| Age | Commit message (Collapse) | Author |
|---|
|
This is needed because in 3.6 we cannot reconcile non-cluster roles in the
bootstrap reconciliation code.
In 3.7 this is taken care of in code.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
|
|
|
Automatic merge from submit-queue.
Add valid search when search does not exist on resolv.conf
Current fix https://github.com/openshift/openshift-ansible/pull/5433 still misses to add `search cluster.local`. The logic needs to be:
1. When `search` does not exist, adds `search cluster.local`.
2. When `search.*.cluster.local` does not exist, adds(sed) `cluster.local`.
in this order.
cc @sdodson @caruccio
|
|
giuseppe/docker-crio-expect-openshiftrelease-with-v
crio, docker: expect openshift_release to have 'v'
|
|
Fix typo in inventory example
|
|
|
|
* Updated GCE dynamic inventory script
* Migrate from depreciated secrets.py to recommended yaml files
* It's better to not use spaces in gce.ini
|
|
Currently, profiles for the tuned daemon are set only for
OpenShift node(s). This excludes the OpenShift loadbalancer.
As a result, ARP cache limits on loadbalancers are not raised.
This causes problems with HA setups where loadbalancers serve
1k+ OpenShift nodes.
This commit ensures the openshift-control-plane role is applied
to loadbalancers, masters and OpenShift infra nodes. Regular
OpenShift worker nodes get the openshift-node profile.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1498213
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Created by command:
/usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
|
|
|
|
Automatic merge from submit-queue.
docker, CRI-O: openshift_image_tag defaults to openshift_release
Replace:
commit c2c4ba7ec62d4dfd87d746d20991e10f2bd1bddf
Author: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue Sep 26 09:01:59 2017 +0200
Require openshift_image_tag in the inventory with openshift-enterprise
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
with using openshift_release for openshift_image_tag so we don't require users to include both in their inventory. Probably it is only a temporary solution until the openshift_image_tag vs openshift_release when using Docker/CRI-O is sorted out.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
|
|
Automatic merge from submit-queue.
Bug 1493276: Setting servingInfo.clientCA to ca-bundle.crt can cause unwanted client cert popups in browser when hitting console
https://bugzilla.redhat.com/show_bug.cgi?id=1493276
|
|
Update registry_config.j2 to fix BZ#1490738
|
|
Add PartOf to docker systemd service unit.
|
|
Automatic merge from submit-queue.
crio: use systemd manager
fix a regression introduced last week.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Currently, if iptables service is restarted,
existing iptables rules are removed.
Docker adds iptables rules dyanmically upon
startup and container creation. Restarting
the iptables service results in a loss of these
needed iptables rules.
This commit ensures that if iptables service is
restarted by anisble or the user, docker is
also restarted. This ensures the proper dynamic
iptables rules are in place for docker.
Fixes: openshift/origin#16709
|
|
Created by command:
/usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
|
|
Automatic merge from submit-queue.
Add authentication credentials to skopeo for image check
Currently, docker_image_availability health_check
does not support authenticated registries.
This commit adds the '--creds=' option to skopeo
if needed to support authentication credentials.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Rename openshift_cfme role to openshift_management
|
|
|
|
Created by command:
/usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
|
|
add missing restart node handler to flannel
|
|
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
This let's us use the role on CentOS systems, as well as RHEL. In addition, it
installs docker and makes sure it's restarted (as opposed to just "started"
which has no effect when docker is already running).
|
|
Automatic merge from submit-queue.
Switch to configmap leader election on 3.7 upgrade
This change sets the controllerConfig.election.lockName to openshift-master-controllers on a 3.7 upgrade.
This is the default in a new 3.7 cluster. Important excerpt from the docs inside the origin codebase (slightly modified):
There are two modes for lease operation - a legacy mode that directly connects to etcd, and the preferred mode which coordinates on a configmap or endpoint in the kube-system namespace. Because legacy mode and the new mode do not coordinate on the same key, an upgrade must stop all controllers before changing the configuration and starting controllers with the new config.
Signed-off-by: Monis Khan <mkhan@redhat.com>
/assign @smarterclayton @jupierce
/kind bug
|
|
Automatic merge from submit-queue.
cri-o: use overlay instead of overlay2
overlay2 and overlay are the same driver. Upstream CRI-O is going to
drop any reference to overlay2 and use only overlay.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
add a proper $GITURL to bastion.sh and rework add_node.sh to use it
|
|
Currently, docker_image_availability health_check
does not support authenticated registries.
This commit adds the '--creds=' option to skopeo
if needed to support authentication credentials.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
Some other fixes to handle docker config better:
Should now account properly for blocked registries, insecure registries,
multiple additional registries, and oreg_url registry with or without credentials.
Output on failure should be clearer about what was tried.
Fixed a bug in the action_plugin_test exposed by these changes.
|
|
Add dynamic inventory
|
|
mgugino-upstream-stage/ensure-docker-restarts-with-iptables
Automatic merge from submit-queue.
Ensure docker is restarted when iptables is restarted
Currently, os_firewall role may run after docker role,
and iptables.service may be restarted. When restarted,
this negatively impacts docker's iptables rules.
This commit ensures that if iptables is restarted,
docker is restarted as well (by systemd)
Fixes: https://github.com/openshift/origin/issues/16709
|
|
|
|
This change sets the controllerConfig.election.lockName to
openshift-master-controllers on a 3.7 upgrade.
This is the default in a new 3.7 cluster. Important excerpt from
the docs inside the origin codebase (slightly modified):
There are two modes for lease operation - a legacy mode that
directly connects to etcd, and the preferred mode which coordinates
on a configmap or endpoint in the kube-system namespace. Because
legacy mode and the new mode do not coordinate on the same key, an
upgrade must stop all controllers before changing the configuration
and starting controllers with the new config.
Signed-off-by: Monis Khan <mkhan@redhat.com>
|
|
|
|
Switch to the latest openshift-ansible for Openstack CI
|
|
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
overlay2 and overlay are the same driver. Upstream CRI-O is going to
drop any reference to overlay2 and use only overlay.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
Currently, os_firewall role may run after docker role,
and iptables.service may be restarted. When restarted,
this negatively impacts docker's iptables rules.
This commit ensures that if iptables is restarted,
docker is restarted as well (by systemd)
Fixes: https://github.com/openshift/origin/issues/16709
|
|
Stop including origin and ose hosts example file
|
|
It's a pain keeping these two in sync so just mention the differences as
necessary.
|
|
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
|
|
- don't check pkg versions on Fedora, it won't work; they move
faster than RHEL and it's not realistic to maintain that package
list.
- handle differences between yum and dnf pkgspec for excluder
- work-around for a bug in dnf
https://bugzilla.redhat.com/show_bug.cgi?id=1199432
- make requirement verify one play, don't run unnecessary checks on
Fedora
|
|
Merge upstream commits
|
|
|
