| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add defaults values for some openstack vars
Ansible shows errors when the `rhsm_register` and
`openstack_flat_secgrp` values are not present in the inventory even
though they have sensible default values.
This makes them both default to false when they're not specified.
* Comment out the flat security group option in inv
It's no longer required to be there so let's comment it out.
|
|
|
| |
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
provisioning (#518)
* prerequisites.yml: check prerequisites on localhost needed for provisioning
provision.yml: includes prerequisites.yml
* prerequisites: indentation fixed
* prerequisites.yml: used ansible_version variable, openstack modules for ansible
* prerequisites.yml: os_keypair is not suitable for this purpose
* prerequisites.yml: openstack keypair command exchanged for shade
- there is no Ansible module for this now
- os_keypair is not suitable for this purpose
- python-openstackclient dependency is not desirable
|
|\
| |
| | |
Manage packages to install/update for openstack provider
|
| |
| |
| |
| |
| |
| |
| | |
Allow required packages and yum update all steps to be optionally
disabled.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Firstly, provision a Heat stack with given public resolvers.
* After the DNS node configured as an authoritative server,
switch the Heat stack's Neutron subnet to that resolver
(private_dns_server) the way it to become the first entry pushed
into the hosts /etc/resolv.conf. It will be serving the cluster
domain requests for OpenShift nodes and workloads.
* Drop post-provision /etc/reslov.conf nameserver hacks as not
needed anymore.
* Fix dns floating IPs output and add the priv IPs output as well.
* Update docs, clarify localhost vs servers requirements, add
required Network Manager setup step.
* Use post-provision task names instead of comments.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| | |
|
|/
|
|
|
|
|
|
|
|
| |
The `wait_for_connection` module is more reliable as it uses Ansible's `ping`
to verify the nodes are really accessible. Using `wait_for` and checking that
port 22 is open runs into the possibility of SSH being up but the public keys
or users not being set up yet (as that's done with cloud-init).
In addition, we were gathering facts before running the wait_for task which
rendered it useless.
|
| |
|
| |
|
|\
| |
| | |
Add node_removal_policies variable to openstack provisioning to allow for scaling down
|
| | |
|
| | |
|
|\ \
| | |
| | | |
all.yml: removed whitespaces in front of variables
|
| | | |
|
|\| |
| | |
| | | |
OSEv3.yml: added option to ignore set hardware limits for RAM and DISK
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| |/ /
|/| | |
Fix flat sec group and infra/dns sec rules
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make flat sec group to only merge node/master/etcd sec rules.
Add basic dns/ssh sec group and assign it to all but dns node groups.
Assign only dns sec group for dns nodes.
Assign only infra (and basic) sec groups for ingra nodes.
Add security notes for openstack provider.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|/
|
|
|
|
| |
Prohibit sudoing for localhost played tasks, like DNS setup.
Re-use cached facts to speed up deployment.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
|
| |
Tune an example ansible.cfg to include
tasks profiling info and improve displaying
of skipped tasks.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Provision tasks use facts like ansible_hostname and few others.
W/o gathering facts, those expire, and the provision playbook cannot
be reapplied in order to update the existing heat stack.
Refresh the facts cache by specifying gather_facts: true.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
|
|
| |
TODO use with
when: ansible_distribution == 'CentOS'
Also update docs for origin
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
| |
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Add a openstack_flat_secgroup, defaults to False.
When set, merges sec rules for master, node, etcd, infra nodes into a
single group. Less secure, but might help to mitigate quota limitations.
Update docs. Use timeout 30s to mitigate the error:
Timeout (12s) waiting for privilege escalation prompt.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
|
| |
|
|
|
|
|
| |
We should probably not pollute the role namespace with a name as common
as "common". Moving the pre_task.yml to provisioners/openstack instead.
|
| |
|
|
|
|
| |
It's under the GPLv3+ while the rest of the repo is Apache 2.
|
| |
|
| |
|
| |
|
|
They'll live in playbooks/provisioning/openstack from now on.
|