summaryrefslogtreecommitdiffstats
path: root/playbooks
Commit message (Collapse)AuthorAgeFilesLines
* Remove duplication in node acceptance playbook and setup master groups so ↵Andrew Butcher2018-01-161-36/+5
| | | | that we can use the first master's ansible_ssh_user when delegating.
* Merge pull request #6692 from abutcher/cluster-operatorOpenShift Merge Robot2018-01-155-2/+49
|\ | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Separate ELB & S3 from master node group provisioning Moved s3 and elb provisioning out of `roles/openshift_aws/tasks/provisioning.yml` and into their own playbooks. These playbooks are now included in the provision playbook and in a WIP infrastructure playbook we intend to run up front in place of prerequisites. @kwoodson what are your thoughts on something like this?
| * Add cluster-operator playbook directory.Andrew Butcher2018-01-102-0/+22
| |
| * Move s3 & elb provisioning into their own playbooks s.t. they are applied ↵Andrew Butcher2018-01-103-2/+27
| | | | | | | | outside of the openshift_aws master provisioning tasks.
* | Adjust openstack provider dependencies versionsBogdan Dobrelya2018-01-151-4/+3
| | | | | | | | Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* | Fix openstack provider playbook name in docsBogdan Dobrelya2018-01-151-1/+1
| | | | | | | | Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
* | Merge pull request #6707 from spadgett/console-upgradeScott Dodson2018-01-131-3/+9
|\ \ | | | | | | Install web console on upgrade
| * | Install web console on upgradeSamuel Padgett2018-01-111-3/+9
| | |
* | | Merge pull request #6695 from mbruzek/openstack_md_fixesOpenShift Merge Robot2018-01-121-7/+7
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Spelling and grammar changes to the advanced-configuration.md file. I noticed some spelling errors when trying to read the OpenStack `advanced_configuration.md` file so I wanted to contribute the fixed spelling.
| * | | Spelling and grammar changes to the advanced-configuration.md file.Matt Bruzek2018-01-101-7/+7
| | |/ | |/|
* | | Merge pull request #6614 from mgugino-upstream-stage/plugins-to-lib-utilsScott Dodson2018-01-111-0/+1
|\ \ \ | |_|/ |/| | Move more plugins to lib_utils
| * | Move more plugins to lib_utilsMichael Gugino2018-01-101-0/+1
| |/ | | | | | | | | | | | | This commit continues moving plugins into lib_utils. This commit does not move any plugins for add-on roles such as logging and metrics.
* | Merge pull request #6607 from tomassedovic/fix-cinder-pvOpenShift Merge Robot2018-01-113-2/+111
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Fix Cinder Persistent Volume support This documents how to use Cinder-backed persistent volumes with OpenStack. It needed a change to the dynamic inventory because the "openstack" cloudprovider plugin does actually require internal name resolution -- and the `openshift_hostname` value must match the name of the Nova server. In addition, we need to be able to specify the V2 of the Cinder API for now as described in: https://github.com/openshift/openshift-docs/issues/5730
| * | Fix typo in the advanced config docsTomas Sedovic2018-01-101-1/+1
| | |
| * | Write guide on setting up PVs with CinderTomas Sedovic2018-01-101-0/+106
| | |
| * | Allow using server names in openstack dynamic invTomas Sedovic2018-01-101-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | When deploying on OpenStack with internal DNS configured, this will set `openshift_hostname` to the Nova server name instead of its IP address. Without those two matching, the OpenStack cloud provider configuration will fail and the OpenShift nodes will not start.
| * | Specify the Cinder version in the inventoryTomas Sedovic2018-01-101-0/+1
| | | | | | | | | | | | | | | | | | | | | As described in[1], OpenShift currently only works with Block Storage API v2 and the version autodetection is failing to figure that out. [1]: https://github.com/openshift/openshift-docs/issues/5730
* | | Merge pull request #5080 from sdodson/drain-timeoutsOpenShift Merge Robot2018-01-104-11/+29
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Add the ability to specify a timeout for node drain operations A timeout to wait for nodes to drain pods can be specified to ensure that the upgrade continues even if nodes fail to drain pods in the allowed time. The default value of 0 will wait indefinitely allowing the admin to investigate the root cause and ensuring that disruption budgets are respected. In practice the `oc adm drain` command will eventually error out, at least that's what we've seen in our large online clusters, when that happens a second attempt will be made to drain the nodes, if it fails again it will abort the upgrade for that node or for the entire cluster based on your defined `openshift_upgrade_nodes_max_fail_percentage`. `openshift_upgrade_nodes_drain_timeout=0` is the default and will wait until all pods have been drained successfully `openshift_upgrade_nodes_drain_timeout=600` would wait for 600s before moving on to the tasks which would forcefully stop pods such as stopping docker, node, and openvswitch.
