csa/devops/ansible-patches/openshift.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	First attempt at refactor of os_firewall	Kenny Woodson	2017-08-08	1	-283/+0
\|
*	Remove vim configuration from Python files	Rodolfo Carvalho	2017-05-09	1	-1/+0
\| \| \| \| \| \| \|	In a project where contributors are free to use whatever editor they want and we have linting tools that verify the proper formatting of Python files, it should not be required to have a vim-specific line in Python files.
*	[os_firewall] Fix default iptables args.	Andrew Butcher	2017-01-24	1	-2/+2
\|
*	[os_firewall] Add -w flag to wait for iptables xtables lock.	Andrew Butcher	2017-01-23	1	-1/+3
\|
*	Support openshift_node_port_range for configuring service NodePorts	Clayton Coleman	2017-01-10	1	-2/+10
\| \| \| \| \| \| \| \| \|	Sets the appropriate config field if openshift_node_port_range is set and also configures filewalls on each node. firewalld already supports port ranges like "30000-32000", while iptables needs that value converted to the correct "30000:32000" form for use with `--dport`. If not set, no node ports are opened.
*	update tests and flake8/pylint fixes	Jason DeTiberus	2016-11-29	1	-24/+24
\|
*	Make os_firewall_manage_iptables run on python3	Michael Scherer	2016-11-22	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	It fail with that traceback: Traceback (most recent call last): File \"/tmp/ansible_ib5gpbsp/ansible_module_os_firewall_manage_iptables.py\", line 273, in <module> main() File \"/tmp/ansible_ib5gpbsp/ansible_module_os_firewall_manage_iptables.py\", line 257, in main iptables_manager.add_rule(port, protocol) File \"/tmp/ansible_ib5gpbsp/ansible_module_os_firewall_manage_iptables.py\", line 87, in add_rule self.verify_chain() File \"/tmp/ansible_ib5gpbsp/ansible_module_os_firewall_manage_iptables.py\", line 82, in verify_chain self.create_jump() File \"/tmp/ansible_ib5gpbsp/ansible_module_os_firewall_manage_iptables.py\", line 142, in create_jump input_rules = [s.split() for s in output.split('\\n')]
*	Fix typos	Rodolfo Carvalho	2016-10-19	1	-2/+2
\|
*	Check if last rule is DROP when inserting iptables rules.	Andrew Butcher	2016-06-27	1	-5/+5
\|
*	pylint	Jason DeTiberus	2015-04-21	1	-38/+44
\|
*	fixes to better deal with gce image defaults	Jason DeTiberus	2015-04-21	1	-8/+1
\| \| \| \| \| \| \|	- remove exception if INPUT rules are not found, gce centos-7 image is stripped of default rules - ignore_errors for systemctl mask operation, fails with permission denied on gce centos-7 image.
*	Configuration updates for latest builds and major refactor	Jason DeTiberus	2015-04-14	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Configuration updates for latest builds - Switch to using create-node-config - Switch sdn services to use etcd over SSL - This re-uses the client certificate deployed on each node - Additional node registration changes - Do not assume that metadata service is available in openshift_facts module - Call systemctl daemon-reload after installing openshift-master, openshift-sdn-master, openshift-node, openshift-sdn-node - Fix bug overriding openshift_hostname and openshift_public_hostname in byo playbooks - Start moving generated configs to /etc/openshift - Some custom module cleanup - Add known issue with ansible-1.9 to README_OSE.md - Update to genericize the kubernetes_register_node module - Default to use kubectl for commands - Allow for overriding kubectl_cmd - In openshift_register_node role, override kubectl_cmd to openshift_kube - Set default openshift_registry_url for enterprise when deployment_type is enterprise - Fix openshift_register_node for client config change - Ensure that master certs directory is created - Add roles and filter_plugin symlinks to playbooks/common/openshift-master and node - Allow non-root user with sudo nopasswd access - Updates for README_OSE.md - Update byo inventory for adding additional comments - Updates for node cert/config sync to work with non-root user using sudo - Move node config/certs to /etc/openshift/node - Don't use path for mktemp. addresses: https://github.com/openshift/openshift-ansible/issues/154 Create common playbooks - create common/openshift-master/config.yml - create common/openshift-node/config.yml - update playbooks to use new common playbooks - update launch playbooks to call update playbooks - fix openshift_registry and openshift_node_ip usage Set default deployment type to origin - openshift_repo updates for enabling origin deployments - also separate repo and gpgkey file structure - remove kubernetes repo since it isn't currently needed - full deployment type support for bin/cluster - honor OS_DEPLOYMENT_TYPE env variable - add --deployment-type option, which will override OS_DEPLOYMENT_TYPE if set - if neither OS_DEPLOYMENT_TYPE or --deployment-type is set, defaults to origin installs Additional changes: - Add separate config action to bin/cluster that runs ansible config but does not update packages - Some more duplication reduction in cluster playbooks. - Rename task files in playbooks dirs to have tasks in their name for clarity. - update aws/gce scripts to use a directory for inventory (otherwise when there are no hosts returned from dynamic inventory there is an error) libvirt refactor and update - add libvirt dynamic inventory - updates to use dynamic inventory for libvirt
*	openshift_facts role/module refactor default settings	Jason DeTiberus	2015-04-03	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	- Add openshift_facts role and module - Created new role openshift_facts that contains an openshift_facts module - Refactor openshift_* roles to use openshift_facts instead of relying on defaults - Refactor playbooks to use openshift_facts - Cleanup inventory group_vars - Update defaults - update openshift_master role firewall defaults - remove etcd peer port, since we will not be supporting clustered embedded etcd - remove 8444 since console now runs on the api port by default - add 8444 and 7001 to disabled services to ensure removal if updating - Add new role os_env_extras_node that is a subset of the docker role - previously, we were starting/enabling docker which was causing issues with some installations - Does not install or start docker, since the openshift-node role will handle that for us - Only adds root to the dockerroot group - Update playbooks to use ops_env_extras_node role instead of docker role - os_firewall bug fixes - ignore ip6tables for now, since we are not configuring any ipv6 rules - if installing package do a daemon-reload before starting/enabling service - Add aws support to bin/cluster - Add list action to bin/cluster - Add update action to bin/cluster - cleanup some stray debug statements - some variable renaming for clarity
*	Add verify_chain action to os_firewall_manage_iptables module	Jason DeTiberus	2015-03-24	1	-22/+40
\| \| \| \| \| \|	- Add verify_chain action to os_firewall_manage_iptables module - Update os_firewall module to use os_firewall_manage_iptables for creating the DOCKER chain.
*	refactor firewall management into new role	Jason DeTiberus	2015-03-05	1	-0/+254
	- Add os_firewall role - Remove firewall settings from base_os, add wait task to os_firewall - Added a iptables firewall module for maintaining the following (in a mostly naive manner): - ensure the OPENSHIFT_ALLOW chain is defined - ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW - adds or removes entries from the OPENSHIFT_ALLOW chain - issues '/usr/libexec/iptables/iptables.init save' when rules are changed - Limitations of iptables firewall module - only allows setting of ports/protocols to open - no testing on ipv6 support - made os_firewall a dependency of openshift_common - Hardcoded openshift_common to use iptables (through the vars directory) until upstream support is in place for firewalld