Merge remote-tracking branch 'upstream/master' into upgrade33

.tito/packages/openshift-ansible

@@ -1 +1 @@
-3.0.94-1 ./
+3.0.97-1 ./

filter_plugins/openshift_master.py

@@ -13,11 +13,15 @@ from distutils.version import LooseVersion
 
 # pylint: disable=no-name-in-module,import-error
 try:
-    # ansible-2.0
-    from ansible.runner.filter_plugins.core import bool as ansible_bool
+    # ansible-2.1
+    from ansible.plugins.filter.core import to_bool as ansible_bool
 except ImportError:
-    # ansible-1.9.x
-    from ansible.plugins.filter.core import bool as ansible_bool
+    try:
+        #ansible-2.0.x
+        from ansible.runner.filter_plugins.core import bool as ansible_bool
+    except ImportError:
+        # ansible-1.9.x
+        from ansible.plugins.filter.core import bool as ansible_bool
 
 class IdentityProviderBase(object):
     """ IdentityProviderBase

openshift-ansible.spec

@@ -5,7 +5,7 @@
 }
 
 Name:           openshift-ansible
-Version:        3.0.94
+Version:        3.0.97
 Release:        1%{?dist}
 Summary:        Openshift and Atomic Enterprise Ansible
 License:        ASL 2.0
@@ -205,6 +205,50 @@ Atomic OpenShift Utilities includes
 
 
 %changelog
+* Mon Jun 06 2016 Scott Dodson <sdodson@redhat.com> 3.0.97-1
+- Only run node specific bits on nodes (sdodson@redhat.com)
+- Update main.yaml (detiber@gmail.com)
+- Hardcoded values in "launch_instances" - isue # 1970 (daniel@dumdan.com)
+- XPAAS v1.3.1 content for Origin 1.1 / OSE 3.1 (sdodson@redhat.com)
+- XPAAS v1.3.1 release for Origin 1.2 / OSE 3.2 (sdodson@redhat.com)
+- Configure default docker logging options. (abutcher@redhat.com)
+- Run rhel_subscribe on l_oo_all_hosts rather than all (sdodson@redhat.com)
+- Fix error with stopping services that may not exist. (dgoodwin@redhat.com)
+- Add haproxy_frontend_port to vars for openshift-loadbalancer.
+  (abutcher@redhat.com)
+- Move os_firewall_allow from defaults to role dependencies.
+  (abutcher@redhat.com)
+- Ensure registry url evaluated when creating router. (abutcher@redhat.com)
+- Document protocol in readme aws. (abutcher@redhat.com)
+- Revert openshift-certificates changes. (abutcher@redhat.com)
+- wait metrics-deployer complete (need to configure nodes before hosted
+  services) (you@example.com)
+- switch to using sig release packages (jdetiber@redhat.com)
+- temporarily disable gpg checking until we have a way to cleanly enable it
+  (jdetiber@redhat.com)
+- Switch to using CentOS SIG repos for Origin installs (jdetiber@redhat.com)
+- Separate master and haproxy config playbooks. (abutcher@redhat.com)
+- Cleanup bin, test and roles/openshift_ansible_inventory following move to
+  openshift-tools (abutcher@redhat.com)
+- Catch more uninstall targets (sdodson@redhat.com)
+- Adding openshift_clock parameters to example inventory files
+  (jstuever@redhat.com)
+- Enable openshift_clock role for openshift_master, openshift_node, and
+  openshift_etcd (jstuever@redhat.com)
+- Add openshift_clock role to manage system clocks (jstuever@redhat.com)
+- Allow clock role in openshift_facts (jstuever@redhat.com)
+- Consolidate ca/master/node certificates roles into openshift_certificates.
+  (abutcher@redhat.com)
+- allow for overriding dns_flavor for openstack provider (jdetiber@redhat.com)
+- add user-data file back to openstack provisioner (jdetiber@redhat.com)
+- g_all_hosts with templated with_items causes errors with ansible 1.9.4 under
+  some conditions (jdetiber@redhat.com)
+- openstack_fixes (jdetiber@redhat.com)
+- libvirt_fixes (jdetiber@redhat.com)
+- gce fixes (jdetiber@redhat.com)
+- aws provider fixes (jdetiber@redhat.com)
+- Call evaluate_groups from update_repos_and_packages (jdetiber@redhat.com)
+
 * Thu May 26 2016 Scott Dodson <sdodson@redhat.com> 3.0.94-1
 - Use grep to decide when to add our comment (sdodson@redhat.com)
 

playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml

@@ -54,7 +54,7 @@
   - script: ../files/pre-upgrade-check
 
 
-- name: Verify upgrade can proceed
+- name: Verify upgrade targets
   hosts: oo_masters_to_config:oo_nodes_to_config
   vars:
     target_version: "{{ '1.1' if deployment_type == 'origin' else '3.1' }}"

playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml

@@ -29,7 +29,7 @@
         valid version for a {{ target_version }} upgrade
     when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(target_version ,'<')
 
-- name: Verify upgrade can proceed
+- name: Verify upgrade targets
   hosts: oo_masters_to_config:oo_nodes_to_config
   vars:
     target_version: "{{ '1.1.1' if deployment_type == 'origin' else '3.1.1' }}"

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml

@@ -72,7 +72,7 @@
     openshift_release: "3.2"
     openshift_protect_installed_version: False
 
-- name: Verify upgrade can proceed on masters
+- name: Verify master processes
   hosts: oo_masters_to_config
   roles:
   - openshift_facts
@@ -103,7 +103,7 @@
       enabled: yes
     when: openshift.master.ha is defined and openshift.master.ha | bool and openshift.common.is_containerized | bool
 
-- name: Verify upgrade can proceed on nodes
+- name: Verify node processes
   hosts: oo_nodes_to_config
   roles:
   - openshift_facts
@@ -115,7 +115,7 @@
       enabled: yes
     when: openshift.common.is_containerized | bool
 
-- name: Verify upgrade can proceed on masters and nodes
+- name: Verify upgrade targets
   hosts: oo_masters_to_config:oo_nodes_to_config
   vars:
     target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"

playbooks/common/openshift-loadbalancer/config.yml

@@ -1,7 +1,5 @@
 ---
 - name: Configure load balancers
   hosts: oo_lb_to_config
-  vars:
-    haproxy_frontend_port: "{{ openshift_master_api_port | default(8443) }}"
   roles:
   - role: openshift_loadbalancer

playbooks/openstack/openshift-cluster/files/heat_stack.yaml

@@ -288,6 +288,14 @@ resources:
           port_range_max: 53
         - direction: ingress
           protocol: tcp
+          port_range_min: 8053
+          port_range_max: 8053
+        - direction: ingress
+          protocol: udp
+          port_range_min: 8053
+          port_range_max: 8053
+        - direction: ingress
+          protocol: tcp
           port_range_min: 24224
           port_range_max: 24224
         - direction: ingress

playbooks/openstack/openshift-cluster/launch.yml

@@ -46,7 +46,7 @@
              -P master_flavor={{ openstack_flavor["master"] }}
              -P node_flavor={{ openstack_flavor["node"] }}
              -P infra_flavor={{ openstack_flavor["infra"] }}
-             -P dns_flavor={{ openshift_flavor["dns"] }}
+             -P dns_flavor={{ openstack_flavor["dns"] }}
              openshift-ansible-{{ cluster_id }}-stack'
 
   - name: Wait for OpenStack Stack readiness

roles/docker/tasks/main.yml

@@ -85,6 +85,7 @@
       reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}"
   notify:
     - restart docker
+  when: "{{ 'http_proxy' in openshift.common or 'https_proxy' in openshift.common and docker_check.stat.isreg }}"
 
