summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_master')
-rw-r--r--roles/openshift_master/defaults/main.yml6
-rw-r--r--roles/openshift_master/meta/main.yml1
-rw-r--r--roles/openshift_master/tasks/main.yml14
-rw-r--r--roles/openshift_master/tasks/registry_auth.yml2
-rw-r--r--roles/openshift_master/tasks/set_loopback_context.yml8
-rw-r--r--roles/openshift_master/tasks/system_container.yml6
-rw-r--r--roles/openshift_master/tasks/systemd_units.yml6
-rw-r--r--roles/openshift_master/tasks/upgrade.yml2
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master.j22
-rw-r--r--roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j22
-rw-r--r--roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j22
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j222
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j22
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j22
14 files changed, 41 insertions, 36 deletions
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index efd119299..5d292ffd0 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -7,6 +7,12 @@ openshift_master_debug_level: "{{ debug_level | default(2) }}"
r_openshift_master_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
r_openshift_master_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
+osm_image_default_dict:
+ origin: 'openshift/origin'
+ openshift-enterprise: 'openshift3/ose'
+osm_image_default: "{{ osm_image_default_dict[openshift_deployment_type] }}"
+osm_image: "{{ osm_image_default }}"
+
system_images_registry_dict:
openshift-enterprise: "registry.access.redhat.com"
origin: "docker.io"
diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml
index bf0cbbf18..3460efec9 100644
--- a/roles/openshift_master/meta/main.yml
+++ b/roles/openshift_master/meta/main.yml
@@ -14,5 +14,4 @@ galaxy_info:
dependencies:
- role: lib_openshift
- role: lib_utils
-- role: lib_os_firewall
- role: openshift_facts
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 7bfc870d5..eea1401b8 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -16,10 +16,10 @@
- name: Install Master package
package:
- name: "{{ openshift_service_type }}-master{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}"
+ name: "{{ openshift_service_type }}-master{{ openshift_pkg_version | default('') | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
state: present
when:
- - not openshift.common.is_containerized | bool
+ - not openshift_is_containerized | bool
register: result
until: result is succeeded
@@ -31,12 +31,12 @@
owner: root
group: root
when:
- - openshift.common.is_containerized | bool
+ - openshift_is_containerized | bool
- name: Reload systemd units
command: systemctl daemon-reload
when:
- - openshift.common.is_containerized | bool
+ - openshift_is_containerized | bool
- name: Re-gather package dependent master facts
openshift_facts:
@@ -48,7 +48,7 @@
- name: Create the policy file if it does not already exist
command: >
- {{ openshift.common.client_binary }} adm create-bootstrap-policy-file
+ {{ openshift_client_binary }} adm create-bootstrap-policy-file
--filename={{ openshift_master_policy }}
args:
creates: "{{ openshift_master_policy }}"
@@ -69,7 +69,7 @@
package: name=httpd-tools state=present
when:
- item.kind == 'HTPasswdPasswordIdentityProvider'
- - not openshift.common.is_atomic | bool
+ - not openshift_is_atomic | bool
with_items: "{{ openshift.master.identity_providers }}"
register: result
until: result is succeeded
@@ -164,7 +164,7 @@
- name: Install Master system container
include_tasks: system_container.yml
when:
- - openshift.common.is_containerized | bool
+ - openshift_is_containerized | bool
- l_is_master_system_container | bool
- name: Create session secrets file
diff --git a/roles/openshift_master/tasks/registry_auth.yml b/roles/openshift_master/tasks/registry_auth.yml
index 8b342a5b4..911a9bd3d 100644
--- a/roles/openshift_master/tasks/registry_auth.yml
