summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFilesLines
* openshift_checks: enable providing file outputsLuke Meyer2017-09-1815-82/+430
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Some refactoring of checks and the action plugin to enable writing files locally about the check operation and results, if the user wants them. This is aimed at enabling persistent and machine-readable results from recurring runs of health checks. Now, rather than trying to build a result hash to return from running each check, checks can just register what they need to as they're going along, and the action plugin processes state when the check is done. Checks can register failures, notes about what they saw, and arbitrary files to be saved into a directory structure where the user specifies. If no directory is specified, no files are written. At this time checks can still return a result hash, but that will likely be refactored away in the next iteration. Multiple failures can be registered without halting check execution. Throwing an exception or returning a hash with "failed" is registered as a failure. execute_module now does a little more with the results. Results are automatically included in notes and written individually as files. "changed" results are propagated. Some json results are decoded. A few of the checks were enhanced to use these features; all get some of the features for free.
* Merge pull request #5430 from ashcrow/always-required-new-variablesOpenShift Merge Robot2017-09-181-0/+21
|\ | | | | | | | | | | | | Automatic merge from submit-queue Always required new variables Related to https://bugzilla.redhat.com/show_bug.cgi?id=1451023
| * testing: Skip net vars on integration testsSteve Milner2017-09-151-1/+6
| | | | | | | | Signed-off-by: Steve Milner <smilner@redhat.com>
| * openshift_sanitize_inventory: Check for required varsSteve Milner2017-09-151-0/+16
| | | | | | | | | | | | | | | | | | Moved the checks for osm_cluster_network_cidr, osm_host_subnet_length, openshift_portal_net from upgrade to openshift_sanitize_inventory as we now consider it a required variable for install, updrade, or scale up. Signed-off-by: Steve Milner <smilner@redhat.com>
* | Merge pull request #5237 from smarterclayton/gceOpenShift Merge Robot2017-09-186-0/+551
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Port origin-gce roles for cluster setup to copy AWS provisioning This is a rough cut of the existing origin-gce structure (itself a refined version of the ref arch). I've removed everything except core cluster provisioning, image building, and inventory setup. Node groups are part of the "all at once" provisioning but can be changed. @kwoodson we should talk on monday, this is me adapting the origin-gce dynamic provisioning to be roughly parallel to openshift_aws. Still some topics we should discuss.
| * | Port origin-gce roles for cluster setup to copy AWS provisioningClayton Coleman2017-09-146-0/+551
| | | | | | | | | | | | | | | | | | | | | This is a rough cut of the existing origin-gce structure (itself a refined version of the ref arch). I've removed everything except core cluster provisioning, image building, and inventory setup. Node groups are part of the "all at once" provisioning but can be changed.
* | | Merge pull request #5392 from ↵OpenShift Merge Robot2017-09-181-16/+0
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ingvagabund/pull-openshift_master-deps-out-into-a-play Automatic merge from submit-queue Pull openshift_master deps out into a play The `openshift_master` role is called only in a single play. Thus, we can pull out all its dependencies without duplicating all dependency role invocations. Both `lib_openshift` and `lib_os_firewall` are required deps as they defined ansible modules used inside the `openshift_master` role. I have also rearranged definition of variables so variable used only inside a single role are part of the `include_role` statement. Atm, we can't use `include_role` due to https://github.com/ansible/ansible/issues/21890
| * | | pull openshift_master deps out into a playJan Chaloupka2017-09-131-16/+0
| | | |
* | | | Merge pull request #5334 from juanluisvaladas/move-sysctlOpenShift Merge Robot2017-09-162-11/+5
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Move sysctl.conf customizations to a separate file Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf This is a good idea becuase: 1- /etc/sysctl.conf is evaluated later, so it can easily be overwritten by previous customizations 2- It's likely that there is an agent like puppet monitoring this file 3- It's easier to know what's being changed by OpenShift
| * | | | Move sysctl.conf customizations to a separate fileJuan Luis de Sousa-Valadas Castaño2017-09-082-11/+5
| | | | | | | | | | | | | | | | | | | | Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf
* | | | | Merge pull request #5345 from smarterclayton/firewallOpenShift Merge Robot2017-09-151-1/+3
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Add `openshift_node_open_ports` to allow arbitrary firewall exposure It should be possible for an admin to define an arbitrary set of ports to be exposed on each node that will relate to the cluster function. This adds a new global variable for the node that supports Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>}) which is the same format accepted by the firewall role. @sdodson as discussed, open to alternatives. I used this from origin-gce with openshift_node_open_ports: - service: Router stats port: 1936/tcp - service: Open node ports port: 9000-10000/tcp - service: Open node ports port: 9000-10000/udp Which then allows me to set firewall rules appropriately. Alternatives considered: * Simpler external format (have to parse inputs) * Additional parameter to role - felt ugly
| * | | | | Add `openshift_node_open_ports` to allow arbitrary firewall exposureClayton Coleman2017-09-111-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It should be possible for an admin to define an arbitrary set of ports to be exposed on each node that will relate to the cluster function. This adds a new global variable for the node that supports Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>}) which is the same format accepted by the firewall role.
