summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Persist DNS configuration for nodes for openstack providerBogdan Dobrelya2017-06-307-73/+108
| | | | | | | | | | | | | | | | | * Firstly, provision a Heat stack with given public resolvers. * After the DNS node configured as an authoritative server, switch the Heat stack's Neutron subnet to that resolver (private_dns_server) the way it to become the first entry pushed into the hosts /etc/resolv.conf. It will be serving the cluster domain requests for OpenShift nodes and workloads. * Drop post-provision /etc/reslov.conf nameserver hacks as not needed anymore. * Fix dns floating IPs output and add the priv IPs output as well. * Update docs, clarify localhost vs servers requirements, add required Network Manager setup step. * Use post-provision task names instead of comments. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Merge pull request #523 from tomassedovic/wait_for_connectionBogdan Dobrelya2017-06-301-3/+7
|\ | | | | Use wait_for_connection for the Heat nodes
| * Fix yaml indentationTomas Sedovic2017-06-291-1/+1
| |
| * Use wait_for_connection for the Heat nodesTomas Sedovic2017-06-291-3/+7
| | | | | | | | | | | | | | | | | | | | The `wait_for_connection` module is more reliable as it uses Ansible's `ping` to verify the nodes are really accessible. Using `wait_for` and checking that port 22 is open runs into the possibility of SSH being up but the public keys or users not being set up yet (as that's done with cloud-init). In addition, we were gathering facts before running the wait_for task which rendered it useless.
* | By default htpasswd is overwritten by reinstalling (#519)Eduardo Mínguez2017-06-300-0/+0
|/ | | https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_master_facts/tasks/main.yml#L73
* Sets mapping_method to claim for github (#517)Takeshi2017-06-280-0/+0
| | | | Set the mapping method to claim like it is set for the deployment. Mapping method true is invalid and the ansible playbook will error out.
* Uncomments the ose identify providerTakeshi2017-06-280-0/+0
|
* Merge pull request #502 from bogdando/sec_groupsTomas Sedovic2017-06-281-13/+4
|\ | | | | Modify sec groups for provisioned openstack servers
| * Modify sec groups for provisioned openstack serversBogdan Dobrelya2017-06-261-13/+4
| | | | | | | | | | | | | | | | | | | | Drop ingress DNS rules from the common secgrp. Add an ingress ICMP rule, restricted by the ssh ingress cidr, to the common secgrp. This allows to ping servers from the control node (ansible admin node). Add dns servers into the common secgrp as well. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* | Merge pull request #511 from Tlacenka/jinja_dependencyTomas Sedovic2017-06-281-0/+1
|\ \ | | | | | | List jinja2 as a dependency in provisioning README
| * | README.md: fixing typoKaterina Pilatova2017-06-271-1/+1
| | |
| * | README.md: list jinja2 as a dependencyKaterina Pilatova2017-06-271-0/+1
| | |
* | | Merge pull request #512 from bogdando/undo_infra_secgrpTomas Sedovic2017-06-281-0/+6
|\ \ \ | | | | | | | | Put back node/flat secgrp for infra nodes on openstack
| * | | Put back node/flat secgrp for infra nodes on openstackBogdan Dobrelya2017-06-281-0/+6
| | |/ | |/| | | | | | | | | | | | | | | | Partially undo 2028883e936c8a1a0be031a19d531d0804a32b68 to unblock end-to-end deployments Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* | | Merge pull request #514 from dav1x/missing-playbooks-crsDavis Phillips2017-06-270-0/+0
|\ \ \ | |_|/ |/| | adding missing playbooks
| * | resolve linter issuesDavis Phillips2017-06-270-0/+0
| | |
| * | adding missing playbooksDavis Phillips2017-06-270-0/+0
|/ /
* | Crs fixes ocp deploy updates (#507)Davis Phillips2017-06-260-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | * fix add-node functionality and finalize crs changes * nfs_host var change * remove ssh key * fixing lint issues * fixing lint issues
* | Add ansibledeployocp to support ansible deployment of arm template (#492)Glenn S West2017-06-260-0/+0
| | | | | | | | | | | | * Add ansibledeployocp to support ansible deployment of arm template * Change to example
* | Adding Rhv VM setup code (#503)Chandler Wilkerson2017-06-260-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Added ovirt-ansible roles to path for rhv * Added example playbooks from ovirt-ansible repo * Fixed yamllint errors * Automated inventory from gh://ansible/ansible/contrib/inventory * Better example URL for qcow * Example ini script to work with dynamic inventory
* | Merge pull request #491 from tzumainn/openstack-heat-stack-updateTomas Sedovic2017-06-265-0/+10
|\ \ | | | | | | Add node_removal_policies variable to openstack provisioning to allow for scaling down
| * | rename node_removal_policies, add some comments and defaultsTzu-Mainn Chen2017-06-235-6/+7
| | |
| * | Add node_removal_policies variable to allow for scaling downTzu-Mainn Chen2017-06-215-0/+9
| | |
