summaryrefslogtreecommitdiffstats
path: root/roles/openshift_node
Commit message (Collapse)AuthorAgeFilesLines
* node/sdn: make /var/lib/cni persistent to ensure IPAM allocations stick ↵Dan Williams2017-03-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | around across node restart With the move to a CNI plugin, docker no longer handles IPAM, but CNI does through openshift-sdn's usage of the 'host-local' CNI IPAM plugin. That plugin stores IPAM allocations under /var/lib/cni/. If the node container gets restarted, without presreving /var/lib/cni, the IPs currently allocated to running pods get lost and on restart, openshift-sdn may allocate those IPs to new pods causing duplicate allocations. This never happened with docker because it has its own persistent IPAM store that does not get removed when docker restarts. Also because (historically) when docker restarted, all the containers died and the IP allocations were released by the daemon. Fix this by ensuring that IPAM allocations (which are tied to the life of the pod, *not* the life of the openshift-node process) persist even if the openshift-node process restarts. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1427789
* Merge pull request #3393 from srampal/contivScott Dodson2017-03-011-1/+1
|\ | | | | Pull request for Contiv Ansible code integration into Openshift Ansible
| * Combined (squashed) commit for all changes related to adding Contiv support ↵Sanjeev Rampal2017-02-271-1/+1
| | | | | | | | into Openshift Ansible. This is the first (beta) release of Contiv with Openshift and is only supported for Openshift Origin + Bare metal deployments at the time of this commit. Please refer to the Openshift and Contiv official documentation for details of the level of support for different features and modes of operation.
* | node: use the new oc_atomic_container moduleGiuseppe Scrivano2017-02-283-60/+18
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3332 from giuseppe/system-containers-haGiuseppe Scrivano2017-02-153-8/+12
|\ | | | | system containers: add support for HA deployments
| * node, vars/main.yml: define l_is_ha and l_is_same_versionGiuseppe Scrivano2017-02-143-10/+10
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * node: simplify when conditionalsGiuseppe Scrivano2017-02-101-2/+5
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * openvswitch: simplify when conditionalsGiuseppe Scrivano2017-02-101-4/+5
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3305 from giuseppe/conntrack-toolsScott Dodson2017-02-101-0/+6
|\ \ | |/ |/| node: ensure conntrack-tools is installed
| * node: ensure conntrack-tools is installedGiuseppe Scrivano2017-02-091-0/+6
| | | | | | | | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1420182 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | node: refactor Docker container tasks in a blockGiuseppe Scrivano2017-02-101-25/+25
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | system-containers: implement idempotent updateGiuseppe Scrivano2017-02-102-5/+37
| | | | | | | | | | | | | | | | Upstream version has "atomic containers update ..." but the RHEL version is still using "atomic update --container" so stick with this for now. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | atomic-openshift: install as a system containerGiuseppe Scrivano2017-02-104-5/+61
|/ | | | | | | | | | | | | | | Use use_system_containers=true in the inventory file alternatively you can select each component as: use_openvswitch_system_container=true use_node_system_container=true use_master_system_container=true system_images_registry holds the registry from where to fetch system containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Comma separate no_proxy host list in openshift_facts so that it appears as a ↵Andrew Butcher2017-01-251-1/+1
| | | | string everywhere it is used.
* Reorder node dnsmasq dependency s.t. networkmanager is restarted after ↵Andrew Butcher2017-01-201-2/+2
| | | | firewall changes have been applied.
* kubelet must have rw to cgroups for pod/qos cgroups to functionDerek Carr2017-01-181-1/+1
|
* Merge pull request #3096 from abutcher/node_portsScott Dodson2017-01-161-1/+10
|\ | | | | Support openshift_node_port_range for configuring service NodePorts
| * Support openshift_node_port_range for configuring service NodePortsClayton Coleman2017-01-101-1/+10
| | | | | | | | | | | | | | | | | | Sets the appropriate config field if openshift_node_port_range is set and also configures filewalls on each node. firewalld already supports port ranges like "30000-32000", while iptables needs that value converted to the correct "30000:32000" form for use with `--dport`. If not set, no node ports are opened.
* | Add a fact to select --evacuate or --drain based on your OCP versionTim Bielawa2017-01-111-0/+2
|/ | | | Closes #3070
* Move role dependencies out of playbooks for openshift_master, openshift_node ↵Andrew Butcher2017-01-091-1/+23
| | | | and openshift_hosted.
* Deprecate node 'evacuation' with 'drain'Tim Bielawa2016-12-161-1/+1
| | | | * https://trello.com/c/TeaEB9fX/307-3-deprecate-node-evacuation
* YAML LintingRussell Teague2016-12-121-12/+13
| | | | | * Added checks to make ci for yaml linting * Modified y(a)ml files to pass lint checks
* Merge pull request #2937 from dgoodwin/upgrade-prepullScott Dodson2016-12-082-14/+14
|\ | | | | Pre-pull master/node/ovs images during upgrade.
| * Pre-pull master/node/ovs images during upgrade.Devan Goodwin2016-12-072-14/+14
| | | | | | | | | | | | | | | | We did this for install but not upgrade, leading to situations where the service restarts after upgrade could take much longer than expected as docker pulls down the new image. Now the images are present when we restart services and should allow them to come back online much more quickly, equivalent to rpm service restarts.
