summaryrefslogtreecommitdiffstats
path: root/playbooks/common/openshift-master/config.yml
blob: 81c9220434ec317bd8103ae47921920086aa44c8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
---
- name: Gather and set facts for master hosts
  hosts: oo_masters_to_config
  vars:
    t_oo_option_master_debug_level: "{{ lookup('oo_option', 'openshift_master_debug_level') }}"

  pre_tasks:
  - name: Check for RPM generated config marker file .config_managed
    stat:
      path: /etc/origin/.config_managed
    register: rpmgenerated_config

  - name: Remove RPM generated config files if present
    file:
      path: "/etc/origin/{{ item }}"
      state: absent
    when: rpmgenerated_config.stat.exists == true and deployment_type in ['openshift-enterprise', 'atomic-enterprise']
    with_items:
    - master
    - node
    - .config_managed

  - set_fact:
      openshift_master_pod_eviction_timeout: "{{ lookup('oo_option', 'openshift_master_pod_eviction_timeout') | default(none, true) }}"
    when: openshift_master_pod_eviction_timeout is not defined

  - set_fact:
      openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}"
      openshift_master_etcd_hosts: "{{ hostvars
                                       | oo_select_keys(groups['oo_etcd_to_config']
                                                        | default([]))
                                       | oo_collect('openshift.common.hostname')
                                       | default(none, true) }}"

  - set_fact:
      openshift_master_debug_level: "{{ t_oo_option_master_debug_level }}"
    when: openshift_master_debug_level is not defined and t_oo_option_master_debug_level != ""

  - set_fact:
      openshift_master_default_subdomain: "{{ lookup('oo_option', 'openshift_master_default_subdomain') | default(None, true) }}"
    when: openshift_master_default_subdomain is not defined
  - set_fact:
      openshift_hosted_metrics_deploy: "{{ lookup('oo_option', 'openshift_hosted_metrics_deploy') | default(false, true) }}"
    when: openshift_hosted_metrics_deploy is not defined
  - set_fact:
      openshift_hosted_metrics_duration: "{{ lookup('oo_option', 'openshift_hosted_metrics_duration') | default(7) }}"
    when: openshift_hosted_metrics_duration is not defined
  - set_fact:
      openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default('10s', true) }}"
    when: openshift_hosted_metrics_resolution is not defined
  - set_fact:
      openshift_hosted_metrics_deployer_prefix: "{{ lookup('oo_option', 'openshift_hosted_metrics_deployer_prefix') | default('openshift') }}"
    when: openshift_hosted_metrics_deployer_prefix is not defined
  - set_fact:
      openshift_hosted_metrics_deployer_version: "{{ lookup('oo_option', 'openshift_hosted_metrics_deployer_version') | default('latest') }}"
    when: openshift_hosted_metrics_deployer_version is not defined
  roles:
  - openshift_facts
  post_tasks:
  - openshift_facts:
      role: master
      local_facts:
        api_port: "{{ openshift_master_api_port | default(None) }}"
        api_url: "{{ openshift_master_api_url | default(None) }}"
        api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}"
        controllers_port: "{{ openshift_master_controllers_port | default(None) }}"
        public_api_url: "{{ openshift_master_public_api_url | default(None) }}"
        cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}"
        cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}"
        console_path: "{{ openshift_master_console_path | default(None) }}"
        console_port: "{{ openshift_master_console_port | default(None) }}"
        console_url: "{{ openshift_master_console_url | default(None) }}"
        console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}"
        public_console_url: "{{ openshift_master_public_console_url | default(None) }}"
        ha: "{{ openshift_master_ha | default(groups.oo_masters | length > 1) }}"
        master_count: "{{ openshift_master_count | default(groups.oo_masters | length) }}"

- name: Determine if session secrets must be generated
  hosts: oo_first_master
  roles:
  - role: openshift_facts
  post_tasks:
  - openshift_facts:
      role: master
      local_facts:
        session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(openshift.master.session_auth_secrets | default(None)) }}"
        session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(openshift.master.session_encryption_secrets | default(None)) }}"

- name: Generate master session secrets
  hosts: oo_first_master
  vars:
    g_session_secrets_present: "{{ (openshift.master.session_auth_secrets | default([])) | length > 0 and (openshift.master.session_encryption_secrets | default([])) | length > 0 }}"
    g_session_auth_secrets: "{{ [ 24 | oo_generate_secret ] }}"
    g_session_encryption_secrets: "{{ [ 24 | oo_generate_secret ] }}"
  roles:
  - role: openshift_facts
  tasks:
  - openshift_facts:
      role: master
      local_facts:
        session_auth_secrets: "{{ g_session_auth_secrets }}"
        session_encryption_secrets: "{{ g_session_encryption_secrets }}"
    when: not g_session_secrets_present | bool

- name: Configure masters
  hosts: oo_masters_to_config
  any_errors_fatal: true
  vars:
    openshift_master_ha: "{{ openshift.master.ha }}"
    openshift_master_count: "{{ openshift.master.master_count }}"
    openshift_master_session_auth_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_auth_secrets }}"
    openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}"
    openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']
                                                    | union(groups['oo_masters_to_config'])
                                                    | union(groups['oo_etcd_to_config'] | default([])))
                                                | oo_collect('openshift.common.hostname') | default([]) | join (',')
                                                }}"
  roles:
  - role: openshift_master
    openshift_ca_host: "{{ groups.oo_first_master.0 }}"
    openshift_master_etcd_hosts: "{{ hostvars
                                     | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
                                     | oo_collect('openshift.common.hostname')
                                     | default(none, true) }}"
    openshift_master_hosts: "{{ groups.oo_masters_to_config }}"
    etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
    etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}"
    etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
    etcd_cert_prefix: "master.etcd-"
  - role: nuage_master
    when: openshift.common.use_nuage | bool
  - role: calico_master
    when: openshift.common.use_calico | bool

  post_tasks:
  - name: Create group for deployment type
    group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }}
    changed_when: False