| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, debug_level is documented as a way to change
the debug output level for both masters and nodes.
debug_level does not currently have any effect.
This commit removes debug_level from openshift_facts
and properly sets openshift_master_debug_level and
openshift_node_debug_level to the value of debug_level
specified in the inventory.
This commit also reorganizes some set_fact tasks
needed during master upgrades to put all work-around
set-facts for undefined variables in one place, allowing
for easier cleanup in the future. This includes an
entry for openshift_master_debug_level.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500164
|
|\
| |
| | |
Ensure docker service status actually changes
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, docker is started during the docker role. If
docker is started during the run of the role, the
handler to restart docker is not triggered to prevent
excess restarts of the docker service.
The systemd docker that starts the docker service may
report the result of the task as 'changed' even though
docker is already running and the state of the service
itself does not change.
This commit checks the status of the docker service
before starting it to ensure that docker was not in
an 'active' state according to systemd. If the
docker service is already in the 'active' state,
the restart handler will trigger and restart
docker at the end of the run of the role.
Fixes: https://github.com/openshift/origin/issues/16709
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue.
Force reconciliation of role for 3.6
This is needed because in 3.6 we cannot reconcile non-cluster roles in the
bootstrap reconciliation code.
In 3.7 this is taken care of in code.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is needed because in 3.6 we cannot reconcile non-cluster roles in the
bootstrap reconciliation code.
In 3.7 this is taken care of in code.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Created by command:
/usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Allow checkpoint status to work across all groups
Conditionals placed in inventories were not being applied to localhost causing the checkpoint status to not be updated properly. Moving to the `oo_all_hosts` group will correctly pick up the conditional and apply regardless of which group (or host) may have that conditional set.
|
| | | | |
|
|\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Fedora compat fixes for package version checks and dnf bug workaround
Fix a couple things that don't work with Fedora:
- Don't attempt to version check components, they aren't going to match the hard coded RHEL package versions.
- Work around a [bug in dnf](https://bugzilla.redhat.com/show_bug.cgi?id=1199432)'s python API that throws an error when a package spec has a `*` character in the Release field
Once we're done with review, I'll squash commits.
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- don't check pkg versions on Fedora, it won't work; they move
faster than RHEL and it's not realistic to maintain that package
list.
- handle differences between yum and dnf pkgspec for excluder
- work-around for a bug in dnf
https://bugzilla.redhat.com/show_bug.cgi?id=1199432
- make requirement verify one play, don't run unnecessary checks on
Fedora
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue.
Bug 1490647 - logging-fluentd deployed with openshift_logging_use_mux=false fails to start due to missing
If openshift_logging_use_mux=False and openshift_logging_mux_allow_external=False,
then all other mux related parameters should be set to False (if boolean) or
removed (e.g. openshift_logging_mux_client_mode should be undefined).
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
fails to start due to missing
If openshift_logging_use_mux=False and openshift_logging_mux_allow_external=False,
then all other mux related parameters should be set to False (if boolean) or
removed (e.g. openshift_logging_mux_client_mode should be undefined).
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Separate tuned daemon setup into a role.
Also adding support for the loadbalancer. It is important to raise ARP cache limits on HA setups with loadbalancers serving 1k+ nodes.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently, profiles for the tuned daemon are set only for
OpenShift node(s). This excludes the OpenShift loadbalancer.
As a result, ARP cache limits on loadbalancers are not raised.
This causes problems with HA setups where loadbalancers serve
1k+ OpenShift nodes.
This commit ensures the openshift-control-plane role is applied
to loadbalancers, masters and OpenShift infra nodes. Regular
OpenShift worker nodes get the openshift-node profile.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1498213
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue.
Add valid search when search does not exist on resolv.conf
Current fix https://github.com/openshift/openshift-ansible/pull/5433 still misses to add `search cluster.local`. The logic needs to be:
1. When `search` does not exist, adds `search cluster.local`.
2. When `search.*.cluster.local` does not exist, adds(sed) `cluster.local`.
in this order.
cc @sdodson @caruccio
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
giuseppe/docker-crio-expect-openshiftrelease-with-v
crio, docker: expect openshift_release to have 'v'
|
| | |/ / /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Fix typo in inventory example
|
|/ / / / |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Created by command:
/usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue.
docker, CRI-O: openshift_image_tag defaults to openshift_release
Replace:
commit c2c4ba7ec62d4dfd87d746d20991e10f2bd1bddf
Author: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue Sep 26 09:01:59 2017 +0200
Require openshift_image_tag in the inventory with openshift-enterprise
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
with using openshift_release for openshift_image_tag so we don't require users to include both in their inventory. Probably it is only a temporary solution until the openshift_image_tag vs openshift_release when using Docker/CRI-O is sorted out.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1493376
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue.
