| Age | Commit message (Collapse) | Author |
|---|
|
Use wait_for_connection for the Heat nodes
|
|
https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_master_facts/tasks/main.yml#L73
|
|
|
|
The `wait_for_connection` module is more reliable as it uses Ansible's `ping`
to verify the nodes are really accessible. Using `wait_for` and checking that
port 22 is open runs into the possibility of SSH being up but the public keys
or users not being set up yet (as that's done with cloud-init).
In addition, we were gathering facts before running the wait_for task which
rendered it useless.
|
|
Set the mapping method to claim like it is set for the deployment.
Mapping method true is invalid and the ansible playbook will error out.
|
|
|
|
Modify sec groups for provisioned openstack servers
|
|
List jinja2 as a dependency in provisioning README
|
|
Put back node/flat secgrp for infra nodes on openstack
|
|
Partially undo 2028883e936c8a1a0be031a19d531d0804a32b68
to unblock end-to-end deployments
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
adding missing playbooks
|
|
|
|
|
|
|
|
|
|
* fix add-node functionality and finalize crs changes
* nfs_host var change
* remove ssh key
* fixing lint issues
* fixing lint issues
|
|
* Add ansibledeployocp to support ansible deployment of arm template
* Change to example
|
|
* Added ovirt-ansible roles to path for rhv
* Added example playbooks from ovirt-ansible repo
* Fixed yamllint errors
* Automated inventory from gh://ansible/ansible/contrib/inventory
* Better example URL for qcow
* Example ini script to work with dynamic inventory
|
|
Add node_removal_policies variable to openstack provisioning to allow for scaling down
|
|
all.yml: removed whitespaces in front of variables
|
|
Drop ingress DNS rules from the common secgrp.
Add an ingress ICMP rule, restricted by the ssh ingress cidr,
to the common secgrp. This allows to ping servers from the
control node (ansible admin node).
Add dns servers into the common secgrp as well.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
|
|
OSEv3.yml: added option to ignore set hardware limits for RAM and DISK
|
|
Fix flat sec group and infra/dns sec rules
|
|
|
|
|
|
|
|
Make flat sec group to only merge node/master/etcd sec rules.
Add basic dns/ssh sec group and assign it to all but dns node groups.
Assign only dns sec group for dns nodes.
Assign only infra (and basic) sec groups for ingra nodes.
Add security notes for openstack provider.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
use hostname var instead of url
|
|
|
|
|
|
|
|
* spacing and formatting issues
* trailing-spaces-fix
* changing the tags around and adding additional documentation
* add placeholder in readme.md
* Update main.yaml
|
|
* spacing and formatting issues
* trailing-spaces-fix
|
|
Prohibit sudoing for localhost played tasks, like DNS setup.
Re-use cached facts to speed up deployment.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
* adding crs finished and heketi customizations
* removing some duplicate haproxy files
* fix lint CI issues
* fix more lint CI issues
|
|
Tune an example ansible.cfg to include
tasks profiling info and improve displaying
of skipped tasks.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
|
|
Openstack provider
|
|
This reverts commit 94756e66352439d48e5d02b461679bd0f1e121cb.