+++ b/roles/openshift_master/tasks/registry_auth.yml
@@ -43,7 +43,7 @@
set_fact:
l_bind_docker_reg_auth: True
when:
- - openshift.common.is_containerized | bool
+ - openshift_is_containerized | bool
- oreg_auth_user is defined
- >
(master_oreg_auth_credentials_stat.stat.exists
diff --git a/roles/openshift_master/tasks/set_loopback_context.yml b/roles/openshift_master/tasks/set_loopback_context.yml
index 487fefb63..7e013a699 100644
--- a/roles/openshift_master/tasks/set_loopback_context.yml
+++ b/roles/openshift_master/tasks/set_loopback_context.yml
@@ -1,13 +1,13 @@
---
- name: Test local loopback context
command: >
- {{ openshift.common.client_binary }} config view
+ {{ openshift_client_binary }} config view
--config={{ openshift_master_loopback_config }}
changed_when: false
register: l_loopback_config
- command: >
- {{ openshift.common.client_binary }} config set-cluster
+ {{ openshift_client_binary }} config set-cluster
--certificate-authority={{ openshift_master_config_dir }}/ca.crt
--embed-certs=true --server={{ openshift.master.loopback_api_url }}
{{ openshift.master.loopback_cluster_name }}
@@ -17,7 +17,7 @@
register: set_loopback_cluster
- command: >
- {{ openshift.common.client_binary }} config set-context
+ {{ openshift_client_binary }} config set-context
--cluster={{ openshift.master.loopback_cluster_name }}
--namespace=default --user={{ openshift.master.loopback_user }}
{{ openshift.master.loopback_context_name }}
@@ -27,7 +27,7 @@
register: l_set_loopback_context
- command: >
- {{ openshift.common.client_binary }} config use-context {{ openshift.master.loopback_context_name }}
+ {{ openshift_client_binary }} config use-context {{ openshift.master.loopback_context_name }}
--config={{ openshift_master_loopback_config }}
when:
- l_set_loopback_context is changed
diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml
index f6c5ce0dd..dcbf7fd9f 100644
--- a/roles/openshift_master/tasks/system_container.yml
+++ b/roles/openshift_master/tasks/system_container.yml
@@ -2,7 +2,7 @@
- name: Pre-pull master system container image
command: >
- atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}
+ atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ osm_image }}:{{ openshift_image_tag }}
register: l_pull_result
changed_when: "'Pulling layer' in l_pull_result.stdout"
@@ -14,7 +14,7 @@
- name: Install or Update HA api master system container
oc_atomic_container:
name: "{{ openshift_service_type }}-master-api"
- image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
+ image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ osm_image }}:{{ openshift_image_tag }}"
state: latest
values:
- COMMAND=api
@@ -22,7 +22,7 @@
- name: Install or Update HA controller master system container
oc_atomic_container:
name: "{{ openshift_service_type }}-master-controllers"
- image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
+ image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ osm_image }}:{{ openshift_image_tag }}"
state: latest
values:
- COMMAND=controllers
diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml
index 1c9ecafaa..870ab7c57 100644
--- a/roles/openshift_master/tasks/systemd_units.yml
+++ b/roles/openshift_master/tasks/systemd_units.yml
@@ -7,7 +7,7 @@
containerized_svc_dir: "/etc/systemd/system"
ha_svc_template_path: "docker-cluster"
when:
- - openshift.common.is_containerized | bool
+ - openshift_is_containerized | bool
- include_tasks: registry_auth.yml
@@ -30,11 +30,11 @@
# This is the image used for both HA and non-HA clusters:
- name: Pre-pull master image
command: >
- docker pull {{ openshift.master.master_image }}:{{ openshift_image_tag }}
+ docker pull {{ osm_image }}:{{ openshift_image_tag }}
register: l_pull_result
changed_when: "'Downloaded newer image' in l_pull_result.stdout"
when:
- - openshift.common.is_containerized | bool
+ - openshift_is_containerized | bool
