summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Ensure docker service status actually changesMichael Gugino2017-10-111-1/+8
| | | | | | | | | | | | | | | | | | | | | Currently, docker is started during the docker role. If docker is started during the run of the role, the handler to restart docker is not triggered to prevent excess restarts of the docker service. The systemd docker that starts the docker service may report the result of the task as 'changed' even though docker is already running and the state of the service itself does not change. This commit checks the status of the docker service before starting it to ensure that docker was not in an 'active' state according to systemd. If the docker service is already in the 'active' state, the restart handler will trigger and restart docker at the end of the run of the role. Fixes: https://github.com/openshift/origin/issues/16709
* Merge pull request #5693 from nhosoi/bz1490647OpenShift Merge Robot2017-10-101-3/+9
|\ | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Bug 1490647 - logging-fluentd deployed with openshift_logging_use_mux=false fails to start due to missing If openshift_logging_use_mux=False and openshift_logging_mux_allow_external=False, then all other mux related parameters should be set to False (if boolean) or removed (e.g. openshift_logging_mux_client_mode should be undefined).
| * Bug 1490647 - logging-fluentd deployed with openshift_logging_use_mux=false ↵Noriko Hosoi2017-10-101-3/+9
| | | | | | | | | | | | | | | | fails to start due to missing If openshift_logging_use_mux=False and openshift_logging_mux_allow_external=False, then all other mux related parameters should be set to False (if boolean) or removed (e.g. openshift_logging_mux_client_mode should be undefined).
* | Merge pull request #5645 from jmencak/tuned-role-lbOpenShift Merge Robot2017-10-1011-9/+25
|\ \ | |/ |/| | | | | | | | | Automatic merge from submit-queue. Separate tuned daemon setup into a role. Also adding support for the loadbalancer. It is important to raise ARP cache limits on HA setups with loadbalancers serving 1k+ nodes.
| * Separate tuned daemon setup into a role.Jiri Mencak2017-10-1011-9/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, profiles for the tuned daemon are set only for OpenShift node(s). This excludes the OpenShift loadbalancer. As a result, ARP cache limits on loadbalancers are not raised. This causes problems with HA setups where loadbalancers serve 1k+ OpenShift nodes. This commit ensures the openshift-control-plane role is applied to loadbalancers, masters and OpenShift infra nodes. Regular OpenShift worker nodes get the openshift-node profile. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1498213
* | Merge pull request #5585 from nak3/bz#1496593OpenShift Merge Robot2017-10-101-3/+3
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Add valid search when search does not exist on resolv.conf Current fix https://github.com/openshift/openshift-ansible/pull/5433 still misses to add `search cluster.local`. The logic needs to be: 1. When `search` does not exist, adds `search cluster.local`. 2. When `search.*.cluster.local` does not exist, adds(sed) `cluster.local`. in this order. cc @sdodson @caruccio
| * | Add valid search when search does not exist on resolv.confKenjiro Nakayama2017-09-291-3/+3
| | |
* | | Merge pull request #5711 from ↵Scott Dodson2017-10-102-2/+2
|\ \ \ | | | | | | | | | | | | | | | | giuseppe/docker-crio-expect-openshiftrelease-with-v crio, docker: expect openshift_release to have 'v'
| * | | crio, docker: expect openshift_release to have 'v'Giuseppe Scrivano2017-10-102-2/+2
| | |/ | |/| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #5713 from mtnbikenc/fix-inventoryScott Dodson2017-10-101-2/+2
|\ \ \ | |/ / |/| | Fix typo in inventory example
| * | Fix typo in inventory exampleRussell Teague2017-10-101-2/+2
|/ /
* | Automatic commit of package [openshift-ansible] release [3.7.0-0.147.0].Jenkins CD Merge Bot2017-10-102-2/+13
| | | | | | | | | | | | Created by command: /usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
* | Merge pull request #5695 from giuseppe/image_tag_default_to_releaseOpenShift Merge Robot2017-10-093-13/+35
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. docker, CRI-O: openshift_image_tag defaults to openshift_release Replace: commit c2c4ba7ec62d4dfd87d746d20991e10f2bd1bddf Author: Giuseppe Scrivano <gscrivan@redhat.com> Date: Tue Sep 26 09:01:59 2017 +0200 Require openshift_image_tag in the inventory with openshift-enterprise Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> with using openshift_release for openshift_image_tag so we don't require users to include both in their inventory. Probably it is only a temporary solution until the openshift_image_tag vs openshift_release when using Docker/CRI-O is sorted out. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
| * | crio, docker: use openshift_release when openshift_image_tag is not usedGiuseppe Scrivano2017-10-093-12/+34
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | crio: fix typoGiuseppe Scrivano2017-10-091-1/+1
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #5698 from abutcher/servinginfo-client-caOpenShift Merge Robot2017-10-092-6/+2
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Bug 1493276: Setting servingInfo.clientCA to ca-bundle.crt can cause unwanted client cert popups in browser when hitting console https://bugzilla.redhat.com/show_bug.cgi?id=1493276
| * | | Ensure servingInfo.clientCA is set as ca.crt rather than ca-bundle.crt.Andrew Butcher2017-10-092-6/+2
| | | |
* | | | Merge pull request #5368 from jianlinliu/bz1490738Scott Dodson2017-10-091-2/+2
|\ \ \ \ | | | | | | | | | | Update registry_config.j2 to fix BZ#1490738
| * | | | Update registry_config.j2Jianlin Liu2017-09-121-1/+1
| | | | | | | | | | | | | | | setting openshift_hosted_registry_storage_gcs_rootdirectory default value
| * | | | Update registry_config.j2Jianlin Liu2017-09-121-1/+1
| | | | |
* | | | | Merge pull request #5705 from mgugino-upstream-stage/docker-partof-iptablesScott Dodson2017-10-091-0/+6
|\ \ \ \ \ | | | | | | | | | | | | Add PartOf to docker systemd service unit.
