summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master_certificates
Commit message (Collapse)AuthorAgeFilesLines
* Correct the list of certificates checked in openshift_master_certificates ↵Andrew Butcher2018-02-051-17/+8
| | | | s.t. masters do not incorrectly report that master certs are missing.
* Move more plugins to lib_utilsMichael Gugino2018-01-101-0/+1
| | | | | | | This commit continues moving plugins into lib_utils. This commit does not move any plugins for add-on roles such as logging and metrics.
* Chmod temp dirs created on localhostMichael Gugino2018-01-091-0/+5
| | | | | | | | | | | | | | | After remove become:no statements on local_action tasks, we need to ensure that the proper file permssions are applied to local temp directories. This reason for this is that the 'fetch' module does not use 'become' for the localhost, just the remote host. Additionally, users may not wish for the localhost to become during a fetch. local_action will execute with whatever permissions are specified in inventory or via cli.
* Remove become statementsMichael Gugino2018-01-091-2/+0
| | | | | This commit removes become:no statements that break the installer in various ways.
* Remove openshift.common.{is_atomic|is_containerized}Michael Gugino2017-12-201-2/+2
| | | | | We set these variables using facts in init, no need to duplicate the logic all around the codebase.
* Relocate filter plugins to lib_utilsMichael Gugino2017-12-182-9/+10
| | | | | | | | | | | | | | This commit relocates filter_plugings to lib_utils, changes the namespacing to prevent unintended use of older versions that may be present in filter_plugins/ directory on existing installs. Add lib_utils to meta depends for roles Also consolidate some plugins into lib_utils from various other areas. Update rpm spec, obsolete plugin rpms.
* Removed old version codeMichael Gugino2017-11-141-5/+1
| | | | | | This commit removes any references to versions < 1.5/3.5 We assume the version is always greater than or equal to 1.5/3.5.
* Separate certificate playbooks.Andrew Butcher2017-10-021-3/+1
|
* Generate loopback kubeconfig separately to preserve OpenShift CA certificate.Andrew Butcher2017-06-271-1/+1
|
* Use local openshift.master.loopback_url when generating initial master ↵Andrew Butcher2017-06-021-3/+3
| | | | loopback kubeconfigs.
* Remove use of local_action with delegate_to and switch 'delegate_to: ↵Andrew Butcher2017-05-161-3/+2
| | | | localhost' temporary directory cleanup actions to local_actions.
* Fix additional master cert & client config creation.Andrew Butcher2017-05-081-2/+2
|
* Remove set operations from openshift_master_certificates iteration.Andrew Butcher2017-05-021-4/+4
|
* openshift_master_certificates: add openshift_master_cert_expire_days parameter.Slava Semushin2017-03-293-0/+9
|
* BZ1414276 - Quote ansible_ssh_user when determining group idScott Dodson2017-02-221-1/+1
| | | | | So that domain users of the format 'dom\user' may be used for ansible_ssh_user
* Restructure certificate redeploy playbooksAndrew Butcher2017-02-021-0/+10
|
* g_master_mktemp in openshift-master conflicts with openshift_master_certificatesRich Megginson2017-01-191-4/+4
|
* Ensure serial certificate generation for node and master certificates.Andrew Butcher2017-01-171-10/+17
|
* Create individual serving cert and loopback kubeconfig for additional masters.Andrew Butcher2017-01-161-16/+28
| | | | | | Deprecates use of 'create-master-certs' for generating master serving certificate and loopback kubeconfig in order to reference the first master's CA serial file.
* Switch from "oadm" to "oc adm" and fix bug in binary sync.Devan Goodwin2016-10-191-1/+1
| | | | | | | | Found bug syncing binaries to containerized hosts where if a symlink was pre-existing, but pointing to the wrong destination, it would not be corrected. Switched to using oc adm instead of oadm.
* Link ca to ca-bundle when ca-bundle does not exist.Andrew Butcher2016-08-231-0/+26
|
* Support for redeploying certificates.Andrew Butcher2016-08-111-7/+47
|
* Add options for specifying named ca certificates to be added to the ↵Andrew Butcher2016-08-012-5/+9
| | | | openshift ca bundle.