|
|
* First cut at the rhc-ose-ansible structure
* New OSE3 docker host builder and OpenStack ansible provisioning support
* Support for supplying flavor name and moved around variables
* Refactored OpenStack provisioning to be a generic role. Created OpenShift specific playbook
* Registry Role for ansible playbooks
* Added immediate=yes to have firwalld port take affect; restructured registry role; changed true to yes in module parameters
* added post_install role
* adding playbook
* Migration of CICD server provisioning to Ansible
* Adding nginx auth layer
* Removing key name from registry
* Refactoring and renaming
* adding openshift-ansible's post install roles
* removing deprecated files
* Shell for role variable info
* removing extra files
* Add OpenStack SSH key parameter check
* Replacing yum commands and normalizing comments
* fixed README
* Renaming template files with .j2 for clarity
* Add OpenStack security group detection and creation resolves #106
* Change to using split to iterate and SSH rule create only once
* Reorder instances names to sort by env_id
* Change default_env_id of "testenv" to local env OS_USERNAME resolves #142
* Prepend 'casl' to default_env_id
* Add connection test to OpenStack before proceeding
* First cut at DNS ansible roles
* Updated defaults and tasks for dns-server
* Add subscription-manager support for Hosted or Satellite
* Refactor role to dynamically determine rhsm_method
* Removes rhsm_method
* Renames rhsm_server to rhsm_satellite
* Add additional pre_task checks (hosted + key)
* Change conditionals from rhsm_method check to rhsm_satellite defined
* Change repos disable/enable from key to if repos are defined
* Update README and examples in inventory file
* Fix bad syntax with extra 'and' in when using rhsm_pool
* Refactor use of rhsm_password to prevent display to CLI
* Cosmetic changes to task names and move yum clean all to prereqs
* Remove vars_prompt, add info to README to re-enable and for ansible-vault
* Add openstack pre_tasks and ansible_sudo when calling role
* Add deprovision playbook using nova list with sanity checks
- Add minimum length check for env_id
- Add max_instances check
- Remove dynamic openstack.py inventory
- Add override to bypass checks
* Refactor debug flag to be dry_run and other small changes
- Removed debug statements and instead display on pause prompt
- Moved to playbooks directory
* Add ansible_sudo: true to subscription-manager task
* This matches PR#133 enabling ansible_sudo: true when calling that role
* Also changes max_instances check from >= to just > to allow 2 full default environments to be removed (6 max_instances)
* Updated to fix broken/missing 'defaults'...
* Add unique image logic and rename playbook to terminate.yml
* Add OSE provision prerequisites
- Install required packages
- Update pacakges (moved from main.yml)
- Install and disable firewalld
- Install iptables-services and disable iptables
- Verify and set hostname if needed
* Add SELinux check and fail if not enforcing
* Remove getenforce and firewall tasks and use facts
- Uses Ansible collected facts to determine SELinux status
- Adds ansible_sudo: true when calling role
- Adds tag to role when calling it
* Add docker role
- Largely taken from cicd docker.yml
- Changed to using a template for docker-storage-setup
- Using variables for both DEV and VG defined in defaults
- Using pvs command to check for use of DEV and VG before proceeding
* Add org parameter to Satellite with user/pass
* Fix typo in task name
* Updated dns-server role based on feedback
* Changes by JayKayy for a full provision of OpenShift on OpenStack
* Role for disconnected git server
* Added additional yum dependency and corrected spelling
* Added example of disconnected git inventory file
* Changes to allow runs from inside a container. Also allows for running upstream openshift-ansible installer
* Reverting previous commit and making template adjustments
* Subscription manager role should accomodate orgs with spaces
* Fixing unescaped newline
* Channging hard coded host groups to match openshift-ansible expected host groups. Importing byo playbook now instead of nested ansible run. Need to refactor how we generate hostnames to make it fit this.
* Updated to run as root rather than cloud-user, for now...
* Updated inventory template to include openshift_hostname and openshift_public_hostname
* Wrapping in a script to tie the two playbooks together
* Updating ose-provision with DNS workarounds / fixes
* Removed spaces causing issues...
* DNS fix to support OSEv3.2
* Add floating IP support when using Neutron
* Updated to remove repos from playbook + fix typo
* Cleande up hostname role to make it more generic
* Image name for DNS server becomes configurable.
* Updated inventory and template file to make cluster config optional
* Removing temporary file
* Loosen up the DNS server a bit to allow for ETL OSP installs
* Re-implements original subscription-manager role invokation that was
removed in PR# 168.
* Enhanced provisioning script with better error checking, diretory awareness, and improved help output
* Should be looking for generated inventory file in SCRIPTS_BASE_DIR
* Add Neutron floating IP support for Issue #195
* Add check for and set_fact if Neutron is in use which is used by several tasks
* This PR was originally longer and contained the now split off PR #197
* first attempt at securing the registry
* Minor updates for ansible 2.1 compatibility
* Updated CICD implementation to support ETL OSP env
* Updated OSE inventory file with some clean-up
* Add enhancements for for terminate playbook
* Fixes Issue #206
* Add check for valid item when attempting to delete objects
* Add debug on all variables when using dry_run
* Changed default ansible_ssh_user to cloud-user in line with standard cloud guest image
* Add count for ips and volumes to display since these may not always be the same as instance count
* Enhance displayed warning/note message to include new counts
* It is possible for an instance to not have a floating IP for whatever reason (such as manually deallocating or releasing the IP), in this case SSH will not work to the instance so it will not be included in the host group to attempt subscription manager unregister, but will still be deleted
* It is possible that an instance will have a volume created but not attached. In this case as a precautionary measure I am excluding these unattached volumes from the deletion in case this was intentionally detached to preserve data. We can further discuss if this should be a parameter to override instead or if we need to change this behavior.
* Excluded instances in ERROR state as they will most likely not delete. We can discuss if this should be parameterized instead.
* Added prompt variable defaulted to true but can be set to false
* Added unregister variable defaulted to true but can be set to false
* Adding NFS support and fixing template labels so we get a router and registry out of the box.
* testing changes
* tested changes
* fixing defaults and removing host from test playbook
* adding clenaup test book and fixed typo
* Allow passing of ansible extra-vars in provisioning script
* Change --environment to --extra-vars and add usage.
* added check for already secured registry and uses actualy openshift_common dependency
* fixed readiness probe by adding logic for 3.1 vs 3.2
* Fix malformed file to address Issue #210
* Pulling out file paths into variables to account for containerized installs
* fixed error message logic for already secured registry
* added tasks to disable and re-enable deployment triggers, remove debug task
* Fixes Issue #163 if rhsm_password is not defined
* Adding a post-install playbook with secure-registry and ssh key sync.
* Node storage now uses node specific storage var; search for generated inventory file sorts by timestamp not name
* Initial commit exposing registry service
* move registry_hostname to inventory
* Updated env_id to be a sub-domain + make the logic a bit more flexible
* Enabled default subdomain/'apps'
* Updated inventory template file to include 'openshift_deployment_type'
* Adding LDAP and HTPasswd examples for an auth provider to base inventory file
* Fixing port number in LDAP example
* Refactor OpenStack security group creation
* Adds new openstack-security-groups role
* Addresses Issue #211 and adds all instances to default group
* Defines default security group variable with all groups/rules
* Sets security group variables per type (master,node,nfs,dns)
* Supports specifying no security group for a type (e.g. nfs)
* Uses new Ansible 2.x modules
* Refactor to playbook and split data structure out
* Split single security group variable into one per type
* Moves 'default' security group from role into variable
* Moves default security group variables back to openshift-common role
* Converts openstack-security-group role into playbook
* Playbook called on every openstack-create invocation as before
* Simplifies security group tasks and removes type bhecking
* Iterate through seucrity groups and build a comma-separated list of groups
* Add detection of non-Neutron env
* Add UDP 8053 to default master security group
* Adjusting docker role, adding support for logging/metrics, and updating client container
* OpenShift Management Role
* Fixing ansible impl to work with OSP9 and ansible 2.2
* Correcting formatting
* Added process / contribution info
* Updated default security group rules (#7)
* Openstack heat (#2)
* Adding a role to invoke openstack heat
* Adding readme
* Pulling parameters out to inventory file
* start of end-to-end playbook
* More enhancements and refactoring to make dynamic inventory the driver for an openshift install
* Switching to variable substituted path to config.yaml playbook
* Changes to allow defining of number of nodes/infranodes.
