| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the logic for registry authentication is
not implemented correctly to account for upgrades of
containerized hosts.
Additionally, the logic to account for multiple runs
of openshift-ansible might cause registry authentication
credentials to not be mounted inside of containerized hosts.
This commit adds the necessary logic to ensure containerized
hosts retain registry credentials.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1494470
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue
Remove default value for oreg_url
Due to some plays importing variables from roles
directly, oreg_url was being set to a default
value when it otherwise shouldn't be.
This commit removes the default values for oreg_url
to ensure existing logic works as desired.
Fixes: https://github.com/openshift/openshift-ansible/issues/5455
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Due to some plays importing variables from roles
directly, oreg_url was being set to a default
value when it otherwise shouldn't be.
This commit removes the default values for oreg_url
to ensure existing logic works as desired.
Fixes: https://github.com/openshift/openshift-ansible/issues/5455
|
|/
|
|
|
|
|
|
|
|
|
| |
Previously, openshift-ansible supported various
types of deployments using the variable "openshift_deployment_type"
Currently, openshift-ansible only supports two deployment types,
"origin" and "openshift-enterprise".
This commit removes all logic and references to deprecated
deployment types.
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue
Increase rate limiting in journald.conf
@sdodson ptal, this is to address issues from https://github.com/openshift/origin/issues/12558
@smarterclayton @stevekuznetsov fyi
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue
Fix registry auth task ordering
Currently, registry authentication credentials are not
produced until after docker systemd service files are
created.
This commit ensures the credentials are
created before the systemd service files to ensure
the proper boolean is set to include the read-only
mount of credentials inside containerized nodes and
masters.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, registry authentication credentials are not
produced until after docker systemd service files are
created.
This commit ensures the credentials are
created before the systemd service files to ensure
the proper boolean is set to include the read-only
mount of credentials inside containerized nodes and
masters.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
ingvagabund/pull-openshift_master-deps-out-into-a-play
Automatic merge from submit-queue
Pull openshift_master deps out into a play
The `openshift_master` role is called only in a single play. Thus, we can pull out all its dependencies without duplicating all dependency role invocations. Both `lib_openshift` and `lib_os_firewall` are required deps as they defined ansible modules used inside the `openshift_master` role.
I have also rearranged definition of variables so variable used only inside a single role are part of the `include_role` statement.
Atm, we can't use `include_role` due to https://github.com/ansible/ansible/issues/21890
|
| |/ |
|
|\ \
| | |
| | | |
Bug 1490304: Etcd scale-up playbook should add new member to etcdClientInfo of master-config.yaml
|
| |/ |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, openshift-anisble supports authentication to
container registries to pull down openshift container images.
The openshift_verison role uses the docker cli to gather
image information from container registries before authentication
credentials are provided by openshift-ansible.
This commit creates the necessary token to authenticate to
private registries during openshift_version. The token
is generated by the role 'docker' on all hosts where
docker is installed/configured when oreg_auth_users
is defined.
This commit also adds a read-only mount into the
openshift master and node container services. This
mount is '/var/lib/origin/.docker:/root/.docker:ro'.
This is because the container images do not currently
read the values in '/var/lib/origin/.docker' as this
may be a bug upstream.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|\
| |
| | |
Merged by openshift-bot
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Most of this role's purpose was to set facts. The vast majority
of these facts were simply redefining user-supplied variables.
This commit also removes various artifacts leftover from
previous versions, as well as variables that seem to be
entirely unused.
|
| | |
|
|/
|
|
|
|
|
| |
Previous commit set 'openshift_master_config_dir' to
'/var/lib/origin' if undefined during upgrades.
This commit sets value to the proper directory '/etc/origin'
|
|\
| |
| | |
Merged by openshift-bot
|
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, openshift_master upgrade play imports tasks directly
from the openshift_master role. This method does not honor
role defaults.
This commit changes sets openshift_master_config_dir if undefined.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added the ability to support authentication for independent / 3rd party
registries. This commit will allow users to provide a `oreg_auth_user` and
`oreg_auth_password` to dynmically generate a docker config.json file.
The docker config.json file can be used by openshift to authenticate to
independent / 3rd party registries. `oreg_host` must supply endpoint connection
info in the form of 'hostname.com:port', with (optional) port 443 default.
To update the config.json on a later run, the user can specify
`oreg_auth_credentials_replace=False` to update the credentials.
These settings must be used in tandem with `oreg_url`
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
| |
|
| |
|
| |
|
|
|
|
| |
- remove dangling bool
|
|\
| |
| | |
Refactor the firewall workflow.
|
| |
| |
| |
| | |
file.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Prevents playbooks from accidentally restarting the master service.
|
| | |
|
| | |
|
|/
|
|
|
|
| |
From now on, all master configurations use the api / controller split,
regardless of HA mode or previous configuration. This will be our only
supported configuration starting in 3.7 or 3.8.
|
|\
| |
| |
| |
| | |
ingvagabund/allow-to-specify-docker-registry-for-system-containers
Allow to specify docker registry for system containers
|
| | |
|
|\ \
| | |
| | | |
Merged by openshift-bot
|
| | | |
|
|\ \ \
| | | |
| | | | |
Merged by openshift-bot
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes a bug which reported that AFTER a cluster upgrade from OCP 3.5
to 3.6, any masters which are later added via the scaleup playbooks
are setting a value for OPENSHIFT_DEFAULT_REGISTRY which is
inconsistent with the already configured masters.
* OPENSHIFT_DEFAULT_REGISTRY value is saved from oo_first_master
* The new scaleup master has a fact set noting it is a scaleup host
* The saved OPENSHIFT_DEFAULT_REGISTRY value is used instead of the
default for 3.6, which is to use a hard-coded registry value of
'docker-registry.default.svc:5000'
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1469336
|
|\ \ \ \
| |_|/ /
|/| | | |
Merged by openshift-bot
|
| | |/
| |/| |
|
| |/
|/| |
|
|\ \
| | |
| | | |
Fix log dumping on service failure
|
| |/
| |
| |
| | |
Also, add log dumping to master service startup too
|
|/
|
|
| |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1466783
|
| |
|
| |
|
| |
|
|\
| |
| | |
Ensure that host pki tree is mounted in containerized components
|