| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Make the required package optional
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A new openshift_atomic role has been created for atomic specific tasks.
The first task added is proxy which handles updating /etc/atomic.conf to
ensure the proper proxy configuration is configured. This task file is
then included (via include_role) in system container related task files.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903
Signed-off-by: Steve Milner <smilner@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, non-containerized nodes have systemd
service unit files created after registry auth
credentials are created. Containerized nodes
place service unit files prior to creation of
these credentials.
This commit ensures systemd service units
are created at the correct time for both
containerized and non-containerized nodes.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500642
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, debug_level is documented as a way to change
the debug output level for both masters and nodes.
debug_level does not currently have any effect.
This commit removes debug_level from openshift_facts
and properly sets openshift_master_debug_level and
openshift_node_debug_level to the value of debug_level
specified in the inventory.
This commit also reorganizes some set_fact tasks
needed during master upgrades to put all work-around
set-facts for undefined variables in one place, allowing
for easier cleanup in the future. This includes an
entry for openshift_master_debug_level.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500164
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, profiles for the tuned daemon are set only for
OpenShift node(s). This excludes the OpenShift loadbalancer.
As a result, ARP cache limits on loadbalancers are not raised.
This causes problems with HA setups where loadbalancers serve
1k+ OpenShift nodes.
This commit ensures the openshift-control-plane role is applied
to loadbalancers, masters and OpenShift infra nodes. Regular
OpenShift worker nodes get the openshift-node profile.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1498213
|
|
|
|
|
|
|
|
|
|
| |
Currently, the node service is started before
aws credentials (if needed) are configured.
This commit ensures the aws credentials are placed
before the node service is started.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1497150
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
openshift_node: Set DOCKER_SERVICE for system container
The node system container was being installed with the ```DOCKER_SERVICE```
holding to it's ```manifest.json``` default of docker.service. This chage
adds the ```DOCKER_SERVICE``` parameter on node system container install
so that it uses the same value from the installer stored in
```openshift.docker.service_name```.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1496707
|
| |
| |
| |
| |
| |
| | |
Setting the MASTER_SERVICE to openshift.common.service_type.
Signed-off-by: Steve Milner <smilner@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The node system container was being installed with the DOCKER_SERVICE
holding to it's manifest.json default of docker.service. This change
adds the DOCKER_SERVICE parameter on node system container install
so that it uses the same value from the installer stored in
openshift.docker.service_name.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1496707
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|/
|
|
|
|
|
|
| |
There is currently a bug in registry auth
credential creation logic for openshift_node
and openshift_node_upgrade
This commit fixes the logic.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the logic for registry authentication is
not implemented correctly to account for upgrades of
containerized hosts.
Additionally, the logic to account for multiple runs
of openshift-ansible might cause registry authentication
credentials to not be mounted inside of containerized hosts.
This commit adds the necessary logic to ensure containerized
hosts retain registry credentials.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1494470
|
|\
| |
| |
| |
| | |
Automatic merge from submit-queue
node: specify the DNS domain
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
Previously, openshift-ansible supported various
types of deployments using the variable "openshift_deployment_type"
Currently, openshift-ansible only supports two deployment types,
"origin" and "openshift-enterprise".
This commit removes all logic and references to deprecated
deployment types.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, registry authentication credentials are not
produced until after docker systemd service files are
created.
This commit ensures the credentials are
created before the systemd service files to ensure
the proper boolean is set to include the read-only
mount of credentials inside containerized nodes and
masters.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue
Move sysctl.conf customizations to a separate file
Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf
This is a good idea becuase:
1- /etc/sysctl.conf is evaluated later, so it can easily be overwritten by previous customizations
2- It's likely that there is an agent like puppet monitoring this file
3- It's easier to know what's being changed by OpenShift
|
| |
| |
| |
| | |
Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf
|
| | |
|
|\ \
| | |
| | | |
Merged by openshift-bot
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, openshift-anisble supports authentication to
container registries to pull down openshift container images.
The openshift_verison role uses the docker cli to gather
image information from container registries before authentication
credentials are provided by openshift-ansible.
This commit creates the necessary token to authenticate to
private registries during openshift_version. The token
is generated by the role 'docker' on all hosts where
docker is installed/configured when oreg_auth_users
is defined.
This commit also adds a read-only mount into the
openshift master and node container services. This
mount is '/var/lib/origin/.docker:/root/.docker:ro'.
This is because the container images do not currently
read the values in '/var/lib/origin/.docker' as this
may be a bug upstream.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Most of this role's purpose was to set facts. The vast majority
of these facts were simply redefining user-supplied variables.
This commit also removes various artifacts leftover from
previous versions, as well as variables that seem to be
entirely unused.
|
|\ \
| | |
| | | |
Merged by openshift-bot
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add independent registry auth support
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added the ability to support authentication for independent / 3rd party
registries. This commit will allow users to provide a `oreg_auth_user` and
`oreg_auth_password` to dynmically generate a docker config.json file.
The docker config.json file can be used by openshift to authenticate to
independent / 3rd party registries. `oreg_host` must supply endpoint connection
info in the form of 'hostname.com:port', with (optional) port 443 default.
To update the config.json on a later run, the user can specify
`oreg_auth_credentials_replace=False` to update the credentials.
These settings must be used in tandem with `oreg_url`
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|\ \ \
| |/ /
|/| | |
crio: rename openshift_docker_use_crio to openshift_use_crio
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is confusing to have _docker_ in the name, since they are two
different backends.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/ / |
|
| |
| |
| |
| | |
file.
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Merged by openshift-bot
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
cri-o currently requires SELinux to be off. This change disables the
SELinux check in the openshift_node role when cri-o is in use.
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
ingvagabund/allow-to-specify-docker-registry-for-system-containers
Allow to specify docker registry for system containers
|
| | | |
|
|\ \ \
| | | |
| | | | |
Merged by openshift-bot
|
| | | | |
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
Sync all openshift.common.use_openshift_sdn uses in yaml files
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Most occurrences are in a form:
```yaml
openshift.common.use_openshift_sdn | default(true) | bool
```
Let's make all occurences this way given the use_openshift_sdn is set to true anyway.
See https://github.com/openshift/openshift-ansible/blob/0c350dcc7d06d62be5ba3a8e468dff85cdd96dd7/roles/openshift_facts/library/openshift_facts.py#L2035
|
|/ /
| |
| |
| | |
Also, add log dumping to master service startup too
|
| | |
|
| |
| |
| |
| |
| | |
At least in my smoke testing of a containerized install i had to
manually reload systemd
|
| | |
|