- not l_is_master_system_container | bool
- name: Create the ha systemd unit files
diff --git a/roles/openshift_master/tasks/upgrade.yml b/roles/openshift_master/tasks/upgrade.yml
index f84cf2f6e..f143673cf 100644
--- a/roles/openshift_master/tasks/upgrade.yml
+++ b/roles/openshift_master/tasks/upgrade.yml
@@ -1,6 +1,6 @@
---
- include_tasks: upgrade/rpm_upgrade.yml
- when: not openshift.common.is_containerized | bool
+ when: not openshift_is_containerized | bool
- include_tasks: upgrade/upgrade_scheduler.yml
diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2
index 3f7a528a9..4c68155ea 100644
--- a/roles/openshift_master/templates/atomic-openshift-master.j2
+++ b/roles/openshift_master/templates/atomic-openshift-master.j2
@@ -6,7 +6,7 @@ CONFIG_FILE={{ openshift_master_config_file }}
{% elif openshift_push_via_dns | default(false) %}
OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000
{% endif %}
-{% if openshift.common.is_containerized | bool %}
+{% if openshift_is_containerized | bool %}
IMAGE_VERSION={{ openshift_image_tag }}
{% endif %}
diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2
index 5e46d9121..a56c0340c 100644
--- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2
+++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2
@@ -21,7 +21,7 @@ ExecStart=/usr/bin/docker run --rm --privileged --net=host \
{% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} \
-v /etc/pki:/etc/pki:ro \
{% if l_bind_docker_reg_auth | default(False) %} -v {{ oreg_auth_credentials_path }}:/root/.docker:ro{% endif %}\
- {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api \
+ {{ osm_image }}:${IMAGE_VERSION} start master api \
--config=${CONFIG_FILE} $OPTIONS
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift_service_type }}-master-api
diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2
index 899575f1a..79171d511 100644
--- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2
+++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2
@@ -20,7 +20,7 @@ ExecStart=/usr/bin/docker run --rm --privileged --net=host \
{% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} \
-v /etc/pki:/etc/pki:ro \
{% if l_bind_docker_reg_auth | default(False) %} -v {{ oreg_auth_credentials_path }}:/root/.docker:ro{% endif %}\
- {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers \
+ {{ osm_image }}:${IMAGE_VERSION} start master controllers \
--config=${CONFIG_FILE} $OPTIONS
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift_service_type }}-master-controllers
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index f1a76e5f5..c224ad714 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -1,6 +1,6 @@
admissionConfig:
{% if 'admission_plugin_config' in openshift.master %}
- pluginConfig:{{ openshift.master.admission_plugin_config | to_padded_yaml(level=2) }}
+ pluginConfig:{{ openshift.master.admission_plugin_config | lib_utils_to_padded_yaml(level=2) }}
{% endif %}
apiLevels:
- v1
@@ -16,13 +16,13 @@ assetConfig:
metricsPublicURL: {{ openshift_hosted_metrics_deploy_url }}
{% endif %}
{% if 'extension_scripts' in openshift.master %}
- extensionScripts: {{ openshift.master.extension_scripts | to_padded_yaml(1, 2) }}
+ extensionScripts: {{ openshift.master.extension_scripts | lib_utils_to_padded_yaml(1, 2) }}
{% endif %}
{% if 'extension_stylesheets' in openshift.master %}
- extensionStylesheets: {{ openshift.master.extension_stylesheets | to_padded_yaml(1, 2) }}
+ extensionStylesheets: {{ openshift.master.extension_stylesheets | lib_utils_to_padded_yaml(1, 2) }}
{% endif %}
{% if 'extensions' in openshift.master %}
- extensions: {{ openshift.master.extensions | to_padded_yaml(1, 2) }}
+ extensions: {{ openshift.master.extensions | lib_utils_to_padded_yaml(1, 2) }}
{% endif %}
servingInfo:
bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }}
@@ -42,7 +42,7 @@ assetConfig:
{% endfor %}
{% endif %}
