Merge pull request #10958 from vrutkovs/devel-40-mco-once

Use MCO --once-from instead of custom ansible module

playbooks/deploy_cluster_40.yml

@@ -32,12 +32,6 @@
   - import_role:
       name: openshift_node40
       tasks_from: config.yml
-  - import_role:
-      name: openshift_node40
-      tasks_from: systemd.yml
-    vars:
-      excluded_services:
-      - progress.service
   - name: Wait for MCS endpoint to show up
     uri:
       url: "{{ mcd_endpoint }}/config/master"
@@ -83,15 +77,12 @@
     until:
     - "'status' in result"
     - result.status == 200
-  - import_role:
-      name: openshift_node40
-      tasks_from: config.yml
   - name: Make sure etcd user exists
     user:
       name: etcd
   - import_role:
       name: openshift_node40
-      tasks_from: systemd.yml
+      tasks_from: config.yml
 
 - name: Start workers
   hosts: workers
@@ -109,9 +100,6 @@
   - import_role:
       name: openshift_node40
       tasks_from: config.yml
-  - import_role:
-      name: openshift_node40
-      tasks_from: systemd.yml
 
 - name: Wait for nodes to become ready
   hosts: bootstrap

playbooks/init/base_packages.yml

@@ -37,6 +37,7 @@
       - libsemanage-python
       - yum-utils
       - "{{ 'python3-docker' if ansible_distribution == 'Fedora' else 'python-docker-py' }}"
+      - systemd-journal-gateway
       pkg_list_non_fedora:
       - 'python-ipaddress'
       pkg_list_use_non_fedora: "{{ ansible_distribution != 'Fedora' | bool }}"

playbooks/openshift-node/scaleup.yml

@@ -50,6 +50,3 @@
   - import_role:
       name: openshift_node40
       tasks_from: config.yml
-  - import_role:
-      name: openshift_node40
-      tasks_from: systemd.yml

roles/lib_utils/action_plugins/parse_ignition.py

@@ -1,83 +0,0 @@
-"""Ansible action plugin to decode ignition payloads"""
-
-import base64
-import os
-import six
-from six.moves import urllib
-from ansible.plugins.action import ActionBase
-
-
-# pylint: disable=too-many-function-args
-def get_file_data(encoded_contents):
-    """Decode data URLs as specified in RFC 2397"""
-    # The following source is adapted from Python3 source
-    # License: https://github.com/python/cpython/blob/3.7/LICENSE
-    # retrieved from: https://github.com/python/cpython/blob/3.7/Lib/urllib/request.py
-    _, data = encoded_contents.split(":", 1)
-    mediatype, data = data.split(",", 1)
-
-    # even base64 encoded data URLs might be quoted so unquote in any case:
-    data = urllib.parse.unquote(data)
-    if mediatype.endswith(";base64"):
-        data = base64.b64decode(data).decode('utf-8')
-        mediatype = mediatype[:-7]
-    # End PSF software
-    return data
-
-
-# pylint: disable=too-many-function-args
-def get_files(files_dict, systemd_dict, dir_list, data):
-    """parse data to populate file_dict"""
-    files = data.get('storage', []).get('files', [])
-    for item in files:
-        path = item["path"]
-        dir_list.add(os.path.dirname(path))
-        # remove prefix "data:,"
-        encoded_contents = item['contents']['source']
-        contents = get_file_data(encoded_contents)
-        # convert from int to octal, padding at least to 4 places.
-        # eg, 420 becomes '0644'
-        mode = str(format(int(item["mode"]), '04o'))
-        inode = {"contents": contents, "mode": mode}
-        files_dict[path] = inode
-    # get the systemd units files we're here
-    systemd_units = data.get('systemd', []).get('units', [])
-    for item in systemd_units:
-        contents = item['contents']
-        if six.PY2:
-            # pylint: disable=redefined-variable-type
-            contents = contents.decode('unicode-escape')
-        mode = "0644"
-        inode = {"contents": contents, "mode": mode}
-        name = item['name']
-        path = '/etc/systemd/system/' + name
-        dir_list.add(os.path.dirname(path))
-        files_dict[path] = inode
-        enabled = item.get('enabled') or True
-        systemd_dict[name] = enabled
-
-
-# pylint: disable=too-few-public-methods
-class ActionModule(ActionBase):
-    """ActionModule for parse_ignition.py"""
-
-    def run(self, tmp=None, task_vars=None):
-        """Run parse_ignition action plugin"""
-        result = super(ActionModule, self).run(tmp, task_vars)
-        result["changed"] = False
-        result["failed"] = False
-        result["msg"] = "Parsed successfully"
-        files_dict = {}
-        systemd_dict = {}
-        dir_list = set()
-        result["files_dict"] = files_dict
-        result["systemd_dict"] = systemd_dict
-
-        # self.task_vars holds all in-scope variables.
-        # Ignore settting self.task_vars outside of init.
-        # pylint: disable=W0201
-        self.task_vars = task_vars or {}
-        ign_file_contents = self._task.args.get('ign_file_contents')
-        get_files(files_dict, systemd_dict, dir_list, ign_file_contents)
-        result["dir_list"] = list(dir_list)
-        return result

