| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue.
Add enclosing <store> tags to sample secure-forward.conf files
This fixes [BZ#1498398](https://bugzilla.redhat.com/show_bug.cgi?id=1498398)
The examples provided in the documentation to configure the secure forward mention the configuration must be enclosed between the <store> tag. For that I think the examples should include it as well.
See [3.6 Documentation](https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html#aggregated-fluentd)
~~~
<store>
@type secure_forward
self_hostname pod-${HOSTNAME}
shared_key thisisasharedkey
secure yes
enable_strict_verification yes
ca_cert_path /etc/fluent/keys/your_ca_cert
ca_private_key_path /etc/fluent/keys/your_private_key
ca_private_key_passphrase passphrase
<server>
host ose1.example.com
port 24284
</server>
<server>
host ose2.example.com
port 24284
standby
</server>
<server>
host ose3.example.com
port 24284
standby
</server>
</store>
~~~
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue.
Playbook Consolidation - openshift-checks
- Create playbooks/openshift-checks directory
- Move everything from playbooks/byo/openshift-checks to playbooks/openshift-checks
- Move everything from playbooks/common/openshift-checks to playbooks/openshift-checks/private
- Fix all include path references throughout playbooks/
Trello: https://trello.com/c/2Rx1uvjz/547-2-playbook-consolidation-openshift-checks
|
| | | |
|
|\ \ \
| | | |
| | | | |
GlusterFS: Add configuration for auto creating block-hosting volumes
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue.
Updating mtu value to int
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
fix the logging-es-prometheus selector
This PR fixes the the service selector for the prometheus service
|
| |/ / / / |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
Combine openshift_node and openshift_node_upgrade
Currently, having openshift_node and openshift_node_upgrade
as two distinct roles has created a duplication across
handlers, templates, and some tasks.
This commit combines the roles to reduce duplication
and bugs encountered by not putting code in both places.
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently, having openshift_node and openshift_node_upgrade
as two distinct roles has created a duplication across
handlers, templates, and some tasks.
This commit combines the roles to reduce duplication
and bugs encountered by not putting code in both places.
|
|\ \ \ \ \
| |_|/ / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue.
registry-console tech debt
Followup to https://github.com/openshift/openshift-ansible/pull/5829
Replaces https://github.com/openshift/openshift-ansible/pull/6093
Fixes the construction and checking of registry-console images to be as similar as it can get to those constructed from the traditional `oreg_url` without tacking on `ose-` or `origin-` to the base name.
I did not see a reason for having `registry.access.redhat.com/` as a hardcoded enterprise default so I took it out. Someone say something if there was a good reason for this.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
enable option to configure basename in image
docker_image_availability check: follow registry-console image options
|
| | | | |
| | | | |
| | | | |
| | | | | |
don't hardcode the enterprise registry; construct the image like origin
|
| | | | |
| | | | |
| | | | |
| | | | | |
don't hardcode the enterprise registry; construct the image like origin
|
| | | | |
| | | | |
| | | | |
| | | | | |
don't hardcode the enterprise registry; construct the image like origin
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
logging with static pvc: allow specifying the storage class name
See https://github.com/openshift/openshift-ansible/issues/6028 for more info and motivation.
|
| | | | | | |
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
Initial Kuryr Ports Pool Support
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This commits enables the ports pool driver when deploying kuryr
networking on top of OpenShift in containers. It also exposes
some configuration options such as the maximum and minimum pool
sizes, as well as the bulk subports creation size and the time
between pools update actions.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add the OpenStack provider
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This makes sure that all the variables used in the `openshift_openstack`
role are prefixed with `openshift_openstack_` as is the convention.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The `openstack_*_network_name` vars are strings, not booleans, so the
absense shouldn't really be marked by `False`.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Because the templates are present in a role, the `template` module is
able to look them up directly, without having to use `{{ role_path
}}/templates`.
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Most of the vars in `roles/openshift_openstack/defaults/main.yml` are
now prefixed with `openstack_`.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It's no longer being used.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The contents of roles/openshift_openstack/vars/main.yml were moved to
the defaults/main.yml file instead.
There are now duplication warnings we need to address, but the
deployment does still work.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The repo already contains the `rhel_subscribe` role so we should use
that instead.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This will mostly not work but it's a starting point.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The `openstack-stack` role is now under `openshift_openstack` and the
`openstack-create-cinder-registry` one will be added there, later.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
All the tasks that were previously in playbooks are now under
`roles/openshift_openstack`.
The `openshift-cluster` directory now only contains playbooks that
include tasks from that role. This makes the structure much closer to
that of the AWS provider.
|
| |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This moves all the OpenStack-related code from the -contrib[1] repo
including its git history to openshift-ansible. It will then be moved
around and updated to fit the rest of the project's structure.
[1]: https://github.com/openshift/openshift-ansible-contrib
|
| | |\ \ \ \ \ |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This let's us use the role on CentOS systems, as well as RHEL. In addition, it
installs docker and makes sure it's restarted (as opposed to just "started"
which has no effect when docker is already running).
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* Add flannel support
* Document Flannel SDN use case for a separate data network.
* Add post install step for flannel SDN
* Configure iptables rules as described for OCP 3.4 refarch
https://access.redhat.com/documentation/en-us/reference_architectures/2017/html/deploying_red_hat_openshift_container_platform_3.4_on_red_hat_openstack_platform_10/emphasis_manual_deployment_emphasis#run_ansible_installer
* Configure flannel interface options
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Use os_firewall from galaxy for required flannel rules
For flannel SDN:
* Add openshift-ansible as a galaxy dependency module.
* Use openshift-ansible/roles/os_firewall to apply DNS rules
for flanel SDN.
* Apply the remaining advanced rules with direct
iptables commands as os_firewall do not support advanced rules.
* Persist only iptables rules w/o dynamic KUBe rules. Those are
added runtime and need restoration after reboot or iptables restart.
* Configure and enable the masked iptables service on the app nodes.
Enable it to allow the in-memory rules to be persisted.
Disable firewalld, which is the expected default behavior of the
os_firewall module.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Allow access from nodes to masters' port 2379 when using flannel
Flannel requires to gather information from etcd to configure and
assign the subnets in the nodes, therefore, allow access from nodes to port 2379/tcp to the master security group.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* Added task to stop docker before templating config
* Rearranged storage roles in rhv install
|
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Merge server with nofloating server heat templates
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* Support separate data network for Flannel SDN
Document the use case for a separate flannel data network.
Allow Nova servers for openshift cluster to be provisioned
with that isolated data network created and connected to
masters, computes and infra nodes. Do not configure dns
nameservers and router for that network.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Fix flannel use cases with provider network
Provider network cannot be used with flannel SDN
as the latter requires a separate isolated network,
while the provider network is an externally managed
single network.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Drop unused data_net_name
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
(#747)
* Allow for the specifying of server policies during OpenStack provisioning
* documentation for openstack server group policies
* add doc link detailing allowed policies
* changed default to anti-affinity
|
| | |/ / / / / |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Following up on the initial port of the OpenStack roles from
casl-ansible to openshift-ansible-contrib. One of the points that was
brought up in the review was to drop the references to CASL in the
code since the code has now wider reach.
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* Required variables to create dedicated lv
https://bugzilla.redhat.com/show_bug.cgi?id=1490910#c11
* Fixed lint and added distribution to checks
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* Adding 'openstack-stack-delete' role to allow for easy de-provisioning
* Updated per etsauer's comments
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
When using a bastion and a single master, add the bastion node's public IP the public master's IP for the DNS record.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|