| * | | Add the ability to specify a timeout for node drain operationsScott Dodson2018-01-104-11/+29
| | | |
* | | | Merge pull request #6666 from sdodson/fix_client_binaryScott Dodson2018-01-103-3/+8
|\ \ \ \ | | | | | | | | | | Ensure that openshift_facts role is imported whenever we rely on
| * | | | Ensure that openshift_facts role is imported whenever we rely onScott Dodson2018-01-093-3/+8
| | | | | | | | | | | | | | | | | | | | openshift_client_binary
* | | | | Merge pull request #6647 from ↵Scott Dodson2018-01-101-4/+4
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | vrutkovs/3.9-upgrades-remove-openshift.common.service_type 3.9 upgrade: remove openshift.common.service_type
| * | | | | 3.9 upgrade: remove openshift.common.service_typeVadim Rutkovsky2018-01-081-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | See eb6b20fc9183cc2aae424c72efd1191b99110a93
* | | | | | Add defaults for openshift_pkg_versionMichael Gugino2018-01-101-2/+2
| |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This variable may or may not be defined by the users. During deployments, it will be set to '-{{ openshift_version }}' if undefined. During upgrades, it will remain undefined. This commit ensures that if the variable is undefined, empty strings '' are set.
* | | | | Merge pull request #6674 from mgugino-upstream-stage/remove-becomes2Scott Dodson2018-01-1013-20/+17
|\ \ \ \ \ | | | | | | | | | | | | Remove become statements
| * | | | | Chmod temp dirs created on localhostMichael Gugino2018-01-094-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After remove become:no statements on local_action tasks, we need to ensure that the proper file permssions are applied to local temp directories. This reason for this is that the 'fetch' module does not use 'become' for the localhost, just the remote host. Additionally, users may not wish for the localhost to become during a fetch. local_action will execute with whatever permissions are specified in inventory or via cli.
| * | | | | Remove become statementsMichael Gugino2018-01-0913-20/+0
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | This commit removes become:no statements that break the installer in various ways.
* | | | | Limit host group scope on control-plane upgradesMichael Gugino2018-01-097-2/+29
| | | | | | | | | | | | | | | | | | | | | | | | | This commit limits common init code to exclude oo_nodes_to_config during upgrade_control_plane runs.
* | | | | Refactor version and move some checks into sanity_checks.pyMichael Gugino2018-01-092-12/+23
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit changes how we handle openshift_version role. Most of the version initialization code is only run on the first master now. All other hosts have values set from the master. Aftwards, we run some basic RPM queries to ensure that the correct version is available on the other nodes. Containerized needs to do their own image checks elsewhere.
* | | | Merge pull request #6634 from vrutkovs/openshift_binary_for_upgradesScott Dodson2018-01-091-0/+2
|\ \ \ \ | | | | | | | | | | upgrades: set openshift_client_binary fact when running on oo_first_master host
| * | | | upgrades: set openshift_client_binary fact when running on oo_first_master hostVadim Rutkovsky2018-01-061-0/+2
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This sets openshift_client_binary var for the first master, as some roles use this var along with first_master_client_binary. Not sure if its worth setting this var for the faulty roles instead though. Signed-off-by: Vadim Rutkovsky <vrutkovs@redhat.com>
* | | | Merge pull request #6659 from joelddiaz/ami_and_docker_storage_setupKenny Woodson2018-01-091-0/+5
|\ \ \ \ | |_|_|/ |/| | | docker storage setup for ami building
| * | | docker storage setup for ami buildingJoel Diaz2018-01-081-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | add host to g_new_node_hosts so that plays run against the AMI instance update example vars so that overlay2 is used by default for docker storage
* | | | Merge pull request #6651 from mgugino-upstream-stage/containerized-groupsMichael Gugino2018-01-083-7/+12
|\ \ \ \ | |/ / / |/| | | Build containerized host group dynamically
| * | | Build containerized host group dynamicallyMichael Gugino2018-01-083-7/+12
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, we are using some inventory variables to determine what host groups should be considered containerized. This is problematic and has several edge cases. This commit removes the variable l_containerized_host_groups and builds a dynamic group of hosts named 'oo_hosts_containerized_managed_true' based on the value of 'containerized'
* | | Merge pull request #6580 from tomassedovic/openstack-fixesOpenShift Merge Robot2018-01-083-2/+10
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Openstack fixes This includes a few fixes for the OpenStack provider. It should fix #6555 and possibly also #6560.
| * | | Import prerequisites.yml for OpenStackTomas Sedovic2018-01-021-0/+3
| | | |
| * | | Return a openshift_node_labels as a dictTomas Sedovic2018-01-021-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The OpenStack dynamic inventory was setting the `openshift_node_labels` value as a string which causes a failure with the `lib_utils_oo_dict_to_keqv_list` filter. Fixes #6555
| * | | Fix yaml syntax error in the sample inventoryTomas Sedovic2018-01-021-2/+2
| | | |
* | | | Merge pull request #6649 from mgugino-upstream-stage/fix-pre-packagesMichael Gugino2018-01-081-2/+2
|\ \ \ \ | | | | | | | | | | install base_packages on oo_all_hosts
| * | | | install base_packages on oo_all_hostsMichael Gugino2018-01-081-2/+2
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | This commit ensures base packages are installed for oo_all_hosts, which is what we were doing previously. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1530516
* | | | Merge pull request #6549 from mgugino-upstream-stage/node-meta-depends2OpenShift Merge Robot2018-01-084-6/+2
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Remove last of openshift_node role meta-depends Remove last non-taskless meta-depends from openshift_node role.
| * | | Remove last of openshift_node role meta-dependsMichael Gugino2018-01-024-6/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove last non-taskless meta-depends from openshift_node role. Remove variable 'openshift_node_upgrade_in_progress' as it is no longer used.
* | | | Contiv multi-master and other fixesNick Bartos2018-01-082-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Contiv's etcd was not being deployed correctly when using more than one master. To make it easier to manage, it has been moved into a k8s container. The api proxy was hardcoded to an old version (1.1.1), and in some environments would run into a docker error. This has been moved into a k8s container for easier management. The firewall was too permissive on several ports. Many were open to the world when they should have only been accessible inside the cluster. Many of the contiv role variables were not prefixed with 'contiv', which may end up clobbering variables from another role. Now all the contiv specific role variables start with 'contiv_'. The api proxy's default self-signed certificate was bundled with the role. This means someone with read-only MITM access and this key could decrypt traffic. Granted a user defined certificate from a trusted CA should be used in a production environment, it is still better to generate one in each environment when one is not provided.
* | | | Merge pull request #6359 from spadgett/web-console-serverScott Dodson2018-01-066-0/+41
|\ \ \ \ | |_|_|/ |/| | | Install web console server
| * | | Install web console serverSamuel Padgett2018-01-056-0/+41
| | |/ | |/|
* | | Merge pull request #6627 from sdodson/import_roleScott Dodson2018-01-0553-99/+99
|\ \ \ | | | | | | | | Migrate to import_role for static role inclusion
| * | | Migrate to import_role for static role inclusionScott Dodson2018-01-0553-99/+99
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Ansible 2.2, the include_role directive came into existence as a Tech Preview. It is still a Tech Preview through Ansible 2.4 (and in current devel branch), but with a noteable change. The default behavior switched from static: true to static: false because that functionality moved to the newly introduced import_role directive (in order to stay consistent with include* being dynamic in nature and `import* being static in nature). The dynamic include is considerably more memory intensive as it will dynamically create a role import for every host in the inventory list to be used. (Also worth noting, there is at the time of this writing an object allocation inefficiency in the dynamic include that can in certain situations amplify this effect considerably) This change is meant to mitigate the pressure on memory for the Ansible control host. We need to evaluate where it makes sense to dynamically include roles and revert back to dynamic inclusion if and where it makes sense to do so.
* | | | Merge pull request #6532 from jmencak/heat_stack-cnsOpenShift Merge Robot2018-01-052-1/+13
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. OpenStack provisioning -- support cns. Initial support for CNS nodes during OpenShift on OpenStack provisioning.
| * | | OpenStack provisioning -- support cns.Jiri Mencak2018-01-022-1/+13
| | | |