| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
This simplifies some variable logic.
|
|
|
|
| |
Simply dns_port variable by remove from openshift_facts.
|
|
|
|
| |
Simplify the variable is_master_system_container
|
|
|
|
| |
Simplify the logic for this variable.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
Combine master upgrade play with role
Currently, there are plays importing tasks directly from
openshift_master role. This has caused numerous bugs
and code duplicaiton in the past.
This commit combines the upgrade into openshift_master role
utilizing include_role syntax.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, there are plays importing tasks directly from
openshift_master role. This has caused numerous bugs
and code duplicaiton in the past.
This commit combines the upgrade into openshift_master role
utilizing include_role syntax.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the command 'docker login' is run when using
oreg with authentication.
On some hosts, such as hosts configured to use system containers,
the docker service is not running. 'docker login' will fail
without the docker service running.
This commit adds a module to idempotently add credentials
to the registry credentials file without the use of
'docker login'
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
|
| |
|
|
|
|
| |
The default value needs to be consistently used.
|
|\
| |
| |
| |
| | |
Automatic merge from submit-queue.
Add arbitrary firewall port config to master too
|
| | |
|
|/
|
|
| |
Consistent with other use
|
|
|
|
|
|
|
|
| |
This commit enables deploying Kuryr networking on top of OpenShift in
containers. kuryr-controller is a Deployment and kuryr-cni is deployed
as DaemonSet (container will drop all CNI configuration files).
Co-Authored-By: Antoni Segura Puimedon <celebdor@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, imageConfig.latest is hard-coded to false.
This commit adds an appropriate boolean to enable
setting to true.
Fixes: https://github.com/openshift/openshift-ansible/issues/1422
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, debug_level is documented as a way to change
the debug output level for both masters and nodes.
debug_level does not currently have any effect.
This commit removes debug_level from openshift_facts
and properly sets openshift_master_debug_level and
openshift_node_debug_level to the value of debug_level
specified in the inventory.
This commit also reorganizes some set_fact tasks
needed during master upgrades to put all work-around
set-facts for undefined variables in one place, allowing
for easier cleanup in the future. This includes an
entry for openshift_master_debug_level.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500164
|
|
|
|
|
|
|
|
|
|
|
| |
Due to some plays importing variables from roles
directly, oreg_url was being set to a default
value when it otherwise shouldn't be.
This commit removes the default values for oreg_url
to ensure existing logic works as desired.
Fixes: https://github.com/openshift/openshift-ansible/issues/5455
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, openshift-anisble supports authentication to
container registries to pull down openshift container images.
The openshift_verison role uses the docker cli to gather
image information from container registries before authentication
credentials are provided by openshift-ansible.
This commit creates the necessary token to authenticate to
private registries during openshift_version. The token
is generated by the role 'docker' on all hosts where
docker is installed/configured when oreg_auth_users
is defined.
This commit also adds a read-only mount into the
openshift master and node container services. This
mount is '/var/lib/origin/.docker:/root/.docker:ro'.
This is because the container images do not currently
read the values in '/var/lib/origin/.docker' as this
may be a bug upstream.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|
|
|
|
|
|
|
|
| |
Most of this role's purpose was to set facts. The vast majority
of these facts were simply redefining user-supplied variables.
This commit also removes various artifacts leftover from
previous versions, as well as variables that seem to be
entirely unused.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added the ability to support authentication for independent / 3rd party
registries. This commit will allow users to provide a `oreg_auth_user` and
`oreg_auth_password` to dynmically generate a docker config.json file.
The docker config.json file can be used by openshift to authenticate to
independent / 3rd party registries. `oreg_host` must supply endpoint connection
info in the form of 'hostname.com:port', with (optional) port 443 default.
To update the config.json on a later run, the user can specify
`oreg_auth_credentials_replace=False` to update the credentials.
