diff --git a/ansible/group_vars/all/oas.yml b/ansible/group_vars/all/oas.yml
index 0f3808e827afa014ef6632aa5b28cba8fb605bae..77ee8c694a7b2bb622d099c784e7f25f9f99f014 100644
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -57,3 +57,8 @@ cert_manager:
prometheus:
crd_version: 'v0.34.0'
+
+# Let the auto-update mechanism (flux) follow a cluster-local git repo,
+# not one hosted on open.greenhost.net.
+# Currently needed in order to deploy OAS applications.
+local_flux: true
diff --git a/ansible/roles/apps/tasks/cert-manager.yml b/ansible/roles/apps/tasks/cert-manager.yml
index 6ad32349443ae3d59ff40a76d2690f54395cd054..73757a6fcdbd05d161cb87b614b6d9ecbec6ed1d 100644
--- a/ansible/roles/apps/tasks/cert-manager.yml
+++ b/ansible/roles/apps/tasks/cert-manager.yml
@@ -50,13 +50,8 @@
- config
- flux
- cert-manager
- k8s:
- state: present
- definition:
- api_version: v1
- kind: Secret
- metadata:
- namespace: "oas"
- name: "cert-manager-settings"
- data:
- values.yaml: "{{ lookup('template','cert-manager-values.yaml') | b64encode }}"
+ vars:
+ flux:
+ name: "cert-manager-settings"
+ namespace: "oas"
+ include_tasks: flux_secret.yml
diff --git a/ansible/roles/apps/tasks/flux_secret.yml b/ansible/roles/apps/tasks/flux_secret.yml
new file mode 100644
index 0000000000000000000000000000000000000000..23cac6b5b1c7b9098bf4480c4f7163f157def45a
--- /dev/null
+++ b/ansible/roles/apps/tasks/flux_secret.yml
@@ -0,0 +1,16 @@
+---
+- name: Create Kubernetes secret with app settings
+ tags:
+ - config
+ - flux
+ - secret
+ k8s:
+ state: present
+ definition:
+ api_version: v1
+ kind: Secret
+ metadata:
+ namespace: "{{ flux.namespace | default('oas-apps') }}"
+ name: "{{ flux.name }}"
+ data:
+ values.yaml: "{{ lookup('template','{{ flux.name }}.yaml') | b64encode }}"
diff --git a/ansible/roles/apps/tasks/local-storage.yml b/ansible/roles/apps/tasks/local-storage.yml
index 8b01f5bf0a5d8ac7f6d797325c917163f30b6b6c..99b67ed82409459696fe30c40b0cbb394619de73 100644
--- a/ansible/roles/apps/tasks/local-storage.yml
+++ b/ansible/roles/apps/tasks/local-storage.yml
@@ -1,17 +1,11 @@
---
-
-- name: Create Kubernetes secret with local-storage values
+- name: Create Kubernetes secret with local-storage settings
tags:
- config
- flux
- local-storage
- k8s:
- state: present
- definition:
- api_version: v1
- kind: Secret
- metadata:
- namespace: "oas"
- name: "local-storage-settings"
- data:
- values.yaml: "{{ lookup('template','local-storage-values.yaml') | b64encode }}"
+ vars:
+ flux:
+ name: "local-storage-settings"
+ namespace: "oas"
+ include_tasks: flux_secret.yml
diff --git a/ansible/roles/apps/tasks/nextcloud.yml b/ansible/roles/apps/tasks/nextcloud.yml
index af3bdc5788ede5c437acb4f1ec05cac436020ab9..3ecf26ee46f15f530c140e07bd8bfc9c8e300d47 100644
--- a/ansible/roles/apps/tasks/nextcloud.yml
+++ b/ansible/roles/apps/tasks/nextcloud.yml
@@ -1,17 +1,11 @@
---
-- name: Create Kubernetes secret with NextCloud settings
+- name: Create Kubernetes secret with nextcloud settings
tags:
- config
- flux
- nextcloud
- k8s:
- state: present
- definition:
- api_version: v1
- kind: Secret
- metadata:
- namespace: "oas-apps"
- name: "nextcloud-settings"
- data:
- values.yaml: "{{ lookup('template','nextcloud-values.yaml') | b64encode }}"
+ vars:
+ flux:
+ name: "nextcloud-settings"
+ include_tasks: flux_secret.yml
diff --git a/ansible/roles/apps/tasks/nginx.yml b/ansible/roles/apps/tasks/nginx.yml
index a84dd71746cb6727dac73ae062baf57b25d7dad8..4e4f75bc6cbd626e618775457256dc88d4828192 100644
--- a/ansible/roles/apps/tasks/nginx.yml
+++ b/ansible/roles/apps/tasks/nginx.yml
@@ -5,13 +5,8 @@
- config
- flux
- nginx
- k8s:
- state: present
- definition:
- api_version: v1
- kind: Secret
- metadata:
- namespace: "oas"
- name: "ingress-settings"
- data:
- values.yaml: "{{ lookup('template','ingress-values.yaml') | b64encode }}"
+ vars:
+ flux:
+ name: "ingress-settings"
+ namespace: "oas"