| * | | | | Add PartOf to docker systemd service unit.Michael Gugino2017-10-091-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, if iptables service is restarted, existing iptables rules are removed. Docker adds iptables rules dyanmically upon startup and container creation. Restarting the iptables service results in a loss of these needed iptables rules. This commit ensures that if iptables service is restarted by anisble or the user, docker is also restarted. This ensures the proper dynamic iptables rules are in place for docker. Fixes: openshift/origin#16709
* | | | | | Merge pull request #5699 from giuseppe/crio-use-systemdOpenShift Merge Robot2017-10-091-1/+1
|\ \ \ \ \ \ | |/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. crio: use systemd manager fix a regression introduced last week. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | crio: use systemd managerGiuseppe Scrivano2017-10-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Automatic commit of package [openshift-ansible] release [3.7.0-0.146.0].Jenkins CD Merge Bot2017-10-092-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Created by command: /usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
* | | | | | Merge pull request #5650 from mgugino-upstream-stage/skopeo-auth-credsOpenShift Merge Robot2017-10-093-83/+76
|\ \ \ \ \ \ | |/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Add authentication credentials to skopeo for image check Currently, docker_image_availability health_check does not support authenticated registries. This commit adds the '--creds=' option to skopeo if needed to support authentication credentials. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
| * | | | | docker_image_availability: credentials to skopeoMichael Gugino2017-10-063-83/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, docker_image_availability health_check does not support authenticated registries. This commit adds the '--creds=' option to skopeo if needed to support authentication credentials. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341 Some other fixes to handle docker config better: Should now account properly for blocked registries, insecure registries, multiple additional registries, and oreg_url registry with or without credentials. Output on failure should be clearer about what was tried. Fixed a bug in the action_plugin_test exposed by these changes.
* | | | | | Merge pull request #5682 from tbielawa/openshift_managementScott Dodson2017-10-0946-341/+351
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Rename openshift_cfme role to openshift_management
| * | | | | Rename openshift_cfme role to openshift_managementTim Bielawa2017-10-0646-341/+351
| | | | | |
* | | | | | Automatic commit of package [openshift-ansible] release [3.7.0-0.145.0].Jenkins CD Merge Bot2017-10-092-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Created by command: /usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
* | | | | | Merge pull request #5696 from ingvagabund/add-missing-handler-to-flannelJan Chaloupka2017-10-091-0/+9
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | add missing restart node handler to flannel
| * | | | | add missing restart node handler to flannelJan Chaloupka2017-10-091-0/+9
|/ / / / /
* | | | | Merge pull request #5684 from enj/enj/i/configmap_lockOpenShift Merge Robot2017-10-071-0/+5
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Switch to configmap leader election on 3.7 upgrade This change sets the controllerConfig.election.lockName to openshift-master-controllers on a 3.7 upgrade. This is the default in a new 3.7 cluster. Important excerpt from the docs inside the origin codebase (slightly modified): There are two modes for lease operation - a legacy mode that directly connects to etcd, and the preferred mode which coordinates on a configmap or endpoint in the kube-system namespace. Because legacy mode and the new mode do not coordinate on the same key, an upgrade must stop all controllers before changing the configuration and starting controllers with the new config. Signed-off-by: Monis Khan <mkhan@redhat.com> /assign @smarterclayton @jupierce /kind bug
| * | | | | Switch to configmap leader election on 3.7 upgradeMonis Khan2017-10-061-0/+5
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change sets the controllerConfig.election.lockName to openshift-master-controllers on a 3.7 upgrade. This is the default in a new 3.7 cluster. Important excerpt from the docs inside the origin codebase (slightly modified): There are two modes for lease operation - a legacy mode that directly connects to etcd, and the preferred mode which coordinates on a configmap or endpoint in the kube-system namespace. Because legacy mode and the new mode do not coordinate on the same key, an upgrade must stop all controllers before changing the configuration and starting controllers with the new config. Signed-off-by: Monis Khan <mkhan@redhat.com>
* | | | | Merge pull request #5661 from giuseppe/crio-use-overlay-instead-of-overlay2OpenShift Merge Robot2017-10-071-3/+25
