| Age | Commit message (Collapse) | Author |
|---|
|
Automatic merge from submit-queue.
Add the ability to specify a timeout for node drain operations
A timeout to wait for nodes to drain pods can be specified to ensure that the upgrade continues even if nodes fail to drain pods in the allowed time. The default value of 0 will wait indefinitely allowing the admin to investigate the root cause and ensuring that disruption budgets are respected. In practice the `oc adm drain` command will eventually error out, at least that's what we've seen in our large online clusters, when that happens a second attempt will be made to drain the nodes, if it fails again it will abort the upgrade for that node or for the entire cluster based on your defined `openshift_upgrade_nodes_max_fail_percentage`.
`openshift_upgrade_nodes_drain_timeout=0` is the default and will wait until all pods have been drained successfully
`openshift_upgrade_nodes_drain_timeout=600` would wait for 600s before moving on to the tasks which would forcefully stop pods such as stopping docker, node, and openvswitch.
|
|
Ensure that openshift_facts role is imported whenever we rely on
|
|
vrutkovs/3.9-upgrades-remove-openshift.common.service_type
3.9 upgrade: remove openshift.common.service_type
|
|
|
|
This variable may or may not be defined by the users.
During deployments, it will be set to '-{{ openshift_version }}'
if undefined.
During upgrades, it will remain undefined.
This commit ensures that if the variable is undefined,
empty strings '' are set.
|
|
Remove become statements
|
|
After remove become:no statements on local_action tasks,
we need to ensure that the proper file permssions are
applied to local temp directories.
This reason for this is that the 'fetch' module
does not use 'become' for the localhost, just the remote
host.
Additionally, users may not wish for the localhost to
become during a fetch. local_action will execute with
whatever permissions are specified in inventory or via
cli.
|
|
This commit removes become:no statements that break
the installer in various ways.
|
|
This commit limits common init code to exclude
oo_nodes_to_config during upgrade_control_plane runs.
|
|
This commit changes how we handle openshift_version role.
Most of the version initialization code is only run
on the first master now. All other hosts have values
set from the master.
Aftwards, we run some basic RPM queries to ensure
that the correct version is available on the other nodes.
Containerized needs to do their own image checks elsewhere.
|
|
upgrades: set openshift_client_binary fact when running on oo_first_master host
|
|
openshift_client_binary
|
|
docker storage setup for ami building
|
|
Build containerized host group dynamically
|
|
add host to g_new_node_hosts so that plays run against the AMI instance
update example vars so that overlay2 is used by default for docker storage
|
|
Automatic merge from submit-queue.
Openstack fixes
This includes a few fixes for the OpenStack provider.
It should fix #6555 and possibly also #6560.
|
|
install base_packages on oo_all_hosts
|
|
Automatic merge from submit-queue.
Remove last of openshift_node role meta-depends
Remove last non-taskless meta-depends from
openshift_node role.
|
|
Currently, we are using some inventory variables
to determine what host groups should be considered
containerized.
This is problematic and has several edge cases.
This commit removes the variable l_containerized_host_groups
and builds a dynamic group of hosts named
'oo_hosts_containerized_managed_true' based on the value of
'containerized'
|
|
This commit ensures base packages are installed
for oo_all_hosts, which is what we were doing previously.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1530516
|
|
See eb6b20fc9183cc2aae424c72efd1191b99110a93
|
|
Contiv's etcd was not being deployed correctly when using more than
one master. To make it easier to manage, it has been moved into a
k8s container.
The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error. This has been moved into
a k8s container for easier management.
The firewall was too permissive on several ports. Many were open to
the world when they should have only been accessible inside the
cluster.
Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role. Now all the
contiv specific role variables start with 'contiv_'.
The api proxy's default self-signed certificate was bundled with the
role. This means someone with read-only MITM access and this key
could decrypt traffic. Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.
|
|
Install web console server
|
|
This sets openshift_client_binary var for the first master,
as some roles use this var along with first_master_client_binary.
