From a0b6fc7db1be2cf6190d982f90e96f4c39a4c699 Mon Sep 17 00:00:00 2001 From: Tobias Florek Date: Wed, 23 Sep 2015 13:51:41 +0200 Subject: Initial containerization work from @ibotty copied from https://github.com/eparis/kubernetes-ansible/blob/17f98edd7ff53e649b43e26822b8fbc0be42b233/roles/common/tasks/main.yml --- .../update_repos_and_packages.yml | 2 +- playbooks/common/openshift-etcd/config.yml | 2 +- playbooks/common/openshift-master/config.yml | 1 + playbooks/common/openshift-node/config.yml | 1 + roles/docker/tasks/main.yml | 2 +- roles/etcd/tasks/main.yml | 2 +- roles/fluentd_master/tasks/main.yml | 4 ++++ roles/fluentd_node/tasks/main.yml | 4 ++++ roles/kube_nfs_volumes/tasks/main.yml | 4 ++++ roles/openshift_examples/defaults/main.yml | 2 +- roles/openshift_expand_partition/tasks/main.yml | 9 +++++++- roles/openshift_facts/library/openshift_facts.py | 26 ++++++++++++++++++++- roles/openshift_facts/tasks/main.yml | 14 +++++++++++ roles/openshift_master/tasks/main.yml | 27 +++++++++++++++++++++- .../templates/openshift.docker.master.service | 11 +++++++++ roles/openshift_master/vars/main.yml | 2 ++ roles/openshift_master_ca/tasks/main.yml | 2 ++ roles/openshift_master_ca/vars/main.yml | 3 +++ roles/openshift_master_cluster/tasks/main.yml | 4 ++++ roles/openshift_node/tasks/main.yml | 8 ++++++- .../templates/openshift.docker.node.service | 11 +++++++++ roles/openshift_node/vars/main.yml | 3 +++ roles/openshift_node_certificates/tasks/main.yml | 8 +++---- roles/openshift_repos/tasks/main.yaml | 10 +++++--- roles/openshift_serviceaccounts/tasks/main.yml | 17 ++++++++++---- roles/openshift_storage_nfs_lvm/tasks/nfs.yml | 1 + roles/os_env_extras/tasks/main.yaml | 3 ++- roles/os_firewall/tasks/firewall/iptables.yml | 1 + roles/os_update_latest/tasks/main.yml | 7 +++++- roles/os_zabbix/tasks/main.yml | 4 ++++ roles/yum_repos/tasks/main.yml | 1 + 31 files changed, 173 insertions(+), 23 deletions(-) create mode 100644 roles/openshift_master/templates/openshift.docker.master.service create mode 100644 roles/openshift_node/templates/openshift.docker.node.service diff --git a/playbooks/common/openshift-cluster/update_repos_and_packages.yml b/playbooks/common/openshift-cluster/update_repos_and_packages.yml index 190e2d862..6e4ad7d3f 100644 --- a/playbooks/common/openshift-cluster/update_repos_and_packages.yml +++ b/playbooks/common/openshift-cluster/update_repos_and_packages.yml @@ -8,5 +8,5 @@ ansible_distribution == "RedHat" and lookup('oo_option', 'rhel_skip_subscription') | default(rhsub_skip, True) | default('no', True) | lower in ['no', 'false'] - - openshift_repos + - {role: openshift_repos, when: not is_atomic} - os_update_latest diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 6dee196e3..a0dd330e7 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -87,7 +87,7 @@ when: etcd_server_certs_missing roles: - etcd - - role: nickhammond.logrotate + - { role: nickhammond.logrotate, when: not is_atomic } - name: Delete temporary directory on localhost hosts: localhost diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index dd638487a..453adb4ff 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -328,6 +328,7 @@ roles: - openshift_master - role: nickhammond.logrotate + when: not is_atomic - role: fluentd_master when: openshift.common.use_fluentd | bool post_tasks: diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 69ccb0cb8..6eee75064 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -181,6 +181,7 @@ - role: flannel when: openshift.common.use_flannel | bool - role: nickhammond.logrotate + when: not is_atomic - role: fluentd_node when: openshift.common.use_fluentd | bool tasks: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index e94ebe3e1..7939221a1 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for docker - name: Install docker - action: "{{ ansible_pkg_mgr }} name=docker state=present" + action: "{{ ansible_pkg_mgr }} name=docker state=present" and not is_atomic - name: enable and start the docker service service: name=docker enabled=yes state=started diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 61892fe06..d661ce437 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -8,7 +8,7 @@ when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4" - name: Install etcd - action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present" + action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present" and not is_atomic - name: Validate permissions on the config dir file: diff --git a/roles/fluentd_master/tasks/main.yml b/roles/fluentd_master/tasks/main.yml index 65c67fe8d..ddfa39284 100644 --- a/roles/fluentd_master/tasks/main.yml +++ b/roles/fluentd_master/tasks/main.yml @@ -1,4 +1,8 @@ --- +- fail: + msg: "fluentd master is not yet supported on atomic hosts" + when: is_atomic + # TODO: Update fluentd install and configuration when packaging is complete - name: download and install td-agent action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present" diff --git a/roles/fluentd_node/tasks/main.yml b/roles/fluentd_node/tasks/main.yml index 85488b55e..4a29d1270 100644 --- a/roles/fluentd_node/tasks/main.yml +++ b/roles/fluentd_node/tasks/main.yml @@ -1,4 +1,8 @@ --- +- fail: + msg: "fluentd node is not yet supported on atomic hosts" + when: is_atomic + # TODO: Update fluentd install and configuration when packaging is complete - name: download and install td-agent action: "{{ ansible_pkg_mgr }} name='http://packages.treasuredata.com/2/redhat/7/x86_64/td-agent-2.2.0-0.x86_64.rpm' state=present" diff --git a/roles/kube_nfs_volumes/tasks/main.yml b/roles/kube_nfs_volumes/tasks/main.yml index 2cc35844c..85338cd84 100644 --- a/roles/kube_nfs_volumes/tasks/main.yml +++ b/roles/kube_nfs_volumes/tasks/main.yml @@ -1,4 +1,8 @@ --- +- fail: + msg: "That playbook is not yet supported on atomic hosts" + when: is_atomic + - name: Install pyparted (RedHat/Fedora) action: "{{ ansible_pkg_mgr }} name=pyparted,python-httplib2 state=present" diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index 0bc5d7750..ae642fae1 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -8,7 +8,7 @@ openshift_examples_load_quickstarts: true content_version: "{{ 'v1.1' if openshift.common.version_greater_than_3_1_or_1_1 else 'v1.0' }}" -examples_base: "/usr/share/openshift/examples" +examples_base: "{% if is_atomic %}{{ openshift.common.config_base }}{% else %}/usr/share/openshift{% endif %}/examples" image_streams_base: "{{ examples_base }}/image-streams" centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" rhel_image_streams: "{{ image_streams_base}}/image-streams-rhel7.json" diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml index 84d859553..b74d635d5 100644 --- a/roles/openshift_expand_partition/tasks/main.yml +++ b/roles/openshift_expand_partition/tasks/main.yml @@ -1,6 +1,13 @@ --- - name: Ensure growpart is installed - action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present" + action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present" and not is_atomic + +- name: Determine if growpart is installed + command: "rpm -q cloud-utils-growpart" + register: has_growpart + failed_when: "has_growpart.cr != 0 and 'package cloud-utils-growpart is not installed' not in has_growpart.stdout" + changed_when: false + when: is_atomic - name: Grow the partitions command: "growpart {{oep_drive}} {{oep_partition}}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index e557853b1..4278111c2 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -710,7 +710,8 @@ def set_sdn_facts_if_unset(facts, system_facts): if 'common' in facts: use_sdn = facts['common']['use_openshift_sdn'] if not (use_sdn == '' or isinstance(use_sdn, bool)): - facts['common']['use_openshift_sdn'] = bool(strtobool(str(use_sdn))) + use_sdn = bool(strtobool(str(use_sdn))) + facts['common']['use_openshift_sdn'] = use_sdn if 'sdn_network_plugin_name' not in facts['common']: plugin = 'redhat/openshift-ovs-subnet' if use_sdn else '' facts['common']['sdn_network_plugin_name'] = plugin @@ -1031,6 +1032,7 @@ class OpenShiftFacts(object): facts = set_version_facts_if_unset(facts) facts = set_aggregate_facts(facts) facts = set_etcd_facts_if_unset(facts) + facts = self.init_in_docker_facts(facts) return dict(openshift=facts) def get_defaults(self, roles): @@ -1197,6 +1199,28 @@ class OpenShiftFacts(object): self.changed = changed return new_local_facts + def init_in_docker_facts(self, facts): + facts['is_atomic'] = os.path.isfile('/run/ostree-booted') + + docker = dict() + docker['image_name'] = 'openshift/origin' + # TODO: figure out right way to set the version + docker['image_version'] = 'latest' + docker['image'] = "%s:%s" % (docker['image_name'], docker['image_version']) + + # shared /tmp/openshift vol is for file exchange with ansible + # --privileged is required to read the config dir + # --net host to access openshift from the container + # maybe -v /var/run/docker.sock:/var/run/docker.sock is required as well + docker['runner'] = "docker run --rm --privileged --net host -v /tmp/openshift:/tmp/openshift -v {datadir}:{datadir} -v {confdir}:{confdir} -e KUBECONFIG={confdir}/master/admin.kubeconfig {image}".format(confdir=facts['common']['config_base'], datadir=facts['common']['data_dir'], image=docker['image']) + + if facts['is_atomic']: + facts['common']['client_binary'] = '%s