summaryrefslogtreecommitdiffstats
path: root/playbooks
Commit message (Collapse)AuthorAgeFilesLines
...
| | | * | | OSEv3.yml: trailing space...Katerina Pilatova2017-06-231-1/+1
| | | | | |
| | | * | | OSEv3.yml: added option to ignore set hardware limits for RAM and DISKKaterina Pilatova2017-06-231-0/+4
| | | | | |
| | * | | | Merge pull request #488 from bogdando/fix_flat_sgBogdan Dobrelya2017-06-231-0/+11
| | |\ \ \ \ | | | |/ / / | | |/| | | Fix flat sec group and infra/dns sec rules
| | | * | | Fix flat sec group and infra/dns sec rulesBogdan Dobrelya2017-06-231-0/+11
| | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make flat sec group to only merge node/master/etcd sec rules. Add basic dns/ssh sec group and assign it to all but dns node groups. Assign only dns sec group for dns nodes. Assign only infra (and basic) sec groups for ingra nodes. Add security notes for openstack provider. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| | * / / Use cached facts, do not become for localhost (#484)Bogdan Dobrelya2017-06-212-1/+11
| | |/ / | | | | | | | | | | | | | | | | | | | | Prohibit sudoing for localhost played tasks, like DNS setup. Re-use cached facts to speed up deployment. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| | * | Add profiling and skippy stdout (#470)Bogdan Dobrelya2017-06-201-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Tune an example ansible.cfg to include tasks profiling info and improve displaying of skipped tasks. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| | * | Fix flake8 errors with the openstack inventoryTomas Sedovic2017-06-161-5/+5
| | | |
| | * | Fix yamllint errorsTomas Sedovic2017-06-166-13/+6
| | | |
| | * | Update sample inventory with the latest changesTomas Sedovic2017-06-163-16/+31
| | | |
| | * | Gather facts for provision playbookBogdan Dobrelya2017-06-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Provision tasks use facts like ansible_hostname and few others. W/o gathering facts, those expire, and the provision playbook cannot be reapplied in order to update the existing heat stack. Refresh the facts cache by specifying gather_facts: true. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| | * | Drop atomic-openshift-utils, update docs for originBogdan Dobrelya2017-06-151-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TODO use with when: ansible_distribution == 'CentOS' Also update docs for origin Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| | * | Add ansible.cfg for openstack providerBogdan Dobrelya2017-06-152-0/+23
| | | | | | | | | | | | | | | | Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| | * | Add a flat sec group for openstack providerBogdan Dobrelya2017-06-153-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a openstack_flat_secgroup, defaults to False. When set, merges sec rules for master, node, etcd, infra nodes into a single group. Less secure, but might help to mitigate quota limitations. Update docs. Use timeout 30s to mitigate the error: Timeout (12s) waiting for privilege escalation prompt. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| | * | Fix privileges in the pre-install playbookTomas Sedovic2017-06-152-11/+12
| | | |
| | * | Add default values to provision-openstack.ymlTomas Sedovic2017-06-141-8/+8
| | | |
| | * | Move pre_tasks from to the openstack provisionerTomas Sedovic2017-06-141-0/+39
| | | | | | | | | | | | | | | | | | | | We should probably not pollute the role namespace with a name as common as "common". Moving the pre_task.yml to provisioners/openstack instead.
| | * | Add readmeTomas Sedovic2017-06-141-0/+113
| | | |
| | * | Add license for openstack.py in inventoryTomas Sedovic2017-06-141-0/+674
| | | | | | | | | | | | | | | | It's under the GPLv3+ while the rest of the repo is Apache 2.
| | * | Add a sample inventory for openstack provisioningTomas Sedovic2017-06-145-0/+350
| | | |
| | * | Symlink roles to provisioning/openstack/rolesTomas Sedovic2017-06-141-0/+1
| | | |
| | * | Add a single provisioning playbookTomas Sedovic2017-06-141-0/+4
| | | |
| | * | Move the openstack provisioning playbooksTomas Sedovic2017-06-145-0/+227
| | / | | | | | | | | | They'll live in playbooks/provisioning/openstack from now on.
