roles/openshift_node/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

---
# TODO: allow for overriding default ports where possible
- fail:
    msg: This role requres that osn_cluster_dns_domain is set
  when: osn_cluster_dns_domain is not defined or not osn_cluster_dns_domain
- fail:
    msg: This role requres that osn_cluster_dns_ip is set
  when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip
- fail:
    msg: "SELinux is disabled, This deployment type requires that SELinux is enabled."
  when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online']

- name: Install OpenShift Node package
  yum: pkg=openshift-node state=present
  register: node_install_result

- name: Install openshift-sdn-ovs
  yum: pkg=openshift-sdn-ovs state=present
  register: sdn_install_result
  when: openshift.common.use_openshift_sdn

- name: Set node OpenShift facts
  openshift_facts:
    role: "{{ item.role }}"
    local_facts: "{{ item.local_facts }}"
  with_items:
  - role: common
    local_facts:
      hostname: "{{ openshift_hostname | default(none) }}"
      public_hostname: "{{ openshift_public_hostname | default(none) }}"
      deployment_type: "{{ openshift_deployment_type }}"
  - role: node
    local_facts:
      labels: "{{ openshift_node_labels | default(none) }}"
      annotations: "{{ openshift_node_annotations | default(none) }}"
      registry_url: "{{ oreg_url | default(none) }}"
      debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}"
      portal_net: "{{ openshift_master_portal_net | default(None) }}"
      kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"

# TODO: add the validate parameter when there is a validation command to run
- name: Create the Node config
  template:
    dest: "{{ openshift_node_config_file }}"
    src: node.yaml.v1.j2
  notify:
  - restart openshift-node

- name: Configure OpenShift Node settings
  lineinfile:
    dest: /etc/sysconfig/openshift-node
    regexp: "{{ item.regex }}"
    line: "{{ item.line }}"
  with_items:
    - regex: '^OPTIONS='
      line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}"
    - regex: '^CONFIG_FILE='
      line: "CONFIG_FILE={{ openshift_node_config_file }}"
  notify:
  - restart openshift-node

- stat: path=/etc/sysconfig/docker
  register: docker_check

  # TODO: Enable secure registry when code available in origin
- name: Secure OpenShift Registry
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^OPTIONS=.*'
    line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \
{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'"
  when: docker_check.stat.isreg
  notify:
    - restart docker

- set_fact:
    docker_additional_registries: "registry.access.redhat.com,{{ lookup('oo_option', 'docker_additional_registries') }}"
  when: deployment_type == 'enterprise'
- set_fact:
    docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}"
  when: deployment_type != 'enterprise'

- name: Add personal registries
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^ADD_REGISTRY=.*'
    line: "ADD_REGISTRY='{{ docker_additional_registries | oo_split()
                              | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'"
  when: docker_check.stat.isreg and
        docker_additional_registries != ''
  notify:
    - restart docker

- name: Block registries
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^BLOCK_REGISTRY=.*'
    line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split()
                              | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'"
  when: docker_check.stat.isreg and
        lookup('oo_option', 'docker_blocked_registries') != ''
  notify:
    - restart docker

- name: Grant access to additional insecure registries
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^INSECURE_REGISTRY=.*'
    line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split()
                              | oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'"
  when: docker_check.stat.isreg and
        lookup('oo_option', 'docker_insecure_registries') != ''
  notify:
    - restart docker

- name: Allow NFS access for VMs
  seboolean: name=virt_use_nfs state=yes persistent=yes
  when: ansible_selinux and ansible_selinux.status == "enabled"

- name: Start and enable openshift-node
  service: name=openshift-node enabled=yes state=started
  register: start_result

- name: pause to prevent service restart from interfering with bootstrapping
  pause: seconds=30
  when: start_result | changed