| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Sets the appropriate config field if openshift_node_port_range is set
and also configures filewalls on each node. firewalld already supports
port ranges like "30000-32000", while iptables needs that value
converted to the correct "30000:32000" form for use with `--dport`.
If not set, no node ports are opened.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem was caused by facts not being set for that master. To fix this
patch cleans up the calculation of metricsPublicURL in general. Because
this value is used in openshift_master to template into the master
config file, we now define these facts more clearly in
openshift_master_facts, and add a dependency on this to
openshift_metrics.
The calculation of default sub-domain is also changed to remove it from
system facts (as neither of these are facts about the system) and
instead use plain variables.
|
|
|
|
|
|
|
|
| |
Move the values in kube_admission_plugin_config up one level per
the new format from 1.3:
"The kubernetesMasterConfig.admissionConfig.pluginConfig should be moved
and merged into admissionConfig.pluginConfig."
|
|\
| |
| | |
Prevent useless master restart by reworking template for master service enf file
|
| | |
|
|\ \
| | |
| | | |
Support 3rd party scheduler
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The roles/openshift_facts main task did not pass the cni plugin variable to the later role playbooks.
The master.yaml and node.yaml templates did not allow for a cni configuration without either installing openshift sdn or nuage.
This change will allow to use os_sdn_network_plugin_name=cni and set openshift_use_openshift_sdn=false for deployments that use a cni plugin that doesn't need and want openshift sdn to be installed
|
| |/
|/|
| |
| |
| |
| |
| | |
Recently applied this fix for controllers due to the systemd-journald
restart issue, it sounds as is this one is also sometimes affected.
Containerized already uses this, so we will apply the same restart
strategy here.
|
|/
|
|
|
|
|
|
|
|
| |
Restarts of systemd-journald can cause the master controllers service to
die in HA environments, due to a SIGPIPE and how it's handled.
(seemingly by default in golang)
on-failure does not trigger in this situation, instead we set to
Restart=always in the systemd unit, which matches the non-HA service
definitions as well.
|
| |
|
|
|
|
| |
Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
|
|
|
|
| |
Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
|
| |
|
|\
| |
| | |
enable service-serving-cert-signer by default
|
| | |
|
|\ \
| |/
|/| |
Add externalIPNetworkCIDRs to config
|
| |
| |
| |
| |
| | |
Allow networkConfig.externalIPNetworkCIDRs to be set along with a
default to emulate the old 3.1 behavior.
|
|/ |
|
| |
|
|\
| |
| | |
1.3 / 3.3 Upgrades
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Refactored the 3.2 upgrade common files out to a path that does not
indicate they are strictly for 3.2.
3.3 upgrade then becomes a relatively small copy of the byo entry point,
all calling the same code as 3.2 upgrade.
Thus far there are no known 3.3 specific upgrade tasks. In future we
will likely want to allow hooks out to version specific pre/upgrade/post
tasks.
Also fixes a bug where the handlers were not restarting
nodes/openvswitch containers doing upgrades, due to a change in Ansible
2+.
|
|/
|
|
| |
openshift ca bundle.
|
|\
| |
| | |
openshift_release / version / upgrade improvements
|
| |\ |
|
| | |
| | |
| | |
| | |
| | | |
Allows the use of arbitrary tags, precise control over containers and
rpms, and likely mixed environments.
|
| | | |
|
| | | |
|
| |/
|/| |
|
|/ |
|
|
|
|
| |
openshift_master_max_requests_inflight.
|
|
|
|
| |
Only need double quotes if preserving whitespace, and never singles.
|
|\
| |
| | |
Add masterConfig.volumeConfig.dynamicProvisioningEnabled
|
| | |
|
| | |
|
|\ \
| |/
|/| |
BZ 1330357: Fail to deploy pod after installing env with openshift_master_portal_net='172.31.0.0/16'
|
| | |
|
|/
|
|
|
|
|
| |
- htpasswd users
- ldap ca file
- openid ca file
- request_header ca file
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Configures HTTP_PROXY, HTTPS_PROXY, NO_PROXY for master and docker services.