* | | Merge pull request #499 from Tlacenka/all_yml_remove_whitespaceTomas Sedovic2017-06-261-24/+24
|\ \ \ | |_|/ |/| | all.yml: removed whitespaces in front of variables
| * | all.yml: removed whitespaces in front of variablesKaterina Pilatova2017-06-231-24/+24
| | |
* | | Merge pull request #497 from Tlacenka/masterTomas Sedovic2017-06-231-0/+4
|\| | | | | | | | OSEv3.yml: added option to ignore set hardware limits for RAM and DISK
| * | removed whitespace in front of commented variableKaterina Pilatova2017-06-231-1/+1
| | |
| * | OSEv3.yml: trailing space...Katerina Pilatova2017-06-231-1/+1
| | |
| * | OSEv3.yml: added option to ignore set hardware limits for RAM and DISKKaterina Pilatova2017-06-231-0/+4
| | |
* | | Merge pull request #488 from bogdando/fix_flat_sgBogdan Dobrelya2017-06-232-59/+44
|\ \ \ | |/ / |/| | Fix flat sec group and infra/dns sec rules
| * | Fix flat sec group and infra/dns sec rulesBogdan Dobrelya2017-06-232-59/+44
| |/ | | | | | | | | | | | | | | | | | | Make flat sec group to only merge node/master/etcd sec rules. Add basic dns/ssh sec group and assign it to all but dns node groups. Assign only dns sec group for dns nodes. Assign only infra (and basic) sec groups for ingra nodes. Add security notes for openstack provider. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* | Merge pull request #493 from cooktheryan/metrics-hostnameDavis Phillips2017-06-220-0/+0
|\ \ | | | | | | use hostname var instead of url
| * | use hostname var instead of urlRyan Cook2017-06-220-0/+0
|/ /
* | Support origin deployments on centos (#483)Peter Schiffer2017-06-210-0/+0
| |
* | Crs fixes (#490)Davis Phillips2017-06-210-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | * spacing and formatting issues * trailing-spaces-fix * changing the tags around and adding additional documentation * add placeholder in readme.md * Update main.yaml
* | Moved heketi server to first crs node (#486)Davis Phillips2017-06-210-0/+0
| | | | | | | | | | | | * spacing and formatting issues * trailing-spaces-fix
* | Use cached facts, do not become for localhost (#484)Bogdan Dobrelya2017-06-213-1/+13
|/ | | | | | Prohibit sudoing for localhost played tasks, like DNS setup. Re-use cached facts to speed up deployment. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Finish crs (#462)Davis Phillips2017-06-200-0/+0
| | | | | | | | | | * adding crs finished and heketi customizations * removing some duplicate haproxy files * fix lint CI issues * fix more lint CI issues
* Add profiling and skippy stdout (#470)Bogdan Dobrelya2017-06-201-0/+2
| | | | | | | Tune an example ansible.cfg to include tasks profiling info and improve displaying of skipped tasks. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* call deployment-manager deployments update when config yaml is updated (#464)Brad Durrow2017-06-180-0/+0
|
* Merge pull request #466 from tomassedovic/openstack-providerRyan Cook2017-06-1638-0/+2950
|\ | | | | Openstack provider
| * Fix flake8 errors with the openstack inventoryTomas Sedovic2017-06-161-5/+5
| |
| * Remove the extraneous DNS directoryTomas Sedovic2017-06-160-0/+0
| | | | | | | | | | It's a CASL-specific helper, not necessary for the provisioning playbooks.
| * Fix yamllint errorsTomas Sedovic2017-06-1613-65/+38
| |
| * Update sample inventory with the latest changesTomas Sedovic2017-06-163-16/+31
| |
| * Gather facts for provision playbookBogdan Dobrelya2017-06-151-0/+1
| | | | | | | | | | | | | | | | | | Provision tasks use facts like ansible_hostname and few others. W/o gathering facts, those expire, and the provision playbook cannot be reapplied in order to update the existing heat stack. Refresh the facts cache by specifying gather_facts: true. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| * Drop atomic-openshift-utils, update docs for originBogdan Dobrelya2017-06-152-3/+11
| | | | | | | | | | | | | | | | TODO use with when: ansible_distribution == 'CentOS' Also update docs for origin Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| * Add ansible.cfg for openstack providerBogdan Dobrelya2017-06-152-0/+23
| | | | | | | | Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| * Add a flat sec group for openstack providerBogdan Dobrelya2017-06-154-14/+140
| | | | | | | | | | | | | | | | | | | | Add a openstack_flat_secgroup, defaults to False. When set, merges sec rules for master, node, etcd, infra nodes into a single group. Less secure, but might help to mitigate quota limitations. Update docs. Use timeout 30s to mitigate the error: Timeout (12s) waiting for privilege escalation prompt. Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
| * Always let the openshift nodes access the DNSTomas Sedovic2017-06-151-0/+15
| | | | | | | | | | | | | | | | | | When `node_ingress_cidr` to limit the IP range for the DNS server, this can prevent the actual openshift nodes from accessing it as well. This commit makes the access from the `openstack_subnet_prefix` always pass through and uses `node_ingress_cidr` for additional access control.