summaryrefslogtreecommitdiffstats
path: root/roles/openshift_node
Commit message (Collapse)AuthorAgeFilesLines
...
* Move node aws credentials to config.ymlMichael Gugino2017-10-022-16/+16
| | | | | | | | | | Currently, the node service is started before aws credentials (if needed) are configured. This commit ensures the aws credentials are placed before the node service is started. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1497150
* Separate certificate playbooks.Andrew Butcher2017-10-021-2/+0
|
* Merge pull request #5599 from ashcrow/node-start-fixOpenShift Merge Robot2017-10-011-0/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. openshift_node: Set DOCKER_SERVICE for system container The node system container was being installed with the ```DOCKER_SERVICE``` holding to it's ```manifest.json``` default of docker.service. This chage adds the ```DOCKER_SERVICE``` parameter on node system container install so that it uses the same value from the installer stored in ```openshift.docker.service_name```. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1496707
| * openshift_node: Add MASTER_SERVICE on system container installSteve Milner2017-09-291-0/+1
| | | | | | | | | | | | Setting the MASTER_SERVICE to openshift.common.service_type. Signed-off-by: Steve Milner <smilner@redhat.com>
| * openshift_node: Set DOCKER_SERVICE for system containerSteve Milner2017-09-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | The node system container was being installed with the DOCKER_SERVICE holding to it's manifest.json default of docker.service. This change adds the DOCKER_SERVICE parameter on node system container install so that it uses the same value from the installer stored in openshift.docker.service_name. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1496707 Signed-off-by: Steve Milner <smilner@redhat.com>
* | Merge pull request #5565 from mgugino-upstream-stage/provisioning-centos-supportOpenShift Merge Robot2017-09-291-3/+0
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Changes necessary to support AMI building Currently, AMI building does not work. These changes implement the necessary steps to build an AMI for usage as a 'golden node image'.
| * | Changes necessary to support AMI buildingMichael Gugino2017-09-281-3/+0
| | | | | | | | | | | | | | | | | | | | | Currently, AMI building does not work. These changes implement the necessary steps to build an AMI for usage as a 'golden node image'.
* | | Fix registry auth variableMichael Gugino2017-09-291-1/+1
| |/ |/| | | | | | | | | | | | | There is currently a bug in registry auth credential creation logic for openshift_node and openshift_node_upgrade This commit fixes the logic.
* | Remove some reminants of Atomic EnterpriseScott Dodson2017-09-261-1/+1
|/
* Merge pull request #5269 from rparulek/nuage-ansibleOpenShift Merge Robot2017-09-251-0/+1
|\ | | | | | | | | Automatic merge from submit-queue Changes for Nuage atomic ansible install
| * Changes for Nuage atomic ansible installRohan Parulekar2017-09-201-0/+1
| |
* | Merge pull request #5205 from mgugino-upstream-stage/docker-etc-containers-regsOpenShift Merge Robot2017-09-251-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Move additional/block/insecure registires to /etc/containers/... Move additional/block/insecure registires to /etc/containers/registries.conf This commit moves additional/block/insecure registries to /etc/containers/registries.conf and comments existing lines in /etc/sysconfig/docker. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1460930
| * | Move additional/block/insecure registires to /etc/containers/registries.confMichael Gugino2017-09-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This commit moves additional/block/insecure registries to /etc/containers/registries.conf and comments existing lines in /etc/sysconfig/docker. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1460930
* | | Fix registry_auth logic for upgradesMichael Gugino2017-09-221-10/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the logic for registry authentication is not implemented correctly to account for upgrades of containerized hosts. Additionally, the logic to account for multiple runs of openshift-ansible might cause registry authentication credentials to not be mounted inside of containerized hosts. This commit adds the necessary logic to ensure containerized hosts retain registry credentials. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1494470
* | | Merge pull request #5477 from mgugino-upstream-stage/hot-fix-oreg_urlOpenShift Merge Robot2017-09-211-2/+2
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Remove default value for oreg_url Due to some plays importing variables from roles directly, oreg_url was being set to a default value when it otherwise shouldn't be. This commit removes the default values for oreg_url to ensure existing logic works as desired. Fixes: https://github.com/openshift/openshift-ansible/issues/5455
| * | | Remove default value for oreg_urlMichael Gugino2017-09-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to some plays importing variables from roles directly, oreg_url was being set to a default value when it otherwise shouldn't be. This commit removes the default values for oreg_url to ensure existing logic works as desired. Fixes: https://github.com/openshift/openshift-ansible/issues/5455
* | | | Merge pull request #5429 from giuseppe/node-specify-dns-domainOpenShift Merge Robot2017-09-211-0/+2
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | Automatic merge from submit-queue node: specify the DNS domain
| * | | node: specify the DNS domainGiuseppe Scrivano2017-09-201-0/+2
| |/ / | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Cleanup old deployment typesMichael Gugino2017-09-201-1/+2
|/ / | | | | | | | | | | | | | | | | | | | | Previously, openshift-ansible supported various types of deployments using the variable "openshift_deployment_type" Currently, openshift-ansible only supports two deployment types, "origin" and "openshift-enterprise". This commit removes all logic and references to deprecated deployment types.
