Merge pull request #7787 from mgugino-upstream-stage/refactor-master-facts

Remove unused/obsolete items from openshift_master_facts

inventory/hosts.example

@@ -982,7 +982,7 @@ debug_level=2
 #openshift_template_service_broker_namespaces=['openshift']
 
 # masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default
-#openshift_master_dynamic_provisioning_enabled=False
+#openshift_master_dynamic_provisioning_enabled=True
 
 # Admission plugin config
 #openshift_master_admission_plugin_config={"ProjectRequestLimit":{"configuration":{"apiVersion":"v1","kind":"ProjectRequestLimitConfig","limits":[{"selector":{"admin":"true"}},{"maxProjects":"1"}]}},"PodNodeConstraints":{"configuration":{"apiVersion":"v1","kind":"PodNodeConstraintsConfig"}}}
@@ -992,11 +992,9 @@ debug_level=2
 
 # OpenShift Per-Service Environment Variables
 # Environment variables are added to /etc/sysconfig files for
-# each OpenShift service: node, master (api and controllers).
+# each OpenShift node.
 # API and controllers environment variables are merged in single
 # master environments.
-#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"}
-#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"}
 #openshift_node_env_vars={"ENABLE_HTTP2": "true"}
 
 # Enable API service auditing

roles/openshift_control_plane/defaults/main.yml

@@ -151,3 +151,19 @@ l_osm_session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(
 
 l_osm_sess_encrypt_def: "{{ hostvars[groups.oo_first_master.0]['l_osm_session_encryption_secrets'] }}"
 l_osm_session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(l_osm_sess_encrypt_def) }}"
+
+openshift_master_access_token_max_seconds: 86400
+openshift_master_auth_token_max_seconds: 500
+
+# oo_htpasswd_users_from_file is a custom filter in role lib_utils
+l_osm_htpasswd_users_none: {}
+openshift_master_htpasswd_users: "{{ lookup('file', openshift_master_htpasswd_file) | oo_htpasswd_users_from_file if openshift_master_htpasswd_file is defined else l_osm_htpasswd_users_none }}"
+openshift_master_manage_htpasswd: True
+l_osm_request_header_none: {}
+openshift_master_request_header_ca: "{{ lookup('file', openshift_master_request_header_ca_file) if openshift_master_request_header_ca_file is defined else l_osm_request_header_none }}"
+openshift_master_oauth_grant_method: auto
+openshift_master_dynamic_provisioning_enabled: True
+openshift_master_max_requests_inflight: 500
+openshift_master_embedded_dns: True
+openshift_master_embedded_kube: True
+openshift_master_pod_eviction_timeout: ""

roles/openshift_control_plane/tasks/main.yml

@@ -8,7 +8,6 @@
     msg: >
       Invalid OAuth grant method: {{ openshift_master_oauth_grant_method }}
   when:
-  - openshift_master_oauth_grant_method is defined
   - openshift_master_oauth_grant_method not in openshift_master_valid_grant_methods
 
 - name: Open up firewall ports
@@ -68,7 +67,7 @@
     mode: 0600
   when:
   - item.kind == 'HTPasswdPasswordIdentityProvider'
-  - openshift.master.manage_htpasswd | bool
+  - openshift_master_manage_htpasswd | bool
   with_items: "{{ openshift_master_identity_providers }}"
 
 - name: Ensure htpasswd file exists
@@ -107,11 +106,11 @@
 - name: Create the request header ca file if needed
   copy:
     dest: "{{ item.clientCA if 'clientCA' in item and '/' in item.clientCA else openshift_master_config_dir ~ '/' ~ item.clientCA | default('request_header_ca.crt') }}"
-    content: "{{ openshift.master.request_header_ca }}"
+    content: "{{ openshift_master_request_header_ca }}"
     mode: 0600
     backup: yes
   when:
-  - openshift.master.request_header_ca is defined
+  - openshift_master_request_header_ca != l_osm_request_header_none
   - item.kind == 'RequestHeaderIdentityProvider'
   - item.clientCA | default('') != ''
   with_items: "{{ openshift_master_identity_providers }}"

roles/openshift_control_plane/templates/htpasswd.j2

@@ -1,5 +1,3 @@
-{% if 'htpasswd_users' in openshift.master %}
-{%   for user,pass in openshift.master.htpasswd_users.items() %}
+{%   for user,pass in openshift_master_htpasswd_users.items() %}
 {{     user ~ ':' ~ pass }}
 {%   endfor %}
-{% endif %}

