openshift_node40: cleanup unused bits

roles/openshift_node40/defaults/main.yml

@@ -1,160 +1 @@
 ---
-openshift_node_debug_level: "{{ debug_level | default(2) }}"
-openshift_node_iptables_sync_period: '30s'
-osn_storage_plugin_deps:
-- ceph
-- glusterfs
-- iscsi
-openshift_node_local_quota_per_fsgroup: ""
-openshift_node_proxy_mode: iptables
-openshift_set_node_ip: False
-openshift_config_base: '/etc/origin'
-
-
-# Assume the images are already downloaded on the machine
-system_images_registry: "docker"
-l_osn_image: "{{ (system_images_registry == 'docker') | ternary(osn_image, (osn_image.split('/')|length==2) | ternary(system_images_registry + '/' + osn_image, osn_image)) }}"
-system_osn_image: "{{ (system_images_registry == 'docker') | ternary('docker:' + l_osn_image, l_osn_image) }}"
-
-openshift_node_env_vars: {}
-
-# lo must always be present in this list or dnsmasq will conflict with
-# the node's dns service.
-openshift_node_dnsmasq_except_interfaces:
-- lo
-
-# dnsmasq defaults to neg caching disabled
-openshift_node_dnsmasq_no_negcache: true
-# When openshift_node_dnsmasq_no_negcache is set to false, how many seconds to cache negative lookups.
-openshift_node_dnsmasq_neg_ttl: '1'
-
-r_openshift_node_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
-r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
-
-openshift_node_syscon_auth_mounts_l:
-- type: bind
-  source: "{{ oreg_auth_credentials_path }}"
-  destination: "/root/.docker"
-  options:
-  - ro
-  - bind
-
-# If we need to add new mounts in the future, or the user wants to mount data.
-# This should be in the same format as auth_mounts_l above.
-openshift_node_syscon_add_mounts_l: []
-
-default_r_openshift_node_image_prep_packages:
-- "{{ openshift_service_type }}-node"
-- ansible
-- bash-completion
-- dnsmasq
-- ntp
-- logrotate
-- httpd-tools
-- bind-utils
-- firewalld
-- libselinux-python
-- conntrack-tools
-- openssl
-- iproute
-- python-dbus
-- PyYAML
-- yum-utils
-- glusterfs-fuse
-- device-mapper-multipath
-- nfs-utils
-- cockpit-ws
-- cockpit-system
-- cockpit-bridge
-- cockpit-docker
-- iscsi-initiator-utils
-- ceph-common
-- atomic
-r_openshift_node_image_prep_packages: "{{ default_r_openshift_node_image_prep_packages | union(openshift_node_image_prep_packages | default([])) }}"
-
-r_openshift_node_os_firewall_deny: []
-default_r_openshift_node_os_firewall_allow:
-- service: Kubernetes kubelet
-  port: 10250/tcp
-- service: Kubernetes kube-proxy health check for service load balancers
-  port: 10256/tcp
-- service: http
-  port: 80/tcp
-- service: https
-  port: 443/tcp
-- service: OpenShift OVS sdn
-  port: 4789/udp
-  cond: openshift_use_openshift_sdn | bool
-- service: Calico BGP Port
-  port: 179/tcp
-  cond: "{{ openshift_node_use_calico }}"
-- service: Kubernetes service NodePort TCP
-  port: "{{ openshift_node_port_range | default('') }}/tcp"
-  cond: "{{ openshift_node_port_range is defined }}"
-- service: Kubernetes service NodePort UDP
-  port: "{{ openshift_node_port_range | default('') }}/udp"
