Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge pull request #2228 from smunilla/arbitrary_host_vars | Scott Dodson | 2016-07-27 | 2 | -1/+8 |
|\ | | | | | a-o-i: Support for arbitrary host-level variables | ||||
| * | a-o-i: Support for arbitrary host-level variables | Samuel Munilla | 2016-07-27 | 2 | -1/+8 |
| | | | | | | | | | | This allows the user to set a block containing any variables they want to set per-host instead of per-role. | ||||
* | | Merge pull request #1861 from jpic/beautiful_output | Scott Dodson | 2016-07-27 | 1 | -0/+60 |
|\ \ | | | | | | | Beautiful -v output from ansible | ||||
| * | | Beautiful -v output from ansible | jpic | 2016-07-27 | 1 | -0/+60 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When supporting openshift-ansible, users share pastes like:: TASK: [openshift_serviceaccounts | Grant the user access to the privileged scc] *** changed: [li1491-86.members.linode.com] => (item=['router', {'cmd': ['oc', 'get', 'scc', 'privileged', '-o', 'yaml'], 'end': '2016-05-05 13:31:50.216857', 'stderr': u'', 'stdout': 'allowHostDirVolumePlugin: true\nallowHostIPC: true\nallowHostNetwork: true\nallowHostPID: true\nallowHostPorts: true\nallowPrivilegedContainer: true\nallowedCapabilities: null\napiVersion: v1\ndefaultAddCapabilities: null\nfsGroup:\n type: RunAsAny\ngroups:\n- system:cluster-admins\n- system:nodes\nkind: SecurityContextConstraints\nmetadata:\n annotations:\n kubernetes.io/description: \'privileged allows access to all privileged and host\n features and the ability to run as any user, any group, any fsGroup, and with\n any SELinux context. WARNING: this is the most relaxed SCC and should be used\n only for cluster administration. Grant with caution.\'\n creationTimestamp: 2016-05-05T13:30:06Z\n name: privileged\n resourceVersion: "371"\n selfLink: /api/v1/securitycontextconstraints/privileged\n uid: 7ae22005-12c5-11e6-9bc5-06174e73e52a\npriority: null\nreadOnlyRootFilesystem: false\nrequiredDropCapabilities: null\nrunAsUser:\n type: RunAsAny\nseLinuxContext:\n type: RunAsAny\nsupplementalGroups:\n type: RunAsAny\nusers:\n- system:serviceaccount:openshift-infra:build-controller\n- system:serviceaccount:management-infra:management-admin\n- system:serviceaccount:management-infra:inspector-admin\nvolumes:\n- \'*\'', 'item': 'privileged', 'changed': False, 'rc': 0, 'failed': False, 'warnings': [], 'delta': '0:00:00.264340', 'invocation': {'module_name': u'command', 'module_complex_args': {}, 'module_args': u'oc get scc privileged -o yaml'}, 'stdout_lines': ['allowHostDirVolumePlugin: true', 'allowHostIPC: true', 'allowHostNetwork: true', 'allowHostPID: true', 'allowHostPorts: true', 'allowPrivilegedContainer: true', 'allowedCapabilities: null', 'apiVersion: v1', 'defaultAddCapabilities: null', 'fsGroup:', ' type: RunAsAny', 'groups:', '- system:cluster-admins', '- system:nodes', 'kind: SecurityContextConstraints', 'metadata:', ' annotations:', " kubernetes.io/description: 'privileged allows access to all privileged and host", ' features and the ability to run as any user, any group, any fsGroup, and with', ' any SELinux context. WARNING: this is the most relaxed SCC and should be used', " only for cluster administration. Grant with caution.'", ' creationTimestamp: 2016-05-05T13:30:06Z', ' name: privileged', ' resourceVersion: "371"', ' selfLink: /api/v1/securitycontextconstraints/privileged', ' uid: 7ae22005-12c5-11e6-9bc5-06174e73e52a', 'priority: null', 'readOnlyRootFilesystem: false', 'requiredDropCapabilities: null', 'runAsUser:', ' type: RunAsAny', 'seLinuxContext:', ' type: RunAsAny', 'supplementalGroups:', ' type: RunAsAny', 'users:', '- system:serviceaccount:openshift-infra:build-controller', '- system:serviceaccount:management-infra:management-admin', '- system:serviceaccount:management-infra:inspector-admin', 'volumes:', "- '*'"], 'failed_when_result': False, 