| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
Split prometheus image defaults to prefix and version
To allow easier testing and deployment from different repos, image defaults were split to prefix and version that can be set externally.
bz: https://bugzilla.redhat.com/show_bug.cgi?id=1493431
|
| | |
| |
| |
| |
| |
| | |
To allow easier testing and deployment from different repos, image defaults were split to prefix and version that can be set externally.
bz: https://bugzilla.redhat.com/show_bug.cgi?id=1493431
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
smarterclayton/allow_per_node_group_bootstrap_and_image
Automatic merge from submit-queue.
Handle bootstrap behavior in GCP template
Allow each node group to request bootstrap, allow per node group image
override, and ensure the provision logic does not wait for bootstrapping
node groups before continuing.
This is an incremental step to allow GCP clusters to use bootstrap logic
on cluster deploy without having fully baked images. We will switch over
slowly and ensure both code paths function. Then we can remove this as
necessary.
For metadata, we set the cluster id and bootstrap state into instance metadata. On GCP, we'll use project metadata to set the bootstrap kubeconfig file and a startup-script to call it (not in a PR yet).
Pairs with openshift/origin-gce#54 @kwoodson
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow each node group to request bootstrap, allow per node group image
override, and ensure the provision logic does not wait for bootstrapping
node groups before continuing.
This is an incremental step to allow GCP clusters to use bootstrap logic
on cluster deploy without having fully baked images. We will switch over
slowly and ensure both code paths function.
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Bug 1452939 - change imagePullPolicy in logging and metrics
cc: @jcantrill
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
- all images logging and metrics change their default imagePullPolicy
from Always to IfNotPresent
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue.
Fix a few small issues in service catalog uninstall
* Service catalog install was not re-creating the apiserver.crt and apiserver.key files when generating certs. But the ca.crt and ca.key files were being re-created. This was causing non-verifiable certs to be used when service catalog was uninstalled and re-installed. The service catalog installer was changed to delete the apiserver.crt and apiserver.key files so that they are re-created using the new ca.crt and ca.key files.
* The asb auth token secret was not being deleted correctly and causing the uninstaller to fail.
* The asb uninstaller was attempting to delete the broker registration from the service catalog. However, the service catalog is uninstalled first. When the asb uninstaller would fail when attempting to delete the ClusterServiceBroker. The uninstaller was changed to verify that the servicecatalog APIService exists first before attempting to delete the ClusterServiceBroker.
* The service catalog uninstaller was attempting to delete policybindings. The server does not have a resource type name policybinding. I do not know what the intention is there, but I have commented out that part of the uninstaller.
|
| | | | | | |
|
| | | | | | |
|
| | |/ / / |
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue.
Enable oreg_auth credential replace during upgrades
Currently, upgrades run a docker image pull prior to
upgrading masters and nodes for containerized installs.
If using a secure registry, and a user wishes to upgrade
their credentials due to expiry, the image pull will fail.
This commit ensures docker login credentials are updated
during upgrades, if necessary.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently, upgrades run a docker image pull prior to
upgrading masters and nodes for containerized installs.
If using a secure registry, and a user wishes to upgrade
their credentials due to expiry, the image pull will fail.
This commit ensures docker login credentials are updated
during upgrades, if necessary.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
|
| |\ \ \ \
| | | | |
| | | | | |
Remove incorrect validation for OpenIDIdentityProvider
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently, OpenIDIdentityProvider does not support
'challenge=true' in openshift-ansible.
This is incorrect, the auth plugin OpenIDIdentityProvider
does support this.
This commit removes the unnecessary validation of
challenge key.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1444367
Fixes: https://github.com/openshift/openshift-ansible/issues/4417
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue.
Fix edit and admin role patching for service catalog
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1496694.
Update the jinja files used to patch the edit and admin ClusterRoles so that it uses the new resource names of ServiceInstances and ServiceBindings.
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
Ensure upgrades apply latest journald settings
Currently, existing clusters might not have journald
configurations applied. This may result in a rate-
limiting of important log messages on openshift-masters.
This commit ensures that journald settings are applied
during the upgrade process openshif-masters.
Fixes: https://github.com/openshift/openshift-ansible/issues/5642
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Currently, existing clusters might not have journald
configurations applied. This may result in a rate-
limiting of important log messages on openshift-masters.
This commit ensures that journald settings are applied
during the upgrade process openshif-masters.