cli' % docker['runner'] + facts['common']['admin_binary'] = '%s admin' % docker['runner'] + + facts['docker'] = docker + return facts + def main(): """ main """ diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 832f7ad84..e98b7c591 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -6,6 +6,20 @@ - ansible_version | version_compare('1.9.0', 'ne') - ansible_version | version_compare('1.9.0.1', 'ne') +- name: Determine if Atomic + stat: path=/run/ostree-booted + register: s + changed_when: false + +- name: Init the is_atomic fact + set_fact: + is_atomic: false + +- name: Set the is_atomic fact + set_fact: + is_atomic: true + when: s.stat.exists + - name: Ensure PyYaml is installed action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 43647cc49..6844a16cc 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -21,6 +21,10 @@ msg: "openshift_master_cluster_password must be set for multi-master installations" when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and (openshift_master_cluster_password is not defined or not openshift_master_cluster_password) +- fail: + msg: "openshift_master_ha is not yet supported on atomic hosts" + when: openshift_master_ha | bool and is_atomic + - name: Set master facts openshift_facts: role: master @@ -79,6 +83,25 @@ - name: Install Master package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version }} state=present" + when: not is_atomic + +# TODO: enable when ansible#1993 lands and is widespread enough +# - name: Docker image present +# docker: +# image: "{{ openshift.common.docker.image }}" +# state: image_present +# when: is_atomic + +- name: Install Master docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" + src: openshift.docker.master.service + register: install_result + when: is_atomic + +- name: Reload systemd units + command: systemctl daemon-reload + when: is_atomic and install_result | changed - name: Re-gather package dependent master facts openshift_facts: @@ -113,6 +136,7 @@ action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present" when: (item.kind == 'HTPasswdPasswordIdentityProvider') with_items: openshift.master.identity_providers + when: not is_atomic - name: Ensure htpasswd directory exists file: @@ -251,7 +275,7 @@ - name: Install cluster packages action: "{{ ansible_pkg_mgr }} name=pcs state=present" - when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' + when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' and not is_atomic register: install_result - name: Start and enable cluster service @@ -283,6 +307,7 @@ command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config args: creates: ~{{ item }}/.kube/config + when: not is_atomic with_items: - root - "{{ ansible_ssh_user }}" diff --git a/roles/openshift_master/templates/openshift.docker.master.service b/roles/openshift_master/templates/openshift.docker.master.service new file mode 100644 index 000000000..9e436f8eb --- /dev/null +++ b/roles/openshift_master/templates/openshift.docker.master.service @@ -0,0 +1,11 @@ +[Unit] +After=docker.service +Require=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start master --config=${CONFIG_FILE} ${OPTIONS} +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master + +[Install] +WantedBy=multi-user.target diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index 534465451..875d61a3b 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -5,6 +5,8 @@ openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.js openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" openshift_version: "{{ openshift_pkg_version | default('') }}" +openshift_docker_image_name: openshift/origin +openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}" openshift_master_valid_grant_methods: - auto diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 0db95a4eb..c179ceb61 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -1,9 +1,11 @@ --- - name: Install the base package for admin tooling action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version }} state=present" + when: not is_atomic - name: Reload generated facts openshift_facts: + when: install_result | changed - name: Create openshift_master_config_dir if it doesn't exist file: diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml index b35339b18..0f1f32a34 100644 --- a/roles/openshift_master_ca/vars/main.yml +++ b/roles/openshift_master_ca/vars/main.yml @@ -4,3 +4,6 @@ openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" openshift_version: "{{ openshift_pkg_version | default('') }}" + +openshift_docker_image_name: openshift/origin +openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}" diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml