summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #2228 from smunilla/arbitrary_host_varsScott Dodson2016-07-272-1/+8
|\ | | | | a-o-i: Support for arbitrary host-level variables
| * a-o-i: Support for arbitrary host-level variablesSamuel Munilla2016-07-272-1/+8
| | | | | | | | | | This allows the user to set a block containing any variables they want to set per-host instead of per-role.
* | Merge pull request #1861 from jpic/beautiful_outputScott Dodson2016-07-271-0/+60
|\ \ | | | | | | Beautiful -v output from ansible
| * | Beautiful -v output from ansiblejpic2016-07-271-0/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When supporting openshift-ansible, users share pastes like:: TASK: [openshift_serviceaccounts | Grant the user access to the privileged scc] *** changed: [li1491-86.members.linode.com] => (item=['router', {'cmd': ['oc', 'get', 'scc', 'privileged', '-o', 'yaml'], 'end': '2016-05-05 13:31:50.216857', 'stderr': u'', 'stdout': 'allowHostDirVolumePlugin: true\nallowHostIPC: true\nallowHostNetwork: true\nallowHostPID: true\nallowHostPorts: true\nallowPrivilegedContainer: true\nallowedCapabilities: null\napiVersion: v1\ndefaultAddCapabilities: null\nfsGroup:\n type: RunAsAny\ngroups:\n- system:cluster-admins\n- system:nodes\nkind: SecurityContextConstraints\nmetadata:\n annotations:\n kubernetes.io/description: \'privileged allows access to all privileged and host\n features and the ability to run as any user, any group, any fsGroup, and with\n any SELinux context. WARNING: this is the most relaxed SCC and should be used\n only for cluster administration. Grant with caution.\'\n creationTimestamp: 2016-05-05T13:30:06Z\n name: privileged\n resourceVersion: "371"\n selfLink: /api/v1/securitycontextconstraints/privileged\n uid: 7ae22005-12c5-11e6-9bc5-06174e73e52a\npriority: null\nreadOnlyRootFilesystem: false\nrequiredDropCapabilities: null\nrunAsUser:\n type: RunAsAny\nseLinuxContext:\n type: RunAsAny\nsupplementalGroups:\n type: RunAsAny\nusers:\n- system:serviceaccount:openshift-infra:build-controller\n- system:serviceaccount:management-infra:management-admin\n- system:serviceaccount:management-infra:inspector-admin\nvolumes:\n- \'*\'', 'item': 'privileged', 'changed': False, 'rc': 0, 'failed': False, 'warnings': [], 'delta': '0:00:00.264340', 'invocation': {'module_name': u'command', 'module_complex_args': {}, 'module_args': u'oc get scc privileged -o yaml'}, 'stdout_lines': ['allowHostDirVolumePlugin: true', 'allowHostIPC: true', 'allowHostNetwork: true', 'allowHostPID: true', 'allowHostPorts: true', 'allowPrivilegedContainer: true', 'allowedCapabilities: null', 'apiVersion: v1', 'defaultAddCapabilities: null', 'fsGroup:', ' type: RunAsAny', 'groups:', '- system:cluster-admins', '- system:nodes', 'kind: SecurityContextConstraints', 'metadata:', ' annotations:', " kubernetes.io/description: 'privileged allows access to all privileged and host", ' features and the ability to run as any user, any group, any fsGroup, and with', ' any SELinux context. WARNING: this is the most relaxed SCC and should be used', " only for cluster administration. Grant with caution.'", ' creationTimestamp: 2016-05-05T13:30:06Z', ' name: privileged', ' resourceVersion: "371"', ' selfLink: /api/v1/securitycontextconstraints/privileged', ' uid: 7ae22005-12c5-11e6-9bc5-06174e73e52a', 'priority: null', 'readOnlyRootFilesystem: false', 'requiredDropCapabilities: null', 'runAsUser:', ' type: RunAsAny', 'seLinuxContext:', ' type: RunAsAny', 'supplementalGroups:', ' type: RunAsAny', 'users:', '- system:serviceaccount:openshift-infra:build-controller', '- system:serviceaccount:management-infra:management-admin', '- system:serviceaccount:management-infra:inspector-admin', 'volumes:', "- '*'"], 'failed_when_result': False, 'start': '2016-05-05 13:31:49.952517'}]) changed: [li1491-86.members.linode.com] => (item=['registry', {'cmd': ['oc', 'get', 'scc', 'privileged', '-o', 'yaml'], 'end': '2016-05-05 13:31:50.216857', 'stderr': u'', 'stdout': 'allowHostDirVolumePlugin: true\nallowHostIPC: true\nallowHostNetwork: true\nallowHostPID: true\nallowHostPorts: true\nallowPrivilegedContainer: true\nallowedCapabilities: null\napiVersion: v1\ndefaultAddCapabilities: null\nfsGroup:\n type: RunAsAny\ngroups:\n- system:cluster-admins\n- system:nodes\nkind: SecurityContextConstraints\nmetadata:\n annotations:\n kubernetes.io/description: \'privileged allows access to all privileged and host\n features and the ability to run as any user, any group, any fsGroup, and with\n any SELinux context. WARNING: this is the most relaxed SCC and should be used\n only for cluster administration. Grant with caution.\'\n creationTimestamp: 2016-05-05T13:30:06Z\n name: privileged\n resourceVersion: "371"\n selfLink: /api/v1/securitycontextconstraints/privileged\n uid: 7ae22005-12c5-11e6-9bc5-06174e73e52a\npriority: null\nreadOnlyRootFilesystem: false\nrequiredDropCapabilities: null\nrunAsUser:\n type: RunAsAny\nseLinuxContext:\n type: RunAsAny\nsupplementalGroups:\n type: RunAsAny\nusers:\n- system:serviceaccount:openshift-infra:build-controller\n- system:serviceaccount:management-infra:management-admin\n- system:serviceaccount:management-infra:inspector-admin\nvolumes:\n- \'*\'', 'item': 'privileged', 'changed': False, 'rc': 0, 'failed': False, 'warnings': [], 'delta': '0:00:00.264340', 'invocation': {'module_name': u'command', 'module_complex_args': {}, 'module_args': u'oc get scc privileged -o yaml'}, 'stdout_lines': ['allowHostDirVolumePlugin: true', 'allowHostIPC: true', 'allowHostNetwork: true', 'allowHostPID: true', 'allowHostPorts: true', 'allowPrivilegedContainer: true', 'allowedCapabilities: null', 'apiVersion: v1', 'defaultAddCapabilities: null', 'fsGroup:', ' type: RunAsAny', 'groups:', '- system:cluster-admins', '- system:nodes', 'kind: SecurityContextConstraints', 'metadata:', ' annotations:', " kubernetes.io/description: 'privileged allows access to all privileged and host", ' features and the ability to run as any user, any group, any fsGroup, and with', ' any SELinux context. WARNING: this is the most relaxed SCC and should be used', " only for cluster administration. Grant with caution.'", ' creationTimestamp: 2016-05-05T13:30:06Z', ' name: privileged', ' resourceVersion: "371"', ' selfLink: /api/v1/securitycontextconstraints/privileged', ' uid: 7ae22005-12c5-11e6-9bc5-06174e73e52a', 'priority: null', 'readOnlyRootFilesystem: false', 'requiredDropCapabilities: null', 'runAsUser:', ' type: RunAsAny', 'seLinuxContext:', ' type: RunAsAny', 'supplementalGroups:', ' type: RunAsAny', 'users:', '- system:serviceaccount:openshift-infra:build-controller', '- system:serviceaccount:management-infra:management-admin', '- system:serviceaccount:management-infra:inspector-admin', 'volumes:', "- '*'"], 'failed_when_result': False, 'start': '2016-05-05 13:31:49.952517'}]) With this patch, the json is nicely indented and std{err,out} are properly printed by default with -v.