roles/openshift_control_plane/templates/master.yaml.v1.j2

@@ -24,8 +24,8 @@ authConfig:
     - X-Remote-Extra-
 apiLevels:
 - v1
-{% if openshift.master.audit_config | default(none) is not none %}
-auditConfig:{{ openshift.master.audit_config | lib_utils_to_padded_yaml(level=1) }}
+{% if openshift_master_audit_config is defined %}
+auditConfig:{{ openshift_master_audit_config | lib_utils_to_padded_yaml(level=1) }}
 {% endif %}
 controllerConfig:
   election:
@@ -40,13 +40,13 @@ corsAllowedOrigins:
 {% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %}
   - (?i)//{{ origin | regex_escape() }}(:|\z)
 {% endfor %}
-{% for custom_origin in openshift.master.custom_cors_origins | default("") %}
+{% for custom_origin in osm_custom_cors_origins | default("") %}
   - (?i)//{{ custom_origin | regex_escape() }}(:|\z)
 {% endfor %}
 {% if 'disabled_features' in openshift.master %}
 disabledFeatures: {{ openshift.master.disabled_features | to_json }}
 {% endif %}
-{% if openshift.master.embedded_dns | bool %}
+{% if openshift_master_embedded_dns | bool %}
 dnsConfig:
   bindAddress: {{ openshift.master.bind_addr }}:{{ openshift_master_dns_port }}
   bindNetwork: tcp4
@@ -74,7 +74,7 @@ kubeletClientInfo:
   certFile: master.kubelet-client.crt
   keyFile: master.kubelet-client.key
   port: 10250
-{% if openshift.master.embedded_kube | bool %}
+{% if openshift_master_embedded_kube | bool %}
 kubernetesMasterConfig:
   apiServerArguments: {{ openshift.master.api_server_args | default(None) | lib_utils_to_padded_yaml( level=2 ) }}
     storage-backend:
@@ -84,7 +84,7 @@ kubernetesMasterConfig:
   controllerArguments: {{ openshift.master.controller_args | default(None) | lib_utils_to_padded_yaml( level=2 ) }}
   masterCount: {{ openshift_master_count | default(groups.oo_masters | length) }}
   masterIP: {{ openshift.common.ip }}
-  podEvictionTimeout: {{ openshift.master.pod_eviction_timeout | default("") }}
+  podEvictionTimeout: {{ openshift_master_pod_eviction_timeout }}
   proxyClientInfo:
     certFile: master.proxy-client.crt
     keyFile: master.proxy-client.key
@@ -127,15 +127,15 @@ networkConfig:
   ingressIPNetworkCIDR: {{ openshift_master_ingress_ip_network_cidr }}
 {% endif %}
 oauthConfig:
-{% if 'oauth_always_show_provider_selection' in openshift.master %}
-  alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }}
+{% if openshift_master_oauth_always_show_provider_selection is defined %}
+  alwaysShowProviderSelection: {{ openshift_master_oauth_always_show_provider_selection }}
 {% endif %}
 {% if l_openshift_master_oauth_templates %}
   templates:{{ l_openshift_master_oauth_templates | lib_utils_to_padded_yaml(level=2) }}
 {% endif %}
   assetPublicURL: {{ openshift.master.public_console_url }}/
   grantConfig:
-    method: {{ openshift.master.oauth_grant_method }}
+    method: {{ openshift_master_oauth_grant_method }}
   identityProviders:
 {% for line in translated_identity_providers.splitlines() %}
   {{ line }}
@@ -148,8 +148,8 @@ oauthConfig:
     sessionName: {{ openshift.master.session_name }}
     sessionSecretsFile: {{ openshift_master_session_secrets_file }}
   tokenConfig:
-    accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }}
-    authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }}
+    accessTokenMaxAgeSeconds: {{ openshift_master_access_token_max_seconds }}
+    authorizeTokenMaxAgeSeconds: {{ openshift_master_auth_token_max_seconds }}
 pauseControllers: false
 policyConfig:
   bootstrapPolicyFile: {{ openshift_master_policy }}
@@ -181,7 +181,7 @@ servingInfo:
   certFile: master.server.crt
   clientCA: ca.crt
   keyFile: master.server.key
-  maxRequestsInFlight: {{ openshift.master.max_requests_inflight }}
+  maxRequestsInFlight: {{ openshift_master_max_requests_inflight }}
   requestTimeoutSeconds: 3600
 {% if openshift.master.named_certificates | default([]) | length > 0 %}
   namedCertificates:
@@ -204,4 +204,4 @@ servingInfo:
 {% endfor %}
 {% endif %}
 volumeConfig:
-  dynamicProvisioningEnabled: {{ openshift.master.dynamic_provisioning_enabled }}
+  dynamicProvisioningEnabled: {{ openshift_master_dynamic_provisioning_enabled }}

