summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #5780 from ↵OpenShift Merge Robot2017-10-241-2/+7
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | smarterclayton/allow_per_node_group_bootstrap_and_image Automatic merge from submit-queue. Handle bootstrap behavior in GCP template Allow each node group to request bootstrap, allow per node group image override, and ensure the provision logic does not wait for bootstrapping node groups before continuing. This is an incremental step to allow GCP clusters to use bootstrap logic on cluster deploy without having fully baked images. We will switch over slowly and ensure both code paths function. Then we can remove this as necessary. For metadata, we set the cluster id and bootstrap state into instance metadata. On GCP, we'll use project metadata to set the bootstrap kubeconfig file and a startup-script to call it (not in a PR yet). Pairs with openshift/origin-gce#54 @kwoodson
| * Handle bootstrap behavior in GCP templateClayton Coleman2017-10-181-2/+7
| | | | | | | | | | | | | | | | | | | | Allow each node group to request bootstrap, allow per node group image override, and ensure the provision logic does not wait for bootstrapping node groups before continuing. This is an incremental step to allow GCP clusters to use bootstrap logic on cluster deploy without having fully baked images. We will switch over slowly and ensure both code paths function.
* | Merge pull request #5700 from wozniakjan/bz_1452939OpenShift Merge Robot2017-10-2414-14/+164
|\ \ | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Bug 1452939 - change imagePullPolicy in logging and metrics cc: @jcantrill
| * | Bug 1452939 - change Logging & Metrics imagePullPolicyJan Wozniak2017-10-2314-14/+164
| | | | | | | | | | | | | | | - all images logging and metrics change their default imagePullPolicy from Always to IfNotPresent
* | | Merge pull request #5806 from staebler/service_catalog_uninstall_issuesOpenShift Merge Robot2017-10-247-17/+47
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Fix a few small issues in service catalog uninstall * Service catalog install was not re-creating the apiserver.crt and apiserver.key files when generating certs. But the ca.crt and ca.key files were being re-created. This was causing non-verifiable certs to be used when service catalog was uninstalled and re-installed. The service catalog installer was changed to delete the apiserver.crt and apiserver.key files so that they are re-created using the new ca.crt and ca.key files. * The asb auth token secret was not being deleted correctly and causing the uninstaller to fail. * The asb uninstaller was attempting to delete the broker registration from the service catalog. However, the service catalog is uninstalled first. When the asb uninstaller would fail when attempting to delete the ClusterServiceBroker. The uninstaller was changed to verify that the servicecatalog APIService exists first before attempting to delete the ClusterServiceBroker. * The service catalog uninstaller was attempting to delete policybindings. The server does not have a resource type name policybinding. I do not know what the intention is there, but I have commented out that part of the uninstaller.
| * | | Remove extraneous spaces that yamllint dislikesstaebler2017-10-231-3/+3
| | | |
| * | | Remove role bindings during service catalog un-installstaebler2017-10-225-15/+28
| | | |
| * | | Fix a few small issues in service catalog uninstallstaebler2017-10-223-6/+23
| | | |
* | | | Merge pull request #5814 from mgugino-upstream-stage/docker-auth-upgradesOpenShift Merge Robot2017-10-243-11/+19
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Enable oreg_auth credential replace during upgrades Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
| * | | | Enable oreg_auth credential replace during upgradesMichael Gugino2017-10-193-11/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
* | | | | Merge pull request #5828 from mgugino-upstream-stage/fix-openid-challengeScott Dodson2017-10-241-1/+0
|\ \ \ \ \ | | | | | | | | | | | | Remove incorrect validation for OpenIDIdentityProvider
| * | | | | Remove incorrect validation for OpenIDIdentityProviderMichael Gugino2017-10-201-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, OpenIDIdentityProvider does not support 'challenge=true' in openshift-ansible. This is incorrect, the auth plugin OpenIDIdentityProvider does support this. This commit removes the unnecessary validation of challenge key. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1444367 Fixes: https://github.com/openshift/openshift-ansible/issues/4417
* | | | | | Merge pull request #5840 from staebler/service_catalog_role_patchingOpenShift Merge Robot2017-10-241-2/+2
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Fix edit and admin role patching for service catalog Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1496694. Update the jinja files used to patch the edit and admin ClusterRoles so that it uses the new resource names of ServiceInstances and ServiceBindings.
