summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #6507 from nbartos/continerOpenShift Merge Robot2018-01-0751-568/+905
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Contiv multi-master and other fixes Contiv's etcd was not being deployed correctly when using more than one master. To make it easier to manage, it has been moved into a k8s container. The api proxy was hardcoded to an old version (1.1.1), and in some environments would run into a docker error. This has been moved into a k8s container for easier management. The firewall was too permissive on several ports. Many were open to the world when they should have only been accessible inside the cluster. Many of the contiv role variables were not prefixed with 'contiv', which may end up clobbering variables from another role. Now all the contiv specific role variables start with 'contiv_'. The api proxy's default self-signed certificate was bundled with the role. This means someone with read-only MITM access and this key could decrypt traffic. Granted a user defined certificate from a trusted CA should be used in a production environment, it is still better to generate one in each environment when one is not provided.
| * Use Contiv version 1.2.0Nick Bartos2018-01-086-8/+14
| |
| * Contiv multi-master and other fixesNick Bartos2018-01-0850-565/+896
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Contiv's etcd was not being deployed correctly when using more than one master. To make it easier to manage, it has been moved into a k8s container. The api proxy was hardcoded to an old version (1.1.1), and in some environments would run into a docker error. This has been moved into a k8s container for easier management. The firewall was too permissive on several ports. Many were open to the world when they should have only been accessible inside the cluster. Many of the contiv role variables were not prefixed with 'contiv', which may end up clobbering variables from another role. Now all the contiv specific role variables start with 'contiv_'. The api proxy's default self-signed certificate was bundled with the role. This means someone with read-only MITM access and this key could decrypt traffic. Granted a user defined certificate from a trusted CA should be used in a production environment, it is still better to generate one in each environment when one is not provided.
* | Merge pull request #6637 from sdodson/missing-openshift-factsMichael Gugino2018-01-071-0/+1
|\ \ | |/ |/| Add missing dependency on openshift_facts
| * Add missing dependency on openshift_factsScott Dodson2018-01-061-0/+1
| |
* | Merge pull request #6359 from spadgett/web-console-serverScott Dodson2018-01-0616-0/+250
|\ \ | | | | | | Install web console server
| * | Install web console serverSamuel Padgett2018-01-0516-0/+250
| | |
* | | Merge pull request #6597 from mgugino-upstream-stage/etc-remove-become-noOpenShift Merge Robot2018-01-057-54/+43
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Remove become=no from etcd cert tasks etcd runs some actions locally to copy certs from the CA cert host. We shouldn't hard-code become behavior as it can be unexpected for the end user.
| * | | Remove become=no from various roles and tasksMichael Gugino2018-01-055-50/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | etcd runs some actions locally to copy certs from the CA cert host. This commit ensures that we respect the end user's intended behavior with become when using 'anisble_become' in the inventory. Other roles with similar tasks have been modified in the same manner. We shouldn't hard-code become behavior as it can be unexpected for the end user. This only currently works in the CI because the CI passes the '-b' argument on the command line, which will override the task behavior.
| * | | Fix docker_image_availability checksMichael Gugino2018-01-052-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit ensures that oreg_url is properly templated by ansible before being consumed in the logic. This commit also adds a method to the base health check class to detect if self._templar is none, and return the appropriate templated/untemplated version of the variable. This is mostly for unit tests.
* | | | Merge pull request #6511 from fabianvf/asb-origin-prefixScott Dodson2018-01-051-1/+1
|\ \ \ \ | | | | | | | | | | Add origin- prefix to ASB image
| * | | | Add origin- prefix to ASB imageFabian von Feilitzsch2017-12-181-1/+1
| | | | |
* | | | | Merge pull request #6627 from sdodson/import_roleScott Dodson2018-01-0520-38/+38
|\ \ \ \ \ | | |_|_|/ | |/| | | Migrate to import_role for static role inclusion
| * | | | Migrate to import_role for static role inclusionScott Dodson2018-01-0520-38/+38
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Ansible 2.2, the include_role directive came into existence as a Tech Preview. It is still a Tech Preview through Ansible 2.4 (and in current devel branch), but with a noteable change. The default behavior switched from static: true to static: false because that functionality moved to the newly introduced import_role directive (in order to stay consistent with include* being dynamic in nature and `import* being static in nature). The dynamic include is considerably more memory intensive as it will dynamically create a role import for every host in the inventory list to be used. (Also worth noting, there is at the time of this writing an object allocation inefficiency in the dynamic include that can in certain situations amplify this effect considerably) This change is meant to mitigate the pressure on memory for the Ansible control host. We need to evaluate where it makes sense to dynamically include roles and revert back to dynamic inclusion if and where it makes sense to do so.
