| Age | Commit message (Collapse) | Author |
|---|
|
|
|
When deploying on OpenStack with internal DNS configured, this will set
`openshift_hostname` to the Nova server name instead of its IP address.
Without those two matching, the OpenStack cloud provider configuration
will fail and the OpenShift nodes will not start.
|
|
As described in[1], OpenShift currently only works with Block Storage
API v2 and the version autodetection is failing to figure that out.
[1]: https://github.com/openshift/openshift-docs/issues/5730
|
|
|
|
|
|
Automatic merge from submit-queue.
Add iptables rules for flannel
[WIP] When using flannel there are iptables rules that need
to be added as stated here:
https://access.redhat.com/documentation/en-us/reference_architectures/2017/html-single/deploying_red_hat_openshift_container_platform_3.4_on_red_hat_openstack_platform_10/#run_ansible_installer
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1493955
|
|
Automatic merge from submit-queue.
ensure containerized bools are cast
|
|
Automatic merge from submit-queue.
container-engine: move registry_auth.yml before pull
so that the atomic pull takes into account the credentials if
required.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Provide example on how to use osm_etcd_image
|
|
upgrades: set openshift_client_binary fact when running on oo_first_master host
|
|
vrutkovs/containerized_upgrade_set_openshift_use_openshift_sdn
Automatic merge from submit-queue.
upgrades: use openshift_node_use_openshift_sdn when trying to pre-pull the image
This affects 3.8/3.9 upgrades for containerized hosts, if nodes are separate from master.
|
|
docker storage setup for ami building
|
|
Signed-off-by: Vadim Rutkovsky <vrutkovs@redhat.com>
|
|
|
|
Fix: change import_role to include_role
|
|
Build containerized host group dynamically
|
|
Properly cast crio boolean variables to bool
|
|
It appears that when one role dynamically imports
another, usage of import_role inside the dynamically
included role is not possible.
If something is included with include_role (dynamic),
all tasks therein must also use include_role (dynamic).
|
|
add host to g_new_node_hosts so that plays run against the AMI instance
update example vars so that overlay2 is used by default for docker storage
|
|
|
|
Automatic merge from submit-queue.
Openstack fixes
This includes a few fixes for the OpenStack provider.
It should fix #6555 and possibly also #6560.
|
|
install base_packages on oo_all_hosts
|
|
Automatic merge from submit-queue.
Remove last of openshift_node role meta-depends
Remove last non-taskless meta-depends from
openshift_node role.
|
|
Variables that are specifically booleans should be
cast to bool. This is because users may sometimes
pass them as string values. This is particularly
prevalent when using ini-style inventories.
Affected-by: https://github.com/ansible/ansible/issues/34591
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1531592
|
|
Adding ability to update ami drive size.
|
|
Currently, we are using some inventory variables
to determine what host groups should be considered
containerized.
This is problematic and has several edge cases.
This commit removes the variable l_containerized_host_groups
and builds a dynamic group of hosts named
'oo_hosts_containerized_managed_true' based on the value of
'containerized'
|
|
Automatic merge from submit-queue.
Don't overwrite node's systemd units for containerized install
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1527849
Perphaps this block should be removed, unless I'm missing some other case for it,
as systemd units are being updated in ../systemd_units.yml.
|
|
Switch back to dynamic include_role in logging loops
|
|
This commit ensures base packages are installed
for oo_all_hosts, which is what we were doing previously.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1530516
|
|
Automatic merge from submit-queue.
Add more testcases for oc_scale module
* Fixed docstrings for tests
* Added tests to verify scale up/down, 'present' state, non-existant state and Replication Controller kind
|
|
so that the atomic pull takes into account the credentials if
required.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Automatic merge from submit-queue.
Contiv multi-master and other fixes
Contiv's etcd was not being deployed correctly when using more than
one master. To make it easier to manage, it has been moved into a
k8s container.
The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error. This has been moved into
a k8s container for easier management.
The firewall was too permissive on several ports. Many were open to
the world when they should have only been accessible inside the
cluster.
Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role. Now all the
contiv specific role variables start with 'contiv_'.
The api proxy's default self-signed certificate was bundled with the
role. This means someone with read-only MITM access and this key
could decrypt traffic. Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.
|
|
Fix error in variable in comment
|
|
|
|
We'd switched to import_role to avoid increased memory consumption but
we must use include_role whenever we loop.
|
|
Add missing dependency on openshift_facts
|
|
|
|
Contiv's etcd was not being deployed correctly when using more than
one master. To make it easier to manage, it has been moved into a
k8s container.
The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error. This has been moved into
a k8s container for easier management.
The firewall was too permissive on several ports. Many were open to
the world when they should have only been accessible inside the
cluster.
Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role. Now all the
contiv specific role variables start with 'contiv_'.
The api proxy's default self-signed certificate was bundled with the
role. This means someone with read-only MITM access and this key
could decrypt traffic. Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.
|
|
Install web console server
|
|
|
|
Automatic merge from submit-queue.
Fix docker_image_availability checks
This commit ensures that oreg_url is properly templated
by ansible before being consumed in the logic.
This commit also adds a method to the base health check
class to detect if self._templar is none, and return
the appropriate templated/untemplated version of the
variable. This is mostly for unit tests.
|
|
Automatic merge from submit-queue.
Remove become=no from etcd cert tasks
etcd runs some actions locally to copy certs from the
CA cert host.
We shouldn't hard-code become behavior as it can be
unexpected for the end user.
|
|
This sets openshift_client_binary var for the first master,
as some roles use this var along with first_master_client_binary.
Not sure if its worth setting this var for the faulty roles instead though.
Signed-off-by: Vadim Rutkovsky <vrutkovs@redhat.com>
|
|
Add origin- prefix to ASB image
|
|
Migrate to import_role for static role inclusion
|
|
|
|
etcd runs some actions locally to copy certs from the
CA cert host. This commit ensures that we respect
the end user's intended behavior with become
when using 'anisble_become' in the inventory.
Other roles with similar tasks have been modified
in the same manner.
We shouldn't hard-code become behavior as it can be
unexpected for the end user.
This only currently works in the CI because the CI
passes the '-b' argument on the command line, which
will override the task behavior.
|
|
Systemd units are being updated in ../systemd_units.yml
Signed-off-by: Vadim Rutkovsky <vrutkovs@redhat.com>
|
|
In Ansible 2.2, the include_role directive came into existence as
a Tech Preview. It is still a Tech Preview through Ansible 2.4
(and in current devel branch), but with a noteable change. The
default behavior switched from static: true to static: false
because that functionality moved to the newly introduced
import_role directive (in order to stay consistent with include*
being dynamic in nature and `import* being static in nature).
The dynamic include is considerably more memory intensive as it will
dynamically create a role import for every host in the inventory
list to be used. (Also worth noting, there is at the time of this
writing an object allocation inefficiency in the dynamic include
that can in certain situations amplify this effect considerably)
This change is meant to mitigate the pressure on memory for the
Ansible control host.
We need to evaluate where it makes sense to dynamically include roles
and revert back to dynamic inclusion if and where it makes sense to do
so.
|
|
Automatic merge from submit-queue.
OpenStack provisioning -- support cns.
Initial support for CNS nodes during OpenShift on OpenStack provisioning.
|
