summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #5787 from zgalor/image_prefixOpenShift Merge Robot2017-10-243-11/+17
|\ | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Split prometheus image defaults to prefix and version To allow easier testing and deployment from different repos, image defaults were split to prefix and version that can be set externally. bz: https://bugzilla.redhat.com/show_bug.cgi?id=1493431
| * Split prometheus image defaults to prefix and versionZohar Galor2017-10-243-11/+17
| | | | | | | | | | | | To allow easier testing and deployment from different repos, image defaults were split to prefix and version that can be set externally. bz: https://bugzilla.redhat.com/show_bug.cgi?id=1493431
* | Merge pull request #5780 from ↵OpenShift Merge Robot2017-10-241-2/+7
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | smarterclayton/allow_per_node_group_bootstrap_and_image Automatic merge from submit-queue. Handle bootstrap behavior in GCP template Allow each node group to request bootstrap, allow per node group image override, and ensure the provision logic does not wait for bootstrapping node groups before continuing. This is an incremental step to allow GCP clusters to use bootstrap logic on cluster deploy without having fully baked images. We will switch over slowly and ensure both code paths function. Then we can remove this as necessary. For metadata, we set the cluster id and bootstrap state into instance metadata. On GCP, we'll use project metadata to set the bootstrap kubeconfig file and a startup-script to call it (not in a PR yet). Pairs with openshift/origin-gce#54 @kwoodson
| * | Handle bootstrap behavior in GCP templateClayton Coleman2017-10-181-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow each node group to request bootstrap, allow per node group image override, and ensure the provision logic does not wait for bootstrapping node groups before continuing. This is an incremental step to allow GCP clusters to use bootstrap logic on cluster deploy without having fully baked images. We will switch over slowly and ensure both code paths function.
* | | Merge pull request #5700 from wozniakjan/bz_1452939OpenShift Merge Robot2017-10-2414-14/+164
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Bug 1452939 - change imagePullPolicy in logging and metrics cc: @jcantrill
| * | | Bug 1452939 - change Logging & Metrics imagePullPolicyJan Wozniak2017-10-2314-14/+164
| | | | | | | | | | | | | | | | | | | | - all images logging and metrics change their default imagePullPolicy from Always to IfNotPresent
* | | | Merge pull request #5806 from staebler/service_catalog_uninstall_issuesOpenShift Merge Robot2017-10-247-17/+47
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Fix a few small issues in service catalog uninstall * Service catalog install was not re-creating the apiserver.crt and apiserver.key files when generating certs. But the ca.crt and ca.key files were being re-created. This was causing non-verifiable certs to be used when service catalog was uninstalled and re-installed. The service catalog installer was changed to delete the apiserver.crt and apiserver.key files so that they are re-created using the new ca.crt and ca.key files. * The asb auth token secret was not being deleted correctly and causing the uninstaller to fail. * The asb uninstaller was attempting to delete the broker registration from the service catalog. However, the service catalog is uninstalled first. When the asb uninstaller would fail when attempting to delete the ClusterServiceBroker. The uninstaller was changed to verify that the servicecatalog APIService exists first before attempting to delete the ClusterServiceBroker. * The service catalog uninstaller was attempting to delete policybindings. The server does not have a resource type name policybinding. I do not know what the intention is there, but I have commented out that part of the uninstaller.
| * | | | Remove extraneous spaces that yamllint dislikesstaebler2017-10-231-3/+3
| | | | |
| * | | | Remove role bindings during service catalog un-installstaebler2017-10-225-15/+28
| | | | |
| * | | | Fix a few small issues in service catalog uninstallstaebler2017-10-223-6/+23
| |/ / /
* | | | Merge pull request #5814 from mgugino-upstream-stage/docker-auth-upgradesOpenShift Merge Robot2017-10-242-11/+13
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Enable oreg_auth credential replace during upgrades Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
| * | | | Enable oreg_auth credential replace during upgradesMichael Gugino2017-10-192-11/+13
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
* | | | Merge pull request #5828 from mgugino-upstream-stage/fix-openid-challengeScott Dodson2017-10-241-1/+0
|\ \ \ \ | | | | | | | | | | Remove incorrect validation for OpenIDIdentityProvider
| * | | | Remove incorrect validation for OpenIDIdentityProviderMichael Gugino2017-10-201-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, OpenIDIdentityProvider does not support 'challenge=true' in openshift-ansible. This is incorrect, the auth plugin OpenIDIdentityProvider does support this. This commit removes the unnecessary validation of challenge key. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1444367 Fixes: https://github.com/openshift/openshift-ansible/issues/4417
* | | | | Merge pull request #5840 from staebler/service_catalog_role_patchingOpenShift Merge Robot2017-10-241-2/+2
|\ \ \ \ \ | |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Fix edit and admin role patching for service catalog Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1496694. Update the jinja files used to patch the edit and admin ClusterRoles so that it uses the new resource names of ServiceInstances and ServiceBindings.