roles/openshift_facts/library/openshift_facts.py

@@ -1208,16 +1208,9 @@ class OpenShiftFacts(object):
                                       console_path='/console',
                                       console_port='8443',
                                       portal_net='172.30.0.0/16',
-                                      embedded_kube=True,
-                                      embedded_dns=True,
                                       bind_addr='0.0.0.0',
                                       session_max_seconds=3600,
-                                      session_name='ssn',
-                                      access_token_max_seconds=86400,
-                                      auth_token_max_seconds=500,
-                                      oauth_grant_method='auto',
-                                      dynamic_provisioning_enabled=True,
-                                      max_requests_inflight=500)
+                                      session_name='ssn')
 
         if 'cloudprovider' in roles:
             defaults['cloudprovider'] = dict(kind=None)

roles/openshift_master_facts/tasks/main.yml

@@ -38,39 +38,21 @@
       public_console_url: "{{ openshift_master_public_console_url | default(None) }}"
       logging_public_url: "{{ openshift_master_logging_public_url | default(None) }}"
       logout_url: "{{ openshift_master_logout_url | default(None) }}"
-      embedded_kube: "{{ openshift_master_embedded_kube | default(None) }}"
-      embedded_dns: "{{ openshift_master_embedded_dns | default(None) }}"
       bind_addr: "{{ openshift_master_bind_addr | default(None) }}"
-      pod_eviction_timeout: "{{ openshift_master_pod_eviction_timeout | default(None) }}"
       session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}"
       session_name: "{{ openshift_master_session_name | default(None) }}"
-      access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}"
-      auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}"
-      # oo_htpasswd_users_from_file is a custom filter in role lib_utils
-      htpasswd_users: "{{ openshift_master_htpasswd_users | default(lookup('file', openshift_master_htpasswd_file) | oo_htpasswd_users_from_file if openshift_master_htpasswd_file is defined else None) }}"
-      manage_htpasswd: "{{ openshift_master_manage_htpasswd | default(true) }}"
       ldap_ca: "{{ openshift_master_ldap_ca | default(lookup('file', openshift_master_ldap_ca_file) if openshift_master_ldap_ca_file is defined else None) }}"
       openid_ca: "{{ openshift_master_openid_ca | default(lookup('file', openshift_master_openid_ca_file) if openshift_master_openid_ca_file is defined else None) }}"
-      request_header_ca: "{{ openshift_master_request_header_ca | default(lookup('file', openshift_master_request_header_ca_file) if openshift_master_request_header_ca_file is defined else None) }}"
       registry_url: "{{ oreg_url_master | default(oreg_url) | default(None) }}"
-      oauth_grant_method: "{{ openshift_master_oauth_grant_method | default(None) }}"
       sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}"
       sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}"
-      custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}"
       registry_selector: "{{ openshift_registry_selector | default(None) }}"
       api_server_args: "{{ osm_api_server_args | default(None) }}"
       controller_args: "{{ osm_controller_args | default(None) }}"
       disabled_features: "{{ osm_disabled_features | default(None) }}"
       admission_plugin_config: "{{openshift_master_admission_plugin_config }}"
       kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}"  # deprecated, merged with admission_plugin_config
-      oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}"
       image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}"
-      dynamic_provisioning_enabled: "{{ openshift_master_dynamic_provisioning_enabled | default(None) }}"
-      max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}"
-      api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}"
-      controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}"
-      audit_config: "{{ openshift_master_audit_config | default(None) }}"
-      scheduler_args: "{{ openshift_master_scheduler_args | default(None) }}"
 
 - name: Determine if scheduler config present
   stat: