summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFilesLines
* Allow modifying and adding prometheus application argumentsZohar Galor2017-11-193-2/+13
| | | | | config.file and web.listen-address remain unconfigurable (Changing those will break deployment) Storage defaults moved to a list parameter `openshift_prometheus_args` that can be modified and extended.
* Merge pull request #5652 from ruromero/bz1498398OpenShift Merge Robot2017-11-182-0/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Add enclosing <store> tags to sample secure-forward.conf files This fixes [BZ#1498398](https://bugzilla.redhat.com/show_bug.cgi?id=1498398) The examples provided in the documentation to configure the secure forward mention the configuration must be enclosed between the <store> tag. For that I think the examples should include it as well. See [3.6 Documentation](https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html#aggregated-fluentd) ~~~ <store> @type secure_forward self_hostname pod-${HOSTNAME} shared_key thisisasharedkey secure yes enable_strict_verification yes ca_cert_path /etc/fluent/keys/your_ca_cert ca_private_key_path /etc/fluent/keys/your_private_key ca_private_key_passphrase passphrase <server> host ose1.example.com port 24284 </server> <server> host ose2.example.com port 24284 standby </server> <server> host ose3.example.com port 24284 standby </server> </store> ~~~
| * bug 1498398. Enclose content between store tagRuben Romero Montes2017-10-042-0/+4
| |
* | Merge pull request #6147 from mtnbikenc/consolidate-openshift-checksOpenShift Merge Robot2017-11-172-25/+25
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Playbook Consolidation - openshift-checks - Create playbooks/openshift-checks directory - Move everything from playbooks/byo/openshift-checks to playbooks/openshift-checks - Move everything from playbooks/common/openshift-checks to playbooks/openshift-checks/private - Fix all include path references throughout playbooks/ Trello: https://trello.com/c/2Rx1uvjz/547-2-playbook-consolidation-openshift-checks
| * | Playbook Consolidation - openshift-checksRussell Teague2017-11-162-25/+25
| | |
* | | Merge pull request #6150 from jarrpa/glusterfs-block-fixLuke Meyer2017-11-178-12/+28
|\ \ \ | | | | | | | | GlusterFS: Add configuration for auto creating block-hosting volumes
| * | | GlusterFS: Add configuration for auto creating block-hosting volumesJose A. Rivera2017-11-168-12/+28
| | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* | | | Merge pull request #6167 from kwoodson/mtu_int_valueOpenShift Merge Robot2017-11-172-2/+2
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Updating mtu value to int
| * | | | Updating mtu value to intKenny Woodson2017-11-172-2/+2
| | | | |
* | | | | Merge pull request #6153 from jcantrill/es_prom_service_selector_errorOpenShift Merge Robot2017-11-171-1/+1
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. fix the logging-es-prometheus selector This PR fixes the the service selector for the prometheus service
| * | | | | fix the logging-es-prometheus selectorJeff Cantrill2017-11-161-1/+1
| |/ / / /
* | | | | Merge pull request #6082 from mgugino-upstream-stage/combine-node-upgradeOpenShift Merge Robot2017-11-1626-470/+10
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Combine openshift_node and openshift_node_upgrade Currently, having openshift_node and openshift_node_upgrade as two distinct roles has created a duplication across handlers, templates, and some tasks. This commit combines the roles to reduce duplication and bugs encountered by not putting code in both places.
| * | | | | Combine openshift_node and openshift_node_upgradeMichael Gugino2017-11-1626-470/+10
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, having openshift_node and openshift_node_upgrade as two distinct roles has created a duplication across handlers, templates, and some tasks. This commit combines the roles to reduce duplication and bugs encountered by not putting code in both places.
* | | | | Merge pull request #6114 from sosiouxme/20171114-registry-console-tech-debtOpenShift Merge Robot2017-11-169-23/+46
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. registry-console tech debt Followup to https://github.com/openshift/openshift-ansible/pull/5829 Replaces https://github.com/openshift/openshift-ansible/pull/6093 Fixes the construction and checking of registry-console images to be as similar as it can get to those constructed from the traditional `oreg_url` without tacking on `ose-` or `origin-` to the base name. I did not see a reason for having `registry.access.redhat.com/` as a hardcoded enterprise default so I took it out. Someone say something if there was a good reason for this.