| * | | | | | Fix edit and admin role patching for service catalogstaebler2017-10-231-2/+2
| | | | | | |
* | | | | | | Merge pull request #5838 from ↵Jan Chaloupka2017-10-241-1/+1
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ingvagabund/strip-dash-when-comparing-versions-python3 strip dash when comparing version with Python3
| * | | | | | | strip dash when comparing version with Python3Jan Chaloupka2017-10-231-1/+1
| | |_|_|_|/ / | |/| | | | |
* | | | | | | Merge pull request #5796 from mgugino-upstream-stage/journald-masters-upgradesOpenShift Merge Robot2017-10-243-22/+28
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Ensure upgrades apply latest journald settings Currently, existing clusters might not have journald configurations applied. This may result in a rate- limiting of important log messages on openshift-masters. This commit ensures that journald settings are applied during the upgrade process openshif-masters. Fixes: https://github.com/openshift/openshift-ansible/issues/5642
| * | | | | | | Ensure upgrades apply latest journald settingsMichael Gugino2017-10-183-22/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, existing clusters might not have journald configurations applied. This may result in a rate- limiting of important log messages on openshift-masters. This commit ensures that journald settings are applied during the upgrade process openshif-masters. Fixes: https://github.com/openshift/openshift-ansible/issues/5642
* | | | | | | | Automatic commit of package [openshift-ansible] release [3.7.0-0.177.0].Jenkins CD Merge Bot2017-10-242-2/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Created by command: /usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
* | | | | | | | Merge pull request #5808 from zgalor/stateful_setScott Dodson2017-10-234-14/+18
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Switch to stateful set in prometheus
| * | | | | | | | Switch to stateful set in prometheusZohar Galor2017-10-234-14/+18
| | |_|_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | Also update prometheus and alert-buffer image versions, and add prometheus, and oauth-proxy arguments to align with origin template
* | | | | | | | Merge pull request #5569 from ganhuang/all-hosts-no-proxyScott Dodson2017-10-231-1/+13
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Generate internal hostnames of no_proxy
| * | | | | | | | Generate all internal hostnames of no_proxyGan Huang2017-10-191-1/+13
| | | | | | | | |
* | | | | | | | | Merge pull request #5832 from sdodson/bz1504525Scott Dodson2017-10-232-6/+13
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Correct version gates on policy reconciliation and add retries
| * | | | | | | | | verstion_gte seems unreliable on containerized installsScott Dodson2017-10-202-6/+7
| | | | | | | | | |
| * | | | | | | | | Retry reconcile in case of error and give up eventuallySimo Sorce2017-10-201-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Handles spurious failures and does not get mad if it just cannot do it. Signed-off-by: Simo Sorce <simo@redhat.com>
* | | | | | | | | | Merge pull request #5654 from vshn/mastersysconfigvar1OpenShift Merge Robot2017-10-231-1/+1
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Avoid undefined variable in master sysconfig template When "openshift_master_controllers_env_vars" is set, but "openshift_master_api_env_vars" isn't, the template for the sysconfig file of atomic-openshift-master fails: AnsibleUndefinedVariable: 'dict object' has no attribute 'api_env_vars' Avoid this issue by applying "default({})" to the dict and always calling ".items()".
| * | | | | | | | | | Avoid undefined variable in master sysconfig templateMichael Hanselmann2017-10-191-1/+1
| | |_|/ / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When "openshift_master_controllers_env_vars" is set, but "openshift_master_api_env_vars" isn't, the template for the sysconfig file of atomic-openshift-master fails: AnsibleUndefinedVariable: 'dict object' has no attribute 'api_env_vars' Avoid this issue by applying "default({})" to the dict and always calling ".items()".