Bug 1493276: Setting servingInfo.clientCA to ca-bundle.crt can cause unwanted client cert popups in browser when hitting console
https://bugzilla.redhat.com/show_bug.cgi?id=1493276
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Update registry_config.j2 to fix BZ#1490738
|
| | | | | | |
| | | | | | |
| | | | | | | |
setting openshift_hosted_registry_storage_gcs_rootdirectory default value
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Add PartOf to docker systemd service unit.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Currently, if iptables service is restarted,
existing iptables rules are removed.
Docker adds iptables rules dyanmically upon
startup and container creation. Restarting
the iptables service results in a loss of these
needed iptables rules.
This commit ensures that if iptables service is
restarted by anisble or the user, docker is
also restarted. This ensures the proper dynamic
iptables rules are in place for docker.
Fixes: openshift/origin#16709
|
|\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Automatic merge from submit-queue.
crio: use systemd manager
fix a regression introduced last week.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Created by command:
/usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
|
|\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Automatic merge from submit-queue.
Add authentication credentials to skopeo for image check
Currently, docker_image_availability health_check
does not support authenticated registries.
This commit adds the '--creds=' option to skopeo
if needed to support authentication credentials.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Currently, docker_image_availability health_check
does not support authenticated registries.
This commit adds the '--creds=' option to skopeo
if needed to support authentication credentials.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
Some other fixes to handle docker config better:
Should now account properly for blocked registries, insecure registries,
multiple additional registries, and oreg_url registry with or without credentials.
Output on failure should be clearer about what was tried.
Fixed a bug in the action_plugin_test exposed by these changes.
|
|\ \ \ \ \ \ \ \
| |_|_|/ / / / /
|/| | | | | | | |
Rename openshift_cfme role to openshift_management
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Created by command:
/usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
|
|\ \ \ \ \ \ \ \
| |_|_|_|/ / / /
|/| | | | | | | |
add missing restart node handler to flannel
|
|/ / / / / / / |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Automatic merge from submit-queue.
Switch to configmap leader election on 3.7 upgrade
This change sets the controllerConfig.election.lockName to openshift-master-controllers on a 3.7 upgrade.
This is the default in a new 3.7 cluster. Important excerpt from the docs inside the origin codebase (slightly modified):
There are two modes for lease operation - a legacy mode that directly connects to etcd, and the preferred mode which coordinates on a configmap or endpoint in the kube-system namespace. Because legacy mode and the new mode do not coordinate on the same key, an upgrade must stop all controllers before changing the configuration and starting controllers with the new config.
Signed-off-by: Monis Khan <mkhan@redhat.com>
/assign @smarterclayton @jupierce
/kind bug
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This change sets the controllerConfig.election.lockName to
openshift-master-controllers on a 3.7 upgrade.
This is the default in a new 3.7 cluster. Important excerpt from
the docs inside the origin codebase (slightly modified):
There are two modes for lease operation - a legacy mode that
directly connects to etcd, and the preferred mode which coordinates
on a configmap or endpoint in the kube-system namespace. Because
legacy mode and the new mode do not coordinate on the same key, an
upgrade must stop all controllers before changing the configuration
and starting controllers with the new config.
Signed-off-by: Monis Khan <mkhan@redhat.com>
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Automatic merge from submit-queue.
cri-o: use overlay instead of overlay2
overlay2 and overlay are the same driver. Upstream CRI-O is going to
drop any reference to overlay2 and use only overlay.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
overlay2 and overlay are the same driver. Upstream CRI-O is going to
drop any reference to overlay2 and use only overlay.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
mgugino-upstream-stage/ensure-docker-restarts-with-iptables
Automatic merge from submit-queue.
Ensure docker is restarted when iptables is restarted
Currently, os_firewall role may run after docker role,
and iptables.service may be restarted. When restarted,
this negatively impacts docker's iptables rules.
This commit ensures that if iptables is restarted,
docker is restarted as well (by systemd)
Fixes: https://github.com/openshift/origin/issues/16709
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Currently, os_firewall role may run after docker role,
and iptables.service may be restarted. When restarted,
this negatively impacts docker's iptables rules.
This commit ensures that if iptables is restarted,
docker is restarted as well (by systemd)
Fixes: https://github.com/openshift/origin/issues/16709
|