Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Correct logic for openshift_hosted_*_wait | Russell Teague | 2017-09-12 | 2 | -2/+2 |
| | |||||
* | Workaround Ansible Jinja2 delimiter warning | Russell Teague | 2017-09-12 | 2 | -2/+2 |
| | | | | | | | This workaround prevents the warnings on using Jinja2 templating delimiters in `when:` conditions in cases where a variable is used as the conditional. This has been fixed in Ansible 2.4. https://github.com/ansible/ansible/pull/25092 | ||||
* | Merge pull request #5162 from aerialls/patch-2 | OpenShift Bot | 2017-09-07 | 1 | -9/+9 |
|\ | | | | | Merged by openshift-bot | ||||
| * | reverse order between router cert generation | Julien Brochet | 2017-08-23 | 1 | -9/+9 |
| | | |||||
| * | ensured to always use a certificate for the router | Julien Brochet | 2017-08-22 | 1 | -1/+1 |
| | | |||||
* | | Merge pull request #5148 from kwoodson/registry_proxy_updates | OpenShift Bot | 2017-09-06 | 1 | -0/+8 |
|\ \ | | | | | | | Merged by openshift-bot | ||||
| * | | Adding proxy env vars for dc/docker-registry | Kenny Woodson | 2017-08-21 | 1 | -0/+8 |
| | | | |||||
* | | | Merge pull request #5178 from sdodson/fix-registry-cert | Scott Dodson | 2017-08-25 | 1 | -0/+3 |
|\ \ \ | | | | | | | | | Add missing hostnames to registry cert | ||||
| * | | | Add missing hostnames to registry cert | Scott Dodson | 2017-08-23 | 1 | -0/+3 |
| | | | | |||||
* | | | | Merge pull request #5011 from kwoodson/provision | Scott Dodson | 2017-08-23 | 2 | -59/+63 |
|\ \ \ \ | |/ / / |/| | | | AWS Provisioning with scale groups. | ||||
| * | | | First attempt at provisioning. | Kenny Woodson | 2017-08-21 | 2 | -59/+63 |
| |/ / | |||||
* | | | Merge pull request #5120 from smarterclayton/allow_gcs_registry | Scott Dodson | 2017-08-23 | 2 | -2/+14 |
|\ \ \ | |_|/ |/| | | Allow GCS object storage to be configured | ||||
| * | | Allow GCS object storage to be configured | Clayton Coleman | 2017-08-17 | 2 | -2/+14 |
| |/ | | | | | | | | | | | Previously, setting the GCS registry object storage settings resulted in an invalid configuration. This generates a registry-config secret that has the correct file if the GCS config is set. | ||||
* | | Merge pull request #4254 from dmsimard/registry_certs | Scott Dodson | 2017-08-21 | 4 | -49/+138 |
|\ \ | |/ |/| | Refactor openshift_hosted's docker-registry route setup | ||||
| * | Refactor openshift_hosted's docker-registry route setup | David Moreau-Simard | 2017-07-23 | 4 | -49/+138 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have identified an issue where a docker-registry service set up as 'reencrypt' with a provided certificate and a self-signed certificate on the pod does not authorize users to push images. If the docker-registry service is set up as 'passthrough' with the same provided certificate, everything works. In light of this, this commit essentially adds support for configuring provided certificates with a passthrough route while maintaining backwards compatibility with the other use cases. The default remains 'passthrough' with self-generated certificates. Other miscellaneous changes include: - Move fact setup that were only used in secure.yml there - Omit the hostname for the route if there are none to configure, oc_route takes care of handling the default - Replace hardcoded /etc/origin/master by openshift_master_config_dir | ||||
* | | Updated README to reflect refactor. Moved firewall initialize into separate ↵ | Kenny Woodson | 2017-08-10 | 2 | -4/+4 |
| | | | | | | | | file. | ||||
* | | Adding a default condition and removing unneeded defaults. | Kenny Woodson | 2017-08-09 | 2 | -8/+8 |
| | | |||||
* | | First attempt at refactor of os_firewall | Kenny Woodson | 2017-08-08 | 4 | -2/+89 |
| | | |||||
* | | Merge pull request #4693 from enoodle/create_router_certificate_by_default | Scott Dodson | 2017-07-26 | 1 | -3/+3 |
|\ \ | |/ |/| | Router wildcard certificate created by default | ||||
| * | add default value for router path in the cert | Erez Freiberger | 2017-07-25 | 1 | -2/+2 |
| | | |||||
| * | Router wildcard certificate created by default | Erez Freiberger | 2017-07-25 | 1 | -1/+1 |
| | | |||||
* | | hosted registry: Use proper node name in GlusterFS storage setup | Jose A. Rivera | 2017-07-14 | 1 | -1/+1 |
|/ | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | Set OPENSHIFT_DEFAULT_REGISTRY in registry dc. | Andrew Butcher | 2017-06-30 | 1 | -0/+5 |
| | |||||
* | registry: look for the oc executable in /usr/local/bin and ~/bin | Giuseppe Scrivano | 2017-06-27 | 1 | -2/+2 |
| | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> | ||||