| * | | | registry-console: align image and checkLuke Meyer2017-11-153-8/+13
| | | | | | | | | | | | | | | | | | | | | | | | | enable option to configure basename in image docker_image_availability check: follow registry-console image options
| * | | | registry-console template 3.8 consistencyLuke Meyer2017-11-152-5/+11
| | | | | | | | | | | | | | | | | | | | don't hardcode the enterprise registry; construct the image like origin
| * | | | registry-console template 3.7 consistencyLuke Meyer2017-11-152-5/+11
| | | | | | | | | | | | | | | | | | | | don't hardcode the enterprise registry; construct the image like origin
| * | | | registry-console template 3.6 consistencyLuke Meyer2017-11-152-5/+11
| | | | | | | | | | | | | | | | | | | | don't hardcode the enterprise registry; construct the image like origin
* | | | | Merge pull request #6029 from boeboe/masterOpenShift Merge Robot2017-11-163-0/+6
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. logging with static pvc: allow specifying the storage class name See https://github.com/openshift/openshift-ansible/issues/6028 for more info and motivation.
| * | | | | logging with static pvc: allow specifying the storage class nameBart Van Bos2017-11-063-0/+6
| | | | | |
* | | | | | Merge pull request #6021 from luis5tb/masterScott Dodson2017-11-162-0/+13
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Initial Kuryr Ports Pool Support
| * | | | | Initial Kuryr Ports Pool SupportLuis Tomas Bolivar2017-11-072-0/+13
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commits enables the ports pool driver when deploying kuryr networking on top of OpenShift in containers. It also exposes some configuration options such as the maximum and minimum pool sizes, as well as the bulk subports creation size and the time between pools update actions.
* | | | | Merge pull request #6039 from tomassedovic/openstack-provider-githistScott Dodson2017-11-1620-0/+1772
|\ \ \ \ \ | | | | | | | | | | | | Add the OpenStack provider
| * | | | | Remove an unused retry fileTomas Sedovic2017-11-071-3/+0
| | | | | |
| * | | | | Fix toxTomas Sedovic2017-11-072-3/+3
| | | | | |
| * | | | | Namespace the OpenStack varsTomas Sedovic2017-11-0711-312/+314
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes sure that all the variables used in the `openshift_openstack` role are prefixed with `openshift_openstack_` as is the convention.
| * | | | | Use `null` instead of `False` where it makes senseTomas Sedovic2017-11-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `openstack_*_network_name` vars are strings, not booleans, so the absense shouldn't really be marked by `False`.
| * | | | | Simplify the template paths for the storage setupTomas Sedovic2017-11-071-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because the templates are present in a role, the `template` module is able to look them up directly, without having to use `{{ role_path }}/templates`.
| * | | | | Use the default `item` loop variable for checksTomas Sedovic2017-11-073-14/+11
| | | | | |
| * | | | | Move the selinux check upTomas Sedovic2017-11-071-5/+5
| | | | | |
| * | | | | Add the DNS updates and rename the openstack varsTomas Sedovic2017-11-078-305/+238
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most of the vars in `roles/openshift_openstack/defaults/main.yml` are now prefixed with `openstack_`.
| * | | | | Remove the subnet_update_dns_servers task listTomas Sedovic2017-11-071-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | It's no longer being used.
| * | | | | Move the vars/main.yml to defaultsTomas Sedovic2017-11-072-49/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The contents of roles/openshift_openstack/vars/main.yml were moved to the defaults/main.yml file instead. There are now duplication warnings we need to address, but the deployment does still work.
| * | | | | Remove the subscription-manager roleTomas Sedovic2017-11-073-351/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The repo already contains the `rhel_subscribe` role so we should use that instead.
| * | | | | Add a stub of the dns record update code inTomas Sedovic2017-11-072-0/+173
| | | | | | | | | | | | | | | | | | | | | | | | This will mostly not work but it's a starting point.
| * | | | | Remove the extra rolesTomas Sedovic2017-11-0723-1668/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `openstack-stack` role is now under `openshift_openstack` and the `openstack-create-cinder-registry` one will be added there, later.
| * | | | | Add openshift_openstack role and move tasks thereTomas Sedovic2017-11-0740-351/+1598
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All the tasks that were previously in playbooks are now under `roles/openshift_openstack`. The `openshift-cluster` directory now only contains playbooks that include tasks from that role. This makes the structure much closer to that of the AWS provider.
