| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Since new certificates are generated for every run, the apiservice
caBundle needs updating in order to have the on disk CA match what is in
Kubernetes.
Because the secrets are updated, the daemonset needs to do a rolling
update for the api server to pick up the new certs. Implemented here is
an added annotation to the api server such that the update occurs
automatically when the CA is changed.
|
|\
| |
| |
| |
| | |
mgugino-upstream-stage/node-reduce-package-commands
Install node packages in one task instead of 3
|
| |
| |
| |
| |
| | |
This commit reduces the number of package tasks
from 3 to 1.
|
|\ \
| | |
| | | |
Remove become statements
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
After remove become:no statements on local_action tasks,
we need to ensure that the proper file permssions are
applied to local temp directories.
This reason for this is that the 'fetch' module
does not use 'become' for the localhost, just the remote
host.
Additionally, users may not wish for the localhost to
become during a fetch. local_action will execute with
whatever permissions are specified in inventory or via
cli.
|
| | |
| | |
| | |
| | |
| | | |
This commit removes become:no statements that break
the installer in various ways.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Limit host group scope on control-plane upgrades
This commit limits common init code to exclude
oo_nodes_to_config during upgrade_control_plane runs.
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit changes how we handle openshift_version role.
Most of the version initialization code is only run
on the first master now. All other hosts have values
set from the master.
Aftwards, we run some basic RPM queries to ensure
that the correct version is available on the other nodes.
Containerized needs to do their own image checks elsewhere.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Adding logic to do a full cluster restart if we are incrementing our …
…major versions of ES
This will help with the upgrade from 2.x to 5.x for ES, it also fixes something I came across with the handler on 3.7 where it checks the prior deployed version of the ES pod rather than the new one.
|
| | | |
| | | |
| | | |
| | | | |
full restart
|
| | | |
| | | |
| | | |
| | | | |
versions of ES
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue.
Add iptables rules for flannel
[WIP] When using flannel there are iptables rules that need
to be added as stated here:
https://access.redhat.com/documentation/en-us/reference_architectures/2017/html-single/deploying_red_hat_openshift_container_platform_3.4_on_red_hat_openstack_platform_10/#run_ansible_installer
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1493955
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
[WIP] When using flannel there are iptables rules that need
to be added as stated here:
https://access.redhat.com/documentation/en-us/reference_architectures/2017/html-single/deploying_red_hat_openshift_container_platform_3.4_on_red_hat_openstack_platform_10/#run_ansible_installer
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1493955
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
ensure containerized bools are cast
|
| | | | | | |
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
container-engine: move registry_auth.yml before pull
so that the atomic pull takes into account the credentials if
required.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
so that the atomic pull takes into account the credentials if
required.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
vrutkovs/containerized_upgrade_set_openshift_use_openshift_sdn
Automatic merge from submit-queue.
upgrades: use openshift_node_use_openshift_sdn when trying to pre-pull the image
This affects 3.8/3.9 upgrades for containerized hosts, if nodes are separate from master.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Vadim Rutkovsky <vrutkovs@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
docker storage setup for ami building
|
| | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
add host to g_new_node_hosts so that plays run against the AMI instance
update example vars so that overlay2 is used by default for docker storage
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Fix: change import_role to include_role
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
It appears that when one role dynamically imports
another, usage of import_role inside the dynamically
included role is not possible.
If something is included with include_role (dynamic),
all tasks therein must also use include_role (dynamic).
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
Properly cast crio boolean variables to bool
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Variables that are specifically booleans should be
cast to bool. This is because users may sometimes
pass them as string values. This is particularly
prevalent when using ini-style inventories.
Affected-by: https://github.com/ansible/ansible/issues/34591
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1531592
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Automatic merge from submit-queue.
Remove last of openshift_node role meta-depends
Remove last non-taskless meta-depends from
openshift_node role.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Remove last non-taskless meta-depends from
openshift_node role.
Remove variable 'openshift_node_upgrade_in_progress' as
it is no longer used.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Adding ability to update ami drive size.
|
| |/ / / / / / |
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Automatic merge from submit-queue.
Don't overwrite node's systemd units for containerized install
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1527849
Perphaps this block should be removed, unless I'm missing some other case for it,
as systemd units are being updated in ../systemd_units.yml.
|
| | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Systemd units are being updated in ../systemd_units.yml
Signed-off-by: Vadim Rutkovsky <vrutkovs@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Switch back to dynamic include_role in logging loops
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
We'd switched to import_role to avoid increased memory consumption but
we must use include_role whenever we loop.
|
|\ \ \ \ \ \ \
| |_|_|_|/ / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Automatic merge from submit-queue.
Add more testcases for oc_scale module
* Fixed docstrings for tests
* Added tests to verify scale up/down, 'present' state, non-existant state and Replication Controller kind
|
| | | | | | | |
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Automatic merge from submit-queue.
Contiv multi-master and other fixes
Contiv's etcd was not being deployed correctly when using more than
one master. To make it easier to manage, it has been moved into a
k8s container.
The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error. This has been moved into
a k8s container for easier management.
The firewall was too permissive on several ports. Many were open to
the world when they should have only been accessible inside the
cluster.
Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role. Now all the
contiv specific role variables start with 'contiv_'.
The api proxy's default self-signed certificate was bundled with the
role. This means someone with read-only MITM access and this key
could decrypt traffic. Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Contiv's etcd was not being deployed correctly when using more than
one master. To make it easier to manage, it has been moved into a
k8s container.
The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error. This has been moved into
a k8s container for easier management.
The firewall was too permissive on several ports. Many were open to
the world when they should have only been accessible inside the
cluster.
Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role. Now all the
contiv specific role variables start with 'contiv_'.
The api proxy's default self-signed certificate was bundled with the
role. This means someone with read-only MITM access and this key
could decrypt traffic. Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
Add missing dependency on openshift_facts
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Install web console server
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Automatic merge from submit-queue.
Remove become=no from etcd cert tasks
etcd runs some actions locally to copy certs from the
CA cert host.
We shouldn't hard-code become behavior as it can be
unexpected for the end user.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
etcd runs some actions locally to copy certs from the
CA cert host. This commit ensures that we respect
the end user's intended behavior with become
when using 'anisble_become' in the inventory.
Other roles with similar tasks have been modified
in the same manner.
We shouldn't hard-code become behavior as it can be
unexpected for the end user.
This only currently works in the CI because the CI
passes the '-b' argument on the command line, which
will override the task behavior.
|
| | |_|_|/ / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This commit ensures that oreg_url is properly templated
by ansible before being consumed in the logic.
This commit also adds a method to the base health check
class to detect if self._templar is none, and return
the appropriate templated/untemplated version of the
variable. This is mostly for unit tests.
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Add origin- prefix to ASB image
|