* | router: look for the oc executable in /usr/local/bin and ~/bin | Giuseppe Scrivano | 2017-06-26 | 1 | -3/+3 |
| | | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1463131 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> | ||||
* | Merge pull request #4484 from jarrpa/glusterfs-fixes-too | OpenShift Bot | 2017-06-19 | 1 | -1/+1 |
|\ | | | | | Merged by openshift-bot | ||||
| * | registry: mount GlusterFS storage volume from correct host | Jose A. Rivera | 2017-06-16 | 1 | -1/+1 |
| | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | | Make rollout status check best-effort, add poll | Steve Kuznetsov | 2017-06-13 | 2 | -2/+52 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | We cannot rely on the `watch.Until` call in the `rollout status` subcommand for the time being, so we need to ignore the result of this call. This will make the rollout status check best-effort, so we need to follow it with a poll for the actual status of the rollout, which we can extract from the `openshift.io/deployment.phase` annotation on the ReplicationControllers. This annotation can have only three values -- `Running`, `Complete` and `Failed`. If we poll on this attribute until we stop seeing `Running`, we can then inspect the last result for `Failed`; if it's present, we have failed the deployment. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com> | ||||
* | | Verify the rollout status of the hosted router and registry | Steve Kuznetsov | 2017-06-09 | 2 | -14/+12 |
|/ | | | | | | | | | | | | | | When deploying the hosted router and registry components, we need to ensure that they correctly roll out. The previous checks were weak in that they either simply waited for a set amount of time and/or did one replica check. They would fail if the router or registry took longer to deploy or if there were un-ready or failing replicas. The `oc rollout` command group contains the `status` endpoint for internalizing all of the logic for determining when a rollout has succeeded or failed, so simply using this client call will ensure that the router and registry correctly deploy. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com> | ||||
* | Remove supported/implemented barrier for registry object storage providers. | Andrew Butcher | 2017-06-06 | 1 | -16/+0 |
| | |||||
* | bool | Scott Dodson | 2017-05-26 | 1 | -2/+2 |
| | |||||
* | Removing requirement to pass aws credentials | Eric Sauer | 2017-05-22 | 1 | -4/+0 |
| | |||||
* | GlusterFS: Allow swapping an existing registry's backend storage | Jose A. Rivera | 2017-05-04 | 2 | -1/+34 |
| | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | hosted_registry: Get correct pod selector for GlusterFS storage | Jose A. Rivera | 2017-05-04 | 1 | -1/+9 |
| | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | hosted registry: Fix typo | Jose A. Rivera | 2017-05-04 | 1 | -1/+1 |
| | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | Replace original router cert variable names. | Andrew Butcher | 2017-04-24 | 1 | -8/+8 |
| | |||||
* | Allow for GlusterFS to provide registry storage | Jose A. Rivera | 2017-04-10 | 2 | -1/+56 |
| | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | Adding signed router cert and fixing server_cert bug. | Kenny Woodson | 2017-04-04 | 1 | -0/+26 |
| | |||||
* | Add docker-registry.default.svc short name to registry service signing | Scott Dodson | 2017-04-03 | 1 | -1/+2 |
| | |||||
* | openshift_hosted: add openshift_hosted_registry_cert_expire_days parameter. | Slava Semushin | 2017-03-29 | 1 | -0/+1 |
| | |||||
* | Moving projects task within openshift_hosted | Russell Teague | 2017-03-17 | 1 | -0/+7 |
| | |||||
* | Add router svcacct cluster-reader role | Russell Teague | 2017-03-14 | 1 | -0/+9 |
| | |||||
* | Refactor and remove openshift_serviceaccount | Russell Teague | 2017-03-13 | 2 | -2/+29 |
| | |||||
* | Added ports. | Kenny Woodson | 2017-03-02 | 1 | -0/+2 |
| | |||||
* | Fixed router name to produce 2nd router. | Kenny Woodson | 2017-03-02 | 1 | -1/+1 |
| | |||||
* | Updated to work with an array of routers. | Kenny Woodson | 2017-03-02 | 1 | -60/+16 |
| | |||||
* | Adding support for router sharding. | Kenny Woodson | 2017-03-02 | 1 | -61/+68 |
| | |||||
* | Add oc_adm_policy_user task cluster-role policy | Russell Teague | 2017-03-02 | 1 | -0/+7 |
| | |||||
* | Correct config for hosted registry | Russell Teague | 2017-03-02 | 1 | -1/+2 |
| | |||||
* | Fixed error handling when oc adm ca create-server-cert fails. Fixed a logic ↵ | Kenny Woodson | 2017-03-01 | 1 | -1/+1 |
| | | | | error in secure. |