| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Ansible 2.2, the include_role directive came into existence as
a Tech Preview. It is still a Tech Preview through Ansible 2.4
(and in current devel branch), but with a noteable change. The
default behavior switched from static: true to static: false
because that functionality moved to the newly introduced
import_role directive (in order to stay consistent with include*
being dynamic in nature and `import* being static in nature).
The dynamic include is considerably more memory intensive as it will
dynamically create a role import for every host in the inventory
list to be used. (Also worth noting, there is at the time of this
writing an object allocation inefficiency in the dynamic include
that can in certain situations amplify this effect considerably)
This change is meant to mitigate the pressure on memory for the
Ansible control host.
We need to evaluate where it makes sense to dynamically include roles
and revert back to dynamic inclusion if and where it makes sense to do
so.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, both registry and router pods need to
be polled for successful deployment.
Somtimes this can take up to a minute.
This commit attempts to deploy both pods
before polling either. This should reduce
the average wait time for polling pods by 50%
as time spent polling the first will also allow
the second pod to continue it's own deployment.
|
|
|
|
|
| |
We set these variables using facts in init, no need
to duplicate the logic all around the codebase.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit relocates filter_plugings to lib_utils,
changes the namespacing to prevent unintended use of
older versions that may be present in filter_plugins/
directory on existing installs.
Add lib_utils to meta depends for roles
Also consolidate some plugins into lib_utils from
various other areas.
Update rpm spec, obsolete plugin rpms.
|
| |
|
| |
|
|
|
|
|
|
| |
Remove hosted vars from openshift_facts.
The current pattern is causing a bunch of undesired sideffects.
|
| |
|
|\
| |
| | |
Add external glusterfs backend to hosted and glusterfs playbook
|
| | |
|
| | |
|
|\ \
| |/
|/| |
hosted_registry: clean up tmp mount point and fstab
|
| |
| |
| |
| | |
Fixes #6004
|
|/
|
|
|
|
| |
This commit removes any references to versions < 1.5/3.5
We assume the version is always greater than or equal to 1.5/3.5.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
Allow cluster IP for docker-registry service to be set
For historical reasons a small set of programs in our environments rely
on the cluster-internal Docker registry having the IP address
"172.30.1.1". So far we always had to patch in that address manually.
Adding a variable on the "openshift_hosted" role allows the IP address
to be set correctly when a cluster is installed.
|
| |
| |
| |
| |
| |
| |
| |
| | |
For historical reasons a small set of programs in our environments rely
on the cluster-internal Docker registry having the IP address
"172.30.1.1". So far we always had to patch in that address manually.
Adding a variable on the "openshift_hosted" role allows the IP address
to be set correctly when a cluster is installed.
|
|/ |
|
|
|
|
| |
auto-generated wildcard certificate or custom openshift_hosted_router_certificate.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, openshift_hosted role duplicates some logic
across separate task chains. This commit cleans up
the openshift_hosted role and converts it to be
primarily used with include_role to give better
logic to the playbooks that utilize this role.
This commit also refactors the playbook that calls
various openshift_hosted roles into individual playbooks.
This allows more granularity for advanced users.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue
hot fix for env variable resolve
If we use environment variables in our inventory files (and from what I seen we do this everywhere where We deploy OCP) our fact engine ignores env variables so if my path looks like
```
openshift_hosted_registry_routecertificates={"certfile": "{{inventory_dir}}/../files/certs/wildcard.registry.company.local.crt", "keyfile": "{{inventory_dir}}/../files/certs/wildcard.registry.companylocal.key", "cafile":"{{inventory_dir}}/../files/certs/CompanyLocalRootCA.crt"}
openshift_hosted_registry_routehost=containers.registry.comany.local
```
the result is: `/../files/certs/RoSLocalRootCA.crt`
We need to fix our fact set in a long run to read Ansible variables. And it was done in the same way with router certificates already.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
This workaround prevents the warnings on using Jinja2 templating
delimiters in `when:` conditions in cases where a variable is used as
the conditional. This has been fixed in Ansible 2.4.
https://github.com/ansible/ansible/pull/25092
|
|\ \
| | |
| | | |
Merged by openshift-bot
|
| | | |
|
| |/ |
|
|\ \
| | |
| | | |
Merged by openshift-bot
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add missing hostnames to registry cert
|
| | | | |
|
|\ \ \ \
| |/ / /
|/| | | |
AWS Provisioning with scale groups.
|
| |/ / |
|
|\ \ \
| |_|/
|/| | |
Allow GCS object storage to be configured
|
| |/
| |
| |
| |
| |
| | |
Previously, setting the GCS registry object storage settings resulted in
an invalid configuration. This generates a registry-config secret that
has the correct file if the GCS config is set.
|
|\ \
| |/
|/| |
Refactor openshift_hosted's docker-registry route setup
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have identified an issue where a docker-registry service set up
as 'reencrypt' with a provided certificate and a self-signed certificate
on the pod does not authorize users to push images.
If the docker-registry service is set up as 'passthrough' with the
same provided certificate, everything works.
In light of this, this commit essentially adds support for configuring
provided certificates with a passthrough route while maintaining backwards
compatibility with the other use cases.
The default remains 'passthrough' with self-generated certificates.
Other miscellaneous changes include:
- Move fact setup that were only used in secure.yml there
- Omit the hostname for the route if there are none to configure,
oc_route takes care of handling the default
- Replace hardcoded /etc/origin/master by openshift_master_config_dir
|
| |
| |
| |
| | |
file.
|
| | |
|
| | |
|
|\ \
| |/
|/| |
Router wildcard certificate created by default
|
| | |
|
| | |
|
|/
|
|
| |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
| |
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1463131
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Merged by openshift-bot
|
| |
| |
| |
| | |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We cannot rely on the `watch.Until` call in the `rollout status`
subcommand for the time being, so we need to ignore the result of this
call. This will make the rollout status check best-effort, so we need to
follow it with a poll for the actual status of the rollout, which we can
extract from the `openshift.io/deployment.phase` annotation on the
ReplicationControllers. This annotation can have only three values --
`Running`, `Complete` and `Failed`. If we poll on this attribute until
we stop seeing `Running`, we can then inspect the last result for
`Failed`; if it's present, we have failed the deployment.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
When deploying the hosted router and registry components, we need to
ensure that they correctly roll out. The previous checks were weak in
that they either simply waited for a set amount of time and/or did one
replica check. They would fail if the router or registry took longer to
deploy or if there were un-ready or failing replicas. The `oc rollout`
command group contains the `status` endpoint for internalizing all of
the logic for determining when a rollout has succeeded or failed, so
simply using this client call will ensure that the router and registry
correctly deploy.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
|