Merge branch 'master' of /git/ansible

2017-05-11 19:49:36 +00:00 · 2017-05-11 19:49:36 +00:00 · 5dba3f48e1
commit 5dba3f48e1
parent bbe6c25b6f cdc02dafbf
3 changed files with 13 additions and 7 deletions
--- a/playbooks/groups/os-cluster.yml
+++ b/playbooks/groups/os-cluster.yml
@ -61,7 +61,7 @@
        dest: "/etc/hosts"
        owner: root
        mode: 0644
-      
+
    - name: deploy private key to control hosts
      copy:
        src: "{{private}}/files/os/{{env}}/control_key"
@ -104,7 +104,7 @@
        openshift_cluster_infra_group: "os-nodes-stg",
        openshift_auth_profile: "fedoraidp-stg",
        openshift_cluster_url: "{{os_url}}",
-        openshift_master_ha: false,
+        openshift_master_ha: true,
        openshift_debug_level: 2,
        openshift_deployment_type: "openshift-enterprise",
        openshift_cluster_url: "{{ os_url}}",
--- a/roles/ansible-ansible-openshift-ansible/defaults/main.yml
+++ b/roles/ansible-ansible-openshift-ansible/defaults/main.yml
@ -15,7 +15,13 @@ openshift_auth_profile: osbs

 # Do we want OpenShift itself to be containerized?
 #   This is a requirement if using Atomic Host
-openshift_ansible_containerized_deploy: true
+#
+#   As of v3.5.x this would mean that all our systems would completely go down
+#   in the event the docker daemon were to restart or crash.
+#
+#   In the future (as of v3.6 devel branch), this is done with system containers
+#   and won't be bound to the docker daemon.
+openshift_ansible_containerized_deploy: false

 # OpenShift Cluster URL
 #   Example: openshift.fedoraproject.org
--- a/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2
+++ b/roles/ansible-ansible-openshift-ansible/templates/cluster-inventory.j2
@ -147,8 +147,6 @@ openshift_install_examples={{openshift_ansible_install_examples}}
 # Additional yum repos to install
 #openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://example.com/puddle/build/AtomicOpenShift/3.1/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]

-# htpasswd auth
-openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
 # Defining htpasswd users
 #openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'}
 # or
@ -161,11 +159,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 {% endif %}

 {% if openshift_auth_profile == "fedoraidp" %}
-openshift_master_identity_providers=[{"name": "fedoraidp", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "openshift", "client_secret": "{{openshift_client_secret}}", "claims": {"id": ["sub"], "preferredUsername": ["sub"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization", "token": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token"}, "userInfo": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo"}]
+openshift_master_identity_providers=[{"name": "fedoraidp", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "openshift", "client_secret": "{{openshift_client_secret}}", "claims": {"id": ["sub"], "preferredUsername": ["sub"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization", "token": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token", "userInfo": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo"}}]
 {% endif %}

 {% if openshift_auth_profile == "fedoraidp-stg" %}
-openshift_master_identity_providers=[{"name": "fedoraidp", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "openshift", "client_secret": "{{openshift_stg_client_secret}}", "claims": {"id": ["sub"], "preferredUsername": ["sub"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization", "token": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token"}, "userInfo": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo"}]
+openshift_master_identity_providers=[{"name": "fedoraidp", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "openshift", "client_secret": "{{openshift_stg_client_secret}}", "claims": {"id": ["sub"], "preferredUsername": ["sub"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization", "token": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token", "userInfo": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo"}}]
 {% endif %}

 # Allow all auth
@ -213,6 +211,7 @@ openshift_master_identity_providers=[{"name": "fedoraidp", "login": "true", "cha
 # or
 #openshift_master_request_header_ca_file=<path to local ca file to use>

+{% if openshift_master_ha is defined %}
 {% if openshift_master_ha %}
 # Native high availability cluster method with optional load balancer.
 # If no lb group is defined, the installer assumes that a load balancer has
@ -224,6 +223,7 @@ openshift_master_cluster_method=native
 openshift_master_cluster_hostname={{openshift_cluster_url}}
 openshift_master_cluster_public_hostname={{openshift_cluster_url}}
 {% endif %}
+{% endif %}

 # Override the default controller lease ttl
 #osm_controller_lease_ttl=30