* | Fix registry auth task orderingMichael Gugino2017-09-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, registry authentication credentials are not produced until after docker systemd service files are created. This commit ensures the credentials are created before the systemd service files to ensure the proper boolean is set to include the read-only mount of credentials inside containerized nodes and masters. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* | Merge pull request #5334 from juanluisvaladas/move-sysctlOpenShift Merge Robot2017-09-162-11/+5
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Move sysctl.conf customizations to a separate file Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf This is a good idea becuase: 1- /etc/sysctl.conf is evaluated later, so it can easily be overwritten by previous customizations 2- It's likely that there is an agent like puppet monitoring this file 3- It's easier to know what's being changed by OpenShift
| * | Move sysctl.conf customizations to a separate fileJuan Luis de Sousa-Valadas Castaño2017-09-082-11/+5
| | | | | | | | | | | | Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf
* | | Merge pull request #5345 from smarterclayton/firewallOpenShift Merge Robot2017-09-151-1/+3
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue Add `openshift_node_open_ports` to allow arbitrary firewall exposure It should be possible for an admin to define an arbitrary set of ports to be exposed on each node that will relate to the cluster function. This adds a new global variable for the node that supports Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>}) which is the same format accepted by the firewall role. @sdodson as discussed, open to alternatives. I used this from origin-gce with openshift_node_open_ports: - service: Router stats port: 1936/tcp - service: Open node ports port: 9000-10000/tcp - service: Open node ports port: 9000-10000/udp Which then allows me to set firewall rules appropriately. Alternatives considered: * Simpler external format (have to parse inputs) * Additional parameter to role - felt ugly
| * | | Add `openshift_node_open_ports` to allow arbitrary firewall exposureClayton Coleman2017-09-111-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It should be possible for an admin to define an arbitrary set of ports to be exposed on each node that will relate to the cluster function. This adds a new global variable for the node that supports Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>}) which is the same format accepted by the firewall role.
* | | | Setup tuned after the node has been restarted.Jiri Mencak2017-09-141-4/+4
| |_|/ |/| |
* | | Merge pull request #5370 from jmencak/tuned-openshift-ansible-bad_merge-fixOpenShift Bot2017-09-132-14/+4
|\ \ \ | | | | | | | | Merged by openshift-bot
| * | | Re-enabling new tuned profile hierarchy (PR5089)Jiri Mencak2017-09-122-14/+4
| |/ /
* | | Fix: authenticated registry support for containerized hostsMichael Gugino2017-09-114-16/+43
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, openshift-anisble supports authentication to container registries to pull down openshift container images. The openshift_verison role uses the docker cli to gather image information from container registries before authentication credentials are provided by openshift-ansible. This commit creates the necessary token to authenticate to private registries during openshift_version. The token is generated by the role 'docker' on all hosts where docker is installed/configured when oreg_auth_users is defined. This commit also adds a read-only mount into the openshift master and node container services. This mount is '/var/lib/origin/.docker:/root/.docker:ro'. This is because the container images do not currently read the values in '/var/lib/origin/.docker' as this may be a bug upstream. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* | Consolidating AWS roles and variables underneath openshift_aws role.Kenny Woodson2017-09-072-11/+29
| |
* | Merge pull request #5208 from mgugino-upstream-stage/remove-openshift_commonOpenShift Bot2017-09-0710-28/+38
|\ \ | | | | | | Merged by openshift-bot
| * | Remove openshift-commonMichael Gugino2017-09-0610-28/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | Most of this role's purpose was to set facts. The vast majority of these facts were simply redefining user-supplied variables. This commit also removes various artifacts leftover from previous versions, as well as variables that seem to be entirely unused.
