc089..000000000 --- a/roles/dns/templates/openshift-cluster.zone +++ /dev/null @@ -1,14 +0,0 @@ -$TTL 1d -@ IN SOA {{ ansible_hostname }} openshift ( - {{ ansible_date_time.epoch }} ; Serial (To be fixed before 2039) - 12h ; Refresh - 3m ; Retry - 4w ; Expire - 3h ; TTL for negative replies - ) - - IN NS {{ ansible_hostname }} -{{ ansible_hostname }} IN A {{ ansible_default_ipv4.address }} -{% for host in dns_all_hosts %} -{{ hostvars[host].ansible_hostname }} IN A {{ hostvars[host]['ansible_default_ipv4'].address }} -{% endfor %} diff --git a/roles/lib_openshift/library/oc_atomic_container.py b/roles/lib_openshift/library/oc_atomic_container.py index 955c6313e..79bd08f4e 100644 --- a/roles/lib_openshift/library/oc_atomic_container.py +++ b/roles/lib_openshift/library/oc_atomic_container.py @@ -83,7 +83,7 @@ def _install(module, container, image, values_list): if rc != 0: return rc, out, err, False else: - changed = "Extracting" in out + changed = "Extracting" in out or "Copying blob" in out return rc, out, err, changed def _uninstall(module, name): @@ -127,7 +127,7 @@ def do_update(module, container, old_image, image, values_list): if rc != 0: module.fail_json(rc=rc, msg=err) else: - changed = "Extracting" in out + changed = "Extracting" in out or "Copying blob" in out module.exit_json(msg=out, changed=changed) diff --git a/roles/lib_openshift/src/ansible/oc_atomic_container.py b/roles/lib_openshift/src/ansible/oc_atomic_container.py index 7b81760df..454d7c4b2 100644 --- a/roles/lib_openshift/src/ansible/oc_atomic_container.py +++ b/roles/lib_openshift/src/ansible/oc_atomic_container.py @@ -19,7 +19,7 @@ def _install(module, container, image, values_list): if rc != 0: return rc, out, err, False else: - changed = "Extracting" in out + changed = "Extracting" in out or "Copying blob" in out return rc, out, err, changed def _uninstall(module, name): @@ -63,7 +63,7 @@ def do_update(module, container, old_image, image, values_list): if rc != 0: module.fail_json(rc=rc, msg=err) else: - changed = "Extracting" in out + changed = "Extracting" in out or "Copying blob" in out module.exit_json(msg=out, changed=changed) diff --git a/roles/openshift_clock/defaults/main.yml b/roles/openshift_clock/defaults/main.yml new file mode 100644 index 000000000..a94f67199 --- /dev/null +++ b/roles/openshift_clock/defaults/main.yml @@ -0,0 +1,2 @@ +--- +openshift_clock_enabled: True diff --git a/roles/openshift_clock/meta/main.yml b/roles/openshift_clock/meta/main.yml index 3e175beb0..d1e86d826 100644 --- a/roles/openshift_clock/meta/main.yml +++ b/roles/openshift_clock/meta/main.yml @@ -11,5 +11,4 @@ galaxy_info: - 7 categories: - cloud -dependencies: -- { role: openshift_facts } +dependencies: [] diff --git a/roles/openshift_clock/tasks/main.yaml b/roles/openshift_clock/tasks/main.yaml index 3911201ea..f8b02524a 100644 --- a/roles/openshift_clock/tasks/main.yaml +++ b/roles/openshift_clock/tasks/main.yaml @@ -1,14 +1,15 @@ --- -- name: Set clock facts - openshift_facts: - role: clock - local_facts: - enabled: "{{ openshift_clock_enabled | default(None) }}" +- name: Determine if chrony is installed + command: rpm -q chrony + failed_when: false + register: chrony_installed - name: Install ntp package package: name=ntp state=present - when: openshift.clock.enabled | bool and not openshift.clock.chrony_installed | bool + when: + - openshift_clock_enabled | bool + - chrony_installed.rc != 0 - name: Start and enable ntpd/chronyd - shell: timedatectl set-ntp true - when: openshift.clock.enabled | bool + command: timedatectl set-ntp true + when: openshift_clock_enabled | bool diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 251d1dfb4..cf78b4a75 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1909,7 +1909,6 @@ class OpenShiftFacts(object): """ known_roles = ['builddefaults', 'buildoverrides', - 'clock', 'cloudprovider', 'common', 'docker', @@ -2099,13 +2098,6 @@ class OpenShiftFacts(object): docker['service_name'] = 'docker' defaults['docker'] = docker - if 'clock' in roles: - exit_code, _, _ = module.run_command(['rpm', '-q', 'chrony']) # noqa: F405 - chrony_installed = bool(exit_code == 0) - defaults['clock'] = dict( - enabled=True, - chrony_installed=chrony_installed) - if 'cloudprovider' in roles: defaults['cloudprovider'] = dict(kind=None) diff --git a/roles/openshift_health_checker/openshift_checks/__init__.py b/roles/openshift_health_checker/openshift_checks/__init__.py index 07ec6f7ef..02ee1d0f9 100644 --- a/roles/openshift_health_checker/openshift_checks/__init__.py +++ b/roles/openshift_health_checker/openshift_checks/__init__.py @@ -242,7 +242,7 @@ def load_checks(path=None, subpkg=""): modules = modules + load_checks(os.path.join(path, name), subpkg + "." + name) continue - if name.endswith(".py") and name not in LOADER_EXCLUDES: + if name.endswith(".py") and not name.startswith(".") and name not in LOADER_EXCLUDES: modules.append(import_module(__package__ + subpkg + "." + name[:-3])) return modules diff --git a/roles/openshift_health_checker/openshift_checks/disk_availability.py b/roles/openshift_health_checker/openshift_checks/disk_availability.py index 6d1dea9ce..f302fd14b 100644 --- a/roles/openshift_health_checker/openshift_checks/disk_availability.py +++ b/roles/openshift_health_checker/openshift_checks/disk_availability.py @@ -115,10 +115,7 @@ class DiskAvailability(OpenShiftCheck): return { 'failed': True, - 'msg': ( - 'Available disk space in "{}" ({:.1f} GB) ' - 'is below minimum recommended ({:.1f} GB)' - ).format(path, free_gb, recommended_gb) + 'msg': msg, } return {} diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index 70aef02cd..f283261c4 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -15,12 +15,11 @@ to the list of persisted [node labels](https://docs.openshift.org/latest/install ###Required vars: - `openshift_logging_install_logging`: When `True` the `openshift_logging` role will install Aggregated Logging. -- `openshift_logging_upgrade_logging`: When `True` the `openshift_logging` role will upgrade Aggregated Logging. -When both `openshift_logging_install_logging` and `openshift_logging_upgrade_logging` are `False` the `openshift_logging` role will uninstall Aggregated Logging. +When `openshift_logging_install_logging` is set to `False` the `openshift_logging` role will uninstall Aggregated Logging. ###Optional vars: - +- `openshift_logging_purge_logging`: When `openshift_logging_install_logging` is set to 'False' to trigger uninstalation and `openshift_logging_purge_logging` is set to 'True', it will completely and irreversibly remove all logging persistent data including PVC. Defaults to 'False'. - `openshift_logging_image_prefix`: The prefix for the logging images to use. Defaults to 'docker.io/openshift/origin-'. - `openshift_logging_curator_image_prefix`: Setting the image prefix for Curator image. Defaults to `openshift_logging_image_prefix`. - `openshift_logging_elasticsearch_image_prefix`: Setting the image prefix for Elasticsearch image. Defaults to `openshift_logging_image_prefix`. diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index f07d7e6da..716f0e002 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -8,6 +8,7 @@ openshift_logging_labels: {} openshift_logging_label_key: "" openshift_logging_label_value: "" openshift_logging_install_logging: True +openshift_logging_purge_logging: False openshift_logging_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" openshift_logging_curator_default_days: 