| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
This commit removes any references to versions < 1.5/3.5
We assume the version is always greater than or equal to 1.5/3.5.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
Allow cluster IP for docker-registry service to be set
For historical reasons a small set of programs in our environments rely
on the cluster-internal Docker registry having the IP address
"172.30.1.1". So far we always had to patch in that address manually.
Adding a variable on the "openshift_hosted" role allows the IP address
to be set correctly when a cluster is installed.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
For historical reasons a small set of programs in our environments rely
on the cluster-internal Docker registry having the IP address
"172.30.1.1". So far we always had to patch in that address manually.
Adding a variable on the "openshift_hosted" role allows the IP address
to be set correctly when a cluster is installed.
|
| |/ |
|
| |
|
|
| |
auto-generated wildcard certificate or custom openshift_hosted_router_certificate.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently, openshift_hosted role duplicates some logic
across separate task chains. This commit cleans up
the openshift_hosted role and converts it to be
primarily used with include_role to give better
logic to the playbooks that utilize this role.
This commit also refactors the playbook that calls
various openshift_hosted roles into individual playbooks.
This allows more granularity for advanced users.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue
hot fix for env variable resolve
If we use environment variables in our inventory files (and from what I seen we do this everywhere where We deploy OCP) our fact engine ignores env variables so if my path looks like
```
openshift_hosted_registry_routecertificates={"certfile": "{{inventory_dir}}/../files/certs/wildcard.registry.company.local.crt", "keyfile": "{{inventory_dir}}/../files/certs/wildcard.registry.companylocal.key", "cafile":"{{inventory_dir}}/../files/certs/CompanyLocalRootCA.crt"}
openshift_hosted_registry_routehost=containers.registry.comany.local
```
the result is: `/../files/certs/RoSLocalRootCA.crt`
We need to fix our fact set in a long run to read Ansible variables. And it was done in the same way with router certificates already.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
This workaround prevents the warnings on using Jinja2 templating
delimiters in `when:` conditions in cases where a variable is used as
the conditional. This has been fixed in Ansible 2.4.
https://github.com/ansible/ansible/pull/25092
|
| |\ \
| | |
| | | |
Merged by openshift-bot
|
| | | | |
|
| | |/ |
|
| |\ \
| | |
| | | |
Merged by openshift-bot
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Add missing hostnames to registry cert
|
| | | | | |
|
| |\ \ \ \
| |/ / /
|/| | | |
AWS Provisioning with scale groups.
|
| | |/ / |
|
| |\ \ \
| |_|/
|/| | |
Allow GCS object storage to be configured
|
| | |/
| |
| |
| |
| |
| | |
Previously, setting the GCS registry object storage settings resulted in
an invalid configuration. This generates a registry-config secret that
has the correct file if the GCS config is set.
|
| |\ \
| |/
|/| |
Refactor openshift_hosted's docker-registry route setup
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have identified an issue where a docker-registry service set up
as 'reencrypt' with a provided certificate and a self-signed certificate
on the pod does not authorize users to push images.
If the docker-registry service is set up as 'passthrough' with the
same provided certificate, everything works.
In light of this, this commit essentially adds support for configuring
provided certificates with a passthrough route while maintaining backwards
compatibility with the other use cases.
The default remains 'passthrough' with self-generated certificates.
Other miscellaneous changes include:
- Move fact setup that were only used in secure.yml there
- Omit the hostname for the route if there are none to configure,
oc_route takes care of handling the default
- Replace hardcoded /etc/origin/master by openshift_master_config_dir
|
| | |
| |
| |
| | |
file.
|
| | | |
|
| | | |
|
| |\ \
| |/
|/| |
Router wildcard certificate created by default
|
| | | |
|
| | | |
|
| |/
|
|
| |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
| |
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1463131
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\
| |
| | |
Merged by openshift-bot
|
| | |
| |
| |
| | |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We cannot rely on the `watch.Until` call in the `rollout status`
subcommand for the time being, so we need to ignore the result of this
call. This will make the rollout status check best-effort, so we need to
follow it with a poll for the actual status of the rollout, which we can
extract from the `openshift.io/deployment.phase` annotation on the
ReplicationControllers. This annotation can have only three values --
`Running`, `Complete` and `Failed`. If we poll on this attribute until
we stop seeing `Running`, we can then inspect the last result for
`Failed`; if it's present, we have failed the deployment.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
When deploying the hosted router and registry components, we need to
ensure that they correctly roll out. The previous checks were weak in
that they either simply waited for a set amount of time and/or did one
replica check. They would fail if the router or registry took longer to
deploy or if there were un-ready or failing replicas. The `oc rollout`
command group contains the `status` endpoint for internalizing all of
the logic for determining when a rollout has succeeded or failed, so
simply using this client call will ensure that the router and registry
correctly deploy.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| |
|
|
| |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| |
|
|
| |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
