summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFilesLines
* os_firewall fixesJason DeTiberus2015-03-092-32/+46
| | | | | | | - Fix variable references to os_firewall_{allow,deny} instead of {allow, deny} - Fix ordering of service stop/start to ensure firewall rules are properly initiated after service startup - Add test for package installed before attempting to disable or mask services
* start fixing os_firewall issuesJason DeTiberus2015-03-066-22/+17
| | | | | - Fix missed references to old firewall scripts - Fix variable name references that didn't get updated
* Merge pull request #101 from detiber/SdnWhoopsThomas Wiest2015-03-061-4/+4
|\ | | | | Fix issues with openshift_sdn_node
| * Fix issues with openshift_sdn_nodeJason DeTiberus2015-03-061-4/+4
| | | | | | | | | | | | | | - Use openshift_hostname (set from openshift_common) instead of calculating it again using the openshift_common variables - Fix the task setting facts for openshift_sdn_node that was using references to master instead
* | Merge pull request #99 from detiber/openshiftRegisterNodeFixesThomas Wiest2015-03-061-36/+90
|\ \ | | | | | | openshift_register_node module fixes
| * | openshift_register_node module fixesJason DeTiberus2015-03-061-36/+90
| |/ | | | | | | | | | | | | | | | | | | | | - Set parameters resources and cpu/memory as mutually exclusive - Add parameters for setting the client_user, client_context and client_cluster - This allows the module to ensure it is using the proper context for operation - Node resources weren't properly being registered - wrapped node definition object in a config object to rectify - Reduce default to 75% Total Memory instead of 80% - Don't bother running osc create node if node is already in osc get nodes output
* | Merge pull request #98 from detiber/copyNotEnvKubeconfigThomas Wiest2015-03-063-8/+36
|\ \ | | | | | | Do not set KUBECONFIG for root user
| * | Do not set KUBECONFIG for root userJason DeTiberus2015-03-063-8/+36
| |/ | | | | | | | | | | | | - instead of setting KUBECONFIG, copy the admin kubeconfig to /root/.kube/.kubeconfig in the openshift_master and openshift_node roles - pause for 30 seconds if the openshift-master service has changed state, since the file we are copying is generated by the master
* / Provide default value for openshift_node_ipsJason DeTiberus2015-03-061-0/+1
|/ | | | | | | | | | | | | | | | | - openshift_node_ips now defaults to [] - Previously an empty --nodes in /etc/sysconfig/master would result in the master creating a node for the localhost. The latest Origin and OSE builds now only create the implicit localhost node if run as openshift, not openshift-master. We can now safely default to setting no nodes in /etc/sysconfig/master and having nodes register themselves with the master when they come up via the 'Register node (if not already registered)' task in roles/openshift_node/tasks/main.yml) - This had an associated change for the byo scripts that had not been merged into master yet, but this PR changes the behavior of the openshift_master role to not fail if openshift_node_ips is not set. This also prevents having the openshift_master service restarted when a node is added.
* rename base_os role to os_env_extras, move application to end since it just ↵Jason DeTiberus2015-03-053-1/+1
| | | | sets environment configs for root user
* refactor firewall management into new roleJason DeTiberus2015-03-0512-59/+477
| | | | | | | | | | | | | | | | | - Add os_firewall role - Remove firewall settings from base_os, add wait task to os_firewall - Added a iptables firewall module for maintaining the following (in a mostly naive manner): - ensure the OPENSHIFT_ALLOW chain is defined - ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW - adds or removes entries from the OPENSHIFT_ALLOW chain - issues '/usr/libexec/iptables/iptables.init save' when rules are changed - Limitations of iptables firewall module - only allows setting of ports/protocols to open - no testing on ipv6 support - made os_firewall a dependency of openshift_common - Hardcoded openshift_common to use iptables (through the vars directory) until upstream support is in place for firewalld
* add vim vim modeline to ansible modulesJason DeTiberus2015-03-051-0/+1
|
* remove extra '}'Liang Xia2015-03-031-3/+3
|
* Merge pull request #91 from detiber/downWithJSONThomas Wiest2015-03-023-14/+37
|\ | | | | Prefer YAML style datastructures over JSON
| * Prefer YAML style datastructures over JSONJason DeTiberus2015-03-023-14/+37
| | | | | | | | - Switch JSON style datastructures to YAML for debuggability
* | Merge pull request #90 from detiber/addSdnRolesThomas Wiest2015-03-0210-0/+181
|\ \ | | | | | | Add openshift_sdn_{master,node} roles
| * | add openshift_sdn_{master,node} rolesJason DeTiberus2015-03-0210-0/+181
| |/
* | Merge pull request #89 from detiber/registerNodeThomas Wiest2015-03-022-0/+156
|\ \ | | | | | | openshift_node changes for register_node module
| * | openshift_node changes for register_node moduleJason DeTiberus2015-03-022-0/+156
| |/ | | | | | | | | - add openshift_register_node module to openshift_node role - verifies that node isn't already registered before attempting to register it
* | Add openshift_hostname default variable to openshift_commonJason DeTiberus2015-03-022-2/+2
| | | | | | | | | | - for use anywhere the hostname is used that would be dependent on the openshift_hostname_workaround setting.
