diff options
Diffstat (limited to 'roles/openshift_node')
23 files changed, 98 insertions, 49 deletions
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index fff927944..906c76fba 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,6 +1,48 @@ --- openshift_node_debug_level: "{{ debug_level | default(2) }}" - +openshift_node_iptables_sync_period: '30s' +osn_storage_plugin_deps: +- ceph +- glusterfs +- iscsi +openshift_node_local_quota_per_fsgroup: "" +openshift_node_proxy_mode: iptables +openshift_set_node_ip: False +openshift_config_base: '/etc/origin' + +# Create list of 'k=v' pairs. +l_node_kubelet_node_labels: "{{ openshift_node_labels | default({}) | oo_dict_to_keqv_list }}" + +openshift_node_kubelet_args_dict: + aws: + cloud-provider: + - aws + cloud-config: + - "{{ openshift_config_base ~ '/aws.conf' }}" + node-labels: "{{ l_node_kubelet_node_labels }}" + openstack: + cloud-provider: + - openstack + cloud-config: + - "{{ openshift_config_base ~ '/openstack.conf' }}" + node-labels: "{{ l_node_kubelet_node_labels }}" + gce: + cloud-provider: + - gce + cloud-config: + - "{{ openshift_config_base ~ '/gce.conf' }}" + node-labels: "{{ l_node_kubelet_node_labels }}" + undefined: + node-labels: "{{ l_node_kubelet_node_labels }}" + +l_node_kubelet_args_default: "{{ openshift_node_kubelet_args_dict[openshift_cloudprovider_kind | default('undefined')] }}" + +l_openshift_node_kubelet_args: "{{ openshift_node_kubelet_args | default({}) }}" +# Combine the default kubelet_args dictionary (based on cloud provider, if provided) +# with user-supplied openshift_node_kubelet_args. +# openshift_node_kubelet_args will override the defaults, if keys and/or subkeys +# are present in both. +l2_openshift_node_kubelet_args: "{{ l_node_kubelet_args_default | combine(l_openshift_node_kubelet_args, recursive=True) }}" openshift_node_dnsmasq_install_network_manager_hook: true # lo must always be present in this list or dnsmasq will conflict with @@ -14,10 +56,15 @@ r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) } l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}" openshift_deployment_type: "{{ openshift_deployment_type | default('origin') }}" + +openshift_node_image_dict: + origin: 'openshift/node' + openshift-enterprise: 'openshift3/node' +osn_image: "{{ openshift_node_image_dict[openshift_deployment_type] }}" + openshift_service_type_dict: origin: origin openshift-enterprise: atomic-openshift - openshift_service_type: "{{ openshift_service_type_dict[openshift_deployment_type] }}" system_images_registry_dict: diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 1d9797f84..62e0e1341 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -24,7 +24,7 @@ - openshift_node_use_openshift_sdn | bool - not openshift_node_bootstrap register: l_openshift_node_stop_openvswitch_result - until: not l_openshift_node_stop_openvswitch_result | failed + until: not (l_openshift_node_stop_openvswitch_result is failed) retries: 3 delay: 30 notify: @@ -41,7 +41,7 @@ name: "{{ openshift_service_type }}-node" state: restarted register: l_openshift_node_restart_node_result - until: not l_openshift_node_restart_node_result | failed + until: not (l_openshift_node_restart_node_result is failed) retries: 3 delay: 30 when: diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml index a042bc01b..1a6f209e0 100644 --- a/roles/openshift_node/tasks/bootstrap.yml +++ b/roles/openshift_node/tasks/bootstrap.yml @@ -5,7 +5,7 @@ state: present with_items: "{{ r_openshift_node_image_prep_packages }}" register: result - until: result | success + until: result is succeeded - name: create the directory for node file: diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml index 5d66de0a3..a96785d5c 100644 --- a/roles/openshift_node/tasks/config.yml +++ b/roles/openshift_node/tasks/config.yml @@ -16,17 +16,17 @@ - openshift.common.is_containerized | bool - openshift_node_use_openshift_sdn | default(true) | bool register: ovs_start_result - until: not ovs_start_result | failed + until: not (ovs_start_result is failed) retries: 3 delay: 30 - set_fact: - ovs_service_status_changed: "{{ ovs_start_result | changed }}" + ovs_service_status_changed: "{{ ovs_start_result is changed }}" - file: - dest: "{{ (openshift_node_kubelet_args|default({'config':None})).config}}" + dest: "{{ l2_openshift_node_kubelet_args['config'] }}" state: directory - when: openshift_node_kubelet_args is defined and 'config' in openshift_node_kubelet_args + when: ('config' in l2_openshift_node_kubelet_args) | bool # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -93,19 +93,19 @@ state: started daemon_reload: yes register: node_start_result - until: not node_start_result | failed + until: not node_start_result is failed retries: 1 delay: 30 ignore_errors: true - name: Dump logs from node service if it failed command: journalctl --no-pager -n 100 -u {{ openshift_service_type }}-node - when: node_start_result | failed + when: node_start_result is failed - name: Abort if node failed to start fail: msg: Node failed to start please inspect the logs and try again - when: node_start_result | failed + when: node_start_result is failed - set_fact: - node_service_status_changed: "{{ node_start_result | changed }}" + node_service_status_changed: "{{ node_start_result is changed }}" diff --git a/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml index 541c8115a..5d2c67b86 100644 --- a/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml +++ b/roles/openshift_node/tasks/dnsmasq/no-network-manager.yml @@ -8,6 +8,6 @@ state: present notify: restart NetworkManager register: result - until: result | success + until: result is succeeded - include_tasks: network-manager.yml diff --git a/roles/openshift_node/tasks/dnsmasq_install.yml b/roles/openshift_node/tasks/dnsmasq_install.yml index 9f66bf12d..0c8857b11 100644 --- a/roles/openshift_node/tasks/dnsmasq_install.yml +++ b/roles/openshift_node/tasks/dnsmasq_install.yml @@ -14,7 +14,7 @@ package: name=dnsmasq state=installed when: not openshift.common.is_atomic | bool register: result - until: result | success + until: result is succeeded - name: ensure origin/node directory exists file: diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml index f93aed246..9f004e8dd 100644 --- a/roles/openshift_node/tasks/install.yml +++ b/roles/openshift_node/tasks/install.yml @@ -6,7 +6,7 @@ name: "{{ openshift_service_type }}-node{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" state: present register: result - until: result | success + until: result is succeeded - name: Install sdn-ovs package package: @@ -15,14 +15,14 @@ when: - openshift_node_use_openshift_sdn | bool register: result - until: result | success + until: result is succeeded - name: Install conntrack-tools package package: name: "conntrack-tools" state: present register: result - until: result | success + until: result is succeeded - when: - openshift.common.is_containerized | bool @@ -30,6 +30,6 @@ block: - name: Pre-pull node image when containerized command: > - docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }} + docker pull {{ osn_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 946deb4d3..2daa6c75f 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -52,7 +52,9 @@ state: restarted when: openshift_use_crio register: task_result - failed_when: task_result|failed and 'could not find the requested service' not in task_result.msg|lower + failed_when: + - task_result is failed + - ('could not find the requested service' not in task_result.msg|lower) - name: restart NetworkManager to ensure resolv.conf is present systemd: @@ -83,15 +85,15 @@ - name: GlusterFS storage plugin configuration include_tasks: storage_plugins/glusterfs.yml - when: "'glusterfs' in openshift.node.storage_plugin_deps" + when: "'glusterfs' in osn_storage_plugin_deps" - name: Ceph storage plugin configuration include_tasks: storage_plugins/ceph.yml - when: "'ceph' in openshift.node.storage_plugin_deps" + when: "'ceph' in osn_storage_plugin_deps" - name: iSCSI storage plugin configuration include_tasks: storage_plugins/iscsi.yml - when: "'iscsi' in openshift.node.storage_plugin_deps" + when: "'iscsi' in osn_storage_plugin_deps" ##### END Storage ##### diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml index 98978ec6f..06b879050 100644 --- a/roles/openshift_node/tasks/node_system_container.yml +++ b/roles/openshift_node/tasks/node_system_container.yml @@ -2,14 +2,14 @@ - name: Pre-pull node system container image command: > - atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }} + atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ osn_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Install or Update node system container oc_atomic_container: name: "{{ openshift_service_type }}-node" - image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }}" + image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ osn_image }}:{{ openshift_image_tag }}" values: - "DNS_DOMAIN={{ openshift.common.dns_domain }}" - "DOCKER_SERVICE={{ openshift_docker_service_name }}.service" diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml index 72a3b837f..52d80357e 100644 --- a/roles/openshift_node/tasks/storage_plugins/ceph.yml +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -3,4 +3,4 @@ package: name=ceph-common state=present when: not openshift.common.is_atomic | bool register: result - until: result | success + until: result is succeeded diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index 08ea71a0c..e60f57ae7 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -3,7 +3,7 @@ package: name=glusterfs-fuse state=present when: not openshift.common.is_atomic | bool register: result - until: result | success + until: result is succeeded - name: Check for existence of fusefs sebooleans command: getsebool {{ item }} @@ -31,7 +31,7 @@ # since getsebool prints the resolved name. (At some point Ansible's seboolean module # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - - ansible_python_version | version_compare('3', '<') + - ansible_python_version is version_compare('3', '<') with_items: "{{ fusefs_getsebool_status.results }}" # Workaround for https://github.com/openshift/openshift-ansible/issues/4438 @@ -52,5 +52,5 @@ # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - ('--> off' in item.stdout) # Boolean is currently off. - - ansible_python_version | version_compare('3', '>=') + - ansible_python_version is version_compare('3', '>=') with_items: "{{ fusefs_getsebool_status.results }}" diff --git a/roles/openshift_node/tasks/storage_plugins/iscsi.yml b/roles/openshift_node/tasks/storage_plugins/iscsi.yml index ece68dc71..d3a3668d5 100644 --- a/roles/openshift_node/tasks/storage_plugins/iscsi.yml +++ b/roles/openshift_node/tasks/storage_plugins/iscsi.yml @@ -3,4 +3,4 @@ package: name=iscsi-initiator-utils state=present when: not openshift.common.is_atomic | bool register: result - until: result | success + until: result is succeeded diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 5eacf42e8..1484aa076 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -3,7 +3,7 @@ package: name=nfs-utils state=present when: not openshift.common.is_atomic | bool register: result - until: result | success + until: result is succeeded - name: Check for existence of nfs sebooleans command: getsebool {{ item }} @@ -31,7 +31,7 @@ # since getsebool prints the resolved name. (At some point Ansible's seboolean module # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - - ansible_python_version | version_compare('3', '<') + - ansible_python_version is version_compare('3', '<') with_items: "{{ nfs_getsebool_status.results }}" # Workaround for https://github.com/openshift/openshift-ansible/issues/4438 @@ -52,5 +52,5 @@ # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - ('--> off' in item.stdout) # Boolean is currently off. - - ansible_python_version | version_compare('3', '>=') + - ansible_python_version is version_compare('3', '>=') with_items: "{{ nfs_getsebool_status.results }}" diff --git a/roles/openshift_node/tasks/upgrade.yml b/roles/openshift_node/tasks/upgrade.yml index 87556533a..f0a013e45 100644 --- a/roles/openshift_node/tasks/upgrade.yml +++ b/roles/openshift_node/tasks/upgrade.yml @@ -17,7 +17,7 @@ - name: download docker upgrade rpm command: "{{ ansible_pkg_mgr }} install -C -y docker{{ '-' + docker_version }}" register: result - until: result | success + until: result is succeeded when: - l_docker_upgrade is defined - l_docker_upgrade | bool diff --git a/roles/openshift_node/tasks/upgrade/config_changes.yml b/roles/openshift_node/tasks/upgrade/config_changes.yml index e22018e6d..439700df6 100644 --- a/roles/openshift_node/tasks/upgrade/config_changes.yml +++ b/roles/openshift_node/tasks/upgrade/config_changes.yml @@ -74,4 +74,4 @@ # require a service to be part of the call. - name: Reload systemd units command: systemctl daemon-reload - when: l_node_unit | changed + when: l_node_unit is changed diff --git a/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml b/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml index 71f00dcd2..3e7455bbb 100644 --- a/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml +++ b/roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml @@ -1,7 +1,7 @@ --- - name: Pre-pull node image command: > - docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }} + docker pull {{ osn_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" diff --git a/roles/openshift_node/tasks/upgrade/restart.yml b/roles/openshift_node/tasks/upgrade/restart.yml index 717cfa712..45b0be0a0 100644 --- a/roles/openshift_node/tasks/upgrade/restart.yml +++ b/roles/openshift_node/tasks/upgrade/restart.yml @@ -27,7 +27,7 @@ name: "{{ openshift_docker_service_name }}" state: started register: docker_start_result - until: not docker_start_result | failed + until: not (docker_start_result is failed) retries: 3 delay: 30 diff --git a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml index d2864e6b8..cc9a8f2d9 100644 --- a/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml @@ -9,7 +9,7 @@ - name: download new node packages command: "{{ ansible_pkg_mgr }} install -y --downloadonly {{ openshift_node_upgrade_rpm_list | join(' ')}}" register: result - until: result | success + until: result is succeeded vars: openshift_node_upgrade_rpm_list: - "{{ openshift_service_type }}-node{{ openshift_pkg_version }}" @@ -21,4 +21,4 @@ - name: download openvswitch upgrade rpm command: "{{ ansible_pkg_mgr }} update -y --downloadonly openvswitch" register: result - until: result | success + until: result is succeeded diff --git a/roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml index 6390be558..32eeb76c6 100644 --- a/roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml +++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml @@ -11,7 +11,7 @@ - name: download new node packages command: "{{ ansible_pkg_mgr }} install -C -y {{ openshift_node_upgrade_rpm_list | join(' ')}}" register: result - until: result | success + until: result is succeeded vars: openshift_node_upgrade_rpm_list: - "{{ openshift_service_type }}-node{{ openshift_pkg_version }}" diff --git a/roles/openshift_node/tasks/upgrade/stop_services.yml b/roles/openshift_node/tasks/upgrade/stop_services.yml index bbf1c5f25..2fff556e5 100644 --- a/roles/openshift_node/tasks/upgrade/stop_services.yml +++ b/roles/openshift_node/tasks/upgrade/stop_services.yml @@ -25,7 +25,7 @@ name: docker state: stopped register: l_openshift_node_upgrade_docker_stop_result - until: not l_openshift_node_upgrade_docker_stop_result | failed + until: not (l_openshift_node_upgrade_docker_stop_result is failed) retries: 3 delay: 30 when: diff --git a/roles/openshift_node/tasks/upgrade_pre.yml b/roles/openshift_node/tasks/upgrade_pre.yml index 3346b7c65..7f591996c 100644 --- a/roles/openshift_node/tasks/upgrade_pre.yml +++ b/roles/openshift_node/tasks/upgrade_pre.yml @@ -10,7 +10,7 @@ - name: update package meta data to speed install later. command: "{{ ansible_pkg_mgr }} makecache" register: result - until: result | success + until: result is succeeded when: not openshift.common.is_containerized | bool - name: Check Docker image count @@ -32,7 +32,7 @@ - name: download docker upgrade rpm command: "{{ ansible_pkg_mgr }} install -y --downloadonly docker{{ '-' + docker_version }}" register: result - until: result | success + until: result is succeeded when: - l_docker_upgrade is defined - l_docker_upgrade | bool diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 261cac6f1..b673733df 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -10,12 +10,12 @@ dnsIP: {{ openshift.node.dns_ip }} {% endif %} dockerConfig: execHandlerName: "" -iptablesSyncPeriod: "{{ openshift.node.iptables_sync_period }}" +iptablesSyncPeriod: "{{ openshift_node_iptables_sync_period }}" imageConfig: format: {{ openshift.node.registry_url }} latest: {{ openshift_node_image_config_latest }} kind: NodeConfig -kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }} +kubeletArguments: {{ l2_openshift_node_kubelet_args | default(None) | to_padded_yaml(level=1) }} {% if openshift_use_crio %} container-runtime: - remote @@ -45,7 +45,7 @@ networkConfig: {% if openshift_node_use_openshift_sdn | bool or openshift_node_use_nuage | bool or openshift_node_use_contiv | bool or openshift_node_use_kuryr | bool or openshift_node_sdn_network_plugin_name == 'cni' %} networkPluginName: {{ openshift_node_sdn_network_plugin_name }} {% endif %} -{% if openshift.node.set_node_ip | bool %} +{% if openshift_set_node_ip | bool %} nodeIP: {{ openshift.common.ip }} {% endif %} nodeName: {{ openshift.node.nodename }} @@ -68,8 +68,8 @@ volumeDirectory: {{ openshift_node_data_dir }}/openshift.local.volumes {% if not (openshift_node_use_kuryr | default(False)) | bool %} proxyArguments: proxy-mode: - - {{ openshift.node.proxy_mode }} + - {{ openshift_node_proxy_mode }} {% endif %} volumeConfig: localQuota: - perFSGroup: {{ openshift.node.local_quota_per_fsgroup }} + perFSGroup: {{ openshift_node_local_quota_per_fsgroup }} diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index b174c7023..ae7b147a6 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -38,7 +38,7 @@ ExecStart=/usr/bin/docker run --name {{ openshift_service_type }}-node \ {% if openshift_use_nuage | default(false) -%} $NUAGE_ADDTL_BIND_MOUNTS {% endif -%} \ -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS -v /etc/pki:/etc/pki:ro \ {% if l_bind_docker_reg_auth %} -v {{ oreg_auth_credentials_path }}:/root/.docker:ro{% endif %}\ - {{ openshift.node.node_image }}:${IMAGE_VERSION} + {{ osn_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift_service_type }}-node ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf |