| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Firstly, provision a Heat stack with given public resolvers.
* After the DNS node configured as an authoritative server,
switch the Heat stack's Neutron subnet to that resolver
(private_dns_server) the way it to become the first entry pushed
into the hosts /etc/resolv.conf. It will be serving the cluster
domain requests for OpenShift nodes and workloads.
* Drop post-provision /etc/reslov.conf nameserver hacks as not
needed anymore.
* Fix dns floating IPs output and add the priv IPs output as well.
* Update docs, clarify localhost vs servers requirements, add
required Network Manager setup step.
* Use post-provision task names instead of comments.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|\
| |
| | |
Use wait_for_connection for the Heat nodes
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `wait_for_connection` module is more reliable as it uses Ansible's `ping`
to verify the nodes are really accessible. Using `wait_for` and checking that
port 22 is open runs into the possibility of SSH being up but the public keys
or users not being set up yet (as that's done with cloud-init).
In addition, we were gathering facts before running the wait_for task which
rendered it useless.
|
|/
|
| |
https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_master_facts/tasks/main.yml#L73
|
|
|
|
| |
Set the mapping method to claim like it is set for the deployment.
Mapping method true is invalid and the ansible playbook will error out.
|
| |
|
|\
| |
| | |
Modify sec groups for provisioned openstack servers
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Drop ingress DNS rules from the common secgrp.
Add an ingress ICMP rule, restricted by the ssh ingress cidr,
to the common secgrp. This allows to ping servers from the
control node (ansible admin node).
Add dns servers into the common secgrp as well.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|\ \
| | |
| | | |
List jinja2 as a dependency in provisioning README
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Put back node/flat secgrp for infra nodes on openstack
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
Partially undo 2028883e936c8a1a0be031a19d531d0804a32b68
to unblock end-to-end deployments
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|\ \ \
| |_|/
|/| | |
adding missing playbooks
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* fix add-node functionality and finalize crs changes
* nfs_host var change
* remove ssh key
* fixing lint issues
* fixing lint issues
|
| |
| |
| |
| |
| |
| | |
* Add ansibledeployocp to support ansible deployment of arm template
* Change to example
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Added ovirt-ansible roles to path for rhv
* Added example playbooks from ovirt-ansible repo
* Fixed yamllint errors
* Automated inventory from gh://ansible/ansible/contrib/inventory
* Better example URL for qcow
* Example ini script to work with dynamic inventory
|
|\ \
| | |
| | | |
Add node_removal_policies variable to openstack provisioning to allow for scaling down
|
| | | |
|
| | | |
|
|\ \ \
| |_|/
|/| | |
all.yml: removed whitespaces in front of variables
|
| | | |
|
|\| |
| | |
| | | |
OSEv3.yml: added option to ignore set hardware limits for RAM and DISK
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| |/ /
|/| | |
Fix flat sec group and infra/dns sec rules
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make flat sec group to only merge node/master/etcd sec rules.
Add basic dns/ssh sec group and assign it to all but dns node groups.
Assign only dns sec group for dns nodes.
Assign only infra (and basic) sec groups for ingra nodes.
Add security notes for openstack provider.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|\ \
| | |
| | | |
use hostname var instead of url
|
|/ / |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* spacing and formatting issues
* trailing-spaces-fix
* changing the tags around and adding additional documentation
* add placeholder in readme.md
* Update main.yaml
|
| |
| |
| |
| |
| |
| | |
* spacing and formatting issues
* trailing-spaces-fix
|
|/
|
|
|
|
| |
Prohibit sudoing for localhost played tasks, like DNS setup.
Re-use cached facts to speed up deployment.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
* adding crs finished and heketi customizations
* removing some duplicate haproxy files
* fix lint CI issues
* fix more lint CI issues
|
|
|
|
|
|
|
| |
Tune an example ansible.cfg to include
tasks profiling info and improve displaying
of skipped tasks.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
|
|\
| |
| | |
Openstack provider
|
| | |
|
| |
| |
| |
| |
| | |
It's a CASL-specific helper, not necessary for the provisioning
playbooks.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Provision tasks use facts like ansible_hostname and few others.
W/o gathering facts, those expire, and the provision playbook cannot
be reapplied in order to update the existing heat stack.
Refresh the facts cache by specifying gather_facts: true.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
TODO use with
when: ansible_distribution == 'CentOS'
Also update docs for origin
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a openstack_flat_secgroup, defaults to False.
When set, merges sec rules for master, node, etcd, infra nodes into a
single group. Less secure, but might help to mitigate quota limitations.
Update docs. Use timeout 30s to mitigate the error:
Timeout (12s) waiting for privilege escalation prompt.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When `node_ingress_cidr` to limit the IP range for the DNS server, this
can prevent the actual openshift nodes from accessing it as well.
This commit makes the access from the `openstack_subnet_prefix` always
pass through and uses `node_ingress_cidr` for additional
access control.
|