Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge pull request #5178 from sdodson/fix-registry-cert | Scott Dodson | 2017-08-25 | 1 | -0/+3 |
|\ | | | | | Add missing hostnames to registry cert | ||||
| * | Add missing hostnames to registry cert | Scott Dodson | 2017-08-23 | 1 | -0/+3 |
| | | |||||
* | | Merge pull request #5011 from kwoodson/provision | Scott Dodson | 2017-08-23 | 1 | -28/+30 |
|\ \ | |/ |/| | AWS Provisioning with scale groups. | ||||
| * | First attempt at provisioning. | Kenny Woodson | 2017-08-21 | 1 | -28/+30 |
| | | |||||
* | | Merge pull request #5120 from smarterclayton/allow_gcs_registry | Scott Dodson | 2017-08-23 | 2 | -2/+14 |
|\ \ | | | | | | | Allow GCS object storage to be configured | ||||
| * | | Allow GCS object storage to be configured | Clayton Coleman | 2017-08-17 | 2 | -2/+14 |
| |/ | | | | | | | | | | | Previously, setting the GCS registry object storage settings resulted in an invalid configuration. This generates a registry-config secret that has the correct file if the GCS config is set. | ||||
* | | Merge pull request #4254 from dmsimard/registry_certs | Scott Dodson | 2017-08-21 | 4 | -49/+138 |
|\ \ | |/ |/| | Refactor openshift_hosted's docker-registry route setup | ||||
| * | Refactor openshift_hosted's docker-registry route setup | David Moreau-Simard | 2017-07-23 | 4 | -49/+138 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have identified an issue where a docker-registry service set up as 'reencrypt' with a provided certificate and a self-signed certificate on the pod does not authorize users to push images. If the docker-registry service is set up as 'passthrough' with the same provided certificate, everything works. In light of this, this commit essentially adds support for configuring provided certificates with a passthrough route while maintaining backwards compatibility with the other use cases. The default remains 'passthrough' with self-generated certificates. Other miscellaneous changes include: - Move fact setup that were only used in secure.yml there - Omit the hostname for the route if there are none to configure, oc_route takes care of handling the default - Replace hardcoded /etc/origin/master by openshift_master_config_dir | ||||
* | | Updated README to reflect refactor. Moved firewall initialize into separate ↵ | Kenny Woodson | 2017-08-10 | 1 | -2/+2 |
| | | | | | | | | file. | ||||
* | | Adding a default condition and removing unneeded defaults. | Kenny Woodson | 2017-08-09 | 1 | -4/+4 |
| | | |||||
* | | First attempt at refactor of os_firewall | Kenny Woodson | 2017-08-08 | 2 | -2/+45 |
|/ | |||||
* | hosted registry: Use proper node name in GlusterFS storage setup | Jose A. Rivera | 2017-07-14 | 1 | -1/+1 |
| | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | Set OPENSHIFT_DEFAULT_REGISTRY in registry dc. | Andrew Butcher | 2017-06-30 | 1 | -0/+5 |
| | |||||
* | registry: look for the oc executable in /usr/local/bin and ~/bin | Giuseppe Scrivano | 2017-06-27 | 1 | -2/+2 |
| | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> | ||||
* | Merge pull request #4484 from jarrpa/glusterfs-fixes-too | OpenShift Bot | 2017-06-19 | 1 | -1/+1 |
|\ | | | | | Merged by openshift-bot | ||||
| * | registry: mount GlusterFS storage volume from correct host | Jose A. Rivera | 2017-06-16 | 1 | -1/+1 |
| | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | | Make rollout status check best-effort, add poll | Steve Kuznetsov | 2017-06-13 | 1 | -1/+24 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | We cannot rely on the `watch.Until` call in the `rollout status` subcommand for the time being, so we need to ignore the result of this call. This will make the rollout status check best-effort, so we need to follow it with a poll for the actual status of the rollout, which we can extract from the `openshift.io/deployment.phase` annotation on the ReplicationControllers. This annotation can have only three values -- `Running`, `Complete` and `Failed`. If we poll on this attribute until we stop seeing `Running`, we can then inspect the last result for `Failed`; if it's present, we have failed the deployment. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com> | ||||
* | | Verify the rollout status of the hosted router and registry | Steve Kuznetsov | 2017-06-09 | 1 | -0/+6 |
|/ | | | | | | | | | | | | | | When deploying the hosted router and registry components, we need to ensure that they correctly roll out. The previous checks were weak in that they either simply waited for a set amount of time and/or did one replica check. They would fail if the router or registry took longer to deploy or if there were un-ready or failing replicas. The `oc rollout` command group contains the `status` endpoint for internalizing all of the logic for determining when a rollout has succeeded or failed, so simply using this client call will ensure that the router and registry correctly deploy. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com> | ||||