* Added labels to inventory
* Start of end-to-end functionality
* Enhancements to support openstack heat provisioning
* Updating inventory sample to remove some deprecation warnings
* Working towards making the secure-registry role 'become' aware
* Fixing node labels and removing secure-registry as it's no longer needed
* No longer need insecure registry line, as installer will secure our registry
* Adjusted dynamic inventory to filter by clusterid
* Minor updates to dynamic inventory bug
* Adding a refactored sample inventory directory
* Refactoring playbooks for better directory structure, and to narrow down host groups
* Adding volume mounts to heat template
* Moving dns playbooks back to original location
* Fixing incorrect file path
* Cleaning up inventory samples
* One more hostname to clean up
* Changing var name
* changed openshift-provision to openshift-prep
* Adjusting current provision script to avoid breakage by new openstack-heat code
* Updating PR Template with Team mention (#10)
* Install playbook defaults to the assumption that casl-ansible and openshift-ansible are checked out to the same directory
* Removing unnecessary task
* Fixing two significant bugs in the HEAT deployment (#13)
* Updated values in sample inventory (#17)
* Adding documentation and docker containers so others can begin testin… (#16)
* Adding documentation and docker containers so others can begin testing cluster provisioning
* Making updates per comments by @oybed
* Fixing formatting changes for links
* Renaming openstack images to align with CoP naming (#18)
* Defaulting the DNS instance to a small flavor (#20)
* Nagios (#11)
* First cut at the nagios work
* Added NRPE service enabled
* Updated implementation to be a bit more flexible
* Updated logic to include checks for services
* Added support for DNS and NFS checks
* Updated templates and config files
* Updated check_service script to simplify and avoid false negatives
* Added support for OpenShift checks
* Added README for the playbook
* Updated README
* DNS server should NOT run docker (#25)
* Readme (#26)
* Updated documentation and example inventory
* Update README.md
Added "hint"
* Update README.md
Fix numbering in the markdown
* Update README.md
* Added docker_volume_size to the sample inventory
* Added rhsm_pool to the sample inventory
* Updated README per comments
* Ensure DNS configuration has wildcards set for infra nodes (#24)
* Ensure DNS configuration has wildcards set for infra nodes
* Updated to include all cluster hosts for DNS entries
* Updated DNS server role + example playbook (#27)
* Updated DNS server role + example playbook
* Updated DNS server role + example playbook
* Dns selinux (#28)
* Updated DNS server role + example playbook
* Updated DNS server role + example playbook
* Updated for SELinux boolean
* Openshift mgmt (#30)
Added prune_projects to the openshift-management role along with Ansible tower support
* Created initial CHANGELOG.md
* Updating to development release of ansible 2.3.0 to pull down bug fixes in HEAT module (#21)
* Workaround for Ansible 2.3 breakage (#31)
* Added quotes where needed and fixed some other minor bugs (#33)
* Fixing awk check (#34)
* Updating client image to lock it to ansible 2.3 and install some addi… (#32)
* Updating client image to lock it to ansible 2.3 and install some additional dependencies
* First attempt at a docker-compose based solution
* Renaming image
* Stack refactor (#38)
* Refactored openstack-stack role to:
- Convert static heat template files to ansible templates
- Include native ansible groups via openstack metadata. This removes the need for a playbook to map host groups
- Some code cleanup
* Deleting commentd out code and irrelevant plays
* Refactored openstack-stack role to:
- Convert static heat template files to ansible templates
- Include native ansible groups via openstack metadata. This removes the need for a playbook to map host groups
- Some code cleanup
* Deleting commentd out code and irrelevant plays
* Replacing stack parameters with jinja expressions
* Updating sample inventory to work with latest dynamic inventory changes
* updating inventory with host group mapping. making sync keys optional
* Missing cluster_hosts group
* Updating to add infra_hosts
* Updating inventory per comments from oybed and sabre1041
* First attempt at a simple multi-master support (#39)
* First attempt at a simple multi-master support
* Removing unneeded inventory
* adding default number of masters and lower number of nodes
* Some fixes (#41)
* Fix the sample inventory
The `openstack_nameservers` variable needs to be a list of strings, we
need to set the Openshift labels in OSv3.yml and we show an example of
using the username/password/poll for RHEL subscriptions.
* Update the READMEs
This fixes some of the paths, explains that we need to pass
`openstack_ssh_public_key` to the end-to-end playbook and includes the
full Docker command since there is no `run.sh` script. Oh and Heat is
not an acronym :).