* | | | | | | | | | Merge pull request #5781 from mgugino-upstream-stage/fix-reg-auth-templatingScott Dodson2017-10-233-3/+12
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | Ensure proper variable templating for skopeo auth credentials
| * | | | | | | | | | Ensure proper variable templating for skopeo auth credentialsMichael Gugino2017-10-173-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, docker_image_availability.py plugin check is using the raw strings for variables from task_vars. This results in any variables that utilized within the plugin to be un-templated. For instance, if variable "x" is set to "{{ y }}" and y is set to "2", one would expect that x == 2 inside the plugin. Currently, the plugin will use the string "{{ y }}" for the value of x instead of templating the variable. This commit ensures skopeo registry auth credentials are templated properly. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500698
* | | | | | | | | | | Merge pull request #5811 from zgalor/add_nfs_to_readmeScott Dodson2017-10-231-2/+25
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Add nfs variables documentation to README file
| * | | | | | | | | | | Add nfs variables documentation to README fileZohar Galor2017-10-191-2/+25
| | |/ / / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add documentation of external nfs variables
* | | | | | | | | | | Merge pull request #5845 from ingvagabund/check-correct-master-servicesScott Dodson2017-10-231-12/+25
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Check if the master service is non-ha or not
| * | | | | | | | | | | Check if the master service is non-ha or notJan Chaloupka2017-10-231-12/+25
| | | | | | | | | | | |
* | | | | | | | | | | | Merge pull request #5822 from ewolinetz/bz1504191Scott Dodson2017-10-231-1/+1
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | Updating to use same image as origin until enterprise image is built
| * | | | | | | | | | | | Updating ocp es proxy image to use openshift_logging_proxy_image_prefix if ↵Eric Wolinetz2017-10-191-1/+1
| | |_|_|_|_|_|_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | specified
* | | | | | | | | | | | Merge pull request #5453 from giuseppe/use-docker-cli-image-if-already-availableOpenShift Merge Robot2017-10-231-5/+8
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. cli: do not pull again the image when using Docker When CRI-O is used and the CLI image is already pulled into Docker then use it also for copying the CLI files to the host instead of pulling it once again in the ostree storage. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | | | | | | cli: use the correct name for the master system containerGiuseppe Scrivano2017-10-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | | | | | | cli: do not pull again the image when using DockerGiuseppe Scrivano2017-10-231-3/+6
| | |_|_|_|_|_|_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When CRI-O is used and the CLI image is already pulled into Docker then use it also for copying the CLI files to the host instead of pulling it once again in the ostree storage. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | | | | | | Merge pull request #5844 from mtnbikenc/fix-1504515Scott Dodson2017-10-231-1/+1
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | 1504515 Correct host group for controller restart
| * | | | | | | | | | | | Correct host group for controller restartRussell Teague2017-10-231-1/+1
| | |_|/ / / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes 1504515 https://bugzilla.redhat.com/show_bug.cgi?id=1504515
* | | | | | | | | | | | Merge pull request #5843 from ingvagabund/set-the-correct-etcd-ip-addressScott Dodson2017-10-231-1/+1
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | Set the proper external etcd ip address when migrating embeded etcd
| * | | | | | | | | | | | Set the proper external etcd ip address when migrating embeded etcdJan Chaloupka2017-10-231-1/+1
| |/ / / / / / / / / / /
* / / / / / / / / / / / Automatic commit of package [openshift-ansible] release [3.7.0-0.176.0].Jenkins CD Merge Bot2017-10-232-2/+14
|/ / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Created by command: /usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
* | | | | | | | | | | Merge pull request #5241 from hansmi/masterScott Dodson2017-10-234-0/+37
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Add variable to control whether NetworkManager hook is installed
| * | | | | | | | | | | Add variable to control whether NetworkManager hook is installedMichael Hanselmann2017-10-194-0/+37
| | |_|/ / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We control /etc/resolv.conf and parts of the dnsmasq configuration via Puppet in our environment. The hook ends up overwriting the managed configuration.
* | | | | | | | | | | Merge pull request #5818 from ashcrow/1503860OpenShift Merge Robot2017-10-232-8/+9
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. docker: Move enterprise registry from pkg to main
| * | | | | | | | | | | docker: Move enterprise registry from pkg to mainSteve Milner2017-10-192-8/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860 Signed-off-by: Steve Milner <smilner@redhat.com>
* | | | | | | | | | | | Merge pull request #5761 from fabianvf/asb-client-secret-not-foundScott Dodson2017-10-234-22/+24
|\ \ \ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|_|_|/ / / |/| | | | | | | | | | | Bug 1496426 - Update ansible-service-broker configuration to use proper certs and permissions
| * | | | | | | | | | | Update defaultsFabian von Feilitzsch2017-10-194-5/+9
| | | | | | | | | | | |