| Age | Commit message (Collapse) | Author |
|---|
|
|
|
etcd runs some actions locally to copy certs from the
CA cert host. This commit ensures that we respect
the end user's intended behavior with become
when using 'anisble_become' in the inventory.
Other roles with similar tasks have been modified
in the same manner.
We shouldn't hard-code become behavior as it can be
unexpected for the end user.
This only currently works in the CI because the CI
passes the '-b' argument on the command line, which
will override the task behavior.
|
|
openshift_docker_use_system_container might be passed
in via ini inventory as 'openshift_docker_use_system_container=false'
This condition will be interpreted as a string type, instead of
boolean.
Casting openshift_docker_use_system_container as bool
will achieve the users desired intent.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1528943
|
|
We set these variables using facts in init, no need
to duplicate the logic all around the codebase.
|
|
This commit relocates filter_plugings to lib_utils,
changes the namespacing to prevent unintended use of
older versions that may be present in filter_plugins/
directory on existing installs.
Add lib_utils to meta depends for roles
Also consolidate some plugins into lib_utils from
various other areas.
Update rpm spec, obsolete plugin rpms.
|
|
|
|
|
|
This commit removes any references to versions < 1.5/3.5
We assume the version is always greater than or equal to 1.5/3.5.
|
|
|
|
|
|
|
|
|
|
localhost' temporary directory cleanup actions to local_actions.
|
|
This change allows for the use of either the traditional package install
of docker OR a system container install of docker.
Two new inventory options, openshift_docker_use_system_container and
openshift_docker_systemcontainer_image_registry_override, have been
added which are be used to install with a system container. By default
this option is commented out.
One new fact has been added:
- docker.service_name: docker by default, container-engine-docker
for system container
|
|
|
|
|
|
|
|
|
|
* Ansible systemd module used in place of service module
* Refactored command tasks which are no longer necessary
* Applying rules from openshift-ansible Best Practices Guide
|
|
containerized.
|
|
Found bug syncing binaries to containerized hosts where if a symlink was
pre-existing, but pointing to the wrong destination, it would not be
corrected.
Switched to using oc adm instead of oadm.
|
|
- Default to hosted_registry_insecure=False
- Add openshift ca to system ca-trust.
- Update ca trust in openshift_node_certificates rather than docker_ca_trust
|
|
|
|
|
|
openshift ca bundle.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
copied from https://github.com/eparis/kubernetes-ansible/blob/17f98edd7ff53e649b43e26822b8fbc0be42b233/roles/common/tasks/main.yml
|
|
|
|
|
|
- Ability to specify multiple masters
- configures the CA only a single time on the first master
- creates and distributes additional certs for additional master hosts
- Depending on the status of openshift_master_cluster_defer_ha (defaults to
False) one of two actions are taken when multiple masters are defined
1. If openshift_master_cluster_defer_ha is true
a. Certs/configs for all masters are deployed
b. openshift-master service is only started and enabled on the master
c. HA configuration is expected to be handled by the user manually after
the completion of the playbook run.
2. If oepnshift_master_cluster_defer_ha is false or undefined
a. Certs/configs for all masters are deployed
b. a Pacemaker/RHEL HA cluster is configured
i. VIPs are configured based on the values of
openshift_master_cluster_vip and
openshift_master_cluster_plublic_vip
ii. The openshift-master service is configured as an active/passive
cluster service
|
|
- Add support to bin/cluster for specifying etcd hosts
- defaults to 0, if no etcd hosts are selected, then configures embedded
etcd
- Updates for the byo inventory file for etcd and master as node by default
- Consolidation of cluster logic more centrally into common playbook
- Added etcd config support to playbooks
- Restructured byo playbooks to leverage the common openshift-cluster playbook
- Added support to common master playbook to generate and apply external etcd
client certs from the etcd ca
- start of refactor for better handling of master certs in a multi-master
environment.
- added the openshift_master_ca and openshift_master_certificates roles to
manage master certs instead of generating them in the openshift_master
role
- added etcd host groups to the cluster update playbooks
- aded better handling of host groups when they are either not present or are
empty.
- Update AWS readme
|
|
- fix firewall conflict issues with co-located etcd and openshift hosts
- added os_firewall dependency to etcd role
- updated etcd template to better handle clustered and non-clustered installs
- added etcd_ca role
- generates a self-signed cert to manage etcd certificates, since etcd peer
certificates are required to be client and server certs and the openshift
ca will only generate client or server certs (not one authorized for
both).
- renamed openshift_etcd_certs role to etcd_certificates and updated it to
manage certificates generated from the CA managed by the etcd_ca role
- remove hard coded etcd_port in openshift_facts
- updates for the openshift-etcd common playbook
- removed etcd and openshift-etcd playbooks from the byo playbooks directory
- added a common playbook for setting etcd launch facts
- added an openshift-etcd common service playbook
- removed unused variables
- fixed tests for embedded_{etcd,dns,kube} in openshift_master
- removed old workaround for reloading systemd units
|
|
|
|
Remove openshift-deployer.kubeconfig from master template
Sync config template
Update enterprise image names
Switch to node auto registration
Add deployer to list of serviceAccountConfig.managedNames
Move package installation before registering facts
change default kubeconfig location
Change system:openshift-client to system:openshift-master
Rename node cert/key/kubeconfig per openshift/origin#3160
Update references to /var/lib/openshift/openshift.local.certificates
|