* | | | Merge pull request #6532 from jmencak/heat_stack-cnsOpenShift Merge Robot2018-01-053-0/+102
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. OpenStack provisioning -- support cns. Initial support for CNS nodes during OpenShift on OpenStack provisioning.
| * | | | OpenStack provisioning -- support cns.Jiri Mencak2018-01-023-0/+102
| | | | |
* | | | | crio: create /etc/sysconfig/crio-storageGiuseppe Scrivano2018-01-051-0/+6
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | crio: configure proxy variablesGiuseppe Scrivano2018-01-052-0/+14
| |/ / / |/| | | | | | | | | | | | | | | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1529478 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Add gluster 3.9 templatesScott Dodson2018-01-037-0/+152
| | | |
* | | | Merge pull request #6586 from ↵OpenShift Merge Robot2018-01-038-10/+10
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mgugino-upstream-stage/cast-bool-openshift_docker_use_system_container Automatic merge from submit-queue. Cast openshift_docker_use_system_container to bool openshift_docker_use_system_container might be passed in via ini inventory as 'openshift_docker_use_system_container=false' This condition will be interpreted as a string type, instead of boolean. Casting openshift_docker_use_system_container as bool will achieve the users desired intent. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1528943
| * | | | Cast openshift_docker_use_system_container to boolMichael Gugino2018-01-028-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | openshift_docker_use_system_container might be passed in via ini inventory as 'openshift_docker_use_system_container=false' This condition will be interpreted as a string type, instead of boolean. Casting openshift_docker_use_system_container as bool will achieve the users desired intent. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1528943
* | | | | Merge pull request #6581 from mgugino-upstream-stage/fix-syscontainer-reg-authOpenShift Merge Robot2018-01-021-1/+7
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Add docker auth credentials to system container install This commit adds docker auth credentials mount to system container systemd unit file. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1514324
| * | | | | Add docker auth credentials to system container installMichael Gugino2018-01-021-1/+7
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds docker auth credentials mount to system container systemd unit file. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1514324
* | | | | Merge pull request #6522 from mgugino-upstream-stage/oauth_templateOpenShift Merge Robot2018-01-024-25/+11
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Remove oauth_template bits from openshift_facts This commit moves some deprecated variable logic outside of openshift_facts and into role defaults.
| * | | | | Remove oauth_template bits from openshift_factsMichael Gugino2017-12-214-25/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit moves some deprecated variable logic outside of openshift_facts and into role defaults.
* | | | | | Merge pull request #6583 from mgugino-upstream-stage/aws-creds-locationOpenShift Merge Robot2018-01-021-3/+3
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Correct kublet_args cloud-provider directories This commit updates kublet_args to correct cloudprovider configuration file locaitons. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1527203
| * | | | | | Correct kublet_args cloud-provider directoriesMichael Gugino2018-01-021-3/+3
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit updates kublet_args to correct cloudprovider configuration file locaitons. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1527203
* | | | | | Merge pull request #6557 from mgugino-upstream-stage/delay-hosted-waitOpenShift Merge Robot2018-01-024-32/+9
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Move wait_for_pods to it's own play openshift_hosted Currently, both registry and router pods need to be polled for successful deployment. Somtimes this can take up to a minute. This commit attempts to deploy both pods before polling either. This should reduce the average wait time for polling pods by 50% as time spent polling the first will also allow the second pod to continue it's own deployment.
| * | | | | | Move wait_for_pods to it's own play openshift_hostedMichael Gugino2017-12-214-32/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, both registry and router pods need to be polled for successful deployment. Somtimes this can take up to a minute. This commit attempts to deploy both pods before polling either. This should reduce the average wait time for polling pods by 50% as time spent polling the first will also allow the second pod to continue it's own deployment.
* | | | | | | Merge pull request #5894 from ewolinetz/logging_defaults_from_existingOpenShift Merge Robot2018-01-0213-67/+312
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Update logging to use existing cluster deployment for defaults This will allow us to use logging facts to set defaults of specific configurations such as ES index replicas and shard count. The update to logging facts yields us output like: ```json "elasticsearch": { "clusterrolebindings": {}, "configmaps": { "logging-elasticsearch": { "elasticsearch.yml": { "cloud": { "kubernetes": { "namespace": "${NAMESPACE}", "pod_label": "${POD_LABEL}", "pod_port": 9300 } }, "cluster": { "name": "${CLUSTER_NAME}" }, "discovery": { "type": "kubernetes", "zen.minimum_master_nodes": "${NODE_QUORUM}", "zen.ping.multicast.enabled": false }, "gateway": { "expected_nodes": "${RECOVER_EXPECTED_NODES}", "recover_after_nodes": "${NODE_QUORUM}", "recover_after_time": "${RECOVER_AFTER_TIME}" }, "index": { "number_of_replicas": 0, "number_of_shards": 1, "translog": { "flush_threshold_period": "5m", "flush_threshold_size": "256mb" }, "unassigned.node_left.delayed_timeout": "2m" }, "io.fabric8.elasticsearch.authentication.users": [ "system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin" ], ``` TODO: - [x] Update logging facts to pull out settings from config maps - [x] Move `openshift_sanitize_inventory/library/conditional_set_fact.py` up to repo level - [x] Generate diffs against currently deployed configs and correctly patch in custom changes from customers - [x] Use `conditional_set_fact` to easily set defaults for logging based on logging facts, or falling back to role defaults when not specified in the inventory - [x] Update all components to follow patching configmaps
| * | | | | | | Updating logging_facts to be able to pull values from config maps yaml ↵Eric Wolinetz2018-01-0213-67/+312
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | files, use diffs to keep custom changes, white list certain settings when creating diffs
* | | | | | | Merge pull request #6523 from nhosoi/allowed_versionsOpenShift Merge Robot2018-01-025-10/+10
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Bug 1527178 - installation of logging stack failed: Invalid version s… …pecified for Elasticsearch openshift_logging_{curator,elasicsearch,fluentd,kibana,mux}/vars/main.yml: - adding "3_8" to __allowed_.*_versions - replacing the value of __latest_.*_version "3_6" with "3_8". Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1527178
| * | | | | | Bug 1527178 - installation of logging stack failed: Invalid version ↵Noriko Hosoi2017-12-275-10/+10
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | specified for Elasticsearch openshift_logging_{curator,elasicsearch,fluentd,kibana,mux}/vars/main.yml: - adding "3_8" to __allowed_.*_versions - replacing the value of __latest_.*_version "3_6" with "3_8".