roles/lib_utils/test/test_parse_ignition.py

@@ -1,66 +0,0 @@
-'''
- Unit tests for wildcard
-'''
-import json
-import os
-import sys
-
-MODULE_PATH = os.path.realpath(os.path.join(__file__, os.pardir, os.pardir, 'action_plugins'))
-sys.path.insert(0, MODULE_PATH)
-ASSET_PATH = os.path.realpath(os.path.join(__file__, os.pardir, 'test_data'))
-
-# pylint: disable=import-error,wrong-import-position,missing-docstring
-import parse_ignition  # noqa: E402
-
-
-def read_ign(path):
-    with open(path) as ign_in:
-        data = json.loads(ign_in.read())
-    return data
-
-
-def write_out_files(files_dict):
-    for path in files_dict:
-        with open('/tmp/bsoutput/' + path.replace('/', '__'), 'w') as fpath:
-            fpath.write(files_dict[path]['contents'])
-
-
-def test_parse_json():
-    ign_data = read_ign(os.path.join(ASSET_PATH, 'example.ign.json'))
-    files_dict = {}
-    systemd_dict = {}
-    dir_list = set()
-    result = {}
-    result['files_dict'] = files_dict
-    result['systemd_dict'] = systemd_dict
-    parse_ignition.get_files(files_dict, systemd_dict, dir_list, ign_data)
-
-
-def test_parse_json_encoded_files():
-    ign_data = read_ign(os.path.join(ASSET_PATH, 'bootstrap.ign.json'))
-    files_dict = {}
-    systemd_dict = {}
-    dir_list = set()
-    result = {}
-    result['files_dict'] = files_dict
-    result['systemd_dict'] = systemd_dict
-    parse_ignition.get_files(files_dict, systemd_dict, dir_list, ign_data)
-    # print(files_dict['/opt/tectonic/manifests/cluster-config.yaml']['contents'])
-
-
-def parse_json2():
-    ign_data = read_ign(os.path.join(ASSET_PATH, 'bs.ign.json'))
-    files_dict = {}
-    systemd_dict = {}
-    dir_list = set()
-    result = {}
-    result['files_dict'] = files_dict
-    result['systemd_dict'] = systemd_dict
-    parse_ignition.get_files(files_dict, systemd_dict, dir_list, ign_data)
-    write_out_files(files_dict)
-
-
-if __name__ == '__main__':
-    test_parse_json()
-    test_parse_json_encoded_files()
-    parse_json2()

roles/openshift_node40/defaults/main.yml

@@ -1 +1,5 @@
 ---
+openshift_release_image: "registry.svc.ci.openshift.org/openshift/origin-release:v4.0"
+ign_file: "/tmp/bootstrap.ign"
+pull_secret: "{{ files_dir }}/pull-secret"
+tls_verify: false