* | | | | | Merge pull request #5407 from sdodson/bz1490739OpenShift Merge Robot2017-09-151-1/+1
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Only attempt to start iptables on hosts in the current batch If os_firewall role is called from within a play that uses serial then it was attempting to start iptables on hosts that may not have had iptables installed on them yet. So limit the hosts to the current batch. According to the ansible docs on plays where serial is unused this is the same as ansible_play_hosts. See http://docs.ansible.com/ansible/latest/playbooks_variables.html Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
| * | | | | Only attempt to start iptables on hosts in the current batchScott Dodson2017-09-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If os_firewall role is called from within a play that uses serial then it was attempting to start iptables on hosts that may not have had iptables installed on them yet. So limit the hosts to the current batch. According to the ansible docs on plays where serial is unused this is the same as ansible_play_hosts. See http://docs.ansible.com/ansible/latest/playbooks_variables.html Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
* | | | | | No conversion to boolean and no quoting for include_granted_scopes.Jan Pazdziora2017-09-151-5/+0
| | | | | |
* | | | | | Merge pull request #5401 from sosiouxme/20170913-retries-subsetLuke Meyer2017-09-145-12/+27
|\ \ \ \ \ \ | | | | | | | | | | | | | | add retries on repoquery
| * | | | | | add retry on repoquery_cmdLuke Meyer2017-09-132-1/+3
| | | | | | |
| * | | | | | add retries to repoquery moduleLuke Meyer2017-09-134-12/+25
| | | | | | |
* | | | | | | Merge pull request #5410 from jmencak/tuned-after-node-restartScott Dodson2017-09-141-4/+4
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Setup tuned after the node has been restarted.
| * | | | | | | Setup tuned after the node has been restarted.Jiri Mencak2017-09-141-4/+4
| | | | | | | |
* | | | | | | | Merge pull request #5367 from abutcher/etcd-scaleup-master-client-urlsScott Dodson2017-09-141-0/+8
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Bug 1490304: Etcd scale-up playbook should add new member to etcdClientInfo of master-config.yaml
| * | | | | | | | Update master config with new client urls during etcd scaleup.Andrew Butcher2017-09-121-0/+8
| | |_|_|/ / / / | |/| | | | | |
* | | | | | | | Merge pull request #5381 from ewolinetz/37_bz1487648_OpenShift Bot2017-09-141-0/+3
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Merged by openshift-bot
| * | | | | | | | Adding mangagement-admin SC to admin role for management-infra projectEric Wolinetz2017-09-121-0/+3
| | |_|_|_|_|_|/ | |/| | | | | |
* | | | | | | | Merge pull request #5399 from tbielawa/masterScott Dodson2017-09-141-2/+4
|\ \ \ \ \ \ \ \ | |_|_|/ / / / / |/| | | | | | | Scaffold out the entire build defaults hash
| * | | | | | | Scaffold out the entire build defaults hashTim Bielawa2017-09-131-2/+4
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | Some functions called later may expect sub-keys to exist which will not with the current default empty-dict.