{% if openshift.master.audit_config | default(none) is not none %}
-auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }}
+auditConfig:{{ openshift.master.audit_config | lib_utils_to_padded_yaml(level=1) }}
{% endif %}
controllerConfig:
election:
@@ -85,7 +85,7 @@ imageConfig:
format: {{ openshift.master.registry_url }}
latest: {{ openshift_master_image_config_latest }}
{% if 'image_policy_config' in openshift.master %}
-imagePolicyConfig:{{ openshift.master.image_policy_config | to_padded_yaml(level=1) }}
+imagePolicyConfig:{{ openshift.master.image_policy_config | lib_utils_to_padded_yaml(level=1) }}
{% endif %}
kind: MasterConfig
kubeletClientInfo:
@@ -96,21 +96,21 @@ kubeletClientInfo:
port: 10250
{% if openshift.master.embedded_kube | bool %}
kubernetesMasterConfig:
- apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }}
+ apiServerArguments: {{ openshift.master.api_server_args | default(None) | lib_utils_to_padded_yaml( level=2 ) }}
{% if r_openshift_master_etcd3_storage or ( r_openshift_master_clean_install and openshift.common.version_gte_3_6 ) %}
storage-backend:
- etcd3
storage-media-type:
- application/vnd.kubernetes.protobuf
{% endif %}
- controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }}
+ controllerArguments: {{ openshift.master.controller_args | default(None) | lib_utils_to_padded_yaml( level=2 ) }}
masterCount: {{ openshift.master.master_count }}
masterIP: {{ openshift.common.ip }}
podEvictionTimeout: {{ openshift.master.pod_eviction_timeout | default("") }}
proxyClientInfo:
certFile: master.proxy-client.crt
keyFile: master.proxy-client.key
- schedulerArguments: {{ openshift_master_scheduler_args | default(None) | to_padded_yaml( level=3 ) }}
+ schedulerArguments: {{ openshift_master_scheduler_args | default(None) | lib_utils_to_padded_yaml( level=3 ) }}
schedulerConfigFile: {{ openshift_master_scheduler_conf }}
servicesNodePortRange: "{{ openshift_node_port_range | default("") }}"
servicesSubnet: {{ openshift.common.portal_net }}
@@ -144,7 +144,7 @@ networkConfig:
{% endif %}
# serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet
serviceNetworkCIDR: {{ openshift.common.portal_net }}
- externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | to_padded_yaml(1,2) }}
+ externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | lib_utils_to_padded_yaml(1,2) }}
{% if openshift_master_ingress_ip_network_cidr is defined %}
ingressIPNetworkCIDR: {{ openshift_master_ingress_ip_network_cidr }}
{% endif %}
@@ -153,7 +153,7 @@ oauthConfig:
alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }}
{% endif %}
{% if 'oauth_templates' in openshift.master %}
- templates:{{ openshift.master.oauth_templates | to_padded_yaml(level=2) }}
+ templates:{{ openshift.master.oauth_templates | lib_utils_to_padded_yaml(level=2) }}
{% endif %}
assetPublicURL: {{ openshift.master.public_console_url }}/
grantConfig:
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
index cc21b37af..bff32b2e3 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
@@ -6,7 +6,7 @@ CONFIG_FILE={{ openshift_master_config_file }}
{% elif openshift_push_via_dns | default(false) %}
OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000
{% endif %}
-{% if openshift.common.is_containerized | bool %}
+{% if openshift_is_containerized | bool %}
IMAGE_VERSION={{ openshift_image_tag }}
{% endif %}
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
index 493fc510e..b8a519baa 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
@@ -6,7 +6,7 @@ CONFIG_FILE={{ openshift_master_config_file }}
{% elif openshift_push_via_dns | default(false) %}
OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000
{% endif %}
-{% if openshift.common.is_containerized | bool %}
+{% if openshift_is_containerized | bool %}
IMAGE_VERSION={{ openshift_image_tag }}
{% endif %}
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-19 21:42:24 +0000