| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
smarterclayton/allow_per_node_group_bootstrap_and_image
Automatic merge from submit-queue.
Handle bootstrap behavior in GCP template
Allow each node group to request bootstrap, allow per node group image
override, and ensure the provision logic does not wait for bootstrapping
node groups before continuing.
This is an incremental step to allow GCP clusters to use bootstrap logic
on cluster deploy without having fully baked images. We will switch over
slowly and ensure both code paths function. Then we can remove this as
necessary.
For metadata, we set the cluster id and bootstrap state into instance metadata. On GCP, we'll use project metadata to set the bootstrap kubeconfig file and a startup-script to call it (not in a PR yet).
Pairs with openshift/origin-gce#54 @kwoodson
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow each node group to request bootstrap, allow per node group image
override, and ensure the provision logic does not wait for bootstrapping
node groups before continuing.
This is an incremental step to allow GCP clusters to use bootstrap logic
on cluster deploy without having fully baked images. We will switch over
slowly and ensure both code paths function.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue.
Bug 1452939 - change imagePullPolicy in logging and metrics
cc: @jcantrill
|
| | |
| | |
| | |
| | |
| | | |
- all images logging and metrics change their default imagePullPolicy
from Always to IfNotPresent
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Automatic merge from submit-queue.
Fix a few small issues in service catalog uninstall
* Service catalog install was not re-creating the apiserver.crt and apiserver.key files when generating certs. But the ca.crt and ca.key files were being re-created. This was causing non-verifiable certs to be used when service catalog was uninstalled and re-installed. The service catalog installer was changed to delete the apiserver.crt and apiserver.key files so that they are re-created using the new ca.crt and ca.key files.
* The asb auth token secret was not being deleted correctly and causing the uninstaller to fail.
* The asb uninstaller was attempting to delete the broker registration from the service catalog. However, the service catalog is uninstalled first. When the asb uninstaller would fail when attempting to delete the ClusterServiceBroker. The uninstaller was changed to verify that the servicecatalog APIService exists first before attempting to delete the ClusterServiceBroker.
* The service catalog uninstaller was attempting to delete policybindings. The server does not have a resource type name policybinding. I do not know what the intention is there, but I have commented out that part of the uninstaller.
|
| | | | |
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue.
Enable oreg_auth credential replace during upgrades
Currently, upgrades run a docker image pull prior to
upgrading masters and nodes for containerized installs.
If using a secure registry, and a user wishes to upgrade
their credentials due to expiry, the image pull will fail.
This commit ensures docker login credentials are updated
during upgrades, if necessary.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently, upgrades run a docker image pull prior to
upgrading masters and nodes for containerized installs.
If using a secure registry, and a user wishes to upgrade
their credentials due to expiry, the image pull will fail.
This commit ensures docker login credentials are updated
during upgrades, if necessary.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Remove incorrect validation for OpenIDIdentityProvider
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Currently, OpenIDIdentityProvider does not support
'challenge=true' in openshift-ansible.
This is incorrect, the auth plugin OpenIDIdentityProvider
does support this.
This commit removes the unnecessary validation of
challenge key.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1444367
Fixes: https://github.com/openshift/openshift-ansible/issues/4417
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Automatic merge from submit-queue.
Fix edit and admin role patching for service catalog
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1496694.
Update the jinja files used to patch the edit and admin ClusterRoles so that it uses the new resource names of ServiceInstances and ServiceBindings.
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
ingvagabund/strip-dash-when-comparing-versions-python3
strip dash when comparing version with Python3
|
| | |_|_|_|/ /
| |/| | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Automatic merge from submit-queue.
Ensure upgrades apply latest journald settings
Currently, existing clusters might not have journald
configurations applied. This may result in a rate-
limiting of important log messages on openshift-masters.
This commit ensures that journald settings are applied
during the upgrade process openshif-masters.
Fixes: https://github.com/openshift/openshift-ansible/issues/5642
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Currently, existing clusters might not have journald
configurations applied. This may result in a rate-
limiting of important log messages on openshift-masters.
This commit ensures that journald settings are applied
during the upgrade process openshif-masters.
Fixes: https://github.com/openshift/openshift-ansible/issues/5642
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Created by command:
/usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Switch to stateful set in prometheus
|
| | |_|_|_|/ / /
| |/| | | | | |
| | | | | | | |
| | | | | | | | |
Also update prometheus and alert-buffer image versions, and add prometheus, and oauth-proxy arguments to align with origin template
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Generate internal hostnames of no_proxy
|
| | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Correct version gates on policy reconciliation and add retries
|
| | | | | | | | | | |
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Handles spurious failures and does not get mad if it just cannot do it.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Automatic merge from submit-queue.
Avoid undefined variable in master sysconfig template
When "openshift_master_controllers_env_vars" is set, but
"openshift_master_api_env_vars" isn't, the template for the sysconfig
file of atomic-openshift-master fails:
AnsibleUndefinedVariable: 'dict object' has no attribute 'api_env_vars'
Avoid this issue by applying "default({})" to the dict and always
calling ".items()".
|
| | |_|/ / / / / / /
| |/| | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
When "openshift_master_controllers_env_vars" is set, but
"openshift_master_api_env_vars" isn't, the template for the sysconfig
file of atomic-openshift-master fails:
AnsibleUndefinedVariable: 'dict object' has no attribute 'api_env_vars'
Avoid this issue by applying "default({})" to the dict and always
calling ".items()".
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
Ensure proper variable templating for skopeo auth credentials
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Currently, docker_image_availability.py plugin check is
using the raw strings for variables from task_vars.
This results in any variables that utilized within the
plugin to be un-templated. For instance, if variable
"x" is set to "{{ y }}" and y is set to "2", one
would expect that x == 2 inside the plugin. Currently,
the plugin will use the string "{{ y }}" for the value
of x instead of templating the variable.
This commit ensures skopeo registry auth credentials
are templated properly.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500698
|
|\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
Add nfs variables documentation to README file
|
| | |/ / / / / / / / /
| |/| | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Add documentation of external nfs variables
|
|\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
Check if the master service is non-ha or not
|
| | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Updating to use same image as origin until enterprise image is built
|
| | |_|_|_|_|_|_|_|/ / /
| |/| | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
specified
|
|\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Automatic merge from submit-queue.
cli: do not pull again the image when using Docker
When CRI-O is used and the CLI image is already pulled into Docker
then use it also for copying the CLI files to the host instead of
pulling it once again in the ostree storage.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |_|_|_|_|_|_|/ / / /
| |/| | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
When CRI-O is used and the CLI image is already pulled into Docker
then use it also for copying the CLI files to the host instead of
pulling it once again in the ostree storage.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
1504515 Correct host group for controller restart
|
| | |_|/ / / / / / / / /
| |/| | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Fixes 1504515
https://bugzilla.redhat.com/show_bug.cgi?id=1504515
|
|\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Set the proper external etcd ip address when migrating embeded etcd
|
| |/ / / / / / / / / / / |
|
|/ / / / / / / / / / /
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Created by command:
/usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
|
|\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
Add variable to control whether NetworkManager hook is installed
|
| | |_|/ / / / / / / /
| |/| | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
We control /etc/resolv.conf and parts of the dnsmasq configuration via
Puppet in our environment. The hook ends up overwriting the managed
configuration.
|
|\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Automatic merge from submit-queue.
docker: Move enterprise registry from pkg to main
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|\ \ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|_|_|/ / /
|/| | | | | | | | | | | |
Bug 1496426 - Update ansible-service-broker configuration to use proper certs and permissions
|
| | | | | | | | | | | | |
|