summaryrefslogtreecommitdiffstats
path: root/roles/openshift_node/tasks
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #6362 from mgugino-upstream-stage/crt-playsScott Dodson2017-12-073-16/+0
|\ | | | | Implement container_runtime playbooks and changes
| * Implement container_runtime playbooks and changesMichael Gugino2017-12-073-16/+0
| | | | | | | | | | | | This commit refactors some duplicate code, removes usage of set_fact where not needed, and reorganizes container_runtime role to use include_role.
* | Include Deprecation: Convert to include_tasksRussell Teague2017-12-061-1/+1
|/
* Fix oreg_auth_credentials_create register varMichael Gugino2017-12-051-2/+6
| | | | | | | | | | | | There is a variable collision for the *oreg_auth_credentials_create variables in openshift_master and openshift_node registry_create tasks. This commit ensures standard and alternative oreg auth credential placement tasks don't use the same register variable. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1520866
* Implement container runtime roleMichael Gugino2017-12-014-15/+8
|
* retry package operationsLuke Meyer2017-11-3011-0/+28
| | | | | | When a package install/update fails due to network blips or other spotty availability, retry it. If the failure is a real failure (e.g. package is really not there) it still fails after 3 tries (Ansible default).
* Combine openshift_node and openshift_node_dnsmasqMichael Gugino2017-11-275-2/+91
| | | | | This commit combines these two roles. This will prevent openshift_node_facts from running twice.
* Merge pull request #6198 from mgugino-upstream-stage/openvswitch-sys-containerMichael Gugino2017-11-271-2/+2
|\ | | | | Remove is_openvswitch_system_container from facts
| * Remove is_openvswitch_system_container from factsMichael Gugino2017-11-221-2/+2
| | | | | | | | Simply logic for this variable.
* | Include Deprecation - openshift-nodeRussell Teague2017-11-226-30/+27
|/
* Fix system_images_registry variableMichael Gugino2017-11-222-4/+4
| | | | Simplify the logic for this variable.
* Fix node system container varMichael Gugino2017-11-212-3/+3
| | | | Fix logic, make it simpler.
* Combine openshift_node and openshift_node_upgradeMichael Gugino2017-11-166-0/+320
| | | | | | | | | Currently, having openshift_node and openshift_node_upgrade as two distinct roles has created a duplication across handlers, templates, and some tasks. This commit combines the roles to reduce duplication and bugs encountered by not putting code in both places.
* Merge pull request #6094 from ↵OpenShift Merge Robot2017-11-151-0/+19
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mgugino-upstream-stage/syscontainers-docker-login-module Automatic merge from submit-queue. Alternative method to create docker registry auth creds Currently, the command 'docker login' is run when using oreg with authentication. On some hosts, such as hosts configured to use system containers, the docker service is not running. 'docker login' will fail without the docker service running. This commit adds a module to idempotently add credentials to the registry credentials file without the use of 'docker login' Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
| * Alternative method to create docker registry auth credsMichael Gugino2017-11-141-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the command 'docker login' is run when using oreg with authentication. On some hosts, such as hosts configured to use system containers, the docker service is not running. 'docker login' will fail without the docker service running. This commit adds a module to idempotently add credentials to the registry credentials file without the use of 'docker login' Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
* | Adding instance profile support for node groups.Kenny Woodson2017-11-132-0/+2
|/
* Adding CONFIG_FILE option back.Kenny Woodson2017-11-011-3/+3
|
* Configurable node config location.Kenny Woodson2017-11-011-3/+3
|
* Merge pull request #5924 from smarterclayton/bootstrap_cleanupOpenShift Merge Robot2017-10-311-1/+1
|\ | | | | | | | | | | | | | | | | Automatic merge from submit-queue. GCP cannot use growpart utils from AWS due to conflicting package Allow cloud provider specific packages to be specified. Also, fix a wait condition in openshift_gcp to allow masters to be bootstrapped nodes. @kwoodson
| * GCP cannot use AWS growpart packageClayton Coleman2017-10-301-1/+1
| | | | | | | | Make the required package optional
* | Add retry logic to docker auth credentialsMichael Gugino2017-10-301-0/+3
|/ | | | | | This commit enables retry on docker login commands. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1506931
* Renaming csr to bootstrap for consistency.Kenny Woodson2017-10-251-1/+1
|
* systemcontainers: Verify atomic.conf proxy is always configuredSteve Milner2017-10-192-0/+10
| | | | | | | | | | | A new openshift_atomic role has been created for atomic specific tasks. The first task added is proxy which handles updating /etc/atomic.conf to ensure the proper proxy configuration is configured. This task file is then included (via include_role) in system container related task files. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903 Signed-off-by: Steve Milner <smilner@redhat.com>