| * | | | | Merge ../openshift-ansible-contrib into openstack-provider-githistTomas Sedovic2017-11-0749-0/+2447
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This moves all the OpenStack-related code from the -contrib[1] repo including its git history to openshift-ansible. It will then be moved around and updated to fit the rest of the project's structure. [1]: https://github.com/openshift/openshift-ansible-contrib
| | * \ \ \ \ Merge branch 'docker-storage-setup' into openshift-ansible-sourceTomas Sedovic2017-10-181-1/+17
| | |\ \ \ \ \
| | | * | | | | Add CentOS support to the docker-storage-setup roleTomas Sedovic2017-10-091-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This let's us use the role on CentOS systems, as well as RHEL. In addition, it installs docker and makes sure it's restarted (as opposed to just "started" which has no effect when docker is already running).
| | * | | | | | Add Flannel support (#814)Bogdan Dobrelya2017-10-181-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add flannel support * Document Flannel SDN use case for a separate data network. * Add post install step for flannel SDN * Configure iptables rules as described for OCP 3.4 refarch https://access.redhat.com/documentation/en-us/reference_architectures/2017/html/deploying_red_hat_openshift_container_platform_3.4_on_red_hat_openstack_platform_10/emphasis_manual_deployment_emphasis#run_ansible_installer * Configure flannel interface options Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com> * Use os_firewall from galaxy for required flannel rules For flannel SDN: * Add openshift-ansible as a galaxy dependency module. * Use openshift-ansible/roles/os_firewall to apply DNS rules for flanel SDN. * Apply the remaining advanced rules with direct iptables commands as os_firewall do not support advanced rules. * Persist only iptables rules w/o dynamic KUBe rules. Those are added runtime and need restoration after reboot or iptables restart. * Configure and enable the masked iptables service on the app nodes. Enable it to allow the in-memory rules to be persisted. Disable firewalld, which is the expected default behavior of the os_firewall module. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com> * Allow access from nodes to masters' port 2379 when using flannel Flannel requires to gather information from etcd to configure and assign the subnets in the nodes, therefore, allow access from nodes to port 2379/tcp to the master security group. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| | * | | | | | Docker storage fix (#812)Chandler Wilkerson2017-10-171-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Added task to stop docker before templating config * Rearranged storage roles in rhv install
| | * | | | | | [WIP] Merge server with nofloating server heat templates (#761)Bogdan Dobrelya2017-10-174-250/+35
| | | | | | | | | | | | | | | | | | | | | | | | Merge server with nofloating server heat templates
| | * | | | | | Support separate data network for Flannel SDN (#757)Bogdan Dobrelya2017-10-163-0/+143
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support separate data network for Flannel SDN Document the use case for a separate flannel data network. Allow Nova servers for openshift cluster to be provisioned with that isolated data network created and connected to masters, computes and infra nodes. Do not configure dns nameservers and router for that network. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com> * Fix flannel use cases with provider network Provider network cannot be used with flannel SDN as the latter requires a separate isolated network, while the provider network is an externally managed single network. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com> * Drop unused data_net_name Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| | * | | | | | Allow the specification of server group policies when provisioning openstack ↵tzumainn2017-10-133-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#747) * Allow for the specifying of server policies during OpenStack provisioning * documentation for openstack server group policies * add doc link detailing allowed policies * changed default to anti-affinity
| | * | | | | | Fix for this issue https://bugzilla.redhat.com/show_bug.cgi?id=1495372 (#793)Eduardo Mínguez2017-10-101-0/+1
| | |/ / / / /
| | * | | | | Replace the CASL references (#778)Tomas Sedovic2017-10-062-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following up on the initial port of the OpenStack roles from casl-ansible to openshift-ansible-contrib. One of the points that was brought up in the review was to drop the references to CASL in the code since the code has now wider reach.
| | * | | | | Fixing various contrib changes causing CASL breakage (#771)Øystein Bedin2017-10-042-13/+13
| | | | | | |
| | * | | | | Required variables to create dedicated lv (#766)Eduardo Mínguez2017-10-034-7/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Required variables to create dedicated lv https://bugzilla.redhat.com/show_bug.cgi?id=1490910#c11 * Fixed lint and added distribution to checks
| | * | | | | Adding the option to use 'stack_state' to allow for easy de-provisioning (#754)Øystein Bedin2017-10-024-39/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Adding 'openstack-stack-delete' role to allow for easy de-provisioning * Updated per etsauer's comments