* | | | | | | Merge pull request #5395 from sdodson/bz1480442Scott Dodson2017-09-1310-10/+10
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Add IMAGE_VERSION to the image stream tag source
| * | | | | | | Add IMAGE_VERSION to the image stream tag sourceScott Dodson2017-09-1310-10/+10
| | |_|/ / / / | |/| | | | |
* | | | | | | Merge pull request #5151 from jarrpa/gluster-portsScott Dodson2017-09-131-2/+2
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | GlusterFS: Correct firewall port names
| * | | | | | | GlusterFS: Correct firewall port namesJose A. Rivera2017-08-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* | | | | | | | Merge pull request #5315 from jarrpa/glusterfs-fixes-3.7Scott Dodson2017-09-1315-2/+563
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | GlusterFS: Various fixes
| * | | | | | | | GlusterFS: Allow option to use or ignore default node selectorsJose A. Rivera2017-09-065-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
| * | | | | | | | GlusterFS: Clarify heketi URL documentationJose A. Rivera2017-09-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
| * | | | | | | | GlusterFS: Add files/templates for v3.7Jose A. Rivera2017-09-0610-0/+555
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* | | | | | | | | Merge pull request #5370 from jmencak/tuned-openshift-ansible-bad_merge-fixOpenShift Bot2017-09-132-14/+4
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / / |/| | | | | | | | Merged by openshift-bot
| * | | | | | | | Re-enabling new tuned profile hierarchy (PR5089)Jiri Mencak2017-09-122-14/+4
| | |_|_|_|/ / / | |/| | | | | |
* | | | | | | | Merge pull request #5405 from ewolinetz/issue_5403Scott Dodson2017-09-131-1/+0
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Removing setting of pod presets
| * | | | | | | | Removing setting of pod presetsEric Wolinetz2017-09-131-1/+0
| | | | | | | | |
* | | | | | | | | Merge pull request #5359 from mgugino-upstream-stage/version-docker-auth-configOpenShift Bot2017-09-1311-34/+111
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / |/| | | | | | | | Merged by openshift-bot
| * | | | | | | | Fix: authenticated registry support for containerized hostsMichael Gugino2017-09-1111-34/+111
| | |_|_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, openshift-anisble supports authentication to container registries to pull down openshift container images. The openshift_verison role uses the docker cli to gather image information from container registries before authentication credentials are provided by openshift-ansible. This commit creates the necessary token to authenticate to private registries during openshift_version. The token is generated by the role 'docker' on all hosts where docker is installed/configured when oreg_auth_users is defined. This commit also adds a read-only mount into the openshift master and node container services. This mount is '/var/lib/origin/.docker:/root/.docker:ro'. This is because the container images do not currently read the values in '/var/lib/origin/.docker' as this may be a bug upstream. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* | | | | | | | cri-o: Fix Fedora image nameSteve Milner2017-09-131-1/+1
| |_|_|_|/ / / |/| | | | | | | | | | | | | | | | | | | | Signed-off-by: Steve Milner <smilner@redhat.com>
* | | | | | | Merge pull request #5379 from mtnbikenc/fix-jinja2-openshift_hostedOpenShift Bot2017-09-133-4/+4
|\ \ \ \ \ \ \ | |_|_|_|_|_|/ |/| | | | | | Merged by openshift-bot
| * | | | | | Correct logic for openshift_hosted_*_waitRussell Teague2017-09-123-4/+4
| | | | | | |
| * | | | | | Workaround Ansible Jinja2 delimiter warningRussell Teague2017-09-122-2/+2
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This workaround prevents the warnings on using Jinja2 templating delimiters in `when:` conditions in cases where a variable is used as the conditional. This has been fixed in Ansible 2.4. https://github.com/ansible/ansible/pull/25092
* | | | | | Merge pull request #5377 from ingvagabund/double-required-disk-space-etcd-backupOpenShift Bot2017-09-132-3/+2
|\ \ \ \ \ \ | | | | | | | | | | | | | | Merged by openshift-bot
| * | | | | | double the required disk space for etcd backupJan Chaloupka2017-09-122-3/+2
| |/ / / / /
* | | | | | Merge pull request #5365 from sosiouxme/20170908-disconnected-image-checkOpenShift Bot2017-09-1212-144/+184
|\ \ \ \ \ \ | | | | | | | | | | | | | | Merged by openshift-bot
| * | | | | | openshift_health_check: allow disabling all checksLuke Meyer2017-09-122-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Can now set openshift_disable_check=* to disable all checks without needing to know their names. fixes bug 1462106 https://bugzilla.redhat.com/show_bug.cgi?id=1462106
| * | | | | | docker_image_availability: fix local image searchLuke Meyer2017-09-121-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | An image in the docker index may be tagged by name or by registry plus name. In order to find the image correctly locally and prevent looking for it externally, make sure all possible variations are searched.
| * | | | | | docker_image_availability: probe registry connectivityLuke Meyer2017-09-122-122/+132
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Probe whether the host has connectivity to the registry before trying to inspect it for images, and remember the result. Also if later inspection fails due to timeout, mark registry as unreachable. Note in failure output if any registries were unreachable. Registry order should match what is configured into docker now as well. Fixes bug 1480195 https://bugzilla.redhat.com/show_bug.cgi?id=1480195