-  cond: "{{ openshift_node_port_range is defined }}"
-- service: Prometheus monitoring
-  port: 9000-10000/tcp
-# Allow multiple port ranges to be added to the role
-r_openshift_node_os_firewall_allow: "{{ default_r_openshift_node_os_firewall_allow | union(openshift_node_open_ports | default([])) }}"
-
-# oreg_url is defined by user input
-oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker"
-l_bind_docker_reg_auth: False
-
-openshift_docker_service_name: "docker"
-
-# These defaults assume forcing journald persistence, fsync to disk once
-# a second, rate-limiting to 10,000 logs a second, no forwarding to
-# syslog or wall, using 8GB of disk space maximum, using 10MB journal
-# files, keeping only a days worth of logs per journal file, and
-# retaining journal files no longer than a month.
-journald_vars_to_replace:
-- { var: Storage, val: persistent }
-- { var: Compress, val: yes }
-- { var: SyncIntervalSec, val: 1s }
-- { var: RateLimitInterval, val: 1s }
-- { var: RateLimitBurst, val: 10000 }
-- { var: SystemMaxUse, val: 8G }
-- { var: SystemKeepFree, val: 20% }
-- { var: SystemMaxFileSize, val: 10M }
-- { var: MaxRetentionSec, val: 1month }
-- { var: MaxFileSec, val: 1day }
-- { var: ForwardToSyslog, val: no }
-- { var: ForwardToWall, val: no }
-
-# NOTE
-# r_openshift_node_*_default may be defined external to this role.
-# openshift_use_*, if defined, may affect other roles or play behavior.
-openshift_node_use_openshift_sdn_default: "{{ openshift_use_openshift_sdn | default(True) }}"
-openshift_node_use_openshift_sdn: "{{ openshift_node_use_openshift_sdn_default }}"
-
-openshift_node_sdn_network_plugin_name_default: "{{ os_sdn_network_plugin_name }}"
-openshift_node_sdn_network_plugin_name: "{{ openshift_node_sdn_network_plugin_name_default }}"
-
-openshift_node_use_calico_default: "{{ openshift_use_calico | default(False) }}"
-openshift_node_use_calico: "{{ openshift_node_use_calico_default }}"
-
-openshift_node_use_nuage_default: "{{ openshift_use_nuage | default(False) }}"
-openshift_node_use_nuage: "{{ openshift_node_use_nuage_default }}"
-
-openshift_node_use_contiv_default: "{{ openshift_use_contiv | default(False) }}"
-openshift_node_use_contiv: "{{ openshift_node_use_contiv_default }}"
-
-openshift_node_use_kuryr_default: "{{ openshift_use_kuryr | default(False) }}"
-openshift_node_use_kuryr: "{{ openshift_node_use_kuryr_default }}"
-
-openshift_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}"
-openshift_node_data_dir: "{{ openshift_node_data_dir_default }}"
-
-openshift_node_config_dir_default: "/etc/origin/node"
-openshift_node_config_dir: "{{ openshift_node_config_dir_default }}"
-
-openshift_node_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}"
-openshift_node_image_config_latest: "{{ openshift_node_image_config_latest_default }}"
-
-
-openshift_node_use_instance_profiles: False
-
-openshift_node_use_persistentlocalvolumes: "{{ openshift_persistentlocalstorage_enabled | default(False) | bool }}"

