| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Make flat sec group to only merge node/master/etcd sec rules.
Add basic dns/ssh sec group and assign it to all but dns node groups.
Assign only dns sec group for dns nodes.
Assign only infra (and basic) sec groups for ingra nodes.
Add security notes for openstack provider.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
* adding crs finished and heketi customizations
* removing some duplicate haproxy files
* fix lint CI issues
* fix more lint CI issues
|
|
|
|
|
|
|
| |
Tune an example ansible.cfg to include
tasks profiling info and improve displaying
of skipped tasks.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
|
|\
| |
| | |
Openstack provider
|
| | |
|
| |
| |
| |
| |
| | |
It's a CASL-specific helper, not necessary for the provisioning
playbooks.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Provision tasks use facts like ansible_hostname and few others.
W/o gathering facts, those expire, and the provision playbook cannot
be reapplied in order to update the existing heat stack.
Refresh the facts cache by specifying gather_facts: true.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
TODO use with
when: ansible_distribution == 'CentOS'
Also update docs for origin
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a openstack_flat_secgroup, defaults to False.
When set, merges sec rules for master, node, etcd, infra nodes into a
single group. Less secure, but might help to mitigate quota limitations.
Update docs. Use timeout 30s to mitigate the error:
Timeout (12s) waiting for privilege escalation prompt.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When `node_ingress_cidr` to limit the IP range for the DNS server, this
can prevent the actual openshift nodes from accessing it as well.
This commit makes the access from the `openstack_subnet_prefix` always
pass through and uses `node_ingress_cidr` for additional
access control.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
We should probably not pollute the role namespace with a name as common
as "common". Moving the pre_task.yml to provisioners/openstack instead.
|
| | |
|
| |
| |
| |
| | |
It's under the GPLv3+ while the rest of the repo is Apache 2.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
They'll live in playbooks/provisioning/openstack from now on.
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This imports the openstack provisioning bits of:
https://github.com/redhat-cop/casl-ansible
taking care to preserve the original history of those files.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Updated to use nsupdate for DNS records
* Updated formatting of dict
* Updating descriptive text
* Support for external DNS config
* Upgrading jinja2 to work correctly with latest templates
* Latest update for nsupdate
* Updated to use nsupdate for DNS records
* Updated formatting of dict
* Updating descriptive text
* Support for external DNS config
* Latest update for nsupdate
* Updated to support external public/private DNS server(s)
* Updated DNS server handling
* Updated DNS server handling
* Updated DNS server handling
* Eliminated the from the sample inventories
* Updated sample inventory to point to 2 separate DNS servers for private/public
* Playbook clean-up
* Adding 'python-dns'
* splitting subscription manager calls to allow for a clean pre-install playbook
|
| | | |
|
| | |
| | |
| | |
| | | |
it unecessary (#47)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Upgrading jinja2 to work correctly with latest templates
* Updated to solve rpm deps + other version issues
* Clean-up
* Updating control-host settings and env
* Updating control-host settings and env
* Updating README and names to align across all components
* Setting the TERM var for better shell experience
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
The user creation was failing, because it was looking for the
`demo_users` variable while the samples put the data under
`create_users`.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Correcting the sample inventory for an HA cluster
* Adding node label mapping
* Updating to mre generic IPs
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Fix the sample inventory
The `openstack_nameservers` variable needs to be a list of strings, we
need to set the Openshift labels in OSv3.yml and we show an example of
using the username/password/poll for RHEL subscriptions.
* Update the READMEs
This fixes some of the paths, explains that we need to pass
`openstack_ssh_public_key` to the end-to-end playbook and includes the
full Docker command since there is no `run.sh` script. Oh and Heat is
not an acronym :).
* Fixes to the readme and inventory
* Use docker-compose
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* First attempt at a simple multi-master support
* Removing unneeded inventory
* adding default number of masters and lower number of nodes
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Refactored openstack-stack role to:
- Convert static heat template files to ansible templates
- Include native ansible groups via openstack metadata. This removes the need for a playbook to map host groups
- Some code cleanup
* Deleting commentd out code and irrelevant plays
* Refactored openstack-stack role to:
- Convert static heat template files to ansible templates
- Include native ansible groups via openstack metadata. This removes the need for a playbook to map host groups
- Some code cleanup
* Deleting commentd out code and irrelevant plays
* Replacing stack parameters with jinja expressions
* Updating sample inventory to work with latest dynamic inventory changes
* updating inventory with host group mapping. making sync keys optional
* Missing cluster_hosts group
* Updating to add infra_hosts
* Updating inventory per comments from oybed and sabre1041
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Updating client image to lock it to ansible 2.3 and install some additional dependencies
* First attempt at a docker-compose based solution
* Renaming image
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
HEAT module (#21)
|
| | | |
|
| | |
| | |
| | | |
Added prune_projects to the openshift-management role along with Ansible tower support
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Updated DNS server role + example playbook
* Updated DNS server role + example playbook
* Updated for SELinux boolean
|
| | |
| | |
| | |
| | |
| | |
| | | |
* Updated DNS server role + example playbook
* Updated DNS server role + example playbook
|
| | |
| | |
| | |
| | |
| | |
| | | |
* Ensure DNS configuration has wildcards set for infra nodes
* Updated to include all cluster hosts for DNS entries
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Updated documentation and example inventory
* Update README.md
Added "hint"
* Update README.md
Fix numbering in the markdown
* Update README.md
* Added docker_volume_size to the sample inventory
* Added rhsm_pool to the sample inventory
* Updated README per comments
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* First cut at the nagios work
* Added NRPE service enabled
* Updated implementation to be a bit more flexible
* Updated logic to include checks for services
* Added support for DNS and NFS checks
* Updated templates and config files
* Updated check_service script to simplify and avoid false negatives
* Added support for OpenShift checks
* Added README for the playbook
* Updated README
|
| | | |
|
| | | |
|