| Age | Commit message (Collapse) | Author |
|---|
|
Automatic merge from submit-queue
update system container cwd
This changes the cwd for the system container to be the base of the openshift-ansible content. This way the playbook can be specified as a relative path, and in the future when we drop the symlinks for various plugins and rely on cwd to find them, this will still work.
Looking through the Dockerfile side of things I noticed that the run script changes directories to WORK_DIR which is the content base, so this change brings the two methods closer together. I was looking for anything that actually wrote to the current directory (which is $HOME at the beginning of the run script) and found one, the vault password. It seemed slightly more robust to write that to a temporary location instead so I tacked on a commit to do that as well.
|
|
Automatic merge from submit-queue
Move sysctl.conf customizations to a separate file
Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf
This is a good idea becuase:
1- /etc/sysctl.conf is evaluated later, so it can easily be overwritten by previous customizations
2- It's likely that there is an agent like puppet monitoring this file
3- It's easier to know what's being changed by OpenShift
|
|
Automatic merge from submit-queue
Add `openshift_node_open_ports` to allow arbitrary firewall exposure
It should be possible for an admin to define an arbitrary set of ports
to be exposed on each node that will relate to the cluster function.
This adds a new global variable for the node that supports
Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>})
which is the same format accepted by the firewall role.
@sdodson as discussed, open to alternatives. I used this from origin-gce with
openshift_node_open_ports:
- service: Router stats
port: 1936/tcp
- service: Open node ports
port: 9000-10000/tcp
- service: Open node ports
port: 9000-10000/udp
Which then allows me to set firewall rules appropriately.
Alternatives considered:
* Simpler external format (have to parse inputs)
* Additional parameter to role - felt ugly
|
|
Automatic merge from submit-queue
Only attempt to start iptables on hosts in the current batch
If os_firewall role is called from within a play that uses serial then
it was attempting to start iptables on hosts that may not have had
iptables installed on them yet. So limit the hosts to the current batch.
According to the ansible docs on plays where serial is unused this is
the same as ansible_play_hosts.
See http://docs.ansible.com/ansible/latest/playbooks_variables.html
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
|
|
|
|
|
|
No conversion to boolean and no quoting for include_granted_scopes.
|
|
1491657 Correct firewall install for openshift-nfs
|
|
|
|
|
|
add retries on repoquery
|
|
Add loadbalancer config entry point
|
|
inventory: Update versions to 3.7
|
|
Clarify requirement of having etcd group
|
|
Updated the versions in inventory to point to 3.7 by default since 3.6
has already been released.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1491592
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|
Setup tuned after the node has been restarted.
|
|
Use openshift.common.ip rather than ansible_default_ipv4 in etcd migration playbook.
|
|
Bug 1490304: Etcd scale-up playbook should add new member to etcdClientInfo of master-config.yaml
|
|
Merged by openshift-bot
|
|
Don't assume storage_migration control variables are already boolean
|
|
Merge inventory-generator with origin-ansible image
|
|
Scaffold out the entire build defaults hash
|
|
|
|
If os_firewall role is called from within a play that uses serial then
it was attempting to start iptables on hosts that may not have had
iptables installed on them yet. So limit the hosts to the current batch.
According to the ansible docs on plays where serial is unused this is
the same as ansible_play_hosts.
See http://docs.ansible.com/ansible/latest/playbooks_variables.html
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
|
|
Add IMAGE_VERSION to the image stream tag source
|
|
GlusterFS: Correct firewall port names
|
|
GlusterFS: Various fixes
|
|
Merged by openshift-bot
|
|
Merged by openshift-bot
|
|
Removing setting of pod presets
|
|
Merged by openshift-bot
|
|
|
|
cri-o: Fix Fedora image name
|
|
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
Some functions called later may expect sub-keys to exist which will
not with the current default empty-dict.
|
|
Merged by openshift-bot
|
|
playbook.
|
|
|
|
Merged by openshift-bot
|
|
|
|
[Proposal] OpenShift-Ansible Proposal Process
|
|
Merged by openshift-bot
|
|
openshift_upgrade_pre_storage_migration_enabled
openshift_upgrade_pre_storage_migration_fatal
openshift_upgrade_post_storage_migration_enabled
openshift_upgrade_post_storage_migration_enabled
because the 4 variables are not already defaulted/evaluated there's no
guarantee that they're actually the boolean type at this point.
Example: if they're passed in on the command line
|
|
Merged by openshift-bot
|
|
Merged by openshift-bot
|
