| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue
Add `openshift_node_open_ports` to allow arbitrary firewall exposure
It should be possible for an admin to define an arbitrary set of ports
to be exposed on each node that will relate to the cluster function.
This adds a new global variable for the node that supports
Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>})
which is the same format accepted by the firewall role.
@sdodson as discussed, open to alternatives. I used this from origin-gce with
openshift_node_open_ports:
- service: Router stats
port: 1936/tcp
- service: Open node ports
port: 9000-10000/tcp
- service: Open node ports
port: 9000-10000/udp
Which then allows me to set firewall rules appropriately.
Alternatives considered:
* Simpler external format (have to parse inputs)
* Additional parameter to role - felt ugly
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It should be possible for an admin to define an arbitrary set of ports
to be exposed on each node that will relate to the cluster function.
This adds a new global variable for the node that supports
Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>})
which is the same format accepted by the firewall role.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue
Only attempt to start iptables on hosts in the current batch
If os_firewall role is called from within a play that uses serial then
it was attempting to start iptables on hosts that may not have had
iptables installed on them yet. So limit the hosts to the current batch.
According to the ansible docs on plays where serial is unused this is
the same as ansible_play_hosts.
See http://docs.ansible.com/ansible/latest/playbooks_variables.html
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If os_firewall role is called from within a play that uses serial then
it was attempting to start iptables on hosts that may not have had
iptables installed on them yet. So limit the hosts to the current batch.
According to the ansible docs on plays where serial is unused this is
the same as ansible_play_hosts.
See http://docs.ansible.com/ansible/latest/playbooks_variables.html
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
|
|\ \ \
| | | |
| | | | |
No conversion to boolean and no quoting for include_granted_scopes.
|
| | | | |
|
|\ \ \ \
| |/ / /
|/| | | |
1491657 Correct firewall install for openshift-nfs
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
add retries on repoquery
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Add loadbalancer config entry point
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
inventory: Update versions to 3.7
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Updated the versions in inventory to point to 3.7 by default since 3.6
has already been released.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1491592
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Clarify requirement of having etcd group
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Setup tuned after the node has been restarted.
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Use openshift.common.ip rather than ansible_default_ipv4 in etcd migration playbook.
|
| | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | | |
playbook.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Bug 1490304: Etcd scale-up playbook should add new member to etcdClientInfo of master-config.yaml
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Merged by openshift-bot
|
| | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Don't assume storage_migration control variables are already boolean
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
openshift_upgrade_pre_storage_migration_enabled
openshift_upgrade_pre_storage_migration_fatal
openshift_upgrade_post_storage_migration_enabled
openshift_upgrade_post_storage_migration_enabled
because the 4 variables are not already defaulted/evaluated there's no
guarantee that they're actually the boolean type at this point.
Example: if they're passed in on the command line
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
Merge inventory-generator with origin-ansible image
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|/ / / / /
|/| | | | | | | | | | |
Scaffold out the entire build defaults hash
|
| | |_|_|_|_|_|/ / /
| |/| | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Some functions called later may expect sub-keys to exist which will
not with the current default empty-dict.
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
Add IMAGE_VERSION to the image stream tag source
|
| | |/ / / / / / / /
| |/| | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
GlusterFS: Correct firewall port names
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
|\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
GlusterFS: Various fixes
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
|\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Merged by openshift-bot
|
| | |_|_|_|_|/ / / / / /
| |/| | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
fixes bug 1487548
https://bugzilla.redhat.com/show_bug.cgi?id=1487548
|
|\ \ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|_|_|_|/ /
|/| | | | | | | | | | | |
Merged by openshift-bot
|
| | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Removing setting of pod presets
|
| | | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \ \
| |/ / / / / / / / / / / /
|/| | | | | | | | | | | | |
Merged by openshift-bot
|
| | |_|_|_|/ / / / / / /
| |/| | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Currently, openshift-anisble supports authentication to
container registries to pull down openshift container images.
The openshift_verison role uses the docker cli to gather
image information from container registries before authentication
credentials are provided by openshift-ansible.
This commit creates the necessary token to authenticate to
private registries during openshift_version. The token
is generated by the role 'docker' on all hosts where
docker is installed/configured when oreg_auth_users
is defined.
This commit also adds a read-only mount into the
openshift master and node container services. This
mount is '/var/lib/origin/.docker:/root/.docker:ro'.
This is because the container images do not currently
read the values in '/var/lib/origin/.docker' as this
may be a bug upstream.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|