* Do not remove files for bootstrap if resolv or dns.Kenny Woodson2017-10-175-51/+102
|
* Fix containerized node service unit placement orderMichael Gugino2017-10-124-15/+3
| | | | | | | | | | | | | | Currently, non-containerized nodes have systemd service unit files created after registry auth credentials are created. Containerized nodes place service unit files prior to creation of these credentials. This commit ensures systemd service units are created at the correct time for both containerized and non-containerized nodes. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500642
* Fix broken debug_levelMichael Gugino2017-10-111-1/+1
| | | | | | | | | | | | | | | | | | | | Currently, debug_level is documented as a way to change the debug output level for both masters and nodes. debug_level does not currently have any effect. This commit removes debug_level from openshift_facts and properly sets openshift_master_debug_level and openshift_node_debug_level to the value of debug_level specified in the inventory. This commit also reorganizes some set_fact tasks needed during master upgrades to put all work-around set-facts for undefined variables in one place, allowing for easier cleanup in the future. This includes an entry for openshift_master_debug_level. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500164
* Separate tuned daemon setup into a role.Jiri Mencak2017-10-102-45/+0
| | | | | | | | | | | | | | Currently, profiles for the tuned daemon are set only for OpenShift node(s). This excludes the OpenShift loadbalancer. As a result, ARP cache limits on loadbalancers are not raised. This causes problems with HA setups where loadbalancers serve 1k+ OpenShift nodes. This commit ensures the openshift-control-plane role is applied to loadbalancers, masters and OpenShift infra nodes. Regular OpenShift worker nodes get the openshift-node profile. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1498213
* Move node aws credentials to config.ymlMichael Gugino2017-10-022-16/+16
| | | | | | | | | | Currently, the node service is started before aws credentials (if needed) are configured. This commit ensures the aws credentials are placed before the node service is started. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1497150
* Merge pull request #5599 from ashcrow/node-start-fixOpenShift Merge Robot2017-10-011-0/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. openshift_node: Set DOCKER_SERVICE for system container The node system container was being installed with the ```DOCKER_SERVICE``` holding to it's ```manifest.json``` default of docker.service. This chage adds the ```DOCKER_SERVICE``` parameter on node system container install so that it uses the same value from the installer stored in ```openshift.docker.service_name```. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1496707
| * openshift_node: Add MASTER_SERVICE on system container installSteve Milner2017-09-291-0/+1
| | | | | | | | | | | | Setting the MASTER_SERVICE to openshift.common.service_type. Signed-off-by: Steve Milner <smilner@redhat.com>
| * openshift_node: Set DOCKER_SERVICE for system containerSteve Milner2017-09-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | The node system container was being installed with the DOCKER_SERVICE holding to it's manifest.json default of docker.service. This change adds the DOCKER_SERVICE parameter on node system container install so that it uses the same value from the installer stored in openshift.docker.service_name. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1496707 Signed-off-by: Steve Milner <smilner@redhat.com>
* | Fix registry auth variableMichael Gugino2017-09-291-1/+1
|/ | | | | | | | There is currently a bug in registry auth credential creation logic for openshift_node and openshift_node_upgrade This commit fixes the logic.
* Fix registry_auth logic for upgradesMichael Gugino2017-09-221-10/+9
| | | | | | | | | | | | | | | Currently, the logic for registry authentication is not implemented correctly to account for upgrades of containerized hosts. Additionally, the logic to account for multiple runs of openshift-ansible might cause registry authentication credentials to not be mounted inside of containerized hosts. This commit adds the necessary logic to ensure containerized hosts retain registry credentials. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1494470
* Merge pull request #5429 from giuseppe/node-specify-dns-domainOpenShift Merge Robot2017-09-211-0/+2
|\ | | | | | | | | Automatic merge from submit-queue node: specify the DNS domain
| * node: specify the DNS domainGiuseppe Scrivano2017-09-201-0/+2
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Cleanup old deployment typesMichael Gugino2017-09-201-1/+2
|/ | | | | | | | | | | Previously, openshift-ansible supported various types of deployments using the variable "openshift_deployment_type" Currently, openshift-ansible only supports two deployment types, "origin" and "openshift-enterprise". This commit removes all logic and references to deprecated deployment types.