Configugres BuildDefaults Admission controller for master to automatically
insert proxy environment configuration into build environments.
To use set at least these variables
- openshift_http_proxy
- openshift_https_proxy
NO_PROXY entries will automatically be configured for hostnames of all openshift
hosts. You may specify additional NO_PROXY hosts or patterns by setting
`openshift_no_proxy`
If you wish to disable automatic generation of NO_PROXY hosts you may set
`openshift_generate_no_proxy_hosts` to False.
If you wish to have different builddefaults proxy configuration than baseline
proxy configuration set these variables
- openshift_builddefaults_http_proxy
- openshift_builddefaults_https_proxy
- openshift_builddefaults_no_proxy
- openshift_builddefaults_git_http_proxy
- openshift_builddefaults_git_https_proxy
|
|
|
|
|
| |
Conflicts:
roles/openshift_facts/library/openshift_facts.py
|
|\
| |
| | |
Support setting imagePolicyConfig JSON in inventory.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For flexibility this is another pure JSON field to translate directly to
yaml in the master config.
Also updated to more safely handle JSON inventory variables as this
uncovered a bug with booleans where you end up with a string containing
json in your yaml.
|
|/
|
|
| |
Lifted from https://github.com/openshift/origin/pull/8317
|
|\
| |
| | |
Add cloudprovider config dir to docker options.
|
| | |
|
|\ \
| | |
| | | |
Check for kind in cloudprovider facts prior to accessing.
|
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow users who wish to deploy configs with ansible to define templates for
oauth screens, and control the alwaysShowProviderSelection setting.
There are currently three supported oauth templates, and we have a pre-existing
'oauth_template' variable, but it is assumed to mean you are controlling the
'login' screen, and this is the only one you can configure.
To work around this, supporting all current and future templates, introduce a
pluralized variable 'oauth_templates', which contains a JSON dict allowing the
admin to control any template they wish. If both new and old variables are
defined, the old one is ignored. (and can be considered deprecated)
Internally the old value will be converted to the new dict, so the template
just references one value.
Example:
openshift_master_oauth_always_show_provider_selection=true
openshift_master_oauth_templates={"providerSelection": "provider-selection.html", "error": "oauth-error.html"}
Yeilds:
oauthConfig:
alwaysShowProviderSelection: true
templates:
error: oauth-error.html
providerSelection: provider-selection.html
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds four new inventory variables for setting sections in "admissionConfig" and
"kubernetesMasterConfig.admissionConfig".
openshift_master_admission_plugin_order allows configuring the list of origin
admission controller plugins to enable and what order to run them in. This must
be a JSON formatted list of strings:
openshift_master_admission_plugin_order=["RunOnceDuration", "NamespaceLifecycle", "OriginPodNodeEnvironment", "ClusterResourceOverride", "LimitRanger", "ServiceAccount", "SecurityContextConstraint", "ResourceQuota", "SCCExecRestrictions"]
openshift_master_kube_admission_plugin_order is identical but for the
kubernetes admission controller plugins which appear beneath
kubernetesMasterConfig.
openshift_master_admission_plugin_config allows setting free-form configuration
stanzas that match up with enabled admission controller plugins. This must be a
JSON formatted hash:
openshift_master_admission_plugin_config={"RunOnceDuration":{"configuration":{"apiVersion":"v1","kind":"RunOnceDurationConfig","activeDeadlineSecondsOverride":3600}},"ClusterResourceOverride":{"configuration":{"apiVersion":"v1","kind":"ClusterResourceOverrideConfig","limitCPUToMemoryPercent":200,"cpuRequestToLimitPercent":6,"memoryRequestToLimitPercent":60}}}
openshift_master_kube_admission_plugin_config is the equivalent for kubernetes
admission controller plugins.
Contains a change to merge_facts to fix issues with modifying inventory
variables that contain JSON dicts. If you modified a previously set variable,
the result would be a merge of old and new, which is completely wrong in this
case. Addded new overwrite_facts to shortcut to just taking the new values.
This differs from the pre-existing concept of "protected" in that we're not
protecting an old value, we're trashing it and taking the new.
|