| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
Contiv multi-master and other fixes
Contiv's etcd was not being deployed correctly when using more than
one master. To make it easier to manage, it has been moved into a
k8s container.
The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error. This has been moved into
a k8s container for easier management.
The firewall was too permissive on several ports. Many were open to
the world when they should have only been accessible inside the
cluster.
Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role. Now all the
contiv specific role variables start with 'contiv_'.
The api proxy's default self-signed certificate was bundled with the
role. This means someone with read-only MITM access and this key
could decrypt traffic. Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Contiv's etcd was not being deployed correctly when using more than
one master. To make it easier to manage, it has been moved into a
k8s container.
The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error. This has been moved into
a k8s container for easier management.
The firewall was too permissive on several ports. Many were open to
the world when they should have only been accessible inside the
cluster.
Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role. Now all the
contiv specific role variables start with 'contiv_'.
The api proxy's default self-signed certificate was bundled with the
role. This means someone with read-only MITM access and this key
could decrypt traffic. Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.
|
|\ \
| |/
|/| |
Add missing dependency on openshift_facts
|
| | |
|
|\ \
| | |
| | | |
Install web console server
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Remove become=no from etcd cert tasks
etcd runs some actions locally to copy certs from the
CA cert host.
We shouldn't hard-code become behavior as it can be
unexpected for the end user.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
etcd runs some actions locally to copy certs from the
CA cert host. This commit ensures that we respect
the end user's intended behavior with become
when using 'anisble_become' in the inventory.
Other roles with similar tasks have been modified
in the same manner.
We shouldn't hard-code become behavior as it can be
unexpected for the end user.
This only currently works in the CI because the CI
passes the '-b' argument on the command line, which
will override the task behavior.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit ensures that oreg_url is properly templated
by ansible before being consumed in the logic.
This commit also adds a method to the base health check
class to detect if self._templar is none, and return
the appropriate templated/untemplated version of the
variable. This is mostly for unit tests.
|
|\ \ \ \
| | | | |
| | | | | |
Add origin- prefix to ASB image
|
| | | | | |
|
|\ \ \ \ \
| | |_|_|/
| |/| | | |
Migrate to import_role for static role inclusion
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In Ansible 2.2, the include_role directive came into existence as
a Tech Preview. It is still a Tech Preview through Ansible 2.4
(and in current devel branch), but with a noteable change. The
default behavior switched from static: true to static: false
because that functionality moved to the newly introduced
import_role directive (in order to stay consistent with include*
being dynamic in nature and `import* being static in nature).
The dynamic include is considerably more memory intensive as it will
dynamically create a role import for every host in the inventory
list to be used. (Also worth noting, there is at the time of this
writing an object allocation inefficiency in the dynamic include
that can in certain situations amplify this effect considerably)
This change is meant to mitigate the pressure on memory for the
Ansible control host.
We need to evaluate where it makes sense to dynamically include roles
and revert back to dynamic inclusion if and where it makes sense to do
so.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue.
OpenStack provisioning -- support cns.
Initial support for CNS nodes during OpenShift on OpenStack provisioning.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | | |
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1529478
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
mgugino-upstream-stage/cast-bool-openshift_docker_use_system_container
Automatic merge from submit-queue.
Cast openshift_docker_use_system_container to bool
openshift_docker_use_system_container might be passed
in via ini inventory as 'openshift_docker_use_system_container=false'
This condition will be interpreted as a string type, instead of
boolean.
Casting openshift_docker_use_system_container as bool
will achieve the users desired intent.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1528943
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
openshift_docker_use_system_container might be passed
in via ini inventory as 'openshift_docker_use_system_container=false'
This condition will be interpreted as a string type, instead of
boolean.
Casting openshift_docker_use_system_container as bool
will achieve the users desired intent.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1528943
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
Add docker auth credentials to system container install
This commit adds docker auth credentials mount to
system container systemd unit file.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1514324
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This commit adds docker auth credentials mount to
system container systemd unit file.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1514324
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
Remove oauth_template bits from openshift_facts
This commit moves some deprecated variable logic
outside of openshift_facts and into role defaults.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This commit moves some deprecated variable logic
outside of openshift_facts and into role defaults.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Automatic merge from submit-queue.
Correct kublet_args cloud-provider directories
This commit updates kublet_args to correct
cloudprovider configuration file locaitons.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1527203
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This commit updates kublet_args to correct
cloudprovider configuration file locaitons.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1527203
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Automatic merge from submit-queue.
Move wait_for_pods to it's own play openshift_hosted
Currently, both registry and router pods need to
be polled for successful deployment.
Somtimes this can take up to a minute.
