| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| | |
Add node_removal_policies variable to openstack provisioning to allow for scaling down
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
Fix flat sec group and infra/dns sec rules
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make flat sec group to only merge node/master/etcd sec rules.
Add basic dns/ssh sec group and assign it to all but dns node groups.
Assign only dns sec group for dns nodes.
Assign only infra (and basic) sec groups for ingra nodes.
Add security notes for openstack provider.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |/
|
|
|
|
| |
Prohibit sudoing for localhost played tasks, like DNS setup.
Re-use cached facts to speed up deployment.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Add a openstack_flat_secgroup, defaults to False.
When set, merges sec rules for master, node, etcd, infra nodes into a
single group. Less secure, but might help to mitigate quota limitations.
Update docs. Use timeout 30s to mitigate the error:
Timeout (12s) waiting for privilege escalation prompt.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When `node_ingress_cidr` to limit the IP range for the DNS server, this
can prevent the actual openshift nodes from accessing it as well.
This commit makes the access from the `openstack_subnet_prefix` always
pass through and uses `node_ingress_cidr` for additional
access control.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Updated to use nsupdate for DNS records
* Updated formatting of dict
* Updating descriptive text
* Support for external DNS config
* Upgrading jinja2 to work correctly with latest templates
* Latest update for nsupdate
* Updated to use nsupdate for DNS records
* Updated formatting of dict
* Updating descriptive text
* Support for external DNS config
* Latest update for nsupdate
* Updated to support external public/private DNS server(s)
* Updated DNS server handling
* Updated DNS server handling
* Updated DNS server handling
* Eliminated the from the sample inventories
* Updated sample inventory to point to 2 separate DNS servers for private/public
* Playbook clean-up
* Adding 'python-dns'
* splitting subscription manager calls to allow for a clean pre-install playbook
|
| |
|
|
|
|
|
|
| |
* First attempt at a simple multi-master support
* Removing unneeded inventory
* adding default number of masters and lower number of nodes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Refactored openstack-stack role to:
- Convert static heat template files to ansible templates
- Include native ansible groups via openstack metadata. This removes the need for a playbook to map host groups
- Some code cleanup
* Deleting commentd out code and irrelevant plays
* Refactored openstack-stack role to:
- Convert static heat template files to ansible templates
- Include native ansible groups via openstack metadata. This removes the need for a playbook to map host groups
- Some code cleanup
* Deleting commentd out code and irrelevant plays
* Replacing stack parameters with jinja expressions
* Updating sample inventory to work with latest dynamic inventory changes
* updating inventory with host group mapping. making sync keys optional
* Missing cluster_hosts group
* Updating to add infra_hosts
* Updating inventory per comments from oybed and sabre1041
|
| | |
|
|
|
* Adding a role to invoke openstack heat
* Adding readme
* Pulling parameters out to inventory file
* start of end-to-end playbook
* More enhancements and refactoring to make dynamic inventory the driver for an openshift install
* Switching to variable substituted path to config.yaml playbook
* Changes to allow defining of number of nodes/infranodes.
* Added labels to inventory
* Start of end-to-end functionality
* Enhancements to support openstack heat provisioning
* Updating inventory sample to remove some deprecation warnings
* Working towards making the secure-registry role 'become' aware
* Fixing node labels and removing secure-registry as it's no longer needed
* No longer need insecure registry line, as installer will secure our registry
* Adjusted dynamic inventory to filter by clusterid
* Minor updates to dynamic inventory bug
* Adding a refactored sample inventory directory
* Refactoring playbooks for better directory structure, and to narrow down host groups
* Adding volume mounts to heat template
* Moving dns playbooks back to original location
* Fixing incorrect file path
* Cleaning up inventory samples
* One more hostname to clean up
* Changing var name
* changed openshift-provision to openshift-prep
* Adjusting current provision script to avoid breakage by new openstack-heat code
|