* | | Merge pull request #6064 from mtnbikenc/consolidate-initScott Dodson2017-11-1680-267/+84
|\ \ \ | |_|/ |/| | Playbook Consolidation - Initialization
| * | Playbook Consolidation - InitializationRussell Teague2017-11-1580-267/+84
| | |
* | | Merge pull request #5500 from vshn/projtmpl1OpenShift Merge Robot2017-11-162-0/+4
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Add role to configure project request template The OpenShift master role already supports changing the master configuration to refer to a project template, but there's no way to manage that template directly. This role adds the necessary code to generate a default template and to apply customizations using the "yedit" module. We need to configure custom services and endpoints in every project. The project request template enables us to do that automatically in every project and we'd like to manage the template using Ansible.
| * | | Add role to configure project request templateMichael Hanselmann2017-10-232-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The OpenShift master role already supports changing the master configuration to refer to a project template, but there's no way to manage that template directly. This role adds the necessary code to generate a default template and to apply customizations using the "yedit" module.
* | | | Merge pull request #6084 from mgugino-upstream-stage/combine-master-upgradeOpenShift Merge Robot2017-11-156-323/+9
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Combine master upgrade play with role Currently, there are plays importing tasks directly from openshift_master role. This has caused numerous bugs and code duplicaiton in the past. This commit combines the upgrade into openshift_master role utilizing include_role syntax.
| * | | | Combine master upgrade play with roleMichael Gugino2017-11-097-333/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, there are plays importing tasks directly from openshift_master role. This has caused numerous bugs and code duplicaiton in the past. This commit combines the upgrade into openshift_master role utilizing include_role syntax.
* | | | | Merge pull request #5968 from mgugino-upstream-stage/version-scrubScott Dodson2017-11-158-23/+3
|\ \ \ \ \ | |_|_|/ / |/| | | | Removed old version code
| * | | | Removed old version codeMichael Gugino2017-11-148-23/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit removes any references to versions < 1.5/3.5 We assume the version is always greater than or equal to 1.5/3.5.
* | | | | Merge pull request #5846 from kwoodson/cluster_install_orderOpenShift Merge Robot2017-11-153-4/+53
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Switch up the cluster install order. The purpose of this pull request is to change the order of installation to the following: - Provision masters - Install masters - Provision node groups (infra/compute) - Join nodes to cluster (approval process) - Call hosted playbooks on entire cluster This model of install is a bit more robust than the previous one of bringing up nodes after hosted has been installed. This method allows us to have all nodes available when the services are being configured rather than after-the-fact.
| * | | | | Updating provisioning order.Kenny Woodson2017-11-133-4/+53
| | |/ / / | |/| | |
* | | | | Merge pull request #5967 from gregswift/uninstallOpenShift Merge Robot2017-11-151-14/+55
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Cleans up additional artifacts in uninstall. Closes 3082 Closes #3082
| * | | | | Cleans up additional artifacts in uninstall. Closes 3082Greg Swift2017-10-311-14/+55
| | | | | |
* | | | | | Merge pull request #6068 from mtnbikenc/remove-old-upgradesOpenShift Merge Robot2017-11-1432-1377/+2
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Remove upgrade playbooks for 3.3 through 3.5 Release branches should be used for older upgrades.