* | Remove supported/implemented barrier for registry object storage providers. | Andrew Butcher | 2017-06-06 | 1 | -16/+0 |
| | |||||
* | Removing requirement to pass aws credentials | Eric Sauer | 2017-05-22 | 1 | -4/+0 |
| | |||||
* | GlusterFS: Allow swapping an existing registry's backend storage | Jose A. Rivera | 2017-05-04 | 2 | -1/+34 |
| | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | hosted_registry: Get correct pod selector for GlusterFS storage | Jose A. Rivera | 2017-05-04 | 1 | -1/+9 |
| | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | hosted registry: Fix typo | Jose A. Rivera | 2017-05-04 | 1 | -1/+1 |
| | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | Allow for GlusterFS to provide registry storage | Jose A. Rivera | 2017-04-10 | 2 | -1/+56 |
| | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> | ||||
* | Add docker-registry.default.svc short name to registry service signing | Scott Dodson | 2017-04-03 | 1 | -1/+2 |
| | |||||
* | openshift_hosted: add openshift_hosted_registry_cert_expire_days parameter. | Slava Semushin | 2017-03-29 | 1 | -0/+1 |
| | |||||
* | Refactor and remove openshift_serviceaccount | Russell Teague | 2017-03-13 | 1 | -2/+14 |
| | |||||
* | Add oc_adm_policy_user task cluster-role policy | Russell Teague | 2017-03-02 | 1 | -0/+7 |
| | |||||
* | Correct config for hosted registry | Russell Teague | 2017-03-02 | 1 | -1/+2 |
| | |||||
* | Fixed error handling when oc adm ca create-server-cert fails. Fixed a logic ↵ | Kenny Woodson | 2017-03-01 | 1 | -1/+1 |
| | | | | error in secure. | ||||
* | Merge pull request #3493 from kwoodson/registry_reencyrpt_route | Scott Dodson | 2017-03-01 | 2 | -2/+33 |
|\ | | | | | Adding support for a route with reencrypt and certificates. | ||||
| * | removing extra when condition | Kenny Woodson | 2017-03-01 | 1 | -1/+0 |
| | | |||||
| * | Removing run_once. | Kenny Woodson | 2017-03-01 | 1 | -4/+0 |
| | | |||||
| * | Adding the activeDeadlineSeconds. Removed debug. | Kenny Woodson | 2017-03-01 | 1 | -11/+0 |
| | | |||||
| * | Separating routes so logic is simpler. | Kenny Woodson | 2017-03-01 | 1 | -6/+30 |
| | | |||||
| * | Defaulting variables properly to avoid undefined route in dict error. | Kenny Woodson | 2017-03-01 | 2 | -17/+16 |
| | | |||||
| * | Removed duplicate host param. | Kenny Woodson | 2017-02-28 | 1 | -1/+0 |
| | | |||||
| * | Modified base debug statements. Fixed oc_secret debug/verbose flag. Added ↵ | Kenny Woodson | 2017-02-28 | 2 | -17/+8 |
| | | | | | | | | reencrypt for route. | ||||
| * | Adding support for a route with certs and reencrypt. | Kenny Woodson | 2017-02-28 | 2 | -1/+35 |
| | | |||||
* | | Merge pull request #3515 from mtnbikenc/registry-pvc-fix | Russell Teague | 2017-02-28 | 1 | -2/+3 |
|\ \ | |/ |/| | BZ1427009: Correct fact creation for pvc | ||||
| * | Correct fact creation for pvc | Russell Teague | 2017-02-27 | 1 | -2/+3 |
| | | |||||
* | | Merge pull request #3512 from mtnbikenc/hosted-registry-service | Scott Dodson | 2017-02-27 | 1 | -0/+13 |
|\ \ | | | | | | | BZ1427040: Create hosted registry service | ||||
| * | | Create hosted registry service | Russell Teague | 2017-02-27 | 1 | -0/+13 |
| |/ | |||||
* / | Make s3_volume_mount available to set_fact call | Steve Milner | 2017-02-27 | 1 | -2/+3 |
|/ | | | | | | 7cf5cc14 cleaned up how the registry was being created. However the s3 cloudfront calls ended up setting and using a fact in the same block. This change makes s3_volume_mount available to the set_fact. | ||||
* | openshift_hosted: Update tasks to use oc_ modules | Russell Teague | 2017-02-24 | 5 | -302/+193 |
| | |||||
* | CloudFront oc_secret contents should be a list | Steve Milner | 2017-02-22 | 1 | -2/+2 |
| | | | | | Fixes "argument contents is of type <type 'dict'> and we were unable to convert to list" | ||||
* | Register cloudfront privkey when required | Steve Milner | 2017-02-16 | 1 | -9/+23 |
| | |||||
* | Merge pull request #3291 from ashcrow/oc-route-module | Jan Chaloupka | 2017-02-14 | 1 | -8/+8 |
|\ | | | | | [WIP] oc route commands now using the oc_route module | ||||
| * | oc route commands now using the oc_route module | Steve Milner | 2017-02-14 | 1 | -8/+8 |
| | | |||||
* | | Merge pull request #3306 from ingvagabund/oc_service | Jan Chaloupka | 2017-02-13 | 1 | -6/+5 |
|\ \ | |/ |/| | replace 'oc service' command with its lib_openshift equivalent |