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. cri-o: use overlay instead of overlay2 overlay2 and overlay are the same driver. Upstream CRI-O is going to drop any reference to overlay2 and use only overlay. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | crio.conf.j2: sync from upstreamGiuseppe Scrivano2017-10-061-1/+23
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | cri-o: use overlay instead of overlay2Giuseppe Scrivano2017-10-061-2/+2
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | overlay2 and overlay are the same driver. Upstream CRI-O is going to drop any reference to overlay2 and use only overlay. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #5680 from ↵OpenShift Merge Robot2017-10-062-1/+4
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mgugino-upstream-stage/ensure-docker-restarts-with-iptables Automatic merge from submit-queue. Ensure docker is restarted when iptables is restarted Currently, os_firewall role may run after docker role, and iptables.service may be restarted. When restarted, this negatively impacts docker's iptables rules. This commit ensures that if iptables is restarted, docker is restarted as well (by systemd) Fixes: https://github.com/openshift/origin/issues/16709
| * | | Ensure docker is restarted when iptables is restartedMichael Gugino2017-10-062-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, os_firewall role may run after docker role, and iptables.service may be restarted. When restarted, this negatively impacts docker's iptables rules. This commit ensures that if iptables is restarted, docker is restarted as well (by systemd) Fixes: https://github.com/openshift/origin/issues/16709
* | | | Merge pull request #5660 from sdodson/one-exampleScott Dodson2017-10-062-970/+30
|\ \ \ \ | | | | | | | | | | Stop including origin and ose hosts example file
| * | | | Stop including origin and ose hosts example fileScott Dodson2017-10-062-970/+30
|/ / / / | | | | | | | | | | | | | | | | It's a pain keeping these two in sync so just mention the differences as necessary.
* | | | Merge pull request #4820 from dcbw/revert-change-requires-to-wants-openvswitchOpenShift Merge Robot2017-10-062-0/+2
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. node: make node service PartOf=openvswitch.service when openshift-sdn is used This reverts commit 7f805f9a0c41477365dd88b0ac73f0d221bd654a. The commit causes the behavior seen in https://bugzilla.redhat.com/show_bug.cgi?id=1453113 because openshift-node is no longer restarted when openvswitch is. @giuseppe @sdodson @knobunc RE https://github.com/openshift/openshift-ansible/pull/4213 can we get a more detailed explanation of why the various dependencies are not being restarted correctly?
| * | | | node: make node service PartOf=openvswitch.service when openshift-sdn is usedDan Williams2017-10-052-0/+2
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 7f805f9a0c41477365dd88b0ac73f0d221bd654a causes the behavior seen in https://bugzilla.redhat.com/show_bug.cgi?id=1453113 because openshift-node is no longer restarted when openvswitch is, due to the change from Requires to Wants. Turns out that making the openshift node service PartOf the OVS service can achieve the same result and ensure openshift-node gets restarted whenever OVS does, which ensures that networking doesn't break underneath the node. Suggested by Giuseppe Scrivano
* | | | Automatic commit of package [openshift-ansible] release [3.7.0-0.144.0].Jenkins CD Merge Bot2017-10-062-2/+47
| | | | | | | | | | | | | | | | | | | | | | | | Created by command: /usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
* | | | Merge pull request #5679 from mgugino-upstream-stage/fix-etcd-typoScott Dodson2017-10-051-1/+1
|\ \ \ \ | |/ / / |/| | | fix typo for default in etcd
| * | | fix typo for default in etcdMichael Gugino2017-10-051-1/+1
|/ / /
* | | Merge pull request #5673 from ewolinetz/bz1497041Scott Dodson2017-10-051-1/+1
|\ \ \ | | | | | | | | Bumping version of service catalog image for 3.7
| * | | Bumping version of service catalog image for 3.7Eric Wolinetz2017-10-051-1/+1
| | | |
* | | | Merge pull request #5336 from tbielawa/cfme_4.6OpenShift Merge Robot2017-10-0553-1253/+5059
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Cfme 4.6 # Description * Implements support for **CFME 4.6** in OCP 3.7 * **Replaces** the Tech Preview CFME 4.5 release included in OCP 3.6 * Does not support graceful migrations from the CFME 4.5 tech preview release # References * [Trello - (5) Integrate CFME 4.6 into OCP Installation](https://trello.com/c/Rzfn5Qa8/380-5-integrate-cfme-46-into-ocp-installation) Ensure the following RFE/Errors do not happen again - [x] #4555 - Error creating the CFME user - [x] #4556 - Error in PV template evaluation - [x] #4822 - Changing `maxImagesBulkImportedPerRepository` parameter - [x] #4568 - Add NFS directory support # Features Ensure the following features are configurable in the role - [x] POC deployments can easily default to NFS storage - [ ] Production/Cloud deployments can use automatic storage providers - [ ] Able to select between podified vs. external PostgreSQL database (podified uses configured storage mechanism) - [x] Template resource requests can be overridden for POC deployments
| * | | | Fix lint errorTim Bielawa2017-10-041-10/+10
| | | | |