 - name: Set various docker options
   lineinfile:

roles/openshift_facts/library/openshift_facts.py

@@ -1573,7 +1573,15 @@ class OpenShiftFacts(object):
                 "Role %s is not supported by this module" % role
             )
         self.role = role
-        self.system_facts = ansible_facts(module)
+
+        try:
+            # ansible-2.1
+            # pylint: disable=too-many-function-args
+            self.system_facts = ansible_facts(module, ['hardware', 'network', 'virtual', 'facter'])
+        except TypeError:
+            # ansible-1.9.x,ansible-2.0.x
+            self.system_facts = ansible_facts(module)
+
         self.facts = self.generate_facts(local_facts,
                                          additive_facts_to_overwrite,
                                          openshift_env,

roles/openshift_loadbalancer/defaults/main.yml

@@ -1,6 +1,4 @@
 ---
-haproxy_frontend_port: 8443
-
 haproxy_frontends:
 - name: main
   binds:

roles/openshift_loadbalancer/meta/main.yml

@@ -10,11 +10,11 @@ galaxy_info:
     versions:
     - 7
 dependencies:
-- role: openshift_facts
+- role: openshift_loadbalancer_facts
 - role: os_firewall
   os_firewall_allow:
   - service: haproxy stats
     port: "9000/tcp"
   - service: haproxy balance
-    port: "{{ haproxy_frontend_port }}/tcp"
+    port: "{{ openshift.loadbalancer.frontend_port }}/tcp"
 - role: openshift_repos

roles/openshift_loadbalancer/tasks/main.yml

@@ -1,34 +1,4 @@
 ---
-- name: Set haproxy frontend port
-  openshift_facts:
-    role: loadbalancer
-    local_facts:
-      frontend_port: "{{ openshift_master_api_port | default(None) }}"
-
-- name: Set loadbalancer facts
-  openshift_facts:
-    role: loadbalancer
-    local_facts:
-      limit_nofile: "{{ openshift_loadbalancer_limit_nofile | default(None) }}"
-      default_maxconn: "{{ openshift_loadbalancer_default_maxconn | default(None) }}"
-      global_maxconn: "{{ openshift_loadbalancer_global_maxconn | default(None) }}"
-      frontends:
-      - name: atomic-openshift-api
-        mode: tcp
-        options:
-        - tcplog
-        binds:
-        - "*:{{ openshift.loadbalancer.frontend_port }}"
-        default_backend: atomic-openshift-api
-      backends:
-      - name: atomic-openshift-api
-        mode: tcp
-        option: tcplog
-        balance: source
-        servers: "{{ hostvars
-                     | oo_select_keys(groups['oo_masters'])
-                     | oo_haproxy_backend_masters(openshift.loadbalancer.frontend_port) }}"
-
 - name: Install haproxy
   action: "{{ ansible_pkg_mgr }} name=haproxy state=present"
   when: not openshift.common.is_containerized | bool

roles/openshift_loadbalancer_facts/README.md

@@ -0,0 +1,34 @@
+OpenShift HAProxy Loadbalancer Facts
+====================================
+
+TODO
+
+Requirements
+------------
+
+TODO
+
+Role Variables
+--------------
+
+TODO
+
+Dependencies
+------------
+
+TODO
+
+Example Playbook
+----------------
+
+TODO
+
+License
+-------
+
+Apache License, Version 2.0
+
+Author Information
+------------------
+
+Andrew Butcher (abutcher@redhat.com)

roles/openshift_loadbalancer_facts/meta/main.yml

@@ -0,0 +1,13 @@
+---
+galaxy_info:
+  author: Andrew Butcher
+  description: OpenShift loadbalancer facts
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 1.9
+  platforms:
+  - name: EL
+    versions:
+    - 7
+dependencies:
+- role: openshift_facts

roles/openshift_loadbalancer_facts/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: Set haproxy frontend port
+  openshift_facts:
+    role: loadbalancer
+    local_facts:
+      frontend_port: "{{ openshift_master_api_port | default(None) }}"
+
+- name: Set loadbalancer facts
+  openshift_facts:
+    role: loadbalancer
+    local_facts:
+      limit_nofile: "{{ openshift_loadbalancer_limit_nofile | default(None) }}"
+      default_maxconn: "{{ openshift_loadbalancer_default_maxconn | default(None) }}"
+      global_maxconn: "{{ openshift_loadbalancer_global_maxconn | default(None) }}"
+      frontends:
+      - name: atomic-openshift-api
+        mode: tcp
+        options:
+        - tcplog
+        binds:
+        - "*:{{ openshift.loadbalancer.frontend_port }}"
+        default_backend: atomic-openshift-api
+      backends:
+      - name: atomic-openshift-api
+        mode: tcp
+        option: tcplog
+        balance: source
+        servers: "{{ hostvars
+                     | oo_select_keys(groups['oo_masters'])
+                     | oo_haproxy_backend_masters(openshift.loadbalancer.frontend_port) }}"

