| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, etcd upgrade playbook only calls
evaluate_groups to limit the number of tasks
that are run against nodes during initialization.
Recently, changes have been added to allow skipping
of most node tasks via providing variablized host
groups during initialization code.
This commit allows etcd upgrades to use common
init code to ensure necessary facts are defined
and proper variables are sanity checked.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1527771
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
Move OpenStack inventory.py out of sample-inventory
This moves the dynamic inventory for OpenStack from the `sample-inventory` dir users are expected to copy and edit to `/inventory/openstack`.
This will ensure that people don't use an outdated inventory as well as communicates that the inventory (similar to the playbooks and roles) is not something they are expected to modify under normal circumstances.
The sample inventory will now contain only `group_vars` and as such, moving from that to providing vars explicitly is also more obvious (you replace the `-i inventory` command with `-e @vars.yaml` and you're good to go).
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Keeping the dynamic inventory in the `sample-inventory` alongside the
`group_vars` poses a problem: when we update the inventory, our users
won't get the latest version.
The dynamic inventory should be independent of the OpenShift or
OpenStack configuration and the users should be able to either pass it
explicitly or create a symlink if they want.
|
|\ \
| |/
|/| |
fix bug 1534271
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue.
Separate ELB & S3 from master node group provisioning
Moved s3 and elb provisioning out of `roles/openshift_aws/tasks/provisioning.yml` and into their own playbooks. These playbooks are now included in the provision playbook and in a WIP infrastructure playbook we intend to run up front in place of prerequisites.
@kwoodson what are your thoughts on something like this?
|
| | | |
|
| | |
| | |
| | |
| | | |
outside of the openshift_aws master provisioning tasks.
|
| | |
| | |
| | |
| | | |
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |/
|/|
| |
| | |
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|\ \
| | |
| | | |
Install web console on upgrade
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Spelling and grammar changes to the advanced-configuration.md file.
I noticed some spelling errors when trying to read the OpenStack `advanced_configuration.md` file so I wanted to contribute the fixed spelling.
|
| | |/
| |/| |
|
|\ \ \
| |_|/
|/| | |
Move more plugins to lib_utils
|
| |/
| |
| |
| |
| |
| |
| | |
This commit continues moving plugins into lib_utils.
This commit does not move any plugins for add-on roles
such as logging and metrics.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue.
Fix Cinder Persistent Volume support
This documents how to use Cinder-backed persistent volumes with OpenStack.
It needed a change to the dynamic inventory because the "openstack" cloudprovider plugin does actually require internal name resolution -- and the `openshift_hostname` value must match the name of the Nova server.
In addition, we need to be able to specify the V2 of the Cinder API for now as described in: https://github.com/openshift/openshift-docs/issues/5730
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When deploying on OpenStack with internal DNS configured, this will set
`openshift_hostname` to the Nova server name instead of its IP address.
Without those two matching, the OpenStack cloud provider configuration
will fail and the OpenShift nodes will not start.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As described in[1], OpenShift currently only works with Block Storage
API v2 and the version autodetection is failing to figure that out.
[1]: https://github.com/openshift/openshift-docs/issues/5730
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Add the ability to specify a timeout for node drain operations
A timeout to wait for nodes to drain pods can be specified to ensure that the upgrade continues even if nodes fail to drain pods in the allowed time. The default value of 0 will wait indefinitely allowing the admin to investigate the root cause and ensuring that disruption budgets are respected. In practice the `oc adm drain` command will eventually error out, at least that's what we've seen in our large online clusters, when that happens a second attempt will be made to drain the nodes, if it fails again it will abort the upgrade for that node or for the entire cluster based on your defined `openshift_upgrade_nodes_max_fail_percentage`.
`openshift_upgrade_nodes_drain_timeout=0` is the default and will wait until all pods have been drained successfully
`openshift_upgrade_nodes_drain_timeout=600` would wait for 600s before moving on to the tasks which would forcefully stop pods such as stopping docker, node, and openvswitch.
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Ensure that openshift_facts role is imported whenever we rely on
|
| | | | |
| | | | |
| | | | |
| | | | | |
openshift_client_binary
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
vrutkovs/3.9-upgrades-remove-openshift.common.service_type
3.9 upgrade: remove openshift.common.service_type
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
See eb6b20fc9183cc2aae424c72efd1191b99110a93
|
| |_|_|_|/
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This variable may or may not be defined by the users.
During deployments, it will be set to '-{{ openshift_version }}'
if undefined.
During upgrades, it will remain undefined.
This commit ensures that if the variable is undefined,
empty strings '' are set.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Remove become statements
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
After remove become:no statements on local_action tasks,
we need to ensure that the proper file permssions are
applied to local temp directories.
This reason for this is that the 'fetch' module
does not use 'become' for the localhost, just the remote
host.
Additionally, users may not wish for the localhost to
become during a fetch. local_action will execute with
whatever permissions are specified in inventory or via
cli.
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | | |
This commit removes become:no statements that break
the installer in various ways.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This commit limits common init code to exclude
oo_nodes_to_config during upgrade_control_plane runs.
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit changes how we handle openshift_version role.
Most of the version initialization code is only run
on the first master now. All other hosts have values
set from the master.
Aftwards, we run some basic RPM queries to ensure
that the correct version is available on the other nodes.
Containerized needs to do their own image checks elsewhere.
|
|\ \ \ \
| | | | |
| | | | | |
upgrades: set openshift_client_binary fact when running on oo_first_master host
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This sets openshift_client_binary var for the first master,
as some roles use this var along with first_master_client_binary.
Not sure if its worth setting this var for the faulty roles instead though.
Signed-off-by: Vadim Rutkovsky <vrutkovs@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
docker storage setup for ami building
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add host to g_new_node_hosts so that plays run against the AMI instance
update example vars so that overlay2 is used by default for docker storage
|
|\ \ \ \
| |/ / /
|/| | | |
Build containerized host group dynamically
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, we are using some inventory variables
to determine what host groups should be considered
containerized.
This is problematic and has several edge cases.
This commit removes the variable l_containerized_host_groups
and builds a dynamic group of hosts named
'oo_hosts_containerized_managed_true' based on the value of
'containerized'
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Openstack fixes
This includes a few fixes for the OpenStack provider.
It should fix #6555 and possibly also #6560.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The OpenStack dynamic inventory was setting the
`openshift_node_labels` value as a string which causes a failure with
the `lib_utils_oo_dict_to_keqv_list` filter.
Fixes #6555
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
install base_packages on oo_all_hosts
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit ensures base packages are installed
for oo_all_hosts, which is what we were doing previously.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1530516
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Remove last of openshift_node role meta-depends
Remove last non-taskless meta-depends from
openshift_node role.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove last non-taskless meta-depends from
openshift_node role.
Remove variable 'openshift_node_upgrade_in_progress' as
it is no longer used.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Contiv's etcd was not being deployed correctly when using more than
one master. To make it easier to manage, it has been moved into a
k8s container.
The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error. This has been moved into
a k8s container for easier management.
The firewall was too permissive on several ports. Many were open to
the world when they should have only been accessible inside the
cluster.
Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role. Now all the
contiv specific role variables start with 'contiv_'.
The api proxy's default self-signed certificate was bundled with the
role. This means someone with read-only MITM access and this key
could decrypt traffic. Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.
|
|\ \ \ \
| |_|_|/
|/| | | |
Install web console server
|