30 diff --git a/roles/openshift_logging/tasks/annotate_ops_projects.yaml b/roles/openshift_logging/tasks/annotate_ops_projects.yaml index d4b33616a..fcb4c94d3 100644 --- a/roles/openshift_logging/tasks/annotate_ops_projects.yaml +++ b/roles/openshift_logging/tasks/annotate_ops_projects.yaml @@ -14,4 +14,4 @@ content: metadata#annotations#openshift.io/logging.ui.hostname: "{{ openshift_logging_kibana_ops_hostname }}" with_items: "{{ __logging_ops_projects.results }}" - when: "{{ item.results.stderr is not defined }}" + when: item.results.stderr is not defined diff --git a/roles/openshift_logging/tasks/delete_logging.yaml b/roles/openshift_logging/tasks/delete_logging.yaml index 6d023a02d..45298e345 100644 --- a/roles/openshift_logging/tasks/delete_logging.yaml +++ b/roles/openshift_logging/tasks/delete_logging.yaml @@ -14,6 +14,16 @@ - templates - ds +# return all persistent volume claims as well if purge is set +- name: delete logging pvc objects + oc_obj: + state: absent + kind: pvc + namespace: "{{ openshift_logging_namespace }}" + selector: "logging-infra" + when: + - openshift_logging_purge_logging | default(false) | bool + # delete the oauthclient - name: delete oauthclient kibana-proxy oc_obj: diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 6b3de4dba..f972c0fd9 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -12,7 +12,7 @@ - name: Create any additional repos that are defined yum_repository: - description: "{{ item.description | default(item.name) }}" + description: "{{ item.description | default(item.name | default(item.id)) }}" name: "{{ item.name | default(item.id) }}" baseurl: "{{ item.baseurl }}" gpgkey: "{{ item.gpgkey | default(omit)}}" diff --git a/roles/openshift_storage_glusterfs/defaults/main.yml b/roles/openshift_storage_glusterfs/defaults/main.yml index 8d21a3f27..0b3d3aef1 100644 --- a/roles/openshift_storage_glusterfs/defaults/main.yml +++ b/roles/openshift_storage_glusterfs/defaults/main.yml @@ -52,8 +52,8 @@ openshift_storage_glusterfs_registry_heketi_ssh_port: "{{ openshift_storage_glus openshift_storage_glusterfs_registry_heketi_ssh_user: "{{ openshift_storage_glusterfs_heketi_ssh_user }}" openshift_storage_glusterfs_registry_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_heketi_ssh_sudo }}" openshift_storage_glusterfs_registry_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_heketi_ssh_keyfile | default(omit) }}" -r_openshift_master_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" -r_openshift_master_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" +r_openshift_storage_glusterfs_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" +r_openshift_storage_glusterfs_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" r_openshift_storage_glusterfs_os_firewall_deny: [] r_openshift_storage_glusterfs_os_firewall_allow: - service: glusterfs_sshd @@ -29,6 +29,7 @@ def find_files(base_dir, exclude_dirs, include_dirs, file_regex): if exclude_dirs is not None: exclude_regex = r'|'.join([fnmatch.translate(x) for x in exclude_dirs]) or r'$.' + # Don't use include_dirs, it is broken if include_dirs is not None: include_regex = r'|'.join([fnmatch.translate(x) for x in include_dirs]) or r'$.' @@ -47,6 +48,36 @@ def find_files(base_dir, exclude_dirs, include_dirs, file_regex): return found +def find_entrypoint_playbooks(): + '''find entry point playbooks as defined by openshift-ansible''' + playbooks = set() + included_playbooks = set() + + exclude_dirs = ['adhoc', 'tasks'] + for yaml_file in find_files( + os.path.join(os.getcwd(), 'playbooks'), + exclude_dirs, None, r'\.ya?ml$'): + with open(yaml_file, 'r') as contents: + for task in yaml.safe_load(contents) or {}: + if not isinstance(task, dict): + # Skip