summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #5431 from sosiouxme/20170915-system-container-cwdOpenShift Merge Robot2017-09-182-2/+2
|\ | | | | | | | | | | | | | | | | Automatic merge from submit-queue update system container cwd This changes the cwd for the system container to be the base of the openshift-ansible content. This way the playbook can be specified as a relative path, and in the future when we drop the symlinks for various plugins and rely on cwd to find them, this will still work. Looking through the Dockerfile side of things I noticed that the run script changes directories to WORK_DIR which is the content base, so this change brings the two methods closer together. I was looking for anything that actually wrote to the current directory (which is $HOME at the beginning of the run script) and found one, the vault password. It seemed slightly more robust to write that to a temporary location instead so I tacked on a commit to do that as well.
| * installer image: use tmp file for vaultpassLuke Meyer2017-09-151-1/+1
| |
| * system container: use ansible root as cwdLuke Meyer2017-09-151-1/+1
| |
* | Merge pull request #5334 from juanluisvaladas/move-sysctlOpenShift Merge Robot2017-09-162-11/+5
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Move sysctl.conf customizations to a separate file Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf This is a good idea becuase: 1- /etc/sysctl.conf is evaluated later, so it can easily be overwritten by previous customizations 2- It's likely that there is an agent like puppet monitoring this file 3- It's easier to know what's being changed by OpenShift
| * | Move sysctl.conf customizations to a separate fileJuan Luis de Sousa-Valadas Castaño2017-09-082-11/+5
| | | | | | | | | | | | Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf
* | | Merge pull request #5345 from smarterclayton/firewallOpenShift Merge Robot2017-09-151-1/+3
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Add `openshift_node_open_ports` to allow arbitrary firewall exposure It should be possible for an admin to define an arbitrary set of ports to be exposed on each node that will relate to the cluster function. This adds a new global variable for the node that supports Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>}) which is the same format accepted by the firewall role. @sdodson as discussed, open to alternatives. I used this from origin-gce with openshift_node_open_ports: - service: Router stats port: 1936/tcp - service: Open node ports port: 9000-10000/tcp - service: Open node ports port: 9000-10000/udp Which then allows me to set firewall rules appropriately. Alternatives considered: * Simpler external format (have to parse inputs) * Additional parameter to role - felt ugly
| * | | Add `openshift_node_open_ports` to allow arbitrary firewall exposureClayton Coleman2017-09-111-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It should be possible for an admin to define an arbitrary set of ports to be exposed on each node that will relate to the cluster function. This adds a new global variable for the node that supports Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>}) which is the same format accepted by the firewall role.
* | | | Merge pull request #5407 from sdodson/bz1490739OpenShift Merge Robot2017-09-151-1/+1
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Only attempt to start iptables on hosts in the current batch If os_firewall role is called from within a play that uses serial then it was attempting to start iptables on hosts that may not have had iptables installed on them yet. So limit the hosts to the current batch. According to the ansible docs on plays where serial is unused this is the same as ansible_play_hosts. See http://docs.ansible.com/ansible/latest/playbooks_variables.html Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
| * | | | Only attempt to start iptables on hosts in the current batchScott Dodson2017-09-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If os_firewall role is called from within a play that uses serial then it was attempting to start iptables on hosts that may not have had iptables installed on them yet. So limit the hosts to the current batch. According to the ansible docs on plays where serial is unused this is the same as ansible_play_hosts. See http://docs.ansible.com/ansible/latest/playbooks_variables.html Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
* | | | | Merge pull request #5427 from adelton/issue-2454-2Scott Dodson2017-09-151-5/+0
|\ \ \ \ \ | | | | | | | | | | | | No conversion to boolean and no quoting for include_granted_scopes.
| * | | | | No conversion to boolean and no quoting for include_granted_scopes.Jan Pazdziora2017-09-151-5/+0
| | |_|_|/ | |/| | |
* | | | | Merge pull request #5425 from mtnbikenc/fix-openshift-nfsScott Dodson2017-09-152-1/+7
|\ \ \ \ \ | |/ / / / |/| | | | 1491657 Correct firewall install for openshift-nfs
| * | | | Correct firewall install for openshift-nfsRussell Teague2017-09-152-1/+7
|/ / / /
* | | | Merge pull request #5401 from sosiouxme/20170913-retries-subsetLuke Meyer2017-09-145-12/+27
|\ \ \ \ | | | | | | | | | | add retries on repoquery
| * | | | add retry on repoquery_cmdLuke Meyer2017-09-132-1/+3
| | | | |
| * | | | add retries to repoquery moduleLuke Meyer2017-09-134-12/+25
| | | | |
* | | | | Merge pull request #5382 from mtnbikenc/add-lb-configScott Dodson2017-09-141-0/+6
|\ \ \ \ \ | | | | | | | | | | | | Add loadbalancer config entry point
| * | | | | Add loadbalancer config entry pointRussell Teague2017-09-131-0/+6
| | | | | |
* | | | | | Merge pull request #5420 from ashcrow/update-versions-in-masterScott Dodson2017-09-142-10/+10
|\ \ \ \ \ \ | | | | | | | | | | | | | | inventory: Update versions to 3.7
| * | | | | | inventory: Update versions to 3.7Steve Milner2017-09-142-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updated the versions in inventory to point to 3.7 by default since 3.6 has already been released. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1491592 Signed-off-by: Steve Milner <smilner@redhat.com>
* | | | | | | Merge pull request #5360 from sdodson/embedded-etcdScott Dodson2017-09-141-4/+7
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | Clarify requirement of having etcd group
| * | | | | | Clarify requirement of having etcd groupScott Dodson2017-09-111-4/+7
| | | | | | |
* | | | | | | Merge pull request #5410 from jmencak/tuned-after-node-restartScott Dodson2017-09-141-4/+4
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Setup tuned after the node has been restarted.