* | | | | | Merge pull request #6554 from mgugino-upstream-stage/bootstrap-to-include-roleMichael Gugino2018-01-021-4/+0
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Remove bootstrap.yml from main.yml in openshift_node role
| * | | | | Remove bootstrap.yml from main.yml in openshift_node roleMichael Gugino2017-12-211-4/+0
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | This commit utilizes include_role for bootstrapping the node instead of conditional include of tasks now that the node role has no meta includes that have tasks.
* | | | | Merge pull request #6497 from kwoodson/remove_docker_credsOpenShift Merge Robot2017-12-231-0/+2
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Adding no_log to registry_auth. We were seeing credentials show up in our jenkins logs. We'd prefer if they were not logged. I'm not sure the repercussions but these are sensitive and probably should be `no_log`.
| * | | | | Adding no_log to registry_auth.Kenny Woodson2017-12-151-0/+2
| | | | | |
* | | | | | Merge pull request #6462 from kwoodson/daemonset_configOpenShift Merge Robot2017-12-234-0/+222
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Laying config files down in a daemonset pod. Work to have daemonset config laydown files for nodes used with golden images. Based on the original work from @smarterclayton https://github.com/openshift/origin/pull/17351
| * | | | | daemonset config role.Kenny Woodson2017-12-214-0/+222
| | | | | |
* | | | | | Remove references to deployment_typeMichael Gugino2017-12-2121-59/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move openshift_deployment_type check into sanity_check action plugin. Remove compatibility for deployment_type. deployment_type has been deprecated for some time now.
* | | | | | Move validate_hosts to prerequisites.ymlMichael Gugino2017-12-203-3/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move more checks outside of init/main.yml for speeding up upgrades and other operational plays that need to run.
* | | | | | Move sanity_checks into custom action pluginMichael Gugino2017-12-201-0/+96
| |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit moves sanity_checks tasks into a custom action plugin that is only run against a single host. This will result in a large reduction of tasks during initialization
* | | | | Remove openshift.common.{is_atomic|is_containerized}Michael Gugino2017-12-20113-313/+247
| | | | | | | | | | | | | | | | | | | | | | | | | We set these variables using facts in init, no need to duplicate the logic all around the codebase.
* | | | | Merge pull request #6524 from kwoodson/docker_storage_setup_overlayScott Dodson2017-12-203-0/+36
|\ \ \ \ \ | | | | | | | | | | | | Adding support for docker-storage-setup on overlay
| * | | | | Adding support for docker-storage-setup on overlayKenny Woodson2017-12-193-0/+36
| |/ / / /
* | | | | Merge pull request #6509 from abutcher/asg-tagsOpenShift Merge Robot2017-12-193-14/+15
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Move node group tags to openshift_aws_{master,node}_group. Move node groups tags to `openshift_aws_{master,node}_group` variables as discussed below.
| * | | | | Move node group tags to openshift_aws_{master,node}_group.Andrew Butcher2017-12-183-14/+15
| | |_|_|/ | |/| | |
* | | | | Merge pull request #6062 from luis5tb/readinessMichael Gugino2017-12-191-0/+7
|\ \ \ \ \ | | | | | | | | | | | | Add readiness probe to kuryr controller pod
| * | | | | Add readiness probe to kuryr controller podLuis Tomas Bolivar2017-11-081-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commits adds a readiness probe to the kuryr controller when the kuryr ports pool functionality is enabled. This way the controller will not be set as ready until all the pre-created ports have been loaded into their respective pools and are ready to be used by the pods.
* | | | | | Merge pull request #6510 from abutcher/centos37Scott Dodson2017-12-191-0/+27
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add CentOS-OpenShift-Origin37 repo template.