csa/devops/ansible-patches/openshift.git/roles/contiv/tasks, branch ands Unnamed repository; edit this file 'description' to name the repository. Use Contiv version 1.2.0 2018-01-07T20:44:35+00:00 Nick Bartos flamingo@2thebatcave.com 2017-12-19T00:45:23+00:00 a6860728cf634fdcba82db9dd5b2a2d82e93eaca 






Contiv multi-master and other fixes
2018-01-07T20:44:35+00:00

Nick Bartos
flamingo@2thebatcave.com

2017-12-05T04:02:52+00:00

6daf71565fd69e9ddb2ac20e787d49f74cf7a9d7

Contiv's etcd was not being deployed correctly when using more than
one master.  To make it easier to manage, it has been moved into a
k8s container.

The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error.  This has been moved into
a k8s container for easier management.

The firewall was too permissive on several ports.  Many were open to
the world when they should have only been accessible inside the
cluster.

Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role.  Now all the
contiv specific role variables start with 'contiv_'.

The api proxy's default self-signed certificate was bundled with the
role.  This means someone with read-only MITM access and this key
could decrypt traffic.  Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.





Contiv's etcd was not being deployed correctly when using more than
one master.  To make it easier to manage, it has been moved into a
k8s container.

The api proxy was hardcoded to an old version (1.1.1), and in some
environments would run into a docker error.  This has been moved into
a k8s container for easier management.

The firewall was too permissive on several ports.  Many were open to
the world when they should have only been accessible inside the
cluster.

Many of the contiv role variables were not prefixed with 'contiv',
which may end up clobbering variables from another role.  Now all the
contiv specific role variables start with 'contiv_'.

The api proxy's default self-signed certificate was bundled with the
role.  This means someone with read-only MITM access and this key
could decrypt traffic.  Granted a user defined certificate from a
trusted CA should be used in a production environment, it is still
better to generate one in each environment when one is not provided.







Remove openshift.common.{is_atomic|is_containerized}
2017-12-20T15:13:51+00:00

Michael Gugino
mgugino@redhat.com

2017-12-18T21:13:36+00:00

e6c159afb4ba39a7266c750d43d6a5e911cc8f21

We set these variables using facts in init, no need
to duplicate the logic all around the codebase.





We set these variables using facts in init, no need
to duplicate the logic all around the codebase.







Deprecate using Ansible tests as filters
2017-12-14T21:03:44+00:00

Russell Teague
rteague@redhat.com

2017-12-14T20:00:59+00:00

c113074f5b84881f416aca40e2bf4e20d4e6ce41












Merge pull request #6314 from riffraff169/contiv-ovs-fix
2017-12-14T19:49:17+00:00

Scott Dodson
sdodson@redhat.com

2017-12-14T19:49:17+00:00

22794be6953a6896bbb550e3bb3c82caf202c8e2

Remove version requirement from openvswitch package




Remove version requirement from openvswitch package






Merge pull request #6315 from riffraff169/contiv-multimaster
2017-12-13T15:10:23+00:00

Russell Teague
rteague@redhat.com

2017-12-13T15:10:23+00:00

0aa01db01608dc01550336d55f33f248ef81ead6

Multimaster openshift+contiv fixes




Multimaster openshift+contiv fixes






Implement container runtime role
2017-12-01T17:32:39+00:00

Michael Gugino
mgugino@redhat.com

2017-11-16T19:56:14+00:00

5120f8e90c0178ac7f6d911159ceb278dd87b4c9












retry package operations
2017-11-30T21:45:20+00:00

Luke Meyer
lmeyer@redhat.com

2017-11-28T20:46:50+00:00

fbb4e1ca73fd39ce9f18fa7c6f05766ccb0e484a

When a package install/update fails due to network blips or other spotty
availability, retry it. If the failure is a real failure (e.g. package
is really not there) it still fails after 3 tries (Ansible default).





When a package install/update fails due to network blips or other spotty
availability, retry it. If the failure is a real failure (e.g. package
is really not there) it still fails after 3 tries (Ansible default).







Multimaster openshift+contiv fixes
2017-11-29T19:33:24+00:00

Lance Dillon
landillo@cisco.com

2017-11-28T19:26:34+00:00

17ba2eafc5b7f132ad4b0a2e63d57bb647436c68

Only run default contiv commands once
Fix detection of firewalld
Open up netmaster ports to all nodes
Make sure etcd ca stuff only runs once





Only run default contiv commands once
Fix detection of firewalld
Open up netmaster ports to all nodes
Make sure etcd ca stuff only runs once







Remove version requirement from openvswitch package, since listed version got removed from repo
2017-11-29T17:09:55+00:00

riffraff
riffraff@hobbes.alephone.org

2017-11-17T15:21:07+00:00

32dc5cc38938c783d2619619fb01b95885b64be9