| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | hot fix for env variable resolve | Mangirdas | 2017-08-22 | 1 | -1/+1 |
| | | |||||
| * | Merge pull request #4254 from dmsimard/registry_certs | Scott Dodson | 2017-08-21 | 4 | -49/+138 |
| |\ | | | | | Refactor openshift_hosted's docker-registry route setup | ||||
| | * | Refactor openshift_hosted's docker-registry route setup | David Moreau-Simard | 2017-07-23 | 4 | -49/+138 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have identified an issue where a docker-registry service set up as 'reencrypt' with a provided certificate and a self-signed certificate on the pod does not authorize users to push images. If the docker-registry service is set up as 'passthrough' with the same provided certificate, everything works. In light of this, this commit essentially adds support for configuring provided certificates with a passthrough route while maintaining backwards compatibility with the other use cases. The default remains 'passthrough' with self-generated certificates. Other miscellaneous changes include: - Move fact setup that were only used in secure.yml there - Omit the hostname for the route if there are none to configure, oc_route takes care of handling the default - Replace hardcoded /etc/origin/master by openshift_master_config_dir | ||||
| * | | Updated README to reflect refactor. Moved firewall initialize into separate ↵ | Kenny Woodson | 2017-08-10 | 1 | -2/+2 |
| | | | | | | | | | file. | ||||
| * | | Adding a default condition and removing unneeded defaults. | Kenny Woodson | 2017-08-09 | 1 | -4/+4 |
| | | | |||||
| * | | First attempt at refactor of os_firewall | Kenny Woodson | 2017-08-08 | 2 | -2/+45 |
| |/ | |||||
| * | hosted registry: Use proper node name in GlusterFS storage setup | Jose A. Rivera | 2017-07-14 | 1 | -1/+1 |
| | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
| * | Set OPENSHIFT_DEFAULT_REGISTRY in registry dc. | Andrew Butcher | 2017-06-30 | 1 | -0/+5 |
| | | |||||
| * | registry: look for the oc executable in /usr/local/bin and ~/bin | Giuseppe Scrivano | 2017-06-27 | 1 | -2/+2 |
| | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> | ||||
| * | Merge pull request #4484 from jarrpa/glusterfs-fixes-too | OpenShift Bot | 2017-06-19 | 1 | -1/+1 |
| |\ | | | | | Merged by openshift-bot | ||||
| | * | registry: mount GlusterFS storage volume from correct host | Jose A. Rivera | 2017-06-16 | 1 | -1/+1 |
| | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
| * | | Make rollout status check best-effort, add poll | Steve Kuznetsov | 2017-06-13 | 1 | -1/+24 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We cannot rely on the `watch.Until` call in the `rollout status` subcommand for the time being, so we need to ignore the result of this call. This will make the rollout status check best-effort, so we need to follow it with a poll for the actual status of the rollout, which we can extract from the `openshift.io/deployment.phase` annotation on the ReplicationControllers. This annotation can have only three values -- `Running`, `Complete` and `Failed`. If we poll on this attribute until we stop seeing `Running`, we can then inspect the last result for `Failed`; if it's present, we have failed the deployment. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com> | ||||
| * | | Verify the rollout status of the hosted router and registry | Steve Kuznetsov | 2017-06-09 | 1 | -0/+6 |
| |/ | | | | | | | | | | | | | | When deploying the hosted router and registry components, we need to ensure that they correctly roll out. The previous checks were weak in that they either simply waited for a set amount of time and/or did one replica check. They would fail if the router or registry took longer to deploy or if there were un-ready or failing replicas. The `oc rollout` command group contains the `status` endpoint for internalizing all of the logic for determining when a rollout has succeeded or failed, so simply using this client call will ensure that the router and registry correctly deploy. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com> | ||||
| * | Remove supported/implemented barrier for registry object storage providers. | Andrew Butcher | 2017-06-06 | 1 | -16/+0 |
| | | |||||
| * | Removing requirement to pass aws credentials | Eric Sauer | 2017-05-22 | 1 | -4/+0 |
| | | |||||
| * | GlusterFS: Allow swapping an existing registry's backend storage | Jose A. Rivera | 2017-05-04 | 2 | -1/+34 |
| | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
| * | hosted_registry: Get correct pod selector for GlusterFS storage | Jose A. Rivera | 2017-05-04 | 1 | -1/+9 |
| | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
| * | hosted registry: Fix typo | Jose A. Rivera | 2017-05-04 | 1 | -1/+1 |
| | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
| * | Allow for GlusterFS to provide registry storage | Jose A. Rivera | 2017-04-10 | 2 | -1/+56 |
| | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
| * | Add docker-registry.default.svc short name to registry service signing | Scott Dodson | 2017-04-03 | 1 | -1/+2 |
| | | |||||
| * | openshift_hosted: add openshift_hosted_registry_cert_expire_days parameter. | Slava Semushin | 2017-03-29 | 1 | -0/+1 |
| | | |||||
| * | Refactor and remove openshift_serviceaccount | Russell Teague | 2017-03-13 | 1 | -2/+14 |
| | | |||||
| * | Add oc_adm_policy_user task cluster-role policy | Russell Teague | 2017-03-02 | 1 | -0/+7 |
| | | |||||
| * | Correct config for hosted registry | Russell Teague | 2017-03-02 | 1 | -1/+2 |
| | | |||||
| * | Fixed error handling when oc adm ca create-server-cert fails. Fixed a logic ↵ | Kenny Woodson | 2017-03-01 | 1 | -1/+1 |
| | | | | | error in secure. | ||||
| * | Merge pull request #3493 from kwoodson/registry_reencyrpt_route | Scott Dodson | 2017-03-01 | 2 | -2/+33 |
| |\ | | | | | Adding support for a route with reencrypt and certificates. | ||||
| | * | removing extra when condition | Kenny Woodson | 2017-03-01 | 1 | -1/+0 |
| | | | |||||
| | * | Removing run_once. | Kenny Woodson | 2017-03-01 | 1 | -4/+0 |
| | | | |||||
| | * | Adding the activeDeadlineSeconds. Removed debug. | Kenny Woodson | 2017-03-01 | 1 | -11/+0 |
| | | | |||||
| | * | Separating routes so logic is simpler. | Kenny Woodson | 2017-03-01 | 1 | -6/+30 |
| | | | |||||
| | * | Defaulting variables properly to avoid undefined route in dict error. | Kenny Woodson | 2017-03-01 | 2 | -17/+16 |
| | | | |||||
| | * | Removed duplicate host param. | Kenny Woodson | 2017-02-28 | 1 | -1/+0 |
| | | | |||||
| | * | Modified base debug statements. Fixed oc_secret debug/verbose flag. Added ↵ | Kenny Woodson | 2017-02-28 | 2 | -17/+8 |
| | | | | | | | | | reencrypt for route. | ||||
| | * | Adding support for a route with certs and reencrypt. | Kenny Woodson | 2017-02-28 | 2 | -1/+35 |
| | | | |||||
| * | | Merge pull request #3515 from mtnbikenc/registry-pvc-fix | Russell Teague | 2017-02-28 | 1 | -2/+3 |
| |\ \ | |/ |/| | BZ1427009: Correct fact creation for pvc | ||||
| | * | Correct fact creation for pvc | Russell Teague | 2017-02-27 | 1 | -2/+3 |
| | | | |||||
| * | | Merge pull request #3512 from mtnbikenc/hosted-registry-service | Scott Dodson | 2017-02-27 | 1 | -0/+13 |
| |\ \ | | | | | | | BZ1427040: Create hosted registry service | ||||
| | * | | Create hosted registry service | Russell Teague | 2017-02-27 | 1 | -0/+13 |
| | |/ | |||||
| * / | Make s3_volume_mount available to set_fact call | Steve Milner | 2017-02-27 | 1 | -2/+3 |
| |/ | | | | | | 7cf5cc14 cleaned up how the registry was being created. However the s3 cloudfront calls ended up setting and using a fact in the same block. This change makes s3_volume_mount available to the set_fact. | ||||
| * | openshift_hosted: Update tasks to use oc_ modules | Russell Teague | 2017-02-24 | 5 | -302/+193 |
| | | |||||
| * | CloudFront oc_secret contents should be a list | Steve Milner | 2017-02-22 | 1 | -2/+2 |
| | | | | | | Fixes "argument contents is of type <type 'dict'> and we were unable to convert to list" | ||||
| * | Register cloudfront privkey when required | Steve Milner | 2017-02-16 | 1 | -9/+23 |
| | | |||||
| * | Merge pull request #3291 from ashcrow/oc-route-module | Jan Chaloupka | 2017-02-14 | 1 | -8/+8 |
| |\ | | | | | [WIP] oc route commands now using the oc_route module | ||||
| | * | oc route commands now using the oc_route module | Steve Milner | 2017-02-14 | 1 | -8/+8 |
| | | | |||||
| * | | Merge pull request #3306 from ingvagabund/oc_service | Jan Chaloupka | 2017-02-13 | 1 | -6/+5 |
| |\ \ | |/ |/| | replace 'oc service' command with its lib_openshift equivalent | ||||
| | * | replace 'oc service' command with its lib_openshift equivalent | Jan Chaloupka | 2017-02-11 | 1 | -6/+5 |
| | | | |||||
| * | | Merge pull request #3300 from ashcrow/oc-secret-module | Jan Chaloupka | 2017-02-11 | 1 | -8/+11 |
| |\ \ | | | | | | | WIP: oc secrets now done via oc_secret module | ||||
| | * | | oc secrets now done via oc_secret module | Steve Milner | 2017-02-10 | 1 | -8/+11 |
| | |/ | |||||
| * / | Replace service account secrets handling with oc_serviceaccount_secret module | Jan Chaloupka | 2017-02-10 | 2 | -20/+12 |
| |/ | |||||
| * | Copies CloudFront pem file to registry hosts | Steve Milner | 2017-02-06 | 1 | -0/+21 |
| | | | | | | | | | | | | | | This change copies the CloudFront private key to registry hosts when the provider is set to s3 and CloudFront baseurl, privatekey, and keyparid are all provided. It also adds the following variable examples in the host inventory files: - openshift_hosted_registry_storage_s3_cloudfront_baseurl - openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile - openshift_hosted_registry_storage_s3_cloudfront_keypairid See https://bugzilla.redhat.com/show_bug.cgi?id=1395168 | ||||
 |
index : csa/devops/ansible-patches/openshift.git | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiffstats |