summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #5345 from smarterclayton/firewallOpenShift Merge Robot2017-09-151-1/+3
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Add `openshift_node_open_ports` to allow arbitrary firewall exposure It should be possible for an admin to define an arbitrary set of ports to be exposed on each node that will relate to the cluster function. This adds a new global variable for the node that supports Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>}) which is the same format accepted by the firewall role. @sdodson as discussed, open to alternatives. I used this from origin-gce with openshift_node_open_ports: - service: Router stats port: 1936/tcp - service: Open node ports port: 9000-10000/tcp - service: Open node ports port: 9000-10000/udp Which then allows me to set firewall rules appropriately. Alternatives considered: * Simpler external format (have to parse inputs) * Additional parameter to role - felt ugly
| * Add `openshift_node_open_ports` to allow arbitrary firewall exposureClayton Coleman2017-09-111-1/+3
| | | | | | | | | | | | | | | | | | | | It should be possible for an admin to define an arbitrary set of ports to be exposed on each node that will relate to the cluster function. This adds a new global variable for the node that supports Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>}) which is the same format accepted by the firewall role.
* | Merge pull request #5407 from sdodson/bz1490739OpenShift Merge Robot2017-09-151-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Only attempt to start iptables on hosts in the current batch If os_firewall role is called from within a play that uses serial then it was attempting to start iptables on hosts that may not have had iptables installed on them yet. So limit the hosts to the current batch. According to the ansible docs on plays where serial is unused this is the same as ansible_play_hosts. See http://docs.ansible.com/ansible/latest/playbooks_variables.html Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
| * | Only attempt to start iptables on hosts in the current batchScott Dodson2017-09-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If os_firewall role is called from within a play that uses serial then it was attempting to start iptables on hosts that may not have had iptables installed on them yet. So limit the hosts to the current batch. According to the ansible docs on plays where serial is unused this is the same as ansible_play_hosts. See http://docs.ansible.com/ansible/latest/playbooks_variables.html Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
* | | Merge pull request #5427 from adelton/issue-2454-2Scott Dodson2017-09-151-5/+0
|\ \ \ | | | | | | | | No conversion to boolean and no quoting for include_granted_scopes.
| * | | No conversion to boolean and no quoting for include_granted_scopes.Jan Pazdziora2017-09-151-5/+0
| | | |
* | | | Merge pull request #5425 from mtnbikenc/fix-openshift-nfsScott Dodson2017-09-152-1/+7
|\ \ \ \ | |/ / / |/| | | 1491657 Correct firewall install for openshift-nfs
| * | | Correct firewall install for openshift-nfsRussell Teague2017-09-152-1/+7
|/ / /
* | | Merge pull request #5401 from sosiouxme/20170913-retries-subsetLuke Meyer2017-09-145-12/+27
|\ \ \ | | | | | | | | add retries on repoquery
| * | | add retry on repoquery_cmdLuke Meyer2017-09-132-1/+3
| | | |
| * | | add retries to repoquery moduleLuke Meyer2017-09-134-12/+25
| | | |
* | | | Merge pull request #5382 from mtnbikenc/add-lb-configScott Dodson2017-09-141-0/+6
|\ \ \ \ | | | | | | | | | | Add loadbalancer config entry point
| * | | | Add loadbalancer config entry pointRussell Teague2017-09-131-0/+6
| | | | |
* | | | | Merge pull request #5420 from ashcrow/update-versions-in-masterScott Dodson2017-09-142-10/+10
|\ \ \ \ \ | | | | | | | | | | | | inventory: Update versions to 3.7
| * | | | | inventory: Update versions to 3.7Steve Milner2017-09-142-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updated the versions in inventory to point to 3.7 by default since 3.6 has already been released. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1491592 Signed-off-by: Steve Milner <smilner@redhat.com>
* | | | | | Merge pull request #5360 from sdodson/embedded-etcdScott Dodson2017-09-141-4/+7
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Clarify requirement of having etcd group
| * | | | | Clarify requirement of having etcd groupScott Dodson2017-09-111-4/+7
| | | | | |
* | | | | | Merge pull request #5410 from jmencak/tuned-after-node-restartScott Dodson2017-09-141-4/+4
|\ \ \ \ \ \ | | | | | | | | | | | | | | Setup tuned after the node has been restarted.
| * | | | | | Setup tuned after the node has been restarted.Jiri Mencak2017-09-141-4/+4
| | | | | | |
* | | | | | | Merge pull request #5396 from abutcher/etcd-migrate-openshift-ipScott Dodson2017-09-141-3/+3
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Use openshift.common.ip rather than ansible_default_ipv4 in etcd migration playbook.
| * | | | | | | Use openshift.common.ip rather than ansible_default_ipv4 in etcd migration ↵Andrew Butcher2017-09-131-3/+3
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | playbook.
* | | | | | | Merge pull request #5367 from abutcher/etcd-scaleup-master-client-urlsScott Dodson2017-09-142-0/+27
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Bug 1490304: Etcd scale-up playbook should add new member to etcdClientInfo of master-config.yaml
| * | | | | | | Update master config with new client urls during etcd scaleup.Andrew Butcher2017-09-122-0/+27
| | | | | | | |
* | | | | | | | Merge pull request #5381 from ewolinetz/37_bz1487648_OpenShift Bot2017-09-141-0/+3
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Merged by openshift-bot
| * | | | | | | | Adding mangagement-admin SC to admin role for management-infra projectEric Wolinetz2017-09-121-0/+3
| | | | | | | | |
* | | | | | | | | Merge pull request #5389 from tremble/storage_migrationScott Dodson2017-09-141-9/+9
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Don't assume storage_migration control variables are already boolean
| * | | | | | | | | Don't assume storage_migration control variables are already booleanMark Chappell2017-09-131-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | openshift_upgrade_pre_storage_migration_enabled openshift_upgrade_pre_storage_migration_fatal openshift_upgrade_post_storage_migration_enabled openshift_upgrade_post_storage_migration_enabled because the 4 variables are not already defaulted/evaluated there's no guarantee that they're actually the boolean type at this point. Example: if they're passed in on the command line
* | | | | | | | | | Merge pull request #5043 from juanvallejo/jvallejo/add-inventory-generator-imageScott Dodson2017-09-144-1/+506
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | Merge inventory-generator with origin-ansible image
| * | | | | | | | | | inventory generate: fix config docLuke Meyer2017-09-131-2/+2
| | | | | | | | | | |
| * | | | | | | | | | inventory generate: remove refs to openshift_cluster_userLuke Meyer2017-09-133-13/+4
| | | | | | | | | | |
| * | | | | | | | | | inventory generate: always use kubeconfig, no loginLuke Meyer2017-09-131-10/+2
| | | | | | | | | | |
| * | | | | | | | | | add inventory-generator under new sub pkgjuanvallejo2017-09-124-1/+523
| | | | | | | | | | |
* | | | | | | | | | | Merge pull request #5399 from tbielawa/masterScott Dodson2017-09-141-2/+4
|\ \ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / / / / |/| | | | | | | | | | Scaffold out the entire build defaults hash
| * | | | | | | | | | Scaffold out the entire build defaults hashTim Bielawa2017-09-131-2/+4
| | |_|_|_|_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some functions called later may expect sub-keys to exist which will not with the current default empty-dict.
* | | | | | | | | | Merge pull request #5395 from sdodson/bz1480442Scott Dodson2017-09-1310-10/+10
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | Add IMAGE_VERSION to the image stream tag source
| * | | | | | | | | | Add IMAGE_VERSION to the image stream tag sourceScott Dodson2017-09-1310-10/+10
| | |/ / / / / / / / | |/| | | | | | | |
* | | | | | | | | | Merge pull request #5151 from jarrpa/gluster-portsScott Dodson2017-09-131-2/+2
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | GlusterFS: Correct firewall port names
| * | | | | | | | | | GlusterFS: Correct firewall port namesJose A. Rivera2017-08-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* | | | | | | | | | | Merge pull request #5315 from jarrpa/glusterfs-fixes-3.7Scott Dodson2017-09-1315-2/+563
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | GlusterFS: Various fixes
| * | | | | | | | | | | GlusterFS: Allow option to use or ignore default node selectorsJose A. Rivera2017-09-065-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
| * | | | | | | | | | | GlusterFS: Clarify heketi URL documentationJose A. Rivera2017-09-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
| * | | | | | | | | | | GlusterFS: Add files/templates for v3.7Jose A. Rivera2017-09-0610-0/+555
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* | | | | | | | | | | | Merge pull request #5394 from sosiouxme/20170912-health-role-bz1487548OpenShift Bot2017-09-131-0/+1
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | Merged by openshift-bot
| * | | | | | | | | | | | openshift-checks: add role symlinkLuke Meyer2017-09-121-0/+1
| | |_|_|_|_|/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fixes bug 1487548 https://bugzilla.redhat.com/show_bug.cgi?id=1487548
* | | | | | | | | | | | Merge pull request #5370 from jmencak/tuned-openshift-ansible-bad_merge-fixOpenShift Bot2017-09-132-14/+4
|\ \ \ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|_|_|_|/ / |/| | | | | | | | | | | Merged by openshift-bot
| * | | | | | | | | | | Re-enabling new tuned profile hierarchy (PR5089)Jiri Mencak2017-09-122-14/+4
| | | | | | | | | | | |
* | | | | | | | | | | | Merge pull request #5405 from ewolinetz/issue_5403Scott Dodson2017-09-131-1/+0
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | Removing setting of pod presets
| * | | | | | | | | | | | Removing setting of pod presetsEric Wolinetz2017-09-131-1/+0
| | | | | | | | | | | | |
* | | | | | | | | | | | | Merge pull request #5359 from mgugino-upstream-stage/version-docker-auth-configOpenShift Bot2017-09-1311-34/+111
|\ \ \ \ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / / / / |/| | | | | | | | | | | | Merged by openshift-bot
| * | | | | | | | | | | | Fix: authenticated registry support for containerized hostsMichael Gugino2017-09-1111-34/+111
| | |_|_|_|/ / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, openshift-anisble supports authentication to container registries to pull down openshift container images. The openshift_verison role uses the docker cli to gather image information from container registries before authentication credentials are provided by openshift-ansible. This commit creates the necessary token to authenticate to private registries during openshift_version. The token is generated by the role 'docker' on all hosts where docker is installed/configured when oreg_auth_users is defined. This commit also adds a read-only mount into the openshift master and node container services. This mount is '/var/lib/origin/.docker:/root/.docker:ro'. This is because the container images do not currently read the values in '/var/lib/origin/.docker' as this may be a bug upstream. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341