Not sure if its worth setting this var for the faulty roles instead though.
Signed-off-by: Vadim Rutkovsky <vrutkovs@redhat.com>
|
|
Migrate to import_role for static role inclusion
|
|
|
|
In Ansible 2.2, the include_role directive came into existence as
a Tech Preview. It is still a Tech Preview through Ansible 2.4
(and in current devel branch), but with a noteable change. The
default behavior switched from static: true to static: false
because that functionality moved to the newly introduced
import_role directive (in order to stay consistent with include*
being dynamic in nature and `import* being static in nature).
The dynamic include is considerably more memory intensive as it will
dynamically create a role import for every host in the inventory
list to be used. (Also worth noting, there is at the time of this
writing an object allocation inefficiency in the dynamic include
that can in certain situations amplify this effect considerably)
This change is meant to mitigate the pressure on memory for the
Ansible control host.
We need to evaluate where it makes sense to dynamically include roles
and revert back to dynamic inclusion if and where it makes sense to do
so.
|
|
Automatic merge from submit-queue.
OpenStack provisioning -- support cns.
Initial support for CNS nodes during OpenShift on OpenStack provisioning.
|
|
Automatic merge from submit-queue.
Move wait_for_pods to it's own play openshift_hosted
Currently, both registry and router pods need to
be polled for successful deployment.
Somtimes this can take up to a minute.
This commit attempts to deploy both pods
before polling either. This should reduce
the average wait time for polling pods by 50%
as time spent polling the first will also allow
the second pod to continue it's own deployment.
|
|
Remove bootstrap.yml from main.yml in openshift_node role
|
|
|
|
The OpenStack dynamic inventory was setting the
`openshift_node_labels` value as a string which causes a failure with
the `lib_utils_oo_dict_to_keqv_list` filter.
Fixes #6555
|
|
Remove last non-taskless meta-depends from
openshift_node role.
Remove variable 'openshift_node_upgrade_in_progress' as
it is no longer used.
|
|
|
|
|
|
Currently, both registry and router pods need to
be polled for successful deployment.
Somtimes this can take up to a minute.
This commit attempts to deploy both pods
before polling either. This should reduce
the average wait time for polling pods by 50%
as time spent polling the first will also allow
the second pod to continue it's own deployment.
|
|
Automatic merge from submit-queue.
aws: Fix misnamed variable in provisioning_vars.yml.example
This typo (?) in `provisioning_vars.yml.example` tripped me up while trying to run `provision_install.yml` using a configuration based on the example file.
|
|
This commit utilizes include_role for bootstrapping the
node instead of conditional include of tasks now that
the node role has no meta includes that have tasks.
|
|
Move sanity_checks into custom action plugin
|
|
|
|
openshift_containerized_host_groups needs to be referenced via
hostvars.
This commit also updates tox ansible syntax checks to account
for unavailability of hostsvars during syntax checks.
Fixes: https://github.com/openshift/openshift-ansible/issues/6540
|
|
Move openshift_deployment_type check into sanity_check
action plugin. Remove compatibility for deployment_type.
deployment_type has been deprecated for some time now.
|
|
Move more checks outside of init/main.yml for
speeding up upgrades and other operational plays that
need to run.
|
|
This commit moves sanity_checks tasks into a custom
action plugin that is only run against a single host.
This will result in a large reduction of tasks during initialization
|
|
We set these variables using facts in init, no need
to duplicate the logic all around the codebase.
|
|
Adding support for docker-storage-setup on overlay
|
|
|
|
Plugin consolidate
|
|
This commit relocates filter_plugings to lib_utils,
changes the namespacing to prevent unintended use of
older versions that may be present in filter_plugins/
directory on existing installs.
Add lib_utils to meta depends for roles
Also consolidate some plugins into lib_utils from
various other areas.
Update rpm spec, obsolete plugin rpms.
|
|
|