| * | | | | | | Setup tuned after the node has been restarted.Jiri Mencak2017-09-141-4/+4
| | | | | | | |
* | | | | | | | Merge pull request #5396 from abutcher/etcd-migrate-openshift-ipScott Dodson2017-09-141-3/+3
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Use openshift.common.ip rather than ansible_default_ipv4 in etcd migration playbook.
| * | | | | | | | Use openshift.common.ip rather than ansible_default_ipv4 in etcd migration ↵Andrew Butcher2017-09-131-3/+3
| | |_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | playbook.
* | | | | | | | Merge pull request #5367 from abutcher/etcd-scaleup-master-client-urlsScott Dodson2017-09-142-0/+27
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Bug 1490304: Etcd scale-up playbook should add new member to etcdClientInfo of master-config.yaml
| * | | | | | | | Update master config with new client urls during etcd scaleup.Andrew Butcher2017-09-122-0/+27
| | | | | | | | |
* | | | | | | | | Merge pull request #5381 from ewolinetz/37_bz1487648_OpenShift Bot2017-09-141-0/+3
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Merged by openshift-bot
| * | | | | | | | | Adding mangagement-admin SC to admin role for management-infra projectEric Wolinetz2017-09-121-0/+3
| | | | | | | | | |
* | | | | | | | | | Merge pull request #5389 from tremble/storage_migrationScott Dodson2017-09-141-9/+9
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | Don't assume storage_migration control variables are already boolean
| * | | | | | | | | | Don't assume storage_migration control variables are already booleanMark Chappell2017-09-131-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | openshift_upgrade_pre_storage_migration_enabled openshift_upgrade_pre_storage_migration_fatal openshift_upgrade_post_storage_migration_enabled openshift_upgrade_post_storage_migration_enabled because the 4 variables are not already defaulted/evaluated there's no guarantee that they're actually the boolean type at this point. Example: if they're passed in on the command line
* | | | | | | | | | | Merge pull request #5043 from juanvallejo/jvallejo/add-inventory-generator-imageScott Dodson2017-09-144-1/+506
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Merge inventory-generator with origin-ansible image
| * | | | | | | | | | | inventory generate: fix config docLuke Meyer2017-09-131-2/+2
| | | | | | | | | | | |
| * | | | | | | | | | | inventory generate: remove refs to openshift_cluster_userLuke Meyer2017-09-133-13/+4
| | | | | | | | | | | |
| * | | | | | | | | | | inventory generate: always use kubeconfig, no loginLuke Meyer2017-09-131-10/+2
| | | | | | | | | | | |
| * | | | | | | | | | | add inventory-generator under new sub pkgjuanvallejo2017-09-124-1/+523
| | | | | | | | | | | |
* | | | | | | | | | | | Merge pull request #5399 from tbielawa/masterScott Dodson2017-09-141-2/+4
|\ \ \ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / / / / / |/| | | | | | | | | | | Scaffold out the entire build defaults hash
| * | | | | | | | | | | Scaffold out the entire build defaults hashTim Bielawa2017-09-131-2/+4
| | |_|_|_|_|_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some functions called later may expect sub-keys to exist which will not with the current default empty-dict.
* | | | | | | | | | | Merge pull request #5395 from sdodson/bz1480442Scott Dodson2017-09-1310-10/+10
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Add IMAGE_VERSION to the image stream tag source
| * | | | | | | | | | | Add IMAGE_VERSION to the image stream tag sourceScott Dodson2017-09-1310-10/+10
| | |/ / / / / / / / / | |/| | | | | | | | |
* | | | | | | | | | | Merge pull request #5151 from jarrpa/gluster-portsScott Dodson2017-09-131-2/+2
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | GlusterFS: Correct firewall port names
| * | | | | | | | | | | GlusterFS: Correct firewall port namesJose A. Rivera2017-08-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* | | | | | | | | | | | Merge pull request #5315 from jarrpa/glusterfs-fixes-3.7Scott Dodson2017-09-1315-2/+563
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | GlusterFS: Various fixes
| * | | | | | | | | | | | GlusterFS: Allow option to use or ignore default node selectorsJose A. Rivera2017-09-065-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
| * | | | | | | | | | | | GlusterFS: Clarify heketi URL documentationJose A. Rivera2017-09-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
| * | | | | | | | | | | | GlusterFS: Add files/templates for v3.7Jose A. Rivera2017-09-0610-0/+555
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* | | | | | | | | | | | | Merge pull request #5394 from sosiouxme/20170912-health-role-bz1487548OpenShift Bot2017-09-131-0/+1
|\ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Merged by openshift-bot
| * | | | | | | | | | | | | openshift-checks: add role symlinkLuke Meyer2017-09-121-0/+1
| | |_|_|_|_|/ / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fixes bug 1487548 https://bugzilla.redhat.com/show_bug.cgi?id=1487548
* | | | | | | | | | | | | Merge pull request #5370 from jmencak/tuned-openshift-ansible-bad_merge-fixOpenShift Bot2017-09-132-14/+4
|\ \ \ \ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|_|_|_|/ / / |/| | | | | | | | | | | | Merged by openshift-bot