yaml files which are not a dictionary of tasks + continue + if 'include' in task: + # Add the playbook and capture included playbooks + playbooks.add(yaml_file) + included_file_name = task['include'].split()[0] + included_file = os.path.normpath( + os.path.join(os.path.dirname(yaml_file), + included_file_name)) + included_playbooks.add(included_file) + elif 'hosts' in task: + playbooks.add(yaml_file) + # Evaluate the difference between all playbooks and included playbooks + entrypoint_playbooks = sorted(playbooks.difference(included_playbooks)) + print('Entry point playbook count: {}'.format(len(entrypoint_playbooks))) + return entrypoint_playbooks + + class OpenShiftAnsibleYamlLint(Command): ''' Command to run yamllint ''' description = "Run yamllint tests" @@ -206,7 +237,7 @@ class OpenShiftAnsibleSyntaxCheck(Command): user_options = [] # Colors - FAIL = '\033[91m' # Red + FAIL = '\033[31m' # Red ENDC = '\033[0m' # Reset def initialize_options(self): @@ -221,43 +252,46 @@ class OpenShiftAnsibleSyntaxCheck(Command): ''' run command ''' has_errors = False - playbooks = set() - included_playbooks = set() + print('Ansible Deprecation Checks') + exclude_dirs = ['adhoc', 'files', 'meta', 'test', 'tests', 'vars', '.tox'] for yaml_file in find_files( - os.path.join(os.getcwd(), 'playbooks'), - ['adhoc', 'tasks'], - None, r'\.ya?ml$'): + os.getcwd(), exclude_dirs, None, r'\.ya?ml$'): with open(yaml_file, 'r') as contents: - for task in yaml.safe_load(contents): + for task in yaml.safe_load(contents) or {}: if not isinstance(task, dict): - # Skip yaml files which do not contain plays or includes + # Skip yaml files which are not a dictionary of tasks continue - if 'include' in task: - # Add the playbook and capture included playbooks - playbooks.add(yaml_file) - included_file_name = task['include'].split()[0] - included_file = os.path.normpath( - os.path.join(os.path.dirname(yaml_file), - included_file_name)) - included_playbooks.add(included_file) - elif 'hosts' in task: - playbooks.add(yaml_file) - # Evaluate the difference between all playbooks and included playbooks - entrypoint_playbooks = sorted(playbooks.difference(included_playbooks)) - print('Entry point playbook count: {}'.format(len(entrypoint_playbooks))) - - for playbook in entrypoint_playbooks: + if 'when' in task: + if '{{' in task['when'] or '{%' in task['when']: + print('{}Error: Usage of Jinja2 templating delimiters ' + 'in when conditions is deprecated in Ansible 2.3.\n' + ' File: {}\n' + ' Found: "{}"{}'.format( + self.FAIL, yaml_file, + task['when'], self.ENDC)) + has_errors = True + # TODO (rteague): This test will be enabled once we move to Ansible 2.4 + # if 'include' in task: + # print('{}Error: The `include` directive is deprecated in Ansible 2.4.\n' + # 'https://github.com/ansible/ansible/blob/devel/CHANGELOG.md\n' + # ' File: {}\n' + # ' Found: "include: {}"{}'.format( + # self.FAIL, yaml_file, task['include'], self.ENDC)) + # has_errors = True + + print('Ansible Playbook Entry Point Syntax Checks') + for playbook in find_entrypoint_playbooks(): print('-' * 60) print('Syntax checking playbook: {}'.format(playbook)) + # Error on any entry points in 'common' if 'common' in playbook: - # Error on any entry points in 'common' print('{}Invalid entry point playbook. All playbooks must' ' start in playbooks/byo{}'.format(self.FAIL, self.ENDC)) has_errors = True + # --syntax-check each entry point playbook else: - # Syntax check each entry point playbook try: subprocess.check_output( ['ansible-playbook', '-i localhost,', @@ -267,6 +301,7 @@ class OpenShiftAnsibleSyntaxCheck(Command): print('{}Execution failed: {}{}'.format( self.FAIL, cpe, self.ENDC)) has_errors = True + if has_errors: raise SystemExit(1) |