* | | Merge pull request #2226 from smunilla/general_inventory_varsScott Dodson2016-07-271-16/+18
|\ \ \ | | | | | | | | a-o-i: Move inventory vars to the correct location
| * | | a-o-i: Move inventory vars to the correct locationSamuel Munilla2016-07-271-16/+18
| | | | | | | | | | | | | | | | | | | | | | | | Several variables such as 'deployment_type' and 'ansible_config' were being set under a variable group for the last defined role instead of under OSEv3:vars.
* | | | Merge pull request #963 from ibotty/rpm_q-moduleScott Dodson2016-07-271-0/+70
|\ \ \ \ | |_|_|/ |/| | | add rpm_q module to query rpm database
| * | | make rpm-q module pylint warning-freeTobias Florek2016-07-181-2/+6
| | | |
| * | | add rpm_q module to query rpm databaseTobias Florek2016-07-181-0/+66
| | | |
* | | | Merge pull request #2219 from sdodson/portal_netScott Dodson2016-07-273-12/+17
|\ \ \ \ | | | | | | | | | | Document openshift_portal_net
| * | | | Document openshift_portal_netScott Dodson2016-07-263-12/+17
| | |/ / | |/| |
* / | | Automatic commit of package [openshift-ansible] release [3.3.3-1].Troy Dawson2016-07-272-2/+45
|/ / /
* | | Merge pull request #2205 from liangxia/fix-typoScott Dodson2016-07-261-1/+1
|\ \ \ | | | | | | | | Fix "deloyment" typo in deployment types doc
| * | | Fix "deloyment" typo in deployment types docliangxia2016-07-251-1/+1
| | | |
* | | | Merge pull request #2213 from detiber/remove_old_metrics_roleJason DeTiberus2016-07-2613-274/+0
|\ \ \ \ | | | | | | | | | | remove outdated openshift_cluster_metrics role
| * | | | remove outdated openshift_cluster_metrics roleJason DeTiberus2016-07-2513-274/+0
| |/ / /
* | | | Merge pull request #2216 from abutcher/fix-named-certsAndrew Butcher2016-07-251-3/+3
|\ \ \ \ | |/ / / |/| | | Fix named certificate directory path.
| * | | Template named certificates with_items.Andrew Butcher2016-07-251-2/+2
| | | |
| * | | Replace master_cert_config_dir with common config_base fact.Andrew Butcher2016-07-251-1/+1
|/ / /
* | | Merge pull request #2196 from dgoodwin/nuke-images-symlinkAndrew Butcher2016-07-221-0/+1
|\ \ \ | | | | | | | | Add missing nuke_images.sh symlink.
| * | | Add missing nuke_images.sh symlink.Devan Goodwin2016-07-221-0/+1
| | | |
* | | | Merge pull request #2194 from smunilla/persist_rolesScott Dodson2016-07-211-0/+3
|\ \ \ \ | | | | | | | | | | a-o-i: Persist Roles Variables
| * | | | a-o-i: Persist Roles VariablesSamuel Munilla2016-07-211-0/+3
| | | | | | | | | | | | | | | | | | | | Previously, we we're saving the roles variables set during a run.
* | | | | Merge pull request #1990 from abutcher/openshift-certificatesScott Dodson2016-07-2119-289/+349
|\ \ \ \ \ | | | | | | | | | | | | Refactor openshift certificates roles.
| * | | | | Re-arrange master and node role dependencies.Andrew Butcher2016-07-204-3/+21
| | | | | |
| * | | | | Refactor openshift certificates roles.Andrew Butcher2016-07-2019-287/+329
| | | | | |
* | | | | | Merge pull request #2192 from abutcher/replicasScott Dodson2016-07-212-2/+2
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Bug 1358723 - openshift_hosted_router_replicas option didn't work
| * | | | | Default nodes matching selectors when not collected.Andrew Butcher2016-07-212-2/+2
| | | | | |
* | | | | | Merge pull request #2168 from dgoodwin/container-cli-speedScott Dodson2016-07-217-46/+149
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Copy openshift binary instead of using wrapper script.
| * | | | | Copy openshift binaries instead of using wrapper script.Devan Goodwin2016-07-213-44/+135
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For containerized masters, we previously create a wrapper script to run the docker CLI image and clean up afterward, but this approach is much slower than having the binary on the native system. Instead we now use an ansible module to handle the logic of syncing the various OpenShift binaries and symlinks for client tools out onto the host. The module will correctly report changed if modifications were needed. Substantial speed improvement for containerized installs which requires many openshift/oc commands.
| * | | | | Stop reporting changes when docker pull is already up to date.Devan Goodwin2016-07-205-2/+14
| | | | | |
* | | | | | Merge pull request #2187 from lhuard1A/bin_cluster_libvirt_ansible_2.1Jason DeTiberus2016-07-215-45/+27
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Fix libvirt provider for Ansible 2.1.0.0
| * | | | | Fix libvirt provider for Ansible 2.1.0.0Lénaïc Huard2016-07-215-45/+27
| | | | | |
* | | | | | Merge pull request #2191 from abutcher/fix-pathScott Dodson2016-07-211-1/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | Correct relative include for ansible version check.
| * | | | | | Correct relative include for ansible version check.Andrew Butcher2016-07-211-1/+1
|/ / / / / /
* | | | | | Merge pull request #2189 from abutcher/ansible-version-checkAndrew Butcher2016-07-208-5/+24
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Check ansible version prior to evaluating cluster hosts and groups.
| * | | | | Check ansible version prior to evaluating cluster hosts and groups.Andrew Butcher2016-07-208-5/+24
| | | | | |
* | | | | | Merge pull request #2170 from smunilla/unattended_required_factsScott Dodson2016-07-201-8/+1
|\ \ \ \ \ \ | |/ / / / / |/| | | | | a-o-i: Looser facts requirements for unattended
| * | | | | a-o-i: Looser facts requirements for unattendedSamuel Munilla2016-07-181-8/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Loosen the facts requirements for unattended installs to allow the user to install with only 'connect_to' defined.
* | | | | | Merge pull request #2185 from smunilla/role_varsScott Dodson2016-07-201-1/+2
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | a-o-i: Write Role variable groups
| * | | | | a-o-i: Write Role variable groupsSamuel Munilla2016-07-201-1/+2
|/ / / / / | | | | | | | | | | | | | | | | | | | | Correct an error in the way we're writing out the variable group tags for host roles.
* | | | | Merge pull request #2183 from dgoodwin/mismatch-msgScott Dodson2016-07-201-1/+1
|\ \ \ \ \ | | | | | | | | | | | | Slight modification to error when using mismatched openshift_release.
| * | | | | Slight modification to error when using mismatched openshift_release.Devan Goodwin2016-07-201-1/+1
| | | | | |
* | | | | | Merge pull request #2177 from sdodson/image-stream-syncScott Dodson2016-07-209-13/+284
|\ \ \ \ \ \ | | | | | | | | | | | | | | Image stream sync, add jenkinstemplate
| * | | | | | Add jenkinstemplateScott Dodson2016-07-192-0/+256
| | | | | | |
| * | | | | | Sync latest image streams and templatesScott Dodson2016-07-197-13/+28
| | | | | | |
* | | | | | | Merge pull request #2181 from liangxia/fix-typoScott Dodson2016-07-201-1/+1
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | fix "databcase" typo in example roles
| * | | | | | fix "databcase" typo in example rolesliangxia2016-07-201-1/+1
|/ / / / / /
* | | | | | Merge pull request #2179 from abutcher/router-cert-contentsScott Dodson2016-07-191-2/+2
|\ \ \ \ \ \ | | | | | | | | | | | | | | Check router certificate contents when securing router
| * | | | | | Secure router only when openshift.hosted.router.certificate.contents exists.Andrew Butcher2016-07-191-2/+2
| |/ / / / /