roles/openshift_node40/files/clean-up-crio-pods.sh

@@ -1,24 +0,0 @@
-#!/bin/bash
-for c in $(runc list -q); do
-        output=$(runc state $c | grep io.kubernetes.cri-o.ContainerType)
-        if [[ "$output" =~ "container" ]]; then
-                runc delete -f $c
-        fi
-        for m in $(mount | grep $c | awk '{print $3}'); do
-                umount -R $m
-        done
-done
-for c in $(runc list -q); do
-        output=$(runc state $c | grep io.kubernetes.cri-o.ContainerType)
-        if [[ "$output" =~ "sandbox" ]]; then
-                runc delete -f $c
-        fi
-        for m in $(mount | grep $c | awk '{print $3}'); do
-                umount -R $m
-        done
-done
-mount | grep overlay | awk '{print $3}' | xargs umount | true
-umount -R /var/lib/containers/storage/overlay
-umount -R /var/lib/containers/storage
-rm -rf /var/run/containers/storage/*
-rm -rf /var/lib/containers/storage/*

roles/openshift_node40/files/networkmanager/99-origin-dns.sh

@@ -1,128 +0,0 @@
-#!/bin/bash -x
-# -*- mode: sh; sh-indentation: 2 -*-
-
-# This NetworkManager dispatcher script replicates the functionality of
-# NetworkManager's dns=dnsmasq  however, rather than hardcoding the listening
-# address and /etc/resolv.conf to 127.0.0.1 it pulls the IP address from the
-# interface that owns the default route. This enables us to then configure pods
-# to use this IP address as their only resolver, where as using 127.0.0.1 inside
-# a pod would fail.
-#
-# To use this,
-# - If this host is also a master, reconfigure master dnsConfig to listen on
-#   8053 to avoid conflicts on port 53 and open port 8053 in the firewall
-# - Drop this script in /etc/NetworkManager/dispatcher.d/
-# - systemctl restart NetworkManager
-#
-# Test it:
-# host kubernetes.default.svc.cluster.local
-# host google.com
-#
-# TODO: I think this would be easy to add as a config option in NetworkManager
-# natively, look at hacking that up
-
-cd /etc/sysconfig/network-scripts
-. ./network-functions
-
-[ -f ../network ] && . ../network
-
-if [[ $2 =~ ^(up|dhcp4-change|dhcp6-change)$ ]]; then
-  # If the origin-upstream-dns config file changed we need to restart
-  NEEDS_RESTART=0
-  UPSTREAM_DNS='/etc/dnsmasq.d/origin-upstream-dns.conf'
-  # We'll regenerate the dnsmasq origin config in a temp file first
-  UPSTREAM_DNS_TMP=`mktemp`
-  UPSTREAM_DNS_TMP_SORTED=`mktemp`
-  CURRENT_UPSTREAM_DNS_SORTED=`mktemp`
-  NEW_RESOLV_CONF=`mktemp`
-  NEW_NODE_RESOLV_CONF=`mktemp`
-
-
-  ######################################################################
-  # couldn't find an existing method to determine if the interface owns the
-  # default route
-  def_route=$(/sbin/ip route list match 0.0.0.0/0 | awk '{print $3 }')
-  def_route_int=$(/sbin/ip route get to ${def_route} | awk -F 'dev' '{print $2}' | head -n1 | awk '{print $1}')
-  def_route_ip=$(/sbin/ip route get to ${def_route}  | awk -F 'src' '{print $2}' | head -n1 | awk '{print $1}')
-  if [[ ${DEVICE_IFACE} == ${def_route_int} ]]; then
-    if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then
-      cat << EOF > /etc/dnsmasq.d/origin-dns.conf
-no-resolv
-domain-needed
-server=/cluster.local/172.30.0.1
-server=/30.172.in-addr.arpa/172.30.0.1
-enable-dbus
-dns-forward-max=5000
-cache-size=5000
-min-port=1024
-EOF
