| Age | Commit message (Collapse) | Author |
|---|
|
Right now this is only available on fedora so guard it with
openshift_enable_unsupported_configurations
|
|
In Ansible 2.2, the include_role directive came into existence as
a Tech Preview. It is still a Tech Preview through Ansible 2.4
(and in current devel branch), but with a noteable change. The
default behavior switched from static: true to static: false
because that functionality moved to the newly introduced
import_role directive (in order to stay consistent with include*
being dynamic in nature and `import* being static in nature).
The dynamic include is considerably more memory intensive as it will
dynamically create a role import for every host in the inventory
list to be used. (Also worth noting, there is at the time of this
writing an object allocation inefficiency in the dynamic include
that can in certain situations amplify this effect considerably)
This change is meant to mitigate the pressure on memory for the
Ansible control host.
We need to evaluate where it makes sense to dynamically include roles
and revert back to dynamic inclusion if and where it makes sense to do
so.
|
|
|
|
When a package install/update fails due to network blips or other spotty
availability, retry it. If the failure is a real failure (e.g. package
is really not there) it still fails after 3 tries (Ansible default).
|
|
|
|
If os_firewall role is called from within a play that uses serial then
it was attempting to start iptables on hosts that may not have had
iptables installed on them yet. So limit the hosts to the current batch.
According to the ansible docs on plays where serial is unused this is
the same as ansible_play_hosts.
See http://docs.ansible.com/ansible/latest/playbooks_variables.html
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
|
|
|
|
* Remove openshift_facts dependency
* Move firewall initialization from std_include.yml to
openshift_cluster/config.yml
Installing firewall packages is only necessary during OpenShift
installation.
|
|
Start iptables on each master in serial
|
|
file.
|
|
Fix task hanging when running from a master
|
|
|
|
We did this in 3.5 but never on master and we never came back to add
migration support. So we'll revert this on master and if/when we add
migration support we'll switch the default.
|
|
In a project where contributors are free to use whatever editor they
want and we have linting tools that verify the proper formatting of
Python files, it should not be required to have a vim-specific line in
Python files.
|
|
|
|
|
|
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1436964
|
|
|
|
|
|
|
|
|
|
Sets the appropriate config field if openshift_node_port_range is set
and also configures filewalls on each node. firewalld already supports
port ranges like "30000-32000", while iptables needs that value
converted to the correct "30000:32000" form for use with `--dport`.
If not set, no node ports are opened.
|
|
|
|
|
|
|
|
`systemctl show` would exit with RC=1 for non-existent services in v231.
This caused the Ansible systemd module to exit with a failure of running the
`systemctl show` command instead of exiting stating the service was not found.
This change catches both failures on either older or newer versions of systemd.
The change in systemd exit status could be resolved in systemd v232.
https://github.com/systemd/systemd/commit/3dced37b7c2c9a5c733817569d2bbbaa397adaf7
|
|
Make os_firewall_manage_iptables run on python3
|
|
Refactor os_firewall role
|
|
It fail with that traceback:
Traceback (most recent call last):
File \"/tmp/ansible_ib5gpbsp/ansible_module_os_firewall_manage_iptables.py\", line 273, in <module>
main()
File \"/tmp/ansible_ib5gpbsp/ansible_module_os_firewall_manage_iptables.py\", line 257, in main
iptables_manager.add_rule(port, protocol)
File \"/tmp/ansible_ib5gpbsp/ansible_module_os_firewall_manage_iptables.py\", line 87, in add_rule
self.verify_chain()
File \"/tmp/ansible_ib5gpbsp/ansible_module_os_firewall_manage_iptables.py\", line 82, in verify_chain
self.create_jump()
File \"/tmp/ansible_ib5gpbsp/ansible_module_os_firewall_manage_iptables.py\", line 142, in create_jump
input_rules = [s.split() for s in output.split('\\n')]
|
|
* Remove unneeded tasks duplicated by new module functionality
* Ansible systemd module has 'masked' and 'daemon_reload' options
* Ansible firewalld module has 'immediate' option
|
|
The Ansible package module will call the correct package manager for the
underlying OS.
|
|
The docker role requires iptables-services to be installed. Added
dependency on so_firewall role to ensure the iptables service is
installed first. Currently this will only work with iptables and
not with firewalld.
* Added allow_duplicates to os_firewall role meta
* Removed unused task from docker/tasks
* Corrected os_firewall Defaults in README
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Prevents roles that need common facts from needing to require
openshift_common, which pulls in the openshift binary.
- Add dependency on openshift_facts to os_firewall, since it uses
openshift.common facts
|
|
|
|
Add ability to disable os_firewall
|
|
|
|
|
|
|
|
|
|
copied from https://github.com/eparis/kubernetes-ansible/blob/17f98edd7ff53e649b43e26822b8fbc0be42b233/roles/common/tasks/main.yml
|
|
|
|
- ansible bootstrap playbook for Fedora 23+
- add conditionals to handle yum vs dnf
- add Fedora OpenShift COPR
- update BYO host README for repo configs and fedora bootstrap
Fix typo in etcd README, remove unnecessary parens in openshift_node main.yml
rebase on master, update package cache refresh handler for yum vs dnf
Fix typo in etcd README, remove unnecessary parens in openshift_node main.yml
|
|
|
|
- remove exception if INPUT rules are not found, gce centos-7 image is stripped of
default rules
- ignore_errors for systemctl mask operation, fails with permission denied on
gce centos-7 image.
|