| * | | | Fix edit and admin role patching for service catalogstaebler2017-10-231-2/+2
| | | | |
* | | | | Merge pull request #5796 from mgugino-upstream-stage/journald-masters-upgradesOpenShift Merge Robot2017-10-242-22/+25
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Ensure upgrades apply latest journald settings Currently, existing clusters might not have journald configurations applied. This may result in a rate- limiting of important log messages on openshift-masters. This commit ensures that journald settings are applied during the upgrade process openshif-masters. Fixes: https://github.com/openshift/openshift-ansible/issues/5642
| * | | | | Ensure upgrades apply latest journald settingsMichael Gugino2017-10-182-22/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, existing clusters might not have journald configurations applied. This may result in a rate- limiting of important log messages on openshift-masters. This commit ensures that journald settings are applied during the upgrade process openshif-masters. Fixes: https://github.com/openshift/openshift-ansible/issues/5642
* | | | | | Merge pull request #5808 from zgalor/stateful_setScott Dodson2017-10-234-14/+18
|\ \ \ \ \ \ | | | | | | | | | | | | | | Switch to stateful set in prometheus
| * | | | | | Switch to stateful set in prometheusZohar Galor2017-10-234-14/+18
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | Also update prometheus and alert-buffer image versions, and add prometheus, and oauth-proxy arguments to align with origin template
* | | | | | Merge pull request #5654 from vshn/mastersysconfigvar1OpenShift Merge Robot2017-10-231-1/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Avoid undefined variable in master sysconfig template When "openshift_master_controllers_env_vars" is set, but "openshift_master_api_env_vars" isn't, the template for the sysconfig file of atomic-openshift-master fails: AnsibleUndefinedVariable: 'dict object' has no attribute 'api_env_vars' Avoid this issue by applying "default({})" to the dict and always calling ".items()".
| * | | | | | Avoid undefined variable in master sysconfig templateMichael Hanselmann2017-10-191-1/+1
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When "openshift_master_controllers_env_vars" is set, but "openshift_master_api_env_vars" isn't, the template for the sysconfig file of atomic-openshift-master fails: AnsibleUndefinedVariable: 'dict object' has no attribute 'api_env_vars' Avoid this issue by applying "default({})" to the dict and always calling ".items()".
* | | | | | Merge pull request #5781 from mgugino-upstream-stage/fix-reg-auth-templatingScott Dodson2017-10-233-3/+12
|\ \ \ \ \ \ | | | | | | | | | | | | | | Ensure proper variable templating for skopeo auth credentials
| * | | | | | Ensure proper variable templating for skopeo auth credentialsMichael Gugino2017-10-173-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, docker_image_availability.py plugin check is using the raw strings for variables from task_vars. This results in any variables that utilized within the plugin to be un-templated. For instance, if variable "x" is set to "{{ y }}" and y is set to "2", one would expect that x == 2 inside the plugin. Currently, the plugin will use the string "{{ y }}" for the value of x instead of templating the variable. This commit ensures skopeo registry auth credentials are templated properly. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500698
* | | | | | | Merge pull request #5811 from zgalor/add_nfs_to_readmeScott Dodson2017-10-231-2/+25
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Add nfs variables documentation to README file
| * | | | | | | Add nfs variables documentation to README fileZohar Galor2017-10-191-2/+25
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | Add documentation of external nfs variables
* | | | | | | Merge pull request #5822 from ewolinetz/bz1504191Scott Dodson2017-10-231-1/+1
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Updating to use same image as origin until enterprise image is built
| * | | | | | | Updating ocp es proxy image to use openshift_logging_proxy_image_prefix if ↵Eric Wolinetz2017-10-191-1/+1
| | |_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | specified
* | | | | | | Merge pull request #5453 from giuseppe/use-docker-cli-image-if-already-availableOpenShift Merge Robot2017-10-231-5/+8
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. cli: do not pull again the image when using Docker When CRI-O is used and the CLI image is already pulled into Docker then use it also for copying the CLI files to the host instead of pulling it once again in the ostree storage. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | cli: use the correct name for the master system containerGiuseppe Scrivano2017-10-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | cli: do not pull again the image when using DockerGiuseppe Scrivano2017-10-231-3/+6
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When CRI-O is used and the CLI image is already pulled into Docker then use it also for copying the CLI files to the host instead of pulling it once again in the ostree storage. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #5241 from hansmi/masterScott Dodson2017-10-234-0/+37
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Add variable to control whether NetworkManager hook is installed
| * | | | | | | Add variable to control whether NetworkManager hook is installedMichael Hanselmann2017-10-194-0/+37
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We control /etc/resolv.conf and parts of the dnsmasq configuration via Puppet in our environment. The hook ends up overwriting the managed configuration.