* Fix registry auth task orderingMichael Gugino2017-09-181-2/+2
| | | | | | | | | | | | | | Currently, registry authentication credentials are not produced until after docker systemd service files are created. This commit ensures the credentials are created before the systemd service files to ensure the proper boolean is set to include the read-only mount of credentials inside containerized nodes and masters. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* Merge pull request #5334 from juanluisvaladas/move-sysctlOpenShift Merge Robot2017-09-161-8/+5
|\ | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Move sysctl.conf customizations to a separate file Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf This is a good idea becuase: 1- /etc/sysctl.conf is evaluated later, so it can easily be overwritten by previous customizations 2- It's likely that there is an agent like puppet monitoring this file 3- It's easier to know what's being changed by OpenShift
| * Move sysctl.conf customizations to a separate fileJuan Luis de Sousa-Valadas Castaño2017-09-081-8/+5
| | | | | | | | Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf
* | Setup tuned after the node has been restarted.Jiri Mencak2017-09-141-4/+4
| |
* | Merge pull request #5370 from jmencak/tuned-openshift-ansible-bad_merge-fixOpenShift Bot2017-09-132-14/+4
|\ \ | | | | | | Merged by openshift-bot
| * | Re-enabling new tuned profile hierarchy (PR5089)Jiri Mencak2017-09-122-14/+4
| | |
* | | Fix: authenticated registry support for containerized hostsMichael Gugino2017-09-112-14/+26
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, openshift-anisble supports authentication to container registries to pull down openshift container images. The openshift_verison role uses the docker cli to gather image information from container registries before authentication credentials are provided by openshift-ansible. This commit creates the necessary token to authenticate to private registries during openshift_version. The token is generated by the role 'docker' on all hosts where docker is installed/configured when oreg_auth_users is defined. This commit also adds a read-only mount into the openshift master and node container services. This mount is '/var/lib/origin/.docker:/root/.docker:ro'. This is because the container images do not currently read the values in '/var/lib/origin/.docker' as this may be a bug upstream. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* | Consolidating AWS roles and variables underneath openshift_aws role.Kenny Woodson2017-09-072-11/+29
| |
* | Remove openshift-commonMichael Gugino2017-09-064-5/+5
| | | | | | | | | | | | | | | | | | Most of this role's purpose was to set facts. The vast majority of these facts were simply redefining user-supplied variables. This commit also removes various artifacts leftover from previous versions, as well as variables that seem to be entirely unused.
* | Merge pull request #5230 from kwoodson/openshift_node_bootstrapOpenShift Bot2017-08-305-187/+232
|\ \ | | | | | | Merged by openshift-bot
| * | Merging openshift_node with openshift bootstrap.Kenny Woodson2017-08-295-188/+233
| | |
* | | Merge pull request #5128 from mgugino-upstream-stage/reg-authScott Dodson2017-08-291-0/+15
|\ \ \ | | | | | | | | Add independent registry auth support
| * | | Add independent registry auth supportMichael Gugino2017-08-281-0/+15
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added the ability to support authentication for independent / 3rd party registries. This commit will allow users to provide a `oreg_auth_user` and `oreg_auth_password` to dynmically generate a docker config.json file. The docker config.json file can be used by openshift to authenticate to independent / 3rd party registries. `oreg_host` must supply endpoint connection info in the form of 'hostname.com:port', with (optional) port 443 default. To update the config.json on a later run, the user can specify `oreg_auth_credentials_replace=False` to update the credentials. These settings must be used in tandem with `oreg_url` Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* | | Merge pull request #5214 from giuseppe/rename_crio_variableScott Dodson2017-08-292-3/+3
|\ \ \ | |/ / |/| | crio: rename openshift_docker_use_crio to openshift_use_crio
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-20 00:18:22 +0000