| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
on inventory/playbook variables for openshift_hostname
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Remove default value for openshift_hostname and make it required
- Remove workarounds that are no longer needed
- Remove resources parameter from openshift_register_node module
- pre-create node certificates for each node before registering node
- distribute created node certificates to each node
- Move node registration logic to a new openshift_register_nodes role
- This is because we now have to run the steps on a master as opposed to on
the nodes like we were previously doing.
- Rename openshift_register_node module to kubernetes_register_node, one more
step to genericizing enough for upstreaming, however there are still plenty
of openshift specific commands that still need to be genericized.
|
| |
|
|
| |
os_update_latest after repo config
|
| |
|
|
|
| |
* Added playbooks/gce/openshift-cluster
* Added bin/cluster (will replace cluster.sh)
|
| | |
|
| |
|
|
|
| |
* Added playbooks/gce/openshift-cluster
* Added bin/cluster (will replace cluster.sh)
|
| |\
| |
| | |
Rename repos role to openshift_repos
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
- Rename repos role to openshift_repos
- Make openshift_repos a dependency of openshift_common
- Add README and metadata for openshift_repos
- Playbook updates for role rename
- Verify libselinux-python is installed, otherwise some of the bulit-in
modules we use fail
|
| |/
|
|
|
| |
- always set hostname if hostname does not match openshift_hostname
- Use local IP instead of public IP as hostname for workaround
|
| |\
| |
| | |
Random cleanup
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
- Fix missed references to old firewall scripts
- Fix variable name references that didn't get updated
|
| |/
|
|
|
|
|
| |
- instead of setting KUBECONFIG, copy the admin kubeconfig to
/root/.kube/.kubeconfig in the openshift_master and openshift_node roles
- pause for 30 seconds if the openshift-master service has changed state,
since the file we are copying is generated by the master
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add os_firewall role
- Remove firewall settings from base_os, add wait task to os_firewall
- Added a iptables firewall module for maintaining the following (in a mostly
naive manner):
- ensure the OPENSHIFT_ALLOW chain is defined
- ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW
- adds or removes entries from the OPENSHIFT_ALLOW chain
- issues '/usr/libexec/iptables/iptables.init save' when rules are changed
- Limitations of iptables firewall module
- only allows setting of ports/protocols to open
- no testing on ipv6 support
- made os_firewall a dependency of openshift_common
- Hardcoded openshift_common to use iptables (through the vars directory)
until upstream support is in place for firewalld
|
| |\
| |
| | |
Prefer YAML style datastructures over JSON
|
| | |
| |
| |
| | |
- Switch JSON style datastructures to YAML for debuggability
|
| | |
| |
| |
| |
| | |
- for use anywhere the hostname is used that would be dependent on
the openshift_hostname_workaround setting.
|
| |/
|
|
|
| |
- use openshift_bind_ip for hostname when openshift_hostname_workaround is true
- defaults to true to maintain current behavior.
|
| | |
|
|
|
- move common openshift logic into openshift_common
- set openshift_common as a dependency for openshift_node and openshift_master
- rename role variables to openshift_* to be more descriptive
- start recording local_facts on the openshift hosts
- clean up firewalld config to be a bit more dry
- Update firewall ports for https, make sure http rules are removed
- Replace references to ansible_eth0.ipv4.address with
ansible_default_ipv4.address
|