-      # New config file, must restart
-      NEEDS_RESTART=1
-    fi
-
-    # If network manager doesn't know about the nameservers then the best
-    # we can do is grab them from /etc/resolv.conf but only if we've got no
-    # watermark
-    if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then
-      if [[ -z "${IP4_NAMESERVERS}" || "${IP4_NAMESERVERS}" == "${def_route_ip}" ]]; then
-            IP4_NAMESERVERS=`grep '^nameserver[[:blank:]]' /etc/resolv.conf | awk '{ print $2 }'`
-      fi
-      ######################################################################
-      # Write out default nameservers for /etc/dnsmasq.d/origin-upstream-dns.conf
-      # and /etc/origin/node/resolv.conf in their respective formats
-      for ns in ${IP4_NAMESERVERS}; do
-        if [[ ! -z $ns ]]; then
-          echo "server=${ns}" >> $UPSTREAM_DNS_TMP
-          echo "nameserver ${ns}" >> $NEW_NODE_RESOLV_CONF
-        fi
-      done
-      # Sort it in case DNS servers arrived in a different order
-      sort $UPSTREAM_DNS_TMP > $UPSTREAM_DNS_TMP_SORTED
-      sort $UPSTREAM_DNS > $CURRENT_UPSTREAM_DNS_SORTED
-      # Compare to the current config file (sorted)
-      NEW_DNS_SUM=`md5sum ${UPSTREAM_DNS_TMP_SORTED} | awk '{print $1}'`
-      CURRENT_DNS_SUM=`md5sum ${CURRENT_UPSTREAM_DNS_SORTED} | awk '{print $1}'`
-      if [ "${NEW_DNS_SUM}" != "${CURRENT_DNS_SUM}" ]; then
-        # DNS has changed, copy the temp file to the proper location (-Z
-        # sets default selinux context) and set the restart flag
-        cp -Z $UPSTREAM_DNS_TMP $UPSTREAM_DNS
-        NEEDS_RESTART=1
-      fi
-      # compare /etc/origin/node/resolv.conf checksum and replace it if different
-      NEW_NODE_RESOLV_CONF_MD5=`md5sum ${NEW_NODE_RESOLV_CONF}`
-      OLD_NODE_RESOLV_CONF_MD5=`md5sum /etc/origin/node/resolv.conf`
-      if [ "${NEW_NODE_RESOLV_CONF_MD5}" != "${OLD_NODE_RESOLV_CONF_MD5}" ]; then
-        cp -Z $NEW_NODE_RESOLV_CONF /etc/origin/node/resolv.conf
-      fi
-    fi
-
-    if ! `systemctl -q is-active dnsmasq.service`; then
-      NEEDS_RESTART=1
-    fi
-
-    ######################################################################
-    if [ "${NEEDS_RESTART}" -eq "1" ]; then
-      systemctl restart dnsmasq
-    fi
-
-    # Only if dnsmasq is running properly make it our only nameserver and place
-    # a watermark on /etc/resolv.conf
-    if `systemctl -q is-active dnsmasq.service`; then
-      if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then
-          echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF}
-      fi
-      sed -e '/^nameserver.*$/d' /etc/resolv.conf >> ${NEW_RESOLV_CONF}
-      echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF}
-      if ! grep -qw search ${NEW_RESOLV_CONF}; then
-        echo 'search cluster.local' >> ${NEW_RESOLV_CONF}
-      elif ! grep -q 'search cluster.local' ${NEW_RESOLV_CONF}; then
-        # cluster.local should be in first three DNS names so that glibc resolver would work
-        sed -i -e 's/^search[[:blank:]]\(.\+\)\( cluster\.local\)\{0,1\}$/search cluster.local \1/' ${NEW_RESOLV_CONF}
-      fi
-      cp -Z ${NEW_RESOLV_CONF} /etc/resolv.conf
-    fi
-  fi
-
-  # Clean up after yourself
-  rm -f $UPSTREAM_DNS_TMP $UPSTREAM_DNS_TMP_SORTED $CURRENT_UPSTREAM_DNS_SORTED $NEW_RESOLV_CONF
-fi