+ include_tasks: flux_secret.yml
diff --git a/ansible/roles/apps/tasks/prometheus.yml b/ansible/roles/apps/tasks/prometheus.yml
index 9866fa72611a751a0552d8d0d13f2d08db00ef97..2e2ef3987bb436803d0130df918b002116003c32 100644
--- a/ansible/roles/apps/tasks/prometheus.yml
+++ b/ansible/roles/apps/tasks/prometheus.yml
@@ -37,13 +37,8 @@
- flux
- monitoring
- prometheus
- k8s:
- state: present
- definition:
- api_version: v1
- kind: Secret
- metadata:
- namespace: "oas"
- name: "monitoring-settings"
- data:
- values.yaml: "{{ lookup('template','monitoring-values.yaml') | b64encode }}"
+ vars:
+ flux:
+ name: "monitoring-settings"
+ namespace: "oas"
+ include_tasks: flux_secret.yml
diff --git a/ansible/roles/apps/templates/cert-manager-values.yaml b/ansible/roles/apps/templates/cert-manager-settings.yaml
similarity index 100%
rename from ansible/roles/apps/templates/cert-manager-values.yaml
rename to ansible/roles/apps/templates/cert-manager-settings.yaml
diff --git a/ansible/roles/apps/templates/ingress-values.yaml b/ansible/roles/apps/templates/ingress-settings.yaml
similarity index 100%
rename from ansible/roles/apps/templates/ingress-values.yaml
rename to ansible/roles/apps/templates/ingress-settings.yaml
diff --git a/ansible/roles/apps/templates/local-storage-values.yaml b/ansible/roles/apps/templates/local-storage-settings.yaml
similarity index 100%
rename from ansible/roles/apps/templates/local-storage-values.yaml
rename to ansible/roles/apps/templates/local-storage-settings.yaml
diff --git a/ansible/roles/apps/templates/monitoring-values.yaml b/ansible/roles/apps/templates/monitoring-settings.yaml
similarity index 100%
rename from ansible/roles/apps/templates/monitoring-values.yaml
rename to ansible/roles/apps/templates/monitoring-settings.yaml
diff --git a/ansible/roles/apps/templates/nextcloud-values.yaml b/ansible/roles/apps/templates/nextcloud-settings.yaml
similarity index 100%
rename from ansible/roles/apps/templates/nextcloud-values.yaml
rename to ansible/roles/apps/templates/nextcloud-settings.yaml
diff --git a/ansible/roles/local-flux/defaults/main.yml b/ansible/roles/local-flux/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..066d0e6268aba83bd545c43b4c7aeee43af203cd
--- /dev/null
+++ b/ansible/roles/local-flux/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+repo: "/var/lib/OpenAppStack/local-flux"
diff --git a/ansible/roles/local-flux/tasks/main.yml b/ansible/roles/local-flux/tasks/main.yml
index 4bf719ff6a91e77be5a29e5a8d5616593fb10a93..158b5b747e09410b92fe3b4a5e1cf13cc760607d 100644
--- a/ansible/roles/local-flux/tasks/main.yml
+++ b/ansible/roles/local-flux/tasks/main.yml
@@ -1,72 +1,67 @@
---
-- block:
-
- - name: Copy HelmRelease files to server's local flux repo
- tags:
- - flux
- copy:
- src: "../../../flux/"
- dest: "{{ repo }}"
- register: helmreleases
- become: true
+- name: Copy HelmRelease files to server's local flux repo
+ tags:
+ - flux
+ copy:
+ src: "../../../flux/"
+ dest: "{{ repo }}"
+ register: helmreleases
+ become: true
- - name: Create local flux repo
- tags:
- - flux
- command: git init "{{ repo }}"
- args:
- creates: "{{ repo }}/.git"
- become: true
+- name: Create local flux repo
+ tags:
+ - flux
+ command: git init "{{ repo }}"
+ args:
+ creates: "{{ repo }}/.git"
+ become: true
- - name: Enable post-update hook in local flux repo
- tags:
- - flux
- copy:
- src: "git-hook.sh"
- dest: "{{ repo }}/.git/hooks/{{ item }}"
- mode: "0755"
- with_items:
- - "post-update"
- - "post-commit"
- become: true
+- name: Enable post-update hook in local flux repo
+ tags:
+ - flux
+ copy:
+ src: "git-hook.sh"
+ dest: "{{ repo }}/.git/hooks/{{ item }}"
+ mode: "0755"
+ with_items:
+ - "post-update"
+ - "post-commit"
+ become: true
- - name: Add HelmRelease files to local flux commit
- tags:
- - flux
- shell: git add . && git -c "user.name=OpenAppStack automation" -c "user.email=tech@openappstack.net" commit --allow-empty --author="OpenAppStack automation <>" -m "Local flux via ansible"
