csa/devops/ansible-patches/openshift.git/playbooks/openshift-node, branch ands Unnamed repository; edit this file 'description' to name the repository. Merge pull request #6926 from abutcher/etcd-ca-host 2018-02-09T00:44:21+00:00 Scott Dodson sdodson@redhat.com 2018-02-09T00:44:21+00:00 3489d4f75fd2773f5fa5a684b82bf8ca44f1fa02 Determine which host is the etcd CA host 
Determine which host is the etcd CA host
 Add base package installation to upgrade playbooks 2018-02-07T16:16:55+00:00 Russell Teague rteague@redhat.com 2018-02-05T20:32:55+00:00 b683605bd97a798589000d32d1b9ea15bf75666d Hosts will need python ipaddress module installed if it was not installed during initial installation. Bug 1540537 https://bugzilla.redhat.com/show_bug.cgi?id=1540537 
Hosts will need python ipaddress module installed if it was not
installed during initial installation.

Bug 1540537
https://bugzilla.redhat.com/show_bug.cgi?id=1540537
Determine which etcd host is the etcd_ca_host rather than assume it is the first host in the etcd host group. 2018-02-01T21:57:43+00:00 Andrew Butcher abutcher@redhat.com 2018-01-29T20:29:33+00:00 76bbd06963b474237925b97893c2403b3feba496 






Don't restart docker when re-deploying node certificates
2018-01-24T17:44:37+00:00

Scott Dodson
sdodson@redhat.com

2018-01-24T17:43:20+00:00

dc6173e7bfa4170106b558b124c54ff26cdc8228

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1537726





Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1537726







Fix master scaleup play
2018-01-19T23:24:58+00:00

Michael Gugino
mgugino@redhat.com

2018-01-19T17:43:44+00:00

682ddb8744af07939c39699f223cc6455bdece01

Allow playbooks/openshift-master/scaleup.yml to call
prerequisites.yml at the proper time.

Related-to: https://github.com/openshift/openshift-ansible/pull/6784





Allow playbooks/openshift-master/scaleup.yml to call
prerequisites.yml at the proper time.

Related-to: https://github.com/openshift/openshift-ansible/pull/6784







Fix node scaleup plays
2018-01-18T21:26:50+00:00

Michael Gugino
mgugino@redhat.com

2018-01-18T20:12:35+00:00

6646d0275739585f5c1ad59e6b27c01fbc374e02

Currently, users have no way to run preqrequisites.yml
on just newly added nodes during scaleup.

This commit ensures only the new nodes are changed during
scaleup as well as ensure prerequisites are run.





Currently, users have no way to run preqrequisites.yml
on just newly added nodes during scaleup.

This commit ensures only the new nodes are changed during
scaleup as well as ensure prerequisites are run.







Remove become statements
2018-01-09T19:56:54+00:00

Michael Gugino
mgugino@redhat.com

2018-01-09T19:11:16+00:00

3b07acdcd41e215dedc4d4c7c7303b807e59333d

This commit removes become:no statements that break
the installer in various ways.





This commit removes become:no statements that break
the installer in various ways.







Merge pull request #6549 from mgugino-upstream-stage/node-meta-depends2
2018-01-08T19:22:35+00:00

OpenShift Merge Robot
openshift-merge-robot@users.noreply.github.com

2018-01-08T19:22:35+00:00

f820b59003dc703886d20d9c702f370a9c7ede64

Automatic merge from submit-queue.

Remove last of openshift_node role meta-depends

Remove last non-taskless meta-depends from
openshift_node role.




Automatic merge from submit-queue.

Remove last of openshift_node role meta-depends

Remove last non-taskless meta-depends from
openshift_node role.






Contiv multi-master and other fixes
2018-01-07T20:44:35+00:00

Nick Bartos
flamingo@2thebatcave.com

2017-12-05T04:02:52+00:00

6daf71565fd69e9ddb2ac20e787d49f74cf7a9d7

Contiv's etcd was not being deployed correctly when using more than
one master.  To make it easier to manage, it has been moved into a
k8s container.

The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error.  This has been moved into
a k8s container for easier management.

The firewall was too permissive on several ports.  Many were open to
the world when they should have only been accessible inside the
cluster.

Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role.  Now all the
contiv specific role variables start with 'contiv_'.

The api proxy's default self-signed certificate was bundled with the
role.  This means someone with read-only MITM access and this key
could decrypt traffic.  Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.





Contiv's etcd was not being deployed correctly when using more than
one master.  To make it easier to manage, it has been moved into a
k8s container.

The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error.  This has been moved into
a k8s container for easier management.

The firewall was too permissive on several ports.  Many were open to
the world when they should have only been accessible inside the
cluster.

Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role.  Now all the
contiv specific role variables start with 'contiv_'.

The api proxy's default self-signed certificate was bundled with the
role.  This means someone with read-only MITM access and this key
could decrypt traffic.  Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.







Migrate to import_role for static role inclusion
2018-01-05T17:44:56+00:00

Scott Dodson
sdodson@redhat.com

2018-01-05T17:44:56+00:00

eacc12897ca86a255f89b8a4537ce2b7004cf319

In Ansible 2.2, the include_role directive came into existence as
a Tech Preview. It is still a Tech Preview through Ansible 2.4
(and in current devel branch), but with a noteable change. The
default behavior switched from static: true to static: false
because that functionality moved to the newly introduced
import_role directive (in order to stay consistent with include*
being dynamic in nature and `import* being static in nature).

The dynamic include is considerably more memory intensive as it will
dynamically create a role import for every host in the inventory
list to be used. (Also worth noting, there is at the time of this
writing an object allocation inefficiency in the dynamic include
that can in certain situations amplify this effect considerably)

This change is meant to mitigate the pressure on memory for the
Ansible control host.

We need to evaluate where it makes sense to dynamically include roles
and revert back to dynamic inclusion if and where it makes sense to do
so.





In Ansible 2.2, the include_role directive came into existence as
a Tech Preview. It is still a Tech Preview through Ansible 2.4
(and in current devel branch), but with a noteable change. The
default behavior switched from static: true to static: false
because that functionality moved to the newly introduced
import_role directive (in order to stay consistent with include*
being dynamic in nature and `import* being static in nature).

The dynamic include is considerably more memory intensive as it will
dynamically create a role import for every host in the inventory
list to be used. (Also worth noting, there is at the time of this
writing an object allocation inefficiency in the dynamic include
that can in certain situations amplify this effect considerably)

This change is meant to mitigate the pressure on memory for the
Ansible control host.

We need to evaluate where it makes sense to dynamically include roles
and revert back to dynamic inclusion if and where it makes sense to do
so.