roles/openshift_node40/files/openshift-node

@@ -1,18 +0,0 @@
-#!/bin/sh
-
-# This launches the Kubelet by converting the node configuration into kube flags.
-
-set -euo pipefail
-
-if ! [[ -f /etc/origin/node/client-ca.crt ]]; then
-  if [[ -f /etc/origin/node/bootstrap.kubeconfig ]]; then
-    oc config --config=/etc/origin/node/bootstrap.kubeconfig view --raw --minify -o go-template='{{ index .clusters 0 "cluster" "certificate-authority-data" }}' | base64 -d - > /etc/origin/node/client-ca.crt
-  fi
-fi
-config=/etc/origin/node/bootstrap-node-config.yaml
-# TODO: remove when dynamic kubelet config is delivered
-if [[ -f /etc/origin/node/node-config.yaml ]]; then
-  config=/etc/origin/node/node-config.yaml
-fi
-flags=$( /usr/bin/openshift-node-config "--config=${config}" )
-eval "exec /usr/bin/hyperkube kubelet --v=${DEBUG_LOGLEVEL:-2} ${flags}"

roles/openshift_node40/handlers/main.yml

@@ -1,20 +0,0 @@
----
-- name: reload systemd units
-  command: systemctl daemon-reload
-  when:
-  - (not skip_node_svc_handlers | default(False) | bool)
-
-- name: restart NetworkManager
-  systemd:
-    name: NetworkManager
-    state: restarted
-    enabled: True
-  when:
-  - (not skip_node_svc_handlers | default(False) | bool)
-
-- name: restart dnsmasq
-  systemd:
-    name: dnsmasq
-    state: restarted
-  when:
-  - (not skip_node_svc_handlers | default(False) | bool)

roles/openshift_node40/tasks/aws.yml

@@ -1,19 +0,0 @@
----
-- name: Configure AWS Cloud Provider Settings
-  lineinfile:
-    dest: /etc/kubernetes/kubelet-env
-    regexp: "{{ item.regex }}"
-    line: "{{ item.line }}"
-    create: true
-  with_items:
-    - regex: '^AWS_ACCESS_KEY_ID='
-      line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key | default('') }}"
-    - regex: '^AWS_SECRET_ACCESS_KEY='
-      line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key | default('') }}"
-  register: sys_env_update
-  no_log: True
-  when:
-    - openshift_cloudprovider_kind is defined
-    - openshift_cloudprovider_kind == 'aws'
-    - openshift_cloudprovider_aws_access_key is defined
-    - openshift_cloudprovider_aws_secret_key is defined

roles/openshift_node40/tasks/bootkube_config.yml

@@ -1,32 +0,0 @@
----
-- name: parse ignition file
-  parse_ignition:
-    ign_file_contents: "{{ openshift_bootkube_ign_contents }}"
-  register: l_parse_ignition_boot_kube_res
-
-- import_tasks: create_files_from_ignition.yml
-  vars:
-    l_parse_ignition_dict: "{{ l_parse_ignition_boot_kube_res }}"
-
-#### Disable SWAP #####
-# https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory
-# swapoff is a custom module in lib_utils that comments out swap entries in
-# /etc/fstab and runs swapoff -a, if necessary.
-- name: Disable swap
-  swapoff: {}
-  when: openshift_disable_swap | default(true) | bool
-
-# The atomic-openshift-node service will set this parameter on
-# startup, but if the network service is restarted this setting is
-# lost. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1372388
-- sysctl:
-    name: net.ipv4.ip_forward
-    value: 1
-    sysctl_file: "/etc/sysctl.d/99-openshift.conf"
-    reload: yes
-
-- name: Setting sebool container_manage_cgroup
-  seboolean:
-    name: container_manage_cgroup
-    state: yes
-    persistent: yes

roles/openshift_node40/tasks/config.yml

@@ -16,6 +16,7 @@
 - debug:
     var: ign_contents
 
+# parse_ignition is a custom module in lib_utils
 - name: parse ignition file
   parse_ignition:
     ign_file_contents: "{{ ign_contents }}"

