| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contiv's etcd was not being deployed correctly when using more than
one master. To make it easier to manage, it has been moved into a
k8s container.
The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error. This has been moved into
a k8s container for easier management.
The firewall was too permissive on several ports. Many were open to
the world when they should have only been accessible inside the
cluster.
Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role. Now all the
contiv specific role variables start with 'contiv_'.
The api proxy's default self-signed certificate was bundled with the
role. This means someone with read-only MITM access and this key
could decrypt traffic. Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.
|
|\
| |
| | |
Install web console server
|
| | |
|
|\ \
| | |
| | | |
Migrate to import_role for static role inclusion
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In Ansible 2.2, the include_role directive came into existence as
a Tech Preview. It is still a Tech Preview through Ansible 2.4
(and in current devel branch), but with a noteable change. The
default behavior switched from static: true to static: false
because that functionality moved to the newly introduced
import_role directive (in order to stay consistent with include*
being dynamic in nature and `import* being static in nature).
The dynamic include is considerably more memory intensive as it will
dynamically create a role import for every host in the inventory
list to be used. (Also worth noting, there is at the time of this
writing an object allocation inefficiency in the dynamic include
that can in certain situations amplify this effect considerably)
This change is meant to mitigate the pressure on memory for the
Ansible control host.
We need to evaluate where it makes sense to dynamically include roles
and revert back to dynamic inclusion if and where it makes sense to do
so.
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue.
OpenStack provisioning -- support cns.
Initial support for CNS nodes during OpenShift on OpenStack provisioning.
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Move wait_for_pods to it's own play openshift_hosted
Currently, both registry and router pods need to
be polled for successful deployment.
Somtimes this can take up to a minute.
This commit attempts to deploy both pods
before polling either. This should reduce
the average wait time for polling pods by 50%
as time spent polling the first will also allow
the second pod to continue it's own deployment.
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, both registry and router pods need to
be polled for successful deployment.
Somtimes this can take up to a minute.
This commit attempts to deploy both pods
before polling either. This should reduce
the average wait time for polling pods by 50%
as time spent polling the first will also allow
the second pod to continue it's own deployment.
|
|\ \ \
| |/ /
|/| | |
Remove bootstrap.yml from main.yml in openshift_node role
|
| | |
| | |
| | |
| | |
| | |
| | | |
This commit utilizes include_role for bootstrapping the
node instead of conditional include of tasks now that
the node role has no meta includes that have tasks.
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue.
aws: Fix misnamed variable in provisioning_vars.yml.example
This typo (?) in `provisioning_vars.yml.example` tripped me up while trying to run `provision_install.yml` using a configuration based on the example file.
|
| | | |
|
|\ \ \
| | | |
| | | | |
Move sanity_checks into custom action plugin
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Move openshift_deployment_type check into sanity_check
action plugin. Remove compatibility for deployment_type.
deployment_type has been deprecated for some time now.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Move more checks outside of init/main.yml for
speeding up upgrades and other operational plays that
need to run.
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
This commit moves sanity_checks tasks into a custom
action plugin that is only run against a single host.
This will result in a large reduction of tasks during initialization
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
openshift_containerized_host_groups needs to be referenced via
hostvars.
This commit also updates tox ansible syntax checks to account
for unavailability of hostsvars during syntax checks.
Fixes: https://github.com/openshift/openshift-ansible/issues/6540
|
| |
| |
| |
| |
| | |
We set these variables using facts in init, no need
to duplicate the logic all around the codebase.
|
|\ \
| | |
| | | |
Adding support for docker-storage-setup on overlay
|
| | | |
|
|\ \ \
| |/ /
|/| | |
Plugin consolidate
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit relocates filter_plugings to lib_utils,
changes the namespacing to prevent unintended use of
older versions that may be present in filter_plugins/
directory on existing installs.
Add lib_utils to meta depends for roles
Also consolidate some plugins into lib_utils from
various other areas.
Update rpm spec, obsolete plugin rpms.
|
|/ |
|
|\
| |
| | |
Fix rhel_subscribe boolean
|
| |
| |
| |
| |
| |
| |
| | |
This commit fixes a variable name to it's correct
name used in a when condition.
Also makes use of 'is defined' consistent.
|
|\ \
| |/
|/| |
Deprecate using Ansible tests as filters
|
| | |
|
|\ \
| | |
| | | |
Move repo and subscribe to prerequisites
|
| |/
| |
| |
| |
| | |
This commit refactors some steps in rhel subscribe and
moves repos.yml from init/main to prerequisites.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue.
1506750 Validate node hostname and IP address
- Replaces use of `pause` with a `fail` task. `pause` only runs on one host, therefore the check was not run for all nodes
- Adds check for valid openshift_ip
Fixes 1506750
https://bugzilla.redhat.com/show_bug.cgi?id=1506750
|
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes 1506750
https://bugzilla.redhat.com/show_bug.cgi?id=1506750
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue.
Add missing openshift_service_type
Pull in openshift_facts to define the variable.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1525429
|
| |/
| |
| |
| |
| |
| | |
Pull in openshift_facts to define the variable.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1525429
|
|\ \
| | |
| | | |
Commit to stabilize RHSM operations. This code is derived from contrib
|
| | | |
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit moves the pulling of images, packages,
and updating config files into a non-serialized play.
The serialized play is now in charge of marking unschedulable,
draining, stopping and restarting services, and marking
schedulable.
If rpm install / container download takes 60s per host,
this will save 3 hours and 10 minutes at 200 hosts per cluster
and forks of 20 hosts.
|
|\ \
| | |
| | | |
Remove empty openshift_hosted_facts role
|
| |/
| |
| |
| | |
This commit removes a now-empty role.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit refactors some upgrade code paths.
Touched areas are:
1) Reduces usage of 'oo_all_hosts' in various places,
especially when running upgrade_control_plane.
2) Reuses common code across the various upgrade*
playbooks.
3) Moves docker upgrade checks into container_runtime_role.
4) Combines smaller playbooks and plays to reduce file sprawl.
|
|\
| |
| | |
Node group management update.
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue.
Allow 2 sets of hostnames for openstack provider
Support private/public hostnames suffixes for DNS records.
Real hostnames, Inventory variables, Nova servers and ansible
hostnames will ignore the custom suffixes. Those are only for
nsupdates sent to external DNS servers.
Related change: add openshift_openstack_public_dns_domain to
the role defaults to not rely on the group vars example only.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Co-authored-by: Tomas Sedovic <tsedovic@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Support private/public hostnames suffixes for DNS records.
Real hostnames, Inventory variables, Nova servers and ansible
hostnames will ignore the custom suffixes. Those are only for
nsupdates sent to external DNS servers.
Related change: add openshift_openstack_public_dns_domain to
the role defaults to not rely on the group vars example only.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Co-authored-by: Tomas Sedovic <tsedovic@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
add openshift_master_api_port var to example inventory
|
| | |/
| |/|
| | |
| | | |
would get timeouts during master node installation without this setting
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue.
Remove unneeded embedded etcd logic
Removing some remaining embedded etcd facts except
for the migration plays.
|
| | |
| | |
| | |
| | |
| | | |
Removing some remaining embedded etcd facts except
for the migration plays.
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
correct ansible-playbook command syntax
|
| | | | |
|