summaryrefslogtreecommitdiffstats
path: root/roles/openshift_node_certificates
Commit message (Collapse)AuthorAgeFilesLines
* Lowercase node names when creating certificatesVadim Rutkovsky2018-01-232-11/+11
|
* Remove become=no from various roles and tasksMichael Gugino2018-01-051-12/+3
| | | | | | | | | | | | | | | | | etcd runs some actions locally to copy certs from the CA cert host. This commit ensures that we respect the end user's intended behavior with become when using 'anisble_become' in the inventory. Other roles with similar tasks have been modified in the same manner. We shouldn't hard-code become behavior as it can be unexpected for the end user. This only currently works in the CI because the CI passes the '-b' argument on the command line, which will override the task behavior.
* Cast openshift_docker_use_system_container to boolMichael Gugino2018-01-021-1/+1
| | | | | | | | | | | | | openshift_docker_use_system_container might be passed in via ini inventory as 'openshift_docker_use_system_container=false' This condition will be interpreted as a string type, instead of boolean. Casting openshift_docker_use_system_container as bool will achieve the users desired intent. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1528943
* Remove openshift.common.{is_atomic|is_containerized}Michael Gugino2017-12-201-2/+2
| | | | | We set these variables using facts in init, no need to duplicate the logic all around the codebase.
* Relocate filter plugins to lib_utilsMichael Gugino2017-12-182-8/+9
| | | | | | | | | | | | | | This commit relocates filter_plugings to lib_utils, changes the namespacing to prevent unintended use of older versions that may be present in filter_plugins/ directory on existing installs. Add lib_utils to meta depends for roles Also consolidate some plugins into lib_utils from various other areas. Update rpm spec, obsolete plugin rpms.
* Deprecate using Ansible tests as filtersRussell Teague2017-12-141-1/+1
|
* Implement container runtime roleMichael Gugino2017-12-012-2/+4
|
* Removed old version codeMichael Gugino2017-11-141-4/+0
| | | | | | This commit removes any references to versions < 1.5/3.5 We assume the version is always greater than or equal to 1.5/3.5.
* Check for container runtime prior to restarting when updating system CA trust.Andrew Butcher2017-10-191-2/+14
|
* Separate certificate playbooks.Andrew Butcher2017-10-021-2/+1
|
* Merging openshift_node with openshift bootstrap.Kenny Woodson2017-08-291-0/+1
|
* Test docker restart with retries 3 delay 30Steve Milner2017-07-181-0/+4
|
* Remove use of local_action with delegate_to and switch 'delegate_to: ↵Andrew Butcher2017-05-161-3/+2
| | | | localhost' temporary directory cleanup actions to local_actions.
* System container dockerSteve Milner2017-05-031-1/+1
| | | | | | | | | | | | | | | This change allows for the use of either the traditional package install of docker OR a system container install of docker. Two new inventory options, openshift_docker_use_system_container and openshift_docker_systemcontainer_image_registry_override, have been added which are be used to install with a system container. By default this option is commented out. One new fact has been added: - docker.service_name: docker by default, container-engine-docker for system container
* openshift_node_certificates: add openshift_node_cert_expire_days parameter.Slava Semushin2017-03-293-0/+9
|
* Restructure certificate redeploy playbooksAndrew Butcher2017-02-022-11/+22
|
* Ensure serial certificate generation for node and master certificates.Andrew Butcher2017-01-171-10/+16
|
* Limit node certificate SAN to node hostnames/ips.Andrew Butcher2016-12-091-7/+7
|
* Refactored to use Ansible systemd moduleRussell Teague2016-11-283-3/+5
| | | | | | * Ansible systemd module used in place of service module * Refactored command tasks which are no longer necessary * Applying rules from openshift-ansible Best Practices Guide
* Reference master binaries when delegating from node hosts which may be ↵Andrew Butcher2016-11-221-2/+2
| | | | containerized.
* Switch from "oadm" to "oc adm" and fix bug in binary sync.Devan Goodwin2016-10-191-2/+2
| | | | | | | | Found bug syncing binaries to containerized hosts where if a symlink was pre-existing, but pointing to the wrong destination, it would not be corrected. Switched to using oc adm instead of oadm.
* Further secure registry improvementsAndrew Butcher2016-09-292-0/+21
| | | | | | - Default to hosted_registry_insecure=False - Add openshift ca to system ca-trust. - Update ca trust in openshift_node_certificates rather than docker_ca_trust
* Suppress more warnings.Andrew Butcher2016-09-281-0/+3
|
* Support for redeploying certificates.Andrew Butcher2016-08-111-3/+6
|
* Add options for specifying named ca certificates to be added to the ↵Andrew Butcher2016-08-011-0/+3
| | | | openshift ca bundle.