Fixes: https://github.com/openshift/openshift-ansible/issues/5642
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Switch to stateful set in prometheus
|
| | | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | | |
Also update prometheus and alert-buffer image versions, and add prometheus, and oauth-proxy arguments to align with origin template
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Automatic merge from submit-queue.
Avoid undefined variable in master sysconfig template
When "openshift_master_controllers_env_vars" is set, but
"openshift_master_api_env_vars" isn't, the template for the sysconfig
file of atomic-openshift-master fails:
AnsibleUndefinedVariable: 'dict object' has no attribute 'api_env_vars'
Avoid this issue by applying "default({})" to the dict and always
calling ".items()".
|
| | |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When "openshift_master_controllers_env_vars" is set, but
"openshift_master_api_env_vars" isn't, the template for the sysconfig
file of atomic-openshift-master fails:
AnsibleUndefinedVariable: 'dict object' has no attribute 'api_env_vars'
Avoid this issue by applying "default({})" to the dict and always
calling ".items()".
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Ensure proper variable templating for skopeo auth credentials
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Currently, docker_image_availability.py plugin check is
using the raw strings for variables from task_vars.
This results in any variables that utilized within the
plugin to be un-templated. For instance, if variable
"x" is set to "{{ y }}" and y is set to "2", one
would expect that x == 2 inside the plugin. Currently,
the plugin will use the string "{{ y }}" for the value
of x instead of templating the variable.
This commit ensures skopeo registry auth credentials
are templated properly.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500698
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Add nfs variables documentation to README file
|
| | | |/ / / / /
| |/| | | | |
| | | | | | |
| | | | | | | |
Add documentation of external nfs variables
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Updating to use same image as origin until enterprise image is built
|
| | | |_|_|_|/ /
| |/| | | | |
| | | | | | |
| | | | | | | |
specified
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Automatic merge from submit-queue.
cli: do not pull again the image when using Docker
When CRI-O is used and the CLI image is already pulled into Docker
then use it also for copying the CLI files to the host instead of
pulling it once again in the ostree storage.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |_|_|_|_|/
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
When CRI-O is used and the CLI image is already pulled into Docker
then use it also for copying the CLI files to the host instead of
pulling it once again in the ostree storage.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Add variable to control whether NetworkManager hook is installed
|
| | | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
We control /etc/resolv.conf and parts of the dnsmasq configuration via
Puppet in our environment. The hook ends up overwriting the managed
configuration.
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Automatic merge from submit-queue.
docker: Move enterprise registry from pkg to main
|
| | |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860
Signed-off-by: Steve Milner <smilner@redhat.com>
|
| |\ \ \ \ \ \ \
| |_|_|_|_|_|/
|/| | | | | | |
Bug 1496426 - Update ansible-service-broker configuration to use proper certs and permissions
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | |_|/ / /
| |/| | | |
| | | | | |
| | | | | | |
namespace
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
Always ensure atomic.conf is configured for system containers.
A new openshift_atomic role has been created for atomic specific tasks.
The first task added is proxy which handles updating /etc/atomic.conf to
ensure the proper proxy configuration is configured. This task file is
then included (via include_role) in system container related task files.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903
|
| | | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
A new openshift_atomic role has been created for atomic specific tasks.
The first task added is proxy which handles updating /etc/atomic.conf to
ensure the proper proxy configuration is configured. This task file is
then included (via include_role) in system container related task files.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903
Signed-off-by: Steve Milner <smilner@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Use "requests" for CPU resources instead of limits
|
| | | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We now use a CPU request to ensure logging infrastructure pods are
not capped by default for CPU usage. It is still important to ensure
we have a minimum amount of CPU.
We keep the use of the variables *_cpu_limit so that the existing
behavior is maintained.
Note that we don't want to cap an infra pod's CPU usage by default,
since we want to be able to use the necessary resources to complete
it's tasks.
Bug 1501960 (https://bugzilla.redhat.com/show_bug.cgi?id=1501960)
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Fix undefined variable for master upgrades
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Currently, oreg_auth_credentials_replace is undefined
during master upgrades.
This commit ensures this variable is defined during
upgrades.
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[bz1491399] Adding pre check to verify clusterid is set along with cloudprovider when performing upgrade.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
performing upgrade.
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Check for container runtime prior to restarting when updating system CA trust.
|
| | | |_|_|_|_|/
| |/| | | | | |
|