| * | | | | | Remove upgrade playbooks for 3.3 through 3.5Russell Teague2017-11-0832-1377/+2
| | |/ / / / | |/| | | |
* | | | | | Merge pull request #6115 from sdodson/disable-auth-migrationScott Dodson2017-11-142-20/+24
|\ \ \ \ \ \ | | | | | | | | | | | | | | Allow disabling authorization migration check
| * | | | | | Allow disabling authorization migration checkScott Dodson2017-11-142-20/+24
| | | | | | |
* | | | | | | Merge pull request #6054 from nak3/cleanup-lbOpenShift Merge Robot2017-11-141-0/+4
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Remove remaining haproxy files with uninstallation Although OpenShift LB(HAProxy) distributes `/etc/systemd/system/haproxy.service.d/limits.conf` and `/etc/systemd/system/haproxy.service`, uninstall playbook does not remove them now. This patch changes to remove these files.
| * | | | | | Remove remaining haproxy files with uninstallationKenjiro Nakayama2017-11-081-0/+4
| | | | | | |
* | | | | | | Merge pull request #5948 from mtnbikenc/checkpoint-timesOpenShift Merge Robot2017-11-1415-90/+150
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Add execution times to checkpoint status This PR adds execution times to the checkpoint status report at the end of an installer playbook run. - Checkpoint plays now use `all` host group to avoid using an undefined host group during the Initialization phase as well as maintaining the need to collect inventory vars for host group conditionals - `run_once: true` is used to limit the execution to only one host - `installer_phase_*` data is now stored as a dict so multiple data points can be stored for that phase - Documentation updated ``` INSTALLER STATUS *************************************************************** Initialization : Complete (0:02:14) Health Check : Complete (0:01:10) etcd Install : Complete (0:02:01) Master Install : Complete (0:11:43) Master Additional Install : Complete (0:00:54) Node Install : Complete (0:14:11) Hosted Install : Complete (0:03:28) ```
| * | | | | | Add execution times to checkpoint statusRussell Teague2017-10-3115-90/+150
| | | | | | |
* | | | | | | Merge pull request #6101 from mgugino-upstream-stage/fix-tsb-jsonScott Dodson2017-11-133-11/+10
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Fix extension script for catalog
| * | | | | | | Fix extension script for catalogMichael Gugino2017-11-133-11/+10
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, playbook wire_aggregator places an empty plugin script for openshift master called openshift-ansible-catalog-console.js This file should not be empty if using template_service_broker. I have updated this file to include a boolean and the proper string. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506502
* / | | | | | First pass at v3.8 supportScott Dodson2017-11-1311-0/+482
|/ / / / / /
* | | | | | Merge pull request #6016 from kwoodson/bootstrap_enhancements-v3Kenny Woodson2017-11-083-3/+7
|\ \ \ \ \ \ | | | | | | | | | | | | | | Bootstrap enhancements.
| * | | | | | Bootstrap enhancements.Kenny Woodson2017-11-083-3/+7
| | | | | | |
* | | | | | | Fix preupgrade authorization objects are in sync minor versionsMichael Gugino2017-11-082-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, we check that upgrade target is less than 3.8, but this will break for minor upgrades. This commit set's a fact early in the upgrade process to deterime what the currently installed version on the first master is. This fact is used to determine if our currently installed version is less than 3.7. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1508301
* | | | | | | Remove debug code that was mistakenly committedZohar Galor2017-11-081-9/+0
| |_|/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | This also causes a failure if nfs block is not defined, because the condition is missing. Anyway this shouldn't have been committed.
* | | | | | Merge pull request #6031 from abutcher/temporary-servinginfo-clientcaOpenShift Merge Robot2017-11-063-5/+30
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Temporarily set master servingInfo.clientCA as client-ca-bundle.crt during rolling CA redeployment. This PR temporarily configures master `servingInfo.clientCA` as `client-ca-bundle.crt` during CA redeploy so that clients referencing the old OpenShift CA can continue to function until all cluster certificates have been replaced and `servingInfo.clientCA` is reset to `ca.crt`. `client-ca-bundle.crt` is a new bundle created by the `openshift_ca` role which contains old and new OpenShift CA certificates. https://bugzilla.redhat.com/show_bug.cgi?id=1509124 Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1493276
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-22 00:50:44 +0000