'start': '2016-05-05 13:31:49.952517'}]) changed: [li1491-86.members.linode.com] => (item=['registry', {'cmd': ['oc', 'get', 'scc', 'privileged', '-o', 'yaml'], 'end': '2016-05-05 13:31:50.216857', 'stderr': u'', 'stdout': 'allowHostDirVolumePlugin: true\nallowHostIPC: true\nallowHostNetwork: true\nallowHostPID: true\nallowHostPorts: true\nallowPrivilegedContainer: true\nallowedCapabilities: null\napiVersion: v1\ndefaultAddCapabilities: null\nfsGroup:\n type: RunAsAny\ngroups:\n- system:cluster-admins\n- system:nodes\nkind: SecurityContextConstraints\nmetadata:\n annotations:\n kubernetes.io/description: \'privileged allows access to all privileged and host\n features and the ability to run as any user, any group, any fsGroup, and with\n any SELinux context. WARNING: this is the most relaxed SCC and should be used\n only for cluster administration. Grant with caution.\'\n creationTimestamp: 2016-05-05T13:30:06Z\n name: privileged\n resourceVersion: "371"\n selfLink: /api/v1/securitycontextconstraints/privileged\n uid: 7ae22005-12c5-11e6-9bc5-06174e73e52a\npriority: null\nreadOnlyRootFilesystem: false\nrequiredDropCapabilities: null\nrunAsUser:\n type: RunAsAny\nseLinuxContext:\n type: RunAsAny\nsupplementalGroups:\n type: RunAsAny\nusers:\n- system:serviceaccount:openshift-infra:build-controller\n- system:serviceaccount:management-infra:management-admin\n- system:serviceaccount:management-infra:inspector-admin\nvolumes:\n- \'*\'', 'item': 'privileged', 'changed': False, 'rc': 0, 'failed': False, 'warnings': [], 'delta': '0:00:00.264340', 'invocation': {'module_name': u'command', 'module_complex_args': {}, 'module_args': u'oc get scc privileged -o yaml'}, 'stdout_lines': ['allowHostDirVolumePlugin: true', 'allowHostIPC: true', 'allowHostNetwork: true', 'allowHostPID: true', 'allowHostPorts: true', 'allowPrivilegedContainer: true', 'allowedCapabilities: null', 'apiVersion: v1', 'defaultAddCapabilities: null', 'fsGroup:', ' type: RunAsAny', 'groups:', '- system:cluster-admins', '- system:nodes', 'kind: SecurityContextConstraints', 'metadata:', ' annotations:', " kubernetes.io/description: 'privileged allows access to all privileged and host", ' features and the ability to run as any user, any group, any fsGroup, and with', ' any SELinux context. WARNING: this is the most relaxed SCC and should be used', " only for cluster administration. Grant with caution.'", ' creationTimestamp: 2016-05-05T13:30:06Z', ' name: privileged', ' resourceVersion: "371"', ' selfLink: /api/v1/securitycontextconstraints/privileged', ' uid: 7ae22005-12c5-11e6-9bc5-06174e73e52a', 'priority: null', 'readOnlyRootFilesystem: false', 'requiredDropCapabilities: null', 'runAsUser:', ' type: RunAsAny', 'seLinuxContext:', ' type: RunAsAny', 'supplementalGroups:', ' type: RunAsAny', 'users:', '- system:serviceaccount:openshift-infra:build-controller', '- system:serviceaccount:management-infra:management-admin', '- system:serviceaccount:management-infra:inspector-admin', 'volumes:', "- '*'"], 'failed_when_result': False, 'start': '2016-05-05 13:31:49.952517'}]) With this patch, the json is nicely indented and std{err,out} are properly printed by default with -v. | ||||
* | | | Merge pull request #2226 from smunilla/general_inventory_vars | Scott Dodson | 2016-07-27 | 1 | -16/+18 |
|\ \ \ | | | | | | | | | a-o-i: Move inventory vars to the correct location | ||||
| * | | | a-o-i: Move inventory vars to the correct location | Samuel Munilla | 2016-07-27 | 1 | -16/+18 |
| | | | | | | | | | | | | | | | | | | | | | | | | Several variables such as 'deployment_type' and 'ansible_config' were being set under a variable group for the last defined role instead of under OSEv3:vars. | ||||
* | | | | Merge pull request #963 from ibotty/rpm_q-module | Scott Dodson | 2016-07-27 | 1 | -0/+70 |
|\ \ \ \ | |_|_|/ |/| | | | add rpm_q module to query rpm database | ||||
