| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
| |
Currently, imageConfig.latest is hard-coded to false.
This commit adds an appropriate boolean to enable
setting to true.
Fixes: https://github.com/openshift/openshift-ansible/issues/1422
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, profiles for the tuned daemon are set only for
OpenShift node(s). This excludes the OpenShift loadbalancer.
As a result, ARP cache limits on loadbalancers are not raised.
This causes problems with HA setups where loadbalancers serve
1k+ OpenShift nodes.
This commit ensures the openshift-control-plane role is applied
to loadbalancers, masters and OpenShift infra nodes. Regular
OpenShift worker nodes get the openshift-node profile.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1498213
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 7f805f9a0c41477365dd88b0ac73f0d221bd654a causes the behavior seen in
https://bugzilla.redhat.com/show_bug.cgi?id=1453113 because openshift-node
is no longer restarted when openvswitch is, due to the change from Requires
to Wants.
Turns out that making the openshift node service PartOf the OVS service
can achieve the same result and ensure openshift-node gets restarted whenever
OVS does, which ensures that networking doesn't break underneath the node.
Suggested by Giuseppe Scrivano
|
|\
| |
| |
| |
| | |
Automatic merge from submit-queue
Changes for Nuage atomic ansible install
|
| | |
|
|/
|
|
|
|
|
|
| |
This commit moves additional/block/insecure registries to
/etc/containers/registries.conf and comments existing lines in
/etc/sysconfig/docker.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1460930
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, openshift-anisble supports authentication to
container registries to pull down openshift container images.
The openshift_verison role uses the docker cli to gather
image information from container registries before authentication
credentials are provided by openshift-ansible.
This commit creates the necessary token to authenticate to
private registries during openshift_version. The token
is generated by the role 'docker' on all hosts where
docker is installed/configured when oreg_auth_users
is defined.
This commit also adds a read-only mount into the
openshift master and node container services. This
mount is '/var/lib/origin/.docker:/root/.docker:ro'.
This is because the container images do not currently
read the values in '/var/lib/origin/.docker' as this
may be a bug upstream.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|\
| |
| | |
Merged by openshift-bot
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Most of this role's purpose was to set facts. The vast majority
of these facts were simply redefining user-supplied variables.
This commit also removes various artifacts leftover from
previous versions, as well as variables that seem to be
entirely unused.
|
|/ |
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
| |
On nodes with thousands of services it may take a very long time to
establish all of the network routing rules. The longest we've seen is
about 180s
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Sometimes the node container is not started on a container-engine
restart. Use a weaker dependency on openvswitch that is causing this issue
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1451192
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Adds service file templates for both maste and node. These will lay down
in /etc/system/systemd to override what may already be present from a
package. These instances take into account the name of the container
daemon (docker or container-engine).
|
|
|
|
|
|
|
| |
- If using a system container: container-engine
- If using a package install: docker
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1448800
|
|
|
|
| |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1427807
|
| |
|
|
|
|
|
| |
Add parameters to allow overriding minTLSVersion and
cipherSuites in master and node servingInfo config stanzas.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
around across node restart
With the move to a CNI plugin, docker no longer handles IPAM, but CNI does through
openshift-sdn's usage of the 'host-local' CNI IPAM plugin. That plugin stores
IPAM allocations under /var/lib/cni/.
If the node container gets restarted, without presreving /var/lib/cni, the IPs
currently allocated to running pods get lost and on restart, openshift-sdn
may allocate those IPs to new pods causing duplicate allocations.
This never happened with docker because it has its own persistent IPAM store that
does not get removed when docker restarts. Also because (historically) when docker
restarted, all the containers died and the IP allocations were released by the
daemon.
Fix this by ensuring that IPAM allocations (which are tied to the life of the pod,
*not* the life of the openshift-node process) persist even if the openshift-node
process restarts.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1427789
|
|
|
|
| |
into Openshift Ansible. This is the first (beta) release of Contiv with Openshift and is only supported for Openshift Origin + Bare metal deployments at the time of this commit. Please refer to the Openshift and Contiv official documentation for details of the level of support for different features and modes of operation.
|
| |
|
|\
| |
| | |
[#2698] Change to allow cni deployments without openshift SDN
|
| |
| |
| |
| |
| |
| |
| | |
The roles/openshift_facts main task did not pass the cni plugin variable to the later role playbooks.
The master.yaml and node.yaml templates did not allow for a cni configuration without either installing openshift sdn or nuage.
This change will allow to use os_sdn_network_plugin_name=cni and set openshift_use_openshift_sdn=false for deployments that use a cni plugin that doesn't need and want openshift sdn to be installed
|
|/ |
|
|
|
|
| |
This reverts commit 1f2276fff1e41c1d9440ee8b589042ee249b95d7.
|
|
|
|
|
|
| |
At recommendation of network team, more details in:
https://bugzilla.redhat.com/show_bug.cgi?id=1331590
|
| |
|
| |
|
| |
|
|
|
|
| |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1367937
|
| |
|
|\
| |
| | |
1.3 / 3.3 Upgrades
|
| | |
|
| | |
|
|/ |
|
|\ |
|
| | |
|
|\| |
|