* | | remove experimental-cri flag from node configSeth Jennings2017-09-061-2/+0
|/ /
* | Merge pull request #5230 from kwoodson/openshift_node_bootstrapOpenShift Bot2017-08-308-187/+292
|\ \ | | | | | | Merged by openshift-bot
| * | Merging openshift_node with openshift bootstrap.Kenny Woodson2017-08-298-188/+293
| | |
* | | Merge pull request #5128 from mgugino-upstream-stage/reg-authScott Dodson2017-08-292-0/+20
|\ \ \ | | | | | | | | Add independent registry auth support
| * | | Add independent registry auth supportMichael Gugino2017-08-282-0/+20
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added the ability to support authentication for independent / 3rd party registries. This commit will allow users to provide a `oreg_auth_user` and `oreg_auth_password` to dynmically generate a docker config.json file. The docker config.json file can be used by openshift to authenticate to independent / 3rd party registries. `oreg_host` must supply endpoint connection info in the form of 'hostname.com:port', with (optional) port 443 default. To update the config.json on a later run, the user can specify `oreg_auth_credentials_replace=False` to update the credentials. These settings must be used in tandem with `oreg_url` Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
* | | Merge pull request #5214 from giuseppe/rename_crio_variableScott Dodson2017-08-295-6/+6
|\ \ \ | |/ / |/| | crio: rename openshift_docker_use_crio to openshift_use_crio
| * | roles: use openshift_use_crioGiuseppe Scrivano2017-08-253-3/+3
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | cri-o: rename openshift_docker_use_crio to openshift_use_crioGiuseppe Scrivano2017-08-252-3/+3
| | | | | | | | | | | | | | | | | | | | | It is confusing to have _docker_ in the name, since they are two different backends. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Default to global setting for firewall.Kenny Woodson2017-08-251-2/+2
| | |
* | | Merge pull request #5089 from jmencak/tuned-setupScott Dodson2017-08-252-14/+45
|\ \ \ | |/ / |/| | Setup tuned profiles in /etc/tuned
| * | Setup tuned profiles in /etc/tunedJiri Mencak2017-08-152-14/+45
| | |
* | | Merge pull request #5054 from jmencak/tuned-profilesScott Dodson2017-08-244-0/+67
|\ \ \ | |/ / |/| | New tuned profile hierarchy.
| * | New tuned profile hierarchy.Jiri Mencak2017-08-154-0/+67
| | |
* | | Updated README to reflect refactor. Moved firewall initialize into separate ↵Kenny Woodson2017-08-102-2/+4
| | | | | | | | | | | | file.
* | | Adding a default condition and removing unneeded defaults.Kenny Woodson2017-08-092-8/+5
| | |
* | | First attempt at refactor of os_firewallKenny Woodson2017-08-084-28/+85
|/ /
* | Merge pull request #4898 from giuseppe/cri-oOpenShift Bot2017-08-045-5/+39
|\ \ | | | | | | Merged by openshift-bot
| * | cri-o: Restart cri-o after openshift sdn installationSteve Milner2017-08-031-0/+7
| | |
| * | cri-o: Continue node without SELinux checkSteve Milner2017-08-031-3/+3
| | | | | | | | | | | | | | | cri-o currently requires SELinux to be off. This change disables the SELinux check in the openshift_node role when cri-o is in use.
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-29 06:02:41 +0000