roles/openshift_node40/templates/bootstrap.yml.j2

@@ -1,69 +0,0 @@
-{% raw -%}
-#!/usr/bin/ansible-playbook
----
-- hosts: localhost
-  gather_facts: yes
-  vars:
-    origin_dns:
-      file: /etc/dnsmasq.d/origin-dns.conf
-      lines:
-      - regex: ^listen-address
-        state: present
-        line: "listen-address={{ ansible_default_ipv4.address }}"
-
-  tasks:
-  - include_vars: openshift_settings.yaml
-
-  - name: set the data for origin_dns
-    lineinfile:
-      create: yes
-      state: "{{ item.state | default('present') }}"
-      insertafter: "{{ item.after | default(omit) }}"
-      path: "{{ origin_dns.file }}"
-      regexp: "{{ item.regex }}"
-      line: "{{ item.line | default(omit)}}"
-    with_items: "{{ origin_dns.lines }}"
-
-  - when:
-    - openshift_node_config_name is defined
-    - openshift_node_config_name != ''
-    block:
-    - name: determine the openshift_service_type
-      stat:
-        path: /etc/sysconfig/atomic-openshift-node
-        get_checksum: false
-        get_attributes: false
-        get_mime: false
-      register: service_type_results
-
-    - name: set openshift_service_type fact based on stat results
-      set_fact:
-        openshift_service_type: "{{ service_type_results.stat.exists | ternary('atomic-openshift', 'origin') }}"
-
-    - name: update the sysconfig to have necessary variables
-      lineinfile:
-        dest: "/etc/sysconfig/{{ openshift_service_type }}-node"
-        line: "{{ item.line }}"
-        regexp: "{{ item.regexp }}"
-      with_items:
-      - line: "BOOTSTRAP_CONFIG_NAME={{ openshift_node_config_name }}"
-        regexp: "^BOOTSTRAP_CONFIG_NAME=.*"
-{% endraw %}
-
-{% if openshift_cloudprovider_kind | default('') == 'aws' %}
-  # need to update aws.conf file if the instance has come up in a new region
-  - name: set up aws.conf
-    block:
-    - name: get current AZ
-      uri:
-        url: http://169.254.169.254/latest/meta-data/placement/availability-zone
-        return_content: yes
-      register: aws_out
-
-    - name: set AZ in aws.conf
-      ini_file:
-        path: /etc/origin/cloudprovider/aws.conf
-        section: Global
-        option: Zone
-        value: "{% raw %}{{ aws_out.content }}{% endraw %}"
-{% endif %}

roles/openshift_node40/templates/multipath.conf.j2

@@ -1,20 +0,0 @@
-# LIO iSCSI
-# TODO: Add env variables for tweaking
-devices {
-        device {
-                vendor "LIO-ORG"
-                user_friendly_names "yes" 
-                path_grouping_policy "failover"
-                path_selector "round-robin 0"
-                failback immediate
-                path_checker "tur"
-                prio "alua"
-                no_path_retry 120
-                rr_weight "uniform"
-        }
-}
-defaults {
-	user_friendly_names yes
-	find_multipaths yes
-}
-

roles/openshift_node40/templates/node.service.j2

@@ -1,26 +0,0 @@
-[Unit]
-Description=OpenShift Node
-After={{ openshift_docker_service_name }}.service
-After=chronyd.service
-After=ntpd.service
-Wants={{ openshift_docker_service_name }}.service
-Documentation=https://github.com/openshift/origin
-Wants=dnsmasq.service
-After=dnsmasq.service
-{% if openshift_use_crio | bool %}Wants=cri-o.service{% endif %}
-
-[Service]
-Type=notify
-EnvironmentFile=/etc/sysconfig/{{ openshift_service_type }}-node
-ExecStart=/usr/local/bin/openshift-node
-LimitNOFILE=65536
-LimitCORE=infinity
-WorkingDirectory=/var/lib/origin/
-SyslogIdentifier={{ openshift_service_type }}-node
-Restart=always
-RestartSec=5s
-TimeoutStartSec=300
-OOMScoreAdjust=-999
-
-[Install]
-WantedBy=multi-user.target

roles/openshift_node40/templates/origin-dns.conf.j2

@@ -1,17 +0,0 @@
-no-resolv
-domain-needed
-{% if openshift_node_dnsmasq_no_negcache %}
-no-negcache
-{% else %}
-neg-ttl={{ openshift_node_dnsmasq_neg_ttl }}
-{% endif %}
-max-cache-ttl=1
-enable-dbus
-dns-forward-max=10000
-cache-size=10000
-bind-dynamic
-min-port=1024
-{% for interface in openshift_node_dnsmasq_except_interfaces %}
-except-interface={{ interface }}
-{% endfor %}
-# End of config