- args:
- chdir: "{{ repo }}"
- when: helmreleases.changed
- become: true
+- name: Add HelmRelease files to local flux commit
+ tags:
+ - flux
+ shell: git add . && git -c "user.name=OpenAppStack automation" -c "user.email=tech@openappstack.net" commit --allow-empty --author="OpenAppStack automation <>" -m "Local flux via ansible"
+ args:
+ chdir: "{{ repo }}"
+ when: helmreleases.changed
+ become: true
- - name: Create local-flux helm chart directory
- tags:
- - flux
- file:
- path: "/var/lib/OpenAppStack/source/local-flux/templates"
- state: directory
- become: true
+- name: Create local-flux helm chart directory
+ tags:
+ - flux
+ file:
+ path: "/var/lib/OpenAppStack/source/local-flux/templates"
+ state: directory
+ become: true
- - name: Copy local-flux helm chart to server
- tags:
- - flux
- copy:
- src: "{{ item.file }}"
- dest: "/var/lib/OpenAppStack/source/local-flux/{{ item.subdir }}/{{ item.file }}"
- with_items:
- - file: "nginx.yaml"
- subdir: "templates"
- - file: "values.yaml"
- subdir: "."
- - file: "Chart.yaml"
- subdir: "."
- become: true
+- name: Copy local-flux helm chart to server
+ tags:
+ - flux
+ copy:
+ src: "{{ item.file }}"
+ dest: "/var/lib/OpenAppStack/source/local-flux/{{ item.subdir }}/{{ item.file }}"
+ with_items:
+ - file: "nginx.yaml"
+ subdir: "templates"
+ - file: "values.yaml"
+ subdir: "."
+ - file: "Chart.yaml"
+ subdir: "."
+ become: true
- - name: Install local-flux helm chart
- tags:
- - flux
- shell: helm upgrade --install --namespace=oas local-flux /var/lib/OpenAppStack/source/local-flux
-
- vars:
- repo: "/var/lib/OpenAppStack/local-flux"
+- name: Install local-flux helm chart
+ tags:
+ - flux
+ shell: helm upgrade --install --namespace=oas local-flux /var/lib/OpenAppStack/source/local-flux
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 45bad692c4474b6fa6eac48e6020cf3c3c783b2f..16dd305002f56e59f61606e5c0f56ae68cab0786 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -2,6 +2,14 @@
Note: `cluster$` indicates that the commands should be run as root on your OAS cluster.
+## Upgrading
+
+If you encounter problems when you upgrade your cluster, please make sure first
+to include all potential new values of `ansible/group_vars/all/settings.yml.example`
+to your `clusters/YOUR_CLUSTERNAME/settings.yml`, and rerun the installation
+script.
+
+
## HTTPS Certificates
OAS uses [cert-manager](http://docs.cert-manager.io/en/latest/) to automatically
@@ -34,4 +42,5 @@ If ever things fail beyond possible recovery, here's how to completely purge an
cluster$ apt purge docker-ce-cli containerd.io
cluster$ mount | egrep '^(tmpfs.*kubelet|nsfs.*docker)' | cut -d' ' -f 3 | xargs umount
+ cluster$ systemctl reboot
cluster$ rm -rf /var/lib/docker /var/lib/OpenAppStack /etc/kubernetes /var/lib/etcd /var/lib/rancher /var/lib/kubelet /var/log/OpenAppStack /var/log/containers /var/log/pods
diff --git a/openappstack/cluster.py b/openappstack/cluster.py
index a3927bd8743b01527ccdd53e3db227075569c879..51cf07f4f49b1fbd28d0bfae6677acd08cc9f4a6 100644
--- a/openappstack/cluster.py
+++ b/openappstack/cluster.py
@@ -41,9 +41,6 @@ class Cluster:
self.domain = None
# By default, use Let's Encrypt's live environment
self.acme_staging = False
- # Let the auto-update mechanism (flux) follow a cluster-local git repo,
- # not one hosted on open.greenhost.net.
- self.local_flux = True
# Set this to False if the data needs to be (re)loaded from file
self.data_loaded = False
# Load data from inventory.yml and settings.yml
@@ -150,7 +147,6 @@ class Cluster:
settings['domain'] = self.domain
settings['admin_email'] = 'admin@{0}'.format(self.domain)
settings['acme_staging'] = self.acme_staging
- settings['local_flux'] = self.local_flux
settings['cluster_dir'] = self.cluster_dir
file_contents = yaml.safe_dump(settings, default_flow_style=False)