These settings must be used in tandem with `oreg_url`
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
| |
|
|
|
|
| |
file.
|
| |
|
| |
|
|
|
|
|
| |
This would be the case if for instance they'd upgraded and then
migrated.
|
|
|
|
|
| |
If we have no master config assume that we're a clean install.
If we're a clean install and we're 3.6 or greater use etcd v3 storage.
|
|
|
|
|
|
|
| |
openshift_docker role was largely useless now, but also almost did what
we needed. (deps ordering still needs to be changed)
Remove defaulting of openshift_version.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
QE found that for fresh installs we were basing the docker version facts of the
images that could be pulled prior to configuring /etc/sysconfig/docker. This
is an edge case but something we need to fix.
|
|
|
|
| |
and atomic-openshift-master-controllers
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Ability to specify multiple masters
- configures the CA only a single time on the first master
- creates and distributes additional certs for additional master hosts
- Depending on the status of openshift_master_cluster_defer_ha (defaults to
False) one of two actions are taken when multiple masters are defined
1. If openshift_master_cluster_defer_ha is true
a. Certs/configs for all masters are deployed
b. openshift-master service is only started and enabled on the master
c. HA configuration is expected to be handled by the user manually after
the completion of the playbook run.
2. If oepnshift_master_cluster_defer_ha is false or undefined
a. Certs/configs for all masters are deployed
b. a Pacemaker/RHEL HA cluster is configured
i. VIPs are configured based on the values of
openshift_master_cluster_vip and
openshift_master_cluster_plublic_vip
ii. The openshift-master service is configured as an active/passive
cluster service
|
|
|
|
| |
* Configure fluentd to aggragate container logs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add openshift_facts role and module
- Created new role openshift_facts that contains an openshift_facts module
- Refactor openshift_* roles to use openshift_facts instead of relying on
defaults
- Refactor playbooks to use openshift_facts
- Cleanup inventory group_vars
- Update defaults
- update openshift_master role firewall defaults
- remove etcd peer port, since we will not be supporting clustered embedded
etcd
- remove 8444 since console now runs on the api port by default
- add 8444 and 7001 to disabled services to ensure removal if updating
- Add new role os_env_extras_node that is a subset of the docker role
- previously, we were starting/enabling docker which was causing issues with some
installations
- Does not install or start docker, since the openshift-node role will
handle that for us
- Only adds root to the dockerroot group
- Update playbooks to use ops_env_extras_node role instead of docker role
- os_firewall bug fixes
- ignore ip6tables for now, since we are not configuring any ipv6 rules
- if installing package do a daemon-reload before starting/enabling service
- Add aws support to bin/cluster
- Add list action to bin/cluster
- Add update action to bin/cluster
- cleanup some stray debug statements
- some variable renaming for clarity
|
|
|
|
|
| |
- Fix missed references to old firewall scripts
- Fix variable name references that didn't get updated
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- openshift_node_ips now defaults to []
- Previously an empty --nodes in /etc/sysconfig/master would result in the
master creating a node for the localhost. The latest Origin and OSE builds
now only create the implicit localhost node if run as openshift, not
openshift-master. We can now safely default to setting no nodes in
/etc/sysconfig/master and having nodes register themselves with the master
when they come up via the 'Register node (if not already registered)' task
in roles/openshift_node/tasks/main.yml)
- This had an associated change for the byo scripts that had not been merged
into master yet, but this PR changes the behavior of the openshift_master
role to not fail if openshift_node_ips is not set. This also prevents having
the openshift_master service restarted when a node is added.
|
|
|
|
|
|
|
|
|
|
|
| |
- move common openshift logic into openshift_common
- set openshift_common as a dependency for openshift_node and openshift_master
- rename role variables to openshift_* to be more descriptive
- start recording local_facts on the openshift hosts
- clean up firewalld config to be a bit more dry
- Update firewall ports for https, make sure http rules are removed
- Replace references to ansible_eth0.ipv4.address with
ansible_default_ipv4.address
|
|
|