* Re-arrange master and node role dependencies.Andrew Butcher2016-07-203-1/+21
|
* Refactor openshift certificates roles.Andrew Butcher2016-07-204-35/+117
|
* Revert openshift-certificates changes.Andrew Butcher2016-05-304-110/+35
|
* Consolidate ca/master/node certificates roles into openshift_certificates.Andrew Butcher2016-05-194-35/+110
|
* Cleanup various deprecation warnings.Andrew Butcher2016-04-291-3/+3
|
* Lock down generated certs dirScott Dodson2016-03-041-0/+1
|
* Initial containerization work from @ibottyTobias Florek2015-12-151-4/+4
| | | | copied from https://github.com/eparis/kubernetes-ansible/blob/17f98edd7ff53e649b43e26822b8fbc0be42b233/roles/common/tasks/main.yml
* Atomic Enterprise related changes.Avesh Agarwal2015-08-262-5/+5
|
* Fix generation of node certificatesJason DeTiberus2015-07-221-1/+1
|
* Initial HA masterJason DeTiberus2015-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | - Ability to specify multiple masters - configures the CA only a single time on the first master - creates and distributes additional certs for additional master hosts - Depending on the status of openshift_master_cluster_defer_ha (defaults to False) one of two actions are taken when multiple masters are defined 1. If openshift_master_cluster_defer_ha is true a. Certs/configs for all masters are deployed b. openshift-master service is only started and enabled on the master c. HA configuration is expected to be handled by the user manually after the completion of the playbook run. 2. If oepnshift_master_cluster_defer_ha is false or undefined a. Certs/configs for all masters are deployed b. a Pacemaker/RHEL HA cluster is configured i. VIPs are configured based on the values of openshift_master_cluster_vip and openshift_master_cluster_plublic_vip ii. The openshift-master service is configured as an active/passive cluster service
* Playbook updates for clustered etcdJason DeTiberus2015-07-101-0/+1
| | | | | | | | | | | | | | | | | | | | | - Add support to bin/cluster for specifying etcd hosts - defaults to 0, if no etcd hosts are selected, then configures embedded etcd - Updates for the byo inventory file for etcd and master as node by default - Consolidation of cluster logic more centrally into common playbook - Added etcd config support to playbooks - Restructured byo playbooks to leverage the common openshift-cluster playbook - Added support to common master playbook to generate and apply external etcd client certs from the etcd ca - start of refactor for better handling of master certs in a multi-master environment. - added the openshift_master_ca and openshift_master_certificates roles to manage master certs instead of generating them in the openshift_master role - added etcd host groups to the cluster update playbooks - aded better handling of host groups when they are either not present or are empty. - Update AWS readme
* Etcd role updates and playbook updatesJason DeTiberus2015-07-101-1/+0
| | | | | | | | | | | | | | | | | | | | | - fix firewall conflict issues with co-located etcd and openshift hosts - added os_firewall dependency to etcd role - updated etcd template to better handle clustered and non-clustered installs - added etcd_ca role - generates a self-signed cert to manage etcd certificates, since etcd peer certificates are required to be client and server certs and the openshift ca will only generate client or server certs (not one authorized for both). - renamed openshift_etcd_certs role to etcd_certificates and updated it to manage certificates generated from the CA managed by the etcd_ca role - remove hard coded etcd_port in openshift_facts - updates for the openshift-etcd common playbook - removed etcd and openshift-etcd playbooks from the byo playbooks directory - added a common playbook for setting etcd launch facts - added an openshift-etcd common service playbook - removed unused variables - fixed tests for embedded_{etcd,dns,kube} in openshift_master - removed old workaround for reloading systemd units
* Removing unneeded delegate_to callsBrenton Leanhardt2015-06-301-1/+0
|
* Update for RC2 changesScott Dodson2015-06-164-0/+93
Remove openshift-deployer.kubeconfig from master template Sync config template Update enterprise image names Switch to node auto registration Add deployer to list of serviceAccountConfig.managedNames Move package installation before registering facts change default kubeconfig location Change system:openshift-client to system:openshift-master Rename node cert/key/kubeconfig per openshift/origin#3160 Update references to /var/lib/openshift/openshift.local.certificates
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 06:28:42 +0000