roles/openshift_node40/tasks/config.yml

@@ -1,31 +1,4 @@
 ---
-- name: get worker ignition file
-  command: >
-    curl -k {{ openshift_bootstrap_endpoint }}
-  register: l_worker_bootstrap
-  when: openshift_bootstrap_endpoint is defined
-
-- set_fact:
-    ign_contents: "{{ l_worker_bootstrap.stdout }}"
-  when: openshift_bootstrap_endpoint is defined
-
-- set_fact:
-    ign_contents: "{{ lookup('file', openshift_ignition_file_path) }}"
-  when: openshift_ignition_file_path is defined
-
-- debug:
-    var: ign_contents
-
-# parse_ignition is a custom module in lib_utils
-- name: parse ignition file
-  parse_ignition:
-    ign_file_contents: "{{ ign_contents }}"
-  register: l_parse_ignition_res
-
-- import_tasks: create_files_from_ignition.yml
-  vars:
-    l_parse_ignition_dict: "{{ l_parse_ignition_res }}"
-
 #### Disable SWAP #####
 # https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory
 # swapoff is a custom module in lib_utils that comments out swap entries in
@@ -48,3 +21,54 @@
     name: container_manage_cgroup
     state: yes
     persistent: yes
+
+- name: create temp directory
+  command: mktemp -d /tmp/openshift-ansible-XXXXXXX
+  register: mktemp
+  changed_when: False
+
+- name: Copy pull secret in the directory
+  copy:
+    src: "{{ pull_secret }}"
+    dest: "{{ mktemp.stdout }}/pull-secret.json"
+
+- name: Pull release image
+  command: "podman pull --tls-verify={{ tls_verify }} --authfile {{ mktemp.stdout }}/pull-secret.json {{ openshift_release_image }}"
+
+- name: Get machine controller daemon image from release image
+  command: "podman run --rm {{ openshift_release_image }} image machine-config-daemon"
+  register: release_image_mcd
+
+- name: Copy bootstrap ignition file locally
+  copy:
+    src: "{{ openshift_ignition_file_path }}"
+    dest: "{{ ign_file }}"
+  when: openshift_ignition_file_path is defined
+
+- name: Fetch bootstrap ignition file locally
+  uri:
+    url: "{{ openshift_bootstrap_endpoint }}"
+    dest: "{{ ign_file }}"
+    validate_certs: false
+  when: openshift_bootstrap_endpoint is defined
+
+- block:
+  - name: Pull MCD image
+    command: "podman pull --tls-verify={{ tls_verify }} --authfile {{ mktemp.stdout }}/pull-secret.json {{ release_image_mcd.stdout }}"
+
+  - name: Apply ignition manifest
+    command: "podman run {{ podman_mounts }} {{ podman_flags }} {{ mcd_command }}"
+    vars:
+      podman_flags: "--privileged --rm -ti {{ release_image_mcd.stdout }}"
+      podman_mounts: "-v /:/rootfs -v /var/run/dbus:/var/run/dbus -v /run/systemd:/run/systemd"
+      mcd_command: "start --node-name {{ ansible_hostname }} --once-from {{ ign_file }}"
+    # MCD reboots the machine
+    ignore_unreachable: true
+  # Wait for the host to come back and reset 'unreachable' status
+  - wait_for_connection: {}
+  # Clear unreachable status
+  - name: clear any host unreachable error messages.
+    meta: clear_host_errors
+  rescue:
+  - fail:
+      msg: "Ignition apply failed, {{ mcd_apply.stdout }}"

roles/openshift_node40/tasks/create_files_from_ignition.yml

@@ -1,16 +0,0 @@
----
-- name: Create all the directories we will need
-  file:
-    path: "{{ item }}"
-    state: directory
-  with_items: "{{ l_parse_ignition_dict.dir_list }}"
-
-- name: create files from ignition contents
-  copy:
-    content: "{{ item.value.contents }}"
-    dest: "{{ item.key }}"
-    mode: "{{ l_file_mode }}"
-  with_dict: "{{ l_parse_ignition_dict.files_dict }}"
-  vars:
-    l_mode_prepend: "{{ '0' if (item.value.mode | length < 4) else '' }}"
-    l_file_mode: "{{ l_mode_prepend ~ item.value.mode }}"

roles/openshift_node40/tasks/systemd.yml

@@ -1,15 +0,0 @@
----
-
-- name: daemon reload
-  systemd:
-    daemon_reload: yes
-
-# dictionary of kv pairs, servicename: enabled, eg:
-# {'kubernetes': "true"}
-- name: Start and enable services
-  systemd:
-    name: "{{ item.key }}"
-    state: "{{ 'restarted' if (item.value | bool) else 'stopped' }}"
-    enabled: "{{ item.value | bool }}"
-  with_dict: "{{ l_parse_ignition_res.systemd_dict }}"
-  when: item.key not in excluded_services | default([])