| Age | Commit message (Collapse) | Author |
|---|
|
Currently, double upgrade process (3.7 -> 3.9)
for control plane attempts to run openshift_version
role twice to set the appropriate values for
upgrading each major version, 3.8 and 3.9.
This commit instructs openshift_version to
only inquire about the proper settings for 3.9,
and hard-sets the appropriate values for 3.8.
This allows a simplification of the
openshift_version role, allowing for easier
debugging.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1542368
|
|
Determine which host is the etcd CA host
|
|
Hosts will need python ipaddress module installed if it was not
installed during initial installation.
Bug 1540537
https://bugzilla.redhat.com/show_bug.cgi?id=1540537
|
|
Was errantly removed in 4f7d963986a1e28ecc6abd15532b0c1aece99be1
|
|
first host in the etcd host group.
|
|
Remove master_ha bool checks
|
|
The `assetConfig` is no longer used now that the console is split into
its own pod.
- Remove `assetConfig` on upgrades to 3.9
- Stop writing logging and metrics URLs to assetConfig for 3.9
|
|
Most of these checks are no longer applicable to
the tasks on which they are applied.
This commit removes incorrect ha checks to ensure
services are restarted at appropriate times.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500897
|
|
Allow playbooks/openshift-master/scaleup.yml to call
prerequisites.yml at the proper time.
Related-to: https://github.com/openshift/openshift-ansible/pull/6784
|
|
This commit continues moving plugins into lib_utils.
This commit does not move any plugins for add-on roles
such as logging and metrics.
|
|
After remove become:no statements on local_action tasks,
we need to ensure that the proper file permssions are
applied to local temp directories.
This reason for this is that the 'fetch' module
does not use 'become' for the localhost, just the remote
host.
Additionally, users may not wish for the localhost to
become during a fetch. local_action will execute with
whatever permissions are specified in inventory or via
cli.
|
|
This commit removes become:no statements that break
the installer in various ways.
|
|
Contiv's etcd was not being deployed correctly when using more than
one master. To make it easier to manage, it has been moved into a
k8s container.
The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error. This has been moved into
a k8s container for easier management.
The firewall was too permissive on several ports. Many were open to
the world when they should have only been accessible inside the
cluster.
Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role. Now all the
contiv specific role variables start with 'contiv_'.
The api proxy's default self-signed certificate was bundled with the
role. This means someone with read-only MITM access and this key
could decrypt traffic. Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.
|
|
In Ansible 2.2, the include_role directive came into existence as
a Tech Preview. It is still a Tech Preview through Ansible 2.4
(and in current devel branch), but with a noteable change. The
default behavior switched from static: true to static: false
because that functionality moved to the newly introduced
import_role directive (in order to stay consistent with include*
being dynamic in nature and `import* being static in nature).
The dynamic include is considerably more memory intensive as it will
dynamically create a role import for every host in the inventory
list to be used. (Also worth noting, there is at the time of this
writing an object allocation inefficiency in the dynamic include
that can in certain situations amplify this effect considerably)
This change is meant to mitigate the pressure on memory for the
Ansible control host.
We need to evaluate where it makes sense to dynamically include roles
and revert back to dynamic inclusion if and where it makes sense to do
so.
|
|
Move openshift_deployment_type check into sanity_check
action plugin. Remove compatibility for deployment_type.
deployment_type has been deprecated for some time now.
|
|
We set these variables using facts in init, no need
to duplicate the logic all around the codebase.
|
|
This commit relocates filter_plugings to lib_utils,
changes the namespacing to prevent unintended use of
older versions that may be present in filter_plugins/
directory on existing installs.
Add lib_utils to meta depends for roles
Also consolidate some plugins into lib_utils from
various other areas.
Update rpm spec, obsolete plugin rpms.
|
|
This commit removes a now-empty role.
|
|
|
|
Remove openshift.common.service_type
|
|
This needs to be in place for crio.
This role only installs and enables iptables, thus
should only be run once.
|
|
This commit removes openshift.common.service_type
in favor of openshift_service_type.
This commit also removes r_openshift_excluder_service_type
from plays in favor of using the role's defaults.
|
|
|
|
openshift.master.cluster_method.
With pacemaker removed there is no longer a need for
openshift.master.cluster_method. We only have one option.
|
|
|
|
when using yaml or json, a false value is converted to true
|
|
|
|
|