index 6303a6e46..978e2920d 100644 --- a/roles/openshift_master_cluster/tasks/main.yml +++ b/roles/openshift_master_cluster/tasks/main.yml @@ -1,4 +1,8 @@ --- +- fail: + msg: "Not possible on atomic hosts for now" + when: is_atomic + - name: Test if cluster is already configured command: pcs status register: pcs_status diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 38bffc2e5..8607aa3fb 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -4,6 +4,10 @@ msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] +- fail: + msg: "This playbook does not support using SDN on atomic hosts yet" + when: openshift.common.use_openshift_sdn and is_atomic + - name: Set node facts openshift_facts: role: "{{ item.role }}" @@ -38,10 +42,11 @@ # problems because the rpms don't pin the version properly. - name: Install Node package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_version }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_version }} state=present" + when: not is_atomic - name: Install sdn-ovs package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_version }} state=present" - when: openshift.common.use_openshift_sdn + when: openshift.common.use_openshift_sdn and not is_atomic # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -57,6 +62,7 @@ dest: /etc/sysconfig/{{ openshift.common.service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" + create: true with_items: - regex: '^OPTIONS=' line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}" diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service new file mode 100644 index 000000000..e9df34940 --- /dev/null +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -0,0 +1,11 @@ +[Unit] +After=docker.service +Require=docker.service + +[Service] +EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name "{{ openshift.common.service_type }}-node" -v /:/rootfs:ro -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift_docker_image }} start node --config=${CONFIG_FILE} ${OPTIONS} +ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node + +[Install] +WantedBy=multi-user.target diff --git a/roles/openshift_node/vars/main.yml b/roles/openshift_node/vars/main.yml index 43dc50ca8..c57d1bcca 100644 --- a/roles/openshift_node/vars/main.yml +++ b/roles/openshift_node/vars/main.yml @@ -2,3 +2,6 @@ openshift_node_config_dir: "{{ openshift.common.config_base }}/node" openshift_node_config_file: "{{ openshift_node_config_dir }}/node-config.yaml" openshift_version: "{{ openshift_pkg_version | default('') }}" + +openshift_docker_image_name: openshift/origin +openshift_docker_image: "{{ openshift_docker_image_name }}:{{ openshift_pkg_version | default('latest') }}" diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 57f71887b..b54811414 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -17,19 +17,19 @@ --signer-serial={{ openshift_master_ca_serial }} --user=system:node:{{ item.openshift.common.hostname }} args: - chdir: "{{ openshift_generated_configs_dir }}" creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" with_items: nodes_needing_certs - name: Generate the node server certificate command: > - {{ openshift.common.admin_binary }} create-server-cert - --cert=server.crt --key=server.key --overwrite=true + {{ openshift.common.admin_binary }} ca create-server-cert + --cert={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt + --key={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.key + --overwrite=true --hostnames={{ item.openshift.common.all_hostnames |join(",") }} --signer-cert={{ openshift_master_ca_cert }} --signer-key={{ openshift_master_ca_key }} --signer-serial={{ openshift_master_ca_serial }} args: - chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt" with_items: nodes_needing_certs diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 9faf0dfd9..6d0d1d493 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -12,19 +12,20 @@ - name: Ensure libselinux-python is installed action: "{{ ansible_pkg_mgr }} name=libselinux-python state=present" + when: not is_atomic - name: Create any additional repos that are defined template: src: yum_repo.j2 dest: /etc/yum.repos.d/openshift_additional.repo - when: openshift_additional_repos | length > 0 + when: openshift_additional_repos | length > 0 and not is_atomic notify: refresh cache - name: Remove the additional repos if no longer defined file: dest: /etc/yum.repos.d/openshift_additional.repo state: absent - when: openshift_additional_repos | length == 0 + when: openshift_additional_repos | length == 0 and not is_atomic notify: refresh cache - name: Remove any yum repo files for other deployment types RHEL/CentOS @@ -35,6 +36,7 @@ - '*/repos/*' when: not (item | search("/files/" ~ openshift_deployment_type ~ "/repos")) and (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") + and not is_atomic notify: refresh cache - name: Remove any yum repo files for other deployment types Fedora @@ -45,6 +47,7 @@ - '*/repos/*' when: not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) and (ansible_distribution == "Fedora") + and not is_atomic notify: refresh cache - name: Configure gpg keys if needed @@ -59,10 +62,11 @@ - "{{ openshift_deployment_type }}/repos/*" notify: refresh cache when: (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") + and not is_atomic - name: Configure yum repositories Fedora copy: src={{ item }} dest=/etc/yum.repos.d/ with_fileglob: - "fedora-{{ openshift_deployment_type }}/repos/*" notify: refresh cache - when: (ansible_distribution == "Fedora") + when: (ansible_distribution == "Fedora") and not is_atomic diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index e558a83a2..eb9c9b2c9 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -1,12 +1,19 @@ +- name: tmp dir for openshift + file: + path: /tmp/openshift + state: directory + owner: root + mode: 700 + - name: Create service account configs template: src: serviceaccount.j2 - dest: "/tmp/{{ item }}-serviceaccount.yaml" + dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml" with_items: accounts - name: Create {{ item }} service account command: > - {{ openshift.common.client_binary }} create -f "/tmp/{{ item }}-serviceaccount.yaml" + {{ openshift.common.client_binary }} create -f "/tmp/openshift/{{ item }}-serviceaccount.yaml" with_items: accounts register: _sa_result failed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc != 0" @@ -15,14 +22,14 @@ - name: Get current security context constraints shell: > {{ openshift.common.client_binary }} get scc privileged -o yaml - --output-version=v1 > /tmp/scc.yaml + --output-version=v1 > /tmp/openshift/scc.yaml - name: Add security context constraint for {{ item }} lineinfile: - dest: /tmp/scc.yaml + dest: /tmp/openshift/scc.yaml line: "- system:serviceaccount:default:{{ item }}" insertafter: "^users:$" with_items: accounts - name: Apply new scc rules for service accounts - command: "{{ openshift.common.client_binary }} update -f /tmp/scc.yaml --api-version=v1" + command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1" diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml index cf1ba6f25..df7c0e57d 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml @@ -1,6 +1,7 @@ --- - name: Install NFS server action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" + when: not is_atomic - name: Start rpcbind service: name=rpcbind state=started enabled=yes diff --git a/roles/os_env_extras/tasks/main.yaml b/roles/os_env_extras/tasks/main.yaml index cbf5c37f5..d52795289 100644 --- a/roles/os_env_extras/tasks/main.yaml +++ b/roles/os_env_extras/tasks/main.yaml @@ -12,4 +12,5 @@ dest: /root/.vimrc - name: Bash Completion - action: "{{ ansible_pkg_mgr }} name=bash-completion state=present" \ No newline at end of file + action: "{{ ansible_pkg_mgr }} name=bash-completion state=present" + when: not is_atomic \ No newline at end of file diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index d3a5b1fa7..01b8263d5 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -5,6 +5,7 @@ - iptables - iptables-services register: install_result + when: not is_atomic - name: Check if firewalld is installed command: rpm -q firewalld diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml index 2532059c0..3c3e80979 100644 --- a/roles/os_update_latest/tasks/main.yml +++ b/roles/os_update_latest/tasks/main.yml @@ -1,3 +1,8 @@ --- +- fail: + msg: "Update is not yet supported by this playbook on atomic hosts" + when: is_atomic + - name: Update all packages - action: "{{ ansible_pkg_mgr }} name=* state=latest" \ No newline at end of file + action: "{{ ansible_pkg_mgr }} name=* state=latest" + when: not is_atomic \ No newline at end of file diff --git a/roles/os_zabbix/tasks/main.yml b/roles/os_zabbix/tasks/main.yml index 7552086d4..bd879c25f 100644 --- a/roles/os_zabbix/tasks/main.yml +++ b/roles/os_zabbix/tasks/main.yml @@ -1,4 +1,8 @@ --- +- fail: + msg: "Zabbix config is not yet supported on atomic hosts" + when: is_atomic + - name: Main List all templates zbx_template: zbx_server: "{{ ozb_server }}" diff --git a/roles/yum_repos/tasks/main.yml b/roles/yum_repos/tasks/main.yml index a9903c6c6..252dc71d5 100644 --- a/roles/yum_repos/tasks/main.yml +++ b/roles/yum_repos/tasks/main.yml @@ -45,3 +45,4 @@ src: yumrepo.j2 dest: /etc/yum.repos.d/{{ item.id }}.repo with_items: repo_files + when: not is_atomic -- cgit v1.2.1