* Fixes to the readme and inventory
* Use docker-compose
* Correcting the sample inventory for an HA cluster (#40)
* Correcting the sample inventory for an HA cluster
* Adding node label mapping
* Updating to mre generic IPs
* Updating to OSP ocata repo, as there are some bugs with newton's channel (#44)
* Use the correct variable name in create_users (#43)
The user creation was failing, because it was looking for the
`demo_users` variable while the samples put the data under
`create_users`.
* Upgrading jinja2 to work correctly with latest templates (#45)
* Fix rpm deps (#46)
* Upgrading jinja2 to work correctly with latest templates
* Updated to solve rpm deps + other version issues
* Clean-up
* Updating control-host settings and env
* Updating control-host settings and env
* Updating README and names to align across all components
* Setting the TERM var for better shell experience
* Conditionally set the openshift_master_default_subdomain to avoid overriding it unecessary (#47)
* Update README.md
* Update CASL to use nsupdate for DNS records (#48)
* Updated to use nsupdate for DNS records
* Updated formatting of dict
* Updating descriptive text
* Support for external DNS config
* Upgrading jinja2 to work correctly with latest templates
* Latest update for nsupdate
* Updated to use nsupdate for DNS records
* Updated formatting of dict
* Updating descriptive text
* Support for external DNS config
* Latest update for nsupdate
* Updated to support external public/private DNS server(s)
* Updated DNS server handling
* Updated DNS server handling
* Updated DNS server handling
* Eliminated the from the sample inventories
* Updated sample inventory to point to 2 separate DNS servers for private/public
* Playbook clean-up
* Adding 'python-dns'
* splitting subscription manager calls to allow for a clean pre-install playbook
* Move the openstack provisioning playbooks
They'll live in playbooks/provisioning/openstack from now on.
* Add a single provisioning playbook
* Symlink roles to provisioning/openstack/roles
* Add a sample inventory for openstack provisioning
* Add license for openstack.py in inventory
It's under the GPLv3+ while the rest of the repo is Apache 2.
* Add readme
* Move pre_tasks from to the openstack provisioner
We should probably not pollute the role namespace with a name as common
as "common". Moving the pre_task.yml to provisioners/openstack instead.
* Add default values to provision-openstack.yml
* Fix privileges in the pre-install playbook
* Always let the openshift nodes access the DNS
When `node_ingress_cidr` to limit the IP range for the DNS server, this
can prevent the actual openshift nodes from accessing it as well.
This commit makes the access from the `openstack_subnet_prefix` always
pass through and uses `node_ingress_cidr` for additional
access control.
* Add a flat sec group for openstack provider
Add a openstack_flat_secgroup, defaults to False.
When set, merges sec rules for master, node, etcd, infra nodes into a
single group. Less secure, but might help to mitigate quota limitations.
Update docs. Use timeout 30s to mitigate the error:
Timeout (12s) waiting for privilege escalation prompt.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Add ansible.cfg for openstack provider
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Drop atomic-openshift-utils, update docs for origin
TODO use with
when: ansible_distribution == 'CentOS'
Also update docs for origin
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Gather facts for provision playbook
Provision tasks use facts like ansible_hostname and few others.
W/o gathering facts, those expire, and the provision playbook cannot
be reapplied in order to update the existing heat stack.
Refresh the facts cache by specifying gather_facts: true.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* Update sample inventory with the latest changes
* Fix yamllint errors
* Remove the extraneous DNS directory
It's a CASL-specific helper, not necessary for the provisioning
playbooks.
* Fix flake8 errors with the openstack inventory
|
|
|
|
It's a CASL-specific helper, not necessary for the provisioning
playbooks.
|
|
|
|
* Prefer RPM installer
* Use symlink instead of two different include paths for installer playbook
* Update ansible config file
Even if rpm is installed, we use symlink to point to it, so no need to include
it specifically.
|
|
|
|
Remove cockpit from Azure loadbalancers
|
|
Clarified template output
|
|
Static inventory file can now be created with:
```
./gcloud.sh --static-inventory
```
It will be placed in `ansible` folder with `static-inventory` filename.
resolves: #448
|