* | | | | | | Merge pull request #5818 from ashcrow/1503860OpenShift Merge Robot2017-10-232-8/+9
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. docker: Move enterprise registry from pkg to main
| * | | | | | | docker: Move enterprise registry from pkg to mainSteve Milner2017-10-192-8/+9
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860 Signed-off-by: Steve Milner <smilner@redhat.com>
* | | | | | | Merge pull request #5761 from fabianvf/asb-client-secret-not-foundScott Dodson2017-10-234-22/+24
|\ \ \ \ \ \ \ | |_|_|_|_|_|/ |/| | | | | | Bug 1496426 - Update ansible-service-broker configuration to use proper certs and permissions
| * | | | | | Update defaultsFabian von Feilitzsch2017-10-194-5/+9
| | | | | | |
| * | | | | | Use service-ca.crt instead of master ca.crtFabian von Feilitzsch2017-10-191-16/+11
| | | | | | |
| * | | | | | use master certFabian von Feilitzsch2017-10-191-2/+2
| | | | | | |
| * | | | | | Bug 1496426 - add asb-client secret to openshift-ansible-service-broker ↵Fabian von Feilitzsch2017-10-191-1/+4
| | |_|/ / / | |/| | | | | | | | | | | | | | | | namespace
* | | | | | Merge pull request #5813 from ashcrow/1503903OpenShift Merge Robot2017-10-239-62/+101
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Always ensure atomic.conf is configured for system containers. A new openshift_atomic role has been created for atomic specific tasks. The first task added is proxy which handles updating /etc/atomic.conf to ensure the proper proxy configuration is configured. This task file is then included (via include_role) in system container related task files. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903
| * | | | | systemcontainers: Verify atomic.conf proxy is always configuredSteve Milner2017-10-199-62/+101
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A new openshift_atomic role has been created for atomic specific tasks. The first task added is proxy which handles updating /etc/atomic.conf to ensure the proper proxy configuration is configured. This task file is then included (via include_role) in system container related task files. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903 Signed-off-by: Steve Milner <smilner@redhat.com>
* | | | | Merge pull request #5748 from portante/fix-cpu-limitsScott Dodson2017-10-2022-65/+151
|\ \ \ \ \ | | | | | | | | | | | | Use "requests" for CPU resources instead of limits
| * | | | | Use "requests" for CPU resources instead of limitsPeter Portante2017-10-1922-65/+151
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now use a CPU request to ensure logging infrastructure pods are not capped by default for CPU usage. It is still important to ensure we have a minimum amount of CPU. We keep the use of the variables *_cpu_limit so that the existing behavior is maintained. Note that we don't want to cap an infra pod's CPU usage by default, since we want to be able to use the necessary resources to complete it's tasks. Bug 1501960 (https://bugzilla.redhat.com/show_bug.cgi?id=1501960)
* | | | | Merge pull request #5792 from mgugino-upstream-stage/fix-master-undefined-varScott Dodson2017-10-201-0/+4
|\ \ \ \ \ | | | | | | | | | | | | Fix undefined variable for master upgrades
| * | | | | Fix undefined variable for master upgradesMichael Gugino2017-10-181-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, oreg_auth_credentials_replace is undefined during master upgrades. This commit ensures this variable is defined during upgrades.
* | | | | | Merge pull request #5752 from kwoodson/bz1491399Scott Dodson2017-10-201-0/+13
|\ \ \ \ \ \ | | | | | | | | | | | | | | [bz1491399] Adding pre check to verify clusterid is set along with cloudprovider when performing upgrade.
| * | | | | | Adding pre check to verify clusterid is set along with cloudprovider when ↵Kenny Woodson2017-10-161-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | performing upgrade.
* | | | | | | Merge pull request #5821 from abutcher/ca-trust-skip-restartScott Dodson2017-10-201-2/+14
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Check for container runtime prior to restarting when updating system CA trust.
| * | | | | | | Check for container runtime prior to restarting when updating system CA trust.Andrew Butcher2017-10-191-2/+14
| | |_|_|_|_|/ | |/| | | | |