This commit attempts to deploy both pods
before polling either. This should reduce
the average wait time for polling pods by 50%
as time spent polling the first will also allow
the second pod to continue it's own deployment.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Currently, both registry and router pods need to
be polled for successful deployment.
Somtimes this can take up to a minute.
This commit attempts to deploy both pods
before polling either. This should reduce
the average wait time for polling pods by 50%
as time spent polling the first will also allow
the second pod to continue it's own deployment.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Automatic merge from submit-queue.
Update logging to use existing cluster deployment for defaults
This will allow us to use logging facts to set defaults of specific configurations such as ES index replicas and shard count.
The update to logging facts yields us output like:
```json
"elasticsearch": {
"clusterrolebindings": {},
"configmaps": {
"logging-elasticsearch": {
"elasticsearch.yml": {
"cloud": {
"kubernetes": {
"namespace": "${NAMESPACE}",
"pod_label": "${POD_LABEL}",
"pod_port": 9300
}
},
"cluster": {
"name": "${CLUSTER_NAME}"
},
"discovery": {
"type": "kubernetes",
"zen.minimum_master_nodes": "${NODE_QUORUM}",
"zen.ping.multicast.enabled": false
},
"gateway": {
"expected_nodes": "${RECOVER_EXPECTED_NODES}",
"recover_after_nodes": "${NODE_QUORUM}",
"recover_after_time": "${RECOVER_AFTER_TIME}"
},
"index": {
"number_of_replicas": 0,
"number_of_shards": 1,
"translog": {
"flush_threshold_period": "5m",
"flush_threshold_size": "256mb"
},
"unassigned.node_left.delayed_timeout": "2m"
},
"io.fabric8.elasticsearch.authentication.users": [
"system.logging.kibana",
"system.logging.fluentd",
"system.logging.curator",
"system.admin"
],
```
TODO:
- [x] Update logging facts to pull out settings from config maps
- [x] Move `openshift_sanitize_inventory/library/conditional_set_fact.py` up to repo level
- [x] Generate diffs against currently deployed configs and correctly patch in custom changes from customers
- [x] Use `conditional_set_fact` to easily set defaults for logging based on logging facts, or falling back to role defaults when not specified in the inventory
- [x] Update all components to follow patching configmaps
|
| | |/ / / / /
| |/| | | | |
| | | | | | |
| | | | | | | |
files, use diffs to keep custom changes, white list certain settings when creating diffs
|
|\ \ \ \ \ \ \
| |_|_|_|/ / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Automatic merge from submit-queue.
Bug 1527178 - installation of logging stack failed: Invalid version s…
…pecified for Elasticsearch
openshift_logging_{curator,elasicsearch,fluentd,kibana,mux}/vars/main.yml:
- adding "3_8" to __allowed_.*_versions
- replacing the value of __latest_.*_version "3_6" with "3_8".
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1527178
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
specified for Elasticsearch
openshift_logging_{curator,elasicsearch,fluentd,kibana,mux}/vars/main.yml:
- adding "3_8" to __allowed_.*_versions
- replacing the value of __latest_.*_version "3_6" with "3_8".
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Remove bootstrap.yml from main.yml in openshift_node role
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This commit utilizes include_role for bootstrapping the
node instead of conditional include of tasks now that
the node role has no meta includes that have tasks.
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
Adding no_log to registry_auth.
We were seeing credentials show up in our jenkins logs. We'd prefer if they were not logged. I'm not sure the repercussions but these are sensitive and probably should be `no_log`.
|
| | | | | | |
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
Laying config files down in a daemonset pod.
Work to have daemonset config laydown files for nodes used with golden images.
Based on the original work from @smarterclayton https://github.com/openshift/origin/pull/17351
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Move openshift_deployment_type check into sanity_check
action plugin. Remove compatibility for deployment_type.
deployment_type has been deprecated for some time now.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Move more checks outside of init/main.yml for
speeding up upgrades and other operational plays that
need to run.
|
| |_|/ / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This commit moves sanity_checks tasks into a custom
action plugin that is only run against a single host.
This will result in a large reduction of tasks during initialization
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We set these variables using facts in init, no need
to duplicate the logic all around the codebase.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Adding support for docker-storage-setup on overlay
|
| |/ / / / |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
Move node group tags to openshift_aws_{master,node}_group.
Move node groups tags to `openshift_aws_{master,node}_group` variables as discussed below.
|
| | |_|_|/
| |/| | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add readiness probe to kuryr controller pod
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This commits adds a readiness probe to the kuryr controller
when the kuryr ports pool functionality is enabled. This way
the controller will not be set as ready until all the pre-created
ports have been loaded into their respective pools and are ready
to be used by the pods.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Add CentOS-OpenShift-Origin37 repo template.
|