roles/openshift_master/tasks/main.yml

@@ -92,8 +92,16 @@
   template:
     dest: "{{ item.filename }}"
     src: htpasswd.j2
-    mode: 0600
     backup: yes
+  when: item.kind == 'HTPasswdPasswordIdentityProvider' and openshift.master.manage_htpasswd | bool
+  with_items: "{{ openshift.master.identity_providers }}"
+
+- name: Ensure htpasswd file exists
+  copy:
+    dest: "{{ item.filename }}"
+    force: no
+    content: ""
+    mode: 0600
   when: item.kind == 'HTPasswdPasswordIdentityProvider'
   with_items: "{{ openshift.master.identity_providers }}"
 

roles/openshift_master/tasks/systemd_units.yml

@@ -38,22 +38,54 @@
   when: create_ha_unit_files | changed
 # end workaround for missing systemd unit files
 
+- name: Preserve Master API Proxy Config options
+  command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+  register: master_api_proxy
+  when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
+  failed_when: false
+  changed_when: false
+
 - name: Create the master api service env file
   template:
     src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2"
     dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+    backup: true
   when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
   notify:
   - restart master api
 
+- name: Restore Master API Proxy Config Options
+  when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
+      and master_api_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common
+  lineinfile:
+    dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+    line: "{{ item }}"
+  with_items: "{{ master_api_proxy.stdout_lines | default([]) }}"
+
+- name: Preserve Master Controllers Proxy Config options
+  command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+  register: master_controllers_proxy
+  when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
+  failed_when: false
+  changed_when: false
+
 - name: Create the master controllers service env file
   template:
     src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2"
     dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+    backup: true
   when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
   notify:
   - restart master controllers
 
+- name: Restore Master Controllers Proxy Config Options
+  lineinfile:
+    dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+    line: "{{ item }}"
+  with_items: "{{ master_controllers_proxy.stdout_lines | default([]) }}"
+  when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
+        and master_controllers_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common 
+
 - name: Install Master docker service file
   template:
     dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service"
@@ -61,9 +93,23 @@
   register: install_result
   when: openshift.common.is_containerized | bool and openshift.master.ha is defined and not openshift.master.ha | bool
 
+- name: Preserve Master Proxy Config options
+  command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master
+  register: master_proxy
+  failed_when: false
+  changed_when: false
+
 - name: Create the master service env file
   template:
     src: "atomic-openshift-master.j2"
     dest: /etc/sysconfig/{{ openshift.common.service_type }}-master
+    backup: true
   notify:
   - restart master
+
+- name: Restore Master Proxy Config Options
+  lineinfile:
+    dest: /etc/sysconfig/{{ openshift.common.service_type }}-master
+    line: "{{ item }}"
+  with_items: "{{ master_proxy.stdout_lines | default([]) }}"
+  when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common

roles/openshift_master_facts/tasks/main.yml

@@ -42,6 +42,7 @@
       auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}"
       identity_providers: "{{ openshift_master_identity_providers | default(None) }}"
       htpasswd_users: "{{ openshift_master_htpasswd_users | default(lookup('file', openshift_master_htpasswd_file) | oo_htpasswd_users_from_file if openshift_master_htpasswd_file is defined else None) }}"
+      manage_htpasswd: "{{ openshift_master_manage_htpasswd | default(true) }}"
       ldap_ca: "{{ openshift_master_ldap_ca | default(lookup('file', openshift_master_ldap_ca_file) if openshift_master_ldap_ca_file is defined else None) }}"
       openid_ca: "{{ openshift_master_openid_ca | default(lookup('file', openshift_master_openid_ca_file) if openshift_master_openid_ca_file is defined else None) }}"
       request_header_ca: "{{ openshift_master_request_header_ca | default(lookup('file', openshift_master_request_header_ca_file) if openshift_master_request_header_ca_file is defined else None) }}"