* Refactor openshift certificates roles.Andrew Butcher2016-07-204-29/+133
|
* Revert openshift-certificates changes.Andrew Butcher2016-05-304-131/+29
|
* Consolidate ca/master/node certificates roles into openshift_certificates.Andrew Butcher2016-05-194-29/+131
|
* Cleanup various deprecation warnings.Andrew Butcher2016-04-291-4/+4
|
* Use inventory_hostname for openshift master certs to sync.Andrew Butcher2016-02-291-1/+1
|
* Synchronize master kube configsAndrew Butcher2016-02-261-0/+9
|
* Generate each master's certificates separately.Andrew Butcher2016-02-161-29/+5
|
* Add gte check for 3.2, update version checks to gteJason DeTiberus2016-02-091-1/+1
|
* Containerization work by @sdodsonScott Dodson2015-12-151-0/+2
|
* Merge pull request #796 from abutcher/master-proxy-certsBrenton Leanhardt2015-11-061-9/+14
|\ | | | | Fix issue with master.proxy-client.{crt,key} and omit.
| * Fix issue with master.proxy-client.{crt,key} and omit.Andrew Butcher2015-11-021-9/+14
| |
* | remove debug linetalset2015-11-041-3/+0
| |
* | [roles/openshift_master_certificates/tasks/main.yml] Fix variable ↵talset2015-11-041-1/+1
| | | | | | | | openshift.master.all_hostnames to openshift.common.all_hostnames
* | Add all the possible servicenames to openshift_all_hostnames for mastersScott Dodson2015-11-031-0/+2
|/
* Move version greater_than_fact into openshift_factsAndrew Butcher2015-10-221-2/+2
|
* Don't include proxy client cert when <3.1 or <1.1Andrew Butcher2015-10-221-2/+3
|
* Add openshift_version to set RPM versionsScott Dodson2015-09-031-2/+0
| | | | Mostly necessary for debugging / testing upgrade paths
* Atomic Enterprise related changes.Avesh Agarwal2015-08-261-2/+2
|
* Copy more master certs for HA masterJason DeTiberus2015-07-231-0/+16
|
* Initial HA masterJason DeTiberus2015-07-172-7/+12
| | | | | | | | | | | | | | | | | | | | | | - Ability to specify multiple masters - configures the CA only a single time on the first master - creates and distributes additional certs for additional master hosts - Depending on the status of openshift_master_cluster_defer_ha (defaults to False) one of two actions are taken when multiple masters are defined 1. If openshift_master_cluster_defer_ha is true a. Certs/configs for all masters are deployed b. openshift-master service is only started and enabled on the master c. HA configuration is expected to be handled by the user manually after the completion of the playbook run. 2. If oepnshift_master_cluster_defer_ha is false or undefined a. Certs/configs for all masters are deployed b. a Pacemaker/RHEL HA cluster is configured i. VIPs are configured based on the values of openshift_master_cluster_vip and openshift_master_cluster_plublic_vip ii. The openshift-master service is configured as an active/passive cluster service
* Playbook updates for clustered etcdJason DeTiberus2015-07-104-0/+80
- Add support to bin/cluster for specifying etcd hosts - defaults to 0, if no etcd hosts are selected, then configures embedded etcd - Updates for the byo inventory file for etcd and master as node by default - Consolidation of cluster logic more centrally into common playbook - Added etcd config support to playbooks - Restructured byo playbooks to leverage the common openshift-cluster playbook - Added support to common master playbook to generate and apply external etcd client certs from the etcd ca - start of refactor for better handling of master certs in a multi-master environment. - added the openshift_master_ca and openshift_master_certificates roles to manage master certs instead of generating them in the openshift_master role - added etcd host groups to the cluster update playbooks - aded better handling of host groups when they are either not present or are empty. - Update AWS readme
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 18:14:07 +0000