| * | | | make rpm-q module pylint warning-free | Tobias Florek | 2016-07-18 | 1 | -2/+6 |
| | | | | |||||
| * | | | add rpm_q module to query rpm database | Tobias Florek | 2016-07-18 | 1 | -0/+66 |
| | | | | |||||
* | | | | Merge pull request #2219 from sdodson/portal_net | Scott Dodson | 2016-07-27 | 3 | -12/+17 |
|\ \ \ \ | | | | | | | | | | | Document openshift_portal_net | ||||
| * | | | | Document openshift_portal_net | Scott Dodson | 2016-07-26 | 3 | -12/+17 |
| | |/ / | |/| | | |||||
* / | | | Automatic commit of package [openshift-ansible] release [3.3.3-1]. | Troy Dawson | 2016-07-27 | 2 | -2/+45 |
|/ / / | |||||
* | | | Merge pull request #2205 from liangxia/fix-typo | Scott Dodson | 2016-07-26 | 1 | -1/+1 |
|\ \ \ | | | | | | | | | Fix "deloyment" typo in deployment types doc | ||||
| * | | | Fix "deloyment" typo in deployment types doc | liangxia | 2016-07-25 | 1 | -1/+1 |
| | | | | |||||
* | | | | Merge pull request #2213 from detiber/remove_old_metrics_role | Jason DeTiberus | 2016-07-26 | 13 | -274/+0 |
|\ \ \ \ | | | | | | | | | | | remove outdated openshift_cluster_metrics role | ||||
| * | | | | remove outdated openshift_cluster_metrics role | Jason DeTiberus | 2016-07-25 | 13 | -274/+0 |
| |/ / / | |||||
* | | | | Merge pull request #2216 from abutcher/fix-named-certs | Andrew Butcher | 2016-07-25 | 1 | -3/+3 |
|\ \ \ \ | |/ / / |/| | | | Fix named certificate directory path. | ||||
| * | | | Template named certificates with_items. | Andrew Butcher | 2016-07-25 | 1 | -2/+2 |
| | | | | |||||
| * | | | Replace master_cert_config_dir with common config_base fact. | Andrew Butcher | 2016-07-25 | 1 | -1/+1 |
|/ / / | |||||
* | | | Merge pull request #2196 from dgoodwin/nuke-images-symlink | Andrew Butcher | 2016-07-22 | 1 | -0/+1 |
|\ \ \ | | | | | | | | | Add missing nuke_images.sh symlink. | ||||
| * | | | Add missing nuke_images.sh symlink. | Devan Goodwin | 2016-07-22 | 1 | -0/+1 |
| | | | | |||||
* | | | | Merge pull request #2194 from smunilla/persist_roles | Scott Dodson | 2016-07-21 | 1 | -0/+3 |
|\ \ \ \ | | | | | | | | | | | a-o-i: Persist Roles Variables | ||||
| * | | | | a-o-i: Persist Roles Variables | Samuel Munilla | 2016-07-21 | 1 | -0/+3 |
| | | | | | | | | | | | | | | | | | | | | Previously, we we're saving the roles variables set during a run. | ||||
* | | | | | Merge pull request #1990 from abutcher/openshift-certificates | Scott Dodson | 2016-07-21 | 19 | -289/+349 |
|\ \ \ \ \ | | | | | | | | | | | | | Refactor openshift certificates roles. | ||||
| * | | | | | Re-arrange master and node role dependencies. | Andrew Butcher | 2016-07-20 | 4 | -3/+21 |
| | | | | | | |||||
| * | | | | | Refactor openshift certificates roles. | Andrew Butcher | 2016-07-20 | 19 | -287/+329 |
| | | | | | | |||||
* | | | | | | Merge pull request #2192 from abutcher/replicas | Scott Dodson | 2016-07-21 | 2 | -2/+2 |
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | | Bug 1358723 - openshift_hosted_router_replicas option didn't work | ||||
| * | | | | | Default nodes matching selectors when not collected. | Andrew Butcher | 2016-07-21 | 2 | -2/+2 |
| | | | | | | |||||
* | | | | | | Merge pull request #2168 from dgoodwin/container-cli-speed | Scott Dodson | 2016-07-21 | 7 | -46/+149 |
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | | Copy openshift binary instead of using wrapper script. | ||||
| * | | | | | Copy openshift binaries instead of using wrapper script. | Devan Goodwin | 2016-07-21 | 3 | -44/+135 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For containerized masters, we previously create a wrapper script to run the docker CLI image and clean up afterward, but this approach is much slower than having the binary on the native system. Instead we now use an ansible module to handle the logic of syncing the various OpenShift binaries and symlinks for client tools out onto the host. The module will correctly report changed if modifications were needed. Substantial speed improvement for containerized installs which requires many openshift/oc commands. | ||||
| * | | | | | Stop reporting changes when docker pull is already up to date. | Devan Goodwin | 2016-07-20 | 5 | -2/+14 |
| | | | | | | |||||
* | | | | | | Merge pull request #2187 from lhuard1A/bin_cluster_libvirt_ansible_2.1 | Jason DeTiberus | 2016-07-21 | 5 | -45/+27 |
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | | Fix libvirt provider for Ansible 2.1.0.0 | ||||
| * | | | | | Fix libvirt provider for Ansible 2.1.0.0 | Lénaïc Huard | 2016-07-21 | 5 | -45/+27 |
| | | | | | | |||||
* | | | | | | Merge pull request #2191 from abutcher/fix-path | Scott Dodson | 2016-07-21 | 1 | -1/+1 |
|\ \ \ \ \ \ | | | | | | | | | | | | | | | Correct relative include for ansible version check. | ||||
| * | | | | | | Correct relative include for ansible version check. | Andrew Butcher | 2016-07-21 | 1 | -1/+1 |
|/ / / / / / | |||||
* | | | | | | Merge pull request #2189 from abutcher/ansible-version-check | Andrew Butcher | 2016-07-20 | 8 | -5/+24 |
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | | Check ansible version prior to evaluating cluster hosts and groups. | ||||
| * | | | | | Check ansible version prior to evaluating cluster hosts and groups. | Andrew Butcher | 2016-07-20 | 8 | -5/+24 |
| | | | | | | |||||
* | | | | | | Merge pull request #2170 from smunilla/unattended_required_facts | Scott Dodson | 2016-07-20 | 1 | -8/+1 |
|\ \ \ \ \ \ | |/ / / / / |/| | | | | | a-o-i: Looser facts requirements for unattended | ||||
| * | | | | | a-o-i: Looser facts requirements for unattended | Samuel Munilla | 2016-07-18 | 1 | -8/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Loosen the facts requirements for unattended installs to allow the user to install with only 'connect_to' defined. | ||||
* | | | | | | Merge pull request #2185 from smunilla/role_vars | Scott Dodson | 2016-07-20 | 1 | -1/+2 |
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | | a-o-i: Write Role variable groups | ||||
| * | | | | | a-o-i: Write Role variable groups | Samuel Munilla | 2016-07-20 | 1 | -1/+2 |
|/ / / / / | | | | | | | | | | | | | | | | | | | | | Correct an error in the way we're writing out the variable group tags for host roles. | ||||
* | | | | | Merge pull request #2183 from dgoodwin/mismatch-msg | Scott Dodson | 2016-07-20 | 1 | -1/+1 |
|\ \ \ \ \ | | | | | | | | | | | | | Slight modification to error when using mismatched openshift_release. | ||||
| * | | | | | Slight modification to error when using mismatched openshift_release. | Devan Goodwin | 2016-07-20 | 1 | -1/+1 |
| | | | | | | |||||
* | | | | | | Merge pull request #2177 from sdodson/image-stream-sync | Scott Dodson | 2016-07-20 | 9 | -13/+284 |
|\ \ \ \ \ \ | | | | | | | | | | | | | | | Image stream sync, add jenkinstemplate | ||||
| * | | | | | | Add jenkinstemplate | Scott Dodson | 2016-07-19 | 2 | -0/+256 |
| | | | | | | | |||||
| * | | | | | | Sync latest image streams and templates | Scott Dodson | 2016-07-19 | 7 | -13/+28 |
| | | | | | | | |||||
* | | | | | | | Merge pull request #2181 from liangxia/fix-typo | Scott Dodson | 2016-07-20 | 1 | -1/+1 |
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | | fix "databcase" typo in example roles | ||||
| * | | | | | | fix "databcase" typo in example roles | liangxia | 2016-07-20 | 1 | -1/+1 |
|/ / / / / / | |||||
* | | | | | | Merge pull request #2179 from abutcher/router-cert-contents | Scott Dodson | 2016-07-19 | 1 | -2/+2 |
|\ \ \ \ \ \ | | | | | | | | | | | | | | | Check router certificate contents when securing router | ||||
| * | | | | | | Secure router only when openshift.hosted.router.certificate.contents exists. | Andrew Butcher | 2016-07-19 | 1 | -2/+2 |
| |/ / / / / |