| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
| |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1427807
|
| |
|
|\
| |
| | |
Merged by openshift-bot
|
| |
| |
| |
| |
| | |
Add parameters to allow overriding minTLSVersion and
cipherSuites in master and node servingInfo config stanzas.
|
|/
|
|
| |
https://github.com/openshift/openshift-ansible/pull/2707)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
around across node restart
With the move to a CNI plugin, docker no longer handles IPAM, but CNI does through
openshift-sdn's usage of the 'host-local' CNI IPAM plugin. That plugin stores
IPAM allocations under /var/lib/cni/.
If the node container gets restarted, without presreving /var/lib/cni, the IPs
currently allocated to running pods get lost and on restart, openshift-sdn
may allocate those IPs to new pods causing duplicate allocations.
This never happened with docker because it has its own persistent IPAM store that
does not get removed when docker restarts. Also because (historically) when docker
restarted, all the containers died and the IP allocations were released by the
daemon.
Fix this by ensuring that IPAM allocations (which are tied to the life of the pod,
*not* the life of the openshift-node process) persist even if the openshift-node
process restarts.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1427789
|
|\
| |
| | |
Pull request for Contiv Ansible code integration into Openshift Ansible
|
| |
| |
| |
| | |
into Openshift Ansible. This is the first (beta) release of Contiv with Openshift and is only supported for Openshift Origin + Bare metal deployments at the time of this commit. Please refer to the Openshift and Contiv official documentation for details of the level of support for different features and modes of operation.
|
|/
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
system containers: add support for HA deployments
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| |/
|/| |
node: ensure conntrack-tools is installed
|
| |
| |
| |
| |
| |
| | |
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1420182
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Upstream version has "atomic containers update ..." but the RHEL
version is still using "atomic update --container" so stick with this
for now.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use use_system_containers=true in the inventory file
alternatively you can select each component as:
use_openvswitch_system_container=true
use_node_system_container=true
use_master_system_container=true
system_images_registry holds the registry from where to fetch system
containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
string everywhere it is used.
|
|
|
|
| |
firewall changes have been applied.
|
| |
|
|\
| |
| | |
Support openshift_node_port_range for configuring service NodePorts
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sets the appropriate config field if openshift_node_port_range is set
and also configures filewalls on each node. firewalld already supports
port ranges like "30000-32000", while iptables needs that value
converted to the correct "30000:32000" form for use with `--dport`.
If not set, no node ports are opened.
|
|/
|
|
| |
Closes #3070
|
|
|
|
| |
and openshift_hosted.
|
|
|
|
| |
* https://trello.com/c/TeaEB9fX/307-3-deprecate-node-evacuation
|
|
|
|
|
| |
* Added checks to make ci for yaml linting
* Modified y(a)ml files to pass lint checks
|
|\
| |
| | |
Pre-pull master/node/ovs images during upgrade.
|
| |
| |
| |
| |
| |
| |
| |
| | |
We did this for install but not upgrade, leading to situations where the
service restarts after upgrade could take much longer than expected as
docker pulls down the new image. Now the images are present when we
restart services and should allow them to come back online much more
quickly, equivalent to rpm service restarts.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In 3.3 one of our services lays down a systemd drop-in for configuring
Docker networking to use lbr0. In 3.4, this has been changed but the
file must be cleaned up manually by us.
However, after removing the file docker requires a restart. This had big
implications particularly in containerized environments where upgrade is
a very fragile series of upgrading and service restarts.
To avoid double docker restarts, and thus double service restarts in
containerized environments, this change does the following:
- Skip restart during docker upgrade, if it is required. We will restart
on our own later.
- Skip containerized service restarts when we upgrade the services
themselves.
- Clean shutdown of all containerized services.
- Restart Docker. (always, previously this only happened if it needed an
upgrade)
- Ensure all containerized services are restarted.
- Restart rpm node services. (always)
- Mark node schedulable again.
At the end of this process, docker0 should be back on the system.
|
|
|
|
|
|
| |
* Ansible systemd module used in place of service module
* Refactored command tasks which are no longer necessary
* Applying rules from openshift-ansible Best Practices Guide
|
|\
| |
| | |
Refactor to use Ansible package module
|
| |
| |
| |
| |
| | |
The Ansible package module will call the correct package manager for the
underlying OS.
|
|/
|
|
|
|
| |
Fedora Atomic Host does not have tuned installed.
Fixes #2809
|
|\
| |
| | |
Support 3rd party scheduler
|
| | |
|
|\ \
| | |
| | | |
[#2698] Change to allow cni deployments without openshift SDN
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The roles/openshift_facts main task did not pass the cni plugin variable to the later role playbooks.
The master.yaml and node.yaml templates did not allow for a cni configuration without either installing openshift sdn or nuage.
This change will allow to use os_sdn_network_plugin_name=cni and set openshift_use_openshift_sdn=false for deployments that use a cni plugin that doesn't need and want openshift sdn to be installed
|
|/ / |
|
| |
| |
| |
| | |
This reverts commit 1f2276fff1e41c1d9440ee8b589042ee249b95d7.
|
| | |
|
| |
| |
| |
| |
| |
| | |
At recommendation of network team, more details in:
https://bugzilla.redhat.com/show_bug.cgi?id=1331590
|
|/
|
|
| |
* Node labels are parsed from openshift_node_labels if they exist
|
| |
|
| |
|
|\
| |
| | |
nfs: Handle seboolean aliases not just in Fedora
|