* | Silence warnings when using rpm directlyDag Wieers2016-12-081-0/+2
|/
* Cleanup ovs file and restart docker on every upgrade.Devan Goodwin2016-11-301-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | In 3.3 one of our services lays down a systemd drop-in for configuring Docker networking to use lbr0. In 3.4, this has been changed but the file must be cleaned up manually by us. However, after removing the file docker requires a restart. This had big implications particularly in containerized environments where upgrade is a very fragile series of upgrading and service restarts. To avoid double docker restarts, and thus double service restarts in containerized environments, this change does the following: - Skip restart during docker upgrade, if it is required. We will restart on our own later. - Skip containerized service restarts when we upgrade the services themselves. - Clean shutdown of all containerized services. - Restart Docker. (always, previously this only happened if it needed an upgrade) - Ensure all containerized services are restarted. - Restart rpm node services. (always) - Mark node schedulable again. At the end of this process, docker0 should be back on the system.
* Refactored to use Ansible systemd moduleRussell Teague2016-11-283-35/+46
| | | | | | * Ansible systemd module used in place of service module * Refactored command tasks which are no longer necessary * Applying rules from openshift-ansible Best Practices Guide
* Merge pull request #2818 from mtnbikenc/package-refactorScott Dodson2016-11-215-7/+11
|\ | | | | Refactor to use Ansible package module
| * Refactor to use Ansible package moduleRussell Teague2016-11-175-7/+11
| | | | | | | | | | The Ansible package module will call the correct package manager for the underlying OS.
* | Only run tuned-adm if tuned exists.Dusty Mabe2016-11-211-1/+7
|/ | | | | | Fedora Atomic Host does not have tuned installed. Fixes #2809
* Merge pull request #2636 from enlinxu/masterAndrew Butcher2016-11-161-0/+5
|\ | | | | Support 3rd party scheduler
| * support 3rd party schedulerenlinxu2016-10-201-0/+5
| |
* | Merge pull request #2763 from yfauser/byo_cni_plugin_fixesAndrew Butcher2016-11-161-1/+1
|\ \ | | | | | | [#2698] Change to allow cni deployments without openshift SDN
| * | Change to allow cni deployments without openshift SDNyfauser2016-11-081-1/+1
| | | | | | | | | | | | | | | | | | | | | The roles/openshift_facts main task did not pass the cni plugin variable to the later role playbooks. The master.yaml and node.yaml templates did not allow for a cni configuration without either installing openshift sdn or nuage. This change will allow to use os_sdn_network_plugin_name=cni and set openshift_use_openshift_sdn=false for deployments that use a cni plugin that doesn't need and want openshift sdn to be installed
* | | Revert "Revert openshift.node.nodename changes"Scott Dodson2016-11-081-1/+1
|/ /
* | Revert "Fix OpenStack cloud provider"Scott Dodson2016-11-071-1/+1
| | | | | | | | This reverts commit 1f2276fff1e41c1d9440ee8b589042ee249b95d7.
* | set AWS creds task with no_logsSally O'Malley2016-11-071-0/+1
| |
* | Deploy an OOM systemd override for openvswitch.Devan Goodwin2016-11-022-2/+20
| | | | | | | | | | | | At recommendation of network team, more details in: https://bugzilla.redhat.com/show_bug.cgi?id=1331590
* | Add node-labels to kubeletArgumentsTim Bielawa2016-10-201-0/+4
|/ | | | * Node labels are parsed from openshift_node_labels if they exist
* Get rid of openshift_node_config_file entirelyScott Dodson2016-10-173-5/+2
|
* Build full node config path in systemd_units tasks.Andrew Butcher2016-10-171-1/+1
|
* Merge pull request #2586 from cgwalters/seboolean-handle-aliasesScott Dodson2016-10-132-19/+15
|\ | | | | nfs: Handle seboolean aliases not just in Fedora
| * nfs: Handle seboolean aliases not just in FedoraColin Walters2016-10-122-19/+15
| | | | | | | | | | | | | | | | | | | | | | | | I'm testing with a bleeding edge RHEL Atomic Host, and it looks like we pulled in a new version of selinux-policy that has `virt_sandbox_use_nfs` aliased to `virt_use_nfs`. In https://github.com/openshift/openshift-ansible/pull/2356 Adam changed this to check for Fedora. This changes things to drop the distribution check, and instead parse the `getsebool` output to determine whether or not the boolean is an alias, and should hence work on all distributions/versions.
* | Merge branch 'master' of github.com:openshift/openshift-ansible into ↵Justin Cook2016-10-111-11/+3
|\ \ | |/ | | | | variable_with_no_default_2576
| * Improve how we handle containerized node failure on first startupScott Dodson2016-10-101-11/+3
| |
* | set defaults for debug_level in template and taskJustin Cook2016-10-111-1/+1
|/
* Suppress more warnings.Andrew Butcher2016-09-282-6/+10
|
* Merge pull request #2501 from lhuard1A/fix_openstack_cloudproviderAndrew Butcher2016-09-261-1/+1
|\ | | | | Fix openstack cloudprovider
| * Fix OpenStack cloud providerLénaïc Huard2016-09-261-1/+1
| |
* | Fix references to openshift.master.sdn_cluster_network_cidr in node rolesScott Dodson2016-09-201-1/+1
| |
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-17 20:25:11 +0000