* | add openshift_hostname workaround varJason DeTiberus2015-03-023-2/+8
|/ | | | | - use openshift_bind_ip for hostname when openshift_hostname_workaround is true - defaults to true to maintain current behavior.
* add support for overriding default registry urlJason DeTiberus2015-03-022-0/+18
|
* Set local_facts for openshift_node and openshift_master later in the task listJason DeTiberus2015-03-022-12/+14
|
* Merge pull request #86 from detiber/manageExternalThomas Wiest2015-03-022-0/+8
|\ | | | | Disable master,node services when externally managed
| * Disable master,node services when externally managedJason DeTiberus2015-03-012-0/+8
| |
* | Bugfixes for openshift-common related changesJason DeTiberus2015-03-011-5/+4
|/ | | | | | | | - Fix failed attempt to cleanup service notify on creds changes - Fix master URL for node to use https - Set openshift_debug_level in vars.yml for playbooks - This puts us closer to the original debug settings, where after the openshift-common changes the debug settings were defaulting back to 0
* Merge pull request #83 from detiber/cleanupDockerroleThomas Wiest2015-02-281-6/+3
|\ | | | | docker role cleanup
| * docker role cleanupJason DeTiberus2015-02-244-12/+3
| | | | | | | | | | | | - use service module for enabling/restarting docker service - remove unused role directories/files - use user module for adding the docker group to the root user
* | Merge pull request #81 from detiber/cleanupEmptyFilesThomas Wiest2015-02-2811-22/+0
|\ \ | | | | | | Cleanup empty role dirs/files
| * | Cleanup empty role dirs/filesJason DeTiberus2015-02-2411-22/+0
| |/
* | move KUBECONFIG setting to openshift_commonJason DeTiberus2015-02-242-8/+8
| |
* | create openshift_common roleJason DeTiberus2015-02-2417-303/+194
|/ | | | | | | | | | | - move common openshift logic into openshift_common - set openshift_common as a dependency for openshift_node and openshift_master - rename role variables to openshift_* to be more descriptive - start recording local_facts on the openshift hosts - clean up firewalld config to be a bit more dry - Update firewall ports for https, make sure http rules are removed - Replace references to ansible_eth0.ipv4.address with ansible_default_ipv4.address
* removing dead code for twiestMatt Woodson2015-02-241-10/+0
|
* cleaned up ansible towerMatt Woodson2015-02-242-5/+4
|
* cleaned up ansible towerMatt Woodson2015-02-243-19/+4
|
* Merge branch 'master' into tower_installMatt Woodson2015-02-2456-909/+264
|\ | | | | | | | | Conflicts: lib/aws_command.rb
| * removed kubernetes roles as they're just cruft at this point.Thomas Wiest2015-02-2328-808/+1
| |
| * fixed bug when updating the openshift-master sysconfig file. Also, made it ↵Thomas Wiest2015-02-231-1/+2
| | | | | | | | multi-line so we get better errors from ansible.
| * Repo role refactor to add enterprise supportJason DeTiberus2015-02-2211-13/+121
| | | | | | | | | | - Add openshift_additional_repos config that allows for setting custom repos - cleanup yum repos that were configured for other deployment types
| * Fix SSL support between master and node(s)Jhon Honce2015-02-201-1/+2
| |
| * fix service definition for openshift-nodeJason DeTiberus2015-02-201-1/+1
| |
| * Use the full path for the kubeconfigJason DeTiberus2015-02-201-1/+1
| |
| * Set and export KUBECONFIG in root user .bash_profileJason DeTiberus2015-02-202-20/+28
| | | | | | | | | | | | | | | | | | | | | | | | - roles/base_os: Without this, the root user would need to manually configure this variable before attempting to run any osc commands - roles/base_os: Cleanup the firewall service definition and only pause when the service state changes. - roles/openshift_master: use Akram's suggestion of simplifying the firewall config - roles/openshift_master: explicitly disable previously exposed ports that are no longer exposed (8080/tcp I'm looking at you).
| * Fix SSL support between master and node(s)Jhon Honce2015-02-192-4/+5
| |
| * fixup oso-rhui reposTroy Dawson2015-02-1718-58/+87
| |\
| | * * CRUD temp directory on local machineJhon Honce2015-02-171-2/+1
| | |
| | * * Use hostname moduleJhon Honce2015-02-172-45/+8
| | | | | | | | | | | | * Use mktemp for scratch directory
| | * Update code to reflect review commentsJhon Honce2015-02-161-2/+5
| | |
| | * - Rename minion to nodeJhon Honce2015-02-1618-55/+138
| | | | | | | | | | | | - Update playbooks to support latest code
| * | remove the add-hoc docker repoTroy Dawson2015-02-175-11/+25
| |/ | | | | | | | | | | | | | | | | | | | | | | Fix up libra candidate repo config file Fix up rhel 7 rhui repo config file Add rhel 7 rhui extras repo, which has docker in it Separate